Core Tooling Compliance
- Initiative
- Back to Initiative
- Area
- Compliance
- Status
- In Progress (20%)
- Sponsors
-
- Ericsson
- Herrmann Ultraschall
- Funding
- Funding Complete
Goal
Implement Compliance Frameworks for core tooling
Impact
By establishing a robust compliance framework for core tooling used in projects like Erlang, Elixir, Gleam, and Hex, this milestone will drive the consistent adoption of industry-leading security and quality standards across the open source ecosystem. By integrating OpenSSF Best Practices Badge, Security Insights, and ScoreCard, developers can more easily identify, measure, and address critical security gaps, thus ensuring that each project aligns with recognized best practices. The addition of a statistics tool to track adoption further amplifies transparency, enabling real-time monitoring of improvements and facilitating continuous growth in community-wide security awareness. Ultimately, this milestone fosters a healthier and more resilient open source environment, elevating trust for developers and end-users alike.
Deliverables
- Projects:
- erlang
- elixir
- gleam
- hex
- Implement OpenSSF Best Practices Badge
- Implement OpenSSF Security Insights
- Implement Open Source Project Security Baseline
- Implement & improve score for OpenSSF ScoreCard
- Implement a statistics tool to track adoption in the ecosystem
- Certify to NIST SSDF