From 045f5713ec22a12f7edc0f21f31b533a087550f2 Mon Sep 17 00:00:00 2001 From: Andres Aguiar Date: Thu, 18 Sep 2025 19:29:26 -0300 Subject: [PATCH 1/4] "chore: updating SECURITY-INSIGHTS" --- .github/SECURITY-INSIGHTS.yml | 36 ++++++++++++----------------------- 1 file changed, 12 insertions(+), 24 deletions(-) diff --git a/.github/SECURITY-INSIGHTS.yml b/.github/SECURITY-INSIGHTS.yml index db0a112..6238b5d 100644 --- a/.github/SECURITY-INSIGHTS.yml +++ b/.github/SECURITY-INSIGHTS.yml @@ -1,5 +1,3 @@ -# Security Insights 2.0 file https://github.com/ossf/security-insights -# Schema: https://github.com/ossf/security-insights/blob/main/spec/schema.cue header: schema-version: 2.0.0 last-updated: '2025-07-26' @@ -16,15 +14,15 @@ repository: accepts-automated-change-request: true no-third-party-packages: true core-team: - - name: Andres Aguiar - affiliation: Okta - email: andres.aguiar@okta.com - social: https://github.com/aaguiarz - primary: true - - name: Raghd Hamzeh - affiliation: Okta - email: raghd.hamzeh@okta.com - social: https://github.com/rhamzeh + - name: Andres Aguiar + affiliation: Okta + email: andres.aguiar@okta.com + social: https://github.com/aaguiarz + primary: true + - name: Raghd Hamzeh + affiliation: Okta + email: raghd.hamzeh@okta.com + social: https://github.com/rhamzeh license: url: https://raw.githubusercontent.com/openfga/sample-stores/main/LICENSE @@ -35,14 +33,14 @@ repository: dependency-management-policy: https://github.com/openfga/openfga/blob/main/docs/dependencies-policy.md governance: https://github.com/openfga/.github/blob/main/GOVERNANCE.md review-policy: https://github.com/openfga/.github/blob/main/CONTRIBUTING.md - security-policy: https://github.com/openfga/sample-stores/security.md + security-policy: https://github.com/openfga/sample-stores/SECURITY.md security: assessments: self: evidence: https://github.com/cncf/tag-security/blob/main/community/assessments/projects/openfga/joint-assessment.md date: '2024-12-19' - comment: OpenFGA has completed a CNCF security joint assessment with CNCF TAG Security and Compliance + comment: OpenFGA has completed a CNCF security join assessment with CNCF TAG-Security tools: - name: Snyk @@ -54,14 +52,4 @@ repository: adhoc: false ci: true release: true - comment: Snyk is enabled for this repo to scan for vulnerabilities. - - name: Socket - type: other - version: latest - rulesets: - - built-in - integration: - adhoc: false - ci: true - release: true - comment: Socket is enabled for this repo to scan for supply chain security vulnerabilities. + comment: Snyk is enabled for this repository to scan for vulnerabilities. From 0e20d3caac4dcebf2e52b94d8d925f488b1e004d Mon Sep 17 00:00:00 2001 From: Andres Aguiar Date: Thu, 18 Sep 2025 19:52:20 -0300 Subject: [PATCH 2/4] "chore: updating SECURITY-INSIGHTS" --- .github/SECURITY-INSIGHTS.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/SECURITY-INSIGHTS.yml b/.github/SECURITY-INSIGHTS.yml index 6238b5d..323fb61 100644 --- a/.github/SECURITY-INSIGHTS.yml +++ b/.github/SECURITY-INSIGHTS.yml @@ -40,7 +40,7 @@ repository: self: evidence: https://github.com/cncf/tag-security/blob/main/community/assessments/projects/openfga/joint-assessment.md date: '2024-12-19' - comment: OpenFGA has completed a CNCF security join assessment with CNCF TAG-Security + comment: OpenFGA has completed a CNCF security joint assessment with CNCF TAG-Security tools: - name: Snyk From 1c262ee098785d60db472ca2b58efbc4b0219ca4 Mon Sep 17 00:00:00 2001 From: Andres Aguiar Date: Thu, 18 Sep 2025 20:00:42 -0300 Subject: [PATCH 3/4] "chore: updating SECURITY-INSIGHTS" --- .github/SECURITY-INSIGHTS.yml | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/.github/SECURITY-INSIGHTS.yml b/.github/SECURITY-INSIGHTS.yml index 323fb61..3d45a5c 100644 --- a/.github/SECURITY-INSIGHTS.yml +++ b/.github/SECURITY-INSIGHTS.yml @@ -53,3 +53,13 @@ repository: ci: true release: true comment: Snyk is enabled for this repository to scan for vulnerabilities. + - name: Socket + type: SCA + version: latest + rulesets: + - built-in + integration: + adhoc: false + ci: true + release: true + comment: Socket is enabled for this repo to scan for supply chain security vulnerabilities. From 70c3ce43c4e4031febf91d5363cb869ca6cf3e54 Mon Sep 17 00:00:00 2001 From: Andres Aguiar Date: Thu, 18 Sep 2025 20:05:03 -0300 Subject: [PATCH 4/4] "chore: updating SECURITY-INSIGHTS" --- .github/SECURITY-INSIGHTS.yml | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/.github/SECURITY-INSIGHTS.yml b/.github/SECURITY-INSIGHTS.yml index 3d45a5c..4470893 100644 --- a/.github/SECURITY-INSIGHTS.yml +++ b/.github/SECURITY-INSIGHTS.yml @@ -1,7 +1,10 @@ +# Security Insights 2.0 file https://github.com/ossf/security-insights +# Specification: https://github.com/ossf/security-insights/tree/main/spec + header: schema-version: 2.0.0 - last-updated: '2025-07-26' - last-reviewed: '2025-07-26' + last-updated: '2025-09-18' + last-reviewed: '2025-09-18' url: https://github.com/openfga/sample-stores project-si-source: https://raw.githubusercontent.com/openfga/.github/main/SECURITY-INSIGHTS.yml comment: Examples of OpenFGA models and store content.