Avishay Balter
8c9e552f68
✨ add --nuget package manager flag ( #3020 )
...
* add nuget package manager
Signed-off-by: Avishay <avishay.balter@gmail.com>
* fix pat test messages (#2987 )
* also fix pat tests
Signed-off-by: Raghav Kaul <raghavkaul@google.com>
Signed-off-by: Avishay <avishay.balter@gmail.com>
* 🌱 Bump slsa-framework/slsa-github-generator from 1.5.0 to 1.6.0
Bumps [slsa-framework/slsa-github-generator](https://github.com/slsa-framework/slsa-github-generator ) from 1.5.0 to 1.6.0.
- [Release notes](https://github.com/slsa-framework/slsa-github-generator/releases )
- [Changelog](https://github.com/slsa-framework/slsa-github-generator/blob/main/CHANGELOG.md )
- [Commits](https://github.com/slsa-framework/slsa-github-generator/compare/v1.5.0...v1.6.0 )
---
updated-dependencies:
- dependency-name: slsa-framework/slsa-github-generator
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: Avishay <avishay.balter@gmail.com>
* 🌱 Bump cloud.google.com/go/bigquery from 1.51.1 to 1.51.2 (#2984 )
Bumps [cloud.google.com/go/bigquery](https://github.com/googleapis/google-cloud-go ) from 1.51.1 to 1.51.2.
- [Release notes](https://github.com/googleapis/google-cloud-go/releases )
- [Changelog](https://github.com/googleapis/google-cloud-go/blob/main/CHANGES.md )
- [Commits](https://github.com/googleapis/google-cloud-go/compare/bigquery/v1.51.1...bigquery/v1.51.2 )
---
updated-dependencies:
- dependency-name: cloud.google.com/go/bigquery
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Signed-off-by: Avishay <avishay.balter@gmail.com>
* 🌱 Bump golang.org/x/tools from 0.9.0 to 0.9.1
Bumps [golang.org/x/tools](https://github.com/golang/tools ) from 0.9.0 to 0.9.1.
- [Release notes](https://github.com/golang/tools/releases )
- [Commits](https://github.com/golang/tools/compare/v0.9.0...v0.9.1 )
---
updated-dependencies:
- dependency-name: golang.org/x/tools
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: Avishay <avishay.balter@gmail.com>
* 🐛 Update osv-scanner dependency to include Vulnerabilities check fixes (#2981 )
* Update osv-scanner dependency to include Vulnerabilities check fixes
Signed-off-by: Laurent Savaëte <laurent@where.tf>
* Run go mod tidy
Signed-off-by: Laurent Savaëte <laurent@where.tf>
---------
Signed-off-by: Laurent Savaëte <laurent@where.tf>
Signed-off-by: Avishay <avishay.balter@gmail.com>
* 🌱 Bump github.com/docker/distribution in /tools (#2993 )
Bumps [github.com/docker/distribution](https://github.com/docker/distribution ) from 2.8.1+incompatible to 2.8.2+incompatible.
- [Release notes](https://github.com/docker/distribution/releases )
- [Commits](https://github.com/docker/distribution/compare/v2.8.1...v2.8.2 )
---
updated-dependencies:
- dependency-name: github.com/docker/distribution
dependency-type: indirect
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Signed-off-by: Avishay <avishay.balter@gmail.com>
* 🌱 Gitlab: e2e test fixes in main (#2992 )
* test secret chagnes
Signed-off-by: Raghav Kaul <raghavkaul@google.com>
* update score
Signed-off-by: Raghav Kaul <raghavkaul@google.com>
* address cr comments
Signed-off-by: Raghav Kaul <raghavkaul@google.com>
* update
Signed-off-by: Raghav Kaul <raghavkaul@google.com>
---------
Signed-off-by: Raghav Kaul <raghavkaul@google.com>
Signed-off-by: Avishay <avishay.balter@gmail.com>
* 🌱 Unit tests log/log.go (#2980 )
- Add unit tests for the log package
- Add Apache License to log_test.go
Signed-off-by: naveensrinivasan <172697+naveensrinivasan@users.noreply.github.com>
Signed-off-by: Avishay <avishay.balter@gmail.com>
* 🌱 Bump github.com/cloudflare/circl in /tools (#2995 )
Bumps [github.com/cloudflare/circl](https://github.com/cloudflare/circl ) from 1.2.0 to 1.3.3.
- [Release notes](https://github.com/cloudflare/circl/releases )
- [Commits](https://github.com/cloudflare/circl/compare/v1.2.0...v1.3.3 )
---
updated-dependencies:
- dependency-name: github.com/cloudflare/circl
dependency-type: indirect
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Signed-off-by: Avishay <avishay.balter@gmail.com>
* ✨ Add releasing workflow for semantic-release (#2989 )
Signed-off-by: Matt Travi <programmer@travi.org>
Signed-off-by: Avishay <avishay.balter@gmail.com>
* 🌱 Bump slsa-framework/slsa-verifier from 2.2.0 to 2.3.0
Bumps [slsa-framework/slsa-verifier](https://github.com/slsa-framework/slsa-verifier ) from 2.2.0 to 2.3.0.
- [Release notes](https://github.com/slsa-framework/slsa-verifier/releases )
- [Changelog](https://github.com/slsa-framework/slsa-verifier/blob/main/RELEASE.md )
- [Commits](https://github.com/slsa-framework/slsa-verifier/compare/v2.2.0...v2.3.0 )
---
updated-dependencies:
- dependency-name: slsa-framework/slsa-verifier
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: Avishay <avishay.balter@gmail.com>
* 🌱 Bump github.com/cloudflare/circl from 1.1.0 to 1.3.3 (#2994 )
Bumps [github.com/cloudflare/circl](https://github.com/cloudflare/circl ) from 1.1.0 to 1.3.3.
- [Release notes](https://github.com/cloudflare/circl/releases )
- [Commits](https://github.com/cloudflare/circl/compare/v1.1.0...v1.3.3 )
---
updated-dependencies:
- dependency-name: github.com/cloudflare/circl
dependency-type: indirect
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Signed-off-by: Avishay <avishay.balter@gmail.com>
* 🌱 Additional e2e clients/githubrepo/checkruns.go (#2934 )
* 🌱 Additional e2e clients/githubrepo/checkruns.go
- Add `net/http` and `github.com/google/go-github/v38/github` imports
- Add a test for `listCheckRunsForRef` with valid ref
- Add a test for `listCheckRunsForRef` with invalid ref
Signed-off-by: naveensrinivasan <172697+naveensrinivasan@users.noreply.github.com>
* Based on code review comments
Signed-off-by: naveensrinivasan <172697+naveensrinivasan@users.noreply.github.com>
* Some tweaks
Signed-off-by: naveensrinivasan <172697+naveensrinivasan@users.noreply.github.com>
---------
Signed-off-by: naveensrinivasan <172697+naveensrinivasan@users.noreply.github.com>
Signed-off-by: Avishay <avishay.balter@gmail.com>
* 🌱 E2E for clients/githubrepo/contributors.go (#2939 )
* 🌱 E2E for clients/githubrepo/contributors.go
- Add an end-to-end test for `contributorsHandler`
Signed-off-by: naveensrinivasan <172697+naveensrinivasan@users.noreply.github.com>
* Fixed based on code review comments.
Signed-off-by: naveensrinivasan <172697+naveensrinivasan@users.noreply.github.com>
* Fixed codereview comment.
Signed-off-by: naveensrinivasan <172697+naveensrinivasan@users.noreply.github.com>
---------
Signed-off-by: naveensrinivasan <172697+naveensrinivasan@users.noreply.github.com>
Signed-off-by: Avishay <avishay.balter@gmail.com>
* 📖 Clarify that AI/ML doesn't count as human code review (#2953 )
* Clarify that AI/ML doesn't count as human code review
Add this clarification per the Scorecards Zoom call meeting today
(2023-05-04).
Signed-off-by: David A. Wheeler <dwheeler@dwheeler.com>
* Tweaked per review
Signed-off-by: David A. Wheeler <dwheeler@dwheeler.com>
---------
Signed-off-by: David A. Wheeler <dwheeler@dwheeler.com>
Signed-off-by: Avishay <avishay.balter@gmail.com>
* 🌱 Bump golang from `31a8f92` to `685a22e` in /cron/internal/cii
Bumps golang from `31a8f92` to `685a22e`.
---
updated-dependencies:
- dependency-name: golang
dependency-type: direct:production
...
Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: Avishay <avishay.balter@gmail.com>
* 🌱 Bump golang in /cron/internal/controller
Bumps golang from `31a8f92` to `685a22e`.
---
updated-dependencies:
- dependency-name: golang
dependency-type: direct:production
...
Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: Avishay <avishay.balter@gmail.com>
* 🌱 Bump golang in /cron/internal/worker
Bumps golang from `31a8f92` to `685a22e`.
---
updated-dependencies:
- dependency-name: golang
dependency-type: direct:production
...
Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: Avishay <avishay.balter@gmail.com>
* 🌱 Bump golang in /clients/githubrepo/roundtripper/tokens/server
Bumps golang from `31a8f92` to `685a22e`.
---
updated-dependencies:
- dependency-name: golang
dependency-type: direct:production
...
Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: Avishay <avishay.balter@gmail.com>
* 🌱 Bump golang from `31a8f92` to `685a22e`
Bumps golang from `31a8f92` to `685a22e`.
---
updated-dependencies:
- dependency-name: golang
dependency-type: direct:production
...
Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: Avishay <avishay.balter@gmail.com>
* 🌱 Bump golang from `31a8f92` to `685a22e` in /cron/internal/bq
Bumps golang from `31a8f92` to `685a22e`.
---
updated-dependencies:
- dependency-name: golang
dependency-type: direct:production
...
Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: Avishay <avishay.balter@gmail.com>
* 🌱 Bump golang in /cron/internal/webhook
Bumps golang from `31a8f92` to `685a22e`.
---
updated-dependencies:
- dependency-name: golang
dependency-type: direct:production
...
Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: Avishay <avishay.balter@gmail.com>
* Clarify AI/ML not human code review - in .yml file (#3012 )
This clarifies that AI/ML doesn't count as human code review.
This was earlier done in #2953 but that didn't modify the relevant
.yml file - this does.
Signed-off-by: David A. Wheeler <dwheeler@dwheeler.com>
Signed-off-by: Avishay <avishay.balter@gmail.com>
* 🌱 Bump golang.org/x/oauth2 from 0.7.0 to 0.8.0 (#3005 )
Bumps [golang.org/x/oauth2](https://github.com/golang/oauth2 ) from 0.7.0 to 0.8.0.
- [Commits](https://github.com/golang/oauth2/compare/v0.7.0...v0.8.0 )
---
updated-dependencies:
- dependency-name: golang.org/x/oauth2
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Signed-off-by: Avishay <avishay.balter@gmail.com>
* 🌱 Unit tests for checks/raw/maintained.go (#2996 )
- Add tests and checks for the `Maintained` function
- Add checks for `IsArchived`, `ListCommits`, `ListIssues`, and `GetCreatedAt`
Signed-off-by: naveensrinivasan <172697+naveensrinivasan@users.noreply.github.com>
Signed-off-by: Avishay <avishay.balter@gmail.com>
* 🌱 Bump github.com/onsi/ginkgo/v2 from 2.9.4 to 2.9.5 in /tools
Bumps [github.com/onsi/ginkgo/v2](https://github.com/onsi/ginkgo ) from 2.9.4 to 2.9.5.
- [Release notes](https://github.com/onsi/ginkgo/releases )
- [Changelog](https://github.com/onsi/ginkgo/blob/master/CHANGELOG.md )
- [Commits](https://github.com/onsi/ginkgo/compare/v2.9.4...v2.9.5 )
---
updated-dependencies:
- dependency-name: github.com/onsi/ginkgo/v2
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: Avishay <avishay.balter@gmail.com>
* 🌱 Bump actions/setup-go from 4.0.0 to 4.0.1
Bumps [actions/setup-go](https://github.com/actions/setup-go ) from 4.0.0 to 4.0.1.
- [Release notes](https://github.com/actions/setup-go/releases )
- [Commits](4d34df0c23...fac708d667
)
---
updated-dependencies:
- dependency-name: actions/setup-go
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: Avishay <avishay.balter@gmail.com>
* 🌱 Bump codecov/codecov-action from 3.1.3 to 3.1.4
Bumps [codecov/codecov-action](https://github.com/codecov/codecov-action ) from 3.1.3 to 3.1.4.
- [Release notes](https://github.com/codecov/codecov-action/releases )
- [Changelog](https://github.com/codecov/codecov-action/blob/main/CHANGELOG.md )
- [Commits](894ff025c7...eaaf4bedf3
)
---
updated-dependencies:
- dependency-name: codecov/codecov-action
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: Avishay <avishay.balter@gmail.com>
* 🌱 Unit tests for Policy.go (#3003 )
- Included tests for policy.go
Signed-off-by: naveensrinivasan <172697+naveensrinivasan@users.noreply.github.com>
Signed-off-by: Avishay <avishay.balter@gmail.com>
* 🌱 Bump github.com/onsi/ginkgo/v2 from 2.9.4 to 2.9.5
Bumps [github.com/onsi/ginkgo/v2](https://github.com/onsi/ginkgo ) from 2.9.4 to 2.9.5.
- [Release notes](https://github.com/onsi/ginkgo/releases )
- [Changelog](https://github.com/onsi/ginkgo/blob/master/CHANGELOG.md )
- [Commits](https://github.com/onsi/ginkgo/compare/v2.9.4...v2.9.5 )
---
updated-dependencies:
- dependency-name: github.com/onsi/ginkgo/v2
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: Avishay <avishay.balter@gmail.com>
* 🌱 Bump sigstore/cosign-installer from 3.0.3 to 3.0.4
Bumps [sigstore/cosign-installer](https://github.com/sigstore/cosign-installer ) from 3.0.3 to 3.0.4.
- [Release notes](https://github.com/sigstore/cosign-installer/releases )
- [Commits](204a51a57a...03d0fecf17
)
---
updated-dependencies:
- dependency-name: sigstore/cosign-installer
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: Avishay <avishay.balter@gmail.com>
* 🌱 Bump github.com/google/go-containerregistry (#3025 )
Bumps [github.com/google/go-containerregistry](https://github.com/google/go-containerregistry ) from 0.15.1 to 0.15.2.
- [Release notes](https://github.com/google/go-containerregistry/releases )
- [Changelog](https://github.com/google/go-containerregistry/blob/main/.goreleaser.yml )
- [Commits](https://github.com/google/go-containerregistry/compare/v0.15.1...v0.15.2 )
---
updated-dependencies:
- dependency-name: github.com/google/go-containerregistry
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Signed-off-by: Avishay <avishay.balter@gmail.com>
* 🌱 Bump github.com/sirupsen/logrus from 1.9.0 to 1.9.1
Bumps [github.com/sirupsen/logrus](https://github.com/sirupsen/logrus ) from 1.9.0 to 1.9.1.
- [Release notes](https://github.com/sirupsen/logrus/releases )
- [Changelog](https://github.com/sirupsen/logrus/blob/master/CHANGELOG.md )
- [Commits](https://github.com/sirupsen/logrus/compare/v1.9.0...v1.9.1 )
---
updated-dependencies:
- dependency-name: github.com/sirupsen/logrus
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: Avishay <avishay.balter@gmail.com>
* 🌱 Included e2e tests for push to main (#2951 )
- Update trigger for integration tests to enable running on `push` and `pull_request` on the `main` branch
Signed-off-by: naveensrinivasan <172697+naveensrinivasan@users.noreply.github.com>
Signed-off-by: Avishay <avishay.balter@gmail.com>
* 🌱 Included directories that don't require coverage (#3002 )
- Included directories that don't require coverage.
Signed-off-by: naveensrinivasan <172697+naveensrinivasan@users.noreply.github.com>
Signed-off-by: Avishay <avishay.balter@gmail.com>
* 🌱 Unit tests for checks/raw/contributors.go (#2998 )
- Add tests and fix casing for Contributors function in checks/raw/contributors_test.go
Signed-off-by: naveensrinivasan <172697+naveensrinivasan@users.noreply.github.com>
Signed-off-by: Avishay <avishay.balter@gmail.com>
* ✨ GitLab: Code Review check (#2764 )
* Add GitLab support for Code-Review check
Signed-off-by: Raghav Kaul <raghavkaul@google.com>
* Remove spurious printf
Signed-off-by: Raghav Kaul <raghavkaul@google.com>
* Working commit
Signed-off-by: Raghav Kaul <raghavkaul@google.com>
* update
Signed-off-by: Raghav Kaul <raghavkaul@google.com>
* update
Signed-off-by: Raghav Kaul <raghavkaul@google.com>
* e2e test
Signed-off-by: Raghav Kaul <raghavkaul@google.com>
* update: test coverage
Signed-off-by: Raghav Kaul <raghavkaul@google.com>
---------
Signed-off-by: Raghav Kaul <raghavkaul@google.com>
Signed-off-by: Avishay <avishay.balter@gmail.com>
* gitlab: license check (#2834 )
Signed-off-by: Raghav Kaul <raghavkaul@google.com>
Signed-off-by: Avishay <avishay.balter@gmail.com>
* 🌱 Bump github.com/sirupsen/logrus from 1.9.1 to 1.9.2 (#3031 )
Bumps [github.com/sirupsen/logrus](https://github.com/sirupsen/logrus ) from 1.9.1 to 1.9.2.
- [Release notes](https://github.com/sirupsen/logrus/releases )
- [Changelog](https://github.com/sirupsen/logrus/blob/master/CHANGELOG.md )
- [Commits](https://github.com/sirupsen/logrus/compare/v1.9.1...v1.9.2 )
---
updated-dependencies:
- dependency-name: github.com/sirupsen/logrus
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Signed-off-by: Avishay <avishay.balter@gmail.com>
* 🌱 Bump github.com/google/osv-scanner
Bumps [github.com/google/osv-scanner](https://github.com/google/osv-scanner ) from 1.3.3-0.20230509011216-baae1796eeea to 1.3.3.
- [Release notes](https://github.com/google/osv-scanner/releases )
- [Changelog](https://github.com/google/osv-scanner/blob/main/CHANGELOG.md )
- [Commits](https://github.com/google/osv-scanner/commits/v1.3.3 )
---
updated-dependencies:
- dependency-name: github.com/google/osv-scanner
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: Avishay <avishay.balter@gmail.com>
* 🌱 Bump sigstore/cosign-installer from 3.0.4 to 3.0.5 (#3029 )
Bumps [sigstore/cosign-installer](https://github.com/sigstore/cosign-installer ) from 3.0.4 to 3.0.5.
- [Release notes](https://github.com/sigstore/cosign-installer/releases )
- [Commits](03d0fecf17...dd6b2e2b61
)
---
updated-dependencies:
- dependency-name: sigstore/cosign-installer
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Signed-off-by: Avishay <avishay.balter@gmail.com>
* 🌱 Bump arduino/setup-protoc from 1.1.2 to 1.2.0
Bumps [arduino/setup-protoc](https://github.com/arduino/setup-protoc ) from 1.1.2 to 1.2.0.
- [Release notes](https://github.com/arduino/setup-protoc/releases )
- [Commits](64c0c85d18...4b3578161e
)
---
updated-dependencies:
- dependency-name: arduino/setup-protoc
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: Avishay <avishay.balter@gmail.com>
* ✨ Add support for github GHES (#2999 )
* ✨ adding support for github GHES
Signed-off-by: Niket Patel <patelniket@gmail.com>
* fix: lint and cleanup
Signed-off-by: Niket Patel <patelniket@gmail.com>
* fix: flaky test
Signed-off-by: Niket Patel <patelniket@gmail.com>
* fix: address missing host
Signed-off-by: Niket Patel <patelniket@gmail.com>
* fix: lint error
Signed-off-by: Niket Patel <patelniket@gmail.com>
* 🌱 Additional e2e clients/githubrepo/checkruns.go (#2934 )
* 🌱 Additional e2e clients/githubrepo/checkruns.go
- Add `net/http` and `github.com/google/go-github/v38/github` imports
- Add a test for `listCheckRunsForRef` with valid ref
- Add a test for `listCheckRunsForRef` with invalid ref
Signed-off-by: naveensrinivasan <172697+naveensrinivasan@users.noreply.github.com>
* Based on code review comments
Signed-off-by: naveensrinivasan <172697+naveensrinivasan@users.noreply.github.com>
* Some tweaks
Signed-off-by: naveensrinivasan <172697+naveensrinivasan@users.noreply.github.com>
---------
Signed-off-by: naveensrinivasan <172697+naveensrinivasan@users.noreply.github.com>
Signed-off-by: Niket Patel <patelniket@gmail.com>
* 🌱 E2E for clients/githubrepo/contributors.go (#2939 )
* 🌱 E2E for clients/githubrepo/contributors.go
- Add an end-to-end test for `contributorsHandler`
Signed-off-by: naveensrinivasan <172697+naveensrinivasan@users.noreply.github.com>
* Fixed based on code review comments.
Signed-off-by: naveensrinivasan <172697+naveensrinivasan@users.noreply.github.com>
* Fixed codereview comment.
Signed-off-by: naveensrinivasan <172697+naveensrinivasan@users.noreply.github.com>
---------
Signed-off-by: naveensrinivasan <172697+naveensrinivasan@users.noreply.github.com>
Signed-off-by: Niket Patel <patelniket@gmail.com>
* chore: add GHES instructions
Signed-off-by: Niket Patel <patelniket@gmail.com>
* refact: use test setenv
Signed-off-by: Niket Patel <patelniket@gmail.com>
* fix: corp unit test
Signed-off-by: Niket Patel <patelniket@gmail.com>
---------
Signed-off-by: Niket Patel <patelniket@gmail.com>
Signed-off-by: naveensrinivasan <172697+naveensrinivasan@users.noreply.github.com>
Signed-off-by: Niket Patel <patelniketm@users.noreply.github.com>
Co-authored-by: Naveen <172697+naveensrinivasan@users.noreply.github.com>
Co-authored-by: raghavkaul <8695110+raghavkaul@users.noreply.github.com>
Signed-off-by: Avishay <avishay.balter@gmail.com>
* Change Facilitators to Maintainers (#3039 )
Not sure what the old facilitators table was for. Current list of Maintainers is always in CODEOWNERS.
Meaning of "Maintainers" still is not defined, and should be a part of an upcoming contributor ladder.
Signed-off-by: Jeff Mendoza <jlm@jlm.name>
Signed-off-by: Avishay <avishay.balter@gmail.com>
* 🐛 Gitlab: Commit/Commitor Exceptions (#3026 )
* feat: Added paging for contributor/users against gitlab projects
Signed-off-by: Robison, Jim B <jim.b.robison@lmco.com>
* refactor: Updated the bot flag for unmatched users
Signed-off-by: Robison, Jim B <jim.b.robison@lmco.com>
* fix: Not all commit users are in the git registry instance
Signed-off-by: Robison, Jim B <jim.b.robison@lmco.com>
* fix: Skipping check if the email is empty, as well as if the "email" doesn't contain a "." char.
Signed-off-by: Robison, Jim B <jim.b.robison@lmco.com>
* fix: Updated to allow for commits with PRs to be accounted/added to the client.commits
Signed-off-by: Robison, Jim B <jim.b.robison@lmco.com>
* refactor: Updated to prevent linting issue regarding nested if's
Signed-off-by: Robison, Jim B <jim.b.robison@lmco.com>
* test: Adding coverage for commits and contributors for gitlab
Signed-off-by: Robison, Jim B <jim.b.robison@lmco.com>
* refactor: Moved queries from the client to their own functions
Signed-off-by: Robison, Jim B <jim.b.robison@lmco.com>
* bug: Need to pass the ProjectID value to the contributor query
Signed-off-by: Robison, Jim B <jim.b.robison@lmco.com>
* bug: Updating project title versus projectID values for api querying
Signed-off-by: Robison, Jim B <jim.b.robison@lmco.com>
* test: Updated tests to match expected property set for projectID
Signed-off-by: Robison, Jim B <jim.b.robison@lmco.com>
* revert: Reverted based on feedback during review
Signed-off-by: Robison, Jim B <jim.b.robison@lmco.com>
---------
Signed-off-by: Robison, Jim B <jim.b.robison@lmco.com>
Signed-off-by: Avishay <avishay.balter@gmail.com>
* 🌱 Bump github.com/onsi/gomega from 1.27.6 to 1.27.7 (#3040 )
Bumps [github.com/onsi/gomega](https://github.com/onsi/gomega ) from 1.27.6 to 1.27.7.
- [Release notes](https://github.com/onsi/gomega/releases )
- [Changelog](https://github.com/onsi/gomega/blob/master/CHANGELOG.md )
- [Commits](https://github.com/onsi/gomega/compare/v1.27.6...v1.27.7 )
---
updated-dependencies:
- dependency-name: github.com/onsi/gomega
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Signed-off-by: Avishay <avishay.balter@gmail.com>
* 📖 Make all StepSecurity app endpoint references consistent (#3042 )
Signed-off-by: Ashish Kurmi <akurmi@stepsecurity.io>
Signed-off-by: Avishay <avishay.balter@gmail.com>
* 📖 Update checks.md to show the benefit of >=2 reviewers (#3013 )
* Update checks.yaml instead of cehcks.md
Signed-off-by: Joyce <joycebrum@google.com>
* feat: generate checks.md
Signed-off-by: Joyce Brum <joycebrum@google.com>
---------
Signed-off-by: Joyce <joycebrum@google.com>
Signed-off-by: Joyce Brum <joycebrum@google.com>
Signed-off-by: Avishay <avishay.balter@gmail.com>
* 🌱 Improve workflow pinning remediation tests (#3021 )
- Add 3 tests for workflow pinning remediation
[remediation/remediations_test.go]
- Add 3 tests for workflow pinning remediation
Signed-off-by: naveensrinivasan <172697+naveensrinivasan@users.noreply.github.com>
Signed-off-by: Avishay <avishay.balter@gmail.com>
* 🌱 E2E tests for clients/githubrepo/languages_e2e_test.go (#3000 )
* 🌱 E2E tests for clients/githubrepo/languages_e2e_test.go
- Included e2e tests for clients/githubrepo/languages_e2e_test.go
Signed-off-by: naveensrinivasan <172697+naveensrinivasan@users.noreply.github.com>
* Fixed the token type check.
Signed-off-by: naveensrinivasan <172697+naveensrinivasan@users.noreply.github.com>
---------
Signed-off-by: naveensrinivasan <172697+naveensrinivasan@users.noreply.github.com>
Signed-off-by: Naveen <172697+naveensrinivasan@users.noreply.github.com>
Signed-off-by: Avishay <avishay.balter@gmail.com>
* 🌱 Unit tests for pkg/json_raw_results (#3044 )
* 🌱 Unit tests for pkg/json_raw_results.go
- Unit tests for pkg/json_raw_results.go
Signed-off-by: naveensrinivasan <172697+naveensrinivasan@users.noreply.github.com>
* Additional tests
Signed-off-by: naveensrinivasan <172697+naveensrinivasan@users.noreply.github.com>
---------
Signed-off-by: naveensrinivasan <172697+naveensrinivasan@users.noreply.github.com>
Signed-off-by: Avishay <avishay.balter@gmail.com>
* ✨ [experimental] Add probe code and support for Tool-Update-Dependency (#2944 )
* update
Signed-off-by: laurentsimon <laurentsimon@google.com>
* update
Signed-off-by: laurentsimon <laurentsimon@google.com>
* update
Signed-off-by: laurentsimon <laurentsimon@google.com>
* update
Signed-off-by: laurentsimon <laurentsimon@google.com>
* update
Signed-off-by: laurentsimon <laurentsimon@google.com>
* update
Signed-off-by: laurentsimon <laurentsimon@google.com>
* update
Signed-off-by: laurentsimon <laurentsimon@google.com>
* update
Signed-off-by: laurentsimon <laurentsimon@google.com>
---------
Signed-off-by: laurentsimon <laurentsimon@google.com>
Signed-off-by: Avishay <avishay.balter@gmail.com>
* add zoom link and agenda link (#3050 )
Signed-off-by: Amanda L Martin <hythloda@gmail.com>
Signed-off-by: Avishay <avishay.balter@gmail.com>
* 🌱 Run E2E PAT test for push to main (#3046 )
- Add E2E PAT tests for push to main.
Signed-off-by: naveensrinivasan <172697+naveensrinivasan@users.noreply.github.com>
Signed-off-by: Avishay <avishay.balter@gmail.com>
* Update main.yml (#3054 )
-Fixed the YAML indenting issue.
Signed-off-by: Naveen <172697+naveensrinivasan@users.noreply.github.com>
Signed-off-by: Avishay <avishay.balter@gmail.com>
* only run e2e pat on push (#3056 )
Signed-off-by: Spencer Schrock <sschrock@google.com>
Signed-off-by: Avishay <avishay.balter@gmail.com>
* 🌱 Bump github.com/go-git/go-git/v5 from 5.6.1 to 5.7.0 (#3057 )
Bumps [github.com/go-git/go-git/v5](https://github.com/go-git/go-git ) from 5.6.1 to 5.7.0.
- [Release notes](https://github.com/go-git/go-git/releases )
- [Commits](https://github.com/go-git/go-git/compare/v5.6.1...v5.7.0 )
---
updated-dependencies:
- dependency-name: github.com/go-git/go-git/v5
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Signed-off-by: Avishay <avishay.balter@gmail.com>
* 📖 👻 fix anchor link to the code review section (#3058 )
* fix anchor link to code-review in checks.yaml
Signed-off-by: dasfreak <dasfreak@users.noreply.github.com>
Signed-off-by: Marc Ohm <dasfreak@users.noreply.github.com>
* generate checks.md
Signed-off-by: Marc Ohm <dasfreak@users.noreply.github.com>
---------
Signed-off-by: dasfreak <dasfreak@users.noreply.github.com>
Signed-off-by: Marc Ohm <dasfreak@users.noreply.github.com>
Signed-off-by: Avishay <avishay.balter@gmail.com>
* 🐛 Gitlab: Tests (#3027 )
* fix tests
Signed-off-by: Raghav Kaul <raghavkaul@google.com>
* use projectID instead of project where applicable
Signed-off-by: Raghav Kaul <raghavkaul@google.com>
* pass ref as listcommitoption
Signed-off-by: Raghav Kaul <raghavkaul@google.com>
* update tests
* CI-Tests: check if score > 0. pull request client is limited and can't
go back to arbitrary pull requests. CI-Tests don't run on forks, so this
can't be pinned either. But, for active repositories, we typically
expect *some* tests to be run
Signed-off-by: Raghav Kaul <raghavkaul@google.com>
* fix commitshandler commitSHA tests
Signed-off-by: Raghav Kaul <raghavkaul@google.com>
* update tests
Signed-off-by: Raghav Kaul <raghavkaul@google.com>
---------
Signed-off-by: Raghav Kaul <raghavkaul@google.com>
Signed-off-by: raghavkaul <8695110+raghavkaul@users.noreply.github.com>
Signed-off-by: Avishay <avishay.balter@gmail.com>
* 🌱 Bump github.com/goreleaser/nfpm/v2 in /tools (#3060 )
Bumps [github.com/goreleaser/nfpm/v2](https://github.com/goreleaser/nfpm ) from 2.28.0 to 2.29.0.
- [Release notes](https://github.com/goreleaser/nfpm/releases )
- [Changelog](https://github.com/goreleaser/nfpm/blob/main/.goreleaser.yml )
- [Commits](https://github.com/goreleaser/nfpm/compare/v2.28.0...v2.29.0 )
---
updated-dependencies:
- dependency-name: github.com/goreleaser/nfpm/v2
dependency-type: indirect
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Signed-off-by: Avishay <avishay.balter@gmail.com>
* ✨ Gitlab: Add projects to cron (#2936 )
* cron: add gitlab projects
* support gitlab client
* simplify gitlab detection
Signed-off-by: Raghav Kaul <raghavkaul@google.com>
* fix MakeGitlabRepo
* shortcut when repo url is github.com
* fixes add-projects, validate-projects
Signed-off-by: Raghav Kaul <raghavkaul@google.com>
* Move gitlab repos to release controller
Signed-off-by: Raghav Kaul <raghavkaul@google.com>
* Add csv headers
Signed-off-by: Raghav Kaul <raghavkaul@google.com>
* Use gitlab.WithBaseURL
Signed-off-by: Raghav Kaul <raghavkaul@google.com>
* formatting & logging
Signed-off-by: Raghav Kaul <raghavkaul@google.com>
* remove spurious test
Signed-off-by: Raghav Kaul <raghavkaul@google.com>
* consolidate logic
Signed-off-by: Raghav Kaul <raghavkaul@google.com>
* Turn on experimental flag
Signed-off-by: Raghav Kaul <raghavkaul@google.com>
* Add projects
Signed-off-by: Raghav Kaul <raghavkaul@google.com>
* Update client
Signed-off-by: Raghav Kaul <raghavkaul@google.com>
* update
Signed-off-by: Raghav Kaul <raghavkaul@google.com>
* update
Signed-off-by: Raghav Kaul <raghavkaul@google.com>
* update
Signed-off-by: Raghav Kaul <raghavkaul@google.com>
* update
Signed-off-by: Raghav Kaul <raghavkaul@google.com>
---------
Signed-off-by: Raghav Kaul <raghavkaul@google.com>
Signed-off-by: Avishay <avishay.balter@gmail.com>
* 🌱 Simplify caching in docker workflow (#3061 )
Signed-off-by: Spencer Schrock <sschrock@google.com>
Signed-off-by: Avishay <avishay.balter@gmail.com>
* 🌱 Bump github/codeql-action from 2.3.3 to 2.3.4 (#3064 )
Bumps [github/codeql-action](https://github.com/github/codeql-action ) from 2.3.3 to 2.3.4.
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](29b1f65c5e...f0e3dfb303
)
---
updated-dependencies:
- dependency-name: github/codeql-action
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Signed-off-by: Avishay <avishay.balter@gmail.com>
* 🌱 Bump cloud.google.com/go/pubsub from 1.30.1 to 1.31.0 (#3065 )
Bumps [cloud.google.com/go/pubsub](https://github.com/googleapis/google-cloud-go ) from 1.30.1 to 1.31.0.
- [Release notes](https://github.com/googleapis/google-cloud-go/releases )
- [Changelog](https://github.com/googleapis/google-cloud-go/blob/main/CHANGES.md )
- [Commits](https://github.com/googleapis/google-cloud-go/compare/pubsub/v1.30.1...pubsub/v1.31.0 )
---
updated-dependencies:
- dependency-name: cloud.google.com/go/pubsub
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Signed-off-by: Avishay <avishay.balter@gmail.com>
* 🐛 gitlab: cron (#3070 )
Signed-off-by: Raghav Kaul <raghavkaul@google.com>
Signed-off-by: Avishay <avishay.balter@gmail.com>
* 🌱 Bump github/codeql-action from 2.3.4 to 2.3.5 (#3072 )
Bumps [github/codeql-action](https://github.com/github/codeql-action ) from 2.3.4 to 2.3.5.
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](f0e3dfb303...0225834cc5
)
---
updated-dependencies:
- dependency-name: github/codeql-action
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Signed-off-by: Avishay <avishay.balter@gmail.com>
* 🌱 Bump tj-actions/changed-files from 35.9.2 to 36.0.3 (#3071 )
Bumps [tj-actions/changed-files](https://github.com/tj-actions/changed-files ) from 35.9.2 to 36.0.3.
- [Release notes](https://github.com/tj-actions/changed-files/releases )
- [Changelog](https://github.com/tj-actions/changed-files/blob/main/HISTORY.md )
- [Commits](b2d17f5124...25eaddf37a
)
---
updated-dependencies:
- dependency-name: tj-actions/changed-files
dependency-type: direct:production
update-type: version-update:semver-major
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Signed-off-by: Avishay <avishay.balter@gmail.com>
* 🐛 Gitlab status updates (#3052 )
* doc: Updating gitlab support validation status
Signed-off-by: Robison, Jim B <jim.b.robison@lmco.com>
* bug: Updated logic for gitlab to prevent exceptions based on releases
Signed-off-by: Robison, Jim B <jim.b.robison@lmco.com>
* test: Added initial tests for gitlab branches
Signed-off-by: Robison, Jim B <jim.b.robison@lmco.com>
* doc: Updated general README
Signed-off-by: Robison, Jim B <jim.b.robison@lmco.com>
* refactor: Cleaned up the query for pipelines to be focused on the commitID
Signed-off-by: Robison, Jim B <jim.b.robison@lmco.com>
* feat: Allowed for a non-graphql method of retrieving MRs associated to a commit
Signed-off-by: Robison, Jim B <jim.b.robison@lmco.com>
* doc: Updated status for the CI-Tests
Signed-off-by: Robison, Jim B <jim.b.robison@lmco.com>
* bug: Updated the host url for graphql querying. This enabled the removal of the code added for handling empty returns when executing against a non-gitlab.com repository.
Signed-off-by: Robison, Jim B <jim.b.robison@lmco.com>
---------
Signed-off-by: Robison, Jim B <jim.b.robison@lmco.com>
Co-authored-by: Raghav Kaul <8695110+raghavkaul@users.noreply.github.com>
Signed-off-by: Avishay <avishay.balter@gmail.com>
* 🌱 Bump github.com/sigstore/rekor from 1.1.1 to 1.2.0 in /tools (#3079 )
Bumps [github.com/sigstore/rekor](https://github.com/sigstore/rekor ) from 1.1.1 to 1.2.0.
- [Release notes](https://github.com/sigstore/rekor/releases )
- [Changelog](https://github.com/sigstore/rekor/blob/main/CHANGELOG.md )
- [Commits](https://github.com/sigstore/rekor/compare/v1.1.1...v1.2.0 )
---
updated-dependencies:
- dependency-name: github.com/sigstore/rekor
dependency-type: indirect
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Signed-off-by: Avishay <avishay.balter@gmail.com>
* get nuget latest version from registration URL
Signed-off-by: Avishay <avishay.balter@gmail.com>
* better coverage
Signed-off-by: Avishay <avishay.balter@gmail.com>
* sign
Signed-off-by: Avishay <avishay.balter@gmail.com>
* fix tests
Signed-off-by: Avishay <avishay.balter@gmail.com>
* more tests
Signed-off-by: Avishay <avishay.balter@gmail.com>
* client tests
Signed-off-by: Avishay <avishay.balter@gmail.com>
* lint
Signed-off-by: Avishay <avishay.balter@gmail.com>
* Apply suggestions from code review
Co-authored-by: Joel Verhagen <joel.verhagen@gmail.com>
Signed-off-by: Avishay Balter <avishay.balter@gmail.com>
Signed-off-by: Avishay <avishay.balter@gmail.com>
* 🌱 Bump golang from `685a22e` to `690e413` (#3080 )
Bumps golang from `685a22e` to `690e413`.
---
updated-dependencies:
- dependency-name: golang
dependency-type: direct:production
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Signed-off-by: Avishay <avishay.balter@gmail.com>
* 🌱 Bump golang from `685a22e` to `690e413` in /cron/internal/cii
Bumps golang from `685a22e` to `690e413`.
---
updated-dependencies:
- dependency-name: golang
dependency-type: direct:production
...
Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: Avishay <avishay.balter@gmail.com>
* 🌱 Bump golang in /cron/internal/controller
Bumps golang from `685a22e` to `690e413`.
---
updated-dependencies:
- dependency-name: golang
dependency-type: direct:production
...
Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: Avishay <avishay.balter@gmail.com>
* 🌱 Bump golang in /cron/internal/worker
Bumps golang from `685a22e` to `690e413`.
---
updated-dependencies:
- dependency-name: golang
dependency-type: direct:production
...
Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: Avishay <avishay.balter@gmail.com>
* 🌱 Bump golang in /clients/githubrepo/roundtripper/tokens/server
Bumps golang from `685a22e` to `690e413`.
---
updated-dependencies:
- dependency-name: golang
dependency-type: direct:production
...
Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: Avishay <avishay.balter@gmail.com>
* 🌱 Bump golang in /cron/internal/webhook
Bumps golang from `685a22e` to `690e413`.
---
updated-dependencies:
- dependency-name: golang
dependency-type: direct:production
...
Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: Avishay <avishay.balter@gmail.com>
* 🌱 Bump golang from `685a22e` to `690e413` in /cron/internal/bq
Bumps golang from `685a22e` to `690e413`.
---
updated-dependencies:
- dependency-name: golang
dependency-type: direct:production
...
Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: Avishay <avishay.balter@gmail.com>
* 🌱 Bump arduino/setup-protoc from 1.2.0 to 1.3.0 (#3089 )
Bumps [arduino/setup-protoc](https://github.com/arduino/setup-protoc ) from 1.2.0 to 1.3.0.
- [Release notes](https://github.com/arduino/setup-protoc/releases )
- [Commits](4b3578161e...149f6c87b9
)
---
updated-dependencies:
- dependency-name: arduino/setup-protoc
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Signed-off-by: Avishay <avishay.balter@gmail.com>
* 🌱 Bump tj-actions/changed-files from 36.0.3 to 36.0.9 (#3088 )
Bumps [tj-actions/changed-files](https://github.com/tj-actions/changed-files ) from 36.0.3 to 36.0.9.
- [Release notes](https://github.com/tj-actions/changed-files/releases )
- [Changelog](https://github.com/tj-actions/changed-files/blob/main/HISTORY.md )
- [Commits](25eaddf37a...cf4fe8759a
)
---
updated-dependencies:
- dependency-name: tj-actions/changed-files
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Signed-off-by: Avishay <avishay.balter@gmail.com>
* pr iteration 2
Signed-off-by: Avishay <avishay.balter@gmail.com>
* pr iteration 3
Signed-off-by: Avishay <avishay.balter@gmail.com>
* switch security policy e2e test to ossf-tests repo. (#3090 )
tensorflow/tensorflow is huge and was slowing down tests.
Also removed the rust e2e tests because they're already present as unit tests.
Signed-off-by: Spencer Schrock <sschrock@google.com>
Signed-off-by: Avishay <avishay.balter@gmail.com>
* 🌱 Bump github.com/onsi/ginkgo/v2 from 2.9.5 to 2.9.7 in /tools (#3094 )
Bumps [github.com/onsi/ginkgo/v2](https://github.com/onsi/ginkgo ) from 2.9.5 to 2.9.7.
- [Release notes](https://github.com/onsi/ginkgo/releases )
- [Changelog](https://github.com/onsi/ginkgo/blob/master/CHANGELOG.md )
- [Commits](https://github.com/onsi/ginkgo/compare/v2.9.5...v2.9.7 )
---
updated-dependencies:
- dependency-name: github.com/onsi/ginkgo/v2
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Signed-off-by: Avishay <avishay.balter@gmail.com>
* 🌱 Bump github.com/onsi/ginkgo/v2 from 2.9.5 to 2.9.7 (#3093 )
Bumps [github.com/onsi/ginkgo/v2](https://github.com/onsi/ginkgo ) from 2.9.5 to 2.9.7.
- [Release notes](https://github.com/onsi/ginkgo/releases )
- [Changelog](https://github.com/onsi/ginkgo/blob/master/CHANGELOG.md )
- [Commits](https://github.com/onsi/ginkgo/compare/v2.9.5...v2.9.7 )
---
updated-dependencies:
- dependency-name: github.com/onsi/ginkgo/v2
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Signed-off-by: Avishay <avishay.balter@gmail.com>
* 🌱 Bump actions/dependency-review-action from 3.0.4 to 3.0.6 (#3104 )
Bumps [actions/dependency-review-action](https://github.com/actions/dependency-review-action ) from 3.0.4 to 3.0.6.
- [Release notes](https://github.com/actions/dependency-review-action/releases )
- [Commits](f46c48ed6d...1360a344cc
)
---
updated-dependencies:
- dependency-name: actions/dependency-review-action
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Signed-off-by: Avishay <avishay.balter@gmail.com>
* 🌱 Bump tj-actions/changed-files from 36.0.9 to 36.0.12 (#3108 )
Bumps [tj-actions/changed-files](https://github.com/tj-actions/changed-files ) from 36.0.9 to 36.0.12.
- [Release notes](https://github.com/tj-actions/changed-files/releases )
- [Changelog](https://github.com/tj-actions/changed-files/blob/main/HISTORY.md )
- [Commits](cf4fe8759a...5978e5a2df
)
---
updated-dependencies:
- dependency-name: tj-actions/changed-files
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Signed-off-by: Avishay <avishay.balter@gmail.com>
* 🌱 Bump github.com/xanzy/go-gitlab from 0.83.0 to 0.84.0 (#3106 )
Bumps [github.com/xanzy/go-gitlab](https://github.com/xanzy/go-gitlab ) from 0.83.0 to 0.84.0.
- [Changelog](https://github.com/xanzy/go-gitlab/blob/master/releases_test.go )
- [Commits](https://github.com/xanzy/go-gitlab/compare/v0.83.0...v0.84.0 )
---
updated-dependencies:
- dependency-name: github.com/xanzy/go-gitlab
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Signed-off-by: Avishay <avishay.balter@gmail.com>
* 🌱 Bump golang.org/x/tools from 0.9.1 to 0.9.2
Bumps [golang.org/x/tools](https://github.com/golang/tools ) from 0.9.1 to 0.9.2.
- [Release notes](https://github.com/golang/tools/releases )
- [Commits](https://github.com/golang/tools/compare/v0.9.1...v0.9.2 )
---
updated-dependencies:
- dependency-name: golang.org/x/tools
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: Avishay <avishay.balter@gmail.com>
* ✨ GitLab: enable more checks in cron (#3097 )
* Enable checks
* Binary-Artifacts
* Code-Review
* License
* Vulnerabilities
Signed-off-by: Raghav Kaul <raghavkaul@google.com>
* Enable more checks
* CII Best Practices
* Fuzzing
* Maintained
* Packaging
* Pinned-Dependencies
* Signed-Releases
Signed-off-by: Raghav Kaul <raghavkaul@google.com>
* update repo name
Signed-off-by: Raghav Kaul <raghavkaul@google.com>
---------
Signed-off-by: Raghav Kaul <raghavkaul@google.com>
Signed-off-by: Avishay <avishay.balter@gmail.com>
* 📖 agenda link change (#3111 )
Signed-off-by: Amanda L Martin <hythloda@gmail.com>
Signed-off-by: Avishay <avishay.balter@gmail.com>
* 🌱 Bump github/codeql-action from 2.3.5 to 2.3.6 (#3112 )
Bumps [github/codeql-action](https://github.com/github/codeql-action ) from 2.3.5 to 2.3.6.
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](0225834cc5...83f0fe6c49
)
---
updated-dependencies:
- dependency-name: github/codeql-action
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Signed-off-by: Avishay <avishay.balter@gmail.com>
* 🌱 Bump tj-actions/changed-files from 36.0.12 to 36.0.15 (#3116 )
Bumps [tj-actions/changed-files](https://github.com/tj-actions/changed-files ) from 36.0.12 to 36.0.15.
- [Release notes](https://github.com/tj-actions/changed-files/releases )
- [Changelog](https://github.com/tj-actions/changed-files/blob/main/HISTORY.md )
- [Commits](5978e5a2df...5d2fcdb4cb
)
---
updated-dependencies:
- dependency-name: tj-actions/changed-files
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Signed-off-by: Avishay <avishay.balter@gmail.com>
* 🌱 Bump golang.org/x/tools from 0.9.2 to 0.9.3
Bumps [golang.org/x/tools](https://github.com/golang/tools ) from 0.9.2 to 0.9.3.
- [Release notes](https://github.com/golang/tools/releases )
- [Commits](https://github.com/golang/tools/compare/v0.9.2...v0.9.3 )
---
updated-dependencies:
- dependency-name: golang.org/x/tools
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: Avishay <avishay.balter@gmail.com>
* 🌱 Unit tests for option (#3109 )
- Add flags for repo, local, commit, log level, NPM, PyPI, RubyGems, metadata, show details, checks to run, policy file, and format
- Add tests for checks to run and format flags
Signed-off-by: naveensrinivasan <172697+naveensrinivasan@users.noreply.github.com>
Signed-off-by: Avishay <avishay.balter@gmail.com>
* 🌱 GitLab: add gitlab auth token to cron worker env (#3117 )
Signed-off-by: Raghav Kaul <raghavkaul@google.com>
Signed-off-by: Avishay <avishay.balter@gmail.com>
* Don't run pat e2e on dependabot merges (#3119 )
Signed-off-by: Raghav Kaul <raghavkaul@google.com>
Signed-off-by: Avishay <avishay.balter@gmail.com>
* ✨ Detect fast-check PBT library for fuzz section (#3073 )
* ✨ Detect fast-check PBT library for fuzz section
As suggested at https://github.com/ossf/scorecard/issues/2792#issuecomment-1562007596 , we add support for the detection of fast-check as a possible fuzzing solution.
I also adapted the documentation related to fuzzing accordingly.
Signed-off-by: Nicolas DUBIEN <github@dubien.org>
* Typo
Signed-off-by: Nicolas DUBIEN <github@dubien.org>
* Update missing md files
Signed-off-by: Nicolas DUBIEN <github@dubien.org>
---------
Signed-off-by: Nicolas DUBIEN <github@dubien.org>
Signed-off-by: Avishay <avishay.balter@gmail.com>
* 🌱 temporarily disable failing e2e tests so we don't block all PRs. (#3130 )
Signed-off-by: Spencer Schrock <sschrock@google.com>
Signed-off-by: Avishay <avishay.balter@gmail.com>
* pr comments
Signed-off-by: Avishay <avishay.balter@gmail.com>
* 🌱 Bump github.com/sirupsen/logrus from 1.9.2 to 1.9.3 (#3121 )
Bumps [github.com/sirupsen/logrus](https://github.com/sirupsen/logrus ) from 1.9.2 to 1.9.3.
- [Release notes](https://github.com/sirupsen/logrus/releases )
- [Changelog](https://github.com/sirupsen/logrus/blob/master/CHANGELOG.md )
- [Commits](https://github.com/sirupsen/logrus/compare/v1.9.2...v1.9.3 )
---
updated-dependencies:
- dependency-name: github.com/sirupsen/logrus
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Signed-off-by: Avishay <avishay.balter@gmail.com>
* i🌱 Ignore all pb files for test (#3127 )
- Update .codecov.yml to ignore additional files
Signed-off-by: naveensrinivasan <172697+naveensrinivasan@users.noreply.github.com>
Signed-off-by: Avishay <avishay.balter@gmail.com>
* 🌱 Deprecate dependencydiff package and add access token requirement (#3125 )
- Deprecate the `dependencydiff` package and the `GetDependencyDiffResults` function
- Add a line to the `.codecov.yml` to ignore the `dependencydiff` package
Signed-off-by: naveensrinivasan <172697+naveensrinivasan@users.noreply.github.com>
Signed-off-by: Avishay <avishay.balter@gmail.com>
* ✨ [experimental] Support for new `--format probe` (#3048 )
* update
Signed-off-by: laurentsimon <laurentsimon@google.com>
* update
Signed-off-by: laurentsimon <laurentsimon@google.com>
* update
Signed-off-by: laurentsimon <laurentsimon@google.com>
* update
Signed-off-by: laurentsimon <laurentsimon@google.com>
* update
Signed-off-by: laurentsimon <laurentsimon@google.com>
* update
Signed-off-by: laurentsimon <laurentsimon@google.com>
* update
Signed-off-by: laurentsimon <laurentsimon@google.com>
* update
Signed-off-by: laurentsimon <laurentsimon@google.com>
* update
Signed-off-by: laurentsimon <laurentsimon@google.com>
* update
Signed-off-by: laurentsimon <laurentsimon@google.com>
* update
Signed-off-by: laurentsimon <laurentsimon@google.com>
* update
Signed-off-by: laurentsimon <laurentsimon@google.com>
* update
Signed-off-by: laurentsimon <laurentsimon@google.com>
* update
Signed-off-by: laurentsimon <laurentsimon@google.com>
* update
Signed-off-by: laurentsimon <laurentsimon@google.com>
* update
Signed-off-by: laurentsimon <laurentsimon@google.com>
* update
Signed-off-by: laurentsimon <laurentsimon@google.com>
---------
Signed-off-by: laurentsimon <laurentsimon@google.com>
Signed-off-by: Avishay <avishay.balter@gmail.com>
* 🌱 Bump distroless/base (#3122 )
Bumps distroless/base from `10985f0` to `c623859`.
---
updated-dependencies:
- dependency-name: distroless/base
dependency-type: direct:production
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Signed-off-by: Avishay <avishay.balter@gmail.com>
* 🌱 Ignore deprecation warning for dependencydiff tests. (#3136 )
Signed-off-by: Spencer Schrock <sschrock@google.com>
Signed-off-by: Avishay <avishay.balter@gmail.com>
* 🌱 Bump tj-actions/changed-files from 36.0.15 to 36.0.18
Bumps [tj-actions/changed-files](https://github.com/tj-actions/changed-files ) from 36.0.15 to 36.0.18.
- [Release notes](https://github.com/tj-actions/changed-files/releases )
- [Changelog](https://github.com/tj-actions/changed-files/blob/main/HISTORY.md )
- [Commits](5d2fcdb4cb...07e0177b72
)
---
updated-dependencies:
- dependency-name: tj-actions/changed-files
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: Avishay <avishay.balter@gmail.com>
* 🌱 Bump github.com/onsi/ginkgo/v2 from 2.9.7 to 2.10.0 in /tools (#3135 )
Bumps [github.com/onsi/ginkgo/v2](https://github.com/onsi/ginkgo ) from 2.9.7 to 2.10.0.
- [Release notes](https://github.com/onsi/ginkgo/releases )
- [Changelog](https://github.com/onsi/ginkgo/blob/master/CHANGELOG.md )
- [Commits](https://github.com/onsi/ginkgo/compare/v2.9.7...v2.10.0 )
---
updated-dependencies:
- dependency-name: github.com/onsi/ginkgo/v2
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Signed-off-by: Avishay <avishay.balter@gmail.com>
* 🌱 Bump github.com/google/osv-scanner from 1.3.3 to 1.3.4
Bumps [github.com/google/osv-scanner](https://github.com/google/osv-scanner ) from 1.3.3 to 1.3.4.
- [Release notes](https://github.com/google/osv-scanner/releases )
- [Changelog](https://github.com/google/osv-scanner/blob/main/CHANGELOG.md )
- [Commits](https://github.com/google/osv-scanner/compare/v1.3.3...v1.3.4 )
---
updated-dependencies:
- dependency-name: github.com/google/osv-scanner
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: Avishay <avishay.balter@gmail.com>
* 🌱 Bump github.com/onsi/ginkgo/v2 from 2.9.7 to 2.10.0
Bumps [github.com/onsi/ginkgo/v2](https://github.com/onsi/ginkgo ) from 2.9.7 to 2.10.0.
- [Release notes](https://github.com/onsi/ginkgo/releases )
- [Changelog](https://github.com/onsi/ginkgo/blob/master/CHANGELOG.md )
- [Commits](https://github.com/onsi/ginkgo/compare/v2.9.7...v2.10.0 )
---
updated-dependencies:
- dependency-name: github.com/onsi/ginkgo/v2
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: Avishay <avishay.balter@gmail.com>
* 🌱 Bump github.com/onsi/gomega from 1.27.7 to 1.27.8
Bumps [github.com/onsi/gomega](https://github.com/onsi/gomega ) from 1.27.7 to 1.27.8.
- [Release notes](https://github.com/onsi/gomega/releases )
- [Changelog](https://github.com/onsi/gomega/blob/master/CHANGELOG.md )
- [Commits](https://github.com/onsi/gomega/compare/v1.27.7...v1.27.8 )
---
updated-dependencies:
- dependency-name: github.com/onsi/gomega
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: Avishay <avishay.balter@gmail.com>
* 🌱 Bump slsa-framework/slsa-github-generator from 1.6.0 to 1.7.0 (#3139 )
Bumps [slsa-framework/slsa-github-generator](https://github.com/slsa-framework/slsa-github-generator ) from 1.6.0 to 1.7.0.
- [Release notes](https://github.com/slsa-framework/slsa-github-generator/releases )
- [Changelog](https://github.com/slsa-framework/slsa-github-generator/blob/main/CHANGELOG.md )
- [Commits](https://github.com/slsa-framework/slsa-github-generator/compare/v1.6.0...v1.7.0 )
---
updated-dependencies:
- dependency-name: slsa-framework/slsa-github-generator
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Signed-off-by: Avishay <avishay.balter@gmail.com>
* 🌱 Increase test coverage for finding outcomes (#3142 )
* Increase test coverage for finding outcomes
- Add tests for Outcome UnmarshalYAML function in `finding/finding_test.go`
Signed-off-by: naveensrinivasan <172697+naveensrinivasan@users.noreply.github.com>
* Updates based on Codereview
- Update `Outcome` variable in `finding/finding_test.go`
- Add `t.Parallel()` for test parallelization
- Add comparison using `cmp.Diff` to test for mismatches
- Update test cases for various outcomes
Signed-off-by: naveensrinivasan <172697+naveensrinivasan@users.noreply.github.com>
---------
Signed-off-by: naveensrinivasan <172697+naveensrinivasan@users.noreply.github.com>
Signed-off-by: Avishay <avishay.balter@gmail.com>
* 🌱 Bump tj-actions/changed-files from 36.0.18 to 36.1.0 (#3143 )
Bumps [tj-actions/changed-files](https://github.com/tj-actions/changed-files ) from 36.0.18 to 36.1.0.
- [Release notes](https://github.com/tj-actions/changed-files/releases )
- [Changelog](https://github.com/tj-actions/changed-files/blob/main/HISTORY.md )
- [Commits](07e0177b72...fb20f4d248
)
---
updated-dependencies:
- dependency-name: tj-actions/changed-files
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Signed-off-by: Avishay <avishay.balter@gmail.com>
* 🌱 Re-enable skipped e2e tests. Switch to smaller code review repo. (#3144 )
* re-enable skipped ci test
Signed-off-by: Spencer Schrock <sschrock@google.com>
* re-enable skipped attestor test. switch to ossf-tests repo
Signed-off-by: Spencer Schrock <sschrock@google.com>
* remove extra policies from tests that only look at code review.
Signed-off-by: Spencer Schrock <sschrock@google.com>
* remove unneeded policies from binary artifact tests.
Signed-off-by: Spencer Schrock <sschrock@google.com>
---------
Signed-off-by: Spencer Schrock <sschrock@google.com>
Signed-off-by: Avishay <avishay.balter@gmail.com>
* add license header
Signed-off-by: Avishay <avishay.balter@gmail.com>
* pr comments
Signed-off-by: Avishay <avishay.balter@gmail.com>
* making the packages internal
Signed-off-by: Avishay <avishay.balter@gmail.com>
* generate mocks
Signed-off-by: Avishay <avishay.balter@gmail.com>
---------
Signed-off-by: Avishay <avishay.balter@gmail.com>
Signed-off-by: Avishay Balter <avishay.balter@gmail.com>
2023-06-15 16:13:41 -07:00