Skip to content
Permalink

Comparing changes

Choose two branches to see what’s changed or to start a new pull request. If you need to, you can also or learn more about diff comparisons.

Open a pull request

Create a new pull request by comparing changes across two branches. If you need to, you can also . Learn more about diff comparisons here.
base repository: boostsecurityio/poutine
Failed to load repositories. Confirm that selected base ref is valid, then try again.
Loading
base: v0.15.1
Choose a base ref
...
head repository: boostsecurityio/poutine
Failed to load repositories. Confirm that selected head ref is valid, then try again.
Loading
compare: v0.15.2
Choose a head ref
  • 13 commits
  • 23 files changed
  • 4 contributors

Commits on Sep 9, 2024

  1. use github-native changelog formatting (#208)

    @SUSTAPLE117
    SUSTAPLE117 authored Sep 9, 2024
    Configuration menu
    Copy the full SHA
    f37cc59 View commit details
    Browse the repository at this point in the history

Commits on Sep 16, 2024

  1. feat(analyze): gracefully skip empty repos (#209)

    @rgmz
    rgmz authored Sep 16, 2024
    Configuration menu
    Copy the full SHA
    594a7c6 View commit details
    Browse the repository at this point in the history

  2. Update osv.rego - Add new GHA CVE from OSV (#210) 

    * Update osv.rego - Add new GHA CVE from OSV

Signed-off-by: François Proulx <[email protected]>

* Update osv.rego

Signed-off-by: François Proulx <[email protected]>

---------

Signed-off-by: François Proulx <[email protected]>
    @fproulx-boostsecurity
    fproulx-boostsecurity authored Sep 16, 2024
    Configuration menu
    Copy the full SHA
    d8229b9 View commit details
    Browse the repository at this point in the history

Commits on Sep 17, 2024

  1. CVE Database Update (#211) 

    * database update

* bump dependencies

* fix version range and added cvss4.0
    @SUSTAPLE117
    SUSTAPLE117 authored Sep 17, 2024
    Configuration menu
    Copy the full SHA
    28fc7a3 View commit details
    Browse the repository at this point in the history

Commits on Sep 18, 2024

  1. build(deps): bump sigstore/cosign-installer from 3.5.0 to 3.6.0 (#200) 

    Bumps [sigstore/cosign-installer](https://github.com/sigstore/cosign-installer) from 3.5.0 to 3.6.0.
- [Release notes](https://github.com/sigstore/cosign-installer/releases)
- [Commits](sigstore/cosign-installer@59acb62...4959ce0)

---
updated-dependencies:
- dependency-name: sigstore/cosign-installer
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
    @dependabot
    dependabot[bot] authored Sep 18, 2024
    Configuration menu
    Copy the full SHA
    63e8d65 View commit details
    Browse the repository at this point in the history

  2. build(deps): bump actions/upload-artifact from 4.3.4 to 4.4.0 (#201) 

    Bumps [actions/upload-artifact](https://github.com/actions/upload-artifact) from 4.3.4 to 4.4.0.
- [Release notes](https://github.com/actions/upload-artifact/releases)
- [Commits](actions/upload-artifact@0b2256b...5076954)

---
updated-dependencies:
- dependency-name: actions/upload-artifact
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
    @dependabot
    dependabot[bot] authored Sep 18, 2024
    Configuration menu
    Copy the full SHA
    a1bdfd1 View commit details
    Browse the repository at this point in the history

  3. build(deps): bump ossf/scorecard-action from 2.3.3 to 2.4.0 (#202) 

    Bumps [ossf/scorecard-action](https://github.com/ossf/scorecard-action) from 2.3.3 to 2.4.0.
- [Release notes](https://github.com/ossf/scorecard-action/releases)
- [Changelog](https://github.com/ossf/scorecard-action/blob/main/RELEASE.md)
- [Commits](ossf/scorecard-action@dc50aa9...62b2cac)

---
updated-dependencies:
- dependency-name: ossf/scorecard-action
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
    @dependabot
    dependabot[bot] authored Sep 18, 2024
    Configuration menu
    Copy the full SHA
    a6dcf6c View commit details
    Browse the repository at this point in the history

Commits on Oct 7, 2024

  1. CVE DB Update + Deps Update + Go 1.23 Update (#220) 

    * update deps
* go 1.23
* update cve database
    @SUSTAPLE117
    SUSTAPLE117 authored Oct 7, 2024
    Configuration menu
    Copy the full SHA
    c847c94 View commit details
    Browse the repository at this point in the history

  2. Poutine Build Platform Advisories (#221)

    @SUSTAPLE117
    SUSTAPLE117 authored Oct 7, 2024
    Configuration menu
    Copy the full SHA
    6008965 View commit details
    Browse the repository at this point in the history

Commits on Oct 22, 2024

  1. build(deps): bump actions/checkout from 4.1.7 to 4.2.0 (#217) 

    Bumps [actions/checkout](https://github.com/actions/checkout) from 4.1.7 to 4.2.0.
- [Release notes](https://github.com/actions/checkout/releases)
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md)
- [Commits](actions/checkout@692973e...d632683)

---
updated-dependencies:
- dependency-name: actions/checkout
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
    @dependabot
    dependabot[bot] authored Oct 22, 2024
    Configuration menu
    Copy the full SHA
    3209e17 View commit details
    Browse the repository at this point in the history

  2. build(deps): bump step-security/harden-runner from 2.8.1 to 2.10.1 (#216 

    )

Bumps [step-security/harden-runner](https://github.com/step-security/harden-runner) from 2.8.1 to 2.10.1.
- [Release notes](https://github.com/step-security/harden-runner/releases)
- [Commits](step-security/harden-runner@17d0e2b...91182cc)

---
updated-dependencies:
- dependency-name: step-security/harden-runner
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
    @dependabot
    dependabot[bot] authored Oct 22, 2024
    Configuration menu
    Copy the full SHA
    6428565 View commit details
    Browse the repository at this point in the history

  3. build(deps): bump github/codeql-action from 3.25.15 to 3.26.10 (#215) 

    Bumps [github/codeql-action](https://github.com/github/codeql-action) from 3.25.15 to 3.26.10.
- [Release notes](https://github.com/github/codeql-action/releases)
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md)
- [Commits](github/codeql-action@afb54ba...e2b3eaf)

---
updated-dependencies:
- dependency-name: github/codeql-action
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
    @dependabot
    dependabot[bot] authored Oct 22, 2024
    Configuration menu
    Copy the full SHA
    e8f1c9f View commit details
    Browse the repository at this point in the history

Commits on Oct 24, 2024

  1. Git Error Handling Improvements + Git Error Resilient Analyze Local (#… 

    …222)

* improving parsing of git errors to give more flexility in error handling
* git not found specific error
* adding interface type for all git errors
* wrapping errors for better context
* making the local git client resilient to git errors so poutine can be used on folders that are not in a git repo
* Made local git client resilient to git failures and to work when no git repos are present. Added handling to format the output data when no git repo exists
    @SUSTAPLE117
    SUSTAPLE117 authored Oct 24, 2024
    Configuration menu
    Copy the full SHA
    160d529 View commit details
    Browse the repository at this point in the history
Loading