Spencer Schrock
6629b09746
🌱 Add lifecycle field to probes ( #4147 )
...
CodeQL / Analyze (go) (push) Waiting to run
CodeQL / Analyze (javascript) (push) Waiting to run
gitlab-tests / gitlab-integration-trusted (push) Waiting to run
golangci-lint / check-linter (push) Waiting to run
build / unit-test (push) Waiting to run
build / generate-mocks (push) Waiting to run
build / generate-docs (push) Waiting to run
build / build-proto (push) Waiting to run
build / ${{ matrix.target }} (build-add-script) (push) Blocked by required conditions
build / ${{ matrix.target }} (build-bq-transfer) (push) Blocked by required conditions
build / ${{ matrix.target }} (build-cii-worker) (push) Blocked by required conditions
build / ${{ matrix.target }} (build-controller) (push) Blocked by required conditions
build / ${{ matrix.target }} (build-github-server) (push) Blocked by required conditions
build / ${{ matrix.target }} (build-scorecard) (push) Blocked by required conditions
build / ${{ matrix.target }} (build-shuffler) (push) Blocked by required conditions
build / ${{ matrix.target }} (build-validate-script) (push) Blocked by required conditions
build / ${{ matrix.target }} (build-webhook) (push) Blocked by required conditions
build / ${{ matrix.target }} (build-worker) (push) Blocked by required conditions
build / validate-docs (push) Waiting to run
build / add-projects (push) Waiting to run
build / validate-projects (push) Waiting to run
build / license boilerplate check (push) Waiting to run
Scorecard analysis workflow / Scorecard analysis (push) Waiting to run
* add lifecycle field to probe yaml definitions
Signed-off-by: Spencer Schrock <sschrock@google.com>
* classify existing probes
Some are listed as stable if they're not expected to change,
others are listed as experimental if there are still expected changes.
Signed-off-by: Spencer Schrock <sschrock@google.com>
* add lifecycle to probe readme
Signed-off-by: Spencer Schrock <sschrock@google.com>
* fix linter
Signed-off-by: Spencer Schrock <sschrock@google.com>
* add lifecycle for new probe
Signed-off-by: Spencer Schrock <sschrock@google.com>
* add probe lifecycle to documentation
Signed-off-by: Spencer Schrock <sschrock@google.com>
---------
Signed-off-by: Spencer Schrock <sschrock@google.com>
2024-07-02 17:11:19 +00:00
Spencer Schrock
0d57c0224a
📖 Generate probe markdown documentation ( #4184 )
...
* generate probe markdown documentation
Walks the various probes def.yaml files and puts them in a single
markdown document. This doesn't currently include the remediation, but
neither does the existing checks.md document either.
In order to avoid duplicating yaml definitions, this existing ones were
moved to an internal directory so they can be reused.
Signed-off-by: Spencer Schrock <sschrock@google.com>
* fix linter
Signed-off-by: Spencer Schrock <sschrock@google.com>
* add probe doc generation to Makefile
Note: There is no validate-docs step for the probes code, as the
def.yml fields are validated elsewhere currently in the unit tests.
Signed-off-by: Spencer Schrock <sschrock@google.com>
* fix license for new yaml package
Signed-off-by: Spencer Schrock <sschrock@google.com>
---------
Signed-off-by: Spencer Schrock <sschrock@google.com>
2024-06-20 21:05:06 +00:00
Raghav Kaul
bfaa9febc2
✨ probe: releases with verified provenance ( #4141 )
...
* add projectpackageversions to signed releases raw results
Signed-off-by: Raghav Kaul <raghavkaul+github@google.com>
* finding: add NewNot* helpers, fix error msg
Signed-off-by: Raghav Kaul <raghavkaul+github@google.com>
* probe: releasesHaveVerifiedProvenance
Signed-off-by: Raghav Kaul <raghavkaul+github@google.com>
* logging
Signed-off-by: Raghav Kaul <raghavkaul+github@google.com>
* fix tests and lint
Signed-off-by: Raghav Kaul <raghavkaul+github@google.com>
* address comments
Signed-off-by: Raghav Kaul <raghavkaul+github@google.com>
* remove unused
Signed-off-by: Raghav Kaul <raghavkaul+github@google.com>
* fix merge conflict
Signed-off-by: Raghav Kaul <raghavkaul+github@google.com>
---------
Signed-off-by: Raghav Kaul <raghavkaul+github@google.com>
2024-06-07 10:15:20 -07:00
Spencer Schrock
0b9dfb656f
⚠️ Replace v4 module references with v5 ( #4027 )
...
Signed-off-by: Spencer Schrock <sschrock@google.com>
2024-04-12 14:51:50 -07:00
Spencer Schrock
6b071eddeb
⚠️ Allow probes to specify their own bad outcomes ( #4020 )
...
* merge probe and finding packages
No one interacts with the probes directly,
and having them in the same package helps with follow up commits
Signed-off-by: Spencer Schrock <sschrock@google.com>
* add extra field to indicate the outcome a probe should show remediation for
Signed-off-by: Spencer Schrock <sschrock@google.com>
* start all probes with remediate on 'False'
Signed-off-by: Spencer Schrock <sschrock@google.com>
* make OutcomeTrue bad for hasOSVVulnerabilities
Signed-off-by: Spencer Schrock <sschrock@google.com>
* nest outcome trigger under remediation in yaml
Signed-off-by: Spencer Schrock <sschrock@google.com>
* invert outcomes for dangerous workflow probes
Signed-off-by: Spencer Schrock <sschrock@google.com>
* rename notArchived probe to archived
with the swap, the true outcome is now the bad outcome.
Signed-off-by: Spencer Schrock <sschrock@google.com>
* rename notCreatedRecently probe to createRecently
with the rename, the true outcome is now bad
Signed-off-by: Spencer Schrock <sschrock@google.com>
* switch binary artifact probes so detecting binaries is a true outcome
Signed-off-by: Spencer Schrock <sschrock@google.com>
* appease the linter
Signed-off-by: Spencer Schrock <sschrock@google.com>
* dont export probe type
we can always make it public again later
Signed-off-by: Spencer Schrock <sschrock@google.com>
---------
Signed-off-by: Spencer Schrock <sschrock@google.com>
2024-04-10 14:12:53 -07:00
Spencer Schrock
b577d79c96
⚠️ Replace Positive and Negative outcomes with True and False ( #4017 )
...
* rename positive to true
Signed-off-by: Spencer Schrock <sschrock@google.com>
* rename negative to false
Signed-off-by: Spencer Schrock <sschrock@google.com>
---------
Signed-off-by: Spencer Schrock <sschrock@google.com>
2024-04-08 15:36:11 -07:00
Spencer Schrock
ba4fb1b94b
⚠️ Switch Outcome type to string ( #4006 )
...
* convert outcome constants to strings
Originally, these were introduced as ints to enable ordering between them.
Today, I don't see the value in doing that, and it makes the output less readable.
Signed-off-by: Spencer Schrock <sschrock@google.com>
* explicitly mention negative outcome for some tests
previously, OutcomeNegative had the integer value of 0. So some tests
didnt specify the outcome and happened to pass due to the zero value.
This also fixes the tests names while I was here.
Signed-off-by: Spencer Schrock <sschrock@google.com>
* match expected probe output with new string values
this change demonstrates the reason for this PR.
Human readable outcomes are good!
Signed-off-by: Spencer Schrock <sschrock@google.com>
---------
Signed-off-by: Spencer Schrock <sschrock@google.com>
2024-04-08 16:31:39 +00:00
dependabot[bot]
bf18c27508
🌱 Bump github.com/golangci/golangci-lint from 1.56.2 to 1.57.1 in /tools ( #3966 )
...
* 🌱 Bump github.com/golangci/golangci-lint in /tools
Bumps [github.com/golangci/golangci-lint](https://github.com/golangci/golangci-lint ) from 1.56.2 to 1.57.1.
- [Release notes](https://github.com/golangci/golangci-lint/releases )
- [Changelog](https://github.com/golangci/golangci-lint/blob/master/CHANGELOG.md )
- [Commits](https://github.com/golangci/golangci-lint/compare/v1.56.2...v1.57.1 )
---
updated-dependencies:
- dependency-name: github.com/golangci/golangci-lint
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
* remove unused wrapcheck nolint directives
wrapcheck v2.8.3 includes a fix for false positives in func literals.
Signed-off-by: Spencer Schrock <sschrock@google.com>
* satisfy assignOp gocritic linter
Signed-off-by: Spencer Schrock <sschrock@google.com>
* convert const regex to MustCompile
included at package level to ensure regex compiles at build time.
These could stay as func regexes if desired, but we'd need test coverage
for the piper code so we know we wont panic
Signed-off-by: Spencer Schrock <sschrock@google.com>
* satisfy unslice linter
Signed-off-by: Spencer Schrock <sschrock@google.com>
* satisfy wrapperFunc linter
This seems like a nice readability change anyway
Signed-off-by: Spencer Schrock <sschrock@google.com>
---------
Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: Spencer Schrock <sschrock@google.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Spencer Schrock <sschrock@google.com>
2024-03-25 15:56:22 -07:00
AdamKorcz
6fc7d4c061
✨ Add probe metadata about supported ecosystems ( #3797 )
...
* 🌱 Add probe metadata about supported ecosystems
Signed-off-by: Adam Korczynski <adam@adalogics.com>
* Add metadata for the rest of the probes
Signed-off-by: Adam Korczynski <adam@adalogics.com>
* fix wrong formatting
Signed-off-by: Adam Korczynski <adam@adalogics.com>
* remove oss-fuzz, osv, cii_blob, cii_http clients
Signed-off-by: Adam Korczynski <adam@adalogics.com>
* add github and gitlab clients for 2 probes
Signed-off-by: Adam Korczynski <adam@adalogics.com>
---------
Signed-off-by: Adam Korczynski <adam@adalogics.com>
2024-02-08 10:20:07 -08:00
Spencer Schrock
ca944e8169
🌱 Change finding Values to map[string]string ( #3837 )
...
* make values map string -> string
Signed-off-by: Spencer Schrock <sschrock@google.com>
* fixup branch protection probes
Signed-off-by: Spencer Schrock <sschrock@google.com>
* fix sast probe
Signed-off-by: Spencer Schrock <sschrock@google.com>
* fix signed-releases probes
Signed-off-by: Spencer Schrock <sschrock@google.com>
* fix maintained probes
Signed-off-by: Spencer Schrock <sschrock@google.com>
* fix cii-best-practices probes
Signed-off-by: Spencer Schrock <sschrock@google.com>
* fix cii-best-practices eval
Signed-off-by: Spencer Schrock <sschrock@google.com>
* fix signed-releases eval
Signed-off-by: Spencer Schrock <sschrock@google.com>
* fix sast eval
Signed-off-by: Spencer Schrock <sschrock@google.com>
* fix maintained eval
Signed-off-by: Spencer Schrock <sschrock@google.com>
* fix permissions eval
Signed-off-by: Spencer Schrock <sschrock@google.com>
* appease the linter
Signed-off-by: Spencer Schrock <sschrock@google.com>
* standardize maintained key names
Signed-off-by: Spencer Schrock <sschrock@google.com>
* set lookback days value regardless of outcome
Signed-off-by: Spencer Schrock <sschrock@google.com>
---------
Signed-off-by: Spencer Schrock <sschrock@google.com>
2024-02-07 10:55:16 -08:00
Josh Soref
3b948257fc
📖 Fix spelling ( #3804 )
...
* spelling: accurate
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
* spelling: administrator
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
* spelling: analyze
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
* spelling: andtwenty
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
* spelling: ascii
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
* spelling: association
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
* spelling: at least
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
* spelling: attestor
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
* spelling: barbaric
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
* spelling: bucket
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
* spelling: by
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
* spelling: can
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
* spelling: case-insensitive
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
* spelling: case-sensitive
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
* spelling: checking
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
* spelling: command-line
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
* spelling: commit
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
* spelling: committed
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
* spelling: conclusion
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
* spelling: corresponding
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
* spelling: created
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
* spelling: dataset
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
* spelling: default
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
* spelling: defines
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
* spelling: dependabot
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
* spelling: dependency
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
* spelling: depending
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
* spelling: desired
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
* spelling: different
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
* spelling: disclose
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
* spelling: download
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
* spelling: each
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
* spelling: enforce
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
* spelling: every time
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
* spelling: exist
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
* spelling: existing
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
* spelling: fields
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
* spelling: files
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
* spelling: for
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
* spelling: force-push
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
* spelling: github
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
* spelling: gitlab
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
* spelling: ignoreed
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
* spelling: implementation
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
* spelling: implements
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
* spelling: increase
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
* spelling: indicates
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
* spelling: initialized
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
* spelling: instructions
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
* spelling: invalid
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
* spelling: marshal
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
* spelling: match
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
* spelling: name
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
* spelling: nonexistent
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
* spelling: organization
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
* spelling: package
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
* spelling: provenance
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
* spelling: query
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
* spelling: readers
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
* spelling: receive
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
* spelling: registered
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
* spelling: remediate
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
* spelling: representation
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
* spelling: requests
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
* spelling: requires
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
* spelling: return
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
* spelling: scorecard
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
* spelling: separator
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
* spelling: serialization
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
* spelling: sign up
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
* spelling: specifications
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
* spelling: specified
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
* spelling: success
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
* spelling: successfully
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
* spelling: the
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
* spelling: their
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
* spelling: twenty
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
* spelling: unexpected
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
* spelling: unused
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
* spelling: unverified
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
* spelling: validate
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
* spelling: vendor
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
* spelling: vulnerabilities
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
* spelling: vulns
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
* spelling: will
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
* spelling: without
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
* spelling: workflow
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
* spelling: workflows
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
---------
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
2024-01-26 23:08:26 +00:00
Naveen
f1d7a62059
🌱 Fixed field alignment ( #3799 )
...
- Fixed field alignment
Signed-off-by: naveensrinivasan <172697+naveensrinivasan@users.noreply.github.com>
2024-01-17 19:10:33 +00:00
AdamKorcz
cb721a8526
🌱 convert binary artifact check to probe ( #3508 )
...
* 🌱 convert binary artifact check to probe
Signed-off-by: AdamKorcz <adam@adalogics.com>
* Reword motivation
Signed-off-by: AdamKorcz <adam@adalogics.com>
* remove unused variable in test
Signed-off-by: AdamKorcz <adam@adalogics.com>
* remove positiveOutcome() and length check
Signed-off-by: AdamKorcz <adam@adalogics.com>
* fix wrong check name
Signed-off-by: AdamKorcz <adam@adalogics.com>
* Split into two probes: One with and one without gradle-wrappers
Signed-off-by: AdamKorcz <adam@adalogics.com>
* Add description about what Scorecard considers a verified binary
Signed-off-by: Adam Korczynski <adam@adalogics.com>
* change 'trusted' to 'verified'
Signed-off-by: Adam Korczynski <adam@adalogics.com>
* remove nil check
Signed-off-by: Adam Korczynski <adam@adalogics.com>
* remove filtering
Signed-off-by: Adam Korczynski <adam@adalogics.com>
* use const scores in tests
Signed-off-by: Adam Korczynski <adam@adalogics.com>
* rename test
Signed-off-by: Adam Korczynski <adam@adalogics.com>
* add sanity check in loop
Signed-off-by: Adam Korczynski <adam@adalogics.com>
* rename binary file const
Signed-off-by: Adam Korczynski <adam@adalogics.com>
---------
Signed-off-by: AdamKorcz <adam@adalogics.com>
Signed-off-by: Adam Korczynski <adam@adalogics.com>
2023-12-05 00:24:16 -08:00
Spencer Schrock
92470deac3
🌱 enable nolintlint linter and fix violations ( #3650 )
...
* enable nolintlint
Signed-off-by: Spencer Schrock <sschrock@google.com>
* first chunk of fixing nolintlint
Signed-off-by: Spencer Schrock <sschrock@google.com>
* second chunk of fixing nolintlint
Signed-off-by: Spencer Schrock <sschrock@google.com>
* third chunk of fixing nolintlint
Signed-off-by: Spencer Schrock <sschrock@google.com>
* fourth chunk of fixing nolintlint
Signed-off-by: Spencer Schrock <sschrock@google.com>
* include reason for the specific linter config
Signed-off-by: Spencer Schrock <sschrock@google.com>
* fifth chunk of fixing nolintlint
Signed-off-by: Spencer Schrock <sschrock@google.com>
* fix linter errors that are somehow still triggering
Signed-off-by: Spencer Schrock <sschrock@google.com>
---------
Signed-off-by: Spencer Schrock <sschrock@google.com>
2023-11-15 11:44:28 -08:00
Spencer Schrock
a4ee3147a6
🌱 bump project minimum Go version to go1.21 ( #3661 )
...
* upgrade go.mod to 1.21
Signed-off-by: Spencer Schrock <sschrock@google.com>
* use slices from stdlib
Signed-off-by: Spencer Schrock <sschrock@google.com>
* use max/min builtins
Signed-off-by: Spencer Schrock <sschrock@google.com>
* multierrors
possibly spin this off into its own PR
Signed-off-by: Spencer Schrock <sschrock@google.com>
* dont call rand.Seed
As of Go 1.20, the generator is seeded randomly at startup.
https://pkg.go.dev/math/rand#Seed
Signed-off-by: Spencer Schrock <sschrock@google.com>
* update minimum Go version in documentation
Signed-off-by: Spencer Schrock <sschrock@google.com>
---------
Signed-off-by: Spencer Schrock <sschrock@google.com>
2023-11-13 15:12:29 -08:00
AdamKorcz
47e04c102a
🌱 Convert SAST check to probes ( #3571 )
...
* Convert SAST checks to probes
Signed-off-by: AdamKorcz <adam@adalogics.com>
* Update checks/evaluation/sast.go
Co-authored-by: Raghav Kaul <8695110+raghavkaul@users.noreply.github.com>
Signed-off-by: AdamKorcz <44787359+AdamKorcz@users.noreply.github.com>
* preserve file info when logging positive Sonar findings
Signed-off-by: AdamKorcz <adam@adalogics.com>
* rebase
Signed-off-by: AdamKorcz <adam@adalogics.com>
* Remove warning logging
Signed-off-by: AdamKorcz <adam@adalogics.com>
* add outcome and message to finding on the same line
Signed-off-by: AdamKorcz <adam@adalogics.com>
* codeql workflow -> codeql action
Signed-off-by: AdamKorcz <adam@adalogics.com>
* 'the Sonar' -> 'Sonar' in probe def.yml
Signed-off-by: AdamKorcz <adam@adalogics.com>
* fix typo
Signed-off-by: AdamKorcz <adam@adalogics.com>
* Change how probe creates location
Signed-off-by: AdamKorcz <adam@adalogics.com>
* Change names of values
Signed-off-by: AdamKorcz <adam@adalogics.com>
* change 'SAST tool detected: xx' to 'SAST tool installed: xx'
Signed-off-by: AdamKorcz <adam@adalogics.com>
* make text in probe def.yml easier to read
Signed-off-by: AdamKorcz <adam@adalogics.com>
* Change 'to' to 'two'
Signed-off-by: AdamKorcz <adam@adalogics.com>
* Minor change
Signed-off-by: AdamKorcz <adam@adalogics.com>
---------
Signed-off-by: AdamKorcz <adam@adalogics.com>
Signed-off-by: AdamKorcz <44787359+AdamKorcz@users.noreply.github.com>
Co-authored-by: Raghav Kaul <8695110+raghavkaul@users.noreply.github.com>
2023-11-07 08:41:44 -05:00
laurentsimon
fa0e1c17e9
✨ Add WithValues function to findings ( #3619 )
...
* update
Signed-off-by: laurentsimon <laurentsimon@google.com>
* update comment
Signed-off-by: laurentsimon <laurentsimon@google.com>
* typo
Signed-off-by: laurentsimon <laurentsimon@google.com>
---------
Signed-off-by: laurentsimon <laurentsimon@google.com>
2023-10-27 11:03:15 -07:00
AdamKorcz
8eaf0d7647
🌱 Add new outcome to UnmarshalYAML ( #3566 )
...
Signed-off-by: AdamKorcz <adam@adalogics.com>
2023-10-12 16:59:50 +00:00
AdamKorcz
05a1eade1f
🐛 Fix wrong quotes ( #3565 )
...
Signed-off-by: AdamKorcz <adam@adalogics.com>
2023-10-12 08:47:50 -07:00
AdamKorcz
6c43301c26
🌱 Add map to Finding ( #3558 )
...
Signed-off-by: AdamKorcz <adam@adalogics.com>
2023-10-11 09:25:40 -07:00
AdamKorcz
034e6b2ebc
🌱 Add OutcomeNotApplicable ( #3539 )
...
Signed-off-by: AdamKorcz <adam@adalogics.com>
2023-10-09 22:16:12 +00:00
laurentsimon
d177169ec2
✨ [experimental] Probe support for fuzzing check ( #3230 )
...
* update
Signed-off-by: laurentsimon <laurentsimon@google.com>
* update
Signed-off-by: laurentsimon <laurentsimon@google.com>
* update
Signed-off-by: laurentsimon <laurentsimon@google.com>
* update
Signed-off-by: laurentsimon <laurentsimon@google.com>
* update
Signed-off-by: laurentsimon <laurentsimon@google.com>
* update
Signed-off-by: laurentsimon <laurentsimon@google.com>
* update
Signed-off-by: laurentsimon <laurentsimon@google.com>
* update
Signed-off-by: laurentsimon <laurentsimon@google.com>
* update
Signed-off-by: laurentsimon <laurentsimon@google.com>
* comments
Signed-off-by: laurentsimon <laurentsimon@google.com>
* unit tests and linter
Signed-off-by: laurentsimon <laurentsimon@google.com>
* remove raw from check request in e2e tests
Signed-off-by: laurentsimon <laurentsimon@google.com>
* remove redundant finding check
Signed-off-by: laurentsimon <laurentsimon@google.com>
* typo
Signed-off-by: laurentsimon <laurentsimon@google.com>
* adress comments
Signed-off-by: laurentsimon <laurentsimon@google.com>
---------
Signed-off-by: laurentsimon <laurentsimon@google.com>
2023-08-21 17:50:20 +00:00
laurentsimon
a8b255a224
✨ [experimental] Probe support for security policy check ( #3241 )
...
* update
Signed-off-by: laurentsimon <laurentsimon@google.com>
* update
Signed-off-by: laurentsimon <laurentsimon@google.com>
* update
Signed-off-by: laurentsimon <laurentsimon@google.com>
* update
Signed-off-by: laurentsimon <laurentsimon@google.com>
* update
Signed-off-by: laurentsimon <laurentsimon@google.com>
* update
Signed-off-by: laurentsimon <laurentsimon@google.com>
* update
Signed-off-by: laurentsimon <laurentsimon@google.com>
* update
Signed-off-by: laurentsimon <laurentsimon@google.com>
* update
Signed-off-by: laurentsimon <laurentsimon@google.com>
* update
Signed-off-by: laurentsimon <laurentsimon@google.com>
* update
Signed-off-by: laurentsimon <laurentsimon@google.com>
* update
Signed-off-by: laurentsimon <laurentsimon@google.com>
* update
Signed-off-by: laurentsimon <laurentsimon@google.com>
* fix unit tests
Signed-off-by: laurentsimon <laurentsimon@google.com>
* comments
Signed-off-by: laurentsimon <laurentsimon@google.com>
* compilation fix
Signed-off-by: laurentsimon <laurentsimon@google.com>
* missing file
Signed-off-by: laurentsimon <laurentsimon@google.com>
* missing file
Signed-off-by: laurentsimon <laurentsimon@google.com>
* update reason string
Signed-off-by: laurentsimon <laurentsimon@google.com>
* typo
Signed-off-by: laurentsimon <laurentsimon@google.com>
* fix unit tests
Signed-off-by: laurentsimon <laurentsimon@google.com>
* typo
Signed-off-by: laurentsimon <laurentsimon@google.com>
* unit tests and linnter
Signed-off-by: laurentsimon <laurentsimon@google.com>
* comments
Signed-off-by: laurentsimon <laurentsimon@google.com>
* comments
Signed-off-by: laurentsimon <laurentsimon@google.com>
* missing file
Signed-off-by: laurentsimon <laurentsimon@google.com>
* unit tests for probes
Signed-off-by: laurentsimon <laurentsimon@google.com>
* linter
Signed-off-by: laurentsimon <laurentsimon@google.com>
* revert FileSize change
Signed-off-by: laurentsimon <laurentsimon@google.com>
---------
Signed-off-by: laurentsimon <laurentsimon@google.com>
2023-08-04 04:52:15 +00:00
Naveen
ab1c515c30
🌱 Increase test coverage for finding outcomes ( #3142 )
...
* Increase test coverage for finding outcomes
- Add tests for Outcome UnmarshalYAML function in `finding/finding_test.go`
Signed-off-by: naveensrinivasan <172697+naveensrinivasan@users.noreply.github.com>
* Updates based on Codereview
- Update `Outcome` variable in `finding/finding_test.go`
- Add `t.Parallel()` for test parallelization
- Add comparison using `cmp.Diff` to test for mismatches
- Update test cases for various outcomes
Signed-off-by: naveensrinivasan <172697+naveensrinivasan@users.noreply.github.com>
---------
Signed-off-by: naveensrinivasan <172697+naveensrinivasan@users.noreply.github.com>
2023-06-08 19:07:46 +00:00
laurentsimon
a4da39a779
✨ [experimental] Create probes within findings ( #2919 )
...
* update
Signed-off-by: laurentsimon <laurentsimon@google.com>
* update
Signed-off-by: laurentsimon <laurentsimon@google.com>
* update
Signed-off-by: laurentsimon <laurentsimon@google.com>
* update
Signed-off-by: laurentsimon <laurentsimon@google.com>
* update
Signed-off-by: laurentsimon <laurentsimon@google.com>
* update
Signed-off-by: laurentsimon <laurentsimon@google.com>
* update
Signed-off-by: laurentsimon <laurentsimon@google.com>
* update
Signed-off-by: laurentsimon <laurentsimon@google.com>
* update
Signed-off-by: laurentsimon <laurentsimon@google.com>
* update
Signed-off-by: laurentsimon <laurentsimon@google.com>
* update
Signed-off-by: laurentsimon <laurentsimon@google.com>
* update
Signed-off-by: laurentsimon <laurentsimon@google.com>
---------
Signed-off-by: laurentsimon <laurentsimon@google.com>
2023-05-03 00:42:32 +00:00
laurentsimon
2ea140a3ee
✨ Structured results for permissions ( #2584 )
...
* update
Signed-off-by: laurentsimon <laurentsimon@google.com>
* update
Signed-off-by: laurentsimon <laurentsimon@google.com>
* update
Signed-off-by: laurentsimon <laurentsimon@google.com>
* update
Signed-off-by: laurentsimon <laurentsimon@google.com>
* update
Signed-off-by: laurentsimon <laurentsimon@google.com>
* update
Signed-off-by: laurentsimon <laurentsimon@google.com>
* update
Signed-off-by: laurentsimon <laurentsimon@google.com>
* update
Signed-off-by: laurentsimon <laurentsimon@google.com>
* update
Signed-off-by: laurentsimon <laurentsimon@google.com>
* update
Signed-off-by: laurentsimon <laurentsimon@google.com>
* update
Signed-off-by: laurentsimon <laurentsimon@google.com>
* update
Signed-off-by: laurentsimon <laurentsimon@google.com>
* update
Signed-off-by: laurentsimon <laurentsimon@google.com>
* update
Signed-off-by: laurentsimon <laurentsimon@google.com>
* Update checks/evaluation/permissions/GitHubWorkflowPermissionsTopNoWrite.yml
Co-authored-by: Joyce <joycebrumu.u@gmail.com>
Signed-off-by: laurentsimon <64505099+laurentsimon@users.noreply.github.com>
* update
Signed-off-by: laurentsimon <laurentsimon@google.com>
* Update checks/evaluation/permissions/GitHubWorkflowPermissionsStepsNoWrite.yml
Co-authored-by: Joyce <joycebrumu.u@gmail.com>
Signed-off-by: laurentsimon <64505099+laurentsimon@users.noreply.github.com>
* Update checks/evaluation/permissions/GitHubWorkflowPermissionsStepsNoWrite.yml
Co-authored-by: Joyce <joycebrumu.u@gmail.com>
Signed-off-by: laurentsimon <64505099+laurentsimon@users.noreply.github.com>
* Update checks/evaluation/permissions/GitHubWorkflowPermissionsStepsNoWrite.yml
Co-authored-by: Joyce <joycebrumu.u@gmail.com>
Signed-off-by: laurentsimon <64505099+laurentsimon@users.noreply.github.com>
* update
Signed-off-by: laurentsimon <laurentsimon@google.com>
* update
Signed-off-by: laurentsimon <laurentsimon@google.com>
* update
Signed-off-by: laurentsimon <laurentsimon@google.com>
* update
Signed-off-by: laurentsimon <laurentsimon@google.com>
* update
Signed-off-by: laurentsimon <laurentsimon@google.com>
* update
Signed-off-by: laurentsimon <laurentsimon@google.com>
* update
Signed-off-by: laurentsimon <laurentsimon@google.com>
* update
Signed-off-by: laurentsimon <laurentsimon@google.com>
* update
Signed-off-by: laurentsimon <laurentsimon@google.com>
* update
Signed-off-by: laurentsimon <laurentsimon@google.com>
* update
Signed-off-by: laurentsimon <laurentsimon@google.com>
* update
Signed-off-by: laurentsimon <laurentsimon@google.com>
* update
Signed-off-by: laurentsimon <laurentsimon@google.com>
* update
Signed-off-by: laurentsimon <laurentsimon@google.com>
* update
Signed-off-by: laurentsimon <laurentsimon@google.com>
* update
Signed-off-by: laurentsimon <laurentsimon@google.com>
---------
Signed-off-by: laurentsimon <laurentsimon@google.com>
Signed-off-by: laurentsimon <64505099+laurentsimon@users.noreply.github.com>
Co-authored-by: Joyce <joycebrumu.u@gmail.com>
2023-01-30 18:41:36 -08:00
