Ecosyste.ms: Issues

An open API service for providing issue and pull request metadata for open source projects.

GitHub / docker/attest issues and pull requests

#212 - feat(deps): bump github.com/containerd/containerd/v2 from 2.0.0-rc.5 to 2.0.0-rc.6

Pull Request - State: closed - Opened by dependabot[bot] about 1 month ago
Labels: dependencies

#211 - feat(deps): bump google.golang.org/api from 0.202.0 to 0.203.0

Pull Request - State: closed - Opened by dependabot[bot] about 1 month ago
Labels: dependencies

#210 - feat(deps): bump google.golang.org/api from 0.201.0 to 0.202.0

Pull Request - State: closed - Opened by dependabot[bot] about 1 month ago
Labels: dependencies

#209 - Update go git

Pull Request - State: closed - Opened by jonnystoten about 1 month ago - 1 comment

#208 - chore: skip DCO requirement for org members

Pull Request - State: closed - Opened by jonnystoten about 1 month ago - 2 comments
Labels: chore

#207 - feat(deps): bump github.com/go-git/go-git/v5 from 5.5.1 to 5.11.0 in the go_modules group

Pull Request - State: closed - Opened by dependabot[bot] about 1 month ago - 1 comment
Labels: dependencies

#206 - feat: add code of conduct

Pull Request - State: closed - Opened by mrjoelkamp about 1 month ago - 2 comments
Labels: feature, chore

#205 - feat: add pr and issue templates

Pull Request - State: closed - Opened by mrjoelkamp about 1 month ago - 1 comment
Labels: feature, chore

#204 - chore: apply license headers

Pull Request - State: closed - Opened by mrjoelkamp about 1 month ago - 4 comments
Labels: chore

#203 - feat: add internal reproducible git checksum builtin

Pull Request - State: closed - Opened by jonnystoten about 1 month ago - 1 comment
Labels: feature

#202 - feat(deps): bump github.com/aws/aws-sdk-go-v2/config from 1.27.43 to 1.28.0

Pull Request - State: closed - Opened by dependabot[bot] about 1 month ago
Labels: dependencies

#201 - feat: add verifier version to vsa

Pull Request - State: closed - Opened by mrjoelkamp about 1 month ago - 1 comment
Labels: feature

#200 - feat(deps): bump github.com/sigstore/sigstore from 1.8.9 to 1.8.10

Pull Request - State: closed - Opened by dependabot[bot] about 1 month ago - 1 comment
Labels: dependencies

#199 - feat(deps): bump github.com/sigstore/sigstore/pkg/signature/kms/gcp from 1.8.9 to 1.8.10

Pull Request - State: closed - Opened by dependabot[bot] about 1 month ago - 1 comment
Labels: dependencies

#198 - feat(deps): bump github.com/sigstore/sigstore/pkg/signature/kms/aws from 1.8.9 to 1.8.10

Pull Request - State: closed - Opened by dependabot[bot] about 1 month ago - 2 comments
Labels: dependencies

#197 - feat(deps): bump google.golang.org/api from 0.200.0 to 0.201.0

Pull Request - State: closed - Opened by dependabot[bot] about 1 month ago
Labels: dependencies

#196 - feat: support arbitrary rego input parameters

Pull Request - State: closed - Opened by kipz about 2 months ago - 1 comment
Labels: feature

#195 - feat(deps): bump google.golang.org/api from 0.199.0 to 0.200.0

Pull Request - State: closed - Opened by dependabot[bot] about 2 months ago - 4 comments
Labels: dependencies

#194 - feat(deps): bump github.com/aws/aws-sdk-go-v2/config from 1.27.39 to 1.27.43

Pull Request - State: closed - Opened by dependabot[bot] about 2 months ago
Labels: dependencies

#193 - Add pattern based from/to validity for keys

Pull Request - State: closed - Opened by kipz about 2 months ago - 4 comments

#192 - feat(deps): bump github.com/aws/aws-sdk-go-v2/config from 1.27.39 to 1.27.42

Pull Request - State: closed - Opened by dependabot[bot] about 2 months ago - 1 comment
Labels: dependencies

#191 - feat: vsa input attestations

Pull Request - State: closed - Opened by mrjoelkamp about 2 months ago - 1 comment
Labels: feature

#190 - feat(deps): bump github.com/aws/aws-sdk-go-v2/config from 1.27.39 to 1.27.41

Pull Request - State: closed - Opened by dependabot[bot] about 2 months ago - 1 comment
Labels: dependencies

#189 - feat(deps): bump github.com/aws/aws-sdk-go-v2/config from 1.27.39 to 1.27.40

Pull Request - State: closed - Opened by dependabot[bot] about 2 months ago - 1 comment
Labels: dependencies

#188 - feat(deps): bump github.com/sigstore/cosign/v2 from 2.4.0 to 2.4.1

Pull Request - State: closed - Opened by dependabot[bot] about 2 months ago - 2 comments
Labels: dependencies

#187 - feat(deps): bump github.com/containerd/containerd/v2 from 2.0.0-rc.4 to 2.0.0-rc.5

Pull Request - State: closed - Opened by dependabot[bot] about 2 months ago - 1 comment
Labels: dependencies

#186 - feat(deps): bump github.com/theupdateframework/go-tuf/v2 from 2.0.1 to 2.0.2

Pull Request - State: closed - Opened by dependabot[bot] about 2 months ago
Labels: dependencies

#185 - feat(deps): bump github.com/open-policy-agent/opa from 0.68.0 to 0.69.0

Pull Request - State: closed - Opened by dependabot[bot] about 2 months ago - 1 comment
Labels: dependencies

#184 - feat(deps): bump github.com/theupdateframework/go-tuf/v2 from 2.0.0 to 2.0.1

Pull Request - State: closed - Opened by dependabot[bot] about 2 months ago
Labels: dependencies

#183 - Support images as well as indexes in ImageDetailResolvers

Pull Request - State: closed - Opened by kipz 2 months ago - 1 comment

#182 - feat(deps): bump github.com/aws/aws-sdk-go-v2/config from 1.27.38 to 1.27.39

Pull Request - State: closed - Opened by dependabot[bot] 2 months ago - 1 comment
Labels: dependencies

#181 - feat(deps): bump google.golang.org/api from 0.198.0 to 0.199.0

Pull Request - State: closed - Opened by dependabot[bot] 2 months ago
Labels: dependencies

#180 - feat(deps): bump github.com/aws/aws-sdk-go-v2/config from 1.27.35 to 1.27.38

Pull Request - State: closed - Opened by dependabot[bot] 2 months ago
Labels: dependencies

#179 - fix: only sign statements

Pull Request - State: closed - Opened by mrjoelkamp 2 months ago - 2 comments
Labels: bug

#178 - feat(deps): bump github.com/aws/aws-sdk-go-v2/config from 1.27.35 to 1.27.37

Pull Request - State: closed - Opened by dependabot[bot] 2 months ago - 1 comment
Labels: dependencies

#177 - feat(deps): bump github.com/aws/aws-sdk-go-v2/config from 1.27.35 to 1.27.36

Pull Request - State: closed - Opened by dependabot[bot] 2 months ago - 1 comment
Labels: dependencies

#176 - chore: add rekor prod TUF system test

Pull Request - State: closed - Opened by kipz 2 months ago - 1 comment
Labels: chore

#175 - feat(deps): bump google.golang.org/api from 0.197.0 to 0.198.0

Pull Request - State: closed - Opened by dependabot[bot] 2 months ago
Labels: dependencies

#174 - Remove long-term aspiration from README

Pull Request - State: closed - Opened by whalelines 2 months ago - 1 comment
Labels: chore

#173 - feat: support containerd subject annotations

Pull Request - State: closed - Opened by mrjoelkamp 2 months ago - 2 comments
Labels: feature

#172 - feat: add function for parsing DOI definition files

Pull Request - State: closed - Opened by jonnystoten 2 months ago - 2 comments
Labels: feature

#171 - chore: add test for RegoFnOpts

Pull Request - State: closed - Opened by kipz 2 months ago - 1 comment
Labels: chore

#170 - refactor: remove explicit closures. expose rego fns

Pull Request - State: closed - Opened by kipz 2 months ago - 1 comment
Labels: chore

#169 - feat(deps): bump github.com/sigstore/sigstore from 1.8.8 to 1.8.9

Pull Request - State: closed - Opened by dependabot[bot] 2 months ago - 1 comment
Labels: dependencies

#168 - feat(deps): bump github.com/aws/aws-sdk-go-v2/config from 1.27.33 to 1.27.35

Pull Request - State: closed - Opened by dependabot[bot] 2 months ago
Labels: dependencies

#167 - Add platform filtering support to mapping.yml

Pull Request - State: closed - Opened by kipz 2 months ago - 1 comment
Labels: chore

#166 - feat(deps): bump github.com/aws/aws-sdk-go-v2/config from 1.27.33 to 1.27.34

Pull Request - State: closed - Opened by dependabot[bot] 2 months ago - 1 comment
Labels: dependencies

#165 - Use a Factory to create signature verifiers at policy evaluation time

Pull Request - State: closed - Opened by kipz 3 months ago - 4 comments

#164 - chore(deps): bump actions/create-github-app-token from 1.10.4 to 1.11.0

Pull Request - State: closed - Opened by dependabot[bot] 3 months ago
Labels: dependencies

#163 - fix: suppress logs from ecr credential helper

Pull Request - State: closed - Opened by jonnystoten 3 months ago - 1 comment

#162 - feat(deps): bump google.golang.org/api from 0.196.0 to 0.197.0

Pull Request - State: closed - Opened by dependabot[bot] 3 months ago
Labels: dependencies

#161 - chore: test on Go 1.23 as well

Pull Request - State: closed - Opened by jonnystoten 3 months ago - 1 comment
Labels: chore

#160 - fix: regexes for autolabeler

Pull Request - State: closed - Opened by jonnystoten 3 months ago - 2 comments
Labels: bug

#159 - feat: add a prefix path to TUF client

Pull Request - State: closed - Opened by jonnystoten 3 months ago - 2 comments
Labels: feature

#158 - fix: expose version and user agent to consumers

Pull Request - State: closed - Opened by kipz 3 months ago - 1 comment
Labels: bug

#157 - feature!: support for setting HTTP User-Agent header

Pull Request - State: closed - Opened by kipz 3 months ago - 1 comment
Labels: feature, breaking

#156 - fix: verify mapped image name against subjects

Pull Request - State: closed - Opened by kipz 3 months ago - 4 comments
Labels: bug

#155 - feat(deps): bump github.com/aws/aws-sdk-go-v2/config from 1.27.31 to 1.27.33

Pull Request - State: closed - Opened by dependabot[bot] 3 months ago
Labels: feature, dependencies

#154 - feat: add slsa v1 predicate type

Pull Request - State: closed - Opened by mrjoelkamp 3 months ago - 1 comment
Labels: feature

#153 - chore(deps): bump actions/create-github-app-token from 1.10.3 to 1.10.4

Pull Request - State: closed - Opened by dependabot[bot] 3 months ago
Labels: chore, dependencies

#152 - feat(deps): bump github.com/aws/aws-sdk-go-v2/config from 1.27.31 to 1.27.32

Pull Request - State: closed - Opened by dependabot[bot] 3 months ago - 1 comment
Labels: feature, dependencies

#151 - feat(deps): bump github.com/sigstore/sigstore/pkg/signature/kms/gcp from 1.8.8 to 1.8.9

Pull Request - State: closed - Opened by dependabot[bot] 3 months ago
Labels: feature, dependencies

#150 - feat(deps): bump google.golang.org/api from 0.195.0 to 0.196.0

Pull Request - State: closed - Opened by dependabot[bot] 3 months ago - 1 comment
Labels: feature, dependencies

#149 - feat(deps): bump github.com/sigstore/sigstore/pkg/signature/kms/aws from 1.8.8 to 1.8.9

Pull Request - State: closed - Opened by dependabot[bot] 3 months ago
Labels: feature, dependencies

#148 - Verify input image/platform against attestation subjects before passing to rego

Pull Request - State: closed - Opened by kipz 3 months ago - 1 comment
Labels: chore

#147 - feat: validate mapping files on load

Pull Request - State: closed - Opened by kipz 3 months ago - 1 comment
Labels: feature

#146 - fix: escape ! remove .* (global match)

Pull Request - State: closed - Opened by kipz 3 months ago - 4 comments
Labels: bug

#145 - refactor! remove pkg directory

Pull Request - State: closed - Opened by kipz 3 months ago - 1 comment
Labels: chore

#144 - fix: use canonical names inside TUF fetcher

Pull Request - State: closed - Opened by kipz 3 months ago - 1 comment
Labels: bug

#143 - feat(deps): bump github.com/open-policy-agent/opa from 0.67.1 to 0.68.0

Pull Request - State: closed - Opened by dependabot[bot] 3 months ago
Labels: feature, dependencies

#142 - fix: tuf oci image parsing

Pull Request - State: closed - Opened by kipz 3 months ago - 1 comment
Labels: bug

#141 - fix: downgrade testcontainers to 0.32.0 to fix local testing

Pull Request - State: closed - Opened by kipz 3 months ago - 2 comments
Labels: bug, chore

#140 - refactor! don't use ctx for policy evaluator

Pull Request - State: closed - Opened by kipz 3 months ago - 1 comment

#139 - feat(deps): bump google.golang.org/api from 0.194.0 to 0.195.0

Pull Request - State: closed - Opened by dependabot[bot] 3 months ago - 1 comment
Labels: feature, dependencies

#138 - feat: add policy resolver tests

Pull Request - State: closed - Opened by mrjoelkamp 3 months ago - 7 comments
Labels: feature, chore

#137 - chore! use constants from origin libraries

Pull Request - State: closed - Opened by kipz 3 months ago - 2 comments
Labels: chore

#136 - feat(deps): bump github.com/Masterminds/semver/v3 from 3.2.1 to 3.3.0

Pull Request - State: closed - Opened by dependabot[bot] 3 months ago
Labels: feature, dependencies

#135 - feat!: remove MockTUFClient

Pull Request - State: closed - Opened by kipz 3 months ago - 5 comments
Labels: feature

#134 - feat(deps): bump github.com/aws/aws-sdk-go-v2/config from 1.27.28 to 1.27.31

Pull Request - State: closed - Opened by dependabot[bot] 3 months ago
Labels: feature, dependencies

#133 - feat(deps): bump github.com/aws/aws-sdk-go-v2/config from 1.27.28 to 1.27.30

Pull Request - State: closed - Opened by dependabot[bot] 3 months ago - 1 comment
Labels: feature, dependencies

#132 - feat(deps): bump github.com/aws/aws-sdk-go-v2/config from 1.27.28 to 1.27.29

Pull Request - State: closed - Opened by dependabot[bot] 3 months ago - 1 comment
Labels: feature, dependencies

#131 - feat(deps): bump google.golang.org/api from 0.192.0 to 0.194.0

Pull Request - State: closed - Opened by dependabot[bot] 3 months ago
Labels: feature, dependencies

#130 - refactor!: add `policy.Resolver` struct to reduce parameters

Pull Request - State: closed - Opened by jonnystoten 3 months ago - 1 comment
Labels: feature

#129 - feat: add purl details to policy inputs

Pull Request - State: closed - Opened by kipz 3 months ago - 1 comment
Labels: feature, chore

#128 - feat(deps): bump google.golang.org/api from 0.192.0 to 0.193.0

Pull Request - State: closed - Opened by dependabot[bot] 3 months ago - 1 comment
Labels: feature, dependencies

#127 - feat(deps): bump github.com/testcontainers/testcontainers-go/modules/registry from 0.32.0 to 0.33.0

Pull Request - State: closed - Opened by dependabot[bot] 3 months ago - 1 comment
Labels: feature, chore, dependencies

#126 - feat(deps): bump github.com/docker/docker from 27.1.0+incompatible to 27.1.1+incompatible in the go_modules group

Pull Request - State: closed - Opened by dependabot[bot] 4 months ago - 1 comment
Labels: feature, dependencies

#124 - feat: add `digest` and `downloadLocation` to VSA policy

Pull Request - State: closed - Opened by mrjoelkamp 4 months ago
Labels: feature, chore

#122 - feat: mirror empty config image

Pull Request - State: closed - Opened by mrjoelkamp 4 months ago - 2 comments
Labels: feature, chore

#111 - fix: only take important security fixes from dependabot

Pull Request - State: closed - Opened by kipz 4 months ago - 2 comments
Labels: bug

#104 - fix: use a client pointing at Docker's TUF by default

Pull Request - State: closed - Opened by jonnystoten 4 months ago - 7 comments
Labels: bug

#100 - feat: roll out updates on release

Pull Request - State: closed - Opened by kipz 4 months ago - 1 comment
Labels: feature

#99 - docs: first cut of a new README

Pull Request - State: closed - Opened by jonnystoten 4 months ago - 1 comment
Labels: chore

#98 - feat(deps): bump github.com/sigstore/cosign/v2 from 2.2.4 to 2.3.0

Pull Request - State: closed - Opened by dependabot[bot] 4 months ago - 4 comments
Labels: feature, dependencies

#97 - feat(deps): bump google.golang.org/api from 0.188.0 to 0.189.0

Pull Request - State: closed - Opened by dependabot[bot] 4 months ago
Labels: feature, dependencies

#96 - chore: update dev root

Pull Request - State: closed - Opened by mrjoelkamp 4 months ago - 1 comment
Labels: chore

#95 - Use DSSE artifactType in referrers

Pull Request - State: closed - Opened by kipz 4 months ago - 1 comment

#94 - set artifactType correctly for referrers fallback

Pull Request - State: closed - Opened by kipz 4 months ago - 1 comment

#93 - feat(deps): bump github.com/aws/aws-sdk-go-v2/config from 1.27.26 to 1.27.27

Pull Request - State: closed - Opened by dependabot[bot] 4 months ago
Labels: feature, dependencies

#92 - feat(deps): bump github.com/theupdateframework/go-tuf/v2 from 2.0.0-20240504210453-5a634eb214ae to 2.0.0

Pull Request - State: closed - Opened by dependabot[bot] 5 months ago - 1 comment
Labels: feature, dependencies