minder
minder copied to clipboard
stacklok
Software Supply Chain Security Platform
# Summary Minder now has the capability to request changes in PRs when it finds something odd based on Trusty dependency data. This PR also introduces a new setting in...
Currently we have our GitHub provider credentials defined in the `server-config.yaml` like this: ``` github: client_id: X client_secret: Y ``` We fetch the credentials using viper directly: https://github.com/stacklok/minder/blob/4524f991586d2b90603718364eef0a0068e85219/internal/auth/oauth.go#L121-L122 Since we...
In case Minder finds a vulnerable package in a PR it also proposes a suggested version where this vulnerability is missing. The bug is that we not only have to...
Currently we have the OSV evaluator which is able to provide inline comments for PRs with vulnerabilities. I tried to reuse it for the initial implementation of the Pi integration,...
The use of templates is probably going to raise with the implementation of more action types and other features where we present a given message so it would be useful...
We add default values in rule_types but the gojsonschema library we use doesn't support setting default values and upstream is not open to adding that support. Having defaults would simplify...
**Describe the bug** Just before the releases we've written the rule type references manually, but that doesn't scale. We need to autogenerate them.
The minder.stacklok.dev/pr-vulncheck status is used to block PRs with vulnerabilities. We should have a rule that sets that status check automatically in branch protections.
**Describe the bug** Currently policy_status get is the only way to print all the details about an evaluation failure, but the default table doesn't have enough information unless you pass...
**Describe the bug** We're currently using OpenAPI v2, newer tooling is moving to OpenAPI v3, so we should considering migrating to that as well.
