Create security-insights.yml

.github/security-insights.yml

@@ -0,0 +1,78 @@
+header:
+  schema-version: 2.0.0
+  last-updated: '2025-04-03'
+  last-reviewed: '2025-04-03'
+  url: https://github.com/fluxcd/source-controller/blob/main/.github/security-insights.yml
+  project-si-source: https://raw.githubusercontent.com/fluxcd/source-controller/refs/heads/main/.github/security-insights.yml
+  comment: |
+    This file contains only the repository information for the Flux source-controller.
+
+repository:
+  url: https://github.com/fluxcd/source-controller
+  status: active
+  bug-fixes-only: false
+  accepts-change-request: true
+  accepts-automated-change-request: true
+  no-third-party-packages: false
+  core-team:
+    - name:        Aurel Canciu
+      affiliation: NexHealth
+      email:       aurel.canciu@nexhealth.com
+      social:      github: @relu, slack: relu
+      primary:     false
+    - name:        Hidde Beydals
+      affiliation: Independent
+      email:       hidde@hhh.computer
+      social:      github: @hiddeco, slack: hidde
+      primary:     false
+    - name:        Matheus Pimenta
+      affiliation: ControlPlane
+      email:       matheuscscp@linux.com
+      social:      github: @matheuscscp, slack: matheuscscp
+      primary:     false
+    - name:        Max Jonas Werner
+      affiliation: Associmates
+      email:       max.werner@associmates.eu
+      social:      github: @makkes, slack: max
+      primary:     false
+    - name:        Paulo Gomes
+      affiliation: SUSE
+      email:       pjbgf@linux.com
+      social:      github: @pjbgf, slack: pjbgf
+      primary:     false
+    - name:        Sanskar Jaiswal
+      affiliation: Independent
+      email:       jaiswalsanskar078@gmail.com
+      social:      github: @aryan9600, slack: aryan9600
+      primary:     false
+    - name:        Soule BA
+      affiliation: ControlPlane
+      email:       bah.soule@gmail.com
+      social:      github: @souleb, slack: souleb
+      primary:     false
+    - name:        Stefan Prodan
+      affiliation: ControlPlane
+      email:       stefan.prodan@gmail.com
+      social:      github: @stefanprodan, slack: stefanprodan
+      primary:     false
+  documentation:
+    contributing-guide: https://github.com/fluxcd/source-controller/blob/main/DEVELOPMENT.md
+    security-policy: https://github.com/fluxcd/source-controller/security
+  license:
+    url: https://github.com/fluxcd/source-controller/blob/main/LICENSE
+  release:
+    changelog: https://github.com/fluxcd/source-controller/releases
+    automated-pipeline: true
+    distribution-points:
+      - uri:  https://github.com/fluxcd/source-controller/releases
+        comment: GitHub Release Page
+    license:
+      url: https://github.com/fluxcd/source-controller/blob/main/LICENSE
+      expression: Apache-2.0
+  security:
+    assessments:
+      third-party:
+        - evidence: https://fluxcd.io/FluxFinalReport-v1.1.pdf
+          date: '2021-10-18'
+          comment: |
+            Overview available at https://fluxcd.io/blog/2021/11/flux-security-audit/