Skip to content

Commit 532fb2d

Browse files
authored
Merge pull request #2278 from dalehenries/add-security-insights
chore: add Security Insights (task 11)
2 parents 39ffa00 + 5058e14 commit 532fb2d

File tree

1 file changed

+47
-0
lines changed

1 file changed

+47
-0
lines changed

SECURITY-INSIGHTS.yml

Lines changed: 47 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,47 @@
1+
# Refer: https://github.com/ossf/security-insights-spec/blob/main/specification.md#specification
2+
header:
3+
schema-version: "1.0.0"
4+
expiration-date: "2024-12-15T19:10:00.000Z"
5+
project-url: https://github.com/kubernetes/kube-state-metrics
6+
changelog: https://github.com/kubernetes/kube-state-metrics/blob/main/CHANGELOG.md
7+
license: https://github.com/kubernetes/kube-state-metrics/blob/main/LICENSE
8+
project-lifecycle:
9+
status: active
10+
bug-fixes-only: false
11+
core-maintainers:
12+
- github:dgrisonnet
13+
- github:mrueg
14+
- github:rexagod
15+
release-process: https://github.com/kubernetes/kube-state-metrics/blob/main/RELEASE.md
16+
contribution-policy:
17+
accepts-pull-requests: true
18+
accepts-automated-pull-requests: true
19+
contributing-policy: https://github.com/kubernetes/kube-state-metrics/blob/main/CONTRIBUTING.md
20+
code-of-conduct: https://github.com/kubernetes/kube-state-metrics/blob/main/code-of-conduct.md
21+
distribution-points:
22+
- https://github.com/kubernetes/kube-state-metrics/releases
23+
- https://github.com/kubernetes/k8s.io/blob/main/registry.k8s.io/images/k8s-staging-kube-state-metrics/images.yaml
24+
security-contacts:
25+
- type: website
26+
value: https://github.com/kubernetes/kube-state-metrics/blob/main/SECURITY_CONTACTS
27+
vulnerability-reporting:
28+
accepts-vulnerability-reports: true
29+
security-policy: https://github.com/kubernetes/kube-state-metrics/blob/main/SECURITY.md
30+
dependencies:
31+
third-party-packages: true
32+
dependencies-lists:
33+
- https://github.com/kubernetes/kube-state-metrics/blob/main/go.mod
34+
- https://github.com/kubernetes/kube-state-metrics/blob/main/Dockerfile
35+
documentation:
36+
- https://github.com/kubernetes/kube-state-metrics/tree/main/docs
37+
security-testing:
38+
- tool-type: dast
39+
tool-name: govulncheck
40+
tool-version: latest
41+
tool-url: https://go.googlesource.com/vuln
42+
tool-rulesets:
43+
- built-in
44+
integration:
45+
ci: true
46+
comment: |
47+
Detects vulnerabilities as a result of the affected call-paths being invoked directly in the repository, while reducing false positives by ignoring dormant call-paths for package dependencies.

0 commit comments

Comments
 (0)