ossf/scorecard
1
1
Fork 0
mirror of https://github.com/ossf/scorecard.git synced 2024-09-17 11:57:12 +03:00
Code Issues Actions 6 Packages Projects Releases Wiki Activity
1,382 Commits 36 Branches 42 Tags 436 MiB
3b7c46f779
Commit Graph

163 Commits

Author SHA1 Message Date
Naveen
4d7fb5d748
🌱 Fix the go.mod with v2 upgrade (#716) 
The go.mod and the related files weren't t updated with the v2 upgrade.

https://github.com/ossf/scorecard/issues/711

This fix will address the issue.
 2021-07-26 13:01:25 -05:00
dependabot[bot]
9b07526776
🌱 Bump golang.org/x/tools from 0.1.4 to 0.1.5 (#691) 
Bumps [golang.org/x/tools](https://github.com/golang/tools) from 0.1.4 to 0.1.5.
- [Release notes](https://github.com/golang/tools/releases)
- [Commits](https://github.com/golang/tools/compare/v0.1.4...v0.1.5)

---
updated-dependencies:
- dependency-name: golang.org/x/tools
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Naveen <172697+naveensrinivasan@users.noreply.github.com>
 2021-07-14 14:50:36 +00:00
naveen
219404e0b7 🌱 Removing gitcache 
Removing gitcache
 2021-07-13 01:03:21 -05:00
dependabot[bot]
1e01a270ec
🌱 Bump cloud.google.com/go/pubsub from 1.12.0 to 1.12.2 (#671) 
Bumps [cloud.google.com/go/pubsub](https://github.com/googleapis/google-cloud-go) from 1.12.0 to 1.12.2.
- [Release notes](https://github.com/googleapis/google-cloud-go/releases)
- [Changelog](https://github.com/googleapis/google-cloud-go/blob/master/CHANGES.md)
- [Commits](https://github.com/googleapis/google-cloud-go/compare/pubsub/v1.12.0...pubsub/v1.12.2)

---
updated-dependencies:
- dependency-name: cloud.google.com/go/pubsub
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Azeem Shaikh <azeemshaikh38@gmail.com>
 2021-07-08 22:25:42 -07:00
dependabot[bot]
2e347ac42b 🌱 Bump github.com/onsi/gomega from 1.13.0 to 1.14.0 
Bumps [github.com/onsi/gomega](https://github.com/onsi/gomega) from 1.13.0 to 1.14.0.
- [Release notes](https://github.com/onsi/gomega/releases)
- [Changelog](https://github.com/onsi/gomega/blob/master/CHANGELOG.md)
- [Commits](https://github.com/onsi/gomega/compare/v1.13.0...v1.14.0)

---
updated-dependencies:
- dependency-name: github.com/onsi/gomega
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
 2021-07-08 20:10:34 -05:00
dependabot[bot]
3181aba22b 🌱 Bump github.com/spf13/cobra from 1.2.0 to 1.2.1 
Bumps [github.com/spf13/cobra](https://github.com/spf13/cobra) from 1.2.0 to 1.2.1.
- [Release notes](https://github.com/spf13/cobra/releases)
- [Changelog](https://github.com/spf13/cobra/blob/master/CHANGELOG.md)
- [Commits](https://github.com/spf13/cobra/compare/v1.2.0...v1.2.1)

---
updated-dependencies:
- dependency-name: github.com/spf13/cobra
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2021-07-05 08:52:24 -05:00
dependabot[bot]
c61a744c1b 🌱 Bump github.com/spf13/cobra from 1.1.3 to 1.2.0 
Bumps [github.com/spf13/cobra](https://github.com/spf13/cobra) from 1.1.3 to 1.2.0.
- [Release notes](https://github.com/spf13/cobra/releases)
- [Changelog](https://github.com/spf13/cobra/blob/master/CHANGELOG.md)
- [Commits](https://github.com/spf13/cobra/compare/v1.1.3...v1.2.0)

---
updated-dependencies:
- dependency-name: github.com/spf13/cobra
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
 2021-07-02 11:27:32 -05:00
dependabot[bot]
ecab8fed52
🌱 Bump cloud.google.com/go/bigquery from 1.18.0 to 1.19.0 (#635) 
Bumps [cloud.google.com/go/bigquery](https://github.com/googleapis/google-cloud-go) from 1.18.0 to 1.19.0.
- [Release notes](https://github.com/googleapis/google-cloud-go/releases)
- [Changelog](https://github.com/googleapis/google-cloud-go/blob/master/CHANGES.md)
- [Commits](https://github.com/googleapis/google-cloud-go/compare/spanner/v1.18.0...spanner/v1.19.0)

---
updated-dependencies:
- dependency-name: cloud.google.com/go/bigquery
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: Azeem Shaikh <azeems@google.com>
 2021-06-30 11:54:01 -07:00
dependabot[bot]
5dd7f118ae
🌱 Bump github.com/golangci/golangci-lint from 1.40.1 to 1.41.1 (#627) 
Bumps [github.com/golangci/golangci-lint](https://github.com/golangci/golangci-lint) from 1.40.1 to 1.41.1.
- [Release notes](https://github.com/golangci/golangci-lint/releases)
- [Changelog](https://github.com/golangci/golangci-lint/blob/master/CHANGELOG.md)
- [Commits](https://github.com/golangci/golangci-lint/compare/v1.40.1...v1.41.1)

---
updated-dependencies:
- dependency-name: github.com/golangci/golangci-lint
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: Azeem Shaikh <azeems@google.com>
Co-authored-by: Azeem Shaikh <azeemshaikh38@gmail.com>
Co-authored-by: Naveen <172697+naveensrinivasan@users.noreply.github.com>
 2021-06-29 10:26:16 -07:00
dependabot[bot]
6a2a1faa6f
🌱 Bump google.golang.org/protobuf from 1.26.0 to 1.27.1 (#624) 
Bumps [google.golang.org/protobuf](https://github.com/protocolbuffers/protobuf-go) from 1.26.0 to 1.27.1.
- [Release notes](https://github.com/protocolbuffers/protobuf-go/releases)
- [Changelog](https://github.com/protocolbuffers/protobuf-go/blob/master/release.bash)
- [Commits](https://github.com/protocolbuffers/protobuf-go/compare/v1.26.0...v1.27.1)

---
updated-dependencies:
- dependency-name: google.golang.org/protobuf
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Azeem Shaikh <azeemshaikh38@gmail.com>
 2021-06-29 08:42:40 -07:00
dependabot[bot]
fd0bb46836
🌱 Bump golang.org/x/tools from 0.1.3 to 0.1.4 (#626) 
Bumps [golang.org/x/tools](https://github.com/golang/tools) from 0.1.3 to 0.1.4.
- [Release notes](https://github.com/golang/tools/releases)
- [Commits](https://github.com/golang/tools/compare/v0.1.3...v0.1.4)

---
updated-dependencies:
- dependency-name: golang.org/x/tools
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Azeem Shaikh <azeemshaikh38@gmail.com>
 2021-06-29 01:23:05 -07:00
dependabot[bot]
c095d6f161
🌱 Bump contrib.go.opencensus.io/exporter/stackdriver (#579) 
Bumps [contrib.go.opencensus.io/exporter/stackdriver](https://github.com/census-ecosystem/opencensus-go-exporter-stackdriver) from 0.13.6 to 0.13.8.
- [Release notes](https://github.com/census-ecosystem/opencensus-go-exporter-stackdriver/releases)
- [Commits](https://github.com/census-ecosystem/opencensus-go-exporter-stackdriver/compare/v0.13.6...v0.13.8)

---
updated-dependencies:
- dependency-name: contrib.go.opencensus.io/exporter/stackdriver
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Azeem Shaikh <azeemshaikh38@gmail.com>
 2021-06-28 21:21:12 -07:00
dependabot[bot]
18b53076d6
🌱 Bump go.uber.org/zap from 1.17.0 to 1.18.1 (#625) 
Bumps [go.uber.org/zap](https://github.com/uber-go/zap) from 1.17.0 to 1.18.1.
- [Release notes](https://github.com/uber-go/zap/releases)
- [Changelog](https://github.com/uber-go/zap/blob/master/CHANGELOG.md)
- [Commits](https://github.com/uber-go/zap/compare/v1.17.0...v1.18.1)

---
updated-dependencies:
- dependency-name: go.uber.org/zap
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Naveen <172697+naveensrinivasan@users.noreply.github.com>
 2021-06-28 18:49:51 -04:00
dependabot[bot]
bf87a7a00a 🌱 Bump cloud.google.com/go/pubsub from 1.11.0 to 1.12.0 
Bumps [cloud.google.com/go/pubsub](https://github.com/googleapis/google-cloud-go) from 1.11.0 to 1.12.0.
- [Release notes](https://github.com/googleapis/google-cloud-go/releases)
- [Changelog](https://github.com/googleapis/google-cloud-go/blob/master/CHANGES.md)
- [Commits](https://github.com/googleapis/google-cloud-go/compare/pubsub/v1.11.0...pubsub/v1.12.0)

---
updated-dependencies:
- dependency-name: cloud.google.com/go/pubsub
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
 2021-06-28 17:08:52 -05:00
naveen
6aefe1b6ac 🌱 Fix broken e2e tests 
* Changed the path for the frozen deps to look for within the
.github/worworkflows path

* Included license check to tools.go

* Removed the hard reference to ginkgo within the integration.yml

* The above fixes will fix the broken tests for scorecard.

Repo: github.com/ossf/scorecard
Frozen-Deps: Fail 10
go modules found: go.mod
!! frozen-deps/fetch-execute - .github/workflows/integration.yml is fetching an non-pinned dependency 'go get github.com/onsi/ginkgo/ginkgo@v1.14.2'
!! frozen-deps/fetch-execute - .github/workflows/main.yml is fetching an non-pinned dependency 'go install github.com/google/addlicense@latest'
 2021-06-28 15:28:10 -05:00
laurentsimon
0ca1ace1f2
Check: detect downloads of scripts/binaries in docker's RUN (#584) 
* commit 1

* commit 2

* commit 3

* updates

* linter

* update year

* cleanup

* linter

* fix test files

* linter

* comments
 2021-06-21 18:45:15 +00:00
Naveen
3e1890fe35
Binary Artifact check (#563) 
* Implemented binary artifact checks
 2021-06-21 15:49:31 +00:00
Azeem Shaikh
09e86518e5
Add all Google-owned repositories to cron job (#555) 
Co-authored-by: Azeem Shaikh <azeems@google.com>
 2021-06-08 16:55:43 -07:00
dependabot[bot]
a6d7c038af
🌱 Bump github.com/onsi/ginkgo from 1.16.2 to 1.16.4 (#537) 
Bumps [github.com/onsi/ginkgo](https://github.com/onsi/ginkgo) from 1.16.2 to 1.16.4.
- [Release notes](https://github.com/onsi/ginkgo/releases)
- [Changelog](https://github.com/onsi/ginkgo/blob/master/CHANGELOG.md)
- [Commits](https://github.com/onsi/ginkgo/compare/v1.16.2...v1.16.4)

---
updated-dependencies:
- dependency-name: github.com/onsi/ginkgo
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Naveen <172697+naveensrinivasan@users.noreply.github.com>
 2021-06-03 23:02:05 -04:00
dependabot[bot]
b839e0426f 🌱 Bump cloud.google.com/go/pubsub from 1.10.3 to 1.11.0 
Bumps [cloud.google.com/go/pubsub](https://github.com/googleapis/google-cloud-go) from 1.10.3 to 1.11.0.
- [Release notes](https://github.com/googleapis/google-cloud-go/releases)
- [Changelog](https://github.com/googleapis/google-cloud-go/blob/master/CHANGES.md)
- [Commits](https://github.com/googleapis/google-cloud-go/compare/pubsub/v1.10.3...pubsub/v1.11.0)

---
updated-dependencies:
- dependency-name: cloud.google.com/go/pubsub
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
 2021-06-03 12:07:47 -04:00
dependabot[bot]
c056718628
🌱 Bump github.com/onsi/gomega from 1.12.0 to 1.13.0 (#515) 
Bumps [github.com/onsi/gomega](https://github.com/onsi/gomega) from 1.12.0 to 1.13.0.
- [Release notes](https://github.com/onsi/gomega/releases)
- [Changelog](https://github.com/onsi/gomega/blob/master/CHANGELOG.md)
- [Commits](https://github.com/onsi/gomega/compare/v1.12.0...v1.13.0)

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Naveen <172697+naveensrinivasan@users.noreply.github.com>
 2021-05-28 12:00:16 -04:00
dependabot[bot]
b7e1f155fc
🌱 Bump cloud.google.com/go/bigquery from 1.8.0 to 1.18.0 (#483) 
Bumps [cloud.google.com/go/bigquery](https://github.com/googleapis/google-cloud-go) from 1.8.0 to 1.18.0.
- [Release notes](https://github.com/googleapis/google-cloud-go/releases)
- [Changelog](https://github.com/googleapis/google-cloud-go/blob/master/CHANGES.md)
- [Commits](https://github.com/googleapis/google-cloud-go/compare/pubsub/v1.8.0...spanner/v1.18.0)

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Naveen <172697+naveensrinivasan@users.noreply.github.com>
 2021-05-26 15:58:21 -04:00
dependabot[bot]
44252d64c8
🌱 Bump go.uber.org/zap from 1.16.0 to 1.17.0 (#509) 
Bumps [go.uber.org/zap](https://github.com/uber-go/zap) from 1.16.0 to 1.17.0.
- [Release notes](https://github.com/uber-go/zap/releases)
- [Changelog](https://github.com/uber-go/zap/blob/master/CHANGELOG.md)
- [Commits](https://github.com/uber-go/zap/compare/v1.16.0...v1.17.0)

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Naveen <172697+naveensrinivasan@users.noreply.github.com>
 2021-05-26 15:11:44 -04:00
dependabot[bot]
7ec85f22ed 🌱 Bump contrib.go.opencensus.io/exporter/stackdriver 
Bumps [contrib.go.opencensus.io/exporter/stackdriver](https://github.com/census-ecosystem/opencensus-go-exporter-stackdriver) from 0.13.4 to 0.13.6.
- [Release notes](https://github.com/census-ecosystem/opencensus-go-exporter-stackdriver/releases)
- [Commits](https://github.com/census-ecosystem/opencensus-go-exporter-stackdriver/compare/v0.13.4...v0.13.6)

Signed-off-by: dependabot[bot] <support@github.com>
 2021-05-26 14:55:28 -04:00
dependabot[bot]
0d469a4533
🌱 Bump gocloud.dev from 0.22.0 to 0.23.0 (#464) 
Bumps [gocloud.dev](https://github.com/google/go-cloud) from 0.22.0 to 0.23.0.
- [Release notes](https://github.com/google/go-cloud/releases)
- [Commits](https://github.com/google/go-cloud/compare/v0.22.0...v0.23.0)

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Naveen <172697+naveensrinivasan@users.noreply.github.com>
 2021-05-26 13:06:23 -04:00
Azeem Shaikh
4584311fc6
Add monitoring to checks (#480) 
Co-authored-by: Azeem Shaikh <azeems@google.com>
 2021-05-20 23:47:49 -07:00
Azeem Shaikh
9453765aa0
Use TRUNCATE to load data into BigQuery (#476) 
Co-authored-by: Azeem Shaikh <azeems@google.com>
 2021-05-19 23:59:40 -07:00
laurentsimon
ee3f290702
Add check for Docker dependency pinning by hash (#469) 
* check pinning in docker files

* Revert "check pinning in docker files"

This reverts commit c05a5007b1.

* check pinning in docker files

* Revert "check pinning in docker files"

This reverts commit c05a5007b1.

* check pinning in docker files

* Revert "check pinning in docker files"

This reverts commit c05a5007b1.

* check pinning in docker files

* Revert "check pinning in docker files"

This reverts commit c05a5007b1.

* check pinning in docker files

* Revert "check pinning in docker files"

This reverts commit c05a5007b1.

* check dependencies pinning in docker files

* check docker files hash pinning

* remove logging

* make keyword matches case-insensitive

* remove log

* update unit tests

* check fix

* check dependencies pinning in docker files

* check docker files hash pinning

* remove logging

* remove log

* check fix

* comment

* linter

* commments

* check pinning in docker files

* Revert "check pinning in docker files"

This reverts commit c05a5007b1.

* check pinning in docker files

* Revert "check pinning in docker files"

This reverts commit c05a5007b1.

* check pinning in docker files

* Revert "check pinning in docker files"

This reverts commit c05a5007b1.

* check dependencies pinning in docker files

* check docker files hash pinning

* check fix

* check dependencies pinning in docker files

* check docker files hash pinning

* remove logging

* make keyword matches case-insensitive

* remove log

* check fix

* comment

* commments

* comments

* check pinning in docker files

* Revert "check pinning in docker files"

This reverts commit c05a5007b1.

* check pinning in docker files

* Revert "check pinning in docker files"

This reverts commit c05a5007b1.

* check pinning in docker files

* Revert "check pinning in docker files"

This reverts commit c05a5007b1.

* check dependencies pinning in docker files

* check docker files hash pinning

* remove logging

* make keyword matches case-insensitive

* check fix

* check dependencies pinning in docker files

* check docker files hash pinning

* check fix

* commments

* comments

* comments

* comments

* update mod

* remove continue keyword

* linter

* linter

* linter

* comments

* cleanup

* linter

* typos

* typos
 2021-05-19 09:46:39 -07:00
Abhishek Arya
5f82d2b9c0
Add checks for workflow action pinning (#466) 
Patch by Laurent Simon <laurentsimon@google.com>

Co-authored-by: Laurent Simon <laurentsimon@google.com>
 2021-05-17 13:03:39 -07:00
Naveen
9281d1ddd9
🌱 Move tool dependencies into go.mod (#460) 
Moved the tool dependencies into go.mod
 2021-05-17 15:20:28 -04:00
Azeem Shaikh
ba3b5c5979
Refactor Makefile and add proto compile support. (#458) 
Co-authored-by: Azeem Shaikh <azeems@google.com>
 2021-05-15 13:58:01 -07:00
Azeem Shaikh
6437c9324f
Setup PubSub framework code. (#428) 
Co-authored-by: Azeem Shaikh <azeems@google.com>
 2021-05-14 14:32:23 -07:00
dependabot[bot]
e326db557b
🌱 Bump github.com/onsi/gomega from 1.11.0 to 1.12.0 (#407) 
Bumps [github.com/onsi/gomega](https://github.com/onsi/gomega) from 1.11.0 to 1.12.0.
- [Release notes](https://github.com/onsi/gomega/releases)
- [Changelog](https://github.com/onsi/gomega/blob/master/CHANGELOG.md)
- [Commits](https://github.com/onsi/gomega/compare/v1.11.0...v1.12.0)

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Naveen <172697+naveensrinivasan@users.noreply.github.com>
 2021-05-09 12:05:53 -04:00
Abhishek Arya
a2d51ead20
🐛Freeze Makefile deps (#404) 
* Freeze Makefile deps

* trigger ci

* Fix build failure.
 2021-05-05 09:55:59 -07:00
dependabot[bot]
9e4ecf0a44 🌱 Bump github.com/onsi/ginkgo from 1.16.1 to 1.16.2 
Bumps [github.com/onsi/ginkgo](https://github.com/onsi/ginkgo) from 1.16.1 to 1.16.2.
- [Release notes](https://github.com/onsi/ginkgo/releases)
- [Changelog](https://github.com/onsi/ginkgo/blob/master/CHANGELOG.md)
- [Commits](https://github.com/onsi/ginkgo/compare/v1.16.1...v1.16.2)

Signed-off-by: dependabot[bot] <support@github.com>
 2021-05-05 07:12:09 -05:00
Azeem Shaikh
d3a59eacff Move Dockerfile.gsutil to inside cron/ 2021-04-27 17:21:53 -05:00
Azeem Shaikh
86a46560c8 Rename CheckResults to Checks to match BQ schema. 2021-04-26 17:45:04 -05:00
Azeem Shaikh
bd3eff1fcf
Cron job uses line-delimited JSON (#344) 
*  Refactor to reduce code duplication

* 

* Move lib/ back to checker/

* Move lib/ back to checker/

* Move lib/ back to checker/

* Address PR comments.

* Addressing PR comments.

* Separate out ReposURL nito repos/

* Add TODO in gitcache module.

* Add RepoRequest/Response types.

* Avoid printing `ShouldRetry` and `Error` in output JSON.

* Fix JSON output.

* Simplify cmd package.

* Make cron/ a package instead of module.

* Fix TODO.

* Remove binary file.

* go.mod file.

* go.mod updates.

* Refactor cron to use in-memory JSON.

* Fix JSON output.

* Fix go.mod

* Address PR comments.

* Change %w -> %v.

* Address PR comments.

* Fix err.

Co-authored-by: Azeem Shaikh <azeems@google.com>
 2021-04-19 12:49:51 -07:00
Azeem Shaikh
a58818d258
🌱 : Reduce code duplication for follow-up cron refactoring (#338) 
*  Refactor to reduce code duplication

* 

* Move lib/ back to checker/

* Move lib/ back to checker/

* Move lib/ back to checker/

* Address PR comments.

* Addressing PR comments.

* Avoid printing `ShouldRetry` and `Error` in output JSON.

* Fix JSON output.

Co-authored-by: Azeem Shaikh <azeems@google.com>
 2021-04-10 07:26:56 -05:00
dependabot[bot]
fc0eac922a Bump github.com/onsi/ginkgo from 1.16.0 to 1.16.1 
Bumps [github.com/onsi/ginkgo](https://github.com/onsi/ginkgo) from 1.16.0 to 1.16.1.
- [Release notes](https://github.com/onsi/ginkgo/releases)
- [Changelog](https://github.com/onsi/ginkgo/blob/master/CHANGELOG.md)
- [Commits](https://github.com/onsi/ginkgo/compare/v1.16.0...v1.16.1)

Signed-off-by: dependabot[bot] <support@github.com>
 2021-04-08 09:27:08 -05:00
dependabot[bot]
e0cd796b7f Bump github.com/onsi/ginkgo from 1.15.2 to 1.16.0 
Bumps [github.com/onsi/ginkgo](https://github.com/onsi/ginkgo) from 1.15.2 to 1.16.0.
- [Release notes](https://github.com/onsi/ginkgo/releases)
- [Changelog](https://github.com/onsi/ginkgo/blob/master/CHANGELOG.md)
- [Commits](https://github.com/onsi/ginkgo/compare/v1.15.2...v1.16.0)

Signed-off-by: dependabot[bot] <support@github.com>
 2021-04-05 12:12:04 -05:00
dependabot[bot]
8333f1e328 Bump github.com/onsi/ginkgo from 1.15.1 to 1.15.2 
Bumps [github.com/onsi/ginkgo](https://github.com/onsi/ginkgo) from 1.15.1 to 1.15.2.
- [Release notes](https://github.com/onsi/ginkgo/releases)
- [Changelog](https://github.com/onsi/ginkgo/blob/master/CHANGELOG.md)
- [Commits](https://github.com/onsi/ginkgo/compare/v1.15.1...v1.15.2)

Signed-off-by: dependabot[bot] <support@github.com>
 2021-03-17 15:18:13 -04:00
naveen
6e8018cf8f chore - Upgrade ginkgo and goomega dependencies 
Upgrade version for ginkgo and goomega dependencies.
 2021-03-10 09:08:31 -05:00
Naveen
b4c2e4fd13
feat - migrate to go 1.16 (#233) 
Upgrade to go version 1.16
 2021-03-03 18:56:29 +00:00
Abhishek Arya
a44dd6a758
Add pypi and ruby gems package support. (#226) 
Adds some more package managers to
https://github.com/ossf/scorecard/issues/33

Co-authored-by: Naveen <172697+naveensrinivasan@users.noreply.github.com>
 2021-03-01 11:21:20 -05:00
naveen
6f2a0f43f4 Fix - Output path for the test runs 2021-02-25 15:59:39 -05:00
naveen
cab29a2747 Feat- Use cloud buckets for caching 
Use cloud buckets for httpcache.

The implementation uses https://github.com/google/go-cloud for it to be
cloud vendor agnostic.
 2021-02-24 11:17:50 -05:00
Naveen
db81680172
Feat-Implement httpcache middleware for GitHub API (#203) 
The GitHub API supports conditional requests
https://docs.github.com/en/rest/overview/resources-in-the-rest-api#conditional-requests

https://github.com/google/go-github supports Conditional requests
https://github.com/google/go-github#conditional-requests

As we are scaling more and more projects this would add a lot of value.

Initial run fetches information using `httpcache` as a middleware,
which caches the HTTP response initially in a large disk (PVC),
probably move to Redis later as a cache instead of disk.

Subsequent `cron runs` will utilize the `httpcache` for checking content modification and
load it from the cache if it isn't modified, which reduces the hitting the
Rate Limit of the GitHub API.
 2021-02-22 17:18:28 +00:00
dependabot[bot]
2c23a47857 Bump github.com/spf13/cobra from 1.1.2 to 1.1.3 
Bumps [github.com/spf13/cobra](https://github.com/spf13/cobra) from 1.1.2 to 1.1.3.
- [Release notes](https://github.com/spf13/cobra/releases)
- [Changelog](https://github.com/spf13/cobra/blob/master/CHANGELOG.md)
- [Commits](https://github.com/spf13/cobra/compare/v1.1.2...v1.1.3)

Signed-off-by: dependabot[bot] <support@github.com>
 2021-02-11 11:15:34 -05:00
dependabot[bot]
7ef0cf9c55
Bump github.com/spf13/cobra from 1.1.1 to 1.1.2 (#154) 
Bumps [github.com/spf13/cobra](https://github.com/spf13/cobra) from 1.1.1 to 1.1.2.
- [Release notes](https://github.com/spf13/cobra/releases)
- [Changelog](https://github.com/spf13/cobra/blob/master/CHANGELOG.md)
- [Commits](https://github.com/spf13/cobra/compare/v1.1.1...v1.1.2)

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2021-02-09 22:58:55 -08:00
dependabot[bot]
038e3b65c1 Bump github.com/onsi/gomega from 1.10.4 to 1.10.5 
Bumps [github.com/onsi/gomega](https://github.com/onsi/gomega) from 1.10.4 to 1.10.5.
- [Release notes](https://github.com/onsi/gomega/releases)
- [Changelog](https://github.com/onsi/gomega/blob/master/CHANGELOG.md)
- [Commits](https://github.com/onsi/gomega/compare/v1.10.4...v1.10.5)

Signed-off-by: dependabot[bot] <support@github.com>
 2021-02-02 09:18:34 -05:00
dependabot[bot]
717701bd61 Bump github.com/onsi/ginkgo from 1.14.2 to 1.15.0 
Bumps [github.com/onsi/ginkgo](https://github.com/onsi/ginkgo) from 1.14.2 to 1.15.0.
- [Release notes](https://github.com/onsi/ginkgo/releases)
- [Changelog](https://github.com/onsi/ginkgo/blob/master/CHANGELOG.md)
- [Commits](https://github.com/onsi/ginkgo/compare/v1.14.2...v1.15.0)

Signed-off-by: dependabot[bot] <support@github.com>
 2021-02-02 09:13:35 -05:00
Abhishek Arya
b278475af0 Fix CodeQL failure. 2021-01-15 13:44:52 -05:00
Abhishek Arya
5b7ddc55ab Add e2e test. 2021-01-15 13:44:52 -05:00
Naveen
f77da7783b
feat-e2e tests for signed tags and signed releases (#115) 
Implemented e2e tests using ginkgo for validating signed tags and signed
releases.

ginkgo is utilized as a standard BDD testing framework in other
projects like kubebuilder.
 2021-01-01 14:36:31 -06:00
naveen
fd3a2a87b9 fix - URL with trailing slash 
Fixes the URL with trailing slash.
Changed the URL parsing to net package implementation.
Included tests for URL parsing.
 2020-12-21 15:16:32 -05:00
dlorenc
24fa4cca5e
Add support for and hookup app based authentication for higher rate limiting. (#69) 
This also configures it in our nightly cron cluster.
 2020-11-13 11:06:46 -06:00
dlorenc
45286f140c
Add a script to output in csv that can be run daily. (#56) 2020-11-10 13:25:57 -06:00
Dan Lorenc
a8e06bdefb Update deps. 2020-11-06 15:29:27 -06:00
dlorenc
fd188f5263
Use the GraphQL API to retrieve the list of tags in signed-tags. (#45) 2020-11-06 15:28:26 -06:00
dlorenc
49fba38c8b
Use Cobra CLI library, reorganize a bit. (#22) 2020-10-18 18:49:51 -05:00
Dan Lorenc
c9596cd09d Add better logging. 2020-10-13 11:29:29 -05:00
Dan Lorenc
3ee3c748e9 Initial commit. 2020-10-09 10:08:43 -05:00