set all component maturity to experimental in preparation for adding …

…graduation criteria

components/consumers/arangodb/task.yaml

@@ -5,6 +5,7 @@ metadata:
   name: consumer-arangodb
   labels:
     v1.smithy.smithy-security.com/component: consumer
+    v1.smithy.smithy.security/component/maturity: experimental
 spec:
   description: Pushes findings to an ArangoDB database.
   workspaces:

components/consumers/aws-s3/task.yaml

@@ -5,6 +5,7 @@ metadata:
   name: consumer-aws-s3
   labels:
     v1.smithy.smithy-security.com/component: consumer
+    v1.smithy.smithy.security/component/maturity: experimental
 spec:
   description: Pushes findings to an S3 bucket.
   volumes:

components/consumers/bigquery/task.yaml

@@ -5,6 +5,7 @@ metadata:
   name: consumer-bigquery
   labels:
     v1.smithy.smithy-security.com/component: consumer
+    v1.smithy.smithy.security/component/maturity: experimental
 spec:
   description: Pushes findings to a BigQuery database.
   volumes:

components/consumers/defectdojo/task.yaml

@@ -5,6 +5,7 @@ metadata:
   name: consumer-defectdojo
   labels:
     v1.smithy.smithy-security.com/component: consumer
+    v1.smithy.smithy.security/component/maturity: experimental
 spec:
   description: Pushes findings to a DefectDojo vulnerability management instance.
   params:

components/consumers/dependency-track/task.yaml

@@ -5,6 +5,7 @@ metadata:
   name: consumer-dependency-track
   labels:
     v1.smithy.smithy-security.com/component: consumer
+    v1.smithy.smithy.security/component/maturity: experimental
 spec:
   description: Pushes findings to a Dependency-Track instance.
   params:

components/consumers/elasticsearch/task.yaml

@@ -5,6 +5,7 @@ metadata:
   name: consumer-elasticsearch
   labels:
     v1.smithy.smithy-security.com/component: consumer
+    v1.smithy.smithy.security/component/maturity: experimental
 spec:
   description: Pushes findings to an Elasticsearch database.
   params:

components/consumers/jira/task.yaml

@@ -5,6 +5,7 @@ metadata:
   name: consumer-jira
   labels:
     v1.smithy.smithy-security.com/component: consumer
+    v1.smithy.smithy.security/component/maturity: experimental
 spec:
   description: Pushes findings to a Jira instance.
   volumes:

components/consumers/mongodb/task.yaml

@@ -5,6 +5,7 @@ metadata:
   name: consumer-mongodb
   labels:
     v1.smithy.smithy-security.com/component: consumer
+    v1.smithy.smithy.security/component/maturity: experimental
 spec:
   description: Pushes findings to a MongoDB database.
   params:

components/consumers/pdf/task.yaml

@@ -5,6 +5,7 @@ metadata:
   name: consumer-pdf
   labels:
     v1.smithy.smithy-security.com/component: consumer
+    v1.smithy.smithy.security/component/maturity: experimental
 spec:
   description: Pushes findings to an S3 bucket as PDFs.
   volumes:

components/consumers/slack/task.yaml

@@ -5,6 +5,7 @@ metadata:
   name: consumer-slack
   labels:
     v1.smithy.smithy-security.com/component: consumer
+    v1.smithy.smithy.security/component/maturity: experimental
 spec:
   description: Pushes findings to a Slack channel.
   params:

components/consumers/stdout-json/task.yaml

@@ -5,6 +5,7 @@ metadata:
   name: consumer-stdout-json
   labels:
     v1.smithy.smithy-security.com/component: consumer
+    v1.smithy.smithy.security/component/maturity: experimental
 spec:
   description: Prints findings to stdout in JSON format.
   workspaces:

components/enrichers/codeowners/task.yaml

@@ -5,6 +5,7 @@ metadata:
   name: enricher-codeowners
   labels:
     v1.smithy.smithy-security.com/component: enricher
+    v1.smithy.smithy.security/component/maturity: experimental
 spec:
   description: Identifies a code owner for each finding.
   params:

components/enrichers/custom-annotation/task.yaml

@@ -5,6 +5,7 @@ metadata:
   name: enricher-custom-annotation
   labels:
     v1.smithy.smithy-security.com/component: enricher
+    v1.smithy.smithy.security/component/maturity: experimental
 spec:
   description: Adds a set of custom annotations to all issues that pass through this
   params:

components/enrichers/deduplication/task.yaml

@@ -5,6 +5,7 @@ metadata:
   name: enricher-deduplication
   labels:
     v1.smithy.smithy-security.com/component: enricher
+    v1.smithy.smithy.security/component/maturity: experimental
 spec:
   description: Compares multiple inputs and removes duplicates.
   workspaces:

components/enrichers/depsdev/task.yaml

@@ -5,6 +5,7 @@ metadata:
   name: enricher-depsdev
   labels:
     v1.smithy.smithy-security.com/component: enricher
+    v1.smithy.smithy.security/component/maturity: experimental
 spec:
   description: Adds context from deps.dev for each third-party dependency.
   params:

components/enrichers/policy/task.yaml

@@ -5,6 +5,7 @@ metadata:
   name: enricher-policy
   labels:
     v1.smithy.smithy-security.com/component: enricher
+    v1.smithy.smithy.security/component/maturity: experimental
 spec:
   description: Enforces security policies defined in OPA for each finding.
   sidecars:

components/enrichers/reachability/task.yaml

@@ -5,6 +5,7 @@ metadata:
   name: enricher-reachability
   labels:
     v1.smithy.smithy-security.com/component: enricher
+    v1.smithy.smithy.security/component/maturity: experimental
 spec:
   description: Performs a reachability check on a supplied repository using AppThreat/atom.
   params:

components/producers/brakeman/task.yaml

@@ -6,7 +6,8 @@ metadata:
   labels:
     v1.smithy.smithy-security.com/component: producer
     v1.smithy.smithy-security.com/test-type: sast
-    v1.smithy.smithy-security.com/language: brakeman
+    v1.smithy.smithy-security.com/language: ruby
+    v1.smithy.smithy.security/component/maturity: experimental
 spec:
   description: Analyse Ruby source code usign brakeman to look for security issues.
   params:

components/producers/cdxgen/task.yaml

@@ -7,6 +7,7 @@ metadata:
     v1.smithy.smithy-security.com/component: producer
     v1.smithy.smithy-security.com/test-type: sbom
     v1.smithy.smithy-security.com/language: all
+    v1.smithy.smithy.security/component/maturity: experimental
 spec:
   description: Generate a CycloneDX SBOM from source code.
   params:

components/producers/checkov/task.yaml

@@ -7,6 +7,7 @@ metadata:
     v1.smithy.smithy-security.com/component: producer
     v1.smithy.smithy-security.com/test-type: sast
     v1.smithy.smithy-security.com/language: iac
+    v1.smithy.smithy.security/component/maturity: experimental
 spec:
   description: Analyse IAC source code to look for security issues.
   params:

components/producers/dependency-check/task.yaml

@@ -6,6 +6,7 @@ metadata:
   labels:
     v1.smithy.smithy-security.com/component: producer
     v1.smithy.smithy-security.com/test-type: sca
+    v1.smithy.smithy.security/component/maturity: experimental
 spec:
   description: Generate a Dependency-Check report from source code.
   volumes:

components/producers/dependency-track/task.yaml

@@ -5,6 +5,7 @@ metadata:
   name: producer-dependency-track
   labels:
     v1.smithy.smithy-security.com/component: producer
+    v1.smithy.smithy.security/component/maturity: experimental
 spec:
   description: Generate a Dependency-Track report from source code.
   params:

components/producers/docker-trivy/task.yaml

@@ -6,6 +6,7 @@ metadata:
   labels:
     v1.smithy.smithy-security.com/component: producer
     v1.smithy.smithy-security.com/test-type: sca
+    v1.smithy.smithy.security/component/maturity: experimental
 spec:
   description: Generate a Trivy report from a Docker image.
   params:

components/producers/github-codeql/task.yaml

@@ -6,6 +6,7 @@ metadata:
   labels:
     v1.smithy.smithy-security.com/component: producer
     v1.smithy.smithy-security.com/test-type: sast
+    v1.smithy.smithy.security/component/maturity: experimental
 spec:
   description: Retrieve a GitHub Code Scanning report from a GitHub repository.
   params:

components/producers/github-dependabot/task.yaml

@@ -6,6 +6,7 @@ metadata:
   labels:
     v1.smithy.smithy-security.com/component: producer
     v1.smithy.smithy-security.com/test-type: sca
+    v1.smithy.smithy.security/component/maturity: experimental
 spec:
   description: Retrieve a GitHub Code Scanning report from a GitHub repository.
   params:

components/producers/golang-gosec/task.yaml

@@ -7,6 +7,7 @@ metadata:
     v1.smithy.smithy-security.com/component: producer
     v1.smithy.smithy-security.com/test-type: sast
     v1.smithy.smithy-security.com/language: golang
+    v1.smithy.smithy.security/component/maturity: experimental
 spec:
   description: Analyse Go source code to look for security issues.
   params:

components/producers/golang-nancy/task.yaml

@@ -7,6 +7,7 @@ metadata:
     v1.smithy.smithy-security.com/component: producer
     v1.smithy.smithy-security.com/test-type: sca
     v1.smithy.smithy-security.com/language: golang
+    v1.smithy.smithy.security/component/maturity: experimental
 spec:
   description: Dependency scanner for Golang projects.
   params:

components/producers/java-findsecbugs/task.yaml

@@ -6,6 +6,7 @@ metadata:
   labels:
     v1.smithy.smithy-security.com/component: producer
     v1.smithy.smithy-security.com/language: java
+    v1.smithy.smithy.security/component/maturity: experimental
 spec:
   description: Generate a FindSecBugs report from source code.
   params:

components/producers/kics/task.yaml

@@ -5,6 +5,7 @@ metadata:
   name: producer-kics
   labels:
     v1.smithy.smithy-security.com/component: producer
+    v1.smithy.smithy.security/component/maturity: experimental
 spec:
   description: Generate a KICS report from source code.
   volumes:

components/producers/ossf-scorecard/task.yaml

@@ -5,6 +5,7 @@ metadata:
   name: producer-ossf-scorecard
   labels:
     v1.smithy.smithy-security.com/component: producer
+    v1.smithy.smithy.security/component/maturity: experimental
 spec:
   description: Generates scorecards for open source projects to show how they adhere with best practices.
   params:

components/producers/python-bandit/task.yaml

@@ -7,6 +7,7 @@ metadata:
     v1.smithy.smithy-security.com/component: producer
     v1.smithy.smithy-security.com/test-type: sast
     v1.smithy.smithy-security.com/language: python
+    v1.smithy.smithy.security/component/maturity: experimental
 spec:
   description: SAST scanner that analyses Python source code to look for security issues.
   volumes:

components/producers/python-pip-safety/task.yaml

@@ -7,6 +7,7 @@ metadata:
     v1.smithy.smithy-security.com/component: producer
     v1.smithy.smithy-security.com/test-type: sca
     v1.smithy.smithy-security.com/language: python
+    v1.smithy.smithy.security/component/maturity: experimental
 spec:
   description: Dependency scanner for Python projects.
   params:

components/producers/semgrep/task.yaml

@@ -6,6 +6,7 @@ metadata:
   labels:
     v1.smithy.smithy-security.com/component: producer
     v1.smithy.smithy-security.com/test-type: sast
+    v1.smithy.smithy.security/component/maturity: experimental
 spec:
   description: Analyse source code using Semgrep to look for security issues.
   params:

components/producers/snyk-docker/task.yaml

@@ -7,6 +7,7 @@ metadata:
     v1.smithy.smithy-security.com/component: producer
     v1.smithy.smithy-security.com/test-type: sast
     v1.smithy.smithy-security.com/language: docker
+    v1.smithy.smithy.security/component/maturity: experimental
 spec:
   params:
   - name: producer-snyk-docker-api-key

components/producers/snyk-node/task.yaml

@@ -7,6 +7,7 @@ metadata:
     v1.smithy.smithy-security.com/component: producer
     v1.smithy.smithy-security.com/test-type: sast
     v1.smithy.smithy-security.com/language: docpythoner
+    v1.smithy.smithy.security/component/maturity: experimental
 spec:
   params:
   - name: producer-snyk-node-api-key

components/producers/snyk-python/task.yaml

@@ -7,6 +7,7 @@ metadata:
     v1.smithy.smithy-security.com/component: producer
     v1.smithy.smithy-security.com/test-type: sast
     v1.smithy.smithy-security.com/language: docpythoner
+    v1.smithy.smithy.security/component/maturity: experimental
 spec:
   params:
   - name: producer-snyk-python-api-key

components/producers/terraform-tfsec/task.yaml

@@ -5,6 +5,7 @@ metadata:
   name: producer-terraform-tfsec
   labels:
     v1.smithy.smithy-security.com/component: producer
+    v1.smithy.smithy.security/component/maturity: experimental
 spec:
   description: Generate a Terraform-Tfsec report from source code.
   params:

components/producers/testsslsh/task.yaml

@@ -5,6 +5,7 @@ metadata:
   name: producer-testsslsh
   labels:
     v1.smithy.smithy-security.com/component: producer
+    v1.smithy.smithy.security/component/maturity: experimental
 spec:
   description: Generate a Testssl.sh report from a target URL.
   params:

components/producers/trufflehog/task.yaml

@@ -5,6 +5,7 @@ metadata:
   name: producer-trufflehog
   labels:
     v1.smithy.smithy-security.com/component: producer
+    v1.smithy.smithy.security/component/maturity: experimental
 spec:
   description: Secret scanner for repositories.
   params:

components/producers/typescript-eslint/task.yaml

@@ -7,6 +7,7 @@ metadata:
     v1.smithy.smithy-security.com/component: producer
     v1.smithy.smithy-security.com/test-type: sast
     v1.smithy.smithy-security.com/language: typescript
+    v1.smithy.smithy.security/component/maturity: experimental
 spec:
   description: Static analysis for javascript and typescript projects.
   params:

components/producers/typescript-yarn-audit/task.yaml

@@ -7,6 +7,7 @@ metadata:
     v1.smithy.smithy-security.com/component: producer
     v1.smithy.smithy-security.com/test-type: sca
     v1.smithy.smithy-security.com/language: typescript
+    v1.smithy.smithy.security/component/maturity: experimental
 spec:
   description: Dependency scanner for Node.js projects.
   volumes:

components/producers/zaproxy/task.yaml

@@ -6,6 +6,7 @@ metadata:
   labels:
     v1.smithy.smithy-security.com/component: producer
     v1.smithy.smithy-security.com/test-type: dast
+    v1.smithy.smithy.security/component/maturity: experimental
 spec:
   description: DAST scanner that analyses web applications for security issues.
   params: