ossf/scorecard
1
1
Fork 0
mirror of https://github.com/ossf/scorecard.git synced 2024-11-10 02:16:26 +03:00
Code Issues Actions 7 Packages Projects Releases Wiki Activity
686 Commits 32 Branches 42 Tags 440 MiB
2d65ab4f0c
Commit Graph

686 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Azeem Shaikh
2d65ab4f0c
Remove ErrRepoUnavailable (#908) 
Co-authored-by: Azeem Shaikh <azeems@google.com>
 2021-08-25 09:33:59 -07:00
Azeem Shaikh
b89808ff8c
Pin protoc by SHA (#909) 
Co-authored-by: Azeem Shaikh <azeems@google.com>
 2021-08-25 15:54:10 +00:00
Azeem Shaikh
e73f08e76c
Fix nil ptr dereference (#907) 
Co-authored-by: Azeem Shaikh <azeems@google.com>
Co-authored-by: Naveen <172697+naveensrinivasan@users.noreply.github.com>
 2021-08-25 07:09:24 -07:00
Azeem Shaikh
cc30d54db2
Use arduino/setup-protoc for installing Protoc (#903) 
Co-authored-by: Azeem Shaikh <azeems@google.com>
 2021-08-25 09:31:04 -04:00
Azeem Shaikh
8cf95c46e4
Use singleton pattern for OSS-Fuzz (#902) 
Co-authored-by: Azeem Shaikh <azeems@google.com>
 2021-08-25 03:28:49 +00:00
Azeem Shaikh
41d0ce38c4
Replace errors.As with Is (#901) 
Co-authored-by: Azeem Shaikh <azeems@google.com>
 2021-08-25 01:03:45 +00:00
Azeem Shaikh
46a655d405
Fixes for Branch Protection (#900) 
Co-authored-by: Azeem Shaikh <azeems@google.com>
 2021-08-25 00:04:17 +00:00
dependabot[bot]
7bc2e00589
🌱 Bump peter-evans/find-comment from 1.2.0 to 1.3.0 (#893) 
Bumps [peter-evans/find-comment](https://github.com/peter-evans/find-comment) from 1.2.0 to 1.3.0.
- [Release notes](https://github.com/peter-evans/find-comment/releases)
- [Commits](309ce798ba...d2dae40ed1)

---
updated-dependencies:
- dependency-name: peter-evans/find-comment
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Naveen <172697+naveensrinivasan@users.noreply.github.com>
 2021-08-24 22:20:22 +00:00
laurentsimon
ad134ac30d
Add hash to results (JSON, SARIF) (#892) 
* add hash to result

* add json file
 2021-08-24 16:50:47 +00:00
laurentsimon
6403eb1382
Transition Packaging, SAST, Security-policy, Signed-releases check to the new structured detail format (#887) 
* move checks to new format

* fix

* comments

* fix

* comments
 2021-08-24 01:44:06 +00:00
laurentsimon
b731f450b9
Transition Vulnerabilities, Permissions, CI-Tests, Dependency-Update-Tool, Code-Reviews to structured details (#889) 
* move other checks togit add -u

* more checks

* fixes
 2021-08-24 00:54:22 +00:00
Meder Kydyraliev
27c5821764
Update README.md (#888) 2021-08-24 00:12:03 +00:00
Azeem Shaikh
aea12496c5
Add ephemeral-storage to cron worker (#885) 
Co-authored-by: Azeem Shaikh <azeems@google.com>
 2021-08-23 22:27:03 +00:00
laurentsimon
276155d1eb
SARIF 4: Add support to output SARIF format (#866) 
* draft1

* draft2

* draft

* draft 3

* typos

* unit tests

* fixes

* fixes

* related locs

* fixes

* version

* fixes

* linter/fix

* fixes

* linter

* gofmt -s
 2021-08-23 21:31:33 +00:00
laurentsimon
d1de6cf513
support v3 (#883) 2021-08-23 18:48:29 +00:00
Azeem Shaikh
bb70e15bfb
Remove token-heavy checks from cron job (#882) 
Co-authored-by: Azeem Shaikh <azeems@google.com>
 2021-08-23 17:38:03 +00:00
dependabot[bot]
77a4160a87
🌱 Bump github.com/onsi/gomega from 1.15.0 to 1.16.0 (#879) 
Bumps [github.com/onsi/gomega](https://github.com/onsi/gomega) from 1.15.0 to 1.16.0.
- [Release notes](https://github.com/onsi/gomega/releases)
- [Changelog](https://github.com/onsi/gomega/blob/master/CHANGELOG.md)
- [Commits](https://github.com/onsi/gomega/compare/v1.15.0...v1.16.0)

---
updated-dependencies:
- dependency-name: github.com/onsi/gomega
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2021-08-23 16:18:46 +00:00
Azeem Shaikh
b7c0d03b25
Handle GitHub repos with redirects (#876) 
Co-authored-by: Azeem Shaikh <azeems@google.com>
 2021-08-21 20:45:57 -07:00
dependabot[bot]
42700ee940 🌱 Bump actions/github-script from 4.0.2 to 4.1 
Bumps [actions/github-script](https://github.com/actions/github-script) from 4.0.2 to 4.1.
- [Release notes](https://github.com/actions/github-script/releases)
- [Commits](a3e7071a34...f891eff651)

---
updated-dependencies:
- dependency-name: actions/github-script
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
 2021-08-20 11:05:08 -05:00
Nanik
c73b28f13c
fix: add github.com as default for owner/repo parameter (#872) 
* fix: add github.com as default for owner/repo parameter #780

* fix: use const to fix build error

* fix: nitpick fix and golangci-lint issue
 2021-08-20 00:07:30 +00:00
Chris McGehee
c54d77b0d7
🐛 Only validate shell scripts supported by our parser (#862) 
* Only validate shell scripts supported by our parser

* Updating tests, code quality

Co-authored-by: Abhishek Arya <inferno@chromium.org>
 2021-08-19 08:18:45 -07:00
dependabot[bot]
04e8bcf933
🌱 Bump cloud.google.com/go/bigquery from 1.20.1 to 1.21.0 (#870) 
Bumps [cloud.google.com/go/bigquery](https://github.com/googleapis/google-cloud-go) from 1.20.1 to 1.21.0.
- [Release notes](https://github.com/googleapis/google-cloud-go/releases)
- [Changelog](https://github.com/googleapis/google-cloud-go/blob/master/CHANGES.md)
- [Commits](https://github.com/googleapis/google-cloud-go/compare/bigquery/v1.20.1...spanner/v1.21.0)

---
updated-dependencies:
- dependency-name: cloud.google.com/go/bigquery
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Azeem Shaikh <azeemshaikh38@gmail.com>
 2021-08-18 18:48:16 +00:00
Azeem Shaikh
1c9a255642
Update docs to use :stable release (#865) 
Co-authored-by: Azeem Shaikh <azeems@google.com>
Co-authored-by: Naveen <172697+naveensrinivasan@users.noreply.github.com>
 2021-08-18 15:41:20 +00:00
dependabot[bot]
fa4e8a43f1
🌱 Bump github.com/golangci/golangci-lint from 1.41.1 to 1.42.0 (#869) 
Bumps [github.com/golangci/golangci-lint](https://github.com/golangci/golangci-lint) from 1.41.1 to 1.42.0.
- [Release notes](https://github.com/golangci/golangci-lint/releases)
- [Changelog](https://github.com/golangci/golangci-lint/blob/master/CHANGELOG.md)
- [Commits](https://github.com/golangci/golangci-lint/compare/v1.41.1...v1.42.0)

---
updated-dependencies:
- dependency-name: github.com/golangci/golangci-lint
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2021-08-18 13:42:02 +00:00
dependabot[bot]
e7d9ec52fa
🌱 Bump cloud.google.com/go/pubsub from 1.14.0 to 1.15.0 (#858) 
Bumps [cloud.google.com/go/pubsub](https://github.com/googleapis/google-cloud-go) from 1.14.0 to 1.15.0.
- [Release notes](https://github.com/googleapis/google-cloud-go/releases)
- [Changelog](https://github.com/googleapis/google-cloud-go/blob/master/CHANGES.md)
- [Commits](https://github.com/googleapis/google-cloud-go/compare/pubsub/v1.14.0...pubsub/v1.15.0)

---
updated-dependencies:
- dependency-name: cloud.google.com/go/pubsub
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Azeem Shaikh <azeemshaikh38@gmail.com>
 2021-08-17 15:45:27 +00:00
Azeem Shaikh
63a8fc73af
Nil pointer dereference (#864) 
Co-authored-by: Azeem Shaikh <azeems@google.com>
 2021-08-17 14:07:49 +00:00
Azeem Shaikh
cf01ea69c7
Fix nil pointer dereference bug (#860) 
Co-authored-by: Azeem Shaikh <azeems@google.com>
 2021-08-17 01:08:09 +00:00
laurentsimon
dbdcd4bea7
SARIF 1: add structured detail (#843) 
* sarif-1

* comment

* typos

* comments

* comments

* typo

* typo

* fixes

* linter

* linter

* linter
 2021-08-16 23:26:19 +00:00
laurentsimon
0a0d292b3c
SARIF 3: add flag to yaml (#853) 
* yaml

* fixes

* fixes

* typo

* typo

* comments
 2021-08-16 22:37:04 +00:00
Azeem Shaikh
13ef9dd7e0
Use RepoClient.Search API in SAST check (#857) 
Co-authored-by: Azeem Shaikh <azeems@google.com>
 2021-08-16 17:34:10 +00:00
laurentsimon
23764f0168
Upload cron results to a table with new format (#830) 
* add json2 function

* asJSON2

* url2

* draft

* root

* tables and bucket

* fix

* comments

* new transfer instances

* comments

* rename files

* update k8 names

* typo

* fizes

* linter
 2021-08-16 16:38:41 +00:00
laurentsimon
b3a3f7e217
SARIF 2: add short description to checks.yml (#848) 
* short desc

* validate new field

* typos

* comments

* fixed
 2021-08-16 15:42:55 +00:00
dependabot[bot]
72337426f0
🌱 Bump go.uber.org/zap from 1.18.1 to 1.19.0 (#834) 
Bumps [go.uber.org/zap](https://github.com/uber-go/zap) from 1.18.1 to 1.19.0.
- [Release notes](https://github.com/uber-go/zap/releases)
- [Changelog](https://github.com/uber-go/zap/blob/master/CHANGELOG.md)
- [Commits](https://github.com/uber-go/zap/compare/v1.18.1...v1.19.0)

---
updated-dependencies:
- dependency-name: go.uber.org/zap
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Naveen <172697+naveensrinivasan@users.noreply.github.com>
 2021-08-15 22:55:20 +00:00
Azeem Shaikh
42ee430332
Use RepoClient API for Fuzzing (#855) 
Co-authored-by: Azeem Shaikh <azeems@google.com>
 2021-08-14 00:34:40 +00:00
Azeem Shaikh
4c585f2e5f
Fix nil pointer bug (#856) 
Co-authored-by: Azeem Shaikh <azeems@google.com>
 2021-08-13 23:42:03 +00:00
Azeem Shaikh
8baaaa4cf8
Use RepoClient API for Contributors check (#854) 
Co-authored-by: Azeem Shaikh <azeems@google.com>
 2021-08-13 18:13:43 +00:00
Azeem Shaikh
b7ddc9ac93
Update go-github version for consistency (#852) 
Co-authored-by: Azeem Shaikh <azeems@google.com>
 2021-08-13 00:43:22 +00:00
Azeem Shaikh
d4701c4a4e
Delete Signed-Tags check from Scorecard (#851) 
Co-authored-by: Azeem Shaikh <azeems@google.com>
 2021-08-12 22:26:50 +00:00
Azeem Shaikh
29fbdae1af
Enable automated e2e testing and releases (#850) 
Co-authored-by: Azeem Shaikh <azeems@google.com>
Co-authored-by: Abhishek Arya <inferno@chromium.org>
 2021-08-12 21:44:54 +00:00
Azeem Shaikh
3f9431d08c
Update SignedReleases to use RepoClient API (#844) 
Co-authored-by: Azeem Shaikh <azeems@google.com>
 2021-08-12 20:46:06 +00:00
Naveen
e160d4a273
📖 Fixed the typos and rephrased some (#849) 
*  Fixed a few typos
    *  Rephrased a few statements.
 2021-08-12 15:59:01 -04:00
Azeem Shaikh
7790d70119
Use consistent golang image across Dockerfiles (#847) 
Co-authored-by: Azeem Shaikh <azeems@google.com>
Co-authored-by: Abhishek Arya <inferno@chromium.org>
 2021-08-12 16:54:32 +00:00
asraa
cc312f2d1d
feature: branch protection without admin token (#823) 
* branch protection without admin permission

Signed-off-by: Asra Ali <asraa@google.com>

* handle other errors

Signed-off-by: Asra Ali <asraa@google.com>

* fix lint

Signed-off-by: Asra Ali <asraa@google.com>

Co-authored-by: Naveen <172697+naveensrinivasan@users.noreply.github.com>
 2021-08-12 15:54:28 +00:00
dependabot[bot]
a10baab917
🌱 Bump golang from 5cdc91c to 3c4de86 (#846) 
Bumps golang from `5cdc91c` to `3c4de86`.

---
updated-dependencies:
- dependency-name: golang
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2021-08-12 11:10:42 -04:00
Azeem Shaikh
cbc556fbec
Append changelog to new releases (#838) 
Co-authored-by: Azeem Shaikh <azeems@google.com>
 2021-08-11 23:27:15 +00:00
Azeem Shaikh
eeb563be10
Update SAST and CITest with Repoclient API (#842) 
Co-authored-by: Azeem Shaikh <azeems@google.com>
 2021-08-12 08:27:48 +10:00
laurentsimon
5bcc1fdc4f
populate old details (#841) 2021-08-11 21:16:05 +00:00
Azeem Shaikh
977c2b8657
Log runtime failures in cron job (#840) 
Co-authored-by: Azeem Shaikh <azeems@google.com>
 2021-08-11 18:54:40 +00:00
Mark J. Cox
20370f782a
🐛 Look for organisation default .github security.md files in all the locations they are allowed to be in (#837) 
* The default community health files for an organisation can be in one of
three places, but the current check only looked in one of them. Expand
the check to all three places as per
https://docs.github.com/en/communities/setting-up-your-project-for-healthy-contributions/creating-a-default-community-health-file

This fixes scorecards failing to pick up the default Apache policy
https://github.com/apache/.github/blob/main/.github/SECURITY.md

Signed-off-by: Mark J. Cox <mark@awe.com>

* Wrap don't use a long line

* Follow the hint in the failure and run "gofmt -s" on it
 2021-08-11 10:53:04 -07:00
dependabot[bot]
ee8e4026bc
🌱 Bump github.com/google/go-containerregistry (#832) 
Bumps [github.com/google/go-containerregistry](https://github.com/google/go-containerregistry) from 0.1.2 to 0.6.0.
- [Release notes](https://github.com/google/go-containerregistry/releases)
- [Changelog](https://github.com/google/go-containerregistry/blob/main/.goreleaser.yml)
- [Commits](https://github.com/google/go-containerregistry/compare/v0.1.2...v0.6.0)

---
updated-dependencies:
- dependency-name: github.com/google/go-containerregistry
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Azeem Shaikh <azeemshaikh38@gmail.com>
 2021-08-11 16:43:35 +00:00