scorecard

mirror of https://github.com/ossf/scorecard.git synced 2024-09-11 08:55:27 +03:00

Author	SHA1	Message	Date
Spencer Schrock	6629b09746	🌱 Add lifecycle field to probes (#4147 ) Some checks are pending CodeQL / Analyze (go) (push) Waiting to run Details CodeQL / Analyze (javascript) (push) Waiting to run Details gitlab-tests / gitlab-integration-trusted (push) Waiting to run Details golangci-lint / check-linter (push) Waiting to run Details build / unit-test (push) Waiting to run Details build / generate-mocks (push) Waiting to run Details build / generate-docs (push) Waiting to run Details build / build-proto (push) Waiting to run Details build / ${{ matrix.target }} (build-add-script) (push) Blocked by required conditions Details build / ${{ matrix.target }} (build-bq-transfer) (push) Blocked by required conditions Details build / ${{ matrix.target }} (build-cii-worker) (push) Blocked by required conditions Details build / ${{ matrix.target }} (build-controller) (push) Blocked by required conditions Details build / ${{ matrix.target }} (build-github-server) (push) Blocked by required conditions Details build / ${{ matrix.target }} (build-scorecard) (push) Blocked by required conditions Details build / ${{ matrix.target }} (build-shuffler) (push) Blocked by required conditions Details build / ${{ matrix.target }} (build-validate-script) (push) Blocked by required conditions Details build / ${{ matrix.target }} (build-webhook) (push) Blocked by required conditions Details build / ${{ matrix.target }} (build-worker) (push) Blocked by required conditions Details build / validate-docs (push) Waiting to run Details build / add-projects (push) Waiting to run Details build / validate-projects (push) Waiting to run Details build / license boilerplate check (push) Waiting to run Details Scorecard analysis workflow / Scorecard analysis (push) Waiting to run Details * add lifecycle field to probe yaml definitions Signed-off-by: Spencer Schrock <sschrock@google.com> * classify existing probes Some are listed as stable if they're not expected to change, others are listed as experimental if there are still expected changes. Signed-off-by: Spencer Schrock <sschrock@google.com> * add lifecycle to probe readme Signed-off-by: Spencer Schrock <sschrock@google.com> * fix linter Signed-off-by: Spencer Schrock <sschrock@google.com> * add lifecycle for new probe Signed-off-by: Spencer Schrock <sschrock@google.com> * add probe lifecycle to documentation Signed-off-by: Spencer Schrock <sschrock@google.com> --------- Signed-off-by: Spencer Schrock <sschrock@google.com>	2024-07-02 17:11:19 +00:00
Spencer Schrock	96452d99ab	📖 Review and update some probe documentation (#4023 ) * polish some probe yaml definitions Signed-off-by: Spencer Schrock <sschrock@google.com> * update references to probe naming and outcomes now that #3654 is addressed, the naming restrictions can be relaxed. Signed-off-by: Spencer Schrock <sschrock@google.com> --------- Signed-off-by: Spencer Schrock <sschrock@google.com>	2024-04-11 22:08:55 -07:00
Spencer Schrock	6b071eddeb	⚠️ Allow probes to specify their own bad outcomes (#4020 ) * merge probe and finding packages No one interacts with the probes directly, and having them in the same package helps with follow up commits Signed-off-by: Spencer Schrock <sschrock@google.com> * add extra field to indicate the outcome a probe should show remediation for Signed-off-by: Spencer Schrock <sschrock@google.com> * start all probes with remediate on 'False' Signed-off-by: Spencer Schrock <sschrock@google.com> * make OutcomeTrue bad for hasOSVVulnerabilities Signed-off-by: Spencer Schrock <sschrock@google.com> * nest outcome trigger under remediation in yaml Signed-off-by: Spencer Schrock <sschrock@google.com> * invert outcomes for dangerous workflow probes Signed-off-by: Spencer Schrock <sschrock@google.com> * rename notArchived probe to archived with the swap, the true outcome is now the bad outcome. Signed-off-by: Spencer Schrock <sschrock@google.com> * rename notCreatedRecently probe to createRecently with the rename, the true outcome is now bad Signed-off-by: Spencer Schrock <sschrock@google.com> * switch binary artifact probes so detecting binaries is a true outcome Signed-off-by: Spencer Schrock <sschrock@google.com> * appease the linter Signed-off-by: Spencer Schrock <sschrock@google.com> * dont export probe type we can always make it public again later Signed-off-by: Spencer Schrock <sschrock@google.com> --------- Signed-off-by: Spencer Schrock <sschrock@google.com>	2024-04-10 14:12:53 -07:00
Spencer Schrock	b577d79c96	⚠️ Replace Positive and Negative outcomes with True and False (#4017 ) * rename positive to true Signed-off-by: Spencer Schrock <sschrock@google.com> * rename negative to false Signed-off-by: Spencer Schrock <sschrock@google.com> --------- Signed-off-by: Spencer Schrock <sschrock@google.com>	2024-04-08 15:36:11 -07:00
AdamKorcz	6fc7d4c061	✨ Add probe metadata about supported ecosystems (#3797 ) * 🌱 Add probe metadata about supported ecosystems Signed-off-by: Adam Korczynski <adam@adalogics.com> * Add metadata for the rest of the probes Signed-off-by: Adam Korczynski <adam@adalogics.com> * fix wrong formatting Signed-off-by: Adam Korczynski <adam@adalogics.com> * remove oss-fuzz, osv, cii_blob, cii_http clients Signed-off-by: Adam Korczynski <adam@adalogics.com> * add github and gitlab clients for 2 probes Signed-off-by: Adam Korczynski <adam@adalogics.com> --------- Signed-off-by: Adam Korczynski <adam@adalogics.com>	2024-02-08 10:20:07 -08:00
AdamKorcz	ec36916c10	🌱 convert Webhook check to probes (#3522 ) * 🌱 convert Webhook check to probes Signed-off-by: AdamKorcz <adam@adalogics.com> * Add test + nits Signed-off-by: AdamKorcz <adam@adalogics.com> * replace probe with OutcomeNotApplicable Signed-off-by: AdamKorcz <adam@adalogics.com> * return one finding per webhook Signed-off-by: Adam Korczynski <adam@adalogics.com> * change wording in def.yml Signed-off-by: Adam Korczynski <adam@adalogics.com> * change wording in def.yml and checks.md Signed-off-by: Adam Korczynski <adam@adalogics.com> * remove unused struct in test Signed-off-by: Adam Korczynski <adam@adalogics.com> * align checks.md with checks.yaml Signed-off-by: Adam Korczynski <adam@adalogics.com> * bring back experimental for webhooks Signed-off-by: Adam Korczynski <adam@adalogics.com> * change 'token' to 'secret' in probe Signed-off-by: Adam Korczynski <adam@adalogics.com> * use checker.MinResultScore instead of 0 Signed-off-by: Adam Korczynski <adam@adalogics.com> * Change test name Signed-off-by: Adam Korczynski <adam@adalogics.com> * use checker.MinResultScore instead of 0 Signed-off-by: Adam Korczynski <adam@adalogics.com> * fix typo Signed-off-by: Adam Korczynski <adam@adalogics.com> * Use checker.MaxResultScore instead of 10 Signed-off-by: Adam Korczynski <adam@adalogics.com> * rename probe Signed-off-by: Adam Korczynski <adam@adalogics.com> * remove the 'totalWebhooks' value from findings Signed-off-by: Adam Korczynski <adam@adalogics.com> --------- Signed-off-by: AdamKorcz <adam@adalogics.com> Signed-off-by: Adam Korczynski <adam@adalogics.com>	2023-12-05 18:59:42 +00:00

6 Commits