Raghav Kaul
32b5963766
⚠️ Add projectclient to cli and cron, update runscorecard ( #4096 )
...
Signed-off-by: Raghav Kaul <raghavkaul+github@google.com>
2024-05-13 11:59:46 -04:00
Spencer Schrock
0b9dfb656f
⚠️ Replace v4 module references with v5 ( #4027 )
...
Signed-off-by: Spencer Schrock <sschrock@google.com>
2024-04-12 14:51:50 -07:00
Josh Soref
3b948257fc
📖 Fix spelling ( #3804 )
...
* spelling: accurate
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
* spelling: administrator
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
* spelling: analyze
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
* spelling: andtwenty
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
* spelling: ascii
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
* spelling: association
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
* spelling: at least
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
* spelling: attestor
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
* spelling: barbaric
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
* spelling: bucket
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
* spelling: by
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
* spelling: can
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
* spelling: case-insensitive
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
* spelling: case-sensitive
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
* spelling: checking
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
* spelling: command-line
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
* spelling: commit
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
* spelling: committed
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
* spelling: conclusion
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
* spelling: corresponding
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
* spelling: created
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
* spelling: dataset
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
* spelling: default
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
* spelling: defines
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
* spelling: dependabot
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
* spelling: dependency
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
* spelling: depending
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
* spelling: desired
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
* spelling: different
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
* spelling: disclose
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
* spelling: download
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
* spelling: each
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
* spelling: enforce
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
* spelling: every time
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
* spelling: exist
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
* spelling: existing
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
* spelling: fields
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
* spelling: files
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
* spelling: for
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
* spelling: force-push
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
* spelling: github
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
* spelling: gitlab
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
* spelling: ignoreed
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
* spelling: implementation
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
* spelling: implements
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
* spelling: increase
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
* spelling: indicates
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
* spelling: initialized
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
* spelling: instructions
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
* spelling: invalid
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
* spelling: marshal
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
* spelling: match
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
* spelling: name
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
* spelling: nonexistent
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
* spelling: organization
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
* spelling: package
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
* spelling: provenance
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
* spelling: query
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
* spelling: readers
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
* spelling: receive
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
* spelling: registered
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
* spelling: remediate
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
* spelling: representation
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
* spelling: requests
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
* spelling: requires
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
* spelling: return
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
* spelling: scorecard
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
* spelling: separator
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
* spelling: serialization
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
* spelling: sign up
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
* spelling: specifications
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
* spelling: specified
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
* spelling: success
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
* spelling: successfully
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
* spelling: the
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
* spelling: their
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
* spelling: twenty
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
* spelling: unexpected
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
* spelling: unused
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
* spelling: unverified
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
* spelling: validate
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
* spelling: vendor
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
* spelling: vulnerabilities
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
* spelling: vulns
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
* spelling: will
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
* spelling: without
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
* spelling: workflow
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
* spelling: workflows
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
---------
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
2024-01-26 23:08:26 +00:00
Spencer Schrock
d882fc73e1
🌱 re-enable paralleltest linter ( #3705 )
...
Signed-off-by: Spencer Schrock <sschrock@google.com>
2023-12-04 02:25:03 +00:00
Spencer Schrock
92470deac3
🌱 enable nolintlint
linter and fix violations ( #3650 )
...
* enable nolintlint
Signed-off-by: Spencer Schrock <sschrock@google.com>
* first chunk of fixing nolintlint
Signed-off-by: Spencer Schrock <sschrock@google.com>
* second chunk of fixing nolintlint
Signed-off-by: Spencer Schrock <sschrock@google.com>
* third chunk of fixing nolintlint
Signed-off-by: Spencer Schrock <sschrock@google.com>
* fourth chunk of fixing nolintlint
Signed-off-by: Spencer Schrock <sschrock@google.com>
* include reason for the specific linter config
Signed-off-by: Spencer Schrock <sschrock@google.com>
* fifth chunk of fixing nolintlint
Signed-off-by: Spencer Schrock <sschrock@google.com>
* fix linter errors that are somehow still triggering
Signed-off-by: Spencer Schrock <sschrock@google.com>
---------
Signed-off-by: Spencer Schrock <sschrock@google.com>
2023-11-15 11:44:28 -08:00
Spencer Schrock
5f3a0e2092
🌱 Enable golangci-lint test
presets ( #3594 )
...
* enable test preset
Leaves some opinionated linters disabled with reasons.
Signed-off-by: Spencer Schrock <sschrock@google.com>
* fix tparallel issues.
Signed-off-by: Spencer Schrock <sschrock@google.com>
---------
Signed-off-by: Spencer Schrock <sschrock@google.com>
2023-10-27 15:05:40 -07:00
Pete Wagner
b992be36e0
🌱 Bump github.com/google/go-github from v38.1.0 to v53.2.0 ( #3327 )
...
Signed-off-by: Peter Wagner <peter.wagner@shopify.com>
2023-07-28 17:05:32 +00:00
Naveen
ab0d078a2b
🌱 Deprecate dependencydiff package and add access token requirement ( #3125 )
...
- Deprecate the `dependencydiff` package and the `GetDependencyDiffResults` function
- Add a line to the `.codecov.yml` to ignore the `dependencydiff` package
Signed-off-by: naveensrinivasan <172697+naveensrinivasan@users.noreply.github.com>
2023-06-07 12:23:15 +00:00
Naveen
c06ac740cc
🌱 Removed failing tests ( #2718 )
...
fixes https://github.com/ossf/scorecard/issues/2715
Signed-off-by: naveensrinivasan <172697+naveensrinivasan@users.noreply.github.com>
2023-03-03 13:25:42 -08:00
Naveen
fa0592fab2
🌱 Remove parallel tests because of rate limiting issues. ( #2527 )
...
- Remove parallel tests because of rate limiting.
Signed-off-by: naveensrinivasan <172697+naveensrinivasan@users.noreply.github.com>
Signed-off-by: naveensrinivasan <172697+naveensrinivasan@users.noreply.github.com>
2022-12-07 18:06:19 -08:00
Arnaud J Le Hors
2169bc44c7
Use new project name in Copyright notices ( #2505 )
...
Signed-off-by: Arnaud J Le Hors <lehors@us.ibm.com>
Signed-off-by: Arnaud J Le Hors <lehors@us.ibm.com>
2022-12-01 15:08:48 -08:00
Arnaud J Le Hors
c3f4e31c28
📖 Use scorecard (singular) consistently ( #2428 )
...
* Use scorecard (singular) consistently
* Use OpenSSF instead of Security in name and add FAQ entry
2022-12-01 15:06:12 +05:30
Latortuga
f9f910d437
✨ Commit depth feature ( #2407 )
...
* 🌱 Bump actions/dependency-review-action from 2.4.1 to 2.5.1
Bumps [actions/dependency-review-action](https://github.com/actions/dependency-review-action ) from 2.4.1 to 2.5.1.
- [Release notes](https://github.com/actions/dependency-review-action/releases )
- [Commits](9c96258789...0efb1d1d84
)
---
updated-dependencies:
- dependency-name: actions/dependency-review-action
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: latortuga71 <christopheralonso1@gmail.com>
* commit_depth feature
Signed-off-by: latortuga71 <christopheralonso1@gmail.com>
* added more descriptive comments, changed numberofcommits variable name, moved paging for commits into seperate function.
small changes
Signed-off-by: latortuga71 <christopheralonso1@gmail.com>
linter
Signed-off-by: latortuga71 <christopheralonso1@gmail.com>
* added unit tests
Signed-off-by: latortuga71 <christopheralonso1@gmail.com>
added test in e2e
Signed-off-by: latortuga71 <christopheralonso1@gmail.com>
* 🌱 Bump github.com/spf13/cobra from 1.6.0 to 1.6.1 (#2397 )
Bumps [github.com/spf13/cobra](https://github.com/spf13/cobra ) from 1.6.0 to 1.6.1.
- [Release notes](https://github.com/spf13/cobra/releases )
- [Commits](https://github.com/spf13/cobra/compare/v1.6.0...v1.6.1 )
---
updated-dependencies:
- dependency-name: github.com/spf13/cobra
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Signed-off-by: latortuga71 <christopheralonso1@gmail.com>
* 🌱 Bump github.com/onsi/ginkgo/v2 from 2.1.6 to 2.4.0
Bumps [github.com/onsi/ginkgo/v2](https://github.com/onsi/ginkgo ) from 2.1.6 to 2.4.0.
- [Release notes](https://github.com/onsi/ginkgo/releases )
- [Changelog](https://github.com/onsi/ginkgo/blob/master/CHANGELOG.md )
- [Commits](https://github.com/onsi/ginkgo/compare/v2.1.6...v2.4.0 )
---
updated-dependencies:
- dependency-name: github.com/onsi/ginkgo/v2
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: latortuga71 <christopheralonso1@gmail.com>
* 🌱 Bump cloud.google.com/go/pubsub from 1.25.1 to 1.26.0
Bumps [cloud.google.com/go/pubsub](https://github.com/googleapis/google-cloud-go ) from 1.25.1 to 1.26.0.
- [Release notes](https://github.com/googleapis/google-cloud-go/releases )
- [Changelog](https://github.com/googleapis/google-cloud-go/blob/main/CHANGES.md )
- [Commits](https://github.com/googleapis/google-cloud-go/compare/pubsub/v1.25.1...pubsub/v1.26.0 )
---
updated-dependencies:
- dependency-name: cloud.google.com/go/pubsub
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: latortuga71 <christopheralonso1@gmail.com>
* 🌱 Bump github.com/xanzy/go-gitlab from 0.73.1 to 0.74.0
Bumps [github.com/xanzy/go-gitlab](https://github.com/xanzy/go-gitlab ) from 0.73.1 to 0.74.0.
- [Release notes](https://github.com/xanzy/go-gitlab/releases )
- [Changelog](https://github.com/xanzy/go-gitlab/blob/master/releases_test.go )
- [Commits](https://github.com/xanzy/go-gitlab/compare/v0.73.1...v0.74.0 )
---
updated-dependencies:
- dependency-name: github.com/xanzy/go-gitlab
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: latortuga71 <christopheralonso1@gmail.com>
* 🌱 Bump github.com/onsi/gomega from 1.20.2 to 1.23.0 (#2409 )
Bumps [github.com/onsi/gomega](https://github.com/onsi/gomega ) from 1.20.2 to 1.23.0.
- [Release notes](https://github.com/onsi/gomega/releases )
- [Changelog](https://github.com/onsi/gomega/blob/master/CHANGELOG.md )
- [Commits](https://github.com/onsi/gomega/compare/v1.20.2...v1.23.0 )
---
updated-dependencies:
- dependency-name: github.com/onsi/gomega
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Signed-off-by: latortuga71 <christopheralonso1@gmail.com>
* 🌱 Bump github.com/onsi/ginkgo/v2 from 2.1.6 to 2.4.0 in /tools
Bumps [github.com/onsi/ginkgo/v2](https://github.com/onsi/ginkgo ) from 2.1.6 to 2.4.0.
- [Release notes](https://github.com/onsi/ginkgo/releases )
- [Changelog](https://github.com/onsi/ginkgo/blob/master/CHANGELOG.md )
- [Commits](https://github.com/onsi/ginkgo/compare/v2.1.6...v2.4.0 )
---
updated-dependencies:
- dependency-name: github.com/onsi/ginkgo/v2
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: latortuga71 <christopheralonso1@gmail.com>
* 🌱 Bump github.com/golangci/golangci-lint in /tools
Bumps [github.com/golangci/golangci-lint](https://github.com/golangci/golangci-lint ) from 1.50.0 to 1.50.1.
- [Release notes](https://github.com/golangci/golangci-lint/releases )
- [Changelog](https://github.com/golangci/golangci-lint/blob/master/CHANGELOG.md )
- [Commits](https://github.com/golangci/golangci-lint/compare/v1.50.0...v1.50.1 )
---
updated-dependencies:
- dependency-name: github.com/golangci/golangci-lint
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: latortuga71 <christopheralonso1@gmail.com>
* 🌱 Bump goreleaser/goreleaser-action from 2.9.1 to 3.2.0 (#2363 )
Bumps [goreleaser/goreleaser-action](https://github.com/goreleaser/goreleaser-action ) from 2.9.1 to 3.2.0.
- [Release notes](https://github.com/goreleaser/goreleaser-action/releases )
- [Commits](b953231f81...b508e2e3ef
)
---
updated-dependencies:
- dependency-name: goreleaser/goreleaser-action
dependency-type: direct:production
update-type: version-update:semver-major
...
Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Signed-off-by: latortuga71 <christopheralonso1@gmail.com>
* 🌱 Bump github.com/goreleaser/goreleaser in /tools (#2373 )
Bumps [github.com/goreleaser/goreleaser](https://github.com/goreleaser/goreleaser ) from 1.11.5 to 1.12.3.
- [Release notes](https://github.com/goreleaser/goreleaser/releases )
- [Changelog](https://github.com/goreleaser/goreleaser/blob/main/.goreleaser.yaml )
- [Commits](https://github.com/goreleaser/goreleaser/compare/v1.11.5...v1.12.3 )
---
updated-dependencies:
- dependency-name: github.com/goreleaser/goreleaser
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Signed-off-by: latortuga71 <christopheralonso1@gmail.com>
* ✨ CLI for scorecard-attestor (#2309 )
* Reorganize
Signed-off-by: Raghav Kaul <raghavkaul@google.com>
* Working commit
Signed-off-by: Raghav Kaul <raghavkaul@google.com>
* Compile with local scorecard; go mod tidy
Signed-off-by: Raghav Kaul <raghavkaul@google.com>
* Add signing code
Heavily borrowed from https://github.com/grafeas/kritis/blob/master/cmd/kritis/signer/main.go
Signed-off-by: Raghav Kaul <raghavkaul@google.com>
* Update deps
* Naming
* Makefile
Signed-off-by: Raghav Kaul <raghavkaul@google.com>
* Edit license, add lint.yml
Signed-off-by: Raghav Kaul <raghavkaul@google.com>
* checks: go mod tidy, license
Signed-off-by: Raghav Kaul <raghavkaul@google.com>
* Address PR comments
* Split into checker/signer files
* Naming convention
Signed-off-by: Raghav Kaul <raghavkaul@google.com>
* License, remove golangci.yml
Signed-off-by: Raghav Kaul <raghavkaul@google.com>
* Address PR comments
* Use cobra
Signed-off-by: Raghav Kaul <raghavkaul@google.com>
* Add tests for root command
Signed-off-by: Raghav Kaul <raghavkaul@google.com>
* Filter out checks that aren't needed for policy evaluation
Signed-off-by: Raghav Kaul <raghavkaul@google.com>
* Add `make` targets for attestor; submit coverage stats
Signed-off-by: Raghav Kaul <raghavkaul@google.com>
* Improvements
* Use sclog instead of glog
* Remove unneeded subcommands
* Formatting
Signed-off-by: Raghav Kaul <raghavkaul@google.com>
* Flags: Make note-name constant and fix messaging
Signed-off-by: Raghav Kaul <raghavkaul@google.com>
* Remove SupportedRequestTypes
Signed-off-by: Raghav Kaul <raghavkaul@google.com>
* go mod tidy
Signed-off-by: Raghav Kaul <raghavkaul@google.com>
* go mod tidy, makefile
Signed-off-by: Raghav Kaul <raghavkaul@google.com>
* Fix GH actions run
Signed-off-by: Raghav Kaul <raghavkaul@google.com>
Signed-off-by: Raghav Kaul <raghavkaul@google.com>
Signed-off-by: latortuga71 <christopheralonso1@gmail.com>
* fix workflow (#2417 )
Signed-off-by: Spencer Schrock <sschrock@google.com>
Signed-off-by: Spencer Schrock <sschrock@google.com>
Signed-off-by: latortuga71 <christopheralonso1@gmail.com>
* Bump scorecard-action (#2416 )
Signed-off-by: Spencer Schrock <sschrock@google.com>
Signed-off-by: Spencer Schrock <sschrock@google.com>
Signed-off-by: latortuga71 <christopheralonso1@gmail.com>
* Fail unit-test job if codecov upload fails (#2415 )
Signed-off-by: Spencer Schrock <sschrock@google.com>
Signed-off-by: Spencer Schrock <sschrock@google.com>
Signed-off-by: latortuga71 <christopheralonso1@gmail.com>
* 🌱 Enable comparison for alternative isText implementation (#2414 )
* use more performant IsText
Signed-off-by: Spencer Schrock <sschrock@google.com>
* AB test isText implementations
Signed-off-by: Spencer Schrock <sschrock@google.com>
* Add comparison env var to release test.
Signed-off-by: Spencer Schrock <sschrock@google.com>
* go mod tidy for attestor
Signed-off-by: Spencer Schrock <sschrock@google.com>
Signed-off-by: Spencer Schrock <sschrock@google.com>
Signed-off-by: latortuga71 <christopheralonso1@gmail.com>
* 🐛 modify alternative isText to accept carriage returns (#2421 )
* modify IsText from golang.org/x/tools/godoc/util to accept carriage returns.
Signed-off-by: Spencer Schrock <sschrock@google.com>
* add TODO reminder to cleanup after release tests
Signed-off-by: Spencer Schrock <sschrock@google.com>
Signed-off-by: Spencer Schrock <sschrock@google.com>
Signed-off-by: latortuga71 <christopheralonso1@gmail.com>
* 🌱 Bump github.com/onsi/gomega from 1.23.0 to 1.24.0
Bumps [github.com/onsi/gomega](https://github.com/onsi/gomega ) from 1.23.0 to 1.24.0.
- [Release notes](https://github.com/onsi/gomega/releases )
- [Changelog](https://github.com/onsi/gomega/blob/master/CHANGELOG.md )
- [Commits](https://github.com/onsi/gomega/compare/v1.23.0...v1.24.0 )
---
updated-dependencies:
- dependency-name: github.com/onsi/gomega
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: latortuga71 <christopheralonso1@gmail.com>
* 🌱 Bump github/codeql-action from 2.1.29 to 2.1.30
Bumps [github/codeql-action](https://github.com/github/codeql-action ) from 2.1.29 to 2.1.30.
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](ec3cf9c605...18fe527fa8
)
---
updated-dependencies:
- dependency-name: github/codeql-action
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: latortuga71 <christopheralonso1@gmail.com>
* revert failing unit-test on ci error (#2422 )
Signed-off-by: Spencer Schrock <sschrock@google.com>
Signed-off-by: Spencer Schrock <sschrock@google.com>
Signed-off-by: latortuga71 <christopheralonso1@gmail.com>
* ✨ Improved Security Policy Check (#2195 )
* ✨ Improved Security Policy Check (#2137 )
* Examines and awards points for linked content (URLs / Emails)
* Examines and awards points for hints of disclosure and vulnerability practices
* Examines and awards points for hints of elaboration of timelines
Signed-off-by: Scott Hissam <shissam@gmail.com>
* Repaired Security Policy to correctly use linked content length for evaluation
Signed-off-by: Scott Hissam <shissam@gmail.com>
* gofmt'ed changes
Signed-off-by: Scott Hissam <shissam@gmail.com>
* Repaired the case in the evaluation which was too sensitive to content length over the length of the linked content for urls and emails
Signed-off-by: Scott Hissam <shissam@gmail.com>
* added unit test cases for the new content-based Security Policy checks
Signed-off-by: Scott Hissam <shissam@gmail.com>
* reverted the direct (mistaken) change to checks.md and updated the checks.yaml for generate-docs
Signed-off-by: Scott Hissam <shissam@gmail.com>
* ✨ Improved Security Policy Check (#2137 ) (revisted based on comments)
* replaced reason strings with log.Info & log.Warn (as seen in --show-details)
* internal assertion check for nil (*pinfo) and empty pfile
* internal switched to FileTypeText over FileTypeSource
* internal implement type SecurityPolicyInformationType/SecurityPolicyInformation revised SecurityPolicyData to support only one file
* revised expected unit-test results and revised unit-test to reflect the new SecurityPolicyData type
Signed-off-by: Scott Hissam <shissam@gmail.com>
* revised the score value based on observation of one *or more* url(s) or one email(s) found; unit tests update accordingly
Signed-off-by: Scott Hissam <shissam@gmail.com>
* revised the score value based on observation of one *or more* url(s) or one email(s) found; unit tests update accordingly
Signed-off-by: Scott Hissam <shissam@gmail.com>
* revised the score value based on observation of one *or more* url(s) or one email(s) found; e2e tests update accordingly
Signed-off-by: Scott Hissam <shissam@gmail.com>
* Addressed PR comments; added telemetry for policy hits in security policy file to track hits by line number
Signed-off-by: Scott Hissam <shissam@gmail.com>
* Resolved merge conflict with checks.yaml
Signed-off-by: Scott Hissam <shissam@gmail.com>
* updated raw results to emit all the raw information for the new security policy check
Signed-off-by: Scott Hissam <shissam@gmail.com>
* Resolved merge conflicts and lint errors with json_raw_results.go
Signed-off-by: Scott Hissam <shissam@gmail.com>
* Addressed review comments to reorganize security policy data struct to support the potential for multiple security policy files.
Signed-off-by: Scott Hissam <shissam@gmail.com>
* Added logic to the security policy to process multiple security policy files only after future improvements to aggregating scoring across such files are designed. For now the security policy behaves as originally designed to stop once one of the expected policy files are found in the repo
Signed-off-by: Scott Hissam <shissam@gmail.com>
* added comments regarding the capacity to support multiple policy files and removed unneeded break statements in the code
Signed-off-by: Scott Hissam <shissam@gmail.com>
* Addressed review comments to remove the dependency on the path in the filename from the code and introduced FileSize to checker.File type and removed the SecurityContentLength which was used to hold that information for the new security policy assessment
Signed-off-by: Scott Hissam <shissam@gmail.com>
* restored reporting full security policy path and filename for policies found in the org level repos
Signed-off-by: Scott Hissam <shissam@gmail.com>
* Resolved conflicts in checks.yaml for documentation
Signed-off-by: Scott Hissam <shissam@gmail.com>
* ✨ CLI for scorecard-attestor (#2309 )
* Reorganize
Signed-off-by: Raghav Kaul <raghavkaul@google.com>
* Working commit
Signed-off-by: Raghav Kaul <raghavkaul@google.com>
* Compile with local scorecard; go mod tidy
Signed-off-by: Raghav Kaul <raghavkaul@google.com>
* Add signing code
Heavily borrowed from https://github.com/grafeas/kritis/blob/master/cmd/kritis/signer/main.go
Signed-off-by: Raghav Kaul <raghavkaul@google.com>
* Update deps
* Naming
* Makefile
Signed-off-by: Raghav Kaul <raghavkaul@google.com>
* Edit license, add lint.yml
Signed-off-by: Raghav Kaul <raghavkaul@google.com>
* checks: go mod tidy, license
Signed-off-by: Raghav Kaul <raghavkaul@google.com>
* Address PR comments
* Split into checker/signer files
* Naming convention
Signed-off-by: Raghav Kaul <raghavkaul@google.com>
* License, remove golangci.yml
Signed-off-by: Raghav Kaul <raghavkaul@google.com>
* Address PR comments
* Use cobra
Signed-off-by: Raghav Kaul <raghavkaul@google.com>
* Add tests for root command
Signed-off-by: Raghav Kaul <raghavkaul@google.com>
* Filter out checks that aren't needed for policy evaluation
Signed-off-by: Raghav Kaul <raghavkaul@google.com>
* Add `make` targets for attestor; submit coverage stats
Signed-off-by: Raghav Kaul <raghavkaul@google.com>
* Improvements
* Use sclog instead of glog
* Remove unneeded subcommands
* Formatting
Signed-off-by: Raghav Kaul <raghavkaul@google.com>
* Flags: Make note-name constant and fix messaging
Signed-off-by: Raghav Kaul <raghavkaul@google.com>
* Remove SupportedRequestTypes
Signed-off-by: Raghav Kaul <raghavkaul@google.com>
* go mod tidy
Signed-off-by: Raghav Kaul <raghavkaul@google.com>
* go mod tidy, makefile
Signed-off-by: Raghav Kaul <raghavkaul@google.com>
* Fix GH actions run
Signed-off-by: Raghav Kaul <raghavkaul@google.com>
Signed-off-by: Raghav Kaul <raghavkaul@google.com>
Signed-off-by: Scott Hissam <shissam@gmail.com>
* removed whitespace before stanza for Run attestor e2e
Signed-off-by: Scott Hissam <shissam@gmail.com>
* resolved code review and doc review comments
Signed-off-by: Scott Hissam <shissam@gmail.com>
* repaired the link for the maintainer's guide for supporting the coordinated vulnerability disclosure guidelines
Signed-off-by: Scott Hissam <shissam@gmail.com>
Signed-off-by: Scott Hissam <shissam@gmail.com>
Signed-off-by: latortuga71 <christopheralonso1@gmail.com>
* 🌱 Bump github/codeql-action from 2.1.30 to 2.1.31 (#2431 )
Bumps [github/codeql-action](https://github.com/github/codeql-action ) from 2.1.30 to 2.1.31.
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](18fe527fa8...c3b6fce4ee
)
---
updated-dependencies:
- dependency-name: github/codeql-action
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Signed-off-by: latortuga71 <christopheralonso1@gmail.com>
* enable more performant isText (#2433 )
Signed-off-by: Spencer Schrock <sschrock@google.com>
Signed-off-by: Spencer Schrock <sschrock@google.com>
Signed-off-by: latortuga71 <christopheralonso1@gmail.com>
* modified tests,InitRepo Function, Added GetCommitDepth Function to Client Interface
Signed-off-by: latortuga71 <christopheralonso1@gmail.com>
* removed getcommitdepth function
Signed-off-by: latortuga71 <christopheralonso1@gmail.com>
* added TODO
Signed-off-by: latortuga71 <christopheralonso1@gmail.com>
* 🌱 Bump github.com/onsi/ginkgo/v2 from 2.4.0 to 2.5.0 in /tools (#2436 )
Bumps [github.com/onsi/ginkgo/v2](https://github.com/onsi/ginkgo ) from 2.4.0 to 2.5.0.
- [Release notes](https://github.com/onsi/ginkgo/releases )
- [Changelog](https://github.com/onsi/ginkgo/blob/master/CHANGELOG.md )
- [Commits](https://github.com/onsi/ginkgo/compare/v2.4.0...v2.5.0 )
---
updated-dependencies:
- dependency-name: github.com/onsi/ginkgo/v2
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Signed-off-by: latortuga71 <christopheralonso1@gmail.com>
* 🌱 Bump github.com/onsi/ginkgo/v2 from 2.4.0 to 2.5.0
Bumps [github.com/onsi/ginkgo/v2](https://github.com/onsi/ginkgo ) from 2.4.0 to 2.5.0.
- [Release notes](https://github.com/onsi/ginkgo/releases )
- [Changelog](https://github.com/onsi/ginkgo/blob/master/CHANGELOG.md )
- [Commits](https://github.com/onsi/ginkgo/compare/v2.4.0...v2.5.0 )
---
updated-dependencies:
- dependency-name: github.com/onsi/ginkgo/v2
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: latortuga71 <christopheralonso1@gmail.com>
* 🌱 Code Review: treat merging a PR as code review (#2413 )
* Merges on Github count as a code review by the maintainer
Signed-off-by: Raghav Kaul <raghavkaul@google.com>
* Update Raw Results
* More detailed information for Changesets
* If there's no Revision ID, use the Commit SHA instead
Signed-off-by: Raghav Kaul <raghavkaul@google.com>
* Check that pull request had atleast one reviewer that wasn't its author
* Add field for Pull Request Merged-By to Github and Gitlab
* Note, this check can be bypassed if an author opens a PR with other
people's commits
Signed-off-by: Raghav Kaul <raghavkaul@google.com>
Signed-off-by: Raghav Kaul <raghavkaul@google.com>
Signed-off-by: latortuga71 <christopheralonso1@gmail.com>
* Trivial: Fix typo (exepted -> expected) (#2440 )
Signed-off-by: Michael Scovetta <michael.scovetta@microsoft.com>
Signed-off-by: Michael Scovetta <michael.scovetta@microsoft.com>
Signed-off-by: latortuga71 <christopheralonso1@gmail.com>
* 🌱 Bump step-security/harden-runner from 1.5.0 to 2.0.0 (#2443 )
Bumps [step-security/harden-runner](https://github.com/step-security/harden-runner ) from 1.5.0 to 2.0.0.
- [Release notes](https://github.com/step-security/harden-runner/releases )
- [Commits](2e205a28d0...ebacdc22ef
)
---
updated-dependencies:
- dependency-name: step-security/harden-runner
dependency-type: direct:production
update-type: version-update:semver-major
...
Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Signed-off-by: latortuga71 <christopheralonso1@gmail.com>
* 🌱 cron: support reading prefix from file for controller input files (7/n) (#2445 )
* add prefix marker file to config
Signed-off-by: Spencer Schrock <sschrock@google.com>
* Read the new config values, if they exist.
Signed-off-by: Spencer Schrock <sschrock@google.com>
* Add function to fetch prefix file config value.
Signed-off-by: Spencer Schrock <sschrock@google.com>
* Read prefix file if prefix not set.
Signed-off-by: Spencer Schrock <sschrock@google.com>
* Add tests to verify how List works with various prefixes
Signed-off-by: Spencer Schrock <sschrock@google.com>
* Add tests for getPrefix
Signed-off-by: Spencer Schrock <sschrock@google.com>
* Remove panics from iterator helper functions
Signed-off-by: Spencer Schrock <sschrock@google.com>
Signed-off-by: Spencer Schrock <sschrock@google.com>
Signed-off-by: latortuga71 <christopheralonso1@gmail.com>
* Detect SECURITY.markdown in addition to SECURITY.md (#2447 )
GitHub probably supports many more file extensions for Markdown
files, but at the very least, `.md` and `.markdown` have been
standardized in RFC 7763.
Signed-off-by: favonia <favonia@gmail.com>
Signed-off-by: favonia <favonia@gmail.com>
Signed-off-by: latortuga71 <christopheralonso1@gmail.com>
* Add Pinned-Dependency, Vulnerability, and Code-Review checks to attestor (#2430 )
Signed-off-by: Raghav Kaul <raghavkaul@google.com>
Signed-off-by: Raghav Kaul <raghavkaul@google.com>
Signed-off-by: latortuga71 <christopheralonso1@gmail.com>
* 🌱 cron: expose the stackdriver prefix as a config variable so it can be changed. (#2446 )
* Expose the stackdriver prefix as a config variable so it can be changed.
Signed-off-by: Caleb Brown <calebbrown@google.com>
* fix linter warning
Signed-off-by: Caleb Brown <calebbrown@google.com>
Signed-off-by: Caleb Brown <calebbrown@google.com>
Co-authored-by: Spencer Schrock <sschrock@google.com>
Signed-off-by: latortuga71 <christopheralonso1@gmail.com>
* Only write to the rawBucket if the value exists. (#2451 )
Signed-off-by: Caleb Brown <calebbrown@google.com>
Signed-off-by: Caleb Brown <calebbrown@google.com>
Signed-off-by: latortuga71 <christopheralonso1@gmail.com>
* 🌱 Bump golang.org/x/tools from 0.2.0 to 0.3.0 (#2448 )
* 🌱 Bump golang.org/x/tools from 0.2.0 to 0.3.0
Bumps [golang.org/x/tools](https://github.com/golang/tools ) from 0.2.0 to 0.3.0.
- [Release notes](https://github.com/golang/tools/releases )
- [Commits](https://github.com/golang/tools/compare/v0.2.0...v0.3.0 )
---
updated-dependencies:
- dependency-name: golang.org/x/tools
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
* bump attestor modules
Signed-off-by: Spencer Schrock <sschrock@google.com>
Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: Spencer Schrock <sschrock@google.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Spencer Schrock <sschrock@google.com>
Signed-off-by: latortuga71 <christopheralonso1@gmail.com>
* Move cron monitoring to a non-internal location. (#2453 )
This allows external workers (e.g. criticality_score) to use the same
monitoring code.
Signed-off-by: Caleb Brown <calebbrown@google.com>
Signed-off-by: Caleb Brown <calebbrown@google.com>
Signed-off-by: latortuga71 <christopheralonso1@gmail.com>
* 🌱 Bump actions/dependency-review-action from 2.5.1 to 3.0.0 (#2455 )
Bumps [actions/dependency-review-action](https://github.com/actions/dependency-review-action ) from 2.5.1 to 3.0.0.
- [Release notes](https://github.com/actions/dependency-review-action/releases )
- [Commits](0efb1d1d84...30d5821115
)
---
updated-dependencies:
- dependency-name: actions/dependency-review-action
dependency-type: direct:production
update-type: version-update:semver-major
...
Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Signed-off-by: latortuga71 <christopheralonso1@gmail.com>
* 🌱 [cron] generalize some of the transfer logic so it is easy to build new transfer agents (#2454 )
* Generalize the transfer logic so it is easy to build new transfer agents
This change moves code that reads shards and produces summaries into the
data package so that it can be reused to create new transfer agents,
similar to the BigQuery transfer agent in cron/internal/bq.
Signed-off-by: Caleb Brown <calebbrown@google.com>
* Lint fix and commentary.
Signed-off-by: Caleb Brown <calebbrown@google.com>
Signed-off-by: Caleb Brown <calebbrown@google.com>
Signed-off-by: latortuga71 <christopheralonso1@gmail.com>
* 🌱 Bump github.com/google/addlicense in /tools (#2459 )
Bumps [github.com/google/addlicense](https://github.com/google/addlicense ) from 1.0.0 to 1.1.0.
- [Release notes](https://github.com/google/addlicense/releases )
- [Changelog](https://github.com/google/addlicense/blob/master/.goreleaser.yaml )
- [Commits](https://github.com/google/addlicense/compare/v1.0.0...v1.1.0 )
---
updated-dependencies:
- dependency-name: github.com/google/addlicense
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Signed-off-by: latortuga71 <christopheralonso1@gmail.com>
* 🌱 Bump github.com/google/go-containerregistry
Bumps [github.com/google/go-containerregistry](https://github.com/google/go-containerregistry ) from 0.12.0 to 0.12.1.
- [Release notes](https://github.com/google/go-containerregistry/releases )
- [Changelog](https://github.com/google/go-containerregistry/blob/main/.goreleaser.yml )
- [Commits](https://github.com/google/go-containerregistry/compare/v0.12.0...v0.12.1 )
---
updated-dependencies:
- dependency-name: github.com/google/go-containerregistry
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: latortuga71 <christopheralonso1@gmail.com>
* go mod tidy
Signed-off-by: Spencer Schrock <sschrock@google.com>
Signed-off-by: latortuga71 <christopheralonso1@gmail.com>
* Added <= instead of == incase negative int is passed
Signed-off-by: latortuga71 <christopheralonso1@gmail.com>
* missed test fix
Signed-off-by: latortuga71 <christopheralonso1@gmail.com>
Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: latortuga71 <christopheralonso1@gmail.com>
Signed-off-by: Raghav Kaul <raghavkaul@google.com>
Signed-off-by: Spencer Schrock <sschrock@google.com>
Signed-off-by: Scott Hissam <shissam@gmail.com>
Signed-off-by: Michael Scovetta <michael.scovetta@microsoft.com>
Signed-off-by: favonia <favonia@gmail.com>
Signed-off-by: Caleb Brown <calebbrown@google.com>
Signed-off-by: Latortuga <42878263+latortuga71@users.noreply.github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: raghavkaul <8695110+raghavkaul@users.noreply.github.com>
Co-authored-by: Spencer Schrock <sschrock@google.com>
Co-authored-by: scott hissam <shissam@users.noreply.github.com>
Co-authored-by: Michael Scovetta <michael.scovetta@microsoft.com>
Co-authored-by: favonia <favonia@gmail.com>
Co-authored-by: Caleb Brown <calebbrown@google.com>
2022-11-22 16:11:36 +00:00
Naveen
10b6052acf
🌱 Upgrade to go 1.18 ( #2143 )
...
* 🌱 Upgrade to go 1.18
- Upgrade to go 1.18
- Updated the deps to avoid critical CVE's
Signed-off-by: naveensrinivasan <172697+naveensrinivasan@users.noreply.github.com>
* Updated dockerfile.
Signed-off-by: naveensrinivasan <172697+naveensrinivasan@users.noreply.github.com>
* Fixed the linter issues.
Signed-off-by: naveensrinivasan <172697+naveensrinivasan@users.noreply.github.com>
* Fixed the CVE dependencies
Signed-off-by: naveensrinivasan <172697+naveensrinivasan@users.noreply.github.com>
* Rmoved the cache which is changing between 1.17 and 1.18
Signed-off-by: naveensrinivasan <172697+naveensrinivasan@users.noreply.github.com>
* Rmoved the cache which is changing between 1.17 and 1.18
Signed-off-by: naveensrinivasan <172697+naveensrinivasan@users.noreply.github.com>
* Updated ko to latest
Signed-off-by: naveensrinivasan <172697+naveensrinivasan@users.noreply.github.com>
* Fixed linter issue.
Signed-off-by: naveensrinivasan <172697+naveensrinivasan@users.noreply.github.com>
* Fixed linter issue.
Signed-off-by: naveensrinivasan <172697+naveensrinivasan@users.noreply.github.com>
Signed-off-by: naveensrinivasan <172697+naveensrinivasan@users.noreply.github.com>
2022-08-16 20:55:48 -05:00
Aiden Wang
8c04788f38
✨ Enhancement: Dependency-diff API optimization - changing the input param changeType from a map to an array ( #2111 )
...
* save
* save
* save
* save
* save
* save
* save
2022-08-03 15:54:26 -07:00
Aiden Wang
7de97139f6
✨ Enhancement: adding new entries for GH actions & Pub as ecosystems, typo fixes ( #2109 )
...
* save
* save
* Update mapping.go
* save
* save
* save
2022-08-01 17:58:46 +00:00
Aiden Wang
66708ba3b7
✨ Feature: Dependency-diff ecosystem naming convention mapping (GitHub -> OSV) ( #2088 )
...
* save
* save
* save
* save
* save
* save
2022-07-25 17:51:10 +00:00
Aiden Wang
30e3f646e3
✨ Feature: Dependency-diff API optimize: var re-naming, removing unused JSON tags ( #2090 )
...
* save
* save
* Update dependencydiff_result.go
* save
* save
* save
2022-07-22 18:05:14 -07:00
Aiden Wang
4bd16929ed
🐛 Bug fixing: Using the wrong URI to initialize the repo in Dependencydiff ( #2072 )
...
* temp
* temp
* temp
* temp
* temp
* temp
* temp
2022-07-18 18:17:19 -07:00
Aiden Wang
10681dad95
✨ Feature DependencyDiff (Version 0 Part 2) ( #2046 )
...
* temp
* Update dependencies.go
* Update errors.go
* Update scorecard_results.go
* Update vulnerabilities.go
* save
* temp
* temp
* temp
* temp
* temp
* temp
* temp
* temp
* temp
* temp
* temp
* temp
* temp
* temp
* temp
* temp
* temp
* temp0713-1
* temp0713-2
* temp0713-3
* temp0713-4
* temp0713-4
* temp0713-5
* temp0713-6
* temp0713-7
* temp0713-8
* temp0713-9
* temp0713-10
* temp0713-11
* temp0713-12
* 1
* temp
* temp
* temp
* temp
* temp
* temp
* temp
* temp
* save
* save
* save
* final_commit_before_merge
2022-07-18 19:54:53 +00:00