scorecard

mirror of https://github.com/ossf/scorecard.git synced 2024-08-16 11:50:37 +03:00

Author	SHA1	Message	Date
dependabot[bot]	9f9afa0c30	🌱 Bump github.com/google/osv-scanner from 1.7.4 to 1.8.1 (#4198 ) Some checks are pending CodeQL / Analyze (go) (push) Waiting to run Details CodeQL / Analyze (javascript) (push) Waiting to run Details gitlab-tests / gitlab-integration-trusted (push) Waiting to run Details golangci-lint / check-linter (push) Waiting to run Details build / unit-test (push) Waiting to run Details build / generate-mocks (push) Waiting to run Details build / generate-docs (push) Waiting to run Details build / build-proto (push) Waiting to run Details build / ${{ matrix.target }} (build-add-script) (push) Blocked by required conditions Details build / ${{ matrix.target }} (build-bq-transfer) (push) Blocked by required conditions Details build / ${{ matrix.target }} (build-cii-worker) (push) Blocked by required conditions Details build / ${{ matrix.target }} (build-controller) (push) Blocked by required conditions Details build / ${{ matrix.target }} (build-github-server) (push) Blocked by required conditions Details build / ${{ matrix.target }} (build-scorecard) (push) Blocked by required conditions Details build / ${{ matrix.target }} (build-shuffler) (push) Blocked by required conditions Details build / ${{ matrix.target }} (build-validate-script) (push) Blocked by required conditions Details build / ${{ matrix.target }} (build-webhook) (push) Blocked by required conditions Details build / ${{ matrix.target }} (build-worker) (push) Blocked by required conditions Details build / validate-docs (push) Waiting to run Details build / add-projects (push) Waiting to run Details build / validate-projects (push) Waiting to run Details build / license boilerplate check (push) Waiting to run Details Scorecard analysis workflow / Scorecard analysis (push) Waiting to run Details	2024-07-01 19:21:16 +00:00
Zxilly	5ef9831b91	🌱 add stack info to osv-scanner error (#4172 ) * add stack info to osv-scanner error Signed-off-by: Zxilly <zxilly@outlook.com> * print error stack to stderr Signed-off-by: Zxilly <zxilly@outlook.com> * follow the lint rule Signed-off-by: Zxilly <zxilly@outlook.com> --------- Signed-off-by: Zxilly <zxilly@outlook.com>	2024-06-14 16:02:21 -07:00
Spencer Schrock	0b9dfb656f	⚠️ Replace v4 module references with v5 (#4027 ) Signed-off-by: Spencer Schrock <sschrock@google.com>	2024-04-12 14:51:50 -07:00
Spencer Schrock	1d1df07770	✨ Add experimental local OSV mode for cron releasetest worker (#3947 ) * add local osv db client Signed-off-by: Spencer Schrock <sschrock@google.com> * enable osv experiment in cron release test Signed-off-by: Spencer Schrock <sschrock@google.com> --------- Signed-off-by: Spencer Schrock <sschrock@google.com>	2024-03-15 11:46:09 +11:00
Spencer Schrock	6e717aa261	🐛 ignore Go stdlib vulns (#3925 ) Signed-off-by: Spencer Schrock <sschrock@google.com>	2024-03-06 12:31:07 -08:00
Spencer Schrock	b556d932a4	🐛 Handle osvscanner errors on projects with no dependencies (#3803 ) * handle osv errors for projects without packages Signed-off-by: Spencer Schrock <sschrock@google.com> * make test parallel Signed-off-by: Spencer Schrock <sschrock@google.com> --------- Signed-off-by: Spencer Schrock <sschrock@google.com>	2024-01-19 19:13:40 +00:00
Spencer Schrock	a4e72a8696	🐛 Give inconclusive Vulnerabilities score when osv-scanner panics (#2896 ) * Recover from osv-scanner panics. This allows us to give an inconclusive score instead of crashing. Signed-off-by: Spencer Schrock <sschrock@google.com> * Bump osv-scanner to include performance increase. https://github.com/google/osv-scanner/pull/346 Signed-off-by: Spencer Schrock <sschrock@google.com> --------- Signed-off-by: Spencer Schrock <sschrock@google.com>	2023-04-24 17:26:20 +00:00
Rex P	170af75618	🐛 Updates osv-scanner dependency to 1.2.0. (#2704 ) * Updates osv-scanner dependency to 1.2.0. The 1.0 release changed the return value for osv-scanner to output an error when vulnerabilities are found, modified to handle this error correctly. Signed-off-by: Rex Pan <rexpan@google.com> * Add some additional comments Signed-off-by: Rex Pan <rexpan@google.com> * Update osv-scanner to include SBOM and logging fixes Signed-off-by: Rex Pan <rexpan@google.com> --------- Signed-off-by: Rex Pan <rexpan@google.com>	2023-03-09 00:04:11 +00:00
Rex P	f983480ba2	⚠️ OSV scanner integration (#2509 ) * Improve OSV scanning integration (squashed) Signed-off-by: Rex P <rexpan@google.com> * Add support for grouping vulnerabilities and aliases Signed-off-by: Rex P <rexpan@google.com> * Updated documentation, spit vulnerability output to multiple warnings Signed-off-by: Rex P <rexpan@google.com> * Updated documentation, spit vulnerability output to multiple warnings Signed-off-by: Rex P <rexpan@google.com> * Add its own codebase into docs Signed-off-by: Rex P <rexpan@google.com> * Update scorecard test to not prevent known vulns Signed-off-by: Rex P <rexpan@google.com> Signed-off-by: Rex P <rexpan@google.com> Co-authored-by: laurentsimon <64505099+laurentsimon@users.noreply.github.com>	2022-12-12 16:46:43 -08:00
Arnaud J Le Hors	2169bc44c7	Use new project name in Copyright notices (#2505 ) Signed-off-by: Arnaud J Le Hors <lehors@us.ibm.com> Signed-off-by: Arnaud J Le Hors <lehors@us.ibm.com>	2022-12-01 15:08:48 -08:00
Azeem Shaikh	96fac8a941	Replace `checker.Vuln` with `clients.Vuln` (#1955 ) Co-authored-by: Azeem Shaikh <azeems@google.com>	2022-05-24 20:15:37 +00:00

11 Commits