github.com/cilium/cilium@v1.16.2/SECURITY-INSIGHTS.yml

github.com/cilium/cilium@v1.16.2/SECURITY-INSIGHTS.yml (about)

     1  header:
     2    schema-version: '1.0.0'
     3    expiration-date: '2025-01-26T01:00:00.000Z'
     4    last-updated: '2024-01-26'
     5    last-reviewed: '2024-01-26'
     6    project-url: https://github.com/cilium/cilium
     7    license: https://github.com/cilium/cilium/blob/main/LICENSE
     8  project-lifecycle:
     9    status: active
    10    bug-fixes-only: false
    11    core-maintainers:
    12      - https://github.com/cilium/cilium/blob/main/MAINTAINERS.md
    13    roadmap: https://docs.cilium.io/en/stable/community/roadmap
    14  contribution-policy:
    15    accepts-pull-requests: true
    16    accepts-automated-pull-requests: true
    17  dependencies:
    18    third-party-packages: true
    19    dependencies-lists:
    20      - https://github.com/cilium/cilium/blob/main/go.mod
    21    sbom:
    22      - sbom-format: SPDX
    23        sbom-url: https://docs.cilium.io/en/stable/configuration/sbom
    24  distribution-points:
    25    - https://github.com/cilium/cilium
    26    - https://hub.docker.com/u/cilium
    27    - https://quay.io/organization/cilium
    28  documentation:
    29    - https://docs.cilium.io/en/stable/
    30  security-assessments:
    31    - auditor-name: ADA Logics
    32      auditor-url: https://adalogics.com
    33      auditor-report: https://github.com/cilium/cilium.io/blob/main/Security-Reports/CiliumSecurityAudit2022.pdf
    34      report-year: 2022
    35    - auditor-name: ADA Logics
    36      auditor-url: https://adalogics.com
    37      auditor-report: https://github.com/cilium/cilium.io/blob/main/Security-Reports/CiliumFuzzingAudit2022.pdf
    38      report-year: 2022
    39  security-contacts:
    40    - type: email
    41      value: security@cilium.io
    42  security-testing:
    43  - tool-type: sca
    44    tool-name: Mend Renovate
    45    tool-url: https://www.mend.io/renovate
    46    tool-version: latest
    47    integration:
    48      ad-hoc: false
    49      ci: true
    50      before-release: true
    51  - tool-type: fuzzer
    52    tool-name: OSS-Fuzz
    53    tool-url: https://github.com/google/oss-fuzz
    54    tool-version: latest
    55    integration:
    56      ad-hoc: false
    57      ci: true
    58      before-release: true
    59  - tool-type: sast
    60    tool-name: Grype
    61    tool-url: https://github.com/anchore/grype
    62    tool-version: latest
    63    integration:
    64      ad-hoc: false
    65      ci: true
    66      before-release: true
    67  vulnerability-reporting:
    68    accepts-vulnerability-reports: true
    69    security-policy: https://github.com/cilium/cilium/security