ossf/scorecard
1
1
Fork 0
mirror of https://github.com/ossf/scorecard.git synced 2024-09-17 11:57:12 +03:00
Code Issues Actions 6 Packages Projects Releases Wiki Activity
1,382 Commits 36 Branches 42 Tags 436 MiB
3b7c46f779
Commit Graph

35 Commits

Author SHA1 Message Date
laurentsimon
608da94aaf
Raw results for Packaging check (#1913) 
* update

* update

* update

* update

* update

* update

* update

* updates

* update

* update

* update

* update

* update

* update

* comments
 2022-06-01 16:41:20 +00:00
Chris McGehee
808941a4c2
Token-Permissions, Allow contents: write permission only for jobs that are releasing (#1663) 
* Token-Permissions, distinguish contents/package

Allowing `contents: write` permission only for jobs that are releasing
jobs, not just packaging jobs.
 2022-02-23 00:23:07 +00:00
behnazh-w
33a01f7647 🐛 Add custom packaging workflow for Python 
Packaging workflows are allowed to have `contents: write` permission.
By adding relekang/python-semantic-release to the list of
packaging GitHub Actions workflows, we avoid false positivies in
the token permission check.
 2022-02-17 17:16:34 -06:00
Azeem Shaikh
2b206dc365
Remove Version field from LogMessage (#1640) 
Co-authored-by: Azeem Shaikh <azeems@google.com>
 2022-02-15 18:26:06 +00:00
Azeem Shaikh
2e3e505a8c
Simplify DetailLogger interface (#1628) 
Co-authored-by: Azeem Shaikh <azeems@google.com>
 2022-02-11 15:48:58 -08:00
Azeem Shaikh
1c95237e4a
Only run allowed checks in different modes (#1579) 
Co-authored-by: Azeem Shaikh <azeems@google.com>
 2022-02-07 16:49:49 -08:00
laurentsimon
873308016c
checks/packaging.go: ignore workflows/<>/ files (#1591) 2022-02-04 21:42:59 +00:00
naveen
f7b329e830 Unit test for all_checks 
Addresses https://github.com/ossf/scorecard/issues/435

Signed-off-by: naveen <172697+naveensrinivasan@users.noreply.github.com>
 2022-01-12 17:24:38 -06:00
Azeem Shaikh
f2c57d2590 Migrate to v4 2022-01-12 14:12:09 -06:00
laurentsimon
70fa923907
info to debug (#1416) 2021-12-23 17:27:40 -06:00
Chris McGehee
f991fee32d
Adding line numbers for rest of Token-Permessions (and by extension, (#1381) 
Packaging)
 2021-12-14 04:14:35 +00:00
Chris McGehee
38b5199e9e
🐛 Adding line numbers to token-permissions and a couple other places (#1363) 
* Adding line numbers to token-permissions and a couple other places

* Fix deadlink for security policy

Signed-off-by: Batuhan Apaydın <batuhan.apaydin@trendyol.com>
Co-authored-by: Furkan Türkal <furkan.turkal@trendyol.com>

* Updating formatting

Co-authored-by: Batuhan Apaydın <batuhan.apaydin@trendyol.com>
Co-authored-by: Furkan Türkal <furkan.turkal@trendyol.com>
 2021-12-06 10:05:52 -06:00
Naveen
6c1c789dc5
🌱 v3 upgrade changes (#1118) 
v3 go.mod changes
 2021-10-07 18:16:01 -05:00
Azeem Shaikh
e730e911e6
sce.Create -> sce.WithMessage for wrapcheck (#995) 
Co-authored-by: Azeem Shaikh <azeems@google.com>
 2021-09-10 15:50:33 +00:00
Azeem Shaikh
99b9c91570
Use RepoClient API for Packaging check (#940) 
Co-authored-by: Azeem Shaikh <azeems@google.com>
 2021-09-01 01:05:34 +00:00
laurentsimon
6403eb1382
Transition Packaging, SAST, Security-policy, Signed-releases check to the new structured detail format (#887) 
* move checks to new format

* fix

* comments

* fix

* comments
 2021-08-24 01:44:06 +00:00
Azeem Shaikh
b7ddc9ac93
Update go-github version for consistency (#852) 
Co-authored-by: Azeem Shaikh <azeems@google.com>
 2021-08-13 00:43:22 +00:00
laurentsimon
b2b37161f3
Improve token permission check (#800) 
* draft

* draft 2

* draft3

* fix e2e

* comment

* comment

* check codeql

* missing files

* comments

* nit

* update msg

* msg

* nit

* nit

* msg

* e2e

* update doc
 2021-08-03 00:56:45 +00:00
Azeem Shaikh
30bb11965a
Update Packaging check to use new APIs (#796) 
Co-authored-by: Azeem Shaikh <azeems@google.com>
 2021-08-02 17:17:38 +00:00
Azeem Shaikh
83e9f52501
Enable revive linters which are used in google3 (#793) 
Co-authored-by: Azeem Shaikh <azeems@google.com>
 2021-07-31 22:31:34 +00:00
Naveen
4d7fb5d748
🌱 Fix the go.mod with v2 upgrade (#716) 
The go.mod and the related files weren't t updated with the v2 upgrade.

https://github.com/ossf/scorecard/issues/711

This fix will address the issue.
 2021-07-26 13:01:25 -05:00
laurentsimon
53c056081b
[migration to score] 5: contributors, vulnerabilities, packaging and sast (#729) 
* contributors

* packaging

* vulnerabilities

* fix errors

* err

* errors
 2021-07-21 13:40:16 -07:00
Azeem Shaikh
be8aa3d713
Export registered check names (#518) 
Co-authored-by: Azeem Shaikh <azeems@google.com>
 2021-05-27 14:54:34 -07:00
Chris McGehee
61ecad3151
Add new linter: gci (#498) 2021-05-23 20:51:52 -07:00
Chris McGehee
50f7ed8519
🌱Fix lint issues: gochecknoinits linter (#485) 
* Fix lint issues: gochecknoinits linter

* Fix lint issues: gochecknoinits linter
 2021-05-22 13:19:52 -04:00
Chris McGehee
4c6b500dea Fix lint issues: lll linter 2021-05-02 11:18:26 -05:00
Chris McGehee
06993b72ce
🐛 Fix linting issues (1 of n) (#348) 
* Fix lint issues: whitespace linter

* Fix lint issues: wrapcheck linter

* Fix lint issues: errcheck linter

* Fix lint issues: paralleltest linter

* Fix lint issues: gocritic linter
Most changes from this commit are from passing checker.CheckResult by reference and not by value. gocritic identified that as a huge parameter.
gocritic also prefers regexp.MustCompile over Compile when the pattern is a const
 2021-04-19 12:18:34 -07:00
Azeem Shaikh
a58818d258
🌱 : Reduce code duplication for follow-up cron refactoring (#338) 
*  Refactor to reduce code duplication

* 

* Move lib/ back to checker/

* Move lib/ back to checker/

* Move lib/ back to checker/

* Address PR comments.

* Addressing PR comments.

* Avoid printing `ShouldRetry` and `Error` in output JSON.

* Fix JSON output.

Co-authored-by: Azeem Shaikh <azeems@google.com>
 2021-04-10 07:26:56 -05:00
Nathan
554ca76bfe Fix - golangci issues gomnd, goconst 
Fixed the golangci issues for gomnd and goconst.
Added ginkgo dependency in the makefile.
 2021-02-17 18:22:18 -05:00
naveen
4bdc158018 Fix - packging workflow for docker push 2021-02-12 21:16:44 -05:00
Abhishek Arya
09b83b9bf1 Fixes 
- Fix nil exception in packaging on https://github.com/OSGeo/gdal
- Add jenkins ci in ci tests, tested on https://github.com/jenkinsci/jenkins
- Generalize function name in code review check.
 2021-01-24 18:36:36 -05:00
Abhishek Arya
bcaa2e77f9 Lint fix. 2021-01-15 13:44:52 -05:00
Abhishek Arya
b5096bff45 Fix backslash. 2021-01-15 13:44:52 -05:00
Abhishek Arya
b278475af0 Fix CodeQL failure. 2021-01-15 13:44:52 -05:00
Abhishek Arya
dc8d1fecb9 Add packaging check. 2021-01-15 13:44:52 -05:00