minder
minder copied to clipboard
stacklok
Software Supply Chain Security Platform
### Please describe the enhancement Profile Create/Update was moved to a separate interface as part of this PR: https://github.com/stacklok/minder/pull/2653 There is a significant amount of logic in these two methods,...
### Describe the issue When creating a profile with the ruletype `pr_vulnerability_check`, the expected behaviour is for Minder to comment on a PR when it contains a dependency with a...
Currently we have a few rule types that act by parsing the contents of a PR - homoglyph, vulnerability and Trusty checks. Each parses the PR content and then comments/reviews...
The vulncheck evaluator does two things - checks the vulnerabilities and then performs an action based on the vulnerabilities found, like suggesting PR changes or commenting with a summary. This...
### Describe the issue In https://github.com/stacklok/minder/pull/2275/files#r1506378930, we discussed whether a project should be garbage collected if there are users assigned to non-admin roles, but no users with admin roles remain...
### Describe the issue From https://github.com/stacklok/minder/actions/runs/8162121805/job/22312401262 Though this run was for #2475, there is no logic added to the eventer in that PR that should cause a data race. ```...
This issue is about moving away from 3rd party dependency for logging and converging on using log/slog which is part of the standard library.
### Please describe the enhancement Provide a single API endpoint which allows multiple repos to be registered in a single request. ### Solution Proposal TBD ### Describe alternatives you've considered...
Some ideas in this thread https://github.com/stacklok/minder/pull/2413#discussion_r1502784683 In summary, store a map of `map[provider]*auth.OAuthConfig` which is managed via a `Register(string, *auth.OAuthConfig)`. On calls to `NewOAuthConfig` look up the `auth.OAuthConfig` from the...
This needs investigating as it's not necessarily a bug in Minder, but probably a corner case of OSV we have to take care of. **Prerequisite:** * This assumes that the...