Skip to content

Update SECURITY-INSIGHTS #1111

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
wants to merge 4 commits into
base: main
Choose a base branch
from
Open

Update SECURITY-INSIGHTS #1111

Changes from all commits
Commits
Show all changes
4 commits
Select commit Hold shift + click to select a range
c937fb6
"chore: updating SECURITY-INSIGHTS"
aaguiarz Sep 18, 2025
80076c5
"chore: updating SECURITY-INSIGHTS"
aaguiarz Sep 18, 2025
b4c1ae0
"chore: updating SECURITY-INSIGHTS"
aaguiarz Sep 18, 2025
faa078c
"chore: updating SECURITY-INSIGHTS"
aaguiarz Sep 18, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
79 changes: 45 additions & 34 deletions .github/SECURITY-INSIGHTS.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,9 +1,10 @@
# Security Insights 2.0 file https://github.com/ossf/security-insights
# Schema: https://github.com/ossf/security-insights/blob/main/spec/schema.cue
# Security Insights 2.0 file https://github.com/ossf/security-insights
# Specification: https://github.com/ossf/security-insights/tree/main/spec

header:
schema-version: 2.0.0
last-updated: '2025-07-26'
last-reviewed: '2025-07-26'
last-updated: '2025-09-18'
last-reviewed: '2025-09-18'
url: https://github.com/openfga/openfga.dev
project-si-source: https://raw.githubusercontent.com/openfga/.github/main/SECURITY-INSIGHTS.yml
comment: OpenFGA website and documentation.
Expand All @@ -16,31 +17,31 @@ repository:
accepts-automated-change-request: true
no-third-party-packages: false
core-team:
- name: Andres Aguiar
affiliation: Okta
email: [email protected]
social: https://github.com/aaguiarz
primary: true
- name: Daniel Yeam
affiliation: Okta
email: [email protected]
social: https://github.com/dyeam0
- name: Patrick Dillon
affiliation: Okta
email: [email protected]
social: https://github.com/pdillon
- name: Rishav Mishra
affiliation: Okta
email: [email protected]
social: https://github.com/rishavmishra-okta
- name: Talent Zeng
affiliation: Okta
email: [email protected]
social: https://github.com/ttrzeng
- name: Tyler Nix
affiliation: Okta
email: [email protected]
social: https://github.com/tylernix
- name: Andres Aguiar
affiliation: Okta
email: [email protected]
social: https://github.com/aaguiarz
primary: true
- name: Daniel Yeam
affiliation: Okta
email: [email protected]
social: https://github.com/dyeam0
- name: Patrick Dillon
affiliation: Okta
email: [email protected]
social: https://github.com/pdillon
- name: Rishav Mishra
affiliation: Okta
email: [email protected]
social: https://github.com/rishavmishra-okta
- name: Talent Zeng
affiliation: Okta
email: [email protected]
social: https://github.com/ttrzeng
- name: Tyler Nix
affiliation: Okta
email: [email protected]
social: https://github.com/tylernix

license:
url: https://raw.githubusercontent.com/openfga/openfga.dev/main/LICENSE
Expand All @@ -51,14 +52,14 @@ repository:
dependency-management-policy: https://github.com/openfga/openfga/blob/main/docs/dependencies-policy.md
governance: https://github.com/openfga/.github/blob/main/GOVERNANCE.md
review-policy: https://github.com/openfga/.github/blob/main/CONTRIBUTING.md
security-policy: https://github.com/openfga/openfga.dev/security.md
security-policy: https://github.com/openfga/openfga.dev/SECURITY.md
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

⚠️ Potential issue

🧩 Analysis chain

Verify SECURITY.md path exists on main.

Link casing changed; likely correct. Please verify the file exists.

Run:

Also consider updating header.last-updated/last-reviewed to 2025-09-18 to reflect this change.

🏁 Script executed:

#!/bin/bash
set -euo pipefail
for url in \
  https://raw.githubusercontent.com/openfga/openfga.dev/main/SECURITY.md \
  https://raw.githubusercontent.com/openfga/openfga.dev/main/security.md
do
  code=$(curl -sI "$url" | awk 'NR==1{print $2}')
  echo "$code  $url"
done

Length of output: 151

Fix broken security-policy link (SECURITY.md missing on main)

Verification: both checked URLs returned 404:

Actions:

  • Add SECURITY.md to the repo root on main OR update .github/SECURITY-INSIGHTS.yml (line 52) to point to the correct security-policy URL/path.
  • Set header.last-updated / last-reviewed to 2025-09-18 after the change.
🤖 Prompt for AI Agents 
.github/SECURITY-INSIGHTS.yml around line 52: the security-policy URL points to
https://github.com/openfga/openfga.dev/SECURITY.md which 404s on main; fix by
either adding a SECURITY.md file to the repo root on main or updating the
security-policy value to the correct existing path/URL (e.g., point to the
lowercase security.md or the raw URL that works), and after making that change
set header.last-updated and header.last-reviewed to 2025-09-18.


security:
assessments:
self:
evidence: https://github.com/cncf/tag-security/blob/main/community/assessments/projects/openfga/joint-assessment.md
date: '2024-12-19'
comment: OpenFGA has completed a CNCF security joint assessment with CNCF TAG Security and Compliance
comment: OpenFGA has completed a CNCF security joint assessment with CNCF TAG-Security

tools:
- name: Dependabot
Expand All @@ -70,7 +71,7 @@ repository:
adhoc: false
ci: true
release: true
comment: Dependabot is enabled for this repo to automatically update dependencies.
comment: Dependabot is enabled for this repository to automatically update dependencies.
- name: Snyk
type: SCA
version: latest
Expand All @@ -80,9 +81,9 @@ repository:
adhoc: false
ci: true
release: true
comment: Snyk is enabled for this repo to scan for vulnerabilities.
comment: Snyk is enabled for this repository to scan for vulnerabilities.
- name: Socket
type: other
type: SCA
version: latest
rulesets:
- built-in
Expand All @@ -91,3 +92,13 @@ repository:
ci: true
release: true
comment: Socket is enabled for this repo to scan for supply chain security vulnerabilities.
- name: OSSF Scorecard
type: SCA
version: latest
rulesets:
- built-in
integration:
adhoc: false
ci: true
release: true
comment: OSSF Scorecard is enabled for this repository
Loading