scorecard

mirror of https://github.com/ossf/scorecard.git synced 2024-09-19 13:07:17 +03:00

Author	SHA1	Message	Date
Naveen	fe7a8441ad	🌱 Improve workflow pinning remediation tests (#3021 ) - Add 3 tests for workflow pinning remediation [remediation/remediations_test.go] - Add 3 tests for workflow pinning remediation Signed-off-by: naveensrinivasan <172697+naveensrinivasan@users.noreply.github.com>	2023-05-22 16:55:45 +00:00
laurentsimon	2ea140a3ee	✨ Structured results for permissions (#2584 ) * update Signed-off-by: laurentsimon <laurentsimon@google.com> * update Signed-off-by: laurentsimon <laurentsimon@google.com> * update Signed-off-by: laurentsimon <laurentsimon@google.com> * update Signed-off-by: laurentsimon <laurentsimon@google.com> * update Signed-off-by: laurentsimon <laurentsimon@google.com> * update Signed-off-by: laurentsimon <laurentsimon@google.com> * update Signed-off-by: laurentsimon <laurentsimon@google.com> * update Signed-off-by: laurentsimon <laurentsimon@google.com> * update Signed-off-by: laurentsimon <laurentsimon@google.com> * update Signed-off-by: laurentsimon <laurentsimon@google.com> * update Signed-off-by: laurentsimon <laurentsimon@google.com> * update Signed-off-by: laurentsimon <laurentsimon@google.com> * update Signed-off-by: laurentsimon <laurentsimon@google.com> * update Signed-off-by: laurentsimon <laurentsimon@google.com> * Update checks/evaluation/permissions/GitHubWorkflowPermissionsTopNoWrite.yml Co-authored-by: Joyce <joycebrumu.u@gmail.com> Signed-off-by: laurentsimon <64505099+laurentsimon@users.noreply.github.com> * update Signed-off-by: laurentsimon <laurentsimon@google.com> * Update checks/evaluation/permissions/GitHubWorkflowPermissionsStepsNoWrite.yml Co-authored-by: Joyce <joycebrumu.u@gmail.com> Signed-off-by: laurentsimon <64505099+laurentsimon@users.noreply.github.com> * Update checks/evaluation/permissions/GitHubWorkflowPermissionsStepsNoWrite.yml Co-authored-by: Joyce <joycebrumu.u@gmail.com> Signed-off-by: laurentsimon <64505099+laurentsimon@users.noreply.github.com> * Update checks/evaluation/permissions/GitHubWorkflowPermissionsStepsNoWrite.yml Co-authored-by: Joyce <joycebrumu.u@gmail.com> Signed-off-by: laurentsimon <64505099+laurentsimon@users.noreply.github.com> * update Signed-off-by: laurentsimon <laurentsimon@google.com> * update Signed-off-by: laurentsimon <laurentsimon@google.com> * update Signed-off-by: laurentsimon <laurentsimon@google.com> * update Signed-off-by: laurentsimon <laurentsimon@google.com> * update Signed-off-by: laurentsimon <laurentsimon@google.com> * update Signed-off-by: laurentsimon <laurentsimon@google.com> * update Signed-off-by: laurentsimon <laurentsimon@google.com> * update Signed-off-by: laurentsimon <laurentsimon@google.com> * update Signed-off-by: laurentsimon <laurentsimon@google.com> * update Signed-off-by: laurentsimon <laurentsimon@google.com> * update Signed-off-by: laurentsimon <laurentsimon@google.com> * update Signed-off-by: laurentsimon <laurentsimon@google.com> * update Signed-off-by: laurentsimon <laurentsimon@google.com> * update Signed-off-by: laurentsimon <laurentsimon@google.com> * update Signed-off-by: laurentsimon <laurentsimon@google.com> * update Signed-off-by: laurentsimon <laurentsimon@google.com> --------- Signed-off-by: laurentsimon <laurentsimon@google.com> Signed-off-by: laurentsimon <64505099+laurentsimon@users.noreply.github.com> Co-authored-by: Joyce <joycebrumu.u@gmail.com>	2023-01-30 18:41:36 -08:00
Spencer Schrock	47be52369d	🐛 Retain tag when remediating unpinned docker images. (#2595 ) Signed-off-by: Spencer Schrock <sschrock@google.com> Signed-off-by: Spencer Schrock <sschrock@google.com>	2023-01-11 12:59:17 -08:00
Arnaud J Le Hors	2169bc44c7	Use new project name in Copyright notices (#2505 ) Signed-off-by: Arnaud J Le Hors <lehors@us.ibm.com> Signed-off-by: Arnaud J Le Hors <lehors@us.ibm.com>	2022-12-01 15:08:48 -08:00
Spencer Schrock	6dcfde9299	🐛 Fix remediation text when Scorecard is run multiple times within a program (#2168 ) * quick fix for wrong info in remediation text * add test for old, incorrect behavior * Rename Setup to New	2022-08-17 16:10:49 -05:00
Varun Sharma	86d1c7c37a	🐛 Fix bug 2051 (#2140 ) * Fix bug 2051 Signed-off-by: Varun Sharma <varunsh@stepsecurity.io> * Fix lint errors and add mock code Signed-off-by: Varun Sharma <varunsh@stepsecurity.io> * Fix unit test Signed-off-by: Varun Sharma <varunsh@stepsecurity.io> Signed-off-by: Varun Sharma <varunsh@stepsecurity.io> Co-authored-by: laurentsimon <64505099+laurentsimon@users.noreply.github.com>	2022-08-12 16:23:07 +00:00
Spencer Schrock	096cbd0622	✨ Use crane to add hash suggestion to unpinned Docker images (#2037 ) * Use crane to add hash suggestion to unpinned Docker images * Add nil check before dereferencing name for image digest * Reformat changes to comply with linter * Add basic remediation for dockerfile pinning * Deduplicate remediation code * Remove reference to linux/amd64, as crane digest should be universal * add remediation info to scorecard output. switch to using strings.Builder for more maintainable logic	2022-07-19 10:56:49 -07:00
laurentsimon	838f62f65a	✨ Add raw results for Token-Permissions (#1912 ) * draft * update * update * draft * updates * update * update * update * update * update * update * update * update * e2e test for empty repo * update * rename structure * update	2022-07-15 21:48:50 +00:00
laurentsimon	3957460c2b	update (#2011 )	2022-06-29 10:10:15 -07:00
laurentsimon	4bd3391a36	✨ Raw results for Pinned-Dependencies (#1932 ) * backup * update * update * draft * updates * updates * updates * updates * fix * linter * updates * updates * updates * updates * updates * updates * updates * linter * comments * linter * linter * tests * updates * updates * tests	2022-06-06 14:31:22 -07:00

10 Commits