Content Comparison

...

Quality Goal	LFN Wiki			CNCF templates	OpenSSF
Project Vitals	Project Data Template (currently used both for induction and health review*)	LFN Lifecycle states and guidelines (metrics per lifecycle stage)	LFN Security Forum Best Practices		Best Practices Passing badge	Scorecard
Project Name	☑️			README-template.md
Project Creation Date	☑️
Project License	☑️			LICENSE; README-template.md	^[^{floss_license}^][^{floss_license_osi}^][^{license_location}^]
Community Size	☑️
Contributing organizations (Diversity)	☑️	☑️
Number of contributors		☑️
Legal Details and checks
Lifecycle Stage	☑️
Release schedule	☑️
Adoption		☑️
Project & Community Resources					^[^discussion^]
Website	☑️			README.md	^[^{description_good}^]
Wiki	☑️			README.md
Mailing List	☑️			README.md
Slack	☑️			README.md
Community Meetings	☑️			README.md
Project Governance
TSC/TOC	☑️	☑️		GOVERNANCE.md; GOVERNANCE-elections.md; GOVERNANCE-maintainer.md;
Charter	☑️
Code of Conduct	☑️			CODE_OF_CONDUCT.md; README.md
How to contribute	☑️	☑️		CONTRIBUTING.md; README.md	^[^interact^]; ^[^contribution^];[contribution_requirements]
Project Roles	☑️	☑️		CONTRIBUTOR_LADDER.md
Maintainers	☑️	☑️		MAINTAINERS.md
How to Review	☑️	☑️		REVIEWING.md
Adding/Removing PTLs	☑️	☑️		MAINTAINERS.md ??
Sub-Project Lifecycle	☑️	☑️		GOVERNANCE-subprojects.md
Dispute Resolution		☑️
Adding/removing committers	☑️	☑️
Sub-projects without a lead		☑️
Documentation					^[^english^]
Technical Documentation	☑️	☑️			^[^{documentation_basics}^][documentation_interface]
Contributor onboarding Documentation		☑️			^[^interact^]; ^[^contribution^][contribution_requirements]
Company Diversity (past 12 months)		☑️
Number of Contributors		☑️
Release Management		☑️			^[^{version_unique}^][^{version_semver}^][version_tags]^[^{release_notes}^][release_notes_vulns]
CI CD integration		☑️			^[^build^];[build_common_tools][build_floss_tools]
Adoption		☑️
Security Design Principals		☑️
Use Case/ Problem Statement
Problem that project solves	☑️			README.md	^[^{description_good}^]
Use Cases Scenarios	☑️			README.md
Infrastructure Tooling
Wiki	☑️
Repos	☑️				[repo_public]^[^repo_track^][^repo_interim^][^{repo_distributed}^]
Bug Tracking tool	☑️				[report_tracker]
Code review	☑️
CI/CD tooling	☑️				^[^build^];[build_common_tools][build_floss_tools]
Collaboration Tooling	☑️
Roadmap				Roadmap Guide
Near/long-term objectives	☑️
Milestones	☑️
Risks/Challenges	☑️
Timeline	☑️
Security Best Practices				Security Guidelines for New Projects
Security Contacts				SECURITY-CONTACTS.md	[know_secure_design][know_common_errors]
Code Scanning		☑️
Seed code handoff		☑️
Coding Standards		☑️	☑️		^[^warnings^][^{warnings_fixed}^][^{warnings_strict}^]
Security design principals		☑️	OSSF Scorecard; OSSF Best Practices
Vulnerability Reporting			☑️	SECURITY.md; incident-response.md	[release_notes_vulns]^[^{vulnerability_report_process}^][^{vulnerability_report_private}^][vulnerability_report_response]
Bug reporting					[report_process]^[^{report_tracker}^][^{report_responses}^][^{enhancement_responses}^][report_archive]
Demonstrate Security Awareness			☑️		all of this column.
Practice Secure Lifecycle Management (per release)			☑️		cryptographic practices; Secured delivery against man-in-the-middle (MITM) attacks; Publicly known vulnerabilities fixed; ^[^{no_leaked_credentials}^]
Security Documentation			☑️		[vulnerabilities_fixed_60_days] [vulnerabilities_critical_fixed]
CI/CD best practices			☑️
Secure project architecture			☑️		[sites_https]
Supply Chain Security			☑️	CNCF Supply Chain Security
SBOM creation	☑️	Automated Test Suite			☑️
Static Application Security Testing (SAST)			☑️		^[^{static_analysis}^][^{static_analysis_common_vulnerabilities}^][static_analysis_fixed][static_analysis_often]
Dynamic Application Security Testing (DAST)			☑️		[dynamic_analysis]^[^{dynamic_analysis_unsafe}^][dynamic_analysis_enable_assertions][dynamic_analysis_fixed]
Software Composition Analysis (SCA)			☑️
Container vulnerablitiy scanning			☑️
Code Coverage Testing			☑️		[test][test_invocation]^[^test_most^][test_continuous_integration]; [test_policy][tests_are_added][tests_documented_added]
Code Quality			☑️

Version	Old Version 6	New Version 7
Changes made by	Olaf Renner	Olaf Renner
Saved on	Sept 06, 2024	Sept 10, 2024

Versions Compared

Key