Ecosyste.ms: Issues
An open API service for providing issue and pull request metadata for open source projects.
GitHub / gossts/slsa-provenance issues and pull requests
#55 - :seedling: Bump github.com/in-toto/in-toto-golang from 0.3.4-0.20211211042327-af1f9fb822bf to 0.9.0
Pull Request -
State: open - Opened by dependabot[bot] over 1 year ago
Labels: dependencies, go
#54 - :seedling: Bump github.com/sigstore/sigstore from 1.2.1-0.20220401110139-0e610e39782f to 1.6.4
Pull Request -
State: open - Opened by dependabot[bot] over 1 year ago
Labels: dependencies, go
#53 - :seedling: Bump github.com/secure-systems-lab/go-securesystemslib from 0.3.1 to 0.6.0
Pull Request -
State: open - Opened by dependabot[bot] over 1 year ago
Labels: dependencies, go
#52 - :seedling: Bump github.com/in-toto/in-toto-golang from 0.3.4-0.20211211042327-af1f9fb822bf to 0.8.0
Pull Request -
State: closed - Opened by dependabot[bot] over 1 year ago
- 1 comment
Labels: dependencies, go
#51 - :seedling: Bump github.com/sigstore/sigstore from 1.2.1-0.20220401110139-0e610e39782f to 1.6.3
Pull Request -
State: closed - Opened by dependabot[bot] over 1 year ago
- 1 comment
Labels: dependencies, go
#50 - :seedling: Bump github.com/go-openapi/runtime from 0.23.3 to 0.26.0
Pull Request -
State: open - Opened by dependabot[bot] over 1 year ago
Labels: dependencies, go
#49 - :seedling: Bump github.com/sigstore/sigstore from 1.2.1-0.20220401110139-0e610e39782f to 1.6.2
Pull Request -
State: closed - Opened by dependabot[bot] over 1 year ago
- 1 comment
Labels: dependencies, go
#48 - :seedling: Bump github.com/sigstore/sigstore from 1.2.1-0.20220401110139-0e610e39782f to 1.6.1
Pull Request -
State: closed - Opened by dependabot[bot] over 1 year ago
- 1 comment
Labels: dependencies, go
#47 - :seedling: Bump github.com/in-toto/in-toto-golang from 0.3.4-0.20211211042327-af1f9fb822bf to 0.7.1
Pull Request -
State: closed - Opened by dependabot[bot] over 1 year ago
- 1 comment
Labels: dependencies, go
#46 - :seedling: Bump github.com/sigstore/sigstore from 1.2.1-0.20220401110139-0e610e39782f to 1.6.0
Pull Request -
State: closed - Opened by dependabot[bot] over 1 year ago
- 1 comment
Labels: dependencies, go
#45 - :seedling: Bump github.com/in-toto/in-toto-golang from 0.3.4-0.20211211042327-af1f9fb822bf to 0.7.0
Pull Request -
State: closed - Opened by dependabot[bot] over 1 year ago
- 1 comment
Labels: dependencies, go
#44 - :seedling: Bump github.com/in-toto/in-toto-golang from 0.3.4-0.20211211042327-af1f9fb822bf to 0.6.0
Pull Request -
State: closed - Opened by dependabot[bot] over 1 year ago
- 1 comment
Labels: dependencies, go
#43 - :seedling: Bump github.com/sigstore/sigstore from 1.2.1-0.20220401110139-0e610e39782f to 1.5.2
Pull Request -
State: closed - Opened by dependabot[bot] over 1 year ago
- 1 comment
Labels: dependencies, go
#42 - :seedling: Bump github.com/secure-systems-lab/go-securesystemslib from 0.3.1 to 0.5.0
Pull Request -
State: closed - Opened by dependabot[bot] almost 2 years ago
- 1 comment
Labels: dependencies, go
#41 - :seedling: Bump github.com/go-openapi/runtime from 0.23.3 to 0.25.0
Pull Request -
State: closed - Opened by dependabot[bot] almost 2 years ago
- 1 comment
Labels: dependencies, go
#40 - :seedling: Bump github.com/go-openapi/runtime from 0.23.3 to 0.24.2
Pull Request -
State: closed - Opened by dependabot[bot] about 2 years ago
- 1 comment
Labels: dependencies, go
#39 - :seedling: Bump github.com/sigstore/cosign from 1.7.1 to 1.12.0
Pull Request -
State: open - Opened by dependabot[bot] about 2 years ago
Labels: dependencies, go
#38 - :seedling: Bump github.com/google/go-cmp from 0.5.7 to 0.5.9
Pull Request -
State: open - Opened by dependabot[bot] about 2 years ago
Labels: dependencies, go
#37 - :seedling: Bump github.com/sigstore/cosign from 1.7.1 to 1.11.1
Pull Request -
State: closed - Opened by dependabot[bot] about 2 years ago
- 1 comment
Labels: dependencies, go
#36 - :seedling: Bump github.com/sigstore/cosign from 1.7.1 to 1.11.0
Pull Request -
State: closed - Opened by dependabot[bot] over 2 years ago
- 1 comment
Labels: dependencies, go
#35 - :seedling: Bump github.com/sigstore/cosign from 1.7.1 to 1.10.1
Pull Request -
State: closed - Opened by dependabot[bot] over 2 years ago
- 1 comment
Labels: dependencies, go
#34 - :seedling: Bump github.com/google/trillian from 1.4.0 to 1.4.2
Pull Request -
State: open - Opened by dependabot[bot] over 2 years ago
Labels: dependencies, go
#33 - :seedling: Bump github.com/sigstore/cosign from 1.7.1 to 1.10.0
Pull Request -
State: closed - Opened by dependabot[bot] over 2 years ago
- 1 comment
Labels: dependencies, go
#32 - :seedling: Bump github.com/sigstore/cosign from 1.7.1 to 1.9.0
Pull Request -
State: closed - Opened by dependabot[bot] over 2 years ago
- 1 comment
Labels: dependencies, go
#31 - :seedling: Bump github.com/secure-systems-lab/go-securesystemslib from 0.3.1 to 0.4.0
Pull Request -
State: closed - Opened by dependabot[bot] over 2 years ago
- 1 comment
Labels: dependencies, go
#30 - :seedling: Bump github.com/google/trillian from 1.4.0 to 1.4.1
Pull Request -
State: closed - Opened by dependabot[bot] over 2 years ago
- 1 comment
Labels: dependencies, go
#29 - :seedling: Bump github.com/go-openapi/runtime from 0.23.3 to 0.24.1
Pull Request -
State: closed - Opened by dependabot[bot] over 2 years ago
- 1 comment
Labels: dependencies, go
#28 - :seedling: Bump github.com/go-openapi/runtime from 0.23.3 to 0.24.0
Pull Request -
State: closed - Opened by dependabot[bot] over 2 years ago
- 1 comment
Labels: dependencies, go
#27 - :seedling: Bump github.com/sigstore/cosign from 1.7.1 to 1.8.0
Pull Request -
State: closed - Opened by dependabot[bot] over 2 years ago
- 1 comment
Labels: dependencies, go
#26 - :seedling: Bump github.com/google/go-cmp from 0.5.7 to 0.5.8
Pull Request -
State: closed - Opened by dependabot[bot] over 2 years ago
- 1 comment
Labels: dependencies, go
#25 - :seedling: Bump github.com/sigstore/cosign from 1.7.1 to 1.7.2
Pull Request -
State: closed - Opened by dependabot[bot] over 2 years ago
- 1 comment
Labels: dependencies, go
#24 - :seedling: Bump github.com/sigstore/cosign from 1.6.0 to 1.7.1
Pull Request -
State: closed - Opened by dependabot[bot] over 2 years ago
Labels: dependencies, go
#23 - :seedling: Bump github.com/sigstore/cosign from 1.6.0 to 1.7.0
Pull Request -
State: closed - Opened by dependabot[bot] over 2 years ago
- 1 comment
Labels: dependencies, go
#22 - :seedling: Bump github.com/go-openapi/runtime from 0.23.2 to 0.23.3
Pull Request -
State: closed - Opened by dependabot[bot] over 2 years ago
Labels: dependencies, go
#21 - Verify branch of reusable workflow
Issue -
State: open - Opened by laurentsimon over 2 years ago
- 3 comments
#20 - Include direct link to the rekor entry for verification
Issue -
State: open - Opened by asraa over 2 years ago
#19 - Update cosign API for dependabot bump
Pull Request -
State: closed - Opened by asraa over 2 years ago
- 4 comments
#18 - ✨ Log to stderr
Pull Request -
State: closed - Opened by laurentsimon over 2 years ago
#17 - 🐛 Replace TrimLeft by TrimPrefix
Pull Request -
State: closed - Opened by laurentsimon over 2 years ago
#16 - :seedling: Bump github.com/rhysd/actionlint from 1.6.8 to 1.6.9
Pull Request -
State: closed - Opened by dependabot[bot] over 2 years ago
Labels: dependencies, go
#15 - :seedling: Bump github.com/secure-systems-lab/go-securesystemslib from 0.3.0 to 0.3.1
Pull Request -
State: closed - Opened by dependabot[bot] over 2 years ago
Labels: dependencies, go
#14 - :seedling: Bump github.com/sigstore/cosign from 1.5.2 to 1.6.0
Pull Request -
State: closed - Opened by dependabot[bot] over 2 years ago
- 1 comment
Labels: dependencies, go
#13 - :seedling: Bump github.com/go-openapi/runtime from 0.21.1 to 0.23.2
Pull Request -
State: closed - Opened by dependabot[bot] over 2 years ago
Labels: dependencies, go
#12 - Parse the payload in the envelope after verification
Pull Request -
State: closed - Opened by asraa over 2 years ago
#11 - Release tag verification
Issue -
State: open - Opened by laurentsimon over 2 years ago
- 5 comments
#10 - Enable Allstar for this repo/org?
Issue -
State: open - Opened by TomHennen over 2 years ago
- 2 comments
#9 - Verify trustedBuider from provenance's ProvenanceBuilder
Issue -
State: open - Opened by laurentsimon over 2 years ago
- 1 comment
#8 - Defense in depth: Verify additional pieces (configSource) of the provenance
Issue -
State: open - Opened by asraa over 2 years ago
#7 - Only unpack the envelope after signature verification
Issue -
State: closed - Opened by asraa over 2 years ago
#6 - ✨ Create codeql-analysis.yml
Pull Request -
State: closed - Opened by laurentsimon over 2 years ago
- 1 comment
#5 - ✨ Create dependabot.yml
Pull Request -
State: closed - Opened by laurentsimon over 2 years ago
#4 - Add codeql analysis to workflows
Pull Request -
State: closed - Opened by asraa over 2 years ago
#3 - Add option to pin on expected source repository
Pull Request -
State: closed - Opened by asraa over 2 years ago
#2 - Add a flag to pin the source repository
Issue -
State: closed - Opened by asraa over 2 years ago
#1 - Migrate original provenance verifier
Pull Request -
State: closed - Opened by asraa over 2 years ago
- 3 comments