Security Badge

🛡️

Level 1 & 2 are official Badges in the openCode Software Catalogue

⚠️

Status: Level 3 Badge is in progress

The security badge indicates the security status of a repository. The badge is based on the following criteria:

Level 1: Basic Security Practices

Issue Reaction Time: The average reaction time to issues is less than 7 days for issues created within the last 3 months
Branch protection: The main branch is configured as protected, and force-pushes to the default branch are not allowed.
Security Policy: Checks for the existence of a SECURITY.md file in the root directory of the default branch.

Level 2: Advanced Security Practices

All criteria from level 1
Signed Tags: Checks if at least 80% of the tags in the last 6 months are signed.
Code-Review process in place: Checks if at least 75% of the merge requests in the last 6 months have been reviewed by a maintainer.

Level 3: Comprehensive Security Practices

All criteria from levels 1 and 2
Last releases without critical vulnerabilities: TBD
Vulnerability management - CVE Remediation time: TBD

Open Source Badge Overview