BCDEFGHIJKLMNOPQRSTUVWXYZ
1
DateTitleRepositoryOwnerURLIsPRIsIssueMerged
2
12/3/2021sigstore - Included corpusoss-fuzzgooglehttps://github.com/google/oss-fuzz/pull/6964TRUEFALSEFALSE
3
12/2/2021Update docker-sign.ymlscorecard-actionossfhttps://github.com/ossf/scorecard-action/pull/10TRUEFALSETRUE
4
12/2/2021Upgraded go-securesystemslib from 0.1.0 to 0.2.0sigstoresigstorehttps://github.com/sigstore/sigstore/pull/178TRUEFALSETRUE
5
12/2/2021Additional corpus for ecdsa and ed25519sigstoresigstorehttps://github.com/sigstore/sigstore/pull/177TRUEFALSETRUE
6
12/1/2021Fuzz testing DSSEsigstoresigstorehttps://github.com/sigstore/sigstore/pull/173TRUEFALSETRUE
7
12/1/2021Failed to verify signature in DSSEsigstoresigstorehttps://github.com/sigstore/sigstore/issues/172FALSETRUEFALSE
8
11/30/2021Migrate from github.com/tent/canonical-json-go as it is archivedgo-tuftheupdateframeworkhttps://github.com/theupdateframework/go-tuf/issues/180FALSETRUEFALSE
9
11/30/2021Fuzzing for RSAPASSsigstoresigstorehttps://github.com/sigstore/sigstore/pull/170TRUEFALSETRUE
10
11/30/2021Upgrade to go 1.16go-tuftheupdateframeworkhttps://github.com/theupdateframework/go-tuf/pull/179TRUEFALSETRUE
11
11/30/2021Upgrade go to supported versiongo-tuftheupdateframeworkhttps://github.com/theupdateframework/go-tuf/issues/178FALSETRUEFALSE
12
11/30/2021Implement Fuzzinggo-tuftheupdateframeworkhttps://github.com/theupdateframework/go-tuf/issues/177FALSETRUEFALSE
13
11/30/2021Included CIFuzzsigstoresigstorehttps://github.com/sigstore/sigstore/pull/169TRUEFALSETRUE
14
11/30/2021Included fuzz badgesigstoresigstorehttps://github.com/sigstore/sigstore/pull/168TRUEFALSETRUE
15
11/29/2021sigstore-Included additional fuzzing targetsoss-fuzzgooglehttps://github.com/google/oss-fuzz/pull/6927TRUEFALSETRUE
16
11/28/2021Docs for Fuzzingsigstoresigstorehttps://github.com/sigstore/sigstore/pull/165TRUEFALSETRUE
17
11/28/2021Fuzzing - Included RSA Targetssigstoresigstorehttps://github.com/sigstore/sigstore/pull/164TRUEFALSETRUE
18
11/24/2021:seedling: Fixed the opencontainer image-spec vulnscorecardossfhttps://github.com/ossf/scorecard/pull/1339TRUEFALSETRUE
19
11/24/2021Vulnerability warningkogooglehttps://github.com/google/ko/issues/517FALSETRUEFALSE
20
11/24/2021Fuzzing password and some signature APIsigstoresigstorehttps://github.com/sigstore/sigstore/pull/160TRUEFALSETRUE
21
11/24/2021clusterfuzz litesigstoresigstorehttps://github.com/sigstore/sigstore/pull/158TRUEFALSEFALSE
22
11/23/2021Included fuzzing for more cryptoutilssigstoresigstorehttps://github.com/sigstore/sigstore/pull/157TRUEFALSETRUE
23
11/23/2021Fix fuzz go.sum issuerekorsigstorehttps://github.com/sigstore/rekor/pull/509TRUEFALSETRUE
24
11/23/2021Fuzzing sigstoreoss-fuzzgooglehttps://github.com/google/oss-fuzz/pull/6890TRUEFALSETRUE
25
11/21/2021Evaluate sigstore to sign releaseslndlightningnetworkhttps://github.com/lightningnetwork/lnd/issues/6009FALSETRUEFALSE
26
11/19/2021:seedling: Fix vulnerabilities in dependenciesscorecardossfhttps://github.com/ossf/scorecard/pull/1310TRUEFALSETRUE
27
11/17/2021:seedling: Docker buildsscorecard-actionossfhttps://github.com/ossf/scorecard-action/pull/7TRUEFALSETRUE
28
11/17/2021Linter - Included linter check for doc rulessigstoresigstorehttps://github.com/sigstore/sigstore/pull/148TRUEFALSETRUE
29
11/16/2021:seedling: Fix integration test runsscorecardossfhttps://github.com/ossf/scorecard/pull/1286TRUEFALSETRUE
30
11/16/2021Feat : Fuzzingsigstoresigstorehttps://github.com/sigstore/sigstore/pull/146TRUEFALSETRUE
31
11/16/2021:bug: Fix the reproducible buildsscorecardossfhttps://github.com/ossf/scorecard/pull/1282TRUEFALSETRUE
32
11/15/2021Should scorecard be forcing users to use a zap.Logger?scorecardossfhttps://github.com/ossf/scorecard/issues/1273FALSETRUEFALSE
33
11/15/2021๐Ÿ› Fix the Code review merged by user referencescorecardossfhttps://github.com/ossf/scorecard/pull/1272TRUEFALSEFALSE
34
11/15/2021Refactor Trillian - Decoupling With Interfacerekorsigstorehttps://github.com/sigstore/rekor/pull/490TRUEFALSEFALSE
35
11/12/2021Fuzzing RequestFromRekor APIrekorsigstorehttps://github.com/sigstore/rekor/pull/488TRUEFALSETRUE
36
11/11/2021Explore options to Harden binaries compilation flagslndlightningnetworkhttps://github.com/lightningnetwork/lnd/issues/5966FALSETRUEFALSE
37
11/11/2021Run Clusterfuzz Litelndlightningnetworkhttps://github.com/lightningnetwork/lnd/issues/5965FALSETRUEFALSE
38
11/9/2021Create security.mdallstarossfhttps://github.com/ossf/allstar/pull/74TRUEFALSETRUE
39
11/9/2021Dependabot settingsallstarossfhttps://github.com/ossf/allstar/pull/73TRUEFALSETRUE
40
11/9/2021Created codeqlallstarossfhttps://github.com/ossf/allstar/pull/72TRUEFALSETRUE
41
11/9/2021Remove fuzzing check - unsupported go-fuzzcosignsigstorehttps://github.com/sigstore/cosign/pull/1020TRUEFALSETRUE
42
11/9/2021Scorecard builds aren't reproduciblescorecardossfhttps://github.com/ossf/scorecard/issues/1230FALSETRUEFALSE
43
11/9/2021Cosign builds aren't reproduciblecosignsigstorehttps://github.com/sigstore/cosign/issues/1019FALSETRUEFALSE
44
11/9/2021Included pprof for profiling the application.rekorsigstorehttps://github.com/sigstore/rekor/pull/485TRUEFALSETRUE
45
11/9/2021gRPC API Endpointrekorsigstorehttps://github.com/sigstore/rekor/issues/484FALSETRUEFALSE
46
11/8/2021Consider moving to a distroless imagecore-reviewhttps://github.com/fanquake/core-review/issues/26FALSETRUEFALSE
47
11/8/2021Pin docker images by SHAcore-reviewhttps://github.com/fanquake/core-review/pull/25TRUEFALSEFALSE
48
11/7/2021LND External dependency policylndlightningnetworkhttps://github.com/lightningnetwork/lnd/issues/5944FALSETRUEFALSE
49
11/7/2021Create dependabot.ymlsigstoresigstorehttps://github.com/sigstore/sigstore/pull/127TRUEFALSETRUE
50
11/5/2021Fuzzing is Brokencosignsigstorehttps://github.com/sigstore/cosign/issues/1003FALSETRUEFALSE
51
11/5/2021Included timeout option for uploading to Rekorcosignsigstorehttps://github.com/sigstore/cosign/pull/1001TRUEFALSETRUE
52
11/4/2021504 Gateway timeout on large filerekorsigstorehttps://github.com/sigstore/rekor/issues/481FALSETRUEFALSE
53
11/4/2021Feature - Include flake.lock as check for nixos packagesscorecardossfhttps://github.com/ossf/scorecard/issues/1217FALSETRUEFALSE
54
11/4/2021๐Ÿ“– Updated the community linksscorecardossfhttps://github.com/ossf/scorecard/pull/1216TRUEFALSETRUE
55
11/3/2021:seedling: Move docker build checks to koscorecardossfhttps://github.com/ossf/scorecard/pull/1214TRUEFALSETRUE
56
11/2/2021cosign doesn't provide an option to set timeout on rekor uploadcosignsigstorehttps://github.com/sigstore/cosign/issues/990FALSETRUEFALSE
57
11/2/2021:seedling: Fixed the failing testsscorecardossfhttps://github.com/ossf/scorecard/pull/1209TRUEFALSETRUE
58
11/2/2021:seedling: Vendor dependenciesscorecardossfhttps://github.com/ossf/scorecard/pull/1208TRUEFALSEFALSE
59
11/1/2021Create dependabot.ymldistrolessGoogleContainerToolshttps://github.com/GoogleContainerTools/distroless/pull/887TRUEFALSEFALSE
60
11/1/2021Use to ko build containersgokartpraetorian-inchttps://github.com/praetorian-inc/gokart/issues/60FALSETRUEFALSE
61
11/1/2021:bug: Removed the Binary Artifactscorecardossfhttps://github.com/ossf/scorecard/pull/1203TRUEFALSETRUE
62
10/31/2021:book: Included the meeting minutesscorecardossfhttps://github.com/ossf/scorecard/pull/1202TRUEFALSETRUE
63
10/31/2021Record analysis runs in Transparency log - Rekorpackage-analysisossfhttps://github.com/ossf/package-analysis/issues/138FALSETRUEFALSE
64
10/31/2021Feature - Scorecard should sign releases with cosignscorecardossfhttps://github.com/ossf/scorecard/issues/1201FALSETRUEFALSE
65
10/30/2021Feature - Record scorecard card scans into Rekorscorecardossfhttps://github.com/ossf/scorecard/issues/1200FALSETRUEFALSE
66
10/30/2021Fix the security advisoriesallstarossfhttps://github.com/ossf/allstar/issues/71FALSETRUEFALSE
67
10/30/2021Upgrade to v3 of scorecardallstarossfhttps://github.com/ossf/allstar/issues/70FALSETRUEFALSE
68
10/30/2021Fixed the broken linkfoundationossfhttps://github.com/ossf/foundation/pull/20TRUEFALSEFALSE
69
10/29/2021:bug: Fix broken e2e tests for Binary Artifactsscorecardossfhttps://github.com/ossf/scorecard/pull/1199TRUEFALSETRUE
70
10/29/2021Fixed modtime for reproducible goreleaserrekorsigstorehttps://github.com/sigstore/rekor/pull/473TRUEFALSETRUE
71
10/29/2021Fixed modtime for reproducible goreleasercosignsigstorehttps://github.com/sigstore/cosign/pull/971TRUEFALSETRUE
72
10/29/2021:seedling: Reproducible builds in goreleaserscorecardossfhttps://github.com/ossf/scorecard/pull/1198TRUEFALSETRUE
73
10/29/2021Feature - Managed make parserscorecardossfhttps://github.com/ossf/scorecard/issues/1194FALSETRUEFALSE
74
10/29/2021Included trimpath in goreleasercosignsigstorehttps://github.com/sigstore/cosign/pull/968TRUEFALSETRUE
75
10/28/2021Feature - Vendor dependencies for hermetic buildsscorecardossfhttps://github.com/ossf/scorecard/issues/1188FALSETRUEFALSE
76
10/28/2021:bug: Fixed failing linter issuesscorecardossfhttps://github.com/ossf/scorecard/pull/1187TRUEFALSEFALSE
77
10/26/2021:seedling: Fix goreleaser permission and flagsscorecardossfhttps://github.com/ossf/scorecard/pull/1164TRUEFALSETRUE
78
10/26/2021:seedling: Fix CVE warning for containerdscorecardossfhttps://github.com/ossf/scorecard/pull/1162TRUEFALSETRUE
79
10/26/2021Avoid using curl downloads because of the Supply Chain attacks.btcdbtcsuitehttps://github.com/btcsuite/btcd/issues/1766FALSETRUEFALSE
80
10/26/2021Pin actions by SHAbtcdbtcsuitehttps://github.com/btcsuite/btcd/pull/1765TRUEFALSEFALSE
81
10/25/2021:seedling: Reproducible builds with static binaryscorecardossfhttps://github.com/ossf/scorecard/pull/1159TRUEFALSETRUE
82
10/24/2021๐ŸŒฑ Included arm64 release for darwinscorecardossfhttps://github.com/ossf/scorecard/pull/1157TRUEFALSETRUE
83
10/24/2021:seedling: Included arm64 release for darwinscorecardossfhttps://github.com/ossf/scorecard/pull/1156TRUEFALSEFALSE
84
10/24/2021Vendored actions are getting updated.lndlightningnetworkhttps://github.com/lightningnetwork/lnd/issues/5889FALSETRUEFALSE
85
10/24/2021Feature - Scorecard release for Darwin arm64scorecardossfhttps://github.com/ossf/scorecard/issues/1155FALSETRUEFALSE
86
10/24/2021:seedling: Upgrade to go 1.17package-analysisossfhttps://github.com/ossf/package-analysis/pull/113TRUEFALSETRUE
87
10/24/2021:seedling: Update dependabot for sub-packagespackage-analysisossfhttps://github.com/ossf/package-analysis/pull/112TRUEFALSETRUE
88
10/23/2021:seedling: Fixed typo administratorscorecardossfhttps://github.com/ossf/scorecard/pull/1154TRUEFALSETRUE
89
10/23/2021Crypto Miner Attackpackage-analysisossfhttps://github.com/ossf/package-analysis/issues/111FALSETRUEFALSE
90
10/23/2021Branch protection for main branchcosignsigstorehttps://github.com/sigstore/cosign/issues/945FALSETRUEFALSE
91
10/23/2021Policy about merging to masterlndlightningnetworkhttps://github.com/lightningnetwork/lnd/issues/5884FALSETRUEFALSE
92
10/23/2021Reproducible builds with trimpathfulciosigstorehttps://github.com/sigstore/fulcio/pull/210TRUEFALSETRUE
93
10/23/2021Reproducible builds with trimpathrekorsigstorehttps://github.com/sigstore/rekor/pull/464TRUEFALSETRUE
94
10/23/2021Reproducible builds with trimpathcosignsigstorehttps://github.com/sigstore/cosign/pull/944TRUEFALSETRUE
95
10/22/2021Checks - Add Pinned dependency check for JS dependenciesscorecardossfhttps://github.com/ossf/scorecard/issues/1153FALSETRUEFALSE
96
10/22/2021:seedling: Fixes the broken e2escorecardossfhttps://github.com/ossf/scorecard/pull/1152TRUEFALSETRUE
97
10/19/2021docs: Instructions for using lnd as librarylndlightningnetworkhttps://github.com/lightningnetwork/lnd/pull/5871TRUEFALSEFALSE
98
10/19/2021Enable dependabotlndlightningnetworkhttps://github.com/lightningnetwork/lnd/pull/5870TRUEFALSEFALSE
99
10/12/2021Use cosgin instead of gpg to sign scorecard releasesscorecardossfhttps://github.com/ossf/scorecard/issues/1126FALSETRUEFALSE
100
10/12/2021Some more fixes.websitelndreviewshttps://github.com/lndreviews/website/pull/2TRUEFALSETRUE