ossf/scorecard
1
1
Fork 0
mirror of https://github.com/ossf/scorecard.git synced 2024-09-17 11:57:12 +03:00
Code Issues Actions 6 Packages Projects Releases Wiki Activity
1,382 Commits 36 Branches 42 Tags 436 MiB
3b7c46f779
Commit Graph

45 Commits

Author SHA1 Message Date
Azeem Shaikh
333618d0d2
Security-Policy should not run on --local (#1825) 
Co-authored-by: Azeem Shaikh <azeems@google.com>
 2022-04-07 14:12:22 -05:00
laurentsimon
b1ab16e80f
Add raw results to cron scans (#1741) 
* draft

* updates

* updates

* updates

* updates

* updates

* comments

* comments

* comments

* comments

* comments

* comments
 2022-03-18 19:05:14 -07:00
Azeem Shaikh
241b0f4b4d
Mark License, Security-Policy as commit-based (#1711) 
Co-authored-by: Azeem Shaikh <azeems@google.com>
 2022-03-04 11:24:06 -06:00
Azeem Shaikh
1c95237e4a
Only run allowed checks in different modes (#1579) 
Co-authored-by: Azeem Shaikh <azeems@google.com>
 2022-02-07 16:49:49 -08:00
naveen
f7b329e830 Unit test for all_checks 
Addresses https://github.com/ossf/scorecard/issues/435

Signed-off-by: naveen <172697+naveensrinivasan@users.noreply.github.com>
 2022-01-12 17:24:38 -06:00
Azeem Shaikh
f2c57d2590 Migrate to v4 2022-01-12 14:12:09 -06:00
laurentsimon
46e94eb925
[DRAFT: RAW]: Security policy support (#1372) 
* raw sec policy

* missing file

* fix validation of check.yml

* updates

* comments

* dea code

* comments
 2021-12-14 23:51:42 +00:00
Chris McGehee
38b5199e9e
🐛 Adding line numbers to token-permissions and a couple other places (#1363) 
* Adding line numbers to token-permissions and a couple other places

* Fix deadlink for security policy

Signed-off-by: Batuhan Apaydın <batuhan.apaydin@trendyol.com>
Co-authored-by: Furkan Türkal <furkan.turkal@trendyol.com>

* Updating formatting

Co-authored-by: Batuhan Apaydın <batuhan.apaydin@trendyol.com>
Co-authored-by: Furkan Türkal <furkan.turkal@trendyol.com>
 2021-12-06 10:05:52 -06:00
laurentsimon
cc4949465b
[Check split]: Binary-Artifacts (#1244) 
* split binary artifact check

* fix

* missing file

* comments

* linter

* fix

* comments

* linter
 2021-11-16 19:57:14 +00:00
laurentsimon
63e3b92466
fix (#1277) 2021-11-15 21:42:25 +00:00
Evgeny Vereshchagin
46611eac5d Security-Policy: really look for the security policy 
It was tested with the systemd project where the security policy
is kept in docs/SECURITY.md. Without this patch `scorecard`
says that the security policy can't be found.
 2021-11-11 10:08:27 -06:00
laurentsimon
4cca9b4960
Implement local repo client for local folders (#1146) 
* draft

* draft

* docker file

* error

* fix

* fix

* bug

* comments

* missing merge

* fix

* merge issue

* fix

* validate format early

* comments

* fix

* fixes

* uncomment

* gate code for v4 code

* draft

* draft 2

* fix security-policy check

* fix

* merge fixes

* fixes

* fixes

* fixes

* fixes

* mock repo

* linter

* comments

* unit tests

* comments
 2021-10-28 18:30:02 +00:00
laurentsimon
950e0e3d2d
Add support for file-based repo URIs (#1113) 
* draft

* draft

* docker file

* error

* fix

* fix

* fixa

* bug

* comments

* missing merge

* fix

* fix rebase

* merge issue

* fix

* validate format early

* fix

* fix2

* comments

* fix
 2021-10-21 20:08:56 +00:00
Naveen
6c1c789dc5
🌱 v3 upgrade changes (#1118) 
v3 go.mod changes
 2021-10-07 18:16:01 -05:00
Azeem Shaikh
bc37c74b28
Remove Owner/Repo strings from CheckRequest (#997) 
Co-authored-by: Azeem Shaikh <azeems@google.com>
 2021-09-10 10:13:14 -07:00
Azeem Shaikh
afe5b40567
Make RepoClient as default interface for Scorecard (#951) 
Co-authored-by: Azeem Shaikh <azeems@google.com>
 2021-09-02 02:32:26 +00:00
Azeem Shaikh
2d65ab4f0c
Remove ErrRepoUnavailable (#908) 
Co-authored-by: Azeem Shaikh <azeems@google.com>
 2021-08-25 09:33:59 -07:00
Azeem Shaikh
41d0ce38c4
Replace errors.As with Is (#901) 
Co-authored-by: Azeem Shaikh <azeems@google.com>
 2021-08-25 01:03:45 +00:00
laurentsimon
6403eb1382
Transition Packaging, SAST, Security-policy, Signed-releases check to the new structured detail format (#887) 
* move checks to new format

* fix

* comments

* fix

* comments
 2021-08-24 01:44:06 +00:00
Mark J. Cox
20370f782a
🐛 Look for organisation default .github security.md files in all the locations they are allowed to be in (#837) 
* The default community health files for an organisation can be in one of
three places, but the current check only looked in one of them. Expand
the check to all three places as per
https://docs.github.com/en/communities/setting-up-your-project-for-healthy-contributions/creating-a-default-community-health-file

This fixes scorecards failing to pick up the default Apache policy
https://github.com/apache/.github/blob/main/.github/SECURITY.md

Signed-off-by: Mark J. Cox <mark@awe.com>

* Wrap don't use a long line

* Follow the hint in the failure and run "gofmt -s" on it
 2021-08-11 10:53:04 -07:00
Azeem Shaikh
83e9f52501
Enable revive linters which are used in google3 (#793) 
Co-authored-by: Azeem Shaikh <azeems@google.com>
 2021-07-31 22:31:34 +00:00
laurentsimon
29594d4294
change signature of FileIfExist and FileContent (#787) 
* draft

* add pinning

* remove functions

* typo

* commment

* name
 2021-07-30 15:09:52 +00:00
Azeem Shaikh
df89767c35
Fix bug in SecurityPolicy (#761) 
Co-authored-by: Azeem Shaikh <azeems@google.com>
 2021-07-29 20:09:56 +00:00
Naveen
4d7fb5d748
🌱 Fix the go.mod with v2 upgrade (#716) 
The go.mod and the related files weren't t updated with the v2 upgrade.

https://github.com/ossf/scorecard/issues/711

This fix will address the issue.
 2021-07-26 13:01:25 -05:00
Azeem Shaikh
9bf1cdc9ce
Update ListFiles API to return error (#746) 
Co-authored-by: Azeem Shaikh <azeems@google.com>
 2021-07-25 17:47:36 -07:00
Azeem Shaikh
7c133bc767
Create APIs for MergedPRs and DefaultBranch (#745) 
Co-authored-by: Azeem Shaikh <azeems@google.com>
 2021-07-25 17:37:14 -07:00
laurentsimon
89c8e2af31
[migration to score] 7: CI-Test, CII Best practices, security policy file (#733) 
* ci, cii, sec file

* linter

* check doc

* typo

* fix

* comments

* linter

* fix sast

* fix score calc
 2021-07-22 15:37:31 +00:00
Azeem Shaikh
2c2432b9df
Fix some bugs (#659) 
Co-authored-by: Azeem Shaikh <azeems@google.com>
 2021-07-07 15:04:43 +00:00
naveen
aeead94680 Included security.rst as SecurityPolicy 
* Included security.rst as name check for security policy.
 2021-07-04 16:18:51 -05:00
Azeem Shaikh
be8aa3d713
Export registered check names (#518) 
Co-authored-by: Azeem Shaikh <azeems@google.com>
 2021-05-27 14:54:34 -07:00
Chris McGehee
35fece6491
Fix lint issues: lll linter (#486) 2021-05-22 17:29:18 +00:00
Chris McGehee
50f7ed8519
🌱Fix lint issues: gochecknoinits linter (#485) 
* Fix lint issues: gochecknoinits linter

* Fix lint issues: gochecknoinits linter
 2021-05-22 13:19:52 -04:00
Abhishek Arya
5f82d2b9c0
Add checks for workflow action pinning (#466) 
Patch by Laurent Simon <laurentsimon@google.com>

Co-authored-by: Laurent Simon <laurentsimon@google.com>
 2021-05-17 13:03:39 -07:00
Chris McGehee
06993b72ce
🐛 Fix linting issues (1 of n) (#348) 
* Fix lint issues: whitespace linter

* Fix lint issues: wrapcheck linter

* Fix lint issues: errcheck linter

* Fix lint issues: paralleltest linter

* Fix lint issues: gocritic linter
Most changes from this commit are from passing checker.CheckResult by reference and not by value. gocritic identified that as a huge parameter.
gocritic also prefers regexp.MustCompile over Compile when the pattern is a const
 2021-04-19 12:18:34 -07:00
Azeem Shaikh
a58818d258
🌱 : Reduce code duplication for follow-up cron refactoring (#338) 
*  Refactor to reduce code duplication

* 

* Move lib/ back to checker/

* Move lib/ back to checker/

* Move lib/ back to checker/

* Address PR comments.

* Addressing PR comments.

* Avoid printing `ShouldRetry` and `Error` in output JSON.

* Fix JSON output.

Co-authored-by: Azeem Shaikh <azeems@google.com>
 2021-04-10 07:26:56 -05:00
naveen
c2ff48dc59 feat-Reduced GitHub API calls for security check 
Reduced the number of calls to GitHub API from 16 to max of 2 calls.
Utilized tar ball to download and check for the contents of those files.
 2021-02-25 21:55:54 -05:00
Nathan
554ca76bfe Fix - golangci issues gomnd, goconst 
Fixed the golangci issues for gomnd and goconst.
Added ginkgo dependency in the makefile.
 2021-02-17 18:22:18 -05:00
Abhishek Arya
7e98eae46b Allow other accepted variants of security.md case styles. 
Fixes https://github.com/ossf/scorecard/issues/82
 2020-11-27 13:59:07 -08:00
Abhishek Arya
dde26dfceb Update checks for Gerrit use 2020-11-19 07:36:37 -08:00
Jamie Finnigan
879a9e2a0e simplify by using c.Client.Repositories.DownloadContents instead 2020-11-10 09:34:09 -08:00
Jamie Finnigan
d9da174d30 extend Security-Policy check to check default community health files 2020-11-10 08:21:25 -08:00
Dan Lorenc
9f686dc707 Rename repo/modules. 2020-10-27 14:23:48 -05:00
Abhishek Arya
81eab9d2d8
Add license header and code of conduct files. (#34) 
* Add license header and code of conduct files.

* Fill missing field.
 2020-10-26 15:22:13 -05:00
Abhishek Arya
37362b640f Add docs directory for security.md 
Part of doc at
https://docs.github.com/en/free-pro-team@latest/github/managing-security-vulnerabilities/adding-a-security-policy-to-your-repository
 2020-10-16 23:20:46 -07:00
Abhishek Arya
6e5ce52cae
Fix filenames to match check names, remove unneeded repos.txt. (#15) 
* Fix filenames to match check names, remove unneeded repos.txt.

* Fix conflict.

* Minor fix.
 2020-10-16 13:22:28 -05:00