Ecosyste.ms: Issues
An open API service for providing issue and pull request metadata for open source projects.
GitHub / enterprise-contract/ec-policies issues and pull requests
#944 - Fetch SBOM from OCI blob
Pull Request -
State: closed - Opened by zregvart 6 months ago
- 2 comments
#943 - Bump @zregvart/opa-inspect from 0.62.1-c41bcd8 to 0.62.1-62ac029 in /antora/ec-policies-antora-extension
Pull Request -
State: closed - Opened by dependabot[bot] 6 months ago
Labels: dependencies, javascript
#942 - Bump github.com/styrainc/regal from 0.18.0 to 0.19.0
Pull Request -
State: closed - Opened by dependabot[bot] 6 months ago
Labels: dependencies, go
#941 - Bump github.com/tektoncd/cli from 0.35.1 to 0.36.0
Pull Request -
State: closed - Opened by dependabot[bot] 6 months ago
Labels: dependencies, go
#940 - Bump github/codeql-action from 3.24.8 to 3.24.9
Pull Request -
State: closed - Opened by dependabot[bot] 6 months ago
Labels: dependencies, github_actions
#939 - Try extracting attestations in rego
Pull Request -
State: open - Opened by simonbaird 6 months ago
- 1 comment
#938 - Bump github.com/docker/docker from 25.0.3+incompatible to 25.0.5+incompatible
Pull Request -
State: closed - Opened by dependabot[bot] 6 months ago
Labels: dependencies, go
#937 - Bump github.com/docker/docker from 25.0.2+incompatible to 25.0.5+incompatible in /acceptance
Pull Request -
State: closed - Opened by dependabot[bot] 6 months ago
Labels: dependencies, go
#936 - Document trusted Tasks list
Pull Request -
State: closed - Opened by zregvart 6 months ago
- 3 comments
#935 - Add rule to verify OLM subscriptions annotation
Pull Request -
State: closed - Opened by lcarva 7 months ago
- 1 comment
#934 - Bump @zregvart/opa-inspect from 0.62.0-439c0e2 to 0.62.1-c41bcd8 in /antora/ec-policies-antora-extension
Pull Request -
State: closed - Opened by dependabot[bot] 7 months ago
Labels: dependencies, javascript
#933 - Bump docker/login-action from 3.0.0 to 3.1.0
Pull Request -
State: closed - Opened by dependabot[bot] 7 months ago
Labels: dependencies, github_actions
#932 - Bump actions/checkout from 4.1.1 to 4.1.2
Pull Request -
State: closed - Opened by dependabot[bot] 7 months ago
Labels: dependencies, github_actions
#931 - Bump github/codeql-action from 3.24.6 to 3.24.8
Pull Request -
State: closed - Opened by dependabot[bot] 7 months ago
Labels: dependencies, github_actions
#930 - Bump github.com/enterprise-contract/ec-cli from 0.0.0-20240301112431-11d744f18ead to 0.2.0
Pull Request -
State: closed - Opened by dependabot[bot] 7 months ago
Labels: dependencies, go
#929 - Bump google.golang.org/protobuf from 1.32.0 to 1.33.0
Pull Request -
State: closed - Opened by dependabot[bot] 7 months ago
Labels: dependencies, go
#928 - Bump google.golang.org/protobuf from 1.32.0 to 1.33.0 in /acceptance
Pull Request -
State: closed - Opened by dependabot[bot] 7 months ago
Labels: dependencies, go
#927 - Bump github.com/open-policy-agent/conftest from 0.49.1 to 0.50.0
Pull Request -
State: closed - Opened by dependabot[bot] 7 months ago
Labels: dependencies, go
#926 - Create generic SLSA policies
Issue -
State: open - Opened by lcarva 7 months ago
#925 - Bump github.com/go-jose/go-jose/v3 from 3.0.1 to 3.0.3 in /acceptance
Pull Request -
State: closed - Opened by dependabot[bot] 7 months ago
Labels: dependencies, go
#924 - Bump github.com/go-jose/go-jose/v3 from 3.0.1 to 3.0.3
Pull Request -
State: closed - Opened by dependabot[bot] 7 months ago
Labels: dependencies, go
#923 - Bump gopkg.in/go-jose/go-jose.v2 from 2.6.2 to 2.6.3
Pull Request -
State: closed - Opened by dependabot[bot] 7 months ago
Labels: dependencies, go
#922 - Bump gopkg.in/go-jose/go-jose.v2 from 2.6.2 to 2.6.3 in /acceptance
Pull Request -
State: closed - Opened by dependabot[bot] 7 months ago
Labels: dependencies, go
#921 - Bump github.com/styrainc/regal from 0.17.0 to 0.18.0
Pull Request -
State: closed - Opened by dependabot[bot] 7 months ago
- 2 comments
Labels: dependencies, go
#920 - Bump @zregvart/opa-inspect from 0.61.0-4856e7e to 0.62.0-439c0e2 in /antora/ec-policies-antora-extension
Pull Request -
State: closed - Opened by dependabot[bot] 7 months ago
Labels: dependencies, javascript
#919 - Bump codecov/codecov-action from 4.0.2 to 4.1.0
Pull Request -
State: closed - Opened by dependabot[bot] 7 months ago
Labels: dependencies, github_actions
#918 - Bump github/codeql-action from 3.24.5 to 3.24.6
Pull Request -
State: closed - Opened by dependabot[bot] 7 months ago
Labels: dependencies, github_actions
#917 - Add source_image package
Pull Request -
State: closed - Opened by lcarva 7 months ago
- 1 comment
#916 - Two Makefile fixes
Pull Request -
State: closed - Opened by simonbaird 7 months ago
- 1 comment
#915 - Tolerate git URL with a slash at the end
Pull Request -
State: closed - Opened by zregvart 7 months ago
#914 - Bump github.com/styrainc/regal from 0.16.0 to 0.17.0
Pull Request -
State: closed - Opened by dependabot[bot] 7 months ago
- 2 comments
Labels: dependencies, go
#913 - Bump github/codeql-action from 3.24.3 to 3.24.5
Pull Request -
State: closed - Opened by dependabot[bot] 7 months ago
Labels: dependencies, github_actions
#912 - Bump codecov/codecov-action from 4.0.1 to 4.0.2
Pull Request -
State: closed - Opened by dependabot[bot] 7 months ago
Labels: dependencies, github_actions
#911 - Introduce tests using realistic attestation data
Pull Request -
State: closed - Opened by simonbaird 7 months ago
- 4 comments
#910 - Add documentation for customizing the list of acceptable Tasks
Pull Request -
State: closed - Opened by mbestavros 7 months ago
- 2 comments
#909 - Fixes the broken link in docs
Pull Request -
State: closed - Opened by zregvart 7 months ago
#908 - Add rpm_ostree_task package
Pull Request -
State: closed - Opened by lcarva 7 months ago
- 2 comments
#907 - Bump github.com/tektoncd/cli from 0.35.0 to 0.35.1
Pull Request -
State: closed - Opened by dependabot[bot] 7 months ago
Labels: dependencies, go
#906 - Bump github/codeql-action from 3.24.0 to 3.24.3
Pull Request -
State: closed - Opened by dependabot[bot] 7 months ago
Labels: dependencies, github_actions
#905 - Remove support for old acceptable bundles format
Pull Request -
State: closed - Opened by lcarva 8 months ago
- 1 comment
#904 - Rename RHTAP to Konflux in docs
Pull Request -
State: closed - Opened by simonbaird 8 months ago
- 1 comment
#903 - Add support for terms in step_image_registries
Pull Request -
State: closed - Opened by lcarva 8 months ago
#902 - Warn/fail for Task expiry
Pull Request -
State: closed - Opened by zregvart 8 months ago
- 5 comments
#901 - Bump actions/setup-node from 4.0.1 to 4.0.2
Pull Request -
State: closed - Opened by dependabot[bot] 8 months ago
Labels: dependencies, github_actions
#900 - Bump actions/upload-artifact from 4.3.0 to 4.3.1
Pull Request -
State: closed - Opened by dependabot[bot] 8 months ago
Labels: dependencies, github_actions
#899 - Bump github.com/tektoncd/cli from 0.34.0 to 0.35.0
Pull Request -
State: closed - Opened by dependabot[bot] 8 months ago
Labels: dependencies, go
#898 - Bump github.com/open-policy-agent/conftest from 0.49.0 to 0.49.1
Pull Request -
State: closed - Opened by dependabot[bot] 8 months ago
Labels: dependencies, go
#897 - Fix update-bundles.sh script
Pull Request -
State: closed - Opened by lcarva 8 months ago
- 1 comment
#896 - Labels release rules support time-based data
Pull Request -
State: closed - Opened by lcarva 8 months ago
#895 - WIP: Add a function to wrap values from `rule_data.yml` with `effective_on` metadata
Pull Request -
State: closed - Opened by mbestavros 8 months ago
- 2 comments
#894 - wip: Set effective_on dynamically
Pull Request -
State: closed - Opened by lcarva 8 months ago
- 4 comments
#893 - Add doc for adding to Red Hat trusted task list
Pull Request -
State: closed - Opened by robnester-rh 8 months ago
- 2 comments
#892 - Add labels.optional_disallowed_inherited_labels
Pull Request -
State: closed - Opened by lcarva 8 months ago
- 1 comment
#891 - Move active threshold to time.rego
Pull Request -
State: closed - Opened by lcarva 8 months ago
- 1 comment
#890 - Bump github.com/styrainc/regal from 0.15.0 to 0.16.0
Pull Request -
State: closed - Opened by dependabot[bot] 8 months ago
Labels: dependencies, go
#889 - live-test: interrupt execution on new events
Pull Request -
State: closed - Opened by lcarva 8 months ago
#888 - Bump step-security/harden-runner from 2.6.1 to 2.7.0
Pull Request -
State: closed - Opened by dependabot[bot] 8 months ago
Labels: dependencies, github_actions
#887 - Bump codecov/codecov-action from 3.1.5 to 4.0.1
Pull Request -
State: closed - Opened by dependabot[bot] 8 months ago
- 2 comments
Labels: dependencies, github_actions
#886 - Bump github/codeql-action from 3.23.2 to 3.24.0
Pull Request -
State: closed - Opened by dependabot[bot] 8 months ago
- 1 comment
Labels: dependencies, github_actions
#885 - Add trusted_task package
Pull Request -
State: closed - Opened by lcarva 8 months ago
- 3 comments
#884 - Cleanup dependencies
Pull Request -
State: closed - Opened by zregvart 8 months ago
- 1 comment
#883 - Bump github.com/moby/buildkit from 0.11.5 to 0.12.5
Pull Request -
State: closed - Opened by dependabot[bot] 8 months ago
- 1 comment
Labels: dependencies, go
#882 - Bump github.com/moby/buildkit from 0.11.5 to 0.12.5 in /acceptance
Pull Request -
State: closed - Opened by dependabot[bot] 8 months ago
- 1 comment
Labels: dependencies, go
#881 - Examples for representing git ref for Tasks
Pull Request -
State: closed - Opened by lcarva 8 months ago
- 1 comment
#880 - Bump actions/upload-artifact from 4.2.0 to 4.3.0
Pull Request -
State: closed - Opened by dependabot[bot] 8 months ago
Labels: dependencies, github_actions
#879 - Bump github/codeql-action from 3.23.1 to 3.23.2
Pull Request -
State: closed - Opened by dependabot[bot] 8 months ago
Labels: dependencies, github_actions
#878 - Bump codecov/codecov-action from 3.1.4 to 3.1.5
Pull Request -
State: closed - Opened by dependabot[bot] 8 months ago
Labels: dependencies, github_actions
#877 - Bump @zregvart/opa-inspect from 0.60.0-4568528 to 0.61.0-4856e7e in /antora/ec-policies-antora-extension
Pull Request -
State: closed - Opened by dependabot[bot] 8 months ago
Labels: dependencies, javascript
#876 - New Task definition policy: enforce trusted artifacts convention
Issue -
State: open - Opened by zregvart 8 months ago
- 3 comments
#875 - Add a new kind of acceptance tests for tekton task handling
Pull Request -
State: closed - Opened by simonbaird 8 months ago
- 8 comments
#874 - Also update ec-task-policy image ref
Pull Request -
State: closed - Opened by lcarva 8 months ago
- 1 comment
#873 - Remove collections from step image registries
Pull Request -
State: closed - Opened by lcarva 8 months ago
- 1 comment
#872 - Add support for collections in all namespaces
Issue -
State: open - Opened by lcarva 8 months ago
#871 - Bump actions/upload-artifact from 4.1.0 to 4.2.0
Pull Request -
State: closed - Opened by dependabot[bot] 8 months ago
Labels: dependencies, github_actions
#870 - Bump github/codeql-action from 3.23.0 to 3.23.1
Pull Request -
State: closed - Opened by dependabot[bot] 8 months ago
Labels: dependencies, github_actions
#869 - Move step_image_registries to task namespace
Pull Request -
State: closed - Opened by lcarva 9 months ago
- 1 comment
#868 - Trusted Artifact chain policy
Pull Request -
State: closed - Opened by zregvart 9 months ago
- 12 comments
#867 - Do not require pre-built ec binary
Pull Request -
State: closed - Opened by lcarva 9 months ago
- 1 comment
#866 - Minor improvements to acceptance tests
Pull Request -
State: closed - Opened by lcarva 9 months ago
#865 - Minor simplification of bundles.is_acceptable
Pull Request -
State: closed - Opened by lcarva 9 months ago
- 2 comments
#864 - Add initial acceptance tests
Pull Request -
State: closed - Opened by lcarva 9 months ago
- 1 comment
#863 - Consolidate pruning of stale acceptable bundles
Pull Request -
State: closed - Opened by lcarva 9 months ago
- 2 comments
#862 - Bump actions/upload-artifact from 4.0.0 to 4.1.0
Pull Request -
State: closed - Opened by dependabot[bot] 9 months ago
Labels: dependencies, github_actions
#861 - Bump github.com/tektoncd/cli from 0.33.0 to 0.34.0
Pull Request -
State: closed - Opened by dependabot[bot] 9 months ago
Labels: dependencies, go
#860 - Implement effective_on support for rule_data.yml
Pull Request -
State: closed - Opened by mbestavros 9 months ago
- 3 comments
#859 - Use labels to determine task name
Pull Request -
State: closed - Opened by lcarva 9 months ago
- 4 comments
#858 - See about `bundles.is_acceptable` checking `_is_unacceptable`
Issue -
State: closed - Opened by zregvart 9 months ago
#857 - Fix function producing multiple outputs
Pull Request -
State: closed - Opened by zregvart 9 months ago
#856 - Enforce pinning for additional types of Task refs
Pull Request -
State: closed - Opened by lcarva 9 months ago
- 2 comments
#855 - Bump github/codeql-action from 3.22.12 to 3.23.0
Pull Request -
State: closed - Opened by dependabot[bot] 9 months ago
Labels: dependencies, github_actions
#854 - Bump @zregvart/opa-inspect from 0.59.0-695a89f to 0.60.0-4568528 in /antora/ec-policies-antora-extension
Pull Request -
State: closed - Opened by dependabot[bot] 9 months ago
Labels: dependencies, javascript
#853 - Bump github.com/open-policy-agent/conftest from 0.47.0 to 0.48.0
Pull Request -
State: closed - Opened by dependabot[bot] 9 months ago
Labels: dependencies, go
#852 - Bump github.com/styrainc/regal from 0.14.0 to 0.15.0
Pull Request -
State: closed - Opened by dependabot[bot] 9 months ago
- 1 comment
Labels: dependencies, go
#851 - Don't publish `beta` package
Pull Request -
State: closed - Opened by zregvart 9 months ago
- 1 comment
#850 - Use image digest parsed from the reference
Pull Request -
State: closed - Opened by zregvart 9 months ago
- 1 comment
#849 - Required task must be from acceptable bundle
Pull Request -
State: closed - Opened by zregvart 9 months ago
- 4 comments
#848 - if a future required task throws a warning, report the date when that task is required
Pull Request -
State: closed - Opened by joejstuart 9 months ago
- 2 comments
#847 - Move beta.packages to release.sbom_cyclonedx
Pull Request -
State: closed - Opened by zregvart 9 months ago
- 1 comment
#846 - Remove enable-auto-merge workflow
Pull Request -
State: closed - Opened by zregvart 9 months ago
#845 - Handle duplicate acceptable bundle records
Pull Request -
State: closed - Opened by zregvart 9 months ago