From 21eadaf1f3fc4dad637009810f331968011fffe9 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Oliver=20B=C3=A4hler?= Date: Tue, 24 Oct 2023 14:12:57 +0200 Subject: [PATCH] docs(repo): add security insights MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Oliver Bähler --- SECURITY-INSIGHTS.yml | 38 ++++++++++++++++++++++++++++++++++++++ 1 file changed, 38 insertions(+) create mode 100644 SECURITY-INSIGHTS.yml diff --git a/SECURITY-INSIGHTS.yml b/SECURITY-INSIGHTS.yml new file mode 100644 index 00000000..c22d0b29 --- /dev/null +++ b/SECURITY-INSIGHTS.yml @@ -0,0 +1,38 @@ +# Reference https://github.com/ossf/security-insights-spec/blob/v1.0.0/specification.md +header: + schema-version: 1.0.0 + expiration-date: '2024-10-24T01:00:00.000Z' + last-updated: '2023-10-24' + last-reviewed: '2023-10-24' + project-url: https://github.com/projectcapsule/capsule + changelog: https://github.com/projectcapsule/capsule/blob/main/CHANGELOG.md + license: https://github.com/projectcapsule/capsule/blob/main/LICENSE +project-lifecycle: + status: active + bug-fixes-only: false + core-maintainers: + - github:prometherion + - github:oliverbaehler + - github:bsctl + - github:MaxFedotov +contribution-policy: + accepts-pull-requests: true + accepts-automated-pull-requests: true + contributing-policy: https://github.com/projectcapsule/capsule/blob/main/CONTRIBUTING.md + code-of-conduct: https://github.com/projectcapsule/capsule/blob/main/CODE_OF_CONDUCT.md +vulnerability-reporting: + accepts-vulnerability-reports: true + security-policy: https://github.com/projectcapsule/capsule/blob/main/SECURITY.md + email-contact: cncf-capsule-maintainers@lists.cncf.io + comment: | + Report a vulnerability by using private security issues in GitHub. +security-testing: +- tool-type: sca + tool-name: Dependabot + tool-version: latest + integration: + ad-hoc: false + ci: true + before-release: true + comment: | + Dependabot is enabled for this repo.