From 89ebe2817596df809c8701f56d100d845dc51988 Mon Sep 17 00:00:00 2001
From: Ulises Gascon <ulisesgascongonzalez@gmail.com>
Date: Sun, 8 Dec 2024 02:49:22 +0100
Subject: [PATCH 01/16] feat: add support tags in details

---
 scripts/populate-details.js | 13 +++++++++++--
 1 file changed, 11 insertions(+), 2 deletions(-)

diff --git a/scripts/populate-details.js b/scripts/populate-details.js
index 6f1b616..f8c9724 100644
--- a/scripts/populate-details.js
+++ b/scripts/populate-details.js
@@ -48,31 +48,40 @@ const renderDetails = (check) => {
     content += `${howToDetails}\n`
   }
   content += `- Created at ${check.created_at}\n`
-  content += `- Updated at ${check.updated_at}\n`
+  content += `- Updated at ${check.updated_at}`
   return content
 }
 
 // Prepare the markdown files
 checks.forEach((check, index) => {
   const fileContent = `---
+<!-- METADATA:START -->
 sidebar_position: ${index + 1}
 id: ${check.id}
 title: ${check.title}
 slug: /details/${check.code_name}
+<!-- METADATA:END -->
 ---
 
+<!-- TITLE:START -->
 # ${check.title}
+<!-- TITLE:END -->
 
 ## Use Case
+<!-- LEVELS:START -->
 - Incubating: ${check.level_incubating_status}
 - Active: ${check.level_active_status}
 - Retiring: ${check.level_retiring_status}
+<!-- LEVELS:END -->
 
+<!-- DESCRIPTION:START -->
 ## Description
-
 ${check.description}
+<!-- DESCRIPTION:END -->
 
+<!-- DETAILS:START -->
 ${renderDetails(check)}
+<!-- DETAILS:END -->
 `
   const detination = path.join(process.cwd(), `docs/details/${check.code_name}.mdx`)
   writeFileSync(detination, fileContent)

From ec47ee66557183ab93902198b0459197e35f5b40 Mon Sep 17 00:00:00 2001
From: Ulises Gascon <ulisesgascongonzalez@gmail.com>
Date: Sun, 8 Dec 2024 02:49:52 +0100
Subject: [PATCH 02/16] feat: add support tags in implementations

---
 scripts/populate-implementations.js | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/scripts/populate-implementations.js b/scripts/populate-implementations.js
index d01f024..99b734e 100644
--- a/scripts/populate-implementations.js
+++ b/scripts/populate-implementations.js
@@ -20,7 +20,7 @@ projectStatus.forEach(status => {
 
 // Populate the data object
 checks
-// @TODO: Remove this sort when the checks.json is sorted when generated in the dashboard script
+  // @TODO: Remove this sort when the checks.json is sorted when generated in the dashboard script
   .sort((a, b) => a.id - b.id)
   .forEach(item =>
     projectStatus.forEach(status => {
@@ -40,12 +40,15 @@ const addRow = (item) => `| ${item.section_number}. ${capitalizeWords(item.secti
 // Prepare the markdown files
 projectStatus.forEach((status, index) => {
   let fileContent = `---
+<!-- METADATA:START -->
 sidebar_position: ${index + 1}
 id: ${status}
 title: ${status.charAt(0).toUpperCase() + status.slice(1)}
 slug: /implementations/${status}
+<!-- METADATA:END -->
 ---
 
+<!-- LIST:START -->
 `
 
   fileContent += implementationPriority.map(priority => {
@@ -58,6 +61,8 @@ ${data[status][priority].map(addRow).join('\n')}
     `
   }).join('\n')
 
+  fileContent += '<!-- LIST:END -->'
+
   const destination = path.join(process.cwd(), `docs/implementation/${status}.mdx`)
   writeFileSync(destination, fileContent)
 })

From 06a16ebeb7b5cbccb58bae72c526dcb32cff5dc3 Mon Sep 17 00:00:00 2001
From: Ulises Gascon <ulisesgascongonzalez@gmail.com>
Date: Sun, 8 Dec 2024 02:50:34 +0100
Subject: [PATCH 03/16] chore: update implementations

---
 docs/implementation/active.mdx     | 5 ++++-
 docs/implementation/incubating.mdx | 5 ++++-
 docs/implementation/retiring.mdx   | 5 ++++-
 3 files changed, 12 insertions(+), 3 deletions(-)

diff --git a/docs/implementation/active.mdx b/docs/implementation/active.mdx
index ab516a8..8e70712 100644
--- a/docs/implementation/active.mdx
+++ b/docs/implementation/active.mdx
@@ -1,10 +1,13 @@
 ---
+<!-- METADATA:START -->
 sidebar_position: 2
 id: active
 title: Active
 slug: /implementations/active
+<!-- METADATA:END -->
 ---
 
+<!-- LIST:START -->
 
 ## Expected
 
@@ -89,4 +92,4 @@ slug: /implementations/active
 | 2. User Account Permissions | Limit GitHub Repo Admins to Fewer Than Three | R7 | [details](/details/limitRepoAdmins) |
 | 5. Vulnerability Management | Patch Critical/High Vulnerabilities in 14 Days | R8 | [details](/details/patchExploitableHighVulns14Days) |
 | 5. Vulnerability Management | Patch Non-Critical Vulnerabilities in 60 Days | R8 | [details](/details/patchExploitableNoncCriticalVulns60Days) |
-    
\ No newline at end of file
+    <!-- LIST:END -->
\ No newline at end of file
diff --git a/docs/implementation/incubating.mdx b/docs/implementation/incubating.mdx
index 765d56c..a5a9cf8 100644
--- a/docs/implementation/incubating.mdx
+++ b/docs/implementation/incubating.mdx
@@ -1,10 +1,13 @@
 ---
+<!-- METADATA:START -->
 sidebar_position: 1
 id: incubating
 title: Incubating
 slug: /implementations/incubating
+<!-- METADATA:END -->
 ---
 
+<!-- LIST:START -->
 
 ## Expected
 
@@ -94,4 +97,4 @@ slug: /implementations/incubating
 | 2. User Account Permissions | Limit GitHub Repo Admins to Fewer Than Three | R7 | [details](/details/limitRepoAdmins) |
 | 5. Vulnerability Management | Patch Critical/High Vulnerabilities in 14 Days | R8 | [details](/details/patchExploitableHighVulns14Days) |
 | 5. Vulnerability Management | Patch Non-Critical Vulnerabilities in 60 Days | R8 | [details](/details/patchExploitableNoncCriticalVulns60Days) |
-    
\ No newline at end of file
+    <!-- LIST:END -->
\ No newline at end of file
diff --git a/docs/implementation/retiring.mdx b/docs/implementation/retiring.mdx
index 3ae9923..3136540 100644
--- a/docs/implementation/retiring.mdx
+++ b/docs/implementation/retiring.mdx
@@ -1,10 +1,13 @@
 ---
+<!-- METADATA:START -->
 sidebar_position: 3
 id: retiring
 title: Retiring
 slug: /implementations/retiring
+<!-- METADATA:END -->
 ---
 
+<!-- LIST:START -->
 
 ## Expected
 
@@ -62,4 +65,4 @@ slug: /implementations/retiring
 | 9. Source Control | Require Approved PRs for Mainline Commits (Two+ Maintainers) | R6 | [details](/details/requirePRApprovalForMainline) |
 | 2. User Account Permissions | Limit GitHub Org Owners to Fewer Than Three | R7 | [details](/details/limitOrgOwners) |
 | 2. User Account Permissions | Limit GitHub Repo Admins to Fewer Than Three | R7 | [details](/details/limitRepoAdmins) |
-    
\ No newline at end of file
+    <!-- LIST:END -->
\ No newline at end of file

From fee2b2cca9bdac4291007c0168f4f47993259b00 Mon Sep 17 00:00:00 2001
From: Ulises Gascon <ulisesgascongonzalez@gmail.com>
Date: Sun, 8 Dec 2024 02:50:59 +0100
Subject: [PATCH 04/16] chore: update details

---
 docs/details/MFAImpersonationDefense.mdx         | 12 ++++++++++--
 docs/details/PRsBeforeMerge.mdx                  | 12 ++++++++++--
 docs/details/SSHKeysRequired.mdx                 | 12 ++++++++++--
 docs/details/activeAdminsSixMonths.mdx           | 12 ++++++++++--
 docs/details/activeWritersSixMonths.mdx          | 12 ++++++++++--
 docs/details/adminRepoCreationOnly.mdx           | 12 ++++++++++--
 docs/details/annualDependencyRefresh.mdx         | 12 ++++++++++--
 docs/details/assignCVEForKnownVulns.mdx          | 12 ++++++++++--
 docs/details/automateDependencyManagement.mdx    | 12 ++++++++++--
 docs/details/automateVulnDetection.mdx           | 12 ++++++++++--
 docs/details/blockWorkflowPRApproval.mdx         | 12 ++++++++++--
 docs/details/ciAndCdPipelineAsCode.mdx           | 12 ++++++++++--
 docs/details/commitSignoffForWeb.mdx             | 12 ++++++++++--
 docs/details/commitStatusChecks.mdx              | 12 ++++++++++--
 docs/details/consistentBuildProcessDocs.mdx      | 12 ++++++++++--
 docs/details/defaultTokenPermissionsReadOnly.mdx | 12 ++++++++++--
 docs/details/defineFunctionalRoles.mdx           | 12 ++++++++++--
 docs/details/forkWorkflowApproval.mdx            | 12 ++++++++++--
 docs/details/githubOrgMFA.mdx                    | 16 ++++++++++------
 docs/details/githubWebhookSecrets.mdx            | 12 ++++++++++--
 docs/details/githubWriteAccessRoles.mdx          | 12 ++++++++++--
 docs/details/identifyModifiedDependencies.mdx    | 12 ++++++++++--
 docs/details/incidentResponsePlan.mdx            | 12 ++++++++++--
 docs/details/includeCVEInReleaseNotes.mdx        | 12 ++++++++++--
 docs/details/includePackageLock.mdx              | 12 ++++++++++--
 docs/details/injectedSecretsAtRuntime.mdx        | 12 ++++++++++--
 docs/details/limitOrgOwners.mdx                  | 12 ++++++++++--
 docs/details/limitRepoAdmins.mdx                 | 12 ++++++++++--
 docs/details/limitWorkflowWritePermissions.mdx   | 12 ++++++++++--
 docs/details/machineReadableDependencies.mdx     | 12 ++++++++++--
 docs/details/noArbitraryCodeInPipeline.mdx       | 12 ++++++++++--
 docs/details/noForcePushDefaultBranch.mdx        | 12 ++++++++++--
 docs/details/noSelfHostedRunners.mdx             | 12 ++++++++++--
 docs/details/noSensitiveInfoInRepositories.mdx   | 12 ++++++++++--
 docs/details/npmOrgMFA.mdx                       | 12 ++++++++++--
 docs/details/npmPublicationMFA.mdx               | 12 ++++++++++--
 docs/details/orgToolingMFA.mdx                   | 12 ++++++++++--
 docs/details/owaspTop10Training.mdx              | 12 ++++++++++--
 docs/details/patchCriticalVulns30Days.mdx        | 12 ++++++++++--
 docs/details/patchExploitableHighVulns14Days.mdx | 12 ++++++++++--
 .../patchExploitableNoncCriticalVulns60Days.mdx  | 12 ++++++++++--
 docs/details/patchNonCriticalVulns90Days.mdx     | 12 ++++++++++--
 docs/details/pinActionsToSHA.mdx                 | 12 ++++++++++--
 docs/details/preventBranchProtectionBypass.mdx   | 12 ++++++++++--
 docs/details/preventDeletionDefaultBranch.mdx    | 12 ++++++++++--
 docs/details/preventLandingSensitiveCommits.mdx  | 12 ++++++++++--
 docs/details/preventScriptInjection.mdx          | 12 ++++++++++--
 docs/details/regressionTestsForVulns.mdx         | 12 ++++++++++--
 .../requireCodeOwnersReviewForLargeTeams.mdx     | 12 ++++++++++--
 docs/details/requirePRApprovalForMainline.mdx    | 12 ++++++++++--
 docs/details/requireSignedCommits.mdx            | 12 ++++++++++--
 docs/details/requireTwoPartyReview.mdx           | 12 ++++++++++--
 docs/details/resolveLinterWarnings.mdx           | 12 ++++++++++--
 docs/details/restrictOrgSecrets.mdx              | 12 ++++++++++--
 docs/details/restrictedOrgPermissions.mdx        | 12 ++++++++++--
 docs/details/runnerSecurityScanner.mdx           | 12 ++++++++++--
 docs/details/scanCommitsForSensitiveInfo.mdx     | 12 ++++++++++--
 docs/details/securityMdMeetsOpenJSCVD.mdx        | 12 ++++++++++--
 docs/details/softwareArchitectureDocs.mdx        | 12 ++++++++++--
 docs/details/softwareDesignTraining.mdx          | 12 ++++++++++--
 docs/details/staticAppSecTesting.mdx             | 12 ++++++++++--
 docs/details/staticCodeAnalysis.mdx              | 12 ++++++++++--
 docs/details/twoOrMoreOwnersForAccess.mdx        | 12 ++++++++++--
 .../details/upToDateDefaultBranchBeforeMerge.mdx | 12 ++++++++++--
 docs/details/upgradePathDocs.mdx                 | 12 ++++++++++--
 docs/details/useCVDToolForVulns.mdx              | 12 ++++++++++--
 docs/details/useHwKeyGithubAccess.mdx            | 12 ++++++++++--
 docs/details/useHwKeyGithubNonInteractive.mdx    | 12 ++++++++++--
 docs/details/useHwKeyOtherContexts.mdx           | 12 ++++++++++--
 docs/details/verifiedActionsOnly.mdx             | 12 ++++++++++--
 docs/details/vulnResponse14Days.mdx              | 12 ++++++++++--
 docs/details/workflowSecurityScanner.mdx         | 12 ++++++++++--
 72 files changed, 720 insertions(+), 148 deletions(-)

diff --git a/docs/details/MFAImpersonationDefense.mdx b/docs/details/MFAImpersonationDefense.mdx
index d5decac..b1f987e 100644
--- a/docs/details/MFAImpersonationDefense.mdx
+++ b/docs/details/MFAImpersonationDefense.mdx
@@ -1,21 +1,29 @@
 ---
+<!-- METADATA:START -->
 sidebar_position: 5
 id: 6
 title: Use MFA against impersonation
 slug: /details/MFAImpersonationDefense
+<!-- METADATA:END -->
 ---
 
+<!-- TITLE:START -->
 # Use MFA against impersonation
+<!-- TITLE:END -->
 
 ## Use Case
+<!-- LEVELS:START -->
 - Incubating: expected
 - Active: expected
 - Retiring: expected
+<!-- LEVELS:END -->
 
+<!-- DESCRIPTION:START -->
 ## Description
-
 Use Multi Factor Authentication (MFA) Methods that Defend Against Impersonation when Available 
+<!-- DESCRIPTION:END -->
 
+<!-- DETAILS:START -->
 ## Details
 - Implementation Status: pending
 - C-SCRM: true
@@ -25,4 +33,4 @@ Use Multi Factor Authentication (MFA) Methods that Defend Against Impersonation
 - How To: [Github Docs](https://docs.github.com/en/authentication/securing-your-account-with-two-factor-authentication-2fa)
 - Created at 2024-12-07T23:06:38.197Z
 - Updated at 2024-12-07T23:06:38.197Z
-
+<!-- DETAILS:END -->
diff --git a/docs/details/PRsBeforeMerge.mdx b/docs/details/PRsBeforeMerge.mdx
index 8f655bb..86e16fb 100644
--- a/docs/details/PRsBeforeMerge.mdx
+++ b/docs/details/PRsBeforeMerge.mdx
@@ -1,21 +1,29 @@
 ---
+<!-- METADATA:START -->
 sidebar_position: 61
 id: 62
 title: Require Pull Requests Before Merging
 slug: /details/PRsBeforeMerge
+<!-- METADATA:END -->
 ---
 
+<!-- TITLE:START -->
 # Require Pull Requests Before Merging
+<!-- TITLE:END -->
 
 ## Use Case
+<!-- LEVELS:START -->
 - Incubating: recommended
 - Active: recommended
 - Retiring: recommended
+<!-- LEVELS:END -->
 
+<!-- DESCRIPTION:START -->
 ## Description
-
 Require Pull Requests before Merging
+<!-- DESCRIPTION:END -->
 
+<!-- DETAILS:START -->
 ## Details
 - Implementation Status: pending
 - C-SCRM: true
@@ -25,4 +33,4 @@ Require Pull Requests before Merging
 - How To: [Github Docs](https://docs.github.com/en/repositories/configuring-branches-and-merges-in-your-repository/managing-protected-branches/about-protected-branches#require-pull-request-reviews-before-merging)
 - Created at 2024-12-07T23:06:38.197Z
 - Updated at 2024-12-07T23:06:38.197Z
-
+<!-- DETAILS:END -->
diff --git a/docs/details/SSHKeysRequired.mdx b/docs/details/SSHKeysRequired.mdx
index df37c69..1ebc17e 100644
--- a/docs/details/SSHKeysRequired.mdx
+++ b/docs/details/SSHKeysRequired.mdx
@@ -1,21 +1,29 @@
 ---
+<!-- METADATA:START -->
 sidebar_position: 10
 id: 11
 title: Use SSH Keys with Passphrases for Repository Access
 slug: /details/SSHKeysRequired
+<!-- METADATA:END -->
 ---
 
+<!-- TITLE:START -->
 # Use SSH Keys with Passphrases for Repository Access
+<!-- TITLE:END -->
 
 ## Use Case
+<!-- LEVELS:START -->
 - Incubating: expected
 - Active: expected
 - Retiring: expected
+<!-- LEVELS:END -->
 
+<!-- DESCRIPTION:START -->
 ## Description
-
 Use SSH keys for developer access to source code repositories and use a passphrase
+<!-- DESCRIPTION:END -->
 
+<!-- DETAILS:START -->
 ## Details
 - Implementation Status: pending
 - C-SCRM: true
@@ -25,4 +33,4 @@ Use SSH keys for developer access to source code repositories and use a passphra
 - How To: [Github Docs](https://docs.github.com/en/authentication/connecting-to-github-with-ssh/about-ssh)
 - Created at 2024-12-07T23:06:38.197Z
 - Updated at 2024-12-07T23:06:38.197Z
-
+<!-- DETAILS:END -->
diff --git a/docs/details/activeAdminsSixMonths.mdx b/docs/details/activeAdminsSixMonths.mdx
index fdc6f9c..def0bf2 100644
--- a/docs/details/activeAdminsSixMonths.mdx
+++ b/docs/details/activeAdminsSixMonths.mdx
@@ -1,21 +1,29 @@
 ---
+<!-- METADATA:START -->
 sidebar_position: 59
 id: 60
 title: Require Active Admins in GitHub Org (Activity in 6 Months)
 slug: /details/activeAdminsSixMonths
+<!-- METADATA:END -->
 ---
 
+<!-- TITLE:START -->
 # Require Active Admins in GitHub Org (Activity in 6 Months)
+<!-- TITLE:END -->
 
 ## Use Case
+<!-- LEVELS:START -->
 - Incubating: recommended
 - Active: recommended
 - Retiring: n/a
+<!-- LEVELS:END -->
 
+<!-- DESCRIPTION:START -->
 ## Description
-
 Github Organization Admins Should Have Activity In The Last 6 Months
+<!-- DESCRIPTION:END -->
 
+<!-- DETAILS:START -->
 ## Details
 - Implementation Status: pending
 - C-SCRM: true
@@ -24,4 +32,4 @@ Github Organization Admins Should Have Activity In The Last 6 Months
 - Sources: [OpenSSF SCM Best Practices](https://best.openssf.org/SCM-BestPractices/github/member/stale_admin_found.html)
 - Created at 2024-12-07T23:06:38.197Z
 - Updated at 2024-12-07T23:06:38.197Z
-
+<!-- DETAILS:END -->
diff --git a/docs/details/activeWritersSixMonths.mdx b/docs/details/activeWritersSixMonths.mdx
index fafa499..38bc4c6 100644
--- a/docs/details/activeWritersSixMonths.mdx
+++ b/docs/details/activeWritersSixMonths.mdx
@@ -1,21 +1,29 @@
 ---
+<!-- METADATA:START -->
 sidebar_position: 60
 id: 61
 title: Require Active Members with Write Access (Activity in 6 Months)
 slug: /details/activeWritersSixMonths
+<!-- METADATA:END -->
 ---
 
+<!-- TITLE:START -->
 # Require Active Members with Write Access (Activity in 6 Months)
+<!-- TITLE:END -->
 
 ## Use Case
+<!-- LEVELS:START -->
 - Incubating: recommended
 - Active: recommended
 - Retiring: n/a
+<!-- LEVELS:END -->
 
+<!-- DESCRIPTION:START -->
 ## Description
-
 Github Organization Members with Write Permissions Should Have Activity In The Last 6 Months
+<!-- DESCRIPTION:END -->
 
+<!-- DETAILS:START -->
 ## Details
 - Implementation Status: pending
 - C-SCRM: true
@@ -24,4 +32,4 @@ Github Organization Members with Write Permissions Should Have Activity In The L
 - Sources: [OpenSSF SCM Best Practices](https://best.openssf.org/SCM-BestPractices/github/member/stale_member_found.html)
 - Created at 2024-12-07T23:06:38.197Z
 - Updated at 2024-12-07T23:06:38.197Z
-
+<!-- DETAILS:END -->
diff --git a/docs/details/adminRepoCreationOnly.mdx b/docs/details/adminRepoCreationOnly.mdx
index d17a0ff..dbf61b4 100644
--- a/docs/details/adminRepoCreationOnly.mdx
+++ b/docs/details/adminRepoCreationOnly.mdx
@@ -1,21 +1,29 @@
 ---
+<!-- METADATA:START -->
 sidebar_position: 14
 id: 15
 title: Allow Only Admins to Create Public Repositories
 slug: /details/adminRepoCreationOnly
+<!-- METADATA:END -->
 ---
 
+<!-- TITLE:START -->
 # Allow Only Admins to Create Public Repositories
+<!-- TITLE:END -->
 
 ## Use Case
+<!-- LEVELS:START -->
 - Incubating: expected
 - Active: expected
 - Retiring: expected
+<!-- LEVELS:END -->
 
+<!-- DESCRIPTION:START -->
 ## Description
-
 Only Admins Should Be Able To Create Public Repositories
+<!-- DESCRIPTION:END -->
 
+<!-- DETAILS:START -->
 ## Details
 - Implementation Status: pending
 - C-SCRM: true
@@ -25,4 +33,4 @@ Only Admins Should Be Able To Create Public Repositories
 - How To: [Github Docs](https://docs.github.com/en/organizations/managing-organization-settings/restricting-repository-creation-in-your-organization)
 - Created at 2024-12-07T23:06:38.197Z
 - Updated at 2024-12-07T23:06:38.197Z
-
+<!-- DETAILS:END -->
diff --git a/docs/details/annualDependencyRefresh.mdx b/docs/details/annualDependencyRefresh.mdx
index 2921cb9..a337cb9 100644
--- a/docs/details/annualDependencyRefresh.mdx
+++ b/docs/details/annualDependencyRefresh.mdx
@@ -1,21 +1,29 @@
 ---
+<!-- METADATA:START -->
 sidebar_position: 52
 id: 53
 title: Refresh Dependencies with Annual Releases
 slug: /details/annualDependencyRefresh
+<!-- METADATA:END -->
 ---
 
+<!-- TITLE:START -->
 # Refresh Dependencies with Annual Releases
+<!-- TITLE:END -->
 
 ## Use Case
+<!-- LEVELS:START -->
 - Incubating: expected
 - Active: expected
 - Retiring: n/a
+<!-- LEVELS:END -->
 
+<!-- DESCRIPTION:START -->
 ## Description
-
 A new release to refresh dependencies occurs at least annually
+<!-- DESCRIPTION:END -->
 
+<!-- DETAILS:START -->
 ## Details
 - Implementation Status: pending
 - C-SCRM: true
@@ -23,4 +31,4 @@ A new release to refresh dependencies occurs at least annually
 - Sources: [OpenSSF Best Practices Badge Passing Level [maintained]](https://www.bestpractices.dev/en/criteria?details=true&rationale=true#0.maintained)
 - Created at 2024-12-07T23:06:38.197Z
 - Updated at 2024-12-07T23:06:38.197Z
-
+<!-- DETAILS:END -->
diff --git a/docs/details/assignCVEForKnownVulns.mdx b/docs/details/assignCVEForKnownVulns.mdx
index a4bec15..6c27f70 100644
--- a/docs/details/assignCVEForKnownVulns.mdx
+++ b/docs/details/assignCVEForKnownVulns.mdx
@@ -1,21 +1,29 @@
 ---
+<!-- METADATA:START -->
 sidebar_position: 30
 id: 31
 title: Assign CVEs to All Known Security Vulnerabilities
 slug: /details/assignCVEForKnownVulns
+<!-- METADATA:END -->
 ---
 
+<!-- TITLE:START -->
 # Assign CVEs to All Known Security Vulnerabilities
+<!-- TITLE:END -->
 
 ## Use Case
+<!-- LEVELS:START -->
 - Incubating: expected
 - Active: expected
 - Retiring: expected
+<!-- LEVELS:END -->
 
+<!-- DESCRIPTION:START -->
 ## Description
-
 All Known Security Vulnerabilities are Issued a CVE
+<!-- DESCRIPTION:END -->
 
+<!-- DETAILS:START -->
 ## Details
 - Implementation Status: pending
 - C-SCRM: true
@@ -23,4 +31,4 @@ All Known Security Vulnerabilities are Issued a CVE
 - Sources: [OpenSSF Best Practices Badge Passing Level [release_notes_vulns]](https://www.bestpractices.dev/en/criteria?details=true&rationale=true#0.release_notes_vulns)
 - Created at 2024-12-07T23:06:38.197Z
 - Updated at 2024-12-07T23:06:38.197Z
-
+<!-- DETAILS:END -->
diff --git a/docs/details/automateDependencyManagement.mdx b/docs/details/automateDependencyManagement.mdx
index bfb944d..fe17601 100644
--- a/docs/details/automateDependencyManagement.mdx
+++ b/docs/details/automateDependencyManagement.mdx
@@ -1,21 +1,29 @@
 ---
+<!-- METADATA:START -->
 sidebar_position: 49
 id: 50
 title: Automate Monitoring of Outdated Dependencies
 slug: /details/automateDependencyManagement
+<!-- METADATA:END -->
 ---
 
+<!-- TITLE:START -->
 # Automate Monitoring of Outdated Dependencies
+<!-- TITLE:END -->
 
 ## Use Case
+<!-- LEVELS:START -->
 - Incubating: expected
 - Active: expected
 - Retiring: expected
+<!-- LEVELS:END -->
 
+<!-- DESCRIPTION:START -->
 ## Description
-
 Automated Process is Used to Monitor for and Maintain a List of Out of Date Dependencies
+<!-- DESCRIPTION:END -->
 
+<!-- DETAILS:START -->
 ## Details
 - Implementation Status: pending
 - C-SCRM: true
@@ -24,4 +32,4 @@ Automated Process is Used to Monitor for and Maintain a List of Out of Date Depe
 - How To: [Socket.Dev](https://socket.dev/)
 - Created at 2024-12-07T23:06:38.197Z
 - Updated at 2024-12-07T23:06:38.197Z
-
+<!-- DETAILS:END -->
diff --git a/docs/details/automateVulnDetection.mdx b/docs/details/automateVulnDetection.mdx
index 57b0472..551bc71 100644
--- a/docs/details/automateVulnDetection.mdx
+++ b/docs/details/automateVulnDetection.mdx
@@ -1,21 +1,29 @@
 ---
+<!-- METADATA:START -->
 sidebar_position: 21
 id: 22
 title: Automate Dependency Vulnerability Identification
 slug: /details/automateVulnDetection
+<!-- METADATA:END -->
 ---
 
+<!-- TITLE:START -->
 # Automate Dependency Vulnerability Identification
+<!-- TITLE:END -->
 
 ## Use Case
+<!-- LEVELS:START -->
 - Incubating: expected
 - Active: expected
 - Retiring: expected
+<!-- LEVELS:END -->
 
+<!-- DESCRIPTION:START -->
 ## Description
-
 An automated process to identify dependencies with publicly disclosed vulnerabilities
+<!-- DESCRIPTION:END -->
 
+<!-- DETAILS:START -->
 ## Details
 - Implementation Status: pending
 - C-SCRM: true
@@ -25,4 +33,4 @@ An automated process to identify dependencies with publicly disclosed vulnerabil
 - How To: [Github Docs](https://docs.github.com/en/code-security/dependabot/dependabot-security-updates/configuring-dependabot-security-updates#managing-dependabot-security-updates-for-your-repositories)
 - Created at 2024-12-07T23:06:38.197Z
 - Updated at 2024-12-07T23:06:38.197Z
-
+<!-- DETAILS:END -->
diff --git a/docs/details/blockWorkflowPRApproval.mdx b/docs/details/blockWorkflowPRApproval.mdx
index 7329a31..9b1fdee 100644
--- a/docs/details/blockWorkflowPRApproval.mdx
+++ b/docs/details/blockWorkflowPRApproval.mdx
@@ -1,21 +1,29 @@
 ---
+<!-- METADATA:START -->
 sidebar_position: 34
 id: 35
 title: Prevent Workflows from Creating or Approving PRs
 slug: /details/blockWorkflowPRApproval
+<!-- METADATA:END -->
 ---
 
+<!-- TITLE:START -->
 # Prevent Workflows from Creating or Approving PRs
+<!-- TITLE:END -->
 
 ## Use Case
+<!-- LEVELS:START -->
 - Incubating: expected
 - Active: expected
 - Retiring: expected
+<!-- LEVELS:END -->
 
+<!-- DESCRIPTION:START -->
 ## Description
-
 Workflows are not Allowed To Create or Approve Pull Requests
+<!-- DESCRIPTION:END -->
 
+<!-- DETAILS:START -->
 ## Details
 - Implementation Status: pending
 - C-SCRM: true
@@ -25,4 +33,4 @@ Workflows are not Allowed To Create or Approve Pull Requests
 - How To: [Github Docs](https://docs.github.com/en/enterprise-cloud@latest/admin/policies/enforcing-policies-for-your-enterprise/enforcing-policies-for-github-actions-in-your-enterprise#preventing-github-actions-from-creating-or-approving-pull-requests)
 - Created at 2024-12-07T23:06:38.197Z
 - Updated at 2024-12-07T23:06:38.197Z
-
+<!-- DETAILS:END -->
diff --git a/docs/details/ciAndCdPipelineAsCode.mdx b/docs/details/ciAndCdPipelineAsCode.mdx
index afa55c0..f1cc070 100644
--- a/docs/details/ciAndCdPipelineAsCode.mdx
+++ b/docs/details/ciAndCdPipelineAsCode.mdx
@@ -1,21 +1,29 @@
 ---
+<!-- METADATA:START -->
 sidebar_position: 47
 id: 48
 title: Automate CI/CD Steps in Code-Based Pipelines
 slug: /details/ciAndCdPipelineAsCode
+<!-- METADATA:END -->
 ---
 
+<!-- TITLE:START -->
 # Automate CI/CD Steps in Code-Based Pipelines
+<!-- TITLE:END -->
 
 ## Use Case
+<!-- LEVELS:START -->
 - Incubating: deferrable
 - Active: expected
 - Retiring: n/a
+<!-- LEVELS:END -->
 
+<!-- DESCRIPTION:START -->
 ## Description
-
 CI/CD steps should all be automated through a pipeline defined as code
+<!-- DESCRIPTION:END -->
 
+<!-- DETAILS:START -->
 ## Details
 - Implementation Status: pending
 - C-SCRM: true
@@ -24,4 +32,4 @@ CI/CD steps should all be automated through a pipeline defined as code
 - How To: [Github Docs](https://docs.github.com/en/actions/publishing-packages/publishing-nodejs-packages)
 - Created at 2024-12-07T23:06:38.197Z
 - Updated at 2024-12-07T23:06:38.197Z
-
+<!-- DETAILS:END -->
diff --git a/docs/details/commitSignoffForWeb.mdx b/docs/details/commitSignoffForWeb.mdx
index 8f14976..170e5af 100644
--- a/docs/details/commitSignoffForWeb.mdx
+++ b/docs/details/commitSignoffForWeb.mdx
@@ -1,21 +1,29 @@
 ---
+<!-- METADATA:START -->
 sidebar_position: 62
 id: 63
 title: Enforce Commit Signoff for Web-Based Commits
 slug: /details/commitSignoffForWeb
+<!-- METADATA:END -->
 ---
 
+<!-- TITLE:START -->
 # Enforce Commit Signoff for Web-Based Commits
+<!-- TITLE:END -->
 
 ## Use Case
+<!-- LEVELS:START -->
 - Incubating: recommended
 - Active: recommended
 - Retiring: recommended
+<!-- LEVELS:END -->
 
+<!-- DESCRIPTION:START -->
 ## Description
-
 Github Org Requires Commit Signoff for Web-Based Commits
+<!-- DESCRIPTION:END -->
 
+<!-- DETAILS:START -->
 ## Details
 - Implementation Status: pending
 - C-SCRM: true
@@ -24,4 +32,4 @@ Github Org Requires Commit Signoff for Web-Based Commits
 - How To: [Github Docs](https://docs.github.com/en/organizations/managing-organization-settings/managing-the-commit-signoff-policy-for-your-organization#managing-compulsory-commit-signoffs-for-your-organization)
 - Created at 2024-12-07T23:06:38.197Z
 - Updated at 2024-12-07T23:06:38.197Z
-
+<!-- DETAILS:END -->
diff --git a/docs/details/commitStatusChecks.mdx b/docs/details/commitStatusChecks.mdx
index bf604ee..118adf3 100644
--- a/docs/details/commitStatusChecks.mdx
+++ b/docs/details/commitStatusChecks.mdx
@@ -1,21 +1,29 @@
 ---
+<!-- METADATA:START -->
 sidebar_position: 25
 id: 26
 title: Require Commit Status Checks to Pass Before Merging
 slug: /details/commitStatusChecks
+<!-- METADATA:END -->
 ---
 
+<!-- TITLE:START -->
 # Require Commit Status Checks to Pass Before Merging
+<!-- TITLE:END -->
 
 ## Use Case
+<!-- LEVELS:START -->
 - Incubating: expected
 - Active: expected
 - Retiring: n/a
+<!-- LEVELS:END -->
 
+<!-- DESCRIPTION:START -->
 ## Description
-
 All Required Commit Status Checks must pass before Merging
+<!-- DESCRIPTION:END -->
 
+<!-- DETAILS:START -->
 ## Details
 - Implementation Status: pending
 - C-SCRM: true
@@ -25,4 +33,4 @@ All Required Commit Status Checks must pass before Merging
 - How To: [Github Docs](https://docs.github.com/en/repositories/configuring-branches-and-merges-in-your-repository/managing-protected-branches/about-protected-branches#require-status-checks-before-merging)
 - Created at 2024-12-07T23:06:38.197Z
 - Updated at 2024-12-07T23:06:38.197Z
-
+<!-- DETAILS:END -->
diff --git a/docs/details/consistentBuildProcessDocs.mdx b/docs/details/consistentBuildProcessDocs.mdx
index d5147c9..912d824 100644
--- a/docs/details/consistentBuildProcessDocs.mdx
+++ b/docs/details/consistentBuildProcessDocs.mdx
@@ -1,21 +1,29 @@
 ---
+<!-- METADATA:START -->
 sidebar_position: 44
 id: 45
 title: Document Consistent and Automated Build Processes
 slug: /details/consistentBuildProcessDocs
+<!-- METADATA:END -->
 ---
 
+<!-- TITLE:START -->
 # Document Consistent and Automated Build Processes
+<!-- TITLE:END -->
 
 ## Use Case
+<!-- LEVELS:START -->
 - Incubating: expected
 - Active: expected
 - Retiring: n/a
+<!-- LEVELS:END -->
 
+<!-- DESCRIPTION:START -->
 ## Description
-
 Consistent and Automated Build Process is Documented and Used
+<!-- DESCRIPTION:END -->
 
+<!-- DETAILS:START -->
 ## Details
 - Implementation Status: pending
 - C-SCRM: true
@@ -23,4 +31,4 @@ Consistent and Automated Build Process is Documented and Used
 - Mitre: [CWE-1068](https://cwe.mitre.org/data/definitions/1068.html)
 - Created at 2024-12-07T23:06:38.197Z
 - Updated at 2024-12-07T23:06:38.197Z
-
+<!-- DETAILS:END -->
diff --git a/docs/details/defaultTokenPermissionsReadOnly.mdx b/docs/details/defaultTokenPermissionsReadOnly.mdx
index 60a2fe1..a96cdfe 100644
--- a/docs/details/defaultTokenPermissionsReadOnly.mdx
+++ b/docs/details/defaultTokenPermissionsReadOnly.mdx
@@ -1,21 +1,29 @@
 ---
+<!-- METADATA:START -->
 sidebar_position: 33
 id: 34
 title: Set Default GitHub Workflow Token Permissions to Read Only
 slug: /details/defaultTokenPermissionsReadOnly
+<!-- METADATA:END -->
 ---
 
+<!-- TITLE:START -->
 # Set Default GitHub Workflow Token Permissions to Read Only
+<!-- TITLE:END -->
 
 ## Use Case
+<!-- LEVELS:START -->
 - Incubating: expected
 - Active: expected
 - Retiring: n/a
+<!-- LEVELS:END -->
 
+<!-- DESCRIPTION:START -->
 ## Description
-
 Github Org Default Workflow Token Permissions are Set to Read Only
+<!-- DESCRIPTION:END -->
 
+<!-- DETAILS:START -->
 ## Details
 - Implementation Status: pending
 - C-SCRM: true
@@ -23,4 +31,4 @@ Github Org Default Workflow Token Permissions are Set to Read Only
 - Mitre: [CWE-250](https://cwe.mitre.org/data/definitions/250.html)
 - Created at 2024-12-07T23:06:38.197Z
 - Updated at 2024-12-07T23:06:38.197Z
-
+<!-- DETAILS:END -->
diff --git a/docs/details/defineFunctionalRoles.mdx b/docs/details/defineFunctionalRoles.mdx
index dba399c..1b24336 100644
--- a/docs/details/defineFunctionalRoles.mdx
+++ b/docs/details/defineFunctionalRoles.mdx
@@ -1,21 +1,29 @@
 ---
+<!-- METADATA:START -->
 sidebar_position: 16
 id: 17
 title: Define Roles Aligned to Functional Responsibilities
 slug: /details/defineFunctionalRoles
+<!-- METADATA:END -->
 ---
 
+<!-- TITLE:START -->
 # Define Roles Aligned to Functional Responsibilities
+<!-- TITLE:END -->
 
 ## Use Case
+<!-- LEVELS:START -->
 - Incubating: expected
 - Active: expected
 - Retiring: expected
+<!-- LEVELS:END -->
 
+<!-- DESCRIPTION:START -->
 ## Description
-
 Define roles aligned to functional responsibilities
+<!-- DESCRIPTION:END -->
 
+<!-- DETAILS:START -->
 ## Details
 - Implementation Status: pending
 - C-SCRM: true
@@ -25,4 +33,4 @@ Define roles aligned to functional responsibilities
 - How To: [Github Docs](https://docs.github.com/en/organizations/managing-user-access-to-your-organizations-repositories/managing-repository-roles/repository-roles-for-an-organization)
 - Created at 2024-12-07T23:06:38.197Z
 - Updated at 2024-12-07T23:06:38.197Z
-
+<!-- DETAILS:END -->
diff --git a/docs/details/forkWorkflowApproval.mdx b/docs/details/forkWorkflowApproval.mdx
index 92d9970..7dccdef 100644
--- a/docs/details/forkWorkflowApproval.mdx
+++ b/docs/details/forkWorkflowApproval.mdx
@@ -1,21 +1,29 @@
 ---
+<!-- METADATA:START -->
 sidebar_position: 56
 id: 57
 title: Require Approval for Forked Workflow Changes
 slug: /details/forkWorkflowApproval
+<!-- METADATA:END -->
 ---
 
+<!-- TITLE:START -->
 # Require Approval for Forked Workflow Changes
+<!-- TITLE:END -->
 
 ## Use Case
+<!-- LEVELS:START -->
 - Incubating: recommended
 - Active: recommended
 - Retiring: recommended
+<!-- LEVELS:END -->
 
+<!-- DESCRIPTION:START -->
 ## Description
-
 Limit changes from forks to workflows by requiring approval for all outside collaborators
+<!-- DESCRIPTION:END -->
 
+<!-- DETAILS:START -->
 ## Details
 - Implementation Status: pending
 - C-SCRM: true
@@ -24,4 +32,4 @@ Limit changes from forks to workflows by requiring approval for all outside coll
 - Sources: [Github Docs](https://docs.github.com/en/repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/managing-github-actions-settings-for-a-repository#controlling-changes-from-forks-to-workflows-in-public-repositories)
 - Created at 2024-12-07T23:06:38.197Z
 - Updated at 2024-12-07T23:06:38.197Z
-
+<!-- DETAILS:END -->
diff --git a/docs/details/githubOrgMFA.mdx b/docs/details/githubOrgMFA.mdx
index 74a9f77..f07976e 100644
--- a/docs/details/githubOrgMFA.mdx
+++ b/docs/details/githubOrgMFA.mdx
@@ -1,25 +1,29 @@
 ---
+<!-- METADATA:START -->
 sidebar_position: 72
 id: 3
 title: Enforce MFA in GitHub Organization(s)
 slug: /details/githubOrgMFA
+<!-- METADATA:END -->
 ---
 
+<!-- TITLE:START -->
 # Enforce MFA in GitHub Organization(s)
+<!-- TITLE:END -->
 
 ## Use Case
+<!-- LEVELS:START -->
 - Incubating: expected
 - Active: expected
 - Retiring: expected
+<!-- LEVELS:END -->
 
+<!-- DESCRIPTION:START -->
 ## Description
-
 Multi Factor Authentication (MFA) Enforced Across the Github Organization
+<!-- DESCRIPTION:END -->
 
-## Dashboard Inclusion
-
-We use the field `two_factor_requirement_enabled` from the GitHub Organization API to check if the project has enforced this policy. [More information](https://github.com/secure-dashboards/openjs-foundation-dashboard/issues/43)
-
+<!-- DETAILS:START -->
 ## Details
 - Implementation Status: completed
 - Implementation Details: It is computed ([details](https://github.com/secure-dashboards/openjs-foundation-dashboard/issues/43)).
@@ -30,4 +34,4 @@ We use the field `two_factor_requirement_enabled` from the GitHub Organization A
 - How To: [Github Docs](https://docs.github.com/en/organizations/keeping-your-organization-secure/managing-two-factor-authentication-for-your-organization/requiring-two-factor-authentication-in-your-organization)
 - Created at 2024-12-07T23:06:38.197Z
 - Updated at 2024-12-07T23:06:38.197Z
-
+<!-- DETAILS:END -->
diff --git a/docs/details/githubWebhookSecrets.mdx b/docs/details/githubWebhookSecrets.mdx
index 82033de..bb3cc16 100644
--- a/docs/details/githubWebhookSecrets.mdx
+++ b/docs/details/githubWebhookSecrets.mdx
@@ -1,21 +1,29 @@
 ---
+<!-- METADATA:START -->
 sidebar_position: 12
 id: 13
 title: Secure GitHub Webhooks with Secrets
 slug: /details/githubWebhookSecrets
+<!-- METADATA:END -->
 ---
 
+<!-- TITLE:START -->
 # Secure GitHub Webhooks with Secrets
+<!-- TITLE:END -->
 
 ## Use Case
+<!-- LEVELS:START -->
 - Incubating: expected
 - Active: expected
 - Retiring: expected
+<!-- LEVELS:END -->
 
+<!-- DESCRIPTION:START -->
 ## Description
-
 Github Webhooks Use Secrets
+<!-- DESCRIPTION:END -->
 
+<!-- DETAILS:START -->
 ## Details
 - Implementation Status: pending
 - C-SCRM: true
@@ -25,4 +33,4 @@ Github Webhooks Use Secrets
 - How To: [Github Docs](https://docs.github.com/en/actions/security-guides/using-secrets-in-github-actions)
 - Created at 2024-12-07T23:06:38.197Z
 - Updated at 2024-12-07T23:06:38.197Z
-
+<!-- DETAILS:END -->
diff --git a/docs/details/githubWriteAccessRoles.mdx b/docs/details/githubWriteAccessRoles.mdx
index 1b03f89..5a2a319 100644
--- a/docs/details/githubWriteAccessRoles.mdx
+++ b/docs/details/githubWriteAccessRoles.mdx
@@ -1,21 +1,29 @@
 ---
+<!-- METADATA:START -->
 sidebar_position: 17
 id: 18
 title: Define Teams/Individuals with Write Access to Repositories
 slug: /details/githubWriteAccessRoles
+<!-- METADATA:END -->
 ---
 
+<!-- TITLE:START -->
 # Define Teams/Individuals with Write Access to Repositories
+<!-- TITLE:END -->
 
 ## Use Case
+<!-- LEVELS:START -->
 - Incubating: expected
 - Active: expected
 - Retiring: expected
+<!-- LEVELS:END -->
 
+<!-- DESCRIPTION:START -->
 ## Description
-
 Define Individuals/Teams who Write Access to a Github Repo
+<!-- DESCRIPTION:END -->
 
+<!-- DETAILS:START -->
 ## Details
 - Implementation Status: pending
 - C-SCRM: true
@@ -25,4 +33,4 @@ Define Individuals/Teams who Write Access to a Github Repo
 - How To: [Github Docs](https://docs.github.com/en/organizations/managing-user-access-to-your-organizations-repositories/managing-repository-roles/repository-roles-for-an-organization)
 - Created at 2024-12-07T23:06:38.197Z
 - Updated at 2024-12-07T23:06:38.197Z
-
+<!-- DETAILS:END -->
diff --git a/docs/details/identifyModifiedDependencies.mdx b/docs/details/identifyModifiedDependencies.mdx
index e0b706b..1fa0a5b 100644
--- a/docs/details/identifyModifiedDependencies.mdx
+++ b/docs/details/identifyModifiedDependencies.mdx
@@ -1,21 +1,29 @@
 ---
+<!-- METADATA:START -->
 sidebar_position: 51
 id: 52
 title: Uniquely Identify Modified Dependencies
 slug: /details/identifyModifiedDependencies
+<!-- METADATA:END -->
 ---
 
+<!-- TITLE:START -->
 # Uniquely Identify Modified Dependencies
+<!-- TITLE:END -->
 
 ## Use Case
+<!-- LEVELS:START -->
 - Incubating: expected
 - Active: expected
 - Retiring: expected
+<!-- LEVELS:END -->
 
+<!-- DESCRIPTION:START -->
 ## Description
-
 Modified dependencies are uniquely identified and distinct from origin dependency
+<!-- DESCRIPTION:END -->
 
+<!-- DETAILS:START -->
 ## Details
 - Implementation Status: pending
 - C-SCRM: true
@@ -23,4 +31,4 @@ Modified dependencies are uniquely identified and distinct from origin dependenc
 - Sources: [OWASP SCVS L2 6.5](https://scvs.owasp.org/scvs/v6-pedigree-and-provenance/)
 - Created at 2024-12-07T23:06:38.197Z
 - Updated at 2024-12-07T23:06:38.197Z
-
+<!-- DETAILS:END -->
diff --git a/docs/details/incidentResponsePlan.mdx b/docs/details/incidentResponsePlan.mdx
index 16f4447..1455c52 100644
--- a/docs/details/incidentResponsePlan.mdx
+++ b/docs/details/incidentResponsePlan.mdx
@@ -1,21 +1,29 @@
 ---
+<!-- METADATA:START -->
 sidebar_position: 29
 id: 30
 title: Define Clear Communication and Incident Response Plans
 slug: /details/incidentResponsePlan
+<!-- METADATA:END -->
 ---
 
+<!-- TITLE:START -->
 # Define Clear Communication and Incident Response Plans
+<!-- TITLE:END -->
 
 ## Use Case
+<!-- LEVELS:START -->
 - Incubating: expected
 - Active: expected
 - Retiring: expected
+<!-- LEVELS:END -->
 
+<!-- DESCRIPTION:START -->
 ## Description
-
 Establish a Clear Communication and Incident Response Plan
+<!-- DESCRIPTION:END -->
 
+<!-- DETAILS:START -->
 ## Details
 - Implementation Status: pending
 - C-SCRM: false
@@ -23,4 +31,4 @@ Establish a Clear Communication and Incident Response Plan
 - Sources: [OpenSSF SCM Best Practices](https://best.openssf.org/SCM-BestPractices/#operations)
 - Created at 2024-12-07T23:06:38.197Z
 - Updated at 2024-12-07T23:06:38.197Z
-
+<!-- DETAILS:END -->
diff --git a/docs/details/includeCVEInReleaseNotes.mdx b/docs/details/includeCVEInReleaseNotes.mdx
index 8c1bd17..aeb3c9b 100644
--- a/docs/details/includeCVEInReleaseNotes.mdx
+++ b/docs/details/includeCVEInReleaseNotes.mdx
@@ -1,21 +1,29 @@
 ---
+<!-- METADATA:START -->
 sidebar_position: 31
 id: 32
 title: Include CVE IDs in Release Notes for Security Fixes
 slug: /details/includeCVEInReleaseNotes
+<!-- METADATA:END -->
 ---
 
+<!-- TITLE:START -->
 # Include CVE IDs in Release Notes for Security Fixes
+<!-- TITLE:END -->
 
 ## Use Case
+<!-- LEVELS:START -->
 - Incubating: expected
 - Active: expected
 - Retiring: expected
+<!-- LEVELS:END -->
 
+<!-- DESCRIPTION:START -->
 ## Description
-
 Release Notes must Include the CVE ID of Patched Security Vulnerabilities
+<!-- DESCRIPTION:END -->
 
+<!-- DETAILS:START -->
 ## Details
 - Implementation Status: pending
 - C-SCRM: false
@@ -23,4 +31,4 @@ Release Notes must Include the CVE ID of Patched Security Vulnerabilities
 - Sources: [OpenSSF Best Practices Badge Passing Level [release_notes_vulns]](https://www.bestpractices.dev/en/criteria?details=true&rationale=true#0.release_notes_vulns)
 - Created at 2024-12-07T23:06:38.197Z
 - Updated at 2024-12-07T23:06:38.197Z
-
+<!-- DETAILS:END -->
diff --git a/docs/details/includePackageLock.mdx b/docs/details/includePackageLock.mdx
index 6aec405..91f29b4 100644
--- a/docs/details/includePackageLock.mdx
+++ b/docs/details/includePackageLock.mdx
@@ -1,21 +1,29 @@
 ---
+<!-- METADATA:START -->
 sidebar_position: 64
 id: 65
 title: Include package-lock.json in Releases (Freestanding Apps)
 slug: /details/includePackageLock
+<!-- METADATA:END -->
 ---
 
+<!-- TITLE:START -->
 # Include package-lock.json in Releases (Freestanding Apps)
+<!-- TITLE:END -->
 
 ## Use Case
+<!-- LEVELS:START -->
 - Incubating: recommended
 - Active: recommended
 - Retiring: recommended
+<!-- LEVELS:END -->
 
+<!-- DESCRIPTION:START -->
 ## Description
-
 [Freestanding Applications Only] Commit a package-lock.json file with each release
+<!-- DESCRIPTION:END -->
 
+<!-- DETAILS:START -->
 ## Details
 - Implementation Status: pending
 - C-SCRM: true
@@ -24,4 +32,4 @@ slug: /details/includePackageLock
 - How To: [npm Docs](https://docs.npmjs.com/cli/v10/commands/npm-sbom)
 - Created at 2024-12-07T23:06:38.197Z
 - Updated at 2024-12-07T23:06:38.197Z
-
+<!-- DETAILS:END -->
diff --git a/docs/details/injectedSecretsAtRuntime.mdx b/docs/details/injectedSecretsAtRuntime.mdx
index 9a05c0e..0a478dc 100644
--- a/docs/details/injectedSecretsAtRuntime.mdx
+++ b/docs/details/injectedSecretsAtRuntime.mdx
@@ -1,21 +1,29 @@
 ---
+<!-- METADATA:START -->
 sidebar_position: 7
 id: 8
 title: Ensure that the secrets are injected at runtime
 slug: /details/injectedSecretsAtRuntime
+<!-- METADATA:END -->
 ---
 
+<!-- TITLE:START -->
 # Ensure that the secrets are injected at runtime
+<!-- TITLE:END -->
 
 ## Use Case
+<!-- LEVELS:START -->
 - Incubating: expected
 - Active: expected
 - Retiring: expected
+<!-- LEVELS:END -->
 
+<!-- DESCRIPTION:START -->
 ## Description
-
 Secrets are injected at runtime, such as environment variables or as a file (eg: use Github Secrets)
+<!-- DESCRIPTION:END -->
 
+<!-- DETAILS:START -->
 ## Details
 - Implementation Status: pending
 - C-SCRM: true
@@ -25,4 +33,4 @@ Secrets are injected at runtime, such as environment variables or as a file (eg:
 - How To: [Github Docs](https://docs.github.com/en/actions/security-guides/using-secrets-in-github-actions#creating-secrets-for-an-organization)
 - Created at 2024-12-07T23:06:38.197Z
 - Updated at 2024-12-07T23:06:38.197Z
-
+<!-- DETAILS:END -->
diff --git a/docs/details/limitOrgOwners.mdx b/docs/details/limitOrgOwners.mdx
index 8138e56..211d5ec 100644
--- a/docs/details/limitOrgOwners.mdx
+++ b/docs/details/limitOrgOwners.mdx
@@ -1,21 +1,29 @@
 ---
+<!-- METADATA:START -->
 sidebar_position: 68
 id: 69
 title: Limit GitHub Org Owners to Fewer Than Three
 slug: /details/limitOrgOwners
+<!-- METADATA:END -->
 ---
 
+<!-- TITLE:START -->
 # Limit GitHub Org Owners to Fewer Than Three
+<!-- TITLE:END -->
 
 ## Use Case
+<!-- LEVELS:START -->
 - Incubating: recommended
 - Active: recommended
 - Retiring: recommended
+<!-- LEVELS:END -->
 
+<!-- DESCRIPTION:START -->
 ## Description
-
 Limit Number of Github Org Owners (ideally Fewer Than Three)
+<!-- DESCRIPTION:END -->
 
+<!-- DETAILS:START -->
 ## Details
 - Implementation Status: pending
 - C-SCRM: true
@@ -24,4 +32,4 @@ Limit Number of Github Org Owners (ideally Fewer Than Three)
 - Sources: [OpenSSF SCM Best Practices](https://best.openssf.org/SCM-BestPractices/github/member/organization_has_too_many_admins.html)
 - Created at 2024-12-07T23:06:38.197Z
 - Updated at 2024-12-07T23:06:38.197Z
-
+<!-- DETAILS:END -->
diff --git a/docs/details/limitRepoAdmins.mdx b/docs/details/limitRepoAdmins.mdx
index ff85257..dffff7a 100644
--- a/docs/details/limitRepoAdmins.mdx
+++ b/docs/details/limitRepoAdmins.mdx
@@ -1,21 +1,29 @@
 ---
+<!-- METADATA:START -->
 sidebar_position: 69
 id: 70
 title: Limit GitHub Repo Admins to Fewer Than Three
 slug: /details/limitRepoAdmins
+<!-- METADATA:END -->
 ---
 
+<!-- TITLE:START -->
 # Limit GitHub Repo Admins to Fewer Than Three
+<!-- TITLE:END -->
 
 ## Use Case
+<!-- LEVELS:START -->
 - Incubating: recommended
 - Active: recommended
 - Retiring: recommended
+<!-- LEVELS:END -->
 
+<!-- DESCRIPTION:START -->
 ## Description
-
 Limit Number of Github Repository Admins (ideally Fewer Than Three)
+<!-- DESCRIPTION:END -->
 
+<!-- DETAILS:START -->
 ## Details
 - Implementation Status: pending
 - C-SCRM: true
@@ -24,4 +32,4 @@ Limit Number of Github Repository Admins (ideally Fewer Than Three)
 - Sources: [OpenSSF SCM Best Practices](https://best.openssf.org/SCM-BestPractices/github/repository/repository_has_too_many_admins.html)
 - Created at 2024-12-07T23:06:38.197Z
 - Updated at 2024-12-07T23:06:38.197Z
-
+<!-- DETAILS:END -->
diff --git a/docs/details/limitWorkflowWritePermissions.mdx b/docs/details/limitWorkflowWritePermissions.mdx
index e40377f..6f26575 100644
--- a/docs/details/limitWorkflowWritePermissions.mdx
+++ b/docs/details/limitWorkflowWritePermissions.mdx
@@ -1,21 +1,29 @@
 ---
+<!-- METADATA:START -->
 sidebar_position: 42
 id: 43
 title: Limit Workflow Write Permissions to Job-Level
 slug: /details/limitWorkflowWritePermissions
+<!-- METADATA:END -->
 ---
 
+<!-- TITLE:START -->
 # Limit Workflow Write Permissions to Job-Level
+<!-- TITLE:END -->
 
 ## Use Case
+<!-- LEVELS:START -->
 - Incubating: expected
 - Active: expected
 - Retiring: expected
+<!-- LEVELS:END -->
 
+<!-- DESCRIPTION:START -->
 ## Description
-
 Only Allow Workflows Write Permissions at the Job-Level
+<!-- DESCRIPTION:END -->
 
+<!-- DETAILS:START -->
 ## Details
 - Implementation Status: pending
 - C-SCRM: true
@@ -25,4 +33,4 @@ Only Allow Workflows Write Permissions at the Job-Level
 - How To: [Github Docs](https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#permissions)
 - Created at 2024-12-07T23:06:38.197Z
 - Updated at 2024-12-07T23:06:38.197Z
-
+<!-- DETAILS:END -->
diff --git a/docs/details/machineReadableDependencies.mdx b/docs/details/machineReadableDependencies.mdx
index 74ade2b..1e1377d 100644
--- a/docs/details/machineReadableDependencies.mdx
+++ b/docs/details/machineReadableDependencies.mdx
@@ -1,21 +1,29 @@
 ---
+<!-- METADATA:START -->
 sidebar_position: 50
 id: 51
 title: Provide Machine-Readable Dependency Lists
 slug: /details/machineReadableDependencies
+<!-- METADATA:END -->
 ---
 
+<!-- TITLE:START -->
 # Provide Machine-Readable Dependency Lists
+<!-- TITLE:END -->
 
 ## Use Case
+<!-- LEVELS:START -->
 - Incubating: expected
 - Active: expected
 - Retiring: expected
+<!-- LEVELS:END -->
 
+<!-- DESCRIPTION:START -->
 ## Description
-
 [Freestanding Applications Only] A Machine Readable List of all Direct and Transitive Dependencies is Available for the Software
+<!-- DESCRIPTION:END -->
 
+<!-- DETAILS:START -->
 ## Details
 - Implementation Status: pending
 - C-SCRM: true
@@ -24,4 +32,4 @@ slug: /details/machineReadableDependencies
 - How To: [Github Docs](https://docs.github.com/en/code-security/supply-chain-security/understanding-your-software-supply-chain/about-supply-chain-security#what-is-the-dependency-graph)
 - Created at 2024-12-07T23:06:38.197Z
 - Updated at 2024-12-07T23:06:38.197Z
-
+<!-- DETAILS:END -->
diff --git a/docs/details/noArbitraryCodeInPipeline.mdx b/docs/details/noArbitraryCodeInPipeline.mdx
index 01de762..7769d76 100644
--- a/docs/details/noArbitraryCodeInPipeline.mdx
+++ b/docs/details/noArbitraryCodeInPipeline.mdx
@@ -1,21 +1,29 @@
 ---
+<!-- METADATA:START -->
 sidebar_position: 41
 id: 42
 title: Restrict Build Pipeline Code Execution to Build Scripts
 slug: /details/noArbitraryCodeInPipeline
+<!-- METADATA:END -->
 ---
 
+<!-- TITLE:START -->
 # Restrict Build Pipeline Code Execution to Build Scripts
+<!-- TITLE:END -->
 
 ## Use Case
+<!-- LEVELS:START -->
 - Incubating: expected
 - Active: expected
 - Retiring: n/a
+<!-- LEVELS:END -->
 
+<!-- DESCRIPTION:START -->
 ## Description
-
 Build Pipeline Cannot Execute Arbitrary Code from Outside of a Build Script
+<!-- DESCRIPTION:END -->
 
+<!-- DETAILS:START -->
 ## Details
 - Implementation Status: pending
 - C-SCRM: true
@@ -24,4 +32,4 @@ Build Pipeline Cannot Execute Arbitrary Code from Outside of a Build Script
 - Sources: [OpenSSF Scorecard](https://github.com/ossf/scorecard/blob/main/docs/checks.md#dangerous-workflow)
 - Created at 2024-12-07T23:06:38.197Z
 - Updated at 2024-12-07T23:06:38.197Z
-
+<!-- DETAILS:END -->
diff --git a/docs/details/noForcePushDefaultBranch.mdx b/docs/details/noForcePushDefaultBranch.mdx
index 53ba4d9..d3c3e50 100644
--- a/docs/details/noForcePushDefaultBranch.mdx
+++ b/docs/details/noForcePushDefaultBranch.mdx
@@ -1,21 +1,29 @@
 ---
+<!-- METADATA:START -->
 sidebar_position: 35
 id: 36
 title: Disable Force Push on Default Branch
 slug: /details/noForcePushDefaultBranch
+<!-- METADATA:END -->
 ---
 
+<!-- TITLE:START -->
 # Disable Force Push on Default Branch
+<!-- TITLE:END -->
 
 ## Use Case
+<!-- LEVELS:START -->
 - Incubating: expected
 - Active: expected
 - Retiring: expected
+<!-- LEVELS:END -->
 
+<!-- DESCRIPTION:START -->
 ## Description
-
 Prevent Force Push on Default Branch
+<!-- DESCRIPTION:END -->
 
+<!-- DETAILS:START -->
 ## Details
 - Implementation Status: pending
 - C-SCRM: true
@@ -24,4 +32,4 @@ Prevent Force Push on Default Branch
 - How To: [Github Docs](https://docs.github.com/en/repositories/configuring-branches-and-merges-in-your-repository/managing-protected-branches/about-protected-branches)
 - Created at 2024-12-07T23:06:38.197Z
 - Updated at 2024-12-07T23:06:38.197Z
-
+<!-- DETAILS:END -->
diff --git a/docs/details/noSelfHostedRunners.mdx b/docs/details/noSelfHostedRunners.mdx
index 3671f34..5f8c33f 100644
--- a/docs/details/noSelfHostedRunners.mdx
+++ b/docs/details/noSelfHostedRunners.mdx
@@ -1,21 +1,29 @@
 ---
+<!-- METADATA:START -->
 sidebar_position: 40
 id: 41
 title: Disable Self-Hosted Runners in GitHub Org
 slug: /details/noSelfHostedRunners
+<!-- METADATA:END -->
 ---
 
+<!-- TITLE:START -->
 # Disable Self-Hosted Runners in GitHub Org
+<!-- TITLE:END -->
 
 ## Use Case
+<!-- LEVELS:START -->
 - Incubating: expected
 - Active: expected
 - Retiring: expected
+<!-- LEVELS:END -->
 
+<!-- DESCRIPTION:START -->
 ## Description
-
 Disable use of Self-Hosted Runners in Github Org
+<!-- DESCRIPTION:END -->
 
+<!-- DETAILS:START -->
 ## Details
 - Implementation Status: pending
 - C-SCRM: true
@@ -25,4 +33,4 @@ Disable use of Self-Hosted Runners in Github Org
 - How To: [Github Docs](https://docs.github.com/en/organizations/managing-organization-settings/disabling-or-limiting-github-actions-for-your-organization#limiting-the-use-of-self-hosted-runners)
 - Created at 2024-12-07T23:06:38.197Z
 - Updated at 2024-12-07T23:06:38.197Z
-
+<!-- DETAILS:END -->
diff --git a/docs/details/noSensitiveInfoInRepositories.mdx b/docs/details/noSensitiveInfoInRepositories.mdx
index 1e3ff3d..20f47be 100644
--- a/docs/details/noSensitiveInfoInRepositories.mdx
+++ b/docs/details/noSensitiveInfoInRepositories.mdx
@@ -1,21 +1,29 @@
 ---
+<!-- METADATA:START -->
 sidebar_position: 6
 id: 7
 title: Check sensitive information
 slug: /details/noSensitiveInfoInRepositories
+<!-- METADATA:END -->
 ---
 
+<!-- TITLE:START -->
 # Check sensitive information
+<!-- TITLE:END -->
 
 ## Use Case
+<!-- LEVELS:START -->
 - Incubating: expected
 - Active: expected
 - Retiring: expected
+<!-- LEVELS:END -->
 
+<!-- DESCRIPTION:START -->
 ## Description
-
 No Secrets and Credentials in Source Code
+<!-- DESCRIPTION:END -->
 
+<!-- DETAILS:START -->
 ## Details
 - Implementation Status: pending
 - C-SCRM: true
@@ -25,4 +33,4 @@ No Secrets and Credentials in Source Code
 - How To: [Github Docs](https://docs.github.com/en/code-security/secret-scanning/about-secret-scanning)
 - Created at 2024-12-07T23:06:38.197Z
 - Updated at 2024-12-07T23:06:38.197Z
-
+<!-- DETAILS:END -->
diff --git a/docs/details/npmOrgMFA.mdx b/docs/details/npmOrgMFA.mdx
index 64b8981..2bbb148 100644
--- a/docs/details/npmOrgMFA.mdx
+++ b/docs/details/npmOrgMFA.mdx
@@ -1,21 +1,29 @@
 ---
+<!-- METADATA:START -->
 sidebar_position: 3
 id: 4
 title: Enforce MFA in npm Organization(s)
 slug: /details/npmOrgMFA
+<!-- METADATA:END -->
 ---
 
+<!-- TITLE:START -->
 # Enforce MFA in npm Organization(s)
+<!-- TITLE:END -->
 
 ## Use Case
+<!-- LEVELS:START -->
 - Incubating: expected
 - Active: expected
 - Retiring: expected
+<!-- LEVELS:END -->
 
+<!-- DESCRIPTION:START -->
 ## Description
-
 Multi Factor Authentication (MFA) Enforced Across the npm Organization
+<!-- DESCRIPTION:END -->
 
+<!-- DETAILS:START -->
 ## Details
 - Implementation Status: pending
 - C-SCRM: true
@@ -25,4 +33,4 @@ Multi Factor Authentication (MFA) Enforced Across the npm Organization
 - How To: [npm Docs](https://docs.npmjs.com/requiring-two-factor-authentication-in-your-organization)
 - Created at 2024-12-07T23:06:38.197Z
 - Updated at 2024-12-07T23:06:38.197Z
-
+<!-- DETAILS:END -->
diff --git a/docs/details/npmPublicationMFA.mdx b/docs/details/npmPublicationMFA.mdx
index 00e93a0..018261b 100644
--- a/docs/details/npmPublicationMFA.mdx
+++ b/docs/details/npmPublicationMFA.mdx
@@ -1,21 +1,29 @@
 ---
+<!-- METADATA:START -->
 sidebar_position: 11
 id: 12
 title: Publish to npm Using MFA-Enabled Accounts
 slug: /details/npmPublicationMFA
+<!-- METADATA:END -->
 ---
 
+<!-- TITLE:START -->
 # Publish to npm Using MFA-Enabled Accounts
+<!-- TITLE:END -->
 
 ## Use Case
+<!-- LEVELS:START -->
 - Incubating: expected
 - Active: expected
 - Retiring: expected
+<!-- LEVELS:END -->
 
+<!-- DESCRIPTION:START -->
 ## Description
-
 Publish to npm using an MFA-enabled account rather than single factor legacy or granular access tokens
+<!-- DESCRIPTION:END -->
 
+<!-- DETAILS:START -->
 ## Details
 - Implementation Status: pending
 - C-SCRM: true
@@ -24,4 +32,4 @@ Publish to npm using an MFA-enabled account rather than single factor legacy or
 - Sources: [npm Docs](https://docs.npmjs.com/creating-and-viewing-access-tokens)
 - Created at 2024-12-07T23:06:38.197Z
 - Updated at 2024-12-07T23:06:38.197Z
-
+<!-- DETAILS:END -->
diff --git a/docs/details/orgToolingMFA.mdx b/docs/details/orgToolingMFA.mdx
index af31709..587dfff 100644
--- a/docs/details/orgToolingMFA.mdx
+++ b/docs/details/orgToolingMFA.mdx
@@ -1,21 +1,29 @@
 ---
+<!-- METADATA:START -->
 sidebar_position: 4
 id: 5
 title: Enforce MFA in all the tools
 slug: /details/orgToolingMFA
+<!-- METADATA:END -->
 ---
 
+<!-- TITLE:START -->
 # Enforce MFA in all the tools
+<!-- TITLE:END -->
 
 ## Use Case
+<!-- LEVELS:START -->
 - Incubating: expected
 - Active: expected
 - Retiring: expected
+<!-- LEVELS:END -->
 
+<!-- DESCRIPTION:START -->
 ## Description
-
 Multi Factor Authentication (MFA) Enforced in All Tools Wherever Techncially Feasible
+<!-- DESCRIPTION:END -->
 
+<!-- DETAILS:START -->
 ## Details
 - Implementation Status: pending
 - C-SCRM: false
@@ -24,4 +32,4 @@ Multi Factor Authentication (MFA) Enforced in All Tools Wherever Techncially Fea
 - Sources: [CNCF CNSWP v1.0](https://github.com/cncf/tag-security/blob/main/security-whitepaper/v2/cloud-native-security-whitepaper.md)
 - Created at 2024-12-07T23:06:38.197Z
 - Updated at 2024-12-07T23:06:38.197Z
-
+<!-- DETAILS:END -->
diff --git a/docs/details/owaspTop10Training.mdx b/docs/details/owaspTop10Training.mdx
index 2a93fae..c42a532 100644
--- a/docs/details/owaspTop10Training.mdx
+++ b/docs/details/owaspTop10Training.mdx
@@ -1,21 +1,29 @@
 ---
+<!-- METADATA:START -->
 sidebar_position: 2
 id: 2
 title: Training on OWASP Top 10 or Equivalent
 slug: /details/owaspTop10Training
+<!-- METADATA:END -->
 ---
 
+<!-- TITLE:START -->
 # Training on OWASP Top 10 or Equivalent
+<!-- TITLE:END -->
 
 ## Use Case
+<!-- LEVELS:START -->
 - Incubating: expected
 - Active: expected
 - Retiring: expected
+<!-- LEVELS:END -->
 
+<!-- DESCRIPTION:START -->
 ## Description
-
 At least One Primary Maintainer has taken TBD Training on OWASP Top 10 or Equivalent
+<!-- DESCRIPTION:END -->
 
+<!-- DETAILS:START -->
 ## Details
 - Implementation Status: pending
 - C-SCRM: false
@@ -24,4 +32,4 @@ At least One Primary Maintainer has taken TBD Training on OWASP Top 10 or Equiva
 - Sources: [OpenSSF Best Practices Badge Passing Level [know_common_errors]](https://www.bestpractices.dev/en/criteria?details=true&rationale=true#0.know_common_errors)
 - Created at 2024-12-07T23:06:38.197Z
 - Updated at 2024-12-07T23:06:38.197Z
-
+<!-- DETAILS:END -->
diff --git a/docs/details/patchCriticalVulns30Days.mdx b/docs/details/patchCriticalVulns30Days.mdx
index 7ed73ed..70ce2d4 100644
--- a/docs/details/patchCriticalVulns30Days.mdx
+++ b/docs/details/patchCriticalVulns30Days.mdx
@@ -1,21 +1,29 @@
 ---
+<!-- METADATA:START -->
 sidebar_position: 19
 id: 20
 title: Patch Actively Exploited Critical Vulnerabilities within 30 Days
 slug: /details/patchCriticalVulns30Days
+<!-- METADATA:END -->
 ---
 
+<!-- TITLE:START -->
 # Patch Actively Exploited Critical Vulnerabilities within 30 Days
+<!-- TITLE:END -->
 
 ## Use Case
+<!-- LEVELS:START -->
 - Incubating: expected
 - Active: expected
 - Retiring: n/a
+<!-- LEVELS:END -->
 
+<!-- DESCRIPTION:START -->
 ## Description
-
 Actively Exploited Critical Vulnerabilities Patched within 30 Days
+<!-- DESCRIPTION:END -->
 
+<!-- DETAILS:START -->
 ## Details
 - Implementation Status: pending
 - C-SCRM: false
@@ -23,4 +31,4 @@ Actively Exploited Critical Vulnerabilities Patched within 30 Days
 - Sources: [OpenSSF Best Practices Badge Passing Level [vulnerabilities_critical_fixed]](https://www.bestpractices.dev/en/criteria#0.vulnerabilities_critical_fixed)
 - Created at 2024-12-07T23:06:38.197Z
 - Updated at 2024-12-07T23:06:38.197Z
-
+<!-- DETAILS:END -->
diff --git a/docs/details/patchExploitableHighVulns14Days.mdx b/docs/details/patchExploitableHighVulns14Days.mdx
index b070762..a1397d5 100644
--- a/docs/details/patchExploitableHighVulns14Days.mdx
+++ b/docs/details/patchExploitableHighVulns14Days.mdx
@@ -1,21 +1,29 @@
 ---
+<!-- METADATA:START -->
 sidebar_position: 70
 id: 71
 title: Patch Critical/High Vulnerabilities in 14 Days
 slug: /details/patchExploitableHighVulns14Days
+<!-- METADATA:END -->
 ---
 
+<!-- TITLE:START -->
 # Patch Critical/High Vulnerabilities in 14 Days
+<!-- TITLE:END -->
 
 ## Use Case
+<!-- LEVELS:START -->
 - Incubating: recommended
 - Active: recommended
 - Retiring: n/a
+<!-- LEVELS:END -->
 
+<!-- DESCRIPTION:START -->
 ## Description
-
 Actively Exploited Critical and High Vulnerabilities Patched within 14 Days
+<!-- DESCRIPTION:END -->
 
+<!-- DETAILS:START -->
 ## Details
 - Implementation Status: pending
 - C-SCRM: false
@@ -23,4 +31,4 @@ Actively Exploited Critical and High Vulnerabilities Patched within 14 Days
 - Sources: [OpenSSF Best Practices Badge Passing Level [vulnerabilities_critical_fixed]](https://www.bestpractices.dev/en/criteria#0.vulnerabilities_critical_fixed)
 - Created at 2024-12-07T23:06:38.197Z
 - Updated at 2024-12-07T23:06:38.197Z
-
+<!-- DETAILS:END -->
diff --git a/docs/details/patchExploitableNoncCriticalVulns60Days.mdx b/docs/details/patchExploitableNoncCriticalVulns60Days.mdx
index 953f3fa..c0bd703 100644
--- a/docs/details/patchExploitableNoncCriticalVulns60Days.mdx
+++ b/docs/details/patchExploitableNoncCriticalVulns60Days.mdx
@@ -1,21 +1,29 @@
 ---
+<!-- METADATA:START -->
 sidebar_position: 71
 id: 72
 title: Patch Non-Critical Vulnerabilities in 60 Days
 slug: /details/patchExploitableNoncCriticalVulns60Days
+<!-- METADATA:END -->
 ---
 
+<!-- TITLE:START -->
 # Patch Non-Critical Vulnerabilities in 60 Days
+<!-- TITLE:END -->
 
 ## Use Case
+<!-- LEVELS:START -->
 - Incubating: recommended
 - Active: recommended
 - Retiring: n/a
+<!-- LEVELS:END -->
 
+<!-- DESCRIPTION:START -->
 ## Description
-
 Non-Critical Expoitable Vulnerabilities Patched within 60 Days
+<!-- DESCRIPTION:END -->
 
+<!-- DETAILS:START -->
 ## Details
 - Implementation Status: pending
 - C-SCRM: false
@@ -23,4 +31,4 @@ Non-Critical Expoitable Vulnerabilities Patched within 60 Days
 - Sources: [OpenSSF Best Practices Badge Silver Level [vulnerabilities_fixed_60_days]](https://www.bestpractices.dev/en/criteria#0.vulnerabilities_fixed_60_days)
 - Created at 2024-12-07T23:06:38.197Z
 - Updated at 2024-12-07T23:06:38.197Z
-
+<!-- DETAILS:END -->
diff --git a/docs/details/patchNonCriticalVulns90Days.mdx b/docs/details/patchNonCriticalVulns90Days.mdx
index f2c108f..b567e55 100644
--- a/docs/details/patchNonCriticalVulns90Days.mdx
+++ b/docs/details/patchNonCriticalVulns90Days.mdx
@@ -1,21 +1,29 @@
 ---
+<!-- METADATA:START -->
 sidebar_position: 20
 id: 21
 title: Patch Non-Critical Vulnerabilities within 90 Days
 slug: /details/patchNonCriticalVulns90Days
+<!-- METADATA:END -->
 ---
 
+<!-- TITLE:START -->
 # Patch Non-Critical Vulnerabilities within 90 Days
+<!-- TITLE:END -->
 
 ## Use Case
+<!-- LEVELS:START -->
 - Incubating: expected
 - Active: expected
 - Retiring: n/a
+<!-- LEVELS:END -->
 
+<!-- DESCRIPTION:START -->
 ## Description
-
 Non-Critical Exploitable Vulnerabilities Patched within 90 Days
+<!-- DESCRIPTION:END -->
 
+<!-- DETAILS:START -->
 ## Details
 - Implementation Status: pending
 - C-SCRM: false
@@ -23,4 +31,4 @@ Non-Critical Exploitable Vulnerabilities Patched within 90 Days
 - Sources: [Google Project Zero Vulnerability Disclosure Policy](https://googleprojectzero.blogspot.com/p/vulnerability-disclosure-policy.html)
 - Created at 2024-12-07T23:06:38.197Z
 - Updated at 2024-12-07T23:06:38.197Z
-
+<!-- DETAILS:END -->
diff --git a/docs/details/pinActionsToSHA.mdx b/docs/details/pinActionsToSHA.mdx
index bc99515..4818e42 100644
--- a/docs/details/pinActionsToSHA.mdx
+++ b/docs/details/pinActionsToSHA.mdx
@@ -1,21 +1,29 @@
 ---
+<!-- METADATA:START -->
 sidebar_position: 48
 id: 49
 title: Pin Actions with Secrets to Full-Length Commit SHAs
 slug: /details/pinActionsToSHA
+<!-- METADATA:END -->
 ---
 
+<!-- TITLE:START -->
 # Pin Actions with Secrets to Full-Length Commit SHAs
+<!-- TITLE:END -->
 
 ## Use Case
+<!-- LEVELS:START -->
 - Incubating: deferrable
 - Active: expected
 - Retiring: n/a
+<!-- LEVELS:END -->
 
+<!-- DESCRIPTION:START -->
 ## Description
-
 Pin Actions with Access to Secrets to a Full Length Commit SHA
+<!-- DESCRIPTION:END -->
 
+<!-- DETAILS:START -->
 ## Details
 - Implementation Status: pending
 - C-SCRM: true
@@ -24,4 +32,4 @@ Pin Actions with Access to Secrets to a Full Length Commit SHA
 - Sources: [Github Docs](https://securitylab.github.com/research/github-actions-building-blocks/)
 - Created at 2024-12-07T23:06:38.197Z
 - Updated at 2024-12-07T23:06:38.197Z
-
+<!-- DETAILS:END -->
diff --git a/docs/details/preventBranchProtectionBypass.mdx b/docs/details/preventBranchProtectionBypass.mdx
index 72722bf..39f6b67 100644
--- a/docs/details/preventBranchProtectionBypass.mdx
+++ b/docs/details/preventBranchProtectionBypass.mdx
@@ -1,21 +1,29 @@
 ---
+<!-- METADATA:START -->
 sidebar_position: 15
 id: 16
 title: Prevent Admins from Bypassing Branch Protection
 slug: /details/preventBranchProtectionBypass
+<!-- METADATA:END -->
 ---
 
+<!-- TITLE:START -->
 # Prevent Admins from Bypassing Branch Protection
+<!-- TITLE:END -->
 
 ## Use Case
+<!-- LEVELS:START -->
 - Incubating: expected
 - Active: expected
 - Retiring: expected
+<!-- LEVELS:END -->
 
+<!-- DESCRIPTION:START -->
 ## Description
-
 [For Projects with Two or more Admins] Do not allow Admins to Bypass Branch Protection Settings
+<!-- DESCRIPTION:END -->
 
+<!-- DETAILS:START -->
 ## Details
 - Implementation Status: pending
 - C-SCRM: true
@@ -25,4 +33,4 @@ slug: /details/preventBranchProtectionBypass
 - How To: [Github Docs](https://docs.github.com/en/repositories/configuring-branches-and-merges-in-your-repository/managing-protected-branches/about-protected-branches#do-not-allow-bypassing-the-above-settings)
 - Created at 2024-12-07T23:06:38.197Z
 - Updated at 2024-12-07T23:06:38.197Z
-
+<!-- DETAILS:END -->
diff --git a/docs/details/preventDeletionDefaultBranch.mdx b/docs/details/preventDeletionDefaultBranch.mdx
index 685000f..fc46a07 100644
--- a/docs/details/preventDeletionDefaultBranch.mdx
+++ b/docs/details/preventDeletionDefaultBranch.mdx
@@ -1,21 +1,29 @@
 ---
+<!-- METADATA:START -->
 sidebar_position: 36
 id: 37
 title: Prevent Deletion of Default Branch
 slug: /details/preventDeletionDefaultBranch
+<!-- METADATA:END -->
 ---
 
+<!-- TITLE:START -->
 # Prevent Deletion of Default Branch
+<!-- TITLE:END -->
 
 ## Use Case
+<!-- LEVELS:START -->
 - Incubating: expected
 - Active: expected
 - Retiring: expected
+<!-- LEVELS:END -->
 
+<!-- DESCRIPTION:START -->
 ## Description
-
 Prevent Default Branch Deletion
+<!-- DESCRIPTION:END -->
 
+<!-- DETAILS:START -->
 ## Details
 - Implementation Status: pending
 - C-SCRM: true
@@ -25,4 +33,4 @@ Prevent Default Branch Deletion
 - How To: [Github Docs](https://docs.github.com/en/repositories/configuring-branches-and-merges-in-your-repository/managing-protected-branches/about-protected-branches)
 - Created at 2024-12-07T23:06:38.197Z
 - Updated at 2024-12-07T23:06:38.197Z
-
+<!-- DETAILS:END -->
diff --git a/docs/details/preventLandingSensitiveCommits.mdx b/docs/details/preventLandingSensitiveCommits.mdx
index 49b45af..e29d74b 100644
--- a/docs/details/preventLandingSensitiveCommits.mdx
+++ b/docs/details/preventLandingSensitiveCommits.mdx
@@ -1,21 +1,29 @@
 ---
+<!-- METADATA:START -->
 sidebar_position: 9
 id: 10
 title: Block New Commits with Secrets or Credentials
 slug: /details/preventLandingSensitiveCommits
+<!-- METADATA:END -->
 ---
 
+<!-- TITLE:START -->
 # Block New Commits with Secrets or Credentials
+<!-- TITLE:END -->
 
 ## Use Case
+<!-- LEVELS:START -->
 - Incubating: expected
 - Active: expected
 - Retiring: n/a
+<!-- LEVELS:END -->
 
+<!-- DESCRIPTION:START -->
 ## Description
-
 New Commits Containing Secrets or Credentials are Blocked from Merging
+<!-- DESCRIPTION:END -->
 
+<!-- DETAILS:START -->
 ## Details
 - Implementation Status: pending
 - C-SCRM: true
@@ -25,4 +33,4 @@ New Commits Containing Secrets or Credentials are Blocked from Merging
 - How To: [Github Docs](https://docs.github.com/en/code-security/secret-scanning/about-secret-scanning)
 - Created at 2024-12-07T23:06:38.197Z
 - Updated at 2024-12-07T23:06:38.197Z
-
+<!-- DETAILS:END -->
diff --git a/docs/details/preventScriptInjection.mdx b/docs/details/preventScriptInjection.mdx
index 1d16b6f..adccf0e 100644
--- a/docs/details/preventScriptInjection.mdx
+++ b/docs/details/preventScriptInjection.mdx
@@ -1,21 +1,29 @@
 ---
+<!-- METADATA:START -->
 sidebar_position: 43
 id: 44
 title: Avoid Script Injection from Untrusted Variables
 slug: /details/preventScriptInjection
+<!-- METADATA:END -->
 ---
 
+<!-- TITLE:START -->
 # Avoid Script Injection from Untrusted Variables
+<!-- TITLE:END -->
 
 ## Use Case
+<!-- LEVELS:START -->
 - Incubating: expected
 - Active: expected
 - Retiring: n/a
+<!-- LEVELS:END -->
 
+<!-- DESCRIPTION:START -->
 ## Description
-
 Avoid Script Injection from Untrusted Context Variables
+<!-- DESCRIPTION:END -->
 
+<!-- DETAILS:START -->
 ## Details
 - Implementation Status: pending
 - C-SCRM: true
@@ -25,4 +33,4 @@ Avoid Script Injection from Untrusted Context Variables
 - How To: [Github Docs](https://securitylab.github.com/research/github-actions-untrusted-input/)
 - Created at 2024-12-07T23:06:38.197Z
 - Updated at 2024-12-07T23:06:38.197Z
-
+<!-- DETAILS:END -->
diff --git a/docs/details/regressionTestsForVulns.mdx b/docs/details/regressionTestsForVulns.mdx
index b2901d7..db04ef3 100644
--- a/docs/details/regressionTestsForVulns.mdx
+++ b/docs/details/regressionTestsForVulns.mdx
@@ -1,21 +1,29 @@
 ---
+<!-- METADATA:START -->
 sidebar_position: 32
 id: 33
 title: Create Regression Tests for Bugs and Security Vulnerabilities
 slug: /details/regressionTestsForVulns
+<!-- METADATA:END -->
 ---
 
+<!-- TITLE:START -->
 # Create Regression Tests for Bugs and Security Vulnerabilities
+<!-- TITLE:END -->
 
 ## Use Case
+<!-- LEVELS:START -->
 - Incubating: deferrable
 - Active: expected
 - Retiring: n/a
+<!-- LEVELS:END -->
 
+<!-- DESCRIPTION:START -->
 ## Description
-
 Regression Tests for => 50% of Bugs and 100% of Security Vulns
+<!-- DESCRIPTION:END -->
 
+<!-- DETAILS:START -->
 ## Details
 - Implementation Status: pending
 - C-SCRM: false
@@ -23,4 +31,4 @@ Regression Tests for => 50% of Bugs and 100% of Security Vulns
 - Sources: [OpenSSF Best Practices Badge Silver Level [regression_tests_added50]](https://www.bestpractices.dev/en/criteria?details=true&rationale=true#1.regression_tests_added50)
 - Created at 2024-12-07T23:06:38.197Z
 - Updated at 2024-12-07T23:06:38.197Z
-
+<!-- DETAILS:END -->
diff --git a/docs/details/requireCodeOwnersReviewForLargeTeams.mdx b/docs/details/requireCodeOwnersReviewForLargeTeams.mdx
index 2adf613..5fa7b53 100644
--- a/docs/details/requireCodeOwnersReviewForLargeTeams.mdx
+++ b/docs/details/requireCodeOwnersReviewForLargeTeams.mdx
@@ -1,21 +1,29 @@
 ---
+<!-- METADATA:START -->
 sidebar_position: 66
 id: 67
 title: Require Code Owners Review (Four+ Maintainers)
 slug: /details/requireCodeOwnersReviewForLargeTeams
+<!-- METADATA:END -->
 ---
 
+<!-- TITLE:START -->
 # Require Code Owners Review (Four+ Maintainers)
+<!-- TITLE:END -->
 
 ## Use Case
+<!-- LEVELS:START -->
 - Incubating: recommended
 - Active: recommended
 - Retiring: n/a
+<!-- LEVELS:END -->
 
+<!-- DESCRIPTION:START -->
 ## Description
-
 [For Projects with Four or more Maintainers] Require Code Owners Review
+<!-- DESCRIPTION:END -->
 
+<!-- DETAILS:START -->
 ## Details
 - Implementation Status: pending
 - C-SCRM: true
@@ -25,4 +33,4 @@ slug: /details/requireCodeOwnersReviewForLargeTeams
 - How To: [Github Docs](https://docs.github.com/en/code-security/secret-scanning/about-secret-scanning)
 - Created at 2024-12-07T23:06:38.197Z
 - Updated at 2024-12-07T23:06:38.197Z
-
+<!-- DETAILS:END -->
diff --git a/docs/details/requirePRApprovalForMainline.mdx b/docs/details/requirePRApprovalForMainline.mdx
index 5aba532..6bf3961 100644
--- a/docs/details/requirePRApprovalForMainline.mdx
+++ b/docs/details/requirePRApprovalForMainline.mdx
@@ -1,21 +1,29 @@
 ---
+<!-- METADATA:START -->
 sidebar_position: 67
 id: 68
 title: Require Approved PRs for Mainline Commits (Two+ Maintainers)
 slug: /details/requirePRApprovalForMainline
+<!-- METADATA:END -->
 ---
 
+<!-- TITLE:START -->
 # Require Approved PRs for Mainline Commits (Two+ Maintainers)
+<!-- TITLE:END -->
 
 ## Use Case
+<!-- LEVELS:START -->
 - Incubating: recommended
 - Active: recommended
 - Retiring: recommended
+<!-- LEVELS:END -->
 
+<!-- DESCRIPTION:START -->
 ## Description
-
 [For Projects with Two or more Maintainers] Require Approved PRs for all commits to mainline branches
+<!-- DESCRIPTION:END -->
 
+<!-- DETAILS:START -->
 ## Details
 - Implementation Status: pending
 - C-SCRM: true
@@ -25,4 +33,4 @@ slug: /details/requirePRApprovalForMainline
 - How To: [Github Docs](https://docs.github.com/en/repositories/configuring-branches-and-merges-in-your-repository/managing-protected-branches/about-protected-branches)
 - Created at 2024-12-07T23:06:38.197Z
 - Updated at 2024-12-07T23:06:38.197Z
-
+<!-- DETAILS:END -->
diff --git a/docs/details/requireSignedCommits.mdx b/docs/details/requireSignedCommits.mdx
index 2fc8552..39e993a 100644
--- a/docs/details/requireSignedCommits.mdx
+++ b/docs/details/requireSignedCommits.mdx
@@ -1,21 +1,29 @@
 ---
+<!-- METADATA:START -->
 sidebar_position: 63
 id: 64
 title: Require Signed Commits
 slug: /details/requireSignedCommits
+<!-- METADATA:END -->
 ---
 
+<!-- TITLE:START -->
 # Require Signed Commits
+<!-- TITLE:END -->
 
 ## Use Case
+<!-- LEVELS:START -->
 - Incubating: recommended
 - Active: recommended
 - Retiring: recommended
+<!-- LEVELS:END -->
 
+<!-- DESCRIPTION:START -->
 ## Description
-
 Require Signed Commits
+<!-- DESCRIPTION:END -->
 
+<!-- DETAILS:START -->
 ## Details
 - Implementation Status: pending
 - C-SCRM: true
@@ -24,4 +32,4 @@ Require Signed Commits
 - How To: [Github Docs](https://docs.github.com/en/repositories/configuring-branches-and-merges-in-your-repository/managing-protected-branches/about-protected-branches#require-signed-commits)
 - Created at 2024-12-07T23:06:38.197Z
 - Updated at 2024-12-07T23:06:38.197Z
-
+<!-- DETAILS:END -->
diff --git a/docs/details/requireTwoPartyReview.mdx b/docs/details/requireTwoPartyReview.mdx
index 1cf94ca..0929ebb 100644
--- a/docs/details/requireTwoPartyReview.mdx
+++ b/docs/details/requireTwoPartyReview.mdx
@@ -1,21 +1,29 @@
 ---
+<!-- METADATA:START -->
 sidebar_position: 65
 id: 66
 title: Require Two-Party Review (Two+ Maintainers)
 slug: /details/requireTwoPartyReview
+<!-- METADATA:END -->
 ---
 
+<!-- TITLE:START -->
 # Require Two-Party Review (Two+ Maintainers)
+<!-- TITLE:END -->
 
 ## Use Case
+<!-- LEVELS:START -->
 - Incubating: recommended
 - Active: recommended
 - Retiring: n/a
+<!-- LEVELS:END -->
 
+<!-- DESCRIPTION:START -->
 ## Description
-
 [For Projects with Two or more Maintainers] Require Two Party Review
+<!-- DESCRIPTION:END -->
 
+<!-- DETAILS:START -->
 ## Details
 - Implementation Status: pending
 - C-SCRM: true
@@ -25,4 +33,4 @@ slug: /details/requireTwoPartyReview
 - How To: [Github Docs](https://docs.github.com/en/repositories/configuring-branches-and-merges-in-your-repository/managing-protected-branches/about-protected-branches#require-pull-request-reviews-before-merging)
 - Created at 2024-12-07T23:06:38.197Z
 - Updated at 2024-12-07T23:06:38.197Z
-
+<!-- DETAILS:END -->
diff --git a/docs/details/resolveLinterWarnings.mdx b/docs/details/resolveLinterWarnings.mdx
index cef40ae..1227caf 100644
--- a/docs/details/resolveLinterWarnings.mdx
+++ b/docs/details/resolveLinterWarnings.mdx
@@ -1,21 +1,29 @@
 ---
+<!-- METADATA:START -->
 sidebar_position: 23
 id: 24
 title: Address Compiler/Linter Warnings Before Merging
 slug: /details/resolveLinterWarnings
+<!-- METADATA:END -->
 ---
 
+<!-- TITLE:START -->
 # Address Compiler/Linter Warnings Before Merging
+<!-- TITLE:END -->
 
 ## Use Case
+<!-- LEVELS:START -->
 - Incubating: expected
 - Active: expected
 - Retiring: n/a
+<!-- LEVELS:END -->
 
+<!-- DESCRIPTION:START -->
 ## Description
-
 Compilers/Linter Warnings Addressed in order to Merge
+<!-- DESCRIPTION:END -->
 
+<!-- DETAILS:START -->
 ## Details
 - Implementation Status: pending
 - C-SCRM: false
@@ -25,4 +33,4 @@ Compilers/Linter Warnings Addressed in order to Merge
 - How To: [ESLint Docs](https://eslint.org/docs/latest/use/getting-started#installation-and-usage)
 - Created at 2024-12-07T23:06:38.197Z
 - Updated at 2024-12-07T23:06:38.197Z
-
+<!-- DETAILS:END -->
diff --git a/docs/details/restrictOrgSecrets.mdx b/docs/details/restrictOrgSecrets.mdx
index 9bfed8e..8491709 100644
--- a/docs/details/restrictOrgSecrets.mdx
+++ b/docs/details/restrictOrgSecrets.mdx
@@ -1,21 +1,29 @@
 ---
+<!-- METADATA:START -->
 sidebar_position: 38
 id: 39
 title: Restrict GitHub Org Secrets to Specific Repositories
 slug: /details/restrictOrgSecrets
+<!-- METADATA:END -->
 ---
 
+<!-- TITLE:START -->
 # Restrict GitHub Org Secrets to Specific Repositories
+<!-- TITLE:END -->
 
 ## Use Case
+<!-- LEVELS:START -->
 - Incubating: expected
 - Active: expected
 - Retiring: n/a
+<!-- LEVELS:END -->
 
+<!-- DESCRIPTION:START -->
 ## Description
-
 GitHub Organization Secrets are Restricted to Selected Repositories
+<!-- DESCRIPTION:END -->
 
+<!-- DETAILS:START -->
 ## Details
 - Implementation Status: pending
 - C-SCRM: true
@@ -25,4 +33,4 @@ GitHub Organization Secrets are Restricted to Selected Repositories
 - How To: [Github Docs](https://docs.github.com/en/repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/managing-github-actions-settings-for-a-repository#managing-github-actions-permissions-for-your-repository)
 - Created at 2024-12-07T23:06:38.197Z
 - Updated at 2024-12-07T23:06:38.197Z
-
+<!-- DETAILS:END -->
diff --git a/docs/details/restrictedOrgPermissions.mdx b/docs/details/restrictedOrgPermissions.mdx
index f7be807..7edd421 100644
--- a/docs/details/restrictedOrgPermissions.mdx
+++ b/docs/details/restrictedOrgPermissions.mdx
@@ -1,21 +1,29 @@
 ---
+<!-- METADATA:START -->
 sidebar_position: 13
 id: 14
 title: Restrict Default GitHub Org Member Permissions
 slug: /details/restrictedOrgPermissions
+<!-- METADATA:END -->
 ---
 
+<!-- TITLE:START -->
 # Restrict Default GitHub Org Member Permissions
+<!-- TITLE:END -->
 
 ## Use Case
+<!-- LEVELS:START -->
 - Incubating: expected
 - Active: expected
 - Retiring: expected
+<!-- LEVELS:END -->
 
+<!-- DESCRIPTION:START -->
 ## Description
-
 Default Github Org Member Permissions Should Be Restricted
+<!-- DESCRIPTION:END -->
 
+<!-- DETAILS:START -->
 ## Details
 - Implementation Status: pending
 - C-SCRM: true
@@ -25,4 +33,4 @@ Default Github Org Member Permissions Should Be Restricted
 - How To: [Github Docs](https://docs.github.com/en/organizations/managing-user-access-to-your-organizations-repositories/managing-repository-roles/setting-base-permissions-for-an-organization)
 - Created at 2024-12-07T23:06:38.197Z
 - Updated at 2024-12-07T23:06:38.197Z
-
+<!-- DETAILS:END -->
diff --git a/docs/details/runnerSecurityScanner.mdx b/docs/details/runnerSecurityScanner.mdx
index 7d5e82f..be07ff7 100644
--- a/docs/details/runnerSecurityScanner.mdx
+++ b/docs/details/runnerSecurityScanner.mdx
@@ -1,21 +1,29 @@
 ---
+<!-- METADATA:START -->
 sidebar_position: 58
 id: 59
 title: Use GitHub Runner Security Scanners
 slug: /details/runnerSecurityScanner
+<!-- METADATA:END -->
 ---
 
+<!-- TITLE:START -->
 # Use GitHub Runner Security Scanners
+<!-- TITLE:END -->
 
 ## Use Case
+<!-- LEVELS:START -->
 - Incubating: recommended
 - Active: recommended
 - Retiring: recommended
+<!-- LEVELS:END -->
 
+<!-- DESCRIPTION:START -->
 ## Description
-
 Use a Github Runner Security Scanner
+<!-- DESCRIPTION:END -->
 
+<!-- DETAILS:START -->
 ## Details
 - Implementation Status: pending
 - C-SCRM: true
@@ -25,4 +33,4 @@ Use a Github Runner Security Scanner
 - How To: [Step Security harden-runner](https://github.com/step-security/harden-runner)
 - Created at 2024-12-07T23:06:38.197Z
 - Updated at 2024-12-07T23:06:38.197Z
-
+<!-- DETAILS:END -->
diff --git a/docs/details/scanCommitsForSensitiveInfo.mdx b/docs/details/scanCommitsForSensitiveInfo.mdx
index 4c87661..08de139 100644
--- a/docs/details/scanCommitsForSensitiveInfo.mdx
+++ b/docs/details/scanCommitsForSensitiveInfo.mdx
@@ -1,21 +1,29 @@
 ---
+<!-- METADATA:START -->
 sidebar_position: 8
 id: 9
 title: Ensure that all the commits are scanned
 slug: /details/scanCommitsForSensitiveInfo
+<!-- METADATA:END -->
 ---
 
+<!-- TITLE:START -->
 # Ensure that all the commits are scanned
+<!-- TITLE:END -->
 
 ## Use Case
+<!-- LEVELS:START -->
 - Incubating: expected
 - Active: expected
 - Retiring: n/a
+<!-- LEVELS:END -->
 
+<!-- DESCRIPTION:START -->
 ## Description
-
 All Commits are Scanned for Secrets and Credentials 
+<!-- DESCRIPTION:END -->
 
+<!-- DETAILS:START -->
 ## Details
 - Implementation Status: pending
 - C-SCRM: true
@@ -25,4 +33,4 @@ All Commits are Scanned for Secrets and Credentials
 - How To: [Github Docs](https://docs.github.com/en/code-security/secret-scanning/about-secret-scanning)
 - Created at 2024-12-07T23:06:38.197Z
 - Updated at 2024-12-07T23:06:38.197Z
-
+<!-- DETAILS:END -->
diff --git a/docs/details/securityMdMeetsOpenJSCVD.mdx b/docs/details/securityMdMeetsOpenJSCVD.mdx
index b7557f9..c6a9db3 100644
--- a/docs/details/securityMdMeetsOpenJSCVD.mdx
+++ b/docs/details/securityMdMeetsOpenJSCVD.mdx
@@ -1,21 +1,29 @@
 ---
+<!-- METADATA:START -->
 sidebar_position: 26
 id: 27
 title: Ensure Security.md Meets OpenJS CVD Guidelines
 slug: /details/securityMdMeetsOpenJSCVD
+<!-- METADATA:END -->
 ---
 
+<!-- TITLE:START -->
 # Ensure Security.md Meets OpenJS CVD Guidelines
+<!-- TITLE:END -->
 
 ## Use Case
+<!-- LEVELS:START -->
 - Incubating: expected
 - Active: expected
 - Retiring: expected
+<!-- LEVELS:END -->
 
+<!-- DESCRIPTION:START -->
 ## Description
-
 Security.md Meets OpenJS CVD Guidelines 
+<!-- DESCRIPTION:END -->
 
+<!-- DETAILS:START -->
 ## Details
 - Implementation Status: pending
 - C-SCRM: false
@@ -23,4 +31,4 @@ Security.md Meets OpenJS CVD Guidelines
 - Sources: [OpenSSF Scorecard](https://github.com/ossf/scorecard/blob/main/docs/checks.md#security-policy)
 - Created at 2024-12-07T23:06:38.197Z
 - Updated at 2024-12-07T23:06:38.197Z
-
+<!-- DETAILS:END -->
diff --git a/docs/details/softwareArchitectureDocs.mdx b/docs/details/softwareArchitectureDocs.mdx
index 3eda4d8..6371685 100644
--- a/docs/details/softwareArchitectureDocs.mdx
+++ b/docs/details/softwareArchitectureDocs.mdx
@@ -1,21 +1,29 @@
 ---
+<!-- METADATA:START -->
 sidebar_position: 46
 id: 47
 title: Document Software Architecture
 slug: /details/softwareArchitectureDocs
+<!-- METADATA:END -->
 ---
 
+<!-- TITLE:START -->
 # Document Software Architecture
+<!-- TITLE:END -->
 
 ## Use Case
+<!-- LEVELS:START -->
 - Incubating: deferrable
 - Active: expected
 - Retiring: n/a
+<!-- LEVELS:END -->
 
+<!-- DESCRIPTION:START -->
 ## Description
-
 [For Projects with Two or more Maintainers] Document Software Architecture
+<!-- DESCRIPTION:END -->
 
+<!-- DETAILS:START -->
 ## Details
 - Implementation Status: pending
 - C-SCRM: false
@@ -24,4 +32,4 @@ slug: /details/softwareArchitectureDocs
 - Sources: [OpenSSF Best Practices Badge Silver Level [documentation_architecture]](https://www.bestpractices.dev/en/criteria?details=true&rationale=true#1.documentation_architecture)
 - Created at 2024-12-07T23:06:38.197Z
 - Updated at 2024-12-07T23:06:38.197Z
-
+<!-- DETAILS:END -->
diff --git a/docs/details/softwareDesignTraining.mdx b/docs/details/softwareDesignTraining.mdx
index c6581dd..25d54fa 100644
--- a/docs/details/softwareDesignTraining.mdx
+++ b/docs/details/softwareDesignTraining.mdx
@@ -1,21 +1,29 @@
 ---
+<!-- METADATA:START -->
 sidebar_position: 1
 id: 1
 title: Training on Secure Software Design
 slug: /details/softwareDesignTraining
+<!-- METADATA:END -->
 ---
 
+<!-- TITLE:START -->
 # Training on Secure Software Design
+<!-- TITLE:END -->
 
 ## Use Case
+<!-- LEVELS:START -->
 - Incubating: expected
 - Active: expected
 - Retiring: expected
+<!-- LEVELS:END -->
 
+<!-- DESCRIPTION:START -->
 ## Description
-
 At least One Primary Maintainer has taken TBD Training on Secure Software Design
+<!-- DESCRIPTION:END -->
 
+<!-- DETAILS:START -->
 ## Details
 - Implementation Status: pending
 - C-SCRM: false
@@ -24,4 +32,4 @@ At least One Primary Maintainer has taken TBD Training on Secure Software Design
 - Sources: [OpenSSF Best Practices Badge Passing Level [know_secure_design]](https://www.bestpractices.dev/en/criteria?details=true&rationale=true#0.know_secure_design)
 - Created at 2024-12-07T23:06:38.197Z
 - Updated at 2024-12-07T23:06:38.197Z
-
+<!-- DETAILS:END -->
diff --git a/docs/details/staticAppSecTesting.mdx b/docs/details/staticAppSecTesting.mdx
index 8636785..cf98378 100644
--- a/docs/details/staticAppSecTesting.mdx
+++ b/docs/details/staticAppSecTesting.mdx
@@ -1,21 +1,29 @@
 ---
+<!-- METADATA:START -->
 sidebar_position: 24
 id: 25
 title: Use Static Application Security Testing for All Commits
 slug: /details/staticAppSecTesting
+<!-- METADATA:END -->
 ---
 
+<!-- TITLE:START -->
 # Use Static Application Security Testing for All Commits
+<!-- TITLE:END -->
 
 ## Use Case
+<!-- LEVELS:START -->
 - Incubating: expected
 - Active: expected
 - Retiring: n/a
+<!-- LEVELS:END -->
 
+<!-- DESCRIPTION:START -->
 ## Description
-
 All Commits are Scanned by a Static Application Security Testing Tool
+<!-- DESCRIPTION:END -->
 
+<!-- DETAILS:START -->
 ## Details
 - Implementation Status: pending
 - C-SCRM: false
@@ -25,4 +33,4 @@ All Commits are Scanned by a Static Application Security Testing Tool
 - How To: [CodeQL Docs](https://docs.github.com/en/code-security/code-scanning/introduction-to-code-scanning/about-code-scanning-with-codeql)
 - Created at 2024-12-07T23:06:38.197Z
 - Updated at 2024-12-07T23:06:38.197Z
-
+<!-- DETAILS:END -->
diff --git a/docs/details/staticCodeAnalysis.mdx b/docs/details/staticCodeAnalysis.mdx
index 45ac327..48d3b51 100644
--- a/docs/details/staticCodeAnalysis.mdx
+++ b/docs/details/staticCodeAnalysis.mdx
@@ -1,21 +1,29 @@
 ---
+<!-- METADATA:START -->
 sidebar_position: 22
 id: 23
 title: Use Automated Static Code Analysis Tools
 slug: /details/staticCodeAnalysis
+<!-- METADATA:END -->
 ---
 
+<!-- TITLE:START -->
 # Use Automated Static Code Analysis Tools
+<!-- TITLE:END -->
 
 ## Use Case
+<!-- LEVELS:START -->
 - Incubating: expected
 - Active: expected
 - Retiring: n/a
+<!-- LEVELS:END -->
 
+<!-- DESCRIPTION:START -->
 ## Description
-
 Use an Automated Static Code Analysis Tool (eg: ESLInt)
+<!-- DESCRIPTION:END -->
 
+<!-- DETAILS:START -->
 ## Details
 - Implementation Status: pending
 - C-SCRM: false
@@ -25,4 +33,4 @@ Use an Automated Static Code Analysis Tool (eg: ESLInt)
 - How To: [ESLint Docs](https://eslint.org/docs/latest/use/getting-started#installation-and-usage)
 - Created at 2024-12-07T23:06:38.197Z
 - Updated at 2024-12-07T23:06:38.197Z
-
+<!-- DETAILS:END -->
diff --git a/docs/details/twoOrMoreOwnersForAccess.mdx b/docs/details/twoOrMoreOwnersForAccess.mdx
index 4741086..efca94e 100644
--- a/docs/details/twoOrMoreOwnersForAccess.mdx
+++ b/docs/details/twoOrMoreOwnersForAccess.mdx
@@ -1,21 +1,29 @@
 ---
+<!-- METADATA:START -->
 sidebar_position: 18
 id: 19
 title: Configure Two or more Owners for Access Continuity
 slug: /details/twoOrMoreOwnersForAccess
+<!-- METADATA:END -->
 ---
 
+<!-- TITLE:START -->
 # Configure Two or more Owners for Access Continuity
+<!-- TITLE:END -->
 
 ## Use Case
+<!-- LEVELS:START -->
 - Incubating: expected
 - Active: expected
 - Retiring: expected
+<!-- LEVELS:END -->
 
+<!-- DESCRIPTION:START -->
 ## Description
-
 [For Projects with Two or more Owners] Have at least Two Owners Configured for Access Continuity
+<!-- DESCRIPTION:END -->
 
+<!-- DETAILS:START -->
 ## Details
 - Implementation Status: pending
 - C-SCRM: true
@@ -25,4 +33,4 @@ slug: /details/twoOrMoreOwnersForAccess
 - How To: [Github Docs](https://docs.github.com/en/organizations/managing-peoples-access-to-your-organization-with-roles/maintaining-ownership-continuity-for-your-organization)
 - Created at 2024-12-07T23:06:38.197Z
 - Updated at 2024-12-07T23:06:38.197Z
-
+<!-- DETAILS:END -->
diff --git a/docs/details/upToDateDefaultBranchBeforeMerge.mdx b/docs/details/upToDateDefaultBranchBeforeMerge.mdx
index 3c1f50c..e38f707 100644
--- a/docs/details/upToDateDefaultBranchBeforeMerge.mdx
+++ b/docs/details/upToDateDefaultBranchBeforeMerge.mdx
@@ -1,21 +1,29 @@
 ---
+<!-- METADATA:START -->
 sidebar_position: 37
 id: 38
 title: Require Default Branch Updates Before Merging
 slug: /details/upToDateDefaultBranchBeforeMerge
+<!-- METADATA:END -->
 ---
 
+<!-- TITLE:START -->
 # Require Default Branch Updates Before Merging
+<!-- TITLE:END -->
 
 ## Use Case
+<!-- LEVELS:START -->
 - Incubating: expected
 - Active: expected
 - Retiring: expected
+<!-- LEVELS:END -->
 
+<!-- DESCRIPTION:START -->
 ## Description
-
 Default Branch must be Up to Date before Merging
+<!-- DESCRIPTION:END -->
 
+<!-- DETAILS:START -->
 ## Details
 - Implementation Status: pending
 - C-SCRM: true
@@ -24,4 +32,4 @@ Default Branch must be Up to Date before Merging
 - How To: [Github Docs](https://docs.github.com/en/repositories/configuring-branches-and-merges-in-your-repository/managing-protected-branches/about-protected-branches#require-status-checks-before-merging)
 - Created at 2024-12-07T23:06:38.197Z
 - Updated at 2024-12-07T23:06:38.197Z
-
+<!-- DETAILS:END -->
diff --git a/docs/details/upgradePathDocs.mdx b/docs/details/upgradePathDocs.mdx
index 740bf3c..4e92e20 100644
--- a/docs/details/upgradePathDocs.mdx
+++ b/docs/details/upgradePathDocs.mdx
@@ -1,21 +1,29 @@
 ---
+<!-- METADATA:START -->
 sidebar_position: 45
 id: 46
 title: Support Older Versions or Provide Upgrade Paths
 slug: /details/upgradePathDocs
+<!-- METADATA:END -->
 ---
 
+<!-- TITLE:START -->
 # Support Older Versions or Provide Upgrade Paths
+<!-- TITLE:END -->
 
 ## Use Case
+<!-- LEVELS:START -->
 - Incubating: expected
 - Active: expected
 - Retiring: n/a
+<!-- LEVELS:END -->
 
+<!-- DESCRIPTION:START -->
 ## Description
-
 Commonly Used Older Versions Supported or Upgrade Path Provided/Documented
+<!-- DESCRIPTION:END -->
 
+<!-- DETAILS:START -->
 ## Details
 - Implementation Status: pending
 - C-SCRM: true
@@ -23,4 +31,4 @@ Commonly Used Older Versions Supported or Upgrade Path Provided/Documented
 - Sources: [OpenSSF Best Practices Badge Silver Level [maintenance_or_update]](https://www.bestpractices.dev/en/criteria?details=true&rationale=true#1.maintenance_or_update)
 - Created at 2024-12-07T23:06:38.197Z
 - Updated at 2024-12-07T23:06:38.197Z
-
+<!-- DETAILS:END -->
diff --git a/docs/details/useCVDToolForVulns.mdx b/docs/details/useCVDToolForVulns.mdx
index 4239e70..11ce4c7 100644
--- a/docs/details/useCVDToolForVulns.mdx
+++ b/docs/details/useCVDToolForVulns.mdx
@@ -1,21 +1,29 @@
 ---
+<!-- METADATA:START -->
 sidebar_position: 27
 id: 28
 title: Use CVD Tools to Manage Vulnerability Reports
 slug: /details/useCVDToolForVulns
+<!-- METADATA:END -->
 ---
 
+<!-- TITLE:START -->
 # Use CVD Tools to Manage Vulnerability Reports
+<!-- TITLE:END -->
 
 ## Use Case
+<!-- LEVELS:START -->
 - Incubating: expected
 - Active: expected
 - Retiring: expected
+<!-- LEVELS:END -->
 
+<!-- DESCRIPTION:START -->
 ## Description
-
 Project Leverages a CVD Tool to Privately Receive/Manage External Vulnerability Reports (eg: H1/GH PVR)
+<!-- DESCRIPTION:END -->
 
+<!-- DETAILS:START -->
 ## Details
 - Implementation Status: pending
 - C-SCRM: false
@@ -24,4 +32,4 @@ Project Leverages a CVD Tool to Privately Receive/Manage External Vulnerability
 - How To: [Github Docs](https://docs.github.com/en/code-security/security-advisories/working-with-repository-security-advisories/configuring-private-vulnerability-reporting-for-an-organization)
 - Created at 2024-12-07T23:06:38.197Z
 - Updated at 2024-12-07T23:06:38.197Z
-
+<!-- DETAILS:END -->
diff --git a/docs/details/useHwKeyGithubAccess.mdx b/docs/details/useHwKeyGithubAccess.mdx
index 3cf799f..9440c07 100644
--- a/docs/details/useHwKeyGithubAccess.mdx
+++ b/docs/details/useHwKeyGithubAccess.mdx
@@ -1,21 +1,29 @@
 ---
+<!-- METADATA:START -->
 sidebar_position: 53
 id: 54
 title: Use AAL2/3 Passkeys for GitHub Access
 slug: /details/useHwKeyGithubAccess
+<!-- METADATA:END -->
 ---
 
+<!-- TITLE:START -->
 # Use AAL2/3 Passkeys for GitHub Access
+<!-- TITLE:END -->
 
 ## Use Case
+<!-- LEVELS:START -->
 - Incubating: recommended
 - Active: recommended
 - Retiring: recommended
+<!-- LEVELS:END -->
 
+<!-- DESCRIPTION:START -->
 ## Description
-
 {"url":"http://github.com/","description":"Github.com"}
+<!-- DESCRIPTION:END -->
 
+<!-- DETAILS:START -->
 ## Details
 - Implementation Status: pending
 - C-SCRM: true
@@ -25,4 +33,4 @@ slug: /details/useHwKeyGithubAccess
 - How To: [Github Docs](https://docs.github.com/en/authentication/securing-your-account-with-two-factor-authentication-2fa/configuring-two-factor-authentication#configuring-two-factor-authentication-using-a-passkey)
 - Created at 2024-12-07T23:06:38.197Z
 - Updated at 2024-12-07T23:06:38.197Z
-
+<!-- DETAILS:END -->
diff --git a/docs/details/useHwKeyGithubNonInteractive.mdx b/docs/details/useHwKeyGithubNonInteractive.mdx
index 1c4a1c6..094d1e5 100644
--- a/docs/details/useHwKeyGithubNonInteractive.mdx
+++ b/docs/details/useHwKeyGithubNonInteractive.mdx
@@ -1,21 +1,29 @@
 ---
+<!-- METADATA:START -->
 sidebar_position: 54
 id: 55
 title: Use AAL2/3 Passkeys for Non-Interactive GitHub Access
 slug: /details/useHwKeyGithubNonInteractive
+<!-- METADATA:END -->
 ---
 
+<!-- TITLE:START -->
 # Use AAL2/3 Passkeys for Non-Interactive GitHub Access
+<!-- TITLE:END -->
 
 ## Use Case
+<!-- LEVELS:START -->
 - Incubating: recommended
 - Active: recommended
 - Retiring: recommended
+<!-- LEVELS:END -->
 
+<!-- DESCRIPTION:START -->
 ## Description
-
 Non-Interactive Github: Use a passkey (AAL2) or hardware key (AAL3) that activates using a password or biometrics
+<!-- DESCRIPTION:END -->
 
+<!-- DETAILS:START -->
 ## Details
 - Implementation Status: pending
 - C-SCRM: true
@@ -25,4 +33,4 @@ Non-Interactive Github: Use a passkey (AAL2) or hardware key (AAL3) that activat
 - How To: [Github Docs](https://docs.github.com/en/authentication/connecting-to-github-with-ssh/generating-a-new-ssh-key-and-adding-it-to-the-ssh-agent#generating-a-new-ssh-key-for-a-hardware-security-key)
 - Created at 2024-12-07T23:06:38.197Z
 - Updated at 2024-12-07T23:06:38.197Z
-
+<!-- DETAILS:END -->
diff --git a/docs/details/useHwKeyOtherContexts.mdx b/docs/details/useHwKeyOtherContexts.mdx
index f1258c7..e1d89e0 100644
--- a/docs/details/useHwKeyOtherContexts.mdx
+++ b/docs/details/useHwKeyOtherContexts.mdx
@@ -1,21 +1,29 @@
 ---
+<!-- METADATA:START -->
 sidebar_position: 55
 id: 56
 title: Use AAL2/3 Passkeys in All Other Contexts
 slug: /details/useHwKeyOtherContexts
+<!-- METADATA:END -->
 ---
 
+<!-- TITLE:START -->
 # Use AAL2/3 Passkeys in All Other Contexts
+<!-- TITLE:END -->
 
 ## Use Case
+<!-- LEVELS:START -->
 - Incubating: recommended
 - Active: recommended
 - Retiring: recommended
+<!-- LEVELS:END -->
 
+<!-- DESCRIPTION:START -->
 ## Description
-
 All Other Contexts: Use a passkey (AAL2) or hardware key (AAL3) that activates using a password or biometrics
+<!-- DESCRIPTION:END -->
 
+<!-- DETAILS:START -->
 ## Details
 - Implementation Status: pending
 - C-SCRM: true
@@ -24,4 +32,4 @@ All Other Contexts: Use a passkey (AAL2) or hardware key (AAL3) that activates u
 - Sources: [OpenSSF Great MFA Project Security Rationale](https://github.com/ossf/great-mfa-project/blob/main/security-rationale.md)
 - Created at 2024-12-07T23:06:38.197Z
 - Updated at 2024-12-07T23:06:38.197Z
-
+<!-- DETAILS:END -->
diff --git a/docs/details/verifiedActionsOnly.mdx b/docs/details/verifiedActionsOnly.mdx
index e98a8f5..b574d49 100644
--- a/docs/details/verifiedActionsOnly.mdx
+++ b/docs/details/verifiedActionsOnly.mdx
@@ -1,21 +1,29 @@
 ---
+<!-- METADATA:START -->
 sidebar_position: 39
 id: 40
 title: Limit GitHub Actions to Verified or Trusted Actions
 slug: /details/verifiedActionsOnly
+<!-- METADATA:END -->
 ---
 
+<!-- TITLE:START -->
 # Limit GitHub Actions to Verified or Trusted Actions
+<!-- TITLE:END -->
 
 ## Use Case
+<!-- LEVELS:START -->
 - Incubating: expected
 - Active: expected
 - Retiring: n/a
+<!-- LEVELS:END -->
 
+<!-- DESCRIPTION:START -->
 ## Description
-
 GitHub Actions Should Be Limited To Verified or Explicitly Trusted Actions
+<!-- DESCRIPTION:END -->
 
+<!-- DETAILS:START -->
 ## Details
 - Implementation Status: pending
 - C-SCRM: true
@@ -25,4 +33,4 @@ GitHub Actions Should Be Limited To Verified or Explicitly Trusted Actions
 - How To: [Github Docs](https://docs.github.com/en/repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/managing-github-actions-settings-for-a-repository#allowing-select-actions-and-reusable-workflows-to-run)
 - Created at 2024-12-07T23:06:38.197Z
 - Updated at 2024-12-07T23:06:38.197Z
-
+<!-- DETAILS:END -->
diff --git a/docs/details/vulnResponse14Days.mdx b/docs/details/vulnResponse14Days.mdx
index 6e04d5a..93fc553 100644
--- a/docs/details/vulnResponse14Days.mdx
+++ b/docs/details/vulnResponse14Days.mdx
@@ -1,21 +1,29 @@
 ---
+<!-- METADATA:START -->
 sidebar_position: 28
 id: 29
 title: Respond to External Vulnerability Reports in Under 14 Days
 slug: /details/vulnResponse14Days
+<!-- METADATA:END -->
 ---
 
+<!-- TITLE:START -->
 # Respond to External Vulnerability Reports in Under 14 Days
+<!-- TITLE:END -->
 
 ## Use Case
+<!-- LEVELS:START -->
 - Incubating: expected
 - Active: expected
 - Retiring: n/a
+<!-- LEVELS:END -->
 
+<!-- DESCRIPTION:START -->
 ## Description
-
 All External Vulnerability Reports Responded to <14 Days
+<!-- DESCRIPTION:END -->
 
+<!-- DETAILS:START -->
 ## Details
 - Implementation Status: pending
 - C-SCRM: false
@@ -23,4 +31,4 @@ All External Vulnerability Reports Responded to <14 Days
 - Sources: [OpenSSF Best Practices Badge Passing Level [vulnerability_report_response]](https://www.bestpractices.dev/en/criteria#0.vulnerability_report_response)
 - Created at 2024-12-07T23:06:38.197Z
 - Updated at 2024-12-07T23:06:38.197Z
-
+<!-- DETAILS:END -->
diff --git a/docs/details/workflowSecurityScanner.mdx b/docs/details/workflowSecurityScanner.mdx
index a7ebade..53808fd 100644
--- a/docs/details/workflowSecurityScanner.mdx
+++ b/docs/details/workflowSecurityScanner.mdx
@@ -1,21 +1,29 @@
 ---
+<!-- METADATA:START -->
 sidebar_position: 57
 id: 58
 title: Use Workflow Security Scanners
 slug: /details/workflowSecurityScanner
+<!-- METADATA:END -->
 ---
 
+<!-- TITLE:START -->
 # Use Workflow Security Scanners
+<!-- TITLE:END -->
 
 ## Use Case
+<!-- LEVELS:START -->
 - Incubating: recommended
 - Active: recommended
 - Retiring: recommended
+<!-- LEVELS:END -->
 
+<!-- DESCRIPTION:START -->
 ## Description
-
 Use a Workflow Security Scanner
+<!-- DESCRIPTION:END -->
 
+<!-- DETAILS:START -->
 ## Details
 - Implementation Status: pending
 - C-SCRM: true
@@ -25,4 +33,4 @@ Use a Workflow Security Scanner
 - How To: [Step Security secure-repo](https://github.com/step-security/secure-repo)
 - Created at 2024-12-07T23:06:38.197Z
 - Updated at 2024-12-07T23:06:38.197Z
-
+<!-- DETAILS:END -->

From 67ad18155e6cb7486a64d30f8a3028f2505e1f1c Mon Sep 17 00:00:00 2001
From: Ulises Gascon <ulisesgascongonzalez@gmail.com>
Date: Sun, 8 Dec 2024 03:04:21 +0100
Subject: [PATCH 05/16] fix: remove metadata and title tags

---
 scripts/populate-details.js         | 6 ------
 scripts/populate-implementations.js | 4 +---
 2 files changed, 1 insertion(+), 9 deletions(-)

diff --git a/scripts/populate-details.js b/scripts/populate-details.js
index f8c9724..5898ca7 100644
--- a/scripts/populate-details.js
+++ b/scripts/populate-details.js
@@ -55,18 +55,12 @@ const renderDetails = (check) => {
 // Prepare the markdown files
 checks.forEach((check, index) => {
   const fileContent = `---
-<!-- METADATA:START -->
 sidebar_position: ${index + 1}
 id: ${check.id}
 title: ${check.title}
 slug: /details/${check.code_name}
-<!-- METADATA:END -->
 ---
 
-<!-- TITLE:START -->
-# ${check.title}
-<!-- TITLE:END -->
-
 ## Use Case
 <!-- LEVELS:START -->
 - Incubating: ${check.level_incubating_status}
diff --git a/scripts/populate-implementations.js b/scripts/populate-implementations.js
index 99b734e..0679509 100644
--- a/scripts/populate-implementations.js
+++ b/scripts/populate-implementations.js
@@ -40,12 +40,10 @@ const addRow = (item) => `| ${item.section_number}. ${capitalizeWords(item.secti
 // Prepare the markdown files
 projectStatus.forEach((status, index) => {
   let fileContent = `---
-<!-- METADATA:START -->
 sidebar_position: ${index + 1}
 id: ${status}
 title: ${status.charAt(0).toUpperCase() + status.slice(1)}
 slug: /implementations/${status}
-<!-- METADATA:END -->
 ---
 
 <!-- LIST:START -->
@@ -61,7 +59,7 @@ ${data[status][priority].map(addRow).join('\n')}
     `
   }).join('\n')
 
-  fileContent += '<!-- LIST:END -->'
+  fileContent += '\n<!-- LIST:END -->'
 
   const destination = path.join(process.cwd(), `docs/implementation/${status}.mdx`)
   writeFileSync(destination, fileContent)

From 7e53d8a086d86ca92c5d9ca2de860d0116217a8d Mon Sep 17 00:00:00 2001
From: Ulises Gascon <ulisesgascongonzalez@gmail.com>
Date: Sun, 8 Dec 2024 03:04:36 +0100
Subject: [PATCH 06/16] chore: update implementations

---
 docs/implementation/active.mdx     | 5 ++---
 docs/implementation/incubating.mdx | 5 ++---
 docs/implementation/retiring.mdx   | 5 ++---
 3 files changed, 6 insertions(+), 9 deletions(-)

diff --git a/docs/implementation/active.mdx b/docs/implementation/active.mdx
index 8e70712..88c49c9 100644
--- a/docs/implementation/active.mdx
+++ b/docs/implementation/active.mdx
@@ -1,10 +1,8 @@
 ---
-<!-- METADATA:START -->
 sidebar_position: 2
 id: active
 title: Active
 slug: /implementations/active
-<!-- METADATA:END -->
 ---
 
 <!-- LIST:START -->
@@ -92,4 +90,5 @@ slug: /implementations/active
 | 2. User Account Permissions | Limit GitHub Repo Admins to Fewer Than Three | R7 | [details](/details/limitRepoAdmins) |
 | 5. Vulnerability Management | Patch Critical/High Vulnerabilities in 14 Days | R8 | [details](/details/patchExploitableHighVulns14Days) |
 | 5. Vulnerability Management | Patch Non-Critical Vulnerabilities in 60 Days | R8 | [details](/details/patchExploitableNoncCriticalVulns60Days) |
-    <!-- LIST:END -->
\ No newline at end of file
+    
+<!-- LIST:END -->
\ No newline at end of file
diff --git a/docs/implementation/incubating.mdx b/docs/implementation/incubating.mdx
index a5a9cf8..e0e09c5 100644
--- a/docs/implementation/incubating.mdx
+++ b/docs/implementation/incubating.mdx
@@ -1,10 +1,8 @@
 ---
-<!-- METADATA:START -->
 sidebar_position: 1
 id: incubating
 title: Incubating
 slug: /implementations/incubating
-<!-- METADATA:END -->
 ---
 
 <!-- LIST:START -->
@@ -97,4 +95,5 @@ slug: /implementations/incubating
 | 2. User Account Permissions | Limit GitHub Repo Admins to Fewer Than Three | R7 | [details](/details/limitRepoAdmins) |
 | 5. Vulnerability Management | Patch Critical/High Vulnerabilities in 14 Days | R8 | [details](/details/patchExploitableHighVulns14Days) |
 | 5. Vulnerability Management | Patch Non-Critical Vulnerabilities in 60 Days | R8 | [details](/details/patchExploitableNoncCriticalVulns60Days) |
-    <!-- LIST:END -->
\ No newline at end of file
+    
+<!-- LIST:END -->
\ No newline at end of file
diff --git a/docs/implementation/retiring.mdx b/docs/implementation/retiring.mdx
index 3136540..e185104 100644
--- a/docs/implementation/retiring.mdx
+++ b/docs/implementation/retiring.mdx
@@ -1,10 +1,8 @@
 ---
-<!-- METADATA:START -->
 sidebar_position: 3
 id: retiring
 title: Retiring
 slug: /implementations/retiring
-<!-- METADATA:END -->
 ---
 
 <!-- LIST:START -->
@@ -65,4 +63,5 @@ slug: /implementations/retiring
 | 9. Source Control | Require Approved PRs for Mainline Commits (Two+ Maintainers) | R6 | [details](/details/requirePRApprovalForMainline) |
 | 2. User Account Permissions | Limit GitHub Org Owners to Fewer Than Three | R7 | [details](/details/limitOrgOwners) |
 | 2. User Account Permissions | Limit GitHub Repo Admins to Fewer Than Three | R7 | [details](/details/limitRepoAdmins) |
-    <!-- LIST:END -->
\ No newline at end of file
+    
+<!-- LIST:END -->
\ No newline at end of file

From ade864712c8f55d20f14a9068ca7a5097996d789 Mon Sep 17 00:00:00 2001
From: Ulises Gascon <ulisesgascongonzalez@gmail.com>
Date: Sun, 8 Dec 2024 03:04:47 +0100
Subject: [PATCH 07/16] chore: update details

---
 docs/details/MFAImpersonationDefense.mdx                 | 6 ------
 docs/details/PRsBeforeMerge.mdx                          | 6 ------
 docs/details/SSHKeysRequired.mdx                         | 6 ------
 docs/details/activeAdminsSixMonths.mdx                   | 6 ------
 docs/details/activeWritersSixMonths.mdx                  | 6 ------
 docs/details/adminRepoCreationOnly.mdx                   | 6 ------
 docs/details/annualDependencyRefresh.mdx                 | 6 ------
 docs/details/assignCVEForKnownVulns.mdx                  | 6 ------
 docs/details/automateDependencyManagement.mdx            | 6 ------
 docs/details/automateVulnDetection.mdx                   | 6 ------
 docs/details/blockWorkflowPRApproval.mdx                 | 6 ------
 docs/details/ciAndCdPipelineAsCode.mdx                   | 6 ------
 docs/details/commitSignoffForWeb.mdx                     | 6 ------
 docs/details/commitStatusChecks.mdx                      | 6 ------
 docs/details/consistentBuildProcessDocs.mdx              | 6 ------
 docs/details/defaultTokenPermissionsReadOnly.mdx         | 6 ------
 docs/details/defineFunctionalRoles.mdx                   | 6 ------
 docs/details/forkWorkflowApproval.mdx                    | 6 ------
 docs/details/githubOrgMFA.mdx                            | 6 ------
 docs/details/githubWebhookSecrets.mdx                    | 6 ------
 docs/details/githubWriteAccessRoles.mdx                  | 6 ------
 docs/details/identifyModifiedDependencies.mdx            | 6 ------
 docs/details/incidentResponsePlan.mdx                    | 6 ------
 docs/details/includeCVEInReleaseNotes.mdx                | 6 ------
 docs/details/includePackageLock.mdx                      | 6 ------
 docs/details/injectedSecretsAtRuntime.mdx                | 6 ------
 docs/details/limitOrgOwners.mdx                          | 6 ------
 docs/details/limitRepoAdmins.mdx                         | 6 ------
 docs/details/limitWorkflowWritePermissions.mdx           | 6 ------
 docs/details/machineReadableDependencies.mdx             | 6 ------
 docs/details/noArbitraryCodeInPipeline.mdx               | 6 ------
 docs/details/noForcePushDefaultBranch.mdx                | 6 ------
 docs/details/noSelfHostedRunners.mdx                     | 6 ------
 docs/details/noSensitiveInfoInRepositories.mdx           | 6 ------
 docs/details/npmOrgMFA.mdx                               | 6 ------
 docs/details/npmPublicationMFA.mdx                       | 6 ------
 docs/details/orgToolingMFA.mdx                           | 6 ------
 docs/details/owaspTop10Training.mdx                      | 6 ------
 docs/details/patchCriticalVulns30Days.mdx                | 6 ------
 docs/details/patchExploitableHighVulns14Days.mdx         | 6 ------
 docs/details/patchExploitableNoncCriticalVulns60Days.mdx | 6 ------
 docs/details/patchNonCriticalVulns90Days.mdx             | 6 ------
 docs/details/pinActionsToSHA.mdx                         | 6 ------
 docs/details/preventBranchProtectionBypass.mdx           | 6 ------
 docs/details/preventDeletionDefaultBranch.mdx            | 6 ------
 docs/details/preventLandingSensitiveCommits.mdx          | 6 ------
 docs/details/preventScriptInjection.mdx                  | 6 ------
 docs/details/regressionTestsForVulns.mdx                 | 6 ------
 docs/details/requireCodeOwnersReviewForLargeTeams.mdx    | 6 ------
 docs/details/requirePRApprovalForMainline.mdx            | 6 ------
 docs/details/requireSignedCommits.mdx                    | 6 ------
 docs/details/requireTwoPartyReview.mdx                   | 6 ------
 docs/details/resolveLinterWarnings.mdx                   | 6 ------
 docs/details/restrictOrgSecrets.mdx                      | 6 ------
 docs/details/restrictedOrgPermissions.mdx                | 6 ------
 docs/details/runnerSecurityScanner.mdx                   | 6 ------
 docs/details/scanCommitsForSensitiveInfo.mdx             | 6 ------
 docs/details/securityMdMeetsOpenJSCVD.mdx                | 6 ------
 docs/details/softwareArchitectureDocs.mdx                | 6 ------
 docs/details/softwareDesignTraining.mdx                  | 6 ------
 docs/details/staticAppSecTesting.mdx                     | 6 ------
 docs/details/staticCodeAnalysis.mdx                      | 6 ------
 docs/details/twoOrMoreOwnersForAccess.mdx                | 6 ------
 docs/details/upToDateDefaultBranchBeforeMerge.mdx        | 6 ------
 docs/details/upgradePathDocs.mdx                         | 6 ------
 docs/details/useCVDToolForVulns.mdx                      | 6 ------
 docs/details/useHwKeyGithubAccess.mdx                    | 6 ------
 docs/details/useHwKeyGithubNonInteractive.mdx            | 6 ------
 docs/details/useHwKeyOtherContexts.mdx                   | 6 ------
 docs/details/verifiedActionsOnly.mdx                     | 6 ------
 docs/details/vulnResponse14Days.mdx                      | 6 ------
 docs/details/workflowSecurityScanner.mdx                 | 6 ------
 72 files changed, 432 deletions(-)

diff --git a/docs/details/MFAImpersonationDefense.mdx b/docs/details/MFAImpersonationDefense.mdx
index b1f987e..9ed53e6 100644
--- a/docs/details/MFAImpersonationDefense.mdx
+++ b/docs/details/MFAImpersonationDefense.mdx
@@ -1,16 +1,10 @@
 ---
-<!-- METADATA:START -->
 sidebar_position: 5
 id: 6
 title: Use MFA against impersonation
 slug: /details/MFAImpersonationDefense
-<!-- METADATA:END -->
 ---
 
-<!-- TITLE:START -->
-# Use MFA against impersonation
-<!-- TITLE:END -->
-
 ## Use Case
 <!-- LEVELS:START -->
 - Incubating: expected
diff --git a/docs/details/PRsBeforeMerge.mdx b/docs/details/PRsBeforeMerge.mdx
index 86e16fb..af3cd1f 100644
--- a/docs/details/PRsBeforeMerge.mdx
+++ b/docs/details/PRsBeforeMerge.mdx
@@ -1,16 +1,10 @@
 ---
-<!-- METADATA:START -->
 sidebar_position: 61
 id: 62
 title: Require Pull Requests Before Merging
 slug: /details/PRsBeforeMerge
-<!-- METADATA:END -->
 ---
 
-<!-- TITLE:START -->
-# Require Pull Requests Before Merging
-<!-- TITLE:END -->
-
 ## Use Case
 <!-- LEVELS:START -->
 - Incubating: recommended
diff --git a/docs/details/SSHKeysRequired.mdx b/docs/details/SSHKeysRequired.mdx
index 1ebc17e..58e66b9 100644
--- a/docs/details/SSHKeysRequired.mdx
+++ b/docs/details/SSHKeysRequired.mdx
@@ -1,16 +1,10 @@
 ---
-<!-- METADATA:START -->
 sidebar_position: 10
 id: 11
 title: Use SSH Keys with Passphrases for Repository Access
 slug: /details/SSHKeysRequired
-<!-- METADATA:END -->
 ---
 
-<!-- TITLE:START -->
-# Use SSH Keys with Passphrases for Repository Access
-<!-- TITLE:END -->
-
 ## Use Case
 <!-- LEVELS:START -->
 - Incubating: expected
diff --git a/docs/details/activeAdminsSixMonths.mdx b/docs/details/activeAdminsSixMonths.mdx
index def0bf2..4afce06 100644
--- a/docs/details/activeAdminsSixMonths.mdx
+++ b/docs/details/activeAdminsSixMonths.mdx
@@ -1,16 +1,10 @@
 ---
-<!-- METADATA:START -->
 sidebar_position: 59
 id: 60
 title: Require Active Admins in GitHub Org (Activity in 6 Months)
 slug: /details/activeAdminsSixMonths
-<!-- METADATA:END -->
 ---
 
-<!-- TITLE:START -->
-# Require Active Admins in GitHub Org (Activity in 6 Months)
-<!-- TITLE:END -->
-
 ## Use Case
 <!-- LEVELS:START -->
 - Incubating: recommended
diff --git a/docs/details/activeWritersSixMonths.mdx b/docs/details/activeWritersSixMonths.mdx
index 38bc4c6..ecaefe2 100644
--- a/docs/details/activeWritersSixMonths.mdx
+++ b/docs/details/activeWritersSixMonths.mdx
@@ -1,16 +1,10 @@
 ---
-<!-- METADATA:START -->
 sidebar_position: 60
 id: 61
 title: Require Active Members with Write Access (Activity in 6 Months)
 slug: /details/activeWritersSixMonths
-<!-- METADATA:END -->
 ---
 
-<!-- TITLE:START -->
-# Require Active Members with Write Access (Activity in 6 Months)
-<!-- TITLE:END -->
-
 ## Use Case
 <!-- LEVELS:START -->
 - Incubating: recommended
diff --git a/docs/details/adminRepoCreationOnly.mdx b/docs/details/adminRepoCreationOnly.mdx
index dbf61b4..1327b29 100644
--- a/docs/details/adminRepoCreationOnly.mdx
+++ b/docs/details/adminRepoCreationOnly.mdx
@@ -1,16 +1,10 @@
 ---
-<!-- METADATA:START -->
 sidebar_position: 14
 id: 15
 title: Allow Only Admins to Create Public Repositories
 slug: /details/adminRepoCreationOnly
-<!-- METADATA:END -->
 ---
 
-<!-- TITLE:START -->
-# Allow Only Admins to Create Public Repositories
-<!-- TITLE:END -->
-
 ## Use Case
 <!-- LEVELS:START -->
 - Incubating: expected
diff --git a/docs/details/annualDependencyRefresh.mdx b/docs/details/annualDependencyRefresh.mdx
index a337cb9..6e38d10 100644
--- a/docs/details/annualDependencyRefresh.mdx
+++ b/docs/details/annualDependencyRefresh.mdx
@@ -1,16 +1,10 @@
 ---
-<!-- METADATA:START -->
 sidebar_position: 52
 id: 53
 title: Refresh Dependencies with Annual Releases
 slug: /details/annualDependencyRefresh
-<!-- METADATA:END -->
 ---
 
-<!-- TITLE:START -->
-# Refresh Dependencies with Annual Releases
-<!-- TITLE:END -->
-
 ## Use Case
 <!-- LEVELS:START -->
 - Incubating: expected
diff --git a/docs/details/assignCVEForKnownVulns.mdx b/docs/details/assignCVEForKnownVulns.mdx
index 6c27f70..9610b20 100644
--- a/docs/details/assignCVEForKnownVulns.mdx
+++ b/docs/details/assignCVEForKnownVulns.mdx
@@ -1,16 +1,10 @@
 ---
-<!-- METADATA:START -->
 sidebar_position: 30
 id: 31
 title: Assign CVEs to All Known Security Vulnerabilities
 slug: /details/assignCVEForKnownVulns
-<!-- METADATA:END -->
 ---
 
-<!-- TITLE:START -->
-# Assign CVEs to All Known Security Vulnerabilities
-<!-- TITLE:END -->
-
 ## Use Case
 <!-- LEVELS:START -->
 - Incubating: expected
diff --git a/docs/details/automateDependencyManagement.mdx b/docs/details/automateDependencyManagement.mdx
index fe17601..4b13130 100644
--- a/docs/details/automateDependencyManagement.mdx
+++ b/docs/details/automateDependencyManagement.mdx
@@ -1,16 +1,10 @@
 ---
-<!-- METADATA:START -->
 sidebar_position: 49
 id: 50
 title: Automate Monitoring of Outdated Dependencies
 slug: /details/automateDependencyManagement
-<!-- METADATA:END -->
 ---
 
-<!-- TITLE:START -->
-# Automate Monitoring of Outdated Dependencies
-<!-- TITLE:END -->
-
 ## Use Case
 <!-- LEVELS:START -->
 - Incubating: expected
diff --git a/docs/details/automateVulnDetection.mdx b/docs/details/automateVulnDetection.mdx
index 551bc71..619af20 100644
--- a/docs/details/automateVulnDetection.mdx
+++ b/docs/details/automateVulnDetection.mdx
@@ -1,16 +1,10 @@
 ---
-<!-- METADATA:START -->
 sidebar_position: 21
 id: 22
 title: Automate Dependency Vulnerability Identification
 slug: /details/automateVulnDetection
-<!-- METADATA:END -->
 ---
 
-<!-- TITLE:START -->
-# Automate Dependency Vulnerability Identification
-<!-- TITLE:END -->
-
 ## Use Case
 <!-- LEVELS:START -->
 - Incubating: expected
diff --git a/docs/details/blockWorkflowPRApproval.mdx b/docs/details/blockWorkflowPRApproval.mdx
index 9b1fdee..08b2406 100644
--- a/docs/details/blockWorkflowPRApproval.mdx
+++ b/docs/details/blockWorkflowPRApproval.mdx
@@ -1,16 +1,10 @@
 ---
-<!-- METADATA:START -->
 sidebar_position: 34
 id: 35
 title: Prevent Workflows from Creating or Approving PRs
 slug: /details/blockWorkflowPRApproval
-<!-- METADATA:END -->
 ---
 
-<!-- TITLE:START -->
-# Prevent Workflows from Creating or Approving PRs
-<!-- TITLE:END -->
-
 ## Use Case
 <!-- LEVELS:START -->
 - Incubating: expected
diff --git a/docs/details/ciAndCdPipelineAsCode.mdx b/docs/details/ciAndCdPipelineAsCode.mdx
index f1cc070..50917e4 100644
--- a/docs/details/ciAndCdPipelineAsCode.mdx
+++ b/docs/details/ciAndCdPipelineAsCode.mdx
@@ -1,16 +1,10 @@
 ---
-<!-- METADATA:START -->
 sidebar_position: 47
 id: 48
 title: Automate CI/CD Steps in Code-Based Pipelines
 slug: /details/ciAndCdPipelineAsCode
-<!-- METADATA:END -->
 ---
 
-<!-- TITLE:START -->
-# Automate CI/CD Steps in Code-Based Pipelines
-<!-- TITLE:END -->
-
 ## Use Case
 <!-- LEVELS:START -->
 - Incubating: deferrable
diff --git a/docs/details/commitSignoffForWeb.mdx b/docs/details/commitSignoffForWeb.mdx
index 170e5af..4d7a0fc 100644
--- a/docs/details/commitSignoffForWeb.mdx
+++ b/docs/details/commitSignoffForWeb.mdx
@@ -1,16 +1,10 @@
 ---
-<!-- METADATA:START -->
 sidebar_position: 62
 id: 63
 title: Enforce Commit Signoff for Web-Based Commits
 slug: /details/commitSignoffForWeb
-<!-- METADATA:END -->
 ---
 
-<!-- TITLE:START -->
-# Enforce Commit Signoff for Web-Based Commits
-<!-- TITLE:END -->
-
 ## Use Case
 <!-- LEVELS:START -->
 - Incubating: recommended
diff --git a/docs/details/commitStatusChecks.mdx b/docs/details/commitStatusChecks.mdx
index 118adf3..2c5c36d 100644
--- a/docs/details/commitStatusChecks.mdx
+++ b/docs/details/commitStatusChecks.mdx
@@ -1,16 +1,10 @@
 ---
-<!-- METADATA:START -->
 sidebar_position: 25
 id: 26
 title: Require Commit Status Checks to Pass Before Merging
 slug: /details/commitStatusChecks
-<!-- METADATA:END -->
 ---
 
-<!-- TITLE:START -->
-# Require Commit Status Checks to Pass Before Merging
-<!-- TITLE:END -->
-
 ## Use Case
 <!-- LEVELS:START -->
 - Incubating: expected
diff --git a/docs/details/consistentBuildProcessDocs.mdx b/docs/details/consistentBuildProcessDocs.mdx
index 912d824..e453b76 100644
--- a/docs/details/consistentBuildProcessDocs.mdx
+++ b/docs/details/consistentBuildProcessDocs.mdx
@@ -1,16 +1,10 @@
 ---
-<!-- METADATA:START -->
 sidebar_position: 44
 id: 45
 title: Document Consistent and Automated Build Processes
 slug: /details/consistentBuildProcessDocs
-<!-- METADATA:END -->
 ---
 
-<!-- TITLE:START -->
-# Document Consistent and Automated Build Processes
-<!-- TITLE:END -->
-
 ## Use Case
 <!-- LEVELS:START -->
 - Incubating: expected
diff --git a/docs/details/defaultTokenPermissionsReadOnly.mdx b/docs/details/defaultTokenPermissionsReadOnly.mdx
index a96cdfe..928a364 100644
--- a/docs/details/defaultTokenPermissionsReadOnly.mdx
+++ b/docs/details/defaultTokenPermissionsReadOnly.mdx
@@ -1,16 +1,10 @@
 ---
-<!-- METADATA:START -->
 sidebar_position: 33
 id: 34
 title: Set Default GitHub Workflow Token Permissions to Read Only
 slug: /details/defaultTokenPermissionsReadOnly
-<!-- METADATA:END -->
 ---
 
-<!-- TITLE:START -->
-# Set Default GitHub Workflow Token Permissions to Read Only
-<!-- TITLE:END -->
-
 ## Use Case
 <!-- LEVELS:START -->
 - Incubating: expected
diff --git a/docs/details/defineFunctionalRoles.mdx b/docs/details/defineFunctionalRoles.mdx
index 1b24336..6e8c498 100644
--- a/docs/details/defineFunctionalRoles.mdx
+++ b/docs/details/defineFunctionalRoles.mdx
@@ -1,16 +1,10 @@
 ---
-<!-- METADATA:START -->
 sidebar_position: 16
 id: 17
 title: Define Roles Aligned to Functional Responsibilities
 slug: /details/defineFunctionalRoles
-<!-- METADATA:END -->
 ---
 
-<!-- TITLE:START -->
-# Define Roles Aligned to Functional Responsibilities
-<!-- TITLE:END -->
-
 ## Use Case
 <!-- LEVELS:START -->
 - Incubating: expected
diff --git a/docs/details/forkWorkflowApproval.mdx b/docs/details/forkWorkflowApproval.mdx
index 7dccdef..71b5714 100644
--- a/docs/details/forkWorkflowApproval.mdx
+++ b/docs/details/forkWorkflowApproval.mdx
@@ -1,16 +1,10 @@
 ---
-<!-- METADATA:START -->
 sidebar_position: 56
 id: 57
 title: Require Approval for Forked Workflow Changes
 slug: /details/forkWorkflowApproval
-<!-- METADATA:END -->
 ---
 
-<!-- TITLE:START -->
-# Require Approval for Forked Workflow Changes
-<!-- TITLE:END -->
-
 ## Use Case
 <!-- LEVELS:START -->
 - Incubating: recommended
diff --git a/docs/details/githubOrgMFA.mdx b/docs/details/githubOrgMFA.mdx
index f07976e..85e644a 100644
--- a/docs/details/githubOrgMFA.mdx
+++ b/docs/details/githubOrgMFA.mdx
@@ -1,16 +1,10 @@
 ---
-<!-- METADATA:START -->
 sidebar_position: 72
 id: 3
 title: Enforce MFA in GitHub Organization(s)
 slug: /details/githubOrgMFA
-<!-- METADATA:END -->
 ---
 
-<!-- TITLE:START -->
-# Enforce MFA in GitHub Organization(s)
-<!-- TITLE:END -->
-
 ## Use Case
 <!-- LEVELS:START -->
 - Incubating: expected
diff --git a/docs/details/githubWebhookSecrets.mdx b/docs/details/githubWebhookSecrets.mdx
index bb3cc16..dd5acec 100644
--- a/docs/details/githubWebhookSecrets.mdx
+++ b/docs/details/githubWebhookSecrets.mdx
@@ -1,16 +1,10 @@
 ---
-<!-- METADATA:START -->
 sidebar_position: 12
 id: 13
 title: Secure GitHub Webhooks with Secrets
 slug: /details/githubWebhookSecrets
-<!-- METADATA:END -->
 ---
 
-<!-- TITLE:START -->
-# Secure GitHub Webhooks with Secrets
-<!-- TITLE:END -->
-
 ## Use Case
 <!-- LEVELS:START -->
 - Incubating: expected
diff --git a/docs/details/githubWriteAccessRoles.mdx b/docs/details/githubWriteAccessRoles.mdx
index 5a2a319..7963a63 100644
--- a/docs/details/githubWriteAccessRoles.mdx
+++ b/docs/details/githubWriteAccessRoles.mdx
@@ -1,16 +1,10 @@
 ---
-<!-- METADATA:START -->
 sidebar_position: 17
 id: 18
 title: Define Teams/Individuals with Write Access to Repositories
 slug: /details/githubWriteAccessRoles
-<!-- METADATA:END -->
 ---
 
-<!-- TITLE:START -->
-# Define Teams/Individuals with Write Access to Repositories
-<!-- TITLE:END -->
-
 ## Use Case
 <!-- LEVELS:START -->
 - Incubating: expected
diff --git a/docs/details/identifyModifiedDependencies.mdx b/docs/details/identifyModifiedDependencies.mdx
index 1fa0a5b..041fab9 100644
--- a/docs/details/identifyModifiedDependencies.mdx
+++ b/docs/details/identifyModifiedDependencies.mdx
@@ -1,16 +1,10 @@
 ---
-<!-- METADATA:START -->
 sidebar_position: 51
 id: 52
 title: Uniquely Identify Modified Dependencies
 slug: /details/identifyModifiedDependencies
-<!-- METADATA:END -->
 ---
 
-<!-- TITLE:START -->
-# Uniquely Identify Modified Dependencies
-<!-- TITLE:END -->
-
 ## Use Case
 <!-- LEVELS:START -->
 - Incubating: expected
diff --git a/docs/details/incidentResponsePlan.mdx b/docs/details/incidentResponsePlan.mdx
index 1455c52..76a33cb 100644
--- a/docs/details/incidentResponsePlan.mdx
+++ b/docs/details/incidentResponsePlan.mdx
@@ -1,16 +1,10 @@
 ---
-<!-- METADATA:START -->
 sidebar_position: 29
 id: 30
 title: Define Clear Communication and Incident Response Plans
 slug: /details/incidentResponsePlan
-<!-- METADATA:END -->
 ---
 
-<!-- TITLE:START -->
-# Define Clear Communication and Incident Response Plans
-<!-- TITLE:END -->
-
 ## Use Case
 <!-- LEVELS:START -->
 - Incubating: expected
diff --git a/docs/details/includeCVEInReleaseNotes.mdx b/docs/details/includeCVEInReleaseNotes.mdx
index aeb3c9b..b8c31c7 100644
--- a/docs/details/includeCVEInReleaseNotes.mdx
+++ b/docs/details/includeCVEInReleaseNotes.mdx
@@ -1,16 +1,10 @@
 ---
-<!-- METADATA:START -->
 sidebar_position: 31
 id: 32
 title: Include CVE IDs in Release Notes for Security Fixes
 slug: /details/includeCVEInReleaseNotes
-<!-- METADATA:END -->
 ---
 
-<!-- TITLE:START -->
-# Include CVE IDs in Release Notes for Security Fixes
-<!-- TITLE:END -->
-
 ## Use Case
 <!-- LEVELS:START -->
 - Incubating: expected
diff --git a/docs/details/includePackageLock.mdx b/docs/details/includePackageLock.mdx
index 91f29b4..a4fbead 100644
--- a/docs/details/includePackageLock.mdx
+++ b/docs/details/includePackageLock.mdx
@@ -1,16 +1,10 @@
 ---
-<!-- METADATA:START -->
 sidebar_position: 64
 id: 65
 title: Include package-lock.json in Releases (Freestanding Apps)
 slug: /details/includePackageLock
-<!-- METADATA:END -->
 ---
 
-<!-- TITLE:START -->
-# Include package-lock.json in Releases (Freestanding Apps)
-<!-- TITLE:END -->
-
 ## Use Case
 <!-- LEVELS:START -->
 - Incubating: recommended
diff --git a/docs/details/injectedSecretsAtRuntime.mdx b/docs/details/injectedSecretsAtRuntime.mdx
index 0a478dc..e6002f8 100644
--- a/docs/details/injectedSecretsAtRuntime.mdx
+++ b/docs/details/injectedSecretsAtRuntime.mdx
@@ -1,16 +1,10 @@
 ---
-<!-- METADATA:START -->
 sidebar_position: 7
 id: 8
 title: Ensure that the secrets are injected at runtime
 slug: /details/injectedSecretsAtRuntime
-<!-- METADATA:END -->
 ---
 
-<!-- TITLE:START -->
-# Ensure that the secrets are injected at runtime
-<!-- TITLE:END -->
-
 ## Use Case
 <!-- LEVELS:START -->
 - Incubating: expected
diff --git a/docs/details/limitOrgOwners.mdx b/docs/details/limitOrgOwners.mdx
index 211d5ec..5d4c8c5 100644
--- a/docs/details/limitOrgOwners.mdx
+++ b/docs/details/limitOrgOwners.mdx
@@ -1,16 +1,10 @@
 ---
-<!-- METADATA:START -->
 sidebar_position: 68
 id: 69
 title: Limit GitHub Org Owners to Fewer Than Three
 slug: /details/limitOrgOwners
-<!-- METADATA:END -->
 ---
 
-<!-- TITLE:START -->
-# Limit GitHub Org Owners to Fewer Than Three
-<!-- TITLE:END -->
-
 ## Use Case
 <!-- LEVELS:START -->
 - Incubating: recommended
diff --git a/docs/details/limitRepoAdmins.mdx b/docs/details/limitRepoAdmins.mdx
index dffff7a..ca36cd7 100644
--- a/docs/details/limitRepoAdmins.mdx
+++ b/docs/details/limitRepoAdmins.mdx
@@ -1,16 +1,10 @@
 ---
-<!-- METADATA:START -->
 sidebar_position: 69
 id: 70
 title: Limit GitHub Repo Admins to Fewer Than Three
 slug: /details/limitRepoAdmins
-<!-- METADATA:END -->
 ---
 
-<!-- TITLE:START -->
-# Limit GitHub Repo Admins to Fewer Than Three
-<!-- TITLE:END -->
-
 ## Use Case
 <!-- LEVELS:START -->
 - Incubating: recommended
diff --git a/docs/details/limitWorkflowWritePermissions.mdx b/docs/details/limitWorkflowWritePermissions.mdx
index 6f26575..8217ff8 100644
--- a/docs/details/limitWorkflowWritePermissions.mdx
+++ b/docs/details/limitWorkflowWritePermissions.mdx
@@ -1,16 +1,10 @@
 ---
-<!-- METADATA:START -->
 sidebar_position: 42
 id: 43
 title: Limit Workflow Write Permissions to Job-Level
 slug: /details/limitWorkflowWritePermissions
-<!-- METADATA:END -->
 ---
 
-<!-- TITLE:START -->
-# Limit Workflow Write Permissions to Job-Level
-<!-- TITLE:END -->
-
 ## Use Case
 <!-- LEVELS:START -->
 - Incubating: expected
diff --git a/docs/details/machineReadableDependencies.mdx b/docs/details/machineReadableDependencies.mdx
index 1e1377d..27b3455 100644
--- a/docs/details/machineReadableDependencies.mdx
+++ b/docs/details/machineReadableDependencies.mdx
@@ -1,16 +1,10 @@
 ---
-<!-- METADATA:START -->
 sidebar_position: 50
 id: 51
 title: Provide Machine-Readable Dependency Lists
 slug: /details/machineReadableDependencies
-<!-- METADATA:END -->
 ---
 
-<!-- TITLE:START -->
-# Provide Machine-Readable Dependency Lists
-<!-- TITLE:END -->
-
 ## Use Case
 <!-- LEVELS:START -->
 - Incubating: expected
diff --git a/docs/details/noArbitraryCodeInPipeline.mdx b/docs/details/noArbitraryCodeInPipeline.mdx
index 7769d76..10c0d10 100644
--- a/docs/details/noArbitraryCodeInPipeline.mdx
+++ b/docs/details/noArbitraryCodeInPipeline.mdx
@@ -1,16 +1,10 @@
 ---
-<!-- METADATA:START -->
 sidebar_position: 41
 id: 42
 title: Restrict Build Pipeline Code Execution to Build Scripts
 slug: /details/noArbitraryCodeInPipeline
-<!-- METADATA:END -->
 ---
 
-<!-- TITLE:START -->
-# Restrict Build Pipeline Code Execution to Build Scripts
-<!-- TITLE:END -->
-
 ## Use Case
 <!-- LEVELS:START -->
 - Incubating: expected
diff --git a/docs/details/noForcePushDefaultBranch.mdx b/docs/details/noForcePushDefaultBranch.mdx
index d3c3e50..d01ee8e 100644
--- a/docs/details/noForcePushDefaultBranch.mdx
+++ b/docs/details/noForcePushDefaultBranch.mdx
@@ -1,16 +1,10 @@
 ---
-<!-- METADATA:START -->
 sidebar_position: 35
 id: 36
 title: Disable Force Push on Default Branch
 slug: /details/noForcePushDefaultBranch
-<!-- METADATA:END -->
 ---
 
-<!-- TITLE:START -->
-# Disable Force Push on Default Branch
-<!-- TITLE:END -->
-
 ## Use Case
 <!-- LEVELS:START -->
 - Incubating: expected
diff --git a/docs/details/noSelfHostedRunners.mdx b/docs/details/noSelfHostedRunners.mdx
index 5f8c33f..ce10c5d 100644
--- a/docs/details/noSelfHostedRunners.mdx
+++ b/docs/details/noSelfHostedRunners.mdx
@@ -1,16 +1,10 @@
 ---
-<!-- METADATA:START -->
 sidebar_position: 40
 id: 41
 title: Disable Self-Hosted Runners in GitHub Org
 slug: /details/noSelfHostedRunners
-<!-- METADATA:END -->
 ---
 
-<!-- TITLE:START -->
-# Disable Self-Hosted Runners in GitHub Org
-<!-- TITLE:END -->
-
 ## Use Case
 <!-- LEVELS:START -->
 - Incubating: expected
diff --git a/docs/details/noSensitiveInfoInRepositories.mdx b/docs/details/noSensitiveInfoInRepositories.mdx
index 20f47be..77249c2 100644
--- a/docs/details/noSensitiveInfoInRepositories.mdx
+++ b/docs/details/noSensitiveInfoInRepositories.mdx
@@ -1,16 +1,10 @@
 ---
-<!-- METADATA:START -->
 sidebar_position: 6
 id: 7
 title: Check sensitive information
 slug: /details/noSensitiveInfoInRepositories
-<!-- METADATA:END -->
 ---
 
-<!-- TITLE:START -->
-# Check sensitive information
-<!-- TITLE:END -->
-
 ## Use Case
 <!-- LEVELS:START -->
 - Incubating: expected
diff --git a/docs/details/npmOrgMFA.mdx b/docs/details/npmOrgMFA.mdx
index 2bbb148..1756f33 100644
--- a/docs/details/npmOrgMFA.mdx
+++ b/docs/details/npmOrgMFA.mdx
@@ -1,16 +1,10 @@
 ---
-<!-- METADATA:START -->
 sidebar_position: 3
 id: 4
 title: Enforce MFA in npm Organization(s)
 slug: /details/npmOrgMFA
-<!-- METADATA:END -->
 ---
 
-<!-- TITLE:START -->
-# Enforce MFA in npm Organization(s)
-<!-- TITLE:END -->
-
 ## Use Case
 <!-- LEVELS:START -->
 - Incubating: expected
diff --git a/docs/details/npmPublicationMFA.mdx b/docs/details/npmPublicationMFA.mdx
index 018261b..817d22c 100644
--- a/docs/details/npmPublicationMFA.mdx
+++ b/docs/details/npmPublicationMFA.mdx
@@ -1,16 +1,10 @@
 ---
-<!-- METADATA:START -->
 sidebar_position: 11
 id: 12
 title: Publish to npm Using MFA-Enabled Accounts
 slug: /details/npmPublicationMFA
-<!-- METADATA:END -->
 ---
 
-<!-- TITLE:START -->
-# Publish to npm Using MFA-Enabled Accounts
-<!-- TITLE:END -->
-
 ## Use Case
 <!-- LEVELS:START -->
 - Incubating: expected
diff --git a/docs/details/orgToolingMFA.mdx b/docs/details/orgToolingMFA.mdx
index 587dfff..591c0ba 100644
--- a/docs/details/orgToolingMFA.mdx
+++ b/docs/details/orgToolingMFA.mdx
@@ -1,16 +1,10 @@
 ---
-<!-- METADATA:START -->
 sidebar_position: 4
 id: 5
 title: Enforce MFA in all the tools
 slug: /details/orgToolingMFA
-<!-- METADATA:END -->
 ---
 
-<!-- TITLE:START -->
-# Enforce MFA in all the tools
-<!-- TITLE:END -->
-
 ## Use Case
 <!-- LEVELS:START -->
 - Incubating: expected
diff --git a/docs/details/owaspTop10Training.mdx b/docs/details/owaspTop10Training.mdx
index c42a532..2410f71 100644
--- a/docs/details/owaspTop10Training.mdx
+++ b/docs/details/owaspTop10Training.mdx
@@ -1,16 +1,10 @@
 ---
-<!-- METADATA:START -->
 sidebar_position: 2
 id: 2
 title: Training on OWASP Top 10 or Equivalent
 slug: /details/owaspTop10Training
-<!-- METADATA:END -->
 ---
 
-<!-- TITLE:START -->
-# Training on OWASP Top 10 or Equivalent
-<!-- TITLE:END -->
-
 ## Use Case
 <!-- LEVELS:START -->
 - Incubating: expected
diff --git a/docs/details/patchCriticalVulns30Days.mdx b/docs/details/patchCriticalVulns30Days.mdx
index 70ce2d4..d02c70e 100644
--- a/docs/details/patchCriticalVulns30Days.mdx
+++ b/docs/details/patchCriticalVulns30Days.mdx
@@ -1,16 +1,10 @@
 ---
-<!-- METADATA:START -->
 sidebar_position: 19
 id: 20
 title: Patch Actively Exploited Critical Vulnerabilities within 30 Days
 slug: /details/patchCriticalVulns30Days
-<!-- METADATA:END -->
 ---
 
-<!-- TITLE:START -->
-# Patch Actively Exploited Critical Vulnerabilities within 30 Days
-<!-- TITLE:END -->
-
 ## Use Case
 <!-- LEVELS:START -->
 - Incubating: expected
diff --git a/docs/details/patchExploitableHighVulns14Days.mdx b/docs/details/patchExploitableHighVulns14Days.mdx
index a1397d5..7e024e6 100644
--- a/docs/details/patchExploitableHighVulns14Days.mdx
+++ b/docs/details/patchExploitableHighVulns14Days.mdx
@@ -1,16 +1,10 @@
 ---
-<!-- METADATA:START -->
 sidebar_position: 70
 id: 71
 title: Patch Critical/High Vulnerabilities in 14 Days
 slug: /details/patchExploitableHighVulns14Days
-<!-- METADATA:END -->
 ---
 
-<!-- TITLE:START -->
-# Patch Critical/High Vulnerabilities in 14 Days
-<!-- TITLE:END -->
-
 ## Use Case
 <!-- LEVELS:START -->
 - Incubating: recommended
diff --git a/docs/details/patchExploitableNoncCriticalVulns60Days.mdx b/docs/details/patchExploitableNoncCriticalVulns60Days.mdx
index c0bd703..b579a11 100644
--- a/docs/details/patchExploitableNoncCriticalVulns60Days.mdx
+++ b/docs/details/patchExploitableNoncCriticalVulns60Days.mdx
@@ -1,16 +1,10 @@
 ---
-<!-- METADATA:START -->
 sidebar_position: 71
 id: 72
 title: Patch Non-Critical Vulnerabilities in 60 Days
 slug: /details/patchExploitableNoncCriticalVulns60Days
-<!-- METADATA:END -->
 ---
 
-<!-- TITLE:START -->
-# Patch Non-Critical Vulnerabilities in 60 Days
-<!-- TITLE:END -->
-
 ## Use Case
 <!-- LEVELS:START -->
 - Incubating: recommended
diff --git a/docs/details/patchNonCriticalVulns90Days.mdx b/docs/details/patchNonCriticalVulns90Days.mdx
index b567e55..7fd1632 100644
--- a/docs/details/patchNonCriticalVulns90Days.mdx
+++ b/docs/details/patchNonCriticalVulns90Days.mdx
@@ -1,16 +1,10 @@
 ---
-<!-- METADATA:START -->
 sidebar_position: 20
 id: 21
 title: Patch Non-Critical Vulnerabilities within 90 Days
 slug: /details/patchNonCriticalVulns90Days
-<!-- METADATA:END -->
 ---
 
-<!-- TITLE:START -->
-# Patch Non-Critical Vulnerabilities within 90 Days
-<!-- TITLE:END -->
-
 ## Use Case
 <!-- LEVELS:START -->
 - Incubating: expected
diff --git a/docs/details/pinActionsToSHA.mdx b/docs/details/pinActionsToSHA.mdx
index 4818e42..3636c5c 100644
--- a/docs/details/pinActionsToSHA.mdx
+++ b/docs/details/pinActionsToSHA.mdx
@@ -1,16 +1,10 @@
 ---
-<!-- METADATA:START -->
 sidebar_position: 48
 id: 49
 title: Pin Actions with Secrets to Full-Length Commit SHAs
 slug: /details/pinActionsToSHA
-<!-- METADATA:END -->
 ---
 
-<!-- TITLE:START -->
-# Pin Actions with Secrets to Full-Length Commit SHAs
-<!-- TITLE:END -->
-
 ## Use Case
 <!-- LEVELS:START -->
 - Incubating: deferrable
diff --git a/docs/details/preventBranchProtectionBypass.mdx b/docs/details/preventBranchProtectionBypass.mdx
index 39f6b67..0f75082 100644
--- a/docs/details/preventBranchProtectionBypass.mdx
+++ b/docs/details/preventBranchProtectionBypass.mdx
@@ -1,16 +1,10 @@
 ---
-<!-- METADATA:START -->
 sidebar_position: 15
 id: 16
 title: Prevent Admins from Bypassing Branch Protection
 slug: /details/preventBranchProtectionBypass
-<!-- METADATA:END -->
 ---
 
-<!-- TITLE:START -->
-# Prevent Admins from Bypassing Branch Protection
-<!-- TITLE:END -->
-
 ## Use Case
 <!-- LEVELS:START -->
 - Incubating: expected
diff --git a/docs/details/preventDeletionDefaultBranch.mdx b/docs/details/preventDeletionDefaultBranch.mdx
index fc46a07..02c06f1 100644
--- a/docs/details/preventDeletionDefaultBranch.mdx
+++ b/docs/details/preventDeletionDefaultBranch.mdx
@@ -1,16 +1,10 @@
 ---
-<!-- METADATA:START -->
 sidebar_position: 36
 id: 37
 title: Prevent Deletion of Default Branch
 slug: /details/preventDeletionDefaultBranch
-<!-- METADATA:END -->
 ---
 
-<!-- TITLE:START -->
-# Prevent Deletion of Default Branch
-<!-- TITLE:END -->
-
 ## Use Case
 <!-- LEVELS:START -->
 - Incubating: expected
diff --git a/docs/details/preventLandingSensitiveCommits.mdx b/docs/details/preventLandingSensitiveCommits.mdx
index e29d74b..ce89ef0 100644
--- a/docs/details/preventLandingSensitiveCommits.mdx
+++ b/docs/details/preventLandingSensitiveCommits.mdx
@@ -1,16 +1,10 @@
 ---
-<!-- METADATA:START -->
 sidebar_position: 9
 id: 10
 title: Block New Commits with Secrets or Credentials
 slug: /details/preventLandingSensitiveCommits
-<!-- METADATA:END -->
 ---
 
-<!-- TITLE:START -->
-# Block New Commits with Secrets or Credentials
-<!-- TITLE:END -->
-
 ## Use Case
 <!-- LEVELS:START -->
 - Incubating: expected
diff --git a/docs/details/preventScriptInjection.mdx b/docs/details/preventScriptInjection.mdx
index adccf0e..599c8d3 100644
--- a/docs/details/preventScriptInjection.mdx
+++ b/docs/details/preventScriptInjection.mdx
@@ -1,16 +1,10 @@
 ---
-<!-- METADATA:START -->
 sidebar_position: 43
 id: 44
 title: Avoid Script Injection from Untrusted Variables
 slug: /details/preventScriptInjection
-<!-- METADATA:END -->
 ---
 
-<!-- TITLE:START -->
-# Avoid Script Injection from Untrusted Variables
-<!-- TITLE:END -->
-
 ## Use Case
 <!-- LEVELS:START -->
 - Incubating: expected
diff --git a/docs/details/regressionTestsForVulns.mdx b/docs/details/regressionTestsForVulns.mdx
index db04ef3..6e15f41 100644
--- a/docs/details/regressionTestsForVulns.mdx
+++ b/docs/details/regressionTestsForVulns.mdx
@@ -1,16 +1,10 @@
 ---
-<!-- METADATA:START -->
 sidebar_position: 32
 id: 33
 title: Create Regression Tests for Bugs and Security Vulnerabilities
 slug: /details/regressionTestsForVulns
-<!-- METADATA:END -->
 ---
 
-<!-- TITLE:START -->
-# Create Regression Tests for Bugs and Security Vulnerabilities
-<!-- TITLE:END -->
-
 ## Use Case
 <!-- LEVELS:START -->
 - Incubating: deferrable
diff --git a/docs/details/requireCodeOwnersReviewForLargeTeams.mdx b/docs/details/requireCodeOwnersReviewForLargeTeams.mdx
index 5fa7b53..6c44be8 100644
--- a/docs/details/requireCodeOwnersReviewForLargeTeams.mdx
+++ b/docs/details/requireCodeOwnersReviewForLargeTeams.mdx
@@ -1,16 +1,10 @@
 ---
-<!-- METADATA:START -->
 sidebar_position: 66
 id: 67
 title: Require Code Owners Review (Four+ Maintainers)
 slug: /details/requireCodeOwnersReviewForLargeTeams
-<!-- METADATA:END -->
 ---
 
-<!-- TITLE:START -->
-# Require Code Owners Review (Four+ Maintainers)
-<!-- TITLE:END -->
-
 ## Use Case
 <!-- LEVELS:START -->
 - Incubating: recommended
diff --git a/docs/details/requirePRApprovalForMainline.mdx b/docs/details/requirePRApprovalForMainline.mdx
index 6bf3961..53c746f 100644
--- a/docs/details/requirePRApprovalForMainline.mdx
+++ b/docs/details/requirePRApprovalForMainline.mdx
@@ -1,16 +1,10 @@
 ---
-<!-- METADATA:START -->
 sidebar_position: 67
 id: 68
 title: Require Approved PRs for Mainline Commits (Two+ Maintainers)
 slug: /details/requirePRApprovalForMainline
-<!-- METADATA:END -->
 ---
 
-<!-- TITLE:START -->
-# Require Approved PRs for Mainline Commits (Two+ Maintainers)
-<!-- TITLE:END -->
-
 ## Use Case
 <!-- LEVELS:START -->
 - Incubating: recommended
diff --git a/docs/details/requireSignedCommits.mdx b/docs/details/requireSignedCommits.mdx
index 39e993a..fd018f7 100644
--- a/docs/details/requireSignedCommits.mdx
+++ b/docs/details/requireSignedCommits.mdx
@@ -1,16 +1,10 @@
 ---
-<!-- METADATA:START -->
 sidebar_position: 63
 id: 64
 title: Require Signed Commits
 slug: /details/requireSignedCommits
-<!-- METADATA:END -->
 ---
 
-<!-- TITLE:START -->
-# Require Signed Commits
-<!-- TITLE:END -->
-
 ## Use Case
 <!-- LEVELS:START -->
 - Incubating: recommended
diff --git a/docs/details/requireTwoPartyReview.mdx b/docs/details/requireTwoPartyReview.mdx
index 0929ebb..6a32a8e 100644
--- a/docs/details/requireTwoPartyReview.mdx
+++ b/docs/details/requireTwoPartyReview.mdx
@@ -1,16 +1,10 @@
 ---
-<!-- METADATA:START -->
 sidebar_position: 65
 id: 66
 title: Require Two-Party Review (Two+ Maintainers)
 slug: /details/requireTwoPartyReview
-<!-- METADATA:END -->
 ---
 
-<!-- TITLE:START -->
-# Require Two-Party Review (Two+ Maintainers)
-<!-- TITLE:END -->
-
 ## Use Case
 <!-- LEVELS:START -->
 - Incubating: recommended
diff --git a/docs/details/resolveLinterWarnings.mdx b/docs/details/resolveLinterWarnings.mdx
index 1227caf..8809b01 100644
--- a/docs/details/resolveLinterWarnings.mdx
+++ b/docs/details/resolveLinterWarnings.mdx
@@ -1,16 +1,10 @@
 ---
-<!-- METADATA:START -->
 sidebar_position: 23
 id: 24
 title: Address Compiler/Linter Warnings Before Merging
 slug: /details/resolveLinterWarnings
-<!-- METADATA:END -->
 ---
 
-<!-- TITLE:START -->
-# Address Compiler/Linter Warnings Before Merging
-<!-- TITLE:END -->
-
 ## Use Case
 <!-- LEVELS:START -->
 - Incubating: expected
diff --git a/docs/details/restrictOrgSecrets.mdx b/docs/details/restrictOrgSecrets.mdx
index 8491709..a2b3543 100644
--- a/docs/details/restrictOrgSecrets.mdx
+++ b/docs/details/restrictOrgSecrets.mdx
@@ -1,16 +1,10 @@
 ---
-<!-- METADATA:START -->
 sidebar_position: 38
 id: 39
 title: Restrict GitHub Org Secrets to Specific Repositories
 slug: /details/restrictOrgSecrets
-<!-- METADATA:END -->
 ---
 
-<!-- TITLE:START -->
-# Restrict GitHub Org Secrets to Specific Repositories
-<!-- TITLE:END -->
-
 ## Use Case
 <!-- LEVELS:START -->
 - Incubating: expected
diff --git a/docs/details/restrictedOrgPermissions.mdx b/docs/details/restrictedOrgPermissions.mdx
index 7edd421..da715ab 100644
--- a/docs/details/restrictedOrgPermissions.mdx
+++ b/docs/details/restrictedOrgPermissions.mdx
@@ -1,16 +1,10 @@
 ---
-<!-- METADATA:START -->
 sidebar_position: 13
 id: 14
 title: Restrict Default GitHub Org Member Permissions
 slug: /details/restrictedOrgPermissions
-<!-- METADATA:END -->
 ---
 
-<!-- TITLE:START -->
-# Restrict Default GitHub Org Member Permissions
-<!-- TITLE:END -->
-
 ## Use Case
 <!-- LEVELS:START -->
 - Incubating: expected
diff --git a/docs/details/runnerSecurityScanner.mdx b/docs/details/runnerSecurityScanner.mdx
index be07ff7..aaa0f5b 100644
--- a/docs/details/runnerSecurityScanner.mdx
+++ b/docs/details/runnerSecurityScanner.mdx
@@ -1,16 +1,10 @@
 ---
-<!-- METADATA:START -->
 sidebar_position: 58
 id: 59
 title: Use GitHub Runner Security Scanners
 slug: /details/runnerSecurityScanner
-<!-- METADATA:END -->
 ---
 
-<!-- TITLE:START -->
-# Use GitHub Runner Security Scanners
-<!-- TITLE:END -->
-
 ## Use Case
 <!-- LEVELS:START -->
 - Incubating: recommended
diff --git a/docs/details/scanCommitsForSensitiveInfo.mdx b/docs/details/scanCommitsForSensitiveInfo.mdx
index 08de139..219b333 100644
--- a/docs/details/scanCommitsForSensitiveInfo.mdx
+++ b/docs/details/scanCommitsForSensitiveInfo.mdx
@@ -1,16 +1,10 @@
 ---
-<!-- METADATA:START -->
 sidebar_position: 8
 id: 9
 title: Ensure that all the commits are scanned
 slug: /details/scanCommitsForSensitiveInfo
-<!-- METADATA:END -->
 ---
 
-<!-- TITLE:START -->
-# Ensure that all the commits are scanned
-<!-- TITLE:END -->
-
 ## Use Case
 <!-- LEVELS:START -->
 - Incubating: expected
diff --git a/docs/details/securityMdMeetsOpenJSCVD.mdx b/docs/details/securityMdMeetsOpenJSCVD.mdx
index c6a9db3..0ee2dd3 100644
--- a/docs/details/securityMdMeetsOpenJSCVD.mdx
+++ b/docs/details/securityMdMeetsOpenJSCVD.mdx
@@ -1,16 +1,10 @@
 ---
-<!-- METADATA:START -->
 sidebar_position: 26
 id: 27
 title: Ensure Security.md Meets OpenJS CVD Guidelines
 slug: /details/securityMdMeetsOpenJSCVD
-<!-- METADATA:END -->
 ---
 
-<!-- TITLE:START -->
-# Ensure Security.md Meets OpenJS CVD Guidelines
-<!-- TITLE:END -->
-
 ## Use Case
 <!-- LEVELS:START -->
 - Incubating: expected
diff --git a/docs/details/softwareArchitectureDocs.mdx b/docs/details/softwareArchitectureDocs.mdx
index 6371685..e11aebb 100644
--- a/docs/details/softwareArchitectureDocs.mdx
+++ b/docs/details/softwareArchitectureDocs.mdx
@@ -1,16 +1,10 @@
 ---
-<!-- METADATA:START -->
 sidebar_position: 46
 id: 47
 title: Document Software Architecture
 slug: /details/softwareArchitectureDocs
-<!-- METADATA:END -->
 ---
 
-<!-- TITLE:START -->
-# Document Software Architecture
-<!-- TITLE:END -->
-
 ## Use Case
 <!-- LEVELS:START -->
 - Incubating: deferrable
diff --git a/docs/details/softwareDesignTraining.mdx b/docs/details/softwareDesignTraining.mdx
index 25d54fa..b0ba181 100644
--- a/docs/details/softwareDesignTraining.mdx
+++ b/docs/details/softwareDesignTraining.mdx
@@ -1,16 +1,10 @@
 ---
-<!-- METADATA:START -->
 sidebar_position: 1
 id: 1
 title: Training on Secure Software Design
 slug: /details/softwareDesignTraining
-<!-- METADATA:END -->
 ---
 
-<!-- TITLE:START -->
-# Training on Secure Software Design
-<!-- TITLE:END -->
-
 ## Use Case
 <!-- LEVELS:START -->
 - Incubating: expected
diff --git a/docs/details/staticAppSecTesting.mdx b/docs/details/staticAppSecTesting.mdx
index cf98378..cde9980 100644
--- a/docs/details/staticAppSecTesting.mdx
+++ b/docs/details/staticAppSecTesting.mdx
@@ -1,16 +1,10 @@
 ---
-<!-- METADATA:START -->
 sidebar_position: 24
 id: 25
 title: Use Static Application Security Testing for All Commits
 slug: /details/staticAppSecTesting
-<!-- METADATA:END -->
 ---
 
-<!-- TITLE:START -->
-# Use Static Application Security Testing for All Commits
-<!-- TITLE:END -->
-
 ## Use Case
 <!-- LEVELS:START -->
 - Incubating: expected
diff --git a/docs/details/staticCodeAnalysis.mdx b/docs/details/staticCodeAnalysis.mdx
index 48d3b51..32b8d5c 100644
--- a/docs/details/staticCodeAnalysis.mdx
+++ b/docs/details/staticCodeAnalysis.mdx
@@ -1,16 +1,10 @@
 ---
-<!-- METADATA:START -->
 sidebar_position: 22
 id: 23
 title: Use Automated Static Code Analysis Tools
 slug: /details/staticCodeAnalysis
-<!-- METADATA:END -->
 ---
 
-<!-- TITLE:START -->
-# Use Automated Static Code Analysis Tools
-<!-- TITLE:END -->
-
 ## Use Case
 <!-- LEVELS:START -->
 - Incubating: expected
diff --git a/docs/details/twoOrMoreOwnersForAccess.mdx b/docs/details/twoOrMoreOwnersForAccess.mdx
index efca94e..d06ffc7 100644
--- a/docs/details/twoOrMoreOwnersForAccess.mdx
+++ b/docs/details/twoOrMoreOwnersForAccess.mdx
@@ -1,16 +1,10 @@
 ---
-<!-- METADATA:START -->
 sidebar_position: 18
 id: 19
 title: Configure Two or more Owners for Access Continuity
 slug: /details/twoOrMoreOwnersForAccess
-<!-- METADATA:END -->
 ---
 
-<!-- TITLE:START -->
-# Configure Two or more Owners for Access Continuity
-<!-- TITLE:END -->
-
 ## Use Case
 <!-- LEVELS:START -->
 - Incubating: expected
diff --git a/docs/details/upToDateDefaultBranchBeforeMerge.mdx b/docs/details/upToDateDefaultBranchBeforeMerge.mdx
index e38f707..e057a4d 100644
--- a/docs/details/upToDateDefaultBranchBeforeMerge.mdx
+++ b/docs/details/upToDateDefaultBranchBeforeMerge.mdx
@@ -1,16 +1,10 @@
 ---
-<!-- METADATA:START -->
 sidebar_position: 37
 id: 38
 title: Require Default Branch Updates Before Merging
 slug: /details/upToDateDefaultBranchBeforeMerge
-<!-- METADATA:END -->
 ---
 
-<!-- TITLE:START -->
-# Require Default Branch Updates Before Merging
-<!-- TITLE:END -->
-
 ## Use Case
 <!-- LEVELS:START -->
 - Incubating: expected
diff --git a/docs/details/upgradePathDocs.mdx b/docs/details/upgradePathDocs.mdx
index 4e92e20..342f7ed 100644
--- a/docs/details/upgradePathDocs.mdx
+++ b/docs/details/upgradePathDocs.mdx
@@ -1,16 +1,10 @@
 ---
-<!-- METADATA:START -->
 sidebar_position: 45
 id: 46
 title: Support Older Versions or Provide Upgrade Paths
 slug: /details/upgradePathDocs
-<!-- METADATA:END -->
 ---
 
-<!-- TITLE:START -->
-# Support Older Versions or Provide Upgrade Paths
-<!-- TITLE:END -->
-
 ## Use Case
 <!-- LEVELS:START -->
 - Incubating: expected
diff --git a/docs/details/useCVDToolForVulns.mdx b/docs/details/useCVDToolForVulns.mdx
index 11ce4c7..4b2ebe5 100644
--- a/docs/details/useCVDToolForVulns.mdx
+++ b/docs/details/useCVDToolForVulns.mdx
@@ -1,16 +1,10 @@
 ---
-<!-- METADATA:START -->
 sidebar_position: 27
 id: 28
 title: Use CVD Tools to Manage Vulnerability Reports
 slug: /details/useCVDToolForVulns
-<!-- METADATA:END -->
 ---
 
-<!-- TITLE:START -->
-# Use CVD Tools to Manage Vulnerability Reports
-<!-- TITLE:END -->
-
 ## Use Case
 <!-- LEVELS:START -->
 - Incubating: expected
diff --git a/docs/details/useHwKeyGithubAccess.mdx b/docs/details/useHwKeyGithubAccess.mdx
index 9440c07..f696223 100644
--- a/docs/details/useHwKeyGithubAccess.mdx
+++ b/docs/details/useHwKeyGithubAccess.mdx
@@ -1,16 +1,10 @@
 ---
-<!-- METADATA:START -->
 sidebar_position: 53
 id: 54
 title: Use AAL2/3 Passkeys for GitHub Access
 slug: /details/useHwKeyGithubAccess
-<!-- METADATA:END -->
 ---
 
-<!-- TITLE:START -->
-# Use AAL2/3 Passkeys for GitHub Access
-<!-- TITLE:END -->
-
 ## Use Case
 <!-- LEVELS:START -->
 - Incubating: recommended
diff --git a/docs/details/useHwKeyGithubNonInteractive.mdx b/docs/details/useHwKeyGithubNonInteractive.mdx
index 094d1e5..6a4b2aa 100644
--- a/docs/details/useHwKeyGithubNonInteractive.mdx
+++ b/docs/details/useHwKeyGithubNonInteractive.mdx
@@ -1,16 +1,10 @@
 ---
-<!-- METADATA:START -->
 sidebar_position: 54
 id: 55
 title: Use AAL2/3 Passkeys for Non-Interactive GitHub Access
 slug: /details/useHwKeyGithubNonInteractive
-<!-- METADATA:END -->
 ---
 
-<!-- TITLE:START -->
-# Use AAL2/3 Passkeys for Non-Interactive GitHub Access
-<!-- TITLE:END -->
-
 ## Use Case
 <!-- LEVELS:START -->
 - Incubating: recommended
diff --git a/docs/details/useHwKeyOtherContexts.mdx b/docs/details/useHwKeyOtherContexts.mdx
index e1d89e0..e68d1e8 100644
--- a/docs/details/useHwKeyOtherContexts.mdx
+++ b/docs/details/useHwKeyOtherContexts.mdx
@@ -1,16 +1,10 @@
 ---
-<!-- METADATA:START -->
 sidebar_position: 55
 id: 56
 title: Use AAL2/3 Passkeys in All Other Contexts
 slug: /details/useHwKeyOtherContexts
-<!-- METADATA:END -->
 ---
 
-<!-- TITLE:START -->
-# Use AAL2/3 Passkeys in All Other Contexts
-<!-- TITLE:END -->
-
 ## Use Case
 <!-- LEVELS:START -->
 - Incubating: recommended
diff --git a/docs/details/verifiedActionsOnly.mdx b/docs/details/verifiedActionsOnly.mdx
index b574d49..b894959 100644
--- a/docs/details/verifiedActionsOnly.mdx
+++ b/docs/details/verifiedActionsOnly.mdx
@@ -1,16 +1,10 @@
 ---
-<!-- METADATA:START -->
 sidebar_position: 39
 id: 40
 title: Limit GitHub Actions to Verified or Trusted Actions
 slug: /details/verifiedActionsOnly
-<!-- METADATA:END -->
 ---
 
-<!-- TITLE:START -->
-# Limit GitHub Actions to Verified or Trusted Actions
-<!-- TITLE:END -->
-
 ## Use Case
 <!-- LEVELS:START -->
 - Incubating: expected
diff --git a/docs/details/vulnResponse14Days.mdx b/docs/details/vulnResponse14Days.mdx
index 93fc553..bbdfef0 100644
--- a/docs/details/vulnResponse14Days.mdx
+++ b/docs/details/vulnResponse14Days.mdx
@@ -1,16 +1,10 @@
 ---
-<!-- METADATA:START -->
 sidebar_position: 28
 id: 29
 title: Respond to External Vulnerability Reports in Under 14 Days
 slug: /details/vulnResponse14Days
-<!-- METADATA:END -->
 ---
 
-<!-- TITLE:START -->
-# Respond to External Vulnerability Reports in Under 14 Days
-<!-- TITLE:END -->
-
 ## Use Case
 <!-- LEVELS:START -->
 - Incubating: expected
diff --git a/docs/details/workflowSecurityScanner.mdx b/docs/details/workflowSecurityScanner.mdx
index 53808fd..03885bf 100644
--- a/docs/details/workflowSecurityScanner.mdx
+++ b/docs/details/workflowSecurityScanner.mdx
@@ -1,16 +1,10 @@
 ---
-<!-- METADATA:START -->
 sidebar_position: 57
 id: 58
 title: Use Workflow Security Scanners
 slug: /details/workflowSecurityScanner
-<!-- METADATA:END -->
 ---
 
-<!-- TITLE:START -->
-# Use Workflow Security Scanners
-<!-- TITLE:END -->
-
 ## Use Case
 <!-- LEVELS:START -->
 - Incubating: recommended

From 49ba99c15835032c9f4ca691eab84955827af86b Mon Sep 17 00:00:00 2001
From: Ulises Gascon <ulisesgascongonzalez@gmail.com>
Date: Sun, 8 Dec 2024 03:15:55 +0100
Subject: [PATCH 08/16] chore: migrate to block renderization approach

---
 scripts/populate-details.js         | 23 +++++++++++++++--------
 scripts/populate-implementations.js | 20 +++++++++++---------
 2 files changed, 26 insertions(+), 17 deletions(-)

diff --git a/scripts/populate-details.js b/scripts/populate-details.js
index 5898ca7..4bd7f32 100644
--- a/scripts/populate-details.js
+++ b/scripts/populate-details.js
@@ -54,27 +54,34 @@ const renderDetails = (check) => {
 
 // Prepare the markdown files
 checks.forEach((check, index) => {
-  const fileContent = `---
+  const metadata = `---
 sidebar_position: ${index + 1}
 id: ${check.id}
 title: ${check.title}
 slug: /details/${check.code_name}
----
-
-## Use Case
-<!-- LEVELS:START -->
+---`.trim()
+  const levelsContent = `
 - Incubating: ${check.level_incubating_status}
 - Active: ${check.level_active_status}
 - Retiring: ${check.level_retiring_status}
+`.trim()
+  const descriptionContent = `## Description
+${check.description}`.trim()
+  const detailsContent = renderDetails(check)
+
+  const fileContent = `${metadata}
+
+## Use Case
+<!-- LEVELS:START -->
+${levelsContent}
 <!-- LEVELS:END -->
 
 <!-- DESCRIPTION:START -->
-## Description
-${check.description}
+${descriptionContent}
 <!-- DESCRIPTION:END -->
 
 <!-- DETAILS:START -->
-${renderDetails(check)}
+${detailsContent}
 <!-- DETAILS:END -->
 `
   const detination = path.join(process.cwd(), `docs/details/${check.code_name}.mdx`)
diff --git a/scripts/populate-implementations.js b/scripts/populate-implementations.js
index 0679509..7bb5c0b 100644
--- a/scripts/populate-implementations.js
+++ b/scripts/populate-implementations.js
@@ -39,27 +39,29 @@ const addRow = (item) => `| ${item.section_number}. ${capitalizeWords(item.secti
 
 // Prepare the markdown files
 projectStatus.forEach((status, index) => {
-  let fileContent = `---
+  const metadata = `---
 sidebar_position: ${index + 1}
 id: ${status}
 title: ${status.charAt(0).toUpperCase() + status.slice(1)}
 slug: /implementations/${status}
----
-
-<!-- LIST:START -->
-`
-
-  fileContent += implementationPriority.map(priority => {
+---`.trim()
+  const listContent = implementationPriority.map(priority => {
     if (data[status][priority].length === 0) return ''
 
     return `
 ## ${priority.charAt(0).toUpperCase() + priority.slice(1)}
 ${addHeader()}
 ${data[status][priority].map(addRow).join('\n')}
-    `
+  `
   }).join('\n')
 
-  fileContent += '\n<!-- LIST:END -->'
+  const fileContent = `${metadata}
+<!-- LIST:START -->
+
+<!-- LIST:END -->
+${listContent}
+<!-- LIST:END -->
+`
 
   const destination = path.join(process.cwd(), `docs/implementation/${status}.mdx`)
   writeFileSync(destination, fileContent)

From 9994faed7fc184da7354254dcd0019f60d0a690b Mon Sep 17 00:00:00 2001
From: Ulises Gascon <ulisesgascongonzalez@gmail.com>
Date: Sun, 8 Dec 2024 03:16:11 +0100
Subject: [PATCH 09/16] chore: update implementations

---
 docs/implementation/active.mdx     |  9 +++++----
 docs/implementation/incubating.mdx | 11 ++++++-----
 docs/implementation/retiring.mdx   |  9 +++++----
 3 files changed, 16 insertions(+), 13 deletions(-)

diff --git a/docs/implementation/active.mdx b/docs/implementation/active.mdx
index 88c49c9..addfa15 100644
--- a/docs/implementation/active.mdx
+++ b/docs/implementation/active.mdx
@@ -4,9 +4,10 @@ id: active
 title: Active
 slug: /implementations/active
 ---
-
 <!-- LIST:START -->
 
+<!-- LIST:END -->
+
 ## Expected
 
 | Section | Item | Priority Group | Details |
@@ -64,7 +65,7 @@ slug: /implementations/active
 | 10. Dependency Inventory | Provide Machine-Readable Dependency Lists | P14 | [details](/details/machineReadableDependencies) |
 | 10. Dependency Inventory | Uniquely Identify Modified Dependencies | P14 | [details](/details/identifyModifiedDependencies) |
 | 5. Vulnerability Management | Refresh Dependencies with Annual Releases | P14 | [details](/details/annualDependencyRefresh) |
-    
+  
 
 
 ## Recommended
@@ -90,5 +91,5 @@ slug: /implementations/active
 | 2. User Account Permissions | Limit GitHub Repo Admins to Fewer Than Three | R7 | [details](/details/limitRepoAdmins) |
 | 5. Vulnerability Management | Patch Critical/High Vulnerabilities in 14 Days | R8 | [details](/details/patchExploitableHighVulns14Days) |
 | 5. Vulnerability Management | Patch Non-Critical Vulnerabilities in 60 Days | R8 | [details](/details/patchExploitableNoncCriticalVulns60Days) |
-    
-<!-- LIST:END -->
\ No newline at end of file
+  
+<!-- LIST:END -->
diff --git a/docs/implementation/incubating.mdx b/docs/implementation/incubating.mdx
index e0e09c5..29eeaa7 100644
--- a/docs/implementation/incubating.mdx
+++ b/docs/implementation/incubating.mdx
@@ -4,9 +4,10 @@ id: incubating
 title: Incubating
 slug: /implementations/incubating
 ---
-
 <!-- LIST:START -->
 
+<!-- LIST:END -->
+
 ## Expected
 
 | Section | Item | Priority Group | Details |
@@ -60,7 +61,7 @@ slug: /implementations/incubating
 | 10. Dependency Inventory | Provide Machine-Readable Dependency Lists | P14 | [details](/details/machineReadableDependencies) |
 | 10. Dependency Inventory | Uniquely Identify Modified Dependencies | P14 | [details](/details/identifyModifiedDependencies) |
 | 5. Vulnerability Management | Refresh Dependencies with Annual Releases | P14 | [details](/details/annualDependencyRefresh) |
-    
+  
 
 ## Deferrable
 
@@ -70,7 +71,7 @@ slug: /implementations/incubating
 | 8. Code Review | Document Software Architecture | P12 | [details](/details/softwareArchitectureDocs) |
 | 9. Source Control | Automate CI/CD Steps in Code-Based Pipelines | P12 | [details](/details/ciAndCdPipelineAsCode) |
 | 4. Github Workflows | Pin Actions with Secrets to Full-Length Commit SHAs | P13 | [details](/details/pinActionsToSHA) |
-    
+  
 
 ## Recommended
 
@@ -95,5 +96,5 @@ slug: /implementations/incubating
 | 2. User Account Permissions | Limit GitHub Repo Admins to Fewer Than Three | R7 | [details](/details/limitRepoAdmins) |
 | 5. Vulnerability Management | Patch Critical/High Vulnerabilities in 14 Days | R8 | [details](/details/patchExploitableHighVulns14Days) |
 | 5. Vulnerability Management | Patch Non-Critical Vulnerabilities in 60 Days | R8 | [details](/details/patchExploitableNoncCriticalVulns60Days) |
-    
-<!-- LIST:END -->
\ No newline at end of file
+  
+<!-- LIST:END -->
diff --git a/docs/implementation/retiring.mdx b/docs/implementation/retiring.mdx
index e185104..2cd7864 100644
--- a/docs/implementation/retiring.mdx
+++ b/docs/implementation/retiring.mdx
@@ -4,9 +4,10 @@ id: retiring
 title: Retiring
 slug: /implementations/retiring
 ---
-
 <!-- LIST:START -->
 
+<!-- LIST:END -->
+
 ## Expected
 
 | Section | Item | Priority Group | Details |
@@ -43,7 +44,7 @@ slug: /implementations/retiring
 | 10. Dependency Inventory | Automate Monitoring of Outdated Dependencies | P14 | [details](/details/automateDependencyManagement) |
 | 10. Dependency Inventory | Provide Machine-Readable Dependency Lists | P14 | [details](/details/machineReadableDependencies) |
 | 10. Dependency Inventory | Uniquely Identify Modified Dependencies | P14 | [details](/details/identifyModifiedDependencies) |
-    
+  
 
 
 ## Recommended
@@ -63,5 +64,5 @@ slug: /implementations/retiring
 | 9. Source Control | Require Approved PRs for Mainline Commits (Two+ Maintainers) | R6 | [details](/details/requirePRApprovalForMainline) |
 | 2. User Account Permissions | Limit GitHub Org Owners to Fewer Than Three | R7 | [details](/details/limitOrgOwners) |
 | 2. User Account Permissions | Limit GitHub Repo Admins to Fewer Than Three | R7 | [details](/details/limitRepoAdmins) |
-    
-<!-- LIST:END -->
\ No newline at end of file
+  
+<!-- LIST:END -->

From 403e0a537bb10c0b868063ff993c8b45ace6e945 Mon Sep 17 00:00:00 2001
From: Ulises Gascon <ulisesgascongonzalez@gmail.com>
Date: Sun, 8 Dec 2024 03:16:21 +0100
Subject: [PATCH 10/16] chore: update details

---
 docs/details/MFAImpersonationDefense.mdx     | 2 +-
 docs/details/scanCommitsForSensitiveInfo.mdx | 2 +-
 docs/details/securityMdMeetsOpenJSCVD.mdx    | 2 +-
 3 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/docs/details/MFAImpersonationDefense.mdx b/docs/details/MFAImpersonationDefense.mdx
index 9ed53e6..887cd88 100644
--- a/docs/details/MFAImpersonationDefense.mdx
+++ b/docs/details/MFAImpersonationDefense.mdx
@@ -14,7 +14,7 @@ slug: /details/MFAImpersonationDefense
 
 <!-- DESCRIPTION:START -->
 ## Description
-Use Multi Factor Authentication (MFA) Methods that Defend Against Impersonation when Available 
+Use Multi Factor Authentication (MFA) Methods that Defend Against Impersonation when Available
 <!-- DESCRIPTION:END -->
 
 <!-- DETAILS:START -->
diff --git a/docs/details/scanCommitsForSensitiveInfo.mdx b/docs/details/scanCommitsForSensitiveInfo.mdx
index 219b333..0ba41c4 100644
--- a/docs/details/scanCommitsForSensitiveInfo.mdx
+++ b/docs/details/scanCommitsForSensitiveInfo.mdx
@@ -14,7 +14,7 @@ slug: /details/scanCommitsForSensitiveInfo
 
 <!-- DESCRIPTION:START -->
 ## Description
-All Commits are Scanned for Secrets and Credentials 
+All Commits are Scanned for Secrets and Credentials
 <!-- DESCRIPTION:END -->
 
 <!-- DETAILS:START -->
diff --git a/docs/details/securityMdMeetsOpenJSCVD.mdx b/docs/details/securityMdMeetsOpenJSCVD.mdx
index 0ee2dd3..b34325a 100644
--- a/docs/details/securityMdMeetsOpenJSCVD.mdx
+++ b/docs/details/securityMdMeetsOpenJSCVD.mdx
@@ -14,7 +14,7 @@ slug: /details/securityMdMeetsOpenJSCVD
 
 <!-- DESCRIPTION:START -->
 ## Description
-Security.md Meets OpenJS CVD Guidelines 
+Security.md Meets OpenJS CVD Guidelines
 <!-- DESCRIPTION:END -->
 
 <!-- DETAILS:START -->

From 016063b3bcd5940e23857ba5a59745e95fafe1d1 Mon Sep 17 00:00:00 2001
From: Ulises Gascon <ulisesgascongonzalez@gmail.com>
Date: Sun, 8 Dec 2024 03:39:43 +0100
Subject: [PATCH 11/16] feat: add dependency
 `@ulisesgascon/text-tags-manager@2.0.0`

---
 package-lock.json | 9 +++++++++
 package.json      | 1 +
 2 files changed, 10 insertions(+)

diff --git a/package-lock.json b/package-lock.json
index e5e0167..947ccf6 100644
--- a/package-lock.json
+++ b/package-lock.json
@@ -14,6 +14,7 @@
                 "@docusaurus/preset-classic": "2.0.0-beta.14",
                 "@mdx-js/react": "1.6.21",
                 "@snyk/protect": "1.893.0",
+                "@ulisesgascon/text-tags-manager": "2.0.0",
                 "clsx": "1.1.1",
                 "husky": "7.0.4",
                 "jest": "27.5.1",
@@ -4178,6 +4179,14 @@
             "resolved": "https://registry.npmjs.org/@types/yargs-parser/-/yargs-parser-21.0.3.tgz",
             "integrity": "sha512-I4q9QU9MQv4oEOz4tAHJtNz1cwuLxn2F3xcc2iV5WdqLPpUnj30aUuxt1mAxYTG+oe8CZMV/+6rU4S4gRDzqtQ=="
         },
+        "node_modules/@ulisesgascon/text-tags-manager": {
+            "version": "2.0.0",
+            "resolved": "https://registry.npmjs.org/@ulisesgascon/text-tags-manager/-/text-tags-manager-2.0.0.tgz",
+            "integrity": "sha512-H0x8ut2O//hFYDaalfXA3wYobBXXeY+jq2z5Hj4xvhcOY7gB+yFVI+2OBR8wehpcOWoHytGCO6YhBKgfEfr1WQ==",
+            "engines": {
+                "node": ">=18.0.0"
+            }
+        },
         "node_modules/@webassemblyjs/ast": {
             "version": "1.12.1",
             "resolved": "https://registry.npmjs.org/@webassemblyjs/ast/-/ast-1.12.1.tgz",
diff --git a/package.json b/package.json
index 0f2d070..0da2570 100644
--- a/package.json
+++ b/package.json
@@ -29,6 +29,7 @@
         "@docusaurus/preset-classic": "2.0.0-beta.14",
         "@mdx-js/react": "1.6.21",
         "@snyk/protect": "1.893.0",
+        "@ulisesgascon/text-tags-manager": "2.0.0",
         "clsx": "1.1.1",
         "husky": "7.0.4",
         "jest": "27.5.1",

From bc826dcb67d7c46f8f0a4f5ebda4cccf97d7a9b9 Mon Sep 17 00:00:00 2001
From: Ulises Gascon <ulisesgascongonzalez@gmail.com>
Date: Sun, 8 Dec 2024 03:50:03 +0100
Subject: [PATCH 12/16] fix: clean implementations files from duplicated tags

---
 docs/implementation/active.mdx     | 7 +++----
 docs/implementation/incubating.mdx | 9 ++++-----
 docs/implementation/retiring.mdx   | 7 +++----
 3 files changed, 10 insertions(+), 13 deletions(-)

diff --git a/docs/implementation/active.mdx b/docs/implementation/active.mdx
index addfa15..5a50e69 100644
--- a/docs/implementation/active.mdx
+++ b/docs/implementation/active.mdx
@@ -4,9 +4,8 @@ id: active
 title: Active
 slug: /implementations/active
 ---
-<!-- LIST:START -->
 
-<!-- LIST:END -->
+<!-- LIST:START -->
 
 ## Expected
 
@@ -65,7 +64,7 @@ slug: /implementations/active
 | 10. Dependency Inventory | Provide Machine-Readable Dependency Lists | P14 | [details](/details/machineReadableDependencies) |
 | 10. Dependency Inventory | Uniquely Identify Modified Dependencies | P14 | [details](/details/identifyModifiedDependencies) |
 | 5. Vulnerability Management | Refresh Dependencies with Annual Releases | P14 | [details](/details/annualDependencyRefresh) |
-  
+
 
 
 ## Recommended
@@ -91,5 +90,5 @@ slug: /implementations/active
 | 2. User Account Permissions | Limit GitHub Repo Admins to Fewer Than Three | R7 | [details](/details/limitRepoAdmins) |
 | 5. Vulnerability Management | Patch Critical/High Vulnerabilities in 14 Days | R8 | [details](/details/patchExploitableHighVulns14Days) |
 | 5. Vulnerability Management | Patch Non-Critical Vulnerabilities in 60 Days | R8 | [details](/details/patchExploitableNoncCriticalVulns60Days) |
-  
+
 <!-- LIST:END -->
diff --git a/docs/implementation/incubating.mdx b/docs/implementation/incubating.mdx
index 29eeaa7..9b9fe74 100644
--- a/docs/implementation/incubating.mdx
+++ b/docs/implementation/incubating.mdx
@@ -4,9 +4,8 @@ id: incubating
 title: Incubating
 slug: /implementations/incubating
 ---
-<!-- LIST:START -->
 
-<!-- LIST:END -->
+<!-- LIST:START -->
 
 ## Expected
 
@@ -61,7 +60,7 @@ slug: /implementations/incubating
 | 10. Dependency Inventory | Provide Machine-Readable Dependency Lists | P14 | [details](/details/machineReadableDependencies) |
 | 10. Dependency Inventory | Uniquely Identify Modified Dependencies | P14 | [details](/details/identifyModifiedDependencies) |
 | 5. Vulnerability Management | Refresh Dependencies with Annual Releases | P14 | [details](/details/annualDependencyRefresh) |
-  
+
 
 ## Deferrable
 
@@ -71,7 +70,7 @@ slug: /implementations/incubating
 | 8. Code Review | Document Software Architecture | P12 | [details](/details/softwareArchitectureDocs) |
 | 9. Source Control | Automate CI/CD Steps in Code-Based Pipelines | P12 | [details](/details/ciAndCdPipelineAsCode) |
 | 4. Github Workflows | Pin Actions with Secrets to Full-Length Commit SHAs | P13 | [details](/details/pinActionsToSHA) |
-  
+
 
 ## Recommended
 
@@ -96,5 +95,5 @@ slug: /implementations/incubating
 | 2. User Account Permissions | Limit GitHub Repo Admins to Fewer Than Three | R7 | [details](/details/limitRepoAdmins) |
 | 5. Vulnerability Management | Patch Critical/High Vulnerabilities in 14 Days | R8 | [details](/details/patchExploitableHighVulns14Days) |
 | 5. Vulnerability Management | Patch Non-Critical Vulnerabilities in 60 Days | R8 | [details](/details/patchExploitableNoncCriticalVulns60Days) |
-  
+
 <!-- LIST:END -->
diff --git a/docs/implementation/retiring.mdx b/docs/implementation/retiring.mdx
index 2cd7864..ea89a9e 100644
--- a/docs/implementation/retiring.mdx
+++ b/docs/implementation/retiring.mdx
@@ -4,9 +4,8 @@ id: retiring
 title: Retiring
 slug: /implementations/retiring
 ---
-<!-- LIST:START -->
 
-<!-- LIST:END -->
+<!-- LIST:START -->
 
 ## Expected
 
@@ -44,7 +43,7 @@ slug: /implementations/retiring
 | 10. Dependency Inventory | Automate Monitoring of Outdated Dependencies | P14 | [details](/details/automateDependencyManagement) |
 | 10. Dependency Inventory | Provide Machine-Readable Dependency Lists | P14 | [details](/details/machineReadableDependencies) |
 | 10. Dependency Inventory | Uniquely Identify Modified Dependencies | P14 | [details](/details/identifyModifiedDependencies) |
-  
+
 
 
 ## Recommended
@@ -64,5 +63,5 @@ slug: /implementations/retiring
 | 9. Source Control | Require Approved PRs for Mainline Commits (Two+ Maintainers) | R6 | [details](/details/requirePRApprovalForMainline) |
 | 2. User Account Permissions | Limit GitHub Org Owners to Fewer Than Three | R7 | [details](/details/limitOrgOwners) |
 | 2. User Account Permissions | Limit GitHub Repo Admins to Fewer Than Three | R7 | [details](/details/limitRepoAdmins) |
-  
+
 <!-- LIST:END -->

From 09d66e1783cc57cbf25985901d2ea20aaa5f5048 Mon Sep 17 00:00:00 2001
From: Ulises Gascon <ulisesgascongonzalez@gmail.com>
Date: Sun, 8 Dec 2024 03:55:02 +0100
Subject: [PATCH 13/16] feat: add support to update existing details and keep
 manual additions

---
 scripts/populate-details.js | 59 ++++++++++++++++++++++++++++++-------
 1 file changed, 49 insertions(+), 10 deletions(-)

diff --git a/scripts/populate-details.js b/scripts/populate-details.js
index 4bd7f32..a3132a1 100644
--- a/scripts/populate-details.js
+++ b/scripts/populate-details.js
@@ -1,7 +1,18 @@
-const { writeFileSync } = require('fs')
+const { writeFileSync, existsSync, readFileSync } = require('fs')
+const { updateOrCreateSegment } = require('@ulisesgascon/text-tags-manager')
 const path = require('path')
 
 const checks = require('../data/checks.json')
+const levelsStartTag = '<!-- LEVELS:START -->'
+const levelsEndTag = '<!-- LEVELS:END -->'
+const descriptionStartTag = '<!-- DESCRIPTION:START -->'
+const descriptionEndTag = '<!-- DESCRIPTION:END -->'
+const detailsStartTag = '<!-- DETAILS:START -->'
+const detailsEndTag = '<!-- DETAILS:END -->'
+// @TODO: Move this function to a shared file
+const replaceMetadata = (fileContent, metadata) => {
+  return fileContent.replace(/---[^]*?---/, metadata)
+}
 
 const addImplementationDetails = (check) => {
   if (!check.implementation_type) {
@@ -69,21 +80,49 @@ slug: /details/${check.code_name}
 ${check.description}`.trim()
   const detailsContent = renderDetails(check)
 
-  const fileContent = `${metadata}
+  let fileContent = `${metadata}
 
 ## Use Case
-<!-- LEVELS:START -->
+${levelsStartTag}
 ${levelsContent}
-<!-- LEVELS:END -->
+${levelsEndTag}
 
-<!-- DESCRIPTION:START -->
+${descriptionStartTag}
 ${descriptionContent}
-<!-- DESCRIPTION:END -->
+${descriptionEndTag}
 
-<!-- DETAILS:START -->
+${detailsStartTag}
+${detailsContent}
 ${detailsContent}
-<!-- DETAILS:END -->
 `
-  const detination = path.join(process.cwd(), `docs/details/${check.code_name}.mdx`)
-  writeFileSync(detination, fileContent)
+  const updateContent = (currentContent) => {
+    fileContent = currentContent
+    replaceMetadata(fileContent, metadata)
+    fileContent = updateOrCreateSegment({
+      original: fileContent,
+      replacementSegment: levelsContent,
+      startTag: levelsStartTag,
+      endTag: levelsEndTag
+    })
+    fileContent = updateOrCreateSegment({
+      original: fileContent,
+      replacementSegment: descriptionContent,
+      startTag: descriptionStartTag,
+      endTag: descriptionEndTag
+    })
+    fileContent = updateOrCreateSegment({
+      original: fileContent,
+      replacementSegment: detailsContent,
+      startTag: detailsStartTag,
+      endTag: detailsEndTag
+    })
+  }
+
+  const destination = path.join(process.cwd(), `docs/details/${check.code_name}.mdx`)
+  const fileExists = existsSync(destination)
+  if (fileExists) {
+    const currentFileContent = readFileSync(destination, 'utf8')
+    updateContent(currentFileContent)
+  }
+  writeFileSync(destination, fileContent)
 })

From 8f373038ceacdde202e598473e35b9fa92ec688e Mon Sep 17 00:00:00 2001
From: Ulises Gascon <ulisesgascongonzalez@gmail.com>
Date: Sun, 8 Dec 2024 03:55:31 +0100
Subject: [PATCH 14/16] feat: add support to update implementations and keep
 manual additions

---
 scripts/populate-implementations.js | 34 ++++++++++++++++++++++++-----
 1 file changed, 28 insertions(+), 6 deletions(-)

diff --git a/scripts/populate-implementations.js b/scripts/populate-implementations.js
index 7bb5c0b..edea85b 100644
--- a/scripts/populate-implementations.js
+++ b/scripts/populate-implementations.js
@@ -1,13 +1,21 @@
-const { writeFileSync } = require('fs')
+const { writeFileSync, existsSync, readFileSync } = require('fs')
+const { updateOrCreateSegment } = require('@ulisesgascon/text-tags-manager')
 const path = require('path')
 
 const checks = require('../data/checks.json')
+const listStartTag = '<!-- LIST:START -->'
+const listEndTag = '<!-- LIST:END -->'
 
 const projectStatus = ['incubating', 'active', 'retiring']
 const implementationPriority = ['expected', 'deferrable', 'recommended']
 const data = {}
 const files = {}
+// @TODO: Move this function to a shared file
 const capitalizeWords = str => str.split(' ').map(w => w[0].toUpperCase() + w.slice(1).toLowerCase()).join(' ')
+// @TODO: Move this function to a shared file
+const replaceMetadata = (fileContent, metadata) => {
+  return fileContent.replace(/---[^]*?---/, metadata)
+}
 
 // Basic structure of the data object
 projectStatus.forEach(status => {
@@ -52,17 +60,31 @@ slug: /implementations/${status}
 ## ${priority.charAt(0).toUpperCase() + priority.slice(1)}
 ${addHeader()}
 ${data[status][priority].map(addRow).join('\n')}
-  `
+`
   }).join('\n')
 
-  const fileContent = `${metadata}
-<!-- LIST:START -->
+  let fileContent = `${metadata}
 
-<!-- LIST:END -->
+${listStartTag}
 ${listContent}
-<!-- LIST:END -->
+${listEndTag}
 `
+  const updateContent = (currentContent) => {
+    fileContent = currentContent
+    replaceMetadata(fileContent, metadata)
+    fileContent = updateOrCreateSegment({
+      original: fileContent,
+      replacementSegment: listContent,
+      startTag: listStartTag,
+      endTag: listEndTag
+    })
+  }
 
   const destination = path.join(process.cwd(), `docs/implementation/${status}.mdx`)
+  const fileExists = existsSync(destination)
+  if (fileExists) {
+    const currentFileContent = readFileSync(destination, 'utf8')
+    updateContent(currentFileContent)
+  }
   writeFileSync(destination, fileContent)
 })

From 8460de478ebb0fc7cbb6dbc0dbe768be7bb4c14c Mon Sep 17 00:00:00 2001
From: Ulises Gascon <ulisesgascongonzalez@gmail.com>
Date: Sun, 8 Dec 2024 03:57:50 +0100
Subject: [PATCH 15/16] feat: recover manual annotations for `githubOrgMFA`

Revert b216d3c33d9df4a1378939b7979926bc909675c4
---
 docs/details/githubOrgMFA.mdx | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/docs/details/githubOrgMFA.mdx b/docs/details/githubOrgMFA.mdx
index 85e644a..f9fcc9a 100644
--- a/docs/details/githubOrgMFA.mdx
+++ b/docs/details/githubOrgMFA.mdx
@@ -17,6 +17,10 @@ slug: /details/githubOrgMFA
 Multi Factor Authentication (MFA) Enforced Across the Github Organization
 <!-- DESCRIPTION:END -->
 
+## Dashboard Inclusion
+
+We use the field `two_factor_requirement_enabled` from the GitHub Organization API to check if the project has enforced this policy. [More information](https://github.com/secure-dashboards/openjs-foundation-dashboard/issues/43)
+
 <!-- DETAILS:START -->
 ## Details
 - Implementation Status: completed

From cc83c54c5bf29369956f82bc2b09a90abda434e1 Mon Sep 17 00:00:00 2001
From: Ulises Gascon <ulisesgascongonzalez@gmail.com>
Date: Sun, 8 Dec 2024 04:05:51 +0100
Subject: [PATCH 16/16] doc: explain the use of tags in the dynamic content

---
 README.md | 14 ++++++++++++++
 1 file changed, 14 insertions(+)

diff --git a/README.md b/README.md
index fcf99f1..e95c288 100644
--- a/README.md
+++ b/README.md
@@ -57,3 +57,17 @@ npm run populate-implementations
 
 This will autopolulate the details and implementations sections of the website, respectively. So make sure to commit the changes.
 
+### Improve the content via PR(s)
+
+If you want to enhance any page, you can do so as you would in any other project (via a Pull Request, [example](https://github.com/secure-dashboards/openjs-security-program-standards/pull/9)). However, please note certain rules, as some parts of the files are dynamically generated, and your changes could be overwritten.
+
+**Rules**
+1. Metadata is added automatically. Manual additions or modifications to metadata are not allowed.
+2. You can contribute any content to any file, but avoid making changes within the sections enclosed by specific tags, as these sections are dynamically generated. For example:
+    ```plaintext
+    OK
+    <!-- DESCRIPTION:START -->
+    AVOID (AUTOMATED)
+    <!-- DESCRIPTION:END -->
+    OK
+    ```
\ No newline at end of file