The Open Source Security Foundation (OpenSSF) has created a Project Security Baseline to ensure secure development practices for open source projects.
The baseline provides a set of requirements for developers to enforce secure development practices, depending on the number of contributors and maintainers.
OpenSSF has also created a compliance crosswalk to map the baseline to various regulatory regimes and frameworks, enabling developers to demonstrate due diligence.
The baseline maturity model defines different levels of requirements for access control, build and release, documentation, governance, quality, security assessment, and vulnerability.