ossf/scorecard
1
1
Fork 0
mirror of https://github.com/ossf/scorecard.git synced 2024-09-11 08:55:27 +03:00
Code Issues Actions 6 Packages Projects Releases Wiki Activity
main
scorecard/probes/blocksForcePushOnBranches/def.yml

42 lines
2.4 KiB
YAML
Raw Permalink Normal View History

:seedling: Add probes for Branch Protection (#3691) * :seedling: Add probes for Branch Protection Signed-off-by: AdamKorcz <adam@adalogics.com> * specify that Scorecard only considers default and releases branches Signed-off-by: Adam Korczynski <adam@adalogics.com> * reduce duplication in blocksDeleteOnBranches Signed-off-by: Adam Korczynski <adam@adalogics.com> * use helper to test for boolean values Signed-off-by: Adam Korczynski <adam@adalogics.com> * Fix typo, mention OutcomeNotAvailable Signed-off-by: Adam Korczynski <adam@adalogics.com> * fix typo and elaborate on effort Signed-off-by: Adam Korczynski <adam@adalogics.com> * fix typo. Specify which branches the probe considers Signed-off-by: Adam Korczynski <adam@adalogics.com> * Fix copy paste typo Signed-off-by: Adam Korczynski <adam@adalogics.com> * remove '/en' from url Signed-off-by: Adam Korczynski <adam@adalogics.com> * change effort from 'High' to 'Low' in the blocksForcePushOnBranches probe def Signed-off-by: Adam Korczynski <adam@adalogics.com> * fix remediation level Signed-off-by: Adam Korczynski <adam@adalogics.com> * Change probe package name Signed-off-by: Adam Korczynski <adam@adalogics.com> * improve probe definitions Signed-off-by: Adam Korczynski <adam@adalogics.com> * refactor test names Signed-off-by: Adam Korczynski <adam@adalogics.com> * Change motivation of two probes Signed-off-by: Adam Korczynski <adam@adalogics.com> * downgrade effort of runsStatusChecksBeforeMerging Signed-off-by: Adam Korczynski <adam@adalogics.com> * reduce complexity of blocksForcePushOnBranches Signed-off-by: Adam Korczynski <adam@adalogics.com> * simplify requiresCodeOwnersReview logic Signed-off-by: Adam Korczynski <adam@adalogics.com> * fix linter issues Signed-off-by: Adam Korczynski <adam@adalogics.com> * fix copy paste error Signed-off-by: Adam Korczynski <adam@adalogics.com> * differentiate trueMsg and falseMsg in requiresApproversForPullRequests Signed-off-by: Adam Korczynski <adam@adalogics.com> * fix text in requiresCodeOwnersReview Signed-off-by: Adam Korczynski <adam@adalogics.com> * change outcome in utils Signed-off-by: Adam Korczynski <adam@adalogics.com> * fix lint issues Signed-off-by: Adam Korczynski <adam@adalogics.com> * fix nit in text Signed-off-by: Adam Korczynski <adam@adalogics.com> * use standardized messages Signed-off-by: Adam Korczynski <adam@adalogics.com> * remove 'Uint32LargerThan0' Signed-off-by: Adam Korczynski <adam@adalogics.com> * Add number of required reviewers to values. Refactor to avoid nil-dereference Signed-off-by: Adam Korczynski <adam@adalogics.com> * fix nit log message Signed-off-by: Adam Korczynski <adam@adalogics.com> --------- Signed-off-by: AdamKorcz <adam@adalogics.com> Signed-off-by: Adam Korczynski <adam@adalogics.com>
2023-12-28 01:33:06 +03:00
# Copyright 2023 OpenSSF Scorecard Authors
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
id: blocksForcePushOnBranches
:seedling: Add lifecycle field to probes (#4147) * add lifecycle field to probe yaml definitions Signed-off-by: Spencer Schrock <sschrock@google.com> * classify existing probes Some are listed as stable if they're not expected to change, others are listed as experimental if there are still expected changes. Signed-off-by: Spencer Schrock <sschrock@google.com> * add lifecycle to probe readme Signed-off-by: Spencer Schrock <sschrock@google.com> * fix linter Signed-off-by: Spencer Schrock <sschrock@google.com> * add lifecycle for new probe Signed-off-by: Spencer Schrock <sschrock@google.com> * add probe lifecycle to documentation Signed-off-by: Spencer Schrock <sschrock@google.com> --------- Signed-off-by: Spencer Schrock <sschrock@google.com>
2024-07-02 20:11:19 +03:00
lifecycle: stable
:seedling: Add probes for Branch Protection (#3691) * :seedling: Add probes for Branch Protection Signed-off-by: AdamKorcz <adam@adalogics.com> * specify that Scorecard only considers default and releases branches Signed-off-by: Adam Korczynski <adam@adalogics.com> * reduce duplication in blocksDeleteOnBranches Signed-off-by: Adam Korczynski <adam@adalogics.com> * use helper to test for boolean values Signed-off-by: Adam Korczynski <adam@adalogics.com> * Fix typo, mention OutcomeNotAvailable Signed-off-by: Adam Korczynski <adam@adalogics.com> * fix typo and elaborate on effort Signed-off-by: Adam Korczynski <adam@adalogics.com> * fix typo. Specify which branches the probe considers Signed-off-by: Adam Korczynski <adam@adalogics.com> * Fix copy paste typo Signed-off-by: Adam Korczynski <adam@adalogics.com> * remove '/en' from url Signed-off-by: Adam Korczynski <adam@adalogics.com> * change effort from 'High' to 'Low' in the blocksForcePushOnBranches probe def Signed-off-by: Adam Korczynski <adam@adalogics.com> * fix remediation level Signed-off-by: Adam Korczynski <adam@adalogics.com> * Change probe package name Signed-off-by: Adam Korczynski <adam@adalogics.com> * improve probe definitions Signed-off-by: Adam Korczynski <adam@adalogics.com> * refactor test names Signed-off-by: Adam Korczynski <adam@adalogics.com> * Change motivation of two probes Signed-off-by: Adam Korczynski <adam@adalogics.com> * downgrade effort of runsStatusChecksBeforeMerging Signed-off-by: Adam Korczynski <adam@adalogics.com> * reduce complexity of blocksForcePushOnBranches Signed-off-by: Adam Korczynski <adam@adalogics.com> * simplify requiresCodeOwnersReview logic Signed-off-by: Adam Korczynski <adam@adalogics.com> * fix linter issues Signed-off-by: Adam Korczynski <adam@adalogics.com> * fix copy paste error Signed-off-by: Adam Korczynski <adam@adalogics.com> * differentiate trueMsg and falseMsg in requiresApproversForPullRequests Signed-off-by: Adam Korczynski <adam@adalogics.com> * fix text in requiresCodeOwnersReview Signed-off-by: Adam Korczynski <adam@adalogics.com> * change outcome in utils Signed-off-by: Adam Korczynski <adam@adalogics.com> * fix lint issues Signed-off-by: Adam Korczynski <adam@adalogics.com> * fix nit in text Signed-off-by: Adam Korczynski <adam@adalogics.com> * use standardized messages Signed-off-by: Adam Korczynski <adam@adalogics.com> * remove 'Uint32LargerThan0' Signed-off-by: Adam Korczynski <adam@adalogics.com> * Add number of required reviewers to values. Refactor to avoid nil-dereference Signed-off-by: Adam Korczynski <adam@adalogics.com> * fix nit log message Signed-off-by: Adam Korczynski <adam@adalogics.com> --------- Signed-off-by: AdamKorcz <adam@adalogics.com> Signed-off-by: Adam Korczynski <adam@adalogics.com>
2023-12-28 01:33:06 +03:00
short: Check that the project blocks force push on its branches.
motivation: >
:book: Review and update some probe documentation (#4023) * polish some probe yaml definitions Signed-off-by: Spencer Schrock <sschrock@google.com> * update references to probe naming and outcomes now that #3654 is addressed, the naming restrictions can be relaxed. Signed-off-by: Spencer Schrock <sschrock@google.com> --------- Signed-off-by: Spencer Schrock <sschrock@google.com>
2024-04-12 08:08:55 +03:00
Allowing force pushes to branches could allow those with write access to make insecure changes to the behavior of the project.
:seedling: Add probes for Branch Protection (#3691) * :seedling: Add probes for Branch Protection Signed-off-by: AdamKorcz <adam@adalogics.com> * specify that Scorecard only considers default and releases branches Signed-off-by: Adam Korczynski <adam@adalogics.com> * reduce duplication in blocksDeleteOnBranches Signed-off-by: Adam Korczynski <adam@adalogics.com> * use helper to test for boolean values Signed-off-by: Adam Korczynski <adam@adalogics.com> * Fix typo, mention OutcomeNotAvailable Signed-off-by: Adam Korczynski <adam@adalogics.com> * fix typo and elaborate on effort Signed-off-by: Adam Korczynski <adam@adalogics.com> * fix typo. Specify which branches the probe considers Signed-off-by: Adam Korczynski <adam@adalogics.com> * Fix copy paste typo Signed-off-by: Adam Korczynski <adam@adalogics.com> * remove '/en' from url Signed-off-by: Adam Korczynski <adam@adalogics.com> * change effort from 'High' to 'Low' in the blocksForcePushOnBranches probe def Signed-off-by: Adam Korczynski <adam@adalogics.com> * fix remediation level Signed-off-by: Adam Korczynski <adam@adalogics.com> * Change probe package name Signed-off-by: Adam Korczynski <adam@adalogics.com> * improve probe definitions Signed-off-by: Adam Korczynski <adam@adalogics.com> * refactor test names Signed-off-by: Adam Korczynski <adam@adalogics.com> * Change motivation of two probes Signed-off-by: Adam Korczynski <adam@adalogics.com> * downgrade effort of runsStatusChecksBeforeMerging Signed-off-by: Adam Korczynski <adam@adalogics.com> * reduce complexity of blocksForcePushOnBranches Signed-off-by: Adam Korczynski <adam@adalogics.com> * simplify requiresCodeOwnersReview logic Signed-off-by: Adam Korczynski <adam@adalogics.com> * fix linter issues Signed-off-by: Adam Korczynski <adam@adalogics.com> * fix copy paste error Signed-off-by: Adam Korczynski <adam@adalogics.com> * differentiate trueMsg and falseMsg in requiresApproversForPullRequests Signed-off-by: Adam Korczynski <adam@adalogics.com> * fix text in requiresCodeOwnersReview Signed-off-by: Adam Korczynski <adam@adalogics.com> * change outcome in utils Signed-off-by: Adam Korczynski <adam@adalogics.com> * fix lint issues Signed-off-by: Adam Korczynski <adam@adalogics.com> * fix nit in text Signed-off-by: Adam Korczynski <adam@adalogics.com> * use standardized messages Signed-off-by: Adam Korczynski <adam@adalogics.com> * remove 'Uint32LargerThan0' Signed-off-by: Adam Korczynski <adam@adalogics.com> * Add number of required reviewers to values. Refactor to avoid nil-dereference Signed-off-by: Adam Korczynski <adam@adalogics.com> * fix nit log message Signed-off-by: Adam Korczynski <adam@adalogics.com> --------- Signed-off-by: AdamKorcz <adam@adalogics.com> Signed-off-by: Adam Korczynski <adam@adalogics.com>
2023-12-28 01:33:06 +03:00
implementation: >
Checks the protection rules of default and release branches.
outcome:
:warning: Replace Positive and Negative outcomes with True and False (#4017) * rename positive to true Signed-off-by: Spencer Schrock <sschrock@google.com> * rename negative to false Signed-off-by: Spencer Schrock <sschrock@google.com> --------- Signed-off-by: Spencer Schrock <sschrock@google.com>
2024-04-09 01:36:11 +03:00
- The probe returns one OutcomeTrue for each branch that is blocked from force pushes, and one OutcomeFalse for branches that allows force push.
:seedling: Add probes for Branch Protection (#3691) * :seedling: Add probes for Branch Protection Signed-off-by: AdamKorcz <adam@adalogics.com> * specify that Scorecard only considers default and releases branches Signed-off-by: Adam Korczynski <adam@adalogics.com> * reduce duplication in blocksDeleteOnBranches Signed-off-by: Adam Korczynski <adam@adalogics.com> * use helper to test for boolean values Signed-off-by: Adam Korczynski <adam@adalogics.com> * Fix typo, mention OutcomeNotAvailable Signed-off-by: Adam Korczynski <adam@adalogics.com> * fix typo and elaborate on effort Signed-off-by: Adam Korczynski <adam@adalogics.com> * fix typo. Specify which branches the probe considers Signed-off-by: Adam Korczynski <adam@adalogics.com> * Fix copy paste typo Signed-off-by: Adam Korczynski <adam@adalogics.com> * remove '/en' from url Signed-off-by: Adam Korczynski <adam@adalogics.com> * change effort from 'High' to 'Low' in the blocksForcePushOnBranches probe def Signed-off-by: Adam Korczynski <adam@adalogics.com> * fix remediation level Signed-off-by: Adam Korczynski <adam@adalogics.com> * Change probe package name Signed-off-by: Adam Korczynski <adam@adalogics.com> * improve probe definitions Signed-off-by: Adam Korczynski <adam@adalogics.com> * refactor test names Signed-off-by: Adam Korczynski <adam@adalogics.com> * Change motivation of two probes Signed-off-by: Adam Korczynski <adam@adalogics.com> * downgrade effort of runsStatusChecksBeforeMerging Signed-off-by: Adam Korczynski <adam@adalogics.com> * reduce complexity of blocksForcePushOnBranches Signed-off-by: Adam Korczynski <adam@adalogics.com> * simplify requiresCodeOwnersReview logic Signed-off-by: Adam Korczynski <adam@adalogics.com> * fix linter issues Signed-off-by: Adam Korczynski <adam@adalogics.com> * fix copy paste error Signed-off-by: Adam Korczynski <adam@adalogics.com> * differentiate trueMsg and falseMsg in requiresApproversForPullRequests Signed-off-by: Adam Korczynski <adam@adalogics.com> * fix text in requiresCodeOwnersReview Signed-off-by: Adam Korczynski <adam@adalogics.com> * change outcome in utils Signed-off-by: Adam Korczynski <adam@adalogics.com> * fix lint issues Signed-off-by: Adam Korczynski <adam@adalogics.com> * fix nit in text Signed-off-by: Adam Korczynski <adam@adalogics.com> * use standardized messages Signed-off-by: Adam Korczynski <adam@adalogics.com> * remove 'Uint32LargerThan0' Signed-off-by: Adam Korczynski <adam@adalogics.com> * Add number of required reviewers to values. Refactor to avoid nil-dereference Signed-off-by: Adam Korczynski <adam@adalogics.com> * fix nit log message Signed-off-by: Adam Korczynski <adam@adalogics.com> --------- Signed-off-by: AdamKorcz <adam@adalogics.com> Signed-off-by: Adam Korczynski <adam@adalogics.com>
2023-12-28 01:33:06 +03:00
- Returns OutcomeNotAvailable if Scorecard cannot fetch the data from the repository.
remediation:
:warning: Allow probes to specify their own bad outcomes (#4020) * merge probe and finding packages No one interacts with the probes directly, and having them in the same package helps with follow up commits Signed-off-by: Spencer Schrock <sschrock@google.com> * add extra field to indicate the outcome a probe should show remediation for Signed-off-by: Spencer Schrock <sschrock@google.com> * start all probes with remediate on 'False' Signed-off-by: Spencer Schrock <sschrock@google.com> * make OutcomeTrue bad for hasOSVVulnerabilities Signed-off-by: Spencer Schrock <sschrock@google.com> * nest outcome trigger under remediation in yaml Signed-off-by: Spencer Schrock <sschrock@google.com> * invert outcomes for dangerous workflow probes Signed-off-by: Spencer Schrock <sschrock@google.com> * rename notArchived probe to archived with the swap, the true outcome is now the bad outcome. Signed-off-by: Spencer Schrock <sschrock@google.com> * rename notCreatedRecently probe to createRecently with the rename, the true outcome is now bad Signed-off-by: Spencer Schrock <sschrock@google.com> * switch binary artifact probes so detecting binaries is a true outcome Signed-off-by: Spencer Schrock <sschrock@google.com> * appease the linter Signed-off-by: Spencer Schrock <sschrock@google.com> * dont export probe type we can always make it public again later Signed-off-by: Spencer Schrock <sschrock@google.com> --------- Signed-off-by: Spencer Schrock <sschrock@google.com>
2024-04-11 00:12:53 +03:00
onOutcome: False
:seedling: Add probes for Branch Protection (#3691) * :seedling: Add probes for Branch Protection Signed-off-by: AdamKorcz <adam@adalogics.com> * specify that Scorecard only considers default and releases branches Signed-off-by: Adam Korczynski <adam@adalogics.com> * reduce duplication in blocksDeleteOnBranches Signed-off-by: Adam Korczynski <adam@adalogics.com> * use helper to test for boolean values Signed-off-by: Adam Korczynski <adam@adalogics.com> * Fix typo, mention OutcomeNotAvailable Signed-off-by: Adam Korczynski <adam@adalogics.com> * fix typo and elaborate on effort Signed-off-by: Adam Korczynski <adam@adalogics.com> * fix typo. Specify which branches the probe considers Signed-off-by: Adam Korczynski <adam@adalogics.com> * Fix copy paste typo Signed-off-by: Adam Korczynski <adam@adalogics.com> * remove '/en' from url Signed-off-by: Adam Korczynski <adam@adalogics.com> * change effort from 'High' to 'Low' in the blocksForcePushOnBranches probe def Signed-off-by: Adam Korczynski <adam@adalogics.com> * fix remediation level Signed-off-by: Adam Korczynski <adam@adalogics.com> * Change probe package name Signed-off-by: Adam Korczynski <adam@adalogics.com> * improve probe definitions Signed-off-by: Adam Korczynski <adam@adalogics.com> * refactor test names Signed-off-by: Adam Korczynski <adam@adalogics.com> * Change motivation of two probes Signed-off-by: Adam Korczynski <adam@adalogics.com> * downgrade effort of runsStatusChecksBeforeMerging Signed-off-by: Adam Korczynski <adam@adalogics.com> * reduce complexity of blocksForcePushOnBranches Signed-off-by: Adam Korczynski <adam@adalogics.com> * simplify requiresCodeOwnersReview logic Signed-off-by: Adam Korczynski <adam@adalogics.com> * fix linter issues Signed-off-by: Adam Korczynski <adam@adalogics.com> * fix copy paste error Signed-off-by: Adam Korczynski <adam@adalogics.com> * differentiate trueMsg and falseMsg in requiresApproversForPullRequests Signed-off-by: Adam Korczynski <adam@adalogics.com> * fix text in requiresCodeOwnersReview Signed-off-by: Adam Korczynski <adam@adalogics.com> * change outcome in utils Signed-off-by: Adam Korczynski <adam@adalogics.com> * fix lint issues Signed-off-by: Adam Korczynski <adam@adalogics.com> * fix nit in text Signed-off-by: Adam Korczynski <adam@adalogics.com> * use standardized messages Signed-off-by: Adam Korczynski <adam@adalogics.com> * remove 'Uint32LargerThan0' Signed-off-by: Adam Korczynski <adam@adalogics.com> * Add number of required reviewers to values. Refactor to avoid nil-dereference Signed-off-by: Adam Korczynski <adam@adalogics.com> * fix nit log message Signed-off-by: Adam Korczynski <adam@adalogics.com> --------- Signed-off-by: AdamKorcz <adam@adalogics.com> Signed-off-by: Adam Korczynski <adam@adalogics.com>
2023-12-28 01:33:06 +03:00
effort: Low
text:
:warning: Replace Positive and Negative outcomes with True and False (#4017) * rename positive to true Signed-off-by: Spencer Schrock <sschrock@google.com> * rename negative to false Signed-off-by: Spencer Schrock <sschrock@google.com> --------- Signed-off-by: Spencer Schrock <sschrock@google.com>
2024-04-09 01:36:11 +03:00
- Disallow force pushes branches in your project to remove false outcomes.
:seedling: Add probes for Branch Protection (#3691) * :seedling: Add probes for Branch Protection Signed-off-by: AdamKorcz <adam@adalogics.com> * specify that Scorecard only considers default and releases branches Signed-off-by: Adam Korczynski <adam@adalogics.com> * reduce duplication in blocksDeleteOnBranches Signed-off-by: Adam Korczynski <adam@adalogics.com> * use helper to test for boolean values Signed-off-by: Adam Korczynski <adam@adalogics.com> * Fix typo, mention OutcomeNotAvailable Signed-off-by: Adam Korczynski <adam@adalogics.com> * fix typo and elaborate on effort Signed-off-by: Adam Korczynski <adam@adalogics.com> * fix typo. Specify which branches the probe considers Signed-off-by: Adam Korczynski <adam@adalogics.com> * Fix copy paste typo Signed-off-by: Adam Korczynski <adam@adalogics.com> * remove '/en' from url Signed-off-by: Adam Korczynski <adam@adalogics.com> * change effort from 'High' to 'Low' in the blocksForcePushOnBranches probe def Signed-off-by: Adam Korczynski <adam@adalogics.com> * fix remediation level Signed-off-by: Adam Korczynski <adam@adalogics.com> * Change probe package name Signed-off-by: Adam Korczynski <adam@adalogics.com> * improve probe definitions Signed-off-by: Adam Korczynski <adam@adalogics.com> * refactor test names Signed-off-by: Adam Korczynski <adam@adalogics.com> * Change motivation of two probes Signed-off-by: Adam Korczynski <adam@adalogics.com> * downgrade effort of runsStatusChecksBeforeMerging Signed-off-by: Adam Korczynski <adam@adalogics.com> * reduce complexity of blocksForcePushOnBranches Signed-off-by: Adam Korczynski <adam@adalogics.com> * simplify requiresCodeOwnersReview logic Signed-off-by: Adam Korczynski <adam@adalogics.com> * fix linter issues Signed-off-by: Adam Korczynski <adam@adalogics.com> * fix copy paste error Signed-off-by: Adam Korczynski <adam@adalogics.com> * differentiate trueMsg and falseMsg in requiresApproversForPullRequests Signed-off-by: Adam Korczynski <adam@adalogics.com> * fix text in requiresCodeOwnersReview Signed-off-by: Adam Korczynski <adam@adalogics.com> * change outcome in utils Signed-off-by: Adam Korczynski <adam@adalogics.com> * fix lint issues Signed-off-by: Adam Korczynski <adam@adalogics.com> * fix nit in text Signed-off-by: Adam Korczynski <adam@adalogics.com> * use standardized messages Signed-off-by: Adam Korczynski <adam@adalogics.com> * remove 'Uint32LargerThan0' Signed-off-by: Adam Korczynski <adam@adalogics.com> * Add number of required reviewers to values. Refactor to avoid nil-dereference Signed-off-by: Adam Korczynski <adam@adalogics.com> * fix nit log message Signed-off-by: Adam Korczynski <adam@adalogics.com> --------- Signed-off-by: AdamKorcz <adam@adalogics.com> Signed-off-by: Adam Korczynski <adam@adalogics.com>
2023-12-28 01:33:06 +03:00
- For GitHub-hosted projects, force pushes are disabled by default. To make sure it has not been enabled, see ["Allow force pushes"](https://docs.github.com/en/repositories/configuring-branches-and-merges-in-your-repository/managing-protected-branches/about-protected-branches#allow-force-pushes).
📖 Fix spelling (#3804) * spelling: accurate Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com> * spelling: administrator Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com> * spelling: analyze Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com> * spelling: andtwenty Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com> * spelling: ascii Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com> * spelling: association Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com> * spelling: at least Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com> * spelling: attestor Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com> * spelling: barbaric Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com> * spelling: bucket Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com> * spelling: by Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com> * spelling: can Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com> * spelling: case-insensitive Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com> * spelling: case-sensitive Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com> * spelling: checking Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com> * spelling: command-line Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com> * spelling: commit Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com> * spelling: committed Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com> * spelling: conclusion Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com> * spelling: corresponding Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com> * spelling: created Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com> * spelling: dataset Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com> * spelling: default Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com> * spelling: defines Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com> * spelling: dependabot Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com> * spelling: dependency Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com> * spelling: depending Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com> * spelling: desired Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com> * spelling: different Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com> * spelling: disclose Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com> * spelling: download Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com> * spelling: each Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com> * spelling: enforce Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com> * spelling: every time Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com> * spelling: exist Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com> * spelling: existing Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com> * spelling: fields Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com> * spelling: files Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com> * spelling: for Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com> * spelling: force-push Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com> * spelling: github Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com> * spelling: gitlab Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com> * spelling: ignoreed Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com> * spelling: implementation Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com> * spelling: implements Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com> * spelling: increase Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com> * spelling: indicates Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com> * spelling: initialized Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com> * spelling: instructions Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com> * spelling: invalid Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com> * spelling: marshal Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com> * spelling: match Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com> * spelling: name Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com> * spelling: nonexistent Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com> * spelling: organization Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com> * spelling: package Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com> * spelling: provenance Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com> * spelling: query Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com> * spelling: readers Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com> * spelling: receive Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com> * spelling: registered Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com> * spelling: remediate Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com> * spelling: representation Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com> * spelling: requests Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com> * spelling: requires Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com> * spelling: return Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com> * spelling: scorecard Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com> * spelling: separator Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com> * spelling: serialization Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com> * spelling: sign up Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com> * spelling: specifications Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com> * spelling: specified Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com> * spelling: success Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com> * spelling: successfully Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com> * spelling: the Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com> * spelling: their Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com> * spelling: twenty Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com> * spelling: unexpected Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com> * spelling: unused Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com> * spelling: unverified Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com> * spelling: validate Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com> * spelling: vendor Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com> * spelling: vulnerabilities Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com> * spelling: vulns Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com> * spelling: will Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com> * spelling: without Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com> * spelling: workflow Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com> * spelling: workflows Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com> --------- Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
2024-01-27 02:08:26 +03:00
- For GitLab-hosted projects, follow the ["Protected branches"](https://docs.gitlab.com/ee/user/project/protected_branches.html) documentation to see who can force push to the project.
:seedling: Add probes for Branch Protection (#3691) * :seedling: Add probes for Branch Protection Signed-off-by: AdamKorcz <adam@adalogics.com> * specify that Scorecard only considers default and releases branches Signed-off-by: Adam Korczynski <adam@adalogics.com> * reduce duplication in blocksDeleteOnBranches Signed-off-by: Adam Korczynski <adam@adalogics.com> * use helper to test for boolean values Signed-off-by: Adam Korczynski <adam@adalogics.com> * Fix typo, mention OutcomeNotAvailable Signed-off-by: Adam Korczynski <adam@adalogics.com> * fix typo and elaborate on effort Signed-off-by: Adam Korczynski <adam@adalogics.com> * fix typo. Specify which branches the probe considers Signed-off-by: Adam Korczynski <adam@adalogics.com> * Fix copy paste typo Signed-off-by: Adam Korczynski <adam@adalogics.com> * remove '/en' from url Signed-off-by: Adam Korczynski <adam@adalogics.com> * change effort from 'High' to 'Low' in the blocksForcePushOnBranches probe def Signed-off-by: Adam Korczynski <adam@adalogics.com> * fix remediation level Signed-off-by: Adam Korczynski <adam@adalogics.com> * Change probe package name Signed-off-by: Adam Korczynski <adam@adalogics.com> * improve probe definitions Signed-off-by: Adam Korczynski <adam@adalogics.com> * refactor test names Signed-off-by: Adam Korczynski <adam@adalogics.com> * Change motivation of two probes Signed-off-by: Adam Korczynski <adam@adalogics.com> * downgrade effort of runsStatusChecksBeforeMerging Signed-off-by: Adam Korczynski <adam@adalogics.com> * reduce complexity of blocksForcePushOnBranches Signed-off-by: Adam Korczynski <adam@adalogics.com> * simplify requiresCodeOwnersReview logic Signed-off-by: Adam Korczynski <adam@adalogics.com> * fix linter issues Signed-off-by: Adam Korczynski <adam@adalogics.com> * fix copy paste error Signed-off-by: Adam Korczynski <adam@adalogics.com> * differentiate trueMsg and falseMsg in requiresApproversForPullRequests Signed-off-by: Adam Korczynski <adam@adalogics.com> * fix text in requiresCodeOwnersReview Signed-off-by: Adam Korczynski <adam@adalogics.com> * change outcome in utils Signed-off-by: Adam Korczynski <adam@adalogics.com> * fix lint issues Signed-off-by: Adam Korczynski <adam@adalogics.com> * fix nit in text Signed-off-by: Adam Korczynski <adam@adalogics.com> * use standardized messages Signed-off-by: Adam Korczynski <adam@adalogics.com> * remove 'Uint32LargerThan0' Signed-off-by: Adam Korczynski <adam@adalogics.com> * Add number of required reviewers to values. Refactor to avoid nil-dereference Signed-off-by: Adam Korczynski <adam@adalogics.com> * fix nit log message Signed-off-by: Adam Korczynski <adam@adalogics.com> --------- Signed-off-by: AdamKorcz <adam@adalogics.com> Signed-off-by: Adam Korczynski <adam@adalogics.com>
2023-12-28 01:33:06 +03:00
markdown:
:warning: Replace Positive and Negative outcomes with True and False (#4017) * rename positive to true Signed-off-by: Spencer Schrock <sschrock@google.com> * rename negative to false Signed-off-by: Spencer Schrock <sschrock@google.com> --------- Signed-off-by: Spencer Schrock <sschrock@google.com>
2024-04-09 01:36:11 +03:00
- Disallow force pushes branches in your project to remove false outcomes.
:seedling: Add probes for Branch Protection (#3691) * :seedling: Add probes for Branch Protection Signed-off-by: AdamKorcz <adam@adalogics.com> * specify that Scorecard only considers default and releases branches Signed-off-by: Adam Korczynski <adam@adalogics.com> * reduce duplication in blocksDeleteOnBranches Signed-off-by: Adam Korczynski <adam@adalogics.com> * use helper to test for boolean values Signed-off-by: Adam Korczynski <adam@adalogics.com> * Fix typo, mention OutcomeNotAvailable Signed-off-by: Adam Korczynski <adam@adalogics.com> * fix typo and elaborate on effort Signed-off-by: Adam Korczynski <adam@adalogics.com> * fix typo. Specify which branches the probe considers Signed-off-by: Adam Korczynski <adam@adalogics.com> * Fix copy paste typo Signed-off-by: Adam Korczynski <adam@adalogics.com> * remove '/en' from url Signed-off-by: Adam Korczynski <adam@adalogics.com> * change effort from 'High' to 'Low' in the blocksForcePushOnBranches probe def Signed-off-by: Adam Korczynski <adam@adalogics.com> * fix remediation level Signed-off-by: Adam Korczynski <adam@adalogics.com> * Change probe package name Signed-off-by: Adam Korczynski <adam@adalogics.com> * improve probe definitions Signed-off-by: Adam Korczynski <adam@adalogics.com> * refactor test names Signed-off-by: Adam Korczynski <adam@adalogics.com> * Change motivation of two probes Signed-off-by: Adam Korczynski <adam@adalogics.com> * downgrade effort of runsStatusChecksBeforeMerging Signed-off-by: Adam Korczynski <adam@adalogics.com> * reduce complexity of blocksForcePushOnBranches Signed-off-by: Adam Korczynski <adam@adalogics.com> * simplify requiresCodeOwnersReview logic Signed-off-by: Adam Korczynski <adam@adalogics.com> * fix linter issues Signed-off-by: Adam Korczynski <adam@adalogics.com> * fix copy paste error Signed-off-by: Adam Korczynski <adam@adalogics.com> * differentiate trueMsg and falseMsg in requiresApproversForPullRequests Signed-off-by: Adam Korczynski <adam@adalogics.com> * fix text in requiresCodeOwnersReview Signed-off-by: Adam Korczynski <adam@adalogics.com> * change outcome in utils Signed-off-by: Adam Korczynski <adam@adalogics.com> * fix lint issues Signed-off-by: Adam Korczynski <adam@adalogics.com> * fix nit in text Signed-off-by: Adam Korczynski <adam@adalogics.com> * use standardized messages Signed-off-by: Adam Korczynski <adam@adalogics.com> * remove 'Uint32LargerThan0' Signed-off-by: Adam Korczynski <adam@adalogics.com> * Add number of required reviewers to values. Refactor to avoid nil-dereference Signed-off-by: Adam Korczynski <adam@adalogics.com> * fix nit log message Signed-off-by: Adam Korczynski <adam@adalogics.com> --------- Signed-off-by: AdamKorcz <adam@adalogics.com> Signed-off-by: Adam Korczynski <adam@adalogics.com>
2023-12-28 01:33:06 +03:00
- For GitHub-hosted projects, force pushes are disabled by default. To make sure it has not been enabled, see ["Allow force pushes"](https://docs.github.com/en/repositories/configuring-branches-and-merges-in-your-repository/managing-protected-branches/about-protected-branches#allow-force-pushes).
:sparkles: Add probe metadata about supported ecosystems (#3797) * :seedling: Add probe metadata about supported ecosystems Signed-off-by: Adam Korczynski <adam@adalogics.com> * Add metadata for the rest of the probes Signed-off-by: Adam Korczynski <adam@adalogics.com> * fix wrong formatting Signed-off-by: Adam Korczynski <adam@adalogics.com> * remove oss-fuzz, osv, cii_blob, cii_http clients Signed-off-by: Adam Korczynski <adam@adalogics.com> * add github and gitlab clients for 2 probes Signed-off-by: Adam Korczynski <adam@adalogics.com> --------- Signed-off-by: Adam Korczynski <adam@adalogics.com>
2024-02-08 21:20:07 +03:00
- For GitLab-hosted projects, follow the ["Protected branches"](https://docs.gitlab.com/ee/user/project/protected_branches.html) documentation to see who can force push to the project.
ecosystem:
languages:
- all
clients:
- github
- gitlab
Reference in New Issue Copy Permalink