Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Update LE category to OSPS-LE-xxx numbering #172

Closed
wants to merge 2 commits into from
Closed

Update LE category to OSPS-LE-xxx numbering #172

Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
df5cb8c
Update LE category to OSPS-LE-xxx numbering
SecurityCRob Jan 27, 2025
cbe4763
Update OSPS-LE.yaml
SecurityCRob Jan 30, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
58 changes: 29 additions & 29 deletions baseline/OSPS-LE.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -9,33 +9,7 @@ description: |
reducing the risk of intellectual property
disputes or licensing violations.
criteria:
- id: OSPS-LE-01
maturity_level: 2
criterion: |
The version control system MUST require all
code contributors to assert that they are
legally authorized to commit the associated
contributions on every commit.
rationale: |
Ensure that code contributors are aware of
and acknowledge their legal responsibility
for the contributions they make to the
project, reducing the risk of intellectual
property disputes against the project.
details: |
Include a DCO or CLA in the project's
repository, requiring code contributors to
assert that they are legally authorized to
commit the associated contributions on every
commit. Use a status check to ensure the
assertion is made.
control_mappings:
BPB: B-S-1
CRA: 1.2b, 1.2f
SSDF: PO3.2, PS1, PW1.2, PW2.1
security_insights_value: # TODO

- id: OSPS-LE-02
- id: OSPS-LE-101
maturity_level: 1
criterion: |
The license for the source code MUST
Expand Down Expand Up @@ -69,7 +43,7 @@ criteria:
CSF: GV.OC-03
security_insights_value: # TODO

- id: OSPS-LE-03
- id: OSPS-LE-102
maturity_level: 1
criterion: |
The license for the source code MUST be
Expand All @@ -94,7 +68,7 @@ criteria:
SSDF: PO3.2
security_insights_value: # TODO

- id: OSPS-LE-04
- id: OSPS-LE-103
maturity_level: 1
criterion: |
The license for the released software assets
Expand Down Expand Up @@ -127,3 +101,29 @@ criteria:
SSDF: PO3.2
CSF: GV.OC-03
security_insights_value: # TODO

- id: OSPS-LE-201
maturity_level: 2
criterion: |
The version control system MUST require all
code contributors to assert that they are
legally authorized to commit the associated
contributions on every commit.
rationale: |
Ensure that code contributors are aware of
and acknowledge their legal responsibility
for the contributions they make to the
project, reducing the risk of intellectual
property disputes against the project.
details: |
Include a DCO or CLA in the project's
repository, requiring code contributors to
assert that they are legally authorized to
commit the associated contributions on every
commit. Use a status check to ensure the
assertion is made.
control_mappings:
BPB: B-S-1
CRA: 1.2b, 1.2f
SSDF: PO3.2, PS1, PW1.2, PW2.1
security_insights_value: # TODO