Description

The OSSF Silver badge requires projects to have a documented security assurance case that justifies why the software is secure. This typically includes a threat model.

OSSF Criterion: assurance_case (MUST)
Reference: https://www.bestpractices.dev/en/projects/11532?criteria_level=1#assurance_case

Current Gap

Proposed Deliverable

Create docs/security/threat-model.md with threat model and security assurance case.

Document Structure

1. Project Security Context

• Project purpose and scope
• Trust boundaries
• Assets to protect

2. Threat Model

• Threat actors and their capabilities
• Attack surfaces
• STRIDE or similar threat categorization

3. Security Controls

• Existing security measures
• How each threat is mitigated
• Defense in depth approach

4. Assurance Argument

• Why the project is secure given its design
• Assumptions and limitations
• Ongoing security practices

Acceptance Criteria

• Create docs/security/ directory if not exists
• Create docs/security/threat-model.md
• Document project trust boundaries
• Identify and categorize potential threats
• Map existing controls to threats:
  • Dependency scanning (Dependabot, dependency-review)
  • SAST (CodeQL)
  • Pinned action SHA versions
  • Branch protection
• Provide assurance argument for project security posture
• Link threat model from SECURITY.md
• Update OSSF badge form to mark assurance_case as Met

Additional Context

• OSSF Badge Project: https://www.bestpractices.dev/en/projects/11532
• See SECURITY.md for existing security documentation
• Threat modeling reference: https://owasp.org/www-community/Threat_Modeling
• This project primarily processes local files and produces guidance artifacts - attack surface is limited