Skip to content

feat: add security-insights.yml for OSPS baseline scanning#50

Merged
jpower432 merged 6 commits intogemaraproj:mainfrom
sonupreetam:feat/security-insights
Apr 8, 2026
Merged

feat: add security-insights.yml for OSPS baseline scanning#50
jpower432 merged 6 commits intogemaraproj:mainfrom
sonupreetam:feat/security-insights

Conversation

@sonupreetam
Copy link
Copy Markdown
Contributor

@sonupreetam sonupreetam commented Apr 6, 2026
edited
Loading

Summary

  • Adds security-insights.yml to the project root to enable OSPS Baseline scanning
  • Mirrors the structure of the reference file in gemaraproj/gemara
  • The baseline-scanner.yml workflow was already present in the repository

Closes #16

Changes

  • security-insights.yml: new file declaring schema version, repository metadata, core team, license, and security tooling (Dependabot SCA + CodeQL SAST) following the Security Insights v2 spec

Test plan

  • Verify OSPS Baseline Scanner workflow runs successfully after merge
  • Confirm security-insights.yml is valid against the Security Insights v2 schema

@sonupreetam sonupreetam requested a review from a team as a code owner April 6, 2026 10:27
jpower432
jpower432 reviewed Apr 6, 2026
View reviewed changes
Comment thread security-insights.yml
@sonupreetam sonupreetam force-pushed the feat/security-insights branch from e36c65a to 4b584ed Compare April 6, 2026 14:12
jpower432
jpower432 reviewed Apr 6, 2026
View reviewed changes
Copy link
Copy Markdown
Contributor

@jpower432 jpower432 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks @sonupreetam. Added one suggestion for an additional tool in the list.

Comment thread security-insights.yml
@kusari-inspector
Copy link
Copy Markdown

kusari-inspector Bot commented Apr 8, 2026
edited
Loading

Kusari Inspector

Kusari Analysis Results:

Proceed with these changes

✅ No Flagged Issues Detected
All values appear to be within acceptable risk parameters.

No pinned version dependency changes, code issues or exposed secrets detected!

Note

View full detailed analysis result for more information on the output and the checks that were run.

@kusari-inspector rerun - Trigger a re-analysis of this PR
@kusari-inspector feedback [your message] - Send feedback to our AI and team
See Kusari's documentation for setup and configuration.
Commit: b53ca96, performed at: 2026-04-08T11:18:19Z

Found this helpful? Give it a 👍 or 👎 reaction!

kusari-inspector[bot]
kusari-inspector Bot reviewed Apr 8, 2026
View reviewed changes
Comment thread .github/workflows/kusari-scan.yml Outdated
@sonupreetam sonupreetam force-pushed the feat/security-insights branch from 5ebb02e to b53ca96 Compare April 8, 2026 09:55
@kusari-inspector
Copy link
Copy Markdown

kusari-inspector Bot commented Apr 8, 2026

Kusari PR Analysis rerun based on - b53ca96 performed at: 2026-04-08T09:56:03Z - link to updated analysis

@sonupreetam
Copy link
Copy Markdown
Contributor Author

sonupreetam commented Apr 8, 2026

@kusari-inspector rerun

@kusari-inspector
Copy link
Copy Markdown

kusari-inspector Bot commented Apr 8, 2026

🔄 Run triggered at 11:17:56 UTC. Starting fresh analysis...

@kusari-inspector
Copy link
Copy Markdown

kusari-inspector Bot commented Apr 8, 2026

Kusari PR Analysis rerun based on - b53ca96 performed at: 2026-04-08T11:18:19Z - link to updated analysis

eddie-knight
eddie-knight reviewed Apr 8, 2026
View reviewed changes
Comment thread security-insights.yml Outdated
eddie-knight
eddie-knight reviewed Apr 8, 2026
View reviewed changes
Comment thread security-insights.yml Outdated
@sonupreetam sonupreetam force-pushed the feat/security-insights branch from 8530396 to aea49b5 Compare April 8, 2026 12:24
@sonupreetam
Copy link
Copy Markdown
Contributor Author

sonupreetam commented Apr 8, 2026
edited
Loading

@eddie-knight & @jpower432 the DCO check failed specifically on the suggestions applied via the GitHub UI (commits 05d3cbf and 8530396 were missing Signed-off-by). So I rebased the branch and force pushed cleanly.

jpower432
jpower432 approved these changes Apr 8, 2026
View reviewed changes
Copy link
Copy Markdown
Contributor

@jpower432 jpower432 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@sonupreetam This looks good, but I see some extra files in the diff. This might need a rebase before merge.

@sonupreetam
feat: add security-insights.yml for OSPS baseline scanning
09d9842 
Signed-off-by: sonupreetam <spreetam@redhat.com>
@sonupreetam
fix: reduce core-team
c8557d4 
Signed-off-by: sonupreetam <spreetam@redhat.com>
@sonupreetam
fix: add missing YAML document start marker
87ff3df 
Signed-off-by: sonupreetam <spreetam@redhat.com>
@sonupreetam
feat: add Kusari Inspector security-insights entry
1c74728 
Signed-off-by: sonupreetam <spreetam@redhat.com>
@sonupreetam sonupreetam force-pushed the feat/security-insights branch from aea49b5 to 1c74728 Compare April 8, 2026 13:20
sonupreetam and others added 2 commits April 8, 2026 15:22
@sonupreetam @eddie-knight
Apply suggestion from @eddie-knight
a48834a 
Co-authored-by: Eddie Knight <knight@linux.com>
Signed-off-by: sonupreetam <spreetam@redhat.com>
@sonupreetam @eddie-knight
Apply suggestion from @eddie-knight
f474d3b 
Co-authored-by: Eddie Knight <knight@linux.com>
Signed-off-by: sonupreetam <spreetam@redhat.com>
@sonupreetam
Copy link
Copy Markdown
Contributor Author

sonupreetam commented Apr 8, 2026

@jpower432 Yes Thank you for catching this. Updated with the suggestions.

@jpower432 jpower432 merged commit 110bffc into gemaraproj:main Apr 8, 2026
5 checks passed
@sonupreetam sonupreetam deleted the feat/security-insights branch April 17, 2026 15:12
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@kusari-inspector kusari-inspector[bot] kusari-inspector[bot] left review comments

@eddie-knight eddie-knight eddie-knight approved these changes

@jpower432 jpower432 jpower432 approved these changes

Assignees

No one assigned

Labels

feature

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Add security-insights.yml and setup baseline scanning

3 participants

@sonupreetam @eddie-knight @jpower432