From faa09f7a33251927d94aeff53f4533183b50530e Mon Sep 17 00:00:00 2001 From: Sandipan Panda Date: Sat, 16 Dec 2023 21:09:35 +0530 Subject: [PATCH] Add SECURITY-INSIGHTS.yml Security Insights is a new security documentation specification from OpenSSF, which has been adopted by CNCF through the CLOMonitor. This specification provides a mechanism for projects to report information about their security in a machine-processable way. Some CLOMonitor checks will look for this file to find more information about the project. Ref: https://clomonitor.io/docs/topics/checks/#security-insights Signed-off-by: Sandipan Panda --- SECURITY-INSIGHTS.yml | 80 +++++++++++++++++++ .../en/docs/contrib/releasing/binaries.md | 3 + 2 files changed, 83 insertions(+) create mode 100644 SECURITY-INSIGHTS.yml diff --git a/SECURITY-INSIGHTS.yml b/SECURITY-INSIGHTS.yml new file mode 100644 index 000000000000..ce89ca7c6ad4 --- /dev/null +++ b/SECURITY-INSIGHTS.yml @@ -0,0 +1,80 @@ +header: + schema-version: 1.0.0 + expiration-date: '2024-12-17T01:00:00.000Z' + last-updated: '2023-12-17' + last-reviewed: '2023-12-17' + commit-hash: 8220a6eb95f0a4d75f7f2d7b14cef975f050512d + project-url: https://github.com/kubernetes/minikube + project-release: '1.32.0' + changelog: https://github.com/kubernetes/minikube/blob/master/CHANGELOG.md + license: https://github.com/kubernetes/minikube/blob/master/LICENSE +project-lifecycle: + status: active + roadmap: https://minikube.sigs.k8s.io/docs/contrib/roadmap/ + bug-fixes-only: false + core-maintainers: + - https://github.com/kubernetes/minikube/blob/master/OWNERS + release-cycle: https://minikube.sigs.k8s.io/docs/contrib/release_schedule/ + release-process: https://minikube.sigs.k8s.io/docs/contrib/releasing/ +contribution-policy: + accepts-pull-requests: true + accepts-automated-pull-requests: true + automated-tools-list: + - automated-tool: dependabot + action: allowed + path: + - / + - automated-tool: minikube-bot + action: allowed + path: + - / + - automated-tool: k8s-ci-robot + action: allowed + path: + - / + contributing-policy: https://minikube.sigs.k8s.io/docs/contrib/guide/ + code-of-conduct: https://github.com/kubernetes/minikube/blob/master/code-of-conduct.md +documentation: + - https://minikube.sigs.k8s.io/docs/ +distribution-points: + - https://github.com/kubernetes/minikube/releases +security-artifacts: + threat-model: + threat-model-created: false + self-assessment: + self-assessment-created: false +security-testing: + - tool-type: sca + tool-name: Dependabot + tool-version: "2" + tool-url: https://github.com/dependabot + integration: + ad-hoc: false + ci: true + before-release: false + tool-rulesets: + - https://github.com/kubernetes/minikube/blob/master/.github/dependabot.yml + - tool-type: sca + tool-name: minikube-bot + tool-version: latest + tool-url: https://github.com/minikube-bot + tool-rulesets: + - built-in + integration: + ad-hoc: false + ci: true + before-release: false +security-contacts: + - type: email + value: security@kubernetes.io + primary: true +vulnerability-reporting: + accepts-vulnerability-reports: true + email-contact: security@kubernetes.io + security-policy: https://github.com/kubernetes/minikube/blob/master/SECURITY.md + bug-bounty-available: true + bug-bounty-url: https://hackerone.com/kubernetes +dependencies: + third-party-packages: true + dependencies-lists: + - https://github.com/kubernetes/minikube/blob/master/go.mod diff --git a/site/content/en/docs/contrib/releasing/binaries.md b/site/content/en/docs/contrib/releasing/binaries.md index 63fc912a73c3..54320b9cdc48 100644 --- a/site/content/en/docs/contrib/releasing/binaries.md +++ b/site/content/en/docs/contrib/releasing/binaries.md @@ -107,6 +107,9 @@ Verify release checksums by running `make check-release` If there are major changes, please send a PR to update +## Update SECURITY-INSIGHTS.yml +Make appropriate changes to [SECURITY-INSIGHTS.yml](https://github.com/kubernetes/minikube/SECURITY-INSIGHTS.yml). Check [OPENSSF Security Insights Specification](https://github.com/ossf/security-insights-spec/blob/main/specification.md) for reference. + ## Announce Please mention the new release https://github.com/kubernetes/minikube/blob/master/README.md