Naveen
a440bf6294
🌱 Removed the dockerbuild experimental features ( #409 )
...
* Removed the docker build experimental feature so that cloudbuild can
build.
2021-05-07 07:49:30 -05:00
Oliver Chang
df27afd3b3
✨ Make checks documentation machine readable. ( #345 )
...
* ✨ Make checks documentation machine readable.
Make checks.yaml as a machine and human readable source of truth of
checks documentation.
A tiny Python script is also added to generate checks.json and checks.md
from this file.
* move checks scripts and files
2021-04-16 11:15:56 -07:00
naveen
27ec7fff8d
Docs - Updated the docs for cron
...
Included a section within the CONTRIBUTING.md about the dailyscore and
cron job.
2021-03-15 12:38:58 -04:00
naveen
3d6b080241
Doc - Included gitcache documentation
...
Included documentation for gitcache.
2021-03-12 19:24:29 -05:00
Abhishek Arya
a44dd6a758
Add pypi and ruby gems package support. ( #226 )
...
Adds some more package managers to
https://github.com/ossf/scorecard/issues/33
Co-authored-by: Naveen <172697+naveensrinivasan@users.noreply.github.com>
2021-03-01 11:21:20 -05:00
naveen
cab29a2747
Feat- Use cloud buckets for caching
...
Use cloud buckets for httpcache.
The implementation uses https://github.com/google/go-cloud for it to be
cloud vendor agnostic.
2021-02-24 11:17:50 -05:00
naveen
586e3d60be
Doc - Update README with the TOC
...
Updated the README with TOC and included instructions for docker usage.
2021-02-23 10:47:44 -05:00
Naveen
db81680172
Feat-Implement httpcache middleware for GitHub API ( #203 )
...
The GitHub API supports conditional requests
https://docs.github.com/en/rest/overview/resources-in-the-rest-api#conditional-requests
https://github.com/google/go-github supports Conditional requests
https://github.com/google/go-github#conditional-requests
As we are scaling more and more projects this would add a lot of value.
Initial run fetches information using `httpcache` as a middleware,
which caches the HTTP response initially in a large disk (PVC),
probably move to Redis later as a cache instead of disk.
Subsequent `cron runs` will utilize the `httpcache` for checking content modification and
load it from the cache if it isn't modified, which reduces the hitting the
Rate Limit of the GitHub API.
2021-02-22 17:18:28 +00:00
naveen
9c4a4596ed
Testing - Slash command
2021-02-19 14:04:24 -05:00
naveen
f57080098c
Doc - Updates to README and CONTRIBUTING
2021-02-16 17:00:36 -05:00
Abhishek Arya
fc251d9d42
Add security policy to e2e test.
2021-02-14 12:50:24 -05:00
Naveen
ca1d6e85f0
Doc - Update README with the docker image ( #163 )
2021-02-11 15:27:16 -08:00
naveen
f385b0d9df
Feature - run scans from npm pacakge name
...
Implemented scans from npm package name.
2021-02-02 16:07:41 -05:00
Abhishek Arya
8493b0b9a0
Add remediation steps for various checks.
2021-01-27 08:19:49 -05:00
naveen
2a1463b315
Feature - Report codecoverage to codecov.io
2021-01-26 17:49:11 -05:00
Abhishek Arya
dc8d1fecb9
Add packaging check.
2021-01-15 13:44:52 -05:00
naveen
1d26654130
Document - Included instruction for GITHUB_AUTH_TOKEN
...
Included instruction that GITHUB_AUTH_TOKEN supports round robin with
multiple tokens.
2021-01-11 13:19:58 -05:00
Naveen
b11fad8a81
feature - Included the status badge in README ( #125 )
...
Included the status badge for build, golanglint-ci and CodeQL.
2021-01-07 11:40:55 -08:00
Abhishek Arya
3191c55963
Update README.md
2021-01-05 10:43:41 -08:00
Abhishek Arya
650fe0a1c3
Update README.md
2021-01-05 10:31:18 -08:00
naveen
5d84b86148
Merge branch 'main' into feature/protected-branches
2021-01-05 12:32:06 -05:00
Abhishek Arya
b86fae0b4d
Fix https://github.com/ossf/scorecard/issues/121
2021-01-05 09:28:21 -08:00
naveen
9ce57c0804
feature - Checks for branch protections
...
Implemented Branch protections checks.
Signed-off-by: naveen <172697+naveensrinivasan@users.noreply.github.com>
2021-01-05 12:27:50 -05:00
Naveen
15a1ba0536
feat - nonroot docker container ( #114 )
...
* feat - nonroot docker container
Changed the docker container to nonroot
* Feat - New Dockerfile for non-cron job
Created a new Dockerfile for non-cron job.
Moved the existing Dockerfile into cron folder for cron specific.
Signed-off-by: naveen <172697+naveensrinivasan@users.noreply.github.com>
* Fix - The Docker version information in the README
Updated the README to include docker version information required for
Dockerfile.
Signed-off-by: naveen <172697+naveensrinivasan@users.noreply.github.com>
2021-01-05 07:45:15 -06:00
Tom
87997ffb57
Update SonarCloud link in README.md ( #88 )
2020-12-02 08:00:29 -06:00
Tom
c3dabb2cba
Add SonarCloud to the SAST check ( #85 )
...
* Add SonarCloud to the SAST check
* Apply review feedback
2020-12-01 08:32:37 -06:00
dlorenc
24fa4cca5e
Add support for and hookup app based authentication for higher rate limiting. ( #69 )
...
This also configures it in our nightly cron cluster.
2020-11-13 11:06:46 -06:00
Abhishek Arya
f9bfb3c980
More helper links on README.md
2020-11-12 19:29:55 -08:00
Kim Lewandowski
8a14c6cea9
Merge pull request #67 from dlorenc/jsoncron
...
Switch the nightly to use json.
2020-11-12 18:18:39 -08:00
Abhishek Arya
1259d3240f
Fixes #60 ( #66 )
2020-11-12 20:14:59 -06:00
Dan Lorenc
3350a2d0bf
Switch the nightly to use json.
2020-11-12 20:13:34 -06:00
Abhishek Arya
e6bee47202
Update README.md
2020-11-12 10:59:02 -08:00
dlorenc
62ae708944
Add a JSON format mode. ( #65 )
...
This is usable as is, but is also desigend to be easy to import into a database.
2020-11-12 12:47:08 -06:00
dlorenc
ef19bdf032
Add a Dockerfile and k8s cron job to upload files to GCS each night. ( #59 )
2020-11-12 12:26:38 -06:00
Abhishek Arya
bc5ee3cb47
Add helper hyperlinks for check references.
2020-11-09 19:15:46 -08:00
Abhishek Arya
56bd21bdba
Update README.md
2020-11-09 18:29:37 -08:00
Dan Lorenc
268aea59d2
Add CSV formatting mode.
...
This allows the user to specify "--format=csv" to get the results output in CSV columns.
2020-11-09 18:23:30 -06:00
Kim Lewandowski
68bc599017
adding logo ( #44 )
...
Co-authored-by: Kim Lewandowski <klewandowski@google.com>
2020-11-06 11:36:23 -06:00
Kim Lewandowski
3c790163dd
moving contributing section down
2020-11-05 12:27:10 -08:00
Dan Lorenc
237e28b246
Add Best Practices WG meeting invite.
2020-10-27 14:35:05 -05:00
Kim Lewandowski
8c33c8ae69
Merge pull request #35 from dlorenc/docs
...
Cleanup docs and add new page for checks.
2020-10-26 13:55:10 -07:00
Dan Lorenc
6d473aafe4
Cleanup docs and add new page for checks.
2020-10-26 15:50:13 -05:00
Abhishek Arya
81eab9d2d8
Add license header and code of conduct files. ( #34 )
...
* Add license header and code of conduct files.
* Fill missing field.
2020-10-26 15:22:13 -05:00
Abhishek Arya
1232adbb20
Add SAST check for CodeQL ( #26 )
2020-10-19 11:58:51 -05:00
Abhishek Arya
3c4623184a
Minor fixes.
2020-10-19 08:09:10 -07:00
Abhishek Arya
0e3502e85c
Add active project check, slightly fi MultiCheck logic. ( #23 )
2020-10-18 18:54:15 -05:00
Abhishek Arya
ca862c3181
Show result as pass/fail instead of true/false to match docs.
2020-10-17 17:08:53 -07:00
Abhishek Arya
c208cd8d09
Update check results in readme.
2020-10-16 23:48:25 -07:00
Abhishek Arya
6e5ce52cae
Fix filenames to match check names, remove unneeded repos.txt. ( #15 )
...
* Fix filenames to match check names, remove unneeded repos.txt.
* Fix conflict.
* Minor fix.
2020-10-16 13:22:28 -05:00
Abhishek Arya
78f70c46fd
Fix minor formatting issue
2020-10-16 08:08:43 -07:00