ossf/scorecard
1
1
Fork 0
mirror of https://github.com/ossf/scorecard.git synced 2024-09-19 13:07:17 +03:00
Code Issues Actions 2 Packages Projects Releases Wiki Activity
353 Commits 36 Branches 42 Tags 436 MiB
0e15d65a0c
Commit Graph

59 Commits

Author SHA1 Message Date
Naveen
a440bf6294
🌱 Removed the dockerbuild experimental features (#409) 
* Removed the docker build experimental feature so that cloudbuild can
build.
 2021-05-07 07:49:30 -05:00
Oliver Chang
df27afd3b3
Make checks documentation machine readable. (#345) 
*  Make checks documentation machine readable.

Make checks.yaml as a machine and human readable source of truth of
checks documentation.

A tiny Python script is also added to generate checks.json and checks.md
from this file.

* move checks scripts and files
 2021-04-16 11:15:56 -07:00
naveen
27ec7fff8d Docs - Updated the docs for cron 
Included a section within the CONTRIBUTING.md about the dailyscore and
cron job.
 2021-03-15 12:38:58 -04:00
naveen
3d6b080241 Doc - Included gitcache documentation 
Included documentation for gitcache.
 2021-03-12 19:24:29 -05:00
Abhishek Arya
a44dd6a758
Add pypi and ruby gems package support. (#226) 
Adds some more package managers to
https://github.com/ossf/scorecard/issues/33

Co-authored-by: Naveen <172697+naveensrinivasan@users.noreply.github.com>
 2021-03-01 11:21:20 -05:00
naveen
cab29a2747 Feat- Use cloud buckets for caching 
Use cloud buckets for httpcache.

The implementation uses https://github.com/google/go-cloud for it to be
cloud vendor agnostic.
 2021-02-24 11:17:50 -05:00
naveen
586e3d60be Doc - Update README with the TOC 
Updated the README with TOC and included instructions for docker usage.
 2021-02-23 10:47:44 -05:00
Naveen
db81680172
Feat-Implement httpcache middleware for GitHub API (#203) 
The GitHub API supports conditional requests
https://docs.github.com/en/rest/overview/resources-in-the-rest-api#conditional-requests

https://github.com/google/go-github supports Conditional requests
https://github.com/google/go-github#conditional-requests

As we are scaling more and more projects this would add a lot of value.

Initial run fetches information using `httpcache` as a middleware,
which caches the HTTP response initially in a large disk (PVC),
probably move to Redis later as a cache instead of disk.

Subsequent `cron runs` will utilize the `httpcache` for checking content modification and
load it from the cache if it isn't modified, which reduces the hitting the
Rate Limit of the GitHub API.
 2021-02-22 17:18:28 +00:00
naveen
9c4a4596ed Testing - Slash command 2021-02-19 14:04:24 -05:00
naveen
f57080098c Doc - Updates to README and CONTRIBUTING 2021-02-16 17:00:36 -05:00
Abhishek Arya
fc251d9d42 Add security policy to e2e test. 2021-02-14 12:50:24 -05:00
Naveen
ca1d6e85f0
Doc - Update README with the docker image (#163) 2021-02-11 15:27:16 -08:00
naveen
f385b0d9df Feature - run scans from npm pacakge name 
Implemented scans from npm package name.
 2021-02-02 16:07:41 -05:00
Abhishek Arya
8493b0b9a0 Add remediation steps for various checks. 2021-01-27 08:19:49 -05:00
naveen
2a1463b315 Feature - Report codecoverage to codecov.io 2021-01-26 17:49:11 -05:00
Abhishek Arya
dc8d1fecb9 Add packaging check. 2021-01-15 13:44:52 -05:00
naveen
1d26654130 Document - Included instruction for GITHUB_AUTH_TOKEN 
Included instruction that GITHUB_AUTH_TOKEN supports round robin with
multiple tokens.
 2021-01-11 13:19:58 -05:00
Naveen
b11fad8a81
feature - Included the status badge in README (#125) 
Included the status badge for build, golanglint-ci and CodeQL.
 2021-01-07 11:40:55 -08:00
Abhishek Arya
3191c55963
Update README.md 2021-01-05 10:43:41 -08:00
Abhishek Arya
650fe0a1c3
Update README.md 2021-01-05 10:31:18 -08:00
naveen
5d84b86148 Merge branch 'main' into feature/protected-branches 2021-01-05 12:32:06 -05:00
Abhishek Arya
b86fae0b4d
Fix https://github.com/ossf/scorecard/issues/121 2021-01-05 09:28:21 -08:00
naveen
9ce57c0804 feature - Checks for branch protections 
Implemented Branch protections checks.

Signed-off-by: naveen <172697+naveensrinivasan@users.noreply.github.com>
 2021-01-05 12:27:50 -05:00
Naveen
15a1ba0536
feat - nonroot docker container (#114) 
* feat - nonroot docker container

Changed the docker container to nonroot

* Feat - New Dockerfile for non-cron job

Created a new Dockerfile for non-cron job.
Moved the existing Dockerfile into cron folder for cron specific.

Signed-off-by: naveen <172697+naveensrinivasan@users.noreply.github.com>

* Fix - The Docker version information in the README

Updated the README to include docker version information required for
Dockerfile.

Signed-off-by: naveen <172697+naveensrinivasan@users.noreply.github.com>
 2021-01-05 07:45:15 -06:00
Tom
87997ffb57
Update SonarCloud link in README.md (#88) 2020-12-02 08:00:29 -06:00
Tom
c3dabb2cba
Add SonarCloud to the SAST check (#85) 
* Add SonarCloud to the SAST check

* Apply review feedback
 2020-12-01 08:32:37 -06:00
dlorenc
24fa4cca5e
Add support for and hookup app based authentication for higher rate limiting. (#69) 
This also configures it in our nightly cron cluster.
 2020-11-13 11:06:46 -06:00
Abhishek Arya
f9bfb3c980
More helper links on README.md 2020-11-12 19:29:55 -08:00
Kim Lewandowski
8a14c6cea9
Merge pull request #67 from dlorenc/jsoncron 
Switch the nightly to use json.
 2020-11-12 18:18:39 -08:00
Abhishek Arya
1259d3240f
Fixes #60 (#66) 2020-11-12 20:14:59 -06:00
Dan Lorenc
3350a2d0bf Switch the nightly to use json. 2020-11-12 20:13:34 -06:00
Abhishek Arya
e6bee47202
Update README.md 2020-11-12 10:59:02 -08:00
dlorenc
62ae708944
Add a JSON format mode. (#65) 
This is usable as is, but is also desigend to be easy to import into a database.
 2020-11-12 12:47:08 -06:00
dlorenc
ef19bdf032
Add a Dockerfile and k8s cron job to upload files to GCS each night. (#59) 2020-11-12 12:26:38 -06:00
Abhishek Arya
bc5ee3cb47
Add helper hyperlinks for check references. 2020-11-09 19:15:46 -08:00
Abhishek Arya
56bd21bdba
Update README.md 2020-11-09 18:29:37 -08:00
Dan Lorenc
268aea59d2 Add CSV formatting mode. 
This allows the user to specify "--format=csv" to get the results output in CSV columns.
 2020-11-09 18:23:30 -06:00
Kim Lewandowski
68bc599017
adding logo (#44) 
Co-authored-by: Kim Lewandowski <klewandowski@google.com>
 2020-11-06 11:36:23 -06:00
Kim Lewandowski
3c790163dd moving contributing section down 2020-11-05 12:27:10 -08:00
Dan Lorenc
237e28b246 Add Best Practices WG meeting invite. 2020-10-27 14:35:05 -05:00
Kim Lewandowski
8c33c8ae69
Merge pull request #35 from dlorenc/docs 
Cleanup docs and add new page for checks.
 2020-10-26 13:55:10 -07:00
Dan Lorenc
6d473aafe4 Cleanup docs and add new page for checks. 2020-10-26 15:50:13 -05:00
Abhishek Arya
81eab9d2d8
Add license header and code of conduct files. (#34) 
* Add license header and code of conduct files.

* Fill missing field.
 2020-10-26 15:22:13 -05:00
Abhishek Arya
1232adbb20
Add SAST check for CodeQL (#26) 2020-10-19 11:58:51 -05:00
Abhishek Arya
3c4623184a Minor fixes. 2020-10-19 08:09:10 -07:00
Abhishek Arya
0e3502e85c
Add active project check, slightly fi MultiCheck logic. (#23) 2020-10-18 18:54:15 -05:00
Abhishek Arya
ca862c3181 Show result as pass/fail instead of true/false to match docs. 2020-10-17 17:08:53 -07:00
Abhishek Arya
c208cd8d09
Update check results in readme. 2020-10-16 23:48:25 -07:00
Abhishek Arya
6e5ce52cae
Fix filenames to match check names, remove unneeded repos.txt. (#15) 
* Fix filenames to match check names, remove unneeded repos.txt.

* Fix conflict.

* Minor fix.
 2020-10-16 13:22:28 -05:00
Abhishek Arya
78f70c46fd
Fix minor formatting issue 2020-10-16 08:08:43 -07:00