Provide Machine-Readable Dependency Lists

Description

Ensure a machine-readable list of all direct and transitive dependencies is available for the software

Dashboard Inclusion

We use the column has_machineReadableDependencies_policy from the table projects to calculate the status, this column is populated using the bulk importer. More information

Details

Default Category: dependency inventory
Default Priority Group: P14
Implementation Details: It is manual (details).
C-SCRM: true
Sources: OWASP SCVS L1 1.3
Sources: OpenSSF Best Practices Badge Silver Level (external_dependencies)
How To: Github Docs

Description​

Dashboard Inclusion​

Details​

Description

Dashboard Inclusion

Details