chore: add SECURITY-INSIGHTS.yml #16135
Conversation
Codecov ReportAll modified and coverable lines are covered by tests ✅
Additional details and impacted files@@ Coverage Diff @@
## master #16135 +/- ##
==========================================
- Coverage 49.56% 49.43% -0.14%
==========================================
Files 269 269
Lines 46668 46788 +120
==========================================
- Hits 23131 23128 -3
- Misses 21263 21385 +122
- Partials 2274 2275 +1 ☔ View full report in Codecov by Sentry. |
| # Replace the 'project-release: vX.X.X-rcX' line in SECURITY-INSIGHTS.yml | ||
| sed -i "s/project-release: v.*$/project-release: v${{ env.NEW_VERSION }}/" SECURITY-INSIGHTS.yml | ||
| # Update the 'commit-hash: XXXXXXX' line in SECURITY-INSIGHTS.yml | ||
| sed -i "s/commit-hash: .*/commit-hash: ${{ env.NEW_VERSION }}/" SECURITY-INSIGHTS.yml |
There was a problem hiding this comment.
So I don't think this is actually supposed to be auto-updated. Since the SECURITY-INSIGHTS.yml is meant to be manually reviewed, it would be updated the next time it is manually reviewed, is my understanding of it.
Although the spec explicitly carves out that last-updated does not include commit-hash or project-release, which could suggest the opposite
There was a problem hiding this comment.
The update will be in a PR rather than auto-committed. How about updating the last-reviewed time as well and just adding a note to the PR that the reviewer should make sure the insights doc is up to date?
There was a problem hiding this comment.
I was thinking of just manually reviewing it once a year and just updating it then. Least effort 🤷
Ofc if we change tooling etc, then can update it simultaneously as well, but otherwise I was thinking of updating it as infrequently as possible.
There was a problem hiding this comment.
I was thinking of just manually reviewing it once a year and just updating it then
That will never happen, I can assure you 😅
There was a problem hiding this comment.
It has to be manually reviewed at least once a year per the expiration-date
There was a problem hiding this comment.
The date has to be manually bumped every year. 😉
Signed-off-by: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com> automation Signed-off-by: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com> Update SECURITY-INSIGHTS.yml Co-authored-by: jannfis <jann@mistrust.net> Signed-off-by: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com> Update SECURITY-INSIGHTS.yml Update SECURITY-INSIGHTS.yml Co-authored-by: Anton Gilgur <4970083+agilgur5@users.noreply.github.com> Signed-off-by: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com> Update SECURITY-INSIGHTS.yml Co-authored-by: Anton Gilgur <4970083+agilgur5@users.noreply.github.com> Signed-off-by: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com> add snyk as security tester Signed-off-by: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com> reorganize Signed-off-by: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com>
crenshaw-dev
force-pushed
the
security-insights
branch
from
bddc1c2 to
e12d2e3
Compare
automation Update SECURITY-INSIGHTS.yml Update SECURITY-INSIGHTS.yml Update SECURITY-INSIGHTS.yml Update SECURITY-INSIGHTS.yml add snyk as security tester reorganize Signed-off-by: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com> Signed-off-by: jmilic1 <70441727+jmilic1@users.noreply.github.com>
automation Update SECURITY-INSIGHTS.yml Update SECURITY-INSIGHTS.yml Update SECURITY-INSIGHTS.yml Update SECURITY-INSIGHTS.yml add snyk as security tester reorganize Signed-off-by: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com>
automation Update SECURITY-INSIGHTS.yml Update SECURITY-INSIGHTS.yml Update SECURITY-INSIGHTS.yml Update SECURITY-INSIGHTS.yml add snyk as security tester reorganize Signed-off-by: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com>
automation Update SECURITY-INSIGHTS.yml Update SECURITY-INSIGHTS.yml Update SECURITY-INSIGHTS.yml Update SECURITY-INSIGHTS.yml add snyk as security tester reorganize Signed-off-by: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com> Signed-off-by: Kevin Lyda <kevin@lyda.ie>
automation Update SECURITY-INSIGHTS.yml Update SECURITY-INSIGHTS.yml Update SECURITY-INSIGHTS.yml Update SECURITY-INSIGHTS.yml add snyk as security tester reorganize Signed-off-by: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com>
Adding security insights in support of the CNCF Security Slam 2023 event. The spec is defined here: https://github.com/ossf/security-insights-spec