ossf/scorecard
1
1
Fork 0
mirror of https://github.com/ossf/scorecard.git synced 2024-09-17 11:57:12 +03:00
Code Issues Actions 6 Packages Projects Releases Wiki Activity
1,643 Commits 36 Branches 42 Tags 436 MiB
2169bc44c7
Commit Graph

133 Commits

Author SHA1 Message Date
olivekl
c45f70bc90
📖 Add aggregate scoring documentation (#1063) 
* Update README.md

Add scoring explanation, including aggregate scoring and risk weighting
Add Aggregate score to example output
Add omitted word

* Update README.md

Minor edit, remove word

Co-authored-by: Azeem Shaikh <azeemshaikh38@gmail.com>
 2021-09-30 17:47:35 +00:00
Azeem Shaikh
06c14a64ba
Minor fixes to README.md (#1066) 2021-09-27 19:18:56 +00:00
olivekl
44dd10d465
📖 Olivekl patch 1 (#1039) 
* Update README.md

Add new Contents section at top that includes links to to other documentation pages. 
Remove old Contents section that linked only to the page below.

* Update README.md

Change “Supportability” to “Prerequisites” and add GoLang requirement. 
Rename “Troubleshooting” to “Report Problems” and remove Slack reference
Rename “Contributing” to “Get Involved” and add Slack reference. 
Tweak headings for clarity/concision.

* Update README.md

Fix link (Get Involved)

* Update README.md

Moved content on page to match new Table of Contents format
Added subheadings linking out to other pages to match new Table of Contents format
Renamed "Motivation" to "What is Scorecards?"

* Update README.md

Removed out-of-date info on Pass/Fail scoring from Usage section
Added info about previous Pass/Fail scoring to Public Data section
Removed out-of-date Pass/Fail example from Package Manager section

* Update README.md

Changed links from absolute to relative paths
Moved "Overview" section to top

* Update README.md

Renamed "Learn More About Each Check" section to "Detailed Check Documentation"

* Update README.md

Added example for format flag
Trimmed example for package manager (since removing the out-of-date results example)

* Update README.md

Moved "Basic Usage" heading
Minor tweaks for clarity

* Update README.md

Change "Get Involved" heading to "Connect with the Scorecards Community"

* Update README.md

Replace colon with comma for consistency

* Update README.md

Fix line formatting
Fix explanation of BigQuery pass/fail scoring
Update install command

Co-authored-by: Azeem Shaikh <azeemshaikh38@gmail.com>
 2021-09-22 14:05:37 +00:00
David A. Wheeler
a5a6a30cec
README.md: Add hyperlinks to docs/checks.md (#1008) 
This modifies README.md to add hyperlinks
directly to each of the details in `docs/checks.md`.
That way, people who want to know more about a specific check
can jump immediately to that information.

Signed-off-by: David A. Wheeler <dwheeler@dwheeler.com>
 2021-09-13 18:38:16 +00:00
olivekl
924d4d5da9
📖 Update README.md (#976) 
* Update README.md

Minor fixes for clarity.

* Update README.md

* Update README.md

Reinstating "Understanding Scorecard Results" paragraph after accidental deletion.

* Update README.md

Delete test phrase ("DELETE THIS")

Co-authored-by: Azeem Shaikh <azeemshaikh38@gmail.com>
 2021-09-08 08:22:25 -07:00
nathan-415
062075823c
Updated go get to go install (#953) 
Based on recommendations from the `go` tool.
```
go get: installing executables with 'go get' in module mode is deprecated.
	Use 'go install pkg@version' instead.
	For more information, see https://golang.org/doc/go-get-install-deprecation
	or run 'go help get' or 'go help install'.
```

Co-authored-by: Naveen <172697+naveensrinivasan@users.noreply.github.com>
 2021-09-03 15:09:32 +00:00
olivekl
c9a617b236
📖 Expand "Motivation" section (#924) 
* Expand "Motivation" section

Add description of the tool; introduce "checks" as a term used throughout documentation

* Update README.md
 2021-08-26 20:53:40 +00:00
laurentsimon
9eb7929ebc
🐛 Address friction logs' comments (#899) 
* fixes

* fix

* fix

* fixes

* doc

* missing file

* fixes

* comments

* typo
 2021-08-25 21:02:23 +00:00
Meder Kydyraliev
27c5821764
Update README.md (#888) 2021-08-24 00:12:03 +00:00
Azeem Shaikh
1c9a255642
Update docs to use :stable release (#865) 
Co-authored-by: Azeem Shaikh <azeems@google.com>
Co-authored-by: Naveen <172697+naveensrinivasan@users.noreply.github.com>
 2021-08-18 15:41:20 +00:00
Azeem Shaikh
d4701c4a4e
Delete Signed-Tags check from Scorecard (#851) 
Co-authored-by: Azeem Shaikh <azeems@google.com>
 2021-08-12 22:26:50 +00:00
Azeem Shaikh
ce7d4c396d
Update BQ query in README.md (#831) 
Co-authored-by: Azeem Shaikh <azeems@google.com>
 2021-08-10 17:56:39 -07:00
laurentsimon
9b2f3f5270
broken link to doc (#799) 
* broken link

* main doc link
 2021-08-02 14:33:17 -07:00
Azeem Shaikh
1e6d99eb20
Remove PullRequest check (#771) 
Co-authored-by: Azeem Shaikh <azeems@google.com>
 2021-07-29 20:58:36 +00:00
Appu
782edb7c18
Update local install instructions to use v2 (#763) 
Signed-off-by: Appu Goundan <appu@google.com>

Co-authored-by: Abhishek Arya <inferno@chromium.org>
 2021-07-27 16:48:47 +00:00
laurentsimon
45ea97e502
Add more github token names for env variable (#694) 
* draft

* commit 1

* dead code

* comments

* merge fix

* typo
 2021-07-19 18:56:42 +00:00
Naveen
f4f1e110c7
📖 Included docker documentation in README (#681) 
* Included docker run for easier consumption of scorecard.
 2021-07-16 17:18:42 +00:00
laurentsimon
dd1a412b85
Update readme (#634) 
* update readme

* comments
 2021-06-29 19:02:12 +00:00
Naveen
ec7755da82 Removed Code Coverage 2021-06-29 13:45:22 -05:00
Oliver Chang
34621504fb
Add a Vulnerabilities check. (#628) 
Uses OSV to check this.

Fixes #52.
 2021-06-29 03:09:40 +00:00
Azeem Shaikh
96ea5577d1
Update documentation (#583) 
Co-authored-by: Azeem Shaikh <azeems@google.com>
 2021-06-16 21:05:46 -07:00
Naveen
ecc072c3b7
📖 Updated README with community content (#547) 
Included slack channel
Included bi-weekly meeting link
 2021-06-04 21:47:45 +00:00
Chas. J. Owens IV
1ec9ada137
correct the path to a file (#543) 
correct path to the file that lists the projects checked each night

Co-authored-by: Naveen <172697+naveensrinivasan@users.noreply.github.com>
 2021-06-04 15:08:30 +00:00
Naveen
14dfc45fae
🌱 Move the docker containers to gcr.io (#419) 
* Included a build on push to master on gcr.io
  * Updated the README with the gcr.io
  * Removed the docker.yaml build push
 2021-05-11 14:11:06 +00:00
Naveen
a440bf6294
🌱 Removed the dockerbuild experimental features (#409) 
* Removed the docker build experimental feature so that cloudbuild can
build.
 2021-05-07 07:49:30 -05:00
Oliver Chang
df27afd3b3
Make checks documentation machine readable. (#345) 
*  Make checks documentation machine readable.

Make checks.yaml as a machine and human readable source of truth of
checks documentation.

A tiny Python script is also added to generate checks.json and checks.md
from this file.

* move checks scripts and files
 2021-04-16 11:15:56 -07:00
naveen
27ec7fff8d Docs - Updated the docs for cron 
Included a section within the CONTRIBUTING.md about the dailyscore and
cron job.
 2021-03-15 12:38:58 -04:00
naveen
3d6b080241 Doc - Included gitcache documentation 
Included documentation for gitcache.
 2021-03-12 19:24:29 -05:00
Abhishek Arya
a44dd6a758
Add pypi and ruby gems package support. (#226) 
Adds some more package managers to
https://github.com/ossf/scorecard/issues/33

Co-authored-by: Naveen <172697+naveensrinivasan@users.noreply.github.com>
 2021-03-01 11:21:20 -05:00
naveen
cab29a2747 Feat- Use cloud buckets for caching 
Use cloud buckets for httpcache.

The implementation uses https://github.com/google/go-cloud for it to be
cloud vendor agnostic.
 2021-02-24 11:17:50 -05:00
naveen
586e3d60be Doc - Update README with the TOC 
Updated the README with TOC and included instructions for docker usage.
 2021-02-23 10:47:44 -05:00
Naveen
db81680172
Feat-Implement httpcache middleware for GitHub API (#203) 
The GitHub API supports conditional requests
https://docs.github.com/en/rest/overview/resources-in-the-rest-api#conditional-requests

https://github.com/google/go-github supports Conditional requests
https://github.com/google/go-github#conditional-requests

As we are scaling more and more projects this would add a lot of value.

Initial run fetches information using `httpcache` as a middleware,
which caches the HTTP response initially in a large disk (PVC),
probably move to Redis later as a cache instead of disk.

Subsequent `cron runs` will utilize the `httpcache` for checking content modification and
load it from the cache if it isn't modified, which reduces the hitting the
Rate Limit of the GitHub API.
 2021-02-22 17:18:28 +00:00
naveen
9c4a4596ed Testing - Slash command 2021-02-19 14:04:24 -05:00
naveen
f57080098c Doc - Updates to README and CONTRIBUTING 2021-02-16 17:00:36 -05:00
Abhishek Arya
fc251d9d42 Add security policy to e2e test. 2021-02-14 12:50:24 -05:00
Naveen
ca1d6e85f0
Doc - Update README with the docker image (#163) 2021-02-11 15:27:16 -08:00
naveen
f385b0d9df Feature - run scans from npm pacakge name 
Implemented scans from npm package name.
 2021-02-02 16:07:41 -05:00
Abhishek Arya
8493b0b9a0 Add remediation steps for various checks. 2021-01-27 08:19:49 -05:00
naveen
2a1463b315 Feature - Report codecoverage to codecov.io 2021-01-26 17:49:11 -05:00
Abhishek Arya
dc8d1fecb9 Add packaging check. 2021-01-15 13:44:52 -05:00
naveen
1d26654130 Document - Included instruction for GITHUB_AUTH_TOKEN 
Included instruction that GITHUB_AUTH_TOKEN supports round robin with
multiple tokens.
 2021-01-11 13:19:58 -05:00
Naveen
b11fad8a81
feature - Included the status badge in README (#125) 
Included the status badge for build, golanglint-ci and CodeQL.
 2021-01-07 11:40:55 -08:00
Abhishek Arya
3191c55963
Update README.md 2021-01-05 10:43:41 -08:00
Abhishek Arya
650fe0a1c3
Update README.md 2021-01-05 10:31:18 -08:00
naveen
5d84b86148 Merge branch 'main' into feature/protected-branches 2021-01-05 12:32:06 -05:00
Abhishek Arya
b86fae0b4d
Fix https://github.com/ossf/scorecard/issues/121 2021-01-05 09:28:21 -08:00
naveen
9ce57c0804 feature - Checks for branch protections 
Implemented Branch protections checks.

Signed-off-by: naveen <172697+naveensrinivasan@users.noreply.github.com>
 2021-01-05 12:27:50 -05:00
Naveen
15a1ba0536
feat - nonroot docker container (#114) 
* feat - nonroot docker container

Changed the docker container to nonroot

* Feat - New Dockerfile for non-cron job

Created a new Dockerfile for non-cron job.
Moved the existing Dockerfile into cron folder for cron specific.

Signed-off-by: naveen <172697+naveensrinivasan@users.noreply.github.com>

* Fix - The Docker version information in the README

Updated the README to include docker version information required for
Dockerfile.

Signed-off-by: naveen <172697+naveensrinivasan@users.noreply.github.com>
 2021-01-05 07:45:15 -06:00
Tom
87997ffb57
Update SonarCloud link in README.md (#88) 2020-12-02 08:00:29 -06:00
Tom
c3dabb2cba
Add SonarCloud to the SAST check (#85) 
* Add SonarCloud to the SAST check

* Apply review feedback
 2020-12-01 08:32:37 -06:00
dlorenc
24fa4cca5e
Add support for and hookup app based authentication for higher rate limiting. (#69) 
This also configures it in our nightly cron cluster.
 2020-11-13 11:06:46 -06:00
Abhishek Arya
f9bfb3c980
More helper links on README.md 2020-11-12 19:29:55 -08:00
Kim Lewandowski
8a14c6cea9
Merge pull request #67 from dlorenc/jsoncron 
Switch the nightly to use json.
 2020-11-12 18:18:39 -08:00
Abhishek Arya
1259d3240f
Fixes #60 (#66) 2020-11-12 20:14:59 -06:00
Dan Lorenc
3350a2d0bf Switch the nightly to use json. 2020-11-12 20:13:34 -06:00
Abhishek Arya
e6bee47202
Update README.md 2020-11-12 10:59:02 -08:00
dlorenc
62ae708944
Add a JSON format mode. (#65) 
This is usable as is, but is also desigend to be easy to import into a database.
 2020-11-12 12:47:08 -06:00
dlorenc
ef19bdf032
Add a Dockerfile and k8s cron job to upload files to GCS each night. (#59) 2020-11-12 12:26:38 -06:00
Abhishek Arya
bc5ee3cb47
Add helper hyperlinks for check references. 2020-11-09 19:15:46 -08:00
Abhishek Arya
56bd21bdba
Update README.md 2020-11-09 18:29:37 -08:00
Dan Lorenc
268aea59d2 Add CSV formatting mode. 
This allows the user to specify "--format=csv" to get the results output in CSV columns.
 2020-11-09 18:23:30 -06:00
Kim Lewandowski
68bc599017
adding logo (#44) 
Co-authored-by: Kim Lewandowski <klewandowski@google.com>
 2020-11-06 11:36:23 -06:00
Kim Lewandowski
3c790163dd moving contributing section down 2020-11-05 12:27:10 -08:00
Dan Lorenc
237e28b246 Add Best Practices WG meeting invite. 2020-10-27 14:35:05 -05:00
Kim Lewandowski
8c33c8ae69
Merge pull request #35 from dlorenc/docs 
Cleanup docs and add new page for checks.
 2020-10-26 13:55:10 -07:00
Dan Lorenc
6d473aafe4 Cleanup docs and add new page for checks. 2020-10-26 15:50:13 -05:00
Abhishek Arya
81eab9d2d8
Add license header and code of conduct files. (#34) 
* Add license header and code of conduct files.

* Fill missing field.
 2020-10-26 15:22:13 -05:00
Abhishek Arya
1232adbb20
Add SAST check for CodeQL (#26) 2020-10-19 11:58:51 -05:00
Abhishek Arya
3c4623184a Minor fixes. 2020-10-19 08:09:10 -07:00
Abhishek Arya
0e3502e85c
Add active project check, slightly fi MultiCheck logic. (#23) 2020-10-18 18:54:15 -05:00
Abhishek Arya
ca862c3181 Show result as pass/fail instead of true/false to match docs. 2020-10-17 17:08:53 -07:00
Abhishek Arya
c208cd8d09
Update check results in readme. 2020-10-16 23:48:25 -07:00
Abhishek Arya
6e5ce52cae
Fix filenames to match check names, remove unneeded repos.txt. (#15) 
* Fix filenames to match check names, remove unneeded repos.txt.

* Fix conflict.

* Minor fix.
 2020-10-16 13:22:28 -05:00
Abhishek Arya
78f70c46fd
Fix minor formatting issue 2020-10-16 08:08:43 -07:00
Abhishek Arya
dbcfdfa0af Validate checks and improve docs. 2020-10-16 07:54:29 -07:00
Kim Lewandowski
b24adb5eb3
uddating readme with criteria to add checks, removed motivation fluff (#6) 
Co-authored-by: Kim Lewandowski <klewandowski@google.com>
 2020-10-14 14:42:05 -05:00
Dan Lorenc
d47a4efdfe Add new checks to the readme. 2020-10-14 11:25:16 -05:00
Dan Lorenc
3608792e91 Refactoring. 2020-10-13 09:32:38 -05:00
Kim Lewandowski
454d8f4869
Update README.md (#3) 
fix the typo
 2020-10-09 17:59:55 -05:00
Kim Lewandowski
4240146c5c
Update README.md (#2) 
Added a short motivational video
 2020-10-09 13:28:31 -05:00
Kim Lewandowski
dc1835b7ff
Update readme (#1) 
* Update readme

Added motivation, goals and requirements.

* Update README.md

* Update README.md

Co-authored-by: dlorenc <lorenc.d@gmail.com>
 2020-10-09 12:39:00 -05:00
Dan Lorenc
b2358d9b62 Fix parallel execution. 2020-10-09 10:26:43 -05:00
Dan Lorenc
3ee3c748e9 Initial commit. 2020-10-09 10:08:43 -05:00