Creation of org-wide landing page #26
Comments
|
Thanks for this checklist @haydentherapper ! I just happened to be looking into creating a SECURITY.md file for us. Do you know if OpenSSF provides a default SECURITY.md template we can use? EDIT: Here's a template provided by the OpenSSF. |
|
I'd also consider suggesting reporting via GitHub, instead of over email - https://docs.github.com/en/code-security/security-advisories/guidance-on-reporting-and-writing-information-about-vulnerabilities/privately-reporting-a-security-vulnerability This will send a report to the repo's admins. The only issue is if we go with what I suggested about having only the SC members be admins while repository owners are maintainers, then a SC member must get involved to accept the report. |
As part of needing an org-wide security.md, let's create a landing page for the organization.
More info: https://docs.github.com/en/organizations/collaborating-with-groups-in-organizations/customizing-your-organizations-profile, https://docs.github.com/en/communities/setting-up-your-project-for-healthy-contributions/creating-a-default-community-health-file
What we need to do:
profile/README.mdSECURITY.mdSome nice-to-haves:
CONTRIBUTING.mdCODE_OF_CONDUCT.mdGOVERNANCE.mdwith a link to our governance repo (or maybe remove that governance repo in favor of this repo?)The text was updated successfully, but these errors were encountered: