minder
minder copied to clipboard
stacklok
Software Supply Chain Security Platform
Once we OSS the code, we should introduce automated fuzzing: https://github.com/google/oss-fuzz
# Summary The idea is to make it easier to extend github webhook with events that are tied to more than one repository, namely "installation" and "installation_repositories", which are necessary...
### Please describe the enhancement See design doc in epic ### Solution Proposal In migration tool: 1. Change decrypt code to read from new fields then old fields 1. Begin...
Bumps [github.com/thomaspoignant/go-feature-flag](https://github.com/thomaspoignant/go-feature-flag) from 1.27.0 to 1.28.0. Release notes Sourced from github.com/thomaspoignant/go-feature-flag's releases. v1.28.0 🚀 v1.28.0 New Features feat: Allow to force update the internal cache by @thomaspoignant in #1878 feat(helm):...
![dependabot[bot] avatar](https://avatars.githubusercontent.com/in/29110?v=4 "dependabot[bot] avatar"){kind=avatar}
** Source commit ** - Commit SHA: [b4ef6eca7fb35ff8d7a82dbf7e2b0dc95c7bb094](https://github.com/stacklok/minder/commit/b4ef6eca7fb35ff8d7a82dbf7e2b0dc95c7bb094) - Date: 2024-05-21 16:49:39 - Author: Jakub Hrozek
![github-actions[bot] avatar](https://avatars.githubusercontent.com/in/15368?v=4 "github-actions[bot] avatar"){kind=avatar}
# Summary This change makes provider classes self-register webhooks. This means that a provider class manager now has to implement a registration method as well as an HTTP handler for...
### Please describe the enhancement For a registered container, we should handle webhooks that tell minder when to re-evaluate policy. ### Solution Proposal This proposes leveraging https://github.com/stacklok/minder/issues/3324 to handle webhooks...
The way that the trusty integration interacts with my PR should be controlled from the rule configuration. As a developer, I would like to choose if Trusty comments with a...
When trusty catches problematic dependencies being introduced in a PR, it should have the capability to add a review requesting changes.
The trusty integration shows the provenance score but it should show the components and source of origin data it used to compute the score.