-
Notifications
You must be signed in to change notification settings - Fork 24
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add Template for Issue #171
Add Template for Issue #171
Commits on Jan 10, 2024
-
132 feat clo monitor recommendations (in-toto#150)
* Add Security Insights, Security, and Dependency files * Pin dependencies, update permissions in workflows, and add license scanning * Add badges to README, add license to fossa scan --------- Signed-off-by: John Kjell <john@testifysec.com>
Configuration menu - View commit details
-
Copy full SHA for 93977fd - Browse repository at this point
Copy the full SHA 93977fdView commit details
Commits on Jan 11, 2024
-
chore: bump golang from 1.21.5-alpine to 1.21.6-alpine (in-toto#153)
Bumps golang from 1.21.5-alpine to 1.21.6-alpine. --- updated-dependencies: - dependency-name: golang dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Configuration menu - View commit details
-
Copy full SHA for 2b5ad30 - Browse repository at this point
Copy the full SHA 2b5ad30View commit details
Commits on Jan 16, 2024
-
chore: bump actions/upload-artifact from 4.0.0 to 4.1.0 (in-toto#157)
Bumps [actions/upload-artifact](https://github.com/actions/upload-artifact) from 4.0.0 to 4.1.0. - [Release notes](https://github.com/actions/upload-artifact/releases) - [Commits](actions/upload-artifact@c7d193f...1eb3cb2) --- updated-dependencies: - dependency-name: actions/upload-artifact dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Configuration menu - View commit details
-
Copy full SHA for 5193e8a - Browse repository at this point
Copy the full SHA 5193e8aView commit details -
Add template for Pull Requests (in-toto#155)
Signed-off-by: Prashant Rewar <108176843+prashantrewar@users.noreply.github.com>
Configuration menu - View commit details
-
Copy full SHA for 63afaea - Browse repository at this point
Copy the full SHA 63afaeaView commit details
Commits on Jan 17, 2024
-
Fix "uncontrolled data use" (in-toto#151)
* Fix "uncontrolled data use" from not verifying input to archivista get/store request parameters Signed-off-by: John Kjell <john@testifysec.com> * Migrate UT to testify test suite (in-toto#154) Signed-off-by: Kairo de Araujo <kairo.araujo@testifysec.com> --------- Signed-off-by: John Kjell <john@testifysec.com> Signed-off-by: Kairo de Araujo <kairo.araujo@testifysec.com>
Configuration menu - View commit details
-
Copy full SHA for b627df3 - Browse repository at this point
Copy the full SHA b627df3View commit details
Commits on Jan 23, 2024
-
chore: bump actions/upload-artifact from 4.1.0 to 4.2.0 (in-toto#161)
Bumps [actions/upload-artifact](https://github.com/actions/upload-artifact) from 4.1.0 to 4.2.0. - [Release notes](https://github.com/actions/upload-artifact/releases) - [Commits](actions/upload-artifact@1eb3cb2...694cdab) --- updated-dependencies: - dependency-name: actions/upload-artifact dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Configuration menu - View commit details
-
Copy full SHA for 12f281b - Browse repository at this point
Copy the full SHA 12f281bView commit details -
chore: bump github/codeql-action from 3.23.0 to 3.23.1 (in-toto#162)
Bumps [github/codeql-action](https://github.com/github/codeql-action) from 3.23.0 to 3.23.1. - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](github/codeql-action@e5f05b8...0b21cf2) --- updated-dependencies: - dependency-name: github/codeql-action dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Configuration menu - View commit details
-
Copy full SHA for 0b89efa - Browse repository at this point
Copy the full SHA 0b89efaView commit details -
chore: bump actions/dependency-review-action from 3.1.5 to 4.0.0 (in-…
…toto#163) Bumps [actions/dependency-review-action](https://github.com/actions/dependency-review-action) from 3.1.5 to 4.0.0. - [Release notes](https://github.com/actions/dependency-review-action/releases) - [Commits](actions/dependency-review-action@c74b580...4901385) --- updated-dependencies: - dependency-name: actions/dependency-review-action dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Configuration menu - View commit details
-
Copy full SHA for aa2d930 - Browse repository at this point
Copy the full SHA aa2d930View commit details -
Configuration menu - View commit details
-
Copy full SHA for 25d5f43 - Browse repository at this point
Copy the full SHA 25d5f43View commit details -
Configuration menu - View commit details
-
Copy full SHA for b44f651 - Browse repository at this point
Copy the full SHA b44f651View commit details -
Configuration menu - View commit details
-
Copy full SHA for 488c3dd - Browse repository at this point
Copy the full SHA 488c3ddView commit details -
fix: consistency protection storing attestations (in-toto#160)
COMMIT MESSAGE Adds protection to the users while storing attestations As Archivista relies on Object Storage/Filesystem to store the blob attestation and the SQL server to register the attestations for querying using GraphSQL, the flow needs to be consistent, as the services can fail. Ideally, the Store should happen transactional and not finish with inconsistency: file available in the SQL but not in the metadata Storage, for example. If it happens, the user will query the SQL but will not be able to retrieve/download the attestation blob. A minor fix is done in this PR, first adding the to the metadata storage and after registering in the SQL server. So, if the metadata storage fails, it will not continue and save it in the SQL server. Signed-off-by: Kairo Araujo <kairo.araujo@testifysec.com>
Configuration menu - View commit details
-
Copy full SHA for a059114 - Browse repository at this point
Copy the full SHA a059114View commit details
Commits on Jan 24, 2024
-
refactoring: Server API service (in-toto#152)
* refactor: rename var `mysql*` to `sql*` The current variable name `mysqlStore` and `mysqlStoreCh` can generate confusion as it comes from a factory store that support multiple databases (MySQL and Postgres). Signed-off-by: Kairo de Araujo <kairo.araujo@testifysec.com> * refactor: simplify archivista, move API to server This commit simplifies the archivista cmd (`cmd/archivista`), removing the API logic to the server, where all handlers for HTTP requests are implemented. This also includes the API Swagger documentation. Signed-off-by: Kairo Araujo <kairo.araujo@testifysec.com> * refactoring: rename store APIs to upload This refactoring focuses on the code readability and maintainability easier for new contributors. `Store` -> `Upload` `StoreWithHeaders` -> `UploadWithHeaders` The `Store` will be exclusive for the Store method used by `metadataStore` and `objectStore`, causing less confusion. It renames the functions but keeps backward compatibility to allow the current users the possibility to migrate. Signed-off-by: Kairo Araujo <kairo.araujo@testifysec.com> * tests: Add unit tests for server.go This add unit tests for main functions for server.go Signed-off-by: Kairo Araujo <kairo.araujo@testifysec.com> * fix: Add more consistent HTTP errors This commit fixes some status codes that can cause misunderstanding. Some errors were returning Bad Request (400) even when the user sends a correct request. The errors originating from the infrastructure or error during operations should raise Internal Server Error (500) as they are not expected. Unit tests are included to avoid regression Signed-off-by: Kairo Araujo <kairo.araujo@testifysec.com> --------- Signed-off-by: Kairo de Araujo <kairo.araujo@testifysec.com> Signed-off-by: Kairo Araujo <kairo.araujo@testifysec.com>
Configuration menu - View commit details
-
Copy full SHA for fe1b2b3 - Browse repository at this point
Copy the full SHA fe1b2b3View commit details -
chore: bump golang from
fd78f2f
to51a7800
(in-toto#170)Bumps golang from `fd78f2f` to `51a7800`. --- updated-dependencies: - dependency-name: golang dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Configuration menu - View commit details
-
Copy full SHA for f749b47 - Browse repository at this point
Copy the full SHA f749b47View commit details
Commits on Jan 29, 2024
-
Signed-off-by: Prashant Rewar <108176843+prashantrewar@users.noreply.github.com>
Configuration menu - View commit details
-
Copy full SHA for 1bb1a91 - Browse repository at this point
Copy the full SHA 1bb1a91View commit details