{"payload":{"feedbackUrl":"https://github.com/orgs/community/discussions/53140","repo":{"id":474162642,"defaultBranch":"main","name":"slsa-verifier","ownerLogin":"slsa-framework","currentUserCanPush":false,"isFork":false,"isEmpty":false,"createdAt":"2022-03-25T21:01:47.000Z","ownerAvatar":"https://avatars.githubusercontent.com/u/80431187?v=4","public":true,"private":false,"isOrgOwned":true},"refInfo":{"name":"","listCacheKey":"v0:1725481182.0","currentOid":""},"activityList":{"items":[{"before":null,"after":"b80850bc342b1b54028054e5bcb5ffb149965c3b","ref":"refs/heads/dependabot/go_modules/go_modules-909bd1a915","pushedAt":"2024-09-04T20:19:42.000Z","pushType":"branch_creation","commitsCount":0,"pusher":{"login":"dependabot[bot]","name":null,"path":"/apps/dependabot","primaryAvatarUrl":"https://avatars.githubusercontent.com/in/29110?s=80&v=4"},"commit":{"message":"chore(deps): bump github.com/sigstore/sigstore-go\n\nBumps the go_modules group with 1 update: [github.com/sigstore/sigstore-go](https://github.com/sigstore/sigstore-go).\n\n\nUpdates `github.com/sigstore/sigstore-go` from 0.5.1 to 0.6.1\n- [Release notes](https://github.com/sigstore/sigstore-go/releases)\n- [Commits](https://github.com/sigstore/sigstore-go/compare/v0.5.1...v0.6.1)\n\n---\nupdated-dependencies:\n- dependency-name: github.com/sigstore/sigstore-go\n  dependency-type: direct:production\n  dependency-group: go_modules\n...\n\nSigned-off-by: dependabot[bot] <support@github.com>","shortMessageHtmlLink":"chore(deps): bump github.com/sigstore/sigstore-go"}},{"before":"b92dabfb1ca84467a9aa756a87447793bb599958","after":"767ecf9e0a63f5b7699d023609bd01978ff00d75","ref":"refs/heads/main","pushedAt":"2024-08-24T03:31:43.000Z","pushType":"pr_merge","commitsCount":1,"pusher":{"login":"ramonpetgrave64","name":"Ramon Petgrave","path":"/ramonpetgrave64","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/32398091?s=80&v=4"},"commit":{"message":"feat: handle dssev001 tlog entry types (#799)\n\nre: https://github.com/slsa-framework/slsa-github-generator/issues/3750\r\n\r\nRekor TLog entries can now be of the type dsse v0.0.1, as when what's\r\nreturned when using sigstore-go's `Bundle()`.\r\n\r\nThis is to support eventual Sigstore Bundles produced by\r\nslsa-github-generator's \"generic\" generator, which will likely use\r\nsigstore-go's Bundle to produce attestations\r\n\r\n-\r\nhttps://github.com/slsa-framework/slsa-github-generator/compare/main...ramonpetgrave64-internal-builder-sigstore-bundlev2#diff-b186a0c5d9ae459b11b694f05455568453699670926d21cad06cafec3dbf895eR101\r\n-\r\nhttps://github.com/slsa-framework/slsa-github-generator/actions/runs/10359750833\r\n\r\n## Tesing\r\n\r\n- Added unit tests with stub data\r\n- manual invocations to very both new and old attestations and bundles,\r\nwith some modifications for testing purposes\r\n-\r\nhttps://github.com/slsa-framework/slsa-verifier/compare/main...verify-sigstore-go-Bundlev3#diff-94741068472ee694a12811cd704179dd478a9fa20a3bf45cf6ea2d4406214dc2R179\r\n\r\n## Followup\r\n\r\nFinish the work to produce bundles from the generic generators\r\n-\r\nhttps://github.com/slsa-framework/slsa-github-generator/compare/main...ramonpetgrave64-internal-builder-sigstore-bundlev2#diff-b186a0c5d9ae459b11b694f05455568453699670926d21cad06cafec3dbf895eR101\r\n\r\n---------\r\n\r\nSigned-off-by: Ramon Petgrave <ramon.petgrave64@gmail.com>\r\nSigned-off-by: Ramon Petgrave <32398091+ramonpetgrave64@users.noreply.github.com>","shortMessageHtmlLink":"feat: handle dssev001 tlog entry types (<a class=\"issue-link js-issue-link\" data-error-text=\"Failed to load title\" data-id=\"2463699665\" data-permission-text=\"Title is private\" data-url=\"https://github.com/slsa-framework/slsa-verifier/issues/799\" data-hovercard-type=\"pull_request\" data-hovercard-url=\"/slsa-framework/slsa-verifier/pull/799/hovercard\" href=\"https://github.com/slsa-framework/slsa-verifier/pull/799\">#799</a>)"}},{"before":"e1d972c34b9a151243a89ee30e898a3d83d47eb8","after":"250dd049cb4d50ce5b507f1355c29286965907ed","ref":"refs/heads/ramonpetgrave64-tlog-dssev001","pushedAt":"2024-08-24T03:16:13.000Z","pushType":"push","commitsCount":2,"pusher":{"login":"ramonpetgrave64","name":"Ramon Petgrave","path":"/ramonpetgrave64","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/32398091?s=80&v=4"},"commit":{"message":"Merge branch 'main' into ramonpetgrave64-tlog-dssev001","shortMessageHtmlLink":"Merge branch 'main' into ramonpetgrave64-tlog-dssev001"}},{"before":"1694bbf872a0a51f32de251779e4533231a53342","after":"b92dabfb1ca84467a9aa756a87447793bb599958","ref":"refs/heads/main","pushedAt":"2024-08-23T11:42:14.000Z","pushType":"pr_merge","commitsCount":1,"pusher":{"login":"ramonpetgrave64","name":"Ramon Petgrave","path":"/ramonpetgrave64","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/32398091?s=80&v=4"},"commit":{"message":"feat: set user-agent header on Rekor requests (#801)\n\nThis is part of an effort to track clients of Sigstore infrastructure,\r\nand their versions.\r\n\r\nSigned-off-by: Bob Callaway <bcallaway@google.com>","shortMessageHtmlLink":"feat: set user-agent header on Rekor requests (<a class=\"issue-link js-issue-link\" data-error-text=\"Failed to load title\" data-id=\"2479489175\" data-permission-text=\"Title is private\" data-url=\"https://github.com/slsa-framework/slsa-verifier/issues/801\" data-hovercard-type=\"pull_request\" data-hovercard-url=\"/slsa-framework/slsa-verifier/pull/801/hovercard\" href=\"https://github.com/slsa-framework/slsa-verifier/pull/801\">#801</a>)"}},{"before":"5e8b02065c38a5b91423bb2671a9004e62c97ddc","after":"e1d972c34b9a151243a89ee30e898a3d83d47eb8","ref":"refs/heads/ramonpetgrave64-tlog-dssev001","pushedAt":"2024-08-16T14:46:53.000Z","pushType":"push","commitsCount":1,"pusher":{"login":"ramonpetgrave64","name":"Ramon Petgrave","path":"/ramonpetgrave64","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/32398091?s=80&v=4"},"commit":{"message":"typo\n\nSigned-off-by: Ramon Petgrave <32398091+ramonpetgrave64@users.noreply.github.com>","shortMessageHtmlLink":"typo"}},{"before":"e1f66fbb63779540c9741088053cf80002df4d04","after":"5e8b02065c38a5b91423bb2671a9004e62c97ddc","ref":"refs/heads/ramonpetgrave64-tlog-dssev001","pushedAt":"2024-08-15T21:43:20.000Z","pushType":"push","commitsCount":3,"pusher":{"login":"ramonpetgrave64","name":"Ramon Petgrave","path":"/ramonpetgrave64","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/32398091?s=80&v=4"},"commit":{"message":"Merge branch 'main' into ramonpetgrave64-tlog-dssev001","shortMessageHtmlLink":"Merge branch 'main' into ramonpetgrave64-tlog-dssev001"}},{"before":"a7406dbf749cc467de2e8e8db4953354103eb49d","after":"e1f66fbb63779540c9741088053cf80002df4d04","ref":"refs/heads/ramonpetgrave64-tlog-dssev001","pushedAt":"2024-08-15T21:43:04.000Z","pushType":"push","commitsCount":1,"pusher":{"login":"ramonpetgrave64","name":"Ramon Petgrave","path":"/ramonpetgrave64","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/32398091?s=80&v=4"},"commit":{"message":"typo\n\nSigned-off-by: Ramon Petgrave <ramon.petgrave64@gmail.com>","shortMessageHtmlLink":"typo"}},{"before":"fa295ff0c86832a5cb1556715f3a4767ab7fb4e7","after":"a7406dbf749cc467de2e8e8db4953354103eb49d","ref":"refs/heads/ramonpetgrave64-tlog-dssev001","pushedAt":"2024-08-15T21:40:48.000Z","pushType":"push","commitsCount":1,"pusher":{"login":"ramonpetgrave64","name":"Ramon Petgrave","path":"/ramonpetgrave64","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/32398091?s=80&v=4"},"commit":{"message":"better errors\n\nSigned-off-by: Ramon Petgrave <ramon.petgrave64@gmail.com>","shortMessageHtmlLink":"better errors"}},{"before":"552e674db727f4afc13df6b4e40566d76794cccc","after":"fa295ff0c86832a5cb1556715f3a4767ab7fb4e7","ref":"refs/heads/ramonpetgrave64-tlog-dssev001","pushedAt":"2024-08-15T20:56:53.000Z","pushType":"push","commitsCount":1,"pusher":{"login":"ramonpetgrave64","name":"Ramon Petgrave","path":"/ramonpetgrave64","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/32398091?s=80&v=4"},"commit":{"message":"use slices.ContainsFunc\n\nSigned-off-by: Ramon Petgrave <ramon.petgrave64@gmail.com>","shortMessageHtmlLink":"use slices.ContainsFunc"}},{"before":"3f37511042f2568767c4c4af16fa782f52b73502","after":"1694bbf872a0a51f32de251779e4533231a53342","ref":"refs/heads/main","pushedAt":"2024-08-14T04:02:10.000Z","pushType":"pr_merge","commitsCount":1,"pusher":{"login":"ramonpetgrave64","name":"Ramon Petgrave","path":"/ramonpetgrave64","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/32398091?s=80&v=4"},"commit":{"message":"chore(config): migrate renovate config (#800)\n\n[![Mend\r\nRenovate](https://app.renovatebot.com/images/banner.svg)](https://renovatebot.com)\r\n\r\nThe Renovate config in this repository needs migrating. Typically this\r\nis because one or more configuration options you are using have been\r\nrenamed.\r\n\r\nYou don't need to merge this PR right away, because Renovate will\r\ncontinue to migrate these fields internally each time it runs. But later\r\nsome of these fields may be fully deprecated and the migrations removed.\r\nSo it's a good idea to merge this migration PR soon.\r\n\r\n\r\n\r\n\r\n\r\n🔕 **Ignore**: Close this PR and you won't be reminded about config\r\nmigration again, but one day your current config may no longer be valid.\r\n\r\n❓ Got questions? Does something look wrong to you? Please don't hesitate\r\nto [request help\r\nhere](https://togithub.com/renovatebot/renovate/discussions).\r\n\r\n\r\n---\r\n\r\nThis PR was generated by [Mend\r\nRenovate](https://www.mend.io/free-developer-tools/renovate/). View the\r\n[repository job\r\nlog](https://developer.mend.io/github/slsa-framework/slsa-verifier).","shortMessageHtmlLink":"chore(config): migrate renovate config (<a class=\"issue-link js-issue-link\" data-error-text=\"Failed to load title\" data-id=\"2464033377\" data-permission-text=\"Title is private\" data-url=\"https://github.com/slsa-framework/slsa-verifier/issues/800\" data-hovercard-type=\"pull_request\" data-hovercard-url=\"/slsa-framework/slsa-verifier/pull/800/hovercard\" href=\"https://github.com/slsa-framework/slsa-verifier/pull/800\">#800</a>)"}},{"before":"e8275856e0ad27de91911af314c3ec607ed743c6","after":"3f37511042f2568767c4c4af16fa782f52b73502","ref":"refs/heads/main","pushedAt":"2024-08-13T19:08:24.000Z","pushType":"pr_merge","commitsCount":1,"pusher":{"login":"ramonpetgrave64","name":"Ramon Petgrave","path":"/ramonpetgrave64","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/32398091?s=80&v=4"},"commit":{"message":"chore: fix vuln: override autolinker ^4.0.0 (#785)\n\nfixes\r\nhttps://github.com/slsa-framework/slsa-verifier/security/code-scanning/11\r\n\r\nmarkdown-toc's latest v1.2.0 is still vulnerable via a transitive\r\ndependency, but hasn't received updates in a long time.\r\n\r\nThis PR overrides one of the other transitive dependencies to a\r\nnon-vulnerable version.\r\n\r\nmore info here\r\nhttps://github.com/jonschlinkert/markdown-toc/issues/156#issuecomment-2197630000\r\n\r\n# Testing process\r\n\r\n- Manually invoked `make markdown-toc` and it did succeed, while also\r\nadding a missing header in the README.\r\n - Made a few typos in the headers and markdown-toc did fix them.\r\n - Cloned markdown-toc, added the override, and its unit tests passed\r\n\r\n---------\r\n\r\nSigned-off-by: Ramon Petgrave <ramon.petgrave64@gmail.com>\r\nSigned-off-by: Ramon Petgrave <32398091+ramonpetgrave64@users.noreply.github.com>","shortMessageHtmlLink":"chore: fix vuln: override autolinker ^4.0.0 (<a class=\"issue-link js-issue-link\" data-error-text=\"Failed to load title\" data-id=\"2381204953\" data-permission-text=\"Title is private\" data-url=\"https://github.com/slsa-framework/slsa-verifier/issues/785\" data-hovercard-type=\"pull_request\" data-hovercard-url=\"/slsa-framework/slsa-verifier/pull/785/hovercard\" href=\"https://github.com/slsa-framework/slsa-verifier/pull/785\">#785</a>)"}},{"before":"bc65aede9871b3b07e2fc35c85f97acf6ac4bb74","after":"552e674db727f4afc13df6b4e40566d76794cccc","ref":"refs/heads/ramonpetgrave64-tlog-dssev001","pushedAt":"2024-08-13T16:02:36.000Z","pushType":"push","commitsCount":1,"pusher":{"login":"ramonpetgrave64","name":"Ramon Petgrave","path":"/ramonpetgrave64","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/32398091?s=80&v=4"},"commit":{"message":"lint\n\nSigned-off-by: Ramon Petgrave <ramon.petgrave64@gmail.com>","shortMessageHtmlLink":"lint"}},{"before":null,"after":"bc65aede9871b3b07e2fc35c85f97acf6ac4bb74","ref":"refs/heads/ramonpetgrave64-tlog-dssev001","pushedAt":"2024-08-13T15:43:16.000Z","pushType":"branch_creation","commitsCount":0,"pusher":{"login":"ramonpetgrave64","name":"Ramon Petgrave","path":"/ramonpetgrave64","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/32398091?s=80&v=4"},"commit":{"message":"handle dssev001 tlog entry types\n\nSigned-off-by: Ramon Petgrave <ramon.petgrave64@gmail.com>","shortMessageHtmlLink":"handle dssev001 tlog entry types"}},{"before":null,"after":"02c3e20cf36140f28b07522d46f825f8debb2b25","ref":"refs/heads/verify-sigstore-go-Bundlev3","pushedAt":"2024-08-12T20:56:44.000Z","pushType":"branch_creation","commitsCount":0,"pusher":{"login":"ramonpetgrave64","name":"Ramon Petgrave","path":"/ramonpetgrave64","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/32398091?s=80&v=4"},"commit":{"message":"remove print\n\nSigned-off-by: Ramon Petgrave <ramon.petgrave64@gmail.com>","shortMessageHtmlLink":"remove print"}},{"before":"306deebc7821422f3137260fbefbeb9f715e3ab1","after":"02c3e20cf36140f28b07522d46f825f8debb2b25","ref":"refs/heads/verify-sigstore-go-Bundlev2","pushedAt":"2024-08-12T20:55:25.000Z","pushType":"push","commitsCount":1,"pusher":{"login":"ramonpetgrave64","name":"Ramon Petgrave","path":"/ramonpetgrave64","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/32398091?s=80&v=4"},"commit":{"message":"remove print\n\nSigned-off-by: Ramon Petgrave <ramon.petgrave64@gmail.com>","shortMessageHtmlLink":"remove print"}},{"before":"1384f51fab5b65846f368fb1e2fdafd921930aeb","after":"306deebc7821422f3137260fbefbeb9f715e3ab1","ref":"refs/heads/verify-sigstore-go-Bundlev2","pushedAt":"2024-08-12T20:52:46.000Z","pushType":"push","commitsCount":1,"pusher":{"login":"ramonpetgrave64","name":"Ramon Petgrave","path":"/ramonpetgrave64","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/32398091?s=80&v=4"},"commit":{"message":"wildcard ref\n\nSigned-off-by: Ramon Petgrave <ramon.petgrave64@gmail.com>","shortMessageHtmlLink":"wildcard ref"}},{"before":null,"after":"1384f51fab5b65846f368fb1e2fdafd921930aeb","ref":"refs/heads/verify-sigstore-go-Bundlev2","pushedAt":"2024-08-12T17:22:11.000Z","pushType":"branch_creation","commitsCount":0,"pusher":{"login":"ramonpetgrave64","name":"Ramon Petgrave","path":"/ramonpetgrave64","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/32398091?s=80&v=4"},"commit":{"message":"respect my personal branch\n\nSigned-off-by: Ramon Petgrave <ramon.petgrave64@gmail.com>","shortMessageHtmlLink":"respect my personal branch"}},{"before":"3351ecc7d9683fbd25487bea4355f890b671a08d","after":"1384f51fab5b65846f368fb1e2fdafd921930aeb","ref":"refs/heads/verify-sigstore-go-Bundle","pushedAt":"2024-08-12T17:17:48.000Z","pushType":"push","commitsCount":1,"pusher":{"login":"ramonpetgrave64","name":"Ramon Petgrave","path":"/ramonpetgrave64","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/32398091?s=80&v=4"},"commit":{"message":"respect my personal branch\n\nSigned-off-by: Ramon Petgrave <ramon.petgrave64@gmail.com>","shortMessageHtmlLink":"respect my personal branch"}},{"before":"5f42d4624cd2a5bef2961d6ec93f769655c2330e","after":null,"ref":"refs/heads/dependabot/go_modules/go_modules-126a66c1b2","pushedAt":"2024-08-12T15:04:40.000Z","pushType":"branch_deletion","commitsCount":0,"pusher":{"login":"dependabot[bot]","name":null,"path":"/apps/dependabot","primaryAvatarUrl":"https://avatars.githubusercontent.com/in/29110?s=80&v=4"}},{"before":"489e79138b5050e7d719a1c57610b684ee63d53f","after":"e8275856e0ad27de91911af314c3ec607ed743c6","ref":"refs/heads/main","pushedAt":"2024-08-12T15:04:32.000Z","pushType":"pr_merge","commitsCount":1,"pusher":{"login":"ramonpetgrave64","name":"Ramon Petgrave","path":"/ramonpetgrave64","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/32398091?s=80&v=4"},"commit":{"message":"chore(deps): bump github.com/docker/docker from 26.1.4+incompatible to 26.1.5+incompatible in the go_modules group (#798)\n\nBumps the go_modules group with 1 update:\r\n[github.com/docker/docker](https://github.com/docker/docker).\r\n\r\nUpdates `github.com/docker/docker` from 26.1.4+incompatible to\r\n26.1.5+incompatible\r\n<details>\r\n<summary>Release notes</summary>\r\n<p><em>Sourced from <a\r\nhref=\"https://github.com/docker/docker/releases\">github.com/docker/docker's\r\nreleases</a>.</em></p>\r\n<blockquote>\r\n<h2>v26.1.5</h2>\r\n<h2>26.1.5</h2>\r\n<h3>Security</h3>\r\n<p>This release contains a fix for <a\r\nhref=\"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41110\">CVE-2024-41110</a>\r\n/ <a\r\nhref=\"https://github.com/moby/moby/security/advisories/GHSA-v23v-6jw2-98fq\">GHSA-v23v-6jw2-98fq</a>\r\nthat impacted setups using <a\r\nhref=\"https://docs.docker.com/engine/extend/plugins_authorization/\">authorization\r\nplugins (AuthZ)</a>\r\nfor access control. No other changes are included in this release, and\r\nthis\r\nrelease is otherwise identical for users not using AuthZ plugins.</p>\r\n<p><strong>Full Changelog</strong>: <a\r\nhref=\"https://github.com/moby/moby/compare/v26.1.4...v26.1.5\">https://github.com/moby/moby/compare/v26.1.4...v26.1.5</a></p>\r\n</blockquote>\r\n</details>\r\n<details>\r\n<summary>Commits</summary>\r\n<ul>\r\n<li><a\r\nhref=\"https://github.com/moby/moby/commit/411e817ddf710ff8e08fa193da80cb78af708191\"><code>411e817</code></a>\r\nMerge commit from fork</li>\r\n<li><a\r\nhref=\"https://github.com/moby/moby/commit/9cc85eaef15739234909e9c1d4b9915b37bac4ab\"><code>9cc85ea</code></a>\r\nIf url includes scheme, urlPath will drop hostname, which would not\r\nmatch the...</li>\r\n<li><a\r\nhref=\"https://github.com/moby/moby/commit/820cab90bc2cfc6fadf9bf9f0f460e1f6d07434a\"><code>820cab9</code></a>\r\nAuthz plugin security fixes for 0-length content and path\r\nvalidation</li>\r\n<li><a\r\nhref=\"https://github.com/moby/moby/commit/6bc49067a6c7647db245d77e0660778c8f61f314\"><code>6bc4906</code></a>\r\nMerge pull request <a\r\nhref=\"https://redirect.github.com/docker/docker/issues/48123\">#48123</a>\r\nfrom vvoland/v26.1-48120</li>\r\n<li><a\r\nhref=\"https://github.com/moby/moby/commit/6fbdce4b94456b6aad2b83a661bbbbed4dafa583\"><code>6fbdce4</code></a>\r\nupdate to go1.21.12</li>\r\n<li><a\r\nhref=\"https://github.com/moby/moby/commit/f5334644ecc787861fef75c7f6d08756ffe8bbd7\"><code>f533464</code></a>\r\nMerge pull request <a\r\nhref=\"https://redirect.github.com/docker/docker/issues/47986\">#47986</a>\r\nfrom vvoland/v26.1-47985</li>\r\n<li><a\r\nhref=\"https://github.com/moby/moby/commit/c1d4587d769bae94305de974fcb97d614fa7b4ef\"><code>c1d4587</code></a>\r\nbuilder/mobyexporter: Add missing nil check</li>\r\n<li><a\r\nhref=\"https://github.com/moby/moby/commit/d6428049a53212ee798fedd90b1328a381492d28\"><code>d642804</code></a>\r\nMerge pull request <a\r\nhref=\"https://redirect.github.com/docker/docker/issues/47940\">#47940</a>\r\nfrom thaJeztah/26.1_backport_api_remove_container_c...</li>\r\n<li><a\r\nhref=\"https://github.com/moby/moby/commit/daba2462f545b155011e1f183a85f00a18926181\"><code>daba246</code></a>\r\ndocs: api: image inspect: remove Container and ContainerConfig</li>\r\n<li>See full diff in <a\r\nhref=\"https://github.com/docker/docker/compare/v26.1.4...v26.1.5\">compare\r\nview</a></li>\r\n</ul>\r\n</details>\r\n<br />\r\n\r\n\r\n[![Dependabot compatibility\r\nscore](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=github.com/docker/docker&package-manager=go_modules&previous-version=26.1.4+incompatible&new-version=26.1.5+incompatible)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)\r\n\r\nDependabot will resolve any conflicts with this PR as long as you don't\r\nalter it yourself. You can also trigger a rebase manually by commenting\r\n`@dependabot rebase`.\r\n\r\n[//]: # (dependabot-automerge-start)\r\n[//]: # (dependabot-automerge-end)\r\n\r\n---\r\n\r\n<details>\r\n<summary>Dependabot commands and options</summary>\r\n<br />\r\n\r\nYou can trigger Dependabot actions by commenting on this PR:\r\n- `@dependabot rebase` will rebase this PR\r\n- `@dependabot recreate` will recreate this PR, overwriting any edits\r\nthat have been made to it\r\n- `@dependabot merge` will merge this PR after your CI passes on it\r\n- `@dependabot squash and merge` will squash and merge this PR after\r\nyour CI passes on it\r\n- `@dependabot cancel merge` will cancel a previously requested merge\r\nand block automerging\r\n- `@dependabot reopen` will reopen this PR if it is closed\r\n- `@dependabot close` will close this PR and stop Dependabot recreating\r\nit. You can achieve the same result by closing it manually\r\n- `@dependabot show <dependency name> ignore conditions` will show all\r\nof the ignore conditions of the specified dependency\r\n- `@dependabot ignore <dependency name> major version` will close this\r\ngroup update PR and stop Dependabot creating any more for the specific\r\ndependency's major version (unless you unignore this specific\r\ndependency's major version or upgrade to it yourself)\r\n- `@dependabot ignore <dependency name> minor version` will close this\r\ngroup update PR and stop Dependabot creating any more for the specific\r\ndependency's minor version (unless you unignore this specific\r\ndependency's minor version or upgrade to it yourself)\r\n- `@dependabot ignore <dependency name>` will close this group update PR\r\nand stop Dependabot creating any more for the specific dependency\r\n(unless you unignore this specific dependency or upgrade to it yourself)\r\n- `@dependabot unignore <dependency name>` will remove all of the ignore\r\nconditions of the specified dependency\r\n- `@dependabot unignore <dependency name> <ignore condition>` will\r\nremove the ignore condition of the specified dependency and ignore\r\nconditions\r\nYou can disable automated security fix PRs for this repo from the\r\n[Security Alerts\r\npage](https://github.com/slsa-framework/slsa-verifier/network/alerts).\r\n\r\n</details>\r\n\r\nSigned-off-by: dependabot[bot] <support@github.com>\r\nCo-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>","shortMessageHtmlLink":"chore(deps): bump github.com/docker/docker from 26.1.4+incompatible t…"}},{"before":null,"after":"3351ecc7d9683fbd25487bea4355f890b671a08d","ref":"refs/heads/verify-sigstore-go-Bundle","pushedAt":"2024-08-09T21:15:25.000Z","pushType":"branch_creation","commitsCount":0,"pusher":{"login":"ramonpetgrave64","name":"Ramon Petgrave","path":"/ramonpetgrave64","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/32398091?s=80&v=4"},"commit":{"message":"fix sig and cert parsing\n\nSigned-off-by: Ramon Petgrave <ramon.petgrave64@gmail.com>","shortMessageHtmlLink":"fix sig and cert parsing"}},{"before":null,"after":"5f42d4624cd2a5bef2961d6ec93f769655c2330e","ref":"refs/heads/dependabot/go_modules/go_modules-126a66c1b2","pushedAt":"2024-08-09T20:57:03.000Z","pushType":"branch_creation","commitsCount":0,"pusher":{"login":"dependabot[bot]","name":null,"path":"/apps/dependabot","primaryAvatarUrl":"https://avatars.githubusercontent.com/in/29110?s=80&v=4"},"commit":{"message":"chore(deps): bump github.com/docker/docker in the go_modules group\n\nBumps the go_modules group with 1 update: [github.com/docker/docker](https://github.com/docker/docker).\n\n\nUpdates `github.com/docker/docker` from 26.1.4+incompatible to 26.1.5+incompatible\n- [Release notes](https://github.com/docker/docker/releases)\n- [Commits](https://github.com/docker/docker/compare/v26.1.4...v26.1.5)\n\n---\nupdated-dependencies:\n- dependency-name: github.com/docker/docker\n  dependency-type: indirect\n  dependency-group: go_modules\n...\n\nSigned-off-by: dependabot[bot] <support@github.com>","shortMessageHtmlLink":"chore(deps): bump github.com/docker/docker in the go_modules group"}},{"before":"a702bf7bd2cdfbcf6c44917c0ae0d4b86032ea43","after":"76fd86fe38538ac281d9fb1c7121266a10e1f50d","ref":"refs/heads/testing-from-slsa-github-generator-repo-branches","pushedAt":"2024-08-08T20:01:55.000Z","pushType":"push","commitsCount":1,"pusher":{"login":"ramonpetgrave64","name":"Ramon Petgrave","path":"/ramonpetgrave64","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/32398091?s=80&v=4"},"commit":{"message":"format\n\nSigned-off-by: Ramon Petgrave <ramon.petgrave64@gmail.com>","shortMessageHtmlLink":"format"}},{"before":"8f3f337e4994e1d8de87a9817bf961f3a861911f","after":"a702bf7bd2cdfbcf6c44917c0ae0d4b86032ea43","ref":"refs/heads/testing-from-slsa-github-generator-repo-branches","pushedAt":"2024-08-08T18:59:27.000Z","pushType":"force_push","commitsCount":0,"pusher":{"login":"ramonpetgrave64","name":"Ramon Petgrave","path":"/ramonpetgrave64","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/32398091?s=80&v=4"},"commit":{"message":"allow slsa-framework/slsa-github-generator provenances from other branches in testing mode\n\nSigned-off-by: Ramon Petgrave <ramon.petgrave64@gmail.com>","shortMessageHtmlLink":"allow slsa-framework/slsa-github-generator provenances from other bra…"}},{"before":null,"after":"8f3f337e4994e1d8de87a9817bf961f3a861911f","ref":"refs/heads/testing-from-slsa-github-generator-repo-branches","pushedAt":"2024-08-08T18:53:41.000Z","pushType":"branch_creation","commitsCount":0,"pusher":{"login":"ramonpetgrave64","name":"Ramon Petgrave","path":"/ramonpetgrave64","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/32398091?s=80&v=4"},"commit":{"message":"allow slsa-framework/slsa-github-generator provenances from other branches in testing mode\n\nSigned-off-by: Ramon Petgrave <ramon.petgrave64@gmail.com>","shortMessageHtmlLink":"allow slsa-framework/slsa-github-generator provenances from other bra…"}},{"before":"c7894378150517164d4a5b8824cc53ce8ac1317a","after":"489e79138b5050e7d719a1c57610b684ee63d53f","ref":"refs/heads/main","pushedAt":"2024-08-05T16:21:16.000Z","pushType":"pr_merge","commitsCount":1,"pusher":{"login":"ramonpetgrave64","name":"Ramon Petgrave","path":"/ramonpetgrave64","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/32398091?s=80&v=4"},"commit":{"message":"chore(deps): update golang:1.21 docker digest to f2eb989 (#796)\n\n[![Mend\r\nRenovate](https://app.renovatebot.com/images/banner.svg)](https://renovatebot.com)\r\n\r\nThis PR contains the following updates:\r\n\r\n| Package | Type | Update | Change |\r\n|---|---|---|---|\r\n| golang | stage | digest | `b405b62` -> `f2eb989` |\r\n\r\n---\r\n\r\n### Configuration\r\n\r\n📅 **Schedule**: Branch creation - \"before 4am on the first day of the\r\nmonth\" (UTC), Automerge - At any time (no schedule defined).\r\n\r\n🚦 **Automerge**: Disabled by config. Please merge this manually once you\r\nare satisfied.\r\n\r\n♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the\r\nrebase/retry checkbox.\r\n\r\n🔕 **Ignore**: Close this PR and you won't be reminded about this update\r\nagain.\r\n\r\n---\r\n\r\n- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check\r\nthis box\r\n\r\n---\r\n\r\nThis PR was generated by [Mend\r\nRenovate](https://www.mend.io/free-developer-tools/renovate/). View the\r\n[repository job\r\nlog](https://developer.mend.io/github/slsa-framework/slsa-verifier).\r\n\r\n<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzNy40NDAuNyIsInVwZGF0ZWRJblZlciI6IjM3LjQ0MC43IiwidGFyZ2V0QnJhbmNoIjoibWFpbiIsImxhYmVscyI6W119-->","shortMessageHtmlLink":"chore(deps): update golang:1.21 docker digest to f2eb989 (<a class=\"issue-link js-issue-link\" data-error-text=\"Failed to load title\" data-id=\"2441160256\" data-permission-text=\"Title is private\" data-url=\"https://github.com/slsa-framework/slsa-verifier/issues/796\" data-hovercard-type=\"pull_request\" data-hovercard-url=\"/slsa-framework/slsa-verifier/pull/796/hovercard\" href=\"https://github.com/slsa-framework/slsa-verifier/pull/796\">#796</a>)"}},{"before":"88bcb6bff768beedbf2aab433507ddb894e8d89e","after":"c7894378150517164d4a5b8824cc53ce8ac1317a","ref":"refs/heads/main","pushedAt":"2024-08-02T21:47:51.000Z","pushType":"pr_merge","commitsCount":1,"pusher":{"login":"ramonpetgrave64","name":"Ramon Petgrave","path":"/ramonpetgrave64","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/32398091?s=80&v=4"},"commit":{"message":"feat: refactor: use sigstore-go for fetching TrustedRoot (#791)\n\nUses the `sigstore-go` library for fetching the `TrustedRoot`, which\r\ncontains the Sigstore infrastructure certificates needed to validate the\r\nleaf ephemeral certificates used to sign artifacts.\r\n\r\nRefactors:\r\n\r\n- replace `TrustedRootSingleton()` with `getDefaultCosignCheckOpts()`,\r\nsince only `VerifyImage()` will now need that data.\r\n- replace `cosign.ValidateAndUnpackCert`\r\nwith`sigstoreVerify.VerifyLeafCertificate()`\r\n- use `sync.Once` for sigstore and rekor clients, and the `TrustedRoot`\r\n\r\n## Testing\r\n\r\n- existing tests continue to pass\r\n- [negative tests\r\n](https://github.com/slsa-framework/slsa-verifier/blob/d96b9777090694fa5096ee1b9c710a46b5a66f5e/cli/slsa-verifier/main_regression_test.go#L450-L471)\r\nagainst rekor TLogs\r\n- manual invocations of `verify-artifact`.\r\n\r\n---------\r\n\r\nSigned-off-by: Ramon Petgrave <ramon.petgrave64@gmail.com>","shortMessageHtmlLink":"feat: refactor: use sigstore-go for fetching TrustedRoot (<a class=\"issue-link js-issue-link\" data-error-text=\"Failed to load title\" data-id=\"2416799911\" data-permission-text=\"Title is private\" data-url=\"https://github.com/slsa-framework/slsa-verifier/issues/791\" data-hovercard-type=\"pull_request\" data-hovercard-url=\"/slsa-framework/slsa-verifier/pull/791/hovercard\" href=\"https://github.com/slsa-framework/slsa-verifier/pull/791\">#791</a>)"}},{"before":"7f3db9211ee9fc805534fd559845a9faa8e48597","after":"88bcb6bff768beedbf2aab433507ddb894e8d89e","ref":"refs/heads/main","pushedAt":"2024-08-02T19:51:08.000Z","pushType":"pr_merge","commitsCount":1,"pusher":{"login":"ramonpetgrave64","name":"Ramon Petgrave","path":"/ramonpetgrave64","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/32398091?s=80&v=4"},"commit":{"message":"chore: pin yamllint, golangci-lint (#783)\n\npins the yaml-lint and golangci-lint dependency used in pre-submits.\r\n\r\nThis is to fix code-scanning alerts about unpinned dependencies\r\n-\r\nhttps://github.com/slsa-framework/slsa-verifier/security/code-scanning/8\r\n-\r\nhttps://github.com/slsa-framework/slsa-verifier/security/code-scanning/21\r\n\r\n### Testing Process\r\n\r\nThe pre-submit test that uses yamllint and golangci-lint passes\r\n\r\n---------\r\n\r\nSigned-off-by: Ramon Petgrave <ramon.petgrave64@gmail.com>\r\nSigned-off-by: Ramon Petgrave <32398091+ramonpetgrave64@users.noreply.github.com>","shortMessageHtmlLink":"chore: pin yamllint, golangci-lint (<a class=\"issue-link js-issue-link\" data-error-text=\"Failed to load title\" data-id=\"2376332502\" data-permission-text=\"Title is private\" data-url=\"https://github.com/slsa-framework/slsa-verifier/issues/783\" data-hovercard-type=\"pull_request\" data-hovercard-url=\"/slsa-framework/slsa-verifier/pull/783/hovercard\" href=\"https://github.com/slsa-framework/slsa-verifier/pull/783\">#783</a>)"}},{"before":"0b14659ddee2a41154760438c26cf1f890ed2585","after":"7f3db9211ee9fc805534fd559845a9faa8e48597","ref":"refs/heads/main","pushedAt":"2024-07-30T19:46:05.000Z","pushType":"pr_merge","commitsCount":1,"pusher":{"login":"ramonpetgrave64","name":"Ramon Petgrave","path":"/ramonpetgrave64","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/32398091?s=80&v=4"},"commit":{"message":"feat: support npm cli provenance v1 attestations (#776)\n\nFixes #614, #450, #449, #515\r\n\r\nAdds support for NPM CLIs build provenances, generated when running `npm\r\npublish --provenance --access public` from a [GitHub Actions\r\nworkflow](https://github.com/ramonpetgrave64/gundam-visor/blob/599500821344b070902a7a5666064bfdaba715df/.github/workflows/npm-publish.yml#L21).\r\n\r\n## Testing\r\n\r\n- added unit tests for some new helper functions\r\n- added regression test cases\r\n\r\n## Future work\r\n\r\n- https://github.com/slsa-framework/slsa-verifier/issues/493, so we can\r\ndo `--print-provenance`\r\n- implemented in\r\nhttps://github.com/slsa-framework/slsa-verifier/pull/768#discussion_r1662938115\r\n\r\n---------\r\n\r\nSigned-off-by: Ramon Petgrave <ramon.petgrave64@gmail.com>","shortMessageHtmlLink":"feat: support npm cli provenance v1 attestations (<a class=\"issue-link js-issue-link\" data-error-text=\"Failed to load title\" data-id=\"2333964553\" data-permission-text=\"Title is private\" data-url=\"https://github.com/slsa-framework/slsa-verifier/issues/776\" data-hovercard-type=\"pull_request\" data-hovercard-url=\"/slsa-framework/slsa-verifier/pull/776/hovercard\" href=\"https://github.com/slsa-framework/slsa-verifier/pull/776\">#776</a>)"}},{"before":"bb2dc17e424daafbd2eff8ccc2d99e4cbbe01bd7","after":null,"ref":"refs/heads/dependabot/go_modules/go_modules-89292e4502","pushedAt":"2024-07-30T14:22:30.000Z","pushType":"branch_deletion","commitsCount":0,"pusher":{"login":"dependabot[bot]","name":null,"path":"/apps/dependabot","primaryAvatarUrl":"https://avatars.githubusercontent.com/in/29110?s=80&v=4"}}],"hasNextPage":true,"hasPreviousPage":false,"activityType":"all","actor":null,"timePeriod":"all","sort":"DESC","perPage":30,"cursor":"Y3Vyc29yOnYyOpK7MjAyNC0wOS0wNFQyMDoxOTo0Mi4wMDAwMDBazwAAAAStIVat","startCursor":"Y3Vyc29yOnYyOpK7MjAyNC0wOS0wNFQyMDoxOTo0Mi4wMDAwMDBazwAAAAStIVat","endCursor":"Y3Vyc29yOnYyOpK7MjAyNC0wNy0zMFQxNDoyMjozMC4wMDAwMDBazwAAAASNFKfM"}},"title":"Activity · slsa-framework/slsa-verifier"}