ossf/scorecard
1
1
Fork 0
mirror of https://github.com/ossf/scorecard.git synced 2024-10-06 05:37:42 +03:00
Code Issues Actions 6 Packages Projects Releases Wiki Activity
1,460 Commits 31 Branches 42 Tags 437 MiB
1e1bfabccf
Commit Graph

16 Commits

Author SHA1 Message Date
Carlos Tadeu Panato Junior
83c07bfd32
🌱 github actions cleanup and set to get the latest go available (#2135) 
* update slsa generator to 1.2.0 and use git hash

Signed-off-by: cpanato <ctadeu@gmail.com>

* update go to get always the latest available and general cleanup

Signed-off-by: cpanato <ctadeu@gmail.com>

Signed-off-by: cpanato <ctadeu@gmail.com>
 2022-08-10 08:44:33 -07:00
dependabot[bot]
0eb7cb2d74
🌱 Bump nick-invision/retry from 2.8.0 to 2.8.1 (#2130) 
Bumps [nick-invision/retry](https://github.com/nick-invision/retry) from 2.8.0 to 2.8.1.
- [Release notes](https://github.com/nick-invision/retry/releases)
- [Changelog](https://github.com/nick-fields/retry/blob/master/.releaserc.js)
- [Commits](616fa81820...b4fa57557d)

---
updated-dependencies:
- dependency-name: nick-invision/retry
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2022-08-08 06:37:24 -10:00
dependabot[bot]
86eff21160 🌱 Bump nick-invision/retry from 2.6.0 to 2.8.0 
Bumps [nick-invision/retry](https://github.com/nick-invision/retry) from 2.6.0 to 2.8.0.
- [Release notes](https://github.com/nick-invision/retry/releases)
- [Changelog](https://github.com/nick-fields/retry/blob/master/.releaserc.js)
- [Commits](7f8f3d9f0f...616fa81820)

---
updated-dependencies:
- dependency-name: nick-invision/retry
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
 2022-08-04 14:39:28 +00:00
dependabot[bot]
4f30e02a24 🌱 Bump sigstore/cosign-installer from 2.4.1 to 2.5.0 
Bumps [sigstore/cosign-installer](https://github.com/sigstore/cosign-installer) from 2.4.1 to 2.5.0.
- [Release notes](https://github.com/sigstore/cosign-installer/releases)
- [Commits](48866aa521...09a077b27e)

---
updated-dependencies:
- dependency-name: sigstore/cosign-installer
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
 2022-07-27 18:24:07 +00:00
dependabot[bot]
baedf84082
🌱 Bump imjasonh/setup-ko from 0.4 to 0.5 (#2096) 
Bumps [imjasonh/setup-ko](https://github.com/imjasonh/setup-ko) from 0.4 to 0.5.
- [Release notes](https://github.com/imjasonh/setup-ko/releases)
- [Commits](2c3450ca27...78eea08f10)

---
updated-dependencies:
- dependency-name: imjasonh/setup-ko
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2022-07-27 12:44:30 -05:00
dependabot[bot]
d77f59f0ef
🌱 Bump sigstore/cosign-installer from 1.2.1 to 2.4.1 (#2021) 
Bumps [sigstore/cosign-installer](https://github.com/sigstore/cosign-installer) from 1.2.1 to 2.4.1.
- [Release notes](https://github.com/sigstore/cosign-installer/releases)
- [Commits](f700e6fbba...48866aa521)

---
updated-dependencies:
- dependency-name: sigstore/cosign-installer
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2022-07-23 05:42:10 -05:00
dependabot[bot]
220c49d52b
🌱 Bump actions/setup-go from 3.2.0 to 3.2.1 (#2040) 
Bumps [actions/setup-go](https://github.com/actions/setup-go) from 3.2.0 to 3.2.1.
- [Release notes](https://github.com/actions/setup-go/releases)
- [Commits](b22fbbc292...84cbf80943)

---
updated-dependencies:
- dependency-name: actions/setup-go
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Azeem Shaikh <azeemshaikh38@gmail.com>
 2022-07-12 22:22:25 +00:00
dependabot[bot]
e608741e58 🌱 Bump step-security/harden-runner from 1.4.3 to 1.4.4 
Bumps [step-security/harden-runner](https://github.com/step-security/harden-runner) from 1.4.3 to 1.4.4.
- [Release notes](https://github.com/step-security/harden-runner/releases)
- [Commits](248ae51c2e...74b568e859)

---
updated-dependencies:
- dependency-name: step-security/harden-runner
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2022-07-11 21:42:33 +00:00
laurentsimon
23523f6d09
Update publishimage.yml (#1977) 2022-06-01 16:42:23 -07:00
Naveen
0eeb0c20cd
🌱 Signing scorecard images using cosign (#1970) 
* --wip-- [skip ci]

* 🌱 Signing scorecard images using cosign

Signed-off-by: naveensrinivasan <172697+naveensrinivasan@users.noreply.github.com>
 2022-05-31 16:42:32 +00:00
dependabot[bot]
a997c0abe1 🌱 Bump actions/setup-go from 3.1.0 to 3.2.0 
Bumps [actions/setup-go](https://github.com/actions/setup-go) from 3.1.0 to 3.2.0.
- [Release notes](https://github.com/actions/setup-go/releases)
- [Commits](fcdc43634a...b22fbbc292)

---
updated-dependencies:
- dependency-name: actions/setup-go
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
 2022-05-27 16:08:17 +00:00
dependabot[bot]
6406cfd4e3 🌱 Bump actions/setup-go from 3.0.0 to 3.1.0 
Bumps [actions/setup-go](https://github.com/actions/setup-go) from 3.0.0 to 3.1.0.
- [Release notes](https://github.com/actions/setup-go/releases)
- [Commits](f6164bd8c8...fcdc43634a)

---
updated-dependencies:
- dependency-name: actions/setup-go
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
 2022-05-16 16:52:04 +00:00
dependabot[bot]
e97bf30ef6 🌱 Bump step-security/harden-runner from 1.4.2 to 1.4.3 
Bumps [step-security/harden-runner](https://github.com/step-security/harden-runner) from 1.4.2 to 1.4.3.
- [Release notes](https://github.com/step-security/harden-runner/releases)
- [Commits](34cbc43f0b...248ae51c2e)

---
updated-dependencies:
- dependency-name: step-security/harden-runner
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2022-05-02 08:45:02 -05:00
dependabot[bot]
dbaba8a536 🌱 Bump step-security/harden-runner from 1.4.1 to 1.4.2 
Bumps [step-security/harden-runner](https://github.com/step-security/harden-runner) from 1.4.1 to 1.4.2.
- [Release notes](https://github.com/step-security/harden-runner/releases)
- [Commits](https://github.com/step-security/harden-runner/compare/v1.4.1...34cbc43f0b10c9dda284e663cf43c2ebaf83e956)

---
updated-dependencies:
- dependency-name: step-security/harden-runner
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2022-04-25 09:29:45 -05:00
dependabot[bot]
64bf903f36 🌱 Bump actions/checkout from 3.0.1 to 3.0.2 
Bumps [actions/checkout](https://github.com/actions/checkout) from 3.0.1 to 3.0.2.
- [Release notes](https://github.com/actions/checkout/releases)
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md)
- [Commits](dcd71f6466...2541b1294d)

---
updated-dependencies:
- dependency-name: actions/checkout
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2022-04-22 07:02:44 -05:00
naveensrinivasan
6ed6c9b70e 🌱 Publish images with ko 
- Publish images with ko

https://github.com/ossf/scorecard/issues/744

Signed-off-by: naveensrinivasan <172697+naveensrinivasan@users.noreply.github.com>
 2022-04-18 10:40:05 -05:00