forked from openfga/openfga
-
Notifications
You must be signed in to change notification settings - Fork 1
/
SECURITY-INSIGHTS.yml
122 lines (121 loc) · 3.56 KB
/
SECURITY-INSIGHTS.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
header:
schema-version: 1.0.0
expiration-date: '2024-12-31T23:23:59.000Z'
last-updated: '2024-22-03'
last-reviewed: '2024-22-03'
commit-hash: e95aa72bf95485e03896709a096ad17f89f6fdad
project-url: https://github.com/openfga/openfga
project-release: '1.5.1'
changelog: https://github.com/openfga/openfga/CHANGELOG.md
license: https://raw.githubusercontent.com/openfga/openfga/main/LICENSE
project-lifecycle:
status: active
roadmap: https://github.com/orgs/openfga/projects/1
bug-fixes-only: false
core-maintainers:
- https://github.com/adriantam
- https://github.com/aaguiarz
- https://github.com/evansims
- https://github.com/ewanharris
- https://github.com/curfew-marathon
- https://github.com/jimmyjames
- https://github.com/jon-whit
- https://github.com/jpadilla
- https://github.com/miparnisari
- https://github.com/matthewpereira
- https://github.com/pdillon
- https://github.com/poovamraj
- https://github.com/rhamzeh
- https://github.com/sergiught
- https://github.com/stevehobbsdev
- https://github.com/ttrzeng
- https://github.com/vic-dev
- https://github.com/willvedd
- https://github.com/elbuo8
contribution-policy:
accepts-pull-requests: true
accepts-automated-pull-requests: true
automated-tools-list:
- automated-tool: dependabot
action: allowed
path:
- .github/workflows
- go.mod
- go.sum
- tools/go.mod
- tools/go.sum
- Dockerfile
- Dockerfile.goreleaser
- automated-tool: snyk
action: allowed
path:
- .github/workflows
- go.mod
- go.sum
- tools/go.mod
- tools/go.sum
- Dockerfile
- Dockerfile.goreleaser
contributing-policy: https://github.com/openfga/.github/blob/main/CONTRIBUTING.md
code-of-conduct: https://github.com/cncf/foundation/blob/main/code-of-conduct.md
documentation:
- https://openfga.dev
distribution-points:
- https://github.com/openfga/openfga
- https://hub.docker.com/r/openfga/openfga
security-testing:
- tool-type: sca
tool-name: Dependabot
tool-version: latest
integration:
ad-hoc: false
ci: true
before-release: true
comment: |
Dependabot is enabled for this repo.
- tool-type: sca
tool-name: Snyk
tool-version: latest
integration:
ad-hoc: false
ci: true
before-release: true
comment: |
Snyk is enabled for this repo.
- tool-type: sca
tool-name: Semgrep
tool-version: latest
tool-url: https://github.com/openfga/openfga/blob/main/.github/workflows/semgrep.yaml
integration:
ad-hoc: false
ci: true
before-release: true
comment: |
Semgrep is enabled for this repo.
security-contacts:
- type: email
value: [email protected]
primary: true
vulnerability-reporting:
accepts-vulnerability-reports: true
email-contact: [email protected]
security-policy: https://github.com/openfga/openfga/security/policy
bug-bounty-available: false
dependencies:
third-party-packages: true
dependencies-lists:
- https://github.com/openfga/openfga/blob/main/go.mod
- https://github.com/openfga/openfga/blob/main/tools/go.mod
sbom:
- sbom-file: https://github.com/openfga/openfga/releases/download/v1.5.1/openfga_1.5.1_linux_arm64.tar.gz.sbom
sbom-format: SPDX
sbom-url: https://github.com/openfga/openfga/releases
env-dependencies-policy:
policy-url: https://github.com/openfga/openfga/blob/main/docs/dependencies-policy.md
security-artifacts:
threat-model:
threat-model-created: false
self-assessment:
self-assessment-created: true
evidence-url:
- https://github.com/cncf/tag-security/blob/main/assessments/projects/openfga/self-assessment.md