chore: add more required metadata to security-insights

Signed-off-by: Oliver Bähler <[email protected]>
projectcapsule · Oct 25, 2023 · cebb702 · cebb702
1 parent 8989e37
commit cebb702
Showing 1 changed file with 16 additions and 0 deletions.
diff --git a/SECURITY-INSIGHTS.yml b/SECURITY-INSIGHTS.yml
@@ -38,3 +38,19 @@ security-testing:
     before-release: true
   comment: |
     Dependabot is enabled for this repo.
+dependencies:
+  third-party-packages: true
+  dependencies-lists:
+  - https://github.com/projectcapsule/capsule/blob/main/go.mod
+  sbom:
+  - sbom-file: https://github.com/projectcapsule/capsule/pkgs/container/sbom
+    sbom-format: CycloneDX
+    sbom-url: https://github.com/projectcapsule/capsule/blob/main/SECURITY.md#software-bill-of-materials-sbom
+security-artifacts:
+  self-assessment:
+    self-assessment-created: false
+security-contacts:
+- type: email
+  value: [email protected]
+  primary: true
+