Ecosyste.ms: Issues
An open API service for providing issue and pull request metadata for open source projects.
GitHub / ericcornelissen/ades issues and pull requests
#377 - Harden GitHub Actions workflows
Pull Request -
State: closed - Opened by ericcornelissen 6 days ago
Labels: ci/cd, security
#376 - Bump github.com/dkorunic/betteralign from 0.5.1 to 0.6.0
Pull Request -
State: closed - Opened by dependabot[bot] 10 days ago
Labels: dependencies
#375 - Bump github.com/tomarrell/wrapcheck/v2 from 2.9.0 to 2.10.0
Pull Request -
State: closed - Opened by dependabot[bot] 11 days ago
- 1 comment
Labels: dependencies
#374 - Bump github.com/polyfloyd/go-errorlint from 1.5.1 to 1.7.0
Pull Request -
State: closed - Opened by dependabot[bot] 14 days ago
Labels: dependencies
#373 - Bump github/codeql-action from 3.27.1 to 3.27.4
Pull Request -
State: closed - Opened by dependabot[bot] 14 days ago
- 2 comments
Labels: ci/cd, dependencies
#372 - Bump github/codeql-action from 3.27.1 to 3.27.3
Pull Request -
State: closed - Opened by dependabot[bot] 16 days ago
- 1 comment
Labels: ci/cd, dependencies
#371 - Bump golang.org/x/tools from 0.26.0 to 0.27.0
Pull Request -
State: closed - Opened by dependabot[bot] 18 days ago
Labels: dependencies
#370 - Bump github/codeql-action from 3.27.0 to 3.27.1
Pull Request -
State: closed - Opened by dependabot[bot] 18 days ago
Labels: ci/cd, dependencies
#369 - Bump github.com/google/capslock from 0.2.5 to 0.2.6
Pull Request -
State: closed - Opened by dependabot[bot] 21 days ago
- 1 comment
Labels: dependencies
#368 - Bump actions/attest-build-provenance from 1.4.3 to 1.4.4
Pull Request -
State: closed - Opened by dependabot[bot] 23 days ago
- 1 comment
Labels: ci/cd, dependencies
#367 - Bump github.com/rhysd/actionlint from 1.7.3 to 1.7.4
Pull Request -
State: closed - Opened by dependabot[bot] 24 days ago
- 1 comment
Labels: dependencies
#366 - Consider conditionally/always trusting certain expressions
Issue -
State: open - Opened by ericcornelissen 25 days ago
- 1 comment
Labels: enhancement
#365 - Update related work
Pull Request -
State: closed - Opened by ericcornelissen 25 days ago
Labels: documentation
#360 - More related work
Issue -
State: closed - Opened by ericcornelissen about 1 month ago
- 3 comments
Labels: documentation
#359 - Bump github.com/kisielk/errcheck from 1.7.0 to 1.8.0
Pull Request -
State: closed - Opened by dependabot[bot] about 1 month ago
Labels: dependencies
#358 - Bump github.com/alexkohler/nakedret/v2 from 2.0.1 to 2.0.5
Pull Request -
State: closed - Opened by dependabot[bot] about 1 month ago
Labels: dependencies
#357 - Basic dark mode for ades web app
Pull Request -
State: closed - Opened by ericcornelissen about 2 months ago
Labels: website
#356 - Resolve `error obtaining VCS status` in developer container
Pull Request -
State: closed - Opened by ericcornelissen about 2 months ago
#355 - Expand CSP usage beyond Trusted Types
Pull Request -
State: closed - Opened by ericcornelissen about 2 months ago
Labels: website
#354 - Bump github.com/go-critic/go-critic from 0.11.4 to 0.11.5
Pull Request -
State: closed - Opened by dependabot[bot] about 2 months ago
- 1 comment
Labels: dependencies
#353 - Bump actions/checkout from 4.2.0 to 4.2.1
Pull Request -
State: closed - Opened by dependabot[bot] about 2 months ago
- 1 comment
Labels: ci/cd, dependencies
#352 - Bump sigstore/cosign-installer from 3.4.0 to 3.7.0
Pull Request -
State: closed - Opened by dependabot[bot] about 2 months ago
- 1 comment
Labels: ci/cd, dependencies
#351 - Bump golang.org/x/tools from 0.25.0 to 0.26.0
Pull Request -
State: closed - Opened by dependabot[bot] about 2 months ago
Labels: dependencies
#350 - Prevent XSS through Trusted Types
Pull Request -
State: closed - Opened by ericcornelissen about 2 months ago
Labels: security, website
#349 - Bump docker/build-push-action from 6.0.1 to 6.9.0
Pull Request -
State: closed - Opened by dependabot[bot] about 2 months ago
Labels: ci/cd, dependencies
#348 - Bump JamesIves/github-pages-deploy-action from 4.6.0 to 4.6.8
Pull Request -
State: closed - Opened by dependabot[bot] about 2 months ago
- 2 comments
Labels: ci/cd, dependencies
#347 - Bump docker/build-push-action from 6.0.1 to 6.8.0
Pull Request -
State: closed - Opened by dependabot[bot] about 2 months ago
- 1 comment
Labels: ci/cd, dependencies
#346 - Bump github.com/rhysd/actionlint from 1.7.1 to 1.7.3
Pull Request -
State: closed - Opened by dependabot[bot] about 2 months ago
Labels: dependencies
#345 - Bump actions/checkout from 4.1.4 to 4.2.0
Pull Request -
State: closed - Opened by dependabot[bot] 2 months ago
Labels: ci/cd, dependencies
#344 - Bump github.com/rhysd/actionlint from 1.7.1 to 1.7.2
Pull Request -
State: closed - Opened by dependabot[bot] 2 months ago
- 1 comment
Labels: dependencies
#343 - Bump github.com/rogpeppe/go-internal from 1.12.0 to 1.13.1
Pull Request -
State: closed - Opened by dependabot[bot] 2 months ago
Labels: dependencies
#342 - Bump github/codeql-action from 3.26.6 to 3.26.8
Pull Request -
State: closed - Opened by dependabot[bot] 2 months ago
- 2 comments
Labels: ci/cd, dependencies
#341 - Bump github.com/dkorunic/betteralign from 0.5.1 to 0.5.2
Pull Request -
State: closed - Opened by dependabot[bot] 2 months ago
- 1 comment
Labels: dependencies
#340 - Bump github/codeql-action from 3.26.6 to 3.26.7
Pull Request -
State: closed - Opened by dependabot[bot] 2 months ago
- 1 comment
Labels: ci/cd, dependencies
#339 - Bump github.com/google/capslock from 0.2.4 to 0.2.5
Pull Request -
State: closed - Opened by dependabot[bot] 3 months ago
Labels: dependencies
#338 - Bump github.com/tetafro/godot from 1.4.16 to 1.4.18
Pull Request -
State: closed - Opened by dependabot[bot] 3 months ago
- 1 comment
Labels: dependencies
#337 - Bump golang.org/x/tools from 0.24.0 to 0.25.0
Pull Request -
State: closed - Opened by dependabot[bot] 3 months ago
Labels: dependencies
#336 - Bump github.com/tetafro/godot from 1.4.16 to 1.4.17
Pull Request -
State: closed - Opened by dependabot[bot] 3 months ago
- 1 comment
Labels: dependencies
#335 - Bump github.com/opencontainers/runc from 1.1.12 to 1.1.14
Pull Request -
State: closed - Opened by dependabot[bot] 3 months ago
Labels: dependencies
#334 - Bump actions/attest-build-provenance from 1.4.0 to 1.4.3
Pull Request -
State: closed - Opened by dependabot[bot] 3 months ago
Labels: ci/cd, dependencies
#333 - Bump golang.org/x/mod from 0.20.0 to 0.21.0
Pull Request -
State: closed - Opened by dependabot[bot] 3 months ago
- 1 comment
Labels: dependencies
#332 - Bump JamesIves/github-pages-deploy-action from 4.6.0 to 4.6.4
Pull Request -
State: closed - Opened by dependabot[bot] 3 months ago
- 1 comment
Labels: ci/cd, dependencies
#331 - Bump github/codeql-action from 3.26.0 to 3.26.6
Pull Request -
State: closed - Opened by dependabot[bot] 3 months ago
Labels: ci/cd, dependencies
#330 - Upgrade to Go 1.23.0
Pull Request -
State: closed - Opened by ericcornelissen 3 months ago
Labels: dependencies
#329 - Bump github/codeql-action from 3.26.0 to 3.26.5
Pull Request -
State: closed - Opened by dependabot[bot] 3 months ago
- 1 comment
Labels: ci/cd, dependencies
#328 - Bump actions/attest-build-provenance from 1.4.0 to 1.4.2
Pull Request -
State: closed - Opened by dependabot[bot] 3 months ago
- 1 comment
Labels: ci/cd, dependencies
#327 - Bump github/codeql-action from 3.26.0 to 3.26.4
Pull Request -
State: closed - Opened by dependabot[bot] 3 months ago
- 1 comment
Labels: ci/cd, dependencies
#326 - Bump github/codeql-action from 3.26.0 to 3.26.3
Pull Request -
State: closed - Opened by dependabot[bot] 3 months ago
- 1 comment
Labels: ci/cd, dependencies
#325 - Bump github.com/reproducible-containers/diffoci from 0.1.4 to 0.1.5
Pull Request -
State: closed - Opened by dependabot[bot] 3 months ago
- 1 comment
Labels: dependencies
#324 - Bump github.com/tomarrell/wrapcheck/v2 from 2.8.1 to 2.9.0
Pull Request -
State: closed - Opened by dependabot[bot] 3 months ago
Labels: dependencies
#323 - Bump github/codeql-action from 3.26.0 to 3.26.2
Pull Request -
State: closed - Opened by dependabot[bot] 4 months ago
- 1 comment
Labels: ci/cd, dependencies
#322 - Bump honnef.co/go/tools from 0.4.7 to 0.5.1
Pull Request -
State: closed - Opened by dependabot[bot] 4 months ago
Labels: dependencies
#321 - Bump docker/build-push-action from 6.0.1 to 6.7.0
Pull Request -
State: closed - Opened by dependabot[bot] 4 months ago
- 1 comment
Labels: ci/cd, dependencies
#320 - Bump github.com/dkorunic/betteralign from 0.4.4 to 0.5.1
Pull Request -
State: closed - Opened by dependabot[bot] 4 months ago
Labels: dependencies
#319 - Bump actions/attest-build-provenance from 1.4.0 to 1.4.1
Pull Request -
State: closed - Opened by dependabot[bot] 4 months ago
- 1 comment
Labels: ci/cd, dependencies
#318 - Bump docker/build-push-action from 6.0.1 to 6.6.1
Pull Request -
State: closed - Opened by dependabot[bot] 4 months ago
- 1 comment
Labels: ci/cd, dependencies
#317 - Bump sigstore/cosign-installer from 3.4.0 to 3.6.0
Pull Request -
State: closed - Opened by dependabot[bot] 4 months ago
- 1 comment
Labels: ci/cd, dependencies
#316 - Bump github.com/polyfloyd/go-errorlint from 1.5.1 to 1.6.0
Pull Request -
State: closed - Opened by dependabot[bot] 4 months ago
- 1 comment
Labels: dependencies
#315 - Bump github/codeql-action from 3.25.12 to 3.26.0
Pull Request -
State: closed - Opened by dependabot[bot] 4 months ago
Labels: ci/cd, dependencies
#314 - Bump golang.org/x/tools from 0.23.0 to 0.24.0
Pull Request -
State: closed - Opened by dependabot[bot] 4 months ago
Labels: dependencies
#313 - Bump golang.org/x/mod from 0.19.0 to 0.20.0
Pull Request -
State: closed - Opened by dependabot[bot] 4 months ago
- 1 comment
Labels: dependencies
#312 - Bump github.com/docker/docker from 24.0.9+incompatible to 25.0.6+incompatible
Pull Request -
State: closed - Opened by dependabot[bot] 4 months ago
- 2 comments
Labels: dependencies, security
#311 - Bump actions/attest-build-provenance from 1.3.1 to 1.4.0
Pull Request -
State: closed - Opened by dependabot[bot] 4 months ago
Labels: ci/cd, dependencies
#310 - Bump github.com/docker/docker from 24.0.9+incompatible to 26.1.4+incompatible
Pull Request -
State: closed - Opened by dependabot[bot] 4 months ago
- 2 comments
Labels: dependencies, security
#309 - Bump github/codeql-action from 3.25.12 to 3.25.15
Pull Request -
State: closed - Opened by dependabot[bot] 4 months ago
- 1 comment
Labels: ci/cd, dependencies
#308 - Refactor for simplicy
Pull Request -
State: closed - Opened by ericcornelissen 4 months ago
Labels: refactor
#307 - Bump github/codeql-action from 3.25.12 to 3.25.14
Pull Request -
State: closed - Opened by dependabot[bot] 4 months ago
- 1 comment
Labels: ci/cd, dependencies
#306 - Bump docker/build-push-action from 6.0.1 to 6.5.0
Pull Request -
State: closed - Opened by dependabot[bot] 4 months ago
- 1 comment
Labels: ci/cd, dependencies
#305 - Bump github.com/dkorunic/betteralign from 0.4.4 to 0.5.0
Pull Request -
State: closed - Opened by dependabot[bot] 4 months ago
- 1 comment
Labels: dependencies
#304 - Bump docker/login-action from 3.2.0 to 3.3.0
Pull Request -
State: closed - Opened by dependabot[bot] 4 months ago
- 1 comment
Labels: ci/cd, dependencies
#303 - Bump github/codeql-action from 3.25.12 to 3.25.13
Pull Request -
State: closed - Opened by dependabot[bot] 4 months ago
- 1 comment
Labels: ci/cd, dependencies
#302 - Bump github.com/dkorunic/betteralign from 0.4.4 to 0.4.5
Pull Request -
State: closed - Opened by dependabot[bot] 4 months ago
- 1 comment
Labels: dependencies
#301 - Check reproducibility of the web app build
Pull Request -
State: closed - Opened by ericcornelissen 4 months ago
Labels: ci/cd, meta
#300 - Bump docker/build-push-action from 6.0.1 to 6.4.1
Pull Request -
State: closed - Opened by dependabot[bot] 4 months ago
- 1 comment
Labels: ci/cd, dependencies
#299 - Bump golang.org/x/vuln from 1.1.1 to 1.1.3
Pull Request -
State: closed - Opened by dependabot[bot] 4 months ago
- 1 comment
Labels: dependencies
#298 - Use `-trimpath` to improve reproduciblity of build and improve reproduciblity check
Pull Request -
State: closed - Opened by ericcornelissen 5 months ago
Labels: meta
#297 - Bump docker/build-push-action from 6.0.1 to 6.4.0
Pull Request -
State: closed - Opened by dependabot[bot] 5 months ago
- 1 comment
Labels: ci/cd, dependencies
#296 - Bump github/codeql-action from 3.25.11 to 3.25.12
Pull Request -
State: closed - Opened by dependabot[bot] 5 months ago
Labels: ci/cd, dependencies
#295 - Bump actions/setup-go from 5.0.1 to 5.0.2
Pull Request -
State: closed - Opened by dependabot[bot] 5 months ago
Labels: ci/cd, dependencies
#294 - Version bump
Pull Request -
State: closed - Opened by ericcornelissen 5 months ago
#293 - Add support to the `isBeforeVersion` function for SHAs with annotation
Pull Request -
State: closed - Opened by ericcornelissen 5 months ago
Labels: enhancement
#292 - Bump actions/attest-build-provenance from 1.3.1 to 1.3.3
Pull Request -
State: closed - Opened by dependabot[bot] 5 months ago
- 1 comment
Labels: ci/cd, dependencies
#291 - Bump golang.org/x/tools from 0.22.1-0.20240611174316-dddd55df4919 to 0.23.0
Pull Request -
State: closed - Opened by dependabot[bot] 5 months ago
Labels: dependencies
#290 - Run `go run tasks.go build-all` in CI
Pull Request -
State: closed - Opened by ericcornelissen 5 months ago
Labels: ci/cd
#289 - Add conservative option to the web app
Pull Request -
State: closed - Opened by ericcornelissen 5 months ago
Labels: website
#288 - Motivate the need for need/use for this scanner based on existing known vulnerabilities
Issue -
State: open - Opened by ericcornelissen 5 months ago
Labels: meta
#287 - Bump github.com/docker/docker from 23.0.5+incompatible to 24.0.9+incompatible
Pull Request -
State: closed - Opened by dependabot[bot] 5 months ago
Labels: dependencies
#286 - Bump github.com/containerd/containerd from 1.7.9 to 1.7.11
Pull Request -
State: closed - Opened by dependabot[bot] 5 months ago
Labels: dependencies
#285 - Bump github.com/opencontainers/runc from 1.1.8 to 1.1.12
Pull Request -
State: closed - Opened by dependabot[bot] 5 months ago
Labels: dependencies
#284 - Automate `-version` value
Pull Request -
State: closed - Opened by ericcornelissen 5 months ago
- 1 comment
#283 - Bump github.com/google/capslock from 0.2.2 to 0.2.4
Pull Request -
State: closed - Opened by dependabot[bot] 5 months ago
Labels: dependencies
#282 - Bump JamesIves/github-pages-deploy-action from 4.6.0 to 4.6.3
Pull Request -
State: closed - Opened by dependabot[bot] 5 months ago
- 1 comment
Labels: ci/cd, dependencies
#281 - Bump golang.org/x/mod from 0.18.0 to 0.19.0
Pull Request -
State: closed - Opened by dependabot[bot] 5 months ago
- 1 comment
Labels: dependencies
#280 - Check container reproducibility `diffoci`
Pull Request -
State: closed - Opened by ericcornelissen 5 months ago
Labels: ci/cd, meta, dependencies
#279 - Configure user of the ades Container to be non-root
Pull Request -
State: closed - Opened by ericcornelissen 5 months ago
Labels: security
#278 - Bump docker/build-push-action from 6.0.1 to 6.3.0
Pull Request -
State: closed - Opened by dependabot[bot] 5 months ago
- 1 comment
Labels: ci/cd, dependencies
#277 - Bump github/codeql-action from 3.25.8 to 3.25.11
Pull Request -
State: closed - Opened by dependabot[bot] 5 months ago
Labels: ci/cd, dependencies
#276 - Update help text to mention support for scanning manifests
Pull Request -
State: closed - Opened by ericcornelissen 5 months ago
#275 - Add support for the `-conservative` flag to the web app
Issue -
State: closed - Opened by ericcornelissen 5 months ago
Labels: enhancement, website
#274 - Set expiry date for the Security Policy
Pull Request -
State: closed - Opened by ericcornelissen 5 months ago
Labels: meta