This is a go module for working with Security Insights data in YAML security-insights.yml and Go si.SecurityInsights.
Unmarshal the security-insights.yml data in ossf/security-insights-spec
import (
"fmt"
"github.com/ossf/si-tooling/v2/si"
)
func main() {
insights, err := si.Read("ossf", "security-insights-spec", ".github/security-insights.yml")
message = fmt.Sprintf("Repository license is: %s", insights.Repository.License.Expression)
}The module supports Security Insights schema version 2.x, including v2.2.0:
Warning
Security Insights v2.2.0 vulnerability-reporting.policy replaces the former security-policy field under vulnerability reporting. This backwards compatibility violation was tolerated by the Security Insights maintainers due to the lack of evidence that the former field had been adopted by end users. Issues may arise if users of SI Tooling fail to update to the latest version and the users of Security Insights specification begin to use the new field.