From 69ecbfb3bd765afc2f66a9bd123eec69338d52f5 Mon Sep 17 00:00:00 2001 From: Andres Aguiar Date: Thu, 18 Sep 2025 19:31:24 -0300 Subject: [PATCH 1/3] "chore: updating SECURITY-INSIGHTS" --- .github/SECURITY-INSIGHTS.yml | 51 +++++++++++++++++++++++++++++++++++ 1 file changed, 51 insertions(+) create mode 100644 .github/SECURITY-INSIGHTS.yml diff --git a/.github/SECURITY-INSIGHTS.yml b/.github/SECURITY-INSIGHTS.yml new file mode 100644 index 0000000..cd8d6b2 --- /dev/null +++ b/.github/SECURITY-INSIGHTS.yml @@ -0,0 +1,51 @@ +header: + schema-version: 2.0.0 + last-updated: '2025-07-26' + last-reviewed: '2025-07-26' + url: https://github.com/openfga/model-visualizer + project-si-source: https://raw.githubusercontent.com/openfga/.github/main/SECURITY-INSIGHTS.yml + comment: In-browser visualizer for OpenFGA authorization models as a weighted graph which offers insights into their performance characteristics. + +repository: + url: https://github.com/openfga/model-visualizer + status: active + bug-fixes-only: false + accepts-change-request: true + accepts-automated-change-request: true + no-third-party-packages: false + core-team: + - name: Will Vedder + affiliation: Okta + email: will.vedder@okta.com + social: https://github.com/willvedd + primary: true + + license: + url: https://raw.githubusercontent.com/openfga/model-visualizer/main/LICENSE + expression: Apache-2.0 + + documentation: + contributing-guide: https://github.com/openfga/.github/blob/main/CONTRIBUTING.md + dependency-management-policy: https://github.com/openfga/openfga/blob/main/docs/dependencies-policy.md + governance: https://github.com/openfga/.github/blob/main/GOVERNANCE.md + review-policy: https://github.com/openfga/.github/blob/main/CONTRIBUTING.md + security-policy: https://github.com/openfga/model-visualizer/SECURITY.md + + security: + assessments: + self: + evidence: https://github.com/cncf/tag-security/blob/main/community/assessments/projects/openfga/joint-assessment.md + date: '2024-12-19' + comment: OpenFGA has completed a CNCF security join assessment with CNCF TAG-Security + + tools: + - name: Snyk + type: SCA + version: latest + rulesets: + - built-in + integration: + adhoc: false + ci: true + release: true + comment: Snyk is enabled for this repository to scan for vulnerabilities. From 6f0419370ef71e23647f1f6d65f5fad38ba40ba2 Mon Sep 17 00:00:00 2001 From: Andres Aguiar Date: Thu, 18 Sep 2025 19:53:45 -0300 Subject: [PATCH 2/3] "chore: updating SECURITY-INSIGHTS" --- .github/SECURITY-INSIGHTS.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/SECURITY-INSIGHTS.yml b/.github/SECURITY-INSIGHTS.yml index cd8d6b2..7558ef9 100644 --- a/.github/SECURITY-INSIGHTS.yml +++ b/.github/SECURITY-INSIGHTS.yml @@ -36,7 +36,7 @@ repository: self: evidence: https://github.com/cncf/tag-security/blob/main/community/assessments/projects/openfga/joint-assessment.md date: '2024-12-19' - comment: OpenFGA has completed a CNCF security join assessment with CNCF TAG-Security + comment: OpenFGA has completed a CNCF security joint assessment with CNCF TAG-Security tools: - name: Snyk From 492825a83b34842476e74cd8f38994a7601e6a92 Mon Sep 17 00:00:00 2001 From: Andres Aguiar Date: Thu, 18 Sep 2025 20:07:51 -0300 Subject: [PATCH 3/3] "chore: updating SECURITY-INSIGHTS" --- .github/SECURITY-INSIGHTS.yml | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/.github/SECURITY-INSIGHTS.yml b/.github/SECURITY-INSIGHTS.yml index 7558ef9..96b016e 100644 --- a/.github/SECURITY-INSIGHTS.yml +++ b/.github/SECURITY-INSIGHTS.yml @@ -1,7 +1,10 @@ +# Security Insights 2.0 file https://github.com/ossf/security-insights +# Specification: https://github.com/ossf/security-insights/tree/main/spec + header: schema-version: 2.0.0 - last-updated: '2025-07-26' - last-reviewed: '2025-07-26' + last-updated: '2025-09-18' + last-reviewed: '2025-09-18' url: https://github.com/openfga/model-visualizer project-si-source: https://raw.githubusercontent.com/openfga/.github/main/SECURITY-INSIGHTS.yml comment: In-browser visualizer for OpenFGA authorization models as a weighted graph which offers insights into their performance characteristics.