Naveen
0275a94a3f
:warn: Remove the old Details field from CheckResult ( #1906 )
...
https://github.com/ossf/scorecard/issues/1393
Signed-off-by: naveensrinivasan <172697+naveensrinivasan@users.noreply.github.com>
2022-05-12 12:58:12 -07:00
naveensrinivasan
b9f333bc2a
⚠️ Remove the pass from the CheckResult
...
- Remove Pass field from CheckResult
Signed-off-by: naveensrinivasan <172697+naveensrinivasan@users.noreply.github.com>
2022-05-12 14:03:19 -05:00
Naveen
7ff4b7e050
⚠️ Removing the confidence field from CheckResult
struct ( #1896 )
...
- Removing the confidence field from `CheckResult` struct
- https://github.com/ossf/scorecard/issues/1393
Signed-off-by: naveensrinivasan <172697+naveensrinivasan@users.noreply.github.com>
2022-05-09 17:46:24 +00:00
laurentsimon
8c97d46a36
✨ Add custom remediation for workflow permissions/pinned dependencies ( #1885 )
...
* draft
* update
* updates
* updates
* updates
* updates
* updates
* updates
2022-05-06 12:52:30 -07:00
Naveen
44ad5f53ad
⚠️ Removing the error field from result ( #1853 )
...
- Removing the error field from result
- https://github.com/ossf/scorecard/issues/1393
Signed-off-by: naveensrinivasan <172697+naveensrinivasan@users.noreply.github.com>
2022-04-22 23:22:43 +00:00
Azeem Shaikh
2b206dc365
Remove Version
field from LogMessage ( #1640 )
...
Co-authored-by: Azeem Shaikh <azeems@google.com>
2022-02-15 18:26:06 +00:00
laurentsimon
7a91384f8d
✨ Add line numbers for insecure downloads ( #1413 )
...
* add lines for docker files
* support for other constructs
* other insecure patterns
* fixes
* fixes
* comments
2022-01-06 00:13:53 +00:00
laurentsimon
30aaa2677c
enum start at 0 ( #1422 )
2021-12-24 02:53:17 +00:00
laurentsimon
3d9b1d2900
✨ [RAW] Branch Protection support ( #1396 )
...
* raw bp
* missing files
* context never nil
* support raw bp
* unit tests
* remove comments
* merging
* linter
2021-12-16 21:42:05 +00:00
Azeem Shaikh
ecc96576f4
Refactor to improve readability ( #1394 )
...
Co-authored-by: Azeem Shaikh <azeems@google.com>
2021-12-15 15:01:34 -08:00
laurentsimon
f2cee41ca9
✨ [RAW]: dependency update tool ( #1391 )
...
* dependency update tool
* rename
* missing files
* add fields
* rm field
2021-12-15 17:02:31 +00:00
laurentsimon
46e94eb925
✨ [DRAFT: RAW]: Security policy support ( #1372 )
...
* raw sec policy
* missing file
* fix validation of check.yml
* updates
* comments
* dea code
* comments
2021-12-14 23:51:42 +00:00
laurentsimon
551961718d
✨ [RAW] End-to-end support for raw results for Binary-Artifacts ( #1255 )
...
* split binary artifact check
* fix
* missing file
* comments
* fix
* comments
* draft
* merge fix
* fix merge
* add indirection
* comments
* comments
* linter
* comments
* updates
* updates
* updates
* linter
* comments
2021-12-14 21:10:24 +00:00
Chris McGehee
38b5199e9e
🐛 Adding line numbers to token-permissions and a couple other places ( #1363 )
...
* Adding line numbers to token-permissions and a couple other places
* Fix deadlink for security policy
Signed-off-by: Batuhan Apaydın <batuhan.apaydin@trendyol.com>
Co-authored-by: Furkan Türkal <furkan.turkal@trendyol.com>
* Updating formatting
Co-authored-by: Batuhan Apaydın <batuhan.apaydin@trendyol.com>
Co-authored-by: Furkan Türkal <furkan.turkal@trendyol.com>
2021-12-06 10:05:52 -06:00
neil465
5476b878bd
✨ Removed unnecessary linters ( #969 )
...
* gomnd
* prealloc
* dupl
2021-09-07 10:45:12 -04:00
laurentsimon
dbdcd4bea7
✨ SARIF 1: add structured detail ( #843 )
...
* sarif-1
* comment
* typos
* comments
* comments
* typo
* typo
* fixes
* linter
* linter
* linter
2021-08-16 23:26:19 +00:00
laurentsimon
6718939a08
✨ Cleanup errors and log ( #782 )
...
* cleanup
* text
* add errors
* fixes
* more
* fixes
* linnter
* comments
* name
2021-08-02 22:38:42 +00:00
Azeem Shaikh
6368c25f54
More linter issues ( #794 )
...
Co-authored-by: Azeem Shaikh <azeems@google.com>
2021-08-01 03:42:14 +00:00
Azeem Shaikh
83e9f52501
Enable revive linters which are used in google3 ( #793 )
...
Co-authored-by: Azeem Shaikh <azeems@google.com>
2021-07-31 22:31:34 +00:00
laurentsimon
b35cbdcdcf
✨ Make Branch-Protection score more granular ( #777 )
...
* commit
* uni tests
* full score
* typos
* update msg
* remove function
* comments
* linter
* comments
2021-07-30 01:54:19 +00:00
laurentsimon
6536d393f3
remove functions ( #770 )
2021-07-28 08:32:00 -07:00
laurentsimon
c044105e33
✨ rename var ( #756 )
...
* rename var
* linter
2021-07-26 17:24:34 -07:00
laurentsimon
a004ffb107
✨ cleanup Frozen-Deps MakeResultAnd
( #742 )
...
* draft
* fixes
* commi 1
* delete file
* clean
* clean 2
* linter
* fix score
* handle err
* in-proress score
* fixes
2021-07-26 22:02:46 +00:00
laurentsimon
8128f9fe68
divide by 0 ( #755 )
2021-07-26 21:37:17 +00:00
Naveen
4d7fb5d748
🌱 Fix the go.mod with v2 upgrade ( #716 )
...
The go.mod and the related files weren't t updated with the v2 upgrade.
https://github.com/ossf/scorecard/issues/711
This fix will address the issue.
2021-07-26 13:01:25 -05:00
laurentsimon
37d13c2972
✨ Code-Review cleanup ( #740 )
...
* sast cleanup
* code-review cleanup
* typo
* merge fix
2021-07-22 23:12:53 +00:00
laurentsimon
a34e326151
✨ sast cleanup ( #739 )
...
* sast cleanup
* comments
2021-07-22 18:03:31 +00:00
laurentsimon
ae33db624e
✨ [migration to score] 6: signed tags, signed release, PR, fuzzing ( #732 )
...
* yaml file
* sort checks
* comments
* signed tags
* signed release, PR, fuzzing
* typo
2021-07-21 18:10:47 -07:00
laurentsimon
53c056081b
✨ [migration to score] 5: contributors, vulnerabilities, packaging and sast ( #729 )
...
* contributors
* packaging
* vulnerabilities
* fix errors
* err
* errors
2021-07-21 13:40:16 -07:00
laurentsimon
6f203e73b6
✨ [migration to score] 4: active, fuzzing and code-review ( #721 )
...
* details-1
* nits
* typo
* commments
* dependabot and binary artifacts checks
* typo
* linter
* missing errors.go
* linter
* merge fix
* active, fuzzing and code review checks
* e2e tests for fuzzing
* fixes
2021-07-21 09:40:40 -07:00
laurentsimon
ab4bb60c9c
✨ [migration to score] 1: create errors and new functions ( #712 )
...
* details-1
* comment
* doc
* nits
* typo
* commments
* nit
* linter
2021-07-20 11:36:35 -07:00
Azeem Shaikh
9266f97ee9
Add monitoring for Scorecard errors ( #597 )
...
Co-authored-by: Azeem Shaikh <azeems@google.com>
2021-06-21 15:38:50 -07:00
asraa
b7ca0d9d1f
🐛 fix and result of multicheck ( #571 )
...
* fix multicheckand
Signed-off-by: Asra Ali <asraa@google.com>
* address comments
Signed-off-by: Asra Ali <asraa@google.com>
2021-06-14 18:00:54 +00:00
Chris McGehee
6b63f3f963
🌱 Fix lint issues: Replace golint with revive ( #493 )
...
* Fix lint issues: Replace golint with revive
golint is deprecated and recommended to be replaced with revive
* Updating comments to be more accurate
* Updating comments again
Co-authored-by: Azeem Shaikh <azeemshaikh38@gmail.com>
2021-05-24 11:34:33 -07:00
Chris McGehee
2e7a71fbf2
Fix lint issues: goerr113 linter ( #491 )
...
Co-authored-by: Azeem Shaikh <azeemshaikh38@gmail.com>
2021-05-22 12:36:47 -07:00
laurentsimon
ee3f290702
✨ Add check for Docker dependency pinning by hash ( #469 )
...
* check pinning in docker files
* Revert "check pinning in docker files"
This reverts commit c05a5007b1
.
* check pinning in docker files
* Revert "check pinning in docker files"
This reverts commit c05a5007b1
.
* check pinning in docker files
* Revert "check pinning in docker files"
This reverts commit c05a5007b1
.
* check pinning in docker files
* Revert "check pinning in docker files"
This reverts commit c05a5007b1
.
* check pinning in docker files
* Revert "check pinning in docker files"
This reverts commit c05a5007b1
.
* check dependencies pinning in docker files
* check docker files hash pinning
* remove logging
* make keyword matches case-insensitive
* remove log
* update unit tests
* check fix
* check dependencies pinning in docker files
* check docker files hash pinning
* remove logging
* remove log
* check fix
* comment
* linter
* commments
* check pinning in docker files
* Revert "check pinning in docker files"
This reverts commit c05a5007b1
.
* check pinning in docker files
* Revert "check pinning in docker files"
This reverts commit c05a5007b1
.
* check pinning in docker files
* Revert "check pinning in docker files"
This reverts commit c05a5007b1
.
* check dependencies pinning in docker files
* check docker files hash pinning
* check fix
* check dependencies pinning in docker files
* check docker files hash pinning
* remove logging
* make keyword matches case-insensitive
* remove log
* check fix
* comment
* commments
* comments
* check pinning in docker files
* Revert "check pinning in docker files"
This reverts commit c05a5007b1
.
* check pinning in docker files
* Revert "check pinning in docker files"
This reverts commit c05a5007b1
.
* check pinning in docker files
* Revert "check pinning in docker files"
This reverts commit c05a5007b1
.
* check dependencies pinning in docker files
* check docker files hash pinning
* remove logging
* make keyword matches case-insensitive
* check fix
* check dependencies pinning in docker files
* check docker files hash pinning
* check fix
* commments
* comments
* comments
* comments
* update mod
* remove continue keyword
* linter
* linter
* linter
* comments
* cleanup
* linter
* typos
* typos
2021-05-19 09:46:39 -07:00
Abhishek Arya
5f82d2b9c0
✨ Add checks for workflow action pinning ( #466 )
...
Patch by Laurent Simon <laurentsimon@google.com>
Co-authored-by: Laurent Simon <laurentsimon@google.com>
2021-05-17 13:03:39 -07:00
Chris McGehee
727bb58911
🌱 Fix lint issues: govet linter ( #395 )
...
* Fix lint issues: govet linter
The fieldalignment analyzer informs you when structs would take up less
memory with their fields reordered.
* CheckResult.Details was not omitted as intended
Found by govet linter
* Removing possible breaking change
Co-authored-by: Naveen <172697+naveensrinivasan@users.noreply.github.com>
Co-authored-by: Azeem Shaikh <azeemshaikh38@gmail.com>
2021-05-11 06:52:52 -07:00
Azeem Shaikh
bd3eff1fcf
✨ Cron job uses line-delimited JSON ( #344 )
...
* ✨ Refactor to reduce code duplication
* ✨
* Move lib/ back to checker/
* Move lib/ back to checker/
* Move lib/ back to checker/
* Address PR comments.
* Addressing PR comments.
* Separate out ReposURL nito repos/
* Add TODO in gitcache module.
* Add RepoRequest/Response types.
* Avoid printing `ShouldRetry` and `Error` in output JSON.
* Fix JSON output.
* Simplify cmd package.
* Make cron/ a package instead of module.
* Fix TODO.
* Remove binary file.
* go.mod file.
* go.mod updates.
* Refactor cron to use in-memory JSON.
* Fix JSON output.
* Fix go.mod
* Address PR comments.
* Change %w -> %v.
* Address PR comments.
* Fix err.
Co-authored-by: Azeem Shaikh <azeems@google.com>
2021-04-19 12:49:51 -07:00
Azeem Shaikh
a58818d258
🌱 : Reduce code duplication for follow-up cron refactoring ( #338 )
...
* ✨ Refactor to reduce code duplication
* ✨
* Move lib/ back to checker/
* Move lib/ back to checker/
* Move lib/ back to checker/
* Address PR comments.
* Addressing PR comments.
* Avoid printing `ShouldRetry` and `Error` in output JSON.
* Fix JSON output.
Co-authored-by: Azeem Shaikh <azeems@google.com>
2021-04-10 07:26:56 -05:00