Backlog: Adopt Security Best Practices #6027
Description
Hey team! 👋
As discussed recently, here’s a coordinated effort to adopt security best practices 🔐
✅ Current PRs
- Configure
DependabotRenovate:Add dependabot #6029Add Renovate #6039 - Add Dependency Review tool: feat: add dependency review tool #6031
- List security team members: Account for governance and maturity stage transition #6036
- Add a Threat Model: security: Include a threat model #6026
- Include CNA Escalation in the
SECURITY.md: docs: add security escalation policy #6025 - Add Incident Response Plan (IRP): Incident Response Plan #6028
- Proactively report the OSSF Scorecard results: Add support for OSSF scorecard reporting #6030
- Enable CodeQL: feat: add CodeQL #6032
💬 Open Questions
- In the IRP is included a reference to the Security Triage Team. I will start to work on a proposal to define that team responsibilities and resources (slack channel, private repo...) as described in the IRP proposal (Incident Response Plan #6028).
🔖 Important
Let’s use this thread to discuss general Security Best Practices topics, and keep implementation details within each PR for better tracking and organization.