Ecosyste.ms: Issues

An open API service for providing issue and pull request metadata for open source projects.

GitHub / enterprise-contract/ec-policies issues and pull requests

#944 - Fetch SBOM from OCI blob

Pull Request - State: closed - Opened by zregvart 6 months ago - 2 comments

#943 - Bump @zregvart/opa-inspect from 0.62.1-c41bcd8 to 0.62.1-62ac029 in /antora/ec-policies-antora-extension

Pull Request - State: closed - Opened by dependabot[bot] 6 months ago
Labels: dependencies, javascript

#942 - Bump github.com/styrainc/regal from 0.18.0 to 0.19.0

Pull Request - State: closed - Opened by dependabot[bot] 6 months ago
Labels: dependencies, go

#941 - Bump github.com/tektoncd/cli from 0.35.1 to 0.36.0

Pull Request - State: closed - Opened by dependabot[bot] 6 months ago
Labels: dependencies, go

#940 - Bump github/codeql-action from 3.24.8 to 3.24.9

Pull Request - State: closed - Opened by dependabot[bot] 6 months ago
Labels: dependencies, github_actions

#939 - Try extracting attestations in rego

Pull Request - State: open - Opened by simonbaird 6 months ago - 1 comment

#938 - Bump github.com/docker/docker from 25.0.3+incompatible to 25.0.5+incompatible

Pull Request - State: closed - Opened by dependabot[bot] 6 months ago
Labels: dependencies, go

#937 - Bump github.com/docker/docker from 25.0.2+incompatible to 25.0.5+incompatible in /acceptance

Pull Request - State: closed - Opened by dependabot[bot] 6 months ago
Labels: dependencies, go

#936 - Document trusted Tasks list

Pull Request - State: closed - Opened by zregvart 6 months ago - 3 comments

#935 - Add rule to verify OLM subscriptions annotation

Pull Request - State: closed - Opened by lcarva 7 months ago - 1 comment

#934 - Bump @zregvart/opa-inspect from 0.62.0-439c0e2 to 0.62.1-c41bcd8 in /antora/ec-policies-antora-extension

Pull Request - State: closed - Opened by dependabot[bot] 7 months ago
Labels: dependencies, javascript

#933 - Bump docker/login-action from 3.0.0 to 3.1.0

Pull Request - State: closed - Opened by dependabot[bot] 7 months ago
Labels: dependencies, github_actions

#932 - Bump actions/checkout from 4.1.1 to 4.1.2

Pull Request - State: closed - Opened by dependabot[bot] 7 months ago
Labels: dependencies, github_actions

#931 - Bump github/codeql-action from 3.24.6 to 3.24.8

Pull Request - State: closed - Opened by dependabot[bot] 7 months ago
Labels: dependencies, github_actions

#930 - Bump github.com/enterprise-contract/ec-cli from 0.0.0-20240301112431-11d744f18ead to 0.2.0

Pull Request - State: closed - Opened by dependabot[bot] 7 months ago
Labels: dependencies, go

#929 - Bump google.golang.org/protobuf from 1.32.0 to 1.33.0

Pull Request - State: closed - Opened by dependabot[bot] 7 months ago
Labels: dependencies, go

#928 - Bump google.golang.org/protobuf from 1.32.0 to 1.33.0 in /acceptance

Pull Request - State: closed - Opened by dependabot[bot] 7 months ago
Labels: dependencies, go

#927 - Bump github.com/open-policy-agent/conftest from 0.49.1 to 0.50.0

Pull Request - State: closed - Opened by dependabot[bot] 7 months ago
Labels: dependencies, go

#926 - Create generic SLSA policies

Issue - State: open - Opened by lcarva 7 months ago

#925 - Bump github.com/go-jose/go-jose/v3 from 3.0.1 to 3.0.3 in /acceptance

Pull Request - State: closed - Opened by dependabot[bot] 7 months ago
Labels: dependencies, go

#924 - Bump github.com/go-jose/go-jose/v3 from 3.0.1 to 3.0.3

Pull Request - State: closed - Opened by dependabot[bot] 7 months ago
Labels: dependencies, go

#923 - Bump gopkg.in/go-jose/go-jose.v2 from 2.6.2 to 2.6.3

Pull Request - State: closed - Opened by dependabot[bot] 7 months ago
Labels: dependencies, go

#922 - Bump gopkg.in/go-jose/go-jose.v2 from 2.6.2 to 2.6.3 in /acceptance

Pull Request - State: closed - Opened by dependabot[bot] 7 months ago
Labels: dependencies, go

#921 - Bump github.com/styrainc/regal from 0.17.0 to 0.18.0

Pull Request - State: closed - Opened by dependabot[bot] 7 months ago - 2 comments
Labels: dependencies, go

#920 - Bump @zregvart/opa-inspect from 0.61.0-4856e7e to 0.62.0-439c0e2 in /antora/ec-policies-antora-extension

Pull Request - State: closed - Opened by dependabot[bot] 7 months ago
Labels: dependencies, javascript

#919 - Bump codecov/codecov-action from 4.0.2 to 4.1.0

Pull Request - State: closed - Opened by dependabot[bot] 7 months ago
Labels: dependencies, github_actions

#918 - Bump github/codeql-action from 3.24.5 to 3.24.6

Pull Request - State: closed - Opened by dependabot[bot] 7 months ago
Labels: dependencies, github_actions

#917 - Add source_image package

Pull Request - State: closed - Opened by lcarva 7 months ago - 1 comment

#916 - Two Makefile fixes

Pull Request - State: closed - Opened by simonbaird 7 months ago - 1 comment

#915 - Tolerate git URL with a slash at the end

Pull Request - State: closed - Opened by zregvart 7 months ago

#914 - Bump github.com/styrainc/regal from 0.16.0 to 0.17.0

Pull Request - State: closed - Opened by dependabot[bot] 7 months ago - 2 comments
Labels: dependencies, go

#913 - Bump github/codeql-action from 3.24.3 to 3.24.5

Pull Request - State: closed - Opened by dependabot[bot] 7 months ago
Labels: dependencies, github_actions

#912 - Bump codecov/codecov-action from 4.0.1 to 4.0.2

Pull Request - State: closed - Opened by dependabot[bot] 7 months ago
Labels: dependencies, github_actions

#911 - Introduce tests using realistic attestation data

Pull Request - State: closed - Opened by simonbaird 7 months ago - 4 comments

#910 - Add documentation for customizing the list of acceptable Tasks

Pull Request - State: closed - Opened by mbestavros 7 months ago - 2 comments

#909 - Fixes the broken link in docs

Pull Request - State: closed - Opened by zregvart 7 months ago

#908 - Add rpm_ostree_task package

Pull Request - State: closed - Opened by lcarva 7 months ago - 2 comments

#907 - Bump github.com/tektoncd/cli from 0.35.0 to 0.35.1

Pull Request - State: closed - Opened by dependabot[bot] 7 months ago
Labels: dependencies, go

#906 - Bump github/codeql-action from 3.24.0 to 3.24.3

Pull Request - State: closed - Opened by dependabot[bot] 7 months ago
Labels: dependencies, github_actions

#905 - Remove support for old acceptable bundles format

Pull Request - State: closed - Opened by lcarva 8 months ago - 1 comment

#904 - Rename RHTAP to Konflux in docs

Pull Request - State: closed - Opened by simonbaird 8 months ago - 1 comment

#903 - Add support for terms in step_image_registries

Pull Request - State: closed - Opened by lcarva 8 months ago

#902 - Warn/fail for Task expiry

Pull Request - State: closed - Opened by zregvart 8 months ago - 5 comments

#901 - Bump actions/setup-node from 4.0.1 to 4.0.2

Pull Request - State: closed - Opened by dependabot[bot] 8 months ago
Labels: dependencies, github_actions

#900 - Bump actions/upload-artifact from 4.3.0 to 4.3.1

Pull Request - State: closed - Opened by dependabot[bot] 8 months ago
Labels: dependencies, github_actions

#899 - Bump github.com/tektoncd/cli from 0.34.0 to 0.35.0

Pull Request - State: closed - Opened by dependabot[bot] 8 months ago
Labels: dependencies, go

#898 - Bump github.com/open-policy-agent/conftest from 0.49.0 to 0.49.1

Pull Request - State: closed - Opened by dependabot[bot] 8 months ago
Labels: dependencies, go

#897 - Fix update-bundles.sh script

Pull Request - State: closed - Opened by lcarva 8 months ago - 1 comment

#896 - Labels release rules support time-based data

Pull Request - State: closed - Opened by lcarva 8 months ago

#894 - wip: Set effective_on dynamically

Pull Request - State: closed - Opened by lcarva 8 months ago - 4 comments

#893 - Add doc for adding to Red Hat trusted task list

Pull Request - State: closed - Opened by robnester-rh 8 months ago - 2 comments

#892 - Add labels.optional_disallowed_inherited_labels

Pull Request - State: closed - Opened by lcarva 8 months ago - 1 comment

#891 - Move active threshold to time.rego

Pull Request - State: closed - Opened by lcarva 8 months ago - 1 comment

#890 - Bump github.com/styrainc/regal from 0.15.0 to 0.16.0

Pull Request - State: closed - Opened by dependabot[bot] 8 months ago
Labels: dependencies, go

#889 - live-test: interrupt execution on new events

Pull Request - State: closed - Opened by lcarva 8 months ago

#888 - Bump step-security/harden-runner from 2.6.1 to 2.7.0

Pull Request - State: closed - Opened by dependabot[bot] 8 months ago
Labels: dependencies, github_actions

#887 - Bump codecov/codecov-action from 3.1.5 to 4.0.1

Pull Request - State: closed - Opened by dependabot[bot] 8 months ago - 2 comments
Labels: dependencies, github_actions

#886 - Bump github/codeql-action from 3.23.2 to 3.24.0

Pull Request - State: closed - Opened by dependabot[bot] 8 months ago - 1 comment
Labels: dependencies, github_actions

#885 - Add trusted_task package

Pull Request - State: closed - Opened by lcarva 8 months ago - 3 comments

#884 - Cleanup dependencies

Pull Request - State: closed - Opened by zregvart 8 months ago - 1 comment

#883 - Bump github.com/moby/buildkit from 0.11.5 to 0.12.5

Pull Request - State: closed - Opened by dependabot[bot] 8 months ago - 1 comment
Labels: dependencies, go

#882 - Bump github.com/moby/buildkit from 0.11.5 to 0.12.5 in /acceptance

Pull Request - State: closed - Opened by dependabot[bot] 8 months ago - 1 comment
Labels: dependencies, go

#881 - Examples for representing git ref for Tasks

Pull Request - State: closed - Opened by lcarva 8 months ago - 1 comment

#880 - Bump actions/upload-artifact from 4.2.0 to 4.3.0

Pull Request - State: closed - Opened by dependabot[bot] 8 months ago
Labels: dependencies, github_actions

#879 - Bump github/codeql-action from 3.23.1 to 3.23.2

Pull Request - State: closed - Opened by dependabot[bot] 8 months ago
Labels: dependencies, github_actions

#878 - Bump codecov/codecov-action from 3.1.4 to 3.1.5

Pull Request - State: closed - Opened by dependabot[bot] 8 months ago
Labels: dependencies, github_actions

#877 - Bump @zregvart/opa-inspect from 0.60.0-4568528 to 0.61.0-4856e7e in /antora/ec-policies-antora-extension

Pull Request - State: closed - Opened by dependabot[bot] 8 months ago
Labels: dependencies, javascript

#876 - New Task definition policy: enforce trusted artifacts convention

Issue - State: open - Opened by zregvart 8 months ago - 3 comments

#875 - Add a new kind of acceptance tests for tekton task handling

Pull Request - State: closed - Opened by simonbaird 8 months ago - 8 comments

#874 - Also update ec-task-policy image ref

Pull Request - State: closed - Opened by lcarva 8 months ago - 1 comment

#873 - Remove collections from step image registries

Pull Request - State: closed - Opened by lcarva 8 months ago - 1 comment

#872 - Add support for collections in all namespaces

Issue - State: open - Opened by lcarva 8 months ago

#871 - Bump actions/upload-artifact from 4.1.0 to 4.2.0

Pull Request - State: closed - Opened by dependabot[bot] 8 months ago
Labels: dependencies, github_actions

#870 - Bump github/codeql-action from 3.23.0 to 3.23.1

Pull Request - State: closed - Opened by dependabot[bot] 8 months ago
Labels: dependencies, github_actions

#869 - Move step_image_registries to task namespace

Pull Request - State: closed - Opened by lcarva 9 months ago - 1 comment

#868 - Trusted Artifact chain policy

Pull Request - State: closed - Opened by zregvart 9 months ago - 12 comments

#867 - Do not require pre-built ec binary

Pull Request - State: closed - Opened by lcarva 9 months ago - 1 comment

#866 - Minor improvements to acceptance tests

Pull Request - State: closed - Opened by lcarva 9 months ago

#865 - Minor simplification of bundles.is_acceptable

Pull Request - State: closed - Opened by lcarva 9 months ago - 2 comments

#864 - Add initial acceptance tests

Pull Request - State: closed - Opened by lcarva 9 months ago - 1 comment

#863 - Consolidate pruning of stale acceptable bundles

Pull Request - State: closed - Opened by lcarva 9 months ago - 2 comments

#862 - Bump actions/upload-artifact from 4.0.0 to 4.1.0

Pull Request - State: closed - Opened by dependabot[bot] 9 months ago
Labels: dependencies, github_actions

#861 - Bump github.com/tektoncd/cli from 0.33.0 to 0.34.0

Pull Request - State: closed - Opened by dependabot[bot] 9 months ago
Labels: dependencies, go

#860 - Implement effective_on support for rule_data.yml

Pull Request - State: closed - Opened by mbestavros 9 months ago - 3 comments

#859 - Use labels to determine task name

Pull Request - State: closed - Opened by lcarva 9 months ago - 4 comments

#857 - Fix function producing multiple outputs

Pull Request - State: closed - Opened by zregvart 9 months ago

#856 - Enforce pinning for additional types of Task refs

Pull Request - State: closed - Opened by lcarva 9 months ago - 2 comments

#855 - Bump github/codeql-action from 3.22.12 to 3.23.0

Pull Request - State: closed - Opened by dependabot[bot] 9 months ago
Labels: dependencies, github_actions

#854 - Bump @zregvart/opa-inspect from 0.59.0-695a89f to 0.60.0-4568528 in /antora/ec-policies-antora-extension

Pull Request - State: closed - Opened by dependabot[bot] 9 months ago
Labels: dependencies, javascript

#853 - Bump github.com/open-policy-agent/conftest from 0.47.0 to 0.48.0

Pull Request - State: closed - Opened by dependabot[bot] 9 months ago
Labels: dependencies, go

#852 - Bump github.com/styrainc/regal from 0.14.0 to 0.15.0

Pull Request - State: closed - Opened by dependabot[bot] 9 months ago - 1 comment
Labels: dependencies, go

#851 - Don't publish `beta` package

Pull Request - State: closed - Opened by zregvart 9 months ago - 1 comment

#850 - Use image digest parsed from the reference

Pull Request - State: closed - Opened by zregvart 9 months ago - 1 comment

#849 - Required task must be from acceptable bundle

Pull Request - State: closed - Opened by zregvart 9 months ago - 4 comments

#847 - Move beta.packages to release.sbom_cyclonedx

Pull Request - State: closed - Opened by zregvart 9 months ago - 1 comment

#846 - Remove enable-auto-merge workflow

Pull Request - State: closed - Opened by zregvart 9 months ago

#845 - Handle duplicate acceptable bundle records

Pull Request - State: closed - Opened by zregvart 9 months ago