mirror of
https://github.com/ossf/scorecard.git
synced 2024-09-17 11:57:12 +03:00
Add a Dockerfile and k8s cron job to upload files to GCS each night. (#59)
This commit is contained in:
parent
6fc2ee6fd2
commit
ef19bdf032
22
Dockerfile
Normal file
22
Dockerfile
Normal file
@ -0,0 +1,22 @@
|
||||
# Copyright 2020 Security Scorecard Authors
|
||||
#
|
||||
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||
# you may not use this file except in compliance with the License.
|
||||
# You may obtain a copy of the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS,
|
||||
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
# See the License for the specific language governing permissions and
|
||||
# limitations under the License.
|
||||
FROM golang
|
||||
COPY . /go/src/github.com/ossf/scorecard
|
||||
WORKDIR /go/src/github.com/ossf/scorecard
|
||||
RUN [ "go", "build", "."]
|
||||
|
||||
FROM gcr.io/cloud-builders/gsutil
|
||||
WORKDIR /go/src/github.com/ossf/scorecard
|
||||
COPY --from=0 /go/src/github.com/ossf/scorecard /go/src/github.com/ossf/scorecard
|
||||
ENTRYPOINT [ "./cron/cron.sh" ]
|
16
README.md
16
README.md
@ -11,6 +11,22 @@ A short motivational video clip to inspire us: https://youtu.be/rDMMYT3vkTk "You
|
||||
|
||||
1. Use this data to proactively improve the security posture of the critical projects the world depends on.
|
||||
|
||||
## Public Data
|
||||
|
||||
If you're only interested in seeing the results over time, we run this program nightly and publish the results in
|
||||
`csv` format.
|
||||
|
||||
This data is available on Google Cloud Storage and can be downloaded via the `gsutil` command-line tool.
|
||||
|
||||
```shell
|
||||
$ gsutil ls gs://ossf-scorecards/
|
||||
gs://ossf-scorecards/11-11-2020.csv
|
||||
...
|
||||
```
|
||||
|
||||
The list of projects that are checked each night is available in the `cron/projects.txt` file in this repository.
|
||||
If you would like us to track more, please feel free to send a Pull Request with others.
|
||||
|
||||
## Usage
|
||||
|
||||
The program only requires one argument to run, the name of the repo:
|
||||
|
17
cron/cron.sh
17
cron/cron.sh
@ -1,4 +1,17 @@
|
||||
#!/bin/bash
|
||||
# Copyright 2020 Security Scorecard Authors
|
||||
#
|
||||
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||
# you may not use this file except in compliance with the License.
|
||||
# You may obtain a copy of the License at
|
||||
#
|
||||
# http:#www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS,
|
||||
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
# See the License for the specific language governing permissions and
|
||||
# limitations under the License.
|
||||
|
||||
SOURCE="${BASH_SOURCE[0]}"
|
||||
input=$(dirname $SOURCE)/projects.txt
|
||||
@ -7,5 +20,7 @@ touch $output
|
||||
while read -r line
|
||||
do
|
||||
echo $line
|
||||
go run . --repo=$line --format=csv 2>/dev/null >> $output
|
||||
./scorecard --repo=$line --format=csv >> $output
|
||||
done < "$input"
|
||||
|
||||
gsutil cp $output gs://$GCS_BUCKET
|
||||
|
@ -1,2 +1,29 @@
|
||||
github.com/ossf/scorecard
|
||||
github.com/torvalds/linux
|
||||
github.com/raspberrypi/linux
|
||||
github.com/rust-lang/rust
|
||||
github.com/kubernetes/kubernetes
|
||||
github.com/nodejs/node
|
||||
github.com/tensorflow/tensorflow
|
||||
github.com/git/git
|
||||
github.com/ansible/ansible
|
||||
github.com/gatsbyjs/gatsby
|
||||
github.com/php/php-src
|
||||
github.com/ceph/ceph
|
||||
github.com/pytorch/pytorch
|
||||
github.com/elastic/elasticsearch
|
||||
github.com/facebook/react
|
||||
github.com/openssl/openssl
|
||||
github.com/saltstack/salt
|
||||
github.com/golang/go
|
||||
github.com/mrdoob/three.js
|
||||
github.com/bitcoin/bitcoin
|
||||
github.com/home-assistant/core
|
||||
github.com/pandas-dev/pandas
|
||||
github.com/helm/charts
|
||||
github.com/electron/electron
|
||||
github.com/twbs/bootstrap
|
||||
github.com/servo/servo
|
||||
github.com/scikit-learn/scikit-learn
|
||||
github.com/numpy/numpy
|
||||
github.com/babel/babel
|
||||
github.com/cockroachdb/cockroach
|
||||
|
28
k8s/cron.yaml
Normal file
28
k8s/cron.yaml
Normal file
@ -0,0 +1,28 @@
|
||||
apiVersion: batch/v1beta1
|
||||
kind: CronJob
|
||||
metadata:
|
||||
name: daily-score
|
||||
spec:
|
||||
schedule: "0 8 * * *"
|
||||
jobTemplate:
|
||||
spec:
|
||||
template:
|
||||
spec:
|
||||
containers:
|
||||
- name: run-score
|
||||
image: gcr.io/openssf/cron:latest
|
||||
imagePullPolicy: Always
|
||||
args:
|
||||
- /bin/sh
|
||||
- -c
|
||||
- /cron/cron.sh
|
||||
env:
|
||||
- name: GITHUB_AUTH_TOKEN
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: github
|
||||
key: token
|
||||
- name: GCS_BUCKET
|
||||
value: ossf-scorecards
|
||||
|
||||
restartPolicy: OnFailure
|
Loading…
Reference in New Issue
Block a user