CUE Central Registry

github.com/gemaraproj/gemara@v0.23.0

security-insights.yml raw

 1header:
 2  schema-version: 2.0.0
 3  last-updated: '2026-01-15'
 4  last-reviewed: '2026-01-15'
 5  url: https://github.com/gemaraproj/gemara
 6  project-si-source: https://raw.githubusercontent.com/gemaraproj/.github/refs/heads/main/.github/security-insights.yml
 7
 8repository:
 9  url: https://github.com/gemaraproj/gemara
10  status: active
11  accepts-change-request: true
12  accepts-automated-change-request: true
13  core-team:
14    - name: Eddie Knight
15      affiliation: Sonatype
16      email: knight@linux.com
17      primary: false
18    - name: Jenn Power
19      affiliation: Red Hat
20      email: barnabei.jennifer@gmail.com
21      primary: true
22    - name: Jason Meridth
23      affiliation: GitHub
24      email: jmeridth@gmail.com
25      primary: false
26    - name: Travis Truman
27      affiliation: Independent
28      email: trumant@gmail.com
29      primary: false
30    - name: Alex Speasmaker
31      affiliation: USAA
32      email: alex.speasmaker@gmail.com
33      primary: false
34  documentation:
35    contributing-guide: https://github.com/gemaraproj/gemara/blob/main/CONTRIBUTING.md
36  license:
37    url: https://github.com/gemaraproj/gemara?tab=Apache-2.0-1-ov-file#readme
38    expression: Apache-2.0
39  security:
40    assessments:
41      self:
42        comment: |
43          Self assessment has not yet been completed.
44    tools:
45      - name: Dependabot
46        type: SCA
47        version: "2"
48        rulesets:
49          - built-in
50        results:
51          adhoc:
52            name: Scheduled SCA Scan Results
53            predicate-uri: https://docs.github.com/en/graphql/reference/objects#repositoryvulnerabilityalert
54            location: https://github.com/gemaraproj/gemara/security/dependabot
55            comment: |
56              The results of the scheduled SCA scan are available in the Dependabot tab of the Security Insights page.
57        integration:
58          adhoc: true
59          ci: false
60          release: false
61      - name: CodeQL
62        type: SAST
63        version: "2.y.z"
64        rulesets:
65          - go
66          - actions
67        results:
68          adhoc:
69            name: Scheduled SAST Results
70            predicate-uri: https://docs.oasis-open.org/sarif/sarif/v2.1.0/cs01/schemas/sarif-schema-2.1.0.json
71            location: https://github.com/gemaraproj/gemara/security/code-scanning
72            comment: |
73              The results of the scheduled SAST scan are available in the Code Scanning tab of the Security Insights page and as an artifact on the scheduled job.
74          ci:
75            name: CI SAST Results
76            predicate-uri: https://docs.oasis-open.org/sarif/sarif/v2.1.0/cs01/schemas/sarif-schema-2.1.0.json
77            location: https://github.com/gemaraproj/gemara/security/code-scanning
78            comment: |
79              The results of the CI SAST scan are available in the Code Scanning tab of the Security Insights page.
80        integration:
81          adhoc: true
82          ci: true
83          release: false