From ed6c469b6ea9bd83115c42a5bf73ae130c4bef7f Mon Sep 17 00:00:00 2001
From: Bruno Oliveira da Silva <bruno@abstractj.com>
Date: Wed, 14 Feb 2024 15:45:55 -0300
Subject: [PATCH] Provide an OpenSSF security insights manifest file

Closes #27038

Co-authored-by: Stian Thorgersen <stian@redhat.com>

Signed-off-by: Bruno Oliveira da Silva <bruno@abstractj.com>
---
 SECURITY-INSIGHTS.yml | 77 +++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 77 insertions(+)
 create mode 100644 SECURITY-INSIGHTS.yml

diff --git a/SECURITY-INSIGHTS.yml b/SECURITY-INSIGHTS.yml
new file mode 100644
index 0000000000..d5882e991a
--- /dev/null
+++ b/SECURITY-INSIGHTS.yml
@@ -0,0 +1,77 @@
+header:
+  schema-version: 1.0.0
+  expiration-date: '2025-02-14T01:00:00.000Z'
+  last-updated: '2024-02-14'
+  last-reviewed: '2024-02-14'
+  project-url: 'https://github.com/keycloak/keycloak'
+  license: 'https://github.com/keycloak/keycloak/blob/main/LICENSE.txt'
+project-lifecycle:
+  bug-fixes-only: false
+  core-maintainers:
+    - https://github.com/keycloak/keycloak/blob/main/MAINTAINERS.md
+  status: Active
+contribution-policy:
+  accepts-pull-requests: true
+  accepts-automated-pull-requests: true
+  automated-tools-list:
+    - automated-tool: dependabot
+      action: allowed
+      path:
+        - /
+  contributing-policy: 'https://github.com/keycloak/keycloak/blob/main/CONTRIBUTING.md'
+  code-of-conduct:
+  - 'https://github.com/keycloak/keycloak?tab=coc-ov-file'
+documentation:
+  - 'https://www.keycloak.org/documentation'
+distribution-points:
+  - 'https://www.keycloak.org/downloads'
+  - 'https://github.com/keycloak/keycloak/releases'
+  - 'https://quay.io/repository/keycloak/keycloak'
+security-testing:
+- tool-type: sca
+  tool-name: Dependabot
+  tool-version: "2"
+  tool-url: https://github.com/dependabot
+  integration:
+    ad-hoc: false
+    ci: true
+    before-release: false 
+- tool-type: sca
+  tool-name: Snyk
+  tool-version: latest
+  integration:
+    ad-hoc: false
+    ci: true
+    before-release: false   
+- tool-type: sca
+  tool-name: CodeQL
+  tool-version: latest
+  integration:
+    ad-hoc: false
+    ci: true
+    before-release: false
+- tool-type: sca
+  tool-name: Trivy
+  tool-version: latest
+  integration:
+    ad-hoc: false
+    ci: true
+    before-release: false    
+security-contacts:
+- type: email
+  value: keycloak-security@googlegroups.com
+  primary: true
+vulnerability-reporting:
+  accepts-vulnerability-reports: true
+  email-contact: keycloak-security@googlegroups.com
+  security-policy: 'https://www.keycloak.org/security'
+  bug-bounty-available: false
+  bug-bounty-url: ''
+dependencies:
+  third-party-packages: true
+  dependencies-lists:
+  - 'https://github.com/keycloak/keycloak/blob/main/pom.xml'
+  dependencies-lifecycle:
+    policy-url: 'https://www.keycloak.org/security'
+  env-dependencies-policy:
+    policy-url: ''