[Repo] OpenSSF Security Insights v2

[martincostello]

Changes

Migrate to OpenSSF Security Insights v2.

See cncf/clomonitor#1900 and open-telemetry/opentelemetry-dotnet#7143.

Merge requirement checklist

• CONTRIBUTING guidelines followed (license requirements, nullable enabled, static analysis, etc.)
• Unit tests added/updated
• Appropriate CHANGELOG.md files updated for non-trivial changes
• Changes in public API reviewed (if applicable)

[codecov]

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 75.19%. Comparing base (bcb51fe) to head (66c0c11).
⚠️ Report is 16 commits behind head on main.
✅ All tests successful. No failed tests found.

Additional details and impacted files

@@            Coverage Diff             @@
##             main    #4302      +/-   ##
==========================================
- Coverage   75.32%   75.19%   -0.14%     
==========================================
  Files         467      467              
  Lines       18478    18478              
==========================================
- Hits        13919    13894      -25     
- Misses       4559     4584      +25     

Flag	Coverage Δ
unittests-Contrib.Shared.Tests	89.38% <ø> (ø)
unittests-Exporter.Geneva	54.82% <ø> (-0.33%)	⬇️
unittests-Exporter.InfluxDB	95.81% <ø> (ø)
unittests-Exporter.Instana	74.86% <ø> (ø)
unittests-Exporter.OneCollector	94.61% <ø> (ø)
unittests-Extensions	90.78% <ø> (ø)
unittests-Extensions.Enrichment	100.00% <ø> (ø)
unittests-Extensions.Enrichment.AspNetCore	86.27% <ø> (ø)
unittests-Extensions.Enrichment.Http	94.33% <ø> (ø)
unittests-Instrumentation.AWS	84.08% <ø> (ø)
unittests-Instrumentation.AspNet	76.61% <ø> (ø)
unittests-Instrumentation.AspNetCore	70.44% <ø> (ø)
unittests-Instrumentation.Cassandra	92.85% <ø> (ø)
unittests-Instrumentation.ConfluentKafka	78.52% <ø> (ø)
unittests-Instrumentation.ElasticsearchClient	80.60% <ø> (ø)
unittests-Instrumentation.EntityFrameworkCore	81.39% <ø> (ø)
unittests-Instrumentation.EventCounters	77.27% <ø> (ø)
unittests-Instrumentation.GrpcCore	91.27% <ø> (ø)
unittests-Instrumentation.GrpcNetClient	73.78% <ø> (ø)
unittests-Instrumentation.Hangfire	88.91% <ø> (ø)
unittests-Instrumentation.Http	74.62% <ø> (ø)
unittests-Instrumentation.Owin	88.62% <ø> (ø)
unittests-Instrumentation.Process	100.00% <ø> (ø)
unittests-Instrumentation.Quartz	78.76% <ø> (ø)
unittests-Instrumentation.Remoting	64.28% <ø> (ø)
unittests-Instrumentation.Runtime	100.00% <ø> (ø)
unittests-Instrumentation.ServiceFabricRemoting	40.83% <ø> (ø)
unittests-Instrumentation.SqlClient	84.56% <ø> (ø)
unittests-Instrumentation.StackExchangeRedis	93.63% <ø> (ø)
unittests-Instrumentation.Wcf	80.77% <ø> (ø)
unittests-OpAmp.Client	82.26% <ø> (-0.89%)	⬇️
unittests-PersistentStorage	72.02% <ø> (ø)
unittests-Resources.AWS	74.49% <ø> (ø)
unittests-Resources.Azure	88.31% <ø> (ø)
unittests-Resources.Container	67.34% <ø> (ø)
unittests-Resources.Gcp	71.42% <ø> (ø)
unittests-Resources.Host	72.26% <ø> (ø)
unittests-Resources.OperatingSystem	76.98% <ø> (ø)
unittests-Resources.Process	100.00% <ø> (ø)
unittests-Resources.ProcessRuntime	79.59% <ø> (ø)
unittests-Sampler.AWS	97.52% <ø> (ø)

Flags with carried forward coverage won't be shown. Click here to find out more.
see 5 files with indirect coverage changes

🚀 New features to boost your workflow:

• 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

[Copilot]

Pull request overview

Migrates the repository’s OpenSSF Security Insights metadata from the legacy v1 SECURITY-INSIGHTS.yml format to the v2 schema placed under .github/, aligning with updated OpenSSF/CLomonitor expectations.

Changes:

• Removed the root-level SECURITY-INSIGHTS.yml (v1 schema).
• Added .github/security-insights.yml using the Security Insights v2 schema and updated field structure.

Reviewed changes

Copilot reviewed 2 out of 2 changed files in this pull request and generated no comments.

File	Description
SECURITY-INSIGHTS.yml	Removes the deprecated v1 Security Insights document.
.github/security-insights.yml	Introduces the v2 Security Insights document with updated schema/sections (project, repository, release, security tooling).

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.