From 90b521bd4127055aac0c72c4069fece6b4a0d0ff Mon Sep 17 00:00:00 2001
From: Laurent Broudoux <laurent.broudoux@gmail.com>
Date: Tue, 24 Sep 2024 09:07:08 +0200
Subject: [PATCH] chore: #32 Add missing community, security and policy files
 and information Signed-off-by: Laurent Broudoux <laurent.broudoux@gmail.com>

---
 .github/dependabot.yml | 16 ++++++++++++
 README.md              | 11 +++++++++
 SECURITY-INSIGHTS.yml  | 56 ++++++++++++++++++++++++++++++++++++++++++
 3 files changed, 83 insertions(+)
 create mode 100644 .github/dependabot.yml
 create mode 100644 SECURITY-INSIGHTS.yml

diff --git a/.github/dependabot.yml b/.github/dependabot.yml
new file mode 100644
index 0000000..bb022a1
--- /dev/null
+++ b/.github/dependabot.yml
@@ -0,0 +1,16 @@
+version: 2
+updates:
+  - package-ecosystem: github-actions
+    directory: /
+    schedule:
+      interval: monthly
+      day: sunday
+    open-pull-requests-limit: 3
+    rebase-strategy: disabled
+  - package-ecosystem: npm
+    directory: /
+    schedule:
+      interval: monthly
+      day: sunday
+    open-pull-requests-limit: 3
+    rebase-strategy: disabled
diff --git a/README.md b/README.md
index 9b6efaa..eea6137 100644
--- a/README.md
+++ b/README.md
@@ -16,6 +16,17 @@ Latest released version is `0.0.5`.
 
 Current development version is `0.0.6`.
 
+#### Fossa license and security scans
+
+[![FOSSA Status](https://app.fossa.com/api/projects/git%2Bgithub.com%2Fmicrocks%2Fmicrocks-spectral-ruleset.svg?type=shield&issueType=license)](https://app.fossa.com/projects/git%2Bgithub.com%2Fmicrocks%2Fmicrocks-spectral-ruleset?ref=badge_shield&issueType=license)
+[![FOSSA Status](https://app.fossa.com/api/projects/git%2Bgithub.com%2Fmicrocks%2Fmicrocks-spectral-ruleset.svg?type=shield&issueType=security)](https://app.fossa.com/projects/git%2Bgithub.com%2Fmicrocks%2Fmicrocks-spectral-ruleset?ref=badge_shield&issueType=security)
+[![FOSSA Status](https://app.fossa.com/api/projects/git%2Bgithub.com%2Fmicrocks%2Fmicrocks-spectral-ruleset.svg?type=small)](https://app.fossa.com/projects/git%2Bgithub.com%2Fmicrocks%2Fmicrocks-spectral-ruleset?ref=badge_small)
+
+#### OpenSSF best practices on Microcks core
+
+[![CII Best Practices](https://bestpractices.coreinfrastructure.org/projects/7513/badge)](https://bestpractices.coreinfrastructure.org/projects/7513)
+[![OpenSSF Scorecard](https://api.securityscorecards.dev/projects/github.com/microcks/microcks/badge)](https://securityscorecards.dev/viewer/?uri=github.com/microcks/microcks)
+
 ## Community
 
 * [Documentation](https://microcks.io/documentation/tutorials/getting-started/)
diff --git a/SECURITY-INSIGHTS.yml b/SECURITY-INSIGHTS.yml
new file mode 100644
index 0000000..edcd43c
--- /dev/null
+++ b/SECURITY-INSIGHTS.yml
@@ -0,0 +1,56 @@
+header:
+  schema-version: 1.0.0
+  last-updated: '2024-09-24'
+  last-reviewed: '2024-09-24'
+  expiration-date: '2025-09-24T01:00:00.000Z'
+  project-url: https://github.com/microcks/microcks-spectral-ruleset
+  project-release: '0.0.6'
+  changelog: https://github.com/microcks/microcks-spectral-ruleset/blob/main/CHANGELOG.md
+  license: https://github.com/microcks/microcks-spectral-ruleset/blob/main/LICENSE
+project-lifecycle:
+  status: active
+  roadmap: https://github.com/microcks/microcks-spectral-ruleset/blob/main/ROADMAP.md
+  bug-fixes-only: false
+  core-maintainers:
+    - github:lbroudoux
+    - github:yada
+contribution-policy:
+  accepts-pull-requests: true
+  accepts-automated-pull-requests: true
+  code-of-conduct: https://github.com/microcks/.github/blob/master/CODE_OF_CONDUCT.md
+  contributing-policy: https://github.com/microcks/.github/blob/master/CONTRIBUTING.md
+documentation:
+  - https://microcks.io
+distribution-points:
+  - https://microcks.io
+  - https://github.com/microcks/microcks-spectral-ruleset
+  - https://quay.io/microcks
+security-artifacts:
+  threat-model:
+    threat-model-created: false
+security-testing:
+  - tool-type: sca
+    tool-name: Dependabot
+    tool-version: latest
+    integration:
+      ad-hoc: true
+      ci: false
+      before-release: false
+    comment: |
+      Dependabot is enabled for this repo on a weekly scheduled basis.
+security-contacts:
+  - type: email
+    value: security@microcks.io
+vulnerability-reporting:
+  accepts-vulnerability-reports: true
+  security-policy: https://github.com/microcks/microcks-spectral-ruleset/security/policy
+  email-contact: security@microcks.io
+  comment: |
+    To report a security issue for one of the libraries owned by the Microcks community, write an email with a detailed description of the issue to security@microcks.io.
+dependencies:
+  third-party-packages: true
+  dependencies-lists:
+    - https://github.com/microcks/microcks-spectral-ruleset/network/dependencies
+    - https://app.fossa.com/projects/git%2Bgithub.com%2Fmicrocks%2Fmicrocks-spectral-ruleset/refs/branch/main/ac16872655d09e14eb94843efbd7d11c0b6e5b3c/browse/dependencies
+  env-dependencies-policy:
+    policy-url: https://github.com/microcks/microcks-spectral-ruleset/blob/main/DEPENDENCY_POLICY.md
\ No newline at end of file