Security and Compliance Category

[MarckK]

###Category request:

The CDF landscape should have a security and compliance category for projects such as OPA.

[MarckK]

@obowersa has noted the lack of a good category for tools such as white source, blackduck, etc.
#82

Note: WhiteSource is currently on the landscape un Library Management category. This may not be the best category for them.

[oleg-nenashev]

I would suggest adding "Dependency management" category that IMHO includes both dependency analysis (Whitesource & Co) and update automation (e.g. Dependabot, UpdateCLI)

[MarckK]

#175

[sbtaylor15]

Point to the OpenSSF landscape as a embedded landscape link. This will enable us to have the OpenSSF maintain the landscape for this category.

[MarckK]

From landscape wg meeting 12.11.21, we will keep current devsecops category on cdf landscape, as well as future linking to OpenSSF landscape.

PRs welcome to augment devsecops category

[MarckK]

Update, with the changes to Observability and Analysis category (see #203), the DevSecOps category will appear like this:

📣 The Security / DevSecOps category could use a good deal of augmentation.

✍️ Please add specific suggestions to this issue of additional projects / subcategories to add, etc