forked from argoproj/argo-helm
-
Notifications
You must be signed in to change notification settings - Fork 0
/
.clomonitor.yml
27 lines (24 loc) · 1.19 KB
/
.clomonitor.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
# CLOMonitor metadata file
# This file must be located at the root of the repository
# Checks exemptions
exemptions:
- check: dependency_update_tool
reason: "Helm deps are not currently scanned. Maintainers are watching developments to dependabot-core #2237" # Justification of this exemption (mandatory, it will be displayed on the UI)
- check: sbom
reason: "Tracking Helm dependencies is not yet a stable practice."
- check: self_assessment
reason: "Refer to self assessments supplied by the codebases Argo Helm supports."
- check: signed_releases
reason: "Argo Helm releases are made via Artifact Hub, where they are signed. The unsigned GitHub releases are for reference only."
- check: license_scanning
reason: "Temporary exemption: pending response from CNCF Service Desk"
# TODO:
# License scanning information
# licenseScanning:
# URL with the repository's license scanning results
#
# CLOMonitor can extract license scanning results from FOSSA and Snyk badges
# in the repository README.md file automatically. If your repository uses a
# different scanning solution, this url can be set to pass the corresponding
# check.
# url: https://license-scanning-results.url