github.com/openfga/openfga@v1.5.4-rc1/SECURITY-INSIGHTS.yml (about) 1 header: 2 schema-version: 1.0.0 3 expiration-date: '2024-12-31T23:23:59.000Z' 4 last-updated: '2024-22-03' 5 last-reviewed: '2024-22-03' 6 commit-hash: e95aa72bf95485e03896709a096ad17f89f6fdad 7 project-url: https://github.com/openfga/openfga 8 project-release: '1.5.1' 9 changelog: https://github.com/openfga/openfga/CHANGELOG.md 10 license: https://raw.githubusercontent.com/openfga/openfga/main/LICENSE 11 project-lifecycle: 12 status: active 13 roadmap: https://github.com/orgs/openfga/projects/1 14 bug-fixes-only: false 15 core-maintainers: 16 - https://github.com/adriantam 17 - https://github.com/aaguiarz 18 - https://github.com/evansims 19 - https://github.com/ewanharris 20 - https://github.com/curfew-marathon 21 - https://github.com/jimmyjames 22 - https://github.com/jon-whit 23 - https://github.com/jpadilla 24 - https://github.com/miparnisari 25 - https://github.com/matthewpereira 26 - https://github.com/pdillon 27 - https://github.com/poovamraj 28 - https://github.com/rhamzeh 29 - https://github.com/sergiught 30 - https://github.com/stevehobbsdev 31 - https://github.com/ttrzeng 32 - https://github.com/vic-dev 33 - https://github.com/willvedd 34 - https://github.com/elbuo8 35 36 contribution-policy: 37 accepts-pull-requests: true 38 accepts-automated-pull-requests: true 39 automated-tools-list: 40 - automated-tool: dependabot 41 action: allowed 42 path: 43 - .github/workflows 44 - go.mod 45 - go.sum 46 - tools/go.mod 47 - tools/go.sum 48 - Dockerfile 49 - Dockerfile.goreleaser 50 - automated-tool: snyk 51 action: allowed 52 path: 53 - .github/workflows 54 - go.mod 55 - go.sum 56 - tools/go.mod 57 - tools/go.sum 58 - Dockerfile 59 - Dockerfile.goreleaser 60 contributing-policy: https://github.com/openfga/.github/blob/main/CONTRIBUTING.md 61 code-of-conduct: https://github.com/cncf/foundation/blob/main/code-of-conduct.md 62 documentation: 63 - https://openfga.dev 64 distribution-points: 65 - https://github.com/openfga/openfga 66 - https://hub.docker.com/r/openfga/openfga 67 security-testing: 68 - tool-type: sca 69 tool-name: Dependabot 70 tool-version: latest 71 integration: 72 ad-hoc: false 73 ci: true 74 before-release: true 75 comment: | 76 Dependabot is enabled for this repo. 77 - tool-type: sca 78 tool-name: Snyk 79 tool-version: latest 80 integration: 81 ad-hoc: false 82 ci: true 83 before-release: true 84 comment: | 85 Snyk is enabled for this repo. 86 - tool-type: sca 87 tool-name: Semgrep 88 tool-version: latest 89 tool-url: https://github.com/openfga/openfga/blob/main/.github/workflows/semgrep.yaml 90 integration: 91 ad-hoc: false 92 ci: true 93 before-release: true 94 comment: | 95 Semgrep is enabled for this repo. 96 security-contacts: 97 - type: email 98 value: security@openfga.dev 99 primary: true 100 vulnerability-reporting: 101 accepts-vulnerability-reports: true 102 email-contact: security@openfga.dev 103 security-policy: https://github.com/openfga/openfga/security/policy 104 bug-bounty-available: false 105 dependencies: 106 third-party-packages: true 107 dependencies-lists: 108 - https://github.com/openfga/openfga/blob/main/go.mod 109 - https://github.com/openfga/openfga/blob/main/tools/go.mod 110 sbom: 111 - sbom-file: https://github.com/openfga/openfga/releases/download/v1.5.1/openfga_1.5.1_linux_arm64.tar.gz.sbom 112 sbom-format: SPDX 113 sbom-url: https://github.com/openfga/openfga/releases 114 env-dependencies-policy: 115 policy-url: https://github.com/openfga/openfga/blob/main/docs/dependencies-policy.md 116 security-artifacts: 117 threat-model: 118 threat-model-created: false 119 self-assessment: 120 self-assessment-created: true 121 evidence-url: 122 - https://github.com/cncf/tag-security/blob/main/assessments/projects/openfga/self-assessment.md