ossf/scorecard
1
1
Fork 0
mirror of https://github.com/ossf/scorecard.git synced 2024-09-17 11:57:12 +03:00
Code Issues Actions 6 Packages Projects Releases Wiki Activity
1,382 Commits 36 Branches 42 Tags 436 MiB
3b7c46f779
Commit Graph

47 Commits

Author SHA1 Message Date
laurentsimon
b1ab16e80f
Add raw results to cron scans (#1741) 
* draft

* updates

* updates

* updates

* updates

* updates

* comments

* comments

* comments

* comments

* comments

* comments
 2022-03-18 19:05:14 -07:00
Azeem Shaikh
6930c3ab3b
Add support for commit-based Scorecard (#1613) 
Co-authored-by: Azeem Shaikh <azeems@google.com>
 2022-02-07 19:03:36 -08:00
Azeem Shaikh
1c95237e4a
Only run allowed checks in different modes (#1579) 
Co-authored-by: Azeem Shaikh <azeems@google.com>
 2022-02-07 16:49:49 -08:00
laurentsimon
9037444513
Raw data for code review check (#1505) 
* separate code review's eval and check

* missing file

* add comments

* fix

* fix

* linter

* fixes

* fix

* linter

* linter

* linter

* draft

* fixes

* fixes

* simplify

* update date

* rem comments

* typo

* linter

* typo

* linter
 2022-02-02 19:51:38 +00:00
naveen
f7b329e830 Unit test for all_checks 
Addresses https://github.com/ossf/scorecard/issues/435

Signed-off-by: naveen <172697+naveensrinivasan@users.noreply.github.com>
 2022-01-12 17:24:38 -06:00
Azeem Shaikh
f2c57d2590 Migrate to v4 2022-01-12 14:12:09 -06:00
Evgeny Vereshchagin
2e391503e4
Code-Review: show PRs merged without code review (#1375) 
to make it easier to figure out whether those PRs are really merged
without code review or whether there is a bug in scorecard like
https://github.com/ossf/scorecard/issues/1260 that prevents it
from finding reviewed PRs. Other than that, the "CI-Tests" check
already show "untested" PRs so it seems the "Code-Review" check
should follow suit.
 2021-12-07 16:47:29 -08:00
Naveen
6c1c789dc5
🌱 v3 upgrade changes (#1118) 
v3 go.mod changes
 2021-10-07 18:16:01 -05:00
Azeem Shaikh
00741115ae
Fix CodeReview bug (#1058) 
Co-authored-by: Azeem Shaikh <azeems@google.com>
 2021-09-24 03:56:50 +00:00
laurentsimon
0686ed2ba0
🐛 Fix invalid code review (#1055) 
* fix bug

* fix

* comments

* fix

* fixes
 2021-09-23 21:17:32 +00:00
laurentsimon
b9daae1c0c
🐛 Update message for Code-Review (#1054) 
* update msg

* fix
 2021-09-22 21:09:44 +00:00
laurentsimon
b0fab3fa43
code (#1006) 
Co-authored-by: Naveen <172697+naveensrinivasan@users.noreply.github.com>
 2021-09-13 16:35:50 +00:00
Azeem Shaikh
e730e911e6
sce.Create -> sce.WithMessage for wrapcheck (#995) 
Co-authored-by: Azeem Shaikh <azeems@google.com>
 2021-09-10 15:50:33 +00:00
Azeem Shaikh
9a1978a051
Use RefUpdateRule in BranchProtection check (#936) 
Co-authored-by: Azeem Shaikh <azeems@google.com>
 2021-08-30 23:14:42 +00:00
laurentsimon
b731f450b9
Transition Vulnerabilities, Permissions, CI-Tests, Dependency-Update-Tool, Code-Reviews to structured details (#889) 
* move other checks togit add -u

* more checks

* fixes
 2021-08-24 00:54:22 +00:00
laurentsimon
b35cbdcdcf
Make Branch-Protection score more granular (#777) 
* commit

* uni tests

* full score

* typos

* update msg

* remove function

* comments

* linter

* comments
 2021-07-30 01:54:19 +00:00
Azeem Shaikh
1d1e799f84
Add ListCommits and IsArchived API (#772) 
Co-authored-by: Azeem Shaikh <azeems@google.com>
 2021-07-29 14:18:58 -07:00
Naveen
4d7fb5d748
🌱 Fix the go.mod with v2 upgrade (#716) 
The go.mod and the related files weren't t updated with the v2 upgrade.

https://github.com/ossf/scorecard/issues/711

This fix will address the issue.
 2021-07-26 13:01:25 -05:00
Azeem Shaikh
7c133bc767
Create APIs for MergedPRs and DefaultBranch (#745) 
Co-authored-by: Azeem Shaikh <azeems@google.com>
 2021-07-25 17:37:14 -07:00
laurentsimon
37d13c2972
Code-Review cleanup (#740) 
* sast cleanup

* code-review cleanup

* typo

* merge fix
 2021-07-22 23:12:53 +00:00
laurentsimon
89c8e2af31
[migration to score] 7: CI-Test, CII Best practices, security policy file (#733) 
* ci, cii, sec file

* linter

* check doc

* typo

* fix

* comments

* linter

* fix sast

* fix score calc
 2021-07-22 15:37:31 +00:00
laurentsimon
ae33db624e
[migration to score] 6: signed tags, signed release, PR, fuzzing (#732) 
* yaml file

* sort checks

* comments

* signed tags

* signed release, PR, fuzzing

* typo
 2021-07-21 18:10:47 -07:00
laurentsimon
53c056081b
[migration to score] 5: contributors, vulnerabilities, packaging and sast (#729) 
* contributors

* packaging

* vulnerabilities

* fix errors

* err

* errors
 2021-07-21 13:40:16 -07:00
laurentsimon
6f203e73b6
[migration to score] 4: active, fuzzing and code-review (#721) 
* details-1

* nits

* typo

* commments

* dependabot and binary artifacts checks

* typo

* linter

* missing errors.go

* linter

* merge fix

* active, fuzzing and code review checks

* e2e tests for fuzzing

* fixes
 2021-07-21 09:40:40 -07:00
Azeem Shaikh
08e934cbc2
Use GraphQL instead of REST to reduce token usage (#640) 
Co-authored-by: Azeem Shaikh <azeems@google.com>
 2021-07-01 15:32:57 -07:00
dependabot[bot]
5dd7f118ae
🌱 Bump github.com/golangci/golangci-lint from 1.40.1 to 1.41.1 (#627) 
Bumps [github.com/golangci/golangci-lint](https://github.com/golangci/golangci-lint) from 1.40.1 to 1.41.1.
- [Release notes](https://github.com/golangci/golangci-lint/releases)
- [Changelog](https://github.com/golangci/golangci-lint/blob/master/CHANGELOG.md)
- [Commits](https://github.com/golangci/golangci-lint/compare/v1.40.1...v1.41.1)

---
updated-dependencies:
- dependency-name: github.com/golangci/golangci-lint
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: Azeem Shaikh <azeems@google.com>
Co-authored-by: Azeem Shaikh <azeemshaikh38@gmail.com>
Co-authored-by: Naveen <172697+naveensrinivasan@users.noreply.github.com>
 2021-06-29 10:26:16 -07:00
Azeem Shaikh
be8aa3d713
Export registered check names (#518) 
Co-authored-by: Azeem Shaikh <azeems@google.com>
 2021-05-27 14:54:34 -07:00
Chris McGehee
6b63f3f963
🌱 Fix lint issues: Replace golint with revive (#493) 
* Fix lint issues: Replace golint with revive
golint is deprecated and recommended to be replaced with revive

* Updating comments to be more accurate

* Updating comments again

Co-authored-by: Azeem Shaikh <azeemshaikh38@gmail.com>
 2021-05-24 11:34:33 -07:00
Chris McGehee
61ecad3151
Add new linter: gci (#498) 2021-05-23 20:51:52 -07:00
Chris McGehee
2e7a71fbf2
Fix lint issues: goerr113 linter (#491) 
Co-authored-by: Azeem Shaikh <azeemshaikh38@gmail.com>
 2021-05-22 12:36:47 -07:00
Chris McGehee
50f7ed8519
🌱Fix lint issues: gochecknoinits linter (#485) 
* Fix lint issues: gochecknoinits linter

* Fix lint issues: gochecknoinits linter
 2021-05-22 13:19:52 -04:00
Abhishek Arya
5f82d2b9c0
Add checks for workflow action pinning (#466) 
Patch by Laurent Simon <laurentsimon@google.com>

Co-authored-by: Laurent Simon <laurentsimon@google.com>
 2021-05-17 13:03:39 -07:00
Laurent Simon
feafbf2610 Fix segfault issue #419 2021-05-07 20:30:22 -05:00
Chris McGehee
87b5a6a922 Fix lint issues: godot linter 2021-05-02 11:14:01 -05:00
Chris McGehee
06993b72ce
🐛 Fix linting issues (1 of n) (#348) 
* Fix lint issues: whitespace linter

* Fix lint issues: wrapcheck linter

* Fix lint issues: errcheck linter

* Fix lint issues: paralleltest linter

* Fix lint issues: gocritic linter
Most changes from this commit are from passing checker.CheckResult by reference and not by value. gocritic identified that as a huge parameter.
gocritic also prefers regexp.MustCompile over Compile when the pattern is a const
 2021-04-19 12:18:34 -07:00
Azeem Shaikh
a58818d258
🌱 : Reduce code duplication for follow-up cron refactoring (#338) 
*  Refactor to reduce code duplication

* 

* Move lib/ back to checker/

* Move lib/ back to checker/

* Move lib/ back to checker/

* Address PR comments.

* Addressing PR comments.

* Avoid printing `ShouldRetry` and `Error` in output JSON.

* Fix JSON output.

Co-authored-by: Azeem Shaikh <azeems@google.com>
 2021-04-10 07:26:56 -05:00
Nathan
554ca76bfe Fix - golangci issues gomnd, goconst 
Fixed the golangci issues for gomnd and goconst.
Added ginkgo dependency in the makefile.
 2021-02-17 18:22:18 -05:00
Abhishek Arya
09b83b9bf1 Fixes 
- Fix nil exception in packaging on https://github.com/OSGeo/gdal
- Add jenkins ci in ci tests, tested on https://github.com/jenkinsci/jenkins
- Generalize function name in code review check.
 2021-01-24 18:36:36 -05:00
Abhishek Arya
6a7eb62fea Fix condition. 2020-11-21 18:40:52 -08:00
Abhishek Arya
3379ada1d5 Improve code review check to account for diff author-committer usecase. 
See
$ go run . --repo=https://github.com/protocolbuffers/protobuf --show-details --checks=Code-Review
Starting [Code-Review]
Finished [Code-Review]

RESULTS
-------
Code-Review: Pass 9
    found different author and committer for pr: 8053
    found different author and committer for pr: 8052
    found review approved pr: 8048
    found review approved pr: 8045
    found different author and committer for pr: 8043
    found review approved pr: 8035
    found review approved pr: 8032
    found review approved pr: 8030
    found review approved pr: 8029
    found review approved pr: 8028
    found review approved pr: 8026
    found review approved pr: 8025
    found review approved pr: 8024
    found review approved pr: 8023
    found review approved pr: 8022
    found different author and committer for pr: 8014
    found different author and committer for pr: 8013
    found review approved pr: 8011
    found review approved pr: 8010
    found review approved pr: 8006
    found review approved pr: 8005
    found different author and committer for pr: 8003
    found review approved pr: 8000
    found different author and committer for pr: 7997
    github code reviews found
 2020-11-20 13:21:59 -08:00
Abhishek Arya
dde26dfceb Update checks for Gerrit use 2020-11-19 07:36:37 -08:00
Dan Lorenc
9f686dc707 Rename repo/modules. 2020-10-27 14:23:48 -05:00
Abhishek Arya
81eab9d2d8
Add license header and code of conduct files. (#34) 
* Add license header and code of conduct files.

* Fill missing field.
 2020-10-26 15:22:13 -05:00
Abhishek Arya
5649a8370c fix check 2020-10-24 10:24:27 -07:00
Abhishek Arya
6c790d84da Add some missing detail messages, improve others. 2020-10-24 10:20:49 -07:00
Abhishek Arya
88ffaaad6f
Lower pr review policy confidence to enforce GithubCodeReview (#19) 
PR review policy is good to check but keep its confidence low
since actual enforcement is checked by GithubCodeReview and
ProwCodeReview and those values should be used.
 2020-10-17 19:09:35 -05:00
Abhishek Arya
6e5ce52cae
Fix filenames to match check names, remove unneeded repos.txt. (#15) 
* Fix filenames to match check names, remove unneeded repos.txt.

* Fix conflict.

* Minor fix.
 2020-10-16 13:22:28 -05:00