enterprise-contract/ec-policies issues and pull requests

#831 - Bump alexwilson/enable-github-automerge-action from 17a01113b8abbd73ed84d1210e18c6ed2077752b to 4871a27d951e570b6f5ccecbe98ec27ef27e0cbd

Pull Request - State: closed - Opened by dependabot[bot] about 1 year ago - 1 comment
Labels: dependencies, github_actions

#831 - Bump alexwilson/enable-github-automerge-action from 17a01113b8abbd73ed84d1210e18c6ed2077752b to 4871a27d951e570b6f5ccecbe98ec27ef27e0cbd

Pull Request - State: open - Opened by dependabot[bot] about 1 year ago - 1 comment
Labels: dependencies, github_actions

#830 - Add policy rules for features annotations in OLM

Pull Request - State: closed - Opened by lcarva about 1 year ago - 1 comment

#829 - Use version 0.1.0 of ECC

Pull Request - State: closed - Opened by zregvart about 1 year ago

#828 - Don't push to quay.io/hacbs-contract

Pull Request - State: closed - Opened by zregvart about 1 year ago

#827 - Add validation to rule data

Pull Request - State: closed - Opened by lcarva about 1 year ago - 1 comment

#826 - Give everyone a few more weeks to get a synk token

Pull Request - State: closed - Opened by simonbaird about 1 year ago - 1 comment

#825 - Bump actions/setup-go from 4.1.0 to 5.0.0

Pull Request - State: closed - Opened by dependabot[bot] about 1 year ago
Labels: dependencies, github_actions

#824 - Bump github/codeql-action from 2.22.8 to 2.22.9

Pull Request - State: closed - Opened by dependabot[bot] about 1 year ago
Labels: dependencies, github_actions

#823 - Bump github.com/styrainc/regal from 0.13.0 to 0.14.0

Pull Request - State: closed - Opened by dependabot[bot] about 1 year ago - 1 comment
Labels: dependencies, go

#822 - Bump @zregvart/opa-inspect from 0.59.0-c19c94c to 0.59.0-695a89f in /antora/ec-policies-antora-extension

Pull Request - State: closed - Opened by dependabot[bot] about 1 year ago
Labels: dependencies, javascript

#821 - Use oras to build OPA bundles

Pull Request - State: closed - Opened by lcarva about 1 year ago - 2 comments

#820 - Bump github.com/open-policy-agent/conftest from 0.46.0 to 0.47.0

Pull Request - State: closed - Opened by dependabot[bot] about 1 year ago
Labels: dependencies, go

#819 - Bump @zregvart/opa-inspect from 0.58.0-bcc5819 to 0.59.0-c19c94c in /antora/ec-policies-antora-extension

Pull Request - State: closed - Opened by dependabot[bot] about 1 year ago
Labels: dependencies, javascript

#818 - Tekton slsa refactor wip

Pull Request - State: closed - Opened by simonbaird about 1 year ago - 1 comment

#817 - Allow pushing bundles with custom rego function

Issue - State: closed - Opened by lcarva about 1 year ago

#816 - Move beta.packages to release.sbom_cyclonedx

Issue - State: closed - Opened by lcarva about 1 year ago - 1 comment

#815 - Add beta.packages rego package

Pull Request - State: closed - Opened by lcarva about 1 year ago - 1 comment

#814 - Fix update-infra-deployments.sh

Pull Request - State: closed - Opened by lcarva about 1 year ago

#813 - Bump github/codeql-action from 2.22.7 to 2.22.8

Pull Request - State: closed - Opened by dependabot[bot] about 1 year ago - 1 comment
Labels: dependencies, github_actions

#812 - Bump @zregvart/opa-inspect from 0.57.0-d136ffe to 0.58.0-bcc5819 in /antora/ec-policies-antora-extension

Pull Request - State: closed - Opened by dependabot[bot] about 1 year ago
Labels: dependencies, javascript

#811 - Support more than one git-clone and build task

Pull Request - State: closed - Opened by zregvart about 1 year ago - 2 comments

#810 - update all EnterpriseContractPolicy sources in the target directory

Pull Request - State: closed - Opened by joejstuart about 1 year ago - 1 comment

#809 - Bump github.com/go-jose/go-jose/v3 from 3.0.0 to 3.0.1

Pull Request - State: closed - Opened by dependabot[bot] about 1 year ago - 1 comment
Labels: dependencies, go

#808 - Use json schema validation when processing SBOMs

Issue - State: closed - Opened by lcarva about 1 year ago - 2 comments

#807 - Add policy rules for CycloneDX SBOM

Pull Request - State: closed - Opened by lcarva about 1 year ago - 2 comments

#806 - Bump step-security/harden-runner from 2.6.0 to 2.6.1

Pull Request - State: closed - Opened by dependabot[bot] about 1 year ago
Labels: dependencies, github_actions

#805 - Bump github/codeql-action from 2.22.5 to 2.22.7

Pull Request - State: closed - Opened by dependabot[bot] about 1 year ago
Labels: dependencies, github_actions

#804 - Bump github.com/styrainc/regal from 0.12.0 to 0.13.0

Pull Request - State: closed - Opened by dependabot[bot] about 1 year ago - 1 comment
Labels: dependencies, go

#803 - ADD POC policies for ReleasePlanAdmission files

Pull Request - State: closed - Opened by robnester-rh about 1 year ago

#802 - Documentation for Java allowed component sources

Pull Request - State: closed - Opened by zregvart about 1 year ago - 1 comment

#801 - Bump github.com/tektoncd/cli from 0.32.2 to 0.33.0

Pull Request - State: closed - Opened by dependabot[bot] about 1 year ago - 1 comment
Labels: dependencies, go

#800 - Bump github.com/styrainc/regal from 0.11.0 to 0.12.0

Pull Request - State: closed - Opened by dependabot[bot] about 1 year ago - 1 comment
Labels: dependencies, go

#799 - Run go mod tidy

Pull Request - State: closed - Opened by zregvart about 1 year ago

#798 - Bump github.com/sigstore/cosign/v2 from 2.2.0 to 2.2.1

Pull Request - State: closed - Opened by dependabot[bot] about 1 year ago - 1 comment
Labels: dependencies, go

#797 - Add support for unpatched_vulnerabilities

Pull Request - State: closed - Opened by lcarva about 1 year ago - 1 comment

#796 - Do not rely on build task label for FBC images

Pull Request - State: closed - Opened by zregvart about 1 year ago - 1 comment

#795 - How to safely rename policy rules

Issue - State: open - Opened by lcarva about 1 year ago - 2 comments

#794 - Add support for SCAN_OUTPUT results

Pull Request - State: closed - Opened by mbestavros about 1 year ago - 2 comments

#793 - Add support for informative tests

Pull Request - State: closed - Opened by lcarva about 1 year ago

#792 - Use `ec opa` as drop-in replacement for `opa`

Pull Request - State: closed - Opened by zregvart about 1 year ago - 2 comments

#791 - Remove SLSA1 and SLSA2 collections

Pull Request - State: closed - Opened by zregvart about 1 year ago - 1 comment

#789 - Support _one of_ for required tasks

Pull Request - State: closed - Opened by zregvart over 1 year ago - 3 comments

#788 - Support appending to data lists

Pull Request - State: closed - Opened by simonbaird over 1 year ago - 2 comments

#787 - tags as versions for acceptable task rules

Pull Request - State: closed - Opened by zregvart over 1 year ago - 3 comments

#786 - Bump github.com/open-policy-agent/opa from 0.57.1 to 0.58.0

Pull Request - State: closed - Opened by dependabot[bot] over 1 year ago
Labels: dependencies, go

#785 - Bump github.com/docker/docker from 24.0.6+incompatible to 24.0.7+incompatible

Pull Request - State: closed - Opened by dependabot[bot] over 1 year ago
Labels: dependencies, go

#784 - Bump ossf/scorecard-action from 2.3.0 to 2.3.1

Pull Request - State: closed - Opened by dependabot[bot] over 1 year ago - 1 comment
Labels: dependencies, github_actions

#783 - Bump github/codeql-action from 2.22.4 to 2.22.5

Pull Request - State: closed - Opened by dependabot[bot] over 1 year ago - 1 comment
Labels: dependencies, github_actions

#782 - Support test tasks (producing TEST_OUTPUT results) that should not produce EC violations on test failures

Issue - State: closed - Opened by simonbaird over 1 year ago - 2 comments

#781 - Bump google.golang.org/grpc from 1.58.2 to 1.58.3

Pull Request - State: closed - Opened by dependabot[bot] over 1 year ago
Labels: dependencies, go

#780 - Design and planning for introducing the "critical portion" concept

Issue - State: closed - Opened by simonbaird over 1 year ago - 3 comments

#779 - Bump github.com/tektoncd/cli from 0.32.0 to 0.32.2

Pull Request - State: closed - Opened by dependabot[bot] over 1 year ago
Labels: dependencies, go

#778 - Bump github.com/styrainc/regal from 0.10.1 to 0.11.0

Pull Request - State: closed - Opened by dependabot[bot] over 1 year ago
Labels: dependencies, go

#777 - Bump github/codeql-action from 2.22.3 to 2.22.4

Pull Request - State: closed - Opened by dependabot[bot] over 1 year ago
Labels: dependencies, github_actions

#776 - Bump actions/setup-node from 3.8.1 to 4.0.0

Pull Request - State: closed - Opened by dependabot[bot] over 1 year ago
Labels: dependencies, github_actions

#775 - Support local registries in update-bundles.sh

Pull Request - State: closed - Opened by lcarva over 1 year ago

#774 - Delete Red Hat data

Pull Request - State: closed - Opened by lcarva over 1 year ago - 3 comments

#773 - Ensure unknown tasks fail acceptable bundle checks

Pull Request - State: closed - Opened by simonbaird over 1 year ago - 1 comment

#772 - Use .statement.predicate everywhere instead of just .predicate

Pull Request - State: closed - Opened by mbestavros over 1 year ago - 4 comments

#771 - Bump github.com/open-policy-agent/opa from 0.57.1-0.20231003111229-7fa6165c27bb to 0.57.1

Pull Request - State: closed - Opened by dependabot[bot] over 1 year ago - 1 comment
Labels: dependencies, go

#770 - Bump actions/checkout from 4.1.0 to 4.1.1

Pull Request - State: closed - Opened by dependabot[bot] over 1 year ago - 1 comment
Labels: dependencies, github_actions

#769 - Use new SCAN_OUTPUT result name

Issue - State: closed - Opened by lcarva over 1 year ago

#768 - Configure Renovate

Pull Request - State: closed - Opened by seanconroy2021 over 1 year ago

#767 - Configure dependabot to run weekly

Pull Request - State: closed - Opened by zregvart over 1 year ago - 1 comment

#766 - Handle partial input.image.source data

Pull Request - State: closed - Opened by zregvart over 1 year ago - 4 comments

#765 - Add script to generate attestations

Pull Request - State: closed - Opened by lcarva over 1 year ago - 4 comments

#764 - Bump github/codeql-action from 2.22.2 to 2.22.3

Pull Request - State: closed - Opened by dependabot[bot] over 1 year ago - 1 comment
Labels: dependencies, github_actions

#763 - Set a nicer title

Pull Request - State: closed - Opened by zregvart over 1 year ago - 1 comment

#762 - Bump github/codeql-action from 2.22.1 to 2.22.2

Pull Request - State: closed - Opened by dependabot[bot] over 1 year ago - 1 comment
Labels: dependencies, github_actions

#761 - Bump golang.org/x/net from 0.15.0 to 0.17.0

Pull Request - State: closed - Opened by dependabot[bot] over 1 year ago
Labels: dependencies, go

#760 - Document which values are valid for the key data allowed_java_component_sources

Issue - State: closed - Opened by lcarva over 1 year ago

#759 - Add example policy data

Pull Request - State: closed - Opened by lcarva over 1 year ago - 1 comment

#758 - Fix linting warnings

Pull Request - State: closed - Opened by lcarva over 1 year ago - 1 comment

#757 - Get list of required tasks from build task labels

Pull Request - State: closed - Opened by lcarva over 1 year ago - 2 comments

#756 - Use .statement.predicate in all places

Issue - State: closed - Opened by lcarva over 1 year ago

#755 - Bump github/codeql-action from 2.22.0 to 2.22.1

Pull Request - State: closed - Opened by dependabot[bot] over 1 year ago - 1 comment
Labels: dependencies, github_actions

#754 - Bump github.com/styrainc/regal from 0.10.0 to 0.10.1

Pull Request - State: closed - Opened by dependabot[bot] over 1 year ago - 1 comment
Labels: dependencies, go

#753 - Bump github/codeql-action from 2.21.9 to 2.22.0

Pull Request - State: closed - Opened by dependabot[bot] over 1 year ago - 1 comment
Labels: dependencies, github_actions

#753 - Bump github/codeql-action from 2.21.9 to 2.22.0

Pull Request - State: closed - Opened by dependabot[bot] over 1 year ago - 1 comment
Labels: dependencies, github_actions

#752 - Bump ossf/scorecard-action from 2.2.0 to 2.3.0

Pull Request - State: closed - Opened by dependabot[bot] over 1 year ago - 1 comment
Labels: dependencies, github_actions

#752 - Bump ossf/scorecard-action from 2.2.0 to 2.3.0

Pull Request - State: closed - Opened by dependabot[bot] over 1 year ago - 1 comment
Labels: dependencies, github_actions