ossf/scorecard
1
1
Fork 0
mirror of https://github.com/ossf/scorecard.git synced 2024-09-17 11:57:12 +03:00
Code Issues Actions 6 Packages Projects Releases Wiki Activity
1,136 Commits 36 Branches 42 Tags 436 MiB
1c95237e4a
Commit Graph

1136 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Azeem Shaikh
1c95237e4a
Only run allowed checks in different modes (#1579) 
Co-authored-by: Azeem Shaikh <azeems@google.com>
 2022-02-07 16:49:49 -08:00
Azeem Shaikh
eac2aecce6
Add support for commit-based lookup to GitHub APIs (#1612) 
Co-authored-by: Azeem Shaikh <azeems@google.com>
 2022-02-07 22:06:05 +00:00
naveen
68bf172e59 🌱 Unit tests fileparser/listing 
Unit tests fileparser/listing
 https://github.com/ossf/scorecard/issues/986
 2022-02-07 15:33:18 -06:00
Naveen
30fc06e4a8 Fixed the formatting issue 2022-02-07 15:15:57 -06:00
naveen
aaf7a9f208 🌱 Cache builds between runs 
Cache builds between runs.
 2022-02-07 11:52:36 -06:00
naveen
049db386a5 🌱 Unit tests for dependency_update_tool 
Unit tests for dependency_update_tool
 https://github.com/ossf/scorecard/issues/986

Signed-off-by: naveen <172697+naveensrinivasan@users.noreply.github.com>
 2022-02-07 11:05:37 -06:00
laurentsimon
873308016c
checks/packaging.go: ignore workflows/<>/ files (#1591) 2022-02-04 21:42:59 +00:00
Julia Ferraioli
95e7c030eb
Update the biweekly meeting times (#1603) 2022-02-04 20:50:41 +00:00
naveen
80cc0dd11e 🌱 Unit tests checks/ci_tests_test.go 
Unit tests for tests checks/ci_tests_test.go

 https://github.com/ossf/scorecard/issues/986
 2022-02-04 13:26:16 -06:00
Behnaz Hassanshahi
f84291dcfd
🐛 Fix Dependabot check to accept .yaml file extension (#1601) 2022-02-03 23:53:32 +00:00
naveen
5e1fd5230c 🌱 Tweaking codecov config 2022-02-03 15:50:16 -06:00
naveen
35aad1dce5 🌱 Unit tests code-review for raw 
Unit tests code-review for raw.
https://github.com/ossf/scorecard/issues/986
 2022-02-03 13:22:39 -06:00
naveen
674f747d47 🌱 Unit tests for vulnerabilities raw package 
Unit tests for vulnerabilities raw package

https://github.com/ossf/scorecard/issues/986
 2022-02-03 13:00:35 -06:00
Arnout Engelen
28bf341a3f 📖 recommend nix-shell over nix-env 
Which is more idiomatic
 2022-02-03 11:53:25 -06:00
naveen
634643e9f7 🌱 Unit test for fileparser/listing 
Unit test for fileparser/listing

https://github.com/ossf/scorecard/issues/986

🌱 Unit test for fileparser/listing

Unit tests for fileparser/listing

https://github.com/ossf/scorecard/issues/986

Signed-off-by: naveen <172697+naveensrinivasan@users.noreply.github.com>
 2022-02-03 11:01:57 -06:00
Martijn Pieters
88aa0e8159 📖 Add make install to Environment Setup 
Fixes #1588
 2022-02-03 10:39:37 -06:00
Azeem Shaikh
4581c363cf
Remove ListMergedPRs API (#1566) 
Co-authored-by: Azeem Shaikh <azeems@google.com>
 2022-02-03 00:01:35 +00:00
laurentsimon
9037444513
Raw data for code review check (#1505) 
* separate code review's eval and check

* missing file

* add comments

* fix

* fix

* linter

* fixes

* fix

* linter

* linter

* linter

* draft

* fixes

* fixes

* simplify

* update date

* rem comments

* typo

* linter

* typo

* linter
 2022-02-02 19:51:38 +00:00
laurentsimon
7032b1910e
Ignore all files under testdata/ (#1594) 2022-02-02 19:17:21 +00:00
laurentsimon
0670b8bdee
pkg/sarif.go: Add score in message (#1593) 
pkg/testdata/check6.sarif: Update message
 2022-02-02 18:30:04 +00:00
naveen
009aa85e3f 🌱 Unit tests for Vulnerabilities 
- Unit tests for Vulnerabilities
- https://github.com/ossf/scorecard/issues/986
 2022-02-02 11:55:57 -06:00
naveen
05cedd7cf7 🌱 Categorize the Makefile 
Categorize the makefile into sections for better readability.

Examples :- Development, Build and Tests
 2022-02-02 11:17:23 -06:00
laurentsimon
79b216c956
checks/security_policy_test.go: updated unit tests (#1590) 
checks/raw/security_policy.go: add support for .adoc policies
 2022-02-02 08:31:42 -08:00
Arnout Engelen
24842de010 📖 remove inaccurate claim about github rendering emoji 
GitHub renders `:xyz:` aliases in PR titles just fine nowadays.
 2022-02-02 09:15:27 -06:00
laurentsimon
86d8281031
Do not parse non-dockerfile (#1583) 
* draft

* checks/pinned_dependencies.go: added isDockerfiler()
checks/pinned_dependencies_test.go: added TestDockerfileInvalidFiles

* undo CodeQL

Co-authored-by: Naveen <172697+naveensrinivasan@users.noreply.github.com>
 2022-02-01 23:50:15 +00:00
Azeem Shaikh
2d0e5381c2
Revert Committer.Name change (#1576) 
Co-authored-by: Azeem Shaikh <azeems@google.com>
 2022-02-01 23:00:11 +00:00
naveen
e4eb6d247f 🌱 Unit tests for security policy 
Unit tests for security policy.
https://github.com/ossf/scorecard/issues/986
 2022-02-01 14:06:28 -06:00
dependabot[bot]
9d38be486e 🌱 Bump ossf/scorecard-action from 1.0.2 to 1.0.3 
Bumps [ossf/scorecard-action](https://github.com/ossf/scorecard-action) from 1.0.2 to 1.0.3.
- [Release notes](https://github.com/ossf/scorecard-action/releases)
- [Commits](c8416b0b2b...b614d455ee)

---
updated-dependencies:
- dependency-name: ossf/scorecard-action
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2022-02-01 12:12:33 -06:00
laurentsimon
cbbfebb0e8
Mention renovatebot's settings (#1575) 
* uupdate doc

* docs/checks/internal/checks.yaml: updated
docs/checks.md: updated
 2022-01-31 15:41:20 -08:00
Azeem Shaikh
3995d31abf
Refactor some code (#1567) 
Co-authored-by: Azeem Shaikh <azeems@google.com>
 2022-01-31 21:41:42 +00:00
naveen
fae5ff334f 🌱 Unit tests for fileparser 
Included additional tests for fileparser.
https://github.com/ossf/scorecard/issues/986

Signed-off-by: naveen <172697+naveensrinivasan@users.noreply.github.com>
 2022-01-31 14:09:02 -06:00
Azeem Shaikh
58865e959e
Only return PRs assicated with recent commits (#1562) 
Co-authored-by: Azeem Shaikh <azeems@google.com>
 2022-01-29 18:55:26 -08:00
Stephen Augustus (he/him)
53f21cb523
README: s/Justin/Stephen (#1565) 
...also fixes link to GitHub profile.

Signed-off-by: Stephen Augustus <foo@auggie.dev>
 2022-01-29 10:32:07 -08:00
Azeem Shaikh
6962fb4858
Use committer name if login isn't available (#1558) 
Co-authored-by: Azeem Shaikh <azeems@google.com>
 2022-01-29 00:25:33 +00:00
Azeem Shaikh
29b14f82e3
Fix nil-ptr issue in e2e tests (#1561) 
Co-authored-by: Azeem Shaikh <azeems@google.com>
 2022-01-28 22:50:58 +00:00
naveen
70afae8b8f 🌱 Remove dead code 
Remove dead code which isn't being used.
 2022-01-28 14:05:29 -06:00
naveen
4c266d7192 🌱 Unit test for dependency_update_tool 
Unit tests for dependency_update_tool
 https://github.com/ossf/scorecard/issues/986
 2022-01-28 10:57:57 -06:00
dependabot[bot]
b4eec8ed94 🌱 Bump github.com/onsi/gomega from 1.18.0 to 1.18.1 
Bumps [github.com/onsi/gomega](https://github.com/onsi/gomega) from 1.18.0 to 1.18.1.
- [Release notes](https://github.com/onsi/gomega/releases)
- [Changelog](https://github.com/onsi/gomega/blob/master/CHANGELOG.md)
- [Commits](https://github.com/onsi/gomega/compare/v1.18.0...v1.18.1)

---
updated-dependencies:
- dependency-name: github.com/onsi/gomega
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2022-01-28 08:42:09 +00:00
godofredoc
a69e1d97d4
🌱 Add Dart and Flutter CI systems to CI tests check. (#1548) 
* Add Dart and Flutter CI systems to CI tests check.

The current check is looking at the github checks data to identify
whether a given PR ran tests. Flutter and Dart repos are failing the
check becuase their systems are not recognized as CI Systems.

Bug: https://github.com/ossf/scorecard/issues/1547

* Format file.
 2022-01-28 01:42:50 +00:00
laurentsimon
40a9d48c91
Link to responsible disclosure guidelines in Security-Policy remediation doc (#1545) 
* refer to repsonsible disclosure guidelines

* typo
 2022-01-27 17:21:34 -05:00
Naveen
17467c1f13
🌱 Unit tests for binary_artifact (#1512) 2022-01-27 12:25:50 -06:00
dependabot[bot]
15a204fe1d 🌱 Bump github.com/goreleaser/goreleaser in /tools 
Bumps [github.com/goreleaser/goreleaser](https://github.com/goreleaser/goreleaser) from 1.3.1 to 1.4.1.
- [Release notes](https://github.com/goreleaser/goreleaser/releases)
- [Changelog](https://github.com/goreleaser/goreleaser/blob/main/.goreleaser.yaml)
- [Commits](https://github.com/goreleaser/goreleaser/compare/v1.3.1...v1.4.1)

---
updated-dependencies:
- dependency-name: github.com/goreleaser/goreleaser
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
 2022-01-27 08:51:06 +00:00
dependabot[bot]
074ba5a109
🌱 Bump github.com/onsi/ginkgo from 1.16.4 to 1.16.5 in /tools (#1541) 2022-01-27 03:20:16 +00:00
dependabot[bot]
bd2171b53a
🌱 Bump github.com/golangci/golangci-lint from 1.42.1 to 1.44.0 in /tools (#1540) 2022-01-27 02:56:56 +00:00
dependabot[bot]
10a5c1ade5 🌱 Bump github.com/goreleaser/goreleaser in /tools 
Bumps [github.com/goreleaser/goreleaser](https://github.com/goreleaser/goreleaser) from 1.0.0 to 1.3.1.
- [Release notes](https://github.com/goreleaser/goreleaser/releases)
- [Changelog](https://github.com/goreleaser/goreleaser/blob/main/.goreleaser.yaml)
- [Commits](https://github.com/goreleaser/goreleaser/compare/v1.0.0...v1.3.1)

---
updated-dependencies:
- dependency-name: github.com/goreleaser/goreleaser
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
 2022-01-27 01:30:14 +00:00
dependabot[bot]
d2d9ff4b9d 🌱 Bump golang.org/x/tools from 0.1.8 to 0.1.9 
Bumps [golang.org/x/tools](https://github.com/golang/tools) from 0.1.8 to 0.1.9.
- [Release notes](https://github.com/golang/tools/releases)
- [Commits](https://github.com/golang/tools/compare/v0.1.8...v0.1.9)

---
updated-dependencies:
- dependency-name: golang.org/x/tools
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2022-01-27 01:06:45 +00:00
naveen
3d5a08d4fe 🌱 Included dependabot setting for tools 
Included dependabot setting for tools module to get updates.
 2022-01-26 18:20:31 -06:00
Azeem Shaikh
d50788f638
Add Slack channel badge (#1536) 
Adds a new badge pointing to our Slack channel.
 2022-01-26 22:48:28 +00:00
laurentsimon
5f9fff3b20
Separate check from policies for the Vulnerabilities check (#1532) 
* raw vulnerabilities seperation
* update year
* missing files
* tests
 2022-01-26 15:45:39 -05:00
Chris McGehee
7a6eb2812a
Not considering an issue as having activity if closed recently (#1531) 
- The person who opened the issue can close it, so an issue closing does not indicate activity by a maintainer.
 2022-01-25 21:59:03 -08:00