Hi @michelblanc — thanks for the certspotter container, it's been the basis of my CT-log monitoring for a couple of years.
I've been running a fork that's accumulated some changes I'd like to consolidate back if you have appetite for it.
Scoping diff
Browseable compare URL against master:
master...tillo:docker-certspotter:mdapi-fork-state
(15 commits net; 13 of those are mdapi-internal CI noise.)
Genuinely upstream-worthy changes
- Version bumps — Go (latest, was 1.17), Debian (latest), certspotter (latest via
go install …@latest). Straightforward.
- Continuous-mode operation with hook scripts — re-runs certspotter on a configurable interval rather than one-shot, calls every executable in
/certspotter/hooks.d/ on each new cert. Backwards-compatible (default behaviour unchanged if no CS_DELAY set, or kept current default).
notify.sh text-improvement + Pushover hook script — alongside the existing Slack notification, adds a generic Pushover hook example (drop-in to the hooks.d pattern, no new dependency in the image).
The remaining ~13 commits are mdapi-specific: GitLab CI restructuring (kaniko/buildkit, Syft+Grype SBOM scanning, Pushover-on-failure notifications, daily cachebust pattern), .grype.yaml suppressions, our internal dependency-proxy FROM indirection, and the recent leak-prevention sweep (.gitignore baseline + gitleaks CI stage). None of those would belong upstream.
How would you like to receive this?
- Decline — totally fine, the fork stays at
MDAPI-Repos/certspotter for anyone who wants the variant.
- Three small PRs — one for version bumps, one for continuous-mode + hooks.d expansion, one for Pushover notify script.
- One squashed PR with all three, easier for you to skim.
- Just the version bumps, skip the behaviour change — also fine.
Happy to do whichever; just want to know before I send PRs in case you're not actively maintaining this. The repo's last commit being from April 2024 made me want to ask first rather than fire off PRs.
Hi @michelblanc — thanks for the certspotter container, it's been the basis of my CT-log monitoring for a couple of years.
I've been running a fork that's accumulated some changes I'd like to consolidate back if you have appetite for it.
Scoping diff
Browseable compare URL against
master:master...tillo:docker-certspotter:mdapi-fork-state
(15 commits net; 13 of those are mdapi-internal CI noise.)
Genuinely upstream-worthy changes
go install …@latest). Straightforward./certspotter/hooks.d/on each new cert. Backwards-compatible (default behaviour unchanged if noCS_DELAYset, or kept current default).notify.shtext-improvement + Pushover hook script — alongside the existing Slack notification, adds a generic Pushover hook example (drop-in to the hooks.d pattern, no new dependency in the image).The remaining ~13 commits are mdapi-specific: GitLab CI restructuring (kaniko/buildkit, Syft+Grype SBOM scanning, Pushover-on-failure notifications, daily cachebust pattern),
.grype.yamlsuppressions, our internal dependency-proxyFROMindirection, and the recent leak-prevention sweep (.gitignorebaseline + gitleaks CI stage). None of those would belong upstream.How would you like to receive this?
MDAPI-Repos/certspotterfor anyone who wants the variant.Happy to do whichever; just want to know before I send PRs in case you're not actively maintaining this. The repo's last commit being from April 2024 made me want to ask first rather than fire off PRs.