ossf/scorecard
1
1
Fork 0
mirror of https://github.com/ossf/scorecard.git synced 2024-09-20 05:27:12 +03:00
Code Issues Actions 1 Packages Projects Releases Wiki Activity
1,536 Commits 36 Branches 42 Tags 436 MiB
29893aebc4
Commit Graph

263 Commits

Author SHA1 Message Date
Spencer Schrock
347c2a81fe
Add tests for getBucketSummary. (#2310) 
Signed-off-by: Spencer Schrock <sschrock@google.com>

Signed-off-by: Spencer Schrock <sschrock@google.com>
 2022-09-28 19:30:44 -04:00
Spencer Schrock
ac55bf4cf0
🐛 Prevent partial cron transfers caused by controller failures (#2308) 
* Prevent transfer of bq data when .shard_metadata file is missing.

Signed-off-by: Spencer Schrock <sschrock@google.com>

* Nack requests whose jobs dont have a shard metadata file.

Signed-off-by: Spencer Schrock <sschrock@google.com>

* Add isCompleted tests.

Signed-off-by: Spencer Schrock <sschrock@google.com>

Signed-off-by: Spencer Schrock <sschrock@google.com>
 2022-09-28 19:40:21 +00:00
Spencer Schrock
a694cc90d8
Fix k8s yaml errors and document how to prevent them. (#2298) 
Signed-off-by: Spencer Schrock <sschrock@google.com>

Signed-off-by: Spencer Schrock <sschrock@google.com>
 2022-09-26 19:10:10 +00:00
Azeem Shaikh
7cd6406aef
Reduce build target radius (#2293) 
Signed-off-by: Azeem Shaikh <azeemshaikh38@gmail.com>

Signed-off-by: Azeem Shaikh <azeemshaikh38@gmail.com>
 2022-09-24 19:58:50 +00:00
Spencer Schrock
a7a503ae54
🌱 cron: pass config as an argument to binaries (4/n) (#2279) 
* Explicitly read config file instead of embedding it.

Signed-off-by: Spencer Schrock <sschrock@google.com>

* Add CLI config arg and ReadConfig() to existing cron binaries.

Signed-off-by: Spencer Schrock <sschrock@google.com>

* Volume mount config

Signed-off-by: Spencer Schrock <sschrock@google.com>

* Ignore CLI flag args when reading local filenames in controller.

Signed-off-by: Spencer Schrock <sschrock@google.com>

* Hide --config in the config package.

Signed-off-by: Spencer Schrock <sschrock@google.com>

* Add config param to k8s files.

Signed-off-by: Spencer Schrock <sschrock@google.com>

* Fix test

Signed-off-by: Spencer Schrock <sschrock@google.com>

* Allow fallback to embedded config if no config is passed as arg. Intended to be temporary to help with GKE rollout.

Signed-off-by: Spencer Schrock <sschrock@google.com>

Signed-off-by: Spencer Schrock <sschrock@google.com>
 2022-09-23 13:42:56 -07:00
Spencer Schrock
f017e2e77b
Fix typo which was causing index out of range panics (#2284) 
Signed-off-by: Spencer Schrock <sschrock@google.com>

Signed-off-by: Spencer Schrock <sschrock@google.com>
 2022-09-22 17:15:19 +00:00
Azeem Shaikh
a6983edf6e
Fix failing linters (#2281) 
Signed-off-by: Azeem Shaikh <azeemshaikh38@gmail.com>

Signed-off-by: Azeem Shaikh <azeemshaikh38@gmail.com>
 2022-09-21 18:14:58 +00:00
raghavkaul
d75dea8a58
🌱 Feature: Group commits into changesets (#2260) 
* Group raw commits into changesets

Signed-off-by: Raghav Kaul <raghavkaul@google.com>

* Add tests, fix golint

Signed-off-by: Raghav Kaul <raghavkaul@google.com>

* Fix lint

Signed-off-by: Raghav Kaul <raghavkaul@google.com>

* Address PR comments

Signed-off-by: Raghav Kaul <raghavkaul@google.com>

* Fix test failures, remove unneeded fields from raw results

Signed-off-by: Raghav Kaul <raghavkaul@google.com>

* Fix lint

Signed-off-by: Raghav Kaul <raghavkaul@google.com>

* Fix tests

* Handle randomized order
* e2e

Signed-off-by: Raghav Kaul <raghavkaul@google.com>

* Accept code reviews on any commit, not just HEAD

Signed-off-by: Raghav Kaul <raghavkaul@google.com>

* Address PR comments

Signed-off-by: Raghav Kaul <raghavkaul@google.com>

Signed-off-by: Raghav Kaul <raghavkaul@google.com>
Co-authored-by: Azeem Shaikh <azeemshaikh38@gmail.com>
 2022-09-20 17:53:11 +00:00
Spencer Schrock
2231d1f722
🌱 cron: make CSV header optional (3/n) (#2261) 
* Make CSV header optional.

Signed-off-by: Spencer Schrock <sschrock@google.com>

* Appease linter.

Signed-off-by: Spencer Schrock <sschrock@google.com>

* Address PR feedback.

Signed-off-by: Spencer Schrock <sschrock@google.com>

Signed-off-by: Spencer Schrock <sschrock@google.com>
 2022-09-13 21:57:31 -04:00
Spencer Schrock
bde0ae166a
🌱 cron: generalize config and create optional values for scorecard and criticality (2/n) (#2254) 
* Add map logic to yaml config.

Signed-off-by: Spencer Schrock <sschrock@google.com>

* Add scorecard yaml test

Signed-off-by: Spencer Schrock <sschrock@google.com>

* Separate general config values from scorecard specific values.

Signed-off-by: Spencer Schrock <sschrock@google.com>

* Add criticality values to config.

Signed-off-by: Spencer Schrock <sschrock@google.com>

* Add test to confirm empty string behavior.

Signed-off-by: Spencer Schrock <sschrock@google.com>

* Combine scorecard and criticality values under AdditionalParams.

Signed-off-by: Spencer Schrock <sschrock@google.com>

Signed-off-by: Spencer Schrock <sschrock@google.com>
Co-authored-by: Azeem Shaikh <azeemshaikh38@gmail.com>
 2022-09-12 23:25:29 +00:00
Spencer Schrock
c665f271ce
🌱 cron: allow controller to read CSVs from cloud storage (1/n) (#2235) 
* Add input bucket config values

Signed-off-by: Spencer Schrock <sschrock@google.com>

* Allow controller to read input files from buckets.

Signed-off-by: Spencer Schrock <sschrock@google.com>

* Add nested iterator tests.

Signed-off-by: Spencer Schrock <sschrock@google.com>

* Add blob tests.

Signed-off-by: Spencer Schrock <sschrock@google.com>

Signed-off-by: Spencer Schrock <sschrock@google.com>
 2022-09-08 07:32:52 -04:00
Spencer Schrock
bc5a1d6c3d
Enable SAST check in cron by default (#2223) 
Signed-off-by: Spencer Schrock <sschrock@google.com>

Signed-off-by: Spencer Schrock <sschrock@google.com>
 2022-09-01 17:25:29 +00:00
Spencer Schrock
758cc39b7e
Add k8s README (#2219) 
Signed-off-by: Spencer Schrock <sschrock@google.com>

Signed-off-by: Spencer Schrock <sschrock@google.com>
 2022-08-30 14:11:22 -04:00
Spencer Schrock
a8e9050ae0
Optimize SAST check (#2191) 
* Optimize SAST

* Address PR feedback

* split checkruns into separate graphql query

* Enable SAST check in the releasetest cron worker

Co-authored-by: Azeem Shaikh <azeemshaikh38@gmail.com>
 2022-08-26 19:53:48 +00:00
Spencer Schrock
11ff78e35c
Deduplicate projects by excluding URL fragments (#2201) 2022-08-26 15:35:08 -04:00
Naveen
10b6052acf
🌱 Upgrade to go 1.18 (#2143) 
* 🌱 Upgrade to go 1.18

- Upgrade to go 1.18
- Updated the deps to avoid critical CVE's

Signed-off-by: naveensrinivasan <172697+naveensrinivasan@users.noreply.github.com>

* Updated dockerfile.

Signed-off-by: naveensrinivasan <172697+naveensrinivasan@users.noreply.github.com>

* Fixed the linter issues.

Signed-off-by: naveensrinivasan <172697+naveensrinivasan@users.noreply.github.com>

* Fixed the CVE dependencies

Signed-off-by: naveensrinivasan <172697+naveensrinivasan@users.noreply.github.com>

* Rmoved the cache which is changing between 1.17 and 1.18

Signed-off-by: naveensrinivasan <172697+naveensrinivasan@users.noreply.github.com>

* Rmoved the cache which is changing between 1.17 and 1.18

Signed-off-by: naveensrinivasan <172697+naveensrinivasan@users.noreply.github.com>

* Updated ko to latest

Signed-off-by: naveensrinivasan <172697+naveensrinivasan@users.noreply.github.com>

* Fixed linter issue.

Signed-off-by: naveensrinivasan <172697+naveensrinivasan@users.noreply.github.com>

* Fixed linter issue.

Signed-off-by: naveensrinivasan <172697+naveensrinivasan@users.noreply.github.com>

Signed-off-by: naveensrinivasan <172697+naveensrinivasan@users.noreply.github.com>
 2022-08-16 20:55:48 -05:00
Azeem Shaikh
d2b3496beb
Remove duplicate projects with different casings (#2155) 2022-08-16 16:53:55 -05:00
Azeem Shaikh
69eb1ccf1d
Fix a bug in cron API data exporting (#2112) 
Co-authored-by: Azeem Shaikh <azeems@google.com>
 2022-07-31 06:59:56 -05:00
Naveen
e23ee84db0
Export Scorecards results for API (#2081) 
* 🌱 Export Scorecards results for API

- Exporting the Scorecard results for the scorecard API.
- The code exports as result.json without the commit SHA and also with
  the commit SHA.

* Some cleanup and tweaks.

* Some cleanup and tweaks.
 2022-07-23 02:37:17 +00:00
Bill Nottingham
63e40aea4d
Add a number of new projects to scan. (#2043) 
Co-authored-by: Azeem Shaikh <azeemshaikh38@gmail.com>
 2022-07-12 21:58:03 +00:00
Bill Nottingham
48291a3dd4
Use the proper repo for lombok. (#2029) 2022-07-08 23:15:13 +00:00
Aiden Wang
64cd05310b
Support user-defined fuzz functions (GoLang) in fuzzing check (#1979) 
* temp save 05262022

* finished golang fuzz func check, getLang interface to be done next week

* temp save 05/31/2022

* temp save 06/01/2022

* temp save-2 06/01/2022

* temp save-1 06032022

* temp save-2 06022022

* temp save

* temp save 06032022

* temp save 06032022 (2)

* update err def

* temp save 3

* update docs for fuzzing

* update docs for fuzzing

* update checks.yaml to gen docs

* temp save 0606

* temp save-2 0606

* temp save-3 0606

* temp save-4 0606

* fix linter errors

* fix linter errs-2

* fix e2e errors

* 0608

* 0608-2

Co-authored-by: Aiden Wang <aidenwang@google.com>
 2022-06-08 19:17:51 -07:00
Azeem Shaikh
a30bd749cb
Fix bug in move to internal (#1964) 
Co-authored-by: Azeem Shaikh <azeems@google.com>
 2022-05-26 17:13:04 +00:00
Azeem Shaikh
d1714a289a
Move the cron job to internal package (#1960) 
Co-authored-by: Azeem Shaikh <azeems@google.com>
 2022-05-25 15:37:22 -07:00
Azeem Shaikh
6a21afb410
Fix bug in cron setup (#1959) 
Co-authored-by: Azeem Shaikh <azeems@google.com>
 2022-05-25 20:46:50 +00:00
Azeem Shaikh
25c7e1c7f2
Replace checker.Commit with clients.Commit (#1950) 
Co-authored-by: Azeem Shaikh <azeems@google.com>
 2022-05-24 23:11:37 +00:00
Azeem Shaikh
edd371cf7d
Replace checker.BP with clients.BP (#1953) 
Co-authored-by: Azeem Shaikh <azeems@google.com>
 2022-05-24 12:34:07 -07:00
dependabot[bot]
7e4cd514fc
🌱 Bump distroless/base in /cron/controller (#1929) 
Bumps distroless/base from `764b74b` to `d65ac1a`.

---
updated-dependencies:
- dependency-name: distroless/base
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2022-05-22 12:55:12 +00:00
laurentsimon
2fc48e3b38
Use Tool for raw fuzzing results (#1935) 
* updates

* updates
 2022-05-21 01:43:09 +00:00
dependabot[bot]
fb45cd7e9d 🌱 Bump distroless/base in /cron/webhook 
Bumps distroless/base from `764b74b` to `d65ac1a`.

---
updated-dependencies:
- dependency-name: distroless/base
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
 2022-05-19 16:45:34 +00:00
dependabot[bot]
5843c148db 🌱 Bump distroless/base in /cron/worker 
Bumps distroless/base from `764b74b` to `d65ac1a`.

---
updated-dependencies:
- dependency-name: distroless/base
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
 2022-05-19 12:54:38 +00:00
laurentsimon
b4700ab5df
Raw results for Contributors check (#1919) 
* update

* update

* linter

* linter
 2022-05-18 18:13:10 +00:00
Azeem Shaikh
8fdb0e767e
Cron cleanup (#1925) 
Co-authored-by: Azeem Shaikh <azeems@google.com>
 2022-05-18 09:48:40 -07:00
Naveen
bbaf072dd5
⚠️ Remove the oldjson format from cron (#1920) 
- removed the old json format from cron
fix https://github.com/ossf/scorecard/pull/1487

Signed-off-by: naveensrinivasan <172697+naveensrinivasan@users.noreply.github.com>
 2022-05-17 17:31:25 -07:00
Azeem Shaikh
236b296403
Do not fail on empty repositories (#1914) 
Co-authored-by: Azeem Shaikh <azeems@google.com>
 2022-05-16 00:41:17 +00:00
Naveen
0275a94a3f
:warn: Remove the old Details field from CheckResult (#1906) 
https://github.com/ossf/scorecard/issues/1393

Signed-off-by: naveensrinivasan <172697+naveensrinivasan@users.noreply.github.com>
 2022-05-12 12:58:12 -07:00
06kellyjac
c5d787a598 pkg: refactor out scorecard_version 2022-05-10 09:51:55 -05:00
Naveen
7ff4b7e050
⚠️ Removing the confidence field from CheckResult struct (#1896) 
- Removing the confidence field from `CheckResult` struct
- https://github.com/ossf/scorecard/issues/1393

Signed-off-by: naveensrinivasan <172697+naveensrinivasan@users.noreply.github.com>
 2022-05-09 17:46:24 +00:00
Parth Kanakiya
9a7d030902
Added additional github repositories in projects.csv (#1886) 
* Added additional repositories

* Added more repos

* Cleaned the repos
 2022-05-06 16:13:50 +00:00
naveensrinivasan
2cb654102d ⚠️ Removing the pass field from result (#1853) 
- Removing the pass field from result
    - https://github.com/ossf/scorecard/issues/1393

Signed-off-by: naveensrinivasan <172697+naveensrinivasan@users.noreply.github.com>
 2022-05-03 11:17:47 -05:00
Naveen
44ad5f53ad
⚠️ Removing the error field from result (#1853) 
- Removing the error field from result
- https://github.com/ossf/scorecard/issues/1393

Signed-off-by: naveensrinivasan <172697+naveensrinivasan@users.noreply.github.com>
 2022-04-22 23:22:43 +00:00
laurentsimon
1f3861b4cc
Update env variables in cron (#1858) 2022-04-22 20:21:08 +00:00
laurentsimon
f99e1a1552
Schema for BQ table for raw results (#1762) 
* Fix schemas

* updates

* updates

* Schema for BQ table of raw result

* update

* updates

* create utility function only

* update

* updates

* updates

* manifest
 2022-04-15 16:35:01 +00:00
dependabot[bot]
c428e3181e 🌱 Bump distroless/base in /cron/worker 
Bumps distroless/base from `792dfe7` to `764b74b`.

---
updated-dependencies:
- dependency-name: distroless/base
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
 2022-03-29 21:28:57 +00:00
dependabot[bot]
ce06ac1a7e
🌱 Bump distroless/base in /cron/webhook (#1794) 
Bumps distroless/base from `792dfe7` to `764b74b`.

---
updated-dependencies:
- dependency-name: distroless/base
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Azeem Shaikh <azeemshaikh38@gmail.com>
 2022-03-29 19:51:22 +00:00
dependabot[bot]
007156b1d3 🌱 Bump distroless/base in /cron/controller 
Bumps distroless/base from `792dfe7` to `764b74b`.

---
updated-dependencies:
- dependency-name: distroless/base
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
 2022-03-29 09:59:08 -05:00
laurentsimon
8150ab0f88
Make Vuln ID field lower case in raw results (#1761) 
* case sensitive ID

* updates
 2022-03-25 00:24:23 +00:00
dependabot[bot]
66b3d8ce5c
🌱 Bump github.com/golangci/golangci-lint from 1.44.2 to 1.45.0 in /tools (#1757) 
* 🌱 Bump github.com/golangci/golangci-lint in /tools

Bumps [github.com/golangci/golangci-lint](https://github.com/golangci/golangci-lint) from 1.44.2 to 1.45.0.
- [Release notes](https://github.com/golangci/golangci-lint/releases)
- [Changelog](https://github.com/golangci/golangci-lint/blob/master/CHANGELOG.md)
- [Commits](https://github.com/golangci/golangci-lint/compare/v1.44.2...v1.45.0)

---
updated-dependencies:
- dependency-name: github.com/golangci/golangci-lint
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

* golangci-lint: Surface and fix as many lint warnings automatically

Signed-off-by: Stephen Augustus <foo@auggie.dev>

* generated: Run golangci-lint with `fix: true`

Signed-off-by: Stephen Augustus <foo@auggie.dev>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Stephen Augustus <foo@auggie.dev>
 2022-03-23 02:23:39 +00:00
laurentsimon
06efb4a71c
Update BQ table name for raw results (#1759) 
* Update name

* comments
 2022-03-21 23:50:45 +00:00
laurentsimon
1094680a0f
🐛 Fix schemas from https://github.com/ossf/scorecard/pull/1758 (#1760) 
* Fix schemas

* updates

* updates
 2022-03-21 21:03:26 +00:00