implement more checks #3
Description
non-exhaustive list of checks to implement:
- Has own project github organization
- Has .github repo
- Has .github/SECURITY.md file
- Uses otterdog
- Has default-security-policy blueprint
- Has add-dot-github-repo blueprint
- Number of commits ~1y
- Number of commit authors ~1y
- Number of repositories
- Number of inactive repositories
- Number of EF committers
- Number of inactive EF comitters
- Number of members in EF security team
- Is GitHub Private Vulnerability Reporting Enabled
- Number of vulnerability reports ~6m
- Number of Reports
- Number of CVEs
- Is Dependabot Security Alerts Enabled
- Number of Security Alerts resolved
- Number of Security Alerts unresolved
- Number of Security Alerts Critical
- Number of Security Alerts High
- Is automated SBOM generation enabled
- Outdated dependencies by time
- Secret Scanning
- ECA validation
- Number of releases ~1y
- Uses automated CI (GHA, Jenkins, Gitlab)
- Zizmor result
- Openssf Scorecard result