minder
minder copied to clipboard
stacklok
Software Supply Chain Security Platform
We should add to the trusty pr handler the capability to block pull requests when deprecated or malicious dependencies are found.
Currently, the GitHub webhook handler treats different event types uniformly and the "dispatch logic" for each event is spread over multiple routines. This makes it harder to extend the logic...
Currently Minder is not handling the pull request reopened webhook action. This may be exploited by: * Opening a PR and closing it immediately. * Re-opening it later with the...
The `ruletype delete --all` command should delete all ruletypes that are not referenced by existing profiles. This works, but I noticed a few issues around it: - [ ] Shows...
# Summary There's a lot of changes that do work, but I'm not sure about the changes mainly to the provider interfaces. Some patches could be sent already and merged,...
### Please describe the enhancement This proposes adding an artifact registration workflow to minder. ### Solution Proposal This proposes adding an `artifact register` subcommand which will register an artifact or...
### Please describe the enhancement Currently we've hardcoded webhooks handling for github. While this works for now, this is not something we can re-use for other providers. The idea is...
### Please describe the enhancement The idea is to get minder to do an enrollment with a dockerhub-provided token. We need to add the necessary bits and pieces for the...
On adding a new repository we would receive a webhook message that a new repository was added. The message looks like this: ``` { "action": "added", "installation": { "id": 49896345,...
Both OSV and Trusty support Rust but neither of our evaluators knows how to handle Rust projects.