docs: prepare OpenSSF Silver readiness evidence#200
Conversation
Dependency Review✅ No vulnerabilities or license issues or OpenSSF Scorecard issues found.Scanned FilesNone |
m-khan-97
left a comment
There was a problem hiding this comment.
Reviewed. Verified the thing I most wanted to check on an OpenSSF-evidence PR: no broken links. Every file the README newly points to (GOVERNANCE.md, MAINTAINERS.md, ROADMAP.md, SUPPORT.md, SECURITY_ACKNOWLEDGEMENTS.md, and the six new docs/*.md) is created within this same PR — I cross-checked the file list against the referenced paths and dev. Self-contained. SECURITY.md's supported-version bump to 0.3.x matches the actual v0.3.0 release. CI is green including backend-tests at the raised gate.
A few things worth surfacing before merge, none blocking:
-
The coverage gate jump (25 → 80) is a real policy change riding in a "docs/evidence" PR. It passes here, which proves coverage genuinely clears 80% on this branch — good. But once this lands on
dev, the other open PRs (#197, #198, #208, #210) were all validated at 25% and will be re-gated at 80% on their next run. The rule PRs add lots of tests so they're likely fine; just flagging the coordination so a small future PR (e.g. a 5-line fix with no test) doesn't get surprise-blocked. Worth a conscious "yes, we're committing to 80%" from the maintainers rather than it slipping in via docs. -
Rule count "51" will be stale immediately. #197 (+6) and #198 (+15) are in flight; the moment they merge the real count is 72, not 51. Not your bug — it's the perennial count-churn the ROADMAP itself calls out — but maybe hold the count update until the rule PRs settle, or expect a quick follow-up.
-
docs/accessibility-and-i18n.mdanddocs/release-security.mdare also created by #206 and #207 respectively. Whichever merges second will conflict. Worth coordinating ordering with TFT444. -
Mild scope note: this also touches four frontend files (Header/AILayer/DetailedScan/ChatPanel) and package.json — looks like the eslint-warning cleanups — slightly beyond "OpenSSF docs," but frontend CI passes so no concern.
Approving — the substance is solid and self-consistent. Just make items 1 and 3 conscious decisions rather than accidents.
|
Approved. |
Summary
Builds the repository-controlled foundation for OpenSSF Best Practices Silver issue #199 without claiming criteria that require owner or operational confirmation.
Governance and public evidence
Technical readiness
Owner actions deliberately not claimed
The following remain open for the project lead:
Validation
--cov-fail-under=80)git diff --checkpassesAdvances #199