mirror of
https://github.com/prometheus/prometheus.git
synced 2024-12-24 21:24:05 -08:00
chore: provide OSSF security insight
Signed-off-by: Matthieu MOREL <matthieu.morel35@gmail.com>
This commit is contained in:
parent
1561815732
commit
2880ee8e46
|
@ -12,9 +12,10 @@ examples and guides.</p>
|
||||||
[![Docker Pulls](https://img.shields.io/docker/pulls/prom/prometheus.svg?maxAge=604800)][hub]
|
[![Docker Pulls](https://img.shields.io/docker/pulls/prom/prometheus.svg?maxAge=604800)][hub]
|
||||||
[![Go Report Card](https://goreportcard.com/badge/github.com/prometheus/prometheus)](https://goreportcard.com/report/github.com/prometheus/prometheus)
|
[![Go Report Card](https://goreportcard.com/badge/github.com/prometheus/prometheus)](https://goreportcard.com/report/github.com/prometheus/prometheus)
|
||||||
[![CII Best Practices](https://bestpractices.coreinfrastructure.org/projects/486/badge)](https://bestpractices.coreinfrastructure.org/projects/486)
|
[![CII Best Practices](https://bestpractices.coreinfrastructure.org/projects/486/badge)](https://bestpractices.coreinfrastructure.org/projects/486)
|
||||||
|
[![OpenSSF Scorecard](https://api.securityscorecards.dev/projects/github.com/prometheus/prometheus/badge)](https://securityscorecards.dev/viewer/?uri=github.com/prometheus/prometheus)
|
||||||
|
[![CLOMonitor](https://img.shields.io/endpoint?url=https://clomonitor.io/api/projects/cncf/prometheus/badge)](https://clomonitor.io/projects/cncf/prometheus)
|
||||||
[![Gitpod ready-to-code](https://img.shields.io/badge/Gitpod-ready--to--code-blue?logo=gitpod)](https://gitpod.io/#https://github.com/prometheus/prometheus)
|
[![Gitpod ready-to-code](https://img.shields.io/badge/Gitpod-ready--to--code-blue?logo=gitpod)](https://gitpod.io/#https://github.com/prometheus/prometheus)
|
||||||
[![Fuzzing Status](https://oss-fuzz-build-logs.storage.googleapis.com/badges/prometheus.svg)](https://bugs.chromium.org/p/oss-fuzz/issues/list?sort=-opened&can=1&q=proj:prometheus)
|
[![Fuzzing Status](https://oss-fuzz-build-logs.storage.googleapis.com/badges/prometheus.svg)](https://bugs.chromium.org/p/oss-fuzz/issues/list?sort=-opened&can=1&q=proj:prometheus)
|
||||||
[![OpenSSF Scorecard](https://api.securityscorecards.dev/projects/github.com/prometheus/prometheus/badge)](https://securityscorecards.dev/viewer/?uri=github.com/prometheus/prometheus)
|
|
||||||
|
|
||||||
</div>
|
</div>
|
||||||
|
|
||||||
|
|
48
SECURITY-INSIGHTS.yml
Normal file
48
SECURITY-INSIGHTS.yml
Normal file
|
@ -0,0 +1,48 @@
|
||||||
|
header:
|
||||||
|
schema-version: '1.0.0'
|
||||||
|
expiration-date: '2025-07-30T01:00:00.000Z'
|
||||||
|
last-updated: '2024-07-30'
|
||||||
|
last-reviewed: '2024-07-30'
|
||||||
|
project-url: https://github.com/prometheus/prometheus
|
||||||
|
changelog: https://github.com/prometheus/prometheus/blob/main/CHANGELOG.md
|
||||||
|
license: https://github.com/prometheus/prometheus/blob/main/LICENSE
|
||||||
|
project-lifecycle:
|
||||||
|
status: active
|
||||||
|
bug-fixes-only: false
|
||||||
|
core-maintainers:
|
||||||
|
- https://github.com/prometheus/prometheus/blob/main/MAINTAINERS.md
|
||||||
|
contribution-policy:
|
||||||
|
accepts-pull-requests: true
|
||||||
|
accepts-automated-pull-requests: true
|
||||||
|
dependencies:
|
||||||
|
third-party-packages: true
|
||||||
|
dependencies-lists:
|
||||||
|
- https://github.com/prometheus/prometheus/blob/main/go.mod
|
||||||
|
- https://github.com/prometheus/prometheus/blob/main/web/ui/package.json
|
||||||
|
env-dependencies-policy:
|
||||||
|
policy-url: https://github.com/prometheus/prometheus/blob/main/CONTRIBUTING.md#dependency-management
|
||||||
|
distribution-points:
|
||||||
|
- https://github.com/prometheus/prometheus/releases
|
||||||
|
documentation:
|
||||||
|
- https://prometheus.io/docs/introduction/overview/
|
||||||
|
security-contacts:
|
||||||
|
- type: email
|
||||||
|
value: prometheus-team@googlegroups.com
|
||||||
|
security-testing:
|
||||||
|
- tool-type: sca
|
||||||
|
tool-name: Dependabot
|
||||||
|
tool-version: latest
|
||||||
|
integration:
|
||||||
|
ad-hoc: false
|
||||||
|
ci: true
|
||||||
|
before-release: true
|
||||||
|
- tool-type: sast
|
||||||
|
tool-name: CodeQL
|
||||||
|
tool-version: latest
|
||||||
|
integration:
|
||||||
|
ad-hoc: false
|
||||||
|
ci: true
|
||||||
|
before-release: true
|
||||||
|
vulnerability-reporting:
|
||||||
|
accepts-vulnerability-reports: true
|
||||||
|
security-policy: https://github.com/prometheus/prometheus/security/policy
|
Loading…
Reference in a new issue