update the SECURITY-INSIGHTS.yml with self-assessment section

Signed-off-by: Jirka Kremser <jiri.kremser@gmail.com>
k8gb-io · Oct 31, 2023 · 219a93e · 219a93e
1 parent c678351
commit 219a93e
Show file tree

Hide file tree

Showing 2 changed files with 8 additions and 1 deletion.
diff --git a/SECURITY-INSIGHTS.yml b/SECURITY-INSIGHTS.yml
@@ -45,6 +45,13 @@ distribution-points:
   - https://github.com/k8gb-io/k8gb/releases
   - https://hub.docker.com/r/absaoss/k8gb/tags
 
+self-assessment:
+  self-assessment-created: true
+  evidence-url:
+  - https://github.com/k8gb-io/k8gb/blob/master/self-assessment.md
+  comment: |
+    Created on 2023-10-31
+
 security-contacts:
 - type: email
   value: cncf-k8gb-maintainers@lists.cncf.io

diff --git a/self-assessment.md b/self-assessment.md
@@ -27,5 +27,5 @@ Quick reference information, later used for indexing.
 ### Intended Use
 
 To increase the software supply chain security, we encourage our users to consume k8gb container images with Kyverno's admission webhook 
-([/policy](https://kyverno.io/docs/writing-policies/verify-images/)) that will ensure that
+([/policy](https://kyverno.io/docs/writing-policies/verify-images/sigstore/#verifying-image-signatures)) that will ensure that
 images are signed and nobody had tempered with them. Our public key that can be used to verify this is in the root or our repository.