laurentsimon
3b7c46f779
✨ SLSA provenance/build ( #1702 )
...
* SLSA build
* missing files
* updates
* updates
* updates
* indent fix
* update
* update
* updates
* updates
* updates
* updates
2022-06-08 09:54:09 -07:00
Arnaud J Le Hors
2c34a46503
Fix cron related documentation ( #1986 )
...
Fix link to projects.csv in README.md
Remove out of date info on daily cron job from CONTRIBUTING.md and fix
various links.
Signed-off-by: Arnaud J Le Hors <lehors@us.ibm.com>
Co-authored-by: Azeem Shaikh <azeemshaikh38@gmail.com>
2022-06-07 20:12:28 +02:00
laurentsimon
4bd3391a36
✨ Raw results for Pinned-Dependencies ( #1932 )
...
* backup
* update
* update
* draft
* updates
* updates
* updates
* updates
* fix
* linter
* updates
* updates
* updates
* updates
* updates
* updates
* updates
* linter
* comments
* linter
* linter
* tests
* updates
* updates
* tests
2022-06-06 14:31:22 -07:00
laurentsimon
23523f6d09
Update publishimage.yml ( #1977 )
2022-06-01 16:42:23 -07:00
laurentsimon
608da94aaf
✨ Raw results for Packaging check ( #1913 )
...
* update
* update
* update
* update
* update
* update
* update
* updates
* update
* update
* update
* update
* update
* update
* comments
2022-06-01 16:41:20 +00:00
Azeem Shaikh
1d9cd05476
Replace clients.Contributor with clients.User ( #1957 )
...
Co-authored-by: Azeem Shaikh <azeems@google.com>
2022-05-31 13:19:14 -07:00
Naveen
f712144d00
🌱 Included Stargazers over time ( #1971 )
2022-05-31 17:03:39 +00:00
Naveen
0eeb0c20cd
🌱 Signing scorecard images using cosign ( #1970 )
...
* --wip-- [skip ci]
* 🌱 Signing scorecard images using cosign
Signed-off-by: naveensrinivasan <172697+naveensrinivasan@users.noreply.github.com>
2022-05-31 16:42:32 +00:00
dependabot[bot]
4a88dac00f
🌱 Bump actions/cache from 3.0.2 to 3.0.3
...
Bumps [actions/cache](https://github.com/actions/cache ) from 3.0.2 to 3.0.3.
- [Release notes](https://github.com/actions/cache/releases )
- [Changelog](https://github.com/actions/cache/blob/main/RELEASES.md )
- [Commits](48af2dc4a9...30f413bfed
2022-05-31 16:14:24 +00:00
dependabot[bot]
d435e94367
🌱 Bump github.com/caarlos0/env/v6 from 6.9.2 to 6.9.3
...
Bumps [github.com/caarlos0/env/v6](https://github.com/caarlos0/env ) from 6.9.2 to 6.9.3.
- [Release notes](https://github.com/caarlos0/env/releases )
- [Changelog](https://github.com/caarlos0/env/blob/main/.goreleaser.yml )
- [Commits](https://github.com/caarlos0/env/compare/v6.9.2...v6.9.3 )
---
updated-dependencies:
- dependency-name: github.com/caarlos0/env/v6
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
2022-05-31 11:35:07 +00:00
Azeem Shaikh
70d045b9ef
Only pull required branch names ( #1965 )
...
Co-authored-by: Azeem Shaikh <azeems@google.com>
2022-05-27 22:25:24 +00:00
dependabot[bot]
1471c807da
🌱 Bump crazy-max/ghaction-import-gpg from 4.4.0 to 5
...
Bumps [crazy-max/ghaction-import-gpg](https://github.com/crazy-max/ghaction-import-gpg ) from 4.4.0 to 5.
- [Release notes](https://github.com/crazy-max/ghaction-import-gpg/releases )
- [Changelog](https://github.com/crazy-max/ghaction-import-gpg/blob/master/CHANGELOG.md )
- [Commits](e00cb83a68...34ea557550
2022-05-27 16:31:07 +00:00
dependabot[bot]
a997c0abe1
🌱 Bump actions/setup-go from 3.1.0 to 3.2.0
...
Bumps [actions/setup-go](https://github.com/actions/setup-go ) from 3.1.0 to 3.2.0.
- [Release notes](https://github.com/actions/setup-go/releases )
- [Commits](fcdc43634a...b22fbbc292
2022-05-27 16:08:17 +00:00
dependabot[bot]
f8ab8d0282
🌱 Bump github.com/jszwec/csvutil from 1.6.0 to 1.7.0
...
Bumps [github.com/jszwec/csvutil](https://github.com/jszwec/csvutil ) from 1.6.0 to 1.7.0.
- [Release notes](https://github.com/jszwec/csvutil/releases )
- [Commits](https://github.com/jszwec/csvutil/compare/v1.6.0...v1.7.0 )
---
updated-dependencies:
- dependency-name: github.com/jszwec/csvutil
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
2022-05-27 15:44:07 +00:00
dependabot[bot]
b491e47611
🌱 Bump ossf/scorecard-action from 1.0.4 to 1.1.0 ( #1963 )
...
Bumps [ossf/scorecard-action](https://github.com/ossf/scorecard-action ) from 1.0.4 to 1.1.0.
- [Release notes](https://github.com/ossf/scorecard-action/releases )
- [Changelog](https://github.com/ossf/scorecard-action/blob/main/RELEASE.md )
- [Commits](c1aec4ac82...5c8bc69dc8
2022-05-26 18:26:59 +00:00
Azeem Shaikh
a30bd749cb
Fix bug in move to internal ( #1964 )
...
Co-authored-by: Azeem Shaikh <azeems@google.com>
2022-05-26 17:13:04 +00:00
Aiden Wang
3e2c0fa1f8
✨ Update message for org-level security policy files ( #1939 )
...
* modified checks/evaluation/security_policy.go (issue #1908 )
* issue #1908 fixing temp save 05202022
* issue #1908 bug fixes
* debug comments deletion
* minor midifications
* temp save 0524-1
* temp save 0524-2
* bug fix #1908
* bug fix #1908 (2)
* bug fix #1908 (3)
* #1908
* merge from upstream/main & minor changes
* minor changes -2
* Update security_policy.go
* Update security_policy.go
* Update security_policy.go (linter error fix)
Co-authored-by: Aiden Wang <aidenwang@google.com>
Co-authored-by: laurentsimon <64505099+laurentsimon@users.noreply.github.com>
2022-05-26 15:22:30 +00:00
Azeem Shaikh
d1714a289a
Move the cron job to internal package ( #1960 )
...
Co-authored-by: Azeem Shaikh <azeems@google.com>
2022-05-25 15:37:22 -07:00
Azeem Shaikh
6a21afb410
Fix bug in cron setup ( #1959 )
...
Co-authored-by: Azeem Shaikh <azeems@google.com>
2022-05-25 20:46:50 +00:00
dependabot[bot]
950ff1f9e8
🌱 Bump mvdan.cc/sh/v3 from 3.5.0 to 3.5.1
...
Bumps [mvdan.cc/sh/v3](https://github.com/mvdan/sh ) from 3.5.0 to 3.5.1.
- [Release notes](https://github.com/mvdan/sh/releases )
- [Changelog](https://github.com/mvdan/sh/blob/master/CHANGELOG.md )
- [Commits](https://github.com/mvdan/sh/compare/v3.5.0...v3.5.1 )
---
updated-dependencies:
- dependency-name: mvdan.cc/sh/v3
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
2022-05-25 18:50:29 +00:00
Azeem Shaikh
25c7e1c7f2
Replace checker.Commit with clients.Commit ( #1950 )
...
Co-authored-by: Azeem Shaikh <azeems@google.com>
2022-05-24 23:11:37 +00:00
Azeem Shaikh
96fac8a941
Replace checker.Vuln with clients.Vuln ( #1955 )
...
Co-authored-by: Azeem Shaikh <azeems@google.com>
2022-05-24 20:15:37 +00:00
Azeem Shaikh
edd371cf7d
Replace checker.BP with clients.BP ( #1953 )
...
Co-authored-by: Azeem Shaikh <azeems@google.com>
2022-05-24 12:34:07 -07:00
dependabot[bot]
d5e755cb08
🌱 Bump actions/dependency-review-action from 1.0.1 to 1.0.2
...
Bumps [actions/dependency-review-action](https://github.com/actions/dependency-review-action ) from 1.0.1 to 1.0.2.
- [Release notes](https://github.com/actions/dependency-review-action/releases )
- [Commits](39e692fa32...a9c83d3af6
2022-05-24 13:54:08 +00:00
Azeem Shaikh
4b655b45ce
Replace checker.Webhook with clients.Webhook ( #1948 )
...
Co-authored-by: Azeem Shaikh <azeems@google.com>
2022-05-24 02:47:12 +00:00
Azeem Shaikh
9a2a4f16bd
Replace checker.Release with clients.Release ( #1946 )
...
Co-authored-by: Azeem Shaikh <azeems@google.com>
2022-05-24 02:05:02 +00:00
Azeem Shaikh
33e3106320
Replace checker.Issue with clients.Issue ( #1944 )
...
Co-authored-by: Azeem Shaikh <azeems@google.com>
2022-05-24 01:07:25 +00:00
laurentsimon
720a049464
updates ( #1947 )
2022-05-23 21:24:39 +00:00
Azeem Shaikh
1a2f08827f
Replace checker.CIIBadge with clients.CIIBadge ( #1945 )
...
Co-authored-by: Azeem Shaikh <azeems@google.com>
2022-05-23 20:30:56 +00:00
dependabot[bot]
108f88d056
🌱 Bump actions/upload-artifact from 3.0.0 to 3.1.0 ( #1941 )
...
Bumps [actions/upload-artifact](https://github.com/actions/upload-artifact ) from 3.0.0 to 3.1.0.
- [Release notes](https://github.com/actions/upload-artifact/releases )
- [Commits](6673cd052c...3cea537223
2022-05-23 06:41:30 -05:00
Vihang Mehta
7ac81a334f
🐛 Fix debug log for Piper ( #1937 )
...
Signed-off-by: Vihang Mehta <vihang@pixielabs.ai>
2022-05-22 23:41:45 +00:00
dependabot[bot]
61f24c053e
🌱 Bump github.com/golangci/golangci-lint in /tools ( #1924 )
...
Bumps [github.com/golangci/golangci-lint](https://github.com/golangci/golangci-lint ) from 1.46.0 to 1.46.2.
- [Release notes](https://github.com/golangci/golangci-lint/releases )
- [Changelog](https://github.com/golangci/golangci-lint/blob/master/CHANGELOG.md )
- [Commits](https://github.com/golangci/golangci-lint/compare/v1.46.0...v1.46.2 )
---
updated-dependencies:
- dependency-name: github.com/golangci/golangci-lint
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-05-22 14:53:42 +00:00
dependabot[bot]
2d72623a6c
🌱 Bump github.com/rhysd/actionlint from 1.6.12 to 1.6.13
...
Bumps [github.com/rhysd/actionlint](https://github.com/rhysd/actionlint ) from 1.6.12 to 1.6.13.
- [Release notes](https://github.com/rhysd/actionlint/releases )
- [Changelog](https://github.com/rhysd/actionlint/blob/main/CHANGELOG.md )
- [Commits](https://github.com/rhysd/actionlint/compare/v1.6.12...v1.6.13 )
---
updated-dependencies:
- dependency-name: github.com/rhysd/actionlint
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
2022-05-22 13:49:42 +00:00
dependabot[bot]
7e4cd514fc
🌱 Bump distroless/base in /cron/controller ( #1929 )
...
Bumps distroless/base from `764b74b` to `d65ac1a`.
---
updated-dependencies:
- dependency-name: distroless/base
dependency-type: direct:production
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-05-22 12:55:12 +00:00
laurentsimon
2fc48e3b38
✨ Use Tool for raw fuzzing results ( #1935 )
...
* updates
* updates
2022-05-21 01:43:09 +00:00
laurentsimon
af7f865b9d
update ( #1926 )
2022-05-20 15:59:53 +00:00
dependabot[bot]
399d9974e4
🌱 Bump distroless/base from 764b74b to d65ac1a
...
Bumps distroless/base from `764b74b` to `d65ac1a`.
---
updated-dependencies:
- dependency-name: distroless/base
dependency-type: direct:production
...
Signed-off-by: dependabot[bot] <support@github.com>
2022-05-20 01:41:04 +00:00
laurentsimon
8d8bcf2f69
✨ Raw results for Fuzzing check ( #1917 )
...
* update
* update
* update
* update
* linter
* comments
* comments
2022-05-20 00:55:49 +00:00
dependabot[bot]
fb45cd7e9d
🌱 Bump distroless/base in /cron/webhook
...
Bumps distroless/base from `764b74b` to `d65ac1a`.
---
updated-dependencies:
- dependency-name: distroless/base
dependency-type: direct:production
...
Signed-off-by: dependabot[bot] <support@github.com>
2022-05-19 16:45:34 +00:00
dependabot[bot]
c0178f953c
🌱 Bump github.com/google/go-containerregistry
...
Bumps [github.com/google/go-containerregistry](https://github.com/google/go-containerregistry ) from 0.8.0 to 0.9.0.
- [Release notes](https://github.com/google/go-containerregistry/releases )
- [Changelog](https://github.com/google/go-containerregistry/blob/main/.goreleaser.yml )
- [Commits](https://github.com/google/go-containerregistry/compare/v0.8.0...v0.9.0 )
---
updated-dependencies:
- dependency-name: github.com/google/go-containerregistry
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
2022-05-19 13:30:10 +00:00
dependabot[bot]
5843c148db
🌱 Bump distroless/base in /cron/worker
...
Bumps distroless/base from `764b74b` to `d65ac1a`.
---
updated-dependencies:
- dependency-name: distroless/base
dependency-type: direct:production
...
Signed-off-by: dependabot[bot] <support@github.com>
2022-05-19 12:54:38 +00:00
laurentsimon
b4700ab5df
✨ Raw results for Contributors check ( #1919 )
...
* update
* update
* linter
* linter
2022-05-18 18:13:10 +00:00
Azeem Shaikh
8fdb0e767e
Cron cleanup ( #1925 )
...
Co-authored-by: Azeem Shaikh <azeems@google.com>
2022-05-18 09:48:40 -07:00
dependabot[bot]
fc7157e38a
🌱 Bump actions/dependency-review-action from 1.0.0 to 1.0.1 ( #1923 )
...
Bumps [actions/dependency-review-action](https://github.com/actions/dependency-review-action ) from 1.0.0 to 1.0.1.
- [Release notes](https://github.com/actions/dependency-review-action/releases )
- [Commits](3f943b86c9...39e692fa32
2022-05-18 07:10:22 -05:00
Naveen
bbaf072dd5
⚠️ Remove the oldjson format from cron ( #1920 )
...
- removed the old json format from cron
fix https://github.com/ossf/scorecard/pull/1487
Signed-off-by: naveensrinivasan <172697+naveensrinivasan@users.noreply.github.com>
2022-05-17 17:31:25 -07:00
Appu
e7ef60d7fe
📖 Add information for pinning manfest lists ( #1918 )
...
* Add information for pinning manfest lists
Signed-off-by: Appu Goundan <appu@google.com>
* Update checks.md
2022-05-17 10:36:57 -07:00
dependabot[bot]
6406cfd4e3
🌱 Bump actions/setup-go from 3.0.0 to 3.1.0
...
Bumps [actions/setup-go](https://github.com/actions/setup-go ) from 3.0.0 to 3.1.0.
- [Release notes](https://github.com/actions/setup-go/releases )
- [Commits](f6164bd8c8...fcdc43634a
2022-05-16 16:52:04 +00:00
Azeem Shaikh
236b296403
Do not fail on empty repositories ( #1914 )
...
Co-authored-by: Azeem Shaikh <azeems@google.com>
2022-05-16 00:41:17 +00:00
laurentsimon
b1ab7eb9bb
✨ Update raw format for Dangerous workflows ( #1865 )
...
* updates
* e2e fix
* comments
2022-05-13 19:10:57 -07:00
Scott Ford
cd0470403b
📖 Fixes description for webhook check ( #1882 )
...
Signed-off-by: Scott Ford <scott@scottford.io>
2022-05-12 21:14:43 +00:00
