-
-
Notifications
You must be signed in to change notification settings - Fork 585
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Introduce Official Bandit Images #1088
Commits on Jan 6, 2024
-
Introduce Official Bandit Images
Folks are using various bandit images kindly built by others, but we should really start providing one of our that builds directly from source (the others use pip install). Should a different container image be subjected to some sort of attack (maintainer take over), this could lead to some serious problems for those using Bandit. This PR includes an action to build, publish and sign the image using sigstore cosign. This way (should they wish) users can verify the source of origin for these images were the offcial repo. You can see an example of this below, where I tested the action in my own test fork (bandit-test): https://search.sigstore.dev/?logIndex=61918446 Signed-off-by: Luke Hinds <luke@stacklok.com>
Configuration menu - View commit details
-
Copy full SHA for ef645de - Browse repository at this point
Copy the full SHA ef645deView commit details -
Signed-off-by: Luke Hinds <luke@stacklok.com>
Configuration menu - View commit details
-
Copy full SHA for 8c96d06 - Browse repository at this point
Copy the full SHA 8c96d06View commit details
Commits on Jan 7, 2024
-
Configuration menu - View commit details
-
Copy full SHA for 2b2beca - Browse repository at this point
Copy the full SHA 2b2becaView commit details
Commits on Jan 8, 2024
-
Single python release and review points
Signed-off-by: Luke Hinds <luke@stacklok.com>
Configuration menu - View commit details
-
Copy full SHA for 9e97dd2 - Browse repository at this point
Copy the full SHA 9e97dd2View commit details -
Single python release and review points
Signed-off-by: Luke Hinds <luke@stacklok.com>
Configuration menu - View commit details
-
Copy full SHA for 475408c - Browse repository at this point
Copy the full SHA 475408cView commit details -
Remove arch from container tag
Signed-off-by: Luke Hinds <luke@stacklok.com>
Configuration menu - View commit details
-
Copy full SHA for 5aab55a - Browse repository at this point
Copy the full SHA 5aab55aView commit details -
Remove arch from container tag
Signed-off-by: Luke Hinds <luke@stacklok.com>
Configuration menu - View commit details
-
Copy full SHA for 91ae422 - Browse repository at this point
Copy the full SHA 91ae422View commit details -
Missed text referencing arch tag
Signed-off-by: Luke Hinds <luke@stacklok.com>
Configuration menu - View commit details
-
Copy full SHA for 8d6dcf6 - Browse repository at this point
Copy the full SHA 8d6dcf6View commit details
Commits on Jan 19, 2024
-
Configuration menu - View commit details
-
Copy full SHA for 69d4c68 - Browse repository at this point
Copy the full SHA 69d4c68View commit details -
Configuration menu - View commit details
-
Copy full SHA for 50ce0c9 - Browse repository at this point
Copy the full SHA 50ce0c9View commit details
Commits on Jan 22, 2024
-
Configuration menu - View commit details
-
Copy full SHA for 70ebbc9 - Browse repository at this point
Copy the full SHA 70ebbc9View commit details -
Configuration menu - View commit details
-
Copy full SHA for 4ed7858 - Browse repository at this point
Copy the full SHA 4ed7858View commit details