Skip to content
Open
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
54 changes: 54 additions & 0 deletions .github/SECURITY-INSIGHTS.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,54 @@
# Security Insights 2.0 file https://github.com/ossf/security-insights
# Specification: https://github.com/ossf/security-insights/tree/main/spec

header:
schema-version: 2.0.0
last-updated: '2025-09-18'
last-reviewed: '2025-09-18'
url: https://github.com/openfga/model-visualizer
project-si-source: https://raw.githubusercontent.com/openfga/.github/main/SECURITY-INSIGHTS.yml
comment: In-browser visualizer for OpenFGA authorization models as a weighted graph which offers insights into their performance characteristics.

repository:
url: https://github.com/openfga/model-visualizer
status: active
bug-fixes-only: false
accepts-change-request: true
accepts-automated-change-request: true
no-third-party-packages: false
core-team:
- name: Will Vedder
affiliation: Okta
email: will.vedder@okta.com
social: https://github.com/willvedd
primary: true

license:
url: https://raw.githubusercontent.com/openfga/model-visualizer/main/LICENSE
expression: Apache-2.0

documentation:
contributing-guide: https://github.com/openfga/.github/blob/main/CONTRIBUTING.md
dependency-management-policy: https://github.com/openfga/openfga/blob/main/docs/dependencies-policy.md
governance: https://github.com/openfga/.github/blob/main/GOVERNANCE.md
review-policy: https://github.com/openfga/.github/blob/main/CONTRIBUTING.md
security-policy: https://github.com/openfga/model-visualizer/SECURITY.md
Comment thread
aaguiarz marked this conversation as resolved.
Comment thread
aaguiarz marked this conversation as resolved.

security:
assessments:
self:
evidence: https://github.com/cncf/tag-security/blob/main/community/assessments/projects/openfga/joint-assessment.md
date: '2024-12-19'
comment: OpenFGA has completed a CNCF security joint assessment with CNCF TAG-Security

tools:
- name: Snyk
type: SCA
version: latest
rulesets:
- built-in
integration:
adhoc: false
ci: true
release: true
comment: Snyk is enabled for this repository to scan for vulnerabilities.