Skip to content

docs: prepare OpenSSF Silver readiness evidence#200

Open
TFT444 wants to merge 1 commit into
devfrom
docs/199-openssf-silver-readiness
Open

docs: prepare OpenSSF Silver readiness evidence#200
TFT444 wants to merge 1 commit into
devfrom
docs/199-openssf-silver-readiness

Conversation

@TFT444

@TFT444 TFT444 commented Jul 16, 2026

Copy link
Copy Markdown
Collaborator

Summary

Builds the repository-controlled foundation for OpenSSF Best Practices Silver issue #199 without claiming criteria that require owner or operational confirmation.

Governance and public evidence

  • adds governance, maintainer responsibility, continuity, 12-month roadmap, support and upgrade documentation
  • documents security requirements, threat model, trust boundaries and a structured assurance case
  • adds release-security, accessibility/i18n and vulnerability-credit records
  • adds a criterion-by-criterion Silver evidence register separating ready evidence, gaps, owner actions and likely N/A answers
  • records a preliminary six-month regression-test audit

Technical readiness

  • raises the API/scanner coverage gate from 25% to the Silver requirement of 80%
  • adds direct AzureClient management-wrapper tests; measured local coverage is 82.2%
  • changes frontend lint to fail on warnings and resolves the four existing React hook warnings
  • reconciles public documentation and website inventory with the current 51 rules and 51 playbooks
  • updates supported-version guidance

Owner actions deliberately not claimed

The following remain open for the project lead:

  • confirm real access continuity and bus factor, not only documented roles
  • approve and enforce DCO or another contribution authorization mechanism
  • select and operate release signing/attestation and important tag signing
  • confirm vulnerability acknowledgement history and regression-test evidence
  • complete accessibility, input-validation, algorithm-agility and reproducibility reviews
  • enter reviewed evidence into the official OpenSSF assessment

Validation

  • 382 tests passed with 82.2% API/scanner statement coverage (--cov-fail-under=80)
  • Ruff passes
  • frontend ESLint passes with zero warnings
  • frontend production build passes
  • website security tests pass
  • all workflow YAML parses successfully
  • website and repository rule inventories both report 51 rules
  • git diff --check passes

Advances #199

@github-actions

Copy link
Copy Markdown

Dependency Review

✅ No vulnerabilities or license issues or OpenSSF Scorecard issues found.

Scanned Files

None

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant