Skip to content

v1.0.0 — Secure-by-Default Starter

Latest
Latest

Choose a tag to compare

View all tags
@karlllewis karlllewis released this 19 Aug 04:02
· 2 commits to main since this release
v1.0.0
01b0044
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode.

v1.0.0 — Secure-by-Default Starter

Highlights

  • Pre-commit Gitleaks guardrails (secrets never leave laptops)
  • CI Trivy vuln + IaC scanning with HIGH/CRITICAL gate
  • SPDX SBOM artifact each run (sbom.spdx.json)
  • OpenSSF Scorecard workflow and badge
  • Learn by Contrast examples (secure vs insecure via demo tags)
  • Compliance mapping and Trust page

Docs & DX

  • Makefile for local parity (make scan, make sbom)
  • SECURITY.md, CONTRIBUTING.md, CODE_OF_CONDUCT.md
  • PR template, Issue form for Security Exception

Notes

  • Bad examples live on permanent demo tags to keep main green.
  • Future: Kyverno policies, Cosign/SLSA attestations, richer IaC demos.
Assets 2
Loading