diff --git a/.github/security-insights.yml b/.github/security-insights.yml
new file mode 100644
index 0000000000..7733683c91
--- /dev/null
+++ b/.github/security-insights.yml
@@ -0,0 +1,229 @@
+header:
+  last-reviewed: '2026-04-25'
+  last-updated: '2026-04-25'
+  schema-version: 2.0.0
+  url: https://raw.githubusercontent.com/open-telemetry/opentelemetry-dotnet-contrib/main/.github/security-insights.yml
+  comment: |
+    This file contains the minimum information for https://github.com/open-telemetry/opentelemetry-dotnet-contrib.
+
+project:
+  name: OpenTelemetry .NET Contrib
+  homepage: https://opentelemetry.io/docs/languages/dotnet/
+  administrators:
+    - name: Alan West
+      affiliation: New Relic
+      social: https://github.com/alanwest
+      primary: true
+    - name: Martin Costello
+      affiliation: Grafana Labs
+      social: https://github.com/martincostello
+      primary: false
+    - name: "Piotr Kie\u0142kowicz"
+      affiliation: Splunk
+      social: https://github.com/Kielek
+      primary: false
+    - name: Rajkumar Rangaraj
+      affiliation: Microsoft
+      social: https://github.com/rajkumar-rangaraj
+      primary: false
+  documentation:
+    code-of-conduct: https://github.com/open-telemetry/.github/blob/main/CODE_OF_CONDUCT.md
+    detailed-guide: https://opentelemetry.io/docs/languages/dotnet/
+    quickstart-guide: https://opentelemetry.io/docs/languages/dotnet/getting-started/
+    release-process: https://github.com/open-telemetry/opentelemetry-dotnet-contrib/blob/main/build/RELEASING.md
+    signature-verification: https://github.com/open-telemetry/opentelemetry-dotnet-contrib/blob/main/README.md#attestation
+  repositories:
+    - name: opentelemetry-dotnet
+      url: https://github.com/open-telemetry/opentelemetry-dotnet
+      comment: |
+        Active primary OpenTelemetry .NET repository. It contains the API,
+        SDK, core exporters, and extensions released as NuGet packages from
+        this repository.
+    - name: opentelemetry-dotnet-contrib
+      url: https://github.com/open-telemetry/opentelemetry-dotnet-contrib
+      comment: |
+        This repository contains set of components extending functionality
+        of the OpenTelemetry .NET SDK. Instrumentation libraries, exporters,
+        and other components can find their home here.
+  vulnerability-reporting:
+    bug-bounty-available: false
+    reports-accepted: true
+    policy: https://opentelemetry.io/docs/security/security-response/
+    contact:
+      name: The OpenTelemetry security team
+      email: security@opentelemetry.io
+      primary: true
+    comment: |
+      Report security vulnerabilities via https://github.com/open-telemetry/opentelemetry-dotnet-contrib/security.
+
+repository:
+  url: https://github.com/open-telemetry/opentelemetry-dotnet-contrib
+  status: active
+  accepts-automated-change-request: true
+  accepts-change-request: true
+  bug-fixes-only: false
+  no-third-party-packages: false
+  core-team:
+    - name: Alan West
+      affiliation: New Relic
+      social: https://github.com/alanwest
+      primary: true
+    - name: Martin Costello
+      affiliation: Grafana Labs
+      social: https://github.com/martincostello
+      primary: false
+    - name: Mikel Blanchard
+      affiliation: Microsoft
+      social: https://github.com/CodeBlanch
+      primary: false
+    - name: "Piotr Kie\u0142kowicz"
+      affiliation: Splunk
+      social: https://github.com/Kielek
+      primary: false
+    - name: Rajkumar Rangaraj
+      affiliation: Microsoft
+      social: https://github.com/rajkumar-rangaraj
+      primary: false
+    - name: Timothy Mothra
+      social: https://github.com/TimothyMothra
+      primary: false
+  documentation:
+    contributing-guide: https://github.com/open-telemetry/opentelemetry-dotnet-contrib/blob/main/CONTRIBUTING.md
+    dependency-management-policy: https://github.com/open-telemetry/opentelemetry-dotnet-contrib/blob/main/.github/renovate.json
+    security-policy: https://opentelemetry.io/docs/security/security-response/
+  license:
+    expression: Apache-2.0
+    url: https://github.com/open-telemetry/opentelemetry-dotnet-contrib/blob/main/LICENSE.TXT
+  release:
+    automated-pipeline: true
+    changelog: https://github.com/open-telemetry/opentelemetry-dotnet-contrib/releases
+    distribution-points:
+      - uri: https://www.nuget.org/packages/OpenTelemetry.Exporter.Geneva
+        comment: OpenTelemetry.Exporter.Geneva NuGet package distributed from NuGet.org.
+      - uri: https://www.nuget.org/packages/OpenTelemetry.Exporter.InfluxDB
+        comment: OpenTelemetry.Exporter.InfluxDB NuGet package distributed from NuGet.org.
+      - uri: https://www.nuget.org/packages/OpenTelemetry.Exporter.Instana
+        comment: OpenTelemetry.Exporter.Instana NuGet package distributed from NuGet.org.
+      - uri: https://www.nuget.org/packages/OpenTelemetry.Exporter.OneCollector
+        comment: OpenTelemetry.Exporter.OneCollector NuGet package distributed from NuGet.org.
+      - uri: https://www.nuget.org/packages/OpenTelemetry.Extensions
+        comment: OpenTelemetry.Extensions NuGet package distributed from NuGet.org.
+      - uri: https://www.nuget.org/packages/OpenTelemetry.Extensions.AWS
+        comment: OpenTelemetry.Extensions.AWS NuGet package distributed from NuGet.org.
+      - uri: https://www.nuget.org/packages/OpenTelemetry.Extensions.Enrichment
+        comment: OpenTelemetry.Extensions.Enrichment NuGet package distributed from NuGet.org.
+      - uri: https://www.nuget.org/packages/OpenTelemetry.Extensions.Enrichment.AspNetCore
+        comment: OpenTelemetry.Extensions.Enrichment.AspNetCore NuGet package distributed from NuGet.org.
+      - uri: https://www.nuget.org/packages/OpenTelemetry.Extensions.Enrichment.Http
+        comment: OpenTelemetry.Extensions.Enrichment.Http NuGet package distributed from NuGet.org.
+      - uri: https://www.nuget.org/packages/OpenTelemetry.Instrumentation.AspNet
+        comment: OpenTelemetry.Instrumentation.AspNet NuGet package distributed from NuGet.org.
+      - uri: https://www.nuget.org/packages/OpenTelemetry.Instrumentation.AspNet.TelemetryHttpModule
+        comment: OpenTelemetry.Instrumentation.AspNet.TelemetryHttpModule NuGet package distributed from NuGet.org.
+      - uri: https://www.nuget.org/packages/OpenTelemetry.Instrumentation.AspNetCore
+        comment: OpenTelemetry.Instrumentation.AspNetCore NuGet package distributed from NuGet.org.
+      - uri: https://www.nuget.org/packages/OpenTelemetry.Instrumentation.AWS
+        comment: OpenTelemetry.Instrumentation.AWS NuGet package distributed from NuGet.org.
+      - uri: https://www.nuget.org/packages/OpenTelemetry.Instrumentation.AWSLambda
+        comment: OpenTelemetry.Instrumentation.AWSLambda NuGet package distributed from NuGet.org.
+      - uri: https://www.nuget.org/packages/OpenTelemetry.Instrumentation.Cassandra
+        comment: OpenTelemetry.Instrumentation.Cassandra NuGet package distributed from NuGet.org.
+      - uri: https://www.nuget.org/packages/OpenTelemetry.Instrumentation.ConfluentKafka
+        comment: OpenTelemetry.Instrumentation.ConfluentKafka NuGet package distributed from NuGet.org.
+      - uri: https://www.nuget.org/packages/OpenTelemetry.Instrumentation.ElasticsearchClient
+        comment: OpenTelemetry.Instrumentation.ElasticsearchClient NuGet package distributed from NuGet.org.
+      - uri: https://www.nuget.org/packages/OpenTelemetry.Instrumentation.EntityFrameworkCore
+        comment: OpenTelemetry.Instrumentation.EntityFrameworkCore NuGet package distributed from NuGet.org.
+      - uri: https://www.nuget.org/packages/OpenTelemetry.Instrumentation.EventCounters
+        comment: OpenTelemetry.Instrumentation.EventCounters NuGet package distributed from NuGet.org.
+      - uri: https://www.nuget.org/packages/OpenTelemetry.Instrumentation.GrpcCore
+        comment: OpenTelemetry.Instrumentation.GrpcCore NuGet package distributed from NuGet.org.
+      - uri: https://www.nuget.org/packages/OpenTelemetry.Instrumentation.GrpcNetClient
+        comment: OpenTelemetry.Instrumentation.GrpcNetClient NuGet package distributed from NuGet.org.
+      - uri: https://www.nuget.org/packages/OpenTelemetry.Instrumentation.Hangfire
+        comment: OpenTelemetry.Instrumentation.Hangfire NuGet package distributed from NuGet.org.
+      - uri: https://www.nuget.org/packages/OpenTelemetry.Instrumentation.Http
+        comment: OpenTelemetry.Instrumentation.Http NuGet package distributed from NuGet.org.
+      - uri: https://www.nuget.org/packages/OpenTelemetry.Instrumentation.Kusto
+        comment: OpenTelemetry.Instrumentation.Kusto NuGet package distributed from NuGet.org.
+      - uri: https://www.nuget.org/packages/OpenTelemetry.Instrumentation.Owin
+        comment: OpenTelemetry.Instrumentation.Owin NuGet package distributed from NuGet.org.
+      - uri: https://www.nuget.org/packages/OpenTelemetry.Instrumentation.Process
+        comment: OpenTelemetry.Instrumentation.Process NuGet package distributed from NuGet.org.
+      - uri: https://www.nuget.org/packages/OpenTelemetry.Instrumentation.Quartz
+        comment: OpenTelemetry.Instrumentation.Quartz NuGet package distributed from NuGet.org.
+      - uri: https://www.nuget.org/packages/OpenTelemetry.Instrumentation.Remoting
+        comment: OpenTelemetry.Instrumentation.Remoting NuGet package distributed from NuGet.org.
+      - uri: https://www.nuget.org/packages/OpenTelemetry.Instrumentation.Runtime
+        comment: OpenTelemetry.Instrumentation.Runtime NuGet package distributed from NuGet.org.
+      - uri: https://www.nuget.org/packages/OpenTelemetry.Instrumentation.ServiceFabricRemoting
+        comment: OpenTelemetry.Instrumentation.ServiceFabricRemoting NuGet package distributed from NuGet.org.
+      - uri: https://www.nuget.org/packages/OpenTelemetry.Instrumentation.SqlClient
+        comment: OpenTelemetry.Instrumentation.SqlClient NuGet package distributed from NuGet.org.
+      - uri: https://www.nuget.org/packages/OpenTelemetry.Instrumentation.StackExchangeRedis
+        comment: OpenTelemetry.Instrumentation.StackExchangeRedis NuGet package distributed from NuGet.org.
+      - uri: https://www.nuget.org/packages/OpenTelemetry.Instrumentation.Wcf
+        comment: OpenTelemetry.Instrumentation.Wcf NuGet package distributed from NuGet.org.
+      - uri: https://www.nuget.org/packages/OpenTelemetry.OpAmp.Client
+        comment: OpenTelemetry.OpAmp.Client NuGet package distributed from NuGet.org.
+      - uri: https://www.nuget.org/packages/OpenTelemetry.PersistentStorage.Abstractions
+        comment: OpenTelemetry.PersistentStorage.Abstractions NuGet package distributed from NuGet.org.
+      - uri: https://www.nuget.org/packages/OpenTelemetry.PersistentStorage.FileSystem
+        comment: OpenTelemetry.PersistentStorage.FileSystem NuGet package distributed from NuGet.org.
+      - uri: https://www.nuget.org/packages/OpenTelemetry.Resources.AWS
+        comment: OpenTelemetry.Resources.AWS NuGet package distributed from NuGet.org.
+      - uri: https://www.nuget.org/packages/OpenTelemetry.Resources.Azure
+        comment: OpenTelemetry.Resources.Azure NuGet package distributed from NuGet.org.
+      - uri: https://www.nuget.org/packages/OpenTelemetry.Resources.Container
+        comment: OpenTelemetry.Resources.Container NuGet package distributed from NuGet.org.
+      - uri: https://www.nuget.org/packages/OpenTelemetry.Resources.Gcp
+        comment: OpenTelemetry.Resources.Gcp NuGet package distributed from NuGet.org.
+      - uri: https://www.nuget.org/packages/OpenTelemetry.Resources.Host
+        comment: OpenTelemetry.Resources.Host NuGet package distributed from NuGet.org.
+      - uri: https://www.nuget.org/packages/OpenTelemetry.Resources.OperatingSystem
+        comment: OpenTelemetry.Resources.OperatingSystem NuGet package distributed from NuGet.org.
+      - uri: https://www.nuget.org/packages/OpenTelemetry.Resources.Process
+        comment: OpenTelemetry.Resources.Process NuGet package distributed from NuGet.org.
+      - uri: https://www.nuget.org/packages/OpenTelemetry.Resources.ProcessRuntime
+        comment: OpenTelemetry.Resources.ProcessRuntime NuGet package distributed from NuGet.org.
+      - uri: https://www.nuget.org/packages/OpenTelemetry.Sampler.AWS
+        comment: OpenTelemetry.Sampler.AWS NuGet package distributed from NuGet.org.
+    attestations: []
+
+  security:
+    assessments:
+      self:
+        comment: No formal self-assessment yet.
+        evidence: https://github.com/open-telemetry/opentelemetry-dotnet-contrib/pull/4302
+        date: '2026-04-25'
+    tools:
+      - name: CodeQL
+        comment: |
+          Static code analysis.
+        integration:
+          adhoc: true
+          ci: true
+          release: true
+        rulesets:
+          - https://github.com/open-telemetry/opentelemetry-dotnet-contrib/blob/main/.github/workflows/codeql-analysis.yml
+        type: SAST
+      - name: FsCheck
+        comment: |
+          FsCheck is used for fuzz testing as part of CI.
+        integration:
+          adhoc: true
+          ci: true
+          release: true
+        rulesets:
+          - default
+        type: fuzzing
+      - name: Renovate
+        comment: |
+          Automated dependency updates.
+        integration:
+          adhoc: true
+          ci: true
+          release: true
+        rulesets:
+          - https://github.com/open-telemetry/opentelemetry-dotnet-contrib/blob/main/.github/renovate.json
+        type: SCA
diff --git a/SECURITY-INSIGHTS.yml b/SECURITY-INSIGHTS.yml
deleted file mode 100644
index 4afc609d0c..0000000000
--- a/SECURITY-INSIGHTS.yml
+++ /dev/null
@@ -1,159 +0,0 @@
-header:
-  schema-version: '1.0.0'
-  expiration-date: '2027-03-30T00:00:00.000Z'
-  last-updated: '2026-03-30'
-  last-reviewed: '2026-03-30'
-  project-url: https://github.com/open-telemetry/opentelemetry-dotnet-contrib
-  changelog: https://github.com/open-telemetry/opentelemetry-dotnet-contrib/releases
-  license: https://github.com/open-telemetry/opentelemetry-dotnet-contrib/blob/main/LICENSE.TXT
-
-project-lifecycle:
-  status: active
-  bug-fixes-only: false
-  core-maintainers:
-    - https://github.com/alanwest
-    - https://github.com/CodeBlanch
-    - https://github.com/Kielek
-    - https://github.com/martincostello
-    - https://github.com/rajkumar-rangaraj
-    - https://github.com/TimothyMothra
-
-contribution-policy:
-  accepts-pull-requests: true
-  accepts-automated-pull-requests: true
-  contributing-policy: https://github.com/open-telemetry/opentelemetry-dotnet-contrib/blob/main/CONTRIBUTING.md
-  code-of-conduct: https://github.com/open-telemetry/.github/blob/main/CODE_OF_CONDUCT.md
-  automated-tools-list:
-    - automated-tool: renovatebot
-      action: allowed
-      comment: Automated dependency updates are accepted.
-
-documentation:
-  - https://opentelemetry.io/docs/languages/dotnet/
-
-distribution-points:
-  - pkg:nuget/OpenTelemetry.Exporter.Geneva
-  - pkg:nuget/OpenTelemetry.Exporter.InfluxDB
-  - pkg:nuget/OpenTelemetry.Exporter.Instana
-  - pkg:nuget/OpenTelemetry.Exporter.OneCollector
-  - pkg:nuget/OpenTelemetry.Extensions
-  - pkg:nuget/OpenTelemetry.Extensions.AWS
-  - pkg:nuget/OpenTelemetry.Extensions.Enrichment
-  - pkg:nuget/OpenTelemetry.Extensions.Enrichment.AspNetCore
-  - pkg:nuget/OpenTelemetry.Extensions.Enrichment.Http
-  - pkg:nuget/OpenTelemetry.Instrumentation.AspNet
-  - pkg:nuget/OpenTelemetry.Instrumentation.AspNet.TelemetryHttpModule
-  - pkg:nuget/OpenTelemetry.Instrumentation.AspNetCore
-  - pkg:nuget/OpenTelemetry.Instrumentation.AWS
-  - pkg:nuget/OpenTelemetry.Instrumentation.AWSLambda
-  - pkg:nuget/OpenTelemetry.Instrumentation.Cassandra
-  - pkg:nuget/OpenTelemetry.Instrumentation.ConfluentKafka
-  - pkg:nuget/OpenTelemetry.Instrumentation.ElasticsearchClient
-  - pkg:nuget/OpenTelemetry.Instrumentation.EntityFrameworkCore
-  - pkg:nuget/OpenTelemetry.Instrumentation.EventCounters
-  - pkg:nuget/OpenTelemetry.Instrumentation.GrpcCore
-  - pkg:nuget/OpenTelemetry.Instrumentation.GrpcNetClient
-  - pkg:nuget/OpenTelemetry.Instrumentation.Hangfire
-  - pkg:nuget/OpenTelemetry.Instrumentation.Http
-  - pkg:nuget/OpenTelemetry.Instrumentation.Kusto
-  - pkg:nuget/OpenTelemetry.Instrumentation.Owin
-  - pkg:nuget/OpenTelemetry.Instrumentation.Process
-  - pkg:nuget/OpenTelemetry.Instrumentation.Quartz
-  - pkg:nuget/OpenTelemetry.Instrumentation.Remoting
-  - pkg:nuget/OpenTelemetry.Instrumentation.Runtime
-  - pkg:nuget/OpenTelemetry.Instrumentation.ServiceFabricRemoting
-  - pkg:nuget/OpenTelemetry.Instrumentation.SqlClient
-  - pkg:nuget/OpenTelemetry.Instrumentation.StackExchangeRedis
-  - pkg:nuget/OpenTelemetry.Instrumentation.Wcf
-  - pkg:nuget/OpenTelemetry.OpAmp.Client
-  - pkg:nuget/OpenTelemetry.PersistentStorage.Abstractions
-  - pkg:nuget/OpenTelemetry.PersistentStorage.FileSystem
-  - pkg:nuget/OpenTelemetry.Resources.AWS
-  - pkg:nuget/OpenTelemetry.Resources.Azure
-  - pkg:nuget/OpenTelemetry.Resources.Container
-  - pkg:nuget/OpenTelemetry.Resources.Gcp
-  - pkg:nuget/OpenTelemetry.Resources.Host
-  - pkg:nuget/OpenTelemetry.Resources.OperatingSystem
-  - pkg:nuget/OpenTelemetry.Resources.Process
-  - pkg:nuget/OpenTelemetry.Resources.ProcessRuntime
-  - pkg:nuget/OpenTelemetry.Sampler.AWS
-
-security-artifacts:
-  threat-model:
-    threat-model-created: false
-    comment: |
-      No formal threat model created yet.
-  self-assessment:
-    self-assessment-created: false
-    comment: |
-      No formal self-assessment yet.
-
-security-contacts:
-  - type: website
-    value: https://github.com/open-telemetry/opentelemetry-dotnet-contrib/security
-    primary: true
-  - type: email
-    value: security@opentelemetry.io
-    primary: false
-  - type: email
-    value: cncf-opentelemetry-security@lists.cncf.io
-    primary: false
-
-security-testing:
-  - tool-type: sca
-    tool-name: Renovate
-    tool-version: latest
-    tool-url: https://docs.renovatebot.com/
-    tool-rulesets:
-      - built-in
-    integration:
-      ad-hoc: false
-      ci: true
-      before-release: true
-    comment: |
-      Automated dependency updates.
-  - tool-type: fuzzing
-    tool-name: FsCheck
-    tool-version: latest
-    tool-url: https://fscheck.github.io/FsCheck/
-    tool-rulesets:
-      - default
-    integration:
-      ad-hoc: false
-      ci: true
-      before-release: false
-    comment: |
-      FsCheck is used for fuzz testing as part of CI.
-  - tool-type: sast
-    tool-name: CodeQL
-    tool-version: latest
-    tool-url: https://github.com/github/codeql
-    tool-rulesets:
-      - default
-    integration:
-      ad-hoc: false
-      ci: true
-      before-release: true
-    comment: |
-      CodeQL static analysis is run in CI for all commits and pull requests to detect security vulnerabilities.
-
-vulnerability-reporting:
-  accepts-vulnerability-reports: true
-  email-contact: security@opentelemetry.io
-  security-policy: https://opentelemetry.io/docs/security/security-response/
-  bug-bounty-available: false
-  comment: |
-    Report security vulnerabilities via https://github.com/open-telemetry/opentelemetry-dotnet-contrib/security.
-
-dependencies:
-  third-party-packages: true
-  dependencies-lists:
-    - https://github.com/open-telemetry/opentelemetry-dotnet-contrib/blob/main/Directory.Packages.props
-  dependencies-lifecycle:
-    policy-url: https://github.com/open-telemetry/opentelemetry-dotnet-contrib/blob/main/.github/renovate.json
-    comment: |
-      Dependencies are kept up to date by Renovate.
-  env-dependencies-policy:
-    policy-url: https://github.com/open-telemetry/opentelemetry-dotnet-contrib/blob/main/.github/renovate.json
-    comment: |
-      Dependencies are kept up to date by Renovate.