dependabot[bot]
0739e9eed0
🌱 Bump codecov/codecov-action from 3.1.2 to 3.1.3 ( #2903 )
...
Bumps [codecov/codecov-action](https://github.com/codecov/codecov-action ) from 3.1.2 to 3.1.3.
- [Release notes](https://github.com/codecov/codecov-action/releases )
- [Changelog](https://github.com/codecov/codecov-action/blob/main/CHANGELOG.md )
- [Commits](https://github.com/codecov/codecov-action/compare/v3.1.2...894ff025c7b54547a9a2a1e9f228beae737ad3c2 )
---
updated-dependencies:
- dependency-name: codecov/codecov-action
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-04-25 09:54:50 -04:00
raghavkaul
46c6fe700c
✨ Gitlab: CI-Tests check ( #2833 )
...
* gitlab: support ci-tests
Signed-off-by: Raghav Kaul <raghavkaul@google.com>
* update
Signed-off-by: Raghav Kaul <raghavkaul@google.com>
* update test
Signed-off-by: Raghav Kaul <raghavkaul@google.com>
* update gitlab workflows
Signed-off-by: Raghav Kaul <raghavkaul@google.com>
* fix test
Signed-off-by: Raghav Kaul <raghavkaul@google.com>
---------
Signed-off-by: Raghav Kaul <raghavkaul@google.com>
Signed-off-by: raghavkaul <8695110+raghavkaul@users.noreply.github.com>
2023-04-24 17:58:27 +00:00
Spencer Schrock
a4e72a8696
🐛 Give inconclusive Vulnerabilities score when osv-scanner panics ( #2896 )
...
* Recover from osv-scanner panics.
This allows us to give an inconclusive score instead of crashing.
Signed-off-by: Spencer Schrock <sschrock@google.com>
* Bump osv-scanner to include performance increase.
https://github.com/google/osv-scanner/pull/346
Signed-off-by: Spencer Schrock <sschrock@google.com>
---------
Signed-off-by: Spencer Schrock <sschrock@google.com>
2023-04-24 17:26:20 +00:00
dependabot[bot]
d31e28afae
🌱 Bump github/codeql-action from 2.2.12 to 2.3.0 ( #2900 )
...
Bumps [github/codeql-action](https://github.com/github/codeql-action ) from 2.2.12 to 2.3.0.
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](7df0ce3489...b2c19fb9a2
2023-04-24 10:05:01 -07:00
Ashish Kurmi
8db70cfdc3
✨ show non-compliant code changes for CI-Tests, Code-Review and SAST checks in --show-details mode ( #2835 )
...
* showing non-compliant code changes for CI-Tests, Code-Review and SAST checks in --show-details mode
Signed-off-by: Ashish Kurmi <akurmi@stepsecurity.io>
* changing code review non-compliant revision traces to Debug from Warn
Signed-off-by: Ashish Kurmi <akurmi@stepsecurity.io>
* changing ci test non-compliant revision trace to Debug from Warn
Signed-off-by: Ashish Kurmi <akurmi@stepsecurity.io>
* unit test fixes in code_review_test.go
Signed-off-by: Ashish Kurmi <akurmi@stepsecurity.io>
* Incorporating Spencer's feedback
Signed-off-by: Ashish Kurmi <akurmi@stepsecurity.io>
---------
Signed-off-by: Ashish Kurmi <akurmi@stepsecurity.io>
2023-04-21 15:32:26 -07:00
raghavkaul
130a31fba9
✨ GitLab: Documentation and cleaner errors ( #2821 )
...
* Return inconclusive if there are no workflows
Signed-off-by: Raghav Kaul <raghavkaul@google.com>
* Return inconclusive if we don't have any workflows
Signed-off-by: Raghav Kaul <raghavkaul@google.com>
* logging fixes
Signed-off-by: Raghav Kaul <raghavkaul@google.com>
* fix panic
Signed-off-by: Raghav Kaul <raghavkaul@google.com>
* Update README.md
Signed-off-by: Raghav Kaul <raghavkaul@google.com>
* skip error when getting external status checks (requires full api access)
Signed-off-by: Raghav Kaul <raghavkaul@google.com>
* update
Signed-off-by: Raghav Kaul <raghavkaul@google.com>
* fix dangerous workflow test
Signed-off-by: Raghav Kaul <raghavkaul@google.com>
---------
Signed-off-by: Raghav Kaul <raghavkaul@google.com>
2023-04-21 14:58:42 -04:00
dependabot[bot]
9a3ed3de69
🌱 Bump codecov/codecov-action from 3.1.2 to 3.1.3 ( #2894 )
...
Bumps [codecov/codecov-action](https://github.com/codecov/codecov-action ) from 3.1.2 to 3.1.3.
- [Release notes](https://github.com/codecov/codecov-action/releases )
- [Changelog](https://github.com/codecov/codecov-action/blob/main/CHANGELOG.md )
- [Commits](40a12dcee2...894ff025c7
2023-04-21 12:00:44 +00:00
dependabot[bot]
99751c0241
🌱 Bump github.com/moby/buildkit from 0.11.5 to 0.11.6
...
Bumps [github.com/moby/buildkit](https://github.com/moby/buildkit ) from 0.11.5 to 0.11.6.
- [Release notes](https://github.com/moby/buildkit/releases )
- [Commits](https://github.com/moby/buildkit/compare/v0.11.5...v0.11.6 )
---
updated-dependencies:
- dependency-name: github.com/moby/buildkit
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
2023-04-21 11:48:25 +00:00
Spencer Schrock
6c5de2c32a
🐛 Reset stored error when handler is re-inited or setup is re-run. ( #2893 )
...
* Reset stored error when checkruns handler is re-inited or setup is run agaain.
Signed-off-by: Spencer Schrock <sschrock@google.com>
* Add test.
Signed-off-by: Spencer Schrock <sschrock@google.com>
---------
Signed-off-by: Spencer Schrock <sschrock@google.com>
2023-04-20 14:28:10 -07:00
dependabot[bot]
ef77082908
🌱 Bump step-security/harden-runner from 2.3.0 to 2.3.1 ( #2889 )
...
Bumps [step-security/harden-runner](https://github.com/step-security/harden-runner ) from 2.3.0 to 2.3.1.
- [Release notes](https://github.com/step-security/harden-runner/releases )
- [Commits](03bee39306...6b3083af28
2023-04-20 13:36:52 +00:00
dependabot[bot]
953e68c822
🌱 Bump github.com/otiai10/copy from 1.10.0 to 1.11.0 ( #2890 )
...
Bumps [github.com/otiai10/copy](https://github.com/otiai10/copy ) from 1.10.0 to 1.11.0.
- [Release notes](https://github.com/otiai10/copy/releases )
- [Commits](https://github.com/otiai10/copy/compare/v1.10.0...v1.11.0 )
---
updated-dependencies:
- dependency-name: github.com/otiai10/copy
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-04-20 08:21:00 -05:00
Naveen
aa01849437
🌱 Unit tests checks/evaluation/maintained.go ( #2887 )
...
- Unit tests for checks/evaluation/maintained.go
- 100% coverage.
Signed-off-by: naveensrinivasan <172697+naveensrinivasan@users.noreply.github.com>
2023-04-19 11:55:53 -07:00
dependabot[bot]
cc817ef759
🌱 Bump github.com/goreleaser/goreleaser in /tools ( #2886 )
...
Bumps [github.com/goreleaser/goreleaser](https://github.com/goreleaser/goreleaser ) from 1.17.1 to 1.17.2.
- [Release notes](https://github.com/goreleaser/goreleaser/releases )
- [Changelog](https://github.com/goreleaser/goreleaser/blob/main/.goreleaser.yaml )
- [Commits](https://github.com/goreleaser/goreleaser/compare/v1.17.1...v1.17.2 )
---
updated-dependencies:
- dependency-name: github.com/goreleaser/goreleaser
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-04-19 09:28:34 -05:00
Naveen
4e95816f4f
🌱 Unit test for Contributors ( #2881 )
...
- Code coverage of 95% for contributors.
Signed-off-by: naveensrinivasan <172697+naveensrinivasan@users.noreply.github.com>
2023-04-18 20:39:47 +00:00
Naveen
e1afb499ec
🌱 Unit tests for checks/evaluation/license.go ( #2885 )
...
- Add tests for license scoring criteria
- Add license checker tests for no license, no license files, and license files detected
- 100% coverage.
Signed-off-by: naveensrinivasan <172697+naveensrinivasan@users.noreply.github.com>
2023-04-18 20:02:26 +00:00
dependabot[bot]
bdb512360d
🌱 Bump github.com/goreleaser/goreleaser in /tools ( #2880 )
...
Bumps [github.com/goreleaser/goreleaser](https://github.com/goreleaser/goreleaser ) from 1.17.0 to 1.17.1.
- [Release notes](https://github.com/goreleaser/goreleaser/releases )
- [Changelog](https://github.com/goreleaser/goreleaser/blob/main/.goreleaser.yaml )
- [Commits](https://github.com/goreleaser/goreleaser/compare/v1.17.0...v1.17.1 )
---
updated-dependencies:
- dependency-name: github.com/goreleaser/goreleaser
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-04-18 16:26:45 +00:00
dependabot[bot]
6506930fa1
🌱 Bump cloud.google.com/go/bigquery from 1.50.0 to 1.51.0
...
Bumps [cloud.google.com/go/bigquery](https://github.com/googleapis/google-cloud-go ) from 1.50.0 to 1.51.0.
- [Release notes](https://github.com/googleapis/google-cloud-go/releases )
- [Changelog](https://github.com/googleapis/google-cloud-go/blob/main/CHANGES.md )
- [Commits](https://github.com/googleapis/google-cloud-go/compare/bigquery/v1.50.0...bigquery/v1.51.0 )
---
updated-dependencies:
- dependency-name: cloud.google.com/go/bigquery
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
2023-04-18 16:06:46 +00:00
dependabot[bot]
81e6c21132
🌱 Bump github.com/xanzy/go-gitlab from 0.82.0 to 0.83.0
...
Bumps [github.com/xanzy/go-gitlab](https://github.com/xanzy/go-gitlab ) from 0.82.0 to 0.83.0.
- [Release notes](https://github.com/xanzy/go-gitlab/releases )
- [Changelog](https://github.com/xanzy/go-gitlab/blob/master/releases_test.go )
- [Commits](https://github.com/xanzy/go-gitlab/compare/v0.82.0...v0.83.0 )
---
updated-dependencies:
- dependency-name: github.com/xanzy/go-gitlab
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
2023-04-18 15:49:29 +00:00
dependabot[bot]
e1d4f37269
🌱 Bump golang from 25de7b6 to 403f486 in /cron/internal/bq
...
Bumps golang from `25de7b6` to `403f486`.
---
updated-dependencies:
- dependency-name: golang
dependency-type: direct:production
...
Signed-off-by: dependabot[bot] <support@github.com>
2023-04-17 18:59:45 +00:00
dependabot[bot]
a91a0d8026
🌱 Bump golang in /cron/internal/webhook
...
Bumps golang from `25de7b6` to `403f486`.
---
updated-dependencies:
- dependency-name: golang
dependency-type: direct:production
...
Signed-off-by: dependabot[bot] <support@github.com>
2023-04-17 18:46:55 +00:00
dependabot[bot]
ab74f25f9c
🌱 Bump golang in /cron/internal/controller
...
Bumps golang from `25de7b6` to `403f486`.
---
updated-dependencies:
- dependency-name: golang
dependency-type: direct:production
...
Signed-off-by: dependabot[bot] <support@github.com>
2023-04-17 18:34:54 +00:00
dependabot[bot]
6858355f24
🌱 Bump golang in /clients/githubrepo/roundtripper/tokens/server
...
Bumps golang from `ea3d912` to `403f486`.
---
updated-dependencies:
- dependency-name: golang
dependency-type: direct:production
...
Signed-off-by: dependabot[bot] <support@github.com>
2023-04-17 18:22:34 +00:00
dependabot[bot]
b7180e8472
🌱 Bump distroless/base
...
Bumps distroless/base from `4b22ca3` to `e406b1d`.
---
updated-dependencies:
- dependency-name: distroless/base
dependency-type: direct:production
...
Signed-off-by: dependabot[bot] <support@github.com>
2023-04-17 18:09:02 +00:00
dependabot[bot]
8183a9f96f
🌱 Bump golang from 25de7b6 to 403f486
...
Bumps golang from `25de7b6` to `403f486`.
---
updated-dependencies:
- dependency-name: golang
dependency-type: direct:production
...
Signed-off-by: dependabot[bot] <support@github.com>
2023-04-17 17:45:23 +00:00
dependabot[bot]
20e8487555
🌱 Bump golang in /cron/internal/worker
...
Bumps golang from `25de7b6` to `403f486`.
---
updated-dependencies:
- dependency-name: golang
dependency-type: direct:production
...
Signed-off-by: dependabot[bot] <support@github.com>
2023-04-17 17:32:47 +00:00
dependabot[bot]
d0bfc0bc69
🌱 Bump golang from 25de7b6 to 403f486 in /cron/internal/cii
...
Bumps golang from `25de7b6` to `403f486`.
---
updated-dependencies:
- dependency-name: golang
dependency-type: direct:production
...
Signed-off-by: dependabot[bot] <support@github.com>
2023-04-17 17:20:16 +00:00
Avishay Balter
3bf6c2a90a
✨ add support for Nuget ad-hoc commands (add/install) in Pinned Dependency checks ( #2779 )
...
* add nuget pinned dependency checks
Signed-off-by: Avishay <avishay.balter@gmail.com>
* checks.yaml
Signed-off-by: Avishay <avishay.balter@gmail.com>
* ✨ GitLab: Security Policy check (#2754 )
* Add tarballHandler for GitLab, enabling repo download
Signed-off-by: Raghav Kaul <raghavkaul@google.com>
* Abstract OrgSecurityPolicy details to RepoClient instead of checker
Signed-off-by: Raghav Kaul <raghavkaul@google.com>
* Remove Org() from RepoClient
Signed-off-by: Raghav Kaul <raghavkaul@google.com>
* Rename
Signed-off-by: Raghav Kaul <raghavkaul@google.com>
* Don't run as part of CI tests that depend on external sites
Signed-off-by: Raghav Kaul <raghavkaul@google.com>
---------
Signed-off-by: Raghav Kaul <raghavkaul@google.com>
Signed-off-by: Avishay <avishay.balter@gmail.com>
* 🌱 Bump gocloud.dev from 0.26.0 to 0.29.0 (#2722 )
* 🌱 Bump gocloud.dev from 0.26.0 to 0.29.0
Bumps [gocloud.dev](https://github.com/google/go-cloud ) from 0.26.0 to 0.29.0.
- [Release notes](https://github.com/google/go-cloud/releases )
- [Commits](https://github.com/google/go-cloud/compare/v0.26.0...v0.29.0 )
---
updated-dependencies:
- dependency-name: gocloud.dev
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
* Switch pubsubpb import path.
See cf7063dc4d/migration.md🌱 Bump github/codeql-action from 2.2.6 to 2.2.7
Bumps [github/codeql-action](https://github.com/github/codeql-action ) from 2.2.6 to 2.2.7.
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](16964e90ba...168b99b3c2#2776 )
Signed-off-by: Azeem Shaikh <azeemshaikh38@gmail.com>
Signed-off-by: Avishay <avishay.balter@gmail.com>
* 🐛 Pass proper commit depth to github checkrun handler. (#2777 )
Signed-off-by: Spencer Schrock <sschrock@google.com>
Signed-off-by: Avishay <avishay.balter@gmail.com>
* pr fixes
Signed-off-by: Avishay <avishay.balter@gmail.com>
* ✨ Support for GitHub's internal integration (#2773 )
* update
Signed-off-by: laurentsimon <laurentsimon@google.com>
* update
Signed-off-by: laurentsimon <laurentsimon@google.com>
* update
Signed-off-by: laurentsimon <laurentsimon@google.com>
* update
Signed-off-by: laurentsimon <laurentsimon@google.com>
* update
Signed-off-by: laurentsimon <laurentsimon@google.com>
* update
Signed-off-by: laurentsimon <laurentsimon@google.com>
---------
Signed-off-by: laurentsimon <laurentsimon@google.com>
Signed-off-by: Avishay <avishay.balter@gmail.com>
* 🐛 Add tie breaker when sorting changesets by RevisionID in tests. (#2781 )
* Remove duplicate RevisionID collision from changeset tests.
The map iteration order isn't deterministic and sorting the slices isn't good enough when the revision IDs are equal.
Signed-off-by: Spencer Schrock <sschrock@google.com>
* remove any potential sha collisions
Signed-off-by: Spencer Schrock <sschrock@google.com>
* Revert deduplications.
Signed-off-by: Spencer Schrock <sschrock@google.com>
* Use ReviewPlatform as tie breaker.
Signed-off-by: Spencer Schrock <sschrock@google.com>
---------
Signed-off-by: Spencer Schrock <sschrock@google.com>
Signed-off-by: Avishay <avishay.balter@gmail.com>
* 🌱 enable fuzzing check in cron. (#2780 )
Signed-off-by: Spencer Schrock <sschrock@google.com>
Signed-off-by: Avishay <avishay.balter@gmail.com>
* 🌱 Bump tj-actions/changed-files from 35.7.0 to 35.7.6 (#2782 )
Bumps [tj-actions/changed-files](https://github.com/tj-actions/changed-files ) from 35.7.0 to 35.7.6.
- [Release notes](https://github.com/tj-actions/changed-files/releases )
- [Changelog](https://github.com/tj-actions/changed-files/blob/main/HISTORY.md )
- [Commits](bd376fbcfa...07f86bcdc4🌱 Bump actions/checkout from 3.3.0 to 3.4.0 (#2767 )
Bumps [actions/checkout](https://github.com/actions/checkout ) from 3.3.0 to 3.4.0.
- [Release notes](https://github.com/actions/checkout/releases )
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md )
- [Commits](ac59398561...24cb908017🌱 Bump golangci-lint and fix configuration file. (#2783 )
* Bump golangci-lint to v1.52.1
Signed-off-by: Spencer Schrock <sschrock@google.com>
* Remove deprecated linters.
Signed-off-by: Spencer Schrock <sschrock@google.com>
* Configure errorlint to ignore wrapping multiple errors.
We don't use golang 1.20 yet.
Signed-off-by: Spencer Schrock <sschrock@google.com>
* extra go mod tidy to hide linter.
Signed-off-by: Spencer Schrock <sschrock@google.com>
---------
Signed-off-by: Spencer Schrock <sschrock@google.com>
Signed-off-by: Avishay <avishay.balter@gmail.com>
* 🌱 Bump github.com/onsi/ginkgo/v2 from 2.9.0 to 2.9.2 in /tools (#2787 )
Bumps [github.com/onsi/ginkgo/v2](https://github.com/onsi/ginkgo ) from 2.9.0 to 2.9.2.
- [Release notes](https://github.com/onsi/ginkgo/releases )
- [Changelog](https://github.com/onsi/ginkgo/blob/master/CHANGELOG.md )
- [Commits](https://github.com/onsi/ginkgo/compare/v2.9.0...v2.9.2 )
---
updated-dependencies:
- dependency-name: github.com/onsi/ginkgo/v2
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Signed-off-by: Avishay <avishay.balter@gmail.com>
* 🌱 Bump github/codeql-action from 2.2.7 to 2.2.8
Bumps [github/codeql-action](https://github.com/github/codeql-action ) from 2.2.7 to 2.2.8.
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](168b99b3c2...67a35a0858🌱 Bump actions/dependency-review-action from 3.0.3 to 3.0.4 (#2785 )
Bumps [actions/dependency-review-action](https://github.com/actions/dependency-review-action ) from 3.0.3 to 3.0.4.
- [Release notes](https://github.com/actions/dependency-review-action/releases )
- [Commits](c090f4e553...f46c48ed6d🐛 Restore upload of existing raw result Big Query data (#2795 )
Signed-off-by: Spencer Schrock <sschrock@google.com>
Signed-off-by: Avishay <avishay.balter@gmail.com>
* 🌱 Bump tj-actions/changed-files from 35.7.6 to 35.7.7 (#2797 )
Bumps [tj-actions/changed-files](https://github.com/tj-actions/changed-files ) from 35.7.6 to 35.7.7.
- [Release notes](https://github.com/tj-actions/changed-files/releases )
- [Changelog](https://github.com/tj-actions/changed-files/blob/main/HISTORY.md )
- [Commits](07f86bcdc4...db5dd7c176🌱 Restore API quota metrics for the weekly cron job. (#2799 )
Signed-off-by: Spencer Schrock <sschrock@google.com>
Signed-off-by: Avishay <avishay.balter@gmail.com>
* 🌱 Bump github.com/golangci/golangci-lint in /tools (#2794 )
Bumps [github.com/golangci/golangci-lint](https://github.com/golangci/golangci-lint ) from 1.52.1 to 1.52.2.
- [Release notes](https://github.com/golangci/golangci-lint/releases )
- [Changelog](https://github.com/golangci/golangci-lint/blob/master/CHANGELOG.md )
- [Commits](https://github.com/golangci/golangci-lint/compare/v1.52.1...v1.52.2 )
---
updated-dependencies:
- dependency-name: github.com/golangci/golangci-lint
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Signed-off-by: Avishay <avishay.balter@gmail.com>
* 🌱 Bump google.golang.org/protobuf in /tools (#2759 )
Signed-off-by: Avishay <avishay.balter@gmail.com>
* 🌱 Bump golang.org/x/tools from 0.6.0 to 0.7.0 (#2769 )
Signed-off-by: Avishay <avishay.balter@gmail.com>
* 🌱 Bump github.com/xanzy/go-gitlab from 0.78.0 to 0.81.0 (#2737 )
* 🌱 Bump github.com/xanzy/go-gitlab from 0.78.0 to 0.81.0
Bumps [github.com/xanzy/go-gitlab](https://github.com/xanzy/go-gitlab ) from 0.78.0 to 0.81.0.
- [Release notes](https://github.com/xanzy/go-gitlab/releases )
- [Changelog](https://github.com/xanzy/go-gitlab/blob/master/releases_test.go )
- [Commits](https://github.com/xanzy/go-gitlab/compare/v0.78.0...v0.81.0 )
---
updated-dependencies:
- dependency-name: github.com/xanzy/go-gitlab
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
* Bump google.golang.org/protobuf to v1.30.0 to satisfy dependency analysis.
Signed-off-by: Spencer Schrock <sschrock@google.com>
---------
Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: Spencer Schrock <sschrock@google.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Spencer Schrock <sschrock@google.com>
Signed-off-by: Avishay <avishay.balter@gmail.com>
* 🌱 Bump actions/stale from 6.0.1 to 8.0.0 (#2793 )
Bumps [actions/stale](https://github.com/actions/stale ) from 6.0.1 to 8.0.0.
- [Release notes](https://github.com/actions/stale/releases )
- [Changelog](https://github.com/actions/stale/blob/main/CHANGELOG.md )
- [Commits](5ebf00ea0e...1160a22402🌱 Bump actions/setup-go from 3.5.0 to 4.0.0 (#2757 )
Bumps [actions/setup-go](https://github.com/actions/setup-go ) from 3.5.0 to 4.0.0.
- [Release notes](https://github.com/actions/setup-go/releases )
- [Commits](6edd4406fa...4d34df0c23🌱 Bump goreleaser/goreleaser-action from 4.1.0 to 4.2.0 (#2628 )
Bumps [goreleaser/goreleaser-action](https://github.com/goreleaser/goreleaser-action ) from 4.1.0 to 4.2.0.
- [Release notes](https://github.com/goreleaser/goreleaser-action/releases )
- [Commits](8f67e590f2...f82d6c1c34🌱 Bump github.com/google/osv-scanner (#2803 )
Bumps [github.com/google/osv-scanner](https://github.com/google/osv-scanner ) from 1.2.1-0.20230302232134-592acbc2539b to 1.3.0.
- [Release notes](https://github.com/google/osv-scanner/releases )
- [Changelog](https://github.com/google/osv-scanner/blob/main/CHANGELOG.md )
- [Commits](https://github.com/google/osv-scanner/commits/v1.3.0 )
---
updated-dependencies:
- dependency-name: github.com/google/osv-scanner
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Signed-off-by: Avishay <avishay.balter@gmail.com>
* 🌱 Bump github.com/bradleyfalzon/ghinstallation/v2 (#2805 )
Bumps [github.com/bradleyfalzon/ghinstallation/v2](https://github.com/bradleyfalzon/ghinstallation ) from 2.1.0 to 2.2.0.
- [Release notes](https://github.com/bradleyfalzon/ghinstallation/releases )
- [Commits](https://github.com/bradleyfalzon/ghinstallation/compare/v2.1.0...v2.2.0 )
---
updated-dependencies:
- dependency-name: github.com/bradleyfalzon/ghinstallation/v2
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Signed-off-by: Avishay <avishay.balter@gmail.com>
* 🌱 Bump cloud.google.com/go/pubsub from 1.28.0 to 1.30.0 (#2804 )
Bumps [cloud.google.com/go/pubsub](https://github.com/googleapis/google-cloud-go ) from 1.28.0 to 1.30.0.
- [Release notes](https://github.com/googleapis/google-cloud-go/releases )
- [Changelog](https://github.com/googleapis/google-cloud-go/blob/main/CHANGES.md )
- [Commits](https://github.com/googleapis/google-cloud-go/compare/pubsub/v1.28.0...pubsub/v1.30.0 )
---
updated-dependencies:
- dependency-name: cloud.google.com/go/pubsub
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Signed-off-by: Avishay <avishay.balter@gmail.com>
* 🌱 Bump github.com/goreleaser/goreleaser in /tools (#2770 )
Bumps [github.com/goreleaser/goreleaser](https://github.com/goreleaser/goreleaser ) from 1.14.1 to 1.16.2.
- [Release notes](https://github.com/goreleaser/goreleaser/releases )
- [Changelog](https://github.com/goreleaser/goreleaser/blob/main/.goreleaser.yaml )
- [Commits](https://github.com/goreleaser/goreleaser/compare/v1.14.1...v1.16.2 )
---
updated-dependencies:
- dependency-name: github.com/goreleaser/goreleaser
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Signed-off-by: Avishay <avishay.balter@gmail.com>
* 🌱 Bump actions/checkout from 3.4.0 to 3.5.0 (#2800 )
Signed-off-by: Avishay <avishay.balter@gmail.com>
* 🌱 Bump github/codeql-action from 2.2.8 to 2.2.9 (#2802 )
Signed-off-by: Avishay <avishay.balter@gmail.com>
* 🌱 Bump tj-actions/changed-files from 35.7.7 to 35.7.8 (#2801 )
Signed-off-by: Avishay <avishay.balter@gmail.com>
* 🌱 Bump github.com/moby/buildkit from 0.11.4 to 0.11.5 (#2809 )
Bumps [github.com/moby/buildkit](https://github.com/moby/buildkit ) from 0.11.4 to 0.11.5.
- [Release notes](https://github.com/moby/buildkit/releases )
- [Commits](https://github.com/moby/buildkit/compare/v0.11.4...v0.11.5 )
---
updated-dependencies:
- dependency-name: github.com/moby/buildkit
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Signed-off-by: Avishay <avishay.balter@gmail.com>
* 🌱 Bump ossf/scorecard-action from 2.1.2 to 2.1.3 (#2806 )
Bumps [ossf/scorecard-action](https://github.com/ossf/scorecard-action ) from 2.1.2 to 2.1.3.
- [Release notes](https://github.com/ossf/scorecard-action/releases )
- [Changelog](https://github.com/ossf/scorecard-action/blob/main/RELEASE.md )
- [Commits](e38b1902ae...80e868c13c🌱 Bump github.com/google/osv-scanner from 1.3.0 to 1.3.1 (#2810 )
Bumps [github.com/google/osv-scanner](https://github.com/google/osv-scanner ) from 1.3.0 to 1.3.1.
- [Release notes](https://github.com/google/osv-scanner/releases )
- [Changelog](https://github.com/google/osv-scanner/blob/main/CHANGELOG.md )
- [Commits](https://github.com/google/osv-scanner/compare/v1.3.0...v1.3.1 )
---
updated-dependencies:
- dependency-name: github.com/google/osv-scanner
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Signed-off-by: Avishay <avishay.balter@gmail.com>
* 🌱 Bump github.com/onsi/gomega from 1.27.0 to 1.27.6 (#2807 )
Signed-off-by: Avishay <avishay.balter@gmail.com>
* 🌱 Bump cloud.google.com/go/bigquery from 1.48.0 to 1.49.0
Bumps [cloud.google.com/go/bigquery](https://github.com/googleapis/google-cloud-go ) from 1.48.0 to 1.49.0.
- [Release notes](https://github.com/googleapis/google-cloud-go/releases )
- [Changelog](https://github.com/googleapis/google-cloud-go/blob/main/CHANGES.md )
- [Commits](https://github.com/googleapis/google-cloud-go/compare/bigquery/v1.48.0...bigquery/v1.49.0 )
---
updated-dependencies:
- dependency-name: cloud.google.com/go/bigquery
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: Avishay <avishay.balter@gmail.com>
* 🌱 Bump github.com/go-logr/logr from 1.2.3 to 1.2.4 (#2813 )
Bumps [github.com/go-logr/logr](https://github.com/go-logr/logr ) from 1.2.3 to 1.2.4.
- [Release notes](https://github.com/go-logr/logr/releases )
- [Changelog](https://github.com/go-logr/logr/blob/master/CHANGELOG.md )
- [Commits](https://github.com/go-logr/logr/compare/v1.2.3...v1.2.4 )
---
updated-dependencies:
- dependency-name: github.com/go-logr/logr
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Signed-off-by: Avishay <avishay.balter@gmail.com>
* 🌱 Bump cloud.google.com/go/bigquery from 1.49.0 to 1.50.0 (#2818 )
Bumps [cloud.google.com/go/bigquery](https://github.com/googleapis/google-cloud-go ) from 1.49.0 to 1.50.0.
- [Release notes](https://github.com/googleapis/google-cloud-go/releases )
- [Changelog](https://github.com/googleapis/google-cloud-go/blob/main/CHANGES.md )
- [Commits](https://github.com/googleapis/google-cloud-go/compare/bigquery/v1.49.0...bigquery/v1.50.0 )
---
updated-dependencies:
- dependency-name: cloud.google.com/go/bigquery
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Signed-off-by: Avishay <avishay.balter@gmail.com>
* 🌱 Bump step-security/harden-runner from 2.2.1 to 2.3.0 (#2823 )
Bumps [step-security/harden-runner](https://github.com/step-security/harden-runner ) from 2.2.1 to 2.3.0.
- [Release notes](https://github.com/step-security/harden-runner/releases )
- [Commits](1f99358870...03bee39306🌱 Bump github.com/docker/docker in /tools (#2825 )
Bumps [github.com/docker/docker](https://github.com/docker/docker ) from 23.0.1+incompatible to 23.0.3+incompatible.
- [Release notes](https://github.com/docker/docker/releases )
- [Commits](https://github.com/docker/docker/compare/v23.0.1...v23.0.3 )
---
updated-dependencies:
- dependency-name: github.com/docker/docker
dependency-type: indirect
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Signed-off-by: Avishay <avishay.balter@gmail.com>
* 🌱 Bump github/codeql-action from 2.2.9 to 2.2.11 (#2836 )
Bumps [github/codeql-action](https://github.com/github/codeql-action ) from 2.2.9 to 2.2.11.
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](04df1262e6...d186a2a36c🌱 Bump tj-actions/changed-files from 35.7.8 to 35.7.12
Bumps [tj-actions/changed-files](https://github.com/tj-actions/changed-files ) from 35.7.8 to 35.7.12.
- [Release notes](https://github.com/tj-actions/changed-files/releases )
- [Changelog](https://github.com/tj-actions/changed-files/blob/main/HISTORY.md )
- [Commits](e9b5807e92...b109d83a62🌱 Bump sigstore/cosign-installer from 3.0.1 to 3.0.2 (#2842 )
Bumps [sigstore/cosign-installer](https://github.com/sigstore/cosign-installer ) from 3.0.1 to 3.0.2.
- [Release notes](https://github.com/sigstore/cosign-installer/releases )
- [Commits](c3667d9942...9e9de2292d🌱 Bump github.com/xeipuuv/gojsonschema
Bumps [github.com/xeipuuv/gojsonschema](https://github.com/xeipuuv/gojsonschema ) from 0.0.0-20180618132009-1d523034197f to 1.2.0.
- [Release notes](https://github.com/xeipuuv/gojsonschema/releases )
- [Commits](https://github.com/xeipuuv/gojsonschema/commits/v1.2.0 )
---
updated-dependencies:
- dependency-name: github.com/xeipuuv/gojsonschema
dependency-type: direct:production
update-type: version-update:semver-major
...
Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: Avishay <avishay.balter@gmail.com>
* 🌱 Unit tests for checker result and request (#2844 )
Included tests for checker result and request
Signed-off-by: naveensrinivasan <172697+naveensrinivasan@users.noreply.github.com>
Signed-off-by: Avishay <avishay.balter@gmail.com>
* ✨ Consider haskell-actions/hlint-scan a code scanning action (#2846 )
* Add haskell-actions/hlint-scan as one of know GitHub actions which upload SARIF.
Signed-off-by: Yoo Chung <chungyc@google.com>
* Test security-events permissions with actions known to upload SARIF.
Signed-off-by: Yoo Chung <chungyc@google.com>
---------
Signed-off-by: Yoo Chung <chungyc@google.com>
Signed-off-by: Avishay <avishay.balter@gmail.com>
* 🌱 Bump github.com/bradleyfalzon/ghinstallation/v2 (#2847 )
Bumps [github.com/bradleyfalzon/ghinstallation/v2](https://github.com/bradleyfalzon/ghinstallation ) from 2.2.0 to 2.3.0.
- [Release notes](https://github.com/bradleyfalzon/ghinstallation/releases )
- [Commits](https://github.com/bradleyfalzon/ghinstallation/compare/v2.2.0...v2.3.0 )
---
updated-dependencies:
- dependency-name: github.com/bradleyfalzon/ghinstallation/v2
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Signed-off-by: Avishay <avishay.balter@gmail.com>
* 🌱 Bump github.com/otiai10/copy from 1.9.0 to 1.10.0
Bumps [github.com/otiai10/copy](https://github.com/otiai10/copy ) from 1.9.0 to 1.10.0.
- [Release notes](https://github.com/otiai10/copy/releases )
- [Commits](https://github.com/otiai10/copy/compare/v1.9.0...v1.10.0 )
---
updated-dependencies:
- dependency-name: github.com/otiai10/copy
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: Avishay <avishay.balter@gmail.com>
* 🌱 Bump github.com/goreleaser/goreleaser in /tools
Bumps [github.com/goreleaser/goreleaser](https://github.com/goreleaser/goreleaser ) from 1.16.2 to 1.17.0.
- [Release notes](https://github.com/goreleaser/goreleaser/releases )
- [Changelog](https://github.com/goreleaser/goreleaser/blob/main/.goreleaser.yaml )
- [Commits](https://github.com/goreleaser/goreleaser/compare/v1.16.2...v1.17.0 )
---
updated-dependencies:
- dependency-name: github.com/goreleaser/goreleaser
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: Avishay <avishay.balter@gmail.com>
* 🌱 Add instructions to test cron controller + worker locally (#2817 )
* Add GitLab test repos.
Signed-off-by: Spencer Schrock <sschrock@google.com>
* Add test GitLab projects to release controller.
Signed-off-by: Spencer Schrock <sschrock@google.com>
* worker gitlab WIP
Signed-off-by: Spencer Schrock <sschrock@google.com>
* Read config in worker.
Signed-off-by: Spencer Schrock <sschrock@google.com>
* Use UTC time for shards.
This avoids issues when the controller and worker timezones differ.
Signed-off-by: Spencer Schrock <sschrock@google.com>
* update directions for gcs fake
Signed-off-by: Spencer Schrock <sschrock@google.com>
* update readme
Signed-off-by: Spencer Schrock <sschrock@google.com>
* Undo gitlab parts, which will be its own PR.
Signed-off-by: Spencer Schrock <sschrock@google.com>
* Clarify project and config files are placeholders.
Signed-off-by: Spencer Schrock <sschrock@google.com>
* remove accidentally added whitespace
Signed-off-by: Spencer Schrock <sschrock@google.com>
* clarify code change with comment.
Signed-off-by: Spencer Schrock <sschrock@google.com>
* Minor edits.
Signed-off-by: Spencer Schrock <sschrock@google.com>
---------
Signed-off-by: Spencer Schrock <sschrock@google.com>
Signed-off-by: Avishay <avishay.balter@gmail.com>
* 🌱 Bump golang.org/x/tools from 0.7.0 to 0.8.0 (#2855 )
Bumps [golang.org/x/tools](https://github.com/golang/tools ) from 0.7.0 to 0.8.0.
- [Release notes](https://github.com/golang/tools/releases )
- [Commits](https://github.com/golang/tools/compare/v0.7.0...v0.8.0 )
---
updated-dependencies:
- dependency-name: golang.org/x/tools
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Signed-off-by: Avishay <avishay.balter@gmail.com>
* 🌱 Bump codecov/codecov-action from 3.1.0 to 3.1.2
Bumps [codecov/codecov-action](https://github.com/codecov/codecov-action ) from 3.1.0 to 3.1.2.
- [Release notes](https://github.com/codecov/codecov-action/releases )
- [Changelog](https://github.com/codecov/codecov-action/blob/main/CHANGELOG.md )
- [Commits](81cd2dc814...40a12dcee2📖 Fix broken links. (#2858 )
Signed-off-by: Yoo Chung <chungyc@google.com>
Signed-off-by: Avishay <avishay.balter@gmail.com>
* ✨ Detect fuzzing in Haskell by the presence of property tests. (#2843 )
* Add Haskell as a language.
Signed-off-by: Yoo Chung <chungyc@google.com>
* Detect fuzzing in Haskell using presence of property-based testing.
Signed-off-by: Yoo Chung <chungyc@google.com>
* Mention fuzzing detection for Haskell in documentation.
Signed-off-by: Yoo Chung <chungyc@google.com>
* Fix pattern and test. Add test case.
Signed-off-by: Yoo Chung <chungyc@google.com>
---------
Signed-off-by: Yoo Chung <chungyc@google.com>
Signed-off-by: Avishay <avishay.balter@gmail.com>
* 🌱 Unit tests for attestor policy (#2857 )
- Add tests for `GetRequiredChecksForPolicy` and `EvaluateResults`
- Add checks for binary artifacts, vulnerabilities, unpinned dependencies, and code review
[attestor/policy/attestation_policy_test.go]
- Add `github.com/google/go-cmp/cmp` to imports
- Add a test for `GetRequiredChecksForPolicy`
- Add a test for `EvaluateResults`
Signed-off-by: naveensrinivasan <172697+naveensrinivasan@users.noreply.github.com>
Signed-off-by: Avishay <avishay.balter@gmail.com>
* 🌱 Bump github.com/xanzy/go-gitlab from 0.81.0 to 0.82.0
Bumps [github.com/xanzy/go-gitlab](https://github.com/xanzy/go-gitlab ) from 0.81.0 to 0.82.0.
- [Release notes](https://github.com/xanzy/go-gitlab/releases )
- [Changelog](https://github.com/xanzy/go-gitlab/blob/master/releases_test.go )
- [Commits](https://github.com/xanzy/go-gitlab/compare/v0.81.0...v0.82.0 )
---
updated-dependencies:
- dependency-name: github.com/xanzy/go-gitlab
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: Avishay <avishay.balter@gmail.com>
* ✨ Use local files instead of search for SAST CodeQL check (#2839 )
* Look for codeQL action use with local files instead of search.
Signed-off-by: Spencer Schrock <sschrock@google.com>
* Switch SAST mocks to using local file contents.
Signed-off-by: Spencer Schrock <sschrock@google.com>
* Update e2e test
Signed-off-by: Spencer Schrock <sschrock@google.com>
* Remove unneeded code.
The tests deleted here were merged with another test in an earlier commit.
Signed-off-by: Spencer Schrock <sschrock@google.com>
* update
Signed-off-by: Spencer Schrock <sschrock@google.com>
* Add tests to get code coverage up.
Signed-off-by: Spencer Schrock <sschrock@google.com>
---------
Signed-off-by: Spencer Schrock <sschrock@google.com>
Signed-off-by: Avishay <avishay.balter@gmail.com>
* .exe
Signed-off-by: Avishay <avishay.balter@gmail.com>
* lint
Signed-off-by: Avishay <avishay.balter@gmail.com>
* pr comments
Signed-off-by: Avishay <avishay.balter@gmail.com>
---------
Signed-off-by: Avishay <avishay.balter@gmail.com>
Signed-off-by: Raghav Kaul <raghavkaul@google.com>
Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: Spencer Schrock <sschrock@google.com>
Signed-off-by: Azeem Shaikh <azeemshaikh38@gmail.com>
Signed-off-by: laurentsimon <laurentsimon@google.com>
Signed-off-by: naveensrinivasan <172697+naveensrinivasan@users.noreply.github.com>
Signed-off-by: Yoo Chung <chungyc@google.com>
Signed-off-by: Avishay Balter <avishay.balter@gmail.com>
Co-authored-by: raghavkaul <8695110+raghavkaul@users.noreply.github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Spencer Schrock <sschrock@google.com>
Co-authored-by: Azeem Shaikh <azeemshaikh38@gmail.com>
Co-authored-by: laurentsimon <64505099+laurentsimon@users.noreply.github.com>
Co-authored-by: Naveen <172697+naveensrinivasan@users.noreply.github.com>
Co-authored-by: Yoo Chung <dev@chungyc.org>
Co-authored-by: Yoo Chung <chungyc@google.com>
2023-04-17 10:01:51 -07:00
dependabot[bot]
1c441f3773
🌱 Bump slsa-framework/slsa-github-generator from 1.4.0 to 1.5.0
...
Bumps [slsa-framework/slsa-github-generator](https://github.com/slsa-framework/slsa-github-generator ) from 1.4.0 to 1.5.0.
- [Release notes](https://github.com/slsa-framework/slsa-github-generator/releases )
- [Changelog](https://github.com/slsa-framework/slsa-github-generator/blob/main/CHANGELOG.md )
- [Commits](https://github.com/slsa-framework/slsa-github-generator/compare/v1.4.0...v1.5.0 )
---
updated-dependencies:
- dependency-name: slsa-framework/slsa-github-generator
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
2023-04-15 15:52:51 +00:00
Naveen
66bd66f091
🌱 Unit tests Fuzzing Checker ( #2867 )
...
- Add fuzzing tests for checker
- Enhance logic for checking if project is fuzzed
- Handle nil FuzzingData
[checks/evaluation/fuzzing_test.go]
- Add tests for fuzzing checker
- Add logic to check if project is fuzzed or not
- Add handling for nil FuzzingData
Signed-off-by: naveensrinivasan <172697+naveensrinivasan@users.noreply.github.com>
2023-04-14 22:19:52 +00:00
Naveen
2a5929162a
🌱 Unit tests for dangerous workflows ( #2866 )
...
- Add a test to check for dangerous workflow patterns
- Add checks to prevent script injection and invalid types
- Add a check to ensure workflow data is valid
[checks/evaluation/dangerous_workflow_test.go]
- Add a test for dangerous workflow check
- Add a check for empty workflow data
- Add a check for dangerous workflow patterns
- Add a check for script injection
- Add a check for invalid types
- Add a check for empty raw data
- 100% Coverage.
Signed-off-by: naveensrinivasan <172697+naveensrinivasan@users.noreply.github.com>
2023-04-14 21:16:53 +00:00
Naveen
1c0a2aeb2f
🌱 Included unit tests for CII Best practices ( #2870 )
...
- Add a test file for the CII Best Practices checker
- Add tests for different badge responses and assign different scores based on badge responses
- Change CIIBestPractices function parameter and add a check for empty raw data
Signed-off-by: naveensrinivasan <172697+naveensrinivasan@users.noreply.github.com>
2023-04-14 20:03:02 +00:00
dependabot[bot]
d0e952c317
🌱 Bump github/codeql-action from 2.2.11 to 2.2.12
...
Bumps [github/codeql-action](https://github.com/github/codeql-action ) from 2.2.11 to 2.2.12.
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](d186a2a36c...7df0ce3489
2023-04-14 18:02:17 +00:00
dependabot[bot]
7eeffb16e4
🌱 Bump actions/checkout from 3.5.1 to 3.5.2 ( #2869 )
...
Bumps [actions/checkout](https://github.com/actions/checkout ) from 3.5.1 to 3.5.2.
- [Release notes](https://github.com/actions/checkout/releases )
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md )
- [Commits](83b7061638...8e5e7e5ab8
2023-04-14 12:46:17 -05:00
Naveen
ccb461cd49
🌱 Unit tests for checker/detail_logger_impl ( #2852 )
...
* 🌱 Unit tests for checker/detail_logger_impl
- Included tests for detail_logger_impl.
- It has 100% coverage.
Signed-off-by: naveensrinivasan <172697+naveensrinivasan@users.noreply.github.com>
* Fixed code review comments
Signed-off-by: naveensrinivasan <172697+naveensrinivasan@users.noreply.github.com>
---------
Signed-off-by: naveensrinivasan <172697+naveensrinivasan@users.noreply.github.com>
2023-04-13 21:57:38 +00:00
Naveen
fd78f95038
🌱 Unit Tests for checker/client ( #2851 )
...
- Included the unit tests for checker/client.go
- Coverage to 87%
Signed-off-by: naveensrinivasan <172697+naveensrinivasan@users.noreply.github.com>
2023-04-13 19:44:18 +00:00
dependabot[bot]
f3c480f214
🌱 Bump github.com/Masterminds/semver/v3 from 3.2.0 to 3.2.1
...
Bumps [github.com/Masterminds/semver/v3](https://github.com/Masterminds/semver ) from 3.2.0 to 3.2.1.
- [Release notes](https://github.com/Masterminds/semver/releases )
- [Changelog](https://github.com/Masterminds/semver/blob/master/CHANGELOG.md )
- [Commits](https://github.com/Masterminds/semver/compare/v3.2.0...v3.2.1 )
---
updated-dependencies:
- dependency-name: github.com/Masterminds/semver/v3
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
2023-04-13 17:11:29 +00:00
dependabot[bot]
21e1950fdb
🌱 Bump github.com/spf13/cobra from 1.6.1 to 1.7.0
...
Bumps [github.com/spf13/cobra](https://github.com/spf13/cobra ) from 1.6.1 to 1.7.0.
- [Release notes](https://github.com/spf13/cobra/releases )
- [Commits](https://github.com/spf13/cobra/compare/v1.6.1...v1.7.0 )
---
updated-dependencies:
- dependency-name: github.com/spf13/cobra
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
2023-04-13 16:56:51 +00:00
dependabot[bot]
3704b1f260
🌱 Bump tj-actions/changed-files from 35.7.12 to 35.8.0
...
Bumps [tj-actions/changed-files](https://github.com/tj-actions/changed-files ) from 35.7.12 to 35.8.0.
- [Release notes](https://github.com/tj-actions/changed-files/releases )
- [Changelog](https://github.com/tj-actions/changed-files/blob/main/HISTORY.md )
- [Commits](b109d83a62...7ecfc6730d
2023-04-13 13:37:19 +00:00
dependabot[bot]
973b2d37d6
🌱 Bump actions/checkout from 3.5.0 to 3.5.1
...
Bumps [actions/checkout](https://github.com/actions/checkout ) from 3.5.0 to 3.5.1.
- [Release notes](https://github.com/actions/checkout/releases )
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md )
- [Commits](8f4b7f8486...83b7061638
2023-04-13 13:23:40 +00:00
Spencer Schrock
b16c74bd16
✨ Use local files instead of search for SAST CodeQL check ( #2839 )
...
* Look for codeQL action use with local files instead of search.
Signed-off-by: Spencer Schrock <sschrock@google.com>
* Switch SAST mocks to using local file contents.
Signed-off-by: Spencer Schrock <sschrock@google.com>
* Update e2e test
Signed-off-by: Spencer Schrock <sschrock@google.com>
* Remove unneeded code.
The tests deleted here were merged with another test in an earlier commit.
Signed-off-by: Spencer Schrock <sschrock@google.com>
* update
Signed-off-by: Spencer Schrock <sschrock@google.com>
* Add tests to get code coverage up.
Signed-off-by: Spencer Schrock <sschrock@google.com>
---------
Signed-off-by: Spencer Schrock <sschrock@google.com>
2023-04-12 15:50:36 -07:00
dependabot[bot]
4809b20cbf
🌱 Bump github.com/xanzy/go-gitlab from 0.81.0 to 0.82.0
...
Bumps [github.com/xanzy/go-gitlab](https://github.com/xanzy/go-gitlab ) from 0.81.0 to 0.82.0.
- [Release notes](https://github.com/xanzy/go-gitlab/releases )
- [Changelog](https://github.com/xanzy/go-gitlab/blob/master/releases_test.go )
- [Commits](https://github.com/xanzy/go-gitlab/compare/v0.81.0...v0.82.0 )
---
updated-dependencies:
- dependency-name: github.com/xanzy/go-gitlab
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
2023-04-12 19:32:39 +00:00
Naveen
d180088c75
🌱 Unit tests for attestor policy ( #2857 )
...
- Add tests for `GetRequiredChecksForPolicy` and `EvaluateResults`
- Add checks for binary artifacts, vulnerabilities, unpinned dependencies, and code review
[attestor/policy/attestation_policy_test.go]
- Add `github.com/google/go-cmp/cmp` to imports
- Add a test for `GetRequiredChecksForPolicy`
- Add a test for `EvaluateResults`
Signed-off-by: naveensrinivasan <172697+naveensrinivasan@users.noreply.github.com>
2023-04-12 18:32:22 +00:00
Yoo Chung
71eda75a0d
✨ Detect fuzzing in Haskell by the presence of property tests. ( #2843 )
...
* Add Haskell as a language.
Signed-off-by: Yoo Chung <chungyc@google.com>
* Detect fuzzing in Haskell using presence of property-based testing.
Signed-off-by: Yoo Chung <chungyc@google.com>
* Mention fuzzing detection for Haskell in documentation.
Signed-off-by: Yoo Chung <chungyc@google.com>
* Fix pattern and test. Add test case.
Signed-off-by: Yoo Chung <chungyc@google.com>
---------
Signed-off-by: Yoo Chung <chungyc@google.com>
2023-04-12 17:29:29 +00:00
Yoo Chung
358de6bda0
📖 Fix broken links. ( #2858 )
...
Signed-off-by: Yoo Chung <chungyc@google.com>
2023-04-12 10:05:00 -07:00
dependabot[bot]
862bfc6ed7
🌱 Bump codecov/codecov-action from 3.1.0 to 3.1.2
...
Bumps [codecov/codecov-action](https://github.com/codecov/codecov-action ) from 3.1.0 to 3.1.2.
- [Release notes](https://github.com/codecov/codecov-action/releases )
- [Changelog](https://github.com/codecov/codecov-action/blob/main/CHANGELOG.md )
- [Commits](81cd2dc814...40a12dcee2
2023-04-12 11:50:45 +00:00
dependabot[bot]
192d704d49
🌱 Bump golang.org/x/tools from 0.7.0 to 0.8.0 ( #2855 )
...
Bumps [golang.org/x/tools](https://github.com/golang/tools ) from 0.7.0 to 0.8.0.
- [Release notes](https://github.com/golang/tools/releases )
- [Commits](https://github.com/golang/tools/compare/v0.7.0...v0.8.0 )
---
updated-dependencies:
- dependency-name: golang.org/x/tools
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-04-12 06:36:50 -05:00
Spencer Schrock
1fb59608bd
🌱 Add instructions to test cron controller + worker locally ( #2817 )
...
* Add GitLab test repos.
Signed-off-by: Spencer Schrock <sschrock@google.com>
* Add test GitLab projects to release controller.
Signed-off-by: Spencer Schrock <sschrock@google.com>
* worker gitlab WIP
Signed-off-by: Spencer Schrock <sschrock@google.com>
* Read config in worker.
Signed-off-by: Spencer Schrock <sschrock@google.com>
* Use UTC time for shards.
This avoids issues when the controller and worker timezones differ.
Signed-off-by: Spencer Schrock <sschrock@google.com>
* update directions for gcs fake
Signed-off-by: Spencer Schrock <sschrock@google.com>
* update readme
Signed-off-by: Spencer Schrock <sschrock@google.com>
* Undo gitlab parts, which will be its own PR.
Signed-off-by: Spencer Schrock <sschrock@google.com>
* Clarify project and config files are placeholders.
Signed-off-by: Spencer Schrock <sschrock@google.com>
* remove accidentally added whitespace
Signed-off-by: Spencer Schrock <sschrock@google.com>
* clarify code change with comment.
Signed-off-by: Spencer Schrock <sschrock@google.com>
* Minor edits.
Signed-off-by: Spencer Schrock <sschrock@google.com>
---------
Signed-off-by: Spencer Schrock <sschrock@google.com>
2023-04-11 14:52:56 -07:00
dependabot[bot]
df8b33146d
🌱 Bump github.com/goreleaser/goreleaser in /tools
...
Bumps [github.com/goreleaser/goreleaser](https://github.com/goreleaser/goreleaser ) from 1.16.2 to 1.17.0.
- [Release notes](https://github.com/goreleaser/goreleaser/releases )
- [Changelog](https://github.com/goreleaser/goreleaser/blob/main/.goreleaser.yaml )
- [Commits](https://github.com/goreleaser/goreleaser/compare/v1.16.2...v1.17.0 )
---
updated-dependencies:
- dependency-name: github.com/goreleaser/goreleaser
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
2023-04-11 15:47:08 +00:00
dependabot[bot]
4898b5c474
🌱 Bump github.com/otiai10/copy from 1.9.0 to 1.10.0
...
Bumps [github.com/otiai10/copy](https://github.com/otiai10/copy ) from 1.9.0 to 1.10.0.
- [Release notes](https://github.com/otiai10/copy/releases )
- [Commits](https://github.com/otiai10/copy/compare/v1.9.0...v1.10.0 )
---
updated-dependencies:
- dependency-name: github.com/otiai10/copy
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
2023-04-11 15:31:14 +00:00
dependabot[bot]
b17f83a71e
🌱 Bump github.com/bradleyfalzon/ghinstallation/v2 ( #2847 )
...
Bumps [github.com/bradleyfalzon/ghinstallation/v2](https://github.com/bradleyfalzon/ghinstallation ) from 2.2.0 to 2.3.0.
- [Release notes](https://github.com/bradleyfalzon/ghinstallation/releases )
- [Commits](https://github.com/bradleyfalzon/ghinstallation/compare/v2.2.0...v2.3.0 )
---
updated-dependencies:
- dependency-name: github.com/bradleyfalzon/ghinstallation/v2
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-04-11 10:12:31 -05:00
