Skip to content

Add security-insights.yml for OSSF Security Insights v2.0.0#11259

Open
vinayada1 wants to merge 5 commits intomainfrom
add-security-insights
Open

Add security-insights.yml for OSSF Security Insights v2.0.0#11259
vinayada1 wants to merge 5 commits intomainfrom
add-security-insights

Conversation

@vinayada1
Copy link
Contributor

@vinayada1 vinayada1 commented Feb 17, 2026

Description

Add a security insights file describing all the radius repositories.

Type of change

  • This pull request fixes a bug in Radius and has an approved issue (issue link required).
  • This pull request adds or changes features of Radius and has an approved issue (issue link required).
  • This pull request is a minor refactor, code cleanup, test improvement, or other maintenance task and doesn't change the functionality of Radius (issue link optional).

Fixes: #11258

Contributor checklist

Please verify that the PR meets the following requirements, where applicable:

  • An overview of proposed schema changes is included in a linked GitHub issue.
    • Yes
    • Not applicable
  • A design document PR is created in the design-notes repository, if new APIs are being introduced.
    • Yes
    • Not applicable
  • The design document has been reviewed and approved by Radius maintainers/approvers.
    • Yes
    • Not applicable
  • A PR for the samples repository is created, if existing samples are affected by the changes in this PR.
    • Yes
    • Not applicable
  • A PR for the documentation repository is created, if the changes in this PR affect the documentation or any user facing updates are made.
    • Yes
    • Not applicable
  • A PR for the recipes repository is created, if existing recipes are affected by the changes in this PR.
    • Yes
    • Not applicable

@vinayada1 vinayada1 requested a review from a team as a code owner February 17, 2026 21:44
Copilot AI review requested due to automatic review settings February 17, 2026 21:44
@vinayada1 vinayada1 requested a review from a team as a code owner February 17, 2026 21:44
@vinayada1 vinayada1 requested a deployment to external-contributor-approval February 17, 2026 21:44 — with GitHub Actions Waiting
Copy link
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Adds an OpenSSF Security Insights v2.0.0 metadata file under .github/ to enable Security Insights tooling to discover project/repository security posture and related links.

Changes:

  • Add .github/security-insights.yml describing project metadata, vulnerability reporting info, and security tooling integrations.

@vinayada1 vinayada1 requested a deployment to external-contributor-approval February 17, 2026 21:49 — with GitHub Actions Waiting
@vinayada1 vinayada1 requested a deployment to external-contributor-approval February 17, 2026 21:49 — with GitHub Actions Waiting
@vinayada1 vinayada1 requested a deployment to external-contributor-approval February 17, 2026 21:49 — with GitHub Actions Waiting
@vinayada1 vinayada1 requested a deployment to external-contributor-approval February 17, 2026 21:49 — with GitHub Actions Waiting
@vinayada1 vinayada1 requested a deployment to external-contributor-approval February 17, 2026 21:50 — with GitHub Actions Waiting
@vinayada1 vinayada1 requested a deployment to external-contributor-approval February 17, 2026 21:50 — with GitHub Actions Waiting
@github-actions
Copy link

github-actions bot commented Feb 17, 2026

Unit Tests

4 783 tests  ±0   4 780 ✅ ±0   7m 43s ⏱️ +2s
  330 suites ±0       3 💤 ±0 
    1 files   ±0       0 ❌ ±0 

Results for commit b8de007. ± Comparison against base commit 088b1fe.

♻️ This comment has been updated with latest results.

@codecov
Copy link

codecov bot commented Feb 17, 2026

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 51.00%. Comparing base (088b1fe) to head (b8de007).

Additional details and impacted files
@@            Coverage Diff             @@
##             main   #11259      +/-   ##
==========================================
- Coverage   51.00%   51.00%   -0.01%     
==========================================
  Files         679      679              
  Lines       43174    43174              
==========================================
- Hits        22023    22019       -4     
- Misses      19033    19035       +2     
- Partials     2118     2120       +2     

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:
  • ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
  • 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

@vinayada1 vinayada1 requested a deployment to external-contributor-approval February 20, 2026 18:11 — with GitHub Actions Waiting
@vinayada1 vinayada1 force-pushed the add-security-insights branch from 73e9f13 to 7c59ea7 Compare February 20, 2026 19:59
@vinayada1 vinayada1 temporarily deployed to external-contributor-approval February 20, 2026 19:59 — with GitHub Actions Inactive
email: ''
social: https://github.com/kachawla
primary: false
- name: Brooke Hamilton
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

suggestion: I think I will put Nicole instead.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I got this from the maintainers list. Nicole's name is not there. @willtsai - What's the correct contact to mention here?

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think these are correct - perhaps you can add Nicole as the 5th entry?

Copy link
Contributor Author

@vinayada1 vinayada1 Feb 23, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Nicole's name is not in any list like maintainers or approvers....so best to leave out? I instead added Radius Core Team contact as the primary.

email: ''
social: https://github.com/kachawla
primary: false
- name: Brooke Hamilton
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

suggestion: I think I will put Nicole instead.

Co-authored-by: Dariusz Porowski <3431813+DariuszPorowski@users.noreply.github.com>
Signed-off-by: vinayada1 <28875764+vinayada1@users.noreply.github.com>
@vinayada1 vinayada1 requested a deployment to external-contributor-approval February 20, 2026 21:10 — with GitHub Actions Waiting
Co-authored-by: Dariusz Porowski <3431813+DariuszPorowski@users.noreply.github.com>
Signed-off-by: vinayada1 <28875764+vinayada1@users.noreply.github.com>
@vinayada1 vinayada1 requested a deployment to external-contributor-approval February 20, 2026 21:11 — with GitHub Actions Waiting
@vinayada1 vinayada1 requested a deployment to external-contributor-approval February 23, 2026 18:02 — with GitHub Actions Waiting
@vinayada1 vinayada1 temporarily deployed to external-contributor-approval February 24, 2026 18:59 — with GitHub Actions Inactive
@radius-functional-tests
Copy link

radius-functional-tests bot commented Feb 24, 2026

Radius functional test overview

🔍 Go to test action run

Click here to see the test run details
Name Value
Repository radius-project/radius
Commit ref b8de007
Unique ID func91ccf732ec
Image tag pr-func91ccf732ec
  • gotestsum 1.13.0
  • KinD: v0.29.0
  • Dapr: 1.14.4
  • Azure KeyVault CSI driver: 1.4.2
  • Azure Workload identity webhook: 1.3.0
  • Bicep recipe location ghcr.io/radius-project/dev/test/testrecipes/test-bicep-recipes/<name>:pr-func91ccf732ec
  • Terraform recipe location http://tf-module-server.radius-test-tf-module-server.svc.cluster.local/<name>.zip (in cluster)
  • applications-rp test image location: ghcr.io/radius-project/dev/applications-rp:pr-func91ccf732ec
  • dynamic-rp test image location: ghcr.io/radius-project/dev/dynamic-rp:pr-func91ccf732ec
  • controller test image location: ghcr.io/radius-project/dev/controller:pr-func91ccf732ec
  • ucp test image location: ghcr.io/radius-project/dev/ucpd:pr-func91ccf732ec
  • deployment-engine test image location: ghcr.io/radius-project/deployment-engine:latest

Test Status

⌛ Building Radius and pushing container images for functional tests...
✅ Container images build succeeded
⌛ Publishing Bicep Recipes for functional tests...
✅ Recipe publishing succeeded
⌛ Starting ucp-cloud functional tests...
⌛ Starting corerp-cloud functional tests...
❌ ucp-cloud functional test failed. Please check the logs for more details
❌ corerp-cloud functional test cancelled. Please check the logs for more details

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

Add a security insights file for OpenSSF tooling

4 participants