Puerco
Puerco
# Summary Minder now has the capability to request changes in PRs when it finds something odd based on Trusty dependency data. This PR also introduces a new setting in...
The way that the trusty integration interacts with my PR should be controlled from the rule configuration. As a developer, I would like to choose if Trusty comments with a...
When trusty catches problematic dependencies being introduced in a PR, it should have the capability to add a review requesting changes.
The trusty integration shows the provenance score but it should show the components and source of origin data it used to compute the score.
We should add to the trusty pr handler the capability to block pull requests when deprecated or malicious dependencies are found.
When filtering SARIF results, vexctl should offer a setting to filter `not_affected` statements depending on their justification. For example I may want to filter only statements where software is `not_affected`...
We should add a configuration setting to vexctl to support defining which vex statuses cause results to get filtered when running `vex filter`. Right now we have it fixed to...
Once we finalize the initial scanner support, we should document the limitations and capabilities of the scanning subcommand of `vexctl`.
This commit adds language to note the class constraints on security relationship types. /cc @rnjudge Signed-off-by: Adolfo García Veytia (Puerco)
#### What would you like to be added: Our signing library should implement signing of in-toto attestations #### Why is this needed: We need to build our own attestation signing...