Provide an OpenSSF security insights manifest file
Closes #27038 Co-authored-by: Stian Thorgersen <stian@redhat.com> Signed-off-by: Bruno Oliveira da Silva <bruno@abstractj.com>
This commit is contained in:
parent
b94277fd53
commit
ed6c469b6e
1 changed files with 77 additions and 0 deletions
77
SECURITY-INSIGHTS.yml
Normal file
77
SECURITY-INSIGHTS.yml
Normal file
|
@ -0,0 +1,77 @@
|
||||||
|
header:
|
||||||
|
schema-version: 1.0.0
|
||||||
|
expiration-date: '2025-02-14T01:00:00.000Z'
|
||||||
|
last-updated: '2024-02-14'
|
||||||
|
last-reviewed: '2024-02-14'
|
||||||
|
project-url: 'https://github.com/keycloak/keycloak'
|
||||||
|
license: 'https://github.com/keycloak/keycloak/blob/main/LICENSE.txt'
|
||||||
|
project-lifecycle:
|
||||||
|
bug-fixes-only: false
|
||||||
|
core-maintainers:
|
||||||
|
- https://github.com/keycloak/keycloak/blob/main/MAINTAINERS.md
|
||||||
|
status: Active
|
||||||
|
contribution-policy:
|
||||||
|
accepts-pull-requests: true
|
||||||
|
accepts-automated-pull-requests: true
|
||||||
|
automated-tools-list:
|
||||||
|
- automated-tool: dependabot
|
||||||
|
action: allowed
|
||||||
|
path:
|
||||||
|
- /
|
||||||
|
contributing-policy: 'https://github.com/keycloak/keycloak/blob/main/CONTRIBUTING.md'
|
||||||
|
code-of-conduct:
|
||||||
|
- 'https://github.com/keycloak/keycloak?tab=coc-ov-file'
|
||||||
|
documentation:
|
||||||
|
- 'https://www.keycloak.org/documentation'
|
||||||
|
distribution-points:
|
||||||
|
- 'https://www.keycloak.org/downloads'
|
||||||
|
- 'https://github.com/keycloak/keycloak/releases'
|
||||||
|
- 'https://quay.io/repository/keycloak/keycloak'
|
||||||
|
security-testing:
|
||||||
|
- tool-type: sca
|
||||||
|
tool-name: Dependabot
|
||||||
|
tool-version: "2"
|
||||||
|
tool-url: https://github.com/dependabot
|
||||||
|
integration:
|
||||||
|
ad-hoc: false
|
||||||
|
ci: true
|
||||||
|
before-release: false
|
||||||
|
- tool-type: sca
|
||||||
|
tool-name: Snyk
|
||||||
|
tool-version: latest
|
||||||
|
integration:
|
||||||
|
ad-hoc: false
|
||||||
|
ci: true
|
||||||
|
before-release: false
|
||||||
|
- tool-type: sca
|
||||||
|
tool-name: CodeQL
|
||||||
|
tool-version: latest
|
||||||
|
integration:
|
||||||
|
ad-hoc: false
|
||||||
|
ci: true
|
||||||
|
before-release: false
|
||||||
|
- tool-type: sca
|
||||||
|
tool-name: Trivy
|
||||||
|
tool-version: latest
|
||||||
|
integration:
|
||||||
|
ad-hoc: false
|
||||||
|
ci: true
|
||||||
|
before-release: false
|
||||||
|
security-contacts:
|
||||||
|
- type: email
|
||||||
|
value: keycloak-security@googlegroups.com
|
||||||
|
primary: true
|
||||||
|
vulnerability-reporting:
|
||||||
|
accepts-vulnerability-reports: true
|
||||||
|
email-contact: keycloak-security@googlegroups.com
|
||||||
|
security-policy: 'https://www.keycloak.org/security'
|
||||||
|
bug-bounty-available: false
|
||||||
|
bug-bounty-url: ''
|
||||||
|
dependencies:
|
||||||
|
third-party-packages: true
|
||||||
|
dependencies-lists:
|
||||||
|
- 'https://github.com/keycloak/keycloak/blob/main/pom.xml'
|
||||||
|
dependencies-lifecycle:
|
||||||
|
policy-url: 'https://www.keycloak.org/security'
|
||||||
|
env-dependencies-policy:
|
||||||
|
policy-url: ''
|
Loading…
Reference in a new issue