privateer/.github/security-insights.yml at d9e05b6f158f4309ca8865cabb97f4f9d31a949d · trumant/privateer · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
header:
  schema-version: 2.0.0
  last-updated: '2021-09-01'
  last-reviewed: '2022-09-01'
  url: https://github.com/privateerproj/privateer/blob/main/.github/security-insights.yml
  project-si-source: https://raw.githubusercontent.com/privateerproj/.github/refs/heads/main/.github/security-insights.yml
  comment: |
    This file contains only the repository information for the core Privateer CLI.

repository:
  url: https://github.com/privateerproj/privateer
  status: active
  bug-fixes-only: false
  accepts-change-request: true
  accepts-automated-change-request: true
  no-third-party-packages: false
  core-team:
    - name:        Eddie Knight
      affiliation: Sonatype
      social:      https://bsky.app/profile/eddieknight.dev
      primary:     true
    - name:        Jason Meridth
      affiliation: GitHub
      primary:     false
    - name:        Rudra Gupta
      affiliation: Krumware
      primary:     false
  documentation:
    contributing-guide: https://github.com/privateerproj/.github/blob/main/.github/CONTRIBUTING.md
    security-policy: https://github.com/privateerproj/.github/blob/main/.github/SECURITY.md
  license:
    url: https://github.com/privateerproj/privateer?tab=Apache-2.0-1-ov-file#readme
    expression: Apache-2.0
  release:
    changelog: https://github.com/privateerproj/privateer/releases
    automated-pipeline: true
    distribution-points:
      - uri:  https://github.com/privateerproj/privateer/releases
        comment: GitHub Release Page
    license:
      url: https://foo.bar/release/{version}#license
      expression: MIT AND Apache-2.0
  security:
    assessments:
      self:
        comment: |
          A self assessment has not been published for this repo.
    champions:
      - name:   Jason Meridth
        primary: true
    tools:
      - name: Dependabot
        type: SCA
        version: "2"
        rulesets:
          - built-in
        results:
          adhoc:
            name: Scheduled SCA Scan Results
            predicate-uri: https://docs.github.com/en/graphql/reference/objects#repositoryvulnerabilityalert
            location: https://github.com/privateerproj/privateer/security/dependabot
            comment: |
              The results of the scheduled SCA scan are available in the Dependabot tab of the Security Insights page.
        integration:
          adhoc: true
          ci: false
          release: false