docs: add security insights and update community details 📚

- Add SECURITY-INSIGHTS.yml with detailed security policy and project information.
- Update README.md with security insights reference and minor community section edits.
- Include software bill of materials badge in README.md.

Signed-off-by: mingcheng <mingcheng@antgroup.com>

Author: gaius-qi

README.md

@@ -62,6 +62,10 @@ you can see the [full report](docs/security/dragonfly-comprehensive-report-2023.
 
 If you discover a security vulnerability within Dragonfly, please report it according to our [Security Policy](https://github.com/dragonflyoss/community/blob/master/SECURITY.md).
 
+### Security Insights
+
+You can find the security insights on the [SECURITY-INSIGHTS.yml](SECURITY-INSIGHTS.yml) file.
+
 ## Community
 
 Join the conversation and help the community. We have a number of ways for you to get involved:
@@ -91,7 +95,7 @@ You should check out our
 
 ## Code of Conduct
 
-Please refer to our [Code of Conduct][codeconduct].
+Please refer to our [Code of Conduct][codeconduct] which applies to all Dragonfly community members.
 
 [arch]: docs/images/arch.png
 [logo-linear]: docs/images/logo/dragonfly-linear.svg
@@ -100,3 +104,7 @@ Please refer to our [Code of Conduct][codeconduct].
 [codeconduct]: https://github.com/dragonflyoss/community/blob/master/CODE_OF_CONDUCT.md
 [d7y.io]: https://d7y.io/
 [dingtalk]: docs/images/community/dingtalk-group.jpeg
+
+## Software bill of materials
+
+[![FOSSA Status](https://app.fossa.com/api/projects/git%2Bgithub.com%2Fdragonflyoss%2Fdragonfly.svg?type=large)](https://app.fossa.com/projects/git%2Bgithub.com%2Fdragonflyoss%2Fdragonfly?ref=badge_large)

SECURITY-INSIGHTS.yml

@@ -0,0 +1,61 @@
+# SECURITY-INSIGHTS.yml for DragonflyOSS/Dragonfly
+# This file describes the security policy and insights for the Dragonfly project.
+
+# Version of the SECURITY-INSIGHTS schema.
+version: 1.0
+
+# Basic information about the project.
+project:
+  name: Dragonfly
+  description: Dragonfly is an open source P2P-based file distribution and image acceleration system, hosted by the Cloud Native Computing Foundation (CNCF) as an Incubating Level Project.
+  homepage: https://d7y.io/
+  repository: https://github.com/dragonflyoss/Dragonfly
+
+# Security policy for the project.
+security_policy:
+  # URL or path to the project's security policy.
+  url: https://github.com/dragonflyoss/Dragonfly/blob/master/SECURITY.md
+  # Whether the project has a public security policy.
+  public: true
+
+# Supported versions and their security status.
+supported_versions:
+  - version: "2.x"
+    status: supported
+    end_of_support: null
+  - version: "1.x"
+    status: unsupported
+    end_of_support: "2023-02-27"  # Based on archived status mentioned in the repo.
+
+# Security contacts for the project.
+security_contacts:
+  - role: Security Team
+    name: Dragonfly Security Team
+    email: dragonfly-maintainers@googlegroups.com
+    preferred_contact_method: email
+
+# Information on vulnerability disclosure.
+vulnerability_disclosure:
+  policy: |
+    We encourage security researchers to report vulnerabilities to us privately before public disclosure. Please send an email to security@dragonflyoss.io with details of the vulnerability. We aim to acknowledge receipt within 48 hours and provide a detailed response within 7 days. After the issue is resolved, we will coordinate with you on public disclosure.
+  accepts_vulnerabilities: true
+  languages:
+    - English
+    - Chinese
+
+# Security features and practices implemented in the project.
+security_features:
+  # Does the project use dependency scanning?
+  dependency_scanning: true
+  # Does the project use static code analysis?
+  static_code_analysis: true
+  # Does the project use fuzzing?
+  fuzzing: true  # Based on audit information from the web.
+  # Does the project have automated tests?
+  automated_tests: true
+
+# Additional metadata or notes.
+metadata:
+  last_updated: 2025-07-08
+  notes: |
+    Dragonfly has moved significant development to Dragonfly2 repository (https://github.com/dragonflyoss/Dragonfly2). For the latest security information, please refer to the new repository.