Skip to content

Add security insights document to repository #7129

Merged
MrAlias merged 7 commits intoopen-telemetry:mainfrom
MrAlias:ossf-security-insights
Aug 6, 2025
Merged

Add security insights document to repository #7129
MrAlias merged 7 commits intoopen-telemetry:mainfrom
MrAlias:ossf-security-insights

Conversation

@MrAlias
Copy link
Copy Markdown
Contributor

@MrAlias MrAlias commented Aug 4, 2025
edited
Loading

Resolve #6245
Resolve #6246
Resolve #6241

Add a "v1.0.0" security insights policy to the repository.

This does not add a "v2.0.0" version of the insights policy as the CLO monitor documentation still reference the "v1.0.0" policy. The policy can be updated if the CLO tooling is also updated in the future.

@MrAlias MrAlias added this to the v1.38.0 milestone Aug 4, 2025
@MrAlias MrAlias added documentation Provides helpful information Skip Changelog PRs that do not require a CHANGELOG.md entry labels Aug 4, 2025
@codecov
Copy link
Copy Markdown

codecov Bot commented Aug 4, 2025
edited
Loading

Codecov Report

✅ All modified and coverable lines are covered by tests.
⚠️ Please upload report for BASE (main@eb4f1dc). Learn more about missing BASE report.
⚠️ Report is 1 commits behind head on main.

Additional details and impacted files

Impacted file tree graph

@@          Coverage Diff           @@
##             main   #7129   +/-   ##
======================================
  Coverage        ?   82.9%           
======================================
  Files           ?     262           
  Lines           ?   24461           
  Branches        ?       0           
======================================
  Hits            ?   20292           
  Misses          ?    3793           
  Partials        ?     376
🚀 New features to boost your workflow:
  • ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.

@MrAlias
Add security insights to repository
9bafe5f 
Fix open-telemetry#6245
Fix open-telemetry#6246

Add a "v1.0.0" security insights policy to the repository.

This does not add a "v2.0.0" version of the insights policy as the CLO
monitor documentation still reference the "v1.0.0" policy. The policy
can be updated if the CLO tooling is also updated in the future.
@MrAlias MrAlias force-pushed the ossf-security-insights branch from f4c2192 to 9bafe5f Compare August 4, 2025 18:35
@MrAlias MrAlias marked this pull request as ready for review August 4, 2025 18:46
MrAlias
MrAlias commented Aug 4, 2025
View reviewed changes
Comment thread CONTRIBUTING.md Outdated
@MrAlias
Update CONTRIBUTING.md
6f36405 
Revert unneeded change to link.
pellared
pellared approved these changes Aug 5, 2025
View reviewed changes
Comment thread SECURITY-INSIGHTS.yml
@MrAlias MrAlias merged commit 97c22e3 into open-telemetry:main Aug 6, 2025
33 checks passed
@MrAlias MrAlias deleted the ossf-security-insights branch August 6, 2025 21:31
@MrAlias MrAlias mentioned this pull request Sep 9, 2025
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@dashpole dashpole dashpole approved these changes

@pellared pellared pellared approved these changes

@XSAM XSAM Awaiting requested review from XSAM XSAM is a code owner

@dmathieu dmathieu Awaiting requested review from dmathieu dmathieu is a code owner

@flc1125 flc1125 Awaiting requested review from flc1125 flc1125 is a code owner

Assignees

No one assigned

Labels

documentation Provides helpful information Skip Changelog PRs that do not require a CHANGELOG.md entry

Projects

None yet

Milestone

v1.38.0

Development

Successfully merging this pull request may close these issues.

[CLO] Add an OpenSSF Security Insights manifest [CLO] Add a dependency policy Address issues with OpenTelemetry CLO Monitor

3 participants

@MrAlias @dashpole @pellared