chore(github): Updated security documentation and CLOMonitor exemptions (#2333)

* Updated security documentation and CLOMonitor exemptions Signed-off-by: Eddie Knight <knight@linux.com> * Added license scanning exepmtion Signed-off-by: Eddie Knight <knight@linux.com> * Added best practices badge to README Signed-off-by: Eddie Knight <knight@linux.com> --------- Signed-off-by: Eddie Knight <knight@linux.com> Co-authored-by: Jason Meridth <jmeridth@gmail.com>
2023-11-06 09:10:35 -06:00 · 2023-11-06 09:10:35 -06:00 · 622aee3850
commit 622aee3850
parent f634cf6e9c
4 changed files with 32 additions and 0 deletions
--- a/.clomonitor.yml
+++ b/.clomonitor.yml
@ -7,6 +7,12 @@ exemptions:
    reason: "Helm deps are not currently scanned. Maintainers are watching developments to dependabot-core #2237" # Justification of this exemption (mandatory, it will be displayed on the UI)
  - check: sbom
    reason: "Tracking Helm dependencies is not yet a stable practice."
+  - check: self_assessment
+    reason: "Refer to self assessments supplied by the codebases Argo Helm supports."
+  - check: signed_releases
+    reason: "Argo Helm releases are made via Artifact Hub, where they are signed. The unsigned GitHub releases are for reference only."
+  - check: license_scanning
+    reason: "Temporary exemption: pending response from CNCF Service Desk"

 # TODO:
 # License scanning information