ossf/scorecard
1
1
Fork 0
mirror of https://github.com/ossf/scorecard.git synced 2024-09-19 04:57:14 +03:00
Code Issues Actions 2 Packages Projects Releases Wiki Activity
1,195 Commits 36 Branches 42 Tags 436 MiB
4904b317ac
Commit Graph

371 Commits

Author SHA1 Message Date
naveensrinivasan
4904b317ac 🌱 additional tests for github_workflow 
- Additional tests for github_workflow
 2022-03-02 20:36:34 -06:00
naveensrinivasan
5e5abdcd09 🌱 Unit tests for github workflow 
- Unit tests for github workflow.
https://github.com/ossf/scorecard/issues/986
 2022-02-28 20:02:50 -06:00
Stephen Augustus (he/him)
7956ff4fe7
Miscellaneous refactors to ease downstream consumption (#1645) 
* checker: Add `NewLogger` constructor for `DetailLogger` impl
* checker: Add `NewRunner` constructor for `Runner`
* cmd: Update to use refactored packages
* cmd: Move command flags and validation into an `options` package
* cmd: Move client accessors to `githubrepo` package
* cmd: Move policy and enabled checks to `policy` package
* cmd: Move results formatting to `format` package
* checker: Prefer `Set` prefixes for setters
* checker: Use `DetailLogger` return value for `NewLogger()`
* checker: Add `GetClients` accessor
* Move `FormatResults` to `pkg/`
* checks: Add getter for all checks

Signed-off-by: Stephen Augustus <foo@auggie.dev>
 2022-02-27 02:09:21 +00:00
Chris McGehee
76105194da
📖 Adding missing documentation for Token-Permissions (#1656) 
* Adding missing documentation for Token-Permissions

* Make documentation for `actions` more accurate

Co-authored-by: Naveen <172697+naveensrinivasan@users.noreply.github.com>
Co-authored-by: laurentsimon <64505099+laurentsimon@users.noreply.github.com>
 2022-02-25 22:47:11 +00:00
Chris McGehee
808941a4c2
Token-Permissions, Allow contents: write permission only for jobs that are releasing (#1663) 
* Token-Permissions, distinguish contents/package

Allowing `contents: write` permission only for jobs that are releasing
jobs, not just packaging jobs.
 2022-02-23 00:23:07 +00:00
Azeem Shaikh
e41f8595cb
Generalize CheckFileContent functions (#1670) 
Co-authored-by: Azeem Shaikh <azeems@google.com>
 2022-02-22 17:40:34 -06:00
Azeem Shaikh
f616278a8b
Generalize CheckIfFileExists fn (#1668) 
Co-authored-by: Azeem Shaikh <azeems@google.com>
 2022-02-22 18:50:01 +00:00
Azeem Shaikh
c03085ad9b
Remove duplicated function definitions (#1666) 
Co-authored-by: Azeem Shaikh <azeems@google.com>
 2022-02-22 07:38:56 -08:00
behnazh-w
33a01f7647 🐛 Add custom packaging workflow for Python 
Packaging workflows are allowed to have `contents: write` permission.
By adding relekang/python-semantic-release to the list of
packaging GitHub Actions workflows, we avoid false positivies in
the token permission check.
 2022-02-17 17:16:34 -06:00
Azeem Shaikh
2b206dc365
Remove Version field from LogMessage (#1640) 
Co-authored-by: Azeem Shaikh <azeems@google.com>
 2022-02-15 18:26:06 +00:00
laurentsimon
e7fd58d9a3
Check for secrets in pull_request_target (#1634) 
* checks/dangerous_workflow.go: add pull_request_target support for secrets

* missing files

* linter
 2022-02-15 16:04:57 +00:00
Azeem Shaikh
1e488a804f
Fix for repos which do not squash PR commits (#1637) 
Co-authored-by: Azeem Shaikh <azeems@google.com>
 2022-02-14 23:33:15 +00:00
Azeem Shaikh
f3332ce129
Add validation for commit-based APIs (#1635) 
Co-authored-by: Azeem Shaikh <azeems@google.com>
 2022-02-14 22:24:35 +00:00
Azeem Shaikh
2e3e505a8c
Simplify DetailLogger interface (#1628) 
Co-authored-by: Azeem Shaikh <azeems@google.com>
 2022-02-11 15:48:58 -08:00
laurentsimon
7de151cf49
Check for secrets in workflows run on pull requests (#1615) 
* updates

* missing files

* typo

* linter

* linter

* updates

* updates
 2022-02-10 18:54:44 +00:00
Azeem Shaikh
6930c3ab3b
Add support for commit-based Scorecard (#1613) 
Co-authored-by: Azeem Shaikh <azeems@google.com>
 2022-02-07 19:03:36 -08:00
Azeem Shaikh
1c95237e4a
Only run allowed checks in different modes (#1579) 
Co-authored-by: Azeem Shaikh <azeems@google.com>
 2022-02-07 16:49:49 -08:00
naveen
68bf172e59 🌱 Unit tests fileparser/listing 
Unit tests fileparser/listing
 https://github.com/ossf/scorecard/issues/986
 2022-02-07 15:33:18 -06:00
naveen
049db386a5 🌱 Unit tests for dependency_update_tool 
Unit tests for dependency_update_tool
 https://github.com/ossf/scorecard/issues/986

Signed-off-by: naveen <172697+naveensrinivasan@users.noreply.github.com>
 2022-02-07 11:05:37 -06:00
laurentsimon
873308016c
checks/packaging.go: ignore workflows/<>/ files (#1591) 2022-02-04 21:42:59 +00:00
naveen
80cc0dd11e 🌱 Unit tests checks/ci_tests_test.go 
Unit tests for tests checks/ci_tests_test.go

 https://github.com/ossf/scorecard/issues/986
 2022-02-04 13:26:16 -06:00
Behnaz Hassanshahi
f84291dcfd
🐛 Fix Dependabot check to accept .yaml file extension (#1601) 2022-02-03 23:53:32 +00:00
naveen
35aad1dce5 🌱 Unit tests code-review for raw 
Unit tests code-review for raw.
https://github.com/ossf/scorecard/issues/986
 2022-02-03 13:22:39 -06:00
naveen
674f747d47 🌱 Unit tests for vulnerabilities raw package 
Unit tests for vulnerabilities raw package

https://github.com/ossf/scorecard/issues/986
 2022-02-03 13:00:35 -06:00
naveen
634643e9f7 🌱 Unit test for fileparser/listing 
Unit test for fileparser/listing

https://github.com/ossf/scorecard/issues/986

🌱 Unit test for fileparser/listing

Unit tests for fileparser/listing

https://github.com/ossf/scorecard/issues/986

Signed-off-by: naveen <172697+naveensrinivasan@users.noreply.github.com>
 2022-02-03 11:01:57 -06:00
Azeem Shaikh
4581c363cf
Remove ListMergedPRs API (#1566) 
Co-authored-by: Azeem Shaikh <azeems@google.com>
 2022-02-03 00:01:35 +00:00
laurentsimon
9037444513
Raw data for code review check (#1505) 
* separate code review's eval and check

* missing file

* add comments

* fix

* fix

* linter

* fixes

* fix

* linter

* linter

* linter

* draft

* fixes

* fixes

* simplify

* update date

* rem comments

* typo

* linter

* typo

* linter
 2022-02-02 19:51:38 +00:00
naveen
009aa85e3f 🌱 Unit tests for Vulnerabilities 
- Unit tests for Vulnerabilities
- https://github.com/ossf/scorecard/issues/986
 2022-02-02 11:55:57 -06:00
laurentsimon
79b216c956
checks/security_policy_test.go: updated unit tests (#1590) 
checks/raw/security_policy.go: add support for .adoc policies
 2022-02-02 08:31:42 -08:00
laurentsimon
86d8281031
Do not parse non-dockerfile (#1583) 
* draft

* checks/pinned_dependencies.go: added isDockerfiler()
checks/pinned_dependencies_test.go: added TestDockerfileInvalidFiles

* undo CodeQL

Co-authored-by: Naveen <172697+naveensrinivasan@users.noreply.github.com>
 2022-02-01 23:50:15 +00:00
naveen
e4eb6d247f 🌱 Unit tests for security policy 
Unit tests for security policy.
https://github.com/ossf/scorecard/issues/986
 2022-02-01 14:06:28 -06:00
Azeem Shaikh
3995d31abf
Refactor some code (#1567) 
Co-authored-by: Azeem Shaikh <azeems@google.com>
 2022-01-31 21:41:42 +00:00
naveen
fae5ff334f 🌱 Unit tests for fileparser 
Included additional tests for fileparser.
https://github.com/ossf/scorecard/issues/986

Signed-off-by: naveen <172697+naveensrinivasan@users.noreply.github.com>
 2022-01-31 14:09:02 -06:00
naveen
70afae8b8f 🌱 Remove dead code 
Remove dead code which isn't being used.
 2022-01-28 14:05:29 -06:00
naveen
4c266d7192 🌱 Unit test for dependency_update_tool 
Unit tests for dependency_update_tool
 https://github.com/ossf/scorecard/issues/986
 2022-01-28 10:57:57 -06:00
godofredoc
a69e1d97d4
🌱 Add Dart and Flutter CI systems to CI tests check. (#1548) 
* Add Dart and Flutter CI systems to CI tests check.

The current check is looking at the github checks data to identify
whether a given PR ran tests. Flutter and Dart repos are failing the
check becuase their systems are not recognized as CI Systems.

Bug: https://github.com/ossf/scorecard/issues/1547

* Format file.
 2022-01-28 01:42:50 +00:00
Naveen
17467c1f13
🌱 Unit tests for binary_artifact (#1512) 2022-01-27 12:25:50 -06:00
laurentsimon
5f9fff3b20
Separate check from policies for the Vulnerabilities check (#1532) 
* raw vulnerabilities seperation
* update year
* missing files
* tests
 2022-01-26 15:45:39 -05:00
Chris McGehee
7a6eb2812a
Not considering an issue as having activity if closed recently (#1531) 
- The person who opened the issue can close it, so an issue closing does not indicate activity by a maintainer.
 2022-01-25 21:59:03 -08:00
naveen
e774015194 🌱 Unit tests for Fuzzing 
Unit tests checks for fuzzing.

https://github.com/ossf/scorecard/issues/986
Signed-off-by: naveen <172697+naveensrinivasan@users.noreply.github.com>
 2022-01-25 14:08:59 -06:00
Stephen Augustus (he/him)
41adfe7f34
⚠️ log: Initial logr/logrusr implementation (#1516) 
* log: Initial logr/logrusr implementation

Signed-off-by: Stephen Augustus <foo@auggie.dev>

* log: Update references to `log.Logger`

Signed-off-by: Stephen Augustus <foo@auggie.dev>

* go.mod: Minor reorganization of `replace`s

...to prevent automatic updates from getting added to the smaller
section.

Signed-off-by: Stephen Augustus <foo@auggie.dev>
 2022-01-25 11:17:46 -06:00
naveen
d4d81a01df 🌱 Unit tests dependency_update_tool 
Unit tests dependency_update_tool
https://github.com/ossf/scorecard/issues/986

Signed-off-by: naveen <172697+naveensrinivasan@users.noreply.github.com>
 2022-01-24 21:38:02 -06:00
Chris McGehee
b6cba86f72
🐛 Issue activity only counts if done by a maintainer (#1515) 
* Issue activity only counts if done by a maintainer

* -Using pointer so that if Github API doesn't return a value for a field, it can be nil
- Updating AuthorAssociation to use an enum

Co-authored-by: Azeem Shaikh <azeemshaikh38@gmail.com>
 2022-01-24 16:12:54 +00:00
naveen
4122c793bc 🌱 Unit tests for binary artifacts 
Unit tests for binary artifacts.

https://github.com/ossf/scorecard/issues/986
 2022-01-23 22:59:36 -06:00
naveen
8a64075d5e 🌱 Fix the reflect.DeepEqual with google cmp 
Fix the reflect.DeepEqual with google cmp

Signed-off-by: naveen <172697+naveensrinivasan@users.noreply.github.com>
 2022-01-23 13:12:07 -06:00
naveen
66a91dd017 🌱 Unit tests for branch protection raw 
Unit tests for branch protection raw.
https://github.com/ossf/scorecard/issues/986.

Signed-off-by: naveen <172697+naveensrinivasan@users.noreply.github.com>
 2022-01-22 17:54:59 -06:00
naveen
90a0689dea 🌱 Unit test for fileparser 
https://github.com/ossf/scorecard/issues/986
 2022-01-21 12:23:11 -06:00
Stephen Augustus (he/him)
13b78ab010
⚠️ Create a dedicated logging package to encapsulate calls to zap (#1502) 
* log: Init log package

Creates a wrapper around existing `zap.Logger` to make it easier
to replace/extend with scorecard logging.

Signed-off-by: Stephen Augustus <foo@auggie.dev>

* log: Replace instances of `zap.Logger` with `log.Logger`

Signed-off-by: Stephen Augustus <foo@auggie.dev>

* log: Add logic to parse `zapcore.Level`s as strings

Signed-off-by: Stephen Augustus <foo@auggie.dev>

* log: Express log levels

Signed-off-by: Stephen Augustus <foo@auggie.dev>

* log: Replace instances of `zapcore.Level` with `log.Level`

Signed-off-by: Stephen Augustus <foo@auggie.dev>

* log: Fixup comments for exported functions

Signed-off-by: Stephen Augustus <foo@auggie.dev>
 2022-01-20 15:57:39 -08:00
naveen
f4e9dfd602 🌱 Unit tests for binaryartifacts 
Unit tests for binaryartifacts
https://github.com/ossf/scorecard/issues/986

Signed-off-by: naveen <172697+naveensrinivasan@users.noreply.github.com>
 2022-01-20 15:20:54 -06:00
naveen
9973bdeb60 Unit tests for dependency update 
Unit tests for dependency update.

https://github.com/ossf/scorecard/issues/986

Signed-off-by: naveen <172697+naveensrinivasan@users.noreply.github.com>
 2022-01-19 15:34:07 -06:00