minder
minder copied to clipboard
stacklok
Software Supply Chain Security Platform
This is a follow-on to #1256 -- this is publishing the produced APT packages to some repository.
At the moment the package vulnerability interface implementation (OSV and soon-to-be-added Pi) instantiate a `http.Client` on every call. This is wasteful, we should reuse a client to improve performance. We...
The first version of PR remediations allows only replacing files. While this is acceptable as the PR would need to be reviewed by (hopefully) a human, having the ability to...
We are currently using `database/sql` for store and connections, we should do some due diligence on migrating to [pgx](https://github.com/jackc/pgx) [pgx](https://github.com/jackc/pgx) is [allegedly faster](https://groups.google.com/g/golang-nuts/c/ZvjNkpi1Fc4). Many PostgreSQL specific features such as LISTEN...
In addition to package-lock.json, we also should support yarn.local for JS packages.
**Describe the bug** Our GitHub API either doesn't support any pagination at all (and just hardcodes one page with the largest allowed size) or supports greedy pagination where everything is...
Currently when `CreateUser` is called, Minder tries to create a default user project named after the user. This is not optimal and there has been a few issues with this...
### Describe the issue Feature flags evaluated outside the context of a request don't populate `EvaluationContext` correctly. An example of where this bug happens is [here](https://github.com/stacklok/minder/blob/main/internal/engine/eval_status.go#L204), which is the code...
