Implement OSPS-VM-05

The following test requirements need to be implemented:

- [ ] While active, the project documentation MUST include a policy that defines a threshold for remediation of SCA findings related to vulnerabilities and licenses.
- [ ] While active, the project documentation MUST include a policy to address SCA violations prior to any release.
- [ ] While active, all changes to the project's codebase MUST be automatically evaluated against a documented policy for malicious dependencies and known vulnerabilities in dependencies, then blocked in the event of violations, except when declared and suppressed as non-exploitable.

[OSPS-VM-05 Docs](https://baseline.openssf.org/versions/2025-02-25#osps-vm-0501:~:text=2.1%2C%202.4%2C%202.6-,OSPS%2DVM%2D05,-%2D%20The%20project%20MUST)

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Implement OSPS-VM-05 #35

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Implement OSPS-VM-05 #35

Description

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions