Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

APPSECTOOLS-14464 Sec Onboard: Repo Contact Info #8

Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
61 changes: 61 additions & 0 deletions .security_config/security_contact.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,61 @@
# This file contains contact info for the team that maintains
# this repo. This information will be used by security in the
# event that we need to contact you about security issues
# discovered in this code.
#
# See https://wolinks.com/repocontact for more information.
#
# You may use the Red Hat YAML extension in VS Code to validate this file.
# yaml-language-server: $schema=https://security-api.appsec.inday.io/schemas/security_contact.json

version: '1.0'

# Owners identify the individuals/groups who maintain this repo.
owners:
# Users are Corp AD/LDAP usernames (CNs), prefixed with 'corp:'.
# We require at least one user to be specified to allow us to
# map users into WoW. This might be the manager or tech lead
# for this repo.
users:
- corp:CHANGEME
# Groups are optional, but allow you to point to existing AD/LDAP
# user groups (CNs), prefixed with 'corp:'. This might be your
# team's existing DL group or similar. You may remove 'groups' or
# keep it empty if you are not using any groups.
groups:
- corp:CHANGEME

# Specify how you would like to be contacted if security finds an issue
# in your code. You must provide at least one contact method. You may
# remove any contact methods you are not using. You may set 'notify' to
# 'false' for cases where you'd like to list a contact method for
# completeness, but don't actually want us to send automated alerts to it.
contact:
jira:
- project: CHANGEME
component: CHANGEME_OPTIONAL
notify: true
slack:
- channel: CHANGEME
notify: true
email:
- address: [email protected]
notify: false

# Which services does the code in this repo support?
# Service names should match those in https://wolinks.com/servicenames.
# This field also supports some special values for repos that do not
# directly host code for production services, including:
# - LIBRARY: For cases where the repo is a library imported by prod services
# - BUILDTOOL: For cases where the repo is a tool that builds prod services
# - LEGACY: For cases where the repo is no longer in use
# - NONE: For cases where the repo does not support prod services or fall
# into any of the other categories above.
services:
- CHANGEME

# Which service account(s) does your team use with artifactory? You may
# this or leave a blank list if this repo does not store build artifacts
# in artifactory.
service_accounts:
- CHANGEME
Loading