apiVersion: security.lariza.dev/v1alpha1 kind: SecurityPolicyIntent metadata: name: default-security-gate spec: mode: audit trustedPublishers: [lariza-security-demo] mergeGate: blockNewSeverities: [critical, high] requireTriageFor: [medium] dismissedFindingsRequire: reason: true expiresAt: true approverRole: security-owner evidence: acceptedFormats: [sarif-2.1.0, cyclonedx-1.5, junit] retainDays: 90