From ba9d2b89843d4f992a2a9095c1f296dbe0b1d536 Mon Sep 17 00:00:00 2001 From: Andres Aguiar Date: Wed, 6 Aug 2025 07:23:03 -0300 Subject: [PATCH 1/8] "chore: updating SECURITY-INSIGHTS" --- .github/SECURITY-INSIGHTS.yml | 83 +++++++++++++++++++++++++++++++++++ 1 file changed, 83 insertions(+) create mode 100644 .github/SECURITY-INSIGHTS.yml diff --git a/.github/SECURITY-INSIGHTS.yml b/.github/SECURITY-INSIGHTS.yml new file mode 100644 index 0000000..6939bf7 --- /dev/null +++ b/.github/SECURITY-INSIGHTS.yml @@ -0,0 +1,83 @@ +header: + schema-version: 2.0.0 + last-updated: '2025-07-26' + last-reviewed: '2025-07-26' + url: https://github.com/openfga/python-sdk + project-si-source: https://raw.githubusercontent.com/openfga/.github/main/SECURITY-INSIGHTS.yml + comment: OpenFGA SDK for Python 3. + +repository: + url: https://github.com/openfga/python-sdk + status: active + bug-fixes-only: false + accepts-change-request: true + accepts-automated-change-request: true + no-third-party-packages: false + core-team: + - name: Evan Sims + affiliation: Okta + email: evan.sims@okta.com + social: https://github.com/evansims + primary: true + - name: Adrian Tam + affiliation: Okta + email: adrian.tam@okta.com + social: https://github.com/adriantam + - name: Ewan Harris + affiliation: Okta + email: ewan.harris@okta.com + social: https://github.com/ewanharris + - name: Raghd Hamzeh + affiliation: Okta + email: raghd.hamzeh@okta.com + social: https://github.com/rhamzeh + + license: + url: https://raw.githubusercontent.com/openfga/python-sdk/main/LICENSE + expression: Apache-2.0 + release: + changelog: https://github.com/openfga/python-sdk/releases + automated-pipeline: true + distribution-points: + - uri: https://github.com/openfga/python-sdk/releases + comment: GitHub Release Page + + documentation: + contributing-guide: https://github.com/openfga/.github/blob/main/CONTRIBUTING.md + dependency-management-policy: https://github.com/openfga/openfga/blob/main/docs/dependencies-policy.md + governance: https://github.com/openfga/.github/blob/main/GOVERNANCE.md + review-policy: https://github.com/openfga/.github/blob/main/CONTRIBUTING.md + security-policy: https://github.com/openfga/python-sdk/SECURITY.md + + security: + assessments: + self: + evidence: https://github.com/cncf/tag-security/blob/main/community/assessments/projects/openfga/joint-assessment.md + date: '2024-12-19' + comment: OpenFGA has completed a CNCF security join assessment with CNCF TAG-Security + + champions: + - name: Ewan Harris + email: ewan.harris@okta.com + primary: true + tools: + - name: Dependabot + type: SCA + version: latest + rulesets: + - built-in + integration: + adhoc: false + ci: true + release: true + comment: Dependabot is enabled for this repo to automatically update dependencies. + - name: Snyk + type: SCA + version: latest + rulesets: + - built-in + integration: + adhoc: false + ci: true + release: true + comment: Snyk is enabled for this repo to scan for vulnerabilities. From f7fe29a84fe5ff42ab50166cf49def94cdeeecd5 Mon Sep 17 00:00:00 2001 From: Andres Aguiar Date: Wed, 6 Aug 2025 08:12:03 -0300 Subject: [PATCH 2/8] "chore: updating SECURITY-INSIGHTS" --- .github/SECURITY-INSIGHTS.yml | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/.github/SECURITY-INSIGHTS.yml b/.github/SECURITY-INSIGHTS.yml index 6939bf7..50944e2 100644 --- a/.github/SECURITY-INSIGHTS.yml +++ b/.github/SECURITY-INSIGHTS.yml @@ -81,3 +81,13 @@ repository: ci: true release: true comment: Snyk is enabled for this repo to scan for vulnerabilities. + - name: Socket + type: other + version: latest + rulesets: + - built-in + integration: + adhoc: false + ci: true + release: true + comment: Socket is enabled for this repo to scan for supply chain security vulnerabilities. From ac2bc33d0cebfe1e7f2b26c964bc5aa349cdfa76 Mon Sep 17 00:00:00 2001 From: Andres Aguiar Date: Wed, 6 Aug 2025 08:17:44 -0300 Subject: [PATCH 3/8] "chore: updating SECURITY-INSIGHTS" --- .github/SECURITY-INSIGHTS.yml | 34 +++++++++++++++++----------------- 1 file changed, 17 insertions(+), 17 deletions(-) diff --git a/.github/SECURITY-INSIGHTS.yml b/.github/SECURITY-INSIGHTS.yml index 50944e2..220ecd3 100644 --- a/.github/SECURITY-INSIGHTS.yml +++ b/.github/SECURITY-INSIGHTS.yml @@ -14,23 +14,23 @@ repository: accepts-automated-change-request: true no-third-party-packages: false core-team: - - name: Evan Sims - affiliation: Okta - email: evan.sims@okta.com - social: https://github.com/evansims - primary: true - - name: Adrian Tam - affiliation: Okta - email: adrian.tam@okta.com - social: https://github.com/adriantam - - name: Ewan Harris - affiliation: Okta - email: ewan.harris@okta.com - social: https://github.com/ewanharris - - name: Raghd Hamzeh - affiliation: Okta - email: raghd.hamzeh@okta.com - social: https://github.com/rhamzeh + - name: Evan Sims + affiliation: Okta + email: evan.sims@okta.com + social: https://github.com/evansims + primary: true + - name: Adrian Tam + affiliation: Okta + email: adrian.tam@okta.com + social: https://github.com/adriantam + - name: Ewan Harris + affiliation: Okta + email: ewan.harris@okta.com + social: https://github.com/ewanharris + - name: Raghd Hamzeh + affiliation: Okta + email: raghd.hamzeh@okta.com + social: https://github.com/rhamzeh license: url: https://raw.githubusercontent.com/openfga/python-sdk/main/LICENSE From 2312b6c69ef1ee513b5190947f81490fd6ef44ef Mon Sep 17 00:00:00 2001 From: Andres Aguiar Date: Wed, 6 Aug 2025 08:21:41 -0300 Subject: [PATCH 4/8] "chore: updating SECURITY-INSIGHTS" --- .github/SECURITY-INSIGHTS.yml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/.github/SECURITY-INSIGHTS.yml b/.github/SECURITY-INSIGHTS.yml index 220ecd3..dd1b967 100644 --- a/.github/SECURITY-INSIGHTS.yml +++ b/.github/SECURITY-INSIGHTS.yml @@ -1,3 +1,5 @@ +# Security Insights 2.0 file https://github.com/ossf/security-insights +# Specification: https://github.com/ossf/security-insights/tree/main/spec header: schema-version: 2.0.0 last-updated: '2025-07-26' From 904d3040f9ce4c8c4fa8187e493dcce2ee5136b3 Mon Sep 17 00:00:00 2001 From: Andres Aguiar Date: Wed, 6 Aug 2025 08:31:01 -0300 Subject: [PATCH 5/8] "chore: updating SECURITY-INSIGHTS" --- .github/SECURITY-INSIGHTS.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/SECURITY-INSIGHTS.yml b/.github/SECURITY-INSIGHTS.yml index dd1b967..3fcb130 100644 --- a/.github/SECURITY-INSIGHTS.yml +++ b/.github/SECURITY-INSIGHTS.yml @@ -56,7 +56,7 @@ repository: self: evidence: https://github.com/cncf/tag-security/blob/main/community/assessments/projects/openfga/joint-assessment.md date: '2024-12-19' - comment: OpenFGA has completed a CNCF security join assessment with CNCF TAG-Security + comment: OpenFGA has completed a CNCF security joint assessment with CNCF TAG-Security champions: - name: Ewan Harris From a8fa8d1500b1880a41197261b3feeb43baa82739 Mon Sep 17 00:00:00 2001 From: Andres Aguiar Date: Wed, 6 Aug 2025 08:33:28 -0300 Subject: [PATCH 6/8] "chore: updating SECURITY-INSIGHTS" --- .github/SECURITY-INSIGHTS.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/SECURITY-INSIGHTS.yml b/.github/SECURITY-INSIGHTS.yml index 3fcb130..4f38cd4 100644 --- a/.github/SECURITY-INSIGHTS.yml +++ b/.github/SECURITY-INSIGHTS.yml @@ -56,7 +56,7 @@ repository: self: evidence: https://github.com/cncf/tag-security/blob/main/community/assessments/projects/openfga/joint-assessment.md date: '2024-12-19' - comment: OpenFGA has completed a CNCF security joint assessment with CNCF TAG-Security + comment: OpenFGA has completed a CNCF security joint assessment with CNCF TAG Security and Compliance champions: - name: Ewan Harris From d1422b92074ed98bd1c7b551fbecfdc9fc852881 Mon Sep 17 00:00:00 2001 From: Andres Aguiar Date: Wed, 6 Aug 2025 08:36:11 -0300 Subject: [PATCH 7/8] "chore: updating SECURITY-INSIGHTS" --- .github/SECURITY-INSIGHTS.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/SECURITY-INSIGHTS.yml b/.github/SECURITY-INSIGHTS.yml index 4f38cd4..d2e4040 100644 --- a/.github/SECURITY-INSIGHTS.yml +++ b/.github/SECURITY-INSIGHTS.yml @@ -1,5 +1,5 @@ -# Security Insights 2.0 file https://github.com/ossf/security-insights -# Specification: https://github.com/ossf/security-insights/tree/main/spec +# Security Insights 2.0 file https://github.com/ossf/security-insights +# Schema: https://github.com/ossf/security-insights/blob/main/spec/schema.cue header: schema-version: 2.0.0 last-updated: '2025-07-26' From 0e9d77e932e5dc99f79448a3bfd36cad48cbed75 Mon Sep 17 00:00:00 2001 From: Andres Aguiar Date: Wed, 6 Aug 2025 10:47:46 -0300 Subject: [PATCH 8/8] "chore: updating SECURITY-INSIGHTS" --- .github/SECURITY-INSIGHTS.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/SECURITY-INSIGHTS.yml b/.github/SECURITY-INSIGHTS.yml index d2e4040..0c0a84c 100644 --- a/.github/SECURITY-INSIGHTS.yml +++ b/.github/SECURITY-INSIGHTS.yml @@ -49,7 +49,7 @@ repository: dependency-management-policy: https://github.com/openfga/openfga/blob/main/docs/dependencies-policy.md governance: https://github.com/openfga/.github/blob/main/GOVERNANCE.md review-policy: https://github.com/openfga/.github/blob/main/CONTRIBUTING.md - security-policy: https://github.com/openfga/python-sdk/SECURITY.md + security-policy: https://github.com/openfga/python-sdk/security.md security: assessments: