diff --git a/README.md b/README.md index ec04bf1c..753b7550 100644 --- a/README.md +++ b/README.md @@ -16,6 +16,7 @@ The program only requires one argument to run, the name of the repo: ```shell $ go build $ ./scorecard --repo=github.com/kubernetes/kubernetes +Starting [Active] Starting [CI-Tests] Starting [CII-Best-Practices] Starting [Code-Review] @@ -27,28 +28,30 @@ Starting [Security-Policy] Starting [Signed-Releases] Starting [Signed-Tags] Finished [Fuzzing] -Finished [CII-Best-Practices] Finished [Frozen-Deps] +Finished [CII-Best-Practices] Finished [Security-Policy] Finished [Contributors] Finished [Signed-Releases] Finished [Signed-Tags] Finished [CI-Tests] Finished [Code-Review] +Finished [Active] Finished [Pull-Requests] RESULTS ------- -CI-Tests pass 10 -CII-Best-Practices pass 10 -Code-Review pass 10 -Contributors pass 10 -Frozen-Deps pass 10 -Fuzzing pass 10 -Pull-Requests pass 9 -Security-Policy pass 10 -Signed-Releases fail 10 -Signed-Tags fail 5 +Active: Pass 10 +CI-Tests: Pass 10 +CII-Best-Practices: Pass 10 +Code-Review: Pass 10 +Contributors: Pass 10 +Frozen-Deps: Pass 10 +Fuzzing: Pass 10 +Pull-Requests: Pass 10 +Security-Policy: Pass 10 +Signed-Releases: Fail 10 +Signed-Tags: Fail 5 ``` It is recommended to use an OAuth token to avoid rate limits. @@ -91,7 +94,7 @@ and then create a new GitHub Issue. ## Results -Each check returns a pass/fail decision, as well as a confidence score between 0 and 10. +Each check returns a Pass/Fail decision, as well as a confidence score between 0 and 10. A confidence of 0 should indicate the check was unable to achieve any real signal, and the result should be ignored. A confidence of 10 indicates the check is completely sure of the result. diff --git a/checks/active.go b/checks/active.go index 8eff05db..15c9f4b3 100644 --- a/checks/active.go +++ b/checks/active.go @@ -27,7 +27,7 @@ func PeriodicCommits(c checker.Checker) checker.CheckResult { } tz, _ := time.LoadLocation("UTC") - threshold := time.Now().In(tz).AddDate(0, 0, -1 * lookbackDays) + threshold := time.Now().In(tz).AddDate(0, 0, -1*lookbackDays) totalCommits := 0 for _, commit := range commits { commitFull, _, err := c.Client.Git.GetCommit(c.Ctx, c.Owner, c.Repo, commit.GetSHA()) @@ -52,7 +52,7 @@ func PeriodicReleases(c checker.Checker) checker.CheckResult { } tz, _ := time.LoadLocation("UTC") - threshold := time.Now().In(tz).AddDate(0, 0, -1 * lookbackDays) + threshold := time.Now().In(tz).AddDate(0, 0, -1*lookbackDays) totalReleases := 0 for _, r := range releases { if r.GetCreatedAt().After(threshold) { @@ -65,6 +65,3 @@ func PeriodicReleases(c checker.Checker) checker.CheckResult { Confidence: 10, } } - - - diff --git a/checks/frozen_deps.go b/checks/frozen_deps.go index 2cd4ffa8..f9dba249 100644 --- a/checks/frozen_deps.go +++ b/checks/frozen_deps.go @@ -66,7 +66,7 @@ func FrozenDeps(c checker.Checker) checker.CheckResult { case "package-lock.json": c.Logf("nodejs packages found: %s", name) return passResult - case "requirements.txt": + case "requirements.txt", "pipfile.lock": c.Logf("python requirements found: %s", name) return passResult case "gemfile.lock": diff --git a/cmd/flag.go b/cmd/flag.go index 377f33d4..2707f589 100644 --- a/cmd/flag.go +++ b/cmd/flag.go @@ -3,6 +3,7 @@ package cmd import ( "fmt" "log" + "regexp" "strings" ) @@ -19,6 +20,8 @@ func (r *repoFlag) Type() string { } func (r *repoFlag) Set(s string) error { + rgx, _ := regexp.Compile("^https?://") + s = rgx.ReplaceAllString(s, "") split := strings.SplitN(s, "/", 3) if len(split) != 3 { log.Fatalf("invalid repo flag: [%s], pass the full repository URL", s) diff --git a/cmd/root.go b/cmd/root.go index 8d108a39..6323ae1c 100644 --- a/cmd/root.go +++ b/cmd/root.go @@ -27,9 +27,9 @@ var ( ) var rootCmd = &cobra.Command{ - Use: "scorecard", - Short: "Security scorecards!", - Long: `A scorecard program!`, + Use: "./scorecard --repo= [--checks=check1,...]", + Short: "Open Source Scorecards", + Long: "A program that shows scorecard for an open source software.", Run: func(cmd *cobra.Command, args []string) { cfg := zap.NewProductionConfig() cfg.Level.SetLevel(*logLevel) @@ -99,7 +99,7 @@ var rootCmd = &cobra.Command{ fmt.Println("RESULTS") fmt.Println("-------") for _, r := range results { - fmt.Println(r.name, displayResult(r.cr.Pass), r.cr.Confidence) + fmt.Println(r.name+":", displayResult(r.cr.Pass), r.cr.Confidence) } }, } @@ -130,9 +130,9 @@ func stringInListOrEmpty(s string, list []string) bool { func displayResult(result bool) string { if result { - return "pass" + return "Pass" } else { - return "fail" + return "Fail" } }