Aiden Wang
3e2c0fa1f8
✨ Update message for org-level security policy files ( #1939 )
...
* modified checks/evaluation/security_policy.go (issue #1908 )
* issue #1908 fixing temp save 05202022
* issue #1908 bug fixes
* debug comments deletion
* minor midifications
* temp save 0524-1
* temp save 0524-2
* bug fix #1908
* bug fix #1908 (2)
* bug fix #1908 (3)
* #1908
* merge from upstream/main & minor changes
* minor changes -2
* Update security_policy.go
* Update security_policy.go
* Update security_policy.go (linter error fix)
Co-authored-by: Aiden Wang <aidenwang@google.com>
Co-authored-by: laurentsimon <64505099+laurentsimon@users.noreply.github.com>
2022-05-26 15:22:30 +00:00
Azeem Shaikh
d1714a289a
Move the cron job to internal package ( #1960 )
...
Co-authored-by: Azeem Shaikh <azeems@google.com>
2022-05-25 15:37:22 -07:00
Azeem Shaikh
6a21afb410
Fix bug in cron setup ( #1959 )
...
Co-authored-by: Azeem Shaikh <azeems@google.com>
2022-05-25 20:46:50 +00:00
dependabot[bot]
950ff1f9e8
🌱 Bump mvdan.cc/sh/v3 from 3.5.0 to 3.5.1
...
Bumps [mvdan.cc/sh/v3](https://github.com/mvdan/sh ) from 3.5.0 to 3.5.1.
- [Release notes](https://github.com/mvdan/sh/releases )
- [Changelog](https://github.com/mvdan/sh/blob/master/CHANGELOG.md )
- [Commits](https://github.com/mvdan/sh/compare/v3.5.0...v3.5.1 )
---
updated-dependencies:
- dependency-name: mvdan.cc/sh/v3
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
2022-05-25 18:50:29 +00:00
Azeem Shaikh
25c7e1c7f2
Replace checker.Commit with clients.Commit ( #1950 )
...
Co-authored-by: Azeem Shaikh <azeems@google.com>
2022-05-24 23:11:37 +00:00
Azeem Shaikh
96fac8a941
Replace checker.Vuln with clients.Vuln ( #1955 )
...
Co-authored-by: Azeem Shaikh <azeems@google.com>
2022-05-24 20:15:37 +00:00
Azeem Shaikh
edd371cf7d
Replace checker.BP with clients.BP ( #1953 )
...
Co-authored-by: Azeem Shaikh <azeems@google.com>
2022-05-24 12:34:07 -07:00
dependabot[bot]
d5e755cb08
🌱 Bump actions/dependency-review-action from 1.0.1 to 1.0.2
...
Bumps [actions/dependency-review-action](https://github.com/actions/dependency-review-action ) from 1.0.1 to 1.0.2.
- [Release notes](https://github.com/actions/dependency-review-action/releases )
- [Commits](39e692fa32...a9c83d3af6
2022-05-24 13:54:08 +00:00
Azeem Shaikh
4b655b45ce
Replace checker.Webhook with clients.Webhook ( #1948 )
...
Co-authored-by: Azeem Shaikh <azeems@google.com>
2022-05-24 02:47:12 +00:00
Azeem Shaikh
9a2a4f16bd
Replace checker.Release with clients.Release ( #1946 )
...
Co-authored-by: Azeem Shaikh <azeems@google.com>
2022-05-24 02:05:02 +00:00
Azeem Shaikh
33e3106320
Replace checker.Issue with clients.Issue ( #1944 )
...
Co-authored-by: Azeem Shaikh <azeems@google.com>
2022-05-24 01:07:25 +00:00
laurentsimon
720a049464
updates ( #1947 )
2022-05-23 21:24:39 +00:00
Azeem Shaikh
1a2f08827f
Replace checker.CIIBadge with clients.CIIBadge ( #1945 )
...
Co-authored-by: Azeem Shaikh <azeems@google.com>
2022-05-23 20:30:56 +00:00
dependabot[bot]
108f88d056
🌱 Bump actions/upload-artifact from 3.0.0 to 3.1.0 ( #1941 )
...
Bumps [actions/upload-artifact](https://github.com/actions/upload-artifact ) from 3.0.0 to 3.1.0.
- [Release notes](https://github.com/actions/upload-artifact/releases )
- [Commits](6673cd052c...3cea537223
2022-05-23 06:41:30 -05:00
Vihang Mehta
7ac81a334f
🐛 Fix debug log for Piper ( #1937 )
...
Signed-off-by: Vihang Mehta <vihang@pixielabs.ai>
2022-05-22 23:41:45 +00:00
dependabot[bot]
61f24c053e
🌱 Bump github.com/golangci/golangci-lint in /tools ( #1924 )
...
Bumps [github.com/golangci/golangci-lint](https://github.com/golangci/golangci-lint ) from 1.46.0 to 1.46.2.
- [Release notes](https://github.com/golangci/golangci-lint/releases )
- [Changelog](https://github.com/golangci/golangci-lint/blob/master/CHANGELOG.md )
- [Commits](https://github.com/golangci/golangci-lint/compare/v1.46.0...v1.46.2 )
---
updated-dependencies:
- dependency-name: github.com/golangci/golangci-lint
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-05-22 14:53:42 +00:00
dependabot[bot]
2d72623a6c
🌱 Bump github.com/rhysd/actionlint from 1.6.12 to 1.6.13
...
Bumps [github.com/rhysd/actionlint](https://github.com/rhysd/actionlint ) from 1.6.12 to 1.6.13.
- [Release notes](https://github.com/rhysd/actionlint/releases )
- [Changelog](https://github.com/rhysd/actionlint/blob/main/CHANGELOG.md )
- [Commits](https://github.com/rhysd/actionlint/compare/v1.6.12...v1.6.13 )
---
updated-dependencies:
- dependency-name: github.com/rhysd/actionlint
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
2022-05-22 13:49:42 +00:00
dependabot[bot]
7e4cd514fc
🌱 Bump distroless/base in /cron/controller ( #1929 )
...
Bumps distroless/base from `764b74b` to `d65ac1a`.
---
updated-dependencies:
- dependency-name: distroless/base
dependency-type: direct:production
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-05-22 12:55:12 +00:00
laurentsimon
2fc48e3b38
✨ Use Tool for raw fuzzing results ( #1935 )
...
* updates
* updates
2022-05-21 01:43:09 +00:00
laurentsimon
af7f865b9d
update ( #1926 )
2022-05-20 15:59:53 +00:00
dependabot[bot]
399d9974e4
🌱 Bump distroless/base from 764b74b to d65ac1a
...
Bumps distroless/base from `764b74b` to `d65ac1a`.
---
updated-dependencies:
- dependency-name: distroless/base
dependency-type: direct:production
...
Signed-off-by: dependabot[bot] <support@github.com>
2022-05-20 01:41:04 +00:00
laurentsimon
8d8bcf2f69
✨ Raw results for Fuzzing check ( #1917 )
...
* update
* update
* update
* update
* linter
* comments
* comments
2022-05-20 00:55:49 +00:00
dependabot[bot]
fb45cd7e9d
🌱 Bump distroless/base in /cron/webhook
...
Bumps distroless/base from `764b74b` to `d65ac1a`.
---
updated-dependencies:
- dependency-name: distroless/base
dependency-type: direct:production
...
Signed-off-by: dependabot[bot] <support@github.com>
2022-05-19 16:45:34 +00:00
dependabot[bot]
c0178f953c
🌱 Bump github.com/google/go-containerregistry
...
Bumps [github.com/google/go-containerregistry](https://github.com/google/go-containerregistry ) from 0.8.0 to 0.9.0.
- [Release notes](https://github.com/google/go-containerregistry/releases )
- [Changelog](https://github.com/google/go-containerregistry/blob/main/.goreleaser.yml )
- [Commits](https://github.com/google/go-containerregistry/compare/v0.8.0...v0.9.0 )
---
updated-dependencies:
- dependency-name: github.com/google/go-containerregistry
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
2022-05-19 13:30:10 +00:00
dependabot[bot]
5843c148db
🌱 Bump distroless/base in /cron/worker
...
Bumps distroless/base from `764b74b` to `d65ac1a`.
---
updated-dependencies:
- dependency-name: distroless/base
dependency-type: direct:production
...
Signed-off-by: dependabot[bot] <support@github.com>
2022-05-19 12:54:38 +00:00
laurentsimon
b4700ab5df
✨ Raw results for Contributors check ( #1919 )
...
* update
* update
* linter
* linter
2022-05-18 18:13:10 +00:00
Azeem Shaikh
8fdb0e767e
Cron cleanup ( #1925 )
...
Co-authored-by: Azeem Shaikh <azeems@google.com>
2022-05-18 09:48:40 -07:00
dependabot[bot]
fc7157e38a
🌱 Bump actions/dependency-review-action from 1.0.0 to 1.0.1 ( #1923 )
...
Bumps [actions/dependency-review-action](https://github.com/actions/dependency-review-action ) from 1.0.0 to 1.0.1.
- [Release notes](https://github.com/actions/dependency-review-action/releases )
- [Commits](3f943b86c9...39e692fa32
2022-05-18 07:10:22 -05:00
Naveen
bbaf072dd5
⚠️ Remove the oldjson format from cron ( #1920 )
...
- removed the old json format from cron
fix https://github.com/ossf/scorecard/pull/1487
Signed-off-by: naveensrinivasan <172697+naveensrinivasan@users.noreply.github.com>
2022-05-17 17:31:25 -07:00
Appu
e7ef60d7fe
📖 Add information for pinning manfest lists ( #1918 )
...
* Add information for pinning manfest lists
Signed-off-by: Appu Goundan <appu@google.com>
* Update checks.md
2022-05-17 10:36:57 -07:00
dependabot[bot]
6406cfd4e3
🌱 Bump actions/setup-go from 3.0.0 to 3.1.0
...
Bumps [actions/setup-go](https://github.com/actions/setup-go ) from 3.0.0 to 3.1.0.
- [Release notes](https://github.com/actions/setup-go/releases )
- [Commits](f6164bd8c8...fcdc43634a
2022-05-16 16:52:04 +00:00
Azeem Shaikh
236b296403
Do not fail on empty repositories ( #1914 )
...
Co-authored-by: Azeem Shaikh <azeems@google.com>
2022-05-16 00:41:17 +00:00
laurentsimon
b1ab7eb9bb
✨ Update raw format for Dangerous workflows ( #1865 )
...
* updates
* e2e fix
* comments
2022-05-13 19:10:57 -07:00
Scott Ford
cd0470403b
📖 Fixes description for webhook check ( #1882 )
...
Signed-off-by: Scott Ford <scott@scottford.io>
2022-05-12 21:14:43 +00:00
Naveen
0275a94a3f
:warn: Remove the old Details field from CheckResult ( #1906 )
...
https://github.com/ossf/scorecard/issues/1393
Signed-off-by: naveensrinivasan <172697+naveensrinivasan@users.noreply.github.com>
2022-05-12 12:58:12 -07:00
naveensrinivasan
b9f333bc2a
⚠️ Remove the pass from the CheckResult
...
- Remove Pass field from CheckResult
Signed-off-by: naveensrinivasan <172697+naveensrinivasan@users.noreply.github.com>
2022-05-12 14:03:19 -05:00
dependabot[bot]
f0481647dd
🌱 Bump github.com/caarlos0/env/v6 from 6.9.1 to 6.9.2
...
Bumps [github.com/caarlos0/env/v6](https://github.com/caarlos0/env ) from 6.9.1 to 6.9.2.
- [Release notes](https://github.com/caarlos0/env/releases )
- [Changelog](https://github.com/caarlos0/env/blob/main/.goreleaser.yml )
- [Commits](https://github.com/caarlos0/env/compare/v6.9.1...v6.9.2 )
---
updated-dependencies:
- dependency-name: github.com/caarlos0/env/v6
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
2022-05-12 17:13:16 +00:00
dependabot[bot]
74f521fcf2
🌱 Bump mvdan.cc/sh/v3 from 3.4.3 to 3.5.0
...
Bumps [mvdan.cc/sh/v3](https://github.com/mvdan/sh ) from 3.4.3 to 3.5.0.
- [Release notes](https://github.com/mvdan/sh/releases )
- [Changelog](https://github.com/mvdan/sh/blob/master/CHANGELOG.md )
- [Commits](https://github.com/mvdan/sh/compare/v3.4.3...v3.5.0 )
---
updated-dependencies:
- dependency-name: mvdan.cc/sh/v3
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
2022-05-12 14:43:48 +00:00
dependabot[bot]
2b35afc5bb
🌱 Bump github.com/golangci/golangci-lint in /tools
...
Bumps [github.com/golangci/golangci-lint](https://github.com/golangci/golangci-lint ) from 1.45.2 to 1.46.0.
- [Release notes](https://github.com/golangci/golangci-lint/releases )
- [Changelog](https://github.com/golangci/golangci-lint/blob/master/CHANGELOG.md )
- [Commits](https://github.com/golangci/golangci-lint/compare/v1.45.2...v1.46.0 )
---
updated-dependencies:
- dependency-name: github.com/golangci/golangci-lint
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
2022-05-12 02:04:06 +00:00
laurentsimon
0f30f4eec7
✨ Make permission check aware of GH Pages Action ( #1902 )
...
* update
* update
* update
2022-05-11 20:41:37 -05:00
dependabot[bot]
2fc6fbb196
🌱 Bump cloud.google.com/go/bigquery from 1.31.0 to 1.32.0
...
Bumps [cloud.google.com/go/bigquery](https://github.com/googleapis/google-cloud-go ) from 1.31.0 to 1.32.0.
- [Release notes](https://github.com/googleapis/google-cloud-go/releases )
- [Changelog](https://github.com/googleapis/google-cloud-go/blob/main/CHANGES.md )
- [Commits](https://github.com/googleapis/google-cloud-go/compare/spanner/v1.31.0...spanner/v1.32.0 )
---
updated-dependencies:
- dependency-name: cloud.google.com/go/bigquery
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
2022-05-11 08:47:39 -05:00
Romain Dauby
804127f46a
Upgrade to buildkit 0.10.3
2022-05-10 10:55:48 -05:00
06kellyjac
c5d787a598
pkg: refactor out scorecard_version
2022-05-10 09:51:55 -05:00
laurentsimon
62e3de5f48
🐛 Remove Options that belong to the Action ( #1898 )
...
* updates
* tests
2022-05-09 19:40:15 +00:00
Naveen
7ff4b7e050
⚠️ Removing the confidence field from CheckResult struct ( #1896 )
...
- Removing the confidence field from `CheckResult` struct
- https://github.com/ossf/scorecard/issues/1393
Signed-off-by: naveensrinivasan <172697+naveensrinivasan@users.noreply.github.com>
2022-05-09 17:46:24 +00:00
Arnaud J Le Hors
6d79817e3b
📖 Fix command Usage ( #1814 )
...
This changes the cmd Usage text to accurately represents the
supported syntax:
Usage:
./scorecard (--repo=<repo> | --local=<folder> | --{npm,pypi,rubygems}=<package_name>)
[--checks=check1,...] [--show-details] [flags]
...
--repo string repository to check (valid inputs: "owner/repo", "github.com/owner/repo", "https://github.com/owner/repo ")
...
Signed-off-by: Arnaud J Le Hors <lehors@us.ibm.com>
2022-05-09 10:23:13 -04:00
Arnaud J Le Hors
815de1819f
📖 Remove erroneous ref to CSV output ( #1813 )
2022-05-09 12:15:14 +00:00
Azeem Shaikh
5758364c82
Fix bug in Scorecard tag Docker image creation ( #1890 )
...
Co-authored-by: Azeem Shaikh <azeems@google.com>
2022-05-06 20:38:19 +00:00
laurentsimon
8c97d46a36
✨ Add custom remediation for workflow permissions/pinned dependencies ( #1885 )
...
* draft
* update
* updates
* updates
* updates
* updates
* updates
* updates
2022-05-06 12:52:30 -07:00
Azeem Shaikh
22694dcd41
Support commits reviewed through Piper ( #1889 )
...
Co-authored-by: Azeem Shaikh <azeems@google.com>
2022-05-06 18:41:44 +00:00
