issues
search
stacklok
/
minder-rules-and-profiles
A repository containing Minder rules and profiles recommended by your friends at Stacklok
Apache License 2.0
15
stars
7
forks
source link
issues
Newest
Newest
Most commented
Recently updated
Oldest
Least commented
Least recently updated
Remove enabled property from ruletypes [DO NOT MERGE]
#160
eleftherias
opened
10 hours ago
1
Fix a few typos and update the release phase for one of the ruletypes
#159
rdimitrov
closed
1 week ago
0
Do not skip, but fail if the artifact doesn't have any slsa attestations generated
#158
rdimitrov
closed
1 week ago
0
Set the correct release_phase fields for all ruletypes
#157
rdimitrov
closed
1 week ago
0
Remove enabled property from rule types
#156
eleftherias
opened
1 week ago
0
LICENSE file rule shouldn't have required parameter that can be blank
#155
ethomson
opened
1 week ago
0
Fix typo in display name for Trusty rule
#154
eleftherias
closed
1 week ago
0
Make rule guidance more readable by using markdown.
#153
blkt
closed
1 week ago
0
Create set of rule types that address branch protection rules in GitLab
#152
JAORMX
opened
2 weeks ago
0
Create rule type for checking LICENSE file for GitLab
#151
JAORMX
opened
2 weeks ago
0
Make rule guidance more readable by using markdown
#149
eleftherias
closed
1 week ago
0
Add python as a langugage for codeql invocation in GHAS profile
#148
JAORMX
closed
3 weeks ago
0
Create a check that ensures all ruletypes have their state properly set
#147
rdimitrov
closed
3 weeks ago
0
Add a display name for each rule type
#146
eleftherias
closed
1 week ago
0
Introduce a ruletype release_phase field and set it to alpha for all ruletypes
#145
rdimitrov
closed
3 weeks ago
0
Populate display names for all rule types
#144
eleftherias
closed
1 week ago
0
Update the release phase field in all ruletypes by setting it to the correct value
#143
rdimitrov
closed
1 week ago
1
Update all upstream ruletypes by adding the state field and populating it with alpha
#142
blkt
closed
3 weeks ago
0
Github: Add rule type that verifies that harden runner is the first step
#141
JAORMX
opened
3 weeks ago
5
Enable remediation tests for branch_protection_enabled
#140
rdimitrov
closed
4 weeks ago
0
Make repository optional for the GH attestations ruletype
#139
jhrozek
closed
1 month ago
0
Review all ruletypes and select which should be part of the bundle
#138
rdimitrov
closed
2 days ago
0
Apply suggestions from #136
#137
evankanderson
closed
1 month ago
0
Initial OpenSSF baseline profile
#136
puerco
closed
1 month ago
1
Add rule to detect GitHub Actions using default permissions
#135
evankanderson
closed
1 month ago
0
Add rule to detect GitHub Actions using default permissions
#134
evankanderson
closed
1 month ago
2
Revert "Remove `enabled` setting from secret_push_protection (#132)"
#133
dmjb
closed
1 month ago
0
Remove `enabled` setting from secret_push_protection
#132
dmjb
closed
1 month ago
0
Initial OpenSSF baseline profile
#131
puerco
closed
1 month ago
2
Add an example profile for GH attestations
#130
jhrozek
closed
1 month ago
0
Fix the slsa_gh_attestation rule type
#129
jhrozek
closed
1 month ago
0
The artifact_attestation_slsa rule type does not work after GH attestations went from beta to GA
#128
jhrozek
closed
1 month ago
0
Scorecard action
#127
lukehinds
closed
1 month ago
0
Add rule to detect GitHub Actions using default permissions
#126
stacklokbot
closed
1 month ago
3
Fix the expected signer identity for minder server
#125
rdimitrov
closed
2 months ago
0
Bump actions/setup-go from 5.0.1 to 5.0.2
#123
dependabot[bot]
closed
2 months ago
0
Bump aquasecurity/trivy-action from 0.23.0 to 0.24.0
#122
dependabot[bot]
closed
2 months ago
0
Include enablement for autofix in CodeQL rule type
#150
meganbruce
opened
2 months ago
0
Bump aquasecurity/trivy-action from 0.22.0 to 0.23.0
#121
dependabot[bot]
closed
2 months ago
0
Bump actions/checkout from 4.1.6 to 4.1.7
#120
dependabot[bot]
closed
2 months ago
0
Bump aquasecurity/trivy-action from 0.21.0 to 0.22.0
#119
dependabot[bot]
closed
3 months ago
0
Profiles should not alert by default
#118
ethomson
closed
3 months ago
0
Bump aquasecurity/trivy-action from 0.20.0 to 0.21.0
#117
dependabot[bot]
closed
3 months ago
0
Update trusty rule and profile with new fields
#116
puerco
closed
3 months ago
1
Bump actions/checkout from 4.1.1 to 4.1.6
#115
dependabot[bot]
closed
4 months ago
0
Bump aquasecurity/trivy-action from 0.16.1 to 0.20.0
#114
dependabot[bot]
closed
4 months ago
0
Bump actions/checkout from 4.1.1 to 4.1.5
#113
dependabot[bot]
closed
4 months ago
1
Add dependabot profile for rust projects
#112
blkt
closed
4 months ago
0
Trusty PR add provenance and activity
#111
puerco
closed
3 months ago
0
Bump actions/checkout from 4.1.1 to 4.1.5
#110
dependabot[bot]
closed
4 months ago
0
Next