Skip to content

Add OSSF Security Insights file #6878

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
martincostello wants to merge 2 commits into
base: main
Choose a base branch
from
Open

Add OSSF Security Insights file #6878

martincostello wants to merge 2 commits into from

Conversation

@martincostello
Copy link
Member

@martincostello martincostello commented Feb 6, 2026

Contributes to #5761.

Changes

Add a Security Insights manifest for CLOMonitor.

Merge requirement checklist

  • CONTRIBUTING guidelines followed (license requirements, nullable enabled, static analysis, etc.)
  • Unit tests added/updated
  • Appropriate CHANGELOG.md files updated for non-trivial changes
  • Changes in public API reviewed (if applicable)

@martincostello martincostello requested a review from a team as a code owner February 6, 2026 14:15
Copilot AI review requested due to automatic review settings February 6, 2026 14:15
@martincostello martincostello added the documentation Documentation related label Feb 6, 2026
@github-actions github-actions bot removed the documentation Documentation related label Feb 6, 2026
martincostello
martincostello commented Feb 6, 2026
View reviewed changes
SECURITY-INSIGHTS.yml
- name: Alan West
affiliation: New Relic
social: https://github.com/alanwest
primary: true
Copy link
Member Author

@martincostello martincostello Feb 6, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Exactly 1 primary: true is required, so I've arbitrary picked the first person listed alphabetically.

SECURITY-INSIGHTS.yml
- name: Alan West
affiliation: New Relic
social: https://github.com/alanwest
primary: true
Copy link
Member Author

@martincostello martincostello Feb 6, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Same here.

SECURITY-INSIGHTS.yml
social: https://github.com/rajkumar-rangaraj
documentation:
contributing-guide: https://github.com/open-telemetry/opentelemetry-dotnet/blob/main/CONTRIBUTING.md
dependency-management-policy: https://github.com/open-telemetry/opentelemetry-dotnet/blob/main/.github/renovate.json
Copy link
Member Author

@martincostello martincostello Feb 6, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I figured this was an acceptable bare-minimum, but this could be changed to a dedicated document instead using written English.

Copilot AI reviewed Feb 6, 2026
View reviewed changes
Copy link

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Adds an OSSF/CLOMonitor Security Insights manifest to the repository to help satisfy CLOMonitor’s “security insights” check (per #5761).

Changes:

  • Add SECURITY-INSIGHTS.yml with repository metadata, vulnerability reporting details, and release/distribution information.

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

@martincostello
[Repo] Fix lint warnings
547272c 
- Escape non-ASCII.
- Update URLs.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@martincostello