Metadata need by Ortelius

[sbtaylor15]

Attribute	Implmented?
Security Insights Verified
Open Source Project (Y/N)
Open Source Foundation (CNCF, Apache, CDF)
License File
Readme File
OWNERS File
MAINTAINERS File
SECURITY File
Governance Doc
Contributor Doc
Code of Conduct
CLA Required
CLA URL
OpenAPI/Swagger
Repository Access Definitions as Code
Project Contact
Project Website
Project Issue Tracking
Project Documentation
Security Contact
Harassment Reporting Contac
Git Repo 2FA
SCM Repo Type
SCM Repo Url
CodeQL
Dependency Tool (Dependabot, Renovate)
Build SBOM Generation
Post Build SBOM Generation
SBOM File
SBOM Signing
SBOM Signing Method
SBOM Signing Public Key
SBOM Signing Valid
Artifact Publishing Location (PURL)
Artifact Mirrors
Artifact Signing
Artifact Signing Method
Artifact Signing Public Key
Artifact Signing Valid
Provenance
Attestation
SonarQube
VeraCode
Linting (Mega/Super Linters)
SAST
DAST
OpenSSF Scorecard

[luigigubello]

Attribute	Implmented?
Security Insights Verified
Open Source Project (Y/N)	N
Open Source Foundation (CNCF, Apache, CDF)	N
License File	Y
Readme File	N
OWNERS File	No. But you can use core-team.
MAINTAINERS File	No. But you can use core-team.
SECURITY File	Y
Governance Doc	N
Contributor Doc	Y
Code of Conduct	Y
CLA Required	N
CLA URL	N
OpenAPI/Swagger	You can use documentation.
Repository Access Definitions as Code	N (?)
Project Contact	Y
Project Website	Youn can use project-url.
Project Issue Tracking	N (good idea).
Project Documentation	Y
Security Contact	Y
Harassment Reporting Contac	N
Git Repo 2FA	N
SCM Repo Type	N
SCM Repo Url	N
CodeQL	You can use security-testing.
Dependency Tool (Dependabot, Renovate)	You can use security-testing.
Build SBOM Generation
Post Build SBOM Generation
SBOM File	Y
SBOM Signing
SBOM Signing Method
SBOM Signing Public Key
SBOM Signing Valid
Artifact Publishing Location (PURL)	Y
Artifact Mirrors	You can use distribution-points.
Artifact Signing
Artifact Signing Method
Artifact Signing Public Key
Artifact Signing Valid
Provenance
Attestation
SonarQube	You can use security-testing.
VeraCode	You can use security-testing.
Linting (Mega/Super Linters)	You can use security-testing.
SAST	You can use security-testing.
DAST	You can use security-testing.
OpenSSF Scorecard	You can use security-testing.