ossf/scorecard
1
1
Fork 0
mirror of https://github.com/ossf/scorecard.git synced 2024-09-19 04:57:14 +03:00
Code Issues Actions 2 Packages Projects Releases Wiki Activity
1,298 Commits 36 Branches 42 Tags 436 MiB
44ad5f53ad
Commit Graph

1298 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Naveen
44ad5f53ad
⚠️ Removing the error field from result (#1853) 
- Removing the error field from result
- https://github.com/ossf/scorecard/issues/1393

Signed-off-by: naveensrinivasan <172697+naveensrinivasan@users.noreply.github.com>
 2022-04-22 23:22:43 +00:00
laurentsimon
1f3861b4cc
Update env variables in cron (#1858) 2022-04-22 20:21:08 +00:00
dependabot[bot]
ee1086efd7 🌱 Bump codecov/codecov-action from 3.0.0 to 3.1.0 
Bumps [codecov/codecov-action](https://github.com/codecov/codecov-action) from 3.0.0 to 3.1.0.
- [Release notes](https://github.com/codecov/codecov-action/releases)
- [Changelog](https://github.com/codecov/codecov-action/blob/master/CHANGELOG.md)
- [Commits](e3c560433a...81cd2dc814)

---
updated-dependencies:
- dependency-name: codecov/codecov-action
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
 2022-04-22 07:25:53 -05:00
dependabot[bot]
64bf903f36 🌱 Bump actions/checkout from 3.0.1 to 3.0.2 
Bumps [actions/checkout](https://github.com/actions/checkout) from 3.0.1 to 3.0.2.
- [Release notes](https://github.com/actions/checkout/releases)
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md)
- [Commits](dcd71f6466...2541b1294d)

---
updated-dependencies:
- dependency-name: actions/checkout
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2022-04-22 07:02:44 -05:00
laurentsimon
4622952c85
Raw results for dangerous workflow (#1849) 
* draft

* update

* update

* updates

* comments

* comments

* comments
 2022-04-21 22:02:18 +00:00
dependabot[bot]
72e248694d 🌱 Bump contrib.go.opencensus.io/exporter/stackdriver 
Bumps [contrib.go.opencensus.io/exporter/stackdriver](https://github.com/census-ecosystem/opencensus-go-exporter-stackdriver) from 0.13.11 to 0.13.12.
- [Release notes](https://github.com/census-ecosystem/opencensus-go-exporter-stackdriver/releases)
- [Commits](https://github.com/census-ecosystem/opencensus-go-exporter-stackdriver/compare/v0.13.11...v0.13.12)

---
updated-dependencies:
- dependency-name: contrib.go.opencensus.io/exporter/stackdriver
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2022-04-20 09:01:35 -05:00
naveensrinivasan
6ed6c9b70e 🌱 Publish images with ko 
- Publish images with ko

https://github.com/ossf/scorecard/issues/744

Signed-off-by: naveensrinivasan <172697+naveensrinivasan@users.noreply.github.com>
 2022-04-18 10:40:05 -05:00
laurentsimon
f99e1a1552
Schema for BQ table for raw results (#1762) 
* Fix schemas

* updates

* updates

* Schema for BQ table of raw result

* update

* updates

* create utility function only

* update

* updates

* updates

* manifest
 2022-04-15 16:35:01 +00:00
dependabot[bot]
9532e55ee9 🌱 Bump github.com/rhysd/actionlint from 1.6.11 to 1.6.12 
Bumps [github.com/rhysd/actionlint](https://github.com/rhysd/actionlint) from 1.6.11 to 1.6.12.
- [Release notes](https://github.com/rhysd/actionlint/releases)
- [Changelog](https://github.com/rhysd/actionlint/blob/main/CHANGELOG.md)
- [Commits](https://github.com/rhysd/actionlint/compare/v1.6.11...v1.6.12)

---
updated-dependencies:
- dependency-name: github.com/rhysd/actionlint
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2022-04-15 09:13:27 -05:00
dependabot[bot]
6c59ff9bfe 🌱 Bump actions/checkout from 3.0.0 to 3.0.1 
Bumps [actions/checkout](https://github.com/actions/checkout) from 3.0.0 to 3.0.1.
- [Release notes](https://github.com/actions/checkout/releases)
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md)
- [Commits](a12a3943b4...dcd71f6466)

---
updated-dependencies:
- dependency-name: actions/checkout
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2022-04-15 05:34:31 -05:00
dependabot[bot]
ebf0d10c33 🌱 Bump cloud.google.com/go/bigquery from 1.30.2 to 1.31.0 
Bumps [cloud.google.com/go/bigquery](https://github.com/googleapis/google-cloud-go) from 1.30.2 to 1.31.0.
- [Release notes](https://github.com/googleapis/google-cloud-go/releases)
- [Changelog](https://github.com/googleapis/google-cloud-go/blob/main/CHANGES.md)
- [Commits](https://github.com/googleapis/google-cloud-go/compare/bigquery/v1.30.2...spanner/v1.31.0)

---
updated-dependencies:
- dependency-name: cloud.google.com/go/bigquery
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
 2022-04-14 09:00:34 -05:00
laurentsimon
4d1c531690
Raw results for license (#1790) 
* Raw results for license

* tests

* tests

* e2e fix

* comment

* fix

* linter
 2022-04-13 18:20:05 -07:00
laurentsimon
c0e41f3a54
Update branches_e2e_test.go (#1838) 2022-04-13 16:45:07 -07:00
laurentsimon
410a145db2
fix (#1837) 2022-04-13 16:00:19 -07:00
Caleb Brown
b00b31646a Split NewLogger into two so we can use a custom logrus instance. 2022-04-13 11:31:06 -05:00
laurentsimon
91202855fd
Fix e2e branch (#1835) 2022-04-13 09:16:38 -07:00
laurentsimon
eedd16d5be linter 2022-04-12 10:54:38 -05:00
laurentsimon
6a48f174ce fix 2022-04-12 10:54:38 -05:00
laurentsimon
4b2c677185 fix 2022-04-12 10:54:38 -05:00
laurentsimon
2873c0d58d e2e for GITHUB_TOKEN 2022-04-12 10:54:38 -05:00
dependabot[bot]
a46313ca8a 🌱 Bump cloud.google.com/go/pubsub from 1.19.0 to 1.20.0 
Bumps [cloud.google.com/go/pubsub](https://github.com/googleapis/google-cloud-go) from 1.19.0 to 1.20.0.
- [Release notes](https://github.com/googleapis/google-cloud-go/releases)
- [Changelog](https://github.com/googleapis/google-cloud-go/blob/main/CHANGES.md)
- [Commits](https://github.com/googleapis/google-cloud-go/compare/pubsub/v1.19.0...pubsub/v1.20.0)

---
updated-dependencies:
- dependency-name: cloud.google.com/go/pubsub
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
 2022-04-12 08:50:47 -05:00
dependabot[bot]
fb0c0e1527 🌱 Bump actions/cache from 3.0.1 to 3.0.2 
Bumps [actions/cache](https://github.com/actions/cache) from 3.0.1 to 3.0.2.
- [Release notes](https://github.com/actions/cache/releases)
- [Changelog](https://github.com/actions/cache/blob/main/RELEASES.md)
- [Commits](136d96b4ae...48af2dc4a9)

---
updated-dependencies:
- dependency-name: actions/cache
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2022-04-11 07:36:08 -05:00
naveensrinivasan
f9c2f9d79f 🌱 Dependency review action 
Included the https://github.com/actions/dependency-review-action

Signed-off-by: naveensrinivasan <172697+naveensrinivasan@users.noreply.github.com>
 2022-04-09 14:09:42 -05:00
Azeem Shaikh
333618d0d2
Security-Policy should not run on --local (#1825) 
Co-authored-by: Azeem Shaikh <azeems@google.com>
 2022-04-07 14:12:22 -05:00
dependabot[bot]
4df16f3350 🌱 Bump codecov/codecov-action from 2.1.0 to 3 
Bumps [codecov/codecov-action](https://github.com/codecov/codecov-action) from 2.1.0 to 3.
- [Release notes](https://github.com/codecov/codecov-action/releases)
- [Changelog](https://github.com/codecov/codecov-action/blob/master/CHANGELOG.md)
- [Commits](f32b3a3741...e3c560433a)

---
updated-dependencies:
- dependency-name: codecov/codecov-action
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
 2022-04-07 14:55:05 +00:00
dependabot[bot]
b6575a2731 🌱 Bump github.com/rhysd/actionlint from 1.6.10 to 1.6.11 
Bumps [github.com/rhysd/actionlint](https://github.com/rhysd/actionlint) from 1.6.10 to 1.6.11.
- [Release notes](https://github.com/rhysd/actionlint/releases)
- [Changelog](https://github.com/rhysd/actionlint/blob/main/CHANGELOG.md)
- [Commits](https://github.com/rhysd/actionlint/compare/v1.6.10...v1.6.11)

---
updated-dependencies:
- dependency-name: github.com/rhysd/actionlint
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2022-04-07 14:38:43 +00:00
dependabot[bot]
8bc0fe5e83 🌱 Bump contrib.go.opencensus.io/exporter/stackdriver 
Bumps [contrib.go.opencensus.io/exporter/stackdriver](https://github.com/census-ecosystem/opencensus-go-exporter-stackdriver) from 0.13.10 to 0.13.11.
- [Release notes](https://github.com/census-ecosystem/opencensus-go-exporter-stackdriver/releases)
- [Commits](https://github.com/census-ecosystem/opencensus-go-exporter-stackdriver/compare/v0.13.10...v0.13.11)

---
updated-dependencies:
- dependency-name: contrib.go.opencensus.io/exporter/stackdriver
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2022-04-07 13:45:47 +00:00
Azeem Shaikh
a1e908b6f0
Support Security-Policy with --local (#1822) 
Co-authored-by: Azeem Shaikh <azeems@google.com>
 2022-04-06 18:39:19 -07:00
noamd
5860896619 detect workflow_run as a dangerous trigger 2022-04-06 07:22:54 -05:00
dependabot[bot]
606f28ad25 🌱 Bump sigs.k8s.io/release-utils from 0.5.0 to 0.6.0 
Bumps [sigs.k8s.io/release-utils](https://github.com/kubernetes-sigs/release-utils) from 0.5.0 to 0.6.0.
- [Release notes](https://github.com/kubernetes-sigs/release-utils/releases)
- [Commits](https://github.com/kubernetes-sigs/release-utils/compare/v0.5.0...v0.6.0)

---
updated-dependencies:
- dependency-name: sigs.k8s.io/release-utils
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
 2022-04-05 21:36:00 +00:00
naveensrinivasan
81133363f0 🌱 e2e for pinned_dependencies for localrepoclient 
- e2e for pinned_dependencies for localrepoclient

Signed-off-by: naveensrinivasan <172697+naveensrinivasan@users.noreply.github.com>
 2022-04-05 16:15:17 -05:00
naveensrinivasan
b6b5592629 🌱 e2e for dangerous_workflow local repo 
- e2e for dangerous_workflow for localrepoclient.
 2022-04-05 15:21:52 -05:00
naveensrinivasan
761bb4e4b3 🌱 Fixes the golang version 
Hopefully this fixes the make linter failures

https://github.com/ossf/scorecard/runs/5834278035?check_suite_focus=true

I noticed while trying to debug , which was using go 1.18 in the
workflow log.

Which made me decide to pin it to specific version of go 1.17.7
```
go env -w GOFLAGS=-mod=mod
  make check-linter
  shell: /usr/bin/bash -e {0}
  env:
    PROTOC_VERSION: 3.17.3
    GOROOT: /opt/hostedtoolcache/go/1.18.0/x64
```

Signed-off-by: naveensrinivasan <172697+naveensrinivasan@users.noreply.github.com>
 2022-04-05 14:45:31 -05:00
dependabot[bot]
b42a175784 🌱 Bump gocloud.dev from 0.24.0 to 0.25.0 
Bumps [gocloud.dev](https://github.com/google/go-cloud) from 0.24.0 to 0.25.0.
- [Release notes](https://github.com/google/go-cloud/releases)
- [Commits](https://github.com/google/go-cloud/compare/v0.24.0...v0.25.0)

---
updated-dependencies:
- dependency-name: gocloud.dev
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
 2022-04-04 09:51:38 -05:00
naveensrinivasan
648b6634e6 🌱 Experimental option for codeql 
- Included the experimental option for Codeql
https://github.blog/2022-02-17-code-scanning-finds-vulnerabilities-using-machine-learning/
 2022-04-01 19:15:44 -05:00
laurentsimon
27dbf9c7e5
Raw results for Signed-Release check (#1789) 
* Raw results for Signed-Releases

* updates

* linter
 2022-04-01 23:13:58 +00:00
naveensrinivasan
e8c633a41b 🌱 e2e tests for security policy localrepo 
- Included e2e tests for security policy for localrepo client

https://github.com/ossf/scorecard/issues/1353

Signed-off-by: naveensrinivasan <172697+naveensrinivasan@users.noreply.github.com>
 2022-03-31 16:20:16 -05:00
naveensrinivasan
e5f5deb64e 🌱 e2e tests for local repoclient for permissions 
- Included e2e tests for local repoclient for permissions.

Signed-off-by: naveensrinivasan <172697+naveensrinivasan@users.noreply.github.com>
 2022-03-31 14:52:16 -05:00
naveensrinivasan
ab9769a4da 🌱 Fix protoc build failures 
- Fix protoc build failures by retries

Signed-off-by: naveensrinivasan <172697+naveensrinivasan@users.noreply.github.com>
 2022-03-31 14:33:45 -05:00
dependabot[bot]
99ecdea2dd 🌱 Bump actions/cache from 3.0.0 to 3.0.1 
Bumps [actions/cache](https://github.com/actions/cache) from 3.0.0 to 3.0.1.
- [Release notes](https://github.com/actions/cache/releases)
- [Changelog](https://github.com/actions/cache/blob/main/RELEASES.md)
- [Commits](4b0cf6cc46...136d96b4ae)

---
updated-dependencies:
- dependency-name: actions/cache
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2022-03-31 17:37:21 +00:00
Carlos Tadeu Panato Junior
7dcb3cb3e2
checks: add GitHub Webhook check (#1675) 
* checks: add GitHub Webhook check

Signed-off-by: Carlos Panato <ctadeu@gmail.com>

* update per feedback

Signed-off-by: cpanato <ctadeu@gmail.com>

* add evaluation code

Signed-off-by: cpanato <ctadeu@gmail.com>

* add feature gate check

Signed-off-by: cpanato <ctadeu@gmail.com>

* fix lint

Signed-off-by: cpanato <ctadeu@gmail.com>
 2022-03-31 07:29:59 -07:00
cpanato
93889a8e70 install missing tool in add-projects job 
Signed-off-by: cpanato <ctadeu@gmail.com>
 2022-03-31 08:00:22 -05:00
cpanato
f1268bfaee cleanup protoc version 
Signed-off-by: cpanato <ctadeu@gmail.com>
 2022-03-31 08:00:22 -05:00
dependabot[bot]
d10ac0dbb0 🌱 Bump cloud.google.com/go/bigquery from 1.30.1 to 1.30.2 
Bumps [cloud.google.com/go/bigquery](https://github.com/googleapis/google-cloud-go) from 1.30.1 to 1.30.2.
- [Release notes](https://github.com/googleapis/google-cloud-go/releases)
- [Changelog](https://github.com/googleapis/google-cloud-go/blob/main/CHANGES.md)
- [Commits](https://github.com/googleapis/google-cloud-go/compare/spanner/v1.30.1...bigquery/v1.30.2)

---
updated-dependencies:
- dependency-name: cloud.google.com/go/bigquery
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2022-03-31 05:02:41 -05:00
Carlos Tadeu Panato Junior
92027ed41b
small cleanup on the workflow jobs and remove the master branch reference (#1800) 
Signed-off-by: cpanato <ctadeu@gmail.com>

Co-authored-by: laurentsimon <64505099+laurentsimon@users.noreply.github.com>
 2022-03-30 16:11:30 +00:00
dependabot[bot]
389078c5d8 🌱 Bump cloud.google.com/go/bigquery from 1.30.0 to 1.30.1 
Bumps [cloud.google.com/go/bigquery](https://github.com/googleapis/google-cloud-go) from 1.30.0 to 1.30.1.
- [Release notes](https://github.com/googleapis/google-cloud-go/releases)
- [Changelog](https://github.com/googleapis/google-cloud-go/blob/main/CHANGES.md)
- [Commits](https://github.com/googleapis/google-cloud-go/compare/spanner/v1.30.0...spanner/v1.30.1)

---
updated-dependencies:
- dependency-name: cloud.google.com/go/bigquery
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2022-03-30 08:35:38 -05:00
dependabot[bot]
49564838f9 🌱 Bump github.com/onsi/gomega from 1.18.1 to 1.19.0 
Bumps [github.com/onsi/gomega](https://github.com/onsi/gomega) from 1.18.1 to 1.19.0.
- [Release notes](https://github.com/onsi/gomega/releases)
- [Changelog](https://github.com/onsi/gomega/blob/master/CHANGELOG.md)
- [Commits](https://github.com/onsi/gomega/compare/v1.18.1...v1.19.0)

---
updated-dependencies:
- dependency-name: github.com/onsi/gomega
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
 2022-03-29 22:15:55 +00:00
dependabot[bot]
c428e3181e 🌱 Bump distroless/base in /cron/worker 
Bumps distroless/base from `792dfe7` to `764b74b`.

---
updated-dependencies:
- dependency-name: distroless/base
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
 2022-03-29 21:28:57 +00:00
Azeem Shaikh
6a078c68c2
Use GITHUB_TOKEN for downloading protoc (#1797) 
Co-authored-by: Azeem Shaikh <azeems@google.com>
 2022-03-29 13:55:45 -07:00
dependabot[bot]
ce06ac1a7e
🌱 Bump distroless/base in /cron/webhook (#1794) 
Bumps distroless/base from `792dfe7` to `764b74b`.

---
updated-dependencies:
- dependency-name: distroless/base
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Azeem Shaikh <azeemshaikh38@gmail.com>
 2022-03-29 19:51:22 +00:00