Abhishek Arya
fc251d9d42
Add security policy to e2e test.
2021-02-14 12:50:24 -05:00
naveen
af2132e927
Fix- e2e tests to include the executable
...
Included e2e tests for the executable with JSON
2021-02-14 11:46:17 -05:00
Naveen
30d69310c6
Fix - Organization checks for members ( #170 )
...
* Fix - Organization checks for members
* Fix - Turn off automatic releasenotes generation
Turn off automatic release notes for CII https://bestpractices.coreinfrastructure.org/
* Fix - Organization checks for members
2021-02-14 10:46:14 -05:00
naveen
70ff5a94ce
Fix - Turn off automatic releasenotes generation
...
Turn off automatic release notes for CII https://bestpractices.coreinfrastructure.org/
2021-02-14 10:31:35 -05:00
Abhishek Arya
7336fa167a
Add SECURITY.md
...
Based on template from Anne.
Fixes https://github.com/ossf/scorecard/issues/165
2021-02-13 14:53:06 -05:00
naveen
4bdc158018
Fix - packging workflow for docker push
2021-02-12 21:16:44 -05:00
Naveen
c77e995ae5
Fix - output message for non default output ( #167 )
...
The json output had non-json output. Fixed it output only for default
output.
2021-02-12 18:13:54 -08:00
naveen
cb7ee064b9
Feature - container scanning for scorecard
2021-02-12 17:01:58 -05:00
Abhishek Arya
ad7cc4a951
Add colon before sha.
2021-02-12 14:26:54 -05:00
naveen
2ad8b35b91
Fixes - verifiedtag checks
...
The reason the tags aren't working for certain repositories is that because the Lightweight Tags
vs Annotated Tags
>Basically, lightweight tags are just pointers to specific commits. No further information is saved;
on the other hand, annotated tags are regular objects, which have an author and a
date and can be referred because they have their own SHA key.
https://api.github.com/repos/ossf/scorecard/git/refs/tags
```
[
{
"ref": "refs/tags/v1.0.0",
"node_id": "MDM6UmVmMzAyNjcwNzk3OnJlZnMvdGFncy92MS4wLjA=",
"url": "https://api.github.com/repos/ossf/scorecard/git/refs/tags/v1.0.0 ",
"object": {
"sha": "87997ffb5724cb479223a08a2890c60b0ea4bfbd",
"type": "commit",
"url": "87997ffb57
"
}
},
{
"ref": "refs/tags/v1.1.0",
"node_id": "MDM6UmVmMzAyNjcwNzk3OnJlZnMvdGFncy92MS4xLjA=",
"url": "https://api.github.com/repos/ossf/scorecard/git/refs/tags/v1.1.0 ",
"object": {
"sha": "f2c633854602cf0c8f33164a169fb0a8454bee01",
"type": "tag",
"url": "f2c6338546
"
}
}
]
```
Annotated tags
https://api.github.com/repos/kubernetes/kubernetes/git/refs/tags
```
[
{
"ref": "refs/tags/v0.2",
"node_id": "MDM6UmVmMjA1ODA0OTg6cmVmcy90YWdzL3YwLjI=",
"url": "https://api.github.com/repos/kubernetes/kubernetes/git/refs/tags/v0.2 ",
"object": {
"sha": "64dbf9ae21dd0deb485f88b79b96eb35ca855138",
"type": "tag",
"url": "64dbf9ae21
"
}
}
]
```
The look for the tag fails because of there isn't a tag object but only a commit object.
87997ffb57
fixes #107
2021-02-12 14:26:54 -05:00
Naveen
ca1d6e85f0
Doc - Update README with the docker image ( #163 )
2021-02-11 15:27:16 -08:00
naveen
0b85e7e2e8
Fix - docker latest image
2021-02-11 16:32:07 -05:00
dependabot[bot]
2c23a47857
Bump github.com/spf13/cobra from 1.1.2 to 1.1.3
...
Bumps [github.com/spf13/cobra](https://github.com/spf13/cobra ) from 1.1.2 to 1.1.3.
- [Release notes](https://github.com/spf13/cobra/releases )
- [Changelog](https://github.com/spf13/cobra/blob/master/CHANGELOG.md )
- [Commits](https://github.com/spf13/cobra/compare/v1.1.2...v1.1.3 )
Signed-off-by: dependabot[bot] <support@github.com>
2021-02-11 11:15:34 -05:00
James Pether Sörling
127fda75ff
Update projects.txt ( #151 )
...
Add 3 projects by https://github.com/Hack23
Co-authored-by: Naveen <172697+naveensrinivasan@users.noreply.github.com>
Co-authored-by: dlorenc <lorenc.d@gmail.com>
2021-02-10 21:08:11 +00:00
naveen
6dd3698be8
Fix - Fixes the e2e tests for PR's
2021-02-10 16:07:03 -05:00
dependabot[bot]
7ef0cf9c55
Bump github.com/spf13/cobra from 1.1.1 to 1.1.2 ( #154 )
...
Bumps [github.com/spf13/cobra](https://github.com/spf13/cobra ) from 1.1.1 to 1.1.2.
- [Release notes](https://github.com/spf13/cobra/releases )
- [Changelog](https://github.com/spf13/cobra/blob/master/CHANGELOG.md )
- [Commits](https://github.com/spf13/cobra/compare/v1.1.1...v1.1.2 )
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2021-02-09 22:58:55 -08:00
naveen
7e158f80e5
Docker releases to GitHub Docker registry
...
This will release docker container to GitHub docker registry.
2021-02-09 10:54:01 -05:00
naveen
7ab314db7d
Fix - dependabot githubactions location
2021-02-06 14:22:06 -05:00
naveen
bcf8d0df92
Fix - dependabot yaml error
2021-02-06 12:49:11 -05:00
naveen
4ad4a4204b
Feature - enabled dependabot for githubactions
2021-02-06 12:33:46 -05:00
naveen
f385b0d9df
Feature - run scans from npm pacakge name
...
Implemented scans from npm package name.
2021-02-02 16:07:41 -05:00
naveen
0d77d8938f
Fix - tarball URL trailing slash
...
Fixed the tarball URL trailing slash which was causing Frozen-Dep checks
to fail.
2021-02-02 16:04:28 -05:00
dependabot[bot]
038e3b65c1
Bump github.com/onsi/gomega from 1.10.4 to 1.10.5
...
Bumps [github.com/onsi/gomega](https://github.com/onsi/gomega ) from 1.10.4 to 1.10.5.
- [Release notes](https://github.com/onsi/gomega/releases )
- [Changelog](https://github.com/onsi/gomega/blob/master/CHANGELOG.md )
- [Commits](https://github.com/onsi/gomega/compare/v1.10.4...v1.10.5 )
Signed-off-by: dependabot[bot] <support@github.com>
2021-02-02 09:18:34 -05:00
dependabot[bot]
717701bd61
Bump github.com/onsi/ginkgo from 1.14.2 to 1.15.0
...
Bumps [github.com/onsi/ginkgo](https://github.com/onsi/ginkgo ) from 1.14.2 to 1.15.0.
- [Release notes](https://github.com/onsi/ginkgo/releases )
- [Changelog](https://github.com/onsi/ginkgo/blob/master/CHANGELOG.md )
- [Commits](https://github.com/onsi/ginkgo/compare/v1.14.2...v1.15.0 )
Signed-off-by: dependabot[bot] <support@github.com>
2021-02-02 09:13:35 -05:00
Abhishek Arya
8493b0b9a0
Add remediation steps for various checks.
2021-01-27 08:19:49 -05:00
naveen
93373f7787
Fixes - Incorrect result for branch protection
2021-01-26 18:39:12 -05:00
naveen
2a1463b315
Feature - Report codecoverage to codecov.io
2021-01-26 17:49:11 -05:00
Abhishek Arya
09b83b9bf1
Fixes
...
- Fix nil exception in packaging on https://github.com/OSGeo/gdal
- Add jenkins ci in ci tests, tested on https://github.com/jenkinsci/jenkins
- Generalize function name in code review check.
2021-01-24 18:36:36 -05:00
naveen
33e9189d79
fix - panic on nil
...
Fixed the panic by doing a nil check. Fixes #135
2021-01-18 16:11:36 -05:00
Abhishek Arya
c00aa4b606
Add e2e tests for remaining checks.
2021-01-15 15:24:04 -05:00
Abhishek Arya
bcaa2e77f9
Lint fix.
2021-01-15 13:44:52 -05:00
Abhishek Arya
b5096bff45
Fix backslash.
2021-01-15 13:44:52 -05:00
Abhishek Arya
b278475af0
Fix CodeQL failure.
2021-01-15 13:44:52 -05:00
Abhishek Arya
5b7ddc55ab
Add e2e test.
2021-01-15 13:44:52 -05:00
Abhishek Arya
dc8d1fecb9
Add packaging check.
2021-01-15 13:44:52 -05:00
naveen
c4c99cd676
feature - Included the e2e into the PR workflows
...
Validated the presence of the GITHU_AUTH_TOKEN variable presence before running the e2e.
Update the contributing doc with scopes of the personal access token.
Updated the workflow to include the e2e tests.
2021-01-13 13:04:22 -05:00
naveen
91bfea5c2f
feat - Close stale issues
...
Close stale issues.
2021-01-12 18:19:10 -05:00
naveen
1d26654130
Document - Included instruction for GITHUB_AUTH_TOKEN
...
Included instruction that GITHUB_AUTH_TOKEN supports round robin with
multiple tokens.
2021-01-11 13:19:58 -05:00
Naveen
1700c3a348
feature - Pull request template ( #127 )
...
A standard pull request template
2021-01-08 11:36:05 -08:00
Naveen
b11fad8a81
feature - Included the status badge in README ( #125 )
...
Included the status badge for build, golanglint-ci and CodeQL.
2021-01-07 11:40:55 -08:00
Naveen
7b740ce470
fix - Handle nil structs in branch protection ( #124 )
...
Handle structs that could be nil while checking for branch protection.
2021-01-07 08:54:57 -08:00
Naveen
9d4e5c0731
feature - CODEOWNERS for github branch protection feature ( #123 )
...
Included the codeowners for enabling branch protection "Require review from Code Owners"
Signed-off-by: naveen <172697+naveensrinivasan@users.noreply.github.com>
2021-01-05 12:53:35 -08:00
Abhishek Arya
fcf0ac4be5
Merge pull request #119 from naveensrinivasan/feature/protected-branches
...
feature - Checks for branch protections
2021-01-05 10:44:05 -08:00
Abhishek Arya
3191c55963
Update README.md
2021-01-05 10:43:41 -08:00
Abhishek Arya
938b9f21d7
Merge branch 'main' into feature/protected-branches
2021-01-05 10:43:17 -08:00
Abhishek Arya
b506c6f4ff
Merge pull request #122 from ossf/b5
...
Remove releases from active check.
2021-01-05 10:31:48 -08:00
Abhishek Arya
650fe0a1c3
Update README.md
2021-01-05 10:31:18 -08:00
Abhishek Arya
3c94ffaccc
Remove releases from active check.
2021-01-05 09:52:41 -08:00
naveen
5d84b86148
Merge branch 'main' into feature/protected-branches
2021-01-05 12:32:06 -05:00
Abhishek Arya
b86fae0b4d
Fix https://github.com/ossf/scorecard/issues/121
2021-01-05 09:28:21 -08:00