Skip to content

chore(github): upgrade SECURITY-INSIGHTS.yml to v2.2.0 schema#3729

Open
jmeridth wants to merge 1 commit intoargoproj:mainfrom
jmeridth:jm_update_security_insights
Open

chore(github): upgrade SECURITY-INSIGHTS.yml to v2.2.0 schema#3729
jmeridth wants to merge 1 commit intoargoproj:mainfrom
jmeridth:jm_update_security_insights

Conversation

@jmeridth
Copy link
Member

@jmeridth jmeridth commented Feb 14, 2026

Checklist:

  • I have bumped the chart version according to versioning
  • I have updated the documentation according to documentation
  • I have updated the chart changelog with all the changes that come with this pull request according to changelog.
  • Any new values are backwards compatible and/or have sensible default.
  • I have signed off all my commits as required by DCO.
  • I have created a separate pull request for each chart according to pull requests
  • My build is green (troubleshooting builds).

What

Replace the legacy SECURITY-INSIGHTS.yml (schema v1.0.0) with security-insights.yaml following the v2.2.0 specification. The new file includes expanded project metadata, administrator details, repository security tooling (Dependabot, Renovate), licensing, and distribution point information.

Why

The SECURITY-INSIGHTS v1.0.0 schema is outdated. Upgrading to v2.2.0 aligns with the current specification, provides richer security metadata, and follows CNCF best practices for project security transparency.

Notes

  • Filename changed from SECURITY-INSIGHTS.yml to security-insights.yaml to match the v2.2.0 convention — any tooling or CI referencing the old filename will need updating.
  • The core-team and administrators lists now include all four maintainers rather than just two — reviewers should verify the names and primary designations are correct.
  • The self-assessment section is stubbed with a "not yet completed" comment — this may need follow-up.

@jmeridth
chore(github): upgrade SECURITY-INSIGHTS.yml to v2.2.0 schema
963906f 
## What

Replace the legacy SECURITY-INSIGHTS.yml (schema v1.0.0) with
security-insights.yaml following the v2.2.0 specification. The new file
includes expanded project metadata, administrator details, repository
security tooling (Dependabot, Renovate), licensing, and distribution
point information.

## Why

The SECURITY-INSIGHTS v1.0.0 schema is outdated. Upgrading to v2.2.0
aligns with the current specification, provides richer security metadata,
and follows CNCF best practices for project security transparency.

## Notes

- Filename changed from SECURITY-INSIGHTS.yml to security-insights.yaml
to match the v2.2.0 convention — any tooling or CI referencing the old
filename will need updating.
- The core-team and administrators lists now include all four maintainers
rather than just two — reviewers should verify the names and primary
designations are correct.
- The self-assessment section is stubbed with a "not yet completed"
comment — this may need follow-up.

Signed-off-by: jmeridth <jmeridth@gmail.com>
yu-croco
yu-croco approved these changes Feb 14, 2026
View reviewed changes
Copy link
Collaborator

@yu-croco yu-croco left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thank you so much! 🚀

@jmeridth jmeridth enabled auto-merge (squash) February 15, 2026 15:40
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@yu-croco yu-croco yu-croco approved these changes

@mkilchhofer mkilchhofer Awaiting requested review from mkilchhofer mkilchhofer is a code owner

@tico24 tico24 Awaiting requested review from tico24 tico24 is a code owner

At least 2 approving reviews are required to merge this pull request.

Assignees

No one assigned

Labels

size/L

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@jmeridth @yu-croco