Commit Graph

117 Commits

Author SHA1 Message Date
Azeem Shaikh
d4701c4a4e
Delete Signed-Tags check from Scorecard (#851)
Co-authored-by: Azeem Shaikh <azeems@google.com>
2021-08-12 22:26:50 +00:00
Azeem Shaikh
3f9431d08c
Update SignedReleases to use RepoClient API (#844)
Co-authored-by: Azeem Shaikh <azeems@google.com>
2021-08-12 20:46:06 +00:00
asraa
cc312f2d1d
feature: branch protection without admin token (#823)
* branch protection without admin permission

Signed-off-by: Asra Ali <asraa@google.com>

* handle other errors

Signed-off-by: Asra Ali <asraa@google.com>

* fix lint

Signed-off-by: Asra Ali <asraa@google.com>

Co-authored-by: Naveen <172697+naveensrinivasan@users.noreply.github.com>
2021-08-12 15:54:28 +00:00
Azeem Shaikh
eeb563be10
Update SAST and CITest with Repoclient API (#842)
Co-authored-by: Azeem Shaikh <azeems@google.com>
2021-08-12 08:27:48 +10:00
laurentsimon
d821ea27ec
improve token permission (#811)
* sarif action

* update
2021-08-05 17:10:34 +00:00
laurentsimon
e4f3ede843
fix/enhance pinned-dependencies (#806)
* commit

* e2e tests

* typo
2021-08-03 23:32:34 +00:00
Naveen
254f316ce5
🌱 Fix the e2e fixes for signedtags (#805) 2021-08-03 16:02:06 +00:00
naveen
f2b4d07c33 🌱 Updated e2e signed releases
Updated the e2e signed releases to the new repository.
2021-08-03 09:05:16 -05:00
laurentsimon
b2b37161f3
Improve token permission check (#800)
* draft

* draft 2

* draft3

* fix e2e

* comment

* comment

* check codeql

* missing files

* comments

* nit

* update msg

* msg

* nit

* nit

* msg

* e2e

* update doc
2021-08-03 00:56:45 +00:00
Azeem Shaikh
30bb11965a
Update Packaging check to use new APIs (#796)
Co-authored-by: Azeem Shaikh <azeems@google.com>
2021-08-02 17:17:38 +00:00
naveen
33a63ff6b9 🌱 Fixed the failing lint check 2021-08-01 10:57:22 -05:00
Oliver Chang
7c2117342c fix tests 2021-08-01 10:57:22 -05:00
Oliver Chang
cf9c860441 Replace personal test repo with ossf-tests repo. 2021-08-01 10:57:22 -05:00
laurentsimon
29594d4294
change signature of FileIfExist and FileContent (#787)
* draft

* add pinning

* remove functions

* typo

* commment

* name
2021-07-30 15:09:52 +00:00
laurentsimon
b35cbdcdcf
Make Branch-Protection score more granular (#777)
* commit

* uni tests

* full score

* typos

* update msg

* remove function

* comments

* linter

* comments
2021-07-30 01:54:19 +00:00
laurentsimon
c48fe4f9ed
Make Token-Permission check more granular (#773)
* draft

* add tests

* add e2e2 tests

* typos

* typo

* fixes

* linter

* use named value

* comments

* comment
2021-07-30 00:13:01 +00:00
Azeem Shaikh
1d1e799f84
Add ListCommits and IsArchived API (#772)
Co-authored-by: Azeem Shaikh <azeems@google.com>
2021-07-29 14:18:58 -07:00
Azeem Shaikh
1e6d99eb20
Remove PullRequest check (#771)
Co-authored-by: Azeem Shaikh <azeems@google.com>
2021-07-29 20:58:36 +00:00
Azeem Shaikh
df89767c35
Fix bug in SecurityPolicy (#761)
Co-authored-by: Azeem Shaikh <azeems@google.com>
2021-07-29 20:09:56 +00:00
laurentsimon
8432a82bc4
Add e2e tests using dedicated repo for pinned-dependencies check (#766)
* fix

* e2e

* add e2e test from dedicated repo

* e2e update

* linter

* merge
2021-07-29 11:55:25 -07:00
laurentsimon
9edfe2a292
rename Frozen-Deps to Pinned-Dependencies (#765)
* fix

* more tests

* e2e

* comments

* change name

* linnter

* rename

* lint
2021-07-27 16:32:24 -07:00
laurentsimon
a004ffb107
cleanup Frozen-Deps MakeResultAnd (#742)
* draft

* fixes

* commi 1

* delete file

* clean

* clean 2

* linter

* fix score

* handle err

* in-proress score

* fixes
2021-07-26 22:02:46 +00:00
Naveen
4d7fb5d748
🌱 Fix the go.mod with v2 upgrade (#716)
The go.mod and the related files weren't t updated with the v2 upgrade.

https://github.com/ossf/scorecard/issues/711

This fix will address the issue.
2021-07-26 13:01:25 -05:00
Naveen
67d0eb0bf2
🌱 Fix the broken e2e tests (#751)
Fixed the broken tests that was looking for specific number of debug
messages
2021-07-26 12:23:15 -04:00
Azeem Shaikh
7c133bc767
Create APIs for MergedPRs and DefaultBranch (#745)
Co-authored-by: Azeem Shaikh <azeems@google.com>
2021-07-25 17:37:14 -07:00
laurentsimon
37d13c2972
Code-Review cleanup (#740)
* sast cleanup

* code-review cleanup

* typo

* merge fix
2021-07-22 23:12:53 +00:00
Azeem Shaikh
a1502dd51a
Add e2e release tests for cron job (#734)
Co-authored-by: Azeem Shaikh <azeems@google.com>
2021-07-22 14:16:10 -07:00
laurentsimon
a34e326151
sast cleanup (#739)
* sast cleanup

* comments
2021-07-22 18:03:31 +00:00
laurentsimon
89c8e2af31
[migration to score] 7: CI-Test, CII Best practices, security policy file (#733)
* ci, cii, sec file

* linter

* check doc

* typo

* fix

* comments

* linter

* fix sast

* fix score calc
2021-07-22 15:37:31 +00:00
laurentsimon
ae33db624e
[migration to score] 6: signed tags, signed release, PR, fuzzing (#732)
* yaml file

* sort checks

* comments

* signed tags

* signed release, PR, fuzzing

* typo
2021-07-21 18:10:47 -07:00
laurentsimon
53c056081b
[migration to score] 5: contributors, vulnerabilities, packaging and sast (#729)
* contributors

* packaging

* vulnerabilities

* fix errors

* err

* errors
2021-07-21 13:40:16 -07:00
laurentsimon
6f203e73b6
[migration to score] 4: active, fuzzing and code-review (#721)
* details-1

* nits

* typo

* commments

* dependabot and binary artifacts checks

* typo

* linter

* missing errors.go

* linter

* merge fix

* active, fuzzing and code review checks

* e2e tests for fuzzing

* fixes
2021-07-21 09:40:40 -07:00
laurentsimon
c741335683
[migration to score] 3: branch protection, frozen-deps, token permissions (#719)
* details-1

* nits

* typo

* commments

* dependabot and binary artifacts checks

* typo

* linter

* missing errors.go

* linter

* merge fix

* branch protection, frozen-deps, token permissions

* linter

* linter
2021-07-21 09:21:43 -07:00
laurentsimon
5e634c8945
[migration to score] 2: dependabot and binary artifact checks (#718)
* details-1

* nits

* typo

* commments

* dependabot and binary artifacts checks

* typo

* linter

* missing errors.go

* linter

* merge fix

* dates
2021-07-21 09:02:43 -07:00
Naveen
ca4f963eb7
🌱 Fix failing e2e tests (#696)
The packaging docker image for scorecard has been removed from github
workflow to gcr.io.

This was causing the e2e check failing.

This fix will remove that check and address the failing e2e.
2021-07-16 08:38:53 -07:00
naveen
219404e0b7 🌱 Removing gitcache
Removing gitcache
2021-07-13 01:03:21 -05:00
naveen
aeead94680 Included security.rst as SecurityPolicy
* Included security.rst as name check for security policy.
2021-07-04 16:18:51 -05:00
Oliver Chang
34621504fb
Add a Vulnerabilities check. (#628)
Uses OSV to check this.

Fixes #52.
2021-06-29 03:09:40 +00:00
laurentsimon
1829ee7600
🐛 Fix for e2e failures (#598)
* draft

* fixes

* linter

* disable parallel

* comments

* commments

* linter
2021-06-22 10:55:59 -07:00
Naveen
d00dd9c309
Automatic dependency update checks (#322)
* Checks if the dependencies are automatically updated.
2021-06-04 14:35:06 +00:00
Azeem Shaikh
030bc90932
Remove daily cron job from codebase (#530)
Co-authored-by: Azeem Shaikh <azeems@google.com>
2021-06-02 14:27:09 -07:00
Chris McGehee
61ecad3151
Add new linter: gci (#498) 2021-05-23 20:51:52 -07:00
Chris McGehee
587f41117b Fix lint issues: dupl linter 2021-05-23 11:49:33 -05:00
Abhishek Arya
5f82d2b9c0
Add checks for workflow action pinning (#466)
Patch by Laurent Simon <laurentsimon@google.com>

Co-authored-by: Laurent Simon <laurentsimon@google.com>
2021-05-17 13:03:39 -07:00
Chris McGehee
727bb58911
🌱 Fix lint issues: govet linter (#395)
* Fix lint issues: govet linter
The fieldalignment analyzer informs you when structs would take up less
memory with their fields reordered.

* CheckResult.Details was not omitted as intended
Found by govet linter

* Removing possible breaking change

Co-authored-by: Naveen <172697+naveensrinivasan@users.noreply.github.com>
Co-authored-by: Azeem Shaikh <azeemshaikh38@gmail.com>
2021-05-11 06:52:52 -07:00
Chris McGehee
0e15d65a0c Fix lint issues: dupl linter 2021-05-08 21:55:14 -05:00
Chris McGehee
6a7142fe21 Fix lint issues: golint linter 2021-05-02 14:49:40 -05:00
Chris McGehee
8402e6d9d0 Fix lint issues: gofumpt linter 2021-05-02 13:18:19 -05:00
naveen
360d6b8381 🌱 e2e tests for cronjob
* Implemented basic e2e tests for cornjob
2021-05-01 16:07:26 -05:00
Chris McGehee
06993b72ce
🐛 Fix linting issues (1 of n) (#348)
* Fix lint issues: whitespace linter

* Fix lint issues: wrapcheck linter

* Fix lint issues: errcheck linter

* Fix lint issues: paralleltest linter

* Fix lint issues: gocritic linter
Most changes from this commit are from passing checker.CheckResult by reference and not by value. gocritic identified that as a huge parameter.
gocritic also prefers regexp.MustCompile over Compile when the pattern is a const
2021-04-19 12:18:34 -07:00
Azeem Shaikh
a58818d258
🌱 : Reduce code duplication for follow-up cron refactoring (#338)
*  Refactor to reduce code duplication

* 

* Move lib/ back to checker/

* Move lib/ back to checker/

* Move lib/ back to checker/

* Address PR comments.

* Addressing PR comments.

* Avoid printing `ShouldRetry` and `Error` in output JSON.

* Fix JSON output.

Co-authored-by: Azeem Shaikh <azeems@google.com>
2021-04-10 07:26:56 -05:00
nathannaveen
f5185e4bd6 🌱 included copyright headers. 2021-04-01 21:36:10 -05:00
naveen
2978ae550a Fix - signed-tags e2e tests.
The signed tags e2e tests were failing because apache/airflow pushed
tags without signing.

Changed from apache/airflow to bitcoin/bitcoin.
2021-03-11 10:59:03 -05:00
naveen
7b192a0243 feat - Included tests for disk cache
Included tests for disk cache.
Cleaned up tests.
2021-02-26 15:46:21 -05:00
naveen
6f2a0f43f4 Fix - Output path for the test runs 2021-02-25 15:59:39 -05:00
naveen
cab29a2747 Feat- Use cloud buckets for caching
Use cloud buckets for httpcache.

The implementation uses https://github.com/google/go-cloud for it to be
cloud vendor agnostic.
2021-02-24 11:17:50 -05:00
naveen
7726ca7987 Feature - Include metadata in the results
Included metadata that can be passed an argument to the command line.
The same metadata will returned the `json` results.
2021-02-22 19:23:46 -05:00
naveen
e94e53965e Fix - Changes to reflect the scorecard score
The score of the scorecard is improving with signed-release and updating
the tests to reflect that.
2021-02-17 20:40:58 -05:00
Abhishek Arya
fc251d9d42 Add security policy to e2e test. 2021-02-14 12:50:24 -05:00
naveen
af2132e927 Fix- e2e tests to include the executable
Included e2e tests for the executable with JSON
2021-02-14 11:46:17 -05:00
Naveen
30d69310c6
Fix - Organization checks for members (#170)
* Fix - Organization checks for members

* Fix - Turn off automatic releasenotes generation

Turn off automatic release notes for CII https://bestpractices.coreinfrastructure.org/

* Fix - Organization checks for members
2021-02-14 10:46:14 -05:00
naveen
4bdc158018 Fix - packging workflow for docker push 2021-02-12 21:16:44 -05:00
naveen
93373f7787 Fixes - Incorrect result for branch protection 2021-01-26 18:39:12 -05:00
Abhishek Arya
c00aa4b606 Add e2e tests for remaining checks. 2021-01-15 15:24:04 -05:00
Abhishek Arya
5b7ddc55ab Add e2e test. 2021-01-15 13:44:52 -05:00
naveen
c4c99cd676 feature - Included the e2e into the PR workflows
Validated the presence of the GITHU_AUTH_TOKEN variable presence before running the e2e.

Update the contributing doc with scopes of the personal access token.

Updated the workflow to include the e2e tests.
2021-01-13 13:04:22 -05:00
Naveen
f77da7783b
feat-e2e tests for signed tags and signed releases (#115)
Implemented e2e tests using ginkgo for validating signed tags and signed
releases.

ginkgo is utilized as a standard BDD testing framework in other
projects like kubebuilder.
2021-01-01 14:36:31 -06:00