evankanderson

--- docs/versions/2025-02-25.md	2025-10-13 12:41:28.344206651 -0700
+++ docs/versions/2025-10-10.md	2025-10-13 12:41:28.344707215 -0700
@@ -1,10 +1,14 @@
+---
+nav-title: Current Version
+---
 
 # Open Source Project Security Baseline
 
-Version: 2025-02-25

evankanderson

{
    "_type": "https://in-toto.io/Statement/v1",
    "subject": [
        {
            "name": "software",
            "uri": "https://github.com/mindersec/minder"
        },
        {
            "name": "governance",
            "uri": "https://github.com/mindersec/community"

evankanderson

...
  - name: config-provider
    templateRef:
      kind: ClusterConfigTemplate
      name: convention-template
    params:
    - name: serviceAccount
      value: default
    images:
    - resource: image-provider

evankanderson

#!/bin/sh

# Assumes Docker desktop installed
#

VARIANT="$(uname -sm | tr 'A-Z ' 'a-z-' | sed s/aarch64/arm64/ | sed s/x86_64/amd64/)"
FUNC_VARIANT="$(echo $VARIANT | tr '-' '_')"

curl -L -o kn https://github.com/knative/client/releases/download/knative-v1.2.0/kn-$VARIANT
curl -L -o kn-plugin-quickstart https://github.com/knative-sandbox/kn-plugin-quickstart/releases/download/knative-v1.2.0/kn-quickstart-$VARIANT

evankanderson

serving-istio:
  primary:
    github:
      repo: "knative/serving"
    include:
      - ".*.yaml"
    exclude:
      - "monitoring.*"
      - "serving.yaml"
      - "serving-storage-version-migration.yaml"

evankanderson

kn service update hello \
  --env TARGET="Knative from v2" \
  --revision-name hello-v2 \
  --tag hello-v2=v2 \
  --tag $(kubectl get ksvc hello --template='{{.status.latestReadyRevisionName}}')=v1 \
  --traffic v1=75,v2=25

evankanderson

{"client":"github","component":"unset","file":"prow/github/client.go:562","func":"k8s.io/test-infra/prow/github.(*client).log","level":"info","msg":"GetOrg(knative-sandbox)","time":"2020-05-20T06:26:35-07:00"}
{"client":"github","component":"unset","file":"prow/github/client.go:562","func":"k8s.io/test-infra/prow/github.(*client).log","level":"info","msg":"ListOrgInvitations(knative-sandbox)","time":"2020-05-20T06:26:35-07:00"}
{"client":"github","component":"unset","file":"prow/github/client.go:562","func":"k8s.io/test-infra/prow/github.(*client).log","level":"info","msg":"User()","time":"2020-05-20T06:26:36-07:00"}
{"client":"github","component":"unset","file":"prow/github/client.go:562","func":"k8s.io/test-infra/prow/github.(*client).log","level":"info","msg":"ListOrgMembers(knative-sandbox, admin)","time":"2020-05-20T06:26:37-07:00"}
{"client":"github","component":"unset","file":"prow/github/client.go:562","func":"k8s.io/test-infra/prow/github.(*client).log","level":"info","msg":"ListOrgMembers(knative-sa

evankanderson

apiGroup: security.knative.dev/v1alpha1
kind: PolicyBinding
metadata:
  name: green-service
spec:
  policy: green-policy
  targets:
  - apiGroup: serving.knative.dev/v1
    kind: Service
    selector:

evankanderson

apiGroup: security.knative.dev/v1alpha1
kind: Policy
metadata:
  name: green-policy
spec:
  cloudEvent:
    type: green
  # Or
  cloudEventExpressions:
    - {key: type, operator: In, values: [green]}

evankanderson

// Callback is a generic function to be called by a consumer of validation
type Callback struct {
    callback func(ctx context.Context, unstructured *unstructured.Unstructured) error
    supportedVerbs map[admissionv1beta1.Operation]bool
}

func (c Callback) Process(....) {
    // Do some stuff
}