fix: add additional validation for description

related OpenPathfinder/visionBoard#159

docs/checks/MFAImpersonationDefense.mdx

@@ -14,6 +14,7 @@ slug: /checks/MFAImpersonationDefense
 
 <!-- DESCRIPTION:START -->
 ## Description
+Use Multi Factor Authentication (MFA) Methods that Defend Against Impersonation when Available
 <!-- DESCRIPTION:END -->
 
 <!-- DETAILS:START -->

docs/checks/PRsBeforeMerge.mdx

@@ -14,6 +14,7 @@ slug: /checks/PRsBeforeMerge
 
 <!-- DESCRIPTION:START -->
 ## Description
+Require Pull Requests before Merging
 <!-- DESCRIPTION:END -->
 
 <!-- DETAILS:START -->

docs/checks/SSHKeysRequired.mdx

@@ -14,6 +14,7 @@ slug: /checks/SSHKeysRequired
 
 <!-- DESCRIPTION:START -->
 ## Description
+Use SSH keys for developer access to source code repositories and use a passphrase
 <!-- DESCRIPTION:END -->
 
 <!-- DETAILS:START -->

docs/checks/activeAdminsSixMonths.mdx

@@ -14,6 +14,7 @@ slug: /checks/activeAdminsSixMonths
 
 <!-- DESCRIPTION:START -->
 ## Description
+Github Organization Admins Should Have Activity In The Last 6 Months
 <!-- DESCRIPTION:END -->
 
 <!-- DETAILS:START -->

docs/checks/activeWritersSixMonths.mdx

@@ -14,6 +14,7 @@ slug: /checks/activeWritersSixMonths
 
 <!-- DESCRIPTION:START -->
 ## Description
+Github Organization Members with Write Permissions Should Have Activity In The Last 6 Months
 <!-- DESCRIPTION:END -->
 
 <!-- DETAILS:START -->

docs/checks/adminRepoCreationOnly.mdx

@@ -14,6 +14,7 @@ slug: /checks/adminRepoCreationOnly
 
 <!-- DESCRIPTION:START -->
 ## Description
+Only Admins Should Be Able To Create Public Repositories
 <!-- DESCRIPTION:END -->
 
 <!-- DETAILS:START -->

docs/checks/annualDependencyRefresh.mdx

@@ -14,6 +14,7 @@ slug: /checks/annualDependencyRefresh
 
 <!-- DESCRIPTION:START -->
 ## Description
+A new release to refresh dependencies occurs at least annually
 <!-- DESCRIPTION:END -->
 
 <!-- DETAILS:START -->

docs/checks/assignCVEForKnownVulns.mdx

@@ -14,6 +14,7 @@ slug: /checks/assignCVEForKnownVulns
 
 <!-- DESCRIPTION:START -->
 ## Description
+All Known Security Vulnerabilities are Issued a CVE
 <!-- DESCRIPTION:END -->
 
 <!-- DETAILS:START -->

docs/checks/automateDependencyManagement.mdx

@@ -14,6 +14,7 @@ slug: /checks/automateDependencyManagement
 
 <!-- DESCRIPTION:START -->
 ## Description
+Automated Process is Used to Monitor for and Maintain a List of Out of Date Dependencies
 <!-- DESCRIPTION:END -->
 
 <!-- DETAILS:START -->

docs/checks/automateVulnDetection.mdx

@@ -14,6 +14,7 @@ slug: /checks/automateVulnDetection
 
 <!-- DESCRIPTION:START -->
 ## Description
+An automated process to identify dependencies with publicly disclosed vulnerabilities
 <!-- DESCRIPTION:END -->
 
 <!-- DETAILS:START -->

docs/checks/blockWorkflowPRApproval.mdx

@@ -14,6 +14,7 @@ slug: /checks/blockWorkflowPRApproval
 
 <!-- DESCRIPTION:START -->
 ## Description
+Workflows are not Allowed To Create or Approve Pull Requests
 <!-- DESCRIPTION:END -->
 
 <!-- DETAILS:START -->

docs/checks/ciAndCdPipelineAsCode.mdx

@@ -14,6 +14,7 @@ slug: /checks/ciAndCdPipelineAsCode
 
 <!-- DESCRIPTION:START -->
 ## Description
+CI/CD steps should all be automated through a pipeline defined as code
 <!-- DESCRIPTION:END -->
 
 <!-- DETAILS:START -->

docs/checks/commitSignoffForWeb.mdx

@@ -14,6 +14,7 @@ slug: /checks/commitSignoffForWeb
 
 <!-- DESCRIPTION:START -->
 ## Description
+Github Org Requires Commit Signoff for Web-Based Commits
 <!-- DESCRIPTION:END -->
 
 <!-- DETAILS:START -->

docs/checks/commitStatusChecks.mdx

@@ -14,6 +14,7 @@ slug: /checks/commitStatusChecks
 
 <!-- DESCRIPTION:START -->
 ## Description
+All Required Commit Status Checks must pass before Merging
 <!-- DESCRIPTION:END -->
 
 <!-- DETAILS:START -->

docs/checks/consistentBuildProcessDocs.mdx

@@ -14,6 +14,7 @@ slug: /checks/consistentBuildProcessDocs
 
 <!-- DESCRIPTION:START -->
 ## Description
+Consistent and Automated Build Process is Documented and Used
 <!-- DESCRIPTION:END -->
 
 <!-- DETAILS:START -->

docs/checks/defaultTokenPermissionsReadOnly.mdx

@@ -14,6 +14,7 @@ slug: /checks/defaultTokenPermissionsReadOnly
 
 <!-- DESCRIPTION:START -->
 ## Description
+Github Org Default Workflow Token Permissions are Set to Read Only
 <!-- DESCRIPTION:END -->
 
 <!-- DETAILS:START -->

docs/checks/defineFunctionalRoles.mdx

@@ -14,6 +14,7 @@ slug: /checks/defineFunctionalRoles
 
 <!-- DESCRIPTION:START -->
 ## Description
+Define roles aligned to functional responsibilities
 <!-- DESCRIPTION:END -->
 
 <!-- DETAILS:START -->

docs/checks/forkWorkflowApproval.mdx

@@ -14,6 +14,7 @@ slug: /checks/forkWorkflowApproval
 
 <!-- DESCRIPTION:START -->
 ## Description
+Limit changes from forks to workflows by requiring approval for all outside collaborators
 <!-- DESCRIPTION:END -->
 
 <!-- DETAILS:START -->

docs/checks/githubOrgMFA.mdx

@@ -14,6 +14,7 @@ slug: /checks/githubOrgMFA
 
 <!-- DESCRIPTION:START -->
 ## Description
+Multi Factor Authentication (MFA) Enforced Across the Github Organization
 <!-- DESCRIPTION:END -->
 
 ## Dashboard Inclusion

docs/checks/githubWebhookSecrets.mdx

@@ -14,6 +14,7 @@ slug: /checks/githubWebhookSecrets
 
 <!-- DESCRIPTION:START -->
 ## Description
+Github Webhooks Use Secrets
 <!-- DESCRIPTION:END -->
 
 <!-- DETAILS:START -->

docs/checks/githubWriteAccessRoles.mdx

@@ -14,6 +14,7 @@ slug: /checks/githubWriteAccessRoles
 
 <!-- DESCRIPTION:START -->
 ## Description
+Define Individuals/Teams who Write Access to a Github Repo
 <!-- DESCRIPTION:END -->
 
 <!-- DETAILS:START -->

docs/checks/identifyModifiedDependencies.mdx

@@ -14,6 +14,7 @@ slug: /checks/identifyModifiedDependencies
 
 <!-- DESCRIPTION:START -->
 ## Description
+Modified dependencies are uniquely identified and distinct from origin dependency
 <!-- DESCRIPTION:END -->
 
 <!-- DETAILS:START -->

docs/checks/incidentResponsePlan.mdx

@@ -14,6 +14,7 @@ slug: /checks/incidentResponsePlan
 
 <!-- DESCRIPTION:START -->
 ## Description
+Establish a Clear Communication and Incident Response Plan
 <!-- DESCRIPTION:END -->
 
 <!-- DETAILS:START -->

docs/checks/includeCVEInReleaseNotes.mdx

@@ -14,6 +14,7 @@ slug: /checks/includeCVEInReleaseNotes
 
 <!-- DESCRIPTION:START -->
 ## Description
+Release Notes must Include the CVE ID of Patched Security Vulnerabilities
 <!-- DESCRIPTION:END -->
 
 <!-- DETAILS:START -->

docs/checks/includePackageLock.mdx

@@ -14,6 +14,7 @@ slug: /checks/includePackageLock
 
 <!-- DESCRIPTION:START -->
 ## Description
+[Freestanding Applications Only] Commit a package-lock.json file with each release
 <!-- DESCRIPTION:END -->
 
 <!-- DETAILS:START -->

docs/checks/injectedSecretsAtRuntime.mdx

@@ -14,6 +14,7 @@ slug: /checks/injectedSecretsAtRuntime
 
 <!-- DESCRIPTION:START -->
 ## Description
+Secrets are injected at runtime, such as environment variables or as a file (eg: use Github Secrets)
 <!-- DESCRIPTION:END -->
 
 <!-- DETAILS:START -->

docs/checks/limitOrgOwners.mdx

@@ -14,6 +14,7 @@ slug: /checks/limitOrgOwners
 
 <!-- DESCRIPTION:START -->
 ## Description
+Limit Number of Github Org Owners (ideally Fewer Than Three)
 <!-- DESCRIPTION:END -->
 
 <!-- DETAILS:START -->

docs/checks/limitRepoAdmins.mdx

@@ -14,6 +14,7 @@ slug: /checks/limitRepoAdmins
 
 <!-- DESCRIPTION:START -->
 ## Description
+Limit Number of Github Repository Admins (ideally Fewer Than Three)
 <!-- DESCRIPTION:END -->
 
 <!-- DETAILS:START -->

docs/checks/limitWorkflowWritePermissions.mdx

@@ -14,6 +14,7 @@ slug: /checks/limitWorkflowWritePermissions
 
 <!-- DESCRIPTION:START -->
 ## Description
+Only Allow Workflows Write Permissions at the Job-Level
 <!-- DESCRIPTION:END -->
 
 <!-- DETAILS:START -->

docs/checks/machineReadableDependencies.mdx

@@ -14,6 +14,7 @@ slug: /checks/machineReadableDependencies
 
 <!-- DESCRIPTION:START -->
 ## Description
+[Freestanding Applications Only] A Machine Readable List of all Direct and Transitive Dependencies is Available for the Software
 <!-- DESCRIPTION:END -->
 
 <!-- DETAILS:START -->

docs/checks/noArbitraryCodeInPipeline.mdx

@@ -14,6 +14,7 @@ slug: /checks/noArbitraryCodeInPipeline
 
 <!-- DESCRIPTION:START -->
 ## Description
+Build Pipeline Cannot Execute Arbitrary Code from Outside of a Build Script
 <!-- DESCRIPTION:END -->
 
 <!-- DETAILS:START -->

docs/checks/noForcePushDefaultBranch.mdx

@@ -14,6 +14,7 @@ slug: /checks/noForcePushDefaultBranch
 
 <!-- DESCRIPTION:START -->
 ## Description
+Prevent Force Push on Default Branch
 <!-- DESCRIPTION:END -->
 
 <!-- DETAILS:START -->

docs/checks/noSelfHostedRunners.mdx

@@ -14,6 +14,7 @@ slug: /checks/noSelfHostedRunners
 
 <!-- DESCRIPTION:START -->
 ## Description
+Disable use of Self-Hosted Runners in Github Org
 <!-- DESCRIPTION:END -->
 
 <!-- DETAILS:START -->

docs/checks/noSensitiveInfoInRepositories.mdx

@@ -14,6 +14,7 @@ slug: /checks/noSensitiveInfoInRepositories
 
 <!-- DESCRIPTION:START -->
 ## Description
+No Secrets and Credentials in Source Code
 <!-- DESCRIPTION:END -->
 
 <!-- DETAILS:START -->

docs/checks/npmOrgMFA.mdx

@@ -14,6 +14,7 @@ slug: /checks/npmOrgMFA
 
 <!-- DESCRIPTION:START -->
 ## Description
+Multi Factor Authentication (MFA) Enforced Across the npm Organization
 <!-- DESCRIPTION:END -->
 
 <!-- DETAILS:START -->

docs/checks/npmPublicationMFA.mdx

@@ -14,6 +14,7 @@ slug: /checks/npmPublicationMFA
 
 <!-- DESCRIPTION:START -->
 ## Description
+Publish to npm using an MFA-enabled account rather than single factor legacy or granular access tokens
 <!-- DESCRIPTION:END -->
 
 <!-- DETAILS:START -->

docs/checks/orgToolingMFA.mdx

@@ -14,6 +14,7 @@ slug: /checks/orgToolingMFA
 
 <!-- DESCRIPTION:START -->
 ## Description
+Multi Factor Authentication (MFA) Enforced in All Tools Wherever Techncially Feasible
 <!-- DESCRIPTION:END -->
 
 <!-- DETAILS:START -->

docs/checks/owaspTop10Training.mdx

@@ -14,6 +14,7 @@ slug: /checks/owaspTop10Training
 
 <!-- DESCRIPTION:START -->
 ## Description
+At least One Primary Maintainer has taken TBD Training on OWASP Top 10 or Equivalent
 <!-- DESCRIPTION:END -->
 
 <!-- DETAILS:START -->

docs/checks/patchCriticalVulns30Days.mdx

@@ -14,6 +14,7 @@ slug: /checks/patchCriticalVulns30Days
 
 <!-- DESCRIPTION:START -->
 ## Description
+Actively Exploited Critical Vulnerabilities Patched within 30 Days
 <!-- DESCRIPTION:END -->
 
 <!-- DETAILS:START -->

docs/checks/patchExploitableHighVulns14Days.mdx

@@ -14,6 +14,7 @@ slug: /checks/patchExploitableHighVulns14Days
 
 <!-- DESCRIPTION:START -->
 ## Description
+Actively Exploited Critical and High Vulnerabilities Patched within 14 Days
 <!-- DESCRIPTION:END -->
 
 <!-- DETAILS:START -->

docs/checks/patchExploitableNoncCriticalVulns60Days.mdx

@@ -14,6 +14,7 @@ slug: /checks/patchExploitableNoncCriticalVulns60Days
 
 <!-- DESCRIPTION:START -->
 ## Description
+Non-Critical Expoitable Vulnerabilities Patched within 60 Days
 <!-- DESCRIPTION:END -->
 
 <!-- DETAILS:START -->

docs/checks/patchNonCriticalVulns90Days.mdx

@@ -14,6 +14,7 @@ slug: /checks/patchNonCriticalVulns90Days
 
 <!-- DESCRIPTION:START -->
 ## Description
+Non-Critical Exploitable Vulnerabilities Patched within 90 Days
 <!-- DESCRIPTION:END -->
 
 <!-- DETAILS:START -->

docs/checks/pinActionsToSHA.mdx

@@ -14,6 +14,7 @@ slug: /checks/pinActionsToSHA
 
 <!-- DESCRIPTION:START -->
 ## Description
+Pin Actions with Access to Secrets to a Full Length Commit SHA
 <!-- DESCRIPTION:END -->
 
 <!-- DETAILS:START -->

docs/checks/preventBranchProtectionBypass.mdx

@@ -14,6 +14,7 @@ slug: /checks/preventBranchProtectionBypass
 
 <!-- DESCRIPTION:START -->
 ## Description
+[For Projects with Two or more Admins] Do not allow Admins to Bypass Branch Protection Settings
 <!-- DESCRIPTION:END -->
 
 <!-- DETAILS:START -->

docs/checks/preventDeletionDefaultBranch.mdx

@@ -14,6 +14,7 @@ slug: /checks/preventDeletionDefaultBranch
 
 <!-- DESCRIPTION:START -->
 ## Description
+Prevent Default Branch Deletion
 <!-- DESCRIPTION:END -->
 
 <!-- DETAILS:START -->

docs/checks/preventLandingSensitiveCommits.mdx

@@ -14,6 +14,7 @@ slug: /checks/preventLandingSensitiveCommits
 
 <!-- DESCRIPTION:START -->
 ## Description
+New Commits Containing Secrets or Credentials are Blocked from Merging
 <!-- DESCRIPTION:END -->
 
 <!-- DETAILS:START -->

docs/checks/preventScriptInjection.mdx

@@ -14,6 +14,7 @@ slug: /checks/preventScriptInjection
 
 <!-- DESCRIPTION:START -->
 ## Description
+Avoid Script Injection from Untrusted Context Variables
 <!-- DESCRIPTION:END -->
 
 <!-- DETAILS:START -->

docs/checks/regressionTestsForVulns.mdx

@@ -14,6 +14,7 @@ slug: /checks/regressionTestsForVulns
 
 <!-- DESCRIPTION:START -->
 ## Description
+Regression Tests for => 50% of Bugs and 100% of Security Vulns
 <!-- DESCRIPTION:END -->
 
 <!-- DETAILS:START -->

docs/checks/requireCodeOwnersReviewForLargeTeams.mdx

@@ -14,6 +14,7 @@ slug: /checks/requireCodeOwnersReviewForLargeTeams
 
 <!-- DESCRIPTION:START -->
 ## Description
+[For Projects with Four or more Maintainers] Require Code Owners Review
 <!-- DESCRIPTION:END -->
 
 <!-- DETAILS:START -->

docs/checks/requirePRApprovalForMainline.mdx

@@ -14,6 +14,7 @@ slug: /checks/requirePRApprovalForMainline
 
 <!-- DESCRIPTION:START -->
 ## Description
+[For Projects with Two or more Maintainers] Require Approved PRs for all commits to mainline branches
 <!-- DESCRIPTION:END -->
 
 <!-- DETAILS:START -->