instant-cli
Instant's CLI
Supply chain provenance
Status for the latest visible version.
Maintainers
Accepted risks
Findings the reviewer chose to accept rather than block on.
| Source | Rule | Reason | Accepted by | When |
|---|---|---|---|---|
| maintainer-change | maintainer-removed | AI (maintainer-change): Maintainer removal is consistent with the transition to automated GitHub Actions publishing; SLSA attestation confirms the official repo is the source. | ai | |
| provenance | publisher-changed | AI (provenance): Publisher changed to GitHub Actions with SLSA provenance attestation from the official instantdb/instant repo — this reflects a legitimate CI/CD migration, not a compromise. | ai | |
| publish-pattern | dormant-publish | AI (publish-pattern): Package has SLSA provenance attestation confirming CI/CD publish; dormancy followed by legitimate feature release is consistent with this project's history. | ai | |
| phantom-deps | phantom-dep:dotenv | AI (phantom-deps): dotenv is a declared dependency used via config files; phantom detection is a false positive for this package. | ai | |
| phantom-deps | phantom-dep:commander | AI (phantom-deps): commander is a declared dependency; @commander-js/extra-typings wraps it. Phantom detection is a false positive here. | ai | |
| phantom-deps | phantom-dep:ansi-escapes | AI (phantom-deps): ansi-escapes is a declared dependency used indirectly; false positive for this package. | ai | |
| provenance | slsa-provenance | AI (provenance): instant-cli consistently publishes via CI/CD with SLSA provenance; this is a stable supply chain integrity signal for this package. | ai | |
| dependencies | unvetted-dep:pkg-types | AI (dependencies): pkg-types is a well-maintained UnJS package used by Vite, Nuxt, and many major tools. Not a security concern for this package. | ai | |
| semgrep | semgrep:base64-decode | AI (semgrep): Base64 decoding in an auth client module is a normal operation for decoding auth tokens/credentials. No obfuscation or malicious payload hiding evident. | ai | |
| semgrep | semgrep:env-spread | AI (semgrep): Flagged code is in a test helper (__tests__/e2e/helpers.ts) that spreads process.env to pass env vars to a child process — standard CLI test harness pattern, not a runtime risk. | ai |
Versions (showing 98 of 198)
| Version | Deps | Published |
|---|---|---|
| 0.22.132 | 23 / 8 | |
| 0.22.131 | 23 / 8 | |
| 0.22.130 | 23 / 8 | |
| 0.22.129 | 23 / 8 | |
| 0.22.128 | 23 / 8 | |
| 0.22.127 | 23 / 8 | |
| 0.22.126 | 23 / 8 | |
| 0.22.125 | 23 / 8 | |
| 0.22.124 | 23 / 8 | |
| 0.22.123 | 23 / 8 | |
| 0.22.122 | 23 / 8 | |
| 0.22.121 | 23 / 8 | |
| 0.22.120 | 23 / 8 | |
| 0.22.119 | 23 / 8 | |
| 0.22.118 | 23 / 8 | |
| 0.22.117 | 23 / 8 | |
| 0.22.116 | 23 / 8 | |
| 0.22.115 | 23 / 8 | |
| 0.22.114 | 23 / 8 | |
| 0.22.113 | 23 / 8 | |
| 0.22.112 | 23 / 8 | |
| 0.22.111 | 23 / 8 | |
| 0.22.110 | 23 / 8 | |
| 0.22.109 | 23 / 8 | |
| 0.22.108 | 23 / 8 | |
| 0.22.107 | 23 / 8 | |
| 0.22.106 | 23 / 8 | |
| 0.22.105 | 23 / 8 | |
| 0.22.104 | 23 / 8 | |
| 0.22.103 | 23 / 8 | |
| 0.22.102 | 23 / 8 | |
| 0.22.101 | 23 / 8 | |
| 0.22.100 | 23 / 8 | |
| 0.22.99 | 23 / 8 | |
| 0.22.98 | 23 / 8 | |
| 0.22.97 | 23 / 8 | |
| 0.22.96 | 23 / 8 | |
| 0.22.95 | 23 / 8 | |
| 0.22.94 | 21 / 8 | |
| 0.22.93 | 21 / 8 | |
| 0.22.92 | 21 / 8 | |
| 0.22.91 | 21 / 8 | |
| 0.22.90 | 21 / 8 | |
| 0.22.89 | 21 / 8 | |
| 0.22.88 | 21 / 8 | |
| 0.22.87 | 19 / 8 | |
| 0.22.86 | 19 / 8 | |
| 0.22.85 | 19 / 8 | |
| 0.22.84 | 19 / 8 | |
| 0.22.83 | 19 / 8 | |
| 0.22.82 | 19 / 8 | |
| 0.22.81 | 19 / 8 | |
| 0.22.80 | 19 / 8 | |
| 0.22.79 | 19 / 8 | |
| 0.22.78 | 19 / 8 | |
| 0.22.77 | 19 / 8 | |
| 0.22.76 | 19 / 8 | |
| 0.22.75 | 19 / 8 | |
| 0.22.74 | 19 / 8 | |
| 0.22.73 | 19 / 8 | |
| 0.22.72 | 19 / 8 | |
| 0.22.71 | 19 / 8 | |
| 0.22.70 | 19 / 8 | |
| 0.22.69 | 19 / 8 | |
| 0.22.68 | 19 / 8 | |
| 0.22.67 | 19 / 8 | |
| 0.22.66 | 19 / 8 | |
| 0.22.65 | 19 / 8 | |
| 0.22.64 | 19 / 8 | |
| 0.22.63 | 19 / 8 | |
| 0.22.62 | 19 / 8 | |
| 0.22.61 | 19 / 8 | |
| 0.22.60 | 19 / 8 | |
| 0.22.59 | 19 / 8 | |
| 0.22.58 | 19 / 8 | |
| 0.22.57 | 19 / 8 | |
| 0.22.56 | 19 / 8 | |
| 0.22.55 | 19 / 8 | |
| 0.22.54 | 19 / 8 | |
| 0.22.53 | 19 / 8 | |
| 0.22.52 | 19 / 8 | |
| 0.22.51 | 19 / 8 | |
| 0.22.50 | 19 / 8 | |
| 0.22.49 | 19 / 8 | |
| 0.22.48 | 19 / 8 | |
| 0.22.47 | 19 / 8 | |
| 0.22.46 | 19 / 8 | |
| 0.22.45 | 19 / 8 | |
| 0.22.44 | 19 / 8 | |
| 0.22.43 | 19 / 8 | |
| 0.22.42 | 19 / 8 | |
| 0.22.41 | 19 / 8 | |
| 0.22.40 | 19 / 8 | |
| 0.22.39 | 19 / 8 | |
| 0.22.38 | 19 / 8 | |
| 0.22.37 | 19 / 8 | |
| 0.22.36 | 19 / 8 | |
| 0.22.35 | 19 / 8 |
v0.22.132
2 findingsThis version was published by a different npm account than previous versions on 2026-02-11. This could indicate a legitimate maintainer transition or an account compromise.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.22.131
2 findingsThis version was published by a different npm account than previous versions on 2026-02-11. This could indicate a legitimate maintainer transition or an account compromise.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.22.130
2 findingsThis version was published by a different npm account than previous versions on 2026-02-11. This could indicate a legitimate maintainer transition or an account compromise.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.22.129
2 findingsThis version was published by a different npm account than previous versions on 2026-02-10. This could indicate a legitimate maintainer transition or an account compromise.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.22.128
2 findingsThis version was published by a different npm account than previous versions on 2026-02-10. This could indicate a legitimate maintainer transition or an account compromise.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.22.127
2 findingsThis version was published by a different npm account than previous versions on 2026-02-10. This could indicate a legitimate maintainer transition or an account compromise.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.22.126
2 findingsThis version was published by a different npm account than previous versions on 2026-02-06. This could indicate a legitimate maintainer transition or an account compromise.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.22.125
2 findingsThis version was published by a different npm account than previous versions on 2026-02-05. This could indicate a legitimate maintainer transition or an account compromise.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.22.124
2 findingsThis version was published by a different npm account than previous versions on 2026-02-05. This could indicate a legitimate maintainer transition or an account compromise.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.22.123
2 findingsThis version was published by a different npm account than previous versions on 2026-02-05. This could indicate a legitimate maintainer transition or an account compromise.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.22.122
2 findingsThis version was published by a different npm account than previous versions on 2026-02-04. This could indicate a legitimate maintainer transition or an account compromise.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.22.121
2 findingsThis version was published by a different npm account than previous versions on 2026-02-02. This could indicate a legitimate maintainer transition or an account compromise.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.22.120
2 findingsThis version was published by a different npm account than previous versions on 2026-02-02. This could indicate a legitimate maintainer transition or an account compromise.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.22.119
2 findingsThis version was published by a different npm account than previous versions on 2026-01-30. This could indicate a legitimate maintainer transition or an account compromise.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.22.118
2 findingsThis version was published by a different npm account than previous versions on 2026-01-29. This could indicate a legitimate maintainer transition or an account compromise.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.22.117
2 findingsThis version was published by a different npm account than previous versions on 2026-01-29. This could indicate a legitimate maintainer transition or an account compromise.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.22.116
2 findingsThis version was published by a different npm account than previous versions on 2026-01-28. This could indicate a legitimate maintainer transition or an account compromise.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.22.115
2 findingsThis version was published by a different npm account than previous versions on 2026-01-27. This could indicate a legitimate maintainer transition or an account compromise.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.22.114
2 findingsThis version was published by a different npm account than previous versions on 2026-01-26. This could indicate a legitimate maintainer transition or an account compromise.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.22.113
2 findingsThis version was published by a different npm account than previous versions on 2026-01-26. This could indicate a legitimate maintainer transition or an account compromise.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.22.112
2 findingsThis version was published by a different npm account than previous versions on 2026-01-24. This could indicate a legitimate maintainer transition or an account compromise.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.22.111
2 findingsThis version was published by a different npm account than previous versions on 2026-01-23. This could indicate a legitimate maintainer transition or an account compromise.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.22.110
2 findingsThis version was published by a different npm account than previous versions on 2026-01-23. This could indicate a legitimate maintainer transition or an account compromise.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.22.109
2 findingsThis version was published by a different npm account than previous versions on 2026-01-22. This could indicate a legitimate maintainer transition or an account compromise.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.22.108
2 findingsThis version was published by a different npm account than previous versions on 2026-01-22. This could indicate a legitimate maintainer transition or an account compromise.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.22.107
2 findingsThis version was published by a different npm account than previous versions on 2026-01-21. This could indicate a legitimate maintainer transition or an account compromise.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.22.106
2 findingsThis version was published by a different npm account than previous versions on 2026-01-21. This could indicate a legitimate maintainer transition or an account compromise.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.22.105
2 findingsThis version was published by a different npm account than previous versions on 2026-01-16. This could indicate a legitimate maintainer transition or an account compromise.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.22.104
2 findingsThis version was published by a different npm account than previous versions on 2026-01-15. This could indicate a legitimate maintainer transition or an account compromise.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.22.103
2 findingsThis version was published by a different npm account than previous versions on 2026-01-14. This could indicate a legitimate maintainer transition or an account compromise.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.22.102
2 findingsThis version was published by a different npm account than previous versions on 2026-01-13. This could indicate a legitimate maintainer transition or an account compromise.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.22.101
2 findingsThis version was published by a different npm account than previous versions on 2026-01-09. This could indicate a legitimate maintainer transition or an account compromise.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.22.100
2 findingsThis version was published by a different npm account than previous versions on 2026-01-08. This could indicate a legitimate maintainer transition or an account compromise.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.22.99
2 findingsThis version was published by a different npm account than previous versions on 2026-01-07. This could indicate a legitimate maintainer transition or an account compromise.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.22.98
2 findingsThis version was published by a different npm account than previous versions on 2026-01-06. This could indicate a legitimate maintainer transition or an account compromise.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.22.97
2 findingsThis version was published by a different npm account than previous versions on 2026-01-06. This could indicate a legitimate maintainer transition or an account compromise.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.22.96
2 findingsThis version was published by a different npm account than previous versions on 2025-12-20. This could indicate a legitimate maintainer transition or an account compromise.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.22.95
2 findingsThis version was published by a different npm account than previous versions on 2025-12-19. This could indicate a legitimate maintainer transition or an account compromise.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.22.94
2 findingsThis version was published by a different npm account than previous versions on 2025-12-19. This could indicate a legitimate maintainer transition or an account compromise.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.22.93
2 findingsThis version was published by a different npm account than previous versions on 2025-12-18. This could indicate a legitimate maintainer transition or an account compromise.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.22.92
2 findingsThis version was published by a different npm account than previous versions on 2025-12-18. This could indicate a legitimate maintainer transition or an account compromise.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.22.91
2 findingsThis version was published by a different npm account than previous versions on 2025-12-17. This could indicate a legitimate maintainer transition or an account compromise.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.22.90
2 findingsThis version was published by a different npm account than previous versions on 2025-12-16. This could indicate a legitimate maintainer transition or an account compromise.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.22.89
2 findingsThis version was published by a different npm account than previous versions on 2025-12-16. This could indicate a legitimate maintainer transition or an account compromise.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.22.88
2 findingsThis version was published by a different npm account than previous versions on 2025-12-15. This could indicate a legitimate maintainer transition or an account compromise.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.22.87
2 findingsThis version was published by a different npm account than previous versions on 2025-12-12. This could indicate a legitimate maintainer transition or an account compromise.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.22.86
2 findingsThis version was published by a different npm account than previous versions on 2025-12-11. This could indicate a legitimate maintainer transition or an account compromise.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.22.85
2 findingsThis version was published by a different npm account than previous versions on 2025-12-10. This could indicate a legitimate maintainer transition or an account compromise.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.22.84
2 findingsThis version was published by a different npm account than previous versions on 2025-12-09. This could indicate a legitimate maintainer transition or an account compromise.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.22.83
2 findingsThis version was published by a different npm account than previous versions on 2025-12-09. This could indicate a legitimate maintainer transition or an account compromise.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.22.82
2 findingsThis version was published by a different npm account than previous versions on 2025-12-09. This could indicate a legitimate maintainer transition or an account compromise.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.22.81
2 findingsThis version was published by a different npm account than previous versions on 2025-12-09. This could indicate a legitimate maintainer transition or an account compromise.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.22.80
2 findingsThis version was published by a different npm account than previous versions on 2025-12-09. This could indicate a legitimate maintainer transition or an account compromise.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.22.79
2 findingsThis version was published by a different npm account than previous versions on 2025-12-09. This could indicate a legitimate maintainer transition or an account compromise.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.22.78
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.22.77
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.22.76
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.22.75
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.22.74
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.22.73
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.22.72
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.22.71
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.22.70
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.22.69
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.22.68
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.22.67
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.22.66
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.22.65
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.22.64
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.22.63
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.22.62
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.22.61
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.22.60
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.22.59
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.22.58
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.22.57
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.22.56
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.22.55
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.22.54
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.22.53
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.22.52
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.22.51
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.22.50
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.22.49
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.22.48
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.22.47
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.22.46
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.22.45
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.22.44
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.22.43
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.22.42
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.22.41
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.22.40
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.22.39
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.22.38
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.22.37
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.22.36
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.22.35
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.