ossf/scorecard
1
1
Fork 0
mirror of https://github.com/ossf/scorecard.git synced 2024-09-20 05:27:12 +03:00
Code Issues Actions 1 Packages Projects Releases Wiki Activity
562 Commits 36 Branches 42 Tags 436 MiB
37d13c2972
Commit Graph

562 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Abhishek Arya
fc251d9d42 Add security policy to e2e test. 2021-02-14 12:50:24 -05:00
naveen
af2132e927 Fix- e2e tests to include the executable 
Included e2e tests for the executable with JSON
 2021-02-14 11:46:17 -05:00
Naveen
30d69310c6
Fix - Organization checks for members (#170) 
* Fix - Organization checks for members

* Fix - Turn off automatic releasenotes generation

Turn off automatic release notes for CII https://bestpractices.coreinfrastructure.org/

* Fix - Organization checks for members
 2021-02-14 10:46:14 -05:00
naveen
70ff5a94ce Fix - Turn off automatic releasenotes generation 
Turn off automatic release notes for CII https://bestpractices.coreinfrastructure.org/
 2021-02-14 10:31:35 -05:00
Abhishek Arya
7336fa167a Add SECURITY.md 
Based on template from Anne.
Fixes https://github.com/ossf/scorecard/issues/165
 2021-02-13 14:53:06 -05:00
naveen
4bdc158018 Fix - packging workflow for docker push 2021-02-12 21:16:44 -05:00
Naveen
c77e995ae5
Fix - output message for non default output (#167) 
The json output had non-json output. Fixed it output only for default
output.
 2021-02-12 18:13:54 -08:00
naveen
cb7ee064b9 Feature - container scanning for scorecard 2021-02-12 17:01:58 -05:00
Abhishek Arya
ad7cc4a951 Add colon before sha. 2021-02-12 14:26:54 -05:00
naveen
2ad8b35b91 Fixes - verifiedtag checks 
The reason the tags aren't working for certain repositories is that because the Lightweight Tags
vs Annotated Tags

>Basically, lightweight tags are just pointers to specific commits. No further information is saved;
on the other hand, annotated tags are regular objects, which have an author and a
date and can be referred because they have their own SHA key.

https://api.github.com/repos/ossf/scorecard/git/refs/tags

```
[
  {
    "ref": "refs/tags/v1.0.0",
    "node_id": "MDM6UmVmMzAyNjcwNzk3OnJlZnMvdGFncy92MS4wLjA=",
    "url": "https://api.github.com/repos/ossf/scorecard/git/refs/tags/v1.0.0",
    "object": {
      "sha": "87997ffb5724cb479223a08a2890c60b0ea4bfbd",
      "type": "commit",
      "url": "87997ffb57"
    }
  },
  {
    "ref": "refs/tags/v1.1.0",
    "node_id": "MDM6UmVmMzAyNjcwNzk3OnJlZnMvdGFncy92MS4xLjA=",
    "url": "https://api.github.com/repos/ossf/scorecard/git/refs/tags/v1.1.0",
    "object": {
      "sha": "f2c633854602cf0c8f33164a169fb0a8454bee01",
      "type": "tag",
      "url": "f2c6338546"
    }
  }
]
```
Annotated tags

https://api.github.com/repos/kubernetes/kubernetes/git/refs/tags

```
[
  {
    "ref": "refs/tags/v0.2",
    "node_id": "MDM6UmVmMjA1ODA0OTg6cmVmcy90YWdzL3YwLjI=",
    "url": "https://api.github.com/repos/kubernetes/kubernetes/git/refs/tags/v0.2",
    "object": {
      "sha": "64dbf9ae21dd0deb485f88b79b96eb35ca855138",
      "type": "tag",
      "url": "64dbf9ae21"
    }
  }
  ]
```

The look for the tag fails because of there isn't a tag object but only a commit object.
87997ffb57

fixes #107
 2021-02-12 14:26:54 -05:00
Naveen
ca1d6e85f0
Doc - Update README with the docker image (#163) 2021-02-11 15:27:16 -08:00
naveen
0b85e7e2e8 Fix - docker latest image 2021-02-11 16:32:07 -05:00
dependabot[bot]
2c23a47857 Bump github.com/spf13/cobra from 1.1.2 to 1.1.3 
Bumps [github.com/spf13/cobra](https://github.com/spf13/cobra) from 1.1.2 to 1.1.3.
- [Release notes](https://github.com/spf13/cobra/releases)
- [Changelog](https://github.com/spf13/cobra/blob/master/CHANGELOG.md)
- [Commits](https://github.com/spf13/cobra/compare/v1.1.2...v1.1.3)

Signed-off-by: dependabot[bot] <support@github.com>
 2021-02-11 11:15:34 -05:00
James Pether Sörling
127fda75ff
Update projects.txt (#151) 
Add 3 projects by https://github.com/Hack23

Co-authored-by: Naveen <172697+naveensrinivasan@users.noreply.github.com>
Co-authored-by: dlorenc <lorenc.d@gmail.com>
 2021-02-10 21:08:11 +00:00
naveen
6dd3698be8 Fix - Fixes the e2e tests for PR's 2021-02-10 16:07:03 -05:00
dependabot[bot]
7ef0cf9c55
Bump github.com/spf13/cobra from 1.1.1 to 1.1.2 (#154) 
Bumps [github.com/spf13/cobra](https://github.com/spf13/cobra) from 1.1.1 to 1.1.2.
- [Release notes](https://github.com/spf13/cobra/releases)
- [Changelog](https://github.com/spf13/cobra/blob/master/CHANGELOG.md)
- [Commits](https://github.com/spf13/cobra/compare/v1.1.1...v1.1.2)

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2021-02-09 22:58:55 -08:00
naveen
7e158f80e5 Docker releases to GitHub Docker registry 
This will release docker container to GitHub docker registry.
 2021-02-09 10:54:01 -05:00
naveen
7ab314db7d Fix - dependabot githubactions location 2021-02-06 14:22:06 -05:00
naveen
bcf8d0df92 Fix - dependabot yaml error 2021-02-06 12:49:11 -05:00
naveen
4ad4a4204b Feature - enabled dependabot for githubactions 2021-02-06 12:33:46 -05:00
naveen
f385b0d9df Feature - run scans from npm pacakge name 
Implemented scans from npm package name.
 2021-02-02 16:07:41 -05:00
naveen
0d77d8938f Fix - tarball URL trailing slash 
Fixed the tarball URL trailing slash which was causing Frozen-Dep checks
to fail.
 2021-02-02 16:04:28 -05:00
dependabot[bot]
038e3b65c1 Bump github.com/onsi/gomega from 1.10.4 to 1.10.5 
Bumps [github.com/onsi/gomega](https://github.com/onsi/gomega) from 1.10.4 to 1.10.5.
- [Release notes](https://github.com/onsi/gomega/releases)
- [Changelog](https://github.com/onsi/gomega/blob/master/CHANGELOG.md)
- [Commits](https://github.com/onsi/gomega/compare/v1.10.4...v1.10.5)

Signed-off-by: dependabot[bot] <support@github.com>
 2021-02-02 09:18:34 -05:00
dependabot[bot]
717701bd61 Bump github.com/onsi/ginkgo from 1.14.2 to 1.15.0 
Bumps [github.com/onsi/ginkgo](https://github.com/onsi/ginkgo) from 1.14.2 to 1.15.0.
- [Release notes](https://github.com/onsi/ginkgo/releases)
- [Changelog](https://github.com/onsi/ginkgo/blob/master/CHANGELOG.md)
- [Commits](https://github.com/onsi/ginkgo/compare/v1.14.2...v1.15.0)

Signed-off-by: dependabot[bot] <support@github.com>
 2021-02-02 09:13:35 -05:00
Abhishek Arya
8493b0b9a0 Add remediation steps for various checks. 2021-01-27 08:19:49 -05:00
naveen
93373f7787 Fixes - Incorrect result for branch protection 2021-01-26 18:39:12 -05:00
naveen
2a1463b315 Feature - Report codecoverage to codecov.io 2021-01-26 17:49:11 -05:00
Abhishek Arya
09b83b9bf1 Fixes 
- Fix nil exception in packaging on https://github.com/OSGeo/gdal
- Add jenkins ci in ci tests, tested on https://github.com/jenkinsci/jenkins
- Generalize function name in code review check.
 2021-01-24 18:36:36 -05:00
naveen
33e9189d79 fix - panic on nil 
Fixed the panic by doing a nil check. Fixes #135
 2021-01-18 16:11:36 -05:00
Abhishek Arya
c00aa4b606 Add e2e tests for remaining checks. 2021-01-15 15:24:04 -05:00
Abhishek Arya
bcaa2e77f9 Lint fix. 2021-01-15 13:44:52 -05:00
Abhishek Arya
b5096bff45 Fix backslash. 2021-01-15 13:44:52 -05:00
Abhishek Arya
b278475af0 Fix CodeQL failure. 2021-01-15 13:44:52 -05:00
Abhishek Arya
5b7ddc55ab Add e2e test. 2021-01-15 13:44:52 -05:00
Abhishek Arya
dc8d1fecb9 Add packaging check. 2021-01-15 13:44:52 -05:00
naveen
c4c99cd676 feature - Included the e2e into the PR workflows 
Validated the presence of the GITHU_AUTH_TOKEN variable presence before running the e2e.

Update the contributing doc with scopes of the personal access token.

Updated the workflow to include the e2e tests.
 2021-01-13 13:04:22 -05:00
naveen
91bfea5c2f feat - Close stale issues 
Close stale issues.
 2021-01-12 18:19:10 -05:00
naveen
1d26654130 Document - Included instruction for GITHUB_AUTH_TOKEN 
Included instruction that GITHUB_AUTH_TOKEN supports round robin with
multiple tokens.
 2021-01-11 13:19:58 -05:00
Naveen
1700c3a348
feature - Pull request template (#127) 
A standard pull request template
 2021-01-08 11:36:05 -08:00
Naveen
b11fad8a81
feature - Included the status badge in README (#125) 
Included the status badge for build, golanglint-ci and CodeQL.
 2021-01-07 11:40:55 -08:00
Naveen
7b740ce470
fix - Handle nil structs in branch protection (#124) 
Handle structs that could be nil while checking for branch protection.
 2021-01-07 08:54:57 -08:00
Naveen
9d4e5c0731
feature - CODEOWNERS for github branch protection feature (#123) 
Included the codeowners for enabling branch protection "Require review from Code Owners"

Signed-off-by: naveen <172697+naveensrinivasan@users.noreply.github.com>
 2021-01-05 12:53:35 -08:00
Abhishek Arya
fcf0ac4be5
Merge pull request #119 from naveensrinivasan/feature/protected-branches 
feature - Checks for branch protections
 2021-01-05 10:44:05 -08:00
Abhishek Arya
3191c55963
Update README.md 2021-01-05 10:43:41 -08:00
Abhishek Arya
938b9f21d7
Merge branch 'main' into feature/protected-branches 2021-01-05 10:43:17 -08:00
Abhishek Arya
b506c6f4ff
Merge pull request #122 from ossf/b5 
Remove releases from active check.
 2021-01-05 10:31:48 -08:00
Abhishek Arya
650fe0a1c3
Update README.md 2021-01-05 10:31:18 -08:00
Abhishek Arya
3c94ffaccc Remove releases from active check. 2021-01-05 09:52:41 -08:00
naveen
5d84b86148 Merge branch 'main' into feature/protected-branches 2021-01-05 12:32:06 -05:00
Abhishek Arya
b86fae0b4d
Fix https://github.com/ossf/scorecard/issues/121 2021-01-05 09:28:21 -08:00