[Devtools] Add Security Insights for CNCF#1236
[Devtools] Add Security Insights for CNCF#1236Jdubrick wants to merge 2 commits intodevfile:mainfrom
Conversation
Signed-off-by: Jordan Dubrick <jdubrick@redhat.com>
|
[APPROVALNOTIFIER] This PR is NOT APPROVED This pull-request has been approved by: Jdubrick The full list of commands accepted by this bot can be found here. DetailsNeeds approval from an approver in each of these files:Approvers can indicate their approval by writing |
| last-reviewed: '2024-03-01' | ||
| expiration-date: '2025-03-01T10:00:00.000Z' | ||
| project-url: https://github.com/devfile/devworkspace-operator | ||
| project-release: '0.26.0' |
There was a problem hiding this comment.
I assume this needs to be updated at every release of DWO?
| expiration-date: '2025-03-01T10:00:00.000Z' | ||
| project-url: https://github.com/devfile/devworkspace-operator | ||
| project-release: '0.26.0' | ||
| commit-hash: '067847d900c18a3fe0d47de920a9ce77af29e722' |
There was a problem hiding this comment.
Is this commit hash supposed to relate to the released version (i.e. 0.26.0) or the latest commit on the main branch?
| core-maintainers: | ||
| - github:AObuchow | ||
| - github:dkwon17 | ||
| release-cycle: https://github.com/devfile/devworkspace-operator/blob/main/docs/release/README.md |
There was a problem hiding this comment.
Not entirely sure if this field is supposed to point to the release documentation or the release cadence? We usually release DWO upstream in advance of an Eclipse Che release, as Eclipse Che depends on DWO.
Signed-off-by: Jordan Dubrick <jdubrick@redhat.com>
Hey Andrew that is my fault, I forgot to include the link in my description. You can find it here: https://github.com/ossf/security-insights-spec/blob/main/specification.md To answer your comments:
|
As we are currently working through this to add the insight file to Devfile repos can we place this PR on hold until it is fully hashed out? Noticing issues related to certain fields in one of our other repos. cc @AObuchow |
2 participants
What does this PR do?
This PR adds the
SECURITY-INSIGHTS.ymlfile that is required as part of devfile/api#1396. This is due to an effort to increase our score on the CLOMonitor where we are actively trying to improve our repositories and adhere to open source best practices. The addition of this file will provide the monitor with valuable information such as current release, licensing, repo activity status, current maintainers, contributing policy and dependencies.What issues does this PR fix or reference?
fixes devfile/api#1396
Is it tested? How?
No testing required the file does not alter the way the project works.
PR Checklist
/test v8-devworkspace-operator-e2e, v8-che-happy-pathto trigger)v8-devworkspace-operator-e2e: DevWorkspace e2e testv8-che-happy-path: Happy path for verification integration with Che