spiffe · MarcosDY · Aug 17, 2023 · Aug 16, 2023 · Aug 17, 2023
@@ -244,4 +244,4 @@ $ ln -s .githooks/pre-commit .git/hooks/pre-commit
 
 ## Reporting security vulnerabilities
 
-If you've found a vulnerability or a potential vulnerability in SPIRE please let us know at security@spiffe.io. We'll send a confirmation email to acknowledge your report, and we'll send an additional email when we've identified the issue positively or negatively.
+If you've found a vulnerability or a potential vulnerability in SPIRE please let us know at <security@spiffe.io>. We'll send a confirmation email to acknowledge your report, and we'll send an additional email when we've identified the issue positively or negatively.
@@ -138,12 +138,12 @@ endif
 
 go_path := PATH="$(go_bin_dir):$(PATH)"
 
-golangci_lint_version = v1.53.3
+golangci_lint_version = v1.54.1
 golangci_lint_dir = $(build_dir)/golangci_lint/$(golangci_lint_version)
 golangci_lint_bin = $(golangci_lint_dir)/golangci-lint
 golangci_lint_cache = $(golangci_lint_dir)/cache
 
-markdown_lint_version = v0.33.0
+markdown_lint_version = v0.35.0
 markdown_lint_image = ghcr.io/igorshubovych/markdownlint-cli:$(markdown_lint_version)
 
 protoc_version = 3.20.1

@@ -68,6 +68,6 @@ A third party security firm ([Cure53](https://cure53.de/)) completed a security
 
 ### Reporting Security Vulnerabilities
 
-If you've found a vulnerability or a potential vulnerability in SPIRE please let us know at security@spiffe.io. We'll send a confirmation email to acknowledge your report, and we'll send an additional email when we've identified the issue positively or negatively.
+If you've found a vulnerability or a potential vulnerability in SPIRE please let us know at <security@spiffe.io>. We'll send a confirmation email to acknowledge your report, and we'll send an additional email when we've identified the issue positively or negatively.
 
 <!-- markdownlint-configure-file { "MD041": false } -->
@@ -6,4 +6,4 @@ The project supports security releases for the current minor release series and
 
 ## Reporting a Vulnerability
 
-If you've found a vulnerability or a potential vulnerability in SPIRE please let us know at security@spiffe.io. We'll send a confirmation email to acknowledge your report, and we'll send an additional email when we've identified the issue positively or negatively.
+If you've found a vulnerability or a potential vulnerability in SPIRE please let us know at <security@spiffe.io>. We'll send a confirmation email to acknowledge your report, and we'll send an additional email when we've identified the issue positively or negatively.
@@ -118,11 +118,11 @@ Sigstore enabled selectors (available when configured to use sigstore)
 
 | Selector                                           | Value                                                                                                                                                                                                                                                      |
 |----------------------------------------------------|------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
-| k8s:${containerID}:image-signature-content         | A containerID is an unique alphanumeric number for each container. The value of the signature itself in a hash (eg. "k8s:000000:image-signature-content:MEUCIQCyem8Gcr0sPFMP7fTXazCN57NcN5+MjxJw9Oo0x2eM+AIgdgBP96BO1Te/NdbjHbUeb0BUye6deRgVtQEv5No5smA=") |
-| k8s:${containerID}:image-signature-subject         | OIDC principal that signed it (eg. "k8s:000000:image-signature-subject:spirex@example.com")                                                                                                                                                               |
-| k8s:${containerID}:image-signature-logid           | A unique LogID for the Rekor transparency log (eg. "k8s:000000:image-signature-logid:samplelogID")                                                                                                                                                        |
-| k8s:${containerID}:image-signature-integrated-time | The time (in Unix timestamp format) when the image signature was integrated into the signature transparency log (eg. "k8s:000000:image-signature-integrated-time:12345")                                                                                  |
-| k8s:sigstore-validation                            | The confirmation if the signature is valid, has value of "passed" (eg. "k8s:sigstore-validation:passed")                                                                                                                                                   |
+| k8s:${containerID}:image-signature-content         | A containerID is an unique alphanumeric number for each container. The value of the signature itself in a hash (eg. `k8s:000000:image-signature-content:MEUCIQCyem8Gcr0sPFMP7fTXazCN57NcN5+MjxJw9Oo0x2eM+AIgdgBP96BO1Te/NdbjHbUeb0BUye6deRgVtQEv5No5smA=`) |
+| k8s:${containerID}:image-signature-subject         | OIDC principal that signed it (eg. `k8s:000000:image-signature-subject:spirex@example.com`)                                                                                                                                                               |
+| k8s:${containerID}:image-signature-logid           | A unique LogID for the Rekor transparency log (eg. `k8s:000000:image-signature-logid:samplelogID`)                                                                                                                                                        |
+| k8s:${containerID}:image-signature-integrated-time | The time (in Unix timestamp format) when the image signature was integrated into the signature transparency log (eg. `k8s:000000:image-signature-integrated-time:12345`)                                                                                  |
+| k8s:sigstore-validation                            | The confirmation if the signature is valid, has value of "passed" (eg. `k8s:sigstore-validation:passed`)                                                                                                                                                   |
 > **Note** `container-image` will ONLY match against the specific container in the pod that is contacting SPIRE on behalf of
 > the pod, whereas `pod-image` and `pod-init-image` will match against ANY container or init container in the Pod,
 > respectively.

@@ -31,27 +31,27 @@ The provider has the following command line flags:
 The configuration file is **required** by the provider. It contains
 [HCL](https://github.com/hashicorp/hcl) encoded configurables.
 
-| Key                     | Type    | Required?      | Description                                                            | Default  |
-|-------------------------|---------|----------------|------------------------------------------------------------------------|----------|
-| `acme`                  | section | required[1]    | Provides the ACME configuration.                                       |          |
-| `serving_cert_file`     | section | required[1][4] | Provides the serving certificate configuration.                        |          |
-| `allow_insecure_scheme` | string  | optional[3]    | Serves OIDC configuration response with HTTP url.                      | `false`  |
-| `domains`               | strings | required       | One or more domains the provider is being served from.                 |          |
-| `experimental`          | section | optional       | The experimental options that are subject to change or removal.        |          |
-| `insecure_addr`         | string  | optional[3]    | Exposes the service on http.                                           |          |
-| `set_key_use`           | bool    | optional       | If true, the `use` parameter on JWKs will be set to `sig`.             | `false`  |
-| `listen_socket_path`    | string  | required[1][3] | Path on disk to listen with a Unix Domain Socket. Unix platforms only. |          |
-| `log_format`            | string  | optional       | Format of the logs (either `"TEXT"` or `"JSON"`)                       | `""`     |
-| `log_level`             | string  | required       | Log level (one of `"error"`,`"warn"`,`"info"`,`"debug"`)               | `"info"` |
-| `log_path`              | string  | optional       | Path on disk to write the log.                                         |          |
-| `log_requests`          | bool    | optional       | If true, all HTTP requests are logged at the debug level               | `false`  |
-| `server_api`            | section | required[2]    | Provides SPIRE Server API details.                                     |          |
-| `workload_api`          | section | required[2]    | Provides Workload API details.                                         |          |
-| `health_checks`         | section | optional       | Enable and configure health check endpoints                            |          |
-
-| experimental             | Type   | Required?      | Description                                          | Default |
-|--------------------------|--------|----------------|------------------------------------------------------|---------|
-| `listen_named_pipe_name` | string | required[1][3] | Pipe name to listen with a named pipe. Windows only. |         |
+| Key                     | Type    | Required?          | Description                                                            | Default  |
+|-------------------------|---------|--------------------|------------------------------------------------------------------------|----------|
+| `acme`                  | section | required[1]        | Provides the ACME configuration.                                       |          |
+| `serving_cert_file`     | section | required\[1\]\[4\] | Provides the serving certificate configuration.                        |          |
+| `allow_insecure_scheme` | string  | optional\[3\]      | Serves OIDC configuration response with HTTP url.                      | `false`  |
+| `domains`               | strings | required           | One or more domains the provider is being served from.                 |          |
+| `experimental`          | section | optional           | The experimental options that are subject to change or removal.        |          |
+| `insecure_addr`         | string  | optional\[3\]      | Exposes the service on http.                                           |          |
+| `set_key_use`           | bool    | optional           | If true, the `use` parameter on JWKs will be set to `sig`.             | `false`  |
+| `listen_socket_path`    | string  | required\[1\]\[3\] | Path on disk to listen with a Unix Domain Socket. Unix platforms only. |          |
+| `log_format`            | string  | optional           | Format of the logs (either `"TEXT"` or `"JSON"`)                       | `""`     |
+| `log_level`             | string  | required           | Log level (one of `"error"`,`"warn"`,`"info"`,`"debug"`)               | `"info"` |
+| `log_path`              | string  | optional           | Path on disk to write the log.                                         |          |
+| `log_requests`          | bool    | optional           | If true, all HTTP requests are logged at the debug level               | `false`  |
+| `server_api`            | section | required\[2\]      | Provides SPIRE Server API details.                                     |          |
+| `workload_api`          | section | required\[2\]      | Provides Workload API details.                                         |          |
+| `health_checks`         | section | optional           | Enable and configure health check endpoints                            |          |
+
+| experimental             | Type   | Required?          | Description                                          | Default |
+|--------------------------|--------|--------------------|------------------------------------------------------|---------|
+| `listen_named_pipe_name` | string | required\[1\]\[3\] | Pipe name to listen with a named pipe. Windows only. |         |
 
 <!-- markdownlint-configure-file { "MD053": false } -->
Original file line number	Diff line number	Diff line change
Expand Up		@@ -244,4 +244,4 @@ $ ln -s .githooks/pre-commit .git/hooks/pre-commit

		## Reporting security vulnerabilities

		If you've found a vulnerability or a potential vulnerability in SPIRE please let us know at security@spiffe.io. We'll send a confirmation email to acknowledge your report, and we'll send an additional email when we've identified the issue positively or negatively.
		If you've found a vulnerability or a potential vulnerability in SPIRE please let us know at <security@spiffe.io>. We'll send a confirmation email to acknowledge your report, and we'll send an additional email when we've identified the issue positively or negatively.
Original file line number	Diff line number	Diff line change
Expand Up		@@ -6,4 +6,4 @@ The project supports security releases for the current minor release series and

		## Reporting a Vulnerability

		If you've found a vulnerability or a potential vulnerability in SPIRE please let us know at security@spiffe.io. We'll send a confirmation email to acknowledge your report, and we'll send an additional email when we've identified the issue positively or negatively.
		If you've found a vulnerability or a potential vulnerability in SPIRE please let us know at <security@spiffe.io>. We'll send a confirmation email to acknowledge your report, and we'll send an additional email when we've identified the issue positively or negatively.