├── LICENSE ├── README.md ├── archive ├── 2025-09-16-npm-meeting.md ├── destf │ └── 2023-Q4-progress-report.md └── meetings │ └── 2023 │ ├── 2023-02-24.md │ ├── 2023-07-17.md │ ├── 2023-07-31.md │ ├── 2023-08-07.md │ ├── 2023-08-14.md │ ├── 2023-08-21.md │ ├── 2023-09-11.md │ ├── 2023-11-06.md │ ├── 2023-11-13.md │ └── 2023-12-04.md ├── docs ├── Badges │ └── best-practices-badge.md ├── CNA │ ├── cna-guide-for-openjs-cna-contributors.md │ └── cna-guide-for-openjs-maintainers.md ├── CVD_Guide │ ├── CVD-Step-by-Step-Runbook-and-Guide.md │ ├── Researcher-Communications-Primer.md │ ├── TEMPLATE-CVD-Step-by-Step-Runbook-Checklist.md │ ├── TEMPLATE-Minimal-VDP-Policy.md │ └── TEMPLATE-Recommended-VDP-Policy.md ├── OpenJS_Security_Compliance_Guidelines │ ├── v1 │ │ ├── categories.md │ │ ├── maintenance.md │ │ ├── priority_groups.md │ │ ├── priority_groups │ │ │ ├── Priority_Group_1.md │ │ │ ├── Priority_Group_10.md │ │ │ ├── Priority_Group_11.md │ │ │ ├── Priority_Group_12.md │ │ │ ├── Priority_Group_13 .md │ │ │ ├── Priority_Group_14.html │ │ │ ├── Priority_Group_14.md │ │ │ ├── Priority_Group_2.md │ │ │ ├── Priority_Group_3.md │ │ │ ├── Priority_Group_4.md │ │ │ ├── Priority_Group_5.md │ │ │ ├── Priority_Group_6.md │ │ │ ├── Priority_Group_7.md │ │ │ ├── Priority_Group_8.md │ │ │ ├── Priority_Group_9.md │ │ │ ├── Recommendation_Group_1.md │ │ │ ├── Recommendation_Group_2.md │ │ │ ├── Recommendation_Group_3.md │ │ │ ├── Recommendation_Group_4.md │ │ │ ├── Recommendation_Group_5.md │ │ │ ├── Recommendation_Group_6.md │ │ │ ├── Recommendation_Group_7.md │ │ │ ├── Recommendation_Group_8.md │ │ │ └── priority_group_0.md │ │ └── readme.md │ └── v2-DRAFT │ │ ├── README.md │ │ ├── context-CVDTool.md │ │ ├── context-GitHub.md │ │ ├── context-Project.md │ │ ├── context-npm.md │ │ ├── guidelines │ │ ├── branchProtection-adminOnlyRepoCreation.md │ │ ├── branchProtection-ghCommitChecksMustPass.md │ │ ├── branchProtection-ghCommitSignoffForWeb.md │ │ ├── branchProtection-ghDefaultBranchNoForcePush.md │ │ ├── branchProtection-ghDefaultBranchPreventDeletion.md │ │ ├── branchProtection-ghMergingRequiresPr.md │ │ ├── branchProtection-ghPreventAdminBypass.md │ │ ├── branchProtection-ghRequireSignedCommits.md │ │ ├── branchProtection-ghUpToDateDefaultBranchBeforeMerge.md │ │ ├── ciCdScanners-checkCommits4Creds.md │ │ ├── ciCdScanners-depMgmtOodNoVulns.md │ │ ├── ciCdScanners-depMgmtWithVulns.md │ │ ├── ciCdScanners-staticAppSecTesting.md │ │ ├── ciCdScanners-staticCodeAnalysis.md │ │ ├── configureMFA-npmUserWritesReqMFA.md │ │ ├── defineRolesAndPerms-ghDocRepoWriteAcces.md │ │ ├── defineRolesAndPerms-npmDocPublishAccess.md │ │ ├── enforceMFAonOrgs-ghOrgEnforceMFA.md │ │ ├── enforceMFAonOrgs-npmOrgEnforceMFA.md │ │ ├── freestandingApplications-appsOnlyIncludePackageLock.md │ │ ├── freestandingApplications-appsOnlyMmachineReadableDependencies.md │ │ ├── ghWorkflowSec-ghForkWorkflowApproval.md │ │ ├── ghWorkflowSec-ghNoArbitraryCodeInPipeline.md │ │ ├── ghWorkflowSec-ghNoSelfHostedRunners.md │ │ ├── ghWorkflowSec-ghPinActionsWithSecrets.md │ │ ├── ghWorkflowSec-ghPreventScriptInjection.md │ │ ├── ghWorkflowSec-ghVerifiedActionsOnly.md │ │ ├── governance-annualDependencyRefresh.md │ │ ├── governance-docIncidentResponsePlan.md │ │ ├── governance-ghOwnerContinuityPolicy.md │ │ ├── governance-securityPolicyMeetsStandards.md │ │ ├── limitOwnersAndAdmins-ghOrgOwners.md │ │ ├── limitOwnersAndAdmins-ghRepoAdmins.md │ │ ├── limitOwnersAndAdmins-npmNumMembers.md │ │ ├── limitOwnersAndAdmins-npmNumOrgAdmins.md │ │ ├── limitOwnersAndAdmins-npmNumOrgOwners.md │ │ ├── multiPartyReviews-ghCodeOwnerReviewForLargeTeams.md │ │ ├── multiPartyReviews-ghRequirePrApprovals.md │ │ ├── multiPartyReviews-ghTwoPartyReview.md │ │ ├── permsRequireActivity-activeGhAdmins.md │ │ ├── permsRequireActivity-activeGhWriteAccess.md │ │ ├── projectDocumentation-cicdPrePublishAutomation.md │ │ ├── projectDocumentation-docModifiedProjectDeps.md │ │ ├── projectDocumentation-docSoftwareArchitecture.md │ │ ├── projectDocumentation-upgradePathsForOlderReleases.md │ │ ├── properCredUse-credsNotInProjectRepoFiles.md │ │ ├── properCredUse-ghBlockCommitsWithCreds.md │ │ ├── properCredUse-ghDefaultTokenPermsReadOnly.md │ │ ├── properCredUse-ghInjectSecretsAtRuntime.md │ │ ├── properCredUse-ghOnlyJobsHaveWritePerms.md │ │ ├── properCredUse-ghRepoKeysHavePassphrase.md │ │ ├── properCredUse-ghRestrictSecretsToRepos.md │ │ ├── properCredUse-ghWebhooksUseSecrets.md │ │ ├── properCredUse-npmOnlyUseGranularAccessTokens.md │ │ ├── properCredUse-npmPackagePublishingAccess.md │ │ ├── properCredUse-npmPublishingWithMFA.md │ │ ├── releaseDocumentation-assignCVEForKnownVulns.md │ │ ├── releaseDocumentation-includeCVEInReleaseNotes.md │ │ ├── releaseDocumentation-releasesUseGitTags.md │ │ ├── securityTraining-owaspTop10Training.md │ │ ├── securityTraining-softwareDesignTraining.md │ │ ├── useCvdTools-noBountyBudget.md │ │ ├── useCvdTools-withBountyBudget.md │ │ ├── useHwOrPassKey-ghMFAUseHwKeyInteractive.md │ │ ├── useHwOrPassKey-ghMFAUseHwKeyNonInteractive.md │ │ ├── useHwOrPassKey-npmMFAUseHwKey.md │ │ ├── usePhishingResistentMFA-ghMFAphishingResistant.md │ │ ├── usePhishingResistentMFA-npmMFAphishingResistant.md │ │ ├── useRBACfeatures-ghOrgRestrictDefaultMemberPerms.md │ │ ├── useRBACfeatures-useGhOrgs.md │ │ ├── useRBACfeatures-useNpmOrgsTeams.md │ │ ├── vulnPrevention-regressionTestsForVulns.md │ │ ├── vulnRemediationTimelines-criticalVulns30Days.md │ │ ├── vulnRemediationTimelines-exploitableHighCritVulns14Days.md │ │ ├── vulnRemediationTimelines-exploitableNonCritVulns60Days.md │ │ ├── vulnRemediationTimelines-nonCriticalVulns90Days.md │ │ └── vulnRemediationTimelines-respond14Days.md │ │ ├── hierarchy1.md │ │ └── hierarchy2.md ├── SBOM │ └── OpenJS-SBOM-CSCRM-Challenges-Recommendations.md ├── Secure_Releases │ └── secure-releases.md └── npm-security-best-practices.md └── incident-response-plan.md /LICENSE: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/openjs-foundation/security-collab-space/HEAD/LICENSE -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/openjs-foundation/security-collab-space/HEAD/README.md -------------------------------------------------------------------------------- /archive/2025-09-16-npm-meeting.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/openjs-foundation/security-collab-space/HEAD/archive/2025-09-16-npm-meeting.md -------------------------------------------------------------------------------- /archive/destf/2023-Q4-progress-report.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/openjs-foundation/security-collab-space/HEAD/archive/destf/2023-Q4-progress-report.md -------------------------------------------------------------------------------- /archive/meetings/2023/2023-02-24.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/openjs-foundation/security-collab-space/HEAD/archive/meetings/2023/2023-02-24.md -------------------------------------------------------------------------------- /archive/meetings/2023/2023-07-17.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/openjs-foundation/security-collab-space/HEAD/archive/meetings/2023/2023-07-17.md -------------------------------------------------------------------------------- /archive/meetings/2023/2023-07-31.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/openjs-foundation/security-collab-space/HEAD/archive/meetings/2023/2023-07-31.md -------------------------------------------------------------------------------- /archive/meetings/2023/2023-08-07.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/openjs-foundation/security-collab-space/HEAD/archive/meetings/2023/2023-08-07.md -------------------------------------------------------------------------------- /archive/meetings/2023/2023-08-14.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/openjs-foundation/security-collab-space/HEAD/archive/meetings/2023/2023-08-14.md -------------------------------------------------------------------------------- /archive/meetings/2023/2023-08-21.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/openjs-foundation/security-collab-space/HEAD/archive/meetings/2023/2023-08-21.md -------------------------------------------------------------------------------- /archive/meetings/2023/2023-09-11.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/openjs-foundation/security-collab-space/HEAD/archive/meetings/2023/2023-09-11.md -------------------------------------------------------------------------------- /archive/meetings/2023/2023-11-06.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/openjs-foundation/security-collab-space/HEAD/archive/meetings/2023/2023-11-06.md -------------------------------------------------------------------------------- /archive/meetings/2023/2023-11-13.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/openjs-foundation/security-collab-space/HEAD/archive/meetings/2023/2023-11-13.md -------------------------------------------------------------------------------- /archive/meetings/2023/2023-12-04.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/openjs-foundation/security-collab-space/HEAD/archive/meetings/2023/2023-12-04.md -------------------------------------------------------------------------------- /docs/Badges/best-practices-badge.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/openjs-foundation/security-collab-space/HEAD/docs/Badges/best-practices-badge.md -------------------------------------------------------------------------------- /docs/CNA/cna-guide-for-openjs-cna-contributors.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/openjs-foundation/security-collab-space/HEAD/docs/CNA/cna-guide-for-openjs-cna-contributors.md -------------------------------------------------------------------------------- /docs/CNA/cna-guide-for-openjs-maintainers.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/openjs-foundation/security-collab-space/HEAD/docs/CNA/cna-guide-for-openjs-maintainers.md -------------------------------------------------------------------------------- /docs/CVD_Guide/CVD-Step-by-Step-Runbook-and-Guide.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/openjs-foundation/security-collab-space/HEAD/docs/CVD_Guide/CVD-Step-by-Step-Runbook-and-Guide.md -------------------------------------------------------------------------------- /docs/CVD_Guide/Researcher-Communications-Primer.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/openjs-foundation/security-collab-space/HEAD/docs/CVD_Guide/Researcher-Communications-Primer.md -------------------------------------------------------------------------------- /docs/CVD_Guide/TEMPLATE-CVD-Step-by-Step-Runbook-Checklist.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/openjs-foundation/security-collab-space/HEAD/docs/CVD_Guide/TEMPLATE-CVD-Step-by-Step-Runbook-Checklist.md -------------------------------------------------------------------------------- /docs/CVD_Guide/TEMPLATE-Minimal-VDP-Policy.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/openjs-foundation/security-collab-space/HEAD/docs/CVD_Guide/TEMPLATE-Minimal-VDP-Policy.md -------------------------------------------------------------------------------- /docs/CVD_Guide/TEMPLATE-Recommended-VDP-Policy.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/openjs-foundation/security-collab-space/HEAD/docs/CVD_Guide/TEMPLATE-Recommended-VDP-Policy.md -------------------------------------------------------------------------------- /docs/OpenJS_Security_Compliance_Guidelines/v1/categories.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/openjs-foundation/security-collab-space/HEAD/docs/OpenJS_Security_Compliance_Guidelines/v1/categories.md -------------------------------------------------------------------------------- /docs/OpenJS_Security_Compliance_Guidelines/v1/maintenance.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/openjs-foundation/security-collab-space/HEAD/docs/OpenJS_Security_Compliance_Guidelines/v1/maintenance.md -------------------------------------------------------------------------------- /docs/OpenJS_Security_Compliance_Guidelines/v1/priority_groups.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/openjs-foundation/security-collab-space/HEAD/docs/OpenJS_Security_Compliance_Guidelines/v1/priority_groups.md -------------------------------------------------------------------------------- /docs/OpenJS_Security_Compliance_Guidelines/v1/priority_groups/Priority_Group_1.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/openjs-foundation/security-collab-space/HEAD/docs/OpenJS_Security_Compliance_Guidelines/v1/priority_groups/Priority_Group_1.md -------------------------------------------------------------------------------- /docs/OpenJS_Security_Compliance_Guidelines/v1/priority_groups/Priority_Group_10.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/openjs-foundation/security-collab-space/HEAD/docs/OpenJS_Security_Compliance_Guidelines/v1/priority_groups/Priority_Group_10.md -------------------------------------------------------------------------------- /docs/OpenJS_Security_Compliance_Guidelines/v1/priority_groups/Priority_Group_11.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/openjs-foundation/security-collab-space/HEAD/docs/OpenJS_Security_Compliance_Guidelines/v1/priority_groups/Priority_Group_11.md -------------------------------------------------------------------------------- /docs/OpenJS_Security_Compliance_Guidelines/v1/priority_groups/Priority_Group_12.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/openjs-foundation/security-collab-space/HEAD/docs/OpenJS_Security_Compliance_Guidelines/v1/priority_groups/Priority_Group_12.md -------------------------------------------------------------------------------- /docs/OpenJS_Security_Compliance_Guidelines/v1/priority_groups/Priority_Group_13 .md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/openjs-foundation/security-collab-space/HEAD/docs/OpenJS_Security_Compliance_Guidelines/v1/priority_groups/Priority_Group_13 .md -------------------------------------------------------------------------------- /docs/OpenJS_Security_Compliance_Guidelines/v1/priority_groups/Priority_Group_14.html: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/openjs-foundation/security-collab-space/HEAD/docs/OpenJS_Security_Compliance_Guidelines/v1/priority_groups/Priority_Group_14.html -------------------------------------------------------------------------------- /docs/OpenJS_Security_Compliance_Guidelines/v1/priority_groups/Priority_Group_14.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/openjs-foundation/security-collab-space/HEAD/docs/OpenJS_Security_Compliance_Guidelines/v1/priority_groups/Priority_Group_14.md -------------------------------------------------------------------------------- /docs/OpenJS_Security_Compliance_Guidelines/v1/priority_groups/Priority_Group_2.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/openjs-foundation/security-collab-space/HEAD/docs/OpenJS_Security_Compliance_Guidelines/v1/priority_groups/Priority_Group_2.md -------------------------------------------------------------------------------- /docs/OpenJS_Security_Compliance_Guidelines/v1/priority_groups/Priority_Group_3.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/openjs-foundation/security-collab-space/HEAD/docs/OpenJS_Security_Compliance_Guidelines/v1/priority_groups/Priority_Group_3.md -------------------------------------------------------------------------------- /docs/OpenJS_Security_Compliance_Guidelines/v1/priority_groups/Priority_Group_4.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/openjs-foundation/security-collab-space/HEAD/docs/OpenJS_Security_Compliance_Guidelines/v1/priority_groups/Priority_Group_4.md -------------------------------------------------------------------------------- /docs/OpenJS_Security_Compliance_Guidelines/v1/priority_groups/Priority_Group_5.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/openjs-foundation/security-collab-space/HEAD/docs/OpenJS_Security_Compliance_Guidelines/v1/priority_groups/Priority_Group_5.md -------------------------------------------------------------------------------- /docs/OpenJS_Security_Compliance_Guidelines/v1/priority_groups/Priority_Group_6.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/openjs-foundation/security-collab-space/HEAD/docs/OpenJS_Security_Compliance_Guidelines/v1/priority_groups/Priority_Group_6.md -------------------------------------------------------------------------------- /docs/OpenJS_Security_Compliance_Guidelines/v1/priority_groups/Priority_Group_7.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/openjs-foundation/security-collab-space/HEAD/docs/OpenJS_Security_Compliance_Guidelines/v1/priority_groups/Priority_Group_7.md -------------------------------------------------------------------------------- /docs/OpenJS_Security_Compliance_Guidelines/v1/priority_groups/Priority_Group_8.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/openjs-foundation/security-collab-space/HEAD/docs/OpenJS_Security_Compliance_Guidelines/v1/priority_groups/Priority_Group_8.md -------------------------------------------------------------------------------- /docs/OpenJS_Security_Compliance_Guidelines/v1/priority_groups/Priority_Group_9.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/openjs-foundation/security-collab-space/HEAD/docs/OpenJS_Security_Compliance_Guidelines/v1/priority_groups/Priority_Group_9.md -------------------------------------------------------------------------------- /docs/OpenJS_Security_Compliance_Guidelines/v1/priority_groups/Recommendation_Group_1.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/openjs-foundation/security-collab-space/HEAD/docs/OpenJS_Security_Compliance_Guidelines/v1/priority_groups/Recommendation_Group_1.md -------------------------------------------------------------------------------- /docs/OpenJS_Security_Compliance_Guidelines/v1/priority_groups/Recommendation_Group_2.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/openjs-foundation/security-collab-space/HEAD/docs/OpenJS_Security_Compliance_Guidelines/v1/priority_groups/Recommendation_Group_2.md -------------------------------------------------------------------------------- /docs/OpenJS_Security_Compliance_Guidelines/v1/priority_groups/Recommendation_Group_3.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/openjs-foundation/security-collab-space/HEAD/docs/OpenJS_Security_Compliance_Guidelines/v1/priority_groups/Recommendation_Group_3.md -------------------------------------------------------------------------------- /docs/OpenJS_Security_Compliance_Guidelines/v1/priority_groups/Recommendation_Group_4.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/openjs-foundation/security-collab-space/HEAD/docs/OpenJS_Security_Compliance_Guidelines/v1/priority_groups/Recommendation_Group_4.md -------------------------------------------------------------------------------- /docs/OpenJS_Security_Compliance_Guidelines/v1/priority_groups/Recommendation_Group_5.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/openjs-foundation/security-collab-space/HEAD/docs/OpenJS_Security_Compliance_Guidelines/v1/priority_groups/Recommendation_Group_5.md -------------------------------------------------------------------------------- /docs/OpenJS_Security_Compliance_Guidelines/v1/priority_groups/Recommendation_Group_6.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/openjs-foundation/security-collab-space/HEAD/docs/OpenJS_Security_Compliance_Guidelines/v1/priority_groups/Recommendation_Group_6.md -------------------------------------------------------------------------------- /docs/OpenJS_Security_Compliance_Guidelines/v1/priority_groups/Recommendation_Group_7.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/openjs-foundation/security-collab-space/HEAD/docs/OpenJS_Security_Compliance_Guidelines/v1/priority_groups/Recommendation_Group_7.md -------------------------------------------------------------------------------- /docs/OpenJS_Security_Compliance_Guidelines/v1/priority_groups/Recommendation_Group_8.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/openjs-foundation/security-collab-space/HEAD/docs/OpenJS_Security_Compliance_Guidelines/v1/priority_groups/Recommendation_Group_8.md -------------------------------------------------------------------------------- /docs/OpenJS_Security_Compliance_Guidelines/v1/priority_groups/priority_group_0.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/openjs-foundation/security-collab-space/HEAD/docs/OpenJS_Security_Compliance_Guidelines/v1/priority_groups/priority_group_0.md -------------------------------------------------------------------------------- /docs/OpenJS_Security_Compliance_Guidelines/v1/readme.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/openjs-foundation/security-collab-space/HEAD/docs/OpenJS_Security_Compliance_Guidelines/v1/readme.md -------------------------------------------------------------------------------- /docs/OpenJS_Security_Compliance_Guidelines/v2-DRAFT/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/openjs-foundation/security-collab-space/HEAD/docs/OpenJS_Security_Compliance_Guidelines/v2-DRAFT/README.md -------------------------------------------------------------------------------- /docs/OpenJS_Security_Compliance_Guidelines/v2-DRAFT/context-CVDTool.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/openjs-foundation/security-collab-space/HEAD/docs/OpenJS_Security_Compliance_Guidelines/v2-DRAFT/context-CVDTool.md -------------------------------------------------------------------------------- /docs/OpenJS_Security_Compliance_Guidelines/v2-DRAFT/context-GitHub.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/openjs-foundation/security-collab-space/HEAD/docs/OpenJS_Security_Compliance_Guidelines/v2-DRAFT/context-GitHub.md -------------------------------------------------------------------------------- /docs/OpenJS_Security_Compliance_Guidelines/v2-DRAFT/context-Project.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/openjs-foundation/security-collab-space/HEAD/docs/OpenJS_Security_Compliance_Guidelines/v2-DRAFT/context-Project.md -------------------------------------------------------------------------------- /docs/OpenJS_Security_Compliance_Guidelines/v2-DRAFT/context-npm.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/openjs-foundation/security-collab-space/HEAD/docs/OpenJS_Security_Compliance_Guidelines/v2-DRAFT/context-npm.md -------------------------------------------------------------------------------- /docs/OpenJS_Security_Compliance_Guidelines/v2-DRAFT/guidelines/branchProtection-adminOnlyRepoCreation.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/openjs-foundation/security-collab-space/HEAD/docs/OpenJS_Security_Compliance_Guidelines/v2-DRAFT/guidelines/branchProtection-adminOnlyRepoCreation.md -------------------------------------------------------------------------------- /docs/OpenJS_Security_Compliance_Guidelines/v2-DRAFT/guidelines/branchProtection-ghCommitChecksMustPass.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/openjs-foundation/security-collab-space/HEAD/docs/OpenJS_Security_Compliance_Guidelines/v2-DRAFT/guidelines/branchProtection-ghCommitChecksMustPass.md -------------------------------------------------------------------------------- /docs/OpenJS_Security_Compliance_Guidelines/v2-DRAFT/guidelines/branchProtection-ghCommitSignoffForWeb.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/openjs-foundation/security-collab-space/HEAD/docs/OpenJS_Security_Compliance_Guidelines/v2-DRAFT/guidelines/branchProtection-ghCommitSignoffForWeb.md -------------------------------------------------------------------------------- /docs/OpenJS_Security_Compliance_Guidelines/v2-DRAFT/guidelines/branchProtection-ghDefaultBranchNoForcePush.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/openjs-foundation/security-collab-space/HEAD/docs/OpenJS_Security_Compliance_Guidelines/v2-DRAFT/guidelines/branchProtection-ghDefaultBranchNoForcePush.md -------------------------------------------------------------------------------- /docs/OpenJS_Security_Compliance_Guidelines/v2-DRAFT/guidelines/branchProtection-ghDefaultBranchPreventDeletion.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/openjs-foundation/security-collab-space/HEAD/docs/OpenJS_Security_Compliance_Guidelines/v2-DRAFT/guidelines/branchProtection-ghDefaultBranchPreventDeletion.md -------------------------------------------------------------------------------- /docs/OpenJS_Security_Compliance_Guidelines/v2-DRAFT/guidelines/branchProtection-ghMergingRequiresPr.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/openjs-foundation/security-collab-space/HEAD/docs/OpenJS_Security_Compliance_Guidelines/v2-DRAFT/guidelines/branchProtection-ghMergingRequiresPr.md -------------------------------------------------------------------------------- /docs/OpenJS_Security_Compliance_Guidelines/v2-DRAFT/guidelines/branchProtection-ghPreventAdminBypass.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/openjs-foundation/security-collab-space/HEAD/docs/OpenJS_Security_Compliance_Guidelines/v2-DRAFT/guidelines/branchProtection-ghPreventAdminBypass.md -------------------------------------------------------------------------------- /docs/OpenJS_Security_Compliance_Guidelines/v2-DRAFT/guidelines/branchProtection-ghRequireSignedCommits.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/openjs-foundation/security-collab-space/HEAD/docs/OpenJS_Security_Compliance_Guidelines/v2-DRAFT/guidelines/branchProtection-ghRequireSignedCommits.md -------------------------------------------------------------------------------- /docs/OpenJS_Security_Compliance_Guidelines/v2-DRAFT/guidelines/branchProtection-ghUpToDateDefaultBranchBeforeMerge.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/openjs-foundation/security-collab-space/HEAD/docs/OpenJS_Security_Compliance_Guidelines/v2-DRAFT/guidelines/branchProtection-ghUpToDateDefaultBranchBeforeMerge.md -------------------------------------------------------------------------------- /docs/OpenJS_Security_Compliance_Guidelines/v2-DRAFT/guidelines/ciCdScanners-checkCommits4Creds.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/openjs-foundation/security-collab-space/HEAD/docs/OpenJS_Security_Compliance_Guidelines/v2-DRAFT/guidelines/ciCdScanners-checkCommits4Creds.md -------------------------------------------------------------------------------- /docs/OpenJS_Security_Compliance_Guidelines/v2-DRAFT/guidelines/ciCdScanners-depMgmtOodNoVulns.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/openjs-foundation/security-collab-space/HEAD/docs/OpenJS_Security_Compliance_Guidelines/v2-DRAFT/guidelines/ciCdScanners-depMgmtOodNoVulns.md -------------------------------------------------------------------------------- /docs/OpenJS_Security_Compliance_Guidelines/v2-DRAFT/guidelines/ciCdScanners-depMgmtWithVulns.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/openjs-foundation/security-collab-space/HEAD/docs/OpenJS_Security_Compliance_Guidelines/v2-DRAFT/guidelines/ciCdScanners-depMgmtWithVulns.md -------------------------------------------------------------------------------- /docs/OpenJS_Security_Compliance_Guidelines/v2-DRAFT/guidelines/ciCdScanners-staticAppSecTesting.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/openjs-foundation/security-collab-space/HEAD/docs/OpenJS_Security_Compliance_Guidelines/v2-DRAFT/guidelines/ciCdScanners-staticAppSecTesting.md -------------------------------------------------------------------------------- /docs/OpenJS_Security_Compliance_Guidelines/v2-DRAFT/guidelines/ciCdScanners-staticCodeAnalysis.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/openjs-foundation/security-collab-space/HEAD/docs/OpenJS_Security_Compliance_Guidelines/v2-DRAFT/guidelines/ciCdScanners-staticCodeAnalysis.md -------------------------------------------------------------------------------- /docs/OpenJS_Security_Compliance_Guidelines/v2-DRAFT/guidelines/configureMFA-npmUserWritesReqMFA.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/openjs-foundation/security-collab-space/HEAD/docs/OpenJS_Security_Compliance_Guidelines/v2-DRAFT/guidelines/configureMFA-npmUserWritesReqMFA.md -------------------------------------------------------------------------------- /docs/OpenJS_Security_Compliance_Guidelines/v2-DRAFT/guidelines/defineRolesAndPerms-ghDocRepoWriteAcces.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/openjs-foundation/security-collab-space/HEAD/docs/OpenJS_Security_Compliance_Guidelines/v2-DRAFT/guidelines/defineRolesAndPerms-ghDocRepoWriteAcces.md -------------------------------------------------------------------------------- /docs/OpenJS_Security_Compliance_Guidelines/v2-DRAFT/guidelines/defineRolesAndPerms-npmDocPublishAccess.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/openjs-foundation/security-collab-space/HEAD/docs/OpenJS_Security_Compliance_Guidelines/v2-DRAFT/guidelines/defineRolesAndPerms-npmDocPublishAccess.md -------------------------------------------------------------------------------- /docs/OpenJS_Security_Compliance_Guidelines/v2-DRAFT/guidelines/enforceMFAonOrgs-ghOrgEnforceMFA.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/openjs-foundation/security-collab-space/HEAD/docs/OpenJS_Security_Compliance_Guidelines/v2-DRAFT/guidelines/enforceMFAonOrgs-ghOrgEnforceMFA.md -------------------------------------------------------------------------------- /docs/OpenJS_Security_Compliance_Guidelines/v2-DRAFT/guidelines/enforceMFAonOrgs-npmOrgEnforceMFA.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/openjs-foundation/security-collab-space/HEAD/docs/OpenJS_Security_Compliance_Guidelines/v2-DRAFT/guidelines/enforceMFAonOrgs-npmOrgEnforceMFA.md -------------------------------------------------------------------------------- /docs/OpenJS_Security_Compliance_Guidelines/v2-DRAFT/guidelines/freestandingApplications-appsOnlyIncludePackageLock.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/openjs-foundation/security-collab-space/HEAD/docs/OpenJS_Security_Compliance_Guidelines/v2-DRAFT/guidelines/freestandingApplications-appsOnlyIncludePackageLock.md -------------------------------------------------------------------------------- /docs/OpenJS_Security_Compliance_Guidelines/v2-DRAFT/guidelines/freestandingApplications-appsOnlyMmachineReadableDependencies.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/openjs-foundation/security-collab-space/HEAD/docs/OpenJS_Security_Compliance_Guidelines/v2-DRAFT/guidelines/freestandingApplications-appsOnlyMmachineReadableDependencies.md -------------------------------------------------------------------------------- /docs/OpenJS_Security_Compliance_Guidelines/v2-DRAFT/guidelines/ghWorkflowSec-ghForkWorkflowApproval.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/openjs-foundation/security-collab-space/HEAD/docs/OpenJS_Security_Compliance_Guidelines/v2-DRAFT/guidelines/ghWorkflowSec-ghForkWorkflowApproval.md -------------------------------------------------------------------------------- /docs/OpenJS_Security_Compliance_Guidelines/v2-DRAFT/guidelines/ghWorkflowSec-ghNoArbitraryCodeInPipeline.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/openjs-foundation/security-collab-space/HEAD/docs/OpenJS_Security_Compliance_Guidelines/v2-DRAFT/guidelines/ghWorkflowSec-ghNoArbitraryCodeInPipeline.md -------------------------------------------------------------------------------- /docs/OpenJS_Security_Compliance_Guidelines/v2-DRAFT/guidelines/ghWorkflowSec-ghNoSelfHostedRunners.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/openjs-foundation/security-collab-space/HEAD/docs/OpenJS_Security_Compliance_Guidelines/v2-DRAFT/guidelines/ghWorkflowSec-ghNoSelfHostedRunners.md -------------------------------------------------------------------------------- /docs/OpenJS_Security_Compliance_Guidelines/v2-DRAFT/guidelines/ghWorkflowSec-ghPinActionsWithSecrets.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/openjs-foundation/security-collab-space/HEAD/docs/OpenJS_Security_Compliance_Guidelines/v2-DRAFT/guidelines/ghWorkflowSec-ghPinActionsWithSecrets.md -------------------------------------------------------------------------------- /docs/OpenJS_Security_Compliance_Guidelines/v2-DRAFT/guidelines/ghWorkflowSec-ghPreventScriptInjection.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/openjs-foundation/security-collab-space/HEAD/docs/OpenJS_Security_Compliance_Guidelines/v2-DRAFT/guidelines/ghWorkflowSec-ghPreventScriptInjection.md -------------------------------------------------------------------------------- /docs/OpenJS_Security_Compliance_Guidelines/v2-DRAFT/guidelines/ghWorkflowSec-ghVerifiedActionsOnly.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/openjs-foundation/security-collab-space/HEAD/docs/OpenJS_Security_Compliance_Guidelines/v2-DRAFT/guidelines/ghWorkflowSec-ghVerifiedActionsOnly.md -------------------------------------------------------------------------------- /docs/OpenJS_Security_Compliance_Guidelines/v2-DRAFT/guidelines/governance-annualDependencyRefresh.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/openjs-foundation/security-collab-space/HEAD/docs/OpenJS_Security_Compliance_Guidelines/v2-DRAFT/guidelines/governance-annualDependencyRefresh.md -------------------------------------------------------------------------------- /docs/OpenJS_Security_Compliance_Guidelines/v2-DRAFT/guidelines/governance-docIncidentResponsePlan.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/openjs-foundation/security-collab-space/HEAD/docs/OpenJS_Security_Compliance_Guidelines/v2-DRAFT/guidelines/governance-docIncidentResponsePlan.md -------------------------------------------------------------------------------- /docs/OpenJS_Security_Compliance_Guidelines/v2-DRAFT/guidelines/governance-ghOwnerContinuityPolicy.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/openjs-foundation/security-collab-space/HEAD/docs/OpenJS_Security_Compliance_Guidelines/v2-DRAFT/guidelines/governance-ghOwnerContinuityPolicy.md -------------------------------------------------------------------------------- /docs/OpenJS_Security_Compliance_Guidelines/v2-DRAFT/guidelines/governance-securityPolicyMeetsStandards.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/openjs-foundation/security-collab-space/HEAD/docs/OpenJS_Security_Compliance_Guidelines/v2-DRAFT/guidelines/governance-securityPolicyMeetsStandards.md -------------------------------------------------------------------------------- /docs/OpenJS_Security_Compliance_Guidelines/v2-DRAFT/guidelines/limitOwnersAndAdmins-ghOrgOwners.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/openjs-foundation/security-collab-space/HEAD/docs/OpenJS_Security_Compliance_Guidelines/v2-DRAFT/guidelines/limitOwnersAndAdmins-ghOrgOwners.md -------------------------------------------------------------------------------- /docs/OpenJS_Security_Compliance_Guidelines/v2-DRAFT/guidelines/limitOwnersAndAdmins-ghRepoAdmins.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/openjs-foundation/security-collab-space/HEAD/docs/OpenJS_Security_Compliance_Guidelines/v2-DRAFT/guidelines/limitOwnersAndAdmins-ghRepoAdmins.md -------------------------------------------------------------------------------- /docs/OpenJS_Security_Compliance_Guidelines/v2-DRAFT/guidelines/limitOwnersAndAdmins-npmNumMembers.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/openjs-foundation/security-collab-space/HEAD/docs/OpenJS_Security_Compliance_Guidelines/v2-DRAFT/guidelines/limitOwnersAndAdmins-npmNumMembers.md -------------------------------------------------------------------------------- /docs/OpenJS_Security_Compliance_Guidelines/v2-DRAFT/guidelines/limitOwnersAndAdmins-npmNumOrgAdmins.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/openjs-foundation/security-collab-space/HEAD/docs/OpenJS_Security_Compliance_Guidelines/v2-DRAFT/guidelines/limitOwnersAndAdmins-npmNumOrgAdmins.md -------------------------------------------------------------------------------- /docs/OpenJS_Security_Compliance_Guidelines/v2-DRAFT/guidelines/limitOwnersAndAdmins-npmNumOrgOwners.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/openjs-foundation/security-collab-space/HEAD/docs/OpenJS_Security_Compliance_Guidelines/v2-DRAFT/guidelines/limitOwnersAndAdmins-npmNumOrgOwners.md -------------------------------------------------------------------------------- /docs/OpenJS_Security_Compliance_Guidelines/v2-DRAFT/guidelines/multiPartyReviews-ghCodeOwnerReviewForLargeTeams.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/openjs-foundation/security-collab-space/HEAD/docs/OpenJS_Security_Compliance_Guidelines/v2-DRAFT/guidelines/multiPartyReviews-ghCodeOwnerReviewForLargeTeams.md -------------------------------------------------------------------------------- /docs/OpenJS_Security_Compliance_Guidelines/v2-DRAFT/guidelines/multiPartyReviews-ghRequirePrApprovals.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/openjs-foundation/security-collab-space/HEAD/docs/OpenJS_Security_Compliance_Guidelines/v2-DRAFT/guidelines/multiPartyReviews-ghRequirePrApprovals.md -------------------------------------------------------------------------------- /docs/OpenJS_Security_Compliance_Guidelines/v2-DRAFT/guidelines/multiPartyReviews-ghTwoPartyReview.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/openjs-foundation/security-collab-space/HEAD/docs/OpenJS_Security_Compliance_Guidelines/v2-DRAFT/guidelines/multiPartyReviews-ghTwoPartyReview.md -------------------------------------------------------------------------------- /docs/OpenJS_Security_Compliance_Guidelines/v2-DRAFT/guidelines/permsRequireActivity-activeGhAdmins.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/openjs-foundation/security-collab-space/HEAD/docs/OpenJS_Security_Compliance_Guidelines/v2-DRAFT/guidelines/permsRequireActivity-activeGhAdmins.md -------------------------------------------------------------------------------- /docs/OpenJS_Security_Compliance_Guidelines/v2-DRAFT/guidelines/permsRequireActivity-activeGhWriteAccess.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/openjs-foundation/security-collab-space/HEAD/docs/OpenJS_Security_Compliance_Guidelines/v2-DRAFT/guidelines/permsRequireActivity-activeGhWriteAccess.md -------------------------------------------------------------------------------- /docs/OpenJS_Security_Compliance_Guidelines/v2-DRAFT/guidelines/projectDocumentation-cicdPrePublishAutomation.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/openjs-foundation/security-collab-space/HEAD/docs/OpenJS_Security_Compliance_Guidelines/v2-DRAFT/guidelines/projectDocumentation-cicdPrePublishAutomation.md -------------------------------------------------------------------------------- /docs/OpenJS_Security_Compliance_Guidelines/v2-DRAFT/guidelines/projectDocumentation-docModifiedProjectDeps.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/openjs-foundation/security-collab-space/HEAD/docs/OpenJS_Security_Compliance_Guidelines/v2-DRAFT/guidelines/projectDocumentation-docModifiedProjectDeps.md -------------------------------------------------------------------------------- /docs/OpenJS_Security_Compliance_Guidelines/v2-DRAFT/guidelines/projectDocumentation-docSoftwareArchitecture.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/openjs-foundation/security-collab-space/HEAD/docs/OpenJS_Security_Compliance_Guidelines/v2-DRAFT/guidelines/projectDocumentation-docSoftwareArchitecture.md -------------------------------------------------------------------------------- /docs/OpenJS_Security_Compliance_Guidelines/v2-DRAFT/guidelines/projectDocumentation-upgradePathsForOlderReleases.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/openjs-foundation/security-collab-space/HEAD/docs/OpenJS_Security_Compliance_Guidelines/v2-DRAFT/guidelines/projectDocumentation-upgradePathsForOlderReleases.md -------------------------------------------------------------------------------- /docs/OpenJS_Security_Compliance_Guidelines/v2-DRAFT/guidelines/properCredUse-credsNotInProjectRepoFiles.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/openjs-foundation/security-collab-space/HEAD/docs/OpenJS_Security_Compliance_Guidelines/v2-DRAFT/guidelines/properCredUse-credsNotInProjectRepoFiles.md -------------------------------------------------------------------------------- /docs/OpenJS_Security_Compliance_Guidelines/v2-DRAFT/guidelines/properCredUse-ghBlockCommitsWithCreds.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/openjs-foundation/security-collab-space/HEAD/docs/OpenJS_Security_Compliance_Guidelines/v2-DRAFT/guidelines/properCredUse-ghBlockCommitsWithCreds.md -------------------------------------------------------------------------------- /docs/OpenJS_Security_Compliance_Guidelines/v2-DRAFT/guidelines/properCredUse-ghDefaultTokenPermsReadOnly.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/openjs-foundation/security-collab-space/HEAD/docs/OpenJS_Security_Compliance_Guidelines/v2-DRAFT/guidelines/properCredUse-ghDefaultTokenPermsReadOnly.md -------------------------------------------------------------------------------- /docs/OpenJS_Security_Compliance_Guidelines/v2-DRAFT/guidelines/properCredUse-ghInjectSecretsAtRuntime.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/openjs-foundation/security-collab-space/HEAD/docs/OpenJS_Security_Compliance_Guidelines/v2-DRAFT/guidelines/properCredUse-ghInjectSecretsAtRuntime.md -------------------------------------------------------------------------------- /docs/OpenJS_Security_Compliance_Guidelines/v2-DRAFT/guidelines/properCredUse-ghOnlyJobsHaveWritePerms.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/openjs-foundation/security-collab-space/HEAD/docs/OpenJS_Security_Compliance_Guidelines/v2-DRAFT/guidelines/properCredUse-ghOnlyJobsHaveWritePerms.md -------------------------------------------------------------------------------- /docs/OpenJS_Security_Compliance_Guidelines/v2-DRAFT/guidelines/properCredUse-ghRepoKeysHavePassphrase.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/openjs-foundation/security-collab-space/HEAD/docs/OpenJS_Security_Compliance_Guidelines/v2-DRAFT/guidelines/properCredUse-ghRepoKeysHavePassphrase.md -------------------------------------------------------------------------------- /docs/OpenJS_Security_Compliance_Guidelines/v2-DRAFT/guidelines/properCredUse-ghRestrictSecretsToRepos.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/openjs-foundation/security-collab-space/HEAD/docs/OpenJS_Security_Compliance_Guidelines/v2-DRAFT/guidelines/properCredUse-ghRestrictSecretsToRepos.md -------------------------------------------------------------------------------- /docs/OpenJS_Security_Compliance_Guidelines/v2-DRAFT/guidelines/properCredUse-ghWebhooksUseSecrets.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/openjs-foundation/security-collab-space/HEAD/docs/OpenJS_Security_Compliance_Guidelines/v2-DRAFT/guidelines/properCredUse-ghWebhooksUseSecrets.md -------------------------------------------------------------------------------- /docs/OpenJS_Security_Compliance_Guidelines/v2-DRAFT/guidelines/properCredUse-npmOnlyUseGranularAccessTokens.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/openjs-foundation/security-collab-space/HEAD/docs/OpenJS_Security_Compliance_Guidelines/v2-DRAFT/guidelines/properCredUse-npmOnlyUseGranularAccessTokens.md -------------------------------------------------------------------------------- /docs/OpenJS_Security_Compliance_Guidelines/v2-DRAFT/guidelines/properCredUse-npmPackagePublishingAccess.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/openjs-foundation/security-collab-space/HEAD/docs/OpenJS_Security_Compliance_Guidelines/v2-DRAFT/guidelines/properCredUse-npmPackagePublishingAccess.md -------------------------------------------------------------------------------- /docs/OpenJS_Security_Compliance_Guidelines/v2-DRAFT/guidelines/properCredUse-npmPublishingWithMFA.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/openjs-foundation/security-collab-space/HEAD/docs/OpenJS_Security_Compliance_Guidelines/v2-DRAFT/guidelines/properCredUse-npmPublishingWithMFA.md -------------------------------------------------------------------------------- /docs/OpenJS_Security_Compliance_Guidelines/v2-DRAFT/guidelines/releaseDocumentation-assignCVEForKnownVulns.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/openjs-foundation/security-collab-space/HEAD/docs/OpenJS_Security_Compliance_Guidelines/v2-DRAFT/guidelines/releaseDocumentation-assignCVEForKnownVulns.md -------------------------------------------------------------------------------- /docs/OpenJS_Security_Compliance_Guidelines/v2-DRAFT/guidelines/releaseDocumentation-includeCVEInReleaseNotes.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/openjs-foundation/security-collab-space/HEAD/docs/OpenJS_Security_Compliance_Guidelines/v2-DRAFT/guidelines/releaseDocumentation-includeCVEInReleaseNotes.md -------------------------------------------------------------------------------- /docs/OpenJS_Security_Compliance_Guidelines/v2-DRAFT/guidelines/releaseDocumentation-releasesUseGitTags.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/openjs-foundation/security-collab-space/HEAD/docs/OpenJS_Security_Compliance_Guidelines/v2-DRAFT/guidelines/releaseDocumentation-releasesUseGitTags.md -------------------------------------------------------------------------------- /docs/OpenJS_Security_Compliance_Guidelines/v2-DRAFT/guidelines/securityTraining-owaspTop10Training.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/openjs-foundation/security-collab-space/HEAD/docs/OpenJS_Security_Compliance_Guidelines/v2-DRAFT/guidelines/securityTraining-owaspTop10Training.md -------------------------------------------------------------------------------- /docs/OpenJS_Security_Compliance_Guidelines/v2-DRAFT/guidelines/securityTraining-softwareDesignTraining.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/openjs-foundation/security-collab-space/HEAD/docs/OpenJS_Security_Compliance_Guidelines/v2-DRAFT/guidelines/securityTraining-softwareDesignTraining.md -------------------------------------------------------------------------------- /docs/OpenJS_Security_Compliance_Guidelines/v2-DRAFT/guidelines/useCvdTools-noBountyBudget.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/openjs-foundation/security-collab-space/HEAD/docs/OpenJS_Security_Compliance_Guidelines/v2-DRAFT/guidelines/useCvdTools-noBountyBudget.md -------------------------------------------------------------------------------- /docs/OpenJS_Security_Compliance_Guidelines/v2-DRAFT/guidelines/useCvdTools-withBountyBudget.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/openjs-foundation/security-collab-space/HEAD/docs/OpenJS_Security_Compliance_Guidelines/v2-DRAFT/guidelines/useCvdTools-withBountyBudget.md -------------------------------------------------------------------------------- /docs/OpenJS_Security_Compliance_Guidelines/v2-DRAFT/guidelines/useHwOrPassKey-ghMFAUseHwKeyInteractive.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/openjs-foundation/security-collab-space/HEAD/docs/OpenJS_Security_Compliance_Guidelines/v2-DRAFT/guidelines/useHwOrPassKey-ghMFAUseHwKeyInteractive.md -------------------------------------------------------------------------------- /docs/OpenJS_Security_Compliance_Guidelines/v2-DRAFT/guidelines/useHwOrPassKey-ghMFAUseHwKeyNonInteractive.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/openjs-foundation/security-collab-space/HEAD/docs/OpenJS_Security_Compliance_Guidelines/v2-DRAFT/guidelines/useHwOrPassKey-ghMFAUseHwKeyNonInteractive.md -------------------------------------------------------------------------------- /docs/OpenJS_Security_Compliance_Guidelines/v2-DRAFT/guidelines/useHwOrPassKey-npmMFAUseHwKey.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/openjs-foundation/security-collab-space/HEAD/docs/OpenJS_Security_Compliance_Guidelines/v2-DRAFT/guidelines/useHwOrPassKey-npmMFAUseHwKey.md -------------------------------------------------------------------------------- /docs/OpenJS_Security_Compliance_Guidelines/v2-DRAFT/guidelines/usePhishingResistentMFA-ghMFAphishingResistant.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/openjs-foundation/security-collab-space/HEAD/docs/OpenJS_Security_Compliance_Guidelines/v2-DRAFT/guidelines/usePhishingResistentMFA-ghMFAphishingResistant.md -------------------------------------------------------------------------------- /docs/OpenJS_Security_Compliance_Guidelines/v2-DRAFT/guidelines/usePhishingResistentMFA-npmMFAphishingResistant.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/openjs-foundation/security-collab-space/HEAD/docs/OpenJS_Security_Compliance_Guidelines/v2-DRAFT/guidelines/usePhishingResistentMFA-npmMFAphishingResistant.md -------------------------------------------------------------------------------- /docs/OpenJS_Security_Compliance_Guidelines/v2-DRAFT/guidelines/useRBACfeatures-ghOrgRestrictDefaultMemberPerms.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/openjs-foundation/security-collab-space/HEAD/docs/OpenJS_Security_Compliance_Guidelines/v2-DRAFT/guidelines/useRBACfeatures-ghOrgRestrictDefaultMemberPerms.md -------------------------------------------------------------------------------- /docs/OpenJS_Security_Compliance_Guidelines/v2-DRAFT/guidelines/useRBACfeatures-useGhOrgs.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/openjs-foundation/security-collab-space/HEAD/docs/OpenJS_Security_Compliance_Guidelines/v2-DRAFT/guidelines/useRBACfeatures-useGhOrgs.md -------------------------------------------------------------------------------- /docs/OpenJS_Security_Compliance_Guidelines/v2-DRAFT/guidelines/useRBACfeatures-useNpmOrgsTeams.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/openjs-foundation/security-collab-space/HEAD/docs/OpenJS_Security_Compliance_Guidelines/v2-DRAFT/guidelines/useRBACfeatures-useNpmOrgsTeams.md -------------------------------------------------------------------------------- /docs/OpenJS_Security_Compliance_Guidelines/v2-DRAFT/guidelines/vulnPrevention-regressionTestsForVulns.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/openjs-foundation/security-collab-space/HEAD/docs/OpenJS_Security_Compliance_Guidelines/v2-DRAFT/guidelines/vulnPrevention-regressionTestsForVulns.md -------------------------------------------------------------------------------- /docs/OpenJS_Security_Compliance_Guidelines/v2-DRAFT/guidelines/vulnRemediationTimelines-criticalVulns30Days.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/openjs-foundation/security-collab-space/HEAD/docs/OpenJS_Security_Compliance_Guidelines/v2-DRAFT/guidelines/vulnRemediationTimelines-criticalVulns30Days.md -------------------------------------------------------------------------------- /docs/OpenJS_Security_Compliance_Guidelines/v2-DRAFT/guidelines/vulnRemediationTimelines-exploitableHighCritVulns14Days.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/openjs-foundation/security-collab-space/HEAD/docs/OpenJS_Security_Compliance_Guidelines/v2-DRAFT/guidelines/vulnRemediationTimelines-exploitableHighCritVulns14Days.md -------------------------------------------------------------------------------- /docs/OpenJS_Security_Compliance_Guidelines/v2-DRAFT/guidelines/vulnRemediationTimelines-exploitableNonCritVulns60Days.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/openjs-foundation/security-collab-space/HEAD/docs/OpenJS_Security_Compliance_Guidelines/v2-DRAFT/guidelines/vulnRemediationTimelines-exploitableNonCritVulns60Days.md -------------------------------------------------------------------------------- /docs/OpenJS_Security_Compliance_Guidelines/v2-DRAFT/guidelines/vulnRemediationTimelines-nonCriticalVulns90Days.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/openjs-foundation/security-collab-space/HEAD/docs/OpenJS_Security_Compliance_Guidelines/v2-DRAFT/guidelines/vulnRemediationTimelines-nonCriticalVulns90Days.md -------------------------------------------------------------------------------- /docs/OpenJS_Security_Compliance_Guidelines/v2-DRAFT/guidelines/vulnRemediationTimelines-respond14Days.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/openjs-foundation/security-collab-space/HEAD/docs/OpenJS_Security_Compliance_Guidelines/v2-DRAFT/guidelines/vulnRemediationTimelines-respond14Days.md -------------------------------------------------------------------------------- /docs/OpenJS_Security_Compliance_Guidelines/v2-DRAFT/hierarchy1.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/openjs-foundation/security-collab-space/HEAD/docs/OpenJS_Security_Compliance_Guidelines/v2-DRAFT/hierarchy1.md -------------------------------------------------------------------------------- /docs/OpenJS_Security_Compliance_Guidelines/v2-DRAFT/hierarchy2.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/openjs-foundation/security-collab-space/HEAD/docs/OpenJS_Security_Compliance_Guidelines/v2-DRAFT/hierarchy2.md -------------------------------------------------------------------------------- /docs/SBOM/OpenJS-SBOM-CSCRM-Challenges-Recommendations.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/openjs-foundation/security-collab-space/HEAD/docs/SBOM/OpenJS-SBOM-CSCRM-Challenges-Recommendations.md -------------------------------------------------------------------------------- /docs/Secure_Releases/secure-releases.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/openjs-foundation/security-collab-space/HEAD/docs/Secure_Releases/secure-releases.md -------------------------------------------------------------------------------- /docs/npm-security-best-practices.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/openjs-foundation/security-collab-space/HEAD/docs/npm-security-best-practices.md -------------------------------------------------------------------------------- /incident-response-plan.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/openjs-foundation/security-collab-space/HEAD/incident-response-plan.md --------------------------------------------------------------------------------