·
6 commits
to master
since this release
Immutable
release. Only release title and notes can be modified.
Highlights
ποΈ Infrastructure & DevOps
- build(deps): Bump actions/dependency-review-action from 4.9.0 to 5.0.0 @dependabot[bot] (#1226)
π Security & Compliance
- build(deps): Bump actions/dependency-review-action from 4.9.0 to 5.0.0 @dependabot[bot] (#1226)
π¦ Dependencies
- build(deps): Bump fast-uri from 3.1.0 to 3.1.2 in the npm_and_yarn group across 1 directory @dependabot[bot] (#1227)
- build(deps): Bump actions/dependency-review-action from 4.9.0 to 5.0.0 @dependabot[bot] (#1226)
π Content & SEO
- build(deps): Bump fast-uri from 3.1.0 to 3.1.2 in the npm_and_yarn group across 1 directory @dependabot[bot] (#1227)
- build(deps): Bump actions/dependency-review-action from 4.9.0 to 5.0.0 @dependabot[bot] (#1226)
π Hack23 Quality & Security Badges
π ISMS Public Policies
Hack23 is committed to transparency and evidence-based security. All policies are publicly available:
π Quality & Security Reports
This release includes comprehensive quality assurance and security validation:
π Supply Chain Security (SLSA Build Level 3)
- β Build Provenance Attestation: View Attestations
- π¦ SBOM (SPDX format):
homepage-v1.0.17.spdx.json - π GitHub OIDC Signing: Ephemeral credentials, no long-lived secrets
- π‘οΈ Tag-Triggered Parameterless Builds: Reproducible builds from source tags (workflow_dispatch allows version parameter input)
π§ͺ Test & Quality Reports (docs/ directory)
- β HTML Validation: W3C standards compliance
- β‘ Lighthouse Audit: Performance, SEO, Best Practices
- βΏ Accessibility Report: WCAG 2.1 AA compliant (Score: 100)
- π Security Scan: OWASP ZAP full scan
- π Documentation Viewer: Comprehensive quality dashboard
π Quality Metrics
- Lighthouse Performance: > 90
- Lighthouse Accessibility: 100 (WCAG 2.1 AA)
- Lighthouse SEO: 100
- Lighthouse Best Practices: 100
- HTML Validation: Pass (W3C)
- Security Score: OpenSSF Scorecard tracked
π Deployment Targets
- Primary: https://hack23.com (AWS S3 + CloudFront)
- Backup: https://hack23.github.io/homepage/ (GitHub Pages)
- Node.js Version: 26 (Current)
π Verify Release Artifacts
Verify Build Attestations
# Install GitHub CLI (gh) if not already installed
# Download and verify the release artifact
gh attestation verify homepage-v1.0.17.zip --owner Hack23View SBOM (Software Bill of Materials)
# Download the SBOM from release assets
gh release download v1.0.17 --repo Hack23/homepage --pattern "homepage-v1.0.17.spdx.json"
# View SBOM in JSON format
cat homepage-v1.0.17.spdx.json | jq
# Extract package list from SBOM
cat homepage-v1.0.17.spdx.json | jq '.packages[] | {name, version}'Verify Release Signature
# Verify the release was signed with GitHub's OIDC provider
gh attestation verify homepage-v1.0.17.zip \
--owner Hack23 \
--signer-workflow Hack23/homepage/.github/workflows/release.ymlπ Contributors
Thanks to @dependabot[bot], @pethers and dependabot[bot] for their contributions to this release!
Full Changelog: v1.0.16...v1.0.17
π¦ Release Artifacts
homepage-v1.0.17.zip- Complete website package (minified HTML/CSS/JS)homepage-v1.0.17.zip.sha256- Checksum for verificationhomepage-v1.0.17.spdx.json- SBOM (Software Bill of Materials)*.intoto.jsonl- SLSA Build Provenance Attestations
π Security
All artifacts include SLSA Build Provenance attestations and SBOM for supply chain security.
Verify artifacts using the GitHub CLI:
# Verify checksum
sha256sum -c homepage-v1.0.17.zip.sha256
# Verify build attestation
gh attestation verify homepage-v1.0.17.zip -R Hack23/homepageContributors
pethers and dependabot