dependabot[bot]
9fecf631c9
🌱 Bump github.com/rhysd/actionlint from 1.6.13 to 1.6.15 ( #2012 )
...
Bumps [github.com/rhysd/actionlint](https://github.com/rhysd/actionlint ) from 1.6.13 to 1.6.15.
- [Release notes](https://github.com/rhysd/actionlint/releases )
- [Changelog](https://github.com/rhysd/actionlint/blob/main/CHANGELOG.md )
- [Commits](https://github.com/rhysd/actionlint/compare/v1.6.13...v1.6.15 )
---
updated-dependencies:
- dependency-name: github.com/rhysd/actionlint
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-07-11 02:43:08 +00:00
Bill Nottingham
48291a3dd4
Use the proper repo for lombok. ( #2029 )
2022-07-08 23:15:13 +00:00
dependabot[bot]
f3e21fa970
🌱 Bump actions/cache from 3.0.3 to 3.0.4 ( #1988 )
...
Bumps [actions/cache](https://github.com/actions/cache ) from 3.0.3 to 3.0.4.
- [Release notes](https://github.com/actions/cache/releases )
- [Changelog](https://github.com/actions/cache/blob/main/RELEASES.md )
- [Commits](30f413bfed...c3f1317a9e
)
---
updated-dependencies:
- dependency-name: actions/cache
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-07-08 15:48:42 +00:00
dependabot[bot]
f1dfbcb892
🌱 Bump actions/dependency-review-action from 1.0.2 to 2.0.2
...
Bumps [actions/dependency-review-action](https://github.com/actions/dependency-review-action ) from 1.0.2 to 2.0.2.
- [Release notes](https://github.com/actions/dependency-review-action/releases )
- [Commits](a9c83d3af6...1c59cdf2a9
)
---
updated-dependencies:
- dependency-name: actions/dependency-review-action
dependency-type: direct:production
update-type: version-update:semver-major
...
Signed-off-by: dependabot[bot] <support@github.com>
2022-07-08 14:31:37 +00:00
dependabot[bot]
6a84f974d5
🌱 Bump cloud.google.com/go/bigquery from 1.32.0 to 1.34.1 ( #2006 )
...
Bumps [cloud.google.com/go/bigquery](https://github.com/googleapis/google-cloud-go ) from 1.32.0 to 1.34.1.
- [Release notes](https://github.com/googleapis/google-cloud-go/releases )
- [Changelog](https://github.com/googleapis/google-cloud-go/blob/main/CHANGES.md )
- [Commits](https://github.com/googleapis/google-cloud-go/compare/spanner/v1.32.0...bigquery/v1.34.1 )
---
updated-dependencies:
- dependency-name: cloud.google.com/go/bigquery
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-07-06 15:53:29 -05:00
Naveen
bc12ba6f78
🌱 Workaround for Protoc failures in GH Actions ( #2025 )
...
Signed-off-by: naveensrinivasan <172697+naveensrinivasan@users.noreply.github.com>
2022-07-06 14:22:06 -04:00
Simon Waldherr
3430f7833f
small fixes ( #2015 )
...
gofmt -s -w . and some misspelled words
2022-07-06 16:38:09 +00:00
Dave Thaler
e7faa8ff48
Fix broken link ( #2004 )
...
The scorecard currently generates code scanning alerts with a broken
link. This PR fixes the link to be a valid link.
Signed-off-by: Dave Thaler <dthaler@microsoft.com>
2022-07-06 15:38:25 +00:00
Azeem Shaikh
445d7baea6
Fix bug in docker run scorecard version
( #1991 )
...
Co-authored-by: Azeem Shaikh <azeems@google.com>
2022-07-06 15:09:18 +00:00
dependabot[bot]
2fb4093a26
🌱 Bump cloud.google.com/go/pubsub from 1.21.1 to 1.23.1 ( #2014 )
...
Bumps [cloud.google.com/go/pubsub](https://github.com/googleapis/google-cloud-go ) from 1.21.1 to 1.23.1.
- [Release notes](https://github.com/googleapis/google-cloud-go/releases )
- [Changelog](https://github.com/googleapis/google-cloud-go/blob/main/CHANGES.md )
- [Commits](https://github.com/googleapis/google-cloud-go/compare/pubsub/v1.21.1...pubsub/v1.23.1 )
---
updated-dependencies:
- dependency-name: cloud.google.com/go/pubsub
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-07-05 09:14:11 -05:00
laurentsimon
3957460c2b
update ( #2011 )
2022-06-29 10:10:15 -07:00
Ethan Davis
6a032a3019
✨ Check for Mach-O binaries in Binary Artifacts ( #2000 )
2022-06-23 08:54:55 -07:00
Aiden Wang
e42af75660
✨ Add Language struct and optimize result parsing for GHClient.ListProgrammingLanguages ( #1992 )
...
* temp save 05262022
* finished golang fuzz func check, getLang interface to be done next week
* temp save 05/31/2022
* temp save 06/01/2022
* temp save-2 06/01/2022
* temp save-1 06032022
* temp save-2 06022022
* temp save
* temp save 06032022
* temp save 06032022 (2)
* update err def
* temp save 3
* update docs for fuzzing
* update docs for fuzzing
* update checks.yaml to gen docs
* temp save 0606
* temp save-2 0606
* temp save-3 0606
* temp save-4 0606
* fix linter errors
* fix linter errs-2
* fix e2e errors
* 0608
* 0608-2
* optimize Language struct & parsing
* add more lang const
* resolved nits
Co-authored-by: Aiden Wang <aidenwang@google.com>
2022-06-10 12:13:38 -07:00
Aiden Wang
64cd05310b
✨ Support user-defined fuzz functions (GoLang) in fuzzing check ( #1979 )
...
* temp save 05262022
* finished golang fuzz func check, getLang interface to be done next week
* temp save 05/31/2022
* temp save 06/01/2022
* temp save-2 06/01/2022
* temp save-1 06032022
* temp save-2 06022022
* temp save
* temp save 06032022
* temp save 06032022 (2)
* update err def
* temp save 3
* update docs for fuzzing
* update docs for fuzzing
* update checks.yaml to gen docs
* temp save 0606
* temp save-2 0606
* temp save-3 0606
* temp save-4 0606
* fix linter errors
* fix linter errs-2
* fix e2e errors
* 0608
* 0608-2
Co-authored-by: Aiden Wang <aidenwang@google.com>
2022-06-08 19:17:51 -07:00
laurentsimon
3b7c46f779
✨ SLSA provenance/build ( #1702 )
...
* SLSA build
* missing files
* updates
* updates
* updates
* indent fix
* update
* update
* updates
* updates
* updates
* updates
2022-06-08 09:54:09 -07:00
Arnaud J Le Hors
2c34a46503
Fix cron related documentation ( #1986 )
...
Fix link to projects.csv in README.md
Remove out of date info on daily cron job from CONTRIBUTING.md and fix
various links.
Signed-off-by: Arnaud J Le Hors <lehors@us.ibm.com>
Co-authored-by: Azeem Shaikh <azeemshaikh38@gmail.com>
2022-06-07 20:12:28 +02:00
laurentsimon
4bd3391a36
✨ Raw results for Pinned-Dependencies ( #1932 )
...
* backup
* update
* update
* draft
* updates
* updates
* updates
* updates
* fix
* linter
* updates
* updates
* updates
* updates
* updates
* updates
* updates
* linter
* comments
* linter
* linter
* tests
* updates
* updates
* tests
2022-06-06 14:31:22 -07:00
laurentsimon
23523f6d09
Update publishimage.yml ( #1977 )
2022-06-01 16:42:23 -07:00
laurentsimon
608da94aaf
✨ Raw results for Packaging check ( #1913 )
...
* update
* update
* update
* update
* update
* update
* update
* updates
* update
* update
* update
* update
* update
* update
* comments
2022-06-01 16:41:20 +00:00
Azeem Shaikh
1d9cd05476
Replace clients.Contributor
with clients.User
( #1957 )
...
Co-authored-by: Azeem Shaikh <azeems@google.com>
2022-05-31 13:19:14 -07:00
Naveen
f712144d00
🌱 Included Stargazers over time ( #1971 )
2022-05-31 17:03:39 +00:00
Naveen
0eeb0c20cd
🌱 Signing scorecard images using cosign ( #1970 )
...
* --wip-- [skip ci]
* 🌱 Signing scorecard images using cosign
Signed-off-by: naveensrinivasan <172697+naveensrinivasan@users.noreply.github.com>
2022-05-31 16:42:32 +00:00
dependabot[bot]
4a88dac00f
🌱 Bump actions/cache from 3.0.2 to 3.0.3
...
Bumps [actions/cache](https://github.com/actions/cache ) from 3.0.2 to 3.0.3.
- [Release notes](https://github.com/actions/cache/releases )
- [Changelog](https://github.com/actions/cache/blob/main/RELEASES.md )
- [Commits](48af2dc4a9...30f413bfed
)
---
updated-dependencies:
- dependency-name: actions/cache
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
2022-05-31 16:14:24 +00:00
dependabot[bot]
d435e94367
🌱 Bump github.com/caarlos0/env/v6 from 6.9.2 to 6.9.3
...
Bumps [github.com/caarlos0/env/v6](https://github.com/caarlos0/env ) from 6.9.2 to 6.9.3.
- [Release notes](https://github.com/caarlos0/env/releases )
- [Changelog](https://github.com/caarlos0/env/blob/main/.goreleaser.yml )
- [Commits](https://github.com/caarlos0/env/compare/v6.9.2...v6.9.3 )
---
updated-dependencies:
- dependency-name: github.com/caarlos0/env/v6
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
2022-05-31 11:35:07 +00:00
Azeem Shaikh
70d045b9ef
Only pull required branch names ( #1965 )
...
Co-authored-by: Azeem Shaikh <azeems@google.com>
2022-05-27 22:25:24 +00:00
dependabot[bot]
1471c807da
🌱 Bump crazy-max/ghaction-import-gpg from 4.4.0 to 5
...
Bumps [crazy-max/ghaction-import-gpg](https://github.com/crazy-max/ghaction-import-gpg ) from 4.4.0 to 5.
- [Release notes](https://github.com/crazy-max/ghaction-import-gpg/releases )
- [Changelog](https://github.com/crazy-max/ghaction-import-gpg/blob/master/CHANGELOG.md )
- [Commits](e00cb83a68...34ea557550
)
---
updated-dependencies:
- dependency-name: crazy-max/ghaction-import-gpg
dependency-type: direct:production
update-type: version-update:semver-major
...
Signed-off-by: dependabot[bot] <support@github.com>
2022-05-27 16:31:07 +00:00
dependabot[bot]
a997c0abe1
🌱 Bump actions/setup-go from 3.1.0 to 3.2.0
...
Bumps [actions/setup-go](https://github.com/actions/setup-go ) from 3.1.0 to 3.2.0.
- [Release notes](https://github.com/actions/setup-go/releases )
- [Commits](fcdc43634a...b22fbbc292
)
---
updated-dependencies:
- dependency-name: actions/setup-go
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
2022-05-27 16:08:17 +00:00
dependabot[bot]
f8ab8d0282
🌱 Bump github.com/jszwec/csvutil from 1.6.0 to 1.7.0
...
Bumps [github.com/jszwec/csvutil](https://github.com/jszwec/csvutil ) from 1.6.0 to 1.7.0.
- [Release notes](https://github.com/jszwec/csvutil/releases )
- [Commits](https://github.com/jszwec/csvutil/compare/v1.6.0...v1.7.0 )
---
updated-dependencies:
- dependency-name: github.com/jszwec/csvutil
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
2022-05-27 15:44:07 +00:00
dependabot[bot]
b491e47611
🌱 Bump ossf/scorecard-action from 1.0.4 to 1.1.0 ( #1963 )
...
Bumps [ossf/scorecard-action](https://github.com/ossf/scorecard-action ) from 1.0.4 to 1.1.0.
- [Release notes](https://github.com/ossf/scorecard-action/releases )
- [Changelog](https://github.com/ossf/scorecard-action/blob/main/RELEASE.md )
- [Commits](c1aec4ac82...5c8bc69dc8
)
---
updated-dependencies:
- dependency-name: ossf/scorecard-action
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-05-26 18:26:59 +00:00
Azeem Shaikh
a30bd749cb
Fix bug in move to internal
( #1964 )
...
Co-authored-by: Azeem Shaikh <azeems@google.com>
2022-05-26 17:13:04 +00:00
Aiden Wang
3e2c0fa1f8
✨ Update message for org-level security policy files ( #1939 )
...
* modified checks/evaluation/security_policy.go (issue #1908 )
* issue #1908 fixing temp save 05202022
* issue #1908 bug fixes
* debug comments deletion
* minor midifications
* temp save 0524-1
* temp save 0524-2
* bug fix #1908
* bug fix #1908 (2)
* bug fix #1908 (3)
* #1908
* merge from upstream/main & minor changes
* minor changes -2
* Update security_policy.go
* Update security_policy.go
* Update security_policy.go (linter error fix)
Co-authored-by: Aiden Wang <aidenwang@google.com>
Co-authored-by: laurentsimon <64505099+laurentsimon@users.noreply.github.com>
2022-05-26 15:22:30 +00:00
Azeem Shaikh
d1714a289a
Move the cron job to internal
package ( #1960 )
...
Co-authored-by: Azeem Shaikh <azeems@google.com>
2022-05-25 15:37:22 -07:00
Azeem Shaikh
6a21afb410
Fix bug in cron setup ( #1959 )
...
Co-authored-by: Azeem Shaikh <azeems@google.com>
2022-05-25 20:46:50 +00:00
dependabot[bot]
950ff1f9e8
🌱 Bump mvdan.cc/sh/v3 from 3.5.0 to 3.5.1
...
Bumps [mvdan.cc/sh/v3](https://github.com/mvdan/sh ) from 3.5.0 to 3.5.1.
- [Release notes](https://github.com/mvdan/sh/releases )
- [Changelog](https://github.com/mvdan/sh/blob/master/CHANGELOG.md )
- [Commits](https://github.com/mvdan/sh/compare/v3.5.0...v3.5.1 )
---
updated-dependencies:
- dependency-name: mvdan.cc/sh/v3
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
2022-05-25 18:50:29 +00:00
Azeem Shaikh
25c7e1c7f2
Replace checker.Commit
with clients.Commit
( #1950 )
...
Co-authored-by: Azeem Shaikh <azeems@google.com>
2022-05-24 23:11:37 +00:00
Azeem Shaikh
96fac8a941
Replace checker.Vuln
with clients.Vuln
( #1955 )
...
Co-authored-by: Azeem Shaikh <azeems@google.com>
2022-05-24 20:15:37 +00:00
Azeem Shaikh
edd371cf7d
Replace checker.BP
with clients.BP
( #1953 )
...
Co-authored-by: Azeem Shaikh <azeems@google.com>
2022-05-24 12:34:07 -07:00
dependabot[bot]
d5e755cb08
🌱 Bump actions/dependency-review-action from 1.0.1 to 1.0.2
...
Bumps [actions/dependency-review-action](https://github.com/actions/dependency-review-action ) from 1.0.1 to 1.0.2.
- [Release notes](https://github.com/actions/dependency-review-action/releases )
- [Commits](39e692fa32...a9c83d3af6
)
---
updated-dependencies:
- dependency-name: actions/dependency-review-action
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
2022-05-24 13:54:08 +00:00
Azeem Shaikh
4b655b45ce
Replace checker.Webhook
with clients.Webhook
( #1948 )
...
Co-authored-by: Azeem Shaikh <azeems@google.com>
2022-05-24 02:47:12 +00:00
Azeem Shaikh
9a2a4f16bd
Replace checker.Release
with clients.Release
( #1946 )
...
Co-authored-by: Azeem Shaikh <azeems@google.com>
2022-05-24 02:05:02 +00:00
Azeem Shaikh
33e3106320
Replace checker.Issue
with clients.Issue
( #1944 )
...
Co-authored-by: Azeem Shaikh <azeems@google.com>
2022-05-24 01:07:25 +00:00
laurentsimon
720a049464
updates ( #1947 )
2022-05-23 21:24:39 +00:00
Azeem Shaikh
1a2f08827f
Replace checker.CIIBadge
with clients.CIIBadge
( #1945 )
...
Co-authored-by: Azeem Shaikh <azeems@google.com>
2022-05-23 20:30:56 +00:00
dependabot[bot]
108f88d056
🌱 Bump actions/upload-artifact from 3.0.0 to 3.1.0 ( #1941 )
...
Bumps [actions/upload-artifact](https://github.com/actions/upload-artifact ) from 3.0.0 to 3.1.0.
- [Release notes](https://github.com/actions/upload-artifact/releases )
- [Commits](6673cd052c...3cea537223
)
---
updated-dependencies:
- dependency-name: actions/upload-artifact
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-05-23 06:41:30 -05:00
Vihang Mehta
7ac81a334f
🐛 Fix debug log for Piper ( #1937 )
...
Signed-off-by: Vihang Mehta <vihang@pixielabs.ai>
2022-05-22 23:41:45 +00:00
dependabot[bot]
61f24c053e
🌱 Bump github.com/golangci/golangci-lint in /tools ( #1924 )
...
Bumps [github.com/golangci/golangci-lint](https://github.com/golangci/golangci-lint ) from 1.46.0 to 1.46.2.
- [Release notes](https://github.com/golangci/golangci-lint/releases )
- [Changelog](https://github.com/golangci/golangci-lint/blob/master/CHANGELOG.md )
- [Commits](https://github.com/golangci/golangci-lint/compare/v1.46.0...v1.46.2 )
---
updated-dependencies:
- dependency-name: github.com/golangci/golangci-lint
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-05-22 14:53:42 +00:00
dependabot[bot]
2d72623a6c
🌱 Bump github.com/rhysd/actionlint from 1.6.12 to 1.6.13
...
Bumps [github.com/rhysd/actionlint](https://github.com/rhysd/actionlint ) from 1.6.12 to 1.6.13.
- [Release notes](https://github.com/rhysd/actionlint/releases )
- [Changelog](https://github.com/rhysd/actionlint/blob/main/CHANGELOG.md )
- [Commits](https://github.com/rhysd/actionlint/compare/v1.6.12...v1.6.13 )
---
updated-dependencies:
- dependency-name: github.com/rhysd/actionlint
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
2022-05-22 13:49:42 +00:00
dependabot[bot]
7e4cd514fc
🌱 Bump distroless/base in /cron/controller ( #1929 )
...
Bumps distroless/base from `764b74b` to `d65ac1a`.
---
updated-dependencies:
- dependency-name: distroless/base
dependency-type: direct:production
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-05-22 12:55:12 +00:00
laurentsimon
2fc48e3b38
✨ Use Tool for raw fuzzing results ( #1935 )
...
* updates
* updates
2022-05-21 01:43:09 +00:00
laurentsimon
af7f865b9d
update ( #1926 )
2022-05-20 15:59:53 +00:00