ossf/scorecard
1
1
Fork 0
mirror of https://github.com/ossf/scorecard.git synced 2024-09-17 11:57:12 +03:00
Code Issues Actions 6 Packages Projects Releases Wiki Activity
1,382 Commits 36 Branches 42 Tags 436 MiB
3b7c46f779
Commit Graph

136 Commits

Author SHA1 Message Date
Azeem Shaikh
72e20a076c
Add repoClient.Close for all e2e tests (#1265) 
Co-authored-by: Azeem Shaikh <azeems@google.com>
 2021-11-15 14:53:01 +11:00
Azeem Shaikh
6223b6620a
Add CIIClient interface (#1262) 
Co-authored-by: Azeem Shaikh <azeems@google.com>
 2021-11-15 02:46:41 +00:00
Azeem Shaikh
51de6b6e5d
Check for issue activity in Maintained (#1251) 
Co-authored-by: Azeem Shaikh <azeems@google.com>
 2021-11-12 22:16:22 +00:00
Eng Zer Jun
177502552a
🌱 Move from io/ioutil to io and os packages (#1250) 
The io/ioutil package has been deprecated as of Go 1.16, see
https://golang.org/doc/go1.16#ioutil. This commit replaces the existing
io/ioutil functions with their new definitions in io and os packages.

Signed-off-by: Eng Zer Jun <zerjun@eta-hd.com>

Co-authored-by: laurentsimon <64505099+laurentsimon@users.noreply.github.com>
 2021-11-12 19:34:46 +00:00
naveen
257d99e1c6 🌱 Fixed the failing tests 
The failing tests couldn't be fixed before because the code wasn't up to
date in the last PR.
 2021-11-02 12:03:30 -05:00
Oliver Chang
d3796f29b1
Add ClusterFuzzLite to Fuzzing check. (#1166) 
* Add ClusterFuzzLite to Fuzzing check.

Check for the existence of ".clusterfuzzlite/Dockerfile".

Fixes #1148.

* comment

Co-authored-by: Naveen <172697+naveensrinivasan@users.noreply.github.com>
 2021-10-29 22:33:17 -07:00
naveen
a53245a9fc 🐛 Fix broken e2e tests for Binary Artifacts 
Fixed the broken e2e tests for Binary artifacts.
 2021-10-29 17:39:37 -05:00
naveen
aa634bd251 🌱 Fixes the broken e2e 
Fixes for broken e2e
 2021-10-26 20:11:21 -05:00
Naveen
6c1c789dc5
🌱 v3 upgrade changes (#1118) 
v3 go.mod changes
 2021-10-07 18:16:01 -05:00
Azeem Shaikh
bc37c74b28
Remove Owner/Repo strings from CheckRequest (#997) 
Co-authored-by: Azeem Shaikh <azeems@google.com>
 2021-09-10 10:13:14 -07:00
neil465
5476b878bd
Removed unnecessary linters (#969) 
* gomnd
* prealloc
* dupl
 2021-09-07 10:45:12 -04:00
Azeem Shaikh
afe5b40567
Make RepoClient as default interface for Scorecard (#951) 
Co-authored-by: Azeem Shaikh <azeems@google.com>
 2021-09-02 02:32:26 +00:00
Azeem Shaikh
9a1978a051
Use RefUpdateRule in BranchProtection check (#936) 
Co-authored-by: Azeem Shaikh <azeems@google.com>
 2021-08-30 23:14:42 +00:00
Azeem Shaikh
d9f5209803
Update test utils (#933) 
Co-authored-by: Azeem Shaikh <azeems@google.com>
 2021-08-30 14:12:57 -07:00
laurentsimon
9eb7929ebc
🐛 Address friction logs' comments (#899) 
* fixes

* fix

* fix

* fixes

* doc

* missing file

* fixes

* comments

* typo
 2021-08-25 21:02:23 +00:00
Azeem Shaikh
42ee430332
Use RepoClient API for Fuzzing (#855) 
Co-authored-by: Azeem Shaikh <azeems@google.com>
 2021-08-14 00:34:40 +00:00
Azeem Shaikh
4c585f2e5f
Fix nil pointer bug (#856) 
Co-authored-by: Azeem Shaikh <azeems@google.com>
 2021-08-13 23:42:03 +00:00
Azeem Shaikh
8baaaa4cf8
Use RepoClient API for Contributors check (#854) 
Co-authored-by: Azeem Shaikh <azeems@google.com>
 2021-08-13 18:13:43 +00:00
Azeem Shaikh
b7ddc9ac93
Update go-github version for consistency (#852) 
Co-authored-by: Azeem Shaikh <azeems@google.com>
 2021-08-13 00:43:22 +00:00
Azeem Shaikh
d4701c4a4e
Delete Signed-Tags check from Scorecard (#851) 
Co-authored-by: Azeem Shaikh <azeems@google.com>
 2021-08-12 22:26:50 +00:00
Azeem Shaikh
3f9431d08c
Update SignedReleases to use RepoClient API (#844) 
Co-authored-by: Azeem Shaikh <azeems@google.com>
 2021-08-12 20:46:06 +00:00
asraa
cc312f2d1d
feature: branch protection without admin token (#823) 
* branch protection without admin permission

Signed-off-by: Asra Ali <asraa@google.com>

* handle other errors

Signed-off-by: Asra Ali <asraa@google.com>

* fix lint

Signed-off-by: Asra Ali <asraa@google.com>

Co-authored-by: Naveen <172697+naveensrinivasan@users.noreply.github.com>
 2021-08-12 15:54:28 +00:00
Azeem Shaikh
eeb563be10
Update SAST and CITest with Repoclient API (#842) 
Co-authored-by: Azeem Shaikh <azeems@google.com>
 2021-08-12 08:27:48 +10:00
laurentsimon
d821ea27ec
improve token permission (#811) 
* sarif action

* update
 2021-08-05 17:10:34 +00:00
laurentsimon
e4f3ede843
fix/enhance pinned-dependencies (#806) 
* commit

* e2e tests

* typo
 2021-08-03 23:32:34 +00:00
Naveen
254f316ce5
🌱 Fix the e2e fixes for signedtags (#805) 2021-08-03 16:02:06 +00:00
naveen
f2b4d07c33 🌱 Updated e2e signed releases 
Updated the e2e signed releases to the new repository.
 2021-08-03 09:05:16 -05:00
laurentsimon
b2b37161f3
Improve token permission check (#800) 
* draft

* draft 2

* draft3

* fix e2e

* comment

* comment

* check codeql

* missing files

* comments

* nit

* update msg

* msg

* nit

* nit

* msg

* e2e

* update doc
 2021-08-03 00:56:45 +00:00
Azeem Shaikh
30bb11965a
Update Packaging check to use new APIs (#796) 
Co-authored-by: Azeem Shaikh <azeems@google.com>
 2021-08-02 17:17:38 +00:00
naveen
33a63ff6b9 🌱 Fixed the failing lint check 2021-08-01 10:57:22 -05:00
Oliver Chang
7c2117342c fix tests 2021-08-01 10:57:22 -05:00
Oliver Chang
cf9c860441 Replace personal test repo with ossf-tests repo. 2021-08-01 10:57:22 -05:00
laurentsimon
29594d4294
change signature of FileIfExist and FileContent (#787) 
* draft

* add pinning

* remove functions

* typo

* commment

* name
 2021-07-30 15:09:52 +00:00
laurentsimon
b35cbdcdcf
Make Branch-Protection score more granular (#777) 
* commit

* uni tests

* full score

* typos

* update msg

* remove function

* comments

* linter

* comments
 2021-07-30 01:54:19 +00:00
laurentsimon
c48fe4f9ed
Make Token-Permission check more granular (#773) 
* draft

* add tests

* add e2e2 tests

* typos

* typo

* fixes

* linter

* use named value

* comments

* comment
 2021-07-30 00:13:01 +00:00
Azeem Shaikh
1d1e799f84
Add ListCommits and IsArchived API (#772) 
Co-authored-by: Azeem Shaikh <azeems@google.com>
 2021-07-29 14:18:58 -07:00
Azeem Shaikh
1e6d99eb20
Remove PullRequest check (#771) 
Co-authored-by: Azeem Shaikh <azeems@google.com>
 2021-07-29 20:58:36 +00:00
Azeem Shaikh
df89767c35
Fix bug in SecurityPolicy (#761) 
Co-authored-by: Azeem Shaikh <azeems@google.com>
 2021-07-29 20:09:56 +00:00
laurentsimon
8432a82bc4
Add e2e tests using dedicated repo for pinned-dependencies check (#766) 
* fix

* e2e

* add e2e test from dedicated repo

* e2e update

* linter

* merge
 2021-07-29 11:55:25 -07:00
laurentsimon
9edfe2a292
rename Frozen-Deps to Pinned-Dependencies (#765) 
* fix

* more tests

* e2e

* comments

* change name

* linnter

* rename

* lint
 2021-07-27 16:32:24 -07:00
laurentsimon
a004ffb107
cleanup Frozen-Deps MakeResultAnd (#742) 
* draft

* fixes

* commi 1

* delete file

* clean

* clean 2

* linter

* fix score

* handle err

* in-proress score

* fixes
 2021-07-26 22:02:46 +00:00
Naveen
4d7fb5d748
🌱 Fix the go.mod with v2 upgrade (#716) 
The go.mod and the related files weren't t updated with the v2 upgrade.

https://github.com/ossf/scorecard/issues/711

This fix will address the issue.
 2021-07-26 13:01:25 -05:00
Naveen
67d0eb0bf2
🌱 Fix the broken e2e tests (#751) 
Fixed the broken tests that was looking for specific number of debug
messages
 2021-07-26 12:23:15 -04:00
Azeem Shaikh
7c133bc767
Create APIs for MergedPRs and DefaultBranch (#745) 
Co-authored-by: Azeem Shaikh <azeems@google.com>
 2021-07-25 17:37:14 -07:00
laurentsimon
37d13c2972
Code-Review cleanup (#740) 
* sast cleanup

* code-review cleanup

* typo

* merge fix
 2021-07-22 23:12:53 +00:00
Azeem Shaikh
a1502dd51a
Add e2e release tests for cron job (#734) 
Co-authored-by: Azeem Shaikh <azeems@google.com>
 2021-07-22 14:16:10 -07:00
laurentsimon
a34e326151
sast cleanup (#739) 
* sast cleanup

* comments
 2021-07-22 18:03:31 +00:00
laurentsimon
89c8e2af31
[migration to score] 7: CI-Test, CII Best practices, security policy file (#733) 
* ci, cii, sec file

* linter

* check doc

* typo

* fix

* comments

* linter

* fix sast

* fix score calc
 2021-07-22 15:37:31 +00:00
laurentsimon
ae33db624e
[migration to score] 6: signed tags, signed release, PR, fuzzing (#732) 
* yaml file

* sort checks

* comments

* signed tags

* signed release, PR, fuzzing

* typo
 2021-07-21 18:10:47 -07:00
laurentsimon
53c056081b
[migration to score] 5: contributors, vulnerabilities, packaging and sast (#729) 
* contributors

* packaging

* vulnerabilities

* fix errors

* err

* errors
 2021-07-21 13:40:16 -07:00
laurentsimon
6f203e73b6
[migration to score] 4: active, fuzzing and code-review (#721) 
* details-1

* nits

* typo

* commments

* dependabot and binary artifacts checks

* typo

* linter

* missing errors.go

* linter

* merge fix

* active, fuzzing and code review checks

* e2e tests for fuzzing

* fixes
 2021-07-21 09:40:40 -07:00
laurentsimon
c741335683
[migration to score] 3: branch protection, frozen-deps, token permissions (#719) 
* details-1

* nits

* typo

* commments

* dependabot and binary artifacts checks

* typo

* linter

* missing errors.go

* linter

* merge fix

* branch protection, frozen-deps, token permissions

* linter

* linter
 2021-07-21 09:21:43 -07:00
laurentsimon
5e634c8945
[migration to score] 2: dependabot and binary artifact checks (#718) 
* details-1

* nits

* typo

* commments

* dependabot and binary artifacts checks

* typo

* linter

* missing errors.go

* linter

* merge fix

* dates
 2021-07-21 09:02:43 -07:00
Naveen
ca4f963eb7
🌱 Fix failing e2e tests (#696) 
The packaging docker image for scorecard has been removed from github
workflow to gcr.io.

This was causing the e2e check failing.

This fix will remove that check and address the failing e2e.
 2021-07-16 08:38:53 -07:00
naveen
219404e0b7 🌱 Removing gitcache 
Removing gitcache
 2021-07-13 01:03:21 -05:00
naveen
aeead94680 Included security.rst as SecurityPolicy 
* Included security.rst as name check for security policy.
 2021-07-04 16:18:51 -05:00
Oliver Chang
34621504fb
Add a Vulnerabilities check. (#628) 
Uses OSV to check this.

Fixes #52.
 2021-06-29 03:09:40 +00:00
laurentsimon
1829ee7600
🐛 Fix for e2e failures (#598) 
* draft

* fixes

* linter

* disable parallel

* comments

* commments

* linter
 2021-06-22 10:55:59 -07:00
Naveen
d00dd9c309
Automatic dependency update checks (#322) 
* Checks if the dependencies are automatically updated.
 2021-06-04 14:35:06 +00:00
Azeem Shaikh
030bc90932
Remove daily cron job from codebase (#530) 
Co-authored-by: Azeem Shaikh <azeems@google.com>
 2021-06-02 14:27:09 -07:00
Chris McGehee
61ecad3151
Add new linter: gci (#498) 2021-05-23 20:51:52 -07:00
Chris McGehee
587f41117b Fix lint issues: dupl linter 2021-05-23 11:49:33 -05:00
Abhishek Arya
5f82d2b9c0
Add checks for workflow action pinning (#466) 
Patch by Laurent Simon <laurentsimon@google.com>

Co-authored-by: Laurent Simon <laurentsimon@google.com>
 2021-05-17 13:03:39 -07:00
Chris McGehee
727bb58911
🌱 Fix lint issues: govet linter (#395) 
* Fix lint issues: govet linter
The fieldalignment analyzer informs you when structs would take up less
memory with their fields reordered.

* CheckResult.Details was not omitted as intended
Found by govet linter

* Removing possible breaking change

Co-authored-by: Naveen <172697+naveensrinivasan@users.noreply.github.com>
Co-authored-by: Azeem Shaikh <azeemshaikh38@gmail.com>
 2021-05-11 06:52:52 -07:00
Chris McGehee
0e15d65a0c Fix lint issues: dupl linter 2021-05-08 21:55:14 -05:00
Chris McGehee
6a7142fe21 Fix lint issues: golint linter 2021-05-02 14:49:40 -05:00
Chris McGehee
8402e6d9d0 Fix lint issues: gofumpt linter 2021-05-02 13:18:19 -05:00
naveen
360d6b8381 🌱 e2e tests for cronjob 
* Implemented basic e2e tests for cornjob
 2021-05-01 16:07:26 -05:00
Chris McGehee
06993b72ce
🐛 Fix linting issues (1 of n) (#348) 
* Fix lint issues: whitespace linter

* Fix lint issues: wrapcheck linter

* Fix lint issues: errcheck linter

* Fix lint issues: paralleltest linter

* Fix lint issues: gocritic linter
Most changes from this commit are from passing checker.CheckResult by reference and not by value. gocritic identified that as a huge parameter.
gocritic also prefers regexp.MustCompile over Compile when the pattern is a const
 2021-04-19 12:18:34 -07:00
Azeem Shaikh
a58818d258
🌱 : Reduce code duplication for follow-up cron refactoring (#338) 
*  Refactor to reduce code duplication

* 

* Move lib/ back to checker/

* Move lib/ back to checker/

* Move lib/ back to checker/

* Address PR comments.

* Addressing PR comments.

* Avoid printing `ShouldRetry` and `Error` in output JSON.

* Fix JSON output.

Co-authored-by: Azeem Shaikh <azeems@google.com>
 2021-04-10 07:26:56 -05:00
nathannaveen
f5185e4bd6 🌱 included copyright headers. 2021-04-01 21:36:10 -05:00
naveen
2978ae550a Fix - signed-tags e2e tests. 
The signed tags e2e tests were failing because apache/airflow pushed
tags without signing.

Changed from apache/airflow to bitcoin/bitcoin.
 2021-03-11 10:59:03 -05:00
naveen
7b192a0243 feat - Included tests for disk cache 
Included tests for disk cache.
Cleaned up tests.
 2021-02-26 15:46:21 -05:00
naveen
6f2a0f43f4 Fix - Output path for the test runs 2021-02-25 15:59:39 -05:00
naveen
cab29a2747 Feat- Use cloud buckets for caching 
Use cloud buckets for httpcache.

The implementation uses https://github.com/google/go-cloud for it to be
cloud vendor agnostic.
 2021-02-24 11:17:50 -05:00
naveen
7726ca7987 Feature - Include metadata in the results 
Included metadata that can be passed an argument to the command line.
The same metadata will returned the `json` results.
 2021-02-22 19:23:46 -05:00
naveen
e94e53965e Fix - Changes to reflect the scorecard score 
The score of the scorecard is improving with signed-release and updating
the tests to reflect that.
 2021-02-17 20:40:58 -05:00
Abhishek Arya
fc251d9d42 Add security policy to e2e test. 2021-02-14 12:50:24 -05:00
naveen
af2132e927 Fix- e2e tests to include the executable 
Included e2e tests for the executable with JSON
 2021-02-14 11:46:17 -05:00
Naveen
30d69310c6
Fix - Organization checks for members (#170) 
* Fix - Organization checks for members

* Fix - Turn off automatic releasenotes generation

Turn off automatic release notes for CII https://bestpractices.coreinfrastructure.org/

* Fix - Organization checks for members
 2021-02-14 10:46:14 -05:00
naveen
4bdc158018 Fix - packging workflow for docker push 2021-02-12 21:16:44 -05:00
naveen
93373f7787 Fixes - Incorrect result for branch protection 2021-01-26 18:39:12 -05:00
Abhishek Arya
c00aa4b606 Add e2e tests for remaining checks. 2021-01-15 15:24:04 -05:00
Abhishek Arya
5b7ddc55ab Add e2e test. 2021-01-15 13:44:52 -05:00
naveen
c4c99cd676 feature - Included the e2e into the PR workflows 
Validated the presence of the GITHU_AUTH_TOKEN variable presence before running the e2e.

Update the contributing doc with scopes of the personal access token.

Updated the workflow to include the e2e tests.
 2021-01-13 13:04:22 -05:00
Naveen
f77da7783b
feat-e2e tests for signed tags and signed releases (#115) 
Implemented e2e tests using ginkgo for validating signed tags and signed
releases.

ginkgo is utilized as a standard BDD testing framework in other
projects like kubebuilder.
 2021-01-01 14:36:31 -06:00