commits  

Messages by Thread

• • (tooling-trusted-releases) 01/01: Add task which can trigger a specified github action, provided ATR has a valid token for that repository. arm
• (tooling-trusted-releases) branch gha-connectivity updated: Add task which can trigger a specified github action, provided ATR has a valid token for that repository. arm
• (tooling-trusted-releases) branch gha-connectivity created (now 7a42037) arm
  • (tooling-trusted-releases) 01/01: Lookup Github NIDs in LDAP arm
• (tooling-actions) branch main updated (b659c12 -> 4cea2e1) arm
  • (tooling-actions) 01/01: Update to latest action arm
• (tooling-actions) branch main updated: Update to latest action arm
• (tooling-actions) branch main updated (8b41ac0 -> da8b238) arm
  • (tooling-actions) 01/01: Add github token arm
• (tooling-actions) branch main updated (80088ef -> 8b41ac0) arm
  • (tooling-actions) 01/01: Add github token arm
• (tooling-actions) branch main updated: Add ID token write arm
• (tooling-actions) branch main updated (7b4b9ea -> 01f16ce) arm
  • (tooling-actions) 01/01: Fix newline issues and add new pipeline arm
• (tooling-actions) branch main updated (3f7144c -> 7b4b9ea) arm
  • (tooling-actions) 01/01: Fix newline issues and add new pipeline arm
• (tooling-actions) branch main updated (df48f4d -> 3f7144c) arm
  • (tooling-actions) 01/01: Fix failures arm
• (tooling-actions) branch main updated (168df67 -> df48f4d) arm
  • (tooling-actions) 01/01: Fix failures arm
• (tooling-actions) branch main updated: New test workflow arm
• (tooling-actions) branch main updated: Initial version of test distribution action arm
• (tooling-trusted-releases) branch main updated: Remove environment type param arm
• (tooling-trusted-releases) branch main updated: Add test workflow for API testing arm
• (tooling-trusted-releases) branch main updated: Add some directories to the Docker ignore file sbp
• (tooling-trusted-releases) branch main updated (6ce8e31 -> ca978b9) sbp
• (tooling-trusted-releases) branch sbp updated (abfad6a -> ca978b9) sbp
  • (tooling-trusted-releases) 01/01: Change how RAT checks are applied sbp
• (tooling-trusted-releases) branch sbp updated (41a9f63 -> abfad6a) sbp
  • (tooling-trusted-releases) 01/01: Add debugging for a CI problem sbp
• (tooling-trusted-releases) branch sbp updated: Add debugging for a CI problem sbp
• (tooling-trusted-releases) branch sbp updated: Change how RAT checks are applied sbp
• (tooling-trusted-releases) branch sbp updated (4743bd2 -> 6ce8e31) sbp
• (tooling-trusted-releases) branch main updated: Run workflows on the sbp branch as well as on main sbp
• (tooling-trusted-releases) branch sbp created (now 4743bd2) sbp
  • (tooling-trusted-releases) 01/01: Change how RAT checks are applied sbp
• (tooling-trusted-releases) branch main updated: Allow admin access to recent server logs during testing sbp
• (tooling-trusted-releases) branch main updated (54fcf67 -> f01b65f) sbp
• (tooling-trusted-releases) branch main updated (229c16d -> 54fcf67) sbp
  • (tooling-trusted-releases) 01/01: Add CI debugging sbp
• (tooling-trusted-releases) branch main updated: Add CI debugging sbp
• (tooling-trusted-releases) branch main updated: Exclude the RAT exclusion file and allow ignoring the checks cache sbp
• (tooling-trusted-releases) branch main updated: Change how RAT checks are applied sbp
• (tooling-trusted-releases) branch main updated: Fix the API documentation by using local assets sbp
• (tooling-trusted-releases) branch main updated: Allow the date and time a vote closes to be added to subjects sbp
• (tooling-trusted-releases) branch main updated (d963229 -> 172c66d) sbp
  • (tooling-trusted-releases) 01/01: Remove template interfaces from the vote and announce forms sbp
• (tooling-trusted-releases) branch main updated: Remove template interfaces from the vote and announce forms sbp
• (tooling-trusted-releases) branch main updated: Improve the documentation of the license check mode sbp
• (tooling-trusted-releases) branch main updated: Use the committee name for SVN import URLs sbp
• (tooling-trusted-releases) branch main updated: Allow the configuration of vote and announcement subject templates sbp
• (tooling-trusted-releases) branch main updated: Fix some function ordering and remove unused code sbp
• (tooling-trusted-releases) branch main updated: Migrate template variables from brackets to double braces sbp
• (tooling-trusted-releases) branch main updated: Show available template variables on relevant release policy fields sbp
• (tooling-trusted-releases) branch main updated: Expand checklist values before substituting sbp
• (tooling-trusted-releases) branch main updated: Detect development hosts used in containers sbp
• (tooling-trusted-releases) branch main updated: Make project cards actual links sbp
• (tooling-asf-example) branch main updated: Update the proposed packaging conventions sbp
• (tooling-trusted-releases) branch main updated: Record some attestable file metadata sbp
• (tooling-trusted-releases) branch main updated: Add GitHub Actions PR labeler with pinned SHA and scoped permissions sbp
• (tooling-trusted-releases) branch main updated: Allow users to configure between lightweight and RAT checks sbp
• (tooling-agents) branch main updated: Editing contributor agreement language akm
• (tooling-agents) branch main updated: Fixing links akm
• (tooling-agents) branch main updated: Fixing ASVS link akm
• (tooling-agents) branch main updated: Initial commit akm
• (tooling-agents) branch main updated (0e1b1ee -> 0b2ffaf) akm
  • (tooling-agents) 01/01: Initial commit akm
• (tooling-trusted-releases) branch main updated: Add the revision number to the files list sbp
• (tooling-agents) branch main updated (c666424 -> 0e1b1ee) akm
  • (tooling-agents) 01/01: Initial commit akm
• (tooling-agents) branch main updated (8057d1c -> c666424) akm
  • (tooling-agents) 01/01: Initial commit akm
• (tooling-agents) branch main updated (610e1f2 -> 8057d1c) akm
  • (tooling-agents) 01/01: Initial commit akm
• (tooling-agents) branch main created (now 610e1f2) akm
  • (tooling-agents) 01/01: Initial commit akm
• (tooling-trusted-releases) branch main updated: Do not wrap phase breadcrumbs sbp
• (tooling-trusted-releases) branch main updated: Improve the error message when creating a release that already exists sbp
• (tooling-trusted-releases) branch main updated: Fix a problem with pluralisation sbp
• (tooling-trusted-releases) branch main updated: Ensure that published files are downloaded rather than rendered sbp
• (tooling-trusted-releases) branch dependabot/github_actions/astral-sh/setup-uv-7.1.6 deleted (was 59ae691) sbp
• (tooling-trusted-releases) branch main updated: Bump actions/cache from 4.3.0 to 5.0.1 sbp
• (tooling-trusted-releases) branch dependabot/github_actions/actions/checkout-6.0.1 deleted (was 795cfb5) sbp
• (tooling-trusted-releases) branch main updated: Bump astral-sh/setup-uv from 6.4.3 to 7.1.6 sbp
• (tooling-trusted-releases) branch main updated (e6d0110 -> e76e364) sbp
• (tooling-trusted-releases) branch main updated (e76e364 -> aa7d168) sbp
• (tooling-trusted-releases) branch dependabot/github_actions/actions/cache-5.0.1 deleted (was c84f4d2) sbp
• (tooling-trusted-releases) branch dependabot/github_actions/advanced-security/dismiss-alerts-2.0.2 deleted (was 0cbcb8c) sbp
• (tooling-trusted-releases) branch dependabot/github_actions/actions/checkout-6.0.1 created (now 795cfb5) github-bot
• (tooling-trusted-releases) branch dependabot/github_actions/actions/cache-5.0.1 created (now c84f4d2) github-bot
• (tooling-trusted-releases) branch dependabot/github_actions/astral-sh/setup-uv-7.1.6 created (now 59ae691) github-bot
• (tooling-trusted-releases) branch dependabot/github_actions/advanced-security/dismiss-alerts-2.0.2 created (now 0cbcb8c) github-bot
• (tooling-trusted-releases) branch main updated: Configure Dependabot to update GitHub Actions sbp
• (tooling-trusted-releases) branch main updated: Move navigation rendering to the appropriate module sbp
• (tooling-trusted-releases) branch main updated: Update check results when polling for tasks remaining sbp
• (tooling-trusted-releases) branch main updated: Hide project options from users that cannot use them sbp
• (tooling-trusted-releases) branch main updated: Require a label when making a new PAT sbp
• (tooling-trusted-releases) branch main updated: Make top margin more consistent between pages sbp
• (tooling-trusted-releases) branch main updated: Fix unparenthesized code sbp
• (tooling-trusted-releases) branch main updated: Make pluralisation more consistent throughout sbp
• (tooling-trusted-releases) branch main updated: Add a note about keeping Widget.SELECT as the form choice default sbp
• (tooling-actions) branch main updated: Remove the ASF UID parameter from the upload-to-ATR documentation sbp
• (tooling-trusted-releases) branch main updated: Fix a problem with preformatted style in table cells sbp
• (tooling-trusted-releases) branch main updated: Fix function ordering in some top level modules sbp
• (tooling-trusted-releases) branch main updated: Improve the display of the remaining vote duration sbp
• (tooling-trusted-releases) branch previous_sbom_results deleted (was ea8ecdd) arm
• (tooling-trusted-releases) branch main updated: Pull previous SBOM results into the report and highlight new/changed vulnerabilities and licenses. arm
• (tooling-trusted-releases) branch previous_sbom_results updated (759c95e -> ea8ecdd) arm
• (tooling-trusted-releases) branch previous_sbom_results updated (c80188d -> 759c95e) arm
• (tooling-trusted-releases) branch previous_sbom_results updated (5e53c04 -> c80188d) arm
• (tooling-trusted-releases) branch main updated: Add a paragraph about Bootstrap customisation to code conventions sbp
• (tooling-trusted-releases) branch main updated: Fix function order in POST route and shared modules sbp
• (tooling-trusted-releases) branch main updated: Fix function order in GET route modules sbp
• (tooling-trusted-releases) branch previous_sbom_results updated (3f2a259 -> 5e53c04) arm
• (tooling-trusted-releases) branch previous_sbom_results updated (6d267b9 -> 3f2a259) arm
  • (tooling-trusted-releases) 01/01: Pull previous SBOM results into the report and highlight new/changed vulnerabilities and licenses. arm
• (tooling-trusted-releases) branch previous_sbom_results updated: Show previous/changed licenses arm
• (tooling-trusted-releases) branch main updated: Address some path traversal vulnerabilities sbp
• (tooling-trusted-releases) branch previous_sbom_results updated (0218edb -> b9e4de2) arm
  • (tooling-trusted-releases) 02/02: Add some colour to the report and add icon helper to htm arm
  • (tooling-trusted-releases) 01/02: Abstract task fetches arm
• (tooling-trusted-releases) branch main updated: Reserve a type for confirmation fields and make them more consistent sbp
• (tooling-trusted-releases) branch main updated: Explain to unauthenticated users when a vote is not open sbp
• (tooling-trusted-releases) branch main updated: Add best practices for installing JS dependencies to code conventions sbp
• (tooling-trusted-releases) branch main updated: Use uvloop to avoid APPLICATION_DATA_AFTER_CLOSE_NOTIFY errors sbp
• (tooling-trusted-releases) branch main updated: Take the phase navigation bar out of the top navigation shadow sbp
• (tooling-trusted-releases) branch previous_sbom_results updated (837d129 -> 0218edb) arm
  • (tooling-trusted-releases) 02/03: Don't need keys() arm
  • (tooling-trusted-releases) 01/03: Fix non-digit character handling in version_sort_key arm
  • (tooling-trusted-releases) 03/03: Show change from previous severity and change defaults for previous license info arm
• (tooling-trusted-releases) branch main updated: Add a summary of checks before the compose file list sbp
• (tooling-trusted-releases) branch previous_sbom_results updated (2d9da11 -> 837d129) arm
  • (tooling-trusted-releases) 01/02: Find previous results and include in score result for report. arm
  • (tooling-trusted-releases) 02/02: Highlight new/updated vulnerabilities and colour code severities arm
• (tooling-trusted-releases) branch previous_sbom_results updated: Highlight new/updated vulnerabilities and colour code severities arm
• (tooling-trusted-releases) branch main updated: Fix a bug with counting abstain votes sbp
• (tooling-trusted-releases) branch previous_sbom_results created (now f6a26b2) arm
  • (tooling-trusted-releases) 01/01: Find previous results and include in score result for report. arm
• (tooling-trusted-releases) branch main updated: Copy the most recent cached check only sbp
• (tooling-trusted-releases) branch main updated: Skip malformed upstream projects data sbp
• (tooling-trusted-releases) branch main updated: Add check result caching and apply to license checks sbp
• (tooling-trusted-releases) branch main updated: Parenthesize subexpressions consistently sbp
• (tooling-trusted-releases) branch main updated: Collate licenses as part of SBOM scoring and add to report arm
• (tooling-trusted-releases) branch main updated: Small CLI documentation improvement arm
• (tooling-trusted-releases) branch main updated: Fix a couple of bugs in the SBOM report augment section arm
• (tooling-trusted-releases) branch main updated: Add a column showing how long recent tasks took sbp
• (tooling-trusted-releases) branch sbom_version_changes deleted (was cf10e19) sbp
• (tooling-trusted-releases) branch main updated: Update outdated tool scanners and add ATR tool metadata to the SBOM. Reference existing BOM versions in augment tasks. sbp
• (tooling-trusted-releases) branch sbom_version_changes updated (a00cce5 -> cf10e19) arm
• (tooling-trusted-releases) branch sbom_version_changes updated (d4cae34 -> a00cce5) arm
• (tooling-trusted-releases) branch sbom_version_changes updated (347aa71 -> d4cae34) arm
• (tooling-trusted-releases) branch main updated (10932c3 -> 46b15aa) sbp
• (tooling-trusted-releases) branch sbom_version_changes updated (f2472bf -> 347aa71) arm
• (tooling-trusted-releases) branch main updated (25c7758 -> 10932c3) sbp
• (tooling-trusted-releases) branch sbom_version_changes created (now f2472bf) arm
  • (tooling-trusted-releases) 01/01: Update outdated tool scanners and add ATR tool metadata to the SBOM arm
• (tooling-trusted-releases) branch vulnerabilities_sbom deleted (was cf42fec) sbp
• (tooling-trusted-releases) branch main updated: Store vulnerabilities in SBOM and read back from the report. Store ATR task info in SBOM as a reference. sbp
• (tooling-trusted-releases) branch main updated (9368da3 -> 02e2cdb) sbp
  • (tooling-trusted-releases) 01/01: Add progress bars to indicate the status of uploads sbp
• (tooling-trusted-releases) branch main updated: Add progress bars to indicate the status of uploads sbp
• (tooling-trusted-releases) branch vulnerabilities_sbom updated (3884c68 -> cf42fec) arm
• (tooling-trusted-releases) branch vulnerabilities_sbom updated (3bafdd4 -> 3884c68) arm
  • (tooling-trusted-releases) 01/01: Store vulnerabilities in SBOM and read back from the report. Store ATR task info in SBOM as a reference. arm
• (tooling-trusted-releases) branch vulnerabilities_sbom updated: Store vulnerabilities in SBOM and read back from the report. Store ATR task info in SBOM as a reference. arm
• (tooling-trusted-releases) branch vulnerabilities_sbom updated (92b5e8b -> 9d7391d) arm
  • (tooling-trusted-releases) 01/01: Store vulnerabilities in SBOM and read back from the report. Store ATR task info in SBOM as a reference. arm
• (tooling-trusted-releases) branch main updated: Control dependencies more carefully and ensure frequent updates sbp
• (tooling-trusted-releases) branch vulnerabilities_sbom created (now 92b5e8b) arm
  • (tooling-trusted-releases) 01/01: Saving first day's work arm
• (tooling-trusted-releases) branch main updated: Ensure that state is reset in test modules before starting sbp
• (tooling-trusted-releases) branch main updated: Update dependencies due to CVE-2025-68146 in filelock sbp
• (tooling-trusted-releases) branch main updated: Return actual error if task fails, otherwise timeout arm
• (tooling-docs) branch main updated: Add ATR release download page guidance wave
• (tooling-trusted-releases) branch main updated: Use separate forms for the two ways to upload KEYS files sbp
• (tooling-trusted-releases) branch main updated: Only allow SVN imports from known locations sbp
• (tooling-trusted-releases) branch main updated: Fix a bug in the file interface sbp
• (tooling-trusted-releases) branch main updated: Scan files using puremagic on upload sbp
• (tooling-trusted-releases) branch main updated: Show list of components for validation errors arm
• (tooling-trusted-releases) branch main updated: Remove an unused Bootstrap CSS asset sbp
• (tooling-trusted-releases) branch main updated: Update Bootstrap CSS and JS build outputs to be based on 5.3.8 sbp
• (tooling-trusted-releases) branch main updated: Use Bootstrap 5.3.8 sbp
• (tooling-trusted-releases) branch main updated: Improve the Bootstrap build process sbp
• (tooling-trusted-releases) branch sbom_generation_fix deleted (was 32bfd76) arm
• (tooling-trusted-releases) branch main updated (a9ebf7a -> cf7e2f6) sbp
  • (tooling-trusted-releases) 02/02: Remove unused JS configuration files and settings sbp
  • (tooling-trusted-releases) 01/02: Link to vulnerability details from report, include more info in error model, don't error on missing PURL for files. sbp
• (tooling-trusted-releases) branch sbom_report_updates deleted (was d879a94) sbp
• (tooling-trusted-releases) branch sbom_report_updates updated (cbf0806 -> d879a94) sbp
• (tooling-trusted-releases) branch sbom_report_updates updated (65b12ae -> cbf0806) arm
• (tooling-trusted-releases) branch main updated: Use the script method to install syft sbp
• (tooling-trusted-releases) branch main updated: Split docker build into 3 stages, simplify dependencies, use uv for python since we use it anyway, use buildkit for parallel sbp
• (tooling-trusted-releases) branch docker_build_updates deleted (was 0f8c20d) sbp
• (tooling-trusted-releases) branch main updated (4335de2 -> 6e2e7f5) arm
• (tooling-trusted-releases) branch docker_build_updates created (now 0f8c20d) arm
  • (tooling-trusted-releases) 01/01: Split docker build into 3 stages, simplify dependencies, use uv for python since we use it anyway, use buildkit for parallel arm
• (tooling-trusted-releases) branch main updated: Move biome and oxlint to the standard lints configuration sbp
• (tooling-trusted-releases) branch main updated: Fix lint errors in the script to display the vote email preview sbp
• (tooling-trusted-releases) branch main updated: Add tests for the script on the voting page sbp
• (tooling-trusted-releases) branch main updated: Treat all script lint warnings as errors sbp

• Earlier messages
• Later messages