-
Notifications
You must be signed in to change notification settings - Fork 55
Expand file tree
/
Copy pathSECURITY-INSIGHTS.yml
More file actions
109 lines (105 loc) · 3.1 KB
/
SECURITY-INSIGHTS.yml
File metadata and controls
109 lines (105 loc) · 3.1 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
header:
schema-version: 2.2.0
last-updated: '2026-02-25'
last-reviewed: '2026-02-25'
url: https://raw.githubusercontent.com/cloudnative-pg/postgres-containers/main/SECURITY-INSIGHTS.yml
# reference the main SECURITY-INSIGHTS file from CNPG repo
project-si-source: https://raw.githubusercontent.com/cloudnative-pg/cloudnative-pg/main/SECURITY-INSIGHTS.yml
repository:
url: https://github.com/cloudnative-pg/postgres-containers
status: active
accepts-change-request: true
accepts-automated-change-request: true
no-third-party-packages: false
core-team:
- name: Gabriele Bartolini
email: gabriele.bartolini@enterprisedb.com
primary: true
- name: Francesco Canovai
email: francesco.canovai@enterprisedb.com
primary: false
- name: Jonathan Gonzalez V.
email: jonathan.gonzalez@enterprisedb.com
primary: false
- name: Marco Nenciarini
email: marco.nenciarini@enterprisedb.com
primary: false
- name: Niccolò Fei
email: niccolo.fei@enterprisedb.com
primary: false
license:
url: https://www.apache.org/licenses/LICENSE-2.0
expression: Apache-2.0
release:
automated-pipeline: true
distribution-points:
- uri: https://github.com/cloudnative-pg/postgres-containers/pkgs/container/postgresql
comment: GitHub packages for Postgres container images
security:
tools:
- name: Dockle
type: container
rulesets: ["default"]
results: {}
comment: Lints container images for security best practices.
integration:
adhoc: false
ci: true
release: false
- name: Dependabot
type: SCA
rulesets: ["default"]
results: {}
integration:
adhoc: true
ci: false
release: false
- name: Renovate
type: SCA
rulesets: ["default"]
results: {}
integration:
adhoc: true
ci: true
release: false
- name: Snyk
type: container
rulesets: ["default"]
results: {}
comment: Scans container images for known vulnerabilities.
integration:
adhoc: false
ci: true
release: true
- name: Cosign
type: container
rulesets: ["default"]
results: {}
comment: Used to cryptographically sign container images.
integration:
adhoc: false
ci: true
release: true
- name: GitHub Code Scanning
type: SAST
rulesets: ["default"]
results: {}
comment: Ingests SARIF results from Snyk and Trivy for integrated GitHub security alerts.
integration:
adhoc: false
ci: true
release: true
- name: Trivy
type: container
rulesets: ["default"]
results: {}
comment: |
Scans container images and file systems for vulnerabilities and
misconfigurations.
integration:
adhoc: false
ci: true
release: true
assessments:
self:
comment: Refer to the main project.