-
Notifications
You must be signed in to change notification settings - Fork 859
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
add security-insights.yml #5140
Conversation
Codecov ReportAll modified and coverable lines are covered by tests ✅
❗ Your organization needs to install the Codecov GitHub app to enable full functionality. Additional details and impacted files@@ Coverage Diff @@
## master #5140 +/- ##
=======================================
Coverage 28.25% 28.25%
=======================================
Files 632 632
Lines 43722 43722
=======================================
Hits 12353 12353
Misses 30467 30467
Partials 902 902
Flags with carried forward coverage won't be shown. Click here to find out more. ☔ View full report in Codecov by Sentry. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Who will use this security insight and how?
Security-insights.yml provides a mechanism for projects to report information about their security in a machine-processable way. It is formatted as a YAML file to make it easy to read and edit by humans. And more info can refer to https://github.com/ossf/security-insights-spec |
20883f5
to
c52e453
Compare
SECURITY-INSIGHTS.yml
Outdated
tool-url: 'https://github.com/dependabot' | ||
- tool-type: 'sca' | ||
tool-name: 'trivy' | ||
tool-version: 'v0.52.2' |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
tool-version: 'v0.52.2' | |
tool-version: 'v0.52.3' |
c52e453
to
2c62f6f
Compare
Signed-off-by: zhzhuang-zju <m17799853869@163.com>
2c62f6f
to
7a55f03
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
/approve
@liangyuanpeng Do you want to take another look?
This file is required by CLOMonitor, but to be honest I'm not sure who will benefit from this. Just follow the CLOMonitor instructions.
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: RainbowMango The full list of commands accepted by this bot can be found here. The pull request process is described here
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
/lgtm |
What type of PR is this?
/kind documentation
What this PR does / why we need it:
provide an OpenSSF Security Insights manifest file.
Which issue(s) this PR fixes:
Parts of #5048
Special notes for your reviewer:
Does this PR introduce a user-facing change?: