Spencer Schrock
6629b09746
🌱 Add lifecycle field to probes ( #4147 )
...
CodeQL / Analyze (go) (push) Waiting to run
CodeQL / Analyze (javascript) (push) Waiting to run
gitlab-tests / gitlab-integration-trusted (push) Waiting to run
golangci-lint / check-linter (push) Waiting to run
build / unit-test (push) Waiting to run
build / generate-mocks (push) Waiting to run
build / generate-docs (push) Waiting to run
build / build-proto (push) Waiting to run
build / ${{ matrix.target }} (build-add-script) (push) Blocked by required conditions
build / ${{ matrix.target }} (build-bq-transfer) (push) Blocked by required conditions
build / ${{ matrix.target }} (build-cii-worker) (push) Blocked by required conditions
build / ${{ matrix.target }} (build-controller) (push) Blocked by required conditions
build / ${{ matrix.target }} (build-github-server) (push) Blocked by required conditions
build / ${{ matrix.target }} (build-scorecard) (push) Blocked by required conditions
build / ${{ matrix.target }} (build-shuffler) (push) Blocked by required conditions
build / ${{ matrix.target }} (build-validate-script) (push) Blocked by required conditions
build / ${{ matrix.target }} (build-webhook) (push) Blocked by required conditions
build / ${{ matrix.target }} (build-worker) (push) Blocked by required conditions
build / validate-docs (push) Waiting to run
build / add-projects (push) Waiting to run
build / validate-projects (push) Waiting to run
build / license boilerplate check (push) Waiting to run
Scorecard analysis workflow / Scorecard analysis (push) Waiting to run
* add lifecycle field to probe yaml definitions
Signed-off-by: Spencer Schrock <sschrock@google.com>
* classify existing probes
Some are listed as stable if they're not expected to change,
others are listed as experimental if there are still expected changes.
Signed-off-by: Spencer Schrock <sschrock@google.com>
* add lifecycle to probe readme
Signed-off-by: Spencer Schrock <sschrock@google.com>
* fix linter
Signed-off-by: Spencer Schrock <sschrock@google.com>
* add lifecycle for new probe
Signed-off-by: Spencer Schrock <sschrock@google.com>
* add probe lifecycle to documentation
Signed-off-by: Spencer Schrock <sschrock@google.com>
---------
Signed-off-by: Spencer Schrock <sschrock@google.com>
2024-07-02 17:11:19 +00:00
Raghav Kaul
28337f13b1
🌱 maintainer annotations: improve annotation file validation ( #4162 )
...
* validate check names against full list
Signed-off-by: Raghav Kaul <raghavkaul+github@google.com>
* tests: close file
Signed-off-by: Raghav Kaul <raghavkaul+github@google.com>
* update
Signed-off-by: Raghav Kaul <raghavkaul+github@google.com>
* make private
Signed-off-by: Raghav Kaul <raghavkaul+github@google.com>
* Restructure imports
Signed-off-by: Raghav Kaul <raghavkaul+github@google.com>
* update
Signed-off-by: Raghav Kaul <raghavkaul+github@google.com>
---------
Signed-off-by: Raghav Kaul <raghavkaul+github@google.com>
2024-07-02 15:40:34 +00:00
Spencer Schrock
0b9dfb656f
⚠️ Replace v4 module references with v5 ( #4027 )
...
Signed-off-by: Spencer Schrock <sschrock@google.com>
2024-04-12 14:51:50 -07:00
Spencer Schrock
96452d99ab
📖 Review and update some probe documentation ( #4023 )
...
* polish some probe yaml definitions
Signed-off-by: Spencer Schrock <sschrock@google.com>
* update references to probe naming and outcomes
now that #3654 is addressed, the naming restrictions can be relaxed.
Signed-off-by: Spencer Schrock <sschrock@google.com>
---------
Signed-off-by: Spencer Schrock <sschrock@google.com>
2024-04-11 22:08:55 -07:00
Spencer Schrock
6b071eddeb
⚠️ Allow probes to specify their own bad outcomes ( #4020 )
...
* merge probe and finding packages
No one interacts with the probes directly,
and having them in the same package helps with follow up commits
Signed-off-by: Spencer Schrock <sschrock@google.com>
* add extra field to indicate the outcome a probe should show remediation for
Signed-off-by: Spencer Schrock <sschrock@google.com>
* start all probes with remediate on 'False'
Signed-off-by: Spencer Schrock <sschrock@google.com>
* make OutcomeTrue bad for hasOSVVulnerabilities
Signed-off-by: Spencer Schrock <sschrock@google.com>
* nest outcome trigger under remediation in yaml
Signed-off-by: Spencer Schrock <sschrock@google.com>
* invert outcomes for dangerous workflow probes
Signed-off-by: Spencer Schrock <sschrock@google.com>
* rename notArchived probe to archived
with the swap, the true outcome is now the bad outcome.
Signed-off-by: Spencer Schrock <sschrock@google.com>
* rename notCreatedRecently probe to createRecently
with the rename, the true outcome is now bad
Signed-off-by: Spencer Schrock <sschrock@google.com>
* switch binary artifact probes so detecting binaries is a true outcome
Signed-off-by: Spencer Schrock <sschrock@google.com>
* appease the linter
Signed-off-by: Spencer Schrock <sschrock@google.com>
* dont export probe type
we can always make it public again later
Signed-off-by: Spencer Schrock <sschrock@google.com>
---------
Signed-off-by: Spencer Schrock <sschrock@google.com>
2024-04-10 14:12:53 -07:00
Spencer Schrock
b577d79c96
⚠️ Replace Positive and Negative outcomes with True and False ( #4017 )
...
* rename positive to true
Signed-off-by: Spencer Schrock <sschrock@google.com>
* rename negative to false
Signed-off-by: Spencer Schrock <sschrock@google.com>
---------
Signed-off-by: Spencer Schrock <sschrock@google.com>
2024-04-08 15:36:11 -07:00
Spencer Schrock
b3ad602a59
🌱 Add probe registration mechanism ( #3876 )
...
* add basic probe registration function
Signed-off-by: Spencer Schrock <sschrock@google.com>
* ignore probes which call init to register the probe
Signed-off-by: Spencer Schrock <sschrock@google.com>
* redefine probeimpl to avoid circular imports
Signed-off-by: Spencer Schrock <sschrock@google.com>
* register all probes
Signed-off-by: Spencer Schrock <sschrock@google.com>
* experiment with a probe struct
Signed-off-by: Spencer Schrock <sschrock@google.com>
* make check name constants
Signed-off-by: Spencer Schrock <sschrock@google.com>
* convert branch protection probes
Signed-off-by: Spencer Schrock <sschrock@google.com>
* convert binary artifact probes
Signed-off-by: Spencer Schrock <sschrock@google.com>
* convert cii probe
Signed-off-by: Spencer Schrock <sschrock@google.com>
* convert ci test probe
Signed-off-by: Spencer Schrock <sschrock@google.com>
* convert code review probes
Signed-off-by: Spencer Schrock <sschrock@google.com>
* convert contributor probe
Signed-off-by: Spencer Schrock <sschrock@google.com>
* convert dangerous workflow probe
Signed-off-by: Spencer Schrock <sschrock@google.com>
* convert dep update tool probes
Signed-off-by: Spencer Schrock <sschrock@google.com>
* convert fuzzing probes
Signed-off-by: Spencer Schrock <sschrock@google.com>
* convert license probes
Signed-off-by: Spencer Schrock <sschrock@google.com>
* convert maintained probes
Signed-off-by: Spencer Schrock <sschrock@google.com>
* convert packaging probe
Signed-off-by: Spencer Schrock <sschrock@google.com>
* convert sast probes
Signed-off-by: Spencer Schrock <sschrock@google.com>
* convert security policy probes
Signed-off-by: Spencer Schrock <sschrock@google.com>
* convert signed releases probes
Signed-off-by: Spencer Schrock <sschrock@google.com>
* convert vuln probe
Signed-off-by: Spencer Schrock <sschrock@google.com>
* try using probe registration data
Signed-off-by: Spencer Schrock <sschrock@google.com>
* blank import unused probe
Signed-off-by: Spencer Schrock <sschrock@google.com>
* add uncategorized group
Signed-off-by: Spencer Schrock <sschrock@google.com>
* ensure All list is up-to-date
Signed-off-by: Spencer Schrock <sschrock@google.com>
* add reason behind uncategorized group
Signed-off-by: Spencer Schrock <sschrock@google.com>
* fix linter yaml parse error
Signed-off-by: Spencer Schrock <sschrock@google.com>
* fix linter
Signed-off-by: Spencer Schrock <sschrock@google.com>
* add webhook data
Signed-off-by: Spencer Schrock <sschrock@google.com>
* convert probe registration to Must pattern
Signed-off-by: Spencer Schrock <sschrock@google.com>
* add registration for new probes
Signed-off-by: Spencer Schrock <sschrock@google.com>
* add missing license header
Signed-off-by: Spencer Schrock <sschrock@google.com>
* revert changing wrapcheck linter config
Signed-off-by: Spencer Schrock <sschrock@google.com>
* use error func which doesnt need wrapped
Signed-off-by: Spencer Schrock <sschrock@google.com>
* add test for probe registration
Signed-off-by: Spencer Schrock <sschrock@google.com>
* restore trailing newline
Signed-off-by: Spencer Schrock <sschrock@google.com>
* order probe category list
Signed-off-by: Spencer Schrock <sschrock@google.com>
---------
Signed-off-by: Spencer Schrock <sschrock@google.com>
2024-03-19 13:10:11 -07:00
AdamKorcz
6fc7d4c061
✨ Add probe metadata about supported ecosystems ( #3797 )
...
* 🌱 Add probe metadata about supported ecosystems
Signed-off-by: Adam Korczynski <adam@adalogics.com>
* Add metadata for the rest of the probes
Signed-off-by: Adam Korczynski <adam@adalogics.com>
* fix wrong formatting
Signed-off-by: Adam Korczynski <adam@adalogics.com>
* remove oss-fuzz, osv, cii_blob, cii_http clients
Signed-off-by: Adam Korczynski <adam@adalogics.com>
* add github and gitlab clients for 2 probes
Signed-off-by: Adam Korczynski <adam@adalogics.com>
---------
Signed-off-by: Adam Korczynski <adam@adalogics.com>
2024-02-08 10:20:07 -08:00
Josh Soref
3b948257fc
📖 Fix spelling ( #3804 )
...
* spelling: accurate
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
* spelling: administrator
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
* spelling: analyze
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
* spelling: andtwenty
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
* spelling: ascii
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
* spelling: association
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
* spelling: at least
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
* spelling: attestor
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
* spelling: barbaric
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
* spelling: bucket
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
* spelling: by
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
* spelling: can
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
* spelling: case-insensitive
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
* spelling: case-sensitive
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
* spelling: checking
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
* spelling: command-line
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
* spelling: commit
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
* spelling: committed
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
* spelling: conclusion
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
* spelling: corresponding
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
* spelling: created
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
* spelling: dataset
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
* spelling: default
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
* spelling: defines
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
* spelling: dependabot
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
* spelling: dependency
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
* spelling: depending
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
* spelling: desired
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
* spelling: different
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
* spelling: disclose
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
* spelling: download
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
* spelling: each
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
* spelling: enforce
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
* spelling: every time
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
* spelling: exist
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
* spelling: existing
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
* spelling: fields
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
* spelling: files
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
* spelling: for
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
* spelling: force-push
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
* spelling: github
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
* spelling: gitlab
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
* spelling: ignoreed
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
* spelling: implementation
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
* spelling: implements
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
* spelling: increase
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
* spelling: indicates
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
* spelling: initialized
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
* spelling: instructions
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
* spelling: invalid
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
* spelling: marshal
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
* spelling: match
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
* spelling: name
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
* spelling: nonexistent
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
* spelling: organization
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
* spelling: package
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
* spelling: provenance
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
* spelling: query
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
* spelling: readers
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
* spelling: receive
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
* spelling: registered
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
* spelling: remediate
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
* spelling: representation
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
* spelling: requests
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
* spelling: requires
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
* spelling: return
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
* spelling: scorecard
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
* spelling: separator
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
* spelling: serialization
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
* spelling: sign up
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
* spelling: specifications
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
* spelling: specified
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
* spelling: success
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
* spelling: successfully
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
* spelling: the
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
* spelling: their
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
* spelling: twenty
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
* spelling: unexpected
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
* spelling: unused
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
* spelling: unverified
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
* spelling: validate
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
* spelling: vendor
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
* spelling: vulnerabilities
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
* spelling: vulns
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
* spelling: will
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
* spelling: without
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
* spelling: workflow
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
* spelling: workflows
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
---------
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
2024-01-26 23:08:26 +00:00
Spencer Schrock
c59e93b9b2
🌱 Switch probe tests to helper func ( #3782 )
...
* simplify test helper to verify finding outcomes
Signed-off-by: Spencer Schrock <sschrock@google.com>
* switch existing callers to helper func
Signed-off-by: Spencer Schrock <sschrock@google.com>
* remove TODO comments
Signed-off-by: Spencer Schrock <sschrock@google.com>
* fixup doc string
Signed-off-by: Spencer Schrock <sschrock@google.com>
---------
Signed-off-by: Spencer Schrock <sschrock@google.com>
2024-01-10 10:00:04 -08:00
Spencer Schrock
92470deac3
🌱 enable nolintlint linter and fix violations ( #3650 )
...
* enable nolintlint
Signed-off-by: Spencer Schrock <sschrock@google.com>
* first chunk of fixing nolintlint
Signed-off-by: Spencer Schrock <sschrock@google.com>
* second chunk of fixing nolintlint
Signed-off-by: Spencer Schrock <sschrock@google.com>
* third chunk of fixing nolintlint
Signed-off-by: Spencer Schrock <sschrock@google.com>
* fourth chunk of fixing nolintlint
Signed-off-by: Spencer Schrock <sschrock@google.com>
* include reason for the specific linter config
Signed-off-by: Spencer Schrock <sschrock@google.com>
* fifth chunk of fixing nolintlint
Signed-off-by: Spencer Schrock <sschrock@google.com>
* fix linter errors that are somehow still triggering
Signed-off-by: Spencer Schrock <sschrock@google.com>
---------
Signed-off-by: Spencer Schrock <sschrock@google.com>
2023-11-15 11:44:28 -08:00
laurentsimon
f05496b994
✨ Re-factor probe utils ( #3408 )
...
* re-factor probe utils
Signed-off-by: laurentsimon <laurentsimon@google.com>
* missing error.go file
Signed-off-by: laurentsimon <laurentsimon@google.com>
---------
Signed-off-by: laurentsimon <laurentsimon@google.com>
2023-08-21 13:16:41 -07:00
laurentsimon
a8b255a224
✨ [experimental] Probe support for security policy check ( #3241 )
...
* update
Signed-off-by: laurentsimon <laurentsimon@google.com>
* update
Signed-off-by: laurentsimon <laurentsimon@google.com>
* update
Signed-off-by: laurentsimon <laurentsimon@google.com>
* update
Signed-off-by: laurentsimon <laurentsimon@google.com>
* update
Signed-off-by: laurentsimon <laurentsimon@google.com>
* update
Signed-off-by: laurentsimon <laurentsimon@google.com>
* update
Signed-off-by: laurentsimon <laurentsimon@google.com>
* update
Signed-off-by: laurentsimon <laurentsimon@google.com>
* update
Signed-off-by: laurentsimon <laurentsimon@google.com>
* update
Signed-off-by: laurentsimon <laurentsimon@google.com>
* update
Signed-off-by: laurentsimon <laurentsimon@google.com>
* update
Signed-off-by: laurentsimon <laurentsimon@google.com>
* update
Signed-off-by: laurentsimon <laurentsimon@google.com>
* fix unit tests
Signed-off-by: laurentsimon <laurentsimon@google.com>
* comments
Signed-off-by: laurentsimon <laurentsimon@google.com>
* compilation fix
Signed-off-by: laurentsimon <laurentsimon@google.com>
* missing file
Signed-off-by: laurentsimon <laurentsimon@google.com>
* missing file
Signed-off-by: laurentsimon <laurentsimon@google.com>
* update reason string
Signed-off-by: laurentsimon <laurentsimon@google.com>
* typo
Signed-off-by: laurentsimon <laurentsimon@google.com>
* fix unit tests
Signed-off-by: laurentsimon <laurentsimon@google.com>
* typo
Signed-off-by: laurentsimon <laurentsimon@google.com>
* unit tests and linnter
Signed-off-by: laurentsimon <laurentsimon@google.com>
* comments
Signed-off-by: laurentsimon <laurentsimon@google.com>
* comments
Signed-off-by: laurentsimon <laurentsimon@google.com>
* missing file
Signed-off-by: laurentsimon <laurentsimon@google.com>
* unit tests for probes
Signed-off-by: laurentsimon <laurentsimon@google.com>
* linter
Signed-off-by: laurentsimon <laurentsimon@google.com>
* revert FileSize change
Signed-off-by: laurentsimon <laurentsimon@google.com>
---------
Signed-off-by: laurentsimon <laurentsimon@google.com>
2023-08-04 04:52:15 +00:00
