Content Comparison

Project Vitals

Project Data Template (currently used both for induction and health review)

LFN Lifecycle states and guidelines (metrics per lifecycle stage)

LFN Security Forum Best Practices

Best Practices

Passing badge

Scorecard

Project Name

☑️

README-template.md

Project Creation Date

☑️

Project License

☑️

LICENSE; README-template.md

^{[floss_license][floss_license_osi][license_location]}

Community Size

☑️

Contributing organizations (Diversity)

☑️

☑️

Number of contributors

☑️

Legal Details and checks

Lifecycle Stage

☑️

Release schedule

☑️

Adoption

☑️

Project & Community Resources

^[discussion]

Website

☑️

README.md

^{[description_good]}

Wiki

☑️

README.md

Mailing List

☑️

README.md

Slack

☑️

README.md

Community Meetings

☑️

README.md

Project Governance

TSC/TOC

☑️

☑️

GOVERNANCE.md; GOVERNANCE-elections.md; GOVERNANCE-maintainer.md; 

Charter

☑️

Code of Conduct

☑️

CODE_OF_CONDUCT.md; README.md

How to contribute

☑️

☑️

CONTRIBUTING.md; README.md

^[interact]; ^{[contribution];}[contribution_requirements]

Project Roles

☑️

☑️

CONTRIBUTOR_LADDER.md

Maintainers

☑️

☑️

MAINTAINERS.md

How to Review

☑️

☑️

REVIEWING.md

Adding/Removing PTLs

☑️

☑️

MAINTAINERS.md ??

Sub-Project Lifecycle

☑️

☑️

GOVERNANCE-subprojects.md

Dispute Resolution

☑️

Adding/removing committers

☑️

☑️

Sub-projects without a lead

☑️

Documentation

^[english]

Technical Documentation

☑️

☑️

^{[documentation_basics]}[documentation_interface]

Contributor onboarding Documentation

☑️

^[interact]; ^{[contribution]}[contribution_requirements]

Company Diversity (past 12 months)

☑️

Number of Contributors

☑️

Release Management

☑️

^{[version_unique][version_semver]}[version_tags]^{[release_notes]}[release_notes_vulns]

CI CD integration

☑️

^[build];[build_common_tools][build_floss_tools]

Adoption

☑️

Security Design Principals

☑️

Use Case/ Problem Statement

Problem that project solves

☑️

README.md

^{[description_good]}

Use Cases Scenarios

☑️

README.md

Infrastructure Tooling

Wiki

☑️

Repos

☑️

[repo_public]^{[repo_track][repo_interim][repo_distributed]}

Bug Tracking tool

☑️

[report_tracker]

Code review

☑️

Documentation

☑️

CI/CD tooling

☑️

^[build];[build_common_tools][build_floss_tools]

Collaboration Tooling

☑️

Roadmap

Roadmap Guide

Near/long-term objectives

☑️

Milestones

☑️

Risks/Challenges

☑️

Timeline

☑️

Security Best Practices

Security Guidelines for New Projects

Security Contacts

SECURITY-CONTACTS.md

Security Policy

SECURITY.md

[know_secure_design][know_common_errors]

Code Scanning

☑️

Seed code handoff

☑️

Coding Standards

☑️

☑️

^{[warnings][warnings_fixed][warnings_strict]}

Security design principals

☑️

OSSF Scorecard; OSSF Best Practices

Vulnerability Reporting

☑️

SECURITY.md; incident-response.md

[release_notes_vulns]^{[vulnerability_report_process][vulnerability_report_private]}[vulnerability_report_response]

Bug reporting

[report_process]^{[report_tracker][report_responses][enhancement_responses]}[report_archive]

Demonstrate Security Awareness

☑️

all of this column.

Practice Secure Lifecycle Management (per release)

☑️

cryptographic practices

Security Documentation

☑️

CI/CD best practices

☑️

Secure project architecture

☑️

[sites_https]

Supply Chain Security

☑️

CNCF Supply Chain Security

SBOM creation

☑️

Automated Test Suite

☑️

[test][test_invocation]^[test_most][test_continuous_integration]; [test_policy][tests_are_added][tests_documented_added]