ossf/scorecard
1
1
Fork 0
mirror of https://github.com/ossf/scorecard.git synced 2024-09-19 21:18:09 +03:00
Code Issues Actions 1 Packages Projects Releases Wiki Activity
0739e9eed0
scorecard/clients/repo_client.go

59 lines
2.1 KiB
Go
Raw Normal View History

Use new project name in Copyright notices (#2505) Signed-off-by: Arnaud J Le Hors <lehors@us.ibm.com> Signed-off-by: Arnaud J Le Hors <lehors@us.ibm.com>
2022-12-02 02:08:48 +03:00
// Copyright 2021 OpenSSF Scorecard Authors
Add v0 of RepoClient interface (#587) Co-authored-by: Azeem Shaikh <azeems@google.com>
2021-06-17 23:21:32 +03:00
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.
Enable revive linters which are used in google3 (#793) Co-authored-by: Azeem Shaikh <azeems@google.com>
2021-08-01 01:31:34 +03:00
// Package clients defines the interface for RepoClient and related structs.
Add v0 of RepoClient interface (#587) Co-authored-by: Azeem Shaikh <azeems@google.com>
2021-06-17 23:21:32 +03:00
package clients
:seedling: Refactor to make it testable - Related to https://github.com/ossf/scorecard/issues/1568 Signed-off-by: naveensrinivasan <172697+naveensrinivasan@users.noreply.github.com>
2022-03-09 08:36:23 +03:00
import (
✨ GitLab: Security Policy check (#2754) * Add tarballHandler for GitLab, enabling repo download Signed-off-by: Raghav Kaul <raghavkaul@google.com> * Abstract OrgSecurityPolicy details to RepoClient instead of checker Signed-off-by: Raghav Kaul <raghavkaul@google.com> * Remove Org() from RepoClient Signed-off-by: Raghav Kaul <raghavkaul@google.com> * Rename Signed-off-by: Raghav Kaul <raghavkaul@google.com> * Don't run as part of CI tests that depend on external sites Signed-off-by: Raghav Kaul <raghavkaul@google.com> --------- Signed-off-by: Raghav Kaul <raghavkaul@google.com>
2023-03-16 22:18:32 +03:00
"context"
:seedling: Refactor to make it testable - Related to https://github.com/ossf/scorecard/issues/1568 Signed-off-by: naveensrinivasan <172697+naveensrinivasan@users.noreply.github.com>
2022-03-09 08:36:23 +03:00
"errors"
🐛 Detect recently created Github repositories (#2151) * Bugfix: Detect recently created Github repositories Adjust the unweighted score -3 points if they were created in the last 90 days * Address PR comments * Address PR comments * Make log message more urgent * Add to raw results * Zero 'Maintained' score if the repo is too new to evaluate * Update docs * Update maintained_test.go * Fix lint error
2022-08-17 02:09:46 +03:00
"time"
:seedling: Refactor to make it testable - Related to https://github.com/ossf/scorecard/issues/1568 Signed-off-by: naveensrinivasan <172697+naveensrinivasan@users.noreply.github.com>
2022-03-09 08:36:23 +03:00
)
✨ Use checks.yaml to store which repo types are supported by each check (#1195) * draft * draft 2 * remove enum * update * mock doc * fix
2021-11-02 04:43:22 +03:00
// ErrUnsupportedFeature indicates an API that is not supported by the client.
var ErrUnsupportedFeature = errors.New("unsupported feature")
Add validation for commit-based APIs (#1635) Co-authored-by: Azeem Shaikh <azeems@google.com>
2022-02-15 01:24:35 +03:00
// HeadSHA is default commitSHA value used to denote git HEAD.
const HeadSHA = "HEAD"
Enable revive linters which are used in google3 (#793) Co-authored-by: Azeem Shaikh <azeems@google.com>
2021-08-01 01:31:34 +03:00
// RepoClient interface is used by Scorecard checks to access a repo.
Add v0 of RepoClient interface (#587) Co-authored-by: Azeem Shaikh <azeems@google.com>
2021-06-17 23:21:32 +03:00
type RepoClient interface {
✨ Commit depth feature (#2407) * :seedling: Bump actions/dependency-review-action from 2.4.1 to 2.5.1 Bumps [actions/dependency-review-action](https://github.com/actions/dependency-review-action) from 2.4.1 to 2.5.1. - [Release notes](https://github.com/actions/dependency-review-action/releases) - [Commits](https://github.com/actions/dependency-review-action/compare/9c96258789e5d9e85fe4ca86115ba4cc62b780cf...0efb1d1d84fc9633afcdaad14c485cbbc90ef46c) --- updated-dependencies: - dependency-name: actions/dependency-review-action dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Signed-off-by: latortuga71 <christopheralonso1@gmail.com> * commit_depth feature Signed-off-by: latortuga71 <christopheralonso1@gmail.com> * added more descriptive comments, changed numberofcommits variable name, moved paging for commits into seperate function. small changes Signed-off-by: latortuga71 <christopheralonso1@gmail.com> linter Signed-off-by: latortuga71 <christopheralonso1@gmail.com> * added unit tests Signed-off-by: latortuga71 <christopheralonso1@gmail.com> added test in e2e Signed-off-by: latortuga71 <christopheralonso1@gmail.com> * :seedling: Bump github.com/spf13/cobra from 1.6.0 to 1.6.1 (#2397) Bumps [github.com/spf13/cobra](https://github.com/spf13/cobra) from 1.6.0 to 1.6.1. - [Release notes](https://github.com/spf13/cobra/releases) - [Commits](https://github.com/spf13/cobra/compare/v1.6.0...v1.6.1) --- updated-dependencies: - dependency-name: github.com/spf13/cobra dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Signed-off-by: latortuga71 <christopheralonso1@gmail.com> * :seedling: Bump github.com/onsi/ginkgo/v2 from 2.1.6 to 2.4.0 Bumps [github.com/onsi/ginkgo/v2](https://github.com/onsi/ginkgo) from 2.1.6 to 2.4.0. - [Release notes](https://github.com/onsi/ginkgo/releases) - [Changelog](https://github.com/onsi/ginkgo/blob/master/CHANGELOG.md) - [Commits](https://github.com/onsi/ginkgo/compare/v2.1.6...v2.4.0) --- updated-dependencies: - dependency-name: github.com/onsi/ginkgo/v2 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Signed-off-by: latortuga71 <christopheralonso1@gmail.com> * :seedling: Bump cloud.google.com/go/pubsub from 1.25.1 to 1.26.0 Bumps [cloud.google.com/go/pubsub](https://github.com/googleapis/google-cloud-go) from 1.25.1 to 1.26.0. - [Release notes](https://github.com/googleapis/google-cloud-go/releases) - [Changelog](https://github.com/googleapis/google-cloud-go/blob/main/CHANGES.md) - [Commits](https://github.com/googleapis/google-cloud-go/compare/pubsub/v1.25.1...pubsub/v1.26.0) --- updated-dependencies: - dependency-name: cloud.google.com/go/pubsub dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Signed-off-by: latortuga71 <christopheralonso1@gmail.com> * :seedling: Bump github.com/xanzy/go-gitlab from 0.73.1 to 0.74.0 Bumps [github.com/xanzy/go-gitlab](https://github.com/xanzy/go-gitlab) from 0.73.1 to 0.74.0. - [Release notes](https://github.com/xanzy/go-gitlab/releases) - [Changelog](https://github.com/xanzy/go-gitlab/blob/master/releases_test.go) - [Commits](https://github.com/xanzy/go-gitlab/compare/v0.73.1...v0.74.0) --- updated-dependencies: - dependency-name: github.com/xanzy/go-gitlab dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Signed-off-by: latortuga71 <christopheralonso1@gmail.com> * :seedling: Bump github.com/onsi/gomega from 1.20.2 to 1.23.0 (#2409) Bumps [github.com/onsi/gomega](https://github.com/onsi/gomega) from 1.20.2 to 1.23.0. - [Release notes](https://github.com/onsi/gomega/releases) - [Changelog](https://github.com/onsi/gomega/blob/master/CHANGELOG.md) - [Commits](https://github.com/onsi/gomega/compare/v1.20.2...v1.23.0) --- updated-dependencies: - dependency-name: github.com/onsi/gomega dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Signed-off-by: latortuga71 <christopheralonso1@gmail.com> * :seedling: Bump github.com/onsi/ginkgo/v2 from 2.1.6 to 2.4.0 in /tools Bumps [github.com/onsi/ginkgo/v2](https://github.com/onsi/ginkgo) from 2.1.6 to 2.4.0. - [Release notes](https://github.com/onsi/ginkgo/releases) - [Changelog](https://github.com/onsi/ginkgo/blob/master/CHANGELOG.md) - [Commits](https://github.com/onsi/ginkgo/compare/v2.1.6...v2.4.0) --- updated-dependencies: - dependency-name: github.com/onsi/ginkgo/v2 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Signed-off-by: latortuga71 <christopheralonso1@gmail.com> * :seedling: Bump github.com/golangci/golangci-lint in /tools Bumps [github.com/golangci/golangci-lint](https://github.com/golangci/golangci-lint) from 1.50.0 to 1.50.1. - [Release notes](https://github.com/golangci/golangci-lint/releases) - [Changelog](https://github.com/golangci/golangci-lint/blob/master/CHANGELOG.md) - [Commits](https://github.com/golangci/golangci-lint/compare/v1.50.0...v1.50.1) --- updated-dependencies: - dependency-name: github.com/golangci/golangci-lint dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Signed-off-by: latortuga71 <christopheralonso1@gmail.com> * :seedling: Bump goreleaser/goreleaser-action from 2.9.1 to 3.2.0 (#2363) Bumps [goreleaser/goreleaser-action](https://github.com/goreleaser/goreleaser-action) from 2.9.1 to 3.2.0. - [Release notes](https://github.com/goreleaser/goreleaser-action/releases) - [Commits](https://github.com/goreleaser/goreleaser-action/compare/b953231f81b8dfd023c58e0854a721e35037f28b...b508e2e3ef3b19d4e4146d4f8fb3ba9db644a757) --- updated-dependencies: - dependency-name: goreleaser/goreleaser-action dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Signed-off-by: latortuga71 <christopheralonso1@gmail.com> * :seedling: Bump github.com/goreleaser/goreleaser in /tools (#2373) Bumps [github.com/goreleaser/goreleaser](https://github.com/goreleaser/goreleaser) from 1.11.5 to 1.12.3. - [Release notes](https://github.com/goreleaser/goreleaser/releases) - [Changelog](https://github.com/goreleaser/goreleaser/blob/main/.goreleaser.yaml) - [Commits](https://github.com/goreleaser/goreleaser/compare/v1.11.5...v1.12.3) --- updated-dependencies: - dependency-name: github.com/goreleaser/goreleaser dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Signed-off-by: latortuga71 <christopheralonso1@gmail.com> * ✨ CLI for scorecard-attestor (#2309) * Reorganize Signed-off-by: Raghav Kaul <raghavkaul@google.com> * Working commit Signed-off-by: Raghav Kaul <raghavkaul@google.com> * Compile with local scorecard; go mod tidy Signed-off-by: Raghav Kaul <raghavkaul@google.com> * Add signing code Heavily borrowed from https://github.com/grafeas/kritis/blob/master/cmd/kritis/signer/main.go Signed-off-by: Raghav Kaul <raghavkaul@google.com> * Update deps * Naming * Makefile Signed-off-by: Raghav Kaul <raghavkaul@google.com> * Edit license, add lint.yml Signed-off-by: Raghav Kaul <raghavkaul@google.com> * checks: go mod tidy, license Signed-off-by: Raghav Kaul <raghavkaul@google.com> * Address PR comments * Split into checker/signer files * Naming convention Signed-off-by: Raghav Kaul <raghavkaul@google.com> * License, remove golangci.yml Signed-off-by: Raghav Kaul <raghavkaul@google.com> * Address PR comments * Use cobra Signed-off-by: Raghav Kaul <raghavkaul@google.com> * Add tests for root command Signed-off-by: Raghav Kaul <raghavkaul@google.com> * Filter out checks that aren't needed for policy evaluation Signed-off-by: Raghav Kaul <raghavkaul@google.com> * Add `make` targets for attestor; submit coverage stats Signed-off-by: Raghav Kaul <raghavkaul@google.com> * Improvements * Use sclog instead of glog * Remove unneeded subcommands * Formatting Signed-off-by: Raghav Kaul <raghavkaul@google.com> * Flags: Make note-name constant and fix messaging Signed-off-by: Raghav Kaul <raghavkaul@google.com> * Remove SupportedRequestTypes Signed-off-by: Raghav Kaul <raghavkaul@google.com> * go mod tidy Signed-off-by: Raghav Kaul <raghavkaul@google.com> * go mod tidy, makefile Signed-off-by: Raghav Kaul <raghavkaul@google.com> * Fix GH actions run Signed-off-by: Raghav Kaul <raghavkaul@google.com> Signed-off-by: Raghav Kaul <raghavkaul@google.com> Signed-off-by: latortuga71 <christopheralonso1@gmail.com> * fix workflow (#2417) Signed-off-by: Spencer Schrock <sschrock@google.com> Signed-off-by: Spencer Schrock <sschrock@google.com> Signed-off-by: latortuga71 <christopheralonso1@gmail.com> * Bump scorecard-action (#2416) Signed-off-by: Spencer Schrock <sschrock@google.com> Signed-off-by: Spencer Schrock <sschrock@google.com> Signed-off-by: latortuga71 <christopheralonso1@gmail.com> * Fail unit-test job if codecov upload fails (#2415) Signed-off-by: Spencer Schrock <sschrock@google.com> Signed-off-by: Spencer Schrock <sschrock@google.com> Signed-off-by: latortuga71 <christopheralonso1@gmail.com> * 🌱 Enable comparison for alternative isText implementation (#2414) * use more performant IsText Signed-off-by: Spencer Schrock <sschrock@google.com> * AB test isText implementations Signed-off-by: Spencer Schrock <sschrock@google.com> * Add comparison env var to release test. Signed-off-by: Spencer Schrock <sschrock@google.com> * go mod tidy for attestor Signed-off-by: Spencer Schrock <sschrock@google.com> Signed-off-by: Spencer Schrock <sschrock@google.com> Signed-off-by: latortuga71 <christopheralonso1@gmail.com> * 🐛 modify alternative isText to accept carriage returns (#2421) * modify IsText from golang.org/x/tools/godoc/util to accept carriage returns. Signed-off-by: Spencer Schrock <sschrock@google.com> * add TODO reminder to cleanup after release tests Signed-off-by: Spencer Schrock <sschrock@google.com> Signed-off-by: Spencer Schrock <sschrock@google.com> Signed-off-by: latortuga71 <christopheralonso1@gmail.com> * :seedling: Bump github.com/onsi/gomega from 1.23.0 to 1.24.0 Bumps [github.com/onsi/gomega](https://github.com/onsi/gomega) from 1.23.0 to 1.24.0. - [Release notes](https://github.com/onsi/gomega/releases) - [Changelog](https://github.com/onsi/gomega/blob/master/CHANGELOG.md) - [Commits](https://github.com/onsi/gomega/compare/v1.23.0...v1.24.0) --- updated-dependencies: - dependency-name: github.com/onsi/gomega dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Signed-off-by: latortuga71 <christopheralonso1@gmail.com> * :seedling: Bump github/codeql-action from 2.1.29 to 2.1.30 Bumps [github/codeql-action](https://github.com/github/codeql-action) from 2.1.29 to 2.1.30. - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](https://github.com/github/codeql-action/compare/ec3cf9c605b848da5f1e41e8452719eb1ccfb9a6...18fe527fa8b29f134bb91f32f1a5dc5abb15ed7f) --- updated-dependencies: - dependency-name: github/codeql-action dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Signed-off-by: latortuga71 <christopheralonso1@gmail.com> * revert failing unit-test on ci error (#2422) Signed-off-by: Spencer Schrock <sschrock@google.com> Signed-off-by: Spencer Schrock <sschrock@google.com> Signed-off-by: latortuga71 <christopheralonso1@gmail.com> * :sparkles: Improved Security Policy Check (#2195) * :sparkles: Improved Security Policy Check (#2137) * Examines and awards points for linked content (URLs / Emails) * Examines and awards points for hints of disclosure and vulnerability practices * Examines and awards points for hints of elaboration of timelines Signed-off-by: Scott Hissam <shissam@gmail.com> * Repaired Security Policy to correctly use linked content length for evaluation Signed-off-by: Scott Hissam <shissam@gmail.com> * gofmt'ed changes Signed-off-by: Scott Hissam <shissam@gmail.com> * Repaired the case in the evaluation which was too sensitive to content length over the length of the linked content for urls and emails Signed-off-by: Scott Hissam <shissam@gmail.com> * added unit test cases for the new content-based Security Policy checks Signed-off-by: Scott Hissam <shissam@gmail.com> * reverted the direct (mistaken) change to checks.md and updated the checks.yaml for generate-docs Signed-off-by: Scott Hissam <shissam@gmail.com> * :sparkles: Improved Security Policy Check (#2137) (revisted based on comments) * replaced reason strings with log.Info & log.Warn (as seen in --show-details) * internal assertion check for nil (*pinfo) and empty pfile * internal switched to FileTypeText over FileTypeSource * internal implement type SecurityPolicyInformationType/SecurityPolicyInformation revised SecurityPolicyData to support only one file * revised expected unit-test results and revised unit-test to reflect the new SecurityPolicyData type Signed-off-by: Scott Hissam <shissam@gmail.com> * revised the score value based on observation of one *or more* url(s) or one email(s) found; unit tests update accordingly Signed-off-by: Scott Hissam <shissam@gmail.com> * revised the score value based on observation of one *or more* url(s) or one email(s) found; unit tests update accordingly Signed-off-by: Scott Hissam <shissam@gmail.com> * revised the score value based on observation of one *or more* url(s) or one email(s) found; e2e tests update accordingly Signed-off-by: Scott Hissam <shissam@gmail.com> * Addressed PR comments; added telemetry for policy hits in security policy file to track hits by line number Signed-off-by: Scott Hissam <shissam@gmail.com> * Resolved merge conflict with checks.yaml Signed-off-by: Scott Hissam <shissam@gmail.com> * updated raw results to emit all the raw information for the new security policy check Signed-off-by: Scott Hissam <shissam@gmail.com> * Resolved merge conflicts and lint errors with json_raw_results.go Signed-off-by: Scott Hissam <shissam@gmail.com> * Addressed review comments to reorganize security policy data struct to support the potential for multiple security policy files. Signed-off-by: Scott Hissam <shissam@gmail.com> * Added logic to the security policy to process multiple security policy files only after future improvements to aggregating scoring across such files are designed. For now the security policy behaves as originally designed to stop once one of the expected policy files are found in the repo Signed-off-by: Scott Hissam <shissam@gmail.com> * added comments regarding the capacity to support multiple policy files and removed unneeded break statements in the code Signed-off-by: Scott Hissam <shissam@gmail.com> * Addressed review comments to remove the dependency on the path in the filename from the code and introduced FileSize to checker.File type and removed the SecurityContentLength which was used to hold that information for the new security policy assessment Signed-off-by: Scott Hissam <shissam@gmail.com> * restored reporting full security policy path and filename for policies found in the org level repos Signed-off-by: Scott Hissam <shissam@gmail.com> * Resolved conflicts in checks.yaml for documentation Signed-off-by: Scott Hissam <shissam@gmail.com> * ✨ CLI for scorecard-attestor (#2309) * Reorganize Signed-off-by: Raghav Kaul <raghavkaul@google.com> * Working commit Signed-off-by: Raghav Kaul <raghavkaul@google.com> * Compile with local scorecard; go mod tidy Signed-off-by: Raghav Kaul <raghavkaul@google.com> * Add signing code Heavily borrowed from https://github.com/grafeas/kritis/blob/master/cmd/kritis/signer/main.go Signed-off-by: Raghav Kaul <raghavkaul@google.com> * Update deps * Naming * Makefile Signed-off-by: Raghav Kaul <raghavkaul@google.com> * Edit license, add lint.yml Signed-off-by: Raghav Kaul <raghavkaul@google.com> * checks: go mod tidy, license Signed-off-by: Raghav Kaul <raghavkaul@google.com> * Address PR comments * Split into checker/signer files * Naming convention Signed-off-by: Raghav Kaul <raghavkaul@google.com> * License, remove golangci.yml Signed-off-by: Raghav Kaul <raghavkaul@google.com> * Address PR comments * Use cobra Signed-off-by: Raghav Kaul <raghavkaul@google.com> * Add tests for root command Signed-off-by: Raghav Kaul <raghavkaul@google.com> * Filter out checks that aren't needed for policy evaluation Signed-off-by: Raghav Kaul <raghavkaul@google.com> * Add `make` targets for attestor; submit coverage stats Signed-off-by: Raghav Kaul <raghavkaul@google.com> * Improvements * Use sclog instead of glog * Remove unneeded subcommands * Formatting Signed-off-by: Raghav Kaul <raghavkaul@google.com> * Flags: Make note-name constant and fix messaging Signed-off-by: Raghav Kaul <raghavkaul@google.com> * Remove SupportedRequestTypes Signed-off-by: Raghav Kaul <raghavkaul@google.com> * go mod tidy Signed-off-by: Raghav Kaul <raghavkaul@google.com> * go mod tidy, makefile Signed-off-by: Raghav Kaul <raghavkaul@google.com> * Fix GH actions run Signed-off-by: Raghav Kaul <raghavkaul@google.com> Signed-off-by: Raghav Kaul <raghavkaul@google.com> Signed-off-by: Scott Hissam <shissam@gmail.com> * removed whitespace before stanza for Run attestor e2e Signed-off-by: Scott Hissam <shissam@gmail.com> * resolved code review and doc review comments Signed-off-by: Scott Hissam <shissam@gmail.com> * repaired the link for the maintainer's guide for supporting the coordinated vulnerability disclosure guidelines Signed-off-by: Scott Hissam <shissam@gmail.com> Signed-off-by: Scott Hissam <shissam@gmail.com> Signed-off-by: latortuga71 <christopheralonso1@gmail.com> * :seedling: Bump github/codeql-action from 2.1.30 to 2.1.31 (#2431) Bumps [github/codeql-action](https://github.com/github/codeql-action) from 2.1.30 to 2.1.31. - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](https://github.com/github/codeql-action/compare/18fe527fa8b29f134bb91f32f1a5dc5abb15ed7f...c3b6fce4ee2ca25bc1066aa3bf73962fda0e8898) --- updated-dependencies: - dependency-name: github/codeql-action dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Signed-off-by: latortuga71 <christopheralonso1@gmail.com> * enable more performant isText (#2433) Signed-off-by: Spencer Schrock <sschrock@google.com> Signed-off-by: Spencer Schrock <sschrock@google.com> Signed-off-by: latortuga71 <christopheralonso1@gmail.com> * modified tests,InitRepo Function, Added GetCommitDepth Function to Client Interface Signed-off-by: latortuga71 <christopheralonso1@gmail.com> * removed getcommitdepth function Signed-off-by: latortuga71 <christopheralonso1@gmail.com> * added TODO Signed-off-by: latortuga71 <christopheralonso1@gmail.com> * :seedling: Bump github.com/onsi/ginkgo/v2 from 2.4.0 to 2.5.0 in /tools (#2436) Bumps [github.com/onsi/ginkgo/v2](https://github.com/onsi/ginkgo) from 2.4.0 to 2.5.0. - [Release notes](https://github.com/onsi/ginkgo/releases) - [Changelog](https://github.com/onsi/ginkgo/blob/master/CHANGELOG.md) - [Commits](https://github.com/onsi/ginkgo/compare/v2.4.0...v2.5.0) --- updated-dependencies: - dependency-name: github.com/onsi/ginkgo/v2 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Signed-off-by: latortuga71 <christopheralonso1@gmail.com> * :seedling: Bump github.com/onsi/ginkgo/v2 from 2.4.0 to 2.5.0 Bumps [github.com/onsi/ginkgo/v2](https://github.com/onsi/ginkgo) from 2.4.0 to 2.5.0. - [Release notes](https://github.com/onsi/ginkgo/releases) - [Changelog](https://github.com/onsi/ginkgo/blob/master/CHANGELOG.md) - [Commits](https://github.com/onsi/ginkgo/compare/v2.4.0...v2.5.0) --- updated-dependencies: - dependency-name: github.com/onsi/ginkgo/v2 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Signed-off-by: latortuga71 <christopheralonso1@gmail.com> * 🌱 Code Review: treat merging a PR as code review (#2413) * Merges on Github count as a code review by the maintainer Signed-off-by: Raghav Kaul <raghavkaul@google.com> * Update Raw Results * More detailed information for Changesets * If there's no Revision ID, use the Commit SHA instead Signed-off-by: Raghav Kaul <raghavkaul@google.com> * Check that pull request had atleast one reviewer that wasn't its author * Add field for Pull Request Merged-By to Github and Gitlab * Note, this check can be bypassed if an author opens a PR with other people's commits Signed-off-by: Raghav Kaul <raghavkaul@google.com> Signed-off-by: Raghav Kaul <raghavkaul@google.com> Signed-off-by: latortuga71 <christopheralonso1@gmail.com> * Trivial: Fix typo (exepted -> expected) (#2440) Signed-off-by: Michael Scovetta <michael.scovetta@microsoft.com> Signed-off-by: Michael Scovetta <michael.scovetta@microsoft.com> Signed-off-by: latortuga71 <christopheralonso1@gmail.com> * :seedling: Bump step-security/harden-runner from 1.5.0 to 2.0.0 (#2443) Bumps [step-security/harden-runner](https://github.com/step-security/harden-runner) from 1.5.0 to 2.0.0. - [Release notes](https://github.com/step-security/harden-runner/releases) - [Commits](https://github.com/step-security/harden-runner/compare/2e205a28d0e1da00c5f53b161f4067b052c61f34...ebacdc22ef6c2cfb85ee5ded8f2e640f4c776dd5) --- updated-dependencies: - dependency-name: step-security/harden-runner dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Signed-off-by: latortuga71 <christopheralonso1@gmail.com> * 🌱 cron: support reading prefix from file for controller input files (7/n) (#2445) * add prefix marker file to config Signed-off-by: Spencer Schrock <sschrock@google.com> * Read the new config values, if they exist. Signed-off-by: Spencer Schrock <sschrock@google.com> * Add function to fetch prefix file config value. Signed-off-by: Spencer Schrock <sschrock@google.com> * Read prefix file if prefix not set. Signed-off-by: Spencer Schrock <sschrock@google.com> * Add tests to verify how List works with various prefixes Signed-off-by: Spencer Schrock <sschrock@google.com> * Add tests for getPrefix Signed-off-by: Spencer Schrock <sschrock@google.com> * Remove panics from iterator helper functions Signed-off-by: Spencer Schrock <sschrock@google.com> Signed-off-by: Spencer Schrock <sschrock@google.com> Signed-off-by: latortuga71 <christopheralonso1@gmail.com> * Detect SECURITY.markdown in addition to SECURITY.md (#2447) GitHub probably supports many more file extensions for Markdown files, but at the very least, `.md` and `.markdown` have been standardized in RFC 7763. Signed-off-by: favonia <favonia@gmail.com> Signed-off-by: favonia <favonia@gmail.com> Signed-off-by: latortuga71 <christopheralonso1@gmail.com> * Add Pinned-Dependency, Vulnerability, and Code-Review checks to attestor (#2430) Signed-off-by: Raghav Kaul <raghavkaul@google.com> Signed-off-by: Raghav Kaul <raghavkaul@google.com> Signed-off-by: latortuga71 <christopheralonso1@gmail.com> * :seedling: cron: expose the stackdriver prefix as a config variable so it can be changed. (#2446) * Expose the stackdriver prefix as a config variable so it can be changed. Signed-off-by: Caleb Brown <calebbrown@google.com> * fix linter warning Signed-off-by: Caleb Brown <calebbrown@google.com> Signed-off-by: Caleb Brown <calebbrown@google.com> Co-authored-by: Spencer Schrock <sschrock@google.com> Signed-off-by: latortuga71 <christopheralonso1@gmail.com> * Only write to the rawBucket if the value exists. (#2451) Signed-off-by: Caleb Brown <calebbrown@google.com> Signed-off-by: Caleb Brown <calebbrown@google.com> Signed-off-by: latortuga71 <christopheralonso1@gmail.com> * :seedling: Bump golang.org/x/tools from 0.2.0 to 0.3.0 (#2448) * :seedling: Bump golang.org/x/tools from 0.2.0 to 0.3.0 Bumps [golang.org/x/tools](https://github.com/golang/tools) from 0.2.0 to 0.3.0. - [Release notes](https://github.com/golang/tools/releases) - [Commits](https://github.com/golang/tools/compare/v0.2.0...v0.3.0) --- updated-dependencies: - dependency-name: golang.org/x/tools dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> * bump attestor modules Signed-off-by: Spencer Schrock <sschrock@google.com> Signed-off-by: dependabot[bot] <support@github.com> Signed-off-by: Spencer Schrock <sschrock@google.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Spencer Schrock <sschrock@google.com> Signed-off-by: latortuga71 <christopheralonso1@gmail.com> * Move cron monitoring to a non-internal location. (#2453) This allows external workers (e.g. criticality_score) to use the same monitoring code. Signed-off-by: Caleb Brown <calebbrown@google.com> Signed-off-by: Caleb Brown <calebbrown@google.com> Signed-off-by: latortuga71 <christopheralonso1@gmail.com> * :seedling: Bump actions/dependency-review-action from 2.5.1 to 3.0.0 (#2455) Bumps [actions/dependency-review-action](https://github.com/actions/dependency-review-action) from 2.5.1 to 3.0.0. - [Release notes](https://github.com/actions/dependency-review-action/releases) - [Commits](https://github.com/actions/dependency-review-action/compare/0efb1d1d84fc9633afcdaad14c485cbbc90ef46c...30d582111533d59ab793fd9f971817241654f3ec) --- updated-dependencies: - dependency-name: actions/dependency-review-action dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Signed-off-by: latortuga71 <christopheralonso1@gmail.com> * 🌱 [cron] generalize some of the transfer logic so it is easy to build new transfer agents (#2454) * Generalize the transfer logic so it is easy to build new transfer agents This change moves code that reads shards and produces summaries into the data package so that it can be reused to create new transfer agents, similar to the BigQuery transfer agent in cron/internal/bq. Signed-off-by: Caleb Brown <calebbrown@google.com> * Lint fix and commentary. Signed-off-by: Caleb Brown <calebbrown@google.com> Signed-off-by: Caleb Brown <calebbrown@google.com> Signed-off-by: latortuga71 <christopheralonso1@gmail.com> * :seedling: Bump github.com/google/addlicense in /tools (#2459) Bumps [github.com/google/addlicense](https://github.com/google/addlicense) from 1.0.0 to 1.1.0. - [Release notes](https://github.com/google/addlicense/releases) - [Changelog](https://github.com/google/addlicense/blob/master/.goreleaser.yaml) - [Commits](https://github.com/google/addlicense/compare/v1.0.0...v1.1.0) --- updated-dependencies: - dependency-name: github.com/google/addlicense dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Signed-off-by: latortuga71 <christopheralonso1@gmail.com> * :seedling: Bump github.com/google/go-containerregistry Bumps [github.com/google/go-containerregistry](https://github.com/google/go-containerregistry) from 0.12.0 to 0.12.1. - [Release notes](https://github.com/google/go-containerregistry/releases) - [Changelog](https://github.com/google/go-containerregistry/blob/main/.goreleaser.yml) - [Commits](https://github.com/google/go-containerregistry/compare/v0.12.0...v0.12.1) --- updated-dependencies: - dependency-name: github.com/google/go-containerregistry dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Signed-off-by: latortuga71 <christopheralonso1@gmail.com> * go mod tidy Signed-off-by: Spencer Schrock <sschrock@google.com> Signed-off-by: latortuga71 <christopheralonso1@gmail.com> * Added <= instead of == incase negative int is passed Signed-off-by: latortuga71 <christopheralonso1@gmail.com> * missed test fix Signed-off-by: latortuga71 <christopheralonso1@gmail.com> Signed-off-by: dependabot[bot] <support@github.com> Signed-off-by: latortuga71 <christopheralonso1@gmail.com> Signed-off-by: Raghav Kaul <raghavkaul@google.com> Signed-off-by: Spencer Schrock <sschrock@google.com> Signed-off-by: Scott Hissam <shissam@gmail.com> Signed-off-by: Michael Scovetta <michael.scovetta@microsoft.com> Signed-off-by: favonia <favonia@gmail.com> Signed-off-by: Caleb Brown <calebbrown@google.com> Signed-off-by: Latortuga <42878263+latortuga71@users.noreply.github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: raghavkaul <8695110+raghavkaul@users.noreply.github.com> Co-authored-by: Spencer Schrock <sschrock@google.com> Co-authored-by: scott hissam <shissam@users.noreply.github.com> Co-authored-by: Michael Scovetta <michael.scovetta@microsoft.com> Co-authored-by: favonia <favonia@gmail.com> Co-authored-by: Caleb Brown <calebbrown@google.com>
2022-11-22 19:11:36 +03:00
InitRepo(repo Repo, commitSHA string, commitDepth int) error
✨ Add support for file-based repo URIs (#1113) * draft * draft * docker file * error * fix * fix * fixa * bug * comments * missing merge * fix * fix rebase * merge issue * fix * validate format early * fix * fix2 * comments * fix
2021-10-21 23:08:56 +03:00
URI() string
Add ListCommits and IsArchived API (#772) Co-authored-by: Azeem Shaikh <azeems@google.com>
2021-07-30 00:18:58 +03:00
IsArchived() (bool, error)
Update ListFiles API to return error (#746) Co-authored-by: Azeem Shaikh <azeems@google.com>
2021-07-26 03:47:36 +03:00
ListFiles(predicate func(string) (bool, error)) ([]string, error)
:warning: OSV scanner integration (#2509) * Improve OSV scanning integration (squashed) Signed-off-by: Rex P <rexpan@google.com> * Add support for grouping vulnerabilities and aliases Signed-off-by: Rex P <rexpan@google.com> * Updated documentation, spit vulnerability output to multiple warnings Signed-off-by: Rex P <rexpan@google.com> * Updated documentation, spit vulnerability output to multiple warnings Signed-off-by: Rex P <rexpan@google.com> * Add its own codebase into docs Signed-off-by: Rex P <rexpan@google.com> * Update scorecard test to not prevent known vulns Signed-off-by: Rex P <rexpan@google.com> Signed-off-by: Rex P <rexpan@google.com> Co-authored-by: laurentsimon <64505099+laurentsimon@users.noreply.github.com>
2022-12-13 03:46:43 +03:00
// Returns an absolute path to the local repository
// in the format that matches the local OS
LocalPath() (string, error)
Add `ListFiles` and `GetFileContent` APIs (#637) Co-authored-by: Azeem Shaikh <azeems@google.com>
2021-07-01 09:49:49 +03:00
GetFileContent(filename string) ([]byte, error)
Only pull required branch names (#1965) Co-authored-by: Azeem Shaikh <azeems@google.com>
2022-05-28 01:25:24 +03:00
GetBranch(branch string) (*BranchRef, error)
🐛 Detect recently created Github repositories (#2151) * Bugfix: Detect recently created Github repositories Adjust the unweighted score -3 points if they were created in the last 90 days * Address PR comments * Address PR comments * Make log message more urgent * Add to raw results * Zero 'Maintained' score if the repo is too new to evaluate * Update docs * Update maintained_test.go * Fix lint error
2022-08-17 02:09:46 +03:00
GetCreatedAt() (time.Time, error)
:bug: Fix bug 2051 (#2140) * Fix bug 2051 Signed-off-by: Varun Sharma <varunsh@stepsecurity.io> * Fix lint errors and add mock code Signed-off-by: Varun Sharma <varunsh@stepsecurity.io> * Fix unit test Signed-off-by: Varun Sharma <varunsh@stepsecurity.io> Signed-off-by: Varun Sharma <varunsh@stepsecurity.io> Co-authored-by: laurentsimon <64505099+laurentsimon@users.noreply.github.com>
2022-08-12 19:23:07 +03:00
GetDefaultBranchName() (string, error)
Use RefUpdateRule in BranchProtection check (#936) Co-authored-by: Azeem Shaikh <azeems@google.com>
2021-08-31 02:14:42 +03:00
GetDefaultBranch() (*BranchRef, error)
✨ GitLab: Security Policy check (#2754) * Add tarballHandler for GitLab, enabling repo download Signed-off-by: Raghav Kaul <raghavkaul@google.com> * Abstract OrgSecurityPolicy details to RepoClient instead of checker Signed-off-by: Raghav Kaul <raghavkaul@google.com> * Remove Org() from RepoClient Signed-off-by: Raghav Kaul <raghavkaul@google.com> * Rename Signed-off-by: Raghav Kaul <raghavkaul@google.com> * Don't run as part of CI tests that depend on external sites Signed-off-by: Raghav Kaul <raghavkaul@google.com> --------- Signed-off-by: Raghav Kaul <raghavkaul@google.com>
2023-03-16 22:18:32 +03:00
GetOrgRepoClient(context.Context) (RepoClient, error)
Add ListCommits and IsArchived API (#772) Co-authored-by: Azeem Shaikh <azeems@google.com>
2021-07-30 00:18:58 +03:00
ListCommits() ([]Commit, error)
Check for issue activity in Maintained (#1251) Co-authored-by: Azeem Shaikh <azeems@google.com>
2021-11-13 01:16:22 +03:00
ListIssues() ([]Issue, error)
:sparkles: Add Additional Details to License Check (#2442) * :sparkles: Improved Security Policy Check (#2137) * Examines and awards points for linked content (URLs / Emails) * Examines and awards points for hints of disclosure and vulnerability practices * Examines and awards points for hints of elaboration of timelines Signed-off-by: Scott Hissam <shissam@gmail.com> * Repaired Security Policy to correctly use linked content length for evaluation Signed-off-by: Scott Hissam <shissam@gmail.com> * gofmt'ed changes Signed-off-by: Scott Hissam <shissam@gmail.com> * Repaired the case in the evaluation which was too sensitive to content length over the length of the linked content for urls and emails Signed-off-by: Scott Hissam <shissam@gmail.com> * added unit test cases for the new content-based Security Policy checks Signed-off-by: Scott Hissam <shissam@gmail.com> * reverted the direct (mistaken) change to checks.md and updated the checks.yaml for generate-docs Signed-off-by: Scott Hissam <shissam@gmail.com> * :sparkles: Improved Security Policy Check (#2137) (revisted based on comments) * replaced reason strings with log.Info & log.Warn (as seen in --show-details) * internal assertion check for nil (*pinfo) and empty pfile * internal switched to FileTypeText over FileTypeSource * internal implement type SecurityPolicyInformationType/SecurityPolicyInformation revised SecurityPolicyData to support only one file * revised expected unit-test results and revised unit-test to reflect the new SecurityPolicyData type Signed-off-by: Scott Hissam <shissam@gmail.com> * revised the score value based on observation of one *or more* url(s) or one email(s) found; unit tests update accordingly Signed-off-by: Scott Hissam <shissam@gmail.com> * revised the score value based on observation of one *or more* url(s) or one email(s) found; unit tests update accordingly Signed-off-by: Scott Hissam <shissam@gmail.com> * revised the score value based on observation of one *or more* url(s) or one email(s) found; e2e tests update accordingly Signed-off-by: Scott Hissam <shissam@gmail.com> * Addressed PR comments; added telemetry for policy hits in security policy file to track hits by line number Signed-off-by: Scott Hissam <shissam@gmail.com> * Resolved merge conflict with checks.yaml Signed-off-by: Scott Hissam <shissam@gmail.com> * updated raw results to emit all the raw information for the new security policy check Signed-off-by: Scott Hissam <shissam@gmail.com> * Resolved merge conflicts and lint errors with json_raw_results.go Signed-off-by: Scott Hissam <shissam@gmail.com> * Addressed review comments to reorganize security policy data struct to support the potential for multiple security policy files. Signed-off-by: Scott Hissam <shissam@gmail.com> * Added logic to the security policy to process multiple security policy files only after future improvements to aggregating scoring across such files are designed. For now the security policy behaves as originally designed to stop once one of the expected policy files are found in the repo Signed-off-by: Scott Hissam <shissam@gmail.com> * added comments regarding the capacity to support multiple policy files and removed unneeded break statements in the code Signed-off-by: Scott Hissam <shissam@gmail.com> * Addressed review comments to remove the dependency on the path in the filename from the code and introduced FileSize to checker.File type and removed the SecurityContentLength which was used to hold that information for the new security policy assessment Signed-off-by: Scott Hissam <shissam@gmail.com> * restored reporting full security policy path and filename for policies found in the org level repos Signed-off-by: Scott Hissam <shissam@gmail.com> * Resolved conflicts in checks.yaml for documentation Signed-off-by: Scott Hissam <shissam@gmail.com> * ✨ CLI for scorecard-attestor (#2309) * Reorganize Signed-off-by: Raghav Kaul <raghavkaul@google.com> * Working commit Signed-off-by: Raghav Kaul <raghavkaul@google.com> * Compile with local scorecard; go mod tidy Signed-off-by: Raghav Kaul <raghavkaul@google.com> * Add signing code Heavily borrowed from https://github.com/grafeas/kritis/blob/master/cmd/kritis/signer/main.go Signed-off-by: Raghav Kaul <raghavkaul@google.com> * Update deps * Naming * Makefile Signed-off-by: Raghav Kaul <raghavkaul@google.com> * Edit license, add lint.yml Signed-off-by: Raghav Kaul <raghavkaul@google.com> * checks: go mod tidy, license Signed-off-by: Raghav Kaul <raghavkaul@google.com> * Address PR comments * Split into checker/signer files * Naming convention Signed-off-by: Raghav Kaul <raghavkaul@google.com> * License, remove golangci.yml Signed-off-by: Raghav Kaul <raghavkaul@google.com> * Address PR comments * Use cobra Signed-off-by: Raghav Kaul <raghavkaul@google.com> * Add tests for root command Signed-off-by: Raghav Kaul <raghavkaul@google.com> * Filter out checks that aren't needed for policy evaluation Signed-off-by: Raghav Kaul <raghavkaul@google.com> * Add `make` targets for attestor; submit coverage stats Signed-off-by: Raghav Kaul <raghavkaul@google.com> * Improvements * Use sclog instead of glog * Remove unneeded subcommands * Formatting Signed-off-by: Raghav Kaul <raghavkaul@google.com> * Flags: Make note-name constant and fix messaging Signed-off-by: Raghav Kaul <raghavkaul@google.com> * Remove SupportedRequestTypes Signed-off-by: Raghav Kaul <raghavkaul@google.com> * go mod tidy Signed-off-by: Raghav Kaul <raghavkaul@google.com> * go mod tidy, makefile Signed-off-by: Raghav Kaul <raghavkaul@google.com> * Fix GH actions run Signed-off-by: Raghav Kaul <raghavkaul@google.com> Signed-off-by: Raghav Kaul <raghavkaul@google.com> Signed-off-by: Scott Hissam <shissam@gmail.com> * removed whitespace before stanza for Run attestor e2e Signed-off-by: Scott Hissam <shissam@gmail.com> * resolved code review and doc review comments Signed-off-by: Scott Hissam <shissam@gmail.com> * repaired the link for the maintainer's guide for supporting the coordinated vulnerability disclosure guidelines Signed-off-by: Scott Hissam <shissam@gmail.com> * initial implementation of https://github.com/ossf/scorecard/issues/1369#issuecomment-1304831531 to provide more license details Signed-off-by: Scott Hissam <shissam@gmail.com> * draft implementation to provide more information on license details Signed-off-by: Scott Hissam <shissam@gmail.com> * repaired a misspelling Signed-off-by: Scott Hissam <shissam@gmail.com> * Changed to handle http errors with 404 not found as being a non-error for not being able to find a license Signed-off-by: Scott Hissam <shissam@gmail.com> * Return an error status similar to other gitlab checks Signed-off-by: Scott Hissam <shissam@gmail.com> * add new raw licenses data Signed-off-by: Scott Hissam <shissam@gmail.com> * updated e2e test as new license check generates more info and warn as scores change as license file content is not parsed Signed-off-by: Scott Hissam <shissam@gmail.com> * added numerous more test filenames and a shouldFail boolean as some filenames will fail that do not meet checks.md rules Signed-off-by: Scott Hissam <shissam@gmail.com> * license check now, primarily, uses the GH API for checking licenses Signed-off-by: Scott Hissam <shissam@gmail.com> * updated local checker as new license check generates more info and warn as scores change as license file content is not parsed Signed-off-by: Scott Hissam <shissam@gmail.com> * added draft license gradation for scoring, add a map to OSI and FSF licenses, added GH API for retrieving repo license, revamp license filename matching when not using a repo API for detecting license files. Signed-off-by: Scott Hissam <shissam@gmail.com> * repaired race condition for case insensitive map, improved regex matching, moved licenses to raw, raw now mimics GH API return values for key, name, etc., updated unit tests and raw results accordingly Signed-off-by: Scott Hissam <shissam@gmail.com> * completed disambiguation of SPDX Identifiers and filename extensions, reworked some of the code comments, added map generation to TestLicense, added an additional mutex for the regex group identifier index, removed spurious prints, revised unit test accordingly, updated documentation. Signed-off-by: Scott Hissam <shissam@gmail.com> * removed repo Key from LicenseInformation as unneeded, changed attribution constants to be more meaningful, update documentation as necessary for changes Signed-off-by: Scott Hissam <shissam@gmail.com> Signed-off-by: Scott Hissam <shissam@gmail.com> Signed-off-by: Raghav Kaul <raghavkaul@google.com> Co-authored-by: raghavkaul <8695110+raghavkaul@users.noreply.github.com>
2022-11-28 22:23:18 +03:00
ListLicenses() ([]License, error)
Update SignedReleases to use RepoClient API (#844) Co-authored-by: Azeem Shaikh <azeems@google.com>
2021-08-12 23:46:06 +03:00
ListReleases() ([]Release, error)
Replace `clients.Contributor` with `clients.User` (#1957) Co-authored-by: Azeem Shaikh <azeems@google.com>
2022-05-31 23:19:14 +03:00
ListContributors() ([]User, error)
Use RepoClient API for Packaging check (#940) Co-authored-by: Azeem Shaikh <azeems@google.com>
2021-09-01 04:05:34 +03:00
ListSuccessfulWorkflowRuns(filename string) ([]WorkflowRun, error)
Add RepoClient API for ListCheckRunsForRef (#948) Co-authored-by: Azeem Shaikh <azeems@google.com>
2021-09-01 20:43:53 +03:00
ListCheckRunsForRef(ref string) ([]CheckRun, error)
Add and use RepoClient API for ListStatuses (#949) Co-authored-by: Azeem Shaikh <azeems@google.com>
2021-09-01 21:34:58 +03:00
ListStatuses(ref string) ([]Status, error)
Replace `checker.Webhook` with `clients.Webhook` (#1948) Co-authored-by: Azeem Shaikh <azeems@google.com>
2022-05-24 05:47:12 +03:00
ListWebhooks() ([]Webhook, error)
✨ Add Language struct and optimize result parsing for GHClient.ListProgrammingLanguages (#1992) * temp save 05262022 * finished golang fuzz func check, getLang interface to be done next week * temp save 05/31/2022 * temp save 06/01/2022 * temp save-2 06/01/2022 * temp save-1 06032022 * temp save-2 06022022 * temp save * temp save 06032022 * temp save 06032022 (2) * update err def * temp save 3 * update docs for fuzzing * update docs for fuzzing * update checks.yaml to gen docs * temp save 0606 * temp save-2 0606 * temp save-3 0606 * temp save-4 0606 * fix linter errors * fix linter errs-2 * fix e2e errors * 0608 * 0608-2 * optimize Language struct & parsing * add more lang const * resolved nits Co-authored-by: Aiden Wang <aidenwang@google.com>
2022-06-10 22:13:38 +03:00
ListProgrammingLanguages() ([]Language, error)
Use RepoClient.Search API in SAST check (#857) Co-authored-by: Azeem Shaikh <azeems@google.com>
2021-08-16 20:34:10 +03:00
Search(request SearchRequest) (SearchResponse, error)
:sparkles: Feature: Improve Dependabot detection through PRs (#2125) * clients: Update client type to add SearchCommits function Signed-off-by: Alvaro Frias Garay <alvaro.frias@eclypsium.com> * checks/raw: Update Dependency Update Tool check to search for commits made by dependabot in default branch Signed-off-by: Alvaro Frias Garay <alvaro.frias@eclypsium.com> * clients/mockclients: Update mock for repoClient to add SearchCommits function mocks Signed-off-by: Alvaro Frias Garay <alvaro.frias@eclypsium.com> * checks: Update unit tests for Dependency Update tool with new feature of SearchCommits Signed-off-by: Alvaro Frias Garay <alvaro.frias@eclypsium.com> * clients/githubrepo: Update SearchCommitsHandler's buildQuery function & add tests Add "author:" to the query. Remove ReplaceAll unused for Author formatting. Signed-off-by: Alvaro Frias Garay <alvaro.frias@eclypsium.com> * clients: Add explanatory comment for SearchCommits Signed-off-by: Alvaro Frias Garay <alvaro.frias@eclypsium.com> * Clients: Update SearchCommits to return []Commit instead of SearchCommitsResponse Signed-off-by: Alvaro Frias Garay <alvaro.frias@eclypsium.com> * checks: Update dependency update tool check according to change by SearchCommits now returning []Commit Signed-off-by: Alvaro Frias Garay <alvaro.frias@eclypsium.com> * clients/githubrepo: Add license header Signed-off-by: Alvaro Frias Garay <alvaro.frias@eclypsium.com> * clients: Add exported comment & remove unused structs Signed-off-by: Alvaro Frias Garay <alvaro.frias@eclypsium.com> * checks/raw: Address rangeValCopy issue when iterating commits Signed-off-by: Alvaro Frias Garay <alvaro.frias@eclypsium.com> * clients: Address issue concerning field alignment in User struct Signed-off-by: Alvaro Frias Garay <alvaro.frias@eclypsium.com> * clients/githubrepo: Addres line length linter issue Signed-off-by: Alvaro Frias Garay <alvaro.frias@eclypsium.com> Signed-off-by: Alvaro Frias Garay <alvaro.frias@eclypsium.com> Co-authored-by: Alvaro Frias Garay <alvaro.frias@eclypsium.com>
2022-08-11 18:09:21 +03:00
SearchCommits(request SearchCommitsOptions) ([]Commit, error)
Add `ListFiles` and `GetFileContent` APIs (#637) Co-authored-by: Azeem Shaikh <azeems@google.com>
2021-07-01 09:49:49 +03:00
Close() error
Add v0 of RepoClient interface (#587) Co-authored-by: Azeem Shaikh <azeems@google.com>
2021-06-17 23:21:32 +03:00
}
Reference in New Issue Copy Permalink