|
| 1 | +# Refer: https://github.com/ossf/security-insights-spec/blob/main/specification.md#specification |
| 2 | +header: |
| 3 | + schema-version: "1.0.0" |
| 4 | + expiration-date: "2024-12-15T19:10:00.000Z" |
| 5 | + project-url: https://github.com/kubernetes/kube-state-metrics |
| 6 | + changelog: https://github.com/kubernetes/kube-state-metrics/blob/main/CHANGELOG.md |
| 7 | + license: https://github.com/kubernetes/kube-state-metrics/blob/main/LICENSE |
| 8 | +project-lifecycle: |
| 9 | + status: active |
| 10 | + bug-fixes-only: false |
| 11 | + core-maintainers: |
| 12 | + - github:dgrisonnet |
| 13 | + - github:mrueg |
| 14 | + - github:rexagod |
| 15 | + release-process: https://github.com/kubernetes/kube-state-metrics/blob/main/RELEASE.md |
| 16 | +contribution-policy: |
| 17 | + accepts-pull-requests: true |
| 18 | + accepts-automated-pull-requests: true |
| 19 | + contributing-policy: https://github.com/kubernetes/kube-state-metrics/blob/main/CONTRIBUTING.md |
| 20 | + code-of-conduct: https://github.com/kubernetes/kube-state-metrics/blob/main/code-of-conduct.md |
| 21 | +distribution-points: |
| 22 | + - https://github.com/kubernetes/kube-state-metrics/releases |
| 23 | + - https://github.com/kubernetes/k8s.io/blob/main/registry.k8s.io/images/k8s-staging-kube-state-metrics/images.yaml |
| 24 | +security-contacts: |
| 25 | + - type: website |
| 26 | + value: https://github.com/kubernetes/kube-state-metrics/blob/main/SECURITY_CONTACTS |
| 27 | +vulnerability-reporting: |
| 28 | + accepts-vulnerability-reports: true |
| 29 | + security-policy: https://github.com/kubernetes/kube-state-metrics/blob/main/SECURITY.md |
| 30 | +dependencies: |
| 31 | + third-party-packages: true |
| 32 | + dependencies-lists: |
| 33 | + - https://github.com/kubernetes/kube-state-metrics/blob/main/go.mod |
| 34 | + - https://github.com/kubernetes/kube-state-metrics/blob/main/Dockerfile |
| 35 | +documentation: |
| 36 | + - https://github.com/kubernetes/kube-state-metrics/tree/main/docs |
| 37 | +security-testing: |
| 38 | +- tool-type: dast |
| 39 | + tool-name: govulncheck |
| 40 | + tool-version: latest |
| 41 | + tool-url: https://go.googlesource.com/vuln |
| 42 | + tool-rulesets: |
| 43 | + - built-in |
| 44 | + integration: |
| 45 | + ci: true |
| 46 | + comment: | |
| 47 | + Detects vulnerabilities as a result of the affected call-paths being invoked directly in the repository, while reducing false positives by ignoring dormant call-paths for package dependencies. |
0 commit comments