Control: 1.2.1 Ensure all public repositories contain a SECURITY.md file
Description
A SECURITY.md file is a security policy file that offers instruction on reporting security vulnerabilities in a project. When someone creates an issue within a specific project, a link to the SECURITY.md file will subsequently be shown.
Rationale
A SECURITY.md file provides users with crucial security information. It can also serve an important role in project maintenance, encouraging users to think ahead about how to properly handle potential security issues, updates, and general security practices.
Audit
For each repository in use, verify that it has a SECURITY.md file in the documents or root directory of the repository.
Remediation
For each repository in use, create a SECURITY.md file and save it in the documents or root directory of the repository.
Usage
Run the control in your terminal:
powerpipe control run github_compliance.control.cis_supply_chain_v100_1_2_1Snapshot and share results via Turbot Pipes:
powerpipe loginpowerpipe control run github_compliance.control.cis_supply_chain_v100_1_2_1 --shareSQL
This control uses a named query:
public_repo_has_security_md_file