Hector Fernandez
Hector Fernandez
**Description** We added a new predicate [type](https://github.com/in-toto/attestation/blob/main/spec/predicates/vuln.md) in in-toto for vulnerability attestations inspired on the initial predicate type defined in cosign for vulnerabilities.
## Melange Pull Request Template This PR creates a separate go pipeline to manage golang dependencies keeping the current go/build compatible with the initial logic. With this new go pipeline,...
While writing the package for gitlab-exporter, @rawlingsj suggested to add a loop that installs all the required dependencies from the gemspec file for a specific project. That will simplify the...
With the increasing proliferation of new artifacts linked to manifests (e.g. sbom, scan reports, attestations, signatures...), there is a need to efficiently index the content of these artifacts to provide...
### Issue type Bug ### Have you reproduced the bug with TensorFlow Nightly? Yes ### Source source ### TensorFlow version 2.16.1 ### Custom code No ### OS platform and distribution...
Map collections are not part of the JSON standard compliant. It'd be great to change the json output to use json objects instead of map collections.
I was looking for a version flag or command to get the product version but I didn't find anything.
**Description** Support adding policies that trigger specific actions on running Pods. The idea consists on triggering the eviction of running workloads. Perhaps we need a new policy type that simply...
**Description** We need to revisit the current API types to become `v1`. For that we might want to start reusing TrustRoots to refer to CTlogs. We want to add new...
**Description** We need to explore how to verify the existence of SLSA provenance attached to container images. It is currently possible to inspect SLSA attestations however this could be simplified...