chore: add security insights yaml

related to clomonitor

https://github.com/podman-desktop/podman-desktop/issues/11741

Signed-off-by: Florent Benoit <fbenoit@redhat.com>

SECURITY-INSIGHTS.yml

@@ -0,0 +1,70 @@
+#
+# Copyright (C) 2025 Red Hat, Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# SPDX-License-Identifier: Apache-2.0
+header:
+  schema-version: 1.0.0
+  last-updated: 2025-04-11
+  last-reviewed: 2025-04-11
+  expiration-date: 2028-04-11
+  project-url: https://github.com/podman-desktop/podman-desktop
+  license: https://github.com/podman-desktop/podman-desktop/blob/main/LICENSE
+project-lifecycle:
+  status: active
+  bug-fixes-only: false
+  core-maintainers:
+    - https://github.com/podman-desktop/podman-desktop/blob/main/MAINTAINERS.md
+  release-cycle: https://github.com/podman-desktop/podman-desktop/releases
+  release-process: https://github.com/podman-desktop/podman-desktop/blob/main/RELEASE.md
+contribution-policy:
+  accepts-pull-requests: true
+  accepts-automated-pull-requests: true
+  automated-tools-list:
+    - automated-tool: dependabot
+      action: allowed
+      path:
+        - /
+  contributing-policy: https://github.com/podman-desktop/podman-desktop/blob/main/CONTRIBUTING.md
+  code-of-conduct: https://github.com/podman-desktop/podman-desktop/blob/main/CODE-OF-CONDUCT.md
+documentation:
+  - https://podman-desktop.io/docs
+distribution-points:
+  - https://github.com/podman-desktop/podman-desktop/releases
+  - https://podman-desktop.io/downloads
+security-testing:
+- tool-type: sca
+  tool-name: Dependabot
+  tool-version: "2"
+  tool-url: https://github.com/dependabot
+  integration:
+    ad-hoc: false
+    ci: true
+    before-release: false
+security-contacts:
+- type: email
+  value: security@lists.podman.io
+  primary: true
+vulnerability-reporting:
+  accepts-vulnerability-reports: true
+  email-contact: security@lists.podman.io
+  security-policy: https://github.com/podman-desktop/podman-desktop/blob/main/SECURITY.md
+  bug-bounty-available: false
+dependencies:
+  third-party-packages: true
+  dependencies-lists: https://github.com/podman-desktop/podman-desktop/blob/main/package.json
+  dependencies-lifecycle:
+    policy-url: https://github.com/podman-desktop/podman-desktop/blob/main/SECURITY.md
+  env-dependencies-policy:
+    policy-url: https://github.com/podman-desktop/podman-desktop/blob/main/SECURITY.md