Merge pull request #12 from OpenPathfinder/feat/add-visionBoard-docs

docs/checks/MFAImpersonationDefense.mdx

@@ -13,22 +13,16 @@ This check is currently under development and not yet implemented. [Click here t
 :::
 <!-- BANNER:END -->
 
-## Use Case
-<!-- LEVELS:START -->
-- Incubating: expected
-- Active: expected
-- Retiring: expected
-<!-- LEVELS:END -->
-
 <!-- DESCRIPTION:START -->
 ## Description
-Use Multi Factor Authentication (MFA) Methods that Defend Against Impersonation when Available
+Use Multi Factor Authentication (MFA) methods that defend against impersonation when available
 <!-- DESCRIPTION:END -->
 
 <!-- DETAILS:START -->
 ## Details
+- Default Category: user authentication
+- Default Priority Group: P1
 - C-SCRM: true
-- Priority Group: P1
 - Mitre: [CWE-290](https://cwe.mitre.org/data/definitions/290.html)
 - Sources: [OpenSSF Best Practices Badge Gold Level [secure_2FA]](https://www.bestpractices.dev/en/criteria/2#2.secure_2FA)
 - How To: [Github Docs](https://docs.github.com/en/authentication/securing-your-account-with-two-factor-authentication-2fa)

docs/checks/PRsBeforeMerge.mdx

@@ -13,22 +13,16 @@ This check is currently under development and not yet implemented. [Click here t
 :::
 <!-- BANNER:END -->
 
-## Use Case
-<!-- LEVELS:START -->
-- Incubating: recommended
-- Active: recommended
-- Retiring: recommended
-<!-- LEVELS:END -->
-
 <!-- DESCRIPTION:START -->
 ## Description
-Require Pull Requests before Merging
+Require pull requests before merging
 <!-- DESCRIPTION:END -->
 
 <!-- DETAILS:START -->
 ## Details
+- Default Category: source control
+- Default Priority Group: R4
 - C-SCRM: true
-- Priority Group: R4
 - Mitre: [CWE-778](https://cwe.mitre.org/data/definitions/778.html)
 - Sources: [OpenSSF Scorecard](https://github.com/ossf/scorecard/blob/main/docs/checks.md#branch-protection)
 - How To: [Github Docs](https://docs.github.com/en/repositories/configuring-branches-and-merges-in-your-repository/managing-protected-branches/about-protected-branches#require-pull-request-reviews-before-merging)

docs/checks/SSHKeysRequired.mdx

@@ -13,22 +13,16 @@ This check is currently under development and not yet implemented. [Click here t
 :::
 <!-- BANNER:END -->
 
-## Use Case
-<!-- LEVELS:START -->
-- Incubating: expected
-- Active: expected
-- Retiring: expected
-<!-- LEVELS:END -->
-
 <!-- DESCRIPTION:START -->
 ## Description
 Use SSH keys for developer access to source code repositories and use a passphrase
 <!-- DESCRIPTION:END -->
 
 <!-- DETAILS:START -->
 ## Details
+- Default Category: user authentication
+- Default Priority Group: P3
 - C-SCRM: true
-- Priority Group: P3
 - Mitre: [CWE-309](https://cwe.mitre.org/data/definitions/309.html)
 - Sources: [CNCF SSCP v1.0 #192](https://github.com/cncf/tag-security/blob/main/supply-chain-security/supply-chain-security-paper/sscsp.md#use-ssh-keys-to-provide-developers-access-to-source-code-repositories)
 - How To: [Github Docs](https://docs.github.com/en/authentication/connecting-to-github-with-ssh/about-ssh)

docs/checks/activeAdminsSixMonths.mdx

@@ -13,22 +13,16 @@ This check is currently under development and not yet implemented. [Click here t
 :::
 <!-- BANNER:END -->
 
-## Use Case
-<!-- LEVELS:START -->
-- Incubating: recommended
-- Active: recommended
-- Retiring: n/a
-<!-- LEVELS:END -->
-
 <!-- DESCRIPTION:START -->
 ## Description
-Github Organization Admins Should Have Activity In The Last 6 Months
+Ensure GitHub organization admins have been active within the last 6 months
 <!-- DESCRIPTION:END -->
 
 <!-- DETAILS:START -->
 ## Details
+- Default Category: user account permissions
+- Default Priority Group: R3
 - C-SCRM: true
-- Priority Group: R3
 - Mitre: [M1026](https://attack.mitre.org/mitigations/M1026/)
 - Sources: [OpenSSF SCM Best Practices](https://best.openssf.org/SCM-BestPractices/github/member/stale_admin_found.html)
 

docs/checks/activeWritersSixMonths.mdx

@@ -13,22 +13,16 @@ This check is currently under development and not yet implemented. [Click here t
 :::
 <!-- BANNER:END -->
 
-## Use Case
-<!-- LEVELS:START -->
-- Incubating: recommended
-- Active: recommended
-- Retiring: n/a
-<!-- LEVELS:END -->
-
 <!-- DESCRIPTION:START -->
 ## Description
-Github Organization Members with Write Permissions Should Have Activity In The Last 6 Months
+Ensure GitHub organization members with write permissions have been active within the last 6 months
 <!-- DESCRIPTION:END -->
 
 <!-- DETAILS:START -->
 ## Details
+- Default Category: user account permissions
+- Default Priority Group: R3
 - C-SCRM: true
-- Priority Group: R3
 - Mitre: [M1026](https://attack.mitre.org/mitigations/M1026/)
 - Sources: [OpenSSF SCM Best Practices](https://best.openssf.org/SCM-BestPractices/github/member/stale_member_found.html)
 

docs/checks/adminRepoCreationOnly.mdx

@@ -13,22 +13,16 @@ This check is currently under development and not yet implemented. [Click here t
 :::
 <!-- BANNER:END -->
 
-## Use Case
-<!-- LEVELS:START -->
-- Incubating: expected
-- Active: expected
-- Retiring: expected
-<!-- LEVELS:END -->
-
 <!-- DESCRIPTION:START -->
 ## Description
-Only Admins Should Be Able To Create Public Repositories
+Only admins should be able to create public repositories
 <!-- DESCRIPTION:END -->
 
 <!-- DETAILS:START -->
 ## Details
+- Default Category: user account permissions
+- Default Priority Group: P4
 - C-SCRM: true
-- Priority Group: P4
 - Mitre: [CAPEC-122](https://capec.mitre.org/data/definitions/122.html)
 - Sources: [OpenSSF SCM Best Practices](https://best.openssf.org/SCM-BestPractices/github/organization/non_admins_can_create_public_repositories.html)
 - How To: [Github Docs](https://docs.github.com/en/organizations/managing-organization-settings/restricting-repository-creation-in-your-organization)

docs/checks/annualDependencyRefresh.mdx

@@ -13,22 +13,16 @@ This check is currently under development and not yet implemented. [Click here t
 :::
 <!-- BANNER:END -->
 
-## Use Case
-<!-- LEVELS:START -->
-- Incubating: expected
-- Active: expected
-- Retiring: n/a
-<!-- LEVELS:END -->
-
 <!-- DESCRIPTION:START -->
 ## Description
-A new release to refresh dependencies occurs at least annually
+Ensure dependencies are refreshed through a new release at least once annually
 <!-- DESCRIPTION:END -->
 
 <!-- DETAILS:START -->
 ## Details
+- Default Category: vulnerability management
+- Default Priority Group: P14
 - C-SCRM: true
-- Priority Group: P14
 - Sources: [OpenSSF Best Practices Badge Passing Level [maintained]](https://www.bestpractices.dev/en/criteria?details=true&rationale=true#0.maintained)
 
 <!-- DETAILS:END -->

docs/checks/assignCVEForKnownVulns.mdx

@@ -13,22 +13,16 @@ This check is currently under development and not yet implemented. [Click here t
 :::
 <!-- BANNER:END -->
 
-## Use Case
-<!-- LEVELS:START -->
-- Incubating: expected
-- Active: expected
-- Retiring: expected
-<!-- LEVELS:END -->
-
 <!-- DESCRIPTION:START -->
 ## Description
-All Known Security Vulnerabilities are Issued a CVE
+Ensure all known security vulnerabilities are issued a CVE
 <!-- DESCRIPTION:END -->
 
 <!-- DETAILS:START -->
 ## Details
+- Default Category: coordinated vulnerability disclosure
+- Default Priority Group: P7
 - C-SCRM: true
-- Priority Group: P7
 - Sources: [OpenSSF Best Practices Badge Passing Level [release_notes_vulns]](https://www.bestpractices.dev/en/criteria?details=true&rationale=true#0.release_notes_vulns)
 
 <!-- DETAILS:END -->

docs/checks/automateDependencyManagement.mdx

@@ -13,22 +13,16 @@ This check is currently under development and not yet implemented. [Click here t
 :::
 <!-- BANNER:END -->
 
-## Use Case
-<!-- LEVELS:START -->
-- Incubating: expected
-- Active: expected
-- Retiring: expected
-<!-- LEVELS:END -->
-
 <!-- DESCRIPTION:START -->
 ## Description
-Automated Process is Used to Monitor for and Maintain a List of Out of Date Dependencies
+Ensure an automated process is in place to monitor and maintain a list of outdated dependencies
 <!-- DESCRIPTION:END -->
 
 <!-- DETAILS:START -->
 ## Details
+- Default Category: dependency inventory
+- Default Priority Group: P14
 - C-SCRM: true
-- Priority Group: P14
 - Sources: [OWASP SCVS L1 5.7](https://scvs.owasp.org/scvs/v5-component-analysis/)
 - How To: [Socket.Dev](https://socket.dev/)
 

docs/checks/automateVulnDetection.mdx

@@ -13,22 +13,16 @@ This check is currently under development and not yet implemented. [Click here t
 :::
 <!-- BANNER:END -->
 
-## Use Case
-<!-- LEVELS:START -->
-- Incubating: expected
-- Active: expected
-- Retiring: expected
-<!-- LEVELS:END -->
-
 <!-- DESCRIPTION:START -->
 ## Description
-An automated process to identify dependencies with publicly disclosed vulnerabilities
+Implement an automated process to identify dependencies with publicly disclosed vulnerabilities
 <!-- DESCRIPTION:END -->
 
 <!-- DETAILS:START -->
 ## Details
+- Default Category: dependency management
+- Default Priority Group: P6
 - C-SCRM: true
-- Priority Group: P6
 - Mitre: [CWE-1395](https://cwe.mitre.org/data/definitions/1395.html)
 - Sources: [OWASP SCVS L1 5.4](https://scvs.owasp.org/scvs/v5-component-analysis/)
 - How To: [Github Docs](https://docs.github.com/en/code-security/dependabot/dependabot-security-updates/configuring-dependabot-security-updates#managing-dependabot-security-updates-for-your-repositories)

docs/checks/blockWorkflowPRApproval.mdx

@@ -13,22 +13,16 @@ This check is currently under development and not yet implemented. [Click here t
 :::
 <!-- BANNER:END -->
 
-## Use Case
-<!-- LEVELS:START -->
-- Incubating: expected
-- Active: expected
-- Retiring: expected
-<!-- LEVELS:END -->
-
 <!-- DESCRIPTION:START -->
 ## Description
-Workflows are not Allowed To Create or Approve Pull Requests
+Ensure workflows are not allowed to create or approve pull requests
 <!-- DESCRIPTION:END -->
 
 <!-- DETAILS:START -->
 ## Details
+- Default Category: github workflow permissions
+- Default Priority Group: P9
 - C-SCRM: true
-- Priority Group: P9
 - Mitre: [CWE-250](https://cwe.mitre.org/data/definitions/250.html)
 - Sources: [OpenSSF Scorecard](https://github.com/ossf/scorecard/blob/main/docs/checks.md#token-permissions)
 - How To: [Github Docs](https://docs.github.com/en/enterprise-cloud@latest/admin/policies/enforcing-policies-for-your-enterprise/enforcing-policies-for-github-actions-in-your-enterprise#preventing-github-actions-from-creating-or-approving-pull-requests)

docs/checks/ciAndCdPipelineAsCode.mdx

@@ -13,22 +13,16 @@ This check is currently under development and not yet implemented. [Click here t
 :::
 <!-- BANNER:END -->
 
-## Use Case
-<!-- LEVELS:START -->
-- Incubating: deferrable
-- Active: expected
-- Retiring: n/a
-<!-- LEVELS:END -->
-
 <!-- DESCRIPTION:START -->
 ## Description
-CI/CD steps should all be automated through a pipeline defined as code
+Ensure all CI/CD steps are automated through pipelines defined as code
 <!-- DESCRIPTION:END -->
 
 <!-- DETAILS:START -->
 ## Details
+- Default Category: source control
+- Default Priority Group: P12
 - C-SCRM: true
-- Priority Group: P12
 - Sources: [CNCF SSCP 1.0 #158](https://github.com/cncf/tag-security/blob/main/supply-chain-security/supply-chain-security-paper/sscsp.md#build-and-related-continuous-integrationcontinuous-delivery-steps-should-all-be-automated-through-a-pipeline-defined-as-code)
 - How To: [Github Docs](https://docs.github.com/en/actions/publishing-packages/publishing-nodejs-packages)
 

docs/checks/commitSignoffForWeb.mdx

@@ -13,22 +13,16 @@ This check is currently under development and not yet implemented. [Click here t
 :::
 <!-- BANNER:END -->
 
-## Use Case
-<!-- LEVELS:START -->
-- Incubating: recommended
-- Active: recommended
-- Retiring: recommended
-<!-- LEVELS:END -->
-
 <!-- DESCRIPTION:START -->
 ## Description
-Github Org Requires Commit Signoff for Web-Based Commits
+GitHub org requires commit sign-off for web-based commits
 <!-- DESCRIPTION:END -->
 
 <!-- DETAILS:START -->
 ## Details
+- Default Category: source control
+- Default Priority Group: R4
 - C-SCRM: true
-- Priority Group: R4
 - Sources: [CNCF SSCP 1.0 #325](https://github.com/cncf/tag-security/blob/main/supply-chain-security/supply-chain-security-paper/sscsp.md#require-signed-commits)
 - How To: [Github Docs](https://docs.github.com/en/organizations/managing-organization-settings/managing-the-commit-signoff-policy-for-your-organization#managing-compulsory-commit-signoffs-for-your-organization)
 

docs/checks/commitStatusChecks.mdx

@@ -13,22 +13,16 @@ This check is currently under development and not yet implemented. [Click here t
 :::
 <!-- BANNER:END -->
 
-## Use Case
-<!-- LEVELS:START -->
-- Incubating: expected
-- Active: expected
-- Retiring: n/a
-<!-- LEVELS:END -->
-
 <!-- DESCRIPTION:START -->
 ## Description
-All Required Commit Status Checks must pass before Merging
+Ensure all required commit status checks pass before merging
 <!-- DESCRIPTION:END -->
 
 <!-- DETAILS:START -->
 ## Details
+- Default Category: code quality
+- Default Priority Group: P6
 - C-SCRM: true
-- Priority Group: P6
 - Mitre: [CWE-358](https://cwe.mitre.org/data/definitions/358.html)
 - Sources: [OpenSSF Scorecard](https://github.com/ossf/scorecard/blob/main/docs/checks.md#branch-protection)
 - How To: [Github Docs](https://docs.github.com/en/repositories/configuring-branches-and-merges-in-your-repository/managing-protected-branches/about-protected-branches#require-status-checks-before-merging)

docs/checks/consistentBuildProcessDocs.mdx

@@ -13,22 +13,16 @@ This check is currently under development and not yet implemented. [Click here t
 :::
 <!-- BANNER:END -->
 
-## Use Case
-<!-- LEVELS:START -->
-- Incubating: expected
-- Active: expected
-- Retiring: n/a
-<!-- LEVELS:END -->
-
 <!-- DESCRIPTION:START -->
 ## Description
-Consistent and Automated Build Process is Documented and Used
+Ensure a consistent and automated build process is documented and followed
 <!-- DESCRIPTION:END -->
 
 <!-- DETAILS:START -->
 ## Details
+- Default Category: github workflows
+- Default Priority Group: P12
 - C-SCRM: true
-- Priority Group: P12
 - Mitre: [CWE-1068](https://cwe.mitre.org/data/definitions/1068.html)
 
 <!-- DETAILS:END -->