ossf/scorecard
1
1
Fork 0
mirror of https://github.com/ossf/scorecard.git synced 2024-09-11 17:07:53 +03:00
Code Issues Actions 7 Packages Projects Releases Wiki Activity
2,744 Commits 35 Branches 42 Tags 435 MiB
main
Commit Graph

493 Commits

Author SHA1 Message Date
dependabot[bot]
e30d9e5bbc
🌱 Bump gocloud.dev from 0.23.0 to 0.24.0 (#956) 
Bumps [gocloud.dev](https://github.com/google/go-cloud) from 0.23.0 to 0.24.0.
- [Release notes](https://github.com/google/go-cloud/releases)
- [Commits](https://github.com/google/go-cloud/compare/v0.23.0...v0.24.0)

---
updated-dependencies:
- dependency-name: gocloud.dev
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2021-09-03 15:46:28 +00:00
flying-cow
1434977ac0 :sparkling: Upgraded to go 1.17 2021-09-01 18:31:44 -04:00
dependabot[bot]
dcbf7528a7
🌱 Bump cloud.google.com/go/bigquery from 1.21.0 to 1.22.0 (#939) 
Bumps [cloud.google.com/go/bigquery](https://github.com/googleapis/google-cloud-go) from 1.21.0 to 1.22.0.
- [Release notes](https://github.com/googleapis/google-cloud-go/releases)
- [Changelog](https://github.com/googleapis/google-cloud-go/blob/master/CHANGES.md)
- [Commits](https://github.com/googleapis/google-cloud-go/compare/spanner/v1.21.0...spanner/v1.22.0)

---
updated-dependencies:
- dependency-name: cloud.google.com/go/bigquery
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Naveen <172697+naveensrinivasan@users.noreply.github.com>
Co-authored-by: Azeem Shaikh <azeemshaikh38@gmail.com>
 2021-09-01 16:14:12 +00:00
dependabot[bot]
001ba670bb 🌱 Bump github.com/jszwec/csvutil from 1.5.0 to 1.5.1 
Bumps [github.com/jszwec/csvutil](https://github.com/jszwec/csvutil) from 1.5.0 to 1.5.1.
- [Release notes](https://github.com/jszwec/csvutil/releases)
- [Commits](https://github.com/jszwec/csvutil/compare/v1.5.0...v1.5.1)

---
updated-dependencies:
- dependency-name: github.com/jszwec/csvutil
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2021-08-31 08:06:06 -04:00
Chris McGehee
dbb23450e5
Add line number to unpinned dependency: GitHub workflow "uses" field (#821) 
* Display line number for github workflow "uses" field

* Adding test for line numbers

* Updating comment

* Updating this log message to use SARIF format

Co-authored-by: laurentsimon <64505099+laurentsimon@users.noreply.github.com>
 2021-08-30 17:03:45 +00:00
dependabot[bot]
51016ea8ae
🌱 Bump cloud.google.com/go/pubsub from 1.15.0 to 1.16.0 (#904) 
Bumps [cloud.google.com/go/pubsub](https://github.com/googleapis/google-cloud-go) from 1.15.0 to 1.16.0.
- [Release notes](https://github.com/googleapis/google-cloud-go/releases)
- [Changelog](https://github.com/googleapis/google-cloud-go/blob/master/CHANGES.md)
- [Commits](https://github.com/googleapis/google-cloud-go/compare/pubsub/v1.15.0...pubsub/v1.16.0)

---
updated-dependencies:
- dependency-name: cloud.google.com/go/pubsub
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Naveen <172697+naveensrinivasan@users.noreply.github.com>
Co-authored-by: Azeem Shaikh <azeemshaikh38@gmail.com>
 2021-08-30 02:00:18 +00:00
Azeem Shaikh
37696aceb3
Create and use MockRepoClient in unit tests (#922) 
Co-authored-by: Azeem Shaikh <azeems@google.com>
 2021-08-26 19:48:39 +00:00
laurentsimon
788fd33222
Add JSON unit tests (#915) 
* fix

* typo

* draft

* fixes

* typo

* add validator

* comments

* typo
 2021-08-26 01:42:34 +00:00
Azeem Shaikh
d8e49e0dba
Remove unwanted dependencies (#913) 
Co-authored-by: Azeem Shaikh <azeems@google.com>
 2021-08-25 21:21:40 +00:00
dependabot[bot]
77a4160a87
🌱 Bump github.com/onsi/gomega from 1.15.0 to 1.16.0 (#879) 
Bumps [github.com/onsi/gomega](https://github.com/onsi/gomega) from 1.15.0 to 1.16.0.
- [Release notes](https://github.com/onsi/gomega/releases)
- [Changelog](https://github.com/onsi/gomega/blob/master/CHANGELOG.md)
- [Commits](https://github.com/onsi/gomega/compare/v1.15.0...v1.16.0)

---
updated-dependencies:
- dependency-name: github.com/onsi/gomega
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2021-08-23 16:18:46 +00:00
dependabot[bot]
04e8bcf933
🌱 Bump cloud.google.com/go/bigquery from 1.20.1 to 1.21.0 (#870) 
Bumps [cloud.google.com/go/bigquery](https://github.com/googleapis/google-cloud-go) from 1.20.1 to 1.21.0.
- [Release notes](https://github.com/googleapis/google-cloud-go/releases)
- [Changelog](https://github.com/googleapis/google-cloud-go/blob/master/CHANGES.md)
- [Commits](https://github.com/googleapis/google-cloud-go/compare/bigquery/v1.20.1...spanner/v1.21.0)

---
updated-dependencies:
- dependency-name: cloud.google.com/go/bigquery
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Azeem Shaikh <azeemshaikh38@gmail.com>
 2021-08-18 18:48:16 +00:00
dependabot[bot]
fa4e8a43f1
🌱 Bump github.com/golangci/golangci-lint from 1.41.1 to 1.42.0 (#869) 
Bumps [github.com/golangci/golangci-lint](https://github.com/golangci/golangci-lint) from 1.41.1 to 1.42.0.
- [Release notes](https://github.com/golangci/golangci-lint/releases)
- [Changelog](https://github.com/golangci/golangci-lint/blob/master/CHANGELOG.md)
- [Commits](https://github.com/golangci/golangci-lint/compare/v1.41.1...v1.42.0)

---
updated-dependencies:
- dependency-name: github.com/golangci/golangci-lint
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2021-08-18 13:42:02 +00:00
dependabot[bot]
e7d9ec52fa
🌱 Bump cloud.google.com/go/pubsub from 1.14.0 to 1.15.0 (#858) 
Bumps [cloud.google.com/go/pubsub](https://github.com/googleapis/google-cloud-go) from 1.14.0 to 1.15.0.
- [Release notes](https://github.com/googleapis/google-cloud-go/releases)
- [Changelog](https://github.com/googleapis/google-cloud-go/blob/master/CHANGES.md)
- [Commits](https://github.com/googleapis/google-cloud-go/compare/pubsub/v1.14.0...pubsub/v1.15.0)

---
updated-dependencies:
- dependency-name: cloud.google.com/go/pubsub
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Azeem Shaikh <azeemshaikh38@gmail.com>
 2021-08-17 15:45:27 +00:00
dependabot[bot]
72337426f0
🌱 Bump go.uber.org/zap from 1.18.1 to 1.19.0 (#834) 
Bumps [go.uber.org/zap](https://github.com/uber-go/zap) from 1.18.1 to 1.19.0.
- [Release notes](https://github.com/uber-go/zap/releases)
- [Changelog](https://github.com/uber-go/zap/blob/master/CHANGELOG.md)
- [Commits](https://github.com/uber-go/zap/compare/v1.18.1...v1.19.0)

---
updated-dependencies:
- dependency-name: go.uber.org/zap
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Naveen <172697+naveensrinivasan@users.noreply.github.com>
 2021-08-15 22:55:20 +00:00
Azeem Shaikh
b7ddc9ac93
Update go-github version for consistency (#852) 
Co-authored-by: Azeem Shaikh <azeems@google.com>
 2021-08-13 00:43:22 +00:00
dependabot[bot]
ee8e4026bc
🌱 Bump github.com/google/go-containerregistry (#832) 
Bumps [github.com/google/go-containerregistry](https://github.com/google/go-containerregistry) from 0.1.2 to 0.6.0.
- [Release notes](https://github.com/google/go-containerregistry/releases)
- [Changelog](https://github.com/google/go-containerregistry/blob/main/.goreleaser.yml)
- [Commits](https://github.com/google/go-containerregistry/compare/v0.1.2...v0.6.0)

---
updated-dependencies:
- dependency-name: github.com/google/go-containerregistry
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Azeem Shaikh <azeemshaikh38@gmail.com>
 2021-08-11 16:43:35 +00:00
dependabot[bot]
0f6cbc1703
🌱 Bump cloud.google.com/go/pubsub from 1.13.0 to 1.14.0 (#833) 
Bumps [cloud.google.com/go/pubsub](https://github.com/googleapis/google-cloud-go) from 1.13.0 to 1.14.0.
- [Release notes](https://github.com/googleapis/google-cloud-go/releases)
- [Changelog](https://github.com/googleapis/google-cloud-go/blob/master/CHANGES.md)
- [Commits](https://github.com/googleapis/google-cloud-go/compare/pubsub/v1.13.0...pubsub/v1.14.0)

---
updated-dependencies:
- dependency-name: cloud.google.com/go/pubsub
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Azeem Shaikh <azeemshaikh38@gmail.com>
 2021-08-11 05:01:54 +00:00
dependabot[bot]
bbf99add9e
🌱 Bump cloud.google.com/go/bigquery from 1.19.0 to 1.20.1 (#820) 
Bumps [cloud.google.com/go/bigquery](https://github.com/googleapis/google-cloud-go) from 1.19.0 to 1.20.1.
- [Release notes](https://github.com/googleapis/google-cloud-go/releases)
- [Changelog](https://github.com/googleapis/google-cloud-go/blob/master/CHANGES.md)
- [Commits](https://github.com/googleapis/google-cloud-go/compare/spanner/v1.19.0...bigquery/v1.20.1)

---
updated-dependencies:
- dependency-name: cloud.google.com/go/bigquery
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Naveen <172697+naveensrinivasan@users.noreply.github.com>
Co-authored-by: Azeem Shaikh <azeemshaikh38@gmail.com>
 2021-08-11 03:22:00 +00:00
Azeem Shaikh
bc67dd306a
Create a webhook for tagging Docker images (#828) 
Co-authored-by: Azeem Shaikh <azeems@google.com>
 2021-08-11 01:45:01 +00:00
naveen
ef9880c7b3 🌱 Implemented ignore for license check 
The license check was updated with the ignore files.

Fixed the issue https://github.com/ossf/scorecard/issues/767
 2021-08-09 16:09:01 -05:00
dependabot[bot]
fc75fd44e8
🌱 Bump github.com/onsi/gomega from 1.14.0 to 1.15.0 (#816) 
Bumps [github.com/onsi/gomega](https://github.com/onsi/gomega) from 1.14.0 to 1.15.0.
- [Release notes](https://github.com/onsi/gomega/releases)
- [Changelog](https://github.com/onsi/gomega/blob/master/CHANGELOG.md)
- [Commits](https://github.com/onsi/gomega/compare/v1.14.0...v1.15.0)

---
updated-dependencies:
- dependency-name: github.com/onsi/gomega
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2021-08-06 17:42:41 -04:00
laurentsimon
6718939a08
Cleanup errors and log (#782) 
* cleanup

* text

* add errors

* fixes

* more

* fixes

* linnter

* comments

* name
 2021-08-02 22:38:42 +00:00
dependabot[bot]
0a7e1515ef
🌱 Bump mvdan.cc/sh/v3 from 3.3.0 to 3.3.1 (#797) 
Bumps [mvdan.cc/sh/v3](https://github.com/mvdan/sh) from 3.3.0 to 3.3.1.
- [Release notes](https://github.com/mvdan/sh/releases)
- [Changelog](https://github.com/mvdan/sh/blob/master/CHANGELOG.md)
- [Commits](https://github.com/mvdan/sh/compare/v3.3.0...v3.3.1)

---
updated-dependencies:
- dependency-name: mvdan.cc/sh/v3
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2021-08-02 09:19:22 -04:00
dependabot[bot]
fae54a6af4
🌱 Bump cloud.google.com/go/pubsub from 1.12.2 to 1.13.0 (#723) 
Bumps [cloud.google.com/go/pubsub](https://github.com/googleapis/google-cloud-go) from 1.12.2 to 1.13.0.
- [Release notes](https://github.com/googleapis/google-cloud-go/releases)
- [Changelog](https://github.com/googleapis/google-cloud-go/blob/master/CHANGES.md)
- [Commits](https://github.com/googleapis/google-cloud-go/compare/pubsub/v1.12.2...pubsub/v1.13.0)

---
updated-dependencies:
- dependency-name: cloud.google.com/go/pubsub
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Azeem Shaikh <azeemshaikh38@gmail.com>
 2021-07-29 21:28:39 +00:00
Naveen
4d7fb5d748
🌱 Fix the go.mod with v2 upgrade (#716) 
The go.mod and the related files weren't t updated with the v2 upgrade.

https://github.com/ossf/scorecard/issues/711

This fix will address the issue.
 2021-07-26 13:01:25 -05:00
dependabot[bot]
9b07526776
🌱 Bump golang.org/x/tools from 0.1.4 to 0.1.5 (#691) 
Bumps [golang.org/x/tools](https://github.com/golang/tools) from 0.1.4 to 0.1.5.
- [Release notes](https://github.com/golang/tools/releases)
- [Commits](https://github.com/golang/tools/compare/v0.1.4...v0.1.5)

---
updated-dependencies:
- dependency-name: golang.org/x/tools
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Naveen <172697+naveensrinivasan@users.noreply.github.com>
 2021-07-14 14:50:36 +00:00
naveen
219404e0b7 🌱 Removing gitcache 
Removing gitcache
 2021-07-13 01:03:21 -05:00
dependabot[bot]
1e01a270ec
🌱 Bump cloud.google.com/go/pubsub from 1.12.0 to 1.12.2 (#671) 
Bumps [cloud.google.com/go/pubsub](https://github.com/googleapis/google-cloud-go) from 1.12.0 to 1.12.2.
- [Release notes](https://github.com/googleapis/google-cloud-go/releases)
- [Changelog](https://github.com/googleapis/google-cloud-go/blob/master/CHANGES.md)
- [Commits](https://github.com/googleapis/google-cloud-go/compare/pubsub/v1.12.0...pubsub/v1.12.2)

---
updated-dependencies:
- dependency-name: cloud.google.com/go/pubsub
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Azeem Shaikh <azeemshaikh38@gmail.com>
 2021-07-08 22:25:42 -07:00
dependabot[bot]
2e347ac42b 🌱 Bump github.com/onsi/gomega from 1.13.0 to 1.14.0 
Bumps [github.com/onsi/gomega](https://github.com/onsi/gomega) from 1.13.0 to 1.14.0.
- [Release notes](https://github.com/onsi/gomega/releases)
- [Changelog](https://github.com/onsi/gomega/blob/master/CHANGELOG.md)
- [Commits](https://github.com/onsi/gomega/compare/v1.13.0...v1.14.0)

---
updated-dependencies:
- dependency-name: github.com/onsi/gomega
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
 2021-07-08 20:10:34 -05:00
naveen
7afc0918e2 Table output for the results 
* Included the table output in the default results
 2021-07-08 20:00:13 -05:00
dependabot[bot]
3181aba22b 🌱 Bump github.com/spf13/cobra from 1.2.0 to 1.2.1 
Bumps [github.com/spf13/cobra](https://github.com/spf13/cobra) from 1.2.0 to 1.2.1.
- [Release notes](https://github.com/spf13/cobra/releases)
- [Changelog](https://github.com/spf13/cobra/blob/master/CHANGELOG.md)
- [Commits](https://github.com/spf13/cobra/compare/v1.2.0...v1.2.1)

---
updated-dependencies:
- dependency-name: github.com/spf13/cobra
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2021-07-05 08:52:24 -05:00
dependabot[bot]
c61a744c1b 🌱 Bump github.com/spf13/cobra from 1.1.3 to 1.2.0 
Bumps [github.com/spf13/cobra](https://github.com/spf13/cobra) from 1.1.3 to 1.2.0.
- [Release notes](https://github.com/spf13/cobra/releases)
- [Changelog](https://github.com/spf13/cobra/blob/master/CHANGELOG.md)
- [Commits](https://github.com/spf13/cobra/compare/v1.1.3...v1.2.0)

---
updated-dependencies:
- dependency-name: github.com/spf13/cobra
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
 2021-07-02 11:27:32 -05:00
dependabot[bot]
ecab8fed52
🌱 Bump cloud.google.com/go/bigquery from 1.18.0 to 1.19.0 (#635) 
Bumps [cloud.google.com/go/bigquery](https://github.com/googleapis/google-cloud-go) from 1.18.0 to 1.19.0.
- [Release notes](https://github.com/googleapis/google-cloud-go/releases)
- [Changelog](https://github.com/googleapis/google-cloud-go/blob/master/CHANGES.md)
- [Commits](https://github.com/googleapis/google-cloud-go/compare/spanner/v1.18.0...spanner/v1.19.0)

---
updated-dependencies:
- dependency-name: cloud.google.com/go/bigquery
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: Azeem Shaikh <azeems@google.com>
 2021-06-30 11:54:01 -07:00
dependabot[bot]
5dd7f118ae
🌱 Bump github.com/golangci/golangci-lint from 1.40.1 to 1.41.1 (#627) 
Bumps [github.com/golangci/golangci-lint](https://github.com/golangci/golangci-lint) from 1.40.1 to 1.41.1.
- [Release notes](https://github.com/golangci/golangci-lint/releases)
- [Changelog](https://github.com/golangci/golangci-lint/blob/master/CHANGELOG.md)
- [Commits](https://github.com/golangci/golangci-lint/compare/v1.40.1...v1.41.1)

---
updated-dependencies:
- dependency-name: github.com/golangci/golangci-lint
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: Azeem Shaikh <azeems@google.com>
Co-authored-by: Azeem Shaikh <azeemshaikh38@gmail.com>
Co-authored-by: Naveen <172697+naveensrinivasan@users.noreply.github.com>
 2021-06-29 10:26:16 -07:00
dependabot[bot]
6a2a1faa6f
🌱 Bump google.golang.org/protobuf from 1.26.0 to 1.27.1 (#624) 
Bumps [google.golang.org/protobuf](https://github.com/protocolbuffers/protobuf-go) from 1.26.0 to 1.27.1.
- [Release notes](https://github.com/protocolbuffers/protobuf-go/releases)
- [Changelog](https://github.com/protocolbuffers/protobuf-go/blob/master/release.bash)
- [Commits](https://github.com/protocolbuffers/protobuf-go/compare/v1.26.0...v1.27.1)

---
updated-dependencies:
- dependency-name: google.golang.org/protobuf
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Azeem Shaikh <azeemshaikh38@gmail.com>
 2021-06-29 08:42:40 -07:00
dependabot[bot]
fd0bb46836
🌱 Bump golang.org/x/tools from 0.1.3 to 0.1.4 (#626) 
Bumps [golang.org/x/tools](https://github.com/golang/tools) from 0.1.3 to 0.1.4.
- [Release notes](https://github.com/golang/tools/releases)
- [Commits](https://github.com/golang/tools/compare/v0.1.3...v0.1.4)

---
updated-dependencies:
- dependency-name: golang.org/x/tools
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Azeem Shaikh <azeemshaikh38@gmail.com>
 2021-06-29 01:23:05 -07:00
dependabot[bot]
c095d6f161
🌱 Bump contrib.go.opencensus.io/exporter/stackdriver (#579) 
Bumps [contrib.go.opencensus.io/exporter/stackdriver](https://github.com/census-ecosystem/opencensus-go-exporter-stackdriver) from 0.13.6 to 0.13.8.
- [Release notes](https://github.com/census-ecosystem/opencensus-go-exporter-stackdriver/releases)
- [Commits](https://github.com/census-ecosystem/opencensus-go-exporter-stackdriver/compare/v0.13.6...v0.13.8)

---
updated-dependencies:
- dependency-name: contrib.go.opencensus.io/exporter/stackdriver
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Azeem Shaikh <azeemshaikh38@gmail.com>
 2021-06-28 21:21:12 -07:00
dependabot[bot]
18b53076d6
🌱 Bump go.uber.org/zap from 1.17.0 to 1.18.1 (#625) 
Bumps [go.uber.org/zap](https://github.com/uber-go/zap) from 1.17.0 to 1.18.1.
- [Release notes](https://github.com/uber-go/zap/releases)
- [Changelog](https://github.com/uber-go/zap/blob/master/CHANGELOG.md)
- [Commits](https://github.com/uber-go/zap/compare/v1.17.0...v1.18.1)

---
updated-dependencies:
- dependency-name: go.uber.org/zap
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Naveen <172697+naveensrinivasan@users.noreply.github.com>
 2021-06-28 18:49:51 -04:00
dependabot[bot]
bf87a7a00a 🌱 Bump cloud.google.com/go/pubsub from 1.11.0 to 1.12.0 
Bumps [cloud.google.com/go/pubsub](https://github.com/googleapis/google-cloud-go) from 1.11.0 to 1.12.0.
- [Release notes](https://github.com/googleapis/google-cloud-go/releases)
- [Changelog](https://github.com/googleapis/google-cloud-go/blob/master/CHANGES.md)
- [Commits](https://github.com/googleapis/google-cloud-go/compare/pubsub/v1.11.0...pubsub/v1.12.0)

---
updated-dependencies:
- dependency-name: cloud.google.com/go/pubsub
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
 2021-06-28 17:08:52 -05:00
naveen
6aefe1b6ac 🌱 Fix broken e2e tests 
* Changed the path for the frozen deps to look for within the
.github/worworkflows path

* Included license check to tools.go

* Removed the hard reference to ginkgo within the integration.yml

* The above fixes will fix the broken tests for scorecard.

Repo: github.com/ossf/scorecard
Frozen-Deps: Fail 10
go modules found: go.mod
!! frozen-deps/fetch-execute - .github/workflows/integration.yml is fetching an non-pinned dependency 'go get github.com/onsi/ginkgo/ginkgo@v1.14.2'
!! frozen-deps/fetch-execute - .github/workflows/main.yml is fetching an non-pinned dependency 'go install github.com/google/addlicense@latest'
 2021-06-28 15:28:10 -05:00
Azeem Shaikh
1f1e05b22c
Add metadata Google for Google-owned repos (#616) 
Co-authored-by: Azeem Shaikh <azeems@google.com>
 2021-06-27 09:04:00 -07:00
laurentsimon
0ca1ace1f2
Check: detect downloads of scripts/binaries in docker's RUN (#584) 
* commit 1

* commit 2

* commit 3

* updates

* linter

* update year

* cleanup

* linter

* fix test files

* linter

* comments
 2021-06-21 18:45:15 +00:00
Naveen
3e1890fe35
Binary Artifact check (#563) 
* Implemented binary artifact checks
 2021-06-21 15:49:31 +00:00
Azeem Shaikh
09e86518e5
Add all Google-owned repositories to cron job (#555) 
Co-authored-by: Azeem Shaikh <azeems@google.com>
 2021-06-08 16:55:43 -07:00
dependabot[bot]
a6d7c038af
🌱 Bump github.com/onsi/ginkgo from 1.16.2 to 1.16.4 (#537) 
Bumps [github.com/onsi/ginkgo](https://github.com/onsi/ginkgo) from 1.16.2 to 1.16.4.
- [Release notes](https://github.com/onsi/ginkgo/releases)
- [Changelog](https://github.com/onsi/ginkgo/blob/master/CHANGELOG.md)
- [Commits](https://github.com/onsi/ginkgo/compare/v1.16.2...v1.16.4)

---
updated-dependencies:
- dependency-name: github.com/onsi/ginkgo
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Naveen <172697+naveensrinivasan@users.noreply.github.com>
 2021-06-03 23:02:05 -04:00
dependabot[bot]
b839e0426f 🌱 Bump cloud.google.com/go/pubsub from 1.10.3 to 1.11.0 
Bumps [cloud.google.com/go/pubsub](https://github.com/googleapis/google-cloud-go) from 1.10.3 to 1.11.0.
- [Release notes](https://github.com/googleapis/google-cloud-go/releases)
- [Changelog](https://github.com/googleapis/google-cloud-go/blob/master/CHANGES.md)
- [Commits](https://github.com/googleapis/google-cloud-go/compare/pubsub/v1.10.3...pubsub/v1.11.0)

---
updated-dependencies:
- dependency-name: cloud.google.com/go/pubsub
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
 2021-06-03 12:07:47 -04:00
Azeem Shaikh
3b86d57217
Use lease extension for PubSub worker (#533) 
Co-authored-by: Azeem Shaikh <azeems@google.com>
 2021-06-02 17:59:42 -07:00
dependabot[bot]
c056718628
🌱 Bump github.com/onsi/gomega from 1.12.0 to 1.13.0 (#515) 
Bumps [github.com/onsi/gomega](https://github.com/onsi/gomega) from 1.12.0 to 1.13.0.
- [Release notes](https://github.com/onsi/gomega/releases)
- [Changelog](https://github.com/onsi/gomega/blob/master/CHANGELOG.md)
- [Commits](https://github.com/onsi/gomega/compare/v1.12.0...v1.13.0)

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Naveen <172697+naveensrinivasan@users.noreply.github.com>
 2021-05-28 12:00:16 -04:00
dependabot[bot]
b7e1f155fc
🌱 Bump cloud.google.com/go/bigquery from 1.8.0 to 1.18.0 (#483) 
Bumps [cloud.google.com/go/bigquery](https://github.com/googleapis/google-cloud-go) from 1.8.0 to 1.18.0.
- [Release notes](https://github.com/googleapis/google-cloud-go/releases)
- [Changelog](https://github.com/googleapis/google-cloud-go/blob/master/CHANGES.md)
- [Commits](https://github.com/googleapis/google-cloud-go/compare/pubsub/v1.8.0...spanner/v1.18.0)

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Naveen <172697+naveensrinivasan@users.noreply.github.com>
 2021-05-26 15:58:21 -04:00
dependabot[bot]
44252d64c8
🌱 Bump go.uber.org/zap from 1.16.0 to 1.17.0 (#509) 
Bumps [go.uber.org/zap](https://github.com/uber-go/zap) from 1.16.0 to 1.17.0.
- [Release notes](https://github.com/uber-go/zap/releases)
- [Changelog](https://github.com/uber-go/zap/blob/master/CHANGELOG.md)
- [Commits](https://github.com/uber-go/zap/compare/v1.16.0...v1.17.0)

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Naveen <172697+naveensrinivasan@users.noreply.github.com>
 2021-05-26 15:11:44 -04:00
dependabot[bot]
7ec85f22ed 🌱 Bump contrib.go.opencensus.io/exporter/stackdriver 
Bumps [contrib.go.opencensus.io/exporter/stackdriver](https://github.com/census-ecosystem/opencensus-go-exporter-stackdriver) from 0.13.4 to 0.13.6.
- [Release notes](https://github.com/census-ecosystem/opencensus-go-exporter-stackdriver/releases)
- [Commits](https://github.com/census-ecosystem/opencensus-go-exporter-stackdriver/compare/v0.13.4...v0.13.6)

Signed-off-by: dependabot[bot] <support@github.com>
 2021-05-26 14:55:28 -04:00
dependabot[bot]
0d469a4533
🌱 Bump gocloud.dev from 0.22.0 to 0.23.0 (#464) 
Bumps [gocloud.dev](https://github.com/google/go-cloud) from 0.22.0 to 0.23.0.
- [Release notes](https://github.com/google/go-cloud/releases)
- [Commits](https://github.com/google/go-cloud/compare/v0.22.0...v0.23.0)

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Naveen <172697+naveensrinivasan@users.noreply.github.com>
 2021-05-26 13:06:23 -04:00
Azeem Shaikh
0c636b0f5f
Fix bug in GitHub token access (#490) 
Co-authored-by: Azeem Shaikh <azeems@google.com>
 2021-05-22 11:24:53 -07:00
Azeem Shaikh
4584311fc6
Add monitoring to checks (#480) 
Co-authored-by: Azeem Shaikh <azeems@google.com>
 2021-05-20 23:47:49 -07:00
Azeem Shaikh
9453765aa0
Use TRUNCATE to load data into BigQuery (#476) 
Co-authored-by: Azeem Shaikh <azeems@google.com>
 2021-05-19 23:59:40 -07:00
laurentsimon
ee3f290702
Add check for Docker dependency pinning by hash (#469) 
* check pinning in docker files

* Revert "check pinning in docker files"

This reverts commit c05a5007b1.

* check pinning in docker files

* Revert "check pinning in docker files"

This reverts commit c05a5007b1.

* check pinning in docker files

* Revert "check pinning in docker files"

This reverts commit c05a5007b1.

* check pinning in docker files

* Revert "check pinning in docker files"

This reverts commit c05a5007b1.

* check pinning in docker files

* Revert "check pinning in docker files"

This reverts commit c05a5007b1.

* check dependencies pinning in docker files

* check docker files hash pinning

* remove logging

* make keyword matches case-insensitive

* remove log

* update unit tests

* check fix

* check dependencies pinning in docker files

* check docker files hash pinning

* remove logging

* remove log

* check fix

* comment

* linter

* commments

* check pinning in docker files

* Revert "check pinning in docker files"

This reverts commit c05a5007b1.

* check pinning in docker files

* Revert "check pinning in docker files"

This reverts commit c05a5007b1.

* check pinning in docker files

* Revert "check pinning in docker files"

This reverts commit c05a5007b1.

* check dependencies pinning in docker files

* check docker files hash pinning

* check fix

* check dependencies pinning in docker files

* check docker files hash pinning

* remove logging

* make keyword matches case-insensitive

* remove log

* check fix

* comment

* commments

* comments

* check pinning in docker files

* Revert "check pinning in docker files"

This reverts commit c05a5007b1.

* check pinning in docker files

* Revert "check pinning in docker files"

This reverts commit c05a5007b1.

* check pinning in docker files

* Revert "check pinning in docker files"

This reverts commit c05a5007b1.

* check dependencies pinning in docker files

* check docker files hash pinning

* remove logging

* make keyword matches case-insensitive

* check fix

* check dependencies pinning in docker files

* check docker files hash pinning

* check fix

* commments

* comments

* comments

* comments

* update mod

* remove continue keyword

* linter

* linter

* linter

* comments

* cleanup

* linter

* typos

* typos
 2021-05-19 09:46:39 -07:00
Abhishek Arya
5f82d2b9c0
Add checks for workflow action pinning (#466) 
Patch by Laurent Simon <laurentsimon@google.com>

Co-authored-by: Laurent Simon <laurentsimon@google.com>
 2021-05-17 13:03:39 -07:00
Naveen
9281d1ddd9
🌱 Move tool dependencies into go.mod (#460) 
Moved the tool dependencies into go.mod
 2021-05-17 15:20:28 -04:00
Azeem Shaikh
ba3b5c5979
Refactor Makefile and add proto compile support. (#458) 
Co-authored-by: Azeem Shaikh <azeems@google.com>
 2021-05-15 13:58:01 -07:00
Azeem Shaikh
6437c9324f
Setup PubSub framework code. (#428) 
Co-authored-by: Azeem Shaikh <azeems@google.com>
 2021-05-14 14:32:23 -07:00
dependabot[bot]
e326db557b
🌱 Bump github.com/onsi/gomega from 1.11.0 to 1.12.0 (#407) 
Bumps [github.com/onsi/gomega](https://github.com/onsi/gomega) from 1.11.0 to 1.12.0.
- [Release notes](https://github.com/onsi/gomega/releases)
- [Changelog](https://github.com/onsi/gomega/blob/master/CHANGELOG.md)
- [Commits](https://github.com/onsi/gomega/compare/v1.11.0...v1.12.0)

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Naveen <172697+naveensrinivasan@users.noreply.github.com>
 2021-05-09 12:05:53 -04:00
Abhishek Arya
a2d51ead20
🐛Freeze Makefile deps (#404) 
* Freeze Makefile deps

* trigger ci

* Fix build failure.
 2021-05-05 09:55:59 -07:00
dependabot[bot]
9e4ecf0a44 🌱 Bump github.com/onsi/ginkgo from 1.16.1 to 1.16.2 
Bumps [github.com/onsi/ginkgo](https://github.com/onsi/ginkgo) from 1.16.1 to 1.16.2.
- [Release notes](https://github.com/onsi/ginkgo/releases)
- [Changelog](https://github.com/onsi/ginkgo/blob/master/CHANGELOG.md)
- [Commits](https://github.com/onsi/ginkgo/compare/v1.16.1...v1.16.2)

Signed-off-by: dependabot[bot] <support@github.com>
 2021-05-05 07:12:09 -05:00
naveen
09af32a993 Generate docs using go instead of python 
* Implemented the doc generation from python to go
 * Removed the need for json
 * Sorted the output of the generated markdown
 2021-05-02 19:46:07 -05:00
Azeem Shaikh
d3a59eacff Move Dockerfile.gsutil to inside cron/ 2021-04-27 17:21:53 -05:00
Azeem Shaikh
86a46560c8 Rename CheckResults to Checks to match BQ schema. 2021-04-26 17:45:04 -05:00
Azeem Shaikh
bd3eff1fcf
Cron job uses line-delimited JSON (#344) 
*  Refactor to reduce code duplication

* 

* Move lib/ back to checker/

* Move lib/ back to checker/

* Move lib/ back to checker/

* Address PR comments.

* Addressing PR comments.

* Separate out ReposURL nito repos/

* Add TODO in gitcache module.

* Add RepoRequest/Response types.

* Avoid printing `ShouldRetry` and `Error` in output JSON.

* Fix JSON output.

* Simplify cmd package.

* Make cron/ a package instead of module.

* Fix TODO.

* Remove binary file.

* go.mod file.

* go.mod updates.

* Refactor cron to use in-memory JSON.

* Fix JSON output.

* Fix go.mod

* Address PR comments.

* Change %w -> %v.

* Address PR comments.

* Fix err.

Co-authored-by: Azeem Shaikh <azeems@google.com>
 2021-04-19 12:49:51 -07:00
Azeem Shaikh
a58818d258
🌱 : Reduce code duplication for follow-up cron refactoring (#338) 
*  Refactor to reduce code duplication

* 

* Move lib/ back to checker/

* Move lib/ back to checker/

* Move lib/ back to checker/

* Address PR comments.

* Addressing PR comments.

* Avoid printing `ShouldRetry` and `Error` in output JSON.

* Fix JSON output.

Co-authored-by: Azeem Shaikh <azeems@google.com>
 2021-04-10 07:26:56 -05:00
dependabot[bot]
fc0eac922a Bump github.com/onsi/ginkgo from 1.16.0 to 1.16.1 
Bumps [github.com/onsi/ginkgo](https://github.com/onsi/ginkgo) from 1.16.0 to 1.16.1.
- [Release notes](https://github.com/onsi/ginkgo/releases)
- [Changelog](https://github.com/onsi/ginkgo/blob/master/CHANGELOG.md)
- [Commits](https://github.com/onsi/ginkgo/compare/v1.16.0...v1.16.1)

Signed-off-by: dependabot[bot] <support@github.com>
 2021-04-08 09:27:08 -05:00
dependabot[bot]
e0cd796b7f Bump github.com/onsi/ginkgo from 1.15.2 to 1.16.0 
Bumps [github.com/onsi/ginkgo](https://github.com/onsi/ginkgo) from 1.15.2 to 1.16.0.
- [Release notes](https://github.com/onsi/ginkgo/releases)
- [Changelog](https://github.com/onsi/ginkgo/blob/master/CHANGELOG.md)
- [Commits](https://github.com/onsi/ginkgo/compare/v1.15.2...v1.16.0)

Signed-off-by: dependabot[bot] <support@github.com>
 2021-04-05 12:12:04 -05:00
dependabot[bot]
8333f1e328 Bump github.com/onsi/ginkgo from 1.15.1 to 1.15.2 
Bumps [github.com/onsi/ginkgo](https://github.com/onsi/ginkgo) from 1.15.1 to 1.15.2.
- [Release notes](https://github.com/onsi/ginkgo/releases)
- [Changelog](https://github.com/onsi/ginkgo/blob/master/CHANGELOG.md)
- [Commits](https://github.com/onsi/ginkgo/compare/v1.15.1...v1.15.2)

Signed-off-by: dependabot[bot] <support@github.com>
 2021-03-17 15:18:13 -04:00
naveen
6e8018cf8f chore - Upgrade ginkgo and goomega dependencies 
Upgrade version for ginkgo and goomega dependencies.
 2021-03-10 09:08:31 -05:00
Naveen
b4c2e4fd13
feat - migrate to go 1.16 (#233) 
Upgrade to go version 1.16
 2021-03-03 18:56:29 +00:00
Abhishek Arya
a44dd6a758
Add pypi and ruby gems package support. (#226) 
Adds some more package managers to
https://github.com/ossf/scorecard/issues/33

Co-authored-by: Naveen <172697+naveensrinivasan@users.noreply.github.com>
 2021-03-01 11:21:20 -05:00
naveen
cab29a2747 Feat- Use cloud buckets for caching 
Use cloud buckets for httpcache.

The implementation uses https://github.com/google/go-cloud for it to be
cloud vendor agnostic.
 2021-02-24 11:17:50 -05:00
naveen
9510d3e0d7 Fix - default disk cache size 
The default disk cache size is 100mb. Changed the default disk cache to
10gb.
 2021-02-22 18:19:56 -05:00
Naveen
db81680172
Feat-Implement httpcache middleware for GitHub API (#203) 
The GitHub API supports conditional requests
https://docs.github.com/en/rest/overview/resources-in-the-rest-api#conditional-requests

https://github.com/google/go-github supports Conditional requests
https://github.com/google/go-github#conditional-requests

As we are scaling more and more projects this would add a lot of value.

Initial run fetches information using `httpcache` as a middleware,
which caches the HTTP response initially in a large disk (PVC),
probably move to Redis later as a cache instead of disk.

Subsequent `cron runs` will utilize the `httpcache` for checking content modification and
load it from the cache if it isn't modified, which reduces the hitting the
Rate Limit of the GitHub API.
 2021-02-22 17:18:28 +00:00
dependabot[bot]
2c23a47857 Bump github.com/spf13/cobra from 1.1.2 to 1.1.3 
Bumps [github.com/spf13/cobra](https://github.com/spf13/cobra) from 1.1.2 to 1.1.3.
- [Release notes](https://github.com/spf13/cobra/releases)
- [Changelog](https://github.com/spf13/cobra/blob/master/CHANGELOG.md)
- [Commits](https://github.com/spf13/cobra/compare/v1.1.2...v1.1.3)

Signed-off-by: dependabot[bot] <support@github.com>
 2021-02-11 11:15:34 -05:00
dependabot[bot]
7ef0cf9c55
Bump github.com/spf13/cobra from 1.1.1 to 1.1.2 (#154) 
Bumps [github.com/spf13/cobra](https://github.com/spf13/cobra) from 1.1.1 to 1.1.2.
- [Release notes](https://github.com/spf13/cobra/releases)
- [Changelog](https://github.com/spf13/cobra/blob/master/CHANGELOG.md)
- [Commits](https://github.com/spf13/cobra/compare/v1.1.1...v1.1.2)

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2021-02-09 22:58:55 -08:00
dependabot[bot]
038e3b65c1 Bump github.com/onsi/gomega from 1.10.4 to 1.10.5 
Bumps [github.com/onsi/gomega](https://github.com/onsi/gomega) from 1.10.4 to 1.10.5.
- [Release notes](https://github.com/onsi/gomega/releases)
- [Changelog](https://github.com/onsi/gomega/blob/master/CHANGELOG.md)
- [Commits](https://github.com/onsi/gomega/compare/v1.10.4...v1.10.5)

Signed-off-by: dependabot[bot] <support@github.com>
 2021-02-02 09:18:34 -05:00
dependabot[bot]
717701bd61 Bump github.com/onsi/ginkgo from 1.14.2 to 1.15.0 
Bumps [github.com/onsi/ginkgo](https://github.com/onsi/ginkgo) from 1.14.2 to 1.15.0.
- [Release notes](https://github.com/onsi/ginkgo/releases)
- [Changelog](https://github.com/onsi/ginkgo/blob/master/CHANGELOG.md)
- [Commits](https://github.com/onsi/ginkgo/compare/v1.14.2...v1.15.0)

Signed-off-by: dependabot[bot] <support@github.com>
 2021-02-02 09:13:35 -05:00
Abhishek Arya
b278475af0 Fix CodeQL failure. 2021-01-15 13:44:52 -05:00
Abhishek Arya
5b7ddc55ab Add e2e test. 2021-01-15 13:44:52 -05:00
Naveen
f77da7783b
feat-e2e tests for signed tags and signed releases (#115) 
Implemented e2e tests using ginkgo for validating signed tags and signed
releases.

ginkgo is utilized as a standard BDD testing framework in other
projects like kubebuilder.
 2021-01-01 14:36:31 -06:00
naveen
fd3a2a87b9 fix - URL with trailing slash 
Fixes the URL with trailing slash.
Changed the URL parsing to net package implementation.
Included tests for URL parsing.
 2020-12-21 15:16:32 -05:00
dlorenc
24fa4cca5e
Add support for and hookup app based authentication for higher rate limiting. (#69) 
This also configures it in our nightly cron cluster.
 2020-11-13 11:06:46 -06:00
dlorenc
45286f140c
Add a script to output in csv that can be run daily. (#56) 2020-11-10 13:25:57 -06:00
Dan Lorenc
a8e06bdefb Update deps. 2020-11-06 15:29:27 -06:00
dlorenc
fd188f5263
Use the GraphQL API to retrieve the list of tags in signed-tags. (#45) 2020-11-06 15:28:26 -06:00
Dan Lorenc
9f686dc707 Rename repo/modules. 2020-10-27 14:23:48 -05:00
dlorenc
49fba38c8b
Use Cobra CLI library, reorganize a bit. (#22) 2020-10-18 18:49:51 -05:00
Dan Lorenc
c9596cd09d Add better logging. 2020-10-13 11:29:29 -05:00
Dan Lorenc
3ee3c748e9 Initial commit. 2020-10-09 10:08:43 -05:00