Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

add security-insights.yml #5140

Merged
merged 1 commit into from
Jul 17, 2024
Merged

add security-insights.yml #5140

merged 1 commit into from
Jul 17, 2024

Conversation

zhzhuang-zju
Copy link
Contributor

What type of PR is this?
/kind documentation

What this PR does / why we need it:
provide an OpenSSF Security Insights manifest file.

Which issue(s) this PR fixes:
Parts of #5048

Special notes for your reviewer:

Does this PR introduce a user-facing change?:

@karmada-bot karmada-bot added the kind/documentation Categorizes issue or PR as related to documentation. label Jul 5, 2024
@karmada-bot karmada-bot added the size/M Denotes a PR that changes 30-99 lines, ignoring generated files. label Jul 5, 2024
@codecov-commenter
Copy link

codecov-commenter commented Jul 5, 2024
edited

⚠️ Please install the 'codecov app svg image' to ensure uploads and comments are reliably processed by Codecov.

Codecov Report

All modified and coverable lines are covered by tests ✅

Project coverage is 28.25%. Comparing base (8736fae) to head (7a55f03).
Report is 2 commits behind head on master.

❗ Your organization needs to install the Codecov GitHub app to enable full functionality.

Additional details and impacted files 
@@           Coverage Diff           @@
##           master    #5140   +/-   ##
=======================================
  Coverage   28.25%   28.25%           
=======================================
  Files         632      632           
  Lines       43722    43722           
=======================================
  Hits        12353    12353           
  Misses      30467    30467           
  Partials      902      902
Flag Coverage Δ
unittests 28.25% <ø> (ø)

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

liangyuanpeng
liangyuanpeng reviewed Jul 5, 2024
View reviewed changes
SECURITY-INSIGHTS.yml Outdated Show resolved Hide resolved
RainbowMango
RainbowMango reviewed Jul 9, 2024
View reviewed changes
Copy link
Member

@RainbowMango RainbowMango left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Who will use this security insight and how?

SECURITY-INSIGHTS.yml Outdated Show resolved Hide resolved
SECURITY-INSIGHTS.yml Show resolved Hide resolved
@zhzhuang-zju
Copy link
Contributor Author

Who will use this security insight and how?

Security-insights.yml provides a mechanism for projects to report information about their security in a machine-processable way. It is formatted as a YAML file to make it easy to read and edit by humans. And more info can refer to https://github.com/ossf/security-insights-spec

RainbowMango
RainbowMango reviewed Jul 16, 2024
View reviewed changes
SECURITY-INSIGHTS.yml Outdated
tool-url: 'https://github.com/dependabot'
- tool-type: 'sca'
tool-name: 'trivy'
tool-version: 'v0.52.2'
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
tool-version: 'v0.52.2'
tool-version: 'v0.52.3'

SECURITY-INSIGHTS.yml Show resolved Hide resolved
@zhzhuang-zju
add security-insights.yml
7a55f03 
Signed-off-by: zhzhuang-zju <m17799853869@163.com>
RainbowMango
RainbowMango approved these changes Jul 17, 2024
View reviewed changes
Copy link
Member

@RainbowMango RainbowMango left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

/approve

@liangyuanpeng Do you want to take another look?
This file is required by CLOMonitor, but to be honest I'm not sure who will benefit from this. Just follow the CLOMonitor instructions.

@karmada-bot
Copy link
Collaborator

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: RainbowMango

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@karmada-bot karmada-bot added the approved Indicates a PR has been approved by an approver from all required OWNERS files. label Jul 17, 2024
@liangyuanpeng
Copy link
Contributor

Just follow the CLOMonitor instructions.

/lgtm

@karmada-bot karmada-bot added the lgtm Indicates that a PR is ready to be merged. label Jul 17, 2024
@RainbowMango RainbowMango mentioned this pull request Jul 17, 2024
Open
24 tasks
@karmada-bot karmada-bot merged commit 7bbe998 into karmada-io:master Jul 17, 2024
12 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@liangyuanpeng liangyuanpeng liangyuanpeng left review comments

@RainbowMango RainbowMango RainbowMango approved these changes

@Garrybest Garrybest Awaiting requested review from Garrybest

@Poor12 Poor12 Awaiting requested review from Poor12

Assignees

@liangyuanpeng liangyuanpeng

Labels
approved Indicates a PR has been approved by an approver from all required OWNERS files. kind/documentation Categorizes issue or PR as related to documentation. lgtm Indicates that a PR is ready to be merged. size/M Denotes a PR that changes 30-99 lines, ignoring generated files.
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
5 participants
@zhzhuang-zju @codecov-commenter @karmada-bot @liangyuanpeng @RainbowMango