Hector Fernandez

icon indicating a website link http://hectorj2f.github.io/

icon company @chainguard-dev icon location @chainguard-dev, ex-@mesosphere, ex-@redhat, ex-@giantswarm. Focused on K8s, Security, Distributed computing, Containers, Research, Golang and

Results 189 comments of Hector Fernandez

chore(deps): Bump github.com/sigstore/scaffolding from 0.7.9 to 0.7.11

@dependabot rebase

chore(deps): Bump github.com/sigstore/scaffolding from 0.7.9 to 0.7.11

@dependabot rebase

Fail to get public key from Azure key vault on cosign version v2.1.0

@akorp The expected format should be: `cosign sign --key azurekms://[VAULT_NAME][VAULT_URI]/[KEY] `. I assume you used AzureCli to login and access your Azure key vault.

Fail to get public key from Azure key vault on cosign version v2.1.0

I assume there is a problem and it should only use the `VAULT_URI/KEY`

Fail to get public key from Azure key vault on cosign version v2.1.0

It could be related to the upgrade of the dependencies, so we might need to update the docs.

Melange SCA for shared library dependencies should be versioned

@xnox @smoser Could you both share more details of what is missing from this feature request ?

sonarqube-10/10.6.0.92116-r0: cve remediation

This will require some debugging to know which dependencies break the compilation and which don't :/.

sonarqube-10/10.6.0.92116-r0: cve remediation

That is the result of letting CVEs to pile up :/ until we tackle them.

src/5.5.0-r0: cve remediation

This package looks broken for the moment.