Enterprise Readiness Assessment

When to Use

• Production/enterprise readiness evaluations
• Supply chain security: SLSA provenance, cosign signing, SBOMs
• CI/CD hardening, workflow permissions
• OpenSSF Best Practices (Passing/Silver/Gold), OSPS Baseline (L1/2/3)
• Scorecard optimization (Token-Permissions, Branch-Protection, Pinned-Deps)
• Code review, ADRs, changelogs, SECURITY.md

Assessment Workflow

1. Discovery: Identify platform, languages, existing CI/CD, dependabot.yml
2. Scoring: Apply checklists; check Scorecard, badge criteria, coverage
3. Gap Analysis: List missing controls by severity
4. Implementation: Apply fixes (SHA-pin actions, harden permissions, add workflows)
5. Verification: Re-score and compare