2.0.0

[UlisesGascon]

What's Changed

⚠️ BREAKING CHANGES ⚠️

In the version 1.x we extracted the data from the spreadsheet and convert it a json file to generate the details and the implementation groups. Currently, since 2.x we moved away from this and we directly use the compliance_checks table from the dashboard.

We keep the same approach of collecting the data as a json and then generate all the files dynamically. All the process now is done with a GitHub action:

Update the compliance checks

1. Go to Actions: Sync and update Compliance Checks and run the action manually from the main branch. how-to
2. This will generate a PR with the title [AUTO] Sync with dashboard database and it will assign it to you (direct access). Please review the content and merge it when you feel ready.

Notable Changes

Data Source migration
Removed legacy script that converted html data into json (entities extraction). This include jsdom dependency (65bb52f), the script itself (208f848) and the npm command npm run extract-standards (5b8044e)

• The population scripts populate-details (bec24b1) and populate-implementations (5703528) are now using the new data source (dashboard database dump)
• The detatils files now include more information, also some minor bugs were solved (5550e40)

Add Manual Annotations to Dynamic Content

Added the ability to combine dynamic content with manual annotations in the details (09d66e1) and implementations (8f37303) files.

Dynamic content is managed by the @ulisesgascon/text-tags-manager package, a core dependency of this project (016063b). Tags within these files are automatically updated or inserted whenever a new detail or implementation is added (49ba99c).

For example, the githubOrgMFA implementation has been updated to include manual annotations (revert b216d3c), restoring annotations that were previously removed (8460de4).

To support this change, the documentation has been updated (cc83c54) with clear instructions on working with dynamic content and tags. The updated section is as follows:

Improve the content via PR(s)

If you want to enhance any page, you can do so as you would in any other project (via a Pull Request, example). However, please note certain rules, as some parts of the files are dynamically generated, and your changes could be overwritten.

Rules

1. Metadata is added automatically. Manual additions or modifications to metadata are not allowed.
2. You can contribute any content to any file, but avoid making changes within the sections enclosed by specific tags, as these sections are dynamically >generated. For example:

   OK
   <!-- DESCRIPTION:START -->
   AVOID (AUTOMATED)
   <!-- DESCRIPTION:END -->
   OK
   

Other changes

• Add evaluation criteria for githubOrgMFA compliance check
• Improve documentation and update the content with all the changes

PRs

• Add evaluation criteria for githubOrgMFA by @UlisesGascon in Add evaluation criteria for githubOrgMFA #9
• Add pipeline to sync the checks from the dashboard db by @UlisesGascon in Add pipeline to sync the checks from the dashboard db #10
• [AUTO] Sync with dashboard database by @github-actions in [AUTO] Sync with dashboard database #12
• [AUTO] Sync with dashboard database by @github-actions in [AUTO] Sync with dashboard database #13
• Update instructions to update the compliance checks data by @UlisesGascon in Update instructions to update the compliance checks data #14
• Remove extract-standards script and dependencies by @UlisesGascon in Remove extract-standards script and dependencies #15
• Migrate scripts to new data source by @UlisesGascon in Migrate scripts to new data source #16
• Minor improvements by @UlisesGascon in Minor improvements #17
• Add Manual Annotations to Dynamic Content by @UlisesGascon in Add Manual Annotations to Dynamic Content #18

New Contributors

• @github-actions made their first contribution in [AUTO] Sync with dashboard database #12

Changelog

Full Changelog: 1.0.0...main

• d0e2711 Merge pull request Add Manual Annotations to Dynamic Content #18 from secure-dashboards/feat/add-support-for-tags by @UlisesGascon
• cc83c54 doc: explain the use of tags in the dynamic content by @UlisesGascon
• 8460de4 feat: recover manual annotations for githubOrgMFA by @UlisesGascon
• 8f37303 feat: add support to update implementations and keep manual additions by @UlisesGascon
• 09d66e1 feat: add support to update existing details and keep manual additions by @UlisesGascon
• bc826dc fix: clean implementations files from duplicated tags by @UlisesGascon
• 016063b feat: add dependency @ulisesgascon/[email protected] by @UlisesGascon
• 403e0a5 chore: update details by @UlisesGascon
• 9994fae chore: update implementations by @UlisesGascon
• 49ba99c chore: migrate to block renderization approach by @UlisesGascon
• ade8647 chore: update details by @UlisesGascon
• 7e53d8a chore: update implementations by @UlisesGascon
• 67ad181 fix: remove metadata and title tags by @UlisesGascon
• fee2b2c chore: update details by @UlisesGascon
• 06a16eb chore: update implementations by @UlisesGascon
• ec47ee6 feat: add support tags in implementations by @UlisesGascon
• 89ebe28 feat: add support tags in details by @UlisesGascon
• da96183 Merge pull request Minor improvements #17 from secure-dashboards/feat/improve-automation by @UlisesGascon
• 8187ece docs: update documentation with the new workflows by @UlisesGascon
• b938944 chore: remove legacy data sources that are not used anymore by @UlisesGascon
• 82c2c2a Merge pull request Migrate scripts to new data source #16 from secure-dashboards/feat/improve-automation by @UlisesGascon
• 5703528 feat: migrate populate-implementations script to the new data source by @UlisesGascon
• 5550e40 chore: update details by @UlisesGascon
• bec24b1 feat: migrate populate-details script to the new data source by @UlisesGascon
• 17fcf3f Merge pull request Remove extract-standards script and dependencies #15 from secure-dashboards/feat/improve-automation by @UlisesGascon
• 28303a7 Update instructions to update the compliance checks data (Update instructions to update the compliance checks data #14) by @UlisesGascon
• 5b8044e chore: remove legacy npm command by @UlisesGascon
• 208f848 chore: delete legacy script by @UlisesGascon
• 65bb52f chore: remove dependency jsdom by @UlisesGascon
• c6dd852 docs: update instructions to update the compliance checks data by @UlisesGascon
• 309abde chore: sync with dashboard database ([AUTO] Sync with dashboard database #13) by @41898282+github-actions[bot]@users.noreply.github.com
• f9e6ece fix: use script to pull the compliance checks from the table by @UlisesGascon
• b216d3c chore: sync with dashboard database ([AUTO] Sync with dashboard database #12) by @41898282+github-actions[bot]@users.noreply.github.com
• 38712b3 fix: typo in pipeline by @UlisesGascon
• a1f41c1 Merge pull request Add pipeline to sync the checks from the dashboard db #10 from secure-dashboards/feat/sync-checks by @UlisesGascon
• 4835577 feat: add pipeline to sync the checks from the dashboard db by @UlisesGascon
• b220e68 Merge pull request Add evaluation criteria for githubOrgMFA #9 from secure-dashboards/feat/improve-githubOrgMFA by @UlisesGascon
• c9845a3 docs: add evalution criteria for githubOrgMFA by @UlisesGascon

[netlify]

✅ Deploy Preview for openjs-security-program-standards ready!

Name	Link
🔨 Latest commit	7e17aea
🔍 Latest deploy log	https://app.netlify.com/sites/openjs-security-program-standards/deploys/6755f345c32a1d0008b273d7
😎 Deploy Preview	https://deploy-preview-19--openjs-security-program-standards.netlify.app
📱 Preview on mobile	Toggle QR Code... Use your smartphone camera to open QR code link.

---

To edit notification comments on pull requests, go to your Netlify site configuration.