Add security-insights.yml for OSSF Security Insights v2.0.0

[vinayada1]

Description

Add a security insights file describing all the radius repositories.

Type of change

• This pull request fixes a bug in Radius and has an approved issue (issue link required).
• This pull request adds or changes features of Radius and has an approved issue (issue link required).
• This pull request is a minor refactor, code cleanup, test improvement, or other maintenance task and doesn't change the functionality of Radius (issue link optional).

Fixes: #11258

Contributor checklist

Please verify that the PR meets the following requirements, where applicable:

• An overview of proposed schema changes is included in a linked GitHub issue.
  • Yes
  • Not applicable
• A design document PR is created in the design-notes repository, if new APIs are being introduced.
  • Yes
  • Not applicable
• The design document has been reviewed and approved by Radius maintainers/approvers.
  • Yes
  • Not applicable
• A PR for the samples repository is created, if existing samples are affected by the changes in this PR.
  • Yes
  • Not applicable
• A PR for the documentation repository is created, if the changes in this PR affect the documentation or any user facing updates are made.
  • Yes
  • Not applicable
• A PR for the recipes repository is created, if existing recipes are affected by the changes in this PR.
  • Yes
  • Not applicable

[Copilot]

Pull request overview

Adds an OpenSSF Security Insights v2.0.0 metadata file under .github/ to enable Security Insights tooling to discover project/repository security posture and related links.

Changes:

• Add .github/security-insights.yml describing project metadata, vulnerability reporting info, and security tooling integrations.

[github-actions]

Unit Tests

4 783 tests  ±0   4 780 ✅ ±0   7m 43s ⏱️ +2s
  330 suites ±0       3 💤 ±0 
    1 files   ±0       0 ❌ ±0 

Results for commit b8de007. ± Comparison against base commit 088b1fe.

♻️ This comment has been updated with latest results.

[codecov]

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 51.00%. Comparing base (088b1fe) to head (b8de007).

Additional details and impacted files

@@            Coverage Diff             @@
##             main   #11259      +/-   ##
==========================================
- Coverage   51.00%   51.00%   -0.01%     
==========================================
  Files         679      679              
  Lines       43174    43174              
==========================================
- Hits        22023    22019       -4     
- Misses      19033    19035       +2     
- Partials     2118     2120       +2     

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
• 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

[DariuszPorowski]

suggestion: I think I will put Nicole instead.

[vinayada1]

I got this from the maintainers list. Nicole's name is not there. @willtsai - What's the correct contact to mention here?

[willtsai]

I think these are correct - perhaps you can add Nicole as the 5th entry?

[vinayada1]

Nicole's name is not in any list like maintainers or approvers....so best to leave out? I instead added Radius Core Team contact as the primary.

[DariuszPorowski]

suggestion: I think I will put Nicole instead.

[radius-functional-tests]

Radius functional test overview

🔍 Go to test action run

Click here to see the test run details

Name	Value
Repository	radius-project/radius
Commit ref	b8de007
Unique ID	func91ccf732ec
Image tag	pr-func91ccf732ec

• gotestsum 1.13.0
• KinD: v0.29.0
• Dapr: 1.14.4
• Azure KeyVault CSI driver: 1.4.2
• Azure Workload identity webhook: 1.3.0
• Bicep recipe location ghcr.io/radius-project/dev/test/testrecipes/test-bicep-recipes/<name>:pr-func91ccf732ec
• Terraform recipe location http://tf-module-server.radius-test-tf-module-server.svc.cluster.local/<name>.zip (in cluster)
• applications-rp test image location: ghcr.io/radius-project/dev/applications-rp:pr-func91ccf732ec
• dynamic-rp test image location: ghcr.io/radius-project/dev/dynamic-rp:pr-func91ccf732ec
• controller test image location: ghcr.io/radius-project/dev/controller:pr-func91ccf732ec
• ucp test image location: ghcr.io/radius-project/dev/ucpd:pr-func91ccf732ec
• deployment-engine test image location: ghcr.io/radius-project/deployment-engine:latest

Test Status

⌛ Building Radius and pushing container images for functional tests...
✅ Container images build succeeded
⌛ Publishing Bicep Recipes for functional tests...
✅ Recipe publishing succeeded
⌛ Starting ucp-cloud functional tests...
⌛ Starting corerp-cloud functional tests...
❌ ucp-cloud functional test failed. Please check the logs for more details
❌ corerp-cloud functional test cancelled. Please check the logs for more details