mirror of
https://github.com/ossf/scorecard.git
synced 2024-11-05 05:17:00 +03:00
Abhishek Arya
GitHub
commit
f6fab3abcd
27
README.md
27
README.md
@ -16,6 +16,7 @@ The program only requires one argument to run, the name of the repo:
|
|||||||
```shell
|
```shell
|
||||||
$ go build
|
$ go build
|
||||||
$ ./scorecard --repo=github.com/kubernetes/kubernetes
|
$ ./scorecard --repo=github.com/kubernetes/kubernetes
|
||||||
|
Starting [Active]
|
||||||
Starting [CI-Tests]
|
Starting [CI-Tests]
|
||||||
Starting [CII-Best-Practices]
|
Starting [CII-Best-Practices]
|
||||||
Starting [Code-Review]
|
Starting [Code-Review]
|
||||||
@ -27,28 +28,30 @@ Starting [Security-Policy]
|
|||||||
Starting [Signed-Releases]
|
Starting [Signed-Releases]
|
||||||
Starting [Signed-Tags]
|
Starting [Signed-Tags]
|
||||||
Finished [Fuzzing]
|
Finished [Fuzzing]
|
||||||
Finished [CII-Best-Practices]
|
|
||||||
Finished [Frozen-Deps]
|
Finished [Frozen-Deps]
|
||||||
|
Finished [CII-Best-Practices]
|
||||||
Finished [Security-Policy]
|
Finished [Security-Policy]
|
||||||
Finished [Contributors]
|
Finished [Contributors]
|
||||||
Finished [Signed-Releases]
|
Finished [Signed-Releases]
|
||||||
Finished [Signed-Tags]
|
Finished [Signed-Tags]
|
||||||
Finished [CI-Tests]
|
Finished [CI-Tests]
|
||||||
Finished [Code-Review]
|
Finished [Code-Review]
|
||||||
|
Finished [Active]
|
||||||
Finished [Pull-Requests]
|
Finished [Pull-Requests]
|
||||||
|
|
||||||
RESULTS
|
RESULTS
|
||||||
-------
|
-------
|
||||||
CI-Tests pass 10
|
Active: Pass 10
|
||||||
CII-Best-Practices pass 10
|
CI-Tests: Pass 10
|
||||||
Code-Review pass 10
|
CII-Best-Practices: Pass 10
|
||||||
Contributors pass 10
|
Code-Review: Pass 10
|
||||||
Frozen-Deps pass 10
|
Contributors: Pass 10
|
||||||
Fuzzing pass 10
|
Frozen-Deps: Pass 10
|
||||||
Pull-Requests pass 9
|
Fuzzing: Pass 10
|
||||||
Security-Policy pass 10
|
Pull-Requests: Pass 10
|
||||||
Signed-Releases fail 10
|
Security-Policy: Pass 10
|
||||||
Signed-Tags fail 5
|
Signed-Releases: Fail 10
|
||||||
|
Signed-Tags: Fail 5
|
||||||
```
|
```
|
||||||
|
|
||||||
It is recommended to use an OAuth token to avoid rate limits.
|
It is recommended to use an OAuth token to avoid rate limits.
|
||||||
@ -91,7 +94,7 @@ and then create a new GitHub Issue.
|
|||||||
|
|
||||||
## Results
|
## Results
|
||||||
|
|
||||||
Each check returns a pass/fail decision, as well as a confidence score between 0 and 10.
|
Each check returns a Pass/Fail decision, as well as a confidence score between 0 and 10.
|
||||||
A confidence of 0 should indicate the check was unable to achieve any real signal, and the result
|
A confidence of 0 should indicate the check was unable to achieve any real signal, and the result
|
||||||
should be ignored.
|
should be ignored.
|
||||||
A confidence of 10 indicates the check is completely sure of the result.
|
A confidence of 10 indicates the check is completely sure of the result.
|
||||||
|
|||||||
@ -27,7 +27,7 @@ func PeriodicCommits(c checker.Checker) checker.CheckResult {
|
|||||||
}
|
}
|
||||||
|
|
||||||
tz, _ := time.LoadLocation("UTC")
|
tz, _ := time.LoadLocation("UTC")
|
||||||
threshold := time.Now().In(tz).AddDate(0, 0, -1 * lookbackDays)
|
threshold := time.Now().In(tz).AddDate(0, 0, -1*lookbackDays)
|
||||||
totalCommits := 0
|
totalCommits := 0
|
||||||
for _, commit := range commits {
|
for _, commit := range commits {
|
||||||
commitFull, _, err := c.Client.Git.GetCommit(c.Ctx, c.Owner, c.Repo, commit.GetSHA())
|
commitFull, _, err := c.Client.Git.GetCommit(c.Ctx, c.Owner, c.Repo, commit.GetSHA())
|
||||||
@ -52,7 +52,7 @@ func PeriodicReleases(c checker.Checker) checker.CheckResult {
|
|||||||
}
|
}
|
||||||
|
|
||||||
tz, _ := time.LoadLocation("UTC")
|
tz, _ := time.LoadLocation("UTC")
|
||||||
threshold := time.Now().In(tz).AddDate(0, 0, -1 * lookbackDays)
|
threshold := time.Now().In(tz).AddDate(0, 0, -1*lookbackDays)
|
||||||
totalReleases := 0
|
totalReleases := 0
|
||||||
for _, r := range releases {
|
for _, r := range releases {
|
||||||
if r.GetCreatedAt().After(threshold) {
|
if r.GetCreatedAt().After(threshold) {
|
||||||
@ -65,6 +65,3 @@ func PeriodicReleases(c checker.Checker) checker.CheckResult {
|
|||||||
Confidence: 10,
|
Confidence: 10,
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|||||||
@ -66,7 +66,7 @@ func FrozenDeps(c checker.Checker) checker.CheckResult {
|
|||||||
case "package-lock.json":
|
case "package-lock.json":
|
||||||
c.Logf("nodejs packages found: %s", name)
|
c.Logf("nodejs packages found: %s", name)
|
||||||
return passResult
|
return passResult
|
||||||
case "requirements.txt":
|
case "requirements.txt", "pipfile.lock":
|
||||||
c.Logf("python requirements found: %s", name)
|
c.Logf("python requirements found: %s", name)
|
||||||
return passResult
|
return passResult
|
||||||
case "gemfile.lock":
|
case "gemfile.lock":
|
||||||
|
|||||||
@ -3,6 +3,7 @@ package cmd
|
|||||||
import (
|
import (
|
||||||
"fmt"
|
"fmt"
|
||||||
"log"
|
"log"
|
||||||
|
"regexp"
|
||||||
"strings"
|
"strings"
|
||||||
)
|
)
|
||||||
|
|
||||||
@ -19,6 +20,8 @@ func (r *repoFlag) Type() string {
|
|||||||
}
|
}
|
||||||
|
|
||||||
func (r *repoFlag) Set(s string) error {
|
func (r *repoFlag) Set(s string) error {
|
||||||
|
rgx, _ := regexp.Compile("^https?://")
|
||||||
|
s = rgx.ReplaceAllString(s, "")
|
||||||
split := strings.SplitN(s, "/", 3)
|
split := strings.SplitN(s, "/", 3)
|
||||||
if len(split) != 3 {
|
if len(split) != 3 {
|
||||||
log.Fatalf("invalid repo flag: [%s], pass the full repository URL", s)
|
log.Fatalf("invalid repo flag: [%s], pass the full repository URL", s)
|
||||||
|
|||||||
12
cmd/root.go
12
cmd/root.go
@ -27,9 +27,9 @@ var (
|
|||||||
)
|
)
|
||||||
|
|
||||||
var rootCmd = &cobra.Command{
|
var rootCmd = &cobra.Command{
|
||||||
Use: "scorecard",
|
Use: "./scorecard --repo=<repo_url> [--checks=check1,...]",
|
||||||
Short: "Security scorecards!",
|
Short: "Open Source Scorecards",
|
||||||
Long: `A scorecard program!`,
|
Long: "A program that shows scorecard for an open source software.",
|
||||||
Run: func(cmd *cobra.Command, args []string) {
|
Run: func(cmd *cobra.Command, args []string) {
|
||||||
cfg := zap.NewProductionConfig()
|
cfg := zap.NewProductionConfig()
|
||||||
cfg.Level.SetLevel(*logLevel)
|
cfg.Level.SetLevel(*logLevel)
|
||||||
@ -99,7 +99,7 @@ var rootCmd = &cobra.Command{
|
|||||||
fmt.Println("RESULTS")
|
fmt.Println("RESULTS")
|
||||||
fmt.Println("-------")
|
fmt.Println("-------")
|
||||||
for _, r := range results {
|
for _, r := range results {
|
||||||
fmt.Println(r.name, displayResult(r.cr.Pass), r.cr.Confidence)
|
fmt.Println(r.name+":", displayResult(r.cr.Pass), r.cr.Confidence)
|
||||||
}
|
}
|
||||||
},
|
},
|
||||||
}
|
}
|
||||||
@ -130,9 +130,9 @@ func stringInListOrEmpty(s string, list []string) bool {
|
|||||||
|
|
||||||
func displayResult(result bool) string {
|
func displayResult(result bool) string {
|
||||||
if result {
|
if result {
|
||||||
return "pass"
|
return "Pass"
|
||||||
} else {
|
} else {
|
||||||
return "fail"
|
return "Fail"
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user