ossf/scorecard
1
1
Fork 0
mirror of https://github.com/ossf/scorecard.git synced 2024-09-11 08:55:27 +03:00
Code Issues Actions 6 Packages Projects Releases Wiki Activity
1,643 Commits 34 Branches 42 Tags 435 MiB
2169bc44c7
Commit Graph

46 Commits

Author SHA1 Message Date
Arnaud J Le Hors
2169bc44c7
Use new project name in Copyright notices (#2505) 
Signed-off-by: Arnaud J Le Hors <lehors@us.ibm.com>

Signed-off-by: Arnaud J Le Hors <lehors@us.ibm.com>
 2022-12-01 15:08:48 -08:00
dependabot[bot]
1eaa742b81
🌱 Bump github.com/goreleaser/goreleaser in /tools (#2499) 2022-12-01 18:34:56 +00:00
dependabot[bot]
ef79b9487d
🌱 Bump github.com/onsi/ginkgo/v2 from 2.5.0 to 2.5.1 in /tools (#2470) 2022-11-21 20:59:45 +00:00
dependabot[bot]
3cfa91f0ee
🌱 Bump github.com/goreleaser/goreleaser in /tools (#2469) 2022-11-21 19:26:12 +00:00
dependabot[bot]
e10b6fbb8d
🌱 Bump github.com/google/addlicense in /tools (#2459) 
Bumps [github.com/google/addlicense](https://github.com/google/addlicense) from 1.0.0 to 1.1.0.
- [Release notes](https://github.com/google/addlicense/releases)
- [Changelog](https://github.com/google/addlicense/blob/master/.goreleaser.yaml)
- [Commits](https://github.com/google/addlicense/compare/v1.0.0...v1.1.0)

---
updated-dependencies:
- dependency-name: github.com/google/addlicense
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2022-11-16 11:52:06 -08:00
dependabot[bot]
954b376031
🌱 Bump github.com/onsi/ginkgo/v2 from 2.4.0 to 2.5.0 in /tools (#2436) 
Bumps [github.com/onsi/ginkgo/v2](https://github.com/onsi/ginkgo) from 2.4.0 to 2.5.0.
- [Release notes](https://github.com/onsi/ginkgo/releases)
- [Changelog](https://github.com/onsi/ginkgo/blob/master/CHANGELOG.md)
- [Commits](https://github.com/onsi/ginkgo/compare/v2.4.0...v2.5.0)

---
updated-dependencies:
- dependency-name: github.com/onsi/ginkgo/v2
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2022-11-08 04:32:37 -08:00
dependabot[bot]
1fa7910432
🌱 Bump github.com/goreleaser/goreleaser in /tools (#2373) 
Bumps [github.com/goreleaser/goreleaser](https://github.com/goreleaser/goreleaser) from 1.11.5 to 1.12.3.
- [Release notes](https://github.com/goreleaser/goreleaser/releases)
- [Changelog](https://github.com/goreleaser/goreleaser/blob/main/.goreleaser.yaml)
- [Commits](https://github.com/goreleaser/goreleaser/compare/v1.11.5...v1.12.3)

---
updated-dependencies:
- dependency-name: github.com/goreleaser/goreleaser
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2022-10-31 07:47:18 -05:00
dependabot[bot]
5f25855100 🌱 Bump github.com/golangci/golangci-lint in /tools 
Bumps [github.com/golangci/golangci-lint](https://github.com/golangci/golangci-lint) from 1.50.0 to 1.50.1.
- [Release notes](https://github.com/golangci/golangci-lint/releases)
- [Changelog](https://github.com/golangci/golangci-lint/blob/master/CHANGELOG.md)
- [Commits](https://github.com/golangci/golangci-lint/compare/v1.50.0...v1.50.1)

---
updated-dependencies:
- dependency-name: github.com/golangci/golangci-lint
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2022-10-30 14:03:19 +00:00
dependabot[bot]
8b281c68c8 🌱 Bump github.com/onsi/ginkgo/v2 from 2.1.6 to 2.4.0 in /tools 
Bumps [github.com/onsi/ginkgo/v2](https://github.com/onsi/ginkgo) from 2.1.6 to 2.4.0.
- [Release notes](https://github.com/onsi/ginkgo/releases)
- [Changelog](https://github.com/onsi/ginkgo/blob/master/CHANGELOG.md)
- [Commits](https://github.com/onsi/ginkgo/compare/v2.1.6...v2.4.0)

---
updated-dependencies:
- dependency-name: github.com/onsi/ginkgo/v2
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
 2022-10-29 19:42:34 +00:00
Naveen
53e9246681
🌱 Migrate to go 1.19 (#2332) 
- Migrate to go 1.19

Signed-off-by: naveensrinivasan <172697+naveensrinivasan@users.noreply.github.com>

Signed-off-by: naveensrinivasan <172697+naveensrinivasan@users.noreply.github.com>
 2022-10-06 21:09:38 -04:00
dependabot[bot]
4e85d070b0 🌱 Bump github.com/goreleaser/goreleaser in /tools 
Bumps [github.com/goreleaser/goreleaser](https://github.com/goreleaser/goreleaser) from 1.10.3 to 1.11.5.
- [Release notes](https://github.com/goreleaser/goreleaser/releases)
- [Changelog](https://github.com/goreleaser/goreleaser/blob/main/.goreleaser.yaml)
- [Commits](https://github.com/goreleaser/goreleaser/compare/v1.10.3...v1.11.5)

---
updated-dependencies:
- dependency-name: github.com/goreleaser/goreleaser
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
 2022-10-06 20:19:22 +00:00
dependabot[bot]
ae75d43df1
🌱 Bump github.com/golangci/golangci-lint in /tools (#2331) 
Bumps [github.com/golangci/golangci-lint](https://github.com/golangci/golangci-lint) from 1.48.0 to 1.50.0.
- [Release notes](https://github.com/golangci/golangci-lint/releases)
- [Changelog](https://github.com/golangci/golangci-lint/blob/master/CHANGELOG.md)
- [Commits](https://github.com/golangci/golangci-lint/compare/v1.48.0...v1.50.0)

---
updated-dependencies:
- dependency-name: github.com/golangci/golangci-lint
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2022-10-05 08:57:46 -05:00
Naveen
7c2493460f
🌱 Fix cosign vulnerability (#2283) 
- Fixed the cosign vulnerability

Signed-off-by: naveensrinivasan <172697+naveensrinivasan@users.noreply.github.com>

Signed-off-by: naveensrinivasan <172697+naveensrinivasan@users.noreply.github.com>
 2022-09-21 10:51:09 -05:00
dependabot[bot]
3337b6ca95
🌱 Bump github.com/onsi/ginkgo/v2 from 2.1.4 to 2.1.6 in /tools (#2221) 
Bumps [github.com/onsi/ginkgo/v2](https://github.com/onsi/ginkgo) from 2.1.4 to 2.1.6.
- [Release notes](https://github.com/onsi/ginkgo/releases)
- [Changelog](https://github.com/onsi/ginkgo/blob/master/CHANGELOG.md)
- [Commits](https://github.com/onsi/ginkgo/compare/v2.1.4...v2.1.6)

---
updated-dependencies:
- dependency-name: github.com/onsi/ginkgo/v2
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2022-08-31 06:34:54 -05:00
Naveen
10b6052acf
🌱 Upgrade to go 1.18 (#2143) 
* 🌱 Upgrade to go 1.18

- Upgrade to go 1.18
- Updated the deps to avoid critical CVE's

Signed-off-by: naveensrinivasan <172697+naveensrinivasan@users.noreply.github.com>

* Updated dockerfile.

Signed-off-by: naveensrinivasan <172697+naveensrinivasan@users.noreply.github.com>

* Fixed the linter issues.

Signed-off-by: naveensrinivasan <172697+naveensrinivasan@users.noreply.github.com>

* Fixed the CVE dependencies

Signed-off-by: naveensrinivasan <172697+naveensrinivasan@users.noreply.github.com>

* Rmoved the cache which is changing between 1.17 and 1.18

Signed-off-by: naveensrinivasan <172697+naveensrinivasan@users.noreply.github.com>

* Rmoved the cache which is changing between 1.17 and 1.18

Signed-off-by: naveensrinivasan <172697+naveensrinivasan@users.noreply.github.com>

* Updated ko to latest

Signed-off-by: naveensrinivasan <172697+naveensrinivasan@users.noreply.github.com>

* Fixed linter issue.

Signed-off-by: naveensrinivasan <172697+naveensrinivasan@users.noreply.github.com>

* Fixed linter issue.

Signed-off-by: naveensrinivasan <172697+naveensrinivasan@users.noreply.github.com>

Signed-off-by: naveensrinivasan <172697+naveensrinivasan@users.noreply.github.com>
 2022-08-16 20:55:48 -05:00
dependabot[bot]
6813ed1981
🌱 Bump google.golang.org/protobuf in /tools (#2110) 
Bumps [google.golang.org/protobuf](https://github.com/protocolbuffers/protobuf-go) from 1.28.0 to 1.28.1.
- [Release notes](https://github.com/protocolbuffers/protobuf-go/releases)
- [Changelog](https://github.com/protocolbuffers/protobuf-go/blob/master/release.bash)
- [Commits](https://github.com/protocolbuffers/protobuf-go/compare/v1.28.0...v1.28.1)

---
updated-dependencies:
- dependency-name: google.golang.org/protobuf
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2022-07-29 10:27:52 -05:00
dependabot[bot]
61f24c053e
🌱 Bump github.com/golangci/golangci-lint in /tools (#1924) 
Bumps [github.com/golangci/golangci-lint](https://github.com/golangci/golangci-lint) from 1.46.0 to 1.46.2.
- [Release notes](https://github.com/golangci/golangci-lint/releases)
- [Changelog](https://github.com/golangci/golangci-lint/blob/master/CHANGELOG.md)
- [Commits](https://github.com/golangci/golangci-lint/compare/v1.46.0...v1.46.2)

---
updated-dependencies:
- dependency-name: github.com/golangci/golangci-lint
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2022-05-22 14:53:42 +00:00
dependabot[bot]
2b35afc5bb 🌱 Bump github.com/golangci/golangci-lint in /tools 
Bumps [github.com/golangci/golangci-lint](https://github.com/golangci/golangci-lint) from 1.45.2 to 1.46.0.
- [Release notes](https://github.com/golangci/golangci-lint/releases)
- [Changelog](https://github.com/golangci/golangci-lint/blob/master/CHANGELOG.md)
- [Commits](https://github.com/golangci/golangci-lint/compare/v1.45.2...v1.46.0)

---
updated-dependencies:
- dependency-name: github.com/golangci/golangci-lint
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
 2022-05-12 02:04:06 +00:00
dependabot[bot]
ac14ce72c1 🌱 Bump github.com/onsi/ginkgo/v2 from 2.1.3 to 2.1.4 in /tools 
Bumps [github.com/onsi/ginkgo/v2](https://github.com/onsi/ginkgo) from 2.1.3 to 2.1.4.
- [Release notes](https://github.com/onsi/ginkgo/releases)
- [Changelog](https://github.com/onsi/ginkgo/blob/master/CHANGELOG.md)
- [Commits](https://github.com/onsi/ginkgo/compare/v2.1.3...v2.1.4)

---
updated-dependencies:
- dependency-name: github.com/onsi/ginkgo/v2
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2022-04-27 13:56:27 +00:00
dependabot[bot]
d2e88f2ab6 🌱 Bump github.com/golangci/golangci-lint in /tools 
Bumps [github.com/golangci/golangci-lint](https://github.com/golangci/golangci-lint) from 1.45.0 to 1.45.2.
- [Release notes](https://github.com/golangci/golangci-lint/releases)
- [Changelog](https://github.com/golangci/golangci-lint/blob/master/CHANGELOG.md)
- [Commits](https://github.com/golangci/golangci-lint/compare/v1.45.0...v1.45.2)

---
updated-dependencies:
- dependency-name: github.com/golangci/golangci-lint
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2022-03-25 10:20:43 -05:00
dependabot[bot]
66b3d8ce5c
🌱 Bump github.com/golangci/golangci-lint from 1.44.2 to 1.45.0 in /tools (#1757) 
* 🌱 Bump github.com/golangci/golangci-lint in /tools

Bumps [github.com/golangci/golangci-lint](https://github.com/golangci/golangci-lint) from 1.44.2 to 1.45.0.
- [Release notes](https://github.com/golangci/golangci-lint/releases)
- [Changelog](https://github.com/golangci/golangci-lint/blob/master/CHANGELOG.md)
- [Commits](https://github.com/golangci/golangci-lint/compare/v1.44.2...v1.45.0)

---
updated-dependencies:
- dependency-name: github.com/golangci/golangci-lint
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

* golangci-lint: Surface and fix as many lint warnings automatically

Signed-off-by: Stephen Augustus <foo@auggie.dev>

* generated: Run golangci-lint with `fix: true`

Signed-off-by: Stephen Augustus <foo@auggie.dev>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Stephen Augustus <foo@auggie.dev>
 2022-03-23 02:23:39 +00:00
dependabot[bot]
d51e004a13 🌱 Bump google.golang.org/protobuf in /tools 
Bumps [google.golang.org/protobuf](https://github.com/protocolbuffers/protobuf-go) from 1.27.1 to 1.28.0.
- [Release notes](https://github.com/protocolbuffers/protobuf-go/releases)
- [Changelog](https://github.com/protocolbuffers/protobuf-go/blob/master/release.bash)
- [Commits](https://github.com/protocolbuffers/protobuf-go/compare/v1.27.1...v1.28.0)

---
updated-dependencies:
- dependency-name: google.golang.org/protobuf
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
 2022-03-22 10:04:26 -05:00
dependabot[bot]
2df9d088f2 🌱 Bump github.com/goreleaser/goreleaser in /tools 
Bumps [github.com/goreleaser/goreleaser](https://github.com/goreleaser/goreleaser) from 1.6.1 to 1.6.3.
- [Release notes](https://github.com/goreleaser/goreleaser/releases)
- [Changelog](https://github.com/goreleaser/goreleaser/blob/main/.goreleaser.yaml)
- [Commits](https://github.com/goreleaser/goreleaser/compare/v1.6.1...v1.6.3)

---
updated-dependencies:
- dependency-name: github.com/goreleaser/goreleaser
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2022-03-14 06:18:25 -05:00
dependabot[bot]
0268747d6d 🌱 Bump github.com/goreleaser/goreleaser in /tools 
Bumps [github.com/goreleaser/goreleaser](https://github.com/goreleaser/goreleaser) from 1.5.0 to 1.6.1.
- [Release notes](https://github.com/goreleaser/goreleaser/releases)
- [Changelog](https://github.com/goreleaser/goreleaser/blob/main/.goreleaser.yaml)
- [Commits](https://github.com/goreleaser/goreleaser/compare/v1.5.0...v1.6.1)

---
updated-dependencies:
- dependency-name: github.com/goreleaser/goreleaser
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
 2022-03-07 05:29:32 -05:00
naveensrinivasan
4b9f0389c6 🌱 Fix for CVE-2022-23648 
- Fix for https://github.com/advisories/GHSA-crp2-qrr5-8pq7
 2022-03-06 17:08:11 -05:00
Naveen
faeae4121e
🌱 Fixes the vulnerability GHSA-qq97-vm5h-rrhg (#1672) 
- Fixed the vulnerability GHSA-qq97-vm5h-rrhg by using replace
  directives.
 2022-02-23 07:41:05 -08:00
naveensrinivasan
5a1ab20fae 🌱 Fix containerd vulns 
- Fixes the containerd vulnerability by replacing 1.58 to 1.59 which
  addresses the fix and dependabot will stop complaining about the
  issue.
 2022-02-22 21:57:46 -06:00
Naveen
d94a87d974
🌱 Fix containerd Vulnerability (#1560) 
Fixes the containerd vulns.

https://github.com/ossf/scorecard/issues/1537
Signed-off-by: naveen <172697+naveensrinivasan@users.noreply.github.com>
Co-authored-by: Stephen Augustus <foo@auggie.dev>
 2022-02-23 00:41:56 +00:00
Romain Dauby
33f80c93dc Fix golangci-lint issues 2022-02-19 15:56:34 -06:00
Batuhan Apaydın
53bae3ee1a feat: upgrade to ko v0.10.0 
Signed-off-by: Batuhan Apaydın <batuhan.apaydin@trendyol.com>
 2022-02-19 05:24:27 -06:00
dependabot[bot]
4ebd8aff9c 🌱 Bump github.com/onsi/ginkgo/v2 from 2.0.0 to 2.1.3 in /tools 
Bumps [github.com/onsi/ginkgo/v2](https://github.com/onsi/ginkgo) from 2.0.0 to 2.1.3.
- [Release notes](https://github.com/onsi/ginkgo/releases)
- [Changelog](https://github.com/onsi/ginkgo/blob/master/CHANGELOG.md)
- [Commits](https://github.com/onsi/ginkgo/compare/v2.0.0...v2.1.3)

---
updated-dependencies:
- dependency-name: github.com/onsi/ginkgo/v2
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
 2022-02-16 07:13:41 -06:00
Azeem Shaikh
de5224bbc5
Update e2e tests (#1641) 
Co-authored-by: Azeem Shaikh <azeems@google.com>
 2022-02-15 19:27:45 +00:00
dependabot[bot]
eb0730ae79
🌱 Bump github.com/goreleaser/goreleaser in /tools (#1632) 2022-02-14 11:35:10 +00:00
dependabot[bot]
15a204fe1d 🌱 Bump github.com/goreleaser/goreleaser in /tools 
Bumps [github.com/goreleaser/goreleaser](https://github.com/goreleaser/goreleaser) from 1.3.1 to 1.4.1.
- [Release notes](https://github.com/goreleaser/goreleaser/releases)
- [Changelog](https://github.com/goreleaser/goreleaser/blob/main/.goreleaser.yaml)
- [Commits](https://github.com/goreleaser/goreleaser/compare/v1.3.1...v1.4.1)

---
updated-dependencies:
- dependency-name: github.com/goreleaser/goreleaser
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
 2022-01-27 08:51:06 +00:00
dependabot[bot]
074ba5a109
🌱 Bump github.com/onsi/ginkgo from 1.16.4 to 1.16.5 in /tools (#1541) 2022-01-27 03:20:16 +00:00
dependabot[bot]
bd2171b53a
🌱 Bump github.com/golangci/golangci-lint from 1.42.1 to 1.44.0 in /tools (#1540) 2022-01-27 02:56:56 +00:00
dependabot[bot]
10a5c1ade5 🌱 Bump github.com/goreleaser/goreleaser in /tools 
Bumps [github.com/goreleaser/goreleaser](https://github.com/goreleaser/goreleaser) from 1.0.0 to 1.3.1.
- [Release notes](https://github.com/goreleaser/goreleaser/releases)
- [Changelog](https://github.com/goreleaser/goreleaser/blob/main/.goreleaser.yaml)
- [Commits](https://github.com/goreleaser/goreleaser/compare/v1.0.0...v1.3.1)

---
updated-dependencies:
- dependency-name: github.com/goreleaser/goreleaser
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
 2022-01-27 01:30:14 +00:00
naveen
ab16cdbbc2 🌱 Fix Vulns for containerd 2022-01-21 12:44:00 -06:00
naveen
ce0802571a 🌱 Fixed the opencontainer image-spec vuln 2021-12-01 11:23:15 -06:00
Azeem Shaikh
de0cfbec9a Add a validation step for goreleaser 2021-11-23 13:08:26 -06:00
naveen
6e7e13ede4 🌱 Fix vulnerabilities in dependencies 2021-11-19 16:49:56 -06:00
Azeem Shaikh
51de6b6e5d
Check for issue activity in Maintained (#1251) 
Co-authored-by: Azeem Shaikh <azeems@google.com>
 2021-11-12 22:16:22 +00:00
naveen
1b885874ac 🌱 Fix CVE warning for containerd 
The containerd version <1.5.7 has CVE https://github.com/advisories/GHSA-c2h3-6mxw-7mvq
Fixed it to address the issue.
 2021-10-26 13:52:00 -05:00
Batuhan Apaydın
6f1a43a0b6
🌱 add google/ko support for building/pusing container image (#1127) 
* feat: add google/ko support for building/pusing container image

Signed-off-by: Batuhan Apaydın <batuhan.apaydin@trendyol.com>

* feat: updates according to reviews

Signed-off-by: Batuhan Apaydın <batuhan.apaydin@trendyol.com>
 2021-10-26 17:22:22 +00:00
Naveen
91eb41e235
🌱 Check for OSV for a go.mod changes (#1053) 
At present we don't have a way to identify any new dependencies to go.mod that have osv/cve.
With this it will query the osv.dev for any vulnerabilities and report if it found any.

It also has an option to ignore any vulnerabilities if we chose to ignore.

This is ignoring 3 osv that are in our dependencies.
 2021-09-22 20:41:56 +00:00
naveen
2b15b1353b 🌱 Moving tools dependencies to separate go.mod 
* Moving the tools dependencies to a separate go.mod to reduce the
dependencies on scorecard.

* This is also increases the security posture by having less dependencies
on the main go.mod
 2021-09-07 18:23:41 -05:00