Skip to content

Commit 733f0bb

Browse files
committed
chore: Add SECURITY_INSIGHTS.yml
Signed-off-by: Víctor Cuadrado Juan <vcuadradojuan@suse.de>
1 parent c59f657 commit 733f0bb

File tree

1 file changed

+61
-0
lines changed

1 file changed

+61
-0
lines changed

SECURITY_INSIGHTS.yml

+61
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,61 @@
1+
header:
2+
schema-version: 1.0.0
3+
last-updated: "2024-08-12"
4+
last-reviewed: "2023-08-12"
5+
expiration-date: "2025-10-01T01:00:00.000Z"
6+
project-url: https://github.com/kubewarden/policy-server/
7+
changelog: https://github.com/kubewarden/policy-server/releases/latest
8+
license: https://github.com/kubewarden/policy-server/blob/main/LICENSE
9+
project-lifecycle:
10+
bug-fixes-only: false
11+
core-maintainers:
12+
- https://github.com/kubewarden/community?tab=readme-ov-file#maintainers
13+
roadmap: https://github.com/kubewarden/community?tab=readme-ov-file#roadmap
14+
status: active
15+
contribution-policy:
16+
accepts-pull-requests: true
17+
accepts-automated-pull-requests: true
18+
contributing-policy: https://github.com/kubewarden/policy-server/blob/main/CONTRIBUTING.md
19+
code-of-conduct: https://github.com/kubewarden/community/blob/main/CODE_OF_CONDUCT.md
20+
documentation:
21+
- https://docs.kubewarden.io
22+
distribution-points:
23+
- https://github.com/kubewarden/policy-server/
24+
- https://artifacthub.io/packages/helm/kubewarden/kubewarden-defaults
25+
- https://github.com/orgs/kubewarden/packages?repo_name=helm-charts
26+
security-artifacts:
27+
threat-model:
28+
threat-model-created: true
29+
evidence-url:
30+
- https://docs.kubewarden.io/reference/threat-model
31+
security-testing:
32+
- tool-type: sca
33+
tool-name: Dependabot
34+
tool-version: latest
35+
integration:
36+
ad-hoc: false
37+
ci: true
38+
before-release: true
39+
comment: |
40+
Dependabot is enabled for this repo.
41+
security-contacts:
42+
- type: website
43+
value: https://docs.kubewarden.io/disclosure
44+
vulnerability-reporting:
45+
accepts-vulnerability-reports: true
46+
security-policy: https://github.com/kubewarden/community/blob/main/SECURITY.md
47+
email-contact: cncf-kubewarden-maintainers@lists.cncf.io
48+
comment: |
49+
The first and best way to report a vulnerability is by using private security issues in GitHub or opening an issue on Github. We are also available on the Kubernetes Slack in the #kubewaden-dev channel.
50+
dependencies:
51+
third-party-packages: true
52+
dependencies-lists:
53+
- https://github.com/kubewarden/policy-server/blob/main/Cargo.lock
54+
sbom:
55+
- sbom-file: https://github.com/kubewarden/policy-server/releases/latest/download/policy-server-sbom-adm64.spdx
56+
sbom-format: SPDX
57+
sbom-url: https://github.com/anchore/sbom-action
58+
dependencies-lifecycle:
59+
policy-url: https://github.com/kubewarden/community/blob/main/SECURITY.md#security-patch-policy
60+
env-dependencies-policy:
61+
policy-url: https://github.com/kubewarden/community/blob/main/SECURITY.md#dependency-policy

0 commit comments

Comments
 (0)