chore(docs): update SECURITY-INSIGHTS

[aaguiarz]

Automated update of SECURITY-INSIGHTS.yml file

Summary by CodeRabbit

• Documentation

  • Updated security documentation references and structure for improved organization.

• Chores

  • Maintenance updates to security configuration files and minor formatting corrections.

_{✏️ Tip: You can customize this high-level summary in your review settings.}

[coderabbitai]

Important

Review skipped

Auto incremental reviews are disabled on this repository.

Please check the settings in the CodeRabbit UI or the .coderabbit.yaml file in this repository. To trigger a single review, invoke the @coderabbitai review command.

You can disable this status message by setting the reviews.review_status to false in the CodeRabbit configuration file.

Walkthrough

The .github/SECURITY-INSIGHTS.yml configuration file was updated with revised metadata dates, corrected security policy reference URL, normalized tooling descriptions, and adjusted type classification for a dependency scanning tool.

Changes

Cohort / File(s)	Change Summary
Security Insights Configuration .github/SECURITY-INSIGHTS.yml	Updated header metadata (last-updated, last-reviewed dates to 2025-09-18), migrated security-policy URL path casing, refined observability and tooling references (Dependabot, Snyk descriptions), corrected Socket entry type from "other" to "SCA", reformatted core-team section, and applied capitalization normalization

Estimated code review effort

🎯 1 (Trivial) | ⏱️ ~3 minutes

Possibly related PRs

• openfga/api#229: Introduced the .github/SECURITY-INSIGHTS.yml file initially; this PR updates metadata, tooling references, and formatting within the same configuration file.

🚥 Pre-merge checks | ✅ 3

✅ Passed checks (3 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title 'chore(docs): update SECURITY-INSIGHTS' clearly and accurately describes the main change: updating the SECURITY-INSIGHTS.yml file with refreshed metadata, URLs, and content.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 1

🤖 Fix all issues with AI agents

In @.github/SECURITY-INSIGHTS.yml:
- Around line 19-60: The YAML list under the key core-team is mis-indented and
breaks parsing; fix by indenting each list item and their fields so they are
children of core-team (e.g., make the dash entries and their
name/affiliation/email/social/primary keys nested under core-team rather than
aligned with core-team); ensure consistent indentation for all entries (dash and
its nested keys) so the repository mapping remains valid.

♻️ Duplicate comments (1)

.github/SECURITY-INSIGHTS.yml (1)

71-71: Correct the security-policy URL target.

Line 71 uses https://github.com/openfga/api/SECURITY.md, which is not a canonical GitHub file URL and likely 404s. Point to the canonical policy location, or add /blob/main/ if the file lives in this repo.

🔗 Proposed fix (adjust if policy lives elsewhere)

-    security-policy: https://github.com/openfga/api/SECURITY.md
+    security-policy: https://github.com/openfga/.github/blob/main/SECURITY.md

[dosubot]

Related Documentation

Checked 5 published document(s) in 0 knowledge base(s). No updates required.

^{How did I do? Any feedback?}