Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Improve CII context for Silver level #1163

Merged
merged 5 commits into from
Jan 4, 2024
Merged

Improve CII context for Silver level #1163

merged 5 commits into from
Jan 4, 2024

Conversation

UlisesGascon
Copy link
Member

Main Changes

Context

@UlisesGascon UlisesGascon marked this pull request as ready for review November 26, 2023 17:50
@UlisesGascon UlisesGascon mentioned this pull request Nov 26, 2023
Open
richardlau
richardlau reviewed Dec 7, 2023
View reviewed changes
tools/ossf_best_practices/silver_criteria.md
- [CII Best Practices: Security](https://github.com/coreinfrastructure/best-practices-badge/blob/main/docs/other.md#security)
- [CII Best Practices: Input Validation](https://github.com/coreinfrastructure/best-practices-badge/blob/main/docs/other.md#input_validation)
- [Team discussion](https://github.com/nodejs/security-wg/pull/955#discussion_r1197613631)

> Hardening mechanisms SHOULD be used in the software produced by the project so that software defects are less likely to result in security vulnerabilities.

**NA**
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

?
We could at least review the recommended hardening compiler options: https://best.openssf.org/Compiler-Hardening-Guides/Compiler-Options-Hardening-Guide-for-C-and-C++

mhdawson
mhdawson approved these changes Jan 4, 2024
View reviewed changes
Copy link
Member

@mhdawson mhdawson left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@RafaelGSS RafaelGSS merged commit d538288 into nodejs:main Jan 4, 2024
6 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@richardlau richardlau richardlau left review comments

@RafaelGSS RafaelGSS RafaelGSS approved these changes

@mhdawson mhdawson mhdawson approved these changes

Assignees
No one assigned
Labels
CII-best-practices
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@UlisesGascon @richardlau @mhdawson @RafaelGSS