Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[Devtools] Add Security Insights for CNCF #1236

Open
wants to merge 2 commits into
base: main
Choose a base branch
from
Open
Changes from 1 commit
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
32 changes: 32 additions & 0 deletions SECURITY-INSIGHTS.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,32 @@
header:
schema-version: 1.0.0
last-updated: '2024-03-01'
last-reviewed: '2024-03-01'
expiration-date: '2025-03-01T10:00:00.000Z'
project-url: https://github.com/devfile/devworkspace-operator
project-release: '0.26.0'
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I assume this needs to be updated at every release of DWO?

commit-hash: '067847d900c18a3fe0d47de920a9ce77af29e722'
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Is this commit hash supposed to relate to the released version (i.e. 0.26.0) or the latest commit on the main branch?

license: 'https://github.com/devfile/devworkspace-operator/blob/main/LICENSE'
project-lifecycle:
status: active
bug-fixes-only: false
core-maintainers:
- github:AObuchow
- github:dkwon17
release-cycle: https://github.com/devfile/devworkspace-operator/blob/main/docs/release/README.md
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Not entirely sure if this field is supposed to point to the release documentation or the release cadence? We usually release DWO upstream in advance of an Eclipse Che release, as Eclipse Che depends on DWO.

security-testing:
- tool-type: sca
tool-name: Dependabot
comment: |
Dependabot is enabled for this repo.
contribution-policy:
accepts-pull-requests: true
accepts-automated-pull-requests: true
contributing-policy: https://github.com/devfile/devworkspace-operator/blob/main/CONTRIBUTING.md
code-of-conduct: https://github.com/devfile/api/blob/main/CODE_OF_CONDUCT.md
documentation:
- https://github.com/devfile/devworkspace-operator/blob/main/README.md
Jdubrick marked this conversation as resolved.
Show resolved Hide resolved
dependencies:
third-party-packages: true
dependencies-lists:
- https://github.com/devfile/devworkspace-operator/blob/main/go.mod
Jdubrick marked this conversation as resolved.
Show resolved Hide resolved
Loading