Carlos Tadeu Panato Junior
Carlos Tadeu Panato Junior
@konopka90 can you rebase? thanks
I will take a look
afaik Dependabot will not update dependencies if that is not pinned and it is based on the `main` branch or other branches, it should have a tag on it for...
this might require some help from foundations team cc @xnox
I've reproduced the issue, and it is not in the goreleaser, it is in the `syft` tool that is used to generate the sbom and seems there is an issue...
we sign the .deb files deb: https://github.com/sigstore/cosign/releases/download/v2.2.1/cosign_2.2.1_amd64.deb certificate: https://github.com/sigstore/cosign/releases/download/v2.2.1/cosign_2.2.1_amd64.deb-keyless.pem sig: https://github.com/sigstore/cosign/releases/download/v2.2.1/cosign_2.2.1_amd64.deb-keyless.sig am i missign something here?
@mitar done, i think we can close this
sorry i am super late on this :( instead using pulumi i've been using terraform (or opentofu) to codify the GH (members and repos) is that something we want or...
/hold for the unit tests thanks for working on this !