openfga · aaguiarz · Sep 19, 2025 · Sep 18, 2025 · Sep 18, 2025 · Sep 18, 2025
@@ -1,9 +1,10 @@
-# Security Insights 2.0 file https://github.com/ossf/security-insights
-# Schema: https://github.com/ossf/security-insights/blob/main/spec/schema.cue
+# Security Insights 2.0 file https://github.com/ossf/security-insights 
+# Specification: https://github.com/ossf/security-insights/tree/main/spec
+
 header:
   schema-version: 2.0.0
-  last-updated: '2025-07-26'
-  last-reviewed: '2025-07-26'
+  last-updated: '2025-09-18'
+  last-reviewed: '2025-09-18'
   url: https://github.com/openfga/js-sdk
   project-si-source: https://raw.githubusercontent.com/openfga/.github/main/SECURITY-INSIGHTS.yml
   comment: OpenFGA SDK for Node.js and JavaScript.
@@ -16,19 +17,19 @@ repository:
   accepts-automated-change-request: true
   no-third-party-packages: false
   core-team:
-    - name: Raghd Hamzeh
-      affiliation: Okta
-      email: raghd.hamzeh@okta.com
-      social: https://github.com/rhamzeh
-      primary: true
-    - name: Adrian Tam
-      affiliation: Okta
-      email: adrian.tam@okta.com
-      social: https://github.com/adriantam
-    - name: Ewan Harris
-      affiliation: Okta
-      email: ewan.harris@okta.com
-      social: https://github.com/ewanharris
+  - name: Raghd Hamzeh
+    affiliation: Okta
+    email: raghd.hamzeh@okta.com
+    social: https://github.com/rhamzeh
+    primary: true
+  - name: Adrian Tam
+    affiliation: Okta
+    email: adrian.tam@okta.com
+    social: https://github.com/adriantam
+  - name: Ewan Harris
+    affiliation: Okta
+    email: ewan.harris@okta.com
+    social: https://github.com/ewanharris
 
   license:
     url: https://raw.githubusercontent.com/openfga/js-sdk/main/LICENSE
@@ -45,14 +46,14 @@ repository:
     dependency-management-policy: https://github.com/openfga/openfga/blob/main/docs/dependencies-policy.md
     governance: https://github.com/openfga/.github/blob/main/GOVERNANCE.md
     review-policy: https://github.com/openfga/.github/blob/main/CONTRIBUTING.md
-    security-policy: https://github.com/openfga/js-sdk/security.md
+    security-policy: https://github.com/openfga/js-sdk/SECURITY.md
 
   security:
     assessments:
       self:
         evidence: https://github.com/cncf/tag-security/blob/main/community/assessments/projects/openfga/joint-assessment.md
         date: '2024-12-19'
-        comment: OpenFGA has completed a CNCF security joint assessment with CNCF TAG Security and Compliance
+        comment: OpenFGA has completed a CNCF security joint assessment with CNCF TAG-Security
 
     champions:
       - name: Ewan Harris
@@ -68,7 +69,7 @@ repository:
           adhoc: false
           ci: true
           release: true
-        comment: Dependabot is enabled for this repo to automatically update dependencies.
+        comment: Dependabot is enabled for this repository to automatically update dependencies.
       - name: Snyk
         type: SCA
         version: latest
@@ -78,9 +79,9 @@ repository:
           adhoc: false
           ci: true
           release: true
-        comment: Snyk is enabled for this repo to scan for vulnerabilities.
+        comment: Snyk is enabled for this repository to scan for vulnerabilities.
       - name: Socket
-        type: other
+        type: SCA
         version: latest
         rulesets:
           - built-in
@@ -89,3 +90,13 @@ repository:
           ci: true
           release: true
         comment: Socket is enabled for this repo to scan for supply chain security vulnerabilities.
+      - name: OSSF Scorecard
+        type: SCA
+        version: latest
+        rulesets:
+          - built-in
+        integration:
+          adhoc: false
+          ci: true
+          release: true
+        comment: OSSF Scorecard is enabled for this repository