source-controller
source-controller copied to clipboard
fluxcd
The GitOps Toolkit source management component
Hi, I am using in cluster harbor as the OCI registry to hold the helmchart which will be used by the HelmRepository. But chart failed to download form the plain...
We've experienced an issue while migrating from using HelmRepository to OCIRepository to fetch our Helm Charts stored in ECR. We are using a Pull Through cache to fetch the images...
Bumps [github.com/sigstore/fulcio](https://github.com/sigstore/fulcio) from 1.7.1 to 1.8.3. Release notes Sourced from github.com/sigstore/fulcio's releases. v1.8.3 Changelog v1.8.3 fixes https://github.com/sigstore/fulcio/security/advisories/GHSA-f83f-xpx7-ffpw 3622f6e62cf74ff1477422a8c3aad4ca338ed047 update changelog for v1.8.3 release (#2234) 765a0e57608b9ef390e1eeeea8595b9054c63a5a Merge commit from fork (#2233)...
![dependabot[bot] avatar](https://avatars.githubusercontent.com/in/29110?v=4 "dependabot[bot] avatar"){kind=avatar}
Bumps the go-deps group with 6 updates in the / directory: | Package | From | To | | --- | --- | --- | | [github.com/cyphar/filepath-securejoin](https://github.com/cyphar/filepath-securejoin) | `0.6.0` |...
Bumps the ci group with 5 updates: | Package | From | To | | --- | --- | --- | | [fluxcd/gha-workflows/.github/workflows/backport.yaml](https://github.com/fluxcd/gha-workflows) | `0.4.0` | `0.5.0` | | [fluxcd/gha-workflows](https://github.com/fluxcd/gha-workflows)...
Bumps [golang.org/x/crypto](https://github.com/golang/crypto) from 0.44.0 to 0.45.0. Commits 4e0068c go.mod: update golang.org/x dependencies e79546e ssh: curb GSSAPI DoS risk by limiting number of specified OIDs f91f7a7 ssh/agent: prevent panic on malformed...
- **Handle symlinks within GitRespository** - **Improve security for symlinks within GitRepository** Helm charts may include symlinks to common library charts under /charts. Currently, these are not handled. This PR...
Using the example from here, https://fluxcd.io/flux/flux-gh-action/#push-and-sign-kubernetes-manifests-to-container-registries regarding keyless signing It seems cosign has introduced and enabled some breaking changes in v3 which renders its signatures incompatible with the latest version...
When using FluxCD source-controller to fetch a GitRepository from our GitLab server, one file (in our case, a file targeted by a relative symlink) is missing in the artifact, even...
