Backlog: Adopt Security Best Practices

**Hey team!** 👋  

As discussed recently, here’s a coordinated effort to **adopt security best practices** 🔐 

### ✅ Current PRs  

- [ ] Add a Threat Model: https://github.com/lodash/lodash/pull/6026
- [ ] Include CNA Escalation in the `SECURITY.md`: https://github.com/lodash/lodash/pull/6025
- [ ] Add Incident Response Plan (IRP): https://github.com/lodash/lodash/pull/6028
- [ ] Configure Dependabot: https://github.com/lodash/lodash/pull/6029
- [ ] Proactively report the OSSF Scorecard results: https://github.com/lodash/lodash/pull/6030
- [ ] Add Dependency Review tool: https://github.com/lodash/lodash/pull/6031
- [ ] Enable CodeQL: https://github.com/lodash/lodash/pull/6032



### 💬 Open Questions  

- [ ] In the IRP is included a reference to the Security Triage Team. I will start to work on a proposal to define that team responsibilities and resources (slack channel, private repo...) as described in the IRP proposal (https://github.com/lodash/lodash/pull/6028).

### 🔖 Important

Let’s use this thread to **discuss general Security Best Practices topics**, and keep **implementation details within each PR** for better tracking and organization.  


Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Backlog: Adopt Security Best Practices #6027

✅ Current PRs

💬 Open Questions

🔖 Important

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Backlog: Adopt Security Best Practices #6027

Description

✅ Current PRs

💬 Open Questions

🔖 Important

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions