laurentsimon
4bd3391a36
✨ Raw results for Pinned-Dependencies ( #1932 )
...
* backup
* update
* update
* draft
* updates
* updates
* updates
* updates
* fix
* linter
* updates
* updates
* updates
* updates
* updates
* updates
* updates
* linter
* comments
* linter
* linter
* tests
* updates
* updates
* tests
2022-06-06 14:31:22 -07:00
Romain Dauby
804127f46a
Upgrade to buildkit 0.10.3
2022-05-10 10:55:48 -05:00
laurentsimon
8c97d46a36
✨ Add custom remediation for workflow permissions/pinned dependencies ( #1885 )
...
* draft
* update
* updates
* updates
* updates
* updates
* updates
* updates
2022-05-06 12:52:30 -07:00
laurentsimon
875b6f694e
🐛 Ignore shell parsing errors when reporting results ( #1878 )
...
* ignore parsing errors
* updates
2022-05-02 10:11:50 -07:00
dependabot[bot]
66b3d8ce5c
🌱 Bump github.com/golangci/golangci-lint from 1.44.2 to 1.45.0 in /tools ( #1757 )
...
* 🌱 Bump github.com/golangci/golangci-lint in /tools
Bumps [github.com/golangci/golangci-lint](https://github.com/golangci/golangci-lint ) from 1.44.2 to 1.45.0.
- [Release notes](https://github.com/golangci/golangci-lint/releases )
- [Changelog](https://github.com/golangci/golangci-lint/blob/master/CHANGELOG.md )
- [Commits](https://github.com/golangci/golangci-lint/compare/v1.44.2...v1.45.0 )
---
updated-dependencies:
- dependency-name: github.com/golangci/golangci-lint
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
* golangci-lint: Surface and fix as many lint warnings automatically
Signed-off-by: Stephen Augustus <foo@auggie.dev>
* generated: Run golangci-lint with `fix: true`
Signed-off-by: Stephen Augustus <foo@auggie.dev>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Stephen Augustus <foo@auggie.dev>
2022-03-23 02:23:39 +00:00
Azeem Shaikh
e41f8595cb
Generalize CheckFileContent functions ( #1670 )
...
Co-authored-by: Azeem Shaikh <azeems@google.com>
2022-02-22 17:40:34 -06:00
Azeem Shaikh
2b206dc365
Remove Version
field from LogMessage ( #1640 )
...
Co-authored-by: Azeem Shaikh <azeems@google.com>
2022-02-15 18:26:06 +00:00
Azeem Shaikh
2e3e505a8c
Simplify DetailLogger interface ( #1628 )
...
Co-authored-by: Azeem Shaikh <azeems@google.com>
2022-02-11 15:48:58 -08:00
Azeem Shaikh
6930c3ab3b
Add support for commit-based Scorecard ( #1613 )
...
Co-authored-by: Azeem Shaikh <azeems@google.com>
2022-02-07 19:03:36 -08:00
Azeem Shaikh
1c95237e4a
Only run allowed checks in different modes ( #1579 )
...
Co-authored-by: Azeem Shaikh <azeems@google.com>
2022-02-07 16:49:49 -08:00
laurentsimon
86d8281031
Do not parse non-dockerfile ( #1583 )
...
* draft
* checks/pinned_dependencies.go: added isDockerfiler()
checks/pinned_dependencies_test.go: added TestDockerfileInvalidFiles
* undo CodeQL
Co-authored-by: Naveen <172697+naveensrinivasan@users.noreply.github.com>
2022-02-01 23:50:15 +00:00
naveen
70afae8b8f
🌱 Remove dead code
...
Remove dead code which isn't being used.
2022-01-28 14:05:29 -06:00
naveen
f7b329e830
✨ Unit test for all_checks
...
Addresses https://github.com/ossf/scorecard/issues/435
Signed-off-by: naveen <172697+naveensrinivasan@users.noreply.github.com>
2022-01-12 17:24:38 -06:00
Azeem Shaikh
696553be2d
Fix linter issues ( #1472 )
...
Co-authored-by: Azeem Shaikh <azeems@google.com>
2022-01-12 20:34:16 +00:00
Azeem Shaikh
f2c57d2590
✨ Migrate to v4
2022-01-12 14:12:09 -06:00
laurentsimon
7a91384f8d
✨ Add line numbers for insecure downloads ( #1413 )
...
* add lines for docker files
* support for other constructs
* other insecure patterns
* fixes
* fixes
* comments
2022-01-06 00:13:53 +00:00
laurentsimon
46e94eb925
✨ [DRAFT: RAW]: Security policy support ( #1372 )
...
* raw sec policy
* missing file
* fix validation of check.yml
* updates
* comments
* dea code
* comments
2021-12-14 23:51:42 +00:00
laurentsimon
1aac7aa39c
✨ update log msg for non-pinned actions ( #1370 )
2021-12-06 19:33:27 -06:00
laurentsimon
023eab671e
✨ Ignore local actions that are not pinned ( #1357 )
...
* ignore local actions
* missing files
2021-12-06 16:36:42 +00:00
Chris McGehee
38b5199e9e
🐛 Adding line numbers to token-permissions and a couple other places ( #1363 )
...
* Adding line numbers to token-permissions and a couple other places
* Fix deadlink for security policy
Signed-off-by: Batuhan Apaydın <batuhan.apaydin@trendyol.com>
Co-authored-by: Furkan Türkal <furkan.turkal@trendyol.com>
* Updating formatting
Co-authored-by: Batuhan Apaydın <batuhan.apaydin@trendyol.com>
Co-authored-by: Furkan Türkal <furkan.turkal@trendyol.com>
2021-12-06 10:05:52 -06:00
laurentsimon
afe55a83c1
🐛 Disable pinning lock file search in repo ( #1315 )
...
* fix
* linter
* linter
* linter
* comment
2021-12-04 00:44:09 +00:00
Chris McGehee
9b600bdc69
Skip pinned dependencies check for template Dockerfiles ( #1324 )
...
Co-authored-by: Azeem Shaikh <azeemshaikh38@gmail.com>
2021-11-22 16:16:03 +00:00
Azeem Shaikh
e15e7b1ca5
More nilptr issues ( #1296 )
...
Co-authored-by: Azeem Shaikh <azeems@google.com>
2021-11-18 05:27:06 +00:00
Azeem Shaikh
8fae5b10bd
Fix more nil-ptr dereferences ( #1295 )
...
Co-authored-by: Azeem Shaikh <azeems@google.com>
2021-11-17 20:00:40 +00:00
laurentsimon
cc4949465b
✨ [Check split]: Binary-Artifacts ( #1244 )
...
* split binary artifact check
* fix
* missing file
* comments
* linter
* fix
* comments
* linter
2021-11-16 19:57:14 +00:00
Chris McGehee
4bd24b8291
Including line number: Dockerfile FROM not pinned ( #1258 )
...
Co-authored-by: laurentsimon <64505099+laurentsimon@users.noreply.github.com>
2021-11-16 18:28:51 +00:00
Azeem Shaikh
ab2bb205d4
Fix nil-ptr access bug ( #1248 )
...
Co-authored-by: Azeem Shaikh <azeems@google.com>
2021-11-12 16:51:41 +00:00
Chris McGehee
3dc507b9e1
Using library to parse github workflows
2021-11-08 17:00:40 -06:00
Chris McGehee
f319aca82d
Moving github worflow parsing to its own file
2021-11-08 17:00:40 -06:00
Azeem Shaikh
c73c5628ea
Fix GitHub workflows failing ( #1172 )
...
Co-authored-by: Azeem Shaikh <azeems@google.com>
Co-authored-by: laurentsimon <64505099+laurentsimon@users.noreply.github.com>
2021-10-28 18:42:55 +00:00
Azeem Shaikh
0ba864e9c2
Avoid panic in code ( #1171 )
...
Co-authored-by: Azeem Shaikh <azeems@google.com>
2021-10-27 12:24:02 -07:00
Chris McGehee
faab6969d6
Improve formatting, readability
2021-10-25 17:36:37 -05:00
Chris McGehee
c13783a040
🐛 Fixing parsing for Github workflow when matrix is an expression
2021-10-25 17:36:37 -05:00
Chris McGehee
cf9399aad4
🐛 Fixing parsing errors for github workflows ( #1131 )
2021-10-14 08:16:22 -07:00
Naveen
6c1c789dc5
🌱 v3 upgrade changes ( #1118 )
...
v3 go.mod changes
2021-10-07 18:16:01 -05:00
laurentsimon
7e73875acb
update msg ( #1086 )
2021-09-29 00:39:04 +00:00
Nanik
0590b03338
✨ change message to make it more easier for user ( #1003 )
...
to understand.
* reword the message
* add test for testing the mssage
2021-09-13 07:33:40 -07:00
Azeem Shaikh
e730e911e6
sce.Create -> sce.WithMessage for wrapcheck ( #995 )
...
Co-authored-by: Azeem Shaikh <azeems@google.com>
2021-09-10 15:50:33 +00:00
Nanik
1da121da29
✨ Give low importance to github-owned actions ( #802 ) ( #906 )
...
* Different calculation between github and non-github actions
* Add test case for different kind of github and non-github action
* Modify existing test as score calculation has changed
2021-09-09 12:16:31 -07:00
Chris McGehee
1c7ba79435
🐛 Github workflow steps run on Windows should default to pwsh as its shell ( #877 )
...
* Github workflow steps run on Windows should default to pwsh as its shell
* Style change from PR feedback
* Fixing linter error
* MR feedback: simplifying code
* Moving consts to top of file
Co-authored-by: laurentsimon <64505099+laurentsimon@users.noreply.github.com>
Co-authored-by: Azeem Shaikh <azeemshaikh38@gmail.com>
Co-authored-by: Naveen <172697+naveensrinivasan@users.noreply.github.com>
2021-09-07 09:09:20 -07:00
neil465
5476b878bd
✨ Removed unnecessary linters ( #969 )
...
* gomnd
* prealloc
* dupl
2021-09-07 10:45:12 -04:00
Chris McGehee
29b7bd3885
Parsing GitHub Workflows should only happen on yaml files
2021-09-06 10:51:33 -05:00
Chris McGehee
dbb23450e5
✨ Add line number to unpinned dependency: GitHub workflow "uses" field ( #821 )
...
* Display line number for github workflow "uses" field
* Adding test for line numbers
* Updating comment
* Updating this log message to use SARIF format
Co-authored-by: laurentsimon <64505099+laurentsimon@users.noreply.github.com>
2021-08-30 17:03:45 +00:00
Chris McGehee
c54d77b0d7
🐛 Only validate shell scripts supported by our parser ( #862 )
...
* Only validate shell scripts supported by our parser
* Updating tests, code quality
Co-authored-by: Abhishek Arya <inferno@chromium.org>
2021-08-19 08:18:45 -07:00
laurentsimon
e4f3ede843
✨ fix/enhance pinned-dependencies ( #806 )
...
* commit
* e2e tests
* typo
2021-08-03 23:32:34 +00:00
laurentsimon
29594d4294
✨ change signature of FileIfExist and FileContent ( #787 )
...
* draft
* add pinning
* remove functions
* typo
* commment
* name
2021-07-30 15:09:52 +00:00
laurentsimon
9edfe2a292
✨ rename Frozen-Deps to Pinned-Dependencies ( #765 )
...
* fix
* more tests
* e2e
* comments
* change name
* linnter
* rename
* lint
2021-07-27 16:32:24 -07:00