June 2025 Monthly Summary for chainguard-dev/vulnerability-scanner-support: Delivered Scanner-Audit: Layered OCI Image Test Coverage feature with new test cases, updated documentation, and wiring to run these tests. This work strengthens validation of layered image scenarios, improves vulnerability detection accuracy, and supports CI reliability. No major bug fixes reported in this period.

January 2025 monthly summary for chainguard-dev/melange focusing on build-system enhancements and SBOM reliability improvements. Delivered per-package build customization via a GCC specs file generated in the workspace, strengthened SBOM integrity by switching SPDX namespace hashing from SHA1 to FNV-1a, and fixed copyright metadata handling to NOASSERTION when no attestation is present. These changes boost release reproducibility, security, and SPDX compliance while using maintainable Go templates and standard hashing practices.

December 2024 monthly summary for chainguard-dev/melange. Focused on strengthening APK signing security defaults and modernizing the test stack. Delivered default RSA256 with SHA2-256 signing and a runtime opt-out to SHA1 to align with apko, ensuring consistent, secure signing for both APKs and APKINDEX.tar.gz. Upgraded end-to-end tests to Python 3.13 and updated related configurations (numpy-test.yaml) to reflect new package lists and test commands. These changes reduce security risk, improve interoperability with downstream packaging, and enhance test reliability. No major regressions observed; maintained momentum across security, CI, and repository health.