Identify "manual" compliance checks and discuss them with Rudd

[UlisesGascon]

Feel free to use this query: https://github.com/search?q=repo%3AOpenPathfinder%2FvisionBoard+I+believe+that+this+can+be+part+of+the+questions+that+we+include+in+the+form

In general lines these are the ones that seems that we need to include in the form:

• Add Compliance check: owaspTop10Training OpenPathfinder/visionBoard#63
• Add Compliance check: softwareDesignTraining OpenPathfinder/visionBoard#52
• Add Compliance check: defineFunctionalRoles OpenPathfinder/visionBoard#77
• Add Compliance check: orgToolingMFA OpenPathfinder/visionBoard#65
• Add Compliance check: softwareArchitectureDocs OpenPathfinder/visionBoard#107
• Add Compliance check: MFAImpersonationDefense OpenPathfinder/visionBoard#66
• Add Compliance check: includeCVEInReleaseNotes OpenPathfinder/visionBoard#92
• Add Compliance check: assignCVEForKnownVulns OpenPathfinder/visionBoard#91
• Add Compliance check: incidentResponsePlan OpenPathfinder/visionBoard#90
• Add Compliance check: regressionTestsForVulns OpenPathfinder/visionBoard#93
• Add Compliance check: vulnResponse14Days OpenPathfinder/visionBoard#89
• Add Compliance check: useCVDToolForVulns OpenPathfinder/visionBoard#88
• Add Compliance check: securityMdMeetsOpenJSCVD OpenPathfinder/visionBoard#87
• Add Compliance check: consistentBuildProcessDocs OpenPathfinder/visionBoard#105
• Add Compliance check: machineReadableDependencies OpenPathfinder/visionBoard#110
• Add Compliance check: identifyModifiedDependencies OpenPathfinder/visionBoard#111
• Add Compliance check: ciAndCdPipelineAsCode OpenPathfinder/visionBoard#108

Next step

• @ruddermann to confirm if these can be added in the form

[UlisesGascon]

We can use bulk-import to process the data, see: OpenPathfinder/visionBoard#182

[ruddermann]

Hey @UlisesGascon these look like they are all manual. One I'm thinking of removing and there is one I wonder if it could be automated... but otherwise I feel good about this list.

• MANUAL Add Compliance check: owaspTop10Training OpenPathfinder/visionBoard#63
• MANUAL Add Compliance check: softwareDesignTraining OpenPathfinder/visionBoard#52
• MANUAL? Add Compliance check: defineFunctionalRoles OpenPathfinder/visionBoard#77
• DEPRECATE Add Compliance check: orgToolingMFA OpenPathfinder/visionBoard#65 (I think I'm going to remove this from the guidelines)
• MANUAL Add Compliance check: softwareArchitectureDocs OpenPathfinder/visionBoard#107
• MANUAL Add Compliance check: MFAImpersonationDefense OpenPathfinder/visionBoard#66
• MANUAL? Add Compliance check: includeCVEInReleaseNotes OpenPathfinder/visionBoard#92
• MANUAL? Add Compliance check: assignCVEForKnownVulns OpenPathfinder/visionBoard#91
• MANUAL Add Compliance check: incidentResponsePlan OpenPathfinder/visionBoard#90
• MANUAL Add Compliance check: regressionTestsForVulns OpenPathfinder/visionBoard#93
• MANUAL Add Compliance check: vulnResponse14Days OpenPathfinder/visionBoard#89
• AUTOMATABLE? Add Compliance check: useCVDToolForVulns OpenPathfinder/visionBoard#88
• MANUAL Add Compliance check: securityMdMeetsOpenJSCVD OpenPathfinder/visionBoard#87
• MANUAL Add Compliance check: consistentBuildProcessDocs OpenPathfinder/visionBoard#105
• MANUAL Add Compliance check: machineReadableDependencies OpenPathfinder/visionBoard#110
• MANUAL Add Compliance check: identifyModifiedDependencies OpenPathfinder/visionBoard#111
• MANUAL Add Compliance check: ciAndCdPipelineAsCode OpenPathfinder/visionBoard#108

[UlisesGascon]

The ones related to npm are manual too:

• Add Compliance check: npmOrgMFA OpenPathfinder/visionBoard#64
• Add Compliance check: npmPublicationMFA OpenPathfinder/visionBoard#72

[bjohansebas]

I think this one also has to be manual (OpenPathfinder/visionBoard#106)