ossf/scorecard
1
1
Fork 0
mirror of https://github.com/ossf/scorecard.git synced 2024-09-19 13:07:17 +03:00
Code Issues Actions 2 Packages Projects Releases Wiki Activity
687 Commits 36 Branches 42 Tags 436 MiB
1c7c1e3c31
Commit Graph

687 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Azeem Shaikh
1e6d99eb20
Remove PullRequest check (#771) 
Co-authored-by: Azeem Shaikh <azeems@google.com>
 2021-07-29 20:58:36 +00:00
Azeem Shaikh
59e14eef80
Add validation for checks.yaml (#781) 
Co-authored-by: Azeem Shaikh <azeems@google.com>
 2021-07-29 20:29:12 +00:00
Azeem Shaikh
df89767c35
Fix bug in SecurityPolicy (#761) 
Co-authored-by: Azeem Shaikh <azeems@google.com>
 2021-07-29 20:09:56 +00:00
Azeem Shaikh
851646d4db
Disable e2e tests temporarily (#785) 
Co-authored-by: Azeem Shaikh <azeems@google.com>
 2021-07-29 19:39:39 +00:00
laurentsimon
492d9cd29b
disable license check (#784) 2021-07-29 19:30:26 +00:00
laurentsimon
8432a82bc4
Add e2e tests using dedicated repo for pinned-dependencies check (#766) 
* fix

* e2e

* add e2e test from dedicated repo

* e2e update

* linter

* merge
 2021-07-29 11:55:25 -07:00
laurentsimon
578c71b03e
text (#776) 2021-07-28 15:49:28 -07:00
laurentsimon
24955d62a0
text change (#775) 2021-07-28 14:34:20 -07:00
laurentsimon
6536d393f3
remove functions (#770) 2021-07-28 08:32:00 -07:00
evalphobia
a4f7d4b5b4
🐛 Fix panic error when RequiredPullRequestReviews is nil (#768) 
* Fix panic error when RequiredPullRequestReviews is nil

* add test
 2021-07-28 09:57:26 -04:00
laurentsimon
9edfe2a292
rename Frozen-Deps to Pinned-Dependencies (#765) 
* fix

* more tests

* e2e

* comments

* change name

* linnter

* rename

* lint
 2021-07-27 16:32:24 -07:00
Appu
f9e9865fd6
Add version cli subcommand (#764) 
`scorecard version` will print out something like

```
GitVersion:     v2.0.0-73-g7fd331a-dirty
GitCommit:      7fd331adf2
GitTreeState:   dirty
BuildDate:      2021-07-27T14:14:34Z
GoVersion:      go1.16.4
Compiler:       gc
Platform:       linux/amd64
```

Signed-off-by: Appu Goundan <appu@google.com>

Co-authored-by: Naveen <172697+naveensrinivasan@users.noreply.github.com>
 2021-07-27 17:37:27 +00:00
Appu
782edb7c18
Update local install instructions to use v2 (#763) 
Signed-off-by: Appu Goundan <appu@google.com>

Co-authored-by: Abhishek Arya <inferno@chromium.org>
 2021-07-27 16:48:47 +00:00
laurentsimon
b8825d8e34
sast cleanup (#760) 
* cleanup

* typo

* typos

* linter

* comments

* msg

* score

* comments
 2021-07-27 16:16:44 +00:00
laurentsimon
c044105e33
rename var (#756) 
* rename var

* linter
 2021-07-26 17:24:34 -07:00
laurentsimon
2ffeff2dad
cleanup (#758) 2021-07-27 08:45:56 +10:00
laurentsimon
a004ffb107
cleanup Frozen-Deps MakeResultAnd (#742) 
* draft

* fixes

* commi 1

* delete file

* clean

* clean 2

* linter

* fix score

* handle err

* in-proress score

* fixes
 2021-07-26 22:02:46 +00:00
laurentsimon
8128f9fe68
divide by 0 (#755) 2021-07-26 21:37:17 +00:00
Naveen
4d7fb5d748
🌱 Fix the go.mod with v2 upgrade (#716) 
The go.mod and the related files weren't t updated with the v2 upgrade.

https://github.com/ossf/scorecard/issues/711

This fix will address the issue.
 2021-07-26 13:01:25 -05:00
dependabot[bot]
d6cf4b36bf
🌱 Bump distroless/base from 38778ff to ccbc79c (#722) 
Bumps distroless/base from `38778ff` to `ccbc79c`.

---
updated-dependencies:
- dependency-name: distroless/base
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Naveen <172697+naveensrinivasan@users.noreply.github.com>
 2021-07-26 12:00:10 -05:00
dependabot[bot]
b86718a96b
🌱 Bump golang from 773f15a to 4544ae5 (#747) 
Bumps golang from `773f15a` to `4544ae5`.

---
updated-dependencies:
- dependency-name: golang
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Naveen <172697+naveensrinivasan@users.noreply.github.com>
 2021-07-26 11:37:14 -05:00
Naveen
67d0eb0bf2
🌱 Fix the broken e2e tests (#751) 
Fixed the broken tests that was looking for specific number of debug
messages
 2021-07-26 12:23:15 -04:00
Azeem Shaikh
f0e4a0b37e
Add more projects to the release test (#749) 
Co-authored-by: Azeem Shaikh <azeems@google.com>
 2021-07-25 18:20:54 -07:00
Azeem Shaikh
9bf1cdc9ce
Update ListFiles API to return error (#746) 
Co-authored-by: Azeem Shaikh <azeems@google.com>
 2021-07-25 17:47:36 -07:00
Azeem Shaikh
7c133bc767
Create APIs for MergedPRs and DefaultBranch (#745) 
Co-authored-by: Azeem Shaikh <azeems@google.com>
 2021-07-25 17:37:14 -07:00
laurentsimon
37d13c2972
Code-Review cleanup (#740) 
* sast cleanup

* code-review cleanup

* typo

* merge fix
 2021-07-22 23:12:53 +00:00
laurentsimon
f021326e1f
catch error (#736) 2021-07-22 22:00:12 +00:00
Azeem Shaikh
a1502dd51a
Add e2e release tests for cron job (#734) 
Co-authored-by: Azeem Shaikh <azeems@google.com>
 2021-07-22 14:16:10 -07:00
laurentsimon
a34e326151
sast cleanup (#739) 
* sast cleanup

* comments
 2021-07-22 18:03:31 +00:00
laurentsimon
89c8e2af31
[migration to score] 7: CI-Test, CII Best practices, security policy file (#733) 
* ci, cii, sec file

* linter

* check doc

* typo

* fix

* comments

* linter

* fix sast

* fix score calc
 2021-07-22 15:37:31 +00:00
laurentsimon
ae33db624e
[migration to score] 6: signed tags, signed release, PR, fuzzing (#732) 
* yaml file

* sort checks

* comments

* signed tags

* signed release, PR, fuzzing

* typo
 2021-07-21 18:10:47 -07:00
laurentsimon
3e95796de3
update yaml file (#730) 
* yaml file

* sort checks

* comments

* vuln, sast

* doc update

* fix

* comments
 2021-07-21 22:32:28 +00:00
laurentsimon
886d03cfdf
description of checks migrated (#726) 
* yaml file

* sort checks

* comments

* comments

* comments
 2021-07-21 20:54:57 +00:00
laurentsimon
53c056081b
[migration to score] 5: contributors, vulnerabilities, packaging and sast (#729) 
* contributors

* packaging

* vulnerabilities

* fix errors

* err

* errors
 2021-07-21 13:40:16 -07:00
laurentsimon
6f203e73b6
[migration to score] 4: active, fuzzing and code-review (#721) 
* details-1

* nits

* typo

* commments

* dependabot and binary artifacts checks

* typo

* linter

* missing errors.go

* linter

* merge fix

* active, fuzzing and code review checks

* e2e tests for fuzzing

* fixes
 2021-07-21 09:40:40 -07:00
laurentsimon
c741335683
[migration to score] 3: branch protection, frozen-deps, token permissions (#719) 
* details-1

* nits

* typo

* commments

* dependabot and binary artifacts checks

* typo

* linter

* missing errors.go

* linter

* merge fix

* branch protection, frozen-deps, token permissions

* linter

* linter
 2021-07-21 09:21:43 -07:00
laurentsimon
5e634c8945
[migration to score] 2: dependabot and binary artifact checks (#718) 
* details-1

* nits

* typo

* commments

* dependabot and binary artifacts checks

* typo

* linter

* missing errors.go

* linter

* merge fix

* dates
 2021-07-21 09:02:43 -07:00
laurentsimon
42115ed2e3
add errors file (#720) 2021-07-20 19:06:41 +00:00
laurentsimon
ab4bb60c9c
[migration to score] 1: create errors and new functions (#712) 
* details-1

* comment

* doc

* nits

* typo

* commments

* nit

* linter
 2021-07-20 11:36:35 -07:00
laurentsimon
45ea97e502
Add more github token names for env variable (#694) 
* draft

* commit 1

* dead code

* comments

* merge fix

* typo
 2021-07-19 18:56:42 +00:00
Azeem Shaikh
ef2830ea98 Re-enable CensusTransport 2021-07-19 12:15:55 -05:00
Azeem Shaikh
35267c2514
PubSub integration test framework (#706) 
Co-authored-by: Azeem Shaikh <azeems@google.com>
 2021-07-18 17:33:45 -07:00
laurentsimon
3f2c0e6b6c
typos (#705) 2021-07-16 12:56:22 -07:00
laurentsimon
c46487bb7d
fixes (#704) 2021-07-16 12:34:23 -07:00
laurentsimon
b91658b322
packaging doc (#703) 2021-07-16 10:58:27 -07:00
dependabot[bot]
428a4d659c
🌱 Bump actions/stale from 3.0.19 to 4 (#695) 
Bumps [actions/stale](https://github.com/actions/stale) from 3.0.19 to 4.
- [Release notes](https://github.com/actions/stale/releases)
- [Changelog](https://github.com/actions/stale/blob/main/CHANGELOG.md)
- [Commits](98ed4cb500...cdf15f641a)

---
updated-dependencies:
- dependency-name: actions/stale
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Naveen <172697+naveensrinivasan@users.noreply.github.com>
 2021-07-16 17:30:01 +00:00
Naveen
f4f1e110c7
📖 Included docker documentation in README (#681) 
* Included docker run for easier consumption of scorecard.
 2021-07-16 17:18:42 +00:00
Oliver Chang
7a301f14d9
Add some new projects. (#702) 
Co-authored-by: Abhishek Arya <inferno@chromium.org>
 2021-07-16 15:48:13 +00:00
Naveen
ca4f963eb7
🌱 Fix failing e2e tests (#696) 
The packaging docker image for scorecard has been removed from github
workflow to gcr.io.

This was causing the e2e check failing.

This fix will remove that check and address the failing e2e.
 2021-07-16 08:38:53 -07:00
naveen
a55d542e0d 🌱 Remove gitcache docker 
Remove the gitcache docker image
 2021-07-14 12:31:15 -05:00