Azeem Shaikh
333618d0d2
Security-Policy
should not run on --local
(#1825 )
...
Co-authored-by: Azeem Shaikh <azeems@google.com>
2022-04-07 14:12:22 -05:00
dependabot[bot]
4df16f3350
🌱 Bump codecov/codecov-action from 2.1.0 to 3
...
Bumps [codecov/codecov-action](https://github.com/codecov/codecov-action ) from 2.1.0 to 3.
- [Release notes](https://github.com/codecov/codecov-action/releases )
- [Changelog](https://github.com/codecov/codecov-action/blob/master/CHANGELOG.md )
- [Commits](f32b3a3741...e3c560433a
)
---
updated-dependencies:
- dependency-name: codecov/codecov-action
dependency-type: direct:production
update-type: version-update:semver-major
...
Signed-off-by: dependabot[bot] <support@github.com>
2022-04-07 14:55:05 +00:00
dependabot[bot]
b6575a2731
🌱 Bump github.com/rhysd/actionlint from 1.6.10 to 1.6.11
...
Bumps [github.com/rhysd/actionlint](https://github.com/rhysd/actionlint ) from 1.6.10 to 1.6.11.
- [Release notes](https://github.com/rhysd/actionlint/releases )
- [Changelog](https://github.com/rhysd/actionlint/blob/main/CHANGELOG.md )
- [Commits](https://github.com/rhysd/actionlint/compare/v1.6.10...v1.6.11 )
---
updated-dependencies:
- dependency-name: github.com/rhysd/actionlint
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
2022-04-07 14:38:43 +00:00
dependabot[bot]
8bc0fe5e83
🌱 Bump contrib.go.opencensus.io/exporter/stackdriver
...
Bumps [contrib.go.opencensus.io/exporter/stackdriver](https://github.com/census-ecosystem/opencensus-go-exporter-stackdriver ) from 0.13.10 to 0.13.11.
- [Release notes](https://github.com/census-ecosystem/opencensus-go-exporter-stackdriver/releases )
- [Commits](https://github.com/census-ecosystem/opencensus-go-exporter-stackdriver/compare/v0.13.10...v0.13.11 )
---
updated-dependencies:
- dependency-name: contrib.go.opencensus.io/exporter/stackdriver
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
2022-04-07 13:45:47 +00:00
Azeem Shaikh
a1e908b6f0
Support Security-Policy
with --local
( #1822 )
...
Co-authored-by: Azeem Shaikh <azeems@google.com>
2022-04-06 18:39:19 -07:00
noamd
5860896619
detect workflow_run as a dangerous trigger
2022-04-06 07:22:54 -05:00
dependabot[bot]
606f28ad25
🌱 Bump sigs.k8s.io/release-utils from 0.5.0 to 0.6.0
...
Bumps [sigs.k8s.io/release-utils](https://github.com/kubernetes-sigs/release-utils ) from 0.5.0 to 0.6.0.
- [Release notes](https://github.com/kubernetes-sigs/release-utils/releases )
- [Commits](https://github.com/kubernetes-sigs/release-utils/compare/v0.5.0...v0.6.0 )
---
updated-dependencies:
- dependency-name: sigs.k8s.io/release-utils
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
2022-04-05 21:36:00 +00:00
naveensrinivasan
81133363f0
🌱 e2e for pinned_dependencies for localrepoclient
...
- e2e for pinned_dependencies for localrepoclient
Signed-off-by: naveensrinivasan <172697+naveensrinivasan@users.noreply.github.com>
2022-04-05 16:15:17 -05:00
naveensrinivasan
b6b5592629
🌱 e2e for dangerous_workflow local repo
...
- e2e for dangerous_workflow for localrepoclient.
2022-04-05 15:21:52 -05:00
naveensrinivasan
761bb4e4b3
🌱 Fixes the golang version
...
Hopefully this fixes the make linter failures
https://github.com/ossf/scorecard/runs/5834278035?check_suite_focus=true
I noticed while trying to debug , which was using go 1.18 in the
workflow log.
Which made me decide to pin it to specific version of go 1.17.7
```
go env -w GOFLAGS=-mod=mod
make check-linter
shell: /usr/bin/bash -e {0}
env:
PROTOC_VERSION: 3.17.3
GOROOT: /opt/hostedtoolcache/go/1.18.0/x64
```
Signed-off-by: naveensrinivasan <172697+naveensrinivasan@users.noreply.github.com>
2022-04-05 14:45:31 -05:00
dependabot[bot]
b42a175784
🌱 Bump gocloud.dev from 0.24.0 to 0.25.0
...
Bumps [gocloud.dev](https://github.com/google/go-cloud ) from 0.24.0 to 0.25.0.
- [Release notes](https://github.com/google/go-cloud/releases )
- [Commits](https://github.com/google/go-cloud/compare/v0.24.0...v0.25.0 )
---
updated-dependencies:
- dependency-name: gocloud.dev
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
2022-04-04 09:51:38 -05:00
naveensrinivasan
648b6634e6
🌱 Experimental option for codeql
...
- Included the experimental option for Codeql
https://github.blog/2022-02-17-code-scanning-finds-vulnerabilities-using-machine-learning/
2022-04-01 19:15:44 -05:00
laurentsimon
27dbf9c7e5
✨ Raw results for Signed-Release check ( #1789 )
...
* Raw results for Signed-Releases
* updates
* linter
2022-04-01 23:13:58 +00:00
naveensrinivasan
e8c633a41b
🌱 e2e tests for security policy localrepo
...
- Included e2e tests for security policy for localrepo client
https://github.com/ossf/scorecard/issues/1353
Signed-off-by: naveensrinivasan <172697+naveensrinivasan@users.noreply.github.com>
2022-03-31 16:20:16 -05:00
naveensrinivasan
e5f5deb64e
🌱 e2e tests for local repoclient for permissions
...
- Included e2e tests for local repoclient for permissions.
Signed-off-by: naveensrinivasan <172697+naveensrinivasan@users.noreply.github.com>
2022-03-31 14:52:16 -05:00
naveensrinivasan
ab9769a4da
🌱 Fix protoc build failures
...
- Fix protoc build failures by retries
Signed-off-by: naveensrinivasan <172697+naveensrinivasan@users.noreply.github.com>
2022-03-31 14:33:45 -05:00
dependabot[bot]
99ecdea2dd
🌱 Bump actions/cache from 3.0.0 to 3.0.1
...
Bumps [actions/cache](https://github.com/actions/cache ) from 3.0.0 to 3.0.1.
- [Release notes](https://github.com/actions/cache/releases )
- [Changelog](https://github.com/actions/cache/blob/main/RELEASES.md )
- [Commits](4b0cf6cc46...136d96b4ae
)
---
updated-dependencies:
- dependency-name: actions/cache
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
2022-03-31 17:37:21 +00:00
Carlos Tadeu Panato Junior
7dcb3cb3e2
✨ checks: add GitHub Webhook check ( #1675 )
...
* checks: add GitHub Webhook check
Signed-off-by: Carlos Panato <ctadeu@gmail.com>
* update per feedback
Signed-off-by: cpanato <ctadeu@gmail.com>
* add evaluation code
Signed-off-by: cpanato <ctadeu@gmail.com>
* add feature gate check
Signed-off-by: cpanato <ctadeu@gmail.com>
* fix lint
Signed-off-by: cpanato <ctadeu@gmail.com>
2022-03-31 07:29:59 -07:00
cpanato
93889a8e70
install missing tool in add-projects job
...
Signed-off-by: cpanato <ctadeu@gmail.com>
2022-03-31 08:00:22 -05:00
cpanato
f1268bfaee
cleanup protoc version
...
Signed-off-by: cpanato <ctadeu@gmail.com>
2022-03-31 08:00:22 -05:00
dependabot[bot]
d10ac0dbb0
🌱 Bump cloud.google.com/go/bigquery from 1.30.1 to 1.30.2
...
Bumps [cloud.google.com/go/bigquery](https://github.com/googleapis/google-cloud-go ) from 1.30.1 to 1.30.2.
- [Release notes](https://github.com/googleapis/google-cloud-go/releases )
- [Changelog](https://github.com/googleapis/google-cloud-go/blob/main/CHANGES.md )
- [Commits](https://github.com/googleapis/google-cloud-go/compare/spanner/v1.30.1...bigquery/v1.30.2 )
---
updated-dependencies:
- dependency-name: cloud.google.com/go/bigquery
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
2022-03-31 05:02:41 -05:00
Carlos Tadeu Panato Junior
92027ed41b
small cleanup on the workflow jobs and remove the master branch reference ( #1800 )
...
Signed-off-by: cpanato <ctadeu@gmail.com>
Co-authored-by: laurentsimon <64505099+laurentsimon@users.noreply.github.com>
2022-03-30 16:11:30 +00:00
dependabot[bot]
389078c5d8
🌱 Bump cloud.google.com/go/bigquery from 1.30.0 to 1.30.1
...
Bumps [cloud.google.com/go/bigquery](https://github.com/googleapis/google-cloud-go ) from 1.30.0 to 1.30.1.
- [Release notes](https://github.com/googleapis/google-cloud-go/releases )
- [Changelog](https://github.com/googleapis/google-cloud-go/blob/main/CHANGES.md )
- [Commits](https://github.com/googleapis/google-cloud-go/compare/spanner/v1.30.0...spanner/v1.30.1 )
---
updated-dependencies:
- dependency-name: cloud.google.com/go/bigquery
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
2022-03-30 08:35:38 -05:00
dependabot[bot]
49564838f9
🌱 Bump github.com/onsi/gomega from 1.18.1 to 1.19.0
...
Bumps [github.com/onsi/gomega](https://github.com/onsi/gomega ) from 1.18.1 to 1.19.0.
- [Release notes](https://github.com/onsi/gomega/releases )
- [Changelog](https://github.com/onsi/gomega/blob/master/CHANGELOG.md )
- [Commits](https://github.com/onsi/gomega/compare/v1.18.1...v1.19.0 )
---
updated-dependencies:
- dependency-name: github.com/onsi/gomega
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
2022-03-29 22:15:55 +00:00
dependabot[bot]
c428e3181e
🌱 Bump distroless/base in /cron/worker
...
Bumps distroless/base from `792dfe7` to `764b74b`.
---
updated-dependencies:
- dependency-name: distroless/base
dependency-type: direct:production
...
Signed-off-by: dependabot[bot] <support@github.com>
2022-03-29 21:28:57 +00:00
Azeem Shaikh
6a078c68c2
Use GITHUB_TOKEN
for downloading protoc ( #1797 )
...
Co-authored-by: Azeem Shaikh <azeems@google.com>
2022-03-29 13:55:45 -07:00
dependabot[bot]
ce06ac1a7e
🌱 Bump distroless/base in /cron/webhook ( #1794 )
...
Bumps distroless/base from `792dfe7` to `764b74b`.
---
updated-dependencies:
- dependency-name: distroless/base
dependency-type: direct:production
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Azeem Shaikh <azeemshaikh38@gmail.com>
2022-03-29 19:51:22 +00:00
naveensrinivasan
0644b18898
🌱 e2e for local repoclient license check
...
- e2e for local repoclient for license check.
Signed-off-by: naveensrinivasan <172697+naveensrinivasan@users.noreply.github.com>
2022-03-29 14:38:24 -05:00
naveensrinivasan
cacc3e486d
🌱 e2e tests binary artifacts localrepo
...
- e2e tests for binary artifacts check for localrepo
Signed-off-by: naveensrinivasan <172697+naveensrinivasan@users.noreply.github.com>
2022-03-29 14:03:12 -05:00
laurentsimon
037a3f3516
✨ Raw result for Maintained check ( #1780 )
...
* draft
* draft
* raw results for Maintained check
* updates
* updates
* missing files
* updates
* unit tests
* e2e tests
* tests
* linter
* updates
2022-03-29 16:35:42 +00:00
Guillaume Ross
682e6ea176
Explicit permissions for github actions
...
To improve OSSF Scorecard score on Scorecard repo
2022-03-29 10:29:08 -05:00
dependabot[bot]
007156b1d3
🌱 Bump distroless/base in /cron/controller
...
Bumps distroless/base from `792dfe7` to `764b74b`.
---
updated-dependencies:
- dependency-name: distroless/base
dependency-type: direct:production
...
Signed-off-by: dependabot[bot] <support@github.com>
2022-03-29 09:59:08 -05:00
dependabot[bot]
10d46d5be0
🌱 Bump distroless/base from 792dfe7
to 764b74b
...
Bumps distroless/base from `792dfe7` to `764b74b`.
---
updated-dependencies:
- dependency-name: distroless/base
dependency-type: direct:production
...
Signed-off-by: dependabot[bot] <support@github.com>
2022-03-28 19:11:47 +00:00
dependabot[bot]
d2e88f2ab6
🌱 Bump github.com/golangci/golangci-lint in /tools
...
Bumps [github.com/golangci/golangci-lint](https://github.com/golangci/golangci-lint ) from 1.45.0 to 1.45.2.
- [Release notes](https://github.com/golangci/golangci-lint/releases )
- [Changelog](https://github.com/golangci/golangci-lint/blob/master/CHANGELOG.md )
- [Commits](https://github.com/golangci/golangci-lint/compare/v1.45.0...v1.45.2 )
---
updated-dependencies:
- dependency-name: github.com/golangci/golangci-lint
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
2022-03-25 10:20:43 -05:00
laurentsimon
363d1bd858
Add comment to update action policy file ( #1751 )
...
Add comment to update action policy file if the passing score value is updated
no breaking changes
```release-notes
Add comment to update action policy file if the passing score value is updated
```
2022-03-25 00:42:14 +00:00
laurentsimon
8150ab0f88
✨ Make Vuln ID field lower case in raw results ( #1761 )
...
* case sensitive ID
* updates
2022-03-25 00:24:23 +00:00
laurentsimon
2bbbce75b3
🐛 Discard GitHub token in dangerous workflow check ( #1772 )
...
* Discard GitHub token in dangerous workflow check
* missing files
2022-03-23 23:37:23 +00:00
dependabot[bot]
66b3d8ce5c
🌱 Bump github.com/golangci/golangci-lint from 1.44.2 to 1.45.0 in /tools ( #1757 )
...
* 🌱 Bump github.com/golangci/golangci-lint in /tools
Bumps [github.com/golangci/golangci-lint](https://github.com/golangci/golangci-lint ) from 1.44.2 to 1.45.0.
- [Release notes](https://github.com/golangci/golangci-lint/releases )
- [Changelog](https://github.com/golangci/golangci-lint/blob/master/CHANGELOG.md )
- [Commits](https://github.com/golangci/golangci-lint/compare/v1.44.2...v1.45.0 )
---
updated-dependencies:
- dependency-name: github.com/golangci/golangci-lint
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
* golangci-lint: Surface and fix as many lint warnings automatically
Signed-off-by: Stephen Augustus <foo@auggie.dev>
* generated: Run golangci-lint with `fix: true`
Signed-off-by: Stephen Augustus <foo@auggie.dev>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Stephen Augustus <foo@auggie.dev>
2022-03-23 02:23:39 +00:00
dependabot[bot]
10bd777ddf
🌱 Bump peter-evans/find-comment from 1.3.0 to 2
...
Bumps [peter-evans/find-comment](https://github.com/peter-evans/find-comment ) from 1.3.0 to 2.
- [Release notes](https://github.com/peter-evans/find-comment/releases )
- [Commits](d2dae40ed1...1769778a0c
)
---
updated-dependencies:
- dependency-name: peter-evans/find-comment
dependency-type: direct:production
update-type: version-update:semver-major
...
Signed-off-by: dependabot[bot] <support@github.com>
2022-03-23 01:08:04 +00:00
dependabot[bot]
0a82d2b425
🌱 Bump google.golang.org/protobuf from 1.27.1 to 1.28.0
...
Bumps [google.golang.org/protobuf](https://github.com/protocolbuffers/protobuf-go ) from 1.27.1 to 1.28.0.
- [Release notes](https://github.com/protocolbuffers/protobuf-go/releases )
- [Changelog](https://github.com/protocolbuffers/protobuf-go/blob/master/release.bash )
- [Commits](https://github.com/protocolbuffers/protobuf-go/compare/v1.27.1...v1.28.0 )
---
updated-dependencies:
- dependency-name: google.golang.org/protobuf
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
2022-03-23 00:49:24 +00:00
dependabot[bot]
aecff0bc1b
🌱 Bump peter-evans/create-or-update-comment from 1.4.5 to 2
...
Bumps [peter-evans/create-or-update-comment](https://github.com/peter-evans/create-or-update-comment ) from 1.4.5 to 2.
- [Release notes](https://github.com/peter-evans/create-or-update-comment/releases )
- [Commits](a35cf36e53...c9fcb64660
)
---
updated-dependencies:
- dependency-name: peter-evans/create-or-update-comment
dependency-type: direct:production
update-type: version-update:semver-major
...
Signed-off-by: dependabot[bot] <support@github.com>
2022-03-22 23:36:02 +00:00
dependabot[bot]
c671bac37d
🌱 Bump peter-evans/slash-command-dispatch from 2.3.0 to 3
...
Bumps [peter-evans/slash-command-dispatch](https://github.com/peter-evans/slash-command-dispatch ) from 2.3.0 to 3.
- [Release notes](https://github.com/peter-evans/slash-command-dispatch/releases )
- [Commits](40877f718d...2afb49dbaa
)
---
updated-dependencies:
- dependency-name: peter-evans/slash-command-dispatch
dependency-type: direct:production
update-type: version-update:semver-major
...
Signed-off-by: dependabot[bot] <support@github.com>
2022-03-22 22:59:08 +00:00
dependabot[bot]
28635662b8
🌱 Bump actions/upload-artifact from 2.3.1 to 3
...
Bumps [actions/upload-artifact](https://github.com/actions/upload-artifact ) from 2.3.1 to 3.
- [Release notes](https://github.com/actions/upload-artifact/releases )
- [Commits](82c141cc51...6673cd052c
)
---
updated-dependencies:
- dependency-name: actions/upload-artifact
dependency-type: direct:production
update-type: version-update:semver-major
...
Signed-off-by: dependabot[bot] <support@github.com>
2022-03-22 22:11:20 +00:00
dependabot[bot]
a69fda734d
🌱 Bump actions/cache from 2.1.7 to 3
...
Bumps [actions/cache](https://github.com/actions/cache ) from 2.1.7 to 3.
- [Release notes](https://github.com/actions/cache/releases )
- [Commits](937d244753...4b0cf6cc46
)
---
updated-dependencies:
- dependency-name: actions/cache
dependency-type: direct:production
update-type: version-update:semver-major
...
Signed-off-by: dependabot[bot] <support@github.com>
2022-03-22 10:48:03 -05:00
dependabot[bot]
d51e004a13
🌱 Bump google.golang.org/protobuf in /tools
...
Bumps [google.golang.org/protobuf](https://github.com/protocolbuffers/protobuf-go ) from 1.27.1 to 1.28.0.
- [Release notes](https://github.com/protocolbuffers/protobuf-go/releases )
- [Changelog](https://github.com/protocolbuffers/protobuf-go/blob/master/release.bash )
- [Commits](https://github.com/protocolbuffers/protobuf-go/compare/v1.27.1...v1.28.0 )
---
updated-dependencies:
- dependency-name: google.golang.org/protobuf
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
2022-03-22 10:04:26 -05:00
laurentsimon
06efb4a71c
✨ Update BQ table name for raw results ( #1759 )
...
* Update name
* comments
2022-03-21 23:50:45 +00:00
laurentsimon
1094680a0f
🐛 Fix schemas from https://github.com/ossf/scorecard/pull/1758 ( #1760 )
...
* Fix schemas
* updates
* updates
2022-03-21 21:03:26 +00:00
laurentsimon
ee623e5445
Add schema for the raw JSON ( #1758 )
2022-03-21 13:08:50 -07:00
Naveen
1c61acd325
Update main.yml
2022-03-21 09:00:27 -05:00
Naveen
8fd286d225
Update stale.yml
2022-03-21 09:00:27 -05:00