add: security-insights.yml file

.github/security-insights.yml

@@ -0,0 +1,78 @@
+header:
+  schema-version: 2.0.0
+  last-updated: "2025-04-03"
+  last-reviewed: "2025-04-03"
+  url: https://github.com/fluxcd/image-reflector-controller/blob/main/.github/security-insights.yml
+  project-si-source: https://github.com/fluxcd/image-reflector-controller/refs/heads/main/.github/security-insights.yml
+  comment: |
+    This file contains information about the image-reflector-controller of the Flux project.
+
+repository:
+  url: https://github.com/fluxcd/image-reflector-controller
+  status: active
+  bug-fixes-only: false
+  accepts-change-request: true
+  accepts-automated-change-request: true
+  no-third-party-packages: false
+  core-team:
+    - name: Aurel Canciu
+      affiliation: NexHealth
+      email: [email protected]
+      social: "github: @relu, slack: relu"
+      primary: false
+    - name: Hidde Beydals
+      affiliation: Independent
+      email: [email protected]
+      social: "github: @hiddeco, slack: hidde"
+      primary: false
+    - name: Matheus Pimenta
+      affiliation: ControlPlane
+      email: [email protected]
+      social: "github: @matheuscscp, slack: matheuscscp"
+      primary: false
+    - name: Max Jonas Werner
+      affiliation: Associmates
+      email: [email protected]
+      social: "github: @makkes, slack: max"
+      primary: false
+    - name: Paulo Gomes
+      affiliation: SUSE
+      email: [email protected]
+      social: "github: @pjbgf, slack: pjbgf"
+      primary: false
+    - name: Sanskar Jaiswal
+      affiliation: Independent
+      email: [email protected]
+      social: "github: @aryan9600, slack: aryan9600"
+      primary: false
+    - name: Soule BA
+      affiliation: ControlPlane
+      email: [email protected]
+      social: "github: @souleb, slack: souleb"
+      primary: false
+    - name: Stefan Prodan
+      affiliation: ControlPlane
+      email: [email protected]
+      social: "github: @stefanprodan, slack: stefanprodan"
+      primary: false
+  documentation:
+    contributing-guide: https://github.com/fluxcd/image-reflector-controller/blob/main/DEVELOPMENT.md
+    security-policy: https://github.com/fluxcd/pkg/security
+  license:
+    url: https://github.com/fluxcd/image-reflector-controller/blob/main/LICENSE
+  release:
+    changelog: https://github.com/fluxcd/image-reflector-controller/blob/main/CHANGELOG.md
+    automated-pipeline: true
+    distribution-points:
+      - uri: https://github.com/fluxcd/image-reflector-controller/releases
+        comment: Releases are following SemVer scheme.
+    license:
+      url: https://github.com/fluxcd/image-reflector-controller/blob/main/LICENSE
+      expression: Apache-2.0
+  security:
+    assessments:
+      third-party:
+        - evidence: https://fluxcd.io/FluxFinalReport-v1.1.pdf
+          date: "2021-10-18"
+          comment: |
+            Overview available at https://fluxcd.io/blog/2021/11/flux-security-audit/