Update SECURITY-INSIGHTS (#194)

aaguiarz · web-flow · commit b3ccf6fd7027 · 2025-08-07T11:41:26.000Z
* "chore: updating SECURITY-INSIGHTS"

* "chore: updating SECURITY-INSIGHTS"

* "chore: updating SECURITY-INSIGHTS"

* "chore: updating SECURITY-INSIGHTS"

* "chore: updating SECURITY-INSIGHTS"

* "chore: updating SECURITY-INSIGHTS"

* "chore: updating SECURITY-INSIGHTS"

* "chore: updating SECURITY-INSIGHTS"
diff --git a/.github/SECURITY-INSIGHTS.yml b/.github/SECURITY-INSIGHTS.yml
@@ -0,0 +1,95 @@
+# Security Insights 2.0 file https://github.com/ossf/security-insights
+# Schema: https://github.com/ossf/security-insights/blob/main/spec/schema.cue
+header:
+  schema-version: 2.0.0
+  last-updated: '2025-07-26'
+  last-reviewed: '2025-07-26'
+  url: https://github.com/openfga/java-sdk
+  project-si-source: https://raw.githubusercontent.com/openfga/.github/main/SECURITY-INSIGHTS.yml
+  comment: OpenFGA SDK for Java.
+
+repository:
+  url: https://github.com/openfga/java-sdk
+  status: active
+  bug-fixes-only: false
+  accepts-change-request: true
+  accepts-automated-change-request: true
+  no-third-party-packages: false
+  core-team:
+    - name: Jim Anderson
+      affiliation: Okta
+      email: jim.anderson@okta.com
+      social: https://github.com/jimmyjames
+      primary: true
+    - name: Adrian Tam
+      affiliation: Okta
+      email: adrian.tam@okta.com
+      social: https://github.com/adriantam
+    - name: Ewan Harris
+      affiliation: Okta
+      email: ewan.harris@okta.com
+      social: https://github.com/ewanharris
+    - name: Raghd Hamzeh
+      affiliation: Okta
+      email: raghd.hamzeh@okta.com
+      social: https://github.com/rhamzeh
+
+  license:
+    url: https://raw.githubusercontent.com/openfga/java-sdk/main/LICENSE
+    expression: Apache-2.0
+  release:
+    changelog: https://github.com/openfga/java-sdk/releases
+    automated-pipeline: true
+    distribution-points:
+      - uri: https://github.com/openfga/java-sdk/releases
+        comment: GitHub Release Page
+
+  documentation:
+    contributing-guide: https://github.com/openfga/.github/blob/main/CONTRIBUTING.md
+    dependency-management-policy: https://github.com/openfga/openfga/blob/main/docs/dependencies-policy.md
+    governance: https://github.com/openfga/.github/blob/main/GOVERNANCE.md
+    review-policy: https://github.com/openfga/.github/blob/main/CONTRIBUTING.md
+    security-policy: https://github.com/openfga/java-sdk/security.md
+
+  security:
+    assessments:
+      self:
+        evidence: https://github.com/cncf/tag-security/blob/main/community/assessments/projects/openfga/joint-assessment.md
+        date: '2024-12-19'
+        comment: OpenFGA has completed a CNCF security joint assessment with CNCF TAG Security and Compliance
+
+    champions:
+      - name: Ewan Harris
+        email: ewan.harris@okta.com
+        primary: true
+    tools:
+      - name: Dependabot
+        type: SCA
+        version: latest
+        rulesets:
+          - built-in
+        integration:
+          adhoc: false
+          ci: true
+          release: true
+        comment: Dependabot is enabled for this repo to automatically update dependencies.
+      - name: Snyk
+        type: SCA
+        version: latest
+        rulesets:
+          - built-in
+        integration:
+          adhoc: false
+          ci: true
+          release: true
+        comment: Snyk is enabled for this repo to scan for vulnerabilities.
+      - name: Socket
+        type: other
+        version: latest
+        rulesets:
+          - built-in
+        integration:
+          adhoc: false
+          ci: true
+          release: true
+        comment: Socket is enabled for this repo to scan for supply chain security vulnerabilities.
