This release completely overhauls the specification based on feedback gained throughout 2024.

The artifacts attached to the bottom of this release contain a PDF version of the specification, two example templates, a Cue schema that can be used to validate a file's contents, and the source code at the time of release.

A go library was added in the latest release of SI Tooling to support the programatic ingestion of security insights files published on GitHub. This tooling is expected to gain additional features soon.

Read more about the work leading up to this release here: #97

What's Changed

• Fix examples by @luigigubello in #66
• SECURITY INSIGHTS v1.1 Roadmap by @luigigubello in #69
• Documention Enhancement by @AOrps in #71
• fix: use status instead of stage by @mmorel-35 in #73
• Doc: Fix WG name by @scovetta in #78
• Replace core-maintainers with core-team by @luigigubello in #76
• Update README.md by @eddie-knight in #81
• Governance Docs by @eddie-knight in #89
• Segment specification in repo for maintainability by @eddie-knight in #82
• Fix typo in specification.md ("specificaion") by @david-a-wheeler in #92
• break: Revamped schema based on ecosystem feedback by @eddie-knight in #96
• fix: Improved clarity around required values by @eddie-knight in #98
• fix: broken links by @eddie-knight in #99
• chore: preparing for v2 release by @eddie-knight in #100
• chore: updated this repo's SI schema-version to v2.0.0 by @eddie-knight in #102
• chore: Updated this repo's SI: last reviewed date by @eddie-knight in #103

New Contributors

• @AOrps made their first contribution in #71
• @mmorel-35 made their first contribution in #73
• @david-a-wheeler made their first contribution in #92
• Feedback contributors are highlighted in the linked issues on #97

Full Changelog: v1.0.0...v2.0.0