Skip to content

v0.0.2
Compare
Choose a tag to compare
@lukehinds lukehinds released this 06 Sep 15:12
· 2392 commits to main since this release
v0.0.2
38f9f4b
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode.

What's Changed

  • build(deps): bump slsa-framework/slsa-github-generator from 1.8.0 to 1.9.0 by @dependabot in #757
  • rule_type create: Add option to create multiple rule types at once or read all filed in directory by @JAORMX in #748
  • Auto-generated cli documentation update - 2023-08-25 13:04:37 by @github-actions in #759
  • remove unused internal/engine/entities.go by @jhrozek in #762
  • Update Epic template to remove SaaS engineering section by @dussab in #763
  • Split rule type format to show explicit ingestion and evaluation by @JAORMX in #758
  • build(deps): bump slsa-framework/slsa-verifier from 2.3.0 to 2.4.0 by @dependabot in #769
  • build(deps): bump github.com/grpc-ecosystem/grpc-gateway/v2 from 2.17.0 to 2.17.1 by @dependabot in #768
  • build(deps): bump github.com/grpc-ecosystem/grpc-gateway/v2 from 2.17.0 to 2.17.1 in /tools by @dependabot in #770
  • Update docs with new rule type syntax by @JAORMX in #767
  • small refactor: Move files around for testability by @JAORMX in #771
  • engine: Handle skipped rules and silent skips by @JAORMX in #776
  • .gitignore: Ignore test coverage file by @JAORMX in #774
  • util: Use dedicated test package for unit tests by @JAORMX in #772
  • build(deps): bump go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc from 0.42.0 to 0.43.0 by @dependabot in #779
  • build(deps): bump go.opentelemetry.io/otel/exporters/stdout/stdouttrace from 1.16.0 to 1.17.0 by @dependabot in #780
  • build(deps): bump github.com/go-playground/validator/v10 from 10.15.1 to 10.15.2 by @dependabot in #782
  • util: Add test coverage for JSON/YAML utilities by @JAORMX in #773
  • build(deps): bump go.opentelemetry.io/otel/sdk/metric from 0.39.0 to 0.40.0 by @dependabot in #781
  • build(deps): bump mobx from 6.10.0 to 6.10.1 in /docs by @dependabot in #789
  • build(deps): bump go.opentelemetry.io/otel/exporters/prometheus from 0.39.0 to 0.40.0 by @dependabot in #790
  • build(deps): bump github.com/go-playground/validator/v10 from 10.15.2 to 10.15.3 by @dependabot in #791
  • Improve artifact support by storing artifact_id in the rule evaluation table and store artifact information during webhook processing by @jhrozek in #760
  • Auto-generated DB schema update - 2023-08-30 09:22:38 by @github-actions in #792
  • Increase timeout for syncing repositories by @JAORMX in #788
  • engine: Add rego evaluation engine by @JAORMX in #784
  • Use IS NOT DISTINCT FROM for comparing rule eval status on upsert by @JAORMX in #799
  • Add guidance to rule types by @JAORMX in #797
  • Auto-generated DB schema update - 2023-08-30 16:06:13 by @github-actions in #802
  • build(deps): bump github.com/open-policy-agent/opa from 0.52.0 to 0.55.0 by @dependabot in #809
  • Use a generic version of JQ accessor, called JQGetTypedFromAccessor to parse GitHub payload by @jhrozek in #801
  • engine: Make ErrEvaluationSkipSilently not so silent by @JAORMX in #803
  • Adjust group.order so that PI can claim URLs in the same host by @evankanderson in #815
  • repositories: Add clone URL to data we track by @JAORMX in #793
  • Auto-generated DB schema update - 2023-08-31 17:21:34 by @github-actions in #816
  • handlers_policy: return more information on artifacts by @jhrozek in #812
  • containers: Suppress error message when trying to fetch signatures by @jhrozek in #811
  • build(deps): bump github.com/open-policy-agent/opa from 0.55.0 to 0.56.0 by @dependabot in #818
  • build(deps): bump github.com/aws/aws-sdk-go-v2/config from 1.18.37 to 1.18.38 by @dependabot in #821
  • build(deps): bump github.com/sigstore/cosign/v2 from 2.1.1 to 2.2.0 by @dependabot in #820
  • build(deps): bump mobx from 6.10.1 to 6.10.2 in /docs by @dependabot in #822
  • tests: Add a test to initialize the artifact ingester by @jhrozek in #823
  • Add git ingester by @JAORMX in #775
  • Putting it all together: Enables us to run rego rules on git contents by @JAORMX in #825
  • build(deps): bump github.com/sigstore/sigstore from 1.7.2 to 1.7.3 by @dependabot in #828
  • build(deps): bump golang.org/x/term from 0.11.0 to 0.12.0 by @dependabot in #827
  • rego: Introduce file.ls which allows us to list files by @JAORMX in #829
  • builtin: Return evalerrors.ErrEvaluationSkipSilently in case the builtin evaluator doesn't match the entity by @jhrozek in #800
  • Return why an artifact was skipped from the artifact ingester by @jhrozek in #810
  • Remove pr-size action by @lukehinds in #840
  • fix: use consistent sql.ErrNoRow error comparision by @rdimitrov in #832
  • Implements Dependabot Checks by @lukehinds in #843
  • build(deps): bump actions/checkout from 3 to 4 by @dependabot in #849
  • Policy to verify actions are pinned to sha1 by @lukehinds in #845
  • tools: Add setup.sh script by @JAORMX in #853
  • refactor: Move webhook event parsing logic to webhook handler by @JAORMX in #841
  • dev: Add log message when rule violation happens by @JAORMX in #854
  • cleanup: Remove commented out entries from policy by @JAORMX in #851
  • cleanup: remove unnecessary checkups from rule by @JAORMX in #852
  • Add policy init and reconcile policy support for artifacts by @jhrozek in #844
  • Auto-generated cli documentation update - 2023-09-05 16:39:02 by @github-actions in #855
  • rules: Fix actions_check_pinned_tags rule by @JAORMX in #857
  • Fix migratedown target by @eleftherias in #858
  • Avoid log spam on CheckHealth by @evankanderson in #864
  • build(deps): bump golang.org/x/tools from 0.12.0 to 0.13.0 in /tools by @dependabot in #866
  • build(deps): bump github.com/daixiang0/gci from 0.11.0 to 0.11.1 in /tools by @dependabot in #867
  • build(deps): bump golang.org/x/crypto from 0.12.0 to 0.13.0 by @dependabot in #868
  • build(deps): bump golang.org/x/oauth2 from 0.11.0 to 0.12.0 by @dependabot in #869
  • build(deps): bump github.com/ThreeDotsLabs/watermill from 1.3.3 to 1.3.4 by @dependabot in #870
  • build(deps): bump github.com/aws/aws-sdk-go-v2/config from 1.18.38 to 1.18.39 by @dependabot in #871
  • rego: Fix constraints evaluation type and prettify result by @JAORMX in #863
  • medev: a CLI tool to work with mediator by @JAORMX in #865
  • Handle type cast errors by @eleftherias in #850
  • Auto-generated cli documentation update - 2023-09-06 16:08:57 by @github-actions in #877

New Contributors

Full Changelog: v0.0.1...v0.0.2

Contributors

JAORMX, jhrozek, and 6 other contributors
Assets 14
0 Join discussion