Releases: in-toto/witness
Releases · in-toto/witness
v0.7.0
Changelog
Features
- 266144d: feat: add cpu and memory profiling (#504) (@mikhailswift)
- 33946bb: Adding functionality for dirhash in cli (#436) (@matglas)
Update to go-witness v0.7.0 #530
- better concurrency support on Linux by @joshdabosh in in-toto/go-witness#306
- improve SPDX and CycloneDX JSON SBOM format detection by @joshdabosh in in-toto/go-witness#322
- fix: Passing kms provider options down to initialisation of functionaries by @ChaosInTheCRD in in-toto/go-witness#292
- fix: golangci-lint failing due nil check by @kairoaraujo in in-toto/go-witness#333
- add jenkins attestor by @joshdabosh in in-toto/go-witness#323
- Adding functionality for dirhash in library by @matglas in in-toto/go-witness#223
- test: add additional policy verification test by @mikhailswift in in-toto/go-witness#341
- chore: Improve the git status speed. by @matglas in in-toto/go-witness#359
- Test/more policy tests by @mikhailswift in in-toto/go-witness#345
- address feedback from governance review by @jkjell in in-toto/go-witness#394
Documentation
- 97e2e04: docs: update Makefile help (#505) (@kairoaraujo)
Others
- 29117fc: prevent early return in verifier (#484) (@joshdabosh)
- 25e05d5: chore: Allow make build-goreleaser for convenience. (#503) (@matglas)
- 18dad87: Add pem as output of goreleaser sign for verification. (#508) (@matglas)
- 782ef81: address feedback from governance review (#528) (@jkjell)
- 1af18d4: chore: Add install tutorial with cosign check (#506) (@matglas)
- c077bfe: Use /usr/local/bin for witness install (#531) (@jkjell)
v0.6.0
Changelog
- New VEX attestor 🎉
Others
- 69f67f1: chore: bump the all-go-mod group with 2 updates (#470) (@dependabot[bot])
- 45713cc: chore: bump the all-gha group with 2 updates (#471) (@dependabot[bot])
- 050506a: Bump to go-witness version with improved SBOMs and added testing (#469) (@jkjell)
v0.5.2
Changelog
Bug fixes
- 54e8d18: fix: temporarily disable omnitrail on windows builds (#467) (@mikhailswift)
Others
- 1b286b7: chore: bump the all-gha group with 2 updates (#449) (@dependabot[bot])
- 16beb9e: chore: bump k8s.io/apimachinery from 0.30.0 to 0.30.1 in the all-go-mod group (#450) (@dependabot[bot])
- bb49495: Changed all the broken links (#453) (@DarikshaAnsari)
- d9733de: chore: bump the all-gha group with 2 updates (#457) (@dependabot[bot])
- 6ab0464: Updating yarn and modifying ignore on netlify toml (#455) (@ChaosInTheCRD)
- fa44388: Adding Signers section to website sidebar (#460) (@ChaosInTheCRD)
- b495cf7: fix(install-witness.sh): ensure compatibility with macOS for checksum verification (#459) (@fkautz)
- f499ffb: docs(getting-started): add information about slsa attestor (#456) (@rrey)
- 308aee9: Added generation of SBOM (#451) (@Yaxhveer)
- 3d08ed5: chore: bump the all-gha group with 2 updates (#461) (@dependabot[bot])
- 47b6e1c: chore: bump github.com/spf13/viper from 1.18.2 to 1.19.0 in the all-go-mod group (#462) (@dependabot[bot])
- 460f040: chore: bump the all-gha group with 3 updates (#463) (@dependabot[bot])
- c1352bd: SBOM and Omnitrail Attestor (#464) (@jkjell)
- f5b0e7b: Remove Windows Arm64 build until fixed (#466) (@jkjell)
- f5f2ae6: Add logging of passed step if found during policy failure (#454) (@jkjell)
- f07725e: refactor: make all run options have shorthand vars (#441) (@DataDavD)
v0.4.0
Changelog
Features
- 0cd05b6: feat: Enable Witness Policy verify from Archivista (#438) (@kairoaraujo)
Bug fixes
- 09f8cbb: fix: run e2e test script as part of workflows (#397) (@mikhailswift)
Others
- 3c8d14d: chore: bump actions/cache from 4.0.0 to 4.0.1 (#401) (@dependabot[bot])
- feac3aa: chore: bump github/codeql-action from 3.24.5 to 3.24.6 (#400) (@dependabot[bot])
- e54d8be: chore: bump actions/download-artifact from 4.1.2 to 4.1.4 (#399) (@dependabot[bot])
- a4c4029: doc: fix example in signers kms doc (#403) (@kairoaraujo)
- 910d630: Witness website netlify (#394) (@ChaosInTheCRD)
- bb8b3c0: chore: bump the go_modules group group with 2 updates (#408) (@dependabot[bot])
- 3fc10e4: chore: bump google.golang.org/protobuf from 1.32.0 to 1.33.0 (#409) (@dependabot[bot])
- 7528df2: chore: bump follow-redirects from 1.15.5 to 1.15.6 in /docs-website (#410) (@dependabot[bot])
- 1844b26: chore: bump k8s.io/apimachinery from 0.29.2 to 0.29.3 (#411) (@dependabot[bot])
- 10f895d: chore: bump actions/checkout from 4.1.1 to 4.1.2 (#412) (@dependabot[bot])
- b1ee681: chore: bump github/codeql-action from 3.24.6 to 3.24.8 (#415) (@dependabot[bot])
- 917e13b: chore: bump docker/login-action from 3.0.0 to 3.1.0 (#413) (@dependabot[bot])
- fe61acd: chore: bump webpack-dev-middleware from 5.3.3 to 5.3.4 in /docs-website (#417) (@dependabot[bot])
- 2b4213f: chore: bump github/codeql-action from 3.24.8 to 3.24.9 (#419) (@dependabot[bot])
- 78f1a7b: chore: bump actions/dependency-review-action from 4.1.3 to 4.2.4 (#420) (@dependabot[bot])
- 6bec181: chore: bump actions/cache from 4.0.1 to 4.0.2 (#421) (@dependabot[bot])
- f5deef5: chore: bump express from 4.18.3 to 4.19.2 in /docs-website (#423) (@dependabot[bot])
- c86b46d: small typo fix (#424) (@ChaosInTheCRD)
- 90cb5ac: Update dependabot.yml (#405) (@jkjell)
- 1fbdaa9: chore: bump the all-gha group with 1 update (#426) (@dependabot[bot])
- 6f7d4a8: Adding ability to list attestors (#384) (@ChaosInTheCRD)
- bed1863: Update GHA triggers to fine tune for code changes vs other updates (#406) (@jkjell)
- 74f6c3d: chore: bump the all-go-mod group with 1 update (#425) (@dependabot[bot])
- 406b2bd: chore: bump the all-gha group with 2 updates (#431) (@dependabot[bot])
- 58c8f07: chore: bump golang.org/x/net from 0.21.0 to 0.23.0 in the go_modules group (#432) (@dependabot[bot])
- aa955f0: chore: bump the all-gha group with 4 updates (#434) (@dependabot[bot])
- a099009: chore: bump the all-gha group with 5 updates (#435) (@dependabot[bot])
- fb15191: chore: bump k8s.io/apimachinery from 0.29.3 to 0.30.0 in the all-go-mod group (#433) (@dependabot[bot])
- 7ba97fc: Fixing incorrect error message on Verify (#350) (@ChaosInTheCRD)
- 3a926ef: chore: bump the all-gha group with 4 updates (#440) (@dependabot[bot])
- fc48494: Link & SLSA attestor (#381) (@jkjell)
- d866f90: Improving Verify Error Response (#430) (@ChaosInTheCRD)
- 8e1f2fc: Attestor json schema (#443) (@ChaosInTheCRD)
- 53aa6ad: chore: bump the all-gha group with 5 updates (#444) (@dependabot[bot])
- b951db3: Fixing CA Path Flag to be used and adding policy timestamp server flag (#353) (@ChaosInTheCRD)
- 405a64d: Adding collection concept to docs and fixing code snippet formatting in md (#445) (@ChaosInTheCRD)
- cb6a006: Updating go-witness to v0.4.0 (#447) (@ChaosInTheCRD)
v0.4.0-beta2
v0.4.0-beta1
v0.4.0-beta
Changelog
Bug fixes
- 09f8cbb: fix: run e2e test script as part of workflows (#397) (@mikhailswift)
Others
- 838aec6: Handle multiple results from run (@jkjell)
- f8d862f: Rename exportRun and add better file naming (@jkjell)
- 609dcd4: Run make docgen (@jkjell)
- ad043b1: Update go version in actions and point go.mod to WIP go-witness (@jkjell)
- 9a85fca: Add explicit setup-go action for workflows and change attestation file output to backwards compatible (@jkjell)
- 3c8d14d: chore: bump actions/cache from 4.0.0 to 4.0.1 (#401) (@dependabot[bot])
- feac3aa: chore: bump github/codeql-action from 3.24.5 to 3.24.6 (#400) (@dependabot[bot])
- e54d8be: chore: bump actions/download-artifact from 4.1.2 to 4.1.4 (#399) (@dependabot[bot])
- a4c4029: doc: fix example in signers kms doc (#403) (@kairoaraujo)
- 910d630: Witness website netlify (#394) (@ChaosInTheCRD)
- bb8b3c0: chore: bump the go_modules group group with 2 updates (#408) (@dependabot[bot])
- 3fc10e4: chore: bump google.golang.org/protobuf from 1.32.0 to 1.33.0 (#409) (@dependabot[bot])
- 7528df2: chore: bump follow-redirects from 1.15.5 to 1.15.6 in /docs-website (#410) (@dependabot[bot])
- 1844b26: chore: bump k8s.io/apimachinery from 0.29.2 to 0.29.3 (#411) (@dependabot[bot])
- 10f895d: chore: bump actions/checkout from 4.1.1 to 4.1.2 (#412) (@dependabot[bot])
- b1ee681: chore: bump github/codeql-action from 3.24.6 to 3.24.8 (#415) (@dependabot[bot])
- 917e13b: chore: bump docker/login-action from 3.0.0 to 3.1.0 (#413) (@dependabot[bot])
- 51d0fa6: Merge branch 'main' into link-attestor (@jkjell)
- fe61acd: chore: bump webpack-dev-middleware from 5.3.3 to 5.3.4 in /docs-website (#417) (@dependabot[bot])
- 2b4213f: chore: bump github/codeql-action from 3.24.8 to 3.24.9 (#419) (@dependabot[bot])
- 78f1a7b: chore: bump actions/dependency-review-action from 4.1.3 to 4.2.4 (#420) (@dependabot[bot])
- 6bec181: chore: bump actions/cache from 4.0.1 to 4.0.2 (#421) (@dependabot[bot])
- f5deef5: chore: bump express from 4.18.3 to 4.19.2 in /docs-website (#423) (@dependabot[bot])
- c86b46d: small typo fix (#424) (@ChaosInTheCRD)
- 90cb5ac: Update dependabot.yml (#405) (@jkjell)
- 1fbdaa9: chore: bump the all-gha group with 1 update (#426) (@dependabot[bot])
- 6f7d4a8: Adding ability to list attestors (#384) (@ChaosInTheCRD)
- bed1863: Update GHA triggers to fine tune for code changes vs other updates (#406) (@jkjell)
- 74f6c3d: chore: bump the all-go-mod group with 1 update (#425) (@dependabot[bot])
- 9f16a4d: Merge branch 'main' into link-attestor (@jkjell)
- 1836ab9: Update temporary reference to go-witness commit (@jkjell)
- b8e9f51: Improvements / Changes to Link Attestor (#428) (@ChaosInTheCRD)
- d330b78: make docgen update (@jkjell)
- eef6826: Point to latest version of go-witness (@jkjell)
- 0219f20: Remove replace directive (@jkjell)
- 1ac142a: Add missing go.sum (@jkjell)
v0.3.1
Changelog
Others
- c211bfe: chore: bump actions/dependency-review-action from 4.1.1 to 4.1.3 (#395) (@dependabot[bot])
- dcac011: chore: bump github/codeql-action from 3.24.3 to 3.24.5 (#396) (@dependabot[bot])
- 997af3b: Bump to go-witness v0.3.1 (#398) (@jkjell)
v0.3.0
Changelog
Others
- 46b168d: chore: bump actions/download-artifact from 3.0.2 to 4.0.0 (#335) (@dependabot[bot])
- 34563ab: chore: bump github/codeql-action from 2.22.9 to 3.22.11 (#336) (@dependabot[bot])
- b8f36d6: chore: bump actions/upload-artifact from 3.1.3 to 4.0.0 (#337) (@dependabot[bot])
- ea67d31: chore: bump github/codeql-action from 3.22.11 to 3.22.12 (#343) (@dependabot[bot])
- 88881fa: chore: bump actions/download-artifact from 4.0.0 to 4.1.0 (#342) (@dependabot[bot])
- 2c590bb: Update go-git to resolve vulnerability (#346) (@jkjell)
- 617e15a: chore: bump actions/dependency-review-action from 3.1.4 to 3.1.5 (#349) (@dependabot[bot])
- b9e38d5: Add FOSSA license scanning (@jkjell)
- 494d44a: Add Security MD files an add FOSSA scan badge (@jkjell)
- 93768db: Pin dependencies and restrict permissions (@jkjell)
- 15d9014: Add signing to goreleaser and Best Practices badge to readme. (@jkjell)
- abce18b: Add cosign install (@jkjell)
- f2e2a6f: Update cloudflare/circl due to dependabot failure (#352) (@jkjell)
- d2471e6: chore: bump actions/cache from 3.3.2 to 3.3.3 (#355) (@dependabot[bot])
- 70e0b09: chore: bump actions/upload-artifact from 4.0.0 to 4.1.0 (#356) (@dependabot[bot])
- 63cc5d8: chore: bump github/codeql-action from 3.22.12 to 3.23.0 (#357) (@dependabot[bot])
- 83ca942: chore: bump actions/download-artifact from 4.1.0 to 4.1.1 (#358) (@dependabot[bot])
- 1a9b5a2: Initial attempt at PR and Issue templates (#351) (@jkjell)
- 06031da: Checking attestors for duplicates (#361) (@ChaosInTheCRD)
- 272e492: chore: bump actions/cache from 3.3.3 to 4.0.0 (#364) (@dependabot[bot])
- 55418b5: chore: bump actions/upload-artifact from 4.1.0 to 4.2.0 (#363) (@dependabot[bot])
- 9247c81: chore: bump github/codeql-action from 3.23.0 to 3.23.1 (#365) (@dependabot[bot])
- 2b872a3: chore: bump actions/dependency-review-action from 3.1.5 to 4.0.0 (#366) (@dependabot[bot])
- b90f41b: README and docs restructure (#362) (@ChaosInTheCRD)
- df179e2: Fixing mistakes in the readme (#368) (@ChaosInTheCRD)
- 1bbd0e8: Updating timestamper (#367) (@ChaosInTheCRD)
- cd18d5e: chore: bump actions/upload-artifact from 4.2.0 to 4.3.0 (#369) (@dependabot[bot])
- 58d5516: chore: bump github/codeql-action from 3.23.1 to 3.23.2 (#370) (@dependabot[bot])
- dfd64fe: Updated witness to use changes made to
cryptoutil.DigestValue
implemented in go-witness (#371) (@ChaosInTheCRD) - 0e7dda9: Add back license scanning badge (#377) (@jkjell)
- 2923f96: chore: bump github/codeql-action from 3.23.2 to 3.24.0 (#378) (@dependabot[bot])
- 3195add: chore: bump step-security/harden-runner from 2.6.1 to 2.7.0 (#379) (@dependabot[bot])
- 1144fa5: chore: bump sigstore/cosign-installer from 3.3.0 to 3.4.0 (#380) (@dependabot[bot])
- 58fe093: chore: bump actions/download-artifact from 4.1.1 to 4.1.2 (#382) (@dependabot[bot])
- be37eee: chore: bump actions/upload-artifact from 4.3.0 to 4.3.1 (#383) (@dependabot[bot])
- c27a4f5: KMS Support (#376) (@ChaosInTheCRD)
- 17bdb4e: Add Tom as a Witness maintainer (#385) (@jkjell)
- e438568: chore: bump testifysec/witness-run-action from 0.1.3 to 0.1.5 (#389) (@dependabot[bot])
- 001a113: chore: bump k8s.io/apimachinery from 0.26.13 to 0.26.14 (#386) (@dependabot[bot])
- f772f2d: chore: bump golangci/golangci-lint-action from 3.7.0 to 4.0.0 (#387) (@dependabot[bot])
- 161286d: chore: bump fossas/fossa-action from 1.3.1 to 1.3.3 (#390) (@dependabot[bot])
- db7a266: chore: bump github/codeql-action from 3.24.0 to 3.24.3 (#391) (@dependabot[bot])
- 0df242b: chore: bump actions/dependency-review-action from 4.0.0 to 4.1.1 (#392) (@dependabot[bot])
v0.3.0-beta-kms
Changelog
Bug fixes
- e92de32: fix: update tests for loadSigners changes (@mikhailswift)
Others
- 46b168d: chore: bump actions/download-artifact from 3.0.2 to 4.0.0 (#335) (@dependabot[bot])
- 34563ab: chore: bump github/codeql-action from 2.22.9 to 3.22.11 (#336) (@dependabot[bot])
- b8f36d6: chore: bump actions/upload-artifact from 3.1.3 to 4.0.0 (#337) (@dependabot[bot])
- ea67d31: chore: bump github/codeql-action from 3.22.11 to 3.22.12 (#343) (@dependabot[bot])
- 88881fa: chore: bump actions/download-artifact from 4.0.0 to 4.1.0 (#342) (@dependabot[bot])
- 2c590bb: Update go-git to resolve vulnerability (#346) (@jkjell)
- 617e15a: chore: bump actions/dependency-review-action from 3.1.4 to 3.1.5 (#349) (@dependabot[bot])
- b9e38d5: Add FOSSA license scanning (@jkjell)
- 494d44a: Add Security MD files an add FOSSA scan badge (@jkjell)
- 93768db: Pin dependencies and restrict permissions (@jkjell)
- 15d9014: Add signing to goreleaser and Best Practices badge to readme. (@jkjell)
- abce18b: Add cosign install (@jkjell)
- f2e2a6f: Update cloudflare/circl due to dependabot failure (#352) (@jkjell)
- d2471e6: chore: bump actions/cache from 3.3.2 to 3.3.3 (#355) (@dependabot[bot])
- 70e0b09: chore: bump actions/upload-artifact from 4.0.0 to 4.1.0 (#356) (@dependabot[bot])
- 63cc5d8: chore: bump github/codeql-action from 3.22.12 to 3.23.0 (#357) (@dependabot[bot])
- 83ca942: chore: bump actions/download-artifact from 4.1.0 to 4.1.1 (#358) (@dependabot[bot])
- 1a9b5a2: Initial attempt at PR and Issue templates (#351) (@jkjell)
- 06031da: Checking attestors for duplicates (#361) (@ChaosInTheCRD)
- 272e492: chore: bump actions/cache from 3.3.3 to 4.0.0 (#364) (@dependabot[bot])
- 55418b5: chore: bump actions/upload-artifact from 4.1.0 to 4.2.0 (#363) (@dependabot[bot])
- 9247c81: chore: bump github/codeql-action from 3.23.0 to 3.23.1 (#365) (@dependabot[bot])
- 2b872a3: chore: bump actions/dependency-review-action from 3.1.5 to 4.0.0 (#366) (@dependabot[bot])
- b90f41b: README and docs restructure (#362) (@ChaosInTheCRD)
- df179e2: Fixing mistakes in the readme (#368) (@ChaosInTheCRD)
- 1bbd0e8: Updating timestamper (#367) (@ChaosInTheCRD)
- cd18d5e: chore: bump actions/upload-artifact from 4.2.0 to 4.3.0 (#369) (@dependabot[bot])
- 58d5516: chore: bump github/codeql-action from 3.23.1 to 3.23.2 (#370) (@dependabot[bot])
- dfd64fe: Updated witness to use changes made to
cryptoutil.DigestValue
implemented in go-witness (#371) (@ChaosInTheCRD) - 0e7dda9: Add back license scanning badge (#377) (@jkjell)
- 873b868: adding changes for testing kms (@ChaosInTheCRD)
- 7e96be8: implementing verifier for policy with KMS (@ChaosInTheCRD)
- b114971: adding changes (@ChaosInTheCRD)
- a19520d: removing log (@ChaosInTheCRD)
- 5cc4119: saving progress (@ChaosInTheCRD)
- 459e059: saving progress (@ChaosInTheCRD)
- 2615fd7: adding hashivault provider (@ChaosInTheCRD)
- 7d78cd7: we dont always add verifiers (@ChaosInTheCRD)
- 2511ea3: preparing for draft PR (@ChaosInTheCRD)
- cfaf12c: fixing go mod (@ChaosInTheCRD)
- 7fef9cc: added implementation for passing in extra options for the kms providers (@ChaosInTheCRD)