Skip to content

Commit

Permalink
chore: provide OSSF security-insight
Browse files Browse the repository at this point in the history
Signed-off-by: Matthieu MOREL <[email protected]>
  • Loading branch information
mmorel-35 committed Nov 24, 2024
1 parent fd02589 commit b30279d
Show file tree
Hide file tree
Showing 2 changed files with 57 additions and 0 deletions.
2 changes: 2 additions & 0 deletions README.md
Original file line number Diff line number Diff line change
Expand Up @@ -8,7 +8,9 @@
[![Godoc](http://img.shields.io/badge/go-documentation-blue.svg?style=flat-square)](https://godoc.org/github.com/etcd-io/etcd)
[![Releases](https://img.shields.io/github/release/etcd-io/etcd/all.svg?style=flat-square)](https://github.com/etcd-io/etcd/releases)
[![LICENSE](https://img.shields.io/github/license/etcd-io/etcd.svg?style=flat-square)](https://github.com/etcd-io/etcd/blob/main/LICENSE)
[![OpenSSF Best Practices](https://www.bestpractices.dev/projects/3192/badge)](https://www.bestpractices.dev/projects/3192)
[![OpenSSF Scorecard](https://api.securityscorecards.dev/projects/github.com/etcd-io/etcd/badge)](https://scorecard.dev/viewer/?uri=github.com/etcd-io/etcd)
[![CLOMonitor](https://img.shields.io/endpoint?url=https://clomonitor.io/api/projects/cncf/etcd/badge)](https://clomonitor.io/projects/cncf/etcd)

**Note**: The `main` branch may be in an *unstable or even broken state* during development. For stable versions, see [releases][github-release].

Expand Down
55 changes: 55 additions & 0 deletions SECURITY-INSIGHTS.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,55 @@
header:
schema-version: '1.0.0'
expiration-date: '2025-11-24T01:00:00.000Z'
last-updated: '2024-11-24'
last-reviewed: '2024-11-24'
project-url: https://github.com/etcd-io/etcd
changelog: https://github.com/etcd-io/etcd/tree/main/CHANGELOG
license: https://github.com/etcd-io/etcd/blob/main/LICENSE
project-lifecycle:
status: active
bug-fixes-only: false
core-maintainers:
- https://github.com/etcd-io/etcd/blob/main/OWNERS
roadmap:
contribution-policy:
accepts-pull-requests: true
accepts-automated-pull-requests: true
contributing-policy: https://github.com/etcd-io/etcd/blob/main/CONTRIBUTING.md
code-of-conduct: https://github.com/etcd-io/etcd/blob/main/code-of-conduct.md
dependencies:
third-party-packages: true
dependencies-lists:
- https://github.com/etcd-io/etcd/blob/main/go.mod
sbom:
- sbom-url: https://github.com/etcd-io/etcd/blob/main/bill-of-materials.json
distribution-points:
- https://github.com/etcd-io/etcd/releases
documentation:
- https://etcd.io/docs/
security-assessments:
- auditor-name: Trail of Bits
auditor-url: https://www.trailofbits.com/
auditor-report: https://github.com/etcd-io/etcd/blob/main/security/SECURITY_AUDIT.pdf
report-year: 2020
security-contacts:
- type: email
value: [email protected]
security-testing:
- tool-type: sca
tool-name: Dependabot
tool-version: latest
integration:
ad-hoc: false
ci: true
before-release: true
- tool-type: sast
tool-name: CodeQL
tool-version: latest
integration:
ad-hoc: false
ci: true
before-release: true
vulnerability-reporting:
accepts-vulnerability-reports: false
security-policy: https://github.com/etcd-io/etcd/blob/main/security/README.md

0 comments on commit b30279d

Please sign in to comment.