dependabot[bot]
3181aba22b
🌱 Bump github.com/spf13/cobra from 1.2.0 to 1.2.1
...
Bumps [github.com/spf13/cobra](https://github.com/spf13/cobra ) from 1.2.0 to 1.2.1.
- [Release notes](https://github.com/spf13/cobra/releases )
- [Changelog](https://github.com/spf13/cobra/blob/master/CHANGELOG.md )
- [Commits](https://github.com/spf13/cobra/compare/v1.2.0...v1.2.1 )
---
updated-dependencies:
- dependency-name: github.com/spf13/cobra
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
2021-07-05 08:52:24 -05:00
Azeem Shaikh
581e170db1
Add a tarball handler ( #654 )
...
Co-authored-by: Azeem Shaikh <azeems@google.com>
2021-07-04 17:35:53 -07:00
Azeem Shaikh
aab6c217cc
Add monitoring to measure remaining Github tokens ( #652 )
...
Co-authored-by: Azeem Shaikh <azeems@google.com>
2021-07-04 14:42:21 -07:00
naveen
aeead94680
✨ Included security.rst as SecurityPolicy
...
* Included security.rst as name check for security policy.
2021-07-04 16:18:51 -05:00
Azeem Shaikh
68dc079b79
Fix bug causing performance issues ( #649 )
...
Co-authored-by: Azeem Shaikh <azeems@google.com>
2021-07-02 21:12:53 +00:00
dependabot[bot]
c61a744c1b
🌱 Bump github.com/spf13/cobra from 1.1.3 to 1.2.0
...
Bumps [github.com/spf13/cobra](https://github.com/spf13/cobra ) from 1.1.3 to 1.2.0.
- [Release notes](https://github.com/spf13/cobra/releases )
- [Changelog](https://github.com/spf13/cobra/blob/master/CHANGELOG.md )
- [Commits](https://github.com/spf13/cobra/compare/v1.1.3...v1.2.0 )
---
updated-dependencies:
- dependency-name: github.com/spf13/cobra
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
2021-07-02 11:27:32 -05:00
laurentsimon
e06ce1529d
don't log ( #641 )
2021-07-01 16:31:03 -07:00
Azeem Shaikh
08e934cbc2
Use GraphQL instead of REST to reduce token usage ( #640 )
...
Co-authored-by: Azeem Shaikh <azeems@google.com>
2021-07-01 15:32:57 -07:00
Azeem Shaikh
d81fd24246
Add ListFiles and GetFileContent APIs ( #637 )
...
Co-authored-by: Azeem Shaikh <azeems@google.com>
2021-06-30 23:49:49 -07:00
dependabot[bot]
ecab8fed52
🌱 Bump cloud.google.com/go/bigquery from 1.18.0 to 1.19.0 ( #635 )
...
Bumps [cloud.google.com/go/bigquery](https://github.com/googleapis/google-cloud-go ) from 1.18.0 to 1.19.0.
- [Release notes](https://github.com/googleapis/google-cloud-go/releases )
- [Changelog](https://github.com/googleapis/google-cloud-go/blob/master/CHANGES.md )
- [Commits](https://github.com/googleapis/google-cloud-go/compare/spanner/v1.18.0...spanner/v1.19.0 )
---
updated-dependencies:
- dependency-name: cloud.google.com/go/bigquery
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: Azeem Shaikh <azeems@google.com>
2021-06-30 11:54:01 -07:00
dependabot[bot]
1c5a247f44
🌱 Bump github.com/go-git/go-git/v5 in /gitcache ( #531 )
...
Bumps [github.com/go-git/go-git/v5](https://github.com/go-git/go-git ) from 5.3.0 to 5.4.2.
- [Release notes](https://github.com/go-git/go-git/releases )
- [Commits](https://github.com/go-git/go-git/compare/v5.3.0...v5.4.2 )
---
updated-dependencies:
- dependency-name: github.com/go-git/go-git/v5
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2021-06-30 17:24:10 +00:00
dependabot[bot]
2fab861955
🌱 Bump github.com/onsi/ginkgo in /gitcache
...
Bumps [github.com/onsi/ginkgo](https://github.com/onsi/ginkgo ) from 1.16.2 to 1.16.4.
- [Release notes](https://github.com/onsi/ginkgo/releases )
- [Changelog](https://github.com/onsi/ginkgo/blob/master/CHANGELOG.md )
- [Commits](https://github.com/onsi/ginkgo/compare/v1.16.2...v1.16.4 )
---
updated-dependencies:
- dependency-name: github.com/onsi/ginkgo
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
2021-06-30 11:23:21 -05:00
dependabot[bot]
fcec1d3a3e
🌱 Bump golang from 1.16.4 to 1.16.5 in /gitcache
...
Bumps golang from 1.16.4 to 1.16.5.
---
updated-dependencies:
- dependency-name: golang
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
2021-06-29 15:54:08 -05:00
dependabot[bot]
7535a7688c
🌱 Bump distroless/base from bc84925 to 38778ff in /gitcache ( #603 )
...
Bumps distroless/base from `bc84925` to `38778ff`.
---
updated-dependencies:
- dependency-name: distroless/base
dependency-type: direct:production
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Naveen <172697+naveensrinivasan@users.noreply.github.com>
2021-06-29 19:38:31 +00:00
laurentsimon
dd1a412b85
✨ Update readme ( #634 )
...
* update readme
* comments
2021-06-29 19:02:12 +00:00
Naveen
ec7755da82
Removed Code Coverage
2021-06-29 13:45:22 -05:00
dependabot[bot]
5dd7f118ae
🌱 Bump github.com/golangci/golangci-lint from 1.40.1 to 1.41.1 ( #627 )
...
Bumps [github.com/golangci/golangci-lint](https://github.com/golangci/golangci-lint ) from 1.40.1 to 1.41.1.
- [Release notes](https://github.com/golangci/golangci-lint/releases )
- [Changelog](https://github.com/golangci/golangci-lint/blob/master/CHANGELOG.md )
- [Commits](https://github.com/golangci/golangci-lint/compare/v1.40.1...v1.41.1 )
---
updated-dependencies:
- dependency-name: github.com/golangci/golangci-lint
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: Azeem Shaikh <azeems@google.com>
Co-authored-by: Azeem Shaikh <azeemshaikh38@gmail.com>
Co-authored-by: Naveen <172697+naveensrinivasan@users.noreply.github.com>
2021-06-29 10:26:16 -07:00
dependabot[bot]
6a3337d885
🌱 Bump distroless/base from bc84925 to 38778ff ( #602 )
...
Bumps distroless/base from `bc84925` to `38778ff`.
---
updated-dependencies:
- dependency-name: distroless/base
dependency-type: direct:production
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2021-06-29 17:06:55 +00:00
dependabot[bot]
2a0031910a
🌱 Bump go.uber.org/zap from 1.16.0 to 1.18.1 in /gitcache ( #623 )
...
Bumps [go.uber.org/zap](https://github.com/uber-go/zap ) from 1.16.0 to 1.18.1.
- [Release notes](https://github.com/uber-go/zap/releases )
- [Changelog](https://github.com/uber-go/zap/blob/master/CHANGELOG.md )
- [Commits](https://github.com/uber-go/zap/compare/v1.16.0...v1.18.1 )
---
updated-dependencies:
- dependency-name: go.uber.org/zap
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Azeem Shaikh <azeemshaikh38@gmail.com>
Co-authored-by: Naveen <172697+naveensrinivasan@users.noreply.github.com>
2021-06-29 16:53:37 +00:00
dependabot[bot]
6a2a1faa6f
🌱 Bump google.golang.org/protobuf from 1.26.0 to 1.27.1 ( #624 )
...
Bumps [google.golang.org/protobuf](https://github.com/protocolbuffers/protobuf-go ) from 1.26.0 to 1.27.1.
- [Release notes](https://github.com/protocolbuffers/protobuf-go/releases )
- [Changelog](https://github.com/protocolbuffers/protobuf-go/blob/master/release.bash )
- [Commits](https://github.com/protocolbuffers/protobuf-go/compare/v1.26.0...v1.27.1 )
---
updated-dependencies:
- dependency-name: google.golang.org/protobuf
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Azeem Shaikh <azeemshaikh38@gmail.com>
2021-06-29 08:42:40 -07:00
dependabot[bot]
fd0bb46836
🌱 Bump golang.org/x/tools from 0.1.3 to 0.1.4 ( #626 )
...
Bumps [golang.org/x/tools](https://github.com/golang/tools ) from 0.1.3 to 0.1.4.
- [Release notes](https://github.com/golang/tools/releases )
- [Commits](https://github.com/golang/tools/compare/v0.1.3...v0.1.4 )
---
updated-dependencies:
- dependency-name: golang.org/x/tools
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Azeem Shaikh <azeemshaikh38@gmail.com>
2021-06-29 01:23:05 -07:00
dependabot[bot]
18c3178a84
🌱 Bump codecov/codecov-action from 1.5.0 to 1.5.2 ( #558 )
...
Bumps [codecov/codecov-action](https://github.com/codecov/codecov-action ) from 1.5.0 to 1.5.2.
- [Release notes](https://github.com/codecov/codecov-action/releases )
- [Changelog](https://github.com/codecov/codecov-action/blob/master/CHANGELOG.md )
- [Commits](a1ed4b322b...29386c70ef
2021-06-28 22:19:47 -07:00
dependabot[bot]
c095d6f161
🌱 Bump contrib.go.opencensus.io/exporter/stackdriver ( #579 )
...
Bumps [contrib.go.opencensus.io/exporter/stackdriver](https://github.com/census-ecosystem/opencensus-go-exporter-stackdriver ) from 0.13.6 to 0.13.8.
- [Release notes](https://github.com/census-ecosystem/opencensus-go-exporter-stackdriver/releases )
- [Commits](https://github.com/census-ecosystem/opencensus-go-exporter-stackdriver/compare/v0.13.6...v0.13.8 )
---
updated-dependencies:
- dependency-name: contrib.go.opencensus.io/exporter/stackdriver
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Azeem Shaikh <azeemshaikh38@gmail.com>
2021-06-28 21:21:12 -07:00
dependabot[bot]
161d4964bc
🌱 Bump github.com/onsi/gomega in /gitcache ( #516 )
...
Bumps [github.com/onsi/gomega](https://github.com/onsi/gomega ) from 1.12.0 to 1.13.0.
- [Release notes](https://github.com/onsi/gomega/releases )
- [Changelog](https://github.com/onsi/gomega/blob/master/CHANGELOG.md )
- [Commits](https://github.com/onsi/gomega/compare/v1.12.0...v1.13.0 )
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Azeem Shaikh <azeemshaikh38@gmail.com>
2021-06-28 20:36:35 -07:00
Oliver Chang
34621504fb
✨ Add a Vulnerabilities check. ( #628 )
...
Uses OSV to check this.
Fixes #52 .
2021-06-29 03:09:40 +00:00
dependabot[bot]
18b53076d6
🌱 Bump go.uber.org/zap from 1.17.0 to 1.18.1 ( #625 )
...
Bumps [go.uber.org/zap](https://github.com/uber-go/zap ) from 1.17.0 to 1.18.1.
- [Release notes](https://github.com/uber-go/zap/releases )
- [Changelog](https://github.com/uber-go/zap/blob/master/CHANGELOG.md )
- [Commits](https://github.com/uber-go/zap/compare/v1.17.0...v1.18.1 )
---
updated-dependencies:
- dependency-name: go.uber.org/zap
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Naveen <172697+naveensrinivasan@users.noreply.github.com>
2021-06-28 18:49:51 -04:00
dependabot[bot]
bf87a7a00a
🌱 Bump cloud.google.com/go/pubsub from 1.11.0 to 1.12.0
...
Bumps [cloud.google.com/go/pubsub](https://github.com/googleapis/google-cloud-go ) from 1.11.0 to 1.12.0.
- [Release notes](https://github.com/googleapis/google-cloud-go/releases )
- [Changelog](https://github.com/googleapis/google-cloud-go/blob/master/CHANGES.md )
- [Commits](https://github.com/googleapis/google-cloud-go/compare/pubsub/v1.11.0...pubsub/v1.12.0 )
---
updated-dependencies:
- dependency-name: cloud.google.com/go/pubsub
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
2021-06-28 17:08:52 -05:00
dependabot[bot]
c900290630
🌱 Bump golang from cc34100 to 91b3c54 ( #621 )
...
Bumps golang from `cc34100` to `91b3c54`.
---
updated-dependencies:
- dependency-name: golang
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Naveen <172697+naveensrinivasan@users.noreply.github.com>
2021-06-28 17:37:23 -04:00
naveen
6aefe1b6ac
🌱 Fix broken e2e tests
...
* Changed the path for the frozen deps to look for within the
.github/worworkflows path
* Included license check to tools.go
* Removed the hard reference to ginkgo within the integration.yml
* The above fixes will fix the broken tests for scorecard.
Repo: github.com/ossf/scorecard
Frozen-Deps: Fail 10
go modules found: go.mod
!! frozen-deps/fetch-execute - .github/workflows/integration.yml is fetching an non-pinned dependency 'go get github.com/onsi/ginkgo/ginkgo@v1.14.2'
!! frozen-deps/fetch-execute - .github/workflows/main.yml is fetching an non-pinned dependency 'go install github.com/google/addlicense@latest'
2021-06-28 15:28:10 -05:00
Azeem Shaikh
2d5c770ff3
Move repos.RepoResult -> pkg.ScorecardResult ( #620 )
...
Co-authored-by: Azeem Shaikh <azeems@google.com>
2021-06-28 16:14:34 +10:00
Azeem Shaikh
1f1e05b22c
Add metadata Google for Google-owned repos ( #616 )
...
Co-authored-by: Azeem Shaikh <azeems@google.com>
2021-06-27 09:04:00 -07:00
laurentsimon
8960533b7b
✨ check insecure downloads in github workflows ( #610 )
...
* draft
* commit 2
* draft
* rem debug code
* typos
* fixes
* fix suffix
* draft
* fixes
* rem deb code
* share the github struct def
* typos
* linter
* linter
* fix
* comments
2021-06-25 17:30:17 +00:00
dependabot[bot]
9f074cef5a
🌱 Bump golang from 360bc82 to 74681bd ( #601 )
...
Bumps golang from `360bc82` to `74681bd`.
---
updated-dependencies:
- dependency-name: golang
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Naveen <172697+naveensrinivasan@users.noreply.github.com>
2021-06-25 11:01:16 -04:00
laurentsimon
d84c04299d
wheel for python packages ( #612 )
2021-06-24 18:38:20 -07:00
laurentsimon
4b1c574420
✨ Check for shell script's insecure download ( #606 )
...
* draft
* commit 2
* debug code
* draft
* draft
* rem debug code
* fix return value
* rename function
* add license
* typos
* fixes
* fix suffix
* comments
2021-06-24 17:24:14 +00:00
laurentsimon
ece69b2256
✨ Support for package manager's unpinned downloads ( #604 )
...
* comments
* rem debug code
* Unpinned downloads for 'go get' and 'pip install'
* updates
* debug code
* linter
* comments
2021-06-24 16:06:25 +00:00
laurentsimon
3cd3e6ef71
🐛 Fiz truncated file extraction from tarball ( #605 )
...
* fixes
* commments
2021-06-23 21:48:27 +00:00
laurentsimon
d1d1eb2ecb
✨ Support bash -c "CMD" for docker RUN downloads-then-exec ( #600 )
...
* comments
* rem debug code
* debug cmd left
* linter
* typo
* add TODO
* comments
2021-06-23 14:09:47 +00:00
laurentsimon
4ba05eb369
🐛 Comments ( #599 )
...
* comments
* typo
2021-06-22 12:22:47 -07:00
laurentsimon
1829ee7600
🐛 Fix for e2e failures ( #598 )
...
* draft
* fixes
* linter
* disable parallel
* comments
* commments
* linter
2021-06-22 10:55:59 -07:00
Azeem Shaikh
9266f97ee9
Add monitoring for Scorecard errors ( #597 )
...
Co-authored-by: Azeem Shaikh <azeems@google.com>
2021-06-21 15:38:50 -07:00
laurentsimon
0ca1ace1f2
✨ Check: detect downloads of scripts/binaries in docker's RUN ( #584 )
...
* commit 1
* commit 2
* commit 3
* updates
* linter
* update year
* cleanup
* linter
* fix test files
* linter
* comments
2021-06-21 18:45:15 +00:00
dependabot[bot]
020b892241
🌱 Bump golang from 6ff0e09 to 360bc82 ( #550 )
...
Bumps golang from `6ff0e09` to `360bc82`.
---
updated-dependencies:
- dependency-name: golang
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Naveen <172697+naveensrinivasan@users.noreply.github.com>
2021-06-21 12:30:03 -04:00
Naveen
3e1890fe35
✨ Binary Artifact check ( #563 )
...
* Implemented binary artifact checks
2021-06-21 15:49:31 +00:00
Azeem Shaikh
7861478e1a
Add error handling to RunScorecard fn ( #595 )
...
Co-authored-by: Azeem Shaikh <azeems@google.com>
2021-06-20 23:31:10 -07:00
Naveen
d998d56112
🌱 Fixes GitHub workflow failures ( #593 )
...
The validate and the e2e are failing because of the bug in golang
https://github.com/golang/go/issues/44129
This fix is a temporary workaround.
2021-06-20 15:48:21 -04:00
Azeem Shaikh
bfe0169326
Check error type instead of value ( #592 )
...
Co-authored-by: Azeem Shaikh <azeems@google.com>
2021-06-20 12:31:51 -07:00
Azeem Shaikh
db02490da4
50k cron repos and allow skipping 404 URLs ( #591 )
...
Co-authored-by: Azeem Shaikh <azeems@google.com>
2021-06-18 16:00:08 -07:00
Azeem Shaikh
c41f068223
Fix cron worker OOM-ing ( #590 )
...
Co-authored-by: Azeem Shaikh <azeems@google.com>
2021-06-18 00:03:45 -07:00
Azeem Shaikh
0b62c58704
Add v0 of RepoClient interface ( #587 )
...
Co-authored-by: Azeem Shaikh <azeems@google.com>
2021-06-17 13:21:32 -07:00
