scorecard

mirror of https://github.com/ossf/scorecard.git synced 2024-09-11 00:45:36 +03:00

Author	SHA1	Message	Date
laurentsimon	4bd3391a36	✨ Raw results for Pinned-Dependencies (#1932 ) * backup * update * update * draft * updates * updates * updates * updates * fix * linter * updates * updates * updates * updates * updates * updates * updates * linter * comments * linter * linter * tests * updates * updates * tests	2022-06-06 14:31:22 -07:00
laurentsimon	608da94aaf	✨ Raw results for Packaging check (#1913 ) * update * update * update * update * update * update * update * updates * update * update * update * update * update * update * comments	2022-06-01 16:41:20 +00:00
laurentsimon	0f30f4eec7	✨ Make permission check aware of GH Pages Action (#1902 ) * update * update * update	2022-05-11 20:41:37 -05:00
laurentsimon	74ea0f4266	🐛 Fix .lib false positives in binary artifacts (#1879 ) * ignore printable files * updates * e2e tests * e2e fix * comments	2022-05-03 13:31:51 -07:00
naveensrinivasan	2cb654102d	⚠️ Removing the pass field from result (#1853 ) - Removing the pass field from result - https://github.com/ossf/scorecard/issues/1393 Signed-off-by: naveensrinivasan <172697+naveensrinivasan@users.noreply.github.com>	2022-05-03 11:17:47 -05:00
laurentsimon	05d8c01b1c	🐛 Don't look for secrets in pull_request (#1864 ) * Remove pull_request * updates * updates * linter and e2e	2022-04-26 18:27:29 -07:00
Naveen	44ad5f53ad	⚠️ Removing the error field from result (#1853 ) - Removing the error field from result - https://github.com/ossf/scorecard/issues/1393 Signed-off-by: naveensrinivasan <172697+naveensrinivasan@users.noreply.github.com>	2022-04-22 23:22:43 +00:00
laurentsimon	4d1c531690	✨ Raw results for license (#1790 ) * Raw results for license * tests * tests * e2e fix * comment * fix * linter	2022-04-13 18:20:05 -07:00
laurentsimon	410a145db2	fix (#1837 )	2022-04-13 16:00:19 -07:00
laurentsimon	eedd16d5be	linter	2022-04-12 10:54:38 -05:00
laurentsimon	4b2c677185	fix	2022-04-12 10:54:38 -05:00
laurentsimon	2873c0d58d	e2e for GITHUB_TOKEN	2022-04-12 10:54:38 -05:00
naveensrinivasan	81133363f0	🌱 e2e for pinned_dependencies for localrepoclient - e2e for pinned_dependencies for localrepoclient Signed-off-by: naveensrinivasan <172697+naveensrinivasan@users.noreply.github.com>	2022-04-05 16:15:17 -05:00
naveensrinivasan	b6b5592629	🌱 e2e for dangerous_workflow local repo - e2e for dangerous_workflow for localrepoclient.	2022-04-05 15:21:52 -05:00
naveensrinivasan	e8c633a41b	🌱 e2e tests for security policy localrepo - Included e2e tests for security policy for localrepo client https://github.com/ossf/scorecard/issues/1353 Signed-off-by: naveensrinivasan <172697+naveensrinivasan@users.noreply.github.com>	2022-03-31 16:20:16 -05:00
naveensrinivasan	e5f5deb64e	🌱 e2e tests for local repoclient for permissions - Included e2e tests for local repoclient for permissions. Signed-off-by: naveensrinivasan <172697+naveensrinivasan@users.noreply.github.com>	2022-03-31 14:52:16 -05:00
naveensrinivasan	0644b18898	🌱 e2e for local repoclient license check - e2e for local repoclient for license check. Signed-off-by: naveensrinivasan <172697+naveensrinivasan@users.noreply.github.com>	2022-03-29 14:38:24 -05:00
naveensrinivasan	cacc3e486d	🌱 e2e tests binary artifacts localrepo - e2e tests for binary artifacts check for localrepo Signed-off-by: naveensrinivasan <172697+naveensrinivasan@users.noreply.github.com>	2022-03-29 14:03:12 -05:00
laurentsimon	037a3f3516	✨ Raw result for Maintained check (#1780 ) * draft * draft * raw results for Maintained check * updates * updates * missing files * updates * unit tests * e2e tests * tests * linter * updates	2022-03-29 16:35:42 +00:00
Azeem Shaikh	241b0f4b4d	Mark `License`, `Security-Policy` as commit-based (#1711 ) Co-authored-by: Azeem Shaikh <azeems@google.com>	2022-03-04 11:24:06 -06:00
Azeem Shaikh	cda7a1b1d4	Add tests for graphQL costs (#1643 ) Co-authored-by: Azeem Shaikh <azeems@google.com>	2022-02-15 23:38:23 +00:00
Azeem Shaikh	de5224bbc5	Update e2e tests (#1641 ) Co-authored-by: Azeem Shaikh <azeems@google.com>	2022-02-15 19:27:45 +00:00
laurentsimon	e7fd58d9a3	✨ Check for secrets in pull_request_target (#1634 ) * checks/dangerous_workflow.go: add pull_request_target support for secrets * missing files * linter	2022-02-15 16:04:57 +00:00
Azeem Shaikh	1e488a804f	Fix for repos which do not squash PR commits (#1637 ) Co-authored-by: Azeem Shaikh <azeems@google.com>	2022-02-14 23:33:15 +00:00
Azeem Shaikh	f3332ce129	Add validation for commit-based APIs (#1635 ) Co-authored-by: Azeem Shaikh <azeems@google.com>	2022-02-14 22:24:35 +00:00
Azeem Shaikh	6930c3ab3b	Add support for commit-based Scorecard (#1613 ) Co-authored-by: Azeem Shaikh <azeems@google.com>	2022-02-07 19:03:36 -08:00
laurentsimon	9037444513	✨ Raw data for code review check (#1505 ) * separate code review's eval and check * missing file * add comments * fix * fix * linter * fixes * fix * linter * linter * linter * draft * fixes * fixes * simplify * update date * rem comments * typo * linter * typo * linter	2022-02-02 19:51:38 +00:00
laurentsimon	5f9fff3b20	✨ Separate check from policies for the Vulnerabilities check (#1532 ) * raw vulnerabilities seperation * update year * missing files * tests	2022-01-26 15:45:39 -05:00
Stephen Augustus (he/him)	41adfe7f34	⚠️ log: Initial `logr`/`logrusr` implementation (#1516 ) * log: Initial logr/logrusr implementation Signed-off-by: Stephen Augustus <foo@auggie.dev> * log: Update references to `log.Logger` Signed-off-by: Stephen Augustus <foo@auggie.dev> * go.mod: Minor reorganization of `replace`s ...to prevent automatic updates from getting added to the smaller section. Signed-off-by: Stephen Augustus <foo@auggie.dev>	2022-01-25 11:17:46 -06:00
Stephen Augustus (he/him)	13b78ab010	⚠️ Create a dedicated logging package to encapsulate calls to `zap` (#1502 ) * log: Init log package Creates a wrapper around existing `zap.Logger` to make it easier to replace/extend with scorecard logging. Signed-off-by: Stephen Augustus <foo@auggie.dev> * log: Replace instances of `zap.Logger` with `log.Logger` Signed-off-by: Stephen Augustus <foo@auggie.dev> * log: Add logic to parse `zapcore.Level`s as strings Signed-off-by: Stephen Augustus <foo@auggie.dev> * log: Express log levels Signed-off-by: Stephen Augustus <foo@auggie.dev> * log: Replace instances of `zapcore.Level` with `log.Level` Signed-off-by: Stephen Augustus <foo@auggie.dev> * log: Fixup comments for exported functions Signed-off-by: Stephen Augustus <foo@auggie.dev>	2022-01-20 15:57:39 -08:00
Azeem Shaikh	f2c57d2590	✨ Migrate to v4	2022-01-12 14:12:09 -06:00
laurentsimon	7a91384f8d	✨ Add line numbers for insecure downloads (#1413 ) * add lines for docker files * support for other constructs * other insecure patterns * fixes * fixes * comments	2022-01-06 00:13:53 +00:00
naveen	de39061cc5	🌱 Refactor vulnerabilities client	2022-01-04 13:55:58 -06:00
naveen	c8f15a495e	🌱 Refactor the osv check into a interface Refactor the osv check into a interface for that it can be tested.	2022-01-04 13:55:58 -06:00
laurentsimon	70fa923907	info to debug (#1416 )	2021-12-23 17:27:40 -06:00
laurentsimon	6f21258131	reduce score by 1 (#1404 )	2021-12-21 17:28:31 +00:00
laurentsimon	f2cee41ca9	✨ [RAW]: dependency update tool (#1391 ) * dependency update tool * rename * missing files * add fields * rm field	2021-12-15 17:02:31 +00:00
laurentsimon	b323cded04	🐛 checks.yml not sync'ed with checks.md (#1360 ) * update docs * update * remove file * remove improper commit * fix	2021-12-04 08:56:50 -06:00
laurentsimon	afe55a83c1	🐛 Disable pinning lock file search in repo (#1315 ) * fix * linter * linter * linter * comment	2021-12-04 00:44:09 +00:00
laurentsimon	aed511670f	✨ Cleanup Branch Protection and add e2e tests (#1344 ) * BP cleanup * linnter * e2e fix * linter * linter Co-authored-by: asraa <asraa@google.com>	2021-12-03 21:53:18 +00:00
Nanik	45b5a35020	✨ Add new checking for license file availability (#1178 ) * Add checking logic inside license_check.go * Add test case license_check_test.go * Add check information inside checks.yaml	2021-12-03 09:28:27 -08:00
laurentsimon	8cb4804c28	✨ Update action names (#1346 ) * update action * add schedule * comments * e2e fix	2021-12-03 02:17:00 +00:00
laurentsimon	938c637ee0	rem audio files (#1300 ) Co-authored-by: Naveen <172697+naveensrinivasan@users.noreply.github.com> Co-authored-by: Azeem Shaikh <azeemshaikh38@gmail.com>	2021-12-03 00:54:06 +00:00
laurentsimon	23b0ddb8aa	fix (#1316 )	2021-11-20 05:51:11 +00:00
laurentsimon	fd8731481f	✨ Update score for branch protection with levels (#1287 ) * draft * draft2 * fix * fix * fix * test * linter * comments * comment * update doc * comments	2021-11-20 01:42:21 +00:00
Azeem Shaikh	2375ae2812	Add a OssFuzzRepoClient (#1280 ) Co-authored-by: Azeem Shaikh <azeems@google.com>	2021-11-17 03:04:37 +00:00
Azeem Shaikh	0b32cc3138	Fix broken e2e tests (#1291 ) Co-authored-by: Azeem Shaikh <azeems@google.com>	2021-11-17 02:41:25 +00:00
laurentsimon	86835fcfd6	🐛 Fix branch protection results (#1252 ) * fix * fix * doc * fix * comment * update tests * fix * fixes * fix * disable tests temp * score change * fix * comments * docs	2021-11-16 17:27:27 +00:00
Azeem Shaikh	71e8698617	Add a cron job to copy CII badges data (#1278 ) Co-authored-by: Azeem Shaikh <azeems@google.com>	2021-11-16 04:23:00 +00:00
asraa	1050b1cd60	✨ Add dangerous workflow check with untrusted code checkout pattern (#1168 ) * add dangerous workflow check with untrusted code checkout pattern Signed-off-by: Asra Ali <asraa@google.com> * update Signed-off-by: Asra Ali <asraa@google.com> * add env var Signed-off-by: Asra Ali <asraa@google.com> * fix comment Signed-off-by: Asra Ali <asraa@google.com> * add repos git checks.yaml Signed-off-by: Asra Ali <asraa@google.com> * update checks.md Signed-off-by: Asra Ali <asraa@google.com> * address comments Signed-off-by: Asra Ali <asraa@google.com> * fix merge Signed-off-by: Asra Ali <asraa@google.com> * add delete Signed-off-by: Asra Ali <asraa@google.com> * update docs Signed-off-by: Asra Ali <asraa@google.com> Co-authored-by: Naveen <172697+naveensrinivasan@users.noreply.github.com>	2021-11-15 20:18:10 +00:00

1 2 3

136 Commits