openfga · aaguiarz · Sep 24, 2024 · Nov 15, 2024 · Nov 15, 2024 · Nov 21, 2024
@@ -0,0 +1,113 @@
+# Security Insights 2.0 file https://github.com/ossf/security-insights
+# Schema: https://github.com/ossf/security-insights/blob/main/spec/schema.cue
+header:
+  schema-version: 2.0.0
+  last-updated: '2025-07-26'
+  last-reviewed: '2025-07-26'
+  url: https://github.com/openfga/api
+  project-si-source: https://raw.githubusercontent.com/openfga/.github/main/SECURITY-INSIGHTS.yml
+  comment: Protocol Buffers used by OpenFGA.
+
+repository:
+  url: https://github.com/openfga/api
+  status: active
+  bug-fixes-only: false
+  accepts-change-request: true
+  accepts-automated-change-request: true
+  no-third-party-packages: false
+  core-team:
+    - name: Poovamraj Thanganadar Thiagarajan
+      affiliation: Okta
+      email: poovamraj.thanganadarthiagarajan@okta.com
+      social: https://github.com/poovamraj
+      primary: true
+    - name: Adrian Tam
+      affiliation: Okta
+      email: adrian.tam@okta.com
+      social: https://github.com/adriantam
+    - name: Jose Padilla
+      affiliation: Okta
+      email: jose.padilla@okta.com
+      social: https://github.com/jpadilla
+    - name: Joshua Jones
+      affiliation: Okta
+      email: joshua.jones@okta.com
+      social: https://github.com/senojj
+    - name: Justin Cohen
+      affiliation: Okta
+      email: justin.cohen@okta.com
+      social: https://github.com/justincoh
+    - name: Raghd Hamzeh
+      affiliation: Okta
+      email: raghd.hamzeh@okta.com
+      social: https://github.com/rhamzeh
+    - name: Victoria Johns
+      affiliation: Okta
+      email: victoria.johns@okta.com
+      social: https://github.com/vic-dev
+    - name: Will Vedder
+      affiliation: Okta
+      email: will.vedder@okta.com
+      social: https://github.com/willvedd
+    - name: Yamil Asusta
+      affiliation: Okta
+      email: yamil.asusta@okta.com
+      social: https://github.com/elbuo8
+    - name: Zilvinas Vilutis
+      affiliation: Okta
+      email: zilvinas.vilutis@okta.com
+      social: https://github.com/cikasfm
+
+  license:
+    url: https://raw.githubusercontent.com/openfga/api/main/LICENSE
+    expression: Apache-2.0
+
+  documentation:
+    contributing-guide: https://github.com/openfga/.github/blob/main/CONTRIBUTING.md
+    dependency-management-policy: https://github.com/openfga/openfga/blob/main/docs/dependencies-policy.md
+    governance: https://github.com/openfga/.github/blob/main/GOVERNANCE.md
+    review-policy: https://github.com/openfga/.github/blob/main/CONTRIBUTING.md
+    security-policy: https://github.com/openfga/api/security.md
+
+  security:
+    assessments:
+      self:
+        evidence: https://github.com/cncf/tag-security/blob/main/community/assessments/projects/openfga/joint-assessment.md
+        date: '2024-12-19'
+        comment: OpenFGA has completed a CNCF security joint assessment with CNCF TAG Security and Compliance
+
+    champions:
+      - name: Justin Cohen
+        email: justin.cohen@okta.com
+        primary: true
+    tools:
+      - name: Dependabot
+        type: SCA
+        version: latest
+        rulesets:
+          - built-in
+        integration:
+          adhoc: false
+          ci: true
+          release: true
+        comment: Dependabot is enabled for this repo to automatically update dependencies.
+      - name: Snyk
+        type: SCA
+        version: latest
+        rulesets:
+          - built-in
+        integration:
+          adhoc: false
+          ci: true
+          release: true
+        comment: Snyk is enabled for this repo to scan for vulnerabilities.
+      - name: Socket
+        type: other
+        version: latest
+        rulesets:
+          - built-in
+        integration:
+          adhoc: false
+          ci: true
+          release: true
+        comment: Socket is enabled for this repo to scan for supply chain security vulnerabilities.
@@ -1,18 +1,21 @@
+# yaml-language-server: $schema=https://json.schemastore.org/dependabot-2.0.json
 version: 2
+
 updates:
   - package-ecosystem: "gomod"
     directory: "/"
     schedule:
       interval: "weekly"
     groups:
-     dependencies:
+      dependencies:
         patterns:
           - "*"
+
   - package-ecosystem: "github-actions"
     directory: "/"
     schedule:
       interval: "weekly"
     groups:
-     dependencies:
+      dependencies:
         patterns:
           - "*"
@@ -17,11 +17,11 @@ jobs:
   push:
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@1d96c772d19495a3b5c517cd2bc0cb401ea0529f # v4.1.3
+      - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
         with:
           fetch-depth: 0
 
-      - uses: bufbuild/buf-setup-action@35c243d7f2a909b1d4e40399b348a7fdab27d78d # v1.34.0
+      - uses: bufbuild/buf-setup-action@a47c93e0b1648d5651a065437926377d060baa99 # v1.50.0
       - uses: bufbuild/buf-push-action@a654ff18effe4641ebea4a4ce242c49800728459 # v1.2.0
         with:
           buf_token: ${{ secrets.BUF_TOKEN }}

@@ -12,10 +12,10 @@ jobs:
   build:
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@1d96c772d19495a3b5c517cd2bc0cb401ea0529f # v4.1.3
+      - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
         with:
           fetch-depth: 0
-      - uses: bufbuild/buf-setup-action@35c243d7f2a909b1d4e40399b348a7fdab27d78d # v1.34.0
+      - uses: bufbuild/buf-setup-action@a47c93e0b1648d5651a065437926377d060baa99 # v1.50.0
       - uses: bufbuild/buf-lint-action@06f9dd823d873146471cfaaf108a993fe00e5325 # v1.1.1
       - uses: bufbuild/buf-breaking-action@c57b3d842a5c3f3b454756ef65305a50a587c5ba # v1.1.4
         with:
@@ -26,10 +26,10 @@ jobs:
   diff-openapi:
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@1d96c772d19495a3b5c517cd2bc0cb401ea0529f # v4.1.3
+      - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
         with:
           fetch-depth: 0
-      - uses: bufbuild/buf-setup-action@35c243d7f2a909b1d4e40399b348a7fdab27d78d # v1.34.0
+      - uses: bufbuild/buf-setup-action@a47c93e0b1648d5651a065437926377d060baa99 # v1.50.0
       - name: "Generate OpenAPI & Diff"
         run: |
           make all
@@ -38,9 +38,9 @@ jobs:
   validate-openapi:
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@1d96c772d19495a3b5c517cd2bc0cb401ea0529f # v4.1.3
+      - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
         with:
           fetch-depth: 0
-      - uses: char0n/swagger-editor-validate@65266f9d3147e446b96af879fd317ce6079529ea # v1.3.2
+      - uses: swaggerexpert/swagger-editor-validate@264fd875d3c6e1bf65da1f0a63e095cbe41ffef3 # v1.5.1
         with:
           definition-file: ./docs/openapiv2/apidocs.swagger.json
@@ -1,10 +1,30 @@
 # OpenFGA API
-This project contains the definitions of [Protocol Buffers](https://developers.google.com/protocol-buffers/) used by OpenFGA.
+
+The OpenFGA API [Protocol Buffers](https://developers.google.com/protocol-buffers/) definitions.
+
+## About
+[OpenFGA](https://openfga.dev) is an open source Fine-Grained Authorization solution inspired by [Google's Zanzibar paper](https://research.google/pubs/pub48190/). It was created by the FGA team at [Auth0/Okta](https://auth0.com) based on [Auth0 Fine-Grained Authorization (FGA)](https://fga.dev), available under [a permissive license (Apache-2)](https://github.com/openfga/rfcs/blob/main/LICENSE) and welcomes community contributions.
+
+OpenFGA is designed to make it easy for application builders to model their permission layer, and to add and integrate fine-grained authorization into their applications. OpenFGA’s design is optimized for reliability and low latency at a high scale.
+
+## Usage
 
 [Buf](https://github.com/bufbuild/buf) is used to manage, package, and generate source code from the protocol buffer definitions. The API definitions
 are pushed to the [`buf.build/openfga/api`](https://buf.build/openfga/api) repository in the Buf Registry.
 
-## Building the Generated Sources
+You can find various SDKs autogenerated by buf based on the protobuf definitions here: https://buf.build/openfga/api/sdks/main:protobuf 
+
+For example, to import the definitions in Go you can do so via the following command:
+
+```shell
+go get go.buf.build/openfga/go/openfga/api
+```
+
+If you are looking for the currently supported OpenFGA HTTP SDKs, you can find them here: https://github.com/openfga/sdk-generator#currently-supported-sdks
+
+## Contributing
+
+### Building the Generated Sources
 To generate source code from the protobuf definitions contained in this project you can run the following command:
 
 > **Note**: You must have [Buf CLI](https://docs.buf.build/installation) installed to run the following command.
@@ -17,20 +37,20 @@ The command above will generate source code in the `proto/` directory. It will a
 that files requiring auto-generation after `.proto` changes have been updated. There are some cases where that git hook
 may be overly strict. In those cases you can bypass it with `commit --no-verify`.
 
-## Use the generated sources in OpenFGA
+### Use the generated sources in OpenFGA
 
 1. Generate the sources as above
 2. In the `proto` directory execute the following commands:
-    ```
+    ```shell
     go mod init go.buf.build/openfga/go/openfga/api
     go mod tidy
     ```
 3. In OpenFGA, add the following line to your `go.mod`:
-    ```
+    ```shell
     replace github.com/openfga/api/proto => /path/to/proto
     ```
 
-## Generating OpenAPI Documentation
+### Generating OpenAPI Documentation
 To generate the OpenAPI documentation from the protobuf sources you can run the following commands:
 
 > **Note**: You must have [jq](https://jqlang.github.io/jq/download/) installed to run the `format` step below
@@ -45,3 +65,13 @@ Or you can just use
 ```bash
 make
 ```
+
+See [CONTRIBUTING](https://github.com/openfga/.github/blob/main/CONTRIBUTING.md).
+
+## Author
+
+[OpenFGA](https://github.com/openfga)
+
+## License
+
+This project is licensed under the Apache-2.0 license. See the [LICENSE](https://github.com/openfga/api/blob/main/LICENSE) file for more info.