| B | C | D | E | F | G | H | I | J | K | L | M | N | O | P | Q | R | S | T | U | V | W | X | Y | Z | |
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
1 | Date | Title | Repository | Owner | URL | IsPR | IsIssue | Merged | |||||||||||||||||
2 | 12/3/2021 | sigstore - Included corpus | oss-fuzz | https://github.com/google/oss-fuzz/pull/6964 | TRUE | FALSE | FALSE | ||||||||||||||||||
3 | 12/2/2021 | Update docker-sign.yml | scorecard-action | ossf | https://github.com/ossf/scorecard-action/pull/10 | TRUE | FALSE | TRUE | |||||||||||||||||
4 | 12/2/2021 | Upgraded go-securesystemslib from 0.1.0 to 0.2.0 | sigstore | sigstore | https://github.com/sigstore/sigstore/pull/178 | TRUE | FALSE | TRUE | |||||||||||||||||
5 | 12/2/2021 | Additional corpus for ecdsa and ed25519 | sigstore | sigstore | https://github.com/sigstore/sigstore/pull/177 | TRUE | FALSE | TRUE | |||||||||||||||||
6 | 12/1/2021 | Fuzz testing DSSE | sigstore | sigstore | https://github.com/sigstore/sigstore/pull/173 | TRUE | FALSE | TRUE | |||||||||||||||||
7 | 12/1/2021 | Failed to verify signature in DSSE | sigstore | sigstore | https://github.com/sigstore/sigstore/issues/172 | FALSE | TRUE | FALSE | |||||||||||||||||
8 | 11/30/2021 | Migrate from github.com/tent/canonical-json-go as it is archived | go-tuf | theupdateframework | https://github.com/theupdateframework/go-tuf/issues/180 | FALSE | TRUE | FALSE | |||||||||||||||||
9 | 11/30/2021 | Fuzzing for RSAPASS | sigstore | sigstore | https://github.com/sigstore/sigstore/pull/170 | TRUE | FALSE | TRUE | |||||||||||||||||
10 | 11/30/2021 | Upgrade to go 1.16 | go-tuf | theupdateframework | https://github.com/theupdateframework/go-tuf/pull/179 | TRUE | FALSE | TRUE | |||||||||||||||||
11 | 11/30/2021 | Upgrade go to supported version | go-tuf | theupdateframework | https://github.com/theupdateframework/go-tuf/issues/178 | FALSE | TRUE | FALSE | |||||||||||||||||
12 | 11/30/2021 | Implement Fuzzing | go-tuf | theupdateframework | https://github.com/theupdateframework/go-tuf/issues/177 | FALSE | TRUE | FALSE | |||||||||||||||||
13 | 11/30/2021 | Included CIFuzz | sigstore | sigstore | https://github.com/sigstore/sigstore/pull/169 | TRUE | FALSE | TRUE | |||||||||||||||||
14 | 11/30/2021 | Included fuzz badge | sigstore | sigstore | https://github.com/sigstore/sigstore/pull/168 | TRUE | FALSE | TRUE | |||||||||||||||||
15 | 11/29/2021 | sigstore-Included additional fuzzing targets | oss-fuzz | https://github.com/google/oss-fuzz/pull/6927 | TRUE | FALSE | TRUE | ||||||||||||||||||
16 | 11/28/2021 | Docs for Fuzzing | sigstore | sigstore | https://github.com/sigstore/sigstore/pull/165 | TRUE | FALSE | TRUE | |||||||||||||||||
17 | 11/28/2021 | Fuzzing - Included RSA Targets | sigstore | sigstore | https://github.com/sigstore/sigstore/pull/164 | TRUE | FALSE | TRUE | |||||||||||||||||
18 | 11/24/2021 | :seedling: Fixed the opencontainer image-spec vuln | scorecard | ossf | https://github.com/ossf/scorecard/pull/1339 | TRUE | FALSE | TRUE | |||||||||||||||||
19 | 11/24/2021 | Vulnerability warning | ko | https://github.com/google/ko/issues/517 | FALSE | TRUE | FALSE | ||||||||||||||||||
20 | 11/24/2021 | Fuzzing password and some signature API | sigstore | sigstore | https://github.com/sigstore/sigstore/pull/160 | TRUE | FALSE | TRUE | |||||||||||||||||
21 | 11/24/2021 | clusterfuzz lite | sigstore | sigstore | https://github.com/sigstore/sigstore/pull/158 | TRUE | FALSE | FALSE | |||||||||||||||||
22 | 11/23/2021 | Included fuzzing for more cryptoutils | sigstore | sigstore | https://github.com/sigstore/sigstore/pull/157 | TRUE | FALSE | TRUE | |||||||||||||||||
23 | 11/23/2021 | Fix fuzz go.sum issue | rekor | sigstore | https://github.com/sigstore/rekor/pull/509 | TRUE | FALSE | TRUE | |||||||||||||||||
24 | 11/23/2021 | Fuzzing sigstore | oss-fuzz | https://github.com/google/oss-fuzz/pull/6890 | TRUE | FALSE | TRUE | ||||||||||||||||||
25 | 11/21/2021 | Evaluate sigstore to sign releases | lnd | lightningnetwork | https://github.com/lightningnetwork/lnd/issues/6009 | FALSE | TRUE | FALSE | |||||||||||||||||
26 | 11/19/2021 | :seedling: Fix vulnerabilities in dependencies | scorecard | ossf | https://github.com/ossf/scorecard/pull/1310 | TRUE | FALSE | TRUE | |||||||||||||||||
27 | 11/17/2021 | :seedling: Docker builds | scorecard-action | ossf | https://github.com/ossf/scorecard-action/pull/7 | TRUE | FALSE | TRUE | |||||||||||||||||
28 | 11/17/2021 | Linter - Included linter check for doc rules | sigstore | sigstore | https://github.com/sigstore/sigstore/pull/148 | TRUE | FALSE | TRUE | |||||||||||||||||
29 | 11/16/2021 | :seedling: Fix integration test runs | scorecard | ossf | https://github.com/ossf/scorecard/pull/1286 | TRUE | FALSE | TRUE | |||||||||||||||||
30 | 11/16/2021 | Feat : Fuzzing | sigstore | sigstore | https://github.com/sigstore/sigstore/pull/146 | TRUE | FALSE | TRUE | |||||||||||||||||
31 | 11/16/2021 | :bug: Fix the reproducible builds | scorecard | ossf | https://github.com/ossf/scorecard/pull/1282 | TRUE | FALSE | TRUE | |||||||||||||||||
32 | 11/15/2021 | Should scorecard be forcing users to use a zap.Logger? | scorecard | ossf | https://github.com/ossf/scorecard/issues/1273 | FALSE | TRUE | FALSE | |||||||||||||||||
33 | 11/15/2021 | 🐛 Fix the Code review merged by user reference | scorecard | ossf | https://github.com/ossf/scorecard/pull/1272 | TRUE | FALSE | FALSE | |||||||||||||||||
34 | 11/15/2021 | Refactor Trillian - Decoupling With Interface | rekor | sigstore | https://github.com/sigstore/rekor/pull/490 | TRUE | FALSE | FALSE | |||||||||||||||||
35 | 11/12/2021 | Fuzzing RequestFromRekor API | rekor | sigstore | https://github.com/sigstore/rekor/pull/488 | TRUE | FALSE | TRUE | |||||||||||||||||
36 | 11/11/2021 | Explore options to Harden binaries compilation flags | lnd | lightningnetwork | https://github.com/lightningnetwork/lnd/issues/5966 | FALSE | TRUE | FALSE | |||||||||||||||||
37 | 11/11/2021 | Run Clusterfuzz Lite | lnd | lightningnetwork | https://github.com/lightningnetwork/lnd/issues/5965 | FALSE | TRUE | FALSE | |||||||||||||||||
38 | 11/9/2021 | Create security.md | allstar | ossf | https://github.com/ossf/allstar/pull/74 | TRUE | FALSE | TRUE | |||||||||||||||||
39 | 11/9/2021 | Dependabot settings | allstar | ossf | https://github.com/ossf/allstar/pull/73 | TRUE | FALSE | TRUE | |||||||||||||||||
40 | 11/9/2021 | Created codeql | allstar | ossf | https://github.com/ossf/allstar/pull/72 | TRUE | FALSE | TRUE | |||||||||||||||||
41 | 11/9/2021 | Remove fuzzing check - unsupported go-fuzz | cosign | sigstore | https://github.com/sigstore/cosign/pull/1020 | TRUE | FALSE | TRUE | |||||||||||||||||
42 | 11/9/2021 | Scorecard builds aren't reproducible | scorecard | ossf | https://github.com/ossf/scorecard/issues/1230 | FALSE | TRUE | FALSE | |||||||||||||||||
43 | 11/9/2021 | Cosign builds aren't reproducible | cosign | sigstore | https://github.com/sigstore/cosign/issues/1019 | FALSE | TRUE | FALSE | |||||||||||||||||
44 | 11/9/2021 | Included pprof for profiling the application. | rekor | sigstore | https://github.com/sigstore/rekor/pull/485 | TRUE | FALSE | TRUE | |||||||||||||||||
45 | 11/9/2021 | gRPC API Endpoint | rekor | sigstore | https://github.com/sigstore/rekor/issues/484 | FALSE | TRUE | FALSE | |||||||||||||||||
46 | 11/8/2021 | Consider moving to a distroless image | core-review | https://github.com/fanquake/core-review/issues/26 | FALSE | TRUE | FALSE | ||||||||||||||||||
47 | 11/8/2021 | Pin docker images by SHA | core-review | https://github.com/fanquake/core-review/pull/25 | TRUE | FALSE | FALSE | ||||||||||||||||||
48 | 11/7/2021 | LND External dependency policy | lnd | lightningnetwork | https://github.com/lightningnetwork/lnd/issues/5944 | FALSE | TRUE | FALSE | |||||||||||||||||
49 | 11/7/2021 | Create dependabot.yml | sigstore | sigstore | https://github.com/sigstore/sigstore/pull/127 | TRUE | FALSE | TRUE | |||||||||||||||||
50 | 11/5/2021 | Fuzzing is Broken | cosign | sigstore | https://github.com/sigstore/cosign/issues/1003 | FALSE | TRUE | FALSE | |||||||||||||||||
51 | 11/5/2021 | Included timeout option for uploading to Rekor | cosign | sigstore | https://github.com/sigstore/cosign/pull/1001 | TRUE | FALSE | TRUE | |||||||||||||||||
52 | 11/4/2021 | 504 Gateway timeout on large file | rekor | sigstore | https://github.com/sigstore/rekor/issues/481 | FALSE | TRUE | FALSE | |||||||||||||||||
53 | 11/4/2021 | Feature - Include flake.lock as check for nixos packages | scorecard | ossf | https://github.com/ossf/scorecard/issues/1217 | FALSE | TRUE | FALSE | |||||||||||||||||
54 | 11/4/2021 | 📖 Updated the community links | scorecard | ossf | https://github.com/ossf/scorecard/pull/1216 | TRUE | FALSE | TRUE | |||||||||||||||||
55 | 11/3/2021 | :seedling: Move docker build checks to ko | scorecard | ossf | https://github.com/ossf/scorecard/pull/1214 | TRUE | FALSE | TRUE | |||||||||||||||||
56 | 11/2/2021 | cosign doesn't provide an option to set timeout on rekor upload | cosign | sigstore | https://github.com/sigstore/cosign/issues/990 | FALSE | TRUE | FALSE | |||||||||||||||||
57 | 11/2/2021 | :seedling: Fixed the failing tests | scorecard | ossf | https://github.com/ossf/scorecard/pull/1209 | TRUE | FALSE | TRUE | |||||||||||||||||
58 | 11/2/2021 | :seedling: Vendor dependencies | scorecard | ossf | https://github.com/ossf/scorecard/pull/1208 | TRUE | FALSE | FALSE | |||||||||||||||||
59 | 11/1/2021 | Create dependabot.yml | distroless | GoogleContainerTools | https://github.com/GoogleContainerTools/distroless/pull/887 | TRUE | FALSE | FALSE | |||||||||||||||||
60 | 11/1/2021 | Use to ko build containers | gokart | praetorian-inc | https://github.com/praetorian-inc/gokart/issues/60 | FALSE | TRUE | FALSE | |||||||||||||||||
61 | 11/1/2021 | :bug: Removed the Binary Artifact | scorecard | ossf | https://github.com/ossf/scorecard/pull/1203 | TRUE | FALSE | TRUE | |||||||||||||||||
62 | 10/31/2021 | :book: Included the meeting minutes | scorecard | ossf | https://github.com/ossf/scorecard/pull/1202 | TRUE | FALSE | TRUE | |||||||||||||||||
63 | 10/31/2021 | Record analysis runs in Transparency log - Rekor | package-analysis | ossf | https://github.com/ossf/package-analysis/issues/138 | FALSE | TRUE | FALSE | |||||||||||||||||
64 | 10/31/2021 | Feature - Scorecard should sign releases with cosign | scorecard | ossf | https://github.com/ossf/scorecard/issues/1201 | FALSE | TRUE | FALSE | |||||||||||||||||
65 | 10/30/2021 | Feature - Record scorecard card scans into Rekor | scorecard | ossf | https://github.com/ossf/scorecard/issues/1200 | FALSE | TRUE | FALSE | |||||||||||||||||
66 | 10/30/2021 | Fix the security advisories | allstar | ossf | https://github.com/ossf/allstar/issues/71 | FALSE | TRUE | FALSE | |||||||||||||||||
67 | 10/30/2021 | Upgrade to v3 of scorecard | allstar | ossf | https://github.com/ossf/allstar/issues/70 | FALSE | TRUE | FALSE | |||||||||||||||||
68 | 10/30/2021 | Fixed the broken link | foundation | ossf | https://github.com/ossf/foundation/pull/20 | TRUE | FALSE | FALSE | |||||||||||||||||
69 | 10/29/2021 | :bug: Fix broken e2e tests for Binary Artifacts | scorecard | ossf | https://github.com/ossf/scorecard/pull/1199 | TRUE | FALSE | TRUE | |||||||||||||||||
70 | 10/29/2021 | Fixed modtime for reproducible goreleaser | rekor | sigstore | https://github.com/sigstore/rekor/pull/473 | TRUE | FALSE | TRUE | |||||||||||||||||
71 | 10/29/2021 | Fixed modtime for reproducible goreleaser | cosign | sigstore | https://github.com/sigstore/cosign/pull/971 | TRUE | FALSE | TRUE | |||||||||||||||||
72 | 10/29/2021 | :seedling: Reproducible builds in goreleaser | scorecard | ossf | https://github.com/ossf/scorecard/pull/1198 | TRUE | FALSE | TRUE | |||||||||||||||||
73 | 10/29/2021 | Feature - Managed make parser | scorecard | ossf | https://github.com/ossf/scorecard/issues/1194 | FALSE | TRUE | FALSE | |||||||||||||||||
74 | 10/29/2021 | Included trimpath in goreleaser | cosign | sigstore | https://github.com/sigstore/cosign/pull/968 | TRUE | FALSE | TRUE | |||||||||||||||||
75 | 10/28/2021 | Feature - Vendor dependencies for hermetic builds | scorecard | ossf | https://github.com/ossf/scorecard/issues/1188 | FALSE | TRUE | FALSE | |||||||||||||||||
76 | 10/28/2021 | :bug: Fixed failing linter issues | scorecard | ossf | https://github.com/ossf/scorecard/pull/1187 | TRUE | FALSE | FALSE | |||||||||||||||||
77 | 10/26/2021 | :seedling: Fix goreleaser permission and flags | scorecard | ossf | https://github.com/ossf/scorecard/pull/1164 | TRUE | FALSE | TRUE | |||||||||||||||||
78 | 10/26/2021 | :seedling: Fix CVE warning for containerd | scorecard | ossf | https://github.com/ossf/scorecard/pull/1162 | TRUE | FALSE | TRUE | |||||||||||||||||
79 | 10/26/2021 | Avoid using curl downloads because of the Supply Chain attacks. | btcd | btcsuite | https://github.com/btcsuite/btcd/issues/1766 | FALSE | TRUE | FALSE | |||||||||||||||||
80 | 10/26/2021 | Pin actions by SHA | btcd | btcsuite | https://github.com/btcsuite/btcd/pull/1765 | TRUE | FALSE | FALSE | |||||||||||||||||
81 | 10/25/2021 | :seedling: Reproducible builds with static binary | scorecard | ossf | https://github.com/ossf/scorecard/pull/1159 | TRUE | FALSE | TRUE | |||||||||||||||||
82 | 10/24/2021 | 🌱 Included arm64 release for darwin | scorecard | ossf | https://github.com/ossf/scorecard/pull/1157 | TRUE | FALSE | TRUE | |||||||||||||||||
83 | 10/24/2021 | :seedling: Included arm64 release for darwin | scorecard | ossf | https://github.com/ossf/scorecard/pull/1156 | TRUE | FALSE | FALSE | |||||||||||||||||
84 | 10/24/2021 | Vendored actions are getting updated. | lnd | lightningnetwork | https://github.com/lightningnetwork/lnd/issues/5889 | FALSE | TRUE | FALSE | |||||||||||||||||
85 | 10/24/2021 | Feature - Scorecard release for Darwin arm64 | scorecard | ossf | https://github.com/ossf/scorecard/issues/1155 | FALSE | TRUE | FALSE | |||||||||||||||||
86 | 10/24/2021 | :seedling: Upgrade to go 1.17 | package-analysis | ossf | https://github.com/ossf/package-analysis/pull/113 | TRUE | FALSE | TRUE | |||||||||||||||||
87 | 10/24/2021 | :seedling: Update dependabot for sub-packages | package-analysis | ossf | https://github.com/ossf/package-analysis/pull/112 | TRUE | FALSE | TRUE | |||||||||||||||||
88 | 10/23/2021 | :seedling: Fixed typo administrator | scorecard | ossf | https://github.com/ossf/scorecard/pull/1154 | TRUE | FALSE | TRUE | |||||||||||||||||
89 | 10/23/2021 | Crypto Miner Attack | package-analysis | ossf | https://github.com/ossf/package-analysis/issues/111 | FALSE | TRUE | FALSE | |||||||||||||||||
90 | 10/23/2021 | Branch protection for main branch | cosign | sigstore | https://github.com/sigstore/cosign/issues/945 | FALSE | TRUE | FALSE | |||||||||||||||||
91 | 10/23/2021 | Policy about merging to master | lnd | lightningnetwork | https://github.com/lightningnetwork/lnd/issues/5884 | FALSE | TRUE | FALSE | |||||||||||||||||
92 | 10/23/2021 | Reproducible builds with trimpath | fulcio | sigstore | https://github.com/sigstore/fulcio/pull/210 | TRUE | FALSE | TRUE | |||||||||||||||||
93 | 10/23/2021 | Reproducible builds with trimpath | rekor | sigstore | https://github.com/sigstore/rekor/pull/464 | TRUE | FALSE | TRUE | |||||||||||||||||
94 | 10/23/2021 | Reproducible builds with trimpath | cosign | sigstore | https://github.com/sigstore/cosign/pull/944 | TRUE | FALSE | TRUE | |||||||||||||||||
95 | 10/22/2021 | Checks - Add Pinned dependency check for JS dependencies | scorecard | ossf | https://github.com/ossf/scorecard/issues/1153 | FALSE | TRUE | FALSE | |||||||||||||||||
96 | 10/22/2021 | :seedling: Fixes the broken e2e | scorecard | ossf | https://github.com/ossf/scorecard/pull/1152 | TRUE | FALSE | TRUE | |||||||||||||||||
97 | 10/19/2021 | docs: Instructions for using lnd as library | lnd | lightningnetwork | https://github.com/lightningnetwork/lnd/pull/5871 | TRUE | FALSE | FALSE | |||||||||||||||||
98 | 10/19/2021 | Enable dependabot | lnd | lightningnetwork | https://github.com/lightningnetwork/lnd/pull/5870 | TRUE | FALSE | FALSE | |||||||||||||||||
99 | 10/12/2021 | Use cosgin instead of gpg to sign scorecard releases | scorecard | ossf | https://github.com/ossf/scorecard/issues/1126 | FALSE | TRUE | FALSE | |||||||||||||||||
100 | 10/12/2021 | Some more fixes. | website | lndreviews | https://github.com/lndreviews/website/pull/2 | TRUE | FALSE | TRUE |