ossf/scorecard
1
1
Fork 0
mirror of https://github.com/ossf/scorecard.git synced 2024-09-19 04:57:14 +03:00
Code Issues Actions 2 Packages Projects Releases Wiki Activity
687 Commits 36 Branches 42 Tags 436 MiB
1c7c1e3c31
Commit Graph

71 Commits

Author SHA1 Message Date
Azeem Shaikh
42ee430332
Use RepoClient API for Fuzzing (#855) 
Co-authored-by: Azeem Shaikh <azeems@google.com>
 2021-08-14 00:34:40 +00:00
Azeem Shaikh
4c585f2e5f
Fix nil pointer bug (#856) 
Co-authored-by: Azeem Shaikh <azeems@google.com>
 2021-08-13 23:42:03 +00:00
Azeem Shaikh
8baaaa4cf8
Use RepoClient API for Contributors check (#854) 
Co-authored-by: Azeem Shaikh <azeems@google.com>
 2021-08-13 18:13:43 +00:00
Azeem Shaikh
b7ddc9ac93
Update go-github version for consistency (#852) 
Co-authored-by: Azeem Shaikh <azeems@google.com>
 2021-08-13 00:43:22 +00:00
Azeem Shaikh
d4701c4a4e
Delete Signed-Tags check from Scorecard (#851) 
Co-authored-by: Azeem Shaikh <azeems@google.com>
 2021-08-12 22:26:50 +00:00
Azeem Shaikh
3f9431d08c
Update SignedReleases to use RepoClient API (#844) 
Co-authored-by: Azeem Shaikh <azeems@google.com>
 2021-08-12 20:46:06 +00:00
asraa
cc312f2d1d
feature: branch protection without admin token (#823) 
* branch protection without admin permission

Signed-off-by: Asra Ali <asraa@google.com>

* handle other errors

Signed-off-by: Asra Ali <asraa@google.com>

* fix lint

Signed-off-by: Asra Ali <asraa@google.com>

Co-authored-by: Naveen <172697+naveensrinivasan@users.noreply.github.com>
 2021-08-12 15:54:28 +00:00
Azeem Shaikh
eeb563be10
Update SAST and CITest with Repoclient API (#842) 
Co-authored-by: Azeem Shaikh <azeems@google.com>
 2021-08-12 08:27:48 +10:00
laurentsimon
d821ea27ec
improve token permission (#811) 
* sarif action

* update
 2021-08-05 17:10:34 +00:00
laurentsimon
e4f3ede843
fix/enhance pinned-dependencies (#806) 
* commit

* e2e tests

* typo
 2021-08-03 23:32:34 +00:00
Naveen
254f316ce5
🌱 Fix the e2e fixes for signedtags (#805) 2021-08-03 16:02:06 +00:00
naveen
f2b4d07c33 🌱 Updated e2e signed releases 
Updated the e2e signed releases to the new repository.
 2021-08-03 09:05:16 -05:00
laurentsimon
b2b37161f3
Improve token permission check (#800) 
* draft

* draft 2

* draft3

* fix e2e

* comment

* comment

* check codeql

* missing files

* comments

* nit

* update msg

* msg

* nit

* nit

* msg

* e2e

* update doc
 2021-08-03 00:56:45 +00:00
Azeem Shaikh
30bb11965a
Update Packaging check to use new APIs (#796) 
Co-authored-by: Azeem Shaikh <azeems@google.com>
 2021-08-02 17:17:38 +00:00
naveen
33a63ff6b9 🌱 Fixed the failing lint check 2021-08-01 10:57:22 -05:00
Oliver Chang
7c2117342c fix tests 2021-08-01 10:57:22 -05:00
Oliver Chang
cf9c860441 Replace personal test repo with ossf-tests repo. 2021-08-01 10:57:22 -05:00
laurentsimon
29594d4294
change signature of FileIfExist and FileContent (#787) 
* draft

* add pinning

* remove functions

* typo

* commment

* name
 2021-07-30 15:09:52 +00:00
laurentsimon
b35cbdcdcf
Make Branch-Protection score more granular (#777) 
* commit

* uni tests

* full score

* typos

* update msg

* remove function

* comments

* linter

* comments
 2021-07-30 01:54:19 +00:00
laurentsimon
c48fe4f9ed
Make Token-Permission check more granular (#773) 
* draft

* add tests

* add e2e2 tests

* typos

* typo

* fixes

* linter

* use named value

* comments

* comment
 2021-07-30 00:13:01 +00:00
Azeem Shaikh
1d1e799f84
Add ListCommits and IsArchived API (#772) 
Co-authored-by: Azeem Shaikh <azeems@google.com>
 2021-07-29 14:18:58 -07:00
Azeem Shaikh
1e6d99eb20
Remove PullRequest check (#771) 
Co-authored-by: Azeem Shaikh <azeems@google.com>
 2021-07-29 20:58:36 +00:00
Azeem Shaikh
df89767c35
Fix bug in SecurityPolicy (#761) 
Co-authored-by: Azeem Shaikh <azeems@google.com>
 2021-07-29 20:09:56 +00:00
laurentsimon
8432a82bc4
Add e2e tests using dedicated repo for pinned-dependencies check (#766) 
* fix

* e2e

* add e2e test from dedicated repo

* e2e update

* linter

* merge
 2021-07-29 11:55:25 -07:00
laurentsimon
9edfe2a292
rename Frozen-Deps to Pinned-Dependencies (#765) 
* fix

* more tests

* e2e

* comments

* change name

* linnter

* rename

* lint
 2021-07-27 16:32:24 -07:00
laurentsimon
a004ffb107
cleanup Frozen-Deps MakeResultAnd (#742) 
* draft

* fixes

* commi 1

* delete file

* clean

* clean 2

* linter

* fix score

* handle err

* in-proress score

* fixes
 2021-07-26 22:02:46 +00:00
Naveen
4d7fb5d748
🌱 Fix the go.mod with v2 upgrade (#716) 
The go.mod and the related files weren't t updated with the v2 upgrade.

https://github.com/ossf/scorecard/issues/711

This fix will address the issue.
 2021-07-26 13:01:25 -05:00
Naveen
67d0eb0bf2
🌱 Fix the broken e2e tests (#751) 
Fixed the broken tests that was looking for specific number of debug
messages
 2021-07-26 12:23:15 -04:00
Azeem Shaikh
7c133bc767
Create APIs for MergedPRs and DefaultBranch (#745) 
Co-authored-by: Azeem Shaikh <azeems@google.com>
 2021-07-25 17:37:14 -07:00
laurentsimon
37d13c2972
Code-Review cleanup (#740) 
* sast cleanup

* code-review cleanup

* typo

* merge fix
 2021-07-22 23:12:53 +00:00
Azeem Shaikh
a1502dd51a
Add e2e release tests for cron job (#734) 
Co-authored-by: Azeem Shaikh <azeems@google.com>
 2021-07-22 14:16:10 -07:00
laurentsimon
a34e326151
sast cleanup (#739) 
* sast cleanup

* comments
 2021-07-22 18:03:31 +00:00
laurentsimon
89c8e2af31
[migration to score] 7: CI-Test, CII Best practices, security policy file (#733) 
* ci, cii, sec file

* linter

* check doc

* typo

* fix

* comments

* linter

* fix sast

* fix score calc
 2021-07-22 15:37:31 +00:00
laurentsimon
ae33db624e
[migration to score] 6: signed tags, signed release, PR, fuzzing (#732) 
* yaml file

* sort checks

* comments

* signed tags

* signed release, PR, fuzzing

* typo
 2021-07-21 18:10:47 -07:00
laurentsimon
53c056081b
[migration to score] 5: contributors, vulnerabilities, packaging and sast (#729) 
* contributors

* packaging

* vulnerabilities

* fix errors

* err

* errors
 2021-07-21 13:40:16 -07:00
laurentsimon
6f203e73b6
[migration to score] 4: active, fuzzing and code-review (#721) 
* details-1

* nits

* typo

* commments

* dependabot and binary artifacts checks

* typo

* linter

* missing errors.go

* linter

* merge fix

* active, fuzzing and code review checks

* e2e tests for fuzzing

* fixes
 2021-07-21 09:40:40 -07:00
laurentsimon
c741335683
[migration to score] 3: branch protection, frozen-deps, token permissions (#719) 
* details-1

* nits

* typo

* commments

* dependabot and binary artifacts checks

* typo

* linter

* missing errors.go

* linter

* merge fix

* branch protection, frozen-deps, token permissions

* linter

* linter
 2021-07-21 09:21:43 -07:00
laurentsimon
5e634c8945
[migration to score] 2: dependabot and binary artifact checks (#718) 
* details-1

* nits

* typo

* commments

* dependabot and binary artifacts checks

* typo

* linter

* missing errors.go

* linter

* merge fix

* dates
 2021-07-21 09:02:43 -07:00
Naveen
ca4f963eb7
🌱 Fix failing e2e tests (#696) 
The packaging docker image for scorecard has been removed from github
workflow to gcr.io.

This was causing the e2e check failing.

This fix will remove that check and address the failing e2e.
 2021-07-16 08:38:53 -07:00
naveen
219404e0b7 🌱 Removing gitcache 
Removing gitcache
 2021-07-13 01:03:21 -05:00
naveen
aeead94680 Included security.rst as SecurityPolicy 
* Included security.rst as name check for security policy.
 2021-07-04 16:18:51 -05:00
Oliver Chang
34621504fb
Add a Vulnerabilities check. (#628) 
Uses OSV to check this.

Fixes #52.
 2021-06-29 03:09:40 +00:00
laurentsimon
1829ee7600
🐛 Fix for e2e failures (#598) 
* draft

* fixes

* linter

* disable parallel

* comments

* commments

* linter
 2021-06-22 10:55:59 -07:00
Naveen
d00dd9c309
Automatic dependency update checks (#322) 
* Checks if the dependencies are automatically updated.
 2021-06-04 14:35:06 +00:00
Azeem Shaikh
030bc90932
Remove daily cron job from codebase (#530) 
Co-authored-by: Azeem Shaikh <azeems@google.com>
 2021-06-02 14:27:09 -07:00
Chris McGehee
61ecad3151
Add new linter: gci (#498) 2021-05-23 20:51:52 -07:00
Chris McGehee
587f41117b Fix lint issues: dupl linter 2021-05-23 11:49:33 -05:00
Abhishek Arya
5f82d2b9c0
Add checks for workflow action pinning (#466) 
Patch by Laurent Simon <laurentsimon@google.com>

Co-authored-by: Laurent Simon <laurentsimon@google.com>
 2021-05-17 13:03:39 -07:00
Chris McGehee
727bb58911
🌱 Fix lint issues: govet linter (#395) 
* Fix lint issues: govet linter
The fieldalignment analyzer informs you when structs would take up less
memory with their fields reordered.

* CheckResult.Details was not omitted as intended
Found by govet linter

* Removing possible breaking change

Co-authored-by: Naveen <172697+naveensrinivasan@users.noreply.github.com>
Co-authored-by: Azeem Shaikh <azeemshaikh38@gmail.com>
 2021-05-11 06:52:52 -07:00
Chris McGehee
0e15d65a0c Fix lint issues: dupl linter 2021-05-08 21:55:14 -05:00