-
Allstar could run gittuf across all repos in an org and alert any repos which gittuf does not pass.
cc @adityasaky I saw your presentation at the TAC meeting today, looks like a good fit!
-
### Add a description
Currently, gittuf rules are specified through the CLI (i.e. `gittuf policy add-rule`, `gittuf policy apply`). This works, but can become unwieldy rather quickly, especially when…
-
A `ssh.NewSignerFromFile` for these 10 lines might be helpful.
_Originally posted by @lukpueh in https://github.com/gittuf/gittuf/pull/436#discussion_r1642333164_
-
### Add a description
Currently, gittuf rules cannot be easily reordered without removing them and adding them back in the desired order. As rule order matters in gittuf, adding reordering functional…
-
This should eventually drop the explicit RSA, ECDSA, etc types. We want just SSH here.
_Originally posted by @adityasaky in https://github.com/gittuf/gittuf/pull/436#discussion_r16386…
-
### Add a description
gittuf's tests take quite some time to complete, partly due to the large amount of temporary directories we create now that #372 has been merged. There's likely room for impro…
-
As noted in the gittuf roadmap, we must start using gittuf to protect the gittuf source repository. To do so, we need to consider the following things:
1) Policies: what policies do we enable for t…
-
To improve gittuf's UX (#4), the CLI must provide some command compatibility with Git itself. This would allow users to use gittuf as a drop-in replacement for Git in common workflows such as syncing …
-
### Add a description
In conjunction with https://github.com/gittuf/gittuf/issues/280, we must add `gittuf trust renew` and `gittuf policy renew` subcommands to update the expiry (and version number)…
-
### Add a description
Gittuf should have a way to allow automatic delegation creation when branches are created, with a gittuf command like `gittuf checkout -b branchname`, which automticaly creates …