ossf/scorecard
1
1
Fork 0
mirror of https://github.com/ossf/scorecard.git synced 2024-09-17 11:57:12 +03:00
Code Issues Actions 6 Packages Projects Releases Wiki Activity
1,136 Commits 36 Branches 42 Tags 436 MiB
1c95237e4a
Commit Graph

28 Commits

Author SHA1 Message Date
Azeem Shaikh
1c95237e4a
Only run allowed checks in different modes (#1579) 
Co-authored-by: Azeem Shaikh <azeems@google.com>
 2022-02-07 16:49:49 -08:00
naveen
f7b329e830 Unit test for all_checks 
Addresses https://github.com/ossf/scorecard/issues/435

Signed-off-by: naveen <172697+naveensrinivasan@users.noreply.github.com>
 2022-01-12 17:24:38 -06:00
Azeem Shaikh
f2c57d2590 Migrate to v4 2022-01-12 14:12:09 -06:00
laurentsimon
993e9c1010
update msg (#1457) 2022-01-10 22:22:39 +00:00
laurentsimon
df3d50df76
🐛 Fix score calculation for multiple files (#1401) 
* multi file support

* fix multi-files permissions

* change name

* add tests

* use struct for files

* comments

* comment
 2021-12-16 23:16:02 +00:00
Chris McGehee
f991fee32d
Adding line numbers for rest of Token-Permessions (and by extension, (#1381) 
Packaging)
 2021-12-14 04:14:35 +00:00
laurentsimon
6e013cf67d
Token-Permission: Allow top level permissions not defined if all run level permissions are (#1356) 
* doc

* allow non defined top level

* fix

* e2e fix

* linter
 2021-12-08 01:18:28 +00:00
Chris McGehee
38b5199e9e
🐛 Adding line numbers to token-permissions and a couple other places (#1363) 
* Adding line numbers to token-permissions and a couple other places

* Fix deadlink for security policy

Signed-off-by: Batuhan Apaydın <batuhan.apaydin@trendyol.com>
Co-authored-by: Furkan Türkal <furkan.turkal@trendyol.com>

* Updating formatting

Co-authored-by: Batuhan Apaydın <batuhan.apaydin@trendyol.com>
Co-authored-by: Furkan Türkal <furkan.turkal@trendyol.com>
 2021-12-06 10:05:52 -06:00
laurentsimon
cc4949465b
[Check split]: Binary-Artifacts (#1244) 
* split binary artifact check

* fix

* missing file

* comments

* linter

* fix

* comments

* linter
 2021-11-16 19:57:14 +00:00
laurentsimon
4502dfb557
Reduce false positives in Token-Permissions for contents permission (#1253) 
* fix

* tests
 2021-11-16 03:03:54 +00:00
Chris McGehee
3dc507b9e1 Using library to parse github workflows 2021-11-08 17:00:40 -06:00
Chris McGehee
f319aca82d Moving github worflow parsing to its own file 2021-11-08 17:00:40 -06:00
Chris McGehee
2006be1819 🐛 Token permission check was failing on non-yaml files 2021-11-04 06:19:10 -05:00
Naveen
6c1c789dc5
🌱 v3 upgrade changes (#1118) 
v3 go.mod changes
 2021-10-07 18:16:01 -05:00
Azeem Shaikh
e730e911e6
sce.Create -> sce.WithMessage for wrapcheck (#995) 
Co-authored-by: Azeem Shaikh <azeems@google.com>
 2021-09-10 15:50:33 +00:00
laurentsimon
6403eb1382
Transition Packaging, SAST, Security-policy, Signed-releases check to the new structured detail format (#887) 
* move checks to new format

* fix

* comments

* fix

* comments
 2021-08-24 01:44:06 +00:00
laurentsimon
b731f450b9
Transition Vulnerabilities, Permissions, CI-Tests, Dependency-Update-Tool, Code-Reviews to structured details (#889) 
* move other checks togit add -u

* more checks

* fixes
 2021-08-24 00:54:22 +00:00
laurentsimon
d821ea27ec
improve token permission (#811) 
* sarif action

* update
 2021-08-05 17:10:34 +00:00
laurentsimon
b2b37161f3
Improve token permission check (#800) 
* draft

* draft 2

* draft3

* fix e2e

* comment

* comment

* check codeql

* missing files

* comments

* nit

* update msg

* msg

* nit

* nit

* msg

* e2e

* update doc
 2021-08-03 00:56:45 +00:00
Azeem Shaikh
83e9f52501
Enable revive linters which are used in google3 (#793) 
Co-authored-by: Azeem Shaikh <azeems@google.com>
 2021-07-31 22:31:34 +00:00
laurentsimon
29594d4294
change signature of FileIfExist and FileContent (#787) 
* draft

* add pinning

* remove functions

* typo

* commment

* name
 2021-07-30 15:09:52 +00:00
laurentsimon
c48fe4f9ed
Make Token-Permission check more granular (#773) 
* draft

* add tests

* add e2e2 tests

* typos

* typo

* fixes

* linter

* use named value

* comments

* comment
 2021-07-30 00:13:01 +00:00
Naveen
4d7fb5d748
🌱 Fix the go.mod with v2 upgrade (#716) 
The go.mod and the related files weren't t updated with the v2 upgrade.

https://github.com/ossf/scorecard/issues/711

This fix will address the issue.
 2021-07-26 13:01:25 -05:00
Azeem Shaikh
9bf1cdc9ce
Update ListFiles API to return error (#746) 
Co-authored-by: Azeem Shaikh <azeems@google.com>
 2021-07-25 17:47:36 -07:00
laurentsimon
c741335683
[migration to score] 3: branch protection, frozen-deps, token permissions (#719) 
* details-1

* nits

* typo

* commments

* dependabot and binary artifacts checks

* typo

* linter

* missing errors.go

* linter

* merge fix

* branch protection, frozen-deps, token permissions

* linter

* linter
 2021-07-21 09:21:43 -07:00
laurentsimon
2c9a05c721
cleanup for token doc and code (#552) 
* cleanup

* comment
 2021-06-07 18:01:18 +00:00
laurentsimon
d528b6e626
Cleanup code for github tokens #534 (#539) 
* missed comments

* comments
 2021-06-04 00:12:56 +00:00
laurentsimon
37d979f79b
check for read-only permissions of github token (#534) 
* check for read-only permissions of github token

* linter

* linter

* doc

* comments

* commments

* fix

* generate checks.mg

* update license

* linter

* comments

* license

* linter

* missing file

* linter

* license

* cleanup
 2021-06-03 16:30:37 -07:00