v0.0.9
What's Changed
- feat: implement an actions engine by @rdimitrov in #1192
- Add remediation capability for GH branch protections by @jhrozek in #1174
- Add option to fetch server secret from file by @eleftherias in #1199
- Pull request remediations engine + codeQL + dependabot remediations by @jhrozek in #1200
- Update deployment to enable account deletion by @eleftherias in #1212
- PR vulnerability evaluation: Display summary of vulnerabilities found by @jhrozek in #1204
- Update docs with identity config for mediator server by @eleftherias in #1195
- build(deps): bump github.com/aws/aws-sdk-go-v2/config from 1.18.45 to 1.19.0 by @dependabot in #1216
- build(deps): bump github.com/lestrrat-go/jwx/v2 from 2.0.13 to 2.0.14 by @dependabot in #1217
- build(deps): bump @babel/traverse from 7.22.10 to 7.23.2 in /docs by @dependabot in #1220
- Split mediator and db-update roles by @eleftherias in #1223
- vulncheck: Don't try to render an empty summary table if no CVEs are found by @jhrozek in #1215
- helm: Add
extra_config_migrateto helm values by @JAORMX in #1224 - Reduce cardinality of GRPC metrics from mediator. by @evankanderson in #1227
- build(deps): bump google.golang.org/grpc from 1.58.3 to 1.59.0 by @dependabot in #1230
- fix: Fix migration CI job by @JAORMX in #1229
- ci: Add healthceck for keycloak container by @JAORMX in #1231
- Support Python requirements.txt scanning for pull requests by @jhrozek in #1225
- build(deps): bump github.com/open-policy-agent/opa from 0.57.0 to 0.57.1 by @dependabot in #1234
- build(deps): bump k8s.io/apimachinery from 0.28.2 to 0.28.3 by @dependabot in #1235
- Add postgres connection pool instrumentation by @evankanderson in #1246
- feat: implement the rest of alerts by @rdimitrov in #1228
- build(deps): bump github.com/lestrrat-go/jwx/v2 from 2.0.14 to 2.0.15 by @dependabot in #1247
- Don't error CLI on a lack of config by @lukehinds in #1245
- Pi Evaluator that provides a summary of dependencies and their alternatives by @jhrozek in #1232
- engine: Also traverse PullRequest rules when validating profiles by @jhrozek in #1260
- Fix debug message argument by @jhrozek in #1261
- build(deps): bump github.com/golangci/golangci-lint from 1.54.2 to 1.55.0 in /tools by @dependabot in #1263
- Fix artifact_signature rule schema by @JAORMX in #1265
- build(deps): bump actions/setup-node from 3 to 4 by @dependabot in #1272
- ci: Fix database migration touch job by @JAORMX in #1271
- Intial smoke tests by @lukehinds in #1268
- feat: Implement ingester cache by @JAORMX in #1273
- Add telemetry for counting number of users by @eleftherias in #1275
- fix: update rule type descriptions to be consistent by @rdimitrov in #1277
- Don't retry all handler errors by @jhrozek in #1281
- build(deps): bump github.com/aws/aws-sdk-go-v2/config from 1.19.0 to 1.19.1 by @dependabot in #1283
- Makefile: leverage podman compose plugin instead of
podman-composeby @JAORMX in #1282 - Store PRs in the database to avoid special-casing them during evaluation by @jhrozek in #1270
- feat: add stalebot to ci by @rdimitrov in #1284
- Skip non-relevant webhook events by @jhrozek in #1280
- build(deps): bump google.golang.org/grpc from 1.58.0 to 1.58.3 in /tools by @dependabot in #1286
- fix: update permissions for stalebot.yml by @rdimitrov in #1287
- build(deps): bump github.com/golangci/golangci-lint from 1.55.0 to 1.55.1 in /tools by @dependabot in #1288
- build(deps): bump github.com/go-git/go-git/v5 from 5.9.0 to 5.10.0 by @dependabot in #1289
- chore: use interfaces for actions and evaluation params by @rdimitrov in #1290
- chore: ensure evalStatusParams implement eval and action interfaces by @rdimitrov in #1293
- chore: prefix viper env vars with mediator by @rdimitrov in #1291
- docs: update CONTRIBUTING.md by @rdimitrov in #1294
- chore: explicitly declare the default actions settings by @rdimitrov in #1295
- build(deps): bump github.com/google/uuid from 1.3.1 to 1.4.0 by @dependabot in #1300
- build(deps): bump github.com/open-policy-agent/opa from 0.57.1 to 0.58.0 by @dependabot in #1301
- build(deps): bump github.com/sigstore/sigstore from 1.7.4 to 1.7.5 by @dependabot in #1302
- ci: Detect
IF NOT EXISTSin migration scripts by @JAORMX in #1303 - Remove user details from mediator database by @eleftherias in #1304
- helm: Add deployment-specific settings by @JAORMX in #1299
- fix: actually render values.yaml in helm job by @JAORMX in #1305
- Use stable version of schemaspy by @eleftherias in #1307
- chore: update evaluation logs for easier debugging by @rdimitrov in #1306
- feat: Make watermill settings configurable by @JAORMX in #1297
- cleanup: Make mediator wait for keycloak's health in compose file by @JAORMX in #1308
- Fix link in CONTRIBUTING.md by @eleftherias in #1309
- Add several metrics for mediator control plane by @jhrozek in #1298
- Reconcile the PiReply struct with recent changes to Pi by @jhrozek in #1311
- Update LICENSE by @rdimitrov in #1314
- Make keycloak setup script compatible with DB by @eleftherias in #1320
- fix: Make event persistence configurable and set to false by @JAORMX in #1323
- feat: Add possibility for entitlements by @JAORMX in #1319
- Remove obsolete token expiry check by @rdimitrov in #1321
- Auto-generated DB schema update - 2023-10-30 14:28:37 by @github-actions in #1324
- Refactor Mediator docs for inclusion in commercial by @evankanderson in #1318
- Fix go.mod for tools and update go to 1.21 by @rdimitrov in #1322
- Allow registering private repos specified in github.allowed_private_repos by @jhrozek in #1316
- Add goreleaser, sboms, slsa3, sigstore and homebrew support by @rdimitrov in #1315
Full Changelog: v0.0.8...v0.0.9
Contributors
JAORMX, jhrozek, and 5 other contributors