chore: #65 Add community health info and security insights file

microcks · Oct 21, 2024 · a9249ca · a9249ca
1 parent 7b53f61
commit a9249ca
Show file tree

Hide file tree

Showing 3 changed files with 106 additions and 5 deletions.
diff --git a/.github/dependabot.yml b/.github/dependabot.yml
@@ -0,0 +1,16 @@
+version: 2
+updates:
+  - package-ecosystem: maven
+    directory: /
+    schedule:
+      interval: weekly
+      day: sunday
+    open-pull-requests-limit: 3
+    rebase-strategy: disabled
+  - package-ecosystem: github-actions
+    directory: /
+    schedule:
+      interval: weekly
+      day: sunday
+    open-pull-requests-limit: 3
+    rebase-strategy: disabled
diff --git a/README.md b/README.md
@@ -1,9 +1,39 @@
-# microcks-jenkins-plugin
+# Microcks Jenkins plugin
 
-Jenkins plugins for easily running tests  or import API artifacts in Microks server.
+Jenkins plugin for easily running tests or import API artifacts in Microks instances.
 
-[![Join the chat on Zulip](https://img.shields.io/badge/chat-on_zulip-pink.svg?color=ff69b4&style=for-the-badge&logo=zulip)](https://microcksio.zulipchat.com/)
+[![GitHub Workflow Status](https://img.shields.io/github/actions/workflow/status/microcks/microcks-jenkins-plugin/build-verify.yml?logo=github&style=for-the-badge)](https://github.com/microcks/microcks-jenkins-plugin/actions)
+[![Version](https://img.shields.io/maven-central/v/io.github.microcks/microcks-jenkins-plugin?color=blue&style=for-the-badge)]((https://search.maven.org/artifact/io.github.microcks/microcks))
+[![License](https://img.shields.io/github/license/microcks/microcks?style=for-the-badge&logo=apache)](https://www.apache.org/licenses/LICENSE-2.0)
+[![Project Chat](https://img.shields.io/badge/discord-microcks-pink.svg?color=7289da&style=for-the-badge&logo=discord)](https://microcks.io/discord-invite/)
+[![Artifact HUB](https://img.shields.io/endpoint?url=https://artifacthub.io/badge/repository/microcks&style=for-the-badge)](https://artifacthub.io/packages/search?repo=microcks)
+[![CNCF Landscape](https://img.shields.io/badge/CNCF%20Landscape-5699C6?style=for-the-badge&logo=cncf)](https://landscape.cncf.io/?item=app-definition-and-development--application-definition-image-build--microcks)
 
-Current development version is `0.4.1-SNAPSHOT`. [![Build Status](https://travis-ci.com/microcks/microcks-jenkins-plugin.png?branch=master)](https://travis-ci.com/microcks/microcks-jenkins-plugin)
+## Build Status
 
-Get all the documentation on how to install, configure and use this plugin on the [Microcks.io](https://microcks.io/documentation/automating/jenkins/) website.
+Latest released version is `0.5.0`.
+
+Current development version is `0.6.0-SNAPSHOT`. [![Build Status](https://img.shields.io/github/actions/workflow/status/microcks/microcks-jenkins-plugin/build-verify.yml?logo=github&style=for-the-badge)](https://github.com/microcks/microcks-jenkins-plugin/actions)
+
+#### Fossa license and security scans
+
+[![FOSSA Status](https://app.fossa.com/api/projects/git%2Bgithub.com%2Fmicrocks%2Fmicrocks-jenkins-plugin.svg?type=shield&issueType=license)](https://app.fossa.com/projects/git%2Bgithub.com%2Fmicrocks%2Fmicrocks-jenkins-plugin?ref=badge_shield&issueType=license)
+[![FOSSA Status](https://app.fossa.com/api/projects/git%2Bgithub.com%2Fmicrocks%2Fmicrocks-jenkins-plugin.svg?type=shield&issueType=security)](https://app.fossa.com/projects/git%2Bgithub.com%2Fmicrocks%2Fmicrocks-jenkins-plugin?ref=badge_shield&issueType=security)
+[![FOSSA Status](https://app.fossa.com/api/projects/git%2Bgithub.com%2Fmicrocks%2Fmicrocks-jenkins-plugin.svg?type=small)](https://app.fossa.com/projects/git%2Bgithub.com%2Fmicrocks%2Fmicrocks-jenkins-plugin?ref=badge_small)
+
+#### OpenSSF best practices on Microcks core
+
+[![CII Best Practices](https://bestpractices.coreinfrastructure.org/projects/7513/badge)](https://bestpractices.coreinfrastructure.org/projects/7513)
+[![OpenSSF Scorecard](https://api.securityscorecards.dev/projects/github.com/microcks/microcks/badge)](https://securityscorecards.dev/viewer/?uri=github.com/microcks/microcks)
+
+## Community
+
+* [Documentation](https://microcks.io/documentation/tutorials/getting-started/)
+* [Microcks Community](https://github.com/microcks/community) and community meeting
+* Join us on [Discord](https://microcks.io/discord-invite/), on [GitHub Discussions](https://github.com/orgs/microcks/discussions) or [CNCF Slack #microcks channel](https://cloud-native.slack.com/archives/C05BYHW1TNJ)
+
+To get involved with our community, please make sure you are familiar with the project's [Code of Conduct](./CODE_OF_CONDUCT.md).
+
+## Getting Started
+
+Get all the documentation on how to install, configure and use this plugin on the [Microcks.io](https://microcks.io/documentation/guides/automation/jenkins/) website.
diff --git a/SECURITY-INSIGHTS.yml b/SECURITY-INSIGHTS.yml
@@ -0,0 +1,55 @@
+header:
+  schema-version: 1.0.0
+  last-updated: '2024-10-21'
+  last-reviewed: '2024-10-21'
+  expiration-date: '2025-09-30T01:00:00.000Z'
+  project-url: https://github.com/microcks/microcks-jenkins-plugin
+  project-release: '0.6.0'
+  changelog: https://github.com/microcks/microcks-jenkins-plugin/blob/main/CHANGELOG.md
+  license: https://github.com/microcks/microcks-jenkins-plugin/blob/main/LICENSE
+project-lifecycle:
+  status: active
+  roadmap: https://github.com/microcks/microcks-jenkins-plugin/blob/main/ROADMAP.md
+  bug-fixes-only: false
+  core-maintainers:
+    - github:lbroudoux
+    - github:yada
+contribution-policy:
+  accepts-pull-requests: true
+  accepts-automated-pull-requests: true
+  code-of-conduct: https://github.com/microcks/.github/blob/master/CODE_OF_CONDUCT.md
+  contributing-policy: https://github.com/microcks/.github/blob/master/CONTRIBUTING.md
+documentation:
+  - https://microcks.io
+distribution-points:
+  - https://microcks.io
+  - https://github.com/microcks-jenkins-plugin
+security-artifacts:
+  threat-model:
+    threat-model-created: false
+security-testing:
+  - tool-type: sca
+    tool-name: Dependabot
+    tool-version: latest
+    integration:
+      ad-hoc: true
+      ci: false
+      before-release: false
+    comment: |
+      Dependabot is enabled for this repo on a weekly scheduled basis.
+security-contacts:
+  - type: email
+    value: [email protected]
+vulnerability-reporting:
+  accepts-vulnerability-reports: true
+  security-policy: https://github.com/microcks/microcks-jenkins-plugin/security/policy
+  email-contact: [email protected]
+  comment: |
+    To report a security issue for one of the libraries owned by the Microcks community, write an email with a detailed description of the issue to [email protected].
+dependencies:
+  third-party-packages: true
+  dependencies-lists:
+    - https://github.com/microcks/microcks-jenkins-plugin/network/dependencies
+    - https://app.fossa.com/projects/git%2Bgithub.com%2Fmicrocks%2Fmicrocks-jenkins-plugin/refs/branch/master/7b53f61ca8b1b3c36061a05b9d0d7b83c9429b3e/browse/dependencies
+  env-dependencies-policy:
+    policy-url: https://github.com/microcks/microcks-jenkins-plugin/blob/main/DEPENDENCY_POLICY.md