ossf/scorecard
1
1
Fork 0
mirror of https://github.com/ossf/scorecard.git synced 2024-09-19 21:18:09 +03:00
Code Issues Actions 1 Packages Projects Releases Wiki Activity
478 Commits 36 Branches 42 Tags 436 MiB
1829ee7600
Commit Graph

18 Commits

Author SHA1 Message Date
Azeem Shaikh
be8aa3d713
Export registered check names (#518) 
Co-authored-by: Azeem Shaikh <azeems@google.com>
 2021-05-27 14:54:34 -07:00
Chris McGehee
6b63f3f963
🌱 Fix lint issues: Replace golint with revive (#493) 
* Fix lint issues: Replace golint with revive
golint is deprecated and recommended to be replaced with revive

* Updating comments to be more accurate

* Updating comments again

Co-authored-by: Azeem Shaikh <azeemshaikh38@gmail.com>
 2021-05-24 11:34:33 -07:00
Chris McGehee
61ecad3151
Add new linter: gci (#498) 2021-05-23 20:51:52 -07:00
Chris McGehee
2e7a71fbf2
Fix lint issues: goerr113 linter (#491) 
Co-authored-by: Azeem Shaikh <azeemshaikh38@gmail.com>
 2021-05-22 12:36:47 -07:00
Chris McGehee
50f7ed8519
🌱Fix lint issues: gochecknoinits linter (#485) 
* Fix lint issues: gochecknoinits linter

* Fix lint issues: gochecknoinits linter
 2021-05-22 13:19:52 -04:00
Abhishek Arya
5f82d2b9c0
Add checks for workflow action pinning (#466) 
Patch by Laurent Simon <laurentsimon@google.com>

Co-authored-by: Laurent Simon <laurentsimon@google.com>
 2021-05-17 13:03:39 -07:00
Chris McGehee
06993b72ce
🐛 Fix linting issues (1 of n) (#348) 
* Fix lint issues: whitespace linter

* Fix lint issues: wrapcheck linter

* Fix lint issues: errcheck linter

* Fix lint issues: paralleltest linter

* Fix lint issues: gocritic linter
Most changes from this commit are from passing checker.CheckResult by reference and not by value. gocritic identified that as a huge parameter.
gocritic also prefers regexp.MustCompile over Compile when the pattern is a const
 2021-04-19 12:18:34 -07:00
Azeem Shaikh
a58818d258
🌱 : Reduce code duplication for follow-up cron refactoring (#338) 
*  Refactor to reduce code duplication

* 

* Move lib/ back to checker/

* Move lib/ back to checker/

* Move lib/ back to checker/

* Address PR comments.

* Addressing PR comments.

* Avoid printing `ShouldRetry` and `Error` in output JSON.

* Fix JSON output.

Co-authored-by: Azeem Shaikh <azeems@google.com>
 2021-04-10 07:26:56 -05:00
Abhishek Arya
ad7cc4a951 Add colon before sha. 2021-02-12 14:26:54 -05:00
naveen
2ad8b35b91 Fixes - verifiedtag checks 
The reason the tags aren't working for certain repositories is that because the Lightweight Tags
vs Annotated Tags

>Basically, lightweight tags are just pointers to specific commits. No further information is saved;
on the other hand, annotated tags are regular objects, which have an author and a
date and can be referred because they have their own SHA key.

https://api.github.com/repos/ossf/scorecard/git/refs/tags

```
[
  {
    "ref": "refs/tags/v1.0.0",
    "node_id": "MDM6UmVmMzAyNjcwNzk3OnJlZnMvdGFncy92MS4wLjA=",
    "url": "https://api.github.com/repos/ossf/scorecard/git/refs/tags/v1.0.0",
    "object": {
      "sha": "87997ffb5724cb479223a08a2890c60b0ea4bfbd",
      "type": "commit",
      "url": "87997ffb57"
    }
  },
  {
    "ref": "refs/tags/v1.1.0",
    "node_id": "MDM6UmVmMzAyNjcwNzk3OnJlZnMvdGFncy92MS4xLjA=",
    "url": "https://api.github.com/repos/ossf/scorecard/git/refs/tags/v1.1.0",
    "object": {
      "sha": "f2c633854602cf0c8f33164a169fb0a8454bee01",
      "type": "tag",
      "url": "f2c6338546"
    }
  }
]
```
Annotated tags

https://api.github.com/repos/kubernetes/kubernetes/git/refs/tags

```
[
  {
    "ref": "refs/tags/v0.2",
    "node_id": "MDM6UmVmMjA1ODA0OTg6cmVmcy90YWdzL3YwLjI=",
    "url": "https://api.github.com/repos/kubernetes/kubernetes/git/refs/tags/v0.2",
    "object": {
      "sha": "64dbf9ae21dd0deb485f88b79b96eb35ca855138",
      "type": "tag",
      "url": "64dbf9ae21"
    }
  }
  ]
```

The look for the tag fails because of there isn't a tag object but only a commit object.
87997ffb57

fixes #107
 2021-02-12 14:26:54 -05:00
Cameron Moore
ac55575713 Adjust details logging on a few checks 
Log positive results in Pull-Requests and update log messages in
Signed-Releases and Signed-Tags.
 2020-12-20 16:12:31 -06:00
Cameron Moore
eb0d488bb2 Show negative results in Signed-Tags details 
Negative results logged with a "!!" prefix.

Updates #95

$ go run . --repo=github.com/cilium/cilium --show-details --checks=Signed-Tags
Starting [Signed-Tags]
Finished [Signed-Tags]

RESULTS
-------
Signed-Tags: Fail 4
    verified tag found: v1.9.0-rc1, commit: a46b5c308779b00676bcbffe6847701984fb7ec7
    !! unverified tag found: v1.9.0-rc2, commit: 2ee8e4659ad4050154eb83008ba6434bddad44eb, reason: unsigned
    verified tag found: v1.9.0-rc3, commit: ee77e846a9b85e318d6d077c801e2615d5e7dbe3
    !! unverified tag found: v1.9.0, commit: 1cdd547dce26adb046d117494d559c64007365fd, reason: unsigned
    verified tag found: v1.9.1, commit: bb4abe1720cb56c6a5f74d0567665555ad8434f1
    found 3 of 5 verified tags
 2020-12-20 14:28:45 -06:00
Abhishek Arya
079180d0ae Bug fixes 
- Fix typo for default output function.
- For signed tags, get the only required last 5. matches signed
releases.
 2020-11-09 18:13:59 -08:00
dlorenc
fd188f5263
Use the GraphQL API to retrieve the list of tags in signed-tags. (#45) 2020-11-06 15:28:26 -06:00
Dan Lorenc
9f686dc707 Rename repo/modules. 2020-10-27 14:23:48 -05:00
Abhishek Arya
81eab9d2d8
Add license header and code of conduct files. (#34) 
* Add license header and code of conduct files.

* Fill missing field.
 2020-10-26 15:22:13 -05:00
Abhishek Arya
04c9b37981
Fix PR calc logic, remove bot accounts. (#17) 
* Fix PR calc logic, remove bot accounts.

* Fmt.
 2020-10-16 18:11:07 -05:00
Abhishek Arya
6e5ce52cae
Fix filenames to match check names, remove unneeded repos.txt. (#15) 
* Fix filenames to match check names, remove unneeded repos.txt.

* Fix conflict.

* Minor fix.
 2020-10-16 13:22:28 -05:00