🌱 maintainer annotations: improve annotation file validation (#4162)

* validate check names against full list Signed-off-by: Raghav Kaul <raghavkaul+github@google.com> * tests: close file Signed-off-by: Raghav Kaul <raghavkaul+github@google.com> * update Signed-off-by: Raghav Kaul <raghavkaul+github@google.com> * make private Signed-off-by: Raghav Kaul <raghavkaul+github@google.com> * Restructure imports Signed-off-by: Raghav Kaul <raghavkaul+github@google.com> * update Signed-off-by: Raghav Kaul <raghavkaul+github@google.com> --------- Signed-off-by: Raghav Kaul <raghavkaul+github@google.com>
2024-10-05 13:17:08 +03:00 · 2024-07-02 08:40:34 -07:00 · 2024-07-02 08:40:34 -07:00 · 28337f13b1
commit 28337f13b1
parent 9f9afa0c30
51 changed files with 182 additions and 110 deletions
--- a/config/config.go
+++ b/config/config.go
@ -23,6 +23,7 @@ import (
 	"gopkg.in/yaml.v3"
 	sce "github.com/ossf/scorecard/v5/errors"
 	"github.com/ossf/scorecard/v5/internal/checknames"
 )
 var (
@ -45,19 +46,19 @@ func parseFile(c *Config, content []byte) error {
 	return nil
 }
-func isValidCheck(check string, checks []string) bool {
+func isValidCheck(check string) bool {
-	for _, validCheck := range checks {
+	for _, c := range checknames.AllValidChecks {
-		if strings.EqualFold(check, validCheck) {
+		if strings.EqualFold(c, check) {
 			return true
 		}
 	}
 	return false
 }
-func validate(c Config, checks []string) error {
+func validate(c Config) error {
 	for _, annotation := range c.Annotations {
 		for _, check := range annotation.Checks {
-			if !isValidCheck(check, checks) {
+			if !isValidCheck(check) {
 				return fmt.Errorf("%w: %s", errInvalidCheck, check)
 			}
 		}
@ -71,7 +72,7 @@ func validate(c Config, checks []string) error {
 }
 // Parse reads the configuration file from the repo, stored in scorecard.yml, and returns a `Config`.
-func Parse(r io.Reader, checks []string) (Config, error) {
+func Parse(r io.Reader) (Config, error) {
 	c := Config{}
 	// Find scorecard.yml file in the repository's root
 	content, err := io.ReadAll(r)
@ -84,7 +85,7 @@ func Parse(r io.Reader, checks []string) (Config, error) {
 		return Config{}, fmt.Errorf("fail to parse configuration file: %w", err)
 	}
-	err = validate(c, checks)
+	err = validate(c)
 	if err != nil {
 		return Config{}, fmt.Errorf("configuration file is not valid: %w", err)
 	}
--- a/config/config_test.go
+++ b/config/config_test.go
@ -12,18 +12,13 @@
 // See the License for the specific language governing permissions and
 // limitations under the License.
-// Warning: config cannot import checks. This is why we declare a different package here
+package config
 // and import both config and checks to test config.
 package config_test
 import (
 	"os"
 	"testing"
 	"github.com/google/go-cmp/cmp"
 	"github.com/ossf/scorecard/v5/checks"
 	"github.com/ossf/scorecard/v5/config"
 )
 func Test_Parse_Checks(t *testing.T) {
@ -31,17 +26,17 @@ func Test_Parse_Checks(t *testing.T) {
 	tests := []struct {
 		name       string
 		configPath string
-		want       config.Config
+		want       Config
 		wantErr    bool
 	}{
 		{
 			name:       "Annotation on a single check",
 			configPath: "testdata/single_check.yml",
-			want: config.Config{
+			want: Config{
-				Annotations: []config.Annotation{
+				Annotations: []Annotation{
 					{
 						Checks:  []string{"binary-artifacts"},
-						Reasons: []config.ReasonGroup{{Reason: "test-data"}},
+						Reasons: []ReasonGroup{{Reason: "test-data"}},
 					},
 				},
 			},
@ -49,8 +44,8 @@ func Test_Parse_Checks(t *testing.T) {
 		{
 			name:       "Annotation on all checks",
 			configPath: "testdata/all_checks.yml",
-			want: config.Config{
+			want: Config{
-				Annotations: []config.Annotation{
+				Annotations: []Annotation{
 					{
 						Checks: []string{
 							"binary-artifacts",
@ -72,7 +67,7 @@ func Test_Parse_Checks(t *testing.T) {
 							"token-permissions",
 							"vulnerabilities",
 						},
-						Reasons: []config.ReasonGroup{{Reason: "test-data"}},
+						Reasons: []ReasonGroup{{Reason: "test-data"}},
 					},
 				},
 			},
@ -80,11 +75,11 @@ func Test_Parse_Checks(t *testing.T) {
 		{
 			name:       "Annotating all reasons",
 			configPath: "testdata/all_reasons.yml",
-			want: config.Config{
+			want: Config{
-				Annotations: []config.Annotation{
+				Annotations: []Annotation{
 					{
 						Checks: []string{"binary-artifacts"},
-						Reasons: []config.ReasonGroup{
+						Reasons: []ReasonGroup{
 							{Reason: "test-data"},
 							{Reason: "remediated"},
 							{Reason: "not-applicable"},
@ -98,15 +93,15 @@ func Test_Parse_Checks(t *testing.T) {
 		{
 			name:       "Multiple annotations",
 			configPath: "testdata/multiple_annotations.yml",
-			want: config.Config{
+			want: Config{
-				Annotations: []config.Annotation{
+				Annotations: []Annotation{
 					{
 						Checks:  []string{"binary-artifacts"},
-						Reasons: []config.ReasonGroup{{Reason: "test-data"}},
+						Reasons: []ReasonGroup{{Reason: "test-data"}},
 					},
 					{
 						Checks:  []string{"pinned-dependencies"},
-						Reasons: []config.ReasonGroup{{Reason: "not-applicable"}},
+						Reasons: []ReasonGroup{{Reason: "not-applicable"}},
 					},
 				},
 			},
@ -124,17 +119,13 @@ func Test_Parse_Checks(t *testing.T) {
 	}
 	for _, tt := range tests {
 		tt := tt // Re-initializing variable so it is not changed while executing the closure below
 		allChecks := []string{}
 		for check := range checks.GetAll() {
 			allChecks = append(allChecks, check)
 		}
 		t.Run(tt.name, func(t *testing.T) {
 			t.Parallel()
 			r, err := os.Open(tt.configPath)
 			if err != nil {
 				t.Fatalf("Could not open config test file: %s", tt.configPath)
 			}
-			result, err := config.Parse(r, allChecks)
+			result, err := Parse(r)
 			if (err != nil) != tt.wantErr {
 				t.Fatalf("Unexpected error during Parse: got %v, wantErr %v", err, tt.wantErr)
 			}
--- a/internal/checknames/checknames.go
+++ b/internal/checknames/checknames.go
@ -0,0 +1,64 @@
 // Copyright 2024 OpenSSF Scorecard Authors
 //
 // Licensed under the Apache License, Version 2.0 (the "License");
 // you may not use this file except in compliance with the License.
 // You may obtain a copy of the License at
 //
 //     http://www.apache.org/licenses/LICENSE-2.0
 //
 // Unless required by applicable law or agreed to in writing, software
 // distributed under the License is distributed on an "AS IS" BASIS,
 // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 // See the License for the specific language governing permissions and
 // limitations under the License.
 package checknames
 type CheckName = string
 // Redefining check names here to avoid circular imports.
 const (
 	BinaryArtifacts      CheckName = "Binary-Artifacts"
 	BranchProtection     CheckName = "Branch-Protection"
 	CIIBestPractices     CheckName = "CII-Best-Practices"
 	CITests              CheckName = "CI-Tests"
 	CodeReview           CheckName = "Code-Review"
 	Contributors         CheckName = "Contributors"
 	DangerousWorkflow    CheckName = "Dangerous-Workflow"
 	DependencyUpdateTool CheckName = "Dependency-Update-Tool"
 	Fuzzing              CheckName = "Fuzzing"
 	License              CheckName = "License"
 	Maintained           CheckName = "Maintained"
 	Packaging            CheckName = "Packaging"
 	PinnedDependencies   CheckName = "Pinned-Dependencies"
 	SAST                 CheckName = "SAST"
 	SBOM                 CheckName = "SBOM"
 	SecurityPolicy       CheckName = "Security-Policy"
 	SignedReleases       CheckName = "Signed-Releases"
 	TokenPermissions     CheckName = "Token-Permissions"
 	Vulnerabilities      CheckName = "Vulnerabilities"
 	Webhooks             CheckName = "Webhooks"
 )
 var AllValidChecks []string = []string{
 	BinaryArtifacts,
 	BranchProtection,
 	CIIBestPractices,
 	CITests,
 	CodeReview,
 	Contributors,
 	DangerousWorkflow,
 	DependencyUpdateTool,
 	Fuzzing,
 	License,
 	Maintained,
 	Packaging,
 	PinnedDependencies,
 	SAST,
 	SBOM,
 	SecurityPolicy,
 	SignedReleases,
 	TokenPermissions,
 	Vulnerabilities,
 	Webhooks,
 }
--- a/internal/probes/probes.go
+++ b/internal/probes/probes.go
@ -20,39 +20,14 @@ import (
 	"github.com/ossf/scorecard/v5/checker"
 	"github.com/ossf/scorecard/v5/errors"
 	"github.com/ossf/scorecard/v5/finding"
-)
+	"github.com/ossf/scorecard/v5/internal/checknames"
 type CheckName string
 // Redefining check names here to avoid circular imports.
 const (
 	BinaryArtifacts      CheckName = "Binary-Artifacts"
 	BranchProtection     CheckName = "Branch-Protection"
 	CIIBestPractices     CheckName = "CII-Best-Practices"
 	CITests              CheckName = "CI-Tests"
 	CodeReview           CheckName = "Code-Review"
 	Contributors         CheckName = "Contributors"
 	DangerousWorkflow    CheckName = "Dangerous-Workflow"
 	DependencyUpdateTool CheckName = "Dependency-Update-Tool"
 	Fuzzing              CheckName = "Fuzzing"
 	License              CheckName = "License"
 	Maintained           CheckName = "Maintained"
 	Packaging            CheckName = "Packaging"
 	PinnedDependencies   CheckName = "Pinned-Dependencies"
 	SAST                 CheckName = "SAST"
 	SBOM                 CheckName = "SBOM"
 	SecurityPolicy       CheckName = "Security-Policy"
 	SignedReleases       CheckName = "Signed-Releases"
 	TokenPermissions     CheckName = "Token-Permissions"
 	Vulnerabilities      CheckName = "Vulnerabilities"
 	Webhooks             CheckName = "Webhooks"
 )
 type Probe struct {
 	Name                      string
 	Implementation            ProbeImpl
 	IndependentImplementation IndependentProbeImpl
-	RequiredRawData           []CheckName
+	RequiredRawData           []checknames.CheckName
 }
 type ProbeImpl func(*checker.RawResults) ([]finding.Finding, string, error)
@ -62,7 +37,7 @@ type IndependentProbeImpl func(*checker.CheckRequest) ([]finding.Finding, string
 // registered is the mapping of all registered probes.
 var registered = map[string]Probe{}
-func MustRegister(name string, impl ProbeImpl, requiredRawData []CheckName) {
+func MustRegister(name string, impl ProbeImpl, requiredRawData []checknames.CheckName) {
 	err := register(Probe{
 		Name:            name,
 		Implementation:  impl,
--- a/internal/probes/probes_test.go
+++ b/internal/probes/probes_test.go
@ -21,6 +21,7 @@ import (
 	"github.com/ossf/scorecard/v5/checker"
 	"github.com/ossf/scorecard/v5/finding"
 	. "github.com/ossf/scorecard/v5/internal/checknames"
 )
 func emptyImpl(r *checker.RawResults) ([]finding.Finding, string, error) {
--- a/pkg/scorecard.go
+++ b/pkg/scorecard.go
@ -180,11 +180,7 @@ func runScorecard(ctx context.Context,
 		if r != nil {
 			defer r.Close()
 			logger.Info(fmt.Sprintf("using maintainer annotations: %s", path))
-			checks := []string{}
+			c, err := config.Parse(r)
 			for check := range checksToRun {
 				checks = append(checks, check)
 			}
 			c, err := config.Parse(r, checks)
 			if err != nil {
 				logger.Info(fmt.Sprintf("couldn't parse maintainer annotations: %v", err))
 			}
--- a/pkg/scorecard_result.go
+++ b/pkg/scorecard_result.go
@ -402,7 +402,7 @@ func populateRawResults(request *checker.CheckRequest, probesToRun []string, ret
 			return fmt.Errorf("getting probe %q: %w", probeName, err)
 		}
 		for _, checkName := range p.RequiredRawData {
-			checkName := string(checkName)
+			checkName := checkName
 			if !seen[checkName] {
 				err := assignRawData(checkName, request, ret)
 				if err != nil {
--- a/probes/archived/impl.go
+++ b/probes/archived/impl.go
@ -20,12 +20,13 @@ import (
 	"github.com/ossf/scorecard/v5/checker"
 	"github.com/ossf/scorecard/v5/finding"
 	"github.com/ossf/scorecard/v5/internal/checknames"
 	"github.com/ossf/scorecard/v5/internal/probes"
 	"github.com/ossf/scorecard/v5/probes/internal/utils/uerror"
 )
 func init() {
-	probes.MustRegister(Probe, Run, []probes.CheckName{probes.Maintained})
+	probes.MustRegister(Probe, Run, []checknames.CheckName{checknames.Maintained})
 }
 //go:embed *.yml
--- a/probes/blocksDeleteOnBranches/impl.go
+++ b/probes/blocksDeleteOnBranches/impl.go
@ -21,12 +21,13 @@ import (
 	"github.com/ossf/scorecard/v5/checker"
 	"github.com/ossf/scorecard/v5/finding"
 	"github.com/ossf/scorecard/v5/internal/checknames"
 	"github.com/ossf/scorecard/v5/internal/probes"
 	"github.com/ossf/scorecard/v5/probes/internal/utils/uerror"
 )
 func init() {
-	probes.MustRegister(Probe, Run, []probes.CheckName{probes.BranchProtection})
+	probes.MustRegister(Probe, Run, []checknames.CheckName{checknames.BranchProtection})
 }
 //go:embed *.yml
--- a/probes/blocksForcePushOnBranches/impl.go
+++ b/probes/blocksForcePushOnBranches/impl.go
@ -21,12 +21,13 @@ import (
 	"github.com/ossf/scorecard/v5/checker"
 	"github.com/ossf/scorecard/v5/finding"
 	"github.com/ossf/scorecard/v5/internal/checknames"
 	"github.com/ossf/scorecard/v5/internal/probes"
 	"github.com/ossf/scorecard/v5/probes/internal/utils/uerror"
 )
 func init() {
-	probes.MustRegister(Probe, Run, []probes.CheckName{probes.BranchProtection})
+	probes.MustRegister(Probe, Run, []checknames.CheckName{checknames.BranchProtection})
 }
 //go:embed *.yml
--- a/probes/branchProtectionAppliesToAdmins/impl.go
+++ b/probes/branchProtectionAppliesToAdmins/impl.go
@ -21,13 +21,14 @@ import (
 	"github.com/ossf/scorecard/v5/checker"
 	"github.com/ossf/scorecard/v5/finding"
 	"github.com/ossf/scorecard/v5/internal/checknames"
 	"github.com/ossf/scorecard/v5/internal/probes"
 	"github.com/ossf/scorecard/v5/probes/internal/utils/branchprotection"
 	"github.com/ossf/scorecard/v5/probes/internal/utils/uerror"
 )
 func init() {
-	probes.MustRegister(Probe, Run, []probes.CheckName{probes.BranchProtection})
+	probes.MustRegister(Probe, Run, []checknames.CheckName{checknames.BranchProtection})
 }
 //go:embed *.yml
--- a/probes/branchesAreProtected/impl.go
+++ b/probes/branchesAreProtected/impl.go
@ -21,12 +21,13 @@ import (
 	"github.com/ossf/scorecard/v5/checker"
 	"github.com/ossf/scorecard/v5/finding"
 	"github.com/ossf/scorecard/v5/internal/checknames"
 	"github.com/ossf/scorecard/v5/internal/probes"
 	"github.com/ossf/scorecard/v5/probes/internal/utils/uerror"
 )
 func init() {
-	probes.MustRegister(Probe, Run, []probes.CheckName{probes.BranchProtection})
+	probes.MustRegister(Probe, Run, []checknames.CheckName{checknames.BranchProtection})
 }
 //go:embed *.yml
--- a/probes/codeApproved/impl.go
+++ b/probes/codeApproved/impl.go
@ -22,12 +22,13 @@ import (
 	"github.com/ossf/scorecard/v5/checker"
 	"github.com/ossf/scorecard/v5/finding"
 	"github.com/ossf/scorecard/v5/internal/checknames"
 	"github.com/ossf/scorecard/v5/internal/probes"
 	"github.com/ossf/scorecard/v5/probes/internal/utils/uerror"
 )
 func init() {
-	probes.MustRegister(Probe, Run, []probes.CheckName{probes.CodeReview})
+	probes.MustRegister(Probe, Run, []checknames.CheckName{checknames.CodeReview})
 }
 //go:embed *.yml
--- a/probes/codeReviewOneReviewers/impl.go
+++ b/probes/codeReviewOneReviewers/impl.go
@ -22,12 +22,13 @@ import (
 	"github.com/ossf/scorecard/v5/checker"
 	"github.com/ossf/scorecard/v5/clients"
 	"github.com/ossf/scorecard/v5/finding"
 	"github.com/ossf/scorecard/v5/internal/checknames"
 	"github.com/ossf/scorecard/v5/internal/probes"
 	"github.com/ossf/scorecard/v5/probes/utils"
 )
 func init() {
-	probes.MustRegister(Probe, Run, []probes.CheckName{probes.CodeReview})
+	probes.MustRegister(Probe, Run, []checknames.CheckName{checknames.CodeReview})
 }
 var (
--- a/probes/contributorsFromOrgOrCompany/impl.go
+++ b/probes/contributorsFromOrgOrCompany/impl.go
@ -21,6 +21,7 @@ import (
 	"github.com/ossf/scorecard/v5/checker"
 	"github.com/ossf/scorecard/v5/finding"
 	"github.com/ossf/scorecard/v5/internal/checknames"
 	"github.com/ossf/scorecard/v5/internal/probes"
 	"github.com/ossf/scorecard/v5/probes/internal/utils/uerror"
 )
@ -30,7 +31,7 @@ const (
 )
 func init() {
-	probes.MustRegister(Probe, Run, []probes.CheckName{probes.Contributors})
+	probes.MustRegister(Probe, Run, []checknames.CheckName{checknames.Contributors})
 }
 //go:embed *.yml
--- a/probes/createdRecently/impl.go
+++ b/probes/createdRecently/impl.go
@ -23,12 +23,13 @@ import (
 	"github.com/ossf/scorecard/v5/checker"
 	"github.com/ossf/scorecard/v5/finding"
 	"github.com/ossf/scorecard/v5/internal/checknames"
 	"github.com/ossf/scorecard/v5/internal/probes"
 	"github.com/ossf/scorecard/v5/probes/internal/utils/uerror"
 )
 func init() {
-	probes.MustRegister(Probe, Run, []probes.CheckName{probes.Maintained})
+	probes.MustRegister(Probe, Run, []checknames.CheckName{checknames.Maintained})
 }
 //go:embed *.yml
--- a/probes/dependencyUpdateToolConfigured/impl.go
+++ b/probes/dependencyUpdateToolConfigured/impl.go
@ -21,12 +21,13 @@ import (
 	"github.com/ossf/scorecard/v5/checker"
 	"github.com/ossf/scorecard/v5/finding"
 	"github.com/ossf/scorecard/v5/internal/checknames"
 	"github.com/ossf/scorecard/v5/internal/probes"
 	"github.com/ossf/scorecard/v5/probes/internal/utils/uerror"
 )
 func init() {
-	probes.MustRegister(Probe, Run, []probes.CheckName{probes.DependencyUpdateTool})
+	probes.MustRegister(Probe, Run, []checknames.CheckName{checknames.DependencyUpdateTool})
 }
 //go:embed *.yml
--- a/probes/dismissesStaleReviews/impl.go
+++ b/probes/dismissesStaleReviews/impl.go
@ -21,13 +21,14 @@ import (
 	"github.com/ossf/scorecard/v5/checker"
 	"github.com/ossf/scorecard/v5/finding"
 	"github.com/ossf/scorecard/v5/internal/checknames"
 	"github.com/ossf/scorecard/v5/internal/probes"
 	"github.com/ossf/scorecard/v5/probes/internal/utils/branchprotection"
 	"github.com/ossf/scorecard/v5/probes/internal/utils/uerror"
 )
 func init() {
-	probes.MustRegister(Probe, Run, []probes.CheckName{probes.BranchProtection})
+	probes.MustRegister(Probe, Run, []checknames.CheckName{checknames.BranchProtection})
 }
 //go:embed *.yml
--- a/probes/fuzzed/impl.go
+++ b/probes/fuzzed/impl.go
@ -20,12 +20,13 @@ import (
 	"github.com/ossf/scorecard/v5/checker"
 	"github.com/ossf/scorecard/v5/finding"
 	"github.com/ossf/scorecard/v5/internal/checknames"
 	"github.com/ossf/scorecard/v5/internal/probes"
 	"github.com/ossf/scorecard/v5/probes/internal/utils/uerror"
 )
 func init() {
-	probes.MustRegister(Probe, Run, []probes.CheckName{probes.Fuzzing})
+	probes.MustRegister(Probe, Run, []checknames.CheckName{checknames.Fuzzing})
 }
 //go:embed *.yml
--- a/probes/hasBinaryArtifacts/impl.go
+++ b/probes/hasBinaryArtifacts/impl.go
@ -21,12 +21,13 @@ import (
 	"github.com/ossf/scorecard/v5/checker"
 	"github.com/ossf/scorecard/v5/finding"
 	"github.com/ossf/scorecard/v5/internal/checknames"
 	"github.com/ossf/scorecard/v5/internal/probes"
 	"github.com/ossf/scorecard/v5/probes/internal/utils/uerror"
 )
 func init() {
-	probes.MustRegister(Probe, Run, []probes.CheckName{probes.BinaryArtifacts})
+	probes.MustRegister(Probe, Run, []checknames.CheckName{checknames.BinaryArtifacts})
 }
 //go:embed *.yml
--- a/probes/hasDangerousWorkflowScriptInjection/impl.go
+++ b/probes/hasDangerousWorkflowScriptInjection/impl.go
@ -21,12 +21,13 @@ import (
 	"github.com/ossf/scorecard/v5/checker"
 	"github.com/ossf/scorecard/v5/finding"
 	"github.com/ossf/scorecard/v5/internal/checknames"
 	"github.com/ossf/scorecard/v5/internal/probes"
 	"github.com/ossf/scorecard/v5/probes/internal/utils/uerror"
 )
 func init() {
-	probes.MustRegister(Probe, Run, []probes.CheckName{probes.DangerousWorkflow})
+	probes.MustRegister(Probe, Run, []checknames.CheckName{checknames.DangerousWorkflow})
 }
 //go:embed *.yml
--- a/probes/hasDangerousWorkflowUntrustedCheckout/impl.go
+++ b/probes/hasDangerousWorkflowUntrustedCheckout/impl.go
@ -21,12 +21,13 @@ import (
 	"github.com/ossf/scorecard/v5/checker"
 	"github.com/ossf/scorecard/v5/finding"
 	"github.com/ossf/scorecard/v5/internal/checknames"
 	"github.com/ossf/scorecard/v5/internal/probes"
 	"github.com/ossf/scorecard/v5/probes/internal/utils/uerror"
 )
 func init() {
-	probes.MustRegister(Probe, Run, []probes.CheckName{probes.DangerousWorkflow})
+	probes.MustRegister(Probe, Run, []checknames.CheckName{checknames.DangerousWorkflow})
 }
 //go:embed *.yml
--- a/probes/hasFSFOrOSIApprovedLicense/impl.go
+++ b/probes/hasFSFOrOSIApprovedLicense/impl.go
@ -21,12 +21,13 @@ import (
 	"github.com/ossf/scorecard/v5/checker"
 	"github.com/ossf/scorecard/v5/finding"
 	"github.com/ossf/scorecard/v5/internal/checknames"
 	"github.com/ossf/scorecard/v5/internal/probes"
 	"github.com/ossf/scorecard/v5/probes/internal/utils/uerror"
 )
 func init() {
-	probes.MustRegister(Probe, Run, []probes.CheckName{probes.License})
+	probes.MustRegister(Probe, Run, []checknames.CheckName{checknames.License})
 }
 //go:embed *.yml
--- a/probes/hasLicenseFile/impl.go
+++ b/probes/hasLicenseFile/impl.go
@ -21,12 +21,13 @@ import (
 	"github.com/ossf/scorecard/v5/checker"
 	"github.com/ossf/scorecard/v5/finding"
 	"github.com/ossf/scorecard/v5/internal/checknames"
 	"github.com/ossf/scorecard/v5/internal/probes"
 	"github.com/ossf/scorecard/v5/probes/internal/utils/uerror"
 )
 func init() {
-	probes.MustRegister(Probe, Run, []probes.CheckName{probes.License})
+	probes.MustRegister(Probe, Run, []checknames.CheckName{checknames.License})
 }
 //go:embed *.yml
--- a/probes/hasOSVVulnerabilities/impl.go
+++ b/probes/hasOSVVulnerabilities/impl.go
@ -25,12 +25,13 @@ import (
 	"github.com/ossf/scorecard/v5/checker"
 	"github.com/ossf/scorecard/v5/finding"
 	"github.com/ossf/scorecard/v5/internal/checknames"
 	"github.com/ossf/scorecard/v5/internal/probes"
 	"github.com/ossf/scorecard/v5/probes/internal/utils/uerror"
 )
 func init() {
-	probes.MustRegister(Probe, Run, []probes.CheckName{probes.Vulnerabilities})
+	probes.MustRegister(Probe, Run, []checknames.CheckName{checknames.Vulnerabilities})
 }
 //go:embed *.yml
--- a/probes/hasOpenSSFBadge/impl.go
+++ b/probes/hasOpenSSFBadge/impl.go
@ -22,12 +22,13 @@ import (
 	"github.com/ossf/scorecard/v5/checker"
 	"github.com/ossf/scorecard/v5/clients"
 	"github.com/ossf/scorecard/v5/finding"
 	"github.com/ossf/scorecard/v5/internal/checknames"
 	"github.com/ossf/scorecard/v5/internal/probes"
 	"github.com/ossf/scorecard/v5/probes/internal/utils/uerror"
 )
 func init() {
-	probes.MustRegister(Probe, Run, []probes.CheckName{probes.CIIBestPractices})
+	probes.MustRegister(Probe, Run, []checknames.CheckName{checknames.CIIBestPractices})
 }
 //go:embed *.yml
--- a/probes/hasPermissiveLicense/impl.go
+++ b/probes/hasPermissiveLicense/impl.go
@ -21,6 +21,7 @@ import (
 	"github.com/ossf/scorecard/v5/checker"
 	"github.com/ossf/scorecard/v5/finding"
 	"github.com/ossf/scorecard/v5/internal/checknames"
 	"github.com/ossf/scorecard/v5/internal/probes"
 	"github.com/ossf/scorecard/v5/probes/internal/utils/uerror"
 )
@ -29,7 +30,7 @@ import (
 var fs embed.FS
 func init() {
-	probes.MustRegister(Probe, Run, []probes.CheckName{probes.License})
+	probes.MustRegister(Probe, Run, []checknames.CheckName{checknames.License})
 }
 const Probe = "hasPermissiveLicense"
--- a/probes/hasRecentCommits/impl.go
+++ b/probes/hasRecentCommits/impl.go
@ -23,12 +23,13 @@ import (
 	"github.com/ossf/scorecard/v5/checker"
 	"github.com/ossf/scorecard/v5/finding"
 	"github.com/ossf/scorecard/v5/internal/checknames"
 	"github.com/ossf/scorecard/v5/internal/probes"
 	"github.com/ossf/scorecard/v5/probes/internal/utils/uerror"
 )
 func init() {
-	probes.MustRegister(Probe, Run, []probes.CheckName{probes.Maintained})
+	probes.MustRegister(Probe, Run, []checknames.CheckName{checknames.Maintained})
 }
 //go:embed *.yml
--- a/probes/hasReleaseSBOM/impl.go
+++ b/probes/hasReleaseSBOM/impl.go
@ -21,12 +21,13 @@ import (
 	"github.com/ossf/scorecard/v5/checker"
 	"github.com/ossf/scorecard/v5/finding"
 	"github.com/ossf/scorecard/v5/internal/checknames"
 	"github.com/ossf/scorecard/v5/internal/probes"
 	"github.com/ossf/scorecard/v5/probes/internal/utils/uerror"
 )
 func init() {
-	probes.MustRegister(Probe, Run, []probes.CheckName{probes.SBOM})
+	probes.MustRegister(Probe, Run, []checknames.CheckName{checknames.SBOM})
 }
 //go:embed *.yml
--- a/probes/hasSBOM/impl.go
+++ b/probes/hasSBOM/impl.go
@ -21,12 +21,13 @@ import (
 	"github.com/ossf/scorecard/v5/checker"
 	"github.com/ossf/scorecard/v5/finding"
 	"github.com/ossf/scorecard/v5/internal/checknames"
 	"github.com/ossf/scorecard/v5/internal/probes"
 	"github.com/ossf/scorecard/v5/probes/internal/utils/uerror"
 )
 func init() {
-	probes.MustRegister(Probe, Run, []probes.CheckName{probes.SBOM})
+	probes.MustRegister(Probe, Run, []checknames.CheckName{checknames.SBOM})
 }
 //go:embed *.yml
--- a/probes/hasUnverifiedBinaryArtifacts/impl.go
+++ b/probes/hasUnverifiedBinaryArtifacts/impl.go
@ -21,12 +21,13 @@ import (
 	"github.com/ossf/scorecard/v5/checker"
 	"github.com/ossf/scorecard/v5/finding"
 	"github.com/ossf/scorecard/v5/internal/checknames"
 	"github.com/ossf/scorecard/v5/internal/probes"
 	"github.com/ossf/scorecard/v5/probes/internal/utils/uerror"
 )
 func init() {
-	probes.MustRegister(Probe, Run, []probes.CheckName{probes.BinaryArtifacts})
+	probes.MustRegister(Probe, Run, []checknames.CheckName{checknames.BinaryArtifacts})
 }
 //go:embed *.yml
--- a/probes/issueActivityByProjectMember/impl.go
+++ b/probes/issueActivityByProjectMember/impl.go
@ -24,12 +24,13 @@ import (
 	"github.com/ossf/scorecard/v5/checker"
 	"github.com/ossf/scorecard/v5/clients"
 	"github.com/ossf/scorecard/v5/finding"
 	"github.com/ossf/scorecard/v5/internal/checknames"
 	"github.com/ossf/scorecard/v5/internal/probes"
 	"github.com/ossf/scorecard/v5/probes/internal/utils/uerror"
 )
 func init() {
-	probes.MustRegister(Probe, Run, []probes.CheckName{probes.Maintained})
+	probes.MustRegister(Probe, Run, []checknames.CheckName{checknames.Maintained})
 }
 //go:embed *.yml
--- a/probes/packagedWithAutomatedWorkflow/impl.go
+++ b/probes/packagedWithAutomatedWorkflow/impl.go
@ -21,12 +21,13 @@ import (
 	"github.com/ossf/scorecard/v5/checker"
 	"github.com/ossf/scorecard/v5/finding"
 	"github.com/ossf/scorecard/v5/internal/checknames"
 	"github.com/ossf/scorecard/v5/internal/probes"
 	"github.com/ossf/scorecard/v5/probes/internal/utils/uerror"
 )
 func init() {
-	probes.MustRegister(Probe, Run, []probes.CheckName{probes.Packaging})
+	probes.MustRegister(Probe, Run, []checknames.CheckName{checknames.Packaging})
 }
 //go:embed *.yml
--- a/probes/pinsDependencies/impl.go
+++ b/probes/pinsDependencies/impl.go
@ -23,12 +23,13 @@ import (
 	"github.com/ossf/scorecard/v5/checks/fileparser"
 	sce "github.com/ossf/scorecard/v5/errors"
 	"github.com/ossf/scorecard/v5/finding"
 	"github.com/ossf/scorecard/v5/internal/checknames"
 	"github.com/ossf/scorecard/v5/internal/probes"
 	"github.com/ossf/scorecard/v5/probes/internal/utils/uerror"
 )
 func init() {
-	probes.MustRegister(Probe, Run, []probes.CheckName{probes.PinnedDependencies})
+	probes.MustRegister(Probe, Run, []checknames.CheckName{checknames.PinnedDependencies})
 }
 //go:embed *.yml
--- a/probes/releasesAreSigned/impl.go
+++ b/probes/releasesAreSigned/impl.go
@ -22,12 +22,13 @@ import (
 	"github.com/ossf/scorecard/v5/checker"
 	"github.com/ossf/scorecard/v5/finding"
 	"github.com/ossf/scorecard/v5/internal/checknames"
 	"github.com/ossf/scorecard/v5/internal/probes"
 	"github.com/ossf/scorecard/v5/probes/internal/utils/uerror"
 )
 func init() {
-	probes.MustRegister(Probe, Run, []probes.CheckName{probes.SignedReleases})
+	probes.MustRegister(Probe, Run, []checknames.CheckName{checknames.SignedReleases})
 }
 //go:embed *.yml
--- a/probes/releasesHaveProvenance/impl.go
+++ b/probes/releasesHaveProvenance/impl.go
@ -22,12 +22,13 @@ import (
 	"github.com/ossf/scorecard/v5/checker"
 	"github.com/ossf/scorecard/v5/finding"
 	"github.com/ossf/scorecard/v5/internal/checknames"
 	"github.com/ossf/scorecard/v5/internal/probes"
 	"github.com/ossf/scorecard/v5/probes/internal/utils/uerror"
 )
 func init() {
-	probes.MustRegister(Probe, Run, []probes.CheckName{probes.SignedReleases})
+	probes.MustRegister(Probe, Run, []checknames.CheckName{checknames.SignedReleases})
 }
 //go:embed *.yml
--- a/probes/releasesHaveVerifiedProvenance/impl.go
+++ b/probes/releasesHaveVerifiedProvenance/impl.go
@ -21,11 +21,12 @@ import (
 	"github.com/ossf/scorecard/v5/checker"
 	"github.com/ossf/scorecard/v5/finding"
 	"github.com/ossf/scorecard/v5/internal/checknames"
 	"github.com/ossf/scorecard/v5/internal/probes"
 )
 func init() {
-	probes.MustRegister(Probe, Run, []probes.CheckName{probes.SignedReleases})
+	probes.MustRegister(Probe, Run, []checknames.CheckName{checknames.SignedReleases})
 }
 //go:embed *.yml
--- a/probes/requiresApproversForPullRequests/impl.go
+++ b/probes/requiresApproversForPullRequests/impl.go
@ -23,12 +23,13 @@ import (
 	"github.com/ossf/scorecard/v5/checker"
 	"github.com/ossf/scorecard/v5/finding"
 	"github.com/ossf/scorecard/v5/internal/checknames"
 	"github.com/ossf/scorecard/v5/internal/probes"
 	"github.com/ossf/scorecard/v5/probes/internal/utils/uerror"
 )
 func init() {
-	probes.MustRegister(Probe, Run, []probes.CheckName{probes.BranchProtection})
+	probes.MustRegister(Probe, Run, []checknames.CheckName{checknames.BranchProtection})
 }
 //go:embed *.yml
--- a/probes/requiresCodeOwnersReview/impl.go
+++ b/probes/requiresCodeOwnersReview/impl.go
@ -21,12 +21,13 @@ import (
 	"github.com/ossf/scorecard/v5/checker"
 	"github.com/ossf/scorecard/v5/finding"
 	"github.com/ossf/scorecard/v5/internal/checknames"
 	"github.com/ossf/scorecard/v5/internal/probes"
 	"github.com/ossf/scorecard/v5/probes/internal/utils/uerror"
 )
 func init() {
-	probes.MustRegister(Probe, Run, []probes.CheckName{probes.BranchProtection})
+	probes.MustRegister(Probe, Run, []checknames.CheckName{checknames.BranchProtection})
 }
 //go:embed *.yml
--- a/probes/requiresLastPushApproval/impl.go
+++ b/probes/requiresLastPushApproval/impl.go
@ -21,13 +21,14 @@ import (
 	"github.com/ossf/scorecard/v5/checker"
 	"github.com/ossf/scorecard/v5/finding"
 	"github.com/ossf/scorecard/v5/internal/checknames"
 	"github.com/ossf/scorecard/v5/internal/probes"
 	"github.com/ossf/scorecard/v5/probes/internal/utils/branchprotection"
 	"github.com/ossf/scorecard/v5/probes/internal/utils/uerror"
 )
 func init() {
-	probes.MustRegister(Probe, Run, []probes.CheckName{probes.BranchProtection})
+	probes.MustRegister(Probe, Run, []checknames.CheckName{checknames.BranchProtection})
 }
 //go:embed *.yml
--- a/probes/requiresPRsToChangeCode/impl.go
+++ b/probes/requiresPRsToChangeCode/impl.go
@ -22,12 +22,13 @@ import (
 	"github.com/ossf/scorecard/v5/checker"
 	"github.com/ossf/scorecard/v5/finding"
 	"github.com/ossf/scorecard/v5/internal/checknames"
 	"github.com/ossf/scorecard/v5/internal/probes"
 	"github.com/ossf/scorecard/v5/probes/internal/utils/uerror"
 )
 func init() {
-	probes.MustRegister(Probe, Run, []probes.CheckName{probes.BranchProtection})
+	probes.MustRegister(Probe, Run, []checknames.CheckName{checknames.BranchProtection})
 }
 //go:embed *.yml
--- a/probes/requiresUpToDateBranches/impl.go
+++ b/probes/requiresUpToDateBranches/impl.go
@ -21,13 +21,14 @@ import (
 	"github.com/ossf/scorecard/v5/checker"
 	"github.com/ossf/scorecard/v5/finding"
 	"github.com/ossf/scorecard/v5/internal/checknames"
 	"github.com/ossf/scorecard/v5/internal/probes"
 	"github.com/ossf/scorecard/v5/probes/internal/utils/branchprotection"
 	"github.com/ossf/scorecard/v5/probes/internal/utils/uerror"
 )
 func init() {
-	probes.MustRegister(Probe, Run, []probes.CheckName{probes.BranchProtection})
+	probes.MustRegister(Probe, Run, []checknames.CheckName{checknames.BranchProtection})
 }
 //go:embed *.yml
--- a/probes/runsStatusChecksBeforeMerging/impl.go
+++ b/probes/runsStatusChecksBeforeMerging/impl.go
@ -21,12 +21,13 @@ import (
 	"github.com/ossf/scorecard/v5/checker"
 	"github.com/ossf/scorecard/v5/finding"
 	"github.com/ossf/scorecard/v5/internal/checknames"
 	"github.com/ossf/scorecard/v5/internal/probes"
 	"github.com/ossf/scorecard/v5/probes/internal/utils/uerror"
 )
 func init() {
-	probes.MustRegister(Probe, Run, []probes.CheckName{probes.BranchProtection})
+	probes.MustRegister(Probe, Run, []checknames.CheckName{checknames.BranchProtection})
 }
 //go:embed *.yml
--- a/probes/sastToolConfigured/impl.go
+++ b/probes/sastToolConfigured/impl.go
@ -21,12 +21,13 @@ import (
 	"github.com/ossf/scorecard/v5/checker"
 	"github.com/ossf/scorecard/v5/finding"
 	"github.com/ossf/scorecard/v5/internal/checknames"
 	"github.com/ossf/scorecard/v5/internal/probes"
 	"github.com/ossf/scorecard/v5/probes/internal/utils/uerror"
 )
 func init() {
-	probes.MustRegister(Probe, Run, []probes.CheckName{probes.SAST})
+	probes.MustRegister(Probe, Run, []checknames.CheckName{checknames.SAST})
 }
 //go:embed *.yml
--- a/probes/sastToolRunsOnAllCommits/impl.go
+++ b/probes/sastToolRunsOnAllCommits/impl.go
@ -22,12 +22,13 @@ import (
 	"github.com/ossf/scorecard/v5/checker"
 	"github.com/ossf/scorecard/v5/finding"
 	"github.com/ossf/scorecard/v5/internal/checknames"
 	"github.com/ossf/scorecard/v5/internal/probes"
 	"github.com/ossf/scorecard/v5/probes/internal/utils/uerror"
 )
 func init() {
-	probes.MustRegister(Probe, Run, []probes.CheckName{probes.SAST})
+	probes.MustRegister(Probe, Run, []checknames.CheckName{checknames.SAST})
 }
 //go:embed *.yml
--- a/probes/securityPolicyContainsLinks/impl.go
+++ b/probes/securityPolicyContainsLinks/impl.go
@ -21,13 +21,14 @@ import (
 	"github.com/ossf/scorecard/v5/checker"
 	"github.com/ossf/scorecard/v5/finding"
 	"github.com/ossf/scorecard/v5/internal/checknames"
 	"github.com/ossf/scorecard/v5/internal/probes"
 	"github.com/ossf/scorecard/v5/probes/internal/utils/secpolicy"
 	"github.com/ossf/scorecard/v5/probes/internal/utils/uerror"
 )
 func init() {
-	probes.MustRegister(Probe, Run, []probes.CheckName{probes.SecurityPolicy})
+	probes.MustRegister(Probe, Run, []checknames.CheckName{checknames.SecurityPolicy})
 }
 //go:embed *.yml
--- a/probes/securityPolicyContainsText/impl.go
+++ b/probes/securityPolicyContainsText/impl.go
@ -21,13 +21,14 @@ import (
 	"github.com/ossf/scorecard/v5/checker"
 	"github.com/ossf/scorecard/v5/finding"
 	"github.com/ossf/scorecard/v5/internal/checknames"
 	"github.com/ossf/scorecard/v5/internal/probes"
 	"github.com/ossf/scorecard/v5/probes/internal/utils/secpolicy"
 	"github.com/ossf/scorecard/v5/probes/internal/utils/uerror"
 )
 func init() {
-	probes.MustRegister(Probe, Run, []probes.CheckName{probes.SecurityPolicy})
+	probes.MustRegister(Probe, Run, []checknames.CheckName{checknames.SecurityPolicy})
 }
 //go:embed *.yml
--- a/probes/securityPolicyContainsVulnerabilityDisclosure/impl.go
+++ b/probes/securityPolicyContainsVulnerabilityDisclosure/impl.go
@ -21,13 +21,14 @@ import (
 	"github.com/ossf/scorecard/v5/checker"
 	"github.com/ossf/scorecard/v5/finding"
 	"github.com/ossf/scorecard/v5/internal/checknames"
 	"github.com/ossf/scorecard/v5/internal/probes"
 	"github.com/ossf/scorecard/v5/probes/internal/utils/secpolicy"
 	"github.com/ossf/scorecard/v5/probes/internal/utils/uerror"
 )
 func init() {
-	probes.MustRegister(Probe, Run, []probes.CheckName{probes.SecurityPolicy})
+	probes.MustRegister(Probe, Run, []checknames.CheckName{checknames.SecurityPolicy})
 }
 //go:embed *.yml
--- a/probes/securityPolicyPresent/impl.go
+++ b/probes/securityPolicyPresent/impl.go
@ -21,12 +21,13 @@ import (
 	"github.com/ossf/scorecard/v5/checker"
 	"github.com/ossf/scorecard/v5/finding"
 	"github.com/ossf/scorecard/v5/internal/checknames"
 	"github.com/ossf/scorecard/v5/internal/probes"
 	"github.com/ossf/scorecard/v5/probes/internal/utils/uerror"
 )
 func init() {
-	probes.MustRegister(Probe, Run, []probes.CheckName{probes.SecurityPolicy})
+	probes.MustRegister(Probe, Run, []checknames.CheckName{checknames.SecurityPolicy})
 }
 //go:embed *.yml
--- a/probes/testsRunInCI/impl.go
+++ b/probes/testsRunInCI/impl.go
@ -22,12 +22,13 @@ import (
 	"github.com/ossf/scorecard/v5/checker"
 	"github.com/ossf/scorecard/v5/finding"
 	"github.com/ossf/scorecard/v5/internal/checknames"
 	"github.com/ossf/scorecard/v5/internal/probes"
 	"github.com/ossf/scorecard/v5/probes/internal/utils/uerror"
 )
 func init() {
-	probes.MustRegister(Probe, Run, []probes.CheckName{probes.CITests})
+	probes.MustRegister(Probe, Run, []checknames.CheckName{checknames.CITests})
 }
 //go:embed *.yml
--- a/probes/webhooksUseSecrets/impl.go
+++ b/probes/webhooksUseSecrets/impl.go
@ -21,12 +21,13 @@ import (
 	"github.com/ossf/scorecard/v5/checker"
 	"github.com/ossf/scorecard/v5/finding"
 	"github.com/ossf/scorecard/v5/internal/checknames"
 	"github.com/ossf/scorecard/v5/internal/probes"
 	"github.com/ossf/scorecard/v5/probes/internal/utils/uerror"
 )
 func init() {
-	probes.MustRegister(Probe, Run, []probes.CheckName{probes.Webhooks})
+	probes.MustRegister(Probe, Run, []checknames.CheckName{checknames.Webhooks})
 }
 //go:embed *.yml