Merge branch 'main' into adding-add-attestor

SECURITY.md

@@ -0,0 +1,34 @@
+# Security Policy
+
+## Security Bulletins
+
+See current security bullentins on GitHub: https://github.com/in-toto/go-witness/security/advisories
+
+For information regarding the security of this project please join:
+
+* in-toto-witness on CNCF Slack
+
+## Reporting a Vulnerability
+
+Please use the below process to report a vulnerability to the project:
+
+Web Form:
+
+1. Please visit https://github.com/in-toto/go-witness/security/advisories/new
+   * You will receive a confirmation email upon submission
+1. You may be contacted by a maintainer to further discuss the reported item
+   within 3 days. Please bear with us as we seek to understand the breadth
+   and scope of the reported problem, recreate it, and confirm if there is an
+   vulnerability present.
+
+This project follows a 30 day disclosure timeline.
+
+## Supported Versions
+
+Information regarding supported versions of this project can be found on
+in the below table:
+
+| Version | Supported |
+| --- | --- |
+| Latest | :white_check_mark: |
+| <= Latest - 2 | :x: |

go.mod

@@ -8,7 +8,7 @@ require (
 	github.com/digitorus/timestamp v0.0.0-20230220124323-d542479a2425
 	github.com/edwarnicke/gitoid v0.0.0-20220710194850-1be5bfda1f9d
 	github.com/go-git/go-git/v5 v5.5.2
-	github.com/in-toto/archivista v0.1.3-0.20231214050507-e28a4170a9fe
+	github.com/in-toto/archivista v0.2.0
 	github.com/mattn/go-isatty v0.0.20
 	github.com/open-policy-agent/opa v0.49.2
 	github.com/owenrumney/go-sarif v1.1.1
@@ -103,5 +103,3 @@ replace github.com/sigstore/rekor => github.com/testifysec/rekor v0.4.0-dsse-int
 replace github.com/gin-gonic/gin v1.5.0 => github.com/gin-gonic/gin v1.7.7
 
 replace github.com/opencontainers/image-spec => github.com/opencontainers/image-spec v1.0.3-0.20220303224323-02efb9a75ee1
-
-replace github.com/in-toto/archivista v0.1.3-0.20231213123840-c6750e051f5c => github.com/in-toto/archivista v0.1.3-0.20231214050507-e28a4170a9fe

go.sum

@@ -110,8 +110,8 @@ github.com/honeycombio/beeline-go v1.10.0 h1:cUDe555oqvw8oD76BQJ8alk7FP0JZ/M/zXp
 github.com/honeycombio/libhoney-go v1.16.0 h1:kPpqoz6vbOzgp7jC6SR7SkNj7rua7rgxvznI6M3KdHc=
 github.com/imdario/mergo v0.3.13 h1:lFzP57bqS/wsqKssCGmtLAb8A0wKjLGrve2q3PPVcBk=
 github.com/imdario/mergo v0.3.13/go.mod h1:4lJ1jqUDcsbIECGy0RUJAXNIhg+6ocWgb1ALK2O4oXg=
-github.com/in-toto/archivista v0.1.3-0.20231214050507-e28a4170a9fe h1:SNafk19rV7gMlu3YyFuVkj/9vsXnMp6yrFMXDguT3fE=
-github.com/in-toto/archivista v0.1.3-0.20231214050507-e28a4170a9fe/go.mod h1:AJU7zhcITsaufiqYMFPLZM66/vwmHVQtZeC2/JFxw7w=
+github.com/in-toto/archivista v0.2.0 h1:FViuHMVVETborvOqlmSYdROY8RmX3CO0V0MOhU/Rl20=
+github.com/in-toto/archivista v0.2.0/go.mod h1:qt9uN4TkHWUgR5A2wxRqQIBizSl32P2nI2AjESskkr0=
 github.com/jbenet/go-context v0.0.0-20150711004518-d14ea06fba99 h1:BQSFePA1RWJOlocH6Fxy8MmwDt+yVQYULKfN0RoTN8A=
 github.com/jbenet/go-context v0.0.0-20150711004518-d14ea06fba99/go.mod h1:1lJo3i6rXxKeerYnT8Nvf0QmHCRC1n8sfWVwXF2Frvo=
 github.com/jessevdk/go-flags v1.5.0/go.mod h1:Fw0T6WPc1dYxT4mKEZRfG5kJhaTDP9pj1c2EWnYs/m4=
@@ -206,8 +206,8 @@ github.com/titanous/rocacheck v0.0.0-20171023193734-afe73141d399 h1:e/5i7d4oYZ+C
 github.com/titanous/rocacheck v0.0.0-20171023193734-afe73141d399/go.mod h1:LdwHTNJT99C5fTAzDz0ud328OgXz+gierycbcIx2fRs=
 github.com/vmihailenco/msgpack/v4 v4.3.12/go.mod h1:gborTTJjAo/GWTqqRjrLCn9pgNN+NXzzngzBKDPIqw4=
 github.com/vmihailenco/msgpack/v5 v5.3.5 h1:5gO0H1iULLWGhs2H5tbAHIZTV8/cYafcFOr9znI5mJU=
+github.com/vmihailenco/tagparser v0.1.1 h1:quXMXlA39OCbd2wAdTsGDlK9RkOk6Wuw+x37wVyIuWY=
 github.com/vmihailenco/tagparser v0.1.1/go.mod h1:OeAg3pn3UbLjkWt+rN9oFYB6u/cQgqMEUPoW2WPyhdI=
-github.com/vmihailenco/tagparser v0.1.2 h1:gnjoVuB/kljJ5wICEEOpx98oXMWPLj22G67Vbd1qPqc=
 github.com/vmihailenco/tagparser/v2 v2.0.0 h1:y09buUbR+b5aycVFQs/g70pqKVZNBmxwAhO7/IwNM9g=
 github.com/xanzy/ssh-agent v0.3.3 h1:+/15pJfg/RsTxqYcX6fHqOXZwwMP+2VyYWJeWM2qQFM=
 github.com/xanzy/ssh-agent v0.3.3/go.mod h1:6dzNDKs0J9rVPHPhaGCukekBHKqfl+L3KghI1Bc68Uw=

log/log.go

@@ -58,8 +58,11 @@ func Warnf(format string, args ...interface{}) {
 		if _, ok := a.(error); ok {
 			err := fmt.Errorf(format, args...)
 			log.Warn(err)
+			return
 		}
 	}
+
+	log.Warnf(format, args...)
 }
 
 func Warn(args ...interface{}) {
@@ -71,8 +74,11 @@ func Debugf(format string, args ...interface{}) {
 		if _, ok := a.(error); ok {
 			err := fmt.Errorf(format, args...)
 			log.Debug(err)
+			return
 		}
 	}
+
+	log.Debugf(format, args...)
 }
 
 func Debug(args ...interface{}) {