ossf/scorecard
1
1
Fork 0
mirror of https://github.com/ossf/scorecard.git synced 2024-09-17 11:57:12 +03:00
Code Issues Actions 6 Packages Projects Releases Wiki Activity
868 Commits 36 Branches 42 Tags 436 MiB
138552848d
Commit Graph

868 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Azeem Shaikh
138552848d
Remove Repo CPU runtime stat logging (#1186) 
Co-authored-by: Azeem Shaikh <azeems@google.com>
 2021-10-29 04:37:44 +00:00
Azeem Shaikh
1db0f9745f
Sanitized repo URLs ~1M (#1182) 
Co-authored-by: Azeem Shaikh <azeems@google.com>
 2021-10-28 21:00:57 -07:00
Azeem Shaikh
b08a4a8ca7
Increase worker replicas (#1173) 
Co-authored-by: Azeem Shaikh <azeems@google.com>
 2021-10-29 03:40:16 +00:00
laurentsimon
608866949b
🐛 Fix ListFiles caching in localrepo client (#1190) 
* fix

* remove debug
 2021-10-29 03:12:44 +00:00
Azeem Shaikh
87359619c7
Update shard naming to allow for 1M+ shards (#1170) 
Co-authored-by: Azeem Shaikh <azeems@google.com>
 2021-10-28 18:54:36 +00:00
Azeem Shaikh
c73c5628ea
Fix GitHub workflows failing (#1172) 
Co-authored-by: Azeem Shaikh <azeems@google.com>
Co-authored-by: laurentsimon <64505099+laurentsimon@users.noreply.github.com>
 2021-10-28 18:42:55 +00:00
laurentsimon
4cca9b4960
Implement local repo client for local folders (#1146) 
* draft

* draft

* docker file

* error

* fix

* fix

* bug

* comments

* missing merge

* fix

* merge issue

* fix

* validate format early

* comments

* fix

* fixes

* uncomment

* gate code for v4 code

* draft

* draft 2

* fix security-policy check

* fix

* merge fixes

* fixes

* fixes

* fixes

* fixes

* mock repo

* linter

* comments

* unit tests

* comments
 2021-10-28 18:30:02 +00:00
laurentsimon
d9e35cda2a
🐛 Fix flaky tests in cron/data/add (#1185) 
* fix

* naming
 2021-10-28 11:18:35 -07:00
Azeem Shaikh
0ba864e9c2
Avoid panic in code (#1171) 
Co-authored-by: Azeem Shaikh <azeems@google.com>
 2021-10-27 12:24:02 -07:00
Azeem Shaikh
53ae583096
Remove obviously invalid URLs from porjects.csv (#1165) 
Co-authored-by: Azeem Shaikh <azeems@google.com>
 2021-10-27 05:25:08 +00:00
naveen
aa634bd251 🌱 Fixes the broken e2e 
Fixes for broken e2e
 2021-10-26 20:11:21 -05:00
naveen
fd238d0e40 🌱 Fix goreleaser permission and flags 
Fixes goreleaser flags issue and sets specific permission for
goreleaser.
 2021-10-26 16:32:05 -05:00
naveen
1b885874ac 🌱 Fix CVE warning for containerd 
The containerd version <1.5.7 has CVE https://github.com/advisories/GHSA-c2h3-6mxw-7mvq
Fixed it to address the issue.
 2021-10-26 13:52:00 -05:00
Batuhan Apaydın
6f1a43a0b6
🌱 add google/ko support for building/pusing container image (#1127) 
* feat: add google/ko support for building/pusing container image

Signed-off-by: Batuhan Apaydın <batuhan.apaydin@trendyol.com>

* feat: updates according to reviews

Signed-off-by: Batuhan Apaydın <batuhan.apaydin@trendyol.com>
 2021-10-26 17:22:22 +00:00
Chris McGehee
faab6969d6 Improve formatting, readability 2021-10-25 17:36:37 -05:00
Chris McGehee
c13783a040 🐛 Fixing parsing for Github workflow when matrix is an expression 2021-10-25 17:36:37 -05:00
olivekl
6f1a1cb1f4
📖 Update README.md (#1160) 
* Update README.md

Add Prominent Scorecards Users section
Add email groups
Fix calendar link

* Update README.md

Add https:// to links in "Prominent Users" section

Co-authored-by: Naveen <172697+naveensrinivasan@users.noreply.github.com>
 2021-10-25 22:06:53 +00:00
naveen
311d2e2e42 🌱 Reproducible builds with static binary 
Changes to goreleaser to have static binaries and reproducible builds.
 2021-10-25 15:58:47 -05:00
Naveen
c3d51a7739
🌱 Included arm64 release for darwin (#1157) 2021-10-25 13:56:48 -05:00
Carlos Tadeu Panato Junior
3d9c599769
🌱 fix TestGetRepoURLs tests (#1158) 
* tests: fix TestGetRepoURLs tests

Signed-off-by: Carlos Panato <ctadeu@gmail.com>

* close test file

Signed-off-by: Carlos Panato <ctadeu@gmail.com>
 2021-10-25 11:03:02 -05:00
naveen
54f1429eaa 🌱 Fixed typo administrator 
Fixed typo administrator.
 2021-10-23 16:29:32 -05:00
laurentsimon
950e0e3d2d
Add support for file-based repo URIs (#1113) 
* draft

* draft

* docker file

* error

* fix

* fix

* fixa

* bug

* comments

* missing merge

* fix

* fix rebase

* merge issue

* fix

* validate format early

* fix

* fix2

* comments

* fix
 2021-10-21 20:08:56 +00:00
Azeem Shaikh
0d299c2965
Increase number of workers and 600k repos (#1150) 
Co-authored-by: Azeem Shaikh <azeems@google.com>
 2021-10-20 21:18:42 +00:00
Azeem Shaikh
96140f9646
Add exponential backoff to CII badge check (#1147) 
Co-authored-by: Azeem Shaikh <azeems@google.com>
 2021-10-20 18:13:17 +00:00
dependabot[bot]
f38abc03be
🌱 Bump actions/checkout from 1 to 2.3.5 (#1137) 
Bumps [actions/checkout](https://github.com/actions/checkout) from 1 to 2.3.5.
- [Release notes](https://github.com/actions/checkout/releases)
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md)
- [Commits](https://github.com/actions/checkout/compare/v1...1e204e9a9253d643386038d443f96446fa156a97)

---
updated-dependencies:
- dependency-name: actions/checkout
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2021-10-19 19:28:58 +00:00
Romain Dauby
c26bea648d
📖 Minor fixes to markdown links (#1141) 
* Minor fixes to markdown links

* Minor fix generate docs
 2021-10-19 12:14:11 -07:00
Azeem Shaikh
b8eba248ac
Improve logging messages (#1140) 
Co-authored-by: Azeem Shaikh <azeems@google.com>
 2021-10-18 15:08:15 -07:00
dependabot[bot]
b3874325f8
🌱 Bump goreleaser/goreleaser-action from 2.7.0 to 2.8.0 (#1136) 
Bumps [goreleaser/goreleaser-action](https://github.com/goreleaser/goreleaser-action) from 2.7.0 to 2.8.0.
- [Release notes](https://github.com/goreleaser/goreleaser-action/releases)
- [Commits](5a54d7e660...5df302e5e9)

---
updated-dependencies:
- dependency-name: goreleaser/goreleaser-action
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Naveen <172697+naveensrinivasan@users.noreply.github.com>
 2021-10-18 15:23:28 +00:00
dependabot[bot]
a020b1632f 🌱 Bump crazy-max/ghaction-import-gpg from 4.0.0 to 4.1.0 
Bumps [crazy-max/ghaction-import-gpg](https://github.com/crazy-max/ghaction-import-gpg) from 4.0.0 to 4.1.0.
- [Release notes](https://github.com/crazy-max/ghaction-import-gpg/releases)
- [Changelog](https://github.com/crazy-max/ghaction-import-gpg/blob/master/CHANGELOG.md)
- [Commits](8c43807e82...cb4264d331)

---
updated-dependencies:
- dependency-name: crazy-max/ghaction-import-gpg
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
 2021-10-18 08:05:46 -07:00
Azeem Shaikh
146dc8579f
Use token server in prod cron job (#1135) 
Co-authored-by: Azeem Shaikh <azeems@google.com>
 2021-10-17 08:27:44 -07:00
Azeem Shaikh
5ec7b26e20
Fix connection refused errors (#1134) 
Co-authored-by: Azeem Shaikh <azeems@google.com>
 2021-10-15 22:29:00 +00:00
olivekl
da94c7c253
📖 Update Install command for version 3 (#1125) 
* Update Install command for version 3

Change v2@latest to v@latest in README.md

* Update install instruction to use GitHub releases 

Remove `go install` instructions and replace with instructions to download binary from GitHub releases

* Update install instructions for GOPATH caps

Change gopath to GOPATH
 2021-10-15 12:10:36 -07:00
Azeem Shaikh
89cae3a62a
Use GitHub auth server in cron release test (#1133) 
Co-authored-by: Azeem Shaikh <azeems@google.com>
 2021-10-15 10:24:31 -07:00
Azeem Shaikh
66f864022c
Add GitHub token server (#1132) 
Co-authored-by: Azeem Shaikh <azeems@google.com>
 2021-10-15 03:03:51 +00:00
Chris McGehee
cf9399aad4
🐛 Fixing parsing errors for github workflows (#1131) 2021-10-14 08:16:22 -07:00
dependabot[bot]
3233e4f5be 🌱 Bump github.com/onsi/ginkgo from 1.16.4 to 1.16.5 
Bumps [github.com/onsi/ginkgo](https://github.com/onsi/ginkgo) from 1.16.4 to 1.16.5.
- [Release notes](https://github.com/onsi/ginkgo/releases)
- [Changelog](https://github.com/onsi/ginkgo/blob/master/CHANGELOG.md)
- [Commits](https://github.com/onsi/ginkgo/compare/v1.16.4...v1.16.5)

---
updated-dependencies:
- dependency-name: github.com/onsi/ginkgo
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2021-10-12 07:56:57 -04:00
Naveen
6c1c789dc5
🌱 v3 upgrade changes (#1118) 
v3 go.mod changes
 2021-10-07 18:16:01 -05:00
laurentsimon
f153db5a4a
⚠️ remove CSV support (#1119) 
* remove CSV support

* fixes
 2021-10-07 13:54:21 -07:00
laurentsimon
8c2e123155
Update BQ table in readme (#1116) 
* v2 table

* comments
 2021-10-07 16:26:00 +00:00
olivekl
aaff0e530c
📖 Edit and rework checks.md (via checks.yaml and main.go) (#1114) 
* Update checks.yaml to generate new checks.md docs

* Update main.go

Update overview text and add link

* -m "update TODO for Contrib and Signed-Releases"

* -m "Add admin setting  info to Branch-Protection"

* -m "generate docs, fix typos"

* -m "generate docs"

* -m "add links, small edits to checks.yml"

* -m "generate docs.md"

* Clarify Pinned-Dependencies remediation

* "Generate docs"

* "Add admin-only Branch-Protection checks"

* "Regenerate docs"

Co-authored-by: Azeem Shaikh <azeemshaikh38@gmail.com>
 2021-10-06 22:07:49 +00:00
Azeem Shaikh
6935be8110
Disable all monitoring temporarily (#1110) 
Co-authored-by: Azeem Shaikh <azeems@google.com>
 2021-10-06 18:39:00 +00:00
laurentsimon
4eb5b34932
update v2 BQ table (#1111) 
> LGTM. Will merge it when I rename the BQ table successfully.

Done. Merging now.
 2021-10-05 19:33:09 -07:00
naveen
42fd97fa60 🐛Incomplete regular expression for hostnames 
This regular expression has an unescaped dot before 'com', so it might match more hosts than
expected when used.

This addresses the code scanning alert.
 2021-10-05 15:30:20 -04:00
dependabot[bot]
97ae47564a
🌱 Bump mvdan.cc/sh/v3 from 3.3.1 to 3.4.0 (#1098) 
Bumps [mvdan.cc/sh/v3](https://github.com/mvdan/sh) from 3.3.1 to 3.4.0.
- [Release notes](https://github.com/mvdan/sh/releases)
- [Changelog](https://github.com/mvdan/sh/blob/master/CHANGELOG.md)
- [Commits](https://github.com/mvdan/sh/compare/v3.3.1...v3.4.0)

---
updated-dependencies:
- dependency-name: mvdan.cc/sh/v3
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Naveen <172697+naveensrinivasan@users.noreply.github.com>
 2021-10-04 23:58:03 +00:00
naveen
7ca5061efc 🌱 Remove OSV ignores 
The checks for OSV ignored a few OSV. These have been fixed and removing
them from the ignore list.
 2021-10-04 16:19:14 -05:00
naveen
6190be23d8 🌱Upgrad xz library to FIX CVE-2021-29482 
This fixes the https://github.com/advisories/GHSA-25xm-hr59-7c27
 2021-10-04 14:38:38 -05:00
Naveen
589ceac382
🌱 Update the uuid library to avoid CVE (#1102) 
Fixes OSV GO-2020-0018 https://github.com/satori/go.uuid/issues/73
 2021-10-04 18:15:41 +00:00
naveen
f78bc44b94 🌱 Updates the DNS library for CVE 
Updated the DNS library version to address the CVE
 2021-10-04 12:41:15 -05:00
Naveen
aaa3512af7
🌱 Fix integration githubaction permissions (#985) 
* Changed the integration GitHub action permissions to contents:read, pull-requests:write
 2021-10-04 09:33:31 -05:00
laurentsimon
c39672b788
Delete pushed file from previous PR (#1096) 
* fixes

* fixes

* fix
 2021-10-01 22:58:09 +00:00