Add SECURITY-INSIGHTS.yml #1315
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Signed-off-by: Jirka Kremser <[email protected]>
jkremser
requested review from
donovanmuller,
k0da,
kuritka and
ytsarev
as code owners
kuritka
approved these changes
Oct 31, 2023
jkremser
commented
Oct 31, 2023
| dependencies-lists: | ||
| - https://github.com/k8gb-io/k8gb/blob/master/go.mod | ||
| sbom: | ||
| - sbom-file: https://github.com/k8gb-io/k8gb/releases/download/v0.11.5/k8gb_0.11.5_linux_amd64.tar.gz.sbom.json |
There was a problem hiding this comment.
got inspired in here https://github.com/openfga/openfga/blob/main/SECURITY-INSIGHTS.yml#L100 if we have to bump this every time we release (same for line 8), we can use renovate for this. It supports custom regexp based substitution
|
@jkremser very nice, thanks man |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
add SECURITY-INSIGHTS.yml which is required by clo monitor
HOW TO RUN CI
---By default, all the checks will be run automatically. Furthermore, when changing website-related stuff, the preview will be generated by the netlify bot.
Heavy tests
Add the
heavy-testslabel on this PR if you want full-blown tests that include more than 2-cluster scenarios.Debug tests
If the test suite is failing for you, you may want to try triggering
Re-run all jobs(top right) with debug logging enabled. It will also make the print debug action more verbose.