diff --git a/.github/SECURITY-INSIGHTS.yml b/.github/SECURITY-INSIGHTS.yml index 9ed98dc..a224f73 100644 --- a/.github/SECURITY-INSIGHTS.yml +++ b/.github/SECURITY-INSIGHTS.yml @@ -1,9 +1,10 @@ -# Security Insights 2.0 file https://github.com/ossf/security-insights -# Schema: https://github.com/ossf/security-insights/blob/main/spec/schema.cue +# Security Insights 2.0 file https://github.com/ossf/security-insights +# Specification: https://github.com/ossf/security-insights/tree/main/spec + header: schema-version: 2.0.0 - last-updated: '2025-07-26' - last-reviewed: '2025-07-26' + last-updated: '2025-09-18' + last-reviewed: '2025-09-18' url: https://github.com/openfga/helm-charts project-si-source: https://raw.githubusercontent.com/openfga/.github/main/SECURITY-INSIGHTS.yml comment: Official Helm charts for the OpenFGA project. @@ -16,23 +17,23 @@ repository: accepts-automated-change-request: true no-third-party-packages: false core-team: - - name: Raghd Hamzeh - affiliation: Okta - email: raghd.hamzeh@okta.com - social: https://github.com/rhamzeh - primary: true - - name: Adrian Tam - affiliation: Okta - email: adrian.tam@okta.com - social: https://github.com/adriantam - - name: Ewan Harris - affiliation: Okta - email: ewan.harris@okta.com - social: https://github.com/ewanharris - - name: Jose Padilla - affiliation: Okta - email: jose.padilla@okta.com - social: https://github.com/jpadilla + - name: Raghd Hamzeh + affiliation: Okta + email: raghd.hamzeh@okta.com + social: https://github.com/rhamzeh + primary: true + - name: Adrian Tam + affiliation: Okta + email: adrian.tam@okta.com + social: https://github.com/adriantam + - name: Ewan Harris + affiliation: Okta + email: ewan.harris@okta.com + social: https://github.com/ewanharris + - name: Jose Padilla + affiliation: Okta + email: jose.padilla@okta.com + social: https://github.com/jpadilla license: url: https://raw.githubusercontent.com/openfga/helm-charts/main/LICENSE @@ -49,14 +50,14 @@ repository: dependency-management-policy: https://github.com/openfga/openfga/blob/main/docs/dependencies-policy.md governance: https://github.com/openfga/.github/blob/main/GOVERNANCE.md review-policy: https://github.com/openfga/.github/blob/main/CONTRIBUTING.md - security-policy: https://github.com/openfga/helm-charts/security.md + security-policy: https://github.com/openfga/helm-charts/SECURITY.md security: assessments: self: evidence: https://github.com/cncf/tag-security/blob/main/community/assessments/projects/openfga/joint-assessment.md date: '2024-12-19' - comment: OpenFGA has completed a CNCF security joint assessment with CNCF TAG Security and Compliance + comment: OpenFGA has completed a CNCF security joint assessment with CNCF TAG-Security champions: - name: Ewan Harris @@ -72,7 +73,7 @@ repository: adhoc: false ci: true release: true - comment: Dependabot is enabled for this repo to automatically update dependencies. + comment: Dependabot is enabled for this repository to automatically update dependencies. - name: Snyk type: SCA version: latest @@ -82,9 +83,9 @@ repository: adhoc: false ci: true release: true - comment: Snyk is enabled for this repo to scan for vulnerabilities. + comment: Snyk is enabled for this repository to scan for vulnerabilities. - name: Socket - type: other + type: SCA version: latest rulesets: - built-in