Add .security_config directory

[judavi]

This PR adds the .security_config directory with the required security contact and Chimera configuration files.

Changes

• .security_config/security_contact.yaml — team contact info for security issues
• .security_config/security_config.yaml — Chimera scanning platform configuration

Summary by CodeRabbit

• Chores
  • Added security scanning configuration with Slack notification support enabled
  • Introduced security contact information configuration framework

[coderabbitai]

Walkthrough

Two new security configuration files are introduced in the .security_config/ directory. The first enables Slack notifications for the scanning platform with Snyk tooling configuration, while the second establishes security contact information with version management and external reference inclusion.

Changes

Cohort / File(s)	Summary
Security Configuration .security_config/security_config.yaml, .security_config/security_contact.yaml	New configuration files: security_config.yaml enables Slack notifications (channel: pd-workflows) and configures Snyk tooling; security_contact.yaml sets up security contact metadata with version "1.0" and includes external reference from PipedreamHQ repository.

Estimated code review effort

🎯 1 (Trivial) | ⏱️ ~2 minutes

🚥 Pre-merge checks | ✅ 5

✅ Passed checks (5 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title 'Add .security_config directory' directly and clearly describes the main change — introducing a new .security_config directory with security configuration files for Chimera scanning and security contact management.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch add-security-config

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 3

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Inline comments:
In @.security_config/security_config.yaml:
- Around line 1-3: The YAML schema reference at the top of
.security_config/security_config.yaml points to an inaccessible URL
("https://security-api.appsec.inday.io/schemas/security_config.json"); update
that comment to a reachable schema endpoint or remove the yaml-language-server
$schema comment entirely so the YAML language server can validate the file.
Locate the line containing "yaml-language-server:
$schema=https://security-api.appsec.inday.io/schemas/security_config.json" and
either replace the URL with a working schema URL provided by your security
tooling (or a local schema path) or delete that $schema declaration so
validation will no longer attempt to fetch the broken endpoint.

In @.security_config/security_contact.yaml:
- Line 12: Update the include URL in the security configuration so it points to
the correct repository: replace the incorrect include string
"git::https://github.com/PipedreamHQ/pipedreamin" with the correct repository
URL "git::https://github.com/PipedreamHQ/pipedream" in the include statement
(the include line shown in the diff).
- Around line 1-9: The $schema URL specified in the YAML (the string
"https://security-api.appsec.inday.io/schemas/security_contact.json") is
unreachable which breaks yaml-language-server validation; fix by replacing that
value under the yaml-language-server: $schema mapping with a reachable schema
URL or a relative path to a checked-in local schema file (e.g., add a local
security_contact.json in the repo and point $schema to that file), or remove the
$schema entry if you cannot provide a valid schema; update the
yaml-language-server $schema entry and commit the schema file or new URL so
editors can validate.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: ASSERTIVE

Plan: Pro

Run ID: 9bbcc875-72a5-40fe-bc4e-16d85e633aea

📥 Commits

Reviewing files that changed from the base of the PR and between 82713e2 and 265e117.

📒 Files selected for processing (2)

• .security_config/security_config.yaml
• .security_config/security_contact.yaml

[coderabbitai]

⚠️ Potential issue | 🔴 Critical

🧩 Analysis chain

🏁 Script executed:

#!/bin/bash
# Verify that the schema and documentation URLs are accessible

echo "Checking schema URL..."
curl -s -o /dev/null -w "HTTP Status: %{http_code}\n" "https://security-api.appsec.inday.io/schemas/security_config.json"

echo "Checking documentation URL..."
curl -s -o /dev/null -w "HTTP Status: %{http_code}\n" "https://wolinks.com/chimera"

Repository: PipedreamHQ/pipedream-sdk-java

Length of output: 160

---

Fix the schema URL reference — it is not accessible and will prevent YAML validation.

The schema URL at line 1 (https://security-api.appsec.inday.io/schemas/security_config.json) returns a connection failure (HTTP 000), preventing the YAML language server from validating this configuration file. Update the URL to a valid, accessible schema endpoint or remove the reference if the schema is no longer available.

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In @.security_config/security_config.yaml around lines 1 - 3, The YAML schema
reference at the top of .security_config/security_config.yaml points to an
inaccessible URL
("https://security-api.appsec.inday.io/schemas/security_config.json"); update
that comment to a reachable schema endpoint or remove the yaml-language-server
$schema comment entirely so the YAML language server can validate the file.
Locate the line containing "yaml-language-server:
$schema=https://security-api.appsec.inday.io/schemas/security_config.json" and
either replace the URL with a working schema URL provided by your security
tooling (or a local schema path) or delete that $schema declaration so
validation will no longer attempt to fetch the broken endpoint.

[coderabbitai]

⚠️ Potential issue | 🔴 Critical

🧩 Analysis chain

🏁 Script executed:

#!/bin/bash
# Verify that the schema and documentation URLs are accessible

echo "Checking schema URL..."
curl -s -o /dev/null -w "HTTP Status: %{http_code}\n" "https://security-api.appsec.inday.io/schemas/security_contact.json"

echo "Checking documentation URL..."
curl -s -o /dev/null -w "HTTP Status: %{http_code}\n" "https://wolinks.com/repocontact"

Repository: PipedreamHQ/pipedream-sdk-java

Length of output: 160

---

The schema URL is not accessible and will prevent VS Code validation.

The schema URL on line 9 (https://security-api.appsec.inday.io/schemas/security_contact.json) is unreachable (connection failed). This breaks the yaml-language-server validation feature mentioned on line 8, preventing developers from getting real-time validation when editing this file. Either restore access to the schema endpoint or provide an alternative schema location.

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In @.security_config/security_contact.yaml around lines 1 - 9, The $schema URL
specified in the YAML (the string
"https://security-api.appsec.inday.io/schemas/security_contact.json") is
unreachable which breaks yaml-language-server validation; fix by replacing that
value under the yaml-language-server: $schema mapping with a reachable schema
URL or a relative path to a checked-in local schema file (e.g., add a local
security_contact.json in the repo and point $schema to that file), or remove the
$schema entry if you cannot provide a valid schema; update the
yaml-language-server $schema entry and commit the schema file or new URL so
editors can validate.

[coderabbitai]

⚠️ Potential issue | 🟠 Major

🧩 Analysis chain

🏁 Script executed:

#!/bin/bash
# Check if the repository exists

echo "Checking if pipedreamin repository exists..."
gh repo view PipedreamHQ/pipedreamin --json nameWithOwner 2>&1

echo -e "\nChecking if pipedream repository exists..."
gh repo view PipedreamHQ/pipedream --json nameWithOwner 2>&1

Repository: PipedreamHQ/pipedream-sdk-java

Length of output: 301

---

Correct the include repository URL - typo in repository name.

The include URL references a non-existent repository https://github.com/PipedreamHQ/pipedreamin. The correct repository is PipedreamHQ/pipedream. Update line 12 to use the correct repository name to ensure the security configuration is properly included.

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In @.security_config/security_contact.yaml at line 12, Update the include URL in
the security configuration so it points to the correct repository: replace the
incorrect include string "git::https://github.com/PipedreamHQ/pipedreamin" with
the correct repository URL "git::https://github.com/PipedreamHQ/pipedream" in
the include statement (the include line shown in the diff).