microsoft/hve-core

Public

mirrored from https://github.com/microsoft/hve-coreAvailable

CodeCommitsIssuesPull requestsActionsInsightsSecurity
7226b4c1944c0773b20eeb1b3be5a4aebf11d4e9

Branches

Tags

  • No tags available.
0Branches0Tags
Go to file
Add file
Code

Clone

HTTPS

Download ZIP

scripts/security/tool-checksums.json

38lines · modecode

1{
2 "$schema": "https://json-schema.org/draft/2020-12/schema",
3 "description": "Tool version and checksum manifest for staleness detection",
4 "tools": [
5 {
6 "name": "actionlint",
7 "repo": "rhysd/actionlint",
8 "version": "1.7.10",
9 "sha256": "f4c76b71db5755a713e6055cbb0857ed07e103e028bda117817660ebadb4386f",
10 "downloadUrlTemplate": "https://github.com/rhysd/actionlint/releases/download/v{version}/actionlint_{version}_linux_amd64.tar.gz",
11 "notes": "Used in devcontainer for GitHub Actions workflow linting"
12 },
13 {
14 "name": "gitleaks",
15 "repo": "gitleaks/gitleaks",
16 "version": "8.30.0",
17 "sha256": "79a3ab579b53f71efd634f3aaf7e04a0fa0cf206b7ed434638d1547a2470a66e",
18 "downloadUrlTemplate": "https://github.com/gitleaks/gitleaks/releases/download/v{version}/gitleaks_{version}_linux_x64.tar.gz",
19 "notes": "Used in devcontainer for secret scanning"
20 },
21 {
22 "name": "cosign",
23 "repo": "sigstore/cosign",
24 "version": "3.0.5",
25 "sha256": "db15cc99e6e4837daabab023742aaddc3841ce57f193d11b7c3e06c8003642b2",
26 "downloadUrlTemplate": "https://github.com/sigstore/cosign/releases/download/v{version}/cosign-linux-amd64",
27 "notes": "Used in devcontainer and copilot-setup-steps for artifact manifest signing (linux/amd64)"
28 },
29 {
30 "name": "cosign-arm64",
31 "repo": "sigstore/cosign",
32 "version": "3.0.5",
33 "sha256": "d098f3168ae4b3aa70b4ca78947329b953272b487727d1722cb3cb098a1a20ab",
34 "downloadUrlTemplate": "https://github.com/sigstore/cosign/releases/download/v{version}/cosign-linux-arm64",
35 "notes": "Used in copilot-setup-steps for artifact manifest signing on arm64 runners"
36 }
37 ]
38}