ossf/scorecard
1
1
Fork 0
mirror of https://github.com/ossf/scorecard.git synced 2024-11-05 05:17:00 +03:00
Code Issues Actions 6 Packages Projects Releases Wiki Activity
439 Commits 37 Branches 42 Tags 439 MiB
37d979f79b
Commit Graph

69 Commits

Author SHA1 Message Date
dependabot[bot]
b04df4e256 🌱 Bump goreleaser/goreleaser-action from 2.6.0 to 2.6.1 
Bumps [goreleaser/goreleaser-action](https://github.com/goreleaser/goreleaser-action) from 2.6.0 to 2.6.1.
- [Release notes](https://github.com/goreleaser/goreleaser-action/releases)
- [Commits](70eb4e573c...ac067437f5)

Signed-off-by: dependabot[bot] <support@github.com>
 2021-05-31 09:14:30 -04:00
dependabot[bot]
df44a898cf 🌱 Bump goreleaser/goreleaser-action from 2.5.0 to 2.6.0 
Bumps [goreleaser/goreleaser-action](https://github.com/goreleaser/goreleaser-action) from 2.5.0 to 2.6.0.
- [Release notes](https://github.com/goreleaser/goreleaser-action/releases)
- [Commits](5e15885530...70eb4e573c)

Signed-off-by: dependabot[bot] <support@github.com>
 2021-05-27 15:55:27 -04:00
dependabot[bot]
947a075c7c
🌱 Bump github/codeql-action (#482) 
Bumps [github/codeql-action](https://github.com/github/codeql-action) from cb5810848de15b695cd9ef3b559dd178c43c7df3 to 1.0.0. This release includes the previously tagged commit.
- [Release notes](https://github.com/github/codeql-action/releases)
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md)
- [Commits](cb5810848d...bc2cbe3983)

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Naveen <172697+naveensrinivasan@users.noreply.github.com>
 2021-05-26 16:10:12 +00:00
dependabot[bot]
90e1aeb7ec
🌱 Bump actions/stale from 3.0.18 to 3.0.19 (#470) 
Bumps [actions/stale](https://github.com/actions/stale) from 3.0.18 to 3.0.19.
- [Release notes](https://github.com/actions/stale/releases)
- [Commits](3b3c3f03cd...98ed4cb500)

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2021-05-18 10:47:18 -04:00
laurentsimon
6367cc44f6
pin scorecard workflow depepdencies by hash (#456) 2021-05-14 16:59:05 -07:00
dependabot[bot]
53262f0368 🌱 Bump codecov/codecov-action from 1 to 1.5.0 
Bumps [codecov/codecov-action](https://github.com/codecov/codecov-action) from 1 to 1.5.0.
- [Release notes](https://github.com/codecov/codecov-action/releases)
- [Changelog](https://github.com/codecov/codecov-action/blob/master/CHANGELOG.md)
- [Commits](https://github.com/codecov/codecov-action/compare/v1...v1.5.0)

Signed-off-by: dependabot[bot] <support@github.com>
 2021-05-12 10:38:27 -05:00
dependabot[bot]
33c1e903a4 🌱 Bump actions/checkout from 2 to 2.3.4 
Bumps [actions/checkout](https://github.com/actions/checkout) from 2 to 2.3.4.
- [Release notes](https://github.com/actions/checkout/releases)
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md)
- [Commits](https://github.com/actions/checkout/compare/v2...v2.3.4)

Signed-off-by: dependabot[bot] <support@github.com>
 2021-05-12 10:26:18 -05:00
dependabot[bot]
dd6c652db6 🌱 Bump actions/stale from 3 to 3.0.18 
Bumps [actions/stale](https://github.com/actions/stale) from 3 to 3.0.18.
- [Release notes](https://github.com/actions/stale/releases)
- [Commits](https://github.com/actions/stale/compare/v3...v3.0.18)

Signed-off-by: dependabot[bot] <support@github.com>
 2021-05-12 09:34:55 -05:00
dependabot[bot]
775a36a393 🌱 Bump peter-evans/create-or-update-comment from 1 to 1.4.5 
Bumps [peter-evans/create-or-update-comment](https://github.com/peter-evans/create-or-update-comment) from 1 to 1.4.5.
- [Release notes](https://github.com/peter-evans/create-or-update-comment/releases)
- [Commits](https://github.com/peter-evans/create-or-update-comment/compare/v1...v1.4.5)

Signed-off-by: dependabot[bot] <support@github.com>
 2021-05-12 09:30:11 -05:00
dependabot[bot]
35b62a9905
🌱 Bump peter-evans/find-comment from 1 to 1.2.0 (#439) 
Bumps [peter-evans/find-comment](https://github.com/peter-evans/find-comment) from 1 to 1.2.0.
- [Release notes](https://github.com/peter-evans/find-comment/releases)
- [Commits](https://github.com/peter-evans/find-comment/compare/v1...v1.2.0)

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2021-05-12 13:29:05 +00:00
dependabot[bot]
9478fe3147
🌱 Bump goreleaser/goreleaser-action from 2 to 2.5.0 (#441) 
Bumps [goreleaser/goreleaser-action](https://github.com/goreleaser/goreleaser-action) from 2 to 2.5.0.
- [Release notes](https://github.com/goreleaser/goreleaser-action/releases)
- [Changelog](https://github.com/goreleaser/goreleaser-action/blob/master/CHANGELOG.md)
- [Commits](https://github.com/goreleaser/goreleaser-action/compare/v2...v2.5.0)

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2021-05-12 09:24:03 -04:00
Naveen
14dfc45fae
🌱 Move the docker containers to gcr.io (#419) 
* Included a build on push to master on gcr.io
  * Updated the README with the gcr.io
  * Removed the docker.yaml build push
 2021-05-11 14:11:06 +00:00
dependabot[bot]
c1ef0900f2
🌱 Bump google-github-actions/setup-gcloud from 94337306dda8180d967a56932ceb4ddcf01edae7 to 0.2.1 (#425) 
* 🌱 Bump google-github-actions/setup-gcloud

Bumps [google-github-actions/setup-gcloud](https://github.com/google-github-actions/setup-gcloud) from 94337306dda8180d967a56932ceb4ddcf01edae7 to 0.2.1. This release includes the previously tagged commit.
- [Release notes](https://github.com/google-github-actions/setup-gcloud/releases)
- [Changelog](https://github.com/google-github-actions/setup-gcloud/blob/master/CHANGELOG.md)
- [Commits](94337306dd...daadedc81d)

Signed-off-by: dependabot[bot] <support@github.com>

* Update integration.yml

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Abhishek Arya <inferno@chromium.org>
 2021-05-10 08:20:31 -07:00
naveen
a4768922a9 🌱 Removed the trivy scan 
* Removed container  using trivy as it is in gcr.io
 2021-05-08 17:47:49 -05:00
laurentsimon
82d6c171bc
🐛 Pin workflow dependencies (#417) 
* pin workflow dependencies

* comments

Co-authored-by: Abhishek Arya <inferno@chromium.org>
 2021-05-07 18:35:57 -07:00
naveen
cd7231dd75 🌱 Cleanup dependabot config 2021-04-29 17:10:24 -05:00
naveen
a64426e369 🌱 Remove synk 
Removing synk as per our discussion.
 2021-04-29 12:32:21 -05:00
naveen
da2e7029c7 🌱 Update golangci version to 1.39 
* Upgrade the golangci version to 1.39
* Changed the checkout depth
  https://github.com/golangci/golangci-lint/issues/1088#issuecomment-801540792
 2021-04-29 08:24:41 -05:00
naveen
872e9139d8 🐛 docker build for gitcache 
* Fixed docker build for git cache
 2021-04-26 10:01:50 -05:00
dependabot[bot]
bdf86e00c8 🌱 Bump actions/github-script from v3 to v4.0.2 
Bumps [actions/github-script](https://github.com/actions/github-script) from v3 to v4.0.2.
- [Release notes](https://github.com/actions/github-script/releases)
- [Commits](https://github.com/actions/github-script/compare/v3...a3e7071a34d7e1f219a8a4de9a5e0a34d1ee1293)

Signed-off-by: dependabot[bot] <support@github.com>
 2021-04-26 08:30:49 -05:00
naveen
3d24435ba8 🌱 Fixing the docker build issue 2021-04-23 15:17:42 -04:00
Naveen
760e01fbb8 Revert "🌱 Bump actions/github-script from v3 to v4.0.1" 
This reverts commit 3ad35e3661.
 2021-04-23 11:53:17 -04:00
dependabot[bot]
3ad35e3661 🌱 Bump actions/github-script from v3 to v4.0.1 
Bumps [actions/github-script](https://github.com/actions/github-script) from v3 to v4.0.1.
- [Release notes](https://github.com/actions/github-script/releases)
- [Commits](https://github.com/actions/github-script/compare/v3...85e88a66eaa831097093a3d278536947f2984d20)

Signed-off-by: dependabot[bot] <support@github.com>
 2021-04-22 08:37:01 -04:00
naveen
c2236f68f8 🌱 Updated commit message for dependabot 
* Updated commit message to have 🌱 prefix in dependabot PR.
 2021-04-08 14:13:44 -05:00
nathannaveen
f5185e4bd6 🌱 included copyright headers. 2021-04-01 21:36:10 -05:00
Naveen
3e4432ceea Update PULL_REQUEST_TEMPLATE.md 2021-03-24 17:11:02 -04:00
naveen
775a83a2f7 🌱 update dependabot for cron and scripts 
The cron and scripts are based on go.mod. The dependabot settings are
updated to watch those folders.
 2021-03-22 11:50:01 -04:00
naveen
8427362772 🌱 verifier to generate release notes 
The verifier helps release notes generation.
https://github.com/kubernetes-sigs/kubebuilder-release-tools

https://github.com/kubernetes-sigs/kubebuilder-release-tools/blob/master/verify/main.go
 2021-03-18 12:19:06 -04:00
naveen
88de2df279 Feat-Use synk to check cron-job security settings 
Use synk to check for cron-job yaml for secuity misconfiguration.
 2021-03-12 21:03:29 -05:00
naveen
3489c83404 Feat - Include synk check for k8s yaml 
Synk has set of rules to validate the k8s yaml for insecure
configuration.

This action will validate the k8s yaml for insecure configuration.
 2021-03-12 20:56:00 -05:00
naveen
248fda288e Fix - docker builds for scorecard cron 
Fixed the docker build for scorecard cron and as well as updated the
integration to test for the docker builds.
 2021-03-05 13:14:33 -05:00
naveen
abb06c9dbc feat- Reorganize the code structure 
Reorganize the code structure for testing and maintenance.

Feat - Included http endpoint
 2021-03-04 19:08:47 -05:00
Naveen
c5528dba94
Update issue templates (#235) 2021-03-04 03:30:32 +00:00
Naveen
3e979657bf
Implemented docker for gitcache (#231) 
* Implemented caching the git folder instead of just a branch.
Implemented logging.
Refactored code.

* Feat - Implemented docker for gitcache
 2021-03-04 03:22:17 +00:00
Naveen
b4c2e4fd13
feat - migrate to go 1.16 (#233) 
Upgrade to go version 1.16
 2021-03-03 18:56:29 +00:00
Naveen
f0ff62d9eb
Feat - Included dependabot for gitcache (#232) 2021-03-02 16:51:04 -08:00
naveen
7b192a0243 feat - Included tests for disk cache 
Included tests for disk cache.
Cleaned up tests.
 2021-02-26 15:46:21 -05:00
naveen
6f2a0f43f4 Fix - Output path for the test runs 2021-02-25 15:59:39 -05:00
naveen
a7174d8ad7 Feature - Include e2e tests for docker 
Included e2e tests for docker.
Included .Dockerignore to ignore files.
Included Docker build in the Makefile.
 2021-02-25 11:02:45 -05:00
naveen
cab29a2747 Feat- Use cloud buckets for caching 
Use cloud buckets for httpcache.

The implementation uses https://github.com/google/go-cloud for it to be
cloud vendor agnostic.
 2021-02-24 11:17:50 -05:00
Naveen
79170187a2
Feat- Included dependabot for docker (#213) 2021-02-23 07:34:12 -08:00
Naveen
e0a02567fb
Fix - Cleanup the makefile targets (#207) 2021-02-21 23:35:39 +00:00
naveen
5018c5012c Fix - GitHub bot message URL for ok-to-test 
Fixed the incorrect URL to the ok-to-test bot message
 2021-02-19 14:04:24 -05:00
dependabot[bot]
030ab1dbc5 Bump peter-evans/slash-command-dispatch from v1 to v2.1.3 
Bumps [peter-evans/slash-command-dispatch](https://github.com/peter-evans/slash-command-dispatch) from v1 to v2.1.3.
- [Release notes](https://github.com/peter-evans/slash-command-dispatch/releases)
- [Commits](https://github.com/peter-evans/slash-command-dispatch/compare/v1...72ab5a2e417e454aa8e89c43b28e36fe331e00a5)

Signed-off-by: dependabot[bot] <support@github.com>
 2021-02-19 08:28:45 -05:00
naveen
1e93904a66 Fix - Remove the app reference for the slash token 2021-02-18 16:14:12 -05:00
naveen
9b4b8be7e0 Feature - ok-to-test in github action 2021-02-18 15:45:55 -05:00
naveen
f906f3f568 Feature - sign releases 2021-02-17 17:53:41 -05:00
naveen
ef4c8d0758 Fix - refactor the lint in the actions 2021-02-16 15:59:50 -05:00
naveen
51f017b206 Fix - ignore empty github token 2021-02-16 14:35:22 -05:00
naveen
db7bfcf342 Fix - golanglint-ci report only new issues 2021-02-16 14:23:03 -05:00