CIS GitHub Benchmark v1.0.0
Profile Applicability: Level 1 Description: The authority to certify or sign software artifacts must be strictly limited to a small, trusted group of autho...
Thu, 29 May, 2025 at 1:54 AM
Profile Applicability: Level 2 Description: Decryption capabilities for sensitive software artifacts must be restricted exclusively to authorized platforms...
Thu, 29 May, 2025 at 1:55 AM
Profile Applicability: Level 2 Description: All software artifacts, including binaries, libraries, packages, and container images, must be encrypted before...
Thu, 29 May, 2025 at 1:56 AM
Profile Applicability: Level 2 Description: All software artifacts produced by the build pipeline must be digitally signed automatically as part of the bui...
Thu, 29 May, 2025 at 1:57 AM
Profile Applicability: Level 1 Description: Implement automated processes to regularly scan and detect changes in the ownership or maintainership of packag...
Thu, 29 May, 2025 at 1:58 AM
Profile Applicability: Level 1 Description: Implement automated scanning tools to analyze packages for their license types and associated compliance requir...
Thu, 29 May, 2025 at 1:59 AM
Profile Applicability: Level 1 Description: All software packages integrated into the codebase or deployed through package registries must be automatically...
Thu, 29 May, 2025 at 3:41 AM
Profile Applicability: Level 1 Description: An organization-wide policy governing the use of software dependencies must be established and enforced. This p...
Wed, 21 May, 2025 at 7:53 AM
Profile Applicability: Level 2 Description: All software packages or dependencies integrated into projects must be at least 60 days old from their initial ...
Thu, 29 May, 2025 at 3:43 AM
Profile Applicability: Level 1 Description: All software dependencies must be explicitly pinned to specific, verified versions rather than using loose or f...
Thu, 29 May, 2025 at 3:55 AM