ossf/scorecard
1
1
Fork 0
mirror of https://github.com/ossf/scorecard.git synced 2024-11-05 05:17:00 +03:00
Code Issues Actions 6 Packages Projects Releases Wiki Activity

Merge pull request #25 from dlorenc/a11

Browse Source 
Minor fixes.
This commit is contained in:
Abhishek Arya 2020-10-19 08:41:26 -07:00 committed by GitHub
commit f6fab3abcd
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
5 changed files with 27 additions and 24 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

27
README.md
View File

@ -16,6 +16,7 @@ The program only requires one argument to run, the name of the repo:
```shell ```shell
$ go build $ go build
$ ./scorecard --repo=github.com/kubernetes/kubernetes $ ./scorecard --repo=github.com/kubernetes/kubernetes
Starting [Active]
Starting [CI-Tests] Starting [CI-Tests]
Starting [CII-Best-Practices] Starting [CII-Best-Practices]
Starting [Code-Review] Starting [Code-Review]
@ -27,28 +28,30 @@ Starting [Security-Policy]
Starting [Signed-Releases] Starting [Signed-Releases]
Starting [Signed-Tags] Starting [Signed-Tags]
Finished [Fuzzing] Finished [Fuzzing]
Finished [CII-Best-Practices]
Finished [Frozen-Deps] Finished [Frozen-Deps]
Finished [CII-Best-Practices]
Finished [Security-Policy] Finished [Security-Policy]
Finished [Contributors] Finished [Contributors]
Finished [Signed-Releases] Finished [Signed-Releases]
Finished [Signed-Tags] Finished [Signed-Tags]
Finished [CI-Tests] Finished [CI-Tests]
Finished [Code-Review] Finished [Code-Review]
Finished [Active]
Finished [Pull-Requests] Finished [Pull-Requests]
RESULTS RESULTS
------- -------
CI-Tests pass 10 Active: Pass 10
CII-Best-Practices pass 10 CI-Tests: Pass 10
Code-Review pass 10 CII-Best-Practices: Pass 10
Contributors pass 10 Code-Review: Pass 10
Frozen-Deps pass 10 Contributors: Pass 10
Fuzzing pass 10 Frozen-Deps: Pass 10
Pull-Requests pass 9 Fuzzing: Pass 10
Security-Policy pass 10 Pull-Requests: Pass 10
Signed-Releases fail 10 Security-Policy: Pass 10
Signed-Tags fail 5 Signed-Releases: Fail 10
Signed-Tags: Fail 5
``` ```
It is recommended to use an OAuth token to avoid rate limits. It is recommended to use an OAuth token to avoid rate limits.
@ -91,7 +94,7 @@ and then create a new GitHub Issue.
## Results ## Results
Each check returns a pass/fail decision, as well as a confidence score between 0 and 10. Each check returns a Pass/Fail decision, as well as a confidence score between 0 and 10.
A confidence of 0 should indicate the check was unable to achieve any real signal, and the result A confidence of 0 should indicate the check was unable to achieve any real signal, and the result
should be ignored. should be ignored.
A confidence of 10 indicates the check is completely sure of the result. A confidence of 10 indicates the check is completely sure of the result.

3
checks/active.go
View File

@ -65,6 +65,3 @@ func PeriodicReleases(c checker.Checker) checker.CheckResult {
Confidence: 10, Confidence: 10,
} }
} }

2
checks/frozen_deps.go
View File

@ -66,7 +66,7 @@ func FrozenDeps(c checker.Checker) checker.CheckResult {
case "package-lock.json": case "package-lock.json":
c.Logf("nodejs packages found: %s", name) c.Logf("nodejs packages found: %s", name)
return passResult return passResult
case "requirements.txt": case "requirements.txt", "pipfile.lock":
c.Logf("python requirements found: %s", name) c.Logf("python requirements found: %s", name)
return passResult return passResult
case "gemfile.lock": case "gemfile.lock":

3
cmd/flag.go
View File

@ -3,6 +3,7 @@ package cmd
import ( import (
"fmt" "fmt"
"log" "log"
"regexp"
"strings" "strings"
) )
@ -19,6 +20,8 @@ func (r *repoFlag) Type() string {
} }
func (r *repoFlag) Set(s string) error { func (r *repoFlag) Set(s string) error {
rgx, _ := regexp.Compile("^https?://")
s = rgx.ReplaceAllString(s, "")
split := strings.SplitN(s, "/", 3) split := strings.SplitN(s, "/", 3)
if len(split) != 3 { if len(split) != 3 {
log.Fatalf("invalid repo flag: [%s], pass the full repository URL", s) log.Fatalf("invalid repo flag: [%s], pass the full repository URL", s)

12
cmd/root.go
View File

@ -27,9 +27,9 @@ var (
) )
var rootCmd = &cobra.Command{ var rootCmd = &cobra.Command{
Use: "scorecard", Use: "./scorecard --repo=<repo_url> [--checks=check1,...]",
Short: "Security scorecards!", Short: "Open Source Scorecards",
Long: `A scorecard program!`, Long: "A program that shows scorecard for an open source software.",
Run: func(cmd *cobra.Command, args []string) { Run: func(cmd *cobra.Command, args []string) {
cfg := zap.NewProductionConfig() cfg := zap.NewProductionConfig()
cfg.Level.SetLevel(*logLevel) cfg.Level.SetLevel(*logLevel)
@ -99,7 +99,7 @@ var rootCmd = &cobra.Command{
fmt.Println("RESULTS") fmt.Println("RESULTS")
fmt.Println("-------") fmt.Println("-------")
for _, r := range results { for _, r := range results {
fmt.Println(r.name, displayResult(r.cr.Pass), r.cr.Confidence) fmt.Println(r.name+":", displayResult(r.cr.Pass), r.cr.Confidence)
} }
}, },
} }
@ -130,9 +130,9 @@ func stringInListOrEmpty(s string, list []string) bool {
func displayResult(result bool) string { func displayResult(result bool) string {
if result { if result {
return "pass" return "Pass"
} else { } else {
return "fail" return "Fail"
} }
} }