ossf/scorecard
1
1
Fork 0
mirror of https://github.com/ossf/scorecard.git synced 2024-08-16 11:50:37 +03:00
Code Issues Actions 1 Packages Projects Releases Wiki Activity
2,727 Commits 34 Branches 42 Tags 433 MiB
main
Commit Graph

130 Commits

Author SHA1 Message Date
Azeem Shaikh
de0cfbec9a Add a validation step for goreleaser 2021-11-23 13:08:26 -06:00
Azeem Shaikh
9878c4e61e
Randomize the repos tested during release test (#1299) 
Co-authored-by: Azeem Shaikh <azeems@google.com>
 2021-11-18 17:04:07 +00:00
Azeem Shaikh
71e8698617
Add a cron job to copy CII badges data (#1278) 
Co-authored-by: Azeem Shaikh <azeems@google.com>
 2021-11-16 04:23:00 +00:00
Azeem Shaikh
6223b6620a
Add CIIClient interface (#1262) 
Co-authored-by: Azeem Shaikh <azeems@google.com>
 2021-11-15 02:46:41 +00:00
Chris McGehee
16cd53de44 make install was not installing to GOPATH 2021-11-14 11:57:18 -06:00
Azeem Shaikh
51de6b6e5d
Check for issue activity in Maintained (#1251) 
Co-authored-by: Azeem Shaikh <azeems@google.com>
 2021-11-12 22:16:22 +00:00
Azeem Shaikh
c8d2a51375
Ignore nil values in Branch-Protection check (#1243) 
Co-authored-by: Azeem Shaikh <azeems@google.com>
 2021-11-12 19:11:06 +00:00
laurentsimon
ae271b4513
🐛 Validate doc on pre-submit (#1235) 
* validate doc on pre-submit

* typo
 2021-11-10 16:56:44 +00:00
Naveen
4ee366eb0f
🌱 Move docker build checks to ko (#1214) 
Move the docker builds checks to ko
 2021-11-08 15:55:58 +00:00
Azeem Shaikh
83649a799e
Remove repos package (#1191) 
Co-authored-by: Azeem Shaikh <azeems@google.com>
 2021-10-29 16:07:46 +00:00
Azeem Shaikh
c73c5628ea
Fix GitHub workflows failing (#1172) 
Co-authored-by: Azeem Shaikh <azeems@google.com>
Co-authored-by: laurentsimon <64505099+laurentsimon@users.noreply.github.com>
 2021-10-28 18:42:55 +00:00
Batuhan Apaydın
6f1a43a0b6
🌱 add google/ko support for building/pusing container image (#1127) 
* feat: add google/ko support for building/pusing container image

Signed-off-by: Batuhan Apaydın <batuhan.apaydin@trendyol.com>

* feat: updates according to reviews

Signed-off-by: Batuhan Apaydın <batuhan.apaydin@trendyol.com>
 2021-10-26 17:22:22 +00:00
naveen
311d2e2e42 🌱 Reproducible builds with static binary 
Changes to goreleaser to have static binaries and reproducible builds.
 2021-10-25 15:58:47 -05:00
laurentsimon
950e0e3d2d
Add support for file-based repo URIs (#1113) 
* draft

* draft

* docker file

* error

* fix

* fix

* fixa

* bug

* comments

* missing merge

* fix

* fix rebase

* merge issue

* fix

* validate format early

* fix

* fix2

* comments

* fix
 2021-10-21 20:08:56 +00:00
Azeem Shaikh
66f864022c
Add GitHub token server (#1132) 
Co-authored-by: Azeem Shaikh <azeems@google.com>
 2021-10-15 03:03:51 +00:00
naveen
7ca5061efc 🌱 Remove OSV ignores 
The checks for OSV ignored a few OSV. These have been fixed and removing
them from the ignore list.
 2021-10-04 16:19:14 -05:00
Naveen
6c537537ab
🌱 Reproducible go builds (#1083) 2021-09-28 22:02:58 +00:00
Azeem Shaikh
3cbe7b26f7
Consistent -ldflags across go build (#1070) 
Co-authored-by: Azeem Shaikh <azeems@google.com>
 2021-09-27 14:42:39 -05:00
Naveen
91eb41e235
🌱 Check for OSV for a go.mod changes (#1053) 
At present we don't have a way to identify any new dependencies to go.mod that have osv/cve.
With this it will query the osv.dev for any vulnerabilities and report if it found any.

It also has an option to ignore any vulnerabilities if we chose to ignore.

This is ignoring 3 osv that are in our dependencies.
 2021-09-22 20:41:56 +00:00
laurentsimon
6fb92a3df5
add version for cron (#1011) 2021-09-14 15:00:32 +00:00
Azeem Shaikh
1cb8c06001
Bug in Makefile generate-docs (#996) 
Co-authored-by: Azeem Shaikh <azeems@google.com>
 2021-09-10 15:26:27 +00:00
laurentsimon
870db56814
Cleanup documentation code (#981) 
* draft 1

* unit tests

* fix

* fixes

* fix

* mod

* comments

* fixes

* rename

* fix

* linter
 2021-09-09 22:09:39 +00:00
naveen
2b15b1353b 🌱 Moving tools dependencies to separate go.mod 
* Moving the tools dependencies to a separate go.mod to reduce the
dependencies on scorecard.

* This is also increases the security posture by having less dependencies
on the main go.mod
 2021-09-07 18:23:41 -05:00
neil465
fda87a45bb Fixed typo reepo to repo 2021-09-04 10:53:19 -05:00
Azeem Shaikh
830c4f57db
100k cron job repos (#958) 
Co-authored-by: Azeem Shaikh <azeems@google.com>
 2021-09-02 19:31:55 +00:00
Azeem Shaikh
9a1978a051
Use RefUpdateRule in BranchProtection check (#936) 
Co-authored-by: Azeem Shaikh <azeems@google.com>
 2021-08-30 23:14:42 +00:00
Naveen
f40fa63826
🌱 Included race flag to tests (#921) 
Included the `-race` flag to tests to detect any race conditions.
Especially now that we are using the `sync` package.
 2021-08-27 14:17:14 +00:00
Azeem Shaikh
cc30d54db2
Use arduino/setup-protoc for installing Protoc (#903) 
Co-authored-by: Azeem Shaikh <azeems@google.com>
 2021-08-25 09:31:04 -04:00
Azeem Shaikh
3f9431d08c
Update SignedReleases to use RepoClient API (#844) 
Co-authored-by: Azeem Shaikh <azeems@google.com>
 2021-08-12 20:46:06 +00:00
Azeem Shaikh
bc67dd306a
Create a webhook for tagging Docker images (#828) 
Co-authored-by: Azeem Shaikh <azeems@google.com>
 2021-08-11 01:45:01 +00:00
Appu
8534836923
Also add version info to goreleaser (#822) 
- shared configuration generation in ./scripts/version-ldflags

Signed-off-by: Appu Goundan <appu@google.com>
 2021-08-09 18:22:30 +00:00
Azeem Shaikh
7f71928daa
Generate .shard_metadata file in cron job shard (#814) 
Co-authored-by: Azeem Shaikh <azeems@google.com>
 2021-08-06 18:07:42 +00:00
Azeem Shaikh
59e14eef80
Add validation for checks.yaml (#781) 
Co-authored-by: Azeem Shaikh <azeems@google.com>
 2021-07-29 20:29:12 +00:00
Azeem Shaikh
851646d4db
Disable e2e tests temporarily (#785) 
Co-authored-by: Azeem Shaikh <azeems@google.com>
 2021-07-29 19:39:39 +00:00
Appu
f9e9865fd6
Add version cli subcommand (#764) 
`scorecard version` will print out something like

```
GitVersion:     v2.0.0-73-g7fd331a-dirty
GitCommit:      7fd331adf2
GitTreeState:   dirty
BuildDate:      2021-07-27T14:14:34Z
GoVersion:      go1.16.4
Compiler:       gc
Platform:       linux/amd64
```

Signed-off-by: Appu Goundan <appu@google.com>

Co-authored-by: Naveen <172697+naveensrinivasan@users.noreply.github.com>
 2021-07-27 17:37:27 +00:00
Azeem Shaikh
35267c2514
PubSub integration test framework (#706) 
Co-authored-by: Azeem Shaikh <azeems@google.com>
 2021-07-18 17:33:45 -07:00
naveen
219404e0b7 🌱 Removing gitcache 
Removing gitcache
 2021-07-13 01:03:21 -05:00
Azeem Shaikh
db02490da4
50k cron repos and allow skipping 404 URLs (#591) 
Co-authored-by: Azeem Shaikh <azeems@google.com>
 2021-06-18 16:00:08 -07:00
Azeem Shaikh
6df8b67bcf
Add a BQ data transfer cron job (#570) 
Co-authored-by: Azeem Shaikh <azeems@google.com>
 2021-06-14 16:25:32 -07:00
Azeem Shaikh
c06f89af83
Script to add new projects to projects.csv file (#567) 
Co-authored-by: Azeem Shaikh <azeems@google.com>
 2021-06-10 13:24:33 -07:00
Azeem Shaikh
09e86518e5
Add all Google-owned repositories to cron job (#555) 
Co-authored-by: Azeem Shaikh <azeems@google.com>
 2021-06-08 16:55:43 -07:00
Azeem Shaikh
030bc90932
Remove daily cron job from codebase (#530) 
Co-authored-by: Azeem Shaikh <azeems@google.com>
 2021-06-02 14:27:09 -07:00
Azeem Shaikh
7b4ee9bc9f
Factory for OpenCensus Exporter to use in tests (#526) 
Co-authored-by: Azeem Shaikh <azeems@google.com>
 2021-06-01 15:53:49 -07:00
Chris McGehee
8372067a70
🌱 Disabling failing linters (#474) 
* Disabling failing linters.
They will be re-enabled as all errors are fixed.
Also linter will now fail on any error, not just newly introduced.

* Explicitly specifying lint config file

Co-authored-by: Naveen <172697+naveensrinivasan@users.noreply.github.com>
 2021-05-20 01:45:23 +00:00
Azeem Shaikh
eb15a61f4d
Add Dockerfiles for PubSub batch job. (#472) 
Co-authored-by: Azeem Shaikh <azeems@google.com>
 2021-05-18 19:44:38 -07:00
Azeem Shaikh
8c2432bd62
Add worker to the PubSub framework. (#463) 
Co-authored-by: Azeem Shaikh <azeems@google.com>
 2021-05-18 15:18:08 -07:00
Naveen
9281d1ddd9
🌱 Move tool dependencies into go.mod (#460) 
Moved the tool dependencies into go.mod
 2021-05-17 15:20:28 -04:00
Azeem Shaikh
37519d9672
Update RunScorecards API. (#461) 
Co-authored-by: Azeem Shaikh <azeems@google.com>
 2021-05-16 19:38:46 -07:00
Azeem Shaikh
ba3b5c5979
Refactor Makefile and add proto compile support. (#458) 
Co-authored-by: Azeem Shaikh <azeems@google.com>
 2021-05-15 13:58:01 -07:00
Naveen
f73f94bd0c
🌱 auto generate docs (#455) 
Implemented checks for auto generating docs.
 2021-05-15 13:32:27 +00:00
Chris McGehee
9214d71c8f Fix lint issues: wrapcheck linter 
Bumping version of golangci-lint because it has a fix for a false
positive we were encountering.
 2021-05-13 06:53:56 -05:00
Abhishek Arya
a2d51ead20
🐛Freeze Makefile deps (#404) 
* Freeze Makefile deps

* trigger ci

* Fix build failure.
 2021-05-05 09:55:59 -07:00
naveen
360d6b8381 🌱 e2e tests for cronjob 
* Implemented basic e2e tests for cornjob
 2021-05-01 16:07:26 -05:00
naveen
da2e7029c7 🌱 Update golangci version to 1.39 
* Upgrade the golangci version to 1.39
* Changed the checkout depth
  https://github.com/golangci/golangci-lint/issues/1088#issuecomment-801540792
 2021-04-29 08:24:41 -05:00
Azeem Shaikh
d3a59eacff Move Dockerfile.gsutil to inside cron/ 2021-04-27 17:21:53 -05:00
naveen
eade3f9564 🌱 Included go mod verify for cron and scripts 
* Included go mod verify cron and scripts
 2021-04-26 10:06:14 -05:00
naveen
3d24435ba8 🌱 Fixing the docker build issue 2021-04-23 15:17:42 -04:00
Naveen
8e352e408a
🌱 Included make targets for update binary (#340) 
* Include the build and go mod verify targets to the update binary.
 2021-04-13 01:36:45 +00:00
naveen
7622cea5a6 🌱 updated the makefile to include scripts and cron 
Updated the makefile to include scripts and cron.
 2021-03-22 11:42:18 -04:00
naveen
688dc5e6c7 Refactor cron job 
* Refactored cron job from shell script to go.
* Included metadata to the projects.txt for envoy
* Included checks for duplicate item in projects.txt
* Sorted the projects.txt so that it is easier for someone to look for a
project
 2021-03-21 22:31:07 -04:00
naveen
248fda288e Fix - docker builds for scorecard cron 
Fixed the docker build for scorecard cron and as well as updated the
integration to test for the docker builds.
 2021-03-05 13:14:33 -05:00
Naveen
b4c2e4fd13
feat - migrate to go 1.16 (#233) 
Upgrade to go version 1.16
 2021-03-03 18:56:29 +00:00
Abhishek Arya
a44dd6a758
Add pypi and ruby gems package support. (#226) 
Adds some more package managers to
https://github.com/ossf/scorecard/issues/33

Co-authored-by: Naveen <172697+naveensrinivasan@users.noreply.github.com>
 2021-03-01 11:21:20 -05:00
naveen
7b192a0243 feat - Included tests for disk cache 
Included tests for disk cache.
Cleaned up tests.
 2021-02-26 15:46:21 -05:00
naveen
c2ff48dc59 feat-Reduced GitHub API calls for security check 
Reduced the number of calls to GitHub API from 16 to max of 2 calls.
Utilized tar ball to download and check for the contents of those files.
 2021-02-25 21:55:54 -05:00
naveen
6f2a0f43f4 Fix - Output path for the test runs 2021-02-25 15:59:39 -05:00
naveen
a7174d8ad7 Feature - Include e2e tests for docker 
Included e2e tests for docker.
Included .Dockerignore to ignore files.
Included Docker build in the Makefile.
 2021-02-25 11:02:45 -05:00
naveen
cab29a2747 Feat- Use cloud buckets for caching 
Use cloud buckets for httpcache.

The implementation uses https://github.com/google/go-cloud for it to be
cloud vendor agnostic.
 2021-02-24 11:17:50 -05:00
naveen
7726ca7987 Feature - Include metadata in the results 
Included metadata that can be passed an argument to the command line.
The same metadata will returned the `json` results.
 2021-02-22 19:23:46 -05:00
naveen
9510d3e0d7 Fix - default disk cache size 
The default disk cache size is 100mb. Changed the default disk cache to
10gb.
 2021-02-22 18:19:56 -05:00
Naveen
db81680172
Feat-Implement httpcache middleware for GitHub API (#203) 
The GitHub API supports conditional requests
https://docs.github.com/en/rest/overview/resources-in-the-rest-api#conditional-requests

https://github.com/google/go-github supports Conditional requests
https://github.com/google/go-github#conditional-requests

As we are scaling more and more projects this would add a lot of value.

Initial run fetches information using `httpcache` as a middleware,
which caches the HTTP response initially in a large disk (PVC),
probably move to Redis later as a cache instead of disk.

Subsequent `cron runs` will utilize the `httpcache` for checking content modification and
load it from the cache if it isn't modified, which reduces the hitting the
Rate Limit of the GitHub API.
 2021-02-22 17:18:28 +00:00
Naveen
e0a02567fb
Fix - Cleanup the makefile targets (#207) 2021-02-21 23:35:39 +00:00
Nathan
554ca76bfe Fix - golangci issues gomnd, goconst 
Fixed the golangci issues for gomnd and goconst.
Added ginkgo dependency in the makefile.
 2021-02-17 18:22:18 -05:00
naveen
ce8e1e79ea Feature - Include additional linters for golangci 
Included additional linters for golangci. The new linters would be
reported existing issues.
 2021-02-16 14:06:59 -05:00
naveen
b20e33c24b Fix - go build to static binaries 2021-02-14 15:01:41 -05:00
Abhishek Arya
fc251d9d42 Add security policy to e2e test. 2021-02-14 12:50:24 -05:00
naveen
af2132e927 Fix- e2e tests to include the executable 
Included e2e tests for the executable with JSON
 2021-02-14 11:46:17 -05:00
naveen
2a1463b315 Feature - Report codecoverage to codecov.io 2021-01-26 17:49:11 -05:00
Naveen
f77da7783b
feat-e2e tests for signed tags and signed releases (#115) 
Implemented e2e tests using ginkgo for validating signed tags and signed
releases.

ginkgo is utilized as a standard BDD testing framework in other
projects like kubebuilder.
 2021-01-01 14:36:31 -06:00
naveen
a56f707350 Feat - Implemented Makefile and actions for PR 
Implemented Makefile and actions for PR and push to validate fmt, go mod
tidy , go build and go test
 2020-12-22 16:51:24 -05:00