Sambhav Kothari
Sambhav Kothari
Some of this for cyclonedx may be solved by #710
Relevant to this is the cyclonedx's SPDX taxonomy > https://github.com/CycloneDX/cyclonedx-property-taxonomy/pull/7 Also related to #563
This was discussed in the Anchore community WG meeting today (notes available at https://docs.google.com/document/d/1ZtSAa6fj2a6KRWviTn3WoJm09edvrNUp4Iz_dOjjyY8/edit ) - These were the options that were proposed - 1. We could implement this in...
Added https://github.com/sigstore/cosign/pull/1278 to update the spec as well
@luhring that's correct :) https://github.com/sigstore/cosign/pull/1137 and https://github.com/sigstore/cosign/pull/1278 handle the syft support and documentation on the cosign side. We just need to do the same at https://github.com/anchore/syft#adding-an-sbom-to-an-image-as-an-attestation to also mention sbom...
I like this as well. Possible things that I can imagine - Auto merge PRs or add labels or add specific comments based on a command by a user. I...
AFAICT this doesn't really need a validator, but simply for the merge action to support the `status` and `check_suite` events. Given that #386 is now fixed - all we need...
I am hitting the same issue - is there a workaround?
Hello :wave: I am a maintainer on the Cloud Native Buildpacks project. Happy to answer questions and provide support if y'all decide to go forward with CNB support :) Just...
@Pierre-Sassoulas - I have created two environments `pypi-dev` (which has tokens for test.pypi) and `pypi-prod` (which has tokens for pypi) both of which are gated and require approvers from the...