"chore: updating SECURITY-INSIGHTS"

aaguiarz · aaguiarz · commit 49732e0399ff · 2025-08-06T07:22:52.000-03:00
diff --git a/.github/SECURITY-INSIGHTS.yml b/.github/SECURITY-INSIGHTS.yml
@@ -0,0 +1,83 @@
+header:
+  schema-version: 2.0.0
+  last-updated: '2025-07-26'
+  last-reviewed: '2025-07-26'
+  url: https://github.com/openfga/java-sdk
+  project-si-source: https://raw.githubusercontent.com/openfga/.github/main/SECURITY-INSIGHTS.yml
+  comment: OpenFGA SDK for Java.
+
+repository:
+  url: https://github.com/openfga/java-sdk
+  status: active
+  bug-fixes-only: false
+  accepts-change-request: true
+  accepts-automated-change-request: true
+  no-third-party-packages: false
+  core-team:
+  - name: Jim Anderson
+    affiliation: Okta
+    email: jim.anderson@okta.com
+    social: https://github.com/jimmyjames
+    primary: true
+  - name: Adrian Tam
+    affiliation: Okta
+    email: adrian.tam@okta.com
+    social: https://github.com/adriantam
+  - name: Ewan Harris
+    affiliation: Okta
+    email: ewan.harris@okta.com
+    social: https://github.com/ewanharris
+  - name: Raghd Hamzeh
+    affiliation: Okta
+    email: raghd.hamzeh@okta.com
+    social: https://github.com/rhamzeh
+
+  license:
+    url: https://raw.githubusercontent.com/openfga/java-sdk/main/LICENSE
+    expression: Apache-2.0
+  release:
+    changelog: https://github.com/openfga/java-sdk/releases
+    automated-pipeline: true
+    distribution-points:
+      - uri: https://github.com/openfga/java-sdk/releases
+        comment: GitHub Release Page
+
+  documentation:
+    contributing-guide: https://github.com/openfga/.github/blob/main/CONTRIBUTING.md
+    dependency-management-policy: https://github.com/openfga/openfga/blob/main/docs/dependencies-policy.md
+    governance: https://github.com/openfga/.github/blob/main/GOVERNANCE.md
+    review-policy: https://github.com/openfga/.github/blob/main/CONTRIBUTING.md
+    security-policy: https://github.com/openfga/java-sdk/SECURITY.md
+
+  security:
+    assessments:
+      self:
+        evidence: https://github.com/cncf/tag-security/blob/main/community/assessments/projects/openfga/joint-assessment.md
+        date: '2024-12-19'
+        comment: OpenFGA has completed a CNCF security join assessment with CNCF TAG-Security
+
+    champions:
+      - name: Ewan Harris
+        email: ewan.harris@okta.com
+        primary: true
+    tools:
+      - name: Dependabot
+        type: SCA
+        version: latest
+        rulesets:
+          - built-in
+        integration:
+          adhoc: false
+          ci: true
+          release: true
+        comment: Dependabot is enabled for this repo to automatically update dependencies.
+      - name: Snyk
+        type: SCA
+        version: latest
+        rulesets:
+          - built-in
+        integration:
+          adhoc: false
+          ci: true
+          release: true
+        comment: Snyk is enabled for this repo to scan for vulnerabilities.
