[DRAFT] governance: Draft Incubation application submission

governance/openssf_scorecard_incubation_stage.md

@@ -0,0 +1,82 @@
+# OpenSSF Scorecard — Incubation application
+
+## TODO
+
+- [ ] Determine if the project meets [Sandbox requirements](https://github.com/ossf/tac/blob/main/process/project-lifecycle.md#sandbox)
+
+## Project has met all Sandbox requirements
+
+- "link to sandbox PR if one exists"
+
+## List of project maintainers
+
+The project must have a minimum of three maintainers with a minimum of two different organizational affiliations.
+
+- Stephen Augustus, Cisco, [@justaugustus](https://github.com/justaugustus)
+- Raghav Kaul, Google, [@raghavkaul](https://github.com/raghavkaul)
+- Jeff Mendoza, Kusari, [@jeffmendoza](https://github.com/jeffmendoza)
+- Spencer Schrock, Google, [@spencerschrock](https://github.com/spencerschrock)
+- Laurent Simon, Independent, [@laurentsimon](https://github.com/laurentsimon)
+- Naveen Srinivasan, Independent, [@naveensrinivasan](https://github.com/naveensrinivasan)
+
+The current list of OpenSSF Scorecard maintainers can be found [here](https://github.com/ossf/scorecard/blob/main/MAINTAINERS.md).
+
+## Mission of the project
+
+The project must be aligned with the OpenSSF mission and either be a novel approach for existing areas, address an unfulfilled need, or be code needed to deliver OpenSSF WG work. It is preferred that extensions of existing OpenSSF projects collaborate with the existing project rather than seek a new project.
+
+The mission of OpenSSF Scorecard is to automate analysis on the security posture of open source projects.
+
+The current charter of the OpenSSF Scorecard project can be found [here](https://github.com/ossf/scorecard/blob/main/CHARTER.md).
+
+## Project adoption
+
+The project should be able to show adoption by multiple parties and the adoption's value to the open source community and/or end users (may include adoption of beta/early versions).
+
+- "description of adoption"
+
+## Governance
+
+Project must have met publicly at least 5 times in the last quarter since becoming Sandbox
+
+- Link to public meeting notes (or ideally recordings)
+
+Projects must have documented, initial project governance
+
+- "link to governance documents/Charter"
+
+Project must have defined Contributor Guide
+
+- "link to contributor guide"
+
+Project has attained an OpenSSF Best Practice Badge at "passing" level
+
+- "link to OpenSSF Badge"
+
+Project is integrated into the OpenSSF Scorecard
+
+- "link to Scorecard output"
+
+## IP policy and licensing due diligence
+
+When contributing an existing Project to the OpenSSF, the contribution must undergo license and IP due diligence by the Linux Foundation (LF). This step is only needed for the initial donation and only applicable here, if the project intends to join the OpenSSF Incubation stage.
+
+- "yes / no / not applicable. If yes, provide a link to the corresponding GitHub issue."
+
+## Project References
+
+The project should provide a list of existing resources with links to the repository, website, a roadmap, contributing guide, demos and walkthroughs, and any other material to showcase the existing breadth, maturity, and direction of the project.
+
+| Reference             | URL |
+|-----------------------|-----|
+| Repo                  |     |
+| Meeting Agenda        |     |
+| OSSF Calendar Entry   |     |
+| Website               |     |
+| Contributing guide    |     |
+| Security.md           |     |
+| Roadmap               |     |
+| Demos                 |     |
+| Best Practices Badge  |     |
+| Scorecard integration |     |
+| Other                 |     |