Spencer Schrock
a9ab4a903f
✨ remove experimental gate on maintainer annotation parsing ( #4231 )
...
* ✨ remove experimental gate on maintainer annotation parsing
Signed-off-by: Spencer Schrock <sschrock@google.com>
* remove gate on cli flag
Signed-off-by: Spencer Schrock <sschrock@google.com>
---------
Signed-off-by: Spencer Schrock <sschrock@google.com>
2024-07-10 17:15:26 +00:00
Raghav Kaul
bfaa9febc2
✨ probe: releases with verified provenance ( #4141 )
...
* add projectpackageversions to signed releases raw results
Signed-off-by: Raghav Kaul <raghavkaul+github@google.com>
* finding: add NewNot* helpers, fix error msg
Signed-off-by: Raghav Kaul <raghavkaul+github@google.com>
* probe: releasesHaveVerifiedProvenance
Signed-off-by: Raghav Kaul <raghavkaul+github@google.com>
* logging
Signed-off-by: Raghav Kaul <raghavkaul+github@google.com>
* fix tests and lint
Signed-off-by: Raghav Kaul <raghavkaul+github@google.com>
* address comments
Signed-off-by: Raghav Kaul <raghavkaul+github@google.com>
* remove unused
Signed-off-by: Raghav Kaul <raghavkaul+github@google.com>
* fix merge conflict
Signed-off-by: Raghav Kaul <raghavkaul+github@google.com>
---------
Signed-off-by: Raghav Kaul <raghavkaul+github@google.com>
2024-06-07 10:15:20 -07:00
Gabriela Gutierrez
8789bbbbfc
⚠️ Add initial Maintainers Annotation parsing ( #3905 )
...
* feat: Get maintainers annotation from repo
This commits adds functionality to read a scorecard.yml file from a repository and parse it to get the maintainers annotation. It introduces the concepts of exemptions, annotations, annotated checks, and annotation reasons.
Signed-off-by: Gabriela Gutierrez <gabigutierrez@google.com>
* feat: Hand off maintainers annotation for SARIF
Hnad off maintainers annotation to SARIF formatting so it can decide to skip or not skip checks when creating the output.
Signed-off-by: Gabriela Gutierrez <gabigutierrez@google.com>
* feat: If check is annotated, skip in SARIF output
Signed-off-by: Gabriela Gutierrez <gabigutierrez@google.com>
* feat: Add other annotation reasons
Signed-off-by: Gabriela Gutierrez <gabigutierrez@google.com>
* feat: Add options to show maintainers annotations in output
Signed-off-by: Gabriela Gutierrez <gabigutierrez@google.com>
* feat: Output maintainers annotations in JSON
Signed-off-by: Gabriela Gutierrez <gabigutierrez@google.com>
* fix: Remove unnecessary maintainers annotation param in SARIF
Signed-off-by: Gabriela Gutierrez <gabigutierrez@google.com>
* feat: Output maintainers annotations in string default result
This commit changes how data is appended to the table rows. Previously, we defined the table columns size and added information to each index. To avoid complicating the calculation of the index now that we are adding another optional column, the data is appended to the row as needed.
Also, the maintainers annotation was chosen to be displayed as last column to give space for Scorecard official reasoning and documentation to appear first.
Signed-off-by: Gabriela Gutierrez <gabigutierrez@google.com>
* feat: Ignore annotation if check has max score
Signed-off-by: Gabriela Gutierrez <gabigutierrez@google.com>
* doc: Add documentation for maintainers annotation
Introduce what flag should be used to show maintainers annotation and how to configure maintainers annotation for your repository.
Signed-off-by: Gabriela Gutierrez <gabigutierrez@google.com>
* refactor: A maintainers annotation obj can verify if a check is exempted
Signed-off-by: Gabriela Gutierrez <gabigutierrez@google.com>
* refactor: Get annotations function can be private
Signed-off-by: Gabriela Gutierrez <gabigutierrez@google.com>
* refactor: Find scorecard.yml file in the repository's root
Change to "GetFileContent" method since we're looking for a specific file instead of using "OnMatchingFileContentDo" method that looks files with a specific content.
This also removes the dependency from "checks/fileparser". This is necessary to move "IsCheckExempted" to checker.
Signed-off-by: Gabriela Gutierrez <gabigutierrez@google.com>
* fix: A check should know if it's exempted or not
Moving the verification "IsCheckExempted" from maintainers_annotation package to checker package. This way a check result will define, consulting maintainers annotation, if it is exempted or not.
Signed-off-by: Gabriela Gutierrez <gabigutierrez@google.com>
* fix: Maintainers annotation can only be used in experimental mode
Signed-off-by: Gabriela Gutierrez <gabigutierrez@google.com>
* fix: Ignore if scorecard.yml does not exist
Signed-off-by: Gabriela Gutierrez <gabigutierrez@google.com>
* fix: Remove unnecessary maintainers annotation param
Signed-off-by: Gabriela Gutierrez <gabigutierrez@google.com>
* docs: Move complete mantainers annotation doc to feature folder
Signed-off-by: Gabriela Gutierrez <gabigutierrez@google.com>
* fix: Error logs
Signed-off-by: Gabriela Gutierrez <gabigutierrez@google.com>
* refactor: Rename AnnotationReason to Reason
Avoid repetition in variable references.
Signed-off-by: Gabriela Gutierrez <gabigutierrez@google.com>
* refactor: Reason documentation
Redo reason documentation as a switch case to be called when necessary instead of defining a global map. Another reason to redo this logic as switch is that switch should be more performatic then instantiating a local map.
Signed-off-by: Gabriela Gutierrez <gabigutierrez@google.com>
* refactor: Rename ScorecardYml to ScorecardConfig
This is a better generic name to reference Scorecard configuration file and leave the file format for the implementation.
Signed-off-by: Gabriela Gutierrez <gabigutierrez@google.com>
* fix: Check name comparison
The EqualFold comparison is already case insensitive.
Signed-off-by: Gabriela Gutierrez <gabigutierrez@google.com>
* refactor: Rename maintainers annotation folder/file to config
Signed-off-by: Gabriela Gutierrez <gabigutierrez@google.com>
* refactor: Rename and simplify parsing the config
Signed-off-by: Gabriela Gutierrez <gabigutierrez@google.com>
* refactor: Check parses its reasons
Signed-off-by: Gabriela Gutierrez <gabigutierrez@google.com>
* fix: Is check exempted
Fix config struture renaming and collect all annotation reasons for a check. Don't stop in the first annotation that the check is exempted.
Signed-off-by: Gabriela Gutierrez <gabigutierrez@google.com>
* refactor: Rename maintainers annotation to annotations
Renaming flags, function params, docs and fixing config renamings.
Signed-off-by: Gabriela Gutierrez <gabigutierrez@google.com>
* refactor: Separate annotations content from config parsing
Signed-off-by: Gabriela Gutierrez <gabigutierrez@google.com>
* fix: Omit empty annotations in JSON results
Signed-off-by: Gabriela Gutierrez <gabigutierrez@google.com>
* refactor: Read config file content
Signed-off-by: Gabriela Gutierrez <gabigutierrez@google.com>
* refactor: JSON2 result options
Signed-off-by: Gabriela Gutierrez <gabigutierrez@google.com>
* refactor: String result options
Signed-off-by: Gabriela Gutierrez <gabigutierrez@google.com>
* test: Mock GetFileReader
Signed-off-by: Gabriela Gutierrez <gabigutierrez@google.com>
* test: Annotation on Binary-Artifacts check
Signed-off-by: Gabriela Gutierrez <gabigutierrez@google.com>
* feat: Validate annotated checks
Signed-off-by: Gabriela Gutierrez <gabigutierrez@google.com>
* test: Annotating all checks
Signed-off-by: Gabriela Gutierrez <gabigutierrez@google.com>
* feat: Validate annotated reasons
Signed-off-by: Gabriela Gutierrez <gabigutierrez@google.com>
* test: Annotating all reasons
Signed-off-by: Gabriela Gutierrez <gabigutierrez@google.com>
* test: Multiple annotations
Signed-off-by: Gabriela Gutierrez <gabigutierrez@google.com>
* test: Binary-Artifacts exempted for testing
Signed-off-by: Gabriela Gutierrez <gabigutierrez@google.com>
* test: Binary-Artifacts not exempted
Signed-off-by: Gabriela Gutierrez <gabigutierrez@google.com>
* test: No checks exempted
Signed-off-by: Gabriela Gutierrez <gabigutierrez@google.com>
* test: Exemption is outdated
Signed-off-by: Gabriela Gutierrez <gabigutierrez@google.com>
* test: Improve reasons error comparison
Signed-off-by: Gabriela Gutierrez <gabigutierrez@google.com>
* test: Multiple exemption reasons in a single annotation
Signed-off-by: Gabriela Gutierrez <gabigutierrez@google.com>
* test: Multiple exemption reasons across annotations
Signed-off-by: Gabriela Gutierrez <gabigutierrez@google.com>
* fix: cmd show annotations flag doc
Signed-off-by: Gabriela Gutierrez <gabigutierrez@google.com>
* test: Add show annotations flag
Signed-off-by: Gabriela Gutierrez <gabigutierrez@google.com>
* fix: Remove unnecessary function
Signed-off-by: Gabriela Gutierrez <gabigutierrez@google.com>
* test: Annotations string format
Signed-off-by: Gabriela Gutierrez <gabigutierrez@google.com>
* test: Annotations json format
Signed-off-by: Gabriela Gutierrez <gabigutierrez@google.com>
* fix: Linter fallthrough
Signed-off-by: Gabriela Gutierrez <gabigutierrez@google.com>
* fix: Linter imports
Signed-off-by: Gabriela Gutierrez <gabigutierrez@google.com>
* fix: Linter unnecessart struct type declaration
Signed-off-by: Gabriela Gutierrez <gabigutierrez@google.com>
* fix: Linter append combine
Signed-off-by: Gabriela Gutierrez <gabigutierrez@google.com>
* fix: Linter struct memory
Signed-off-by: Gabriela Gutierrez <gabigutierrez@google.com>
* fix: Linter improve error msg in run scorecard
Signed-off-by: Gabriela Gutierrez <gabigutierrez@google.com>
* fix: Linter dynamic errors
Signed-off-by: Gabriela Gutierrez <gabigutierrez@google.com>
* docs: Disable security alerts on SARIF output
Signed-off-by: Gabriela Gutierrez <gabigutierrez@google.com>
* docs: Redirect to configuration doc on main README
Signed-off-by: Gabriela Gutierrez <gabigutierrez@google.com>
* test: Invalid check in annotations
Signed-off-by: Gabriela Gutierrez <gabigutierrez@google.com>
* test: Invalid reason in annotations
Signed-off-by: Gabriela Gutierrez <gabigutierrez@google.com>
* test: Exempt check on SARIF output clears runs
Signed-off-by: Gabriela Gutierrez <gabigutierrez@google.com>
* test: Add check1 annotations json
Signed-off-by: Gabriela Gutierrez <gabigutierrez@google.com>
* fix: On parse error return empty config file not a "dirty" one
Signed-off-by: Gabriela Gutierrez <gabigutierrez@google.com>
* fix: On parse config error continue execution
We log the error to the user but continue execution with empty config.
Signed-off-by: Gabriela Gutierrez <gabigutierrez@google.com>
* fix: Merge conflics importing rules
Signed-off-by: Gabriela Gutierrez <gabigutierrez@google.com>
* fix: Readd is experimental enabled method
This method is necessary to validate if experimental feature is enabled so it can activate show annotations feature.
Signed-off-by: Gabriela Gutierrez <gabigutierrez@google.com>
* feat: Wrap config parse under experimental flag
Signed-off-by: Gabriela Gutierrez <gabigutierrez@google.com>
* fix unit test by removing unused mock call
Signed-off-by: Spencer Schrock <sschrock@google.com>
---------
Signed-off-by: Gabriela Gutierrez <gabigutierrez@google.com>
2024-04-23 20:15:12 +00:00
Spencer Schrock
0b9dfb656f
⚠️ Replace v4 module references with v5 ( #4027 )
...
Signed-off-by: Spencer Schrock <sschrock@google.com>
2024-04-12 14:51:50 -07:00
Spencer Schrock
d4c5b18151
⚠️ remove experimental gate from probe format ( #4026 )
...
* remove experimental gate from probe format
Also delete finding and structured results formats as they weren't used
Signed-off-by: Spencer Schrock <sschrock@google.com>
* rename method which writes probe format
Signed-off-by: Spencer Schrock <sschrock@google.com>
* remove unused code for linter
Signed-off-by: Spencer Schrock <sschrock@google.com>
---------
Signed-off-by: Spencer Schrock <sschrock@google.com>
2024-04-12 10:36:57 -07:00
dependabot[bot]
b31449017e
🌱 Bump github.com/golangci/golangci-lint from 1.55.2 to 1.56.1 in /tools ( #3867 )
...
* 🌱 Bump github.com/golangci/golangci-lint in /tools
Bumps [github.com/golangci/golangci-lint](https://github.com/golangci/golangci-lint ) from 1.55.2 to 1.56.1.
- [Release notes](https://github.com/golangci/golangci-lint/releases )
- [Changelog](https://github.com/golangci/golangci-lint/blob/master/CHANGELOG.md )
- [Commits](https://github.com/golangci/golangci-lint/compare/v1.55.2...v1.56.1 )
---
updated-dependencies:
- dependency-name: github.com/golangci/golangci-lint
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
* autofix linter errors with make fix-linter
Signed-off-by: Spencer Schrock <sschrock@google.com>
* move musttag nolint directives to encode location
this was changed in v0.8.0 of the musttag linter.
Signed-off-by: Spencer Schrock <sschrock@google.com>
---------
Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: Spencer Schrock <sschrock@google.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Spencer Schrock <sschrock@google.com>
2024-02-09 10:53:24 -08:00
AdamKorcz
3ce1daa74a
🌱 Add probes to main call ( #3688 )
...
* 🌱 Add probes to main call
Signed-off-by: AdamKorcz <adam@adalogics.com>
* fix linter issues
Signed-off-by: AdamKorcz <adam@adalogics.com>
* add test
Signed-off-by: AdamKorcz <adam@adalogics.com>
* add test coverage
Signed-off-by: AdamKorcz <adam@adalogics.com>
* remove
Signed-off-by: Adam Korczynski <adam@adalogics.com>
* WIP
Signed-off-by: Adam Korczynski <adam@adalogics.com>
* change comment for 'ExperimentalRunProbes'
Signed-off-by: Adam Korczynski <adam@adalogics.com>
* fix linter issues
Signed-off-by: Adam Korczynski <adam@adalogics.com>
* make only one in root.go
Signed-off-by: Adam Korczynski <adam@adalogics.com>
* relocate printing of output
Signed-off-by: Adam Korczynski <adam@adalogics.com>
* remove FormatPJSON
Signed-off-by: Adam Korczynski <adam@adalogics.com>
* reduce complexity of rootCmd
Signed-off-by: Adam Korczynski <adam@adalogics.com>
* assign findings in runEnabledProbes
Signed-off-by: Adam Korczynski <adam@adalogics.com>
* change name of probe map
Signed-off-by: Adam Korczynski <adam@adalogics.com>
* unwrap error
Signed-off-by: Adam Korczynski <adam@adalogics.com>
---------
Signed-off-by: AdamKorcz <adam@adalogics.com>
Signed-off-by: Adam Korczynski <adam@adalogics.com>
2023-12-12 09:38:50 -08:00
Spencer Schrock
1625b0c578
🌱 Disable more style linters for test files ( #3707 )
...
* disable lll linter for test files
* disable goerr113 linter for tests
* disable wrapcheck linter for tests
* fix easy linter issues in tests
---------
Signed-off-by: Spencer Schrock <sschrock@google.com>
2023-12-04 02:14:01 +00:00
Spencer Schrock
92470deac3
🌱 enable nolintlint linter and fix violations ( #3650 )
...
* enable nolintlint
Signed-off-by: Spencer Schrock <sschrock@google.com>
* first chunk of fixing nolintlint
Signed-off-by: Spencer Schrock <sschrock@google.com>
* second chunk of fixing nolintlint
Signed-off-by: Spencer Schrock <sschrock@google.com>
* third chunk of fixing nolintlint
Signed-off-by: Spencer Schrock <sschrock@google.com>
* fourth chunk of fixing nolintlint
Signed-off-by: Spencer Schrock <sschrock@google.com>
* include reason for the specific linter config
Signed-off-by: Spencer Schrock <sschrock@google.com>
* fifth chunk of fixing nolintlint
Signed-off-by: Spencer Schrock <sschrock@google.com>
* fix linter errors that are somehow still triggering
Signed-off-by: Spencer Schrock <sschrock@google.com>
---------
Signed-off-by: Spencer Schrock <sschrock@google.com>
2023-11-15 11:44:28 -08:00
Spencer Schrock
5f3a0e2092
🌱 Enable golangci-lint test presets ( #3594 )
...
* enable test preset
Leaves some opinionated linters disabled with reasons.
Signed-off-by: Spencer Schrock <sschrock@google.com>
* fix tparallel issues.
Signed-off-by: Spencer Schrock <sschrock@google.com>
---------
Signed-off-by: Spencer Schrock <sschrock@google.com>
2023-10-27 15:05:40 -07:00
Spencer Schrock
2d9319601e
🌱 use forbidigo linter to prevent print statements ( #3585 )
...
* enable forbidigo for print statements.
include reasoning as message exposed to developer.
Signed-off-by: Spencer Schrock <sschrock@google.com>
* remove or grant exceptions for existing print statements
Signed-off-by: Spencer Schrock <sschrock@google.com>
* swap stdout to stderr
Signed-off-by: Spencer Schrock <sschrock@google.com>
* separate msg from regex for better readability.
Signed-off-by: Spencer Schrock <sschrock@google.com>
---------
Signed-off-by: Spencer Schrock <sschrock@google.com>
2023-10-23 13:12:50 -07:00
Gabriela Gutierrez
e81ec7e60e
✨ Add --output argument to write results to file ( #3482 )
...
* feat: Create output file argument
Signed-off-by: Gabriela Gutierrez <gabigutierrez@google.com>
* feat: Write results to output file
Signed-off-by: Gabriela Gutierrez <gabigutierrez@google.com>
* fix: Default results format output
Print results headline to output, which may be a file.
Signed-off-by: Gabriela Gutierrez <gabigutierrez@google.com>
* feat: Log start and end of checks work to console
Independent of the logs being output to console or a file, the information on which checks are running is still relevant. Now, we always log this info to the console.
Signed-off-by: Gabriela Gutierrez <gabigutierrez@google.com>
* test: Fix options unit tests
Signed-off-by: Gabriela Gutierrez <gabigutierrez@google.com>
* test: Output option content and shorthand
Signed-off-by: Gabriela Gutierrez <gabigutierrez@google.com>
* test: Output to file with correct format
Signed-off-by: Gabriela Gutierrez <gabigutierrez@google.com>
* test: Fix helper function with linter error
Signed-off-by: Gabriela Gutierrez <gabigutierrez@google.com>
* fix: Define output to console or file inside FormatResults
Signed-off-by: Gabriela Gutierrez <gabigutierrez@google.com>
* fix: Remove intermediate variable to define output
Signed-off-by: Gabriela Gutierrez <gabigutierrez@google.com>
* test: Fix error log
Signed-off-by: Gabriela Gutierrez <gabigutierrez@google.com>
* fix: Close output file before write results
Signed-off-by: Gabriela Gutierrez <gabigutierrez@google.com>
* test: Fix unit test
Signed-off-by: Gabriela Gutierrez <gabigutierrez@google.com>
* test: Fix remove file even if test fails
Signed-off-by: Gabriela Gutierrez <gabigutierrez@google.com>
* test: Fix fail test cases
Fail test if cannot format results or cannot read real or expected outputs.
Signed-off-by: Gabriela Gutierrez <gabigutierrez@google.com>
* fix: Copyright notice year and license header spacing
Signed-off-by: Gabriela Gutierrez <gabigutierrez@google.com>
* fix: Rename Output to ResultsFile
Signed-off-by: Gabriela Gutierrez <gabigutierrez@google.com>
* fix: Linter errors
Signed-off-by: Gabriela Gutierrez <gabigutierrez@google.com>
* Revert "feat: Log start and end of checks work to console"
This reverts commit c4a00a5ca7
2023-10-03 13:18:52 -07:00
André Backman
75efaa38fa
add possible values of --verbosity flag in the usage message of scorecard CLI ( #3190 )
...
Signed-off-by: André Backman <andrebackmann@gmail.com>
2023-06-20 10:54:56 -04:00
Avishay Balter
8c9e552f68
✨ add --nuget package manager flag ( #3020 )
...
* add nuget package manager
Signed-off-by: Avishay <avishay.balter@gmail.com>
* fix pat test messages (#2987 )
* also fix pat tests
Signed-off-by: Raghav Kaul <raghavkaul@google.com>
Signed-off-by: Avishay <avishay.balter@gmail.com>
* 🌱 Bump slsa-framework/slsa-github-generator from 1.5.0 to 1.6.0
Bumps [slsa-framework/slsa-github-generator](https://github.com/slsa-framework/slsa-github-generator ) from 1.5.0 to 1.6.0.
- [Release notes](https://github.com/slsa-framework/slsa-github-generator/releases )
- [Changelog](https://github.com/slsa-framework/slsa-github-generator/blob/main/CHANGELOG.md )
- [Commits](https://github.com/slsa-framework/slsa-github-generator/compare/v1.5.0...v1.6.0 )
---
updated-dependencies:
- dependency-name: slsa-framework/slsa-github-generator
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: Avishay <avishay.balter@gmail.com>
* 🌱 Bump cloud.google.com/go/bigquery from 1.51.1 to 1.51.2 (#2984 )
Bumps [cloud.google.com/go/bigquery](https://github.com/googleapis/google-cloud-go ) from 1.51.1 to 1.51.2.
- [Release notes](https://github.com/googleapis/google-cloud-go/releases )
- [Changelog](https://github.com/googleapis/google-cloud-go/blob/main/CHANGES.md )
- [Commits](https://github.com/googleapis/google-cloud-go/compare/bigquery/v1.51.1...bigquery/v1.51.2 )
---
updated-dependencies:
- dependency-name: cloud.google.com/go/bigquery
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Signed-off-by: Avishay <avishay.balter@gmail.com>
* 🌱 Bump golang.org/x/tools from 0.9.0 to 0.9.1
Bumps [golang.org/x/tools](https://github.com/golang/tools ) from 0.9.0 to 0.9.1.
- [Release notes](https://github.com/golang/tools/releases )
- [Commits](https://github.com/golang/tools/compare/v0.9.0...v0.9.1 )
---
updated-dependencies:
- dependency-name: golang.org/x/tools
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: Avishay <avishay.balter@gmail.com>
* 🐛 Update osv-scanner dependency to include Vulnerabilities check fixes (#2981 )
* Update osv-scanner dependency to include Vulnerabilities check fixes
Signed-off-by: Laurent Savaëte <laurent@where.tf>
* Run go mod tidy
Signed-off-by: Laurent Savaëte <laurent@where.tf>
---------
Signed-off-by: Laurent Savaëte <laurent@where.tf>
Signed-off-by: Avishay <avishay.balter@gmail.com>
* 🌱 Bump github.com/docker/distribution in /tools (#2993 )
Bumps [github.com/docker/distribution](https://github.com/docker/distribution ) from 2.8.1+incompatible to 2.8.2+incompatible.
- [Release notes](https://github.com/docker/distribution/releases )
- [Commits](https://github.com/docker/distribution/compare/v2.8.1...v2.8.2 )
---
updated-dependencies:
- dependency-name: github.com/docker/distribution
dependency-type: indirect
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Signed-off-by: Avishay <avishay.balter@gmail.com>
* 🌱 Gitlab: e2e test fixes in main (#2992 )
* test secret chagnes
Signed-off-by: Raghav Kaul <raghavkaul@google.com>
* update score
Signed-off-by: Raghav Kaul <raghavkaul@google.com>
* address cr comments
Signed-off-by: Raghav Kaul <raghavkaul@google.com>
* update
Signed-off-by: Raghav Kaul <raghavkaul@google.com>
---------
Signed-off-by: Raghav Kaul <raghavkaul@google.com>
Signed-off-by: Avishay <avishay.balter@gmail.com>
* 🌱 Unit tests log/log.go (#2980 )
- Add unit tests for the log package
- Add Apache License to log_test.go
Signed-off-by: naveensrinivasan <172697+naveensrinivasan@users.noreply.github.com>
Signed-off-by: Avishay <avishay.balter@gmail.com>
* 🌱 Bump github.com/cloudflare/circl in /tools (#2995 )
Bumps [github.com/cloudflare/circl](https://github.com/cloudflare/circl ) from 1.2.0 to 1.3.3.
- [Release notes](https://github.com/cloudflare/circl/releases )
- [Commits](https://github.com/cloudflare/circl/compare/v1.2.0...v1.3.3 )
---
updated-dependencies:
- dependency-name: github.com/cloudflare/circl
dependency-type: indirect
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Signed-off-by: Avishay <avishay.balter@gmail.com>
* ✨ Add releasing workflow for semantic-release (#2989 )
Signed-off-by: Matt Travi <programmer@travi.org>
Signed-off-by: Avishay <avishay.balter@gmail.com>
* 🌱 Bump slsa-framework/slsa-verifier from 2.2.0 to 2.3.0
Bumps [slsa-framework/slsa-verifier](https://github.com/slsa-framework/slsa-verifier ) from 2.2.0 to 2.3.0.
- [Release notes](https://github.com/slsa-framework/slsa-verifier/releases )
- [Changelog](https://github.com/slsa-framework/slsa-verifier/blob/main/RELEASE.md )
- [Commits](https://github.com/slsa-framework/slsa-verifier/compare/v2.2.0...v2.3.0 )
---
updated-dependencies:
- dependency-name: slsa-framework/slsa-verifier
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: Avishay <avishay.balter@gmail.com>
* 🌱 Bump github.com/cloudflare/circl from 1.1.0 to 1.3.3 (#2994 )
Bumps [github.com/cloudflare/circl](https://github.com/cloudflare/circl ) from 1.1.0 to 1.3.3.
- [Release notes](https://github.com/cloudflare/circl/releases )
- [Commits](https://github.com/cloudflare/circl/compare/v1.1.0...v1.3.3 )
---
updated-dependencies:
- dependency-name: github.com/cloudflare/circl
dependency-type: indirect
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Signed-off-by: Avishay <avishay.balter@gmail.com>
* 🌱 Additional e2e clients/githubrepo/checkruns.go (#2934 )
* 🌱 Additional e2e clients/githubrepo/checkruns.go
- Add `net/http` and `github.com/google/go-github/v38/github` imports
- Add a test for `listCheckRunsForRef` with valid ref
- Add a test for `listCheckRunsForRef` with invalid ref
Signed-off-by: naveensrinivasan <172697+naveensrinivasan@users.noreply.github.com>
* Based on code review comments
Signed-off-by: naveensrinivasan <172697+naveensrinivasan@users.noreply.github.com>
* Some tweaks
Signed-off-by: naveensrinivasan <172697+naveensrinivasan@users.noreply.github.com>
---------
Signed-off-by: naveensrinivasan <172697+naveensrinivasan@users.noreply.github.com>
Signed-off-by: Avishay <avishay.balter@gmail.com>
* 🌱 E2E for clients/githubrepo/contributors.go (#2939 )
* 🌱 E2E for clients/githubrepo/contributors.go
- Add an end-to-end test for `contributorsHandler`
Signed-off-by: naveensrinivasan <172697+naveensrinivasan@users.noreply.github.com>
* Fixed based on code review comments.
Signed-off-by: naveensrinivasan <172697+naveensrinivasan@users.noreply.github.com>
* Fixed codereview comment.
Signed-off-by: naveensrinivasan <172697+naveensrinivasan@users.noreply.github.com>
---------
Signed-off-by: naveensrinivasan <172697+naveensrinivasan@users.noreply.github.com>
Signed-off-by: Avishay <avishay.balter@gmail.com>
* 📖 Clarify that AI/ML doesn't count as human code review (#2953 )
* Clarify that AI/ML doesn't count as human code review
Add this clarification per the Scorecards Zoom call meeting today
(2023-05-04).
Signed-off-by: David A. Wheeler <dwheeler@dwheeler.com>
* Tweaked per review
Signed-off-by: David A. Wheeler <dwheeler@dwheeler.com>
---------
Signed-off-by: David A. Wheeler <dwheeler@dwheeler.com>
Signed-off-by: Avishay <avishay.balter@gmail.com>
* 🌱 Bump golang from `31a8f92` to `685a22e` in /cron/internal/cii
Bumps golang from `31a8f92` to `685a22e`.
---
updated-dependencies:
- dependency-name: golang
dependency-type: direct:production
...
Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: Avishay <avishay.balter@gmail.com>
* 🌱 Bump golang in /cron/internal/controller
Bumps golang from `31a8f92` to `685a22e`.
---
updated-dependencies:
- dependency-name: golang
dependency-type: direct:production
...
Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: Avishay <avishay.balter@gmail.com>
* 🌱 Bump golang in /cron/internal/worker
Bumps golang from `31a8f92` to `685a22e`.
---
updated-dependencies:
- dependency-name: golang
dependency-type: direct:production
...
Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: Avishay <avishay.balter@gmail.com>
* 🌱 Bump golang in /clients/githubrepo/roundtripper/tokens/server
Bumps golang from `31a8f92` to `685a22e`.
---
updated-dependencies:
- dependency-name: golang
dependency-type: direct:production
...
Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: Avishay <avishay.balter@gmail.com>
* 🌱 Bump golang from `31a8f92` to `685a22e`
Bumps golang from `31a8f92` to `685a22e`.
---
updated-dependencies:
- dependency-name: golang
dependency-type: direct:production
...
Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: Avishay <avishay.balter@gmail.com>
* 🌱 Bump golang from `31a8f92` to `685a22e` in /cron/internal/bq
Bumps golang from `31a8f92` to `685a22e`.
---
updated-dependencies:
- dependency-name: golang
dependency-type: direct:production
...
Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: Avishay <avishay.balter@gmail.com>
* 🌱 Bump golang in /cron/internal/webhook
Bumps golang from `31a8f92` to `685a22e`.
---
updated-dependencies:
- dependency-name: golang
dependency-type: direct:production
...
Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: Avishay <avishay.balter@gmail.com>
* Clarify AI/ML not human code review - in .yml file (#3012 )
This clarifies that AI/ML doesn't count as human code review.
This was earlier done in #2953 but that didn't modify the relevant
.yml file - this does.
Signed-off-by: David A. Wheeler <dwheeler@dwheeler.com>
Signed-off-by: Avishay <avishay.balter@gmail.com>
* 🌱 Bump golang.org/x/oauth2 from 0.7.0 to 0.8.0 (#3005 )
Bumps [golang.org/x/oauth2](https://github.com/golang/oauth2 ) from 0.7.0 to 0.8.0.
- [Commits](https://github.com/golang/oauth2/compare/v0.7.0...v0.8.0 )
---
updated-dependencies:
- dependency-name: golang.org/x/oauth2
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Signed-off-by: Avishay <avishay.balter@gmail.com>
* 🌱 Unit tests for checks/raw/maintained.go (#2996 )
- Add tests and checks for the `Maintained` function
- Add checks for `IsArchived`, `ListCommits`, `ListIssues`, and `GetCreatedAt`
Signed-off-by: naveensrinivasan <172697+naveensrinivasan@users.noreply.github.com>
Signed-off-by: Avishay <avishay.balter@gmail.com>
* 🌱 Bump github.com/onsi/ginkgo/v2 from 2.9.4 to 2.9.5 in /tools
Bumps [github.com/onsi/ginkgo/v2](https://github.com/onsi/ginkgo ) from 2.9.4 to 2.9.5.
- [Release notes](https://github.com/onsi/ginkgo/releases )
- [Changelog](https://github.com/onsi/ginkgo/blob/master/CHANGELOG.md )
- [Commits](https://github.com/onsi/ginkgo/compare/v2.9.4...v2.9.5 )
---
updated-dependencies:
- dependency-name: github.com/onsi/ginkgo/v2
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: Avishay <avishay.balter@gmail.com>
* 🌱 Bump actions/setup-go from 4.0.0 to 4.0.1
Bumps [actions/setup-go](https://github.com/actions/setup-go ) from 4.0.0 to 4.0.1.
- [Release notes](https://github.com/actions/setup-go/releases )
- [Commits](4d34df0c23...fac708d667🌱 Bump codecov/codecov-action from 3.1.3 to 3.1.4
Bumps [codecov/codecov-action](https://github.com/codecov/codecov-action ) from 3.1.3 to 3.1.4.
- [Release notes](https://github.com/codecov/codecov-action/releases )
- [Changelog](https://github.com/codecov/codecov-action/blob/main/CHANGELOG.md )
- [Commits](894ff025c7...eaaf4bedf3🌱 Unit tests for Policy.go (#3003 )
- Included tests for policy.go
Signed-off-by: naveensrinivasan <172697+naveensrinivasan@users.noreply.github.com>
Signed-off-by: Avishay <avishay.balter@gmail.com>
* 🌱 Bump github.com/onsi/ginkgo/v2 from 2.9.4 to 2.9.5
Bumps [github.com/onsi/ginkgo/v2](https://github.com/onsi/ginkgo ) from 2.9.4 to 2.9.5.
- [Release notes](https://github.com/onsi/ginkgo/releases )
- [Changelog](https://github.com/onsi/ginkgo/blob/master/CHANGELOG.md )
- [Commits](https://github.com/onsi/ginkgo/compare/v2.9.4...v2.9.5 )
---
updated-dependencies:
- dependency-name: github.com/onsi/ginkgo/v2
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: Avishay <avishay.balter@gmail.com>
* 🌱 Bump sigstore/cosign-installer from 3.0.3 to 3.0.4
Bumps [sigstore/cosign-installer](https://github.com/sigstore/cosign-installer ) from 3.0.3 to 3.0.4.
- [Release notes](https://github.com/sigstore/cosign-installer/releases )
- [Commits](204a51a57a...03d0fecf17🌱 Bump github.com/google/go-containerregistry (#3025 )
Bumps [github.com/google/go-containerregistry](https://github.com/google/go-containerregistry ) from 0.15.1 to 0.15.2.
- [Release notes](https://github.com/google/go-containerregistry/releases )
- [Changelog](https://github.com/google/go-containerregistry/blob/main/.goreleaser.yml )
- [Commits](https://github.com/google/go-containerregistry/compare/v0.15.1...v0.15.2 )
---
updated-dependencies:
- dependency-name: github.com/google/go-containerregistry
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Signed-off-by: Avishay <avishay.balter@gmail.com>
* 🌱 Bump github.com/sirupsen/logrus from 1.9.0 to 1.9.1
Bumps [github.com/sirupsen/logrus](https://github.com/sirupsen/logrus ) from 1.9.0 to 1.9.1.
- [Release notes](https://github.com/sirupsen/logrus/releases )
- [Changelog](https://github.com/sirupsen/logrus/blob/master/CHANGELOG.md )
- [Commits](https://github.com/sirupsen/logrus/compare/v1.9.0...v1.9.1 )
---
updated-dependencies:
- dependency-name: github.com/sirupsen/logrus
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: Avishay <avishay.balter@gmail.com>
* 🌱 Included e2e tests for push to main (#2951 )
- Update trigger for integration tests to enable running on `push` and `pull_request` on the `main` branch
Signed-off-by: naveensrinivasan <172697+naveensrinivasan@users.noreply.github.com>
Signed-off-by: Avishay <avishay.balter@gmail.com>
* 🌱 Included directories that don't require coverage (#3002 )
- Included directories that don't require coverage.
Signed-off-by: naveensrinivasan <172697+naveensrinivasan@users.noreply.github.com>
Signed-off-by: Avishay <avishay.balter@gmail.com>
* 🌱 Unit tests for checks/raw/contributors.go (#2998 )
- Add tests and fix casing for Contributors function in checks/raw/contributors_test.go
Signed-off-by: naveensrinivasan <172697+naveensrinivasan@users.noreply.github.com>
Signed-off-by: Avishay <avishay.balter@gmail.com>
* ✨ GitLab: Code Review check (#2764 )
* Add GitLab support for Code-Review check
Signed-off-by: Raghav Kaul <raghavkaul@google.com>
* Remove spurious printf
Signed-off-by: Raghav Kaul <raghavkaul@google.com>
* Working commit
Signed-off-by: Raghav Kaul <raghavkaul@google.com>
* update
Signed-off-by: Raghav Kaul <raghavkaul@google.com>
* update
Signed-off-by: Raghav Kaul <raghavkaul@google.com>
* e2e test
Signed-off-by: Raghav Kaul <raghavkaul@google.com>
* update: test coverage
Signed-off-by: Raghav Kaul <raghavkaul@google.com>
---------
Signed-off-by: Raghav Kaul <raghavkaul@google.com>
Signed-off-by: Avishay <avishay.balter@gmail.com>
* gitlab: license check (#2834 )
Signed-off-by: Raghav Kaul <raghavkaul@google.com>
Signed-off-by: Avishay <avishay.balter@gmail.com>
* 🌱 Bump github.com/sirupsen/logrus from 1.9.1 to 1.9.2 (#3031 )
Bumps [github.com/sirupsen/logrus](https://github.com/sirupsen/logrus ) from 1.9.1 to 1.9.2.
- [Release notes](https://github.com/sirupsen/logrus/releases )
- [Changelog](https://github.com/sirupsen/logrus/blob/master/CHANGELOG.md )
- [Commits](https://github.com/sirupsen/logrus/compare/v1.9.1...v1.9.2 )
---
updated-dependencies:
- dependency-name: github.com/sirupsen/logrus
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Signed-off-by: Avishay <avishay.balter@gmail.com>
* 🌱 Bump github.com/google/osv-scanner
Bumps [github.com/google/osv-scanner](https://github.com/google/osv-scanner ) from 1.3.3-0.20230509011216-baae1796eeea to 1.3.3.
- [Release notes](https://github.com/google/osv-scanner/releases )
- [Changelog](https://github.com/google/osv-scanner/blob/main/CHANGELOG.md )
- [Commits](https://github.com/google/osv-scanner/commits/v1.3.3 )
---
updated-dependencies:
- dependency-name: github.com/google/osv-scanner
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: Avishay <avishay.balter@gmail.com>
* 🌱 Bump sigstore/cosign-installer from 3.0.4 to 3.0.5 (#3029 )
Bumps [sigstore/cosign-installer](https://github.com/sigstore/cosign-installer ) from 3.0.4 to 3.0.5.
- [Release notes](https://github.com/sigstore/cosign-installer/releases )
- [Commits](03d0fecf17...dd6b2e2b61🌱 Bump arduino/setup-protoc from 1.1.2 to 1.2.0
Bumps [arduino/setup-protoc](https://github.com/arduino/setup-protoc ) from 1.1.2 to 1.2.0.
- [Release notes](https://github.com/arduino/setup-protoc/releases )
- [Commits](64c0c85d18...4b3578161e✨ Add support for github GHES (#2999 )
* ✨ adding support for github GHES
Signed-off-by: Niket Patel <patelniket@gmail.com>
* fix: lint and cleanup
Signed-off-by: Niket Patel <patelniket@gmail.com>
* fix: flaky test
Signed-off-by: Niket Patel <patelniket@gmail.com>
* fix: address missing host
Signed-off-by: Niket Patel <patelniket@gmail.com>
* fix: lint error
Signed-off-by: Niket Patel <patelniket@gmail.com>
* 🌱 Additional e2e clients/githubrepo/checkruns.go (#2934 )
* 🌱 Additional e2e clients/githubrepo/checkruns.go
- Add `net/http` and `github.com/google/go-github/v38/github` imports
- Add a test for `listCheckRunsForRef` with valid ref
- Add a test for `listCheckRunsForRef` with invalid ref
Signed-off-by: naveensrinivasan <172697+naveensrinivasan@users.noreply.github.com>
* Based on code review comments
Signed-off-by: naveensrinivasan <172697+naveensrinivasan@users.noreply.github.com>
* Some tweaks
Signed-off-by: naveensrinivasan <172697+naveensrinivasan@users.noreply.github.com>
---------
Signed-off-by: naveensrinivasan <172697+naveensrinivasan@users.noreply.github.com>
Signed-off-by: Niket Patel <patelniket@gmail.com>
* 🌱 E2E for clients/githubrepo/contributors.go (#2939 )
* 🌱 E2E for clients/githubrepo/contributors.go
- Add an end-to-end test for `contributorsHandler`
Signed-off-by: naveensrinivasan <172697+naveensrinivasan@users.noreply.github.com>
* Fixed based on code review comments.
Signed-off-by: naveensrinivasan <172697+naveensrinivasan@users.noreply.github.com>
* Fixed codereview comment.
Signed-off-by: naveensrinivasan <172697+naveensrinivasan@users.noreply.github.com>
---------
Signed-off-by: naveensrinivasan <172697+naveensrinivasan@users.noreply.github.com>
Signed-off-by: Niket Patel <patelniket@gmail.com>
* chore: add GHES instructions
Signed-off-by: Niket Patel <patelniket@gmail.com>
* refact: use test setenv
Signed-off-by: Niket Patel <patelniket@gmail.com>
* fix: corp unit test
Signed-off-by: Niket Patel <patelniket@gmail.com>
---------
Signed-off-by: Niket Patel <patelniket@gmail.com>
Signed-off-by: naveensrinivasan <172697+naveensrinivasan@users.noreply.github.com>
Signed-off-by: Niket Patel <patelniketm@users.noreply.github.com>
Co-authored-by: Naveen <172697+naveensrinivasan@users.noreply.github.com>
Co-authored-by: raghavkaul <8695110+raghavkaul@users.noreply.github.com>
Signed-off-by: Avishay <avishay.balter@gmail.com>
* Change Facilitators to Maintainers (#3039 )
Not sure what the old facilitators table was for. Current list of Maintainers is always in CODEOWNERS.
Meaning of "Maintainers" still is not defined, and should be a part of an upcoming contributor ladder.
Signed-off-by: Jeff Mendoza <jlm@jlm.name>
Signed-off-by: Avishay <avishay.balter@gmail.com>
* 🐛 Gitlab: Commit/Commitor Exceptions (#3026 )
* feat: Added paging for contributor/users against gitlab projects
Signed-off-by: Robison, Jim B <jim.b.robison@lmco.com>
* refactor: Updated the bot flag for unmatched users
Signed-off-by: Robison, Jim B <jim.b.robison@lmco.com>
* fix: Not all commit users are in the git registry instance
Signed-off-by: Robison, Jim B <jim.b.robison@lmco.com>
* fix: Skipping check if the email is empty, as well as if the "email" doesn't contain a "." char.
Signed-off-by: Robison, Jim B <jim.b.robison@lmco.com>
* fix: Updated to allow for commits with PRs to be accounted/added to the client.commits
Signed-off-by: Robison, Jim B <jim.b.robison@lmco.com>
* refactor: Updated to prevent linting issue regarding nested if's
Signed-off-by: Robison, Jim B <jim.b.robison@lmco.com>
* test: Adding coverage for commits and contributors for gitlab
Signed-off-by: Robison, Jim B <jim.b.robison@lmco.com>
* refactor: Moved queries from the client to their own functions
Signed-off-by: Robison, Jim B <jim.b.robison@lmco.com>
* bug: Need to pass the ProjectID value to the contributor query
Signed-off-by: Robison, Jim B <jim.b.robison@lmco.com>
* bug: Updating project title versus projectID values for api querying
Signed-off-by: Robison, Jim B <jim.b.robison@lmco.com>
* test: Updated tests to match expected property set for projectID
Signed-off-by: Robison, Jim B <jim.b.robison@lmco.com>
* revert: Reverted based on feedback during review
Signed-off-by: Robison, Jim B <jim.b.robison@lmco.com>
---------
Signed-off-by: Robison, Jim B <jim.b.robison@lmco.com>
Signed-off-by: Avishay <avishay.balter@gmail.com>
* 🌱 Bump github.com/onsi/gomega from 1.27.6 to 1.27.7 (#3040 )
Bumps [github.com/onsi/gomega](https://github.com/onsi/gomega ) from 1.27.6 to 1.27.7.
- [Release notes](https://github.com/onsi/gomega/releases )
- [Changelog](https://github.com/onsi/gomega/blob/master/CHANGELOG.md )
- [Commits](https://github.com/onsi/gomega/compare/v1.27.6...v1.27.7 )
---
updated-dependencies:
- dependency-name: github.com/onsi/gomega
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Signed-off-by: Avishay <avishay.balter@gmail.com>
* 📖 Make all StepSecurity app endpoint references consistent (#3042 )
Signed-off-by: Ashish Kurmi <akurmi@stepsecurity.io>
Signed-off-by: Avishay <avishay.balter@gmail.com>
* 📖 Update checks.md to show the benefit of >=2 reviewers (#3013 )
* Update checks.yaml instead of cehcks.md
Signed-off-by: Joyce <joycebrum@google.com>
* feat: generate checks.md
Signed-off-by: Joyce Brum <joycebrum@google.com>
---------
Signed-off-by: Joyce <joycebrum@google.com>
Signed-off-by: Joyce Brum <joycebrum@google.com>
Signed-off-by: Avishay <avishay.balter@gmail.com>
* 🌱 Improve workflow pinning remediation tests (#3021 )
- Add 3 tests for workflow pinning remediation
[remediation/remediations_test.go]
- Add 3 tests for workflow pinning remediation
Signed-off-by: naveensrinivasan <172697+naveensrinivasan@users.noreply.github.com>
Signed-off-by: Avishay <avishay.balter@gmail.com>
* 🌱 E2E tests for clients/githubrepo/languages_e2e_test.go (#3000 )
* 🌱 E2E tests for clients/githubrepo/languages_e2e_test.go
- Included e2e tests for clients/githubrepo/languages_e2e_test.go
Signed-off-by: naveensrinivasan <172697+naveensrinivasan@users.noreply.github.com>
* Fixed the token type check.
Signed-off-by: naveensrinivasan <172697+naveensrinivasan@users.noreply.github.com>
---------
Signed-off-by: naveensrinivasan <172697+naveensrinivasan@users.noreply.github.com>
Signed-off-by: Naveen <172697+naveensrinivasan@users.noreply.github.com>
Signed-off-by: Avishay <avishay.balter@gmail.com>
* 🌱 Unit tests for pkg/json_raw_results (#3044 )
* 🌱 Unit tests for pkg/json_raw_results.go
- Unit tests for pkg/json_raw_results.go
Signed-off-by: naveensrinivasan <172697+naveensrinivasan@users.noreply.github.com>
* Additional tests
Signed-off-by: naveensrinivasan <172697+naveensrinivasan@users.noreply.github.com>
---------
Signed-off-by: naveensrinivasan <172697+naveensrinivasan@users.noreply.github.com>
Signed-off-by: Avishay <avishay.balter@gmail.com>
* ✨ [experimental] Add probe code and support for Tool-Update-Dependency (#2944 )
* update
Signed-off-by: laurentsimon <laurentsimon@google.com>
* update
Signed-off-by: laurentsimon <laurentsimon@google.com>
* update
Signed-off-by: laurentsimon <laurentsimon@google.com>
* update
Signed-off-by: laurentsimon <laurentsimon@google.com>
* update
Signed-off-by: laurentsimon <laurentsimon@google.com>
* update
Signed-off-by: laurentsimon <laurentsimon@google.com>
* update
Signed-off-by: laurentsimon <laurentsimon@google.com>
* update
Signed-off-by: laurentsimon <laurentsimon@google.com>
---------
Signed-off-by: laurentsimon <laurentsimon@google.com>
Signed-off-by: Avishay <avishay.balter@gmail.com>
* add zoom link and agenda link (#3050 )
Signed-off-by: Amanda L Martin <hythloda@gmail.com>
Signed-off-by: Avishay <avishay.balter@gmail.com>
* 🌱 Run E2E PAT test for push to main (#3046 )
- Add E2E PAT tests for push to main.
Signed-off-by: naveensrinivasan <172697+naveensrinivasan@users.noreply.github.com>
Signed-off-by: Avishay <avishay.balter@gmail.com>
* Update main.yml (#3054 )
-Fixed the YAML indenting issue.
Signed-off-by: Naveen <172697+naveensrinivasan@users.noreply.github.com>
Signed-off-by: Avishay <avishay.balter@gmail.com>
* only run e2e pat on push (#3056 )
Signed-off-by: Spencer Schrock <sschrock@google.com>
Signed-off-by: Avishay <avishay.balter@gmail.com>
* 🌱 Bump github.com/go-git/go-git/v5 from 5.6.1 to 5.7.0 (#3057 )
Bumps [github.com/go-git/go-git/v5](https://github.com/go-git/go-git ) from 5.6.1 to 5.7.0.
- [Release notes](https://github.com/go-git/go-git/releases )
- [Commits](https://github.com/go-git/go-git/compare/v5.6.1...v5.7.0 )
---
updated-dependencies:
- dependency-name: github.com/go-git/go-git/v5
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Signed-off-by: Avishay <avishay.balter@gmail.com>
* 📖 👻 fix anchor link to the code review section (#3058 )
* fix anchor link to code-review in checks.yaml
Signed-off-by: dasfreak <dasfreak@users.noreply.github.com>
Signed-off-by: Marc Ohm <dasfreak@users.noreply.github.com>
* generate checks.md
Signed-off-by: Marc Ohm <dasfreak@users.noreply.github.com>
---------
Signed-off-by: dasfreak <dasfreak@users.noreply.github.com>
Signed-off-by: Marc Ohm <dasfreak@users.noreply.github.com>
Signed-off-by: Avishay <avishay.balter@gmail.com>
* 🐛 Gitlab: Tests (#3027 )
* fix tests
Signed-off-by: Raghav Kaul <raghavkaul@google.com>
* use projectID instead of project where applicable
Signed-off-by: Raghav Kaul <raghavkaul@google.com>
* pass ref as listcommitoption
Signed-off-by: Raghav Kaul <raghavkaul@google.com>
* update tests
* CI-Tests: check if score > 0. pull request client is limited and can't
go back to arbitrary pull requests. CI-Tests don't run on forks, so this
can't be pinned either. But, for active repositories, we typically
expect *some* tests to be run
Signed-off-by: Raghav Kaul <raghavkaul@google.com>
* fix commitshandler commitSHA tests
Signed-off-by: Raghav Kaul <raghavkaul@google.com>
* update tests
Signed-off-by: Raghav Kaul <raghavkaul@google.com>
---------
Signed-off-by: Raghav Kaul <raghavkaul@google.com>
Signed-off-by: raghavkaul <8695110+raghavkaul@users.noreply.github.com>
Signed-off-by: Avishay <avishay.balter@gmail.com>
* 🌱 Bump github.com/goreleaser/nfpm/v2 in /tools (#3060 )
Bumps [github.com/goreleaser/nfpm/v2](https://github.com/goreleaser/nfpm ) from 2.28.0 to 2.29.0.
- [Release notes](https://github.com/goreleaser/nfpm/releases )
- [Changelog](https://github.com/goreleaser/nfpm/blob/main/.goreleaser.yml )
- [Commits](https://github.com/goreleaser/nfpm/compare/v2.28.0...v2.29.0 )
---
updated-dependencies:
- dependency-name: github.com/goreleaser/nfpm/v2
dependency-type: indirect
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Signed-off-by: Avishay <avishay.balter@gmail.com>
* ✨ Gitlab: Add projects to cron (#2936 )
* cron: add gitlab projects
* support gitlab client
* simplify gitlab detection
Signed-off-by: Raghav Kaul <raghavkaul@google.com>
* fix MakeGitlabRepo
* shortcut when repo url is github.com
* fixes add-projects, validate-projects
Signed-off-by: Raghav Kaul <raghavkaul@google.com>
* Move gitlab repos to release controller
Signed-off-by: Raghav Kaul <raghavkaul@google.com>
* Add csv headers
Signed-off-by: Raghav Kaul <raghavkaul@google.com>
* Use gitlab.WithBaseURL
Signed-off-by: Raghav Kaul <raghavkaul@google.com>
* formatting & logging
Signed-off-by: Raghav Kaul <raghavkaul@google.com>
* remove spurious test
Signed-off-by: Raghav Kaul <raghavkaul@google.com>
* consolidate logic
Signed-off-by: Raghav Kaul <raghavkaul@google.com>
* Turn on experimental flag
Signed-off-by: Raghav Kaul <raghavkaul@google.com>
* Add projects
Signed-off-by: Raghav Kaul <raghavkaul@google.com>
* Update client
Signed-off-by: Raghav Kaul <raghavkaul@google.com>
* update
Signed-off-by: Raghav Kaul <raghavkaul@google.com>
* update
Signed-off-by: Raghav Kaul <raghavkaul@google.com>
* update
Signed-off-by: Raghav Kaul <raghavkaul@google.com>
* update
Signed-off-by: Raghav Kaul <raghavkaul@google.com>
---------
Signed-off-by: Raghav Kaul <raghavkaul@google.com>
Signed-off-by: Avishay <avishay.balter@gmail.com>
* 🌱 Simplify caching in docker workflow (#3061 )
Signed-off-by: Spencer Schrock <sschrock@google.com>
Signed-off-by: Avishay <avishay.balter@gmail.com>
* 🌱 Bump github/codeql-action from 2.3.3 to 2.3.4 (#3064 )
Bumps [github/codeql-action](https://github.com/github/codeql-action ) from 2.3.3 to 2.3.4.
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](29b1f65c5e...f0e3dfb303🌱 Bump cloud.google.com/go/pubsub from 1.30.1 to 1.31.0 (#3065 )
Bumps [cloud.google.com/go/pubsub](https://github.com/googleapis/google-cloud-go ) from 1.30.1 to 1.31.0.
- [Release notes](https://github.com/googleapis/google-cloud-go/releases )
- [Changelog](https://github.com/googleapis/google-cloud-go/blob/main/CHANGES.md )
- [Commits](https://github.com/googleapis/google-cloud-go/compare/pubsub/v1.30.1...pubsub/v1.31.0 )
---
updated-dependencies:
- dependency-name: cloud.google.com/go/pubsub
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Signed-off-by: Avishay <avishay.balter@gmail.com>
* 🐛 gitlab: cron (#3070 )
Signed-off-by: Raghav Kaul <raghavkaul@google.com>
Signed-off-by: Avishay <avishay.balter@gmail.com>
* 🌱 Bump github/codeql-action from 2.3.4 to 2.3.5 (#3072 )
Bumps [github/codeql-action](https://github.com/github/codeql-action ) from 2.3.4 to 2.3.5.
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](f0e3dfb303...0225834cc5🌱 Bump tj-actions/changed-files from 35.9.2 to 36.0.3 (#3071 )
Bumps [tj-actions/changed-files](https://github.com/tj-actions/changed-files ) from 35.9.2 to 36.0.3.
- [Release notes](https://github.com/tj-actions/changed-files/releases )
- [Changelog](https://github.com/tj-actions/changed-files/blob/main/HISTORY.md )
- [Commits](b2d17f5124...25eaddf37a🐛 Gitlab status updates (#3052 )
* doc: Updating gitlab support validation status
Signed-off-by: Robison, Jim B <jim.b.robison@lmco.com>
* bug: Updated logic for gitlab to prevent exceptions based on releases
Signed-off-by: Robison, Jim B <jim.b.robison@lmco.com>
* test: Added initial tests for gitlab branches
Signed-off-by: Robison, Jim B <jim.b.robison@lmco.com>
* doc: Updated general README
Signed-off-by: Robison, Jim B <jim.b.robison@lmco.com>
* refactor: Cleaned up the query for pipelines to be focused on the commitID
Signed-off-by: Robison, Jim B <jim.b.robison@lmco.com>
* feat: Allowed for a non-graphql method of retrieving MRs associated to a commit
Signed-off-by: Robison, Jim B <jim.b.robison@lmco.com>
* doc: Updated status for the CI-Tests
Signed-off-by: Robison, Jim B <jim.b.robison@lmco.com>
* bug: Updated the host url for graphql querying. This enabled the removal of the code added for handling empty returns when executing against a non-gitlab.com repository.
Signed-off-by: Robison, Jim B <jim.b.robison@lmco.com>
---------
Signed-off-by: Robison, Jim B <jim.b.robison@lmco.com>
Co-authored-by: Raghav Kaul <8695110+raghavkaul@users.noreply.github.com>
Signed-off-by: Avishay <avishay.balter@gmail.com>
* 🌱 Bump github.com/sigstore/rekor from 1.1.1 to 1.2.0 in /tools (#3079 )
Bumps [github.com/sigstore/rekor](https://github.com/sigstore/rekor ) from 1.1.1 to 1.2.0.
- [Release notes](https://github.com/sigstore/rekor/releases )
- [Changelog](https://github.com/sigstore/rekor/blob/main/CHANGELOG.md )
- [Commits](https://github.com/sigstore/rekor/compare/v1.1.1...v1.2.0 )
---
updated-dependencies:
- dependency-name: github.com/sigstore/rekor
dependency-type: indirect
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Signed-off-by: Avishay <avishay.balter@gmail.com>
* get nuget latest version from registration URL
Signed-off-by: Avishay <avishay.balter@gmail.com>
* better coverage
Signed-off-by: Avishay <avishay.balter@gmail.com>
* sign
Signed-off-by: Avishay <avishay.balter@gmail.com>
* fix tests
Signed-off-by: Avishay <avishay.balter@gmail.com>
* more tests
Signed-off-by: Avishay <avishay.balter@gmail.com>
* client tests
Signed-off-by: Avishay <avishay.balter@gmail.com>
* lint
Signed-off-by: Avishay <avishay.balter@gmail.com>
* Apply suggestions from code review
Co-authored-by: Joel Verhagen <joel.verhagen@gmail.com>
Signed-off-by: Avishay Balter <avishay.balter@gmail.com>
Signed-off-by: Avishay <avishay.balter@gmail.com>
* 🌱 Bump golang from `685a22e` to `690e413` (#3080 )
Bumps golang from `685a22e` to `690e413`.
---
updated-dependencies:
- dependency-name: golang
dependency-type: direct:production
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Signed-off-by: Avishay <avishay.balter@gmail.com>
* 🌱 Bump golang from `685a22e` to `690e413` in /cron/internal/cii
Bumps golang from `685a22e` to `690e413`.
---
updated-dependencies:
- dependency-name: golang
dependency-type: direct:production
...
Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: Avishay <avishay.balter@gmail.com>
* 🌱 Bump golang in /cron/internal/controller
Bumps golang from `685a22e` to `690e413`.
---
updated-dependencies:
- dependency-name: golang
dependency-type: direct:production
...
Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: Avishay <avishay.balter@gmail.com>
* 🌱 Bump golang in /cron/internal/worker
Bumps golang from `685a22e` to `690e413`.
---
updated-dependencies:
- dependency-name: golang
dependency-type: direct:production
...
Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: Avishay <avishay.balter@gmail.com>
* 🌱 Bump golang in /clients/githubrepo/roundtripper/tokens/server
Bumps golang from `685a22e` to `690e413`.
---
updated-dependencies:
- dependency-name: golang
dependency-type: direct:production
...
Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: Avishay <avishay.balter@gmail.com>
* 🌱 Bump golang in /cron/internal/webhook
Bumps golang from `685a22e` to `690e413`.
---
updated-dependencies:
- dependency-name: golang
dependency-type: direct:production
...
Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: Avishay <avishay.balter@gmail.com>
* 🌱 Bump golang from `685a22e` to `690e413` in /cron/internal/bq
Bumps golang from `685a22e` to `690e413`.
---
updated-dependencies:
- dependency-name: golang
dependency-type: direct:production
...
Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: Avishay <avishay.balter@gmail.com>
* 🌱 Bump arduino/setup-protoc from 1.2.0 to 1.3.0 (#3089 )
Bumps [arduino/setup-protoc](https://github.com/arduino/setup-protoc ) from 1.2.0 to 1.3.0.
- [Release notes](https://github.com/arduino/setup-protoc/releases )
- [Commits](4b3578161e...149f6c87b9🌱 Bump tj-actions/changed-files from 36.0.3 to 36.0.9 (#3088 )
Bumps [tj-actions/changed-files](https://github.com/tj-actions/changed-files ) from 36.0.3 to 36.0.9.
- [Release notes](https://github.com/tj-actions/changed-files/releases )
- [Changelog](https://github.com/tj-actions/changed-files/blob/main/HISTORY.md )
- [Commits](25eaddf37a...cf4fe8759a#3090 )
tensorflow/tensorflow is huge and was slowing down tests.
Also removed the rust e2e tests because they're already present as unit tests.
Signed-off-by: Spencer Schrock <sschrock@google.com>
Signed-off-by: Avishay <avishay.balter@gmail.com>
* 🌱 Bump github.com/onsi/ginkgo/v2 from 2.9.5 to 2.9.7 in /tools (#3094 )
Bumps [github.com/onsi/ginkgo/v2](https://github.com/onsi/ginkgo ) from 2.9.5 to 2.9.7.
- [Release notes](https://github.com/onsi/ginkgo/releases )
- [Changelog](https://github.com/onsi/ginkgo/blob/master/CHANGELOG.md )
- [Commits](https://github.com/onsi/ginkgo/compare/v2.9.5...v2.9.7 )
---
updated-dependencies:
- dependency-name: github.com/onsi/ginkgo/v2
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Signed-off-by: Avishay <avishay.balter@gmail.com>
* 🌱 Bump github.com/onsi/ginkgo/v2 from 2.9.5 to 2.9.7 (#3093 )
Bumps [github.com/onsi/ginkgo/v2](https://github.com/onsi/ginkgo ) from 2.9.5 to 2.9.7.
- [Release notes](https://github.com/onsi/ginkgo/releases )
- [Changelog](https://github.com/onsi/ginkgo/blob/master/CHANGELOG.md )
- [Commits](https://github.com/onsi/ginkgo/compare/v2.9.5...v2.9.7 )
---
updated-dependencies:
- dependency-name: github.com/onsi/ginkgo/v2
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Signed-off-by: Avishay <avishay.balter@gmail.com>
* 🌱 Bump actions/dependency-review-action from 3.0.4 to 3.0.6 (#3104 )
Bumps [actions/dependency-review-action](https://github.com/actions/dependency-review-action ) from 3.0.4 to 3.0.6.
- [Release notes](https://github.com/actions/dependency-review-action/releases )
- [Commits](f46c48ed6d...1360a344cc🌱 Bump tj-actions/changed-files from 36.0.9 to 36.0.12 (#3108 )
Bumps [tj-actions/changed-files](https://github.com/tj-actions/changed-files ) from 36.0.9 to 36.0.12.
- [Release notes](https://github.com/tj-actions/changed-files/releases )
- [Changelog](https://github.com/tj-actions/changed-files/blob/main/HISTORY.md )
- [Commits](cf4fe8759a...5978e5a2df🌱 Bump github.com/xanzy/go-gitlab from 0.83.0 to 0.84.0 (#3106 )
Bumps [github.com/xanzy/go-gitlab](https://github.com/xanzy/go-gitlab ) from 0.83.0 to 0.84.0.
- [Changelog](https://github.com/xanzy/go-gitlab/blob/master/releases_test.go )
- [Commits](https://github.com/xanzy/go-gitlab/compare/v0.83.0...v0.84.0 )
---
updated-dependencies:
- dependency-name: github.com/xanzy/go-gitlab
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Signed-off-by: Avishay <avishay.balter@gmail.com>
* 🌱 Bump golang.org/x/tools from 0.9.1 to 0.9.2
Bumps [golang.org/x/tools](https://github.com/golang/tools ) from 0.9.1 to 0.9.2.
- [Release notes](https://github.com/golang/tools/releases )
- [Commits](https://github.com/golang/tools/compare/v0.9.1...v0.9.2 )
---
updated-dependencies:
- dependency-name: golang.org/x/tools
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: Avishay <avishay.balter@gmail.com>
* ✨ GitLab: enable more checks in cron (#3097 )
* Enable checks
* Binary-Artifacts
* Code-Review
* License
* Vulnerabilities
Signed-off-by: Raghav Kaul <raghavkaul@google.com>
* Enable more checks
* CII Best Practices
* Fuzzing
* Maintained
* Packaging
* Pinned-Dependencies
* Signed-Releases
Signed-off-by: Raghav Kaul <raghavkaul@google.com>
* update repo name
Signed-off-by: Raghav Kaul <raghavkaul@google.com>
---------
Signed-off-by: Raghav Kaul <raghavkaul@google.com>
Signed-off-by: Avishay <avishay.balter@gmail.com>
* 📖 agenda link change (#3111 )
Signed-off-by: Amanda L Martin <hythloda@gmail.com>
Signed-off-by: Avishay <avishay.balter@gmail.com>
* 🌱 Bump github/codeql-action from 2.3.5 to 2.3.6 (#3112 )
Bumps [github/codeql-action](https://github.com/github/codeql-action ) from 2.3.5 to 2.3.6.
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](0225834cc5...83f0fe6c49🌱 Bump tj-actions/changed-files from 36.0.12 to 36.0.15 (#3116 )
Bumps [tj-actions/changed-files](https://github.com/tj-actions/changed-files ) from 36.0.12 to 36.0.15.
- [Release notes](https://github.com/tj-actions/changed-files/releases )
- [Changelog](https://github.com/tj-actions/changed-files/blob/main/HISTORY.md )
- [Commits](5978e5a2df...5d2fcdb4cb🌱 Bump golang.org/x/tools from 0.9.2 to 0.9.3
Bumps [golang.org/x/tools](https://github.com/golang/tools ) from 0.9.2 to 0.9.3.
- [Release notes](https://github.com/golang/tools/releases )
- [Commits](https://github.com/golang/tools/compare/v0.9.2...v0.9.3 )
---
updated-dependencies:
- dependency-name: golang.org/x/tools
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: Avishay <avishay.balter@gmail.com>
* 🌱 Unit tests for option (#3109 )
- Add flags for repo, local, commit, log level, NPM, PyPI, RubyGems, metadata, show details, checks to run, policy file, and format
- Add tests for checks to run and format flags
Signed-off-by: naveensrinivasan <172697+naveensrinivasan@users.noreply.github.com>
Signed-off-by: Avishay <avishay.balter@gmail.com>
* 🌱 GitLab: add gitlab auth token to cron worker env (#3117 )
Signed-off-by: Raghav Kaul <raghavkaul@google.com>
Signed-off-by: Avishay <avishay.balter@gmail.com>
* Don't run pat e2e on dependabot merges (#3119 )
Signed-off-by: Raghav Kaul <raghavkaul@google.com>
Signed-off-by: Avishay <avishay.balter@gmail.com>
* ✨ Detect fast-check PBT library for fuzz section (#3073 )
* ✨ Detect fast-check PBT library for fuzz section
As suggested at https://github.com/ossf/scorecard/issues/2792#issuecomment-1562007596 , we add support for the detection of fast-check as a possible fuzzing solution.
I also adapted the documentation related to fuzzing accordingly.
Signed-off-by: Nicolas DUBIEN <github@dubien.org>
* Typo
Signed-off-by: Nicolas DUBIEN <github@dubien.org>
* Update missing md files
Signed-off-by: Nicolas DUBIEN <github@dubien.org>
---------
Signed-off-by: Nicolas DUBIEN <github@dubien.org>
Signed-off-by: Avishay <avishay.balter@gmail.com>
* 🌱 temporarily disable failing e2e tests so we don't block all PRs. (#3130 )
Signed-off-by: Spencer Schrock <sschrock@google.com>
Signed-off-by: Avishay <avishay.balter@gmail.com>
* pr comments
Signed-off-by: Avishay <avishay.balter@gmail.com>
* 🌱 Bump github.com/sirupsen/logrus from 1.9.2 to 1.9.3 (#3121 )
Bumps [github.com/sirupsen/logrus](https://github.com/sirupsen/logrus ) from 1.9.2 to 1.9.3.
- [Release notes](https://github.com/sirupsen/logrus/releases )
- [Changelog](https://github.com/sirupsen/logrus/blob/master/CHANGELOG.md )
- [Commits](https://github.com/sirupsen/logrus/compare/v1.9.2...v1.9.3 )
---
updated-dependencies:
- dependency-name: github.com/sirupsen/logrus
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Signed-off-by: Avishay <avishay.balter@gmail.com>
* i🌱 Ignore all pb files for test (#3127 )
- Update .codecov.yml to ignore additional files
Signed-off-by: naveensrinivasan <172697+naveensrinivasan@users.noreply.github.com>
Signed-off-by: Avishay <avishay.balter@gmail.com>
* 🌱 Deprecate dependencydiff package and add access token requirement (#3125 )
- Deprecate the `dependencydiff` package and the `GetDependencyDiffResults` function
- Add a line to the `.codecov.yml` to ignore the `dependencydiff` package
Signed-off-by: naveensrinivasan <172697+naveensrinivasan@users.noreply.github.com>
Signed-off-by: Avishay <avishay.balter@gmail.com>
* ✨ [experimental] Support for new `--format probe` (#3048 )
* update
Signed-off-by: laurentsimon <laurentsimon@google.com>
* update
Signed-off-by: laurentsimon <laurentsimon@google.com>
* update
Signed-off-by: laurentsimon <laurentsimon@google.com>
* update
Signed-off-by: laurentsimon <laurentsimon@google.com>
* update
Signed-off-by: laurentsimon <laurentsimon@google.com>
* update
Signed-off-by: laurentsimon <laurentsimon@google.com>
* update
Signed-off-by: laurentsimon <laurentsimon@google.com>
* update
Signed-off-by: laurentsimon <laurentsimon@google.com>
* update
Signed-off-by: laurentsimon <laurentsimon@google.com>
* update
Signed-off-by: laurentsimon <laurentsimon@google.com>
* update
Signed-off-by: laurentsimon <laurentsimon@google.com>
* update
Signed-off-by: laurentsimon <laurentsimon@google.com>
* update
Signed-off-by: laurentsimon <laurentsimon@google.com>
* update
Signed-off-by: laurentsimon <laurentsimon@google.com>
* update
Signed-off-by: laurentsimon <laurentsimon@google.com>
* update
Signed-off-by: laurentsimon <laurentsimon@google.com>
* update
Signed-off-by: laurentsimon <laurentsimon@google.com>
---------
Signed-off-by: laurentsimon <laurentsimon@google.com>
Signed-off-by: Avishay <avishay.balter@gmail.com>
* 🌱 Bump distroless/base (#3122 )
Bumps distroless/base from `10985f0` to `c623859`.
---
updated-dependencies:
- dependency-name: distroless/base
dependency-type: direct:production
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Signed-off-by: Avishay <avishay.balter@gmail.com>
* 🌱 Ignore deprecation warning for dependencydiff tests. (#3136 )
Signed-off-by: Spencer Schrock <sschrock@google.com>
Signed-off-by: Avishay <avishay.balter@gmail.com>
* 🌱 Bump tj-actions/changed-files from 36.0.15 to 36.0.18
Bumps [tj-actions/changed-files](https://github.com/tj-actions/changed-files ) from 36.0.15 to 36.0.18.
- [Release notes](https://github.com/tj-actions/changed-files/releases )
- [Changelog](https://github.com/tj-actions/changed-files/blob/main/HISTORY.md )
- [Commits](5d2fcdb4cb...07e0177b72🌱 Bump github.com/onsi/ginkgo/v2 from 2.9.7 to 2.10.0 in /tools (#3135 )
Bumps [github.com/onsi/ginkgo/v2](https://github.com/onsi/ginkgo ) from 2.9.7 to 2.10.0.
- [Release notes](https://github.com/onsi/ginkgo/releases )
- [Changelog](https://github.com/onsi/ginkgo/blob/master/CHANGELOG.md )
- [Commits](https://github.com/onsi/ginkgo/compare/v2.9.7...v2.10.0 )
---
updated-dependencies:
- dependency-name: github.com/onsi/ginkgo/v2
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Signed-off-by: Avishay <avishay.balter@gmail.com>
* 🌱 Bump github.com/google/osv-scanner from 1.3.3 to 1.3.4
Bumps [github.com/google/osv-scanner](https://github.com/google/osv-scanner ) from 1.3.3 to 1.3.4.
- [Release notes](https://github.com/google/osv-scanner/releases )
- [Changelog](https://github.com/google/osv-scanner/blob/main/CHANGELOG.md )
- [Commits](https://github.com/google/osv-scanner/compare/v1.3.3...v1.3.4 )
---
updated-dependencies:
- dependency-name: github.com/google/osv-scanner
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: Avishay <avishay.balter@gmail.com>
* 🌱 Bump github.com/onsi/ginkgo/v2 from 2.9.7 to 2.10.0
Bumps [github.com/onsi/ginkgo/v2](https://github.com/onsi/ginkgo ) from 2.9.7 to 2.10.0.
- [Release notes](https://github.com/onsi/ginkgo/releases )
- [Changelog](https://github.com/onsi/ginkgo/blob/master/CHANGELOG.md )
- [Commits](https://github.com/onsi/ginkgo/compare/v2.9.7...v2.10.0 )
---
updated-dependencies:
- dependency-name: github.com/onsi/ginkgo/v2
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: Avishay <avishay.balter@gmail.com>
* 🌱 Bump github.com/onsi/gomega from 1.27.7 to 1.27.8
Bumps [github.com/onsi/gomega](https://github.com/onsi/gomega ) from 1.27.7 to 1.27.8.
- [Release notes](https://github.com/onsi/gomega/releases )
- [Changelog](https://github.com/onsi/gomega/blob/master/CHANGELOG.md )
- [Commits](https://github.com/onsi/gomega/compare/v1.27.7...v1.27.8 )
---
updated-dependencies:
- dependency-name: github.com/onsi/gomega
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: Avishay <avishay.balter@gmail.com>
* 🌱 Bump slsa-framework/slsa-github-generator from 1.6.0 to 1.7.0 (#3139 )
Bumps [slsa-framework/slsa-github-generator](https://github.com/slsa-framework/slsa-github-generator ) from 1.6.0 to 1.7.0.
- [Release notes](https://github.com/slsa-framework/slsa-github-generator/releases )
- [Changelog](https://github.com/slsa-framework/slsa-github-generator/blob/main/CHANGELOG.md )
- [Commits](https://github.com/slsa-framework/slsa-github-generator/compare/v1.6.0...v1.7.0 )
---
updated-dependencies:
- dependency-name: slsa-framework/slsa-github-generator
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Signed-off-by: Avishay <avishay.balter@gmail.com>
* 🌱 Increase test coverage for finding outcomes (#3142 )
* Increase test coverage for finding outcomes
- Add tests for Outcome UnmarshalYAML function in `finding/finding_test.go`
Signed-off-by: naveensrinivasan <172697+naveensrinivasan@users.noreply.github.com>
* Updates based on Codereview
- Update `Outcome` variable in `finding/finding_test.go`
- Add `t.Parallel()` for test parallelization
- Add comparison using `cmp.Diff` to test for mismatches
- Update test cases for various outcomes
Signed-off-by: naveensrinivasan <172697+naveensrinivasan@users.noreply.github.com>
---------
Signed-off-by: naveensrinivasan <172697+naveensrinivasan@users.noreply.github.com>
Signed-off-by: Avishay <avishay.balter@gmail.com>
* 🌱 Bump tj-actions/changed-files from 36.0.18 to 36.1.0 (#3143 )
Bumps [tj-actions/changed-files](https://github.com/tj-actions/changed-files ) from 36.0.18 to 36.1.0.
- [Release notes](https://github.com/tj-actions/changed-files/releases )
- [Changelog](https://github.com/tj-actions/changed-files/blob/main/HISTORY.md )
- [Commits](07e0177b72...fb20f4d248🌱 Re-enable skipped e2e tests. Switch to smaller code review repo. (#3144 )
* re-enable skipped ci test
Signed-off-by: Spencer Schrock <sschrock@google.com>
* re-enable skipped attestor test. switch to ossf-tests repo
Signed-off-by: Spencer Schrock <sschrock@google.com>
* remove extra policies from tests that only look at code review.
Signed-off-by: Spencer Schrock <sschrock@google.com>
* remove unneeded policies from binary artifact tests.
Signed-off-by: Spencer Schrock <sschrock@google.com>
---------
Signed-off-by: Spencer Schrock <sschrock@google.com>
Signed-off-by: Avishay <avishay.balter@gmail.com>
* add license header
Signed-off-by: Avishay <avishay.balter@gmail.com>
* pr comments
Signed-off-by: Avishay <avishay.balter@gmail.com>
* making the packages internal
Signed-off-by: Avishay <avishay.balter@gmail.com>
* generate mocks
Signed-off-by: Avishay <avishay.balter@gmail.com>
---------
Signed-off-by: Avishay <avishay.balter@gmail.com>
Signed-off-by: Avishay Balter <avishay.balter@gmail.com>
2023-06-15 16:13:41 -07:00
Naveen
13162b7ef6
🌱 Unit tests for option ( #3109 )
...
- Add flags for repo, local, commit, log level, NPM, PyPI, RubyGems, metadata, show details, checks to run, policy file, and format
- Add tests for checks to run and format flags
Signed-off-by: naveensrinivasan <172697+naveensrinivasan@users.noreply.github.com>
2023-06-02 19:31:06 +00:00
laurentsimon
813e9c6492
✨ Add a new format for details ( #2917 )
...
* update
Signed-off-by: laurentsimon <laurentsimon@google.com>
* update
Signed-off-by: laurentsimon <laurentsimon@google.com>
* update
Signed-off-by: laurentsimon <laurentsimon@google.com>
* update
Signed-off-by: laurentsimon <laurentsimon@google.com>
* update
Signed-off-by: laurentsimon <laurentsimon@google.com>
---------
Signed-off-by: laurentsimon <laurentsimon@google.com>
2023-04-26 11:25:52 -07:00
laurentsimon
ed556949d8
✨ Support for GitHub's internal integration ( #2773 )
...
* update
Signed-off-by: laurentsimon <laurentsimon@google.com>
* update
Signed-off-by: laurentsimon <laurentsimon@google.com>
* update
Signed-off-by: laurentsimon <laurentsimon@google.com>
* update
Signed-off-by: laurentsimon <laurentsimon@google.com>
* update
Signed-off-by: laurentsimon <laurentsimon@google.com>
* update
Signed-off-by: laurentsimon <laurentsimon@google.com>
---------
Signed-off-by: laurentsimon <laurentsimon@google.com>
2023-03-22 21:40:00 +00:00
laurentsimon
2ea140a3ee
✨ Structured results for permissions ( #2584 )
...
* update
Signed-off-by: laurentsimon <laurentsimon@google.com>
* update
Signed-off-by: laurentsimon <laurentsimon@google.com>
* update
Signed-off-by: laurentsimon <laurentsimon@google.com>
* update
Signed-off-by: laurentsimon <laurentsimon@google.com>
* update
Signed-off-by: laurentsimon <laurentsimon@google.com>
* update
Signed-off-by: laurentsimon <laurentsimon@google.com>
* update
Signed-off-by: laurentsimon <laurentsimon@google.com>
* update
Signed-off-by: laurentsimon <laurentsimon@google.com>
* update
Signed-off-by: laurentsimon <laurentsimon@google.com>
* update
Signed-off-by: laurentsimon <laurentsimon@google.com>
* update
Signed-off-by: laurentsimon <laurentsimon@google.com>
* update
Signed-off-by: laurentsimon <laurentsimon@google.com>
* update
Signed-off-by: laurentsimon <laurentsimon@google.com>
* update
Signed-off-by: laurentsimon <laurentsimon@google.com>
* Update checks/evaluation/permissions/GitHubWorkflowPermissionsTopNoWrite.yml
Co-authored-by: Joyce <joycebrumu.u@gmail.com>
Signed-off-by: laurentsimon <64505099+laurentsimon@users.noreply.github.com>
* update
Signed-off-by: laurentsimon <laurentsimon@google.com>
* Update checks/evaluation/permissions/GitHubWorkflowPermissionsStepsNoWrite.yml
Co-authored-by: Joyce <joycebrumu.u@gmail.com>
Signed-off-by: laurentsimon <64505099+laurentsimon@users.noreply.github.com>
* Update checks/evaluation/permissions/GitHubWorkflowPermissionsStepsNoWrite.yml
Co-authored-by: Joyce <joycebrumu.u@gmail.com>
Signed-off-by: laurentsimon <64505099+laurentsimon@users.noreply.github.com>
* Update checks/evaluation/permissions/GitHubWorkflowPermissionsStepsNoWrite.yml
Co-authored-by: Joyce <joycebrumu.u@gmail.com>
Signed-off-by: laurentsimon <64505099+laurentsimon@users.noreply.github.com>
* update
Signed-off-by: laurentsimon <laurentsimon@google.com>
* update
Signed-off-by: laurentsimon <laurentsimon@google.com>
* update
Signed-off-by: laurentsimon <laurentsimon@google.com>
* update
Signed-off-by: laurentsimon <laurentsimon@google.com>
* update
Signed-off-by: laurentsimon <laurentsimon@google.com>
* update
Signed-off-by: laurentsimon <laurentsimon@google.com>
* update
Signed-off-by: laurentsimon <laurentsimon@google.com>
* update
Signed-off-by: laurentsimon <laurentsimon@google.com>
* update
Signed-off-by: laurentsimon <laurentsimon@google.com>
* update
Signed-off-by: laurentsimon <laurentsimon@google.com>
* update
Signed-off-by: laurentsimon <laurentsimon@google.com>
* update
Signed-off-by: laurentsimon <laurentsimon@google.com>
* update
Signed-off-by: laurentsimon <laurentsimon@google.com>
* update
Signed-off-by: laurentsimon <laurentsimon@google.com>
* update
Signed-off-by: laurentsimon <laurentsimon@google.com>
* update
Signed-off-by: laurentsimon <laurentsimon@google.com>
---------
Signed-off-by: laurentsimon <laurentsimon@google.com>
Signed-off-by: laurentsimon <64505099+laurentsimon@users.noreply.github.com>
Co-authored-by: Joyce <joycebrumu.u@gmail.com>
2023-01-30 18:41:36 -08:00
Arnaud J Le Hors
f50cb9aac6
Fix copyright notices ( #2514 )
...
Signed-off-by: Arnaud J Le Hors <lehors@us.ibm.com>
Signed-off-by: Arnaud J Le Hors <lehors@us.ibm.com>
2022-12-02 09:05:57 -06:00
Arnaud J Le Hors
2169bc44c7
Use new project name in Copyright notices ( #2505 )
...
Signed-off-by: Arnaud J Le Hors <lehors@us.ibm.com>
Signed-off-by: Arnaud J Le Hors <lehors@us.ibm.com>
2022-12-01 15:08:48 -08:00
Latortuga
f9f910d437
✨ Commit depth feature ( #2407 )
...
* 🌱 Bump actions/dependency-review-action from 2.4.1 to 2.5.1
Bumps [actions/dependency-review-action](https://github.com/actions/dependency-review-action ) from 2.4.1 to 2.5.1.
- [Release notes](https://github.com/actions/dependency-review-action/releases )
- [Commits](9c96258789...0efb1d1d84🌱 Bump github.com/spf13/cobra from 1.6.0 to 1.6.1 (#2397 )
Bumps [github.com/spf13/cobra](https://github.com/spf13/cobra ) from 1.6.0 to 1.6.1.
- [Release notes](https://github.com/spf13/cobra/releases )
- [Commits](https://github.com/spf13/cobra/compare/v1.6.0...v1.6.1 )
---
updated-dependencies:
- dependency-name: github.com/spf13/cobra
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Signed-off-by: latortuga71 <christopheralonso1@gmail.com>
* 🌱 Bump github.com/onsi/ginkgo/v2 from 2.1.6 to 2.4.0
Bumps [github.com/onsi/ginkgo/v2](https://github.com/onsi/ginkgo ) from 2.1.6 to 2.4.0.
- [Release notes](https://github.com/onsi/ginkgo/releases )
- [Changelog](https://github.com/onsi/ginkgo/blob/master/CHANGELOG.md )
- [Commits](https://github.com/onsi/ginkgo/compare/v2.1.6...v2.4.0 )
---
updated-dependencies:
- dependency-name: github.com/onsi/ginkgo/v2
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: latortuga71 <christopheralonso1@gmail.com>
* 🌱 Bump cloud.google.com/go/pubsub from 1.25.1 to 1.26.0
Bumps [cloud.google.com/go/pubsub](https://github.com/googleapis/google-cloud-go ) from 1.25.1 to 1.26.0.
- [Release notes](https://github.com/googleapis/google-cloud-go/releases )
- [Changelog](https://github.com/googleapis/google-cloud-go/blob/main/CHANGES.md )
- [Commits](https://github.com/googleapis/google-cloud-go/compare/pubsub/v1.25.1...pubsub/v1.26.0 )
---
updated-dependencies:
- dependency-name: cloud.google.com/go/pubsub
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: latortuga71 <christopheralonso1@gmail.com>
* 🌱 Bump github.com/xanzy/go-gitlab from 0.73.1 to 0.74.0
Bumps [github.com/xanzy/go-gitlab](https://github.com/xanzy/go-gitlab ) from 0.73.1 to 0.74.0.
- [Release notes](https://github.com/xanzy/go-gitlab/releases )
- [Changelog](https://github.com/xanzy/go-gitlab/blob/master/releases_test.go )
- [Commits](https://github.com/xanzy/go-gitlab/compare/v0.73.1...v0.74.0 )
---
updated-dependencies:
- dependency-name: github.com/xanzy/go-gitlab
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: latortuga71 <christopheralonso1@gmail.com>
* 🌱 Bump github.com/onsi/gomega from 1.20.2 to 1.23.0 (#2409 )
Bumps [github.com/onsi/gomega](https://github.com/onsi/gomega ) from 1.20.2 to 1.23.0.
- [Release notes](https://github.com/onsi/gomega/releases )
- [Changelog](https://github.com/onsi/gomega/blob/master/CHANGELOG.md )
- [Commits](https://github.com/onsi/gomega/compare/v1.20.2...v1.23.0 )
---
updated-dependencies:
- dependency-name: github.com/onsi/gomega
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Signed-off-by: latortuga71 <christopheralonso1@gmail.com>
* 🌱 Bump github.com/onsi/ginkgo/v2 from 2.1.6 to 2.4.0 in /tools
Bumps [github.com/onsi/ginkgo/v2](https://github.com/onsi/ginkgo ) from 2.1.6 to 2.4.0.
- [Release notes](https://github.com/onsi/ginkgo/releases )
- [Changelog](https://github.com/onsi/ginkgo/blob/master/CHANGELOG.md )
- [Commits](https://github.com/onsi/ginkgo/compare/v2.1.6...v2.4.0 )
---
updated-dependencies:
- dependency-name: github.com/onsi/ginkgo/v2
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: latortuga71 <christopheralonso1@gmail.com>
* 🌱 Bump github.com/golangci/golangci-lint in /tools
Bumps [github.com/golangci/golangci-lint](https://github.com/golangci/golangci-lint ) from 1.50.0 to 1.50.1.
- [Release notes](https://github.com/golangci/golangci-lint/releases )
- [Changelog](https://github.com/golangci/golangci-lint/blob/master/CHANGELOG.md )
- [Commits](https://github.com/golangci/golangci-lint/compare/v1.50.0...v1.50.1 )
---
updated-dependencies:
- dependency-name: github.com/golangci/golangci-lint
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: latortuga71 <christopheralonso1@gmail.com>
* 🌱 Bump goreleaser/goreleaser-action from 2.9.1 to 3.2.0 (#2363 )
Bumps [goreleaser/goreleaser-action](https://github.com/goreleaser/goreleaser-action ) from 2.9.1 to 3.2.0.
- [Release notes](https://github.com/goreleaser/goreleaser-action/releases )
- [Commits](b953231f81...b508e2e3ef🌱 Bump github.com/goreleaser/goreleaser in /tools (#2373 )
Bumps [github.com/goreleaser/goreleaser](https://github.com/goreleaser/goreleaser ) from 1.11.5 to 1.12.3.
- [Release notes](https://github.com/goreleaser/goreleaser/releases )
- [Changelog](https://github.com/goreleaser/goreleaser/blob/main/.goreleaser.yaml )
- [Commits](https://github.com/goreleaser/goreleaser/compare/v1.11.5...v1.12.3 )
---
updated-dependencies:
- dependency-name: github.com/goreleaser/goreleaser
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Signed-off-by: latortuga71 <christopheralonso1@gmail.com>
* ✨ CLI for scorecard-attestor (#2309 )
* Reorganize
Signed-off-by: Raghav Kaul <raghavkaul@google.com>
* Working commit
Signed-off-by: Raghav Kaul <raghavkaul@google.com>
* Compile with local scorecard; go mod tidy
Signed-off-by: Raghav Kaul <raghavkaul@google.com>
* Add signing code
Heavily borrowed from https://github.com/grafeas/kritis/blob/master/cmd/kritis/signer/main.go
Signed-off-by: Raghav Kaul <raghavkaul@google.com>
* Update deps
* Naming
* Makefile
Signed-off-by: Raghav Kaul <raghavkaul@google.com>
* Edit license, add lint.yml
Signed-off-by: Raghav Kaul <raghavkaul@google.com>
* checks: go mod tidy, license
Signed-off-by: Raghav Kaul <raghavkaul@google.com>
* Address PR comments
* Split into checker/signer files
* Naming convention
Signed-off-by: Raghav Kaul <raghavkaul@google.com>
* License, remove golangci.yml
Signed-off-by: Raghav Kaul <raghavkaul@google.com>
* Address PR comments
* Use cobra
Signed-off-by: Raghav Kaul <raghavkaul@google.com>
* Add tests for root command
Signed-off-by: Raghav Kaul <raghavkaul@google.com>
* Filter out checks that aren't needed for policy evaluation
Signed-off-by: Raghav Kaul <raghavkaul@google.com>
* Add `make` targets for attestor; submit coverage stats
Signed-off-by: Raghav Kaul <raghavkaul@google.com>
* Improvements
* Use sclog instead of glog
* Remove unneeded subcommands
* Formatting
Signed-off-by: Raghav Kaul <raghavkaul@google.com>
* Flags: Make note-name constant and fix messaging
Signed-off-by: Raghav Kaul <raghavkaul@google.com>
* Remove SupportedRequestTypes
Signed-off-by: Raghav Kaul <raghavkaul@google.com>
* go mod tidy
Signed-off-by: Raghav Kaul <raghavkaul@google.com>
* go mod tidy, makefile
Signed-off-by: Raghav Kaul <raghavkaul@google.com>
* Fix GH actions run
Signed-off-by: Raghav Kaul <raghavkaul@google.com>
Signed-off-by: Raghav Kaul <raghavkaul@google.com>
Signed-off-by: latortuga71 <christopheralonso1@gmail.com>
* fix workflow (#2417 )
Signed-off-by: Spencer Schrock <sschrock@google.com>
Signed-off-by: Spencer Schrock <sschrock@google.com>
Signed-off-by: latortuga71 <christopheralonso1@gmail.com>
* Bump scorecard-action (#2416 )
Signed-off-by: Spencer Schrock <sschrock@google.com>
Signed-off-by: Spencer Schrock <sschrock@google.com>
Signed-off-by: latortuga71 <christopheralonso1@gmail.com>
* Fail unit-test job if codecov upload fails (#2415 )
Signed-off-by: Spencer Schrock <sschrock@google.com>
Signed-off-by: Spencer Schrock <sschrock@google.com>
Signed-off-by: latortuga71 <christopheralonso1@gmail.com>
* 🌱 Enable comparison for alternative isText implementation (#2414 )
* use more performant IsText
Signed-off-by: Spencer Schrock <sschrock@google.com>
* AB test isText implementations
Signed-off-by: Spencer Schrock <sschrock@google.com>
* Add comparison env var to release test.
Signed-off-by: Spencer Schrock <sschrock@google.com>
* go mod tidy for attestor
Signed-off-by: Spencer Schrock <sschrock@google.com>
Signed-off-by: Spencer Schrock <sschrock@google.com>
Signed-off-by: latortuga71 <christopheralonso1@gmail.com>
* 🐛 modify alternative isText to accept carriage returns (#2421 )
* modify IsText from golang.org/x/tools/godoc/util to accept carriage returns.
Signed-off-by: Spencer Schrock <sschrock@google.com>
* add TODO reminder to cleanup after release tests
Signed-off-by: Spencer Schrock <sschrock@google.com>
Signed-off-by: Spencer Schrock <sschrock@google.com>
Signed-off-by: latortuga71 <christopheralonso1@gmail.com>
* 🌱 Bump github.com/onsi/gomega from 1.23.0 to 1.24.0
Bumps [github.com/onsi/gomega](https://github.com/onsi/gomega ) from 1.23.0 to 1.24.0.
- [Release notes](https://github.com/onsi/gomega/releases )
- [Changelog](https://github.com/onsi/gomega/blob/master/CHANGELOG.md )
- [Commits](https://github.com/onsi/gomega/compare/v1.23.0...v1.24.0 )
---
updated-dependencies:
- dependency-name: github.com/onsi/gomega
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: latortuga71 <christopheralonso1@gmail.com>
* 🌱 Bump github/codeql-action from 2.1.29 to 2.1.30
Bumps [github/codeql-action](https://github.com/github/codeql-action ) from 2.1.29 to 2.1.30.
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](ec3cf9c605...18fe527fa8#2422 )
Signed-off-by: Spencer Schrock <sschrock@google.com>
Signed-off-by: Spencer Schrock <sschrock@google.com>
Signed-off-by: latortuga71 <christopheralonso1@gmail.com>
* ✨ Improved Security Policy Check (#2195 )
* ✨ Improved Security Policy Check (#2137 )
* Examines and awards points for linked content (URLs / Emails)
* Examines and awards points for hints of disclosure and vulnerability practices
* Examines and awards points for hints of elaboration of timelines
Signed-off-by: Scott Hissam <shissam@gmail.com>
* Repaired Security Policy to correctly use linked content length for evaluation
Signed-off-by: Scott Hissam <shissam@gmail.com>
* gofmt'ed changes
Signed-off-by: Scott Hissam <shissam@gmail.com>
* Repaired the case in the evaluation which was too sensitive to content length over the length of the linked content for urls and emails
Signed-off-by: Scott Hissam <shissam@gmail.com>
* added unit test cases for the new content-based Security Policy checks
Signed-off-by: Scott Hissam <shissam@gmail.com>
* reverted the direct (mistaken) change to checks.md and updated the checks.yaml for generate-docs
Signed-off-by: Scott Hissam <shissam@gmail.com>
* ✨ Improved Security Policy Check (#2137 ) (revisted based on comments)
* replaced reason strings with log.Info & log.Warn (as seen in --show-details)
* internal assertion check for nil (*pinfo) and empty pfile
* internal switched to FileTypeText over FileTypeSource
* internal implement type SecurityPolicyInformationType/SecurityPolicyInformation revised SecurityPolicyData to support only one file
* revised expected unit-test results and revised unit-test to reflect the new SecurityPolicyData type
Signed-off-by: Scott Hissam <shissam@gmail.com>
* revised the score value based on observation of one *or more* url(s) or one email(s) found; unit tests update accordingly
Signed-off-by: Scott Hissam <shissam@gmail.com>
* revised the score value based on observation of one *or more* url(s) or one email(s) found; unit tests update accordingly
Signed-off-by: Scott Hissam <shissam@gmail.com>
* revised the score value based on observation of one *or more* url(s) or one email(s) found; e2e tests update accordingly
Signed-off-by: Scott Hissam <shissam@gmail.com>
* Addressed PR comments; added telemetry for policy hits in security policy file to track hits by line number
Signed-off-by: Scott Hissam <shissam@gmail.com>
* Resolved merge conflict with checks.yaml
Signed-off-by: Scott Hissam <shissam@gmail.com>
* updated raw results to emit all the raw information for the new security policy check
Signed-off-by: Scott Hissam <shissam@gmail.com>
* Resolved merge conflicts and lint errors with json_raw_results.go
Signed-off-by: Scott Hissam <shissam@gmail.com>
* Addressed review comments to reorganize security policy data struct to support the potential for multiple security policy files.
Signed-off-by: Scott Hissam <shissam@gmail.com>
* Added logic to the security policy to process multiple security policy files only after future improvements to aggregating scoring across such files are designed. For now the security policy behaves as originally designed to stop once one of the expected policy files are found in the repo
Signed-off-by: Scott Hissam <shissam@gmail.com>
* added comments regarding the capacity to support multiple policy files and removed unneeded break statements in the code
Signed-off-by: Scott Hissam <shissam@gmail.com>
* Addressed review comments to remove the dependency on the path in the filename from the code and introduced FileSize to checker.File type and removed the SecurityContentLength which was used to hold that information for the new security policy assessment
Signed-off-by: Scott Hissam <shissam@gmail.com>
* restored reporting full security policy path and filename for policies found in the org level repos
Signed-off-by: Scott Hissam <shissam@gmail.com>
* Resolved conflicts in checks.yaml for documentation
Signed-off-by: Scott Hissam <shissam@gmail.com>
* ✨ CLI for scorecard-attestor (#2309 )
* Reorganize
Signed-off-by: Raghav Kaul <raghavkaul@google.com>
* Working commit
Signed-off-by: Raghav Kaul <raghavkaul@google.com>
* Compile with local scorecard; go mod tidy
Signed-off-by: Raghav Kaul <raghavkaul@google.com>
* Add signing code
Heavily borrowed from https://github.com/grafeas/kritis/blob/master/cmd/kritis/signer/main.go
Signed-off-by: Raghav Kaul <raghavkaul@google.com>
* Update deps
* Naming
* Makefile
Signed-off-by: Raghav Kaul <raghavkaul@google.com>
* Edit license, add lint.yml
Signed-off-by: Raghav Kaul <raghavkaul@google.com>
* checks: go mod tidy, license
Signed-off-by: Raghav Kaul <raghavkaul@google.com>
* Address PR comments
* Split into checker/signer files
* Naming convention
Signed-off-by: Raghav Kaul <raghavkaul@google.com>
* License, remove golangci.yml
Signed-off-by: Raghav Kaul <raghavkaul@google.com>
* Address PR comments
* Use cobra
Signed-off-by: Raghav Kaul <raghavkaul@google.com>
* Add tests for root command
Signed-off-by: Raghav Kaul <raghavkaul@google.com>
* Filter out checks that aren't needed for policy evaluation
Signed-off-by: Raghav Kaul <raghavkaul@google.com>
* Add `make` targets for attestor; submit coverage stats
Signed-off-by: Raghav Kaul <raghavkaul@google.com>
* Improvements
* Use sclog instead of glog
* Remove unneeded subcommands
* Formatting
Signed-off-by: Raghav Kaul <raghavkaul@google.com>
* Flags: Make note-name constant and fix messaging
Signed-off-by: Raghav Kaul <raghavkaul@google.com>
* Remove SupportedRequestTypes
Signed-off-by: Raghav Kaul <raghavkaul@google.com>
* go mod tidy
Signed-off-by: Raghav Kaul <raghavkaul@google.com>
* go mod tidy, makefile
Signed-off-by: Raghav Kaul <raghavkaul@google.com>
* Fix GH actions run
Signed-off-by: Raghav Kaul <raghavkaul@google.com>
Signed-off-by: Raghav Kaul <raghavkaul@google.com>
Signed-off-by: Scott Hissam <shissam@gmail.com>
* removed whitespace before stanza for Run attestor e2e
Signed-off-by: Scott Hissam <shissam@gmail.com>
* resolved code review and doc review comments
Signed-off-by: Scott Hissam <shissam@gmail.com>
* repaired the link for the maintainer's guide for supporting the coordinated vulnerability disclosure guidelines
Signed-off-by: Scott Hissam <shissam@gmail.com>
Signed-off-by: Scott Hissam <shissam@gmail.com>
Signed-off-by: latortuga71 <christopheralonso1@gmail.com>
* 🌱 Bump github/codeql-action from 2.1.30 to 2.1.31 (#2431 )
Bumps [github/codeql-action](https://github.com/github/codeql-action ) from 2.1.30 to 2.1.31.
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](18fe527fa8...c3b6fce4ee#2433 )
Signed-off-by: Spencer Schrock <sschrock@google.com>
Signed-off-by: Spencer Schrock <sschrock@google.com>
Signed-off-by: latortuga71 <christopheralonso1@gmail.com>
* modified tests,InitRepo Function, Added GetCommitDepth Function to Client Interface
Signed-off-by: latortuga71 <christopheralonso1@gmail.com>
* removed getcommitdepth function
Signed-off-by: latortuga71 <christopheralonso1@gmail.com>
* added TODO
Signed-off-by: latortuga71 <christopheralonso1@gmail.com>
* 🌱 Bump github.com/onsi/ginkgo/v2 from 2.4.0 to 2.5.0 in /tools (#2436 )
Bumps [github.com/onsi/ginkgo/v2](https://github.com/onsi/ginkgo ) from 2.4.0 to 2.5.0.
- [Release notes](https://github.com/onsi/ginkgo/releases )
- [Changelog](https://github.com/onsi/ginkgo/blob/master/CHANGELOG.md )
- [Commits](https://github.com/onsi/ginkgo/compare/v2.4.0...v2.5.0 )
---
updated-dependencies:
- dependency-name: github.com/onsi/ginkgo/v2
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Signed-off-by: latortuga71 <christopheralonso1@gmail.com>
* 🌱 Bump github.com/onsi/ginkgo/v2 from 2.4.0 to 2.5.0
Bumps [github.com/onsi/ginkgo/v2](https://github.com/onsi/ginkgo ) from 2.4.0 to 2.5.0.
- [Release notes](https://github.com/onsi/ginkgo/releases )
- [Changelog](https://github.com/onsi/ginkgo/blob/master/CHANGELOG.md )
- [Commits](https://github.com/onsi/ginkgo/compare/v2.4.0...v2.5.0 )
---
updated-dependencies:
- dependency-name: github.com/onsi/ginkgo/v2
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: latortuga71 <christopheralonso1@gmail.com>
* 🌱 Code Review: treat merging a PR as code review (#2413 )
* Merges on Github count as a code review by the maintainer
Signed-off-by: Raghav Kaul <raghavkaul@google.com>
* Update Raw Results
* More detailed information for Changesets
* If there's no Revision ID, use the Commit SHA instead
Signed-off-by: Raghav Kaul <raghavkaul@google.com>
* Check that pull request had atleast one reviewer that wasn't its author
* Add field for Pull Request Merged-By to Github and Gitlab
* Note, this check can be bypassed if an author opens a PR with other
people's commits
Signed-off-by: Raghav Kaul <raghavkaul@google.com>
Signed-off-by: Raghav Kaul <raghavkaul@google.com>
Signed-off-by: latortuga71 <christopheralonso1@gmail.com>
* Trivial: Fix typo (exepted -> expected) (#2440 )
Signed-off-by: Michael Scovetta <michael.scovetta@microsoft.com>
Signed-off-by: Michael Scovetta <michael.scovetta@microsoft.com>
Signed-off-by: latortuga71 <christopheralonso1@gmail.com>
* 🌱 Bump step-security/harden-runner from 1.5.0 to 2.0.0 (#2443 )
Bumps [step-security/harden-runner](https://github.com/step-security/harden-runner ) from 1.5.0 to 2.0.0.
- [Release notes](https://github.com/step-security/harden-runner/releases )
- [Commits](2e205a28d0...ebacdc22ef🌱 cron: support reading prefix from file for controller input files (7/n) (#2445 )
* add prefix marker file to config
Signed-off-by: Spencer Schrock <sschrock@google.com>
* Read the new config values, if they exist.
Signed-off-by: Spencer Schrock <sschrock@google.com>
* Add function to fetch prefix file config value.
Signed-off-by: Spencer Schrock <sschrock@google.com>
* Read prefix file if prefix not set.
Signed-off-by: Spencer Schrock <sschrock@google.com>
* Add tests to verify how List works with various prefixes
Signed-off-by: Spencer Schrock <sschrock@google.com>
* Add tests for getPrefix
Signed-off-by: Spencer Schrock <sschrock@google.com>
* Remove panics from iterator helper functions
Signed-off-by: Spencer Schrock <sschrock@google.com>
Signed-off-by: Spencer Schrock <sschrock@google.com>
Signed-off-by: latortuga71 <christopheralonso1@gmail.com>
* Detect SECURITY.markdown in addition to SECURITY.md (#2447 )
GitHub probably supports many more file extensions for Markdown
files, but at the very least, `.md` and `.markdown` have been
standardized in RFC 7763.
Signed-off-by: favonia <favonia@gmail.com>
Signed-off-by: favonia <favonia@gmail.com>
Signed-off-by: latortuga71 <christopheralonso1@gmail.com>
* Add Pinned-Dependency, Vulnerability, and Code-Review checks to attestor (#2430 )
Signed-off-by: Raghav Kaul <raghavkaul@google.com>
Signed-off-by: Raghav Kaul <raghavkaul@google.com>
Signed-off-by: latortuga71 <christopheralonso1@gmail.com>
* 🌱 cron: expose the stackdriver prefix as a config variable so it can be changed. (#2446 )
* Expose the stackdriver prefix as a config variable so it can be changed.
Signed-off-by: Caleb Brown <calebbrown@google.com>
* fix linter warning
Signed-off-by: Caleb Brown <calebbrown@google.com>
Signed-off-by: Caleb Brown <calebbrown@google.com>
Co-authored-by: Spencer Schrock <sschrock@google.com>
Signed-off-by: latortuga71 <christopheralonso1@gmail.com>
* Only write to the rawBucket if the value exists. (#2451 )
Signed-off-by: Caleb Brown <calebbrown@google.com>
Signed-off-by: Caleb Brown <calebbrown@google.com>
Signed-off-by: latortuga71 <christopheralonso1@gmail.com>
* 🌱 Bump golang.org/x/tools from 0.2.0 to 0.3.0 (#2448 )
* 🌱 Bump golang.org/x/tools from 0.2.0 to 0.3.0
Bumps [golang.org/x/tools](https://github.com/golang/tools ) from 0.2.0 to 0.3.0.
- [Release notes](https://github.com/golang/tools/releases )
- [Commits](https://github.com/golang/tools/compare/v0.2.0...v0.3.0 )
---
updated-dependencies:
- dependency-name: golang.org/x/tools
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
* bump attestor modules
Signed-off-by: Spencer Schrock <sschrock@google.com>
Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: Spencer Schrock <sschrock@google.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Spencer Schrock <sschrock@google.com>
Signed-off-by: latortuga71 <christopheralonso1@gmail.com>
* Move cron monitoring to a non-internal location. (#2453 )
This allows external workers (e.g. criticality_score) to use the same
monitoring code.
Signed-off-by: Caleb Brown <calebbrown@google.com>
Signed-off-by: Caleb Brown <calebbrown@google.com>
Signed-off-by: latortuga71 <christopheralonso1@gmail.com>
* 🌱 Bump actions/dependency-review-action from 2.5.1 to 3.0.0 (#2455 )
Bumps [actions/dependency-review-action](https://github.com/actions/dependency-review-action ) from 2.5.1 to 3.0.0.
- [Release notes](https://github.com/actions/dependency-review-action/releases )
- [Commits](0efb1d1d84...30d5821115🌱 [cron] generalize some of the transfer logic so it is easy to build new transfer agents (#2454 )
* Generalize the transfer logic so it is easy to build new transfer agents
This change moves code that reads shards and produces summaries into the
data package so that it can be reused to create new transfer agents,
similar to the BigQuery transfer agent in cron/internal/bq.
Signed-off-by: Caleb Brown <calebbrown@google.com>
* Lint fix and commentary.
Signed-off-by: Caleb Brown <calebbrown@google.com>
Signed-off-by: Caleb Brown <calebbrown@google.com>
Signed-off-by: latortuga71 <christopheralonso1@gmail.com>
* 🌱 Bump github.com/google/addlicense in /tools (#2459 )
Bumps [github.com/google/addlicense](https://github.com/google/addlicense ) from 1.0.0 to 1.1.0.
- [Release notes](https://github.com/google/addlicense/releases )
- [Changelog](https://github.com/google/addlicense/blob/master/.goreleaser.yaml )
- [Commits](https://github.com/google/addlicense/compare/v1.0.0...v1.1.0 )
---
updated-dependencies:
- dependency-name: github.com/google/addlicense
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Signed-off-by: latortuga71 <christopheralonso1@gmail.com>
* 🌱 Bump github.com/google/go-containerregistry
Bumps [github.com/google/go-containerregistry](https://github.com/google/go-containerregistry ) from 0.12.0 to 0.12.1.
- [Release notes](https://github.com/google/go-containerregistry/releases )
- [Changelog](https://github.com/google/go-containerregistry/blob/main/.goreleaser.yml )
- [Commits](https://github.com/google/go-containerregistry/compare/v0.12.0...v0.12.1 )
---
updated-dependencies:
- dependency-name: github.com/google/go-containerregistry
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: latortuga71 <christopheralonso1@gmail.com>
* go mod tidy
Signed-off-by: Spencer Schrock <sschrock@google.com>
Signed-off-by: latortuga71 <christopheralonso1@gmail.com>
* Added <= instead of == incase negative int is passed
Signed-off-by: latortuga71 <christopheralonso1@gmail.com>
* missed test fix
Signed-off-by: latortuga71 <christopheralonso1@gmail.com>
Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: latortuga71 <christopheralonso1@gmail.com>
Signed-off-by: Raghav Kaul <raghavkaul@google.com>
Signed-off-by: Spencer Schrock <sschrock@google.com>
Signed-off-by: Scott Hissam <shissam@gmail.com>
Signed-off-by: Michael Scovetta <michael.scovetta@microsoft.com>
Signed-off-by: favonia <favonia@gmail.com>
Signed-off-by: Caleb Brown <calebbrown@google.com>
Signed-off-by: Latortuga <42878263+latortuga71@users.noreply.github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: raghavkaul <8695110+raghavkaul@users.noreply.github.com>
Co-authored-by: Spencer Schrock <sschrock@google.com>
Co-authored-by: scott hissam <shissam@users.noreply.github.com>
Co-authored-by: Michael Scovetta <michael.scovetta@microsoft.com>
Co-authored-by: favonia <favonia@gmail.com>
Co-authored-by: Caleb Brown <calebbrown@google.com>
2022-11-22 16:11:36 +00:00
Naveen
10b6052acf
🌱 Upgrade to go 1.18 ( #2143 )
...
* 🌱 Upgrade to go 1.18
- Upgrade to go 1.18
- Updated the deps to avoid critical CVE's
Signed-off-by: naveensrinivasan <172697+naveensrinivasan@users.noreply.github.com>
* Updated dockerfile.
Signed-off-by: naveensrinivasan <172697+naveensrinivasan@users.noreply.github.com>
* Fixed the linter issues.
Signed-off-by: naveensrinivasan <172697+naveensrinivasan@users.noreply.github.com>
* Fixed the CVE dependencies
Signed-off-by: naveensrinivasan <172697+naveensrinivasan@users.noreply.github.com>
* Rmoved the cache which is changing between 1.17 and 1.18
Signed-off-by: naveensrinivasan <172697+naveensrinivasan@users.noreply.github.com>
* Rmoved the cache which is changing between 1.17 and 1.18
Signed-off-by: naveensrinivasan <172697+naveensrinivasan@users.noreply.github.com>
* Updated ko to latest
Signed-off-by: naveensrinivasan <172697+naveensrinivasan@users.noreply.github.com>
* Fixed linter issue.
Signed-off-by: naveensrinivasan <172697+naveensrinivasan@users.noreply.github.com>
* Fixed linter issue.
Signed-off-by: naveensrinivasan <172697+naveensrinivasan@users.noreply.github.com>
Signed-off-by: naveensrinivasan <172697+naveensrinivasan@users.noreply.github.com>
2022-08-16 20:55:48 -05:00
Azeem Shaikh
60015719e3
Unflag the --commit option ( #2156 )
2022-08-16 23:35:29 +00:00
laurentsimon
62e3de5f48
🐛 Remove Options that belong to the Action ( #1898 )
...
* updates
* tests
2022-05-09 19:40:15 +00:00
Arnaud J Le Hors
6d79817e3b
📖 Fix command Usage ( #1814 )
...
This changes the cmd Usage text to accurately represents the
supported syntax:
Usage:
./scorecard (--repo=<repo> | --local=<folder> | --{npm,pypi,rubygems}=<package_name>)
[--checks=check1,...] [--show-details] [flags]
...
--repo string repository to check (valid inputs: "owner/repo", "github.com/owner/repo", "https://github.com/owner/repo ")
...
Signed-off-by: Arnaud J Le Hors <lehors@us.ibm.com>
2022-05-09 10:23:13 -04:00
naveensrinivasan
ba78d0aa59
✨ Unit test for CLI options
...
- Initial tests for CLI options.
2022-03-16 16:33:31 -05:00
Stephen Augustus (he/him)
3070b3ca1b
✨ cmd: Allow new scorecard to be instantiated with options ( #1703 )
...
* cmd: Allow new scorecard commands to be instantiated with options
* options: Default flags to struct field values
* options: Use constants for flag names
* options: Simplify SARIF check
Signed-off-by: Stephen Augustus <foo@auggie.dev>
2022-03-03 01:38:34 +00:00
Stephen Augustus (he/him)
84cdc8cbec
✨ cmd: Refactor to make importable ( #1696 )
...
* cmd: Refactor to make importable
* options: Add support for parsing via environment variables
* options: Support setting feature flags via option
* cmd: Replace `version` with sigs.k8s.io/release-utils/version
* cmd: Move option validation into pre-run function
Signed-off-by: Stephen Augustus <foo@auggie.dev>
2022-03-01 21:18:44 -08:00
Stephen Augustus (he/him)
7956ff4fe7
✨ Miscellaneous refactors to ease downstream consumption ( #1645 )
...
* checker: Add `NewLogger` constructor for `DetailLogger` impl
* checker: Add `NewRunner` constructor for `Runner`
* cmd: Update to use refactored packages
* cmd: Move command flags and validation into an `options` package
* cmd: Move client accessors to `githubrepo` package
* cmd: Move policy and enabled checks to `policy` package
* cmd: Move results formatting to `format` package
* checker: Prefer `Set` prefixes for setters
* checker: Use `DetailLogger` return value for `NewLogger()`
* checker: Add `GetClients` accessor
* Move `FormatResults` to `pkg/`
* checks: Add getter for all checks
Signed-off-by: Stephen Augustus <foo@auggie.dev>
2022-02-27 02:09:21 +00:00
Spencer Schrock
Raghav Kaul
Gabriela Gutierrez
dependabot[bot]
AdamKorcz
André Backman
Avishay Balter
Naveen
laurentsimon
Arnaud J Le Hors
Latortuga
Azeem Shaikh
Stephen Augustus (he/him)