ossf/scorecard
1
1
Fork 0
mirror of https://github.com/ossf/scorecard.git synced 2024-09-19 04:57:14 +03:00
Code Issues Actions 2 Packages Projects Releases Wiki Activity
554 Commits 36 Branches 42 Tags 436 MiB
53c056081b
Commit Graph

37 Commits

Author SHA1 Message Date
laurentsimon
53c056081b
[migration to score] 5: contributors, vulnerabilities, packaging and sast (#729) 
* contributors

* packaging

* vulnerabilities

* fix errors

* err

* errors
 2021-07-21 13:40:16 -07:00
laurentsimon
6f203e73b6
[migration to score] 4: active, fuzzing and code-review (#721) 
* details-1

* nits

* typo

* commments

* dependabot and binary artifacts checks

* typo

* linter

* missing errors.go

* linter

* merge fix

* active, fuzzing and code review checks

* e2e tests for fuzzing

* fixes
 2021-07-21 09:40:40 -07:00
laurentsimon
c741335683
[migration to score] 3: branch protection, frozen-deps, token permissions (#719) 
* details-1

* nits

* typo

* commments

* dependabot and binary artifacts checks

* typo

* linter

* missing errors.go

* linter

* merge fix

* branch protection, frozen-deps, token permissions

* linter

* linter
 2021-07-21 09:21:43 -07:00
laurentsimon
5e634c8945
[migration to score] 2: dependabot and binary artifact checks (#718) 
* details-1

* nits

* typo

* commments

* dependabot and binary artifacts checks

* typo

* linter

* missing errors.go

* linter

* merge fix

* dates
 2021-07-21 09:02:43 -07:00
Naveen
ca4f963eb7
🌱 Fix failing e2e tests (#696) 
The packaging docker image for scorecard has been removed from github
workflow to gcr.io.

This was causing the e2e check failing.

This fix will remove that check and address the failing e2e.
 2021-07-16 08:38:53 -07:00
naveen
219404e0b7 🌱 Removing gitcache 
Removing gitcache
 2021-07-13 01:03:21 -05:00
naveen
aeead94680 Included security.rst as SecurityPolicy 
* Included security.rst as name check for security policy.
 2021-07-04 16:18:51 -05:00
Oliver Chang
34621504fb
Add a Vulnerabilities check. (#628) 
Uses OSV to check this.

Fixes #52.
 2021-06-29 03:09:40 +00:00
laurentsimon
1829ee7600
🐛 Fix for e2e failures (#598) 
* draft

* fixes

* linter

* disable parallel

* comments

* commments

* linter
 2021-06-22 10:55:59 -07:00
Naveen
d00dd9c309
Automatic dependency update checks (#322) 
* Checks if the dependencies are automatically updated.
 2021-06-04 14:35:06 +00:00
Azeem Shaikh
030bc90932
Remove daily cron job from codebase (#530) 
Co-authored-by: Azeem Shaikh <azeems@google.com>
 2021-06-02 14:27:09 -07:00
Chris McGehee
61ecad3151
Add new linter: gci (#498) 2021-05-23 20:51:52 -07:00
Chris McGehee
587f41117b Fix lint issues: dupl linter 2021-05-23 11:49:33 -05:00
Abhishek Arya
5f82d2b9c0
Add checks for workflow action pinning (#466) 
Patch by Laurent Simon <laurentsimon@google.com>

Co-authored-by: Laurent Simon <laurentsimon@google.com>
 2021-05-17 13:03:39 -07:00
Chris McGehee
727bb58911
🌱 Fix lint issues: govet linter (#395) 
* Fix lint issues: govet linter
The fieldalignment analyzer informs you when structs would take up less
memory with their fields reordered.

* CheckResult.Details was not omitted as intended
Found by govet linter

* Removing possible breaking change

Co-authored-by: Naveen <172697+naveensrinivasan@users.noreply.github.com>
Co-authored-by: Azeem Shaikh <azeemshaikh38@gmail.com>
 2021-05-11 06:52:52 -07:00
Chris McGehee
0e15d65a0c Fix lint issues: dupl linter 2021-05-08 21:55:14 -05:00
Chris McGehee
6a7142fe21 Fix lint issues: golint linter 2021-05-02 14:49:40 -05:00
Chris McGehee
8402e6d9d0 Fix lint issues: gofumpt linter 2021-05-02 13:18:19 -05:00
naveen
360d6b8381 🌱 e2e tests for cronjob 
* Implemented basic e2e tests for cornjob
 2021-05-01 16:07:26 -05:00
Chris McGehee
06993b72ce
🐛 Fix linting issues (1 of n) (#348) 
* Fix lint issues: whitespace linter

* Fix lint issues: wrapcheck linter

* Fix lint issues: errcheck linter

* Fix lint issues: paralleltest linter

* Fix lint issues: gocritic linter
Most changes from this commit are from passing checker.CheckResult by reference and not by value. gocritic identified that as a huge parameter.
gocritic also prefers regexp.MustCompile over Compile when the pattern is a const
 2021-04-19 12:18:34 -07:00
Azeem Shaikh
a58818d258
🌱 : Reduce code duplication for follow-up cron refactoring (#338) 
*  Refactor to reduce code duplication

* 

* Move lib/ back to checker/

* Move lib/ back to checker/

* Move lib/ back to checker/

* Address PR comments.

* Addressing PR comments.

* Avoid printing `ShouldRetry` and `Error` in output JSON.

* Fix JSON output.

Co-authored-by: Azeem Shaikh <azeems@google.com>
 2021-04-10 07:26:56 -05:00
nathannaveen
f5185e4bd6 🌱 included copyright headers. 2021-04-01 21:36:10 -05:00
naveen
2978ae550a Fix - signed-tags e2e tests. 
The signed tags e2e tests were failing because apache/airflow pushed
tags without signing.

Changed from apache/airflow to bitcoin/bitcoin.
 2021-03-11 10:59:03 -05:00
naveen
7b192a0243 feat - Included tests for disk cache 
Included tests for disk cache.
Cleaned up tests.
 2021-02-26 15:46:21 -05:00
naveen
6f2a0f43f4 Fix - Output path for the test runs 2021-02-25 15:59:39 -05:00
naveen
cab29a2747 Feat- Use cloud buckets for caching 
Use cloud buckets for httpcache.

The implementation uses https://github.com/google/go-cloud for it to be
cloud vendor agnostic.
 2021-02-24 11:17:50 -05:00
naveen
7726ca7987 Feature - Include metadata in the results 
Included metadata that can be passed an argument to the command line.
The same metadata will returned the `json` results.
 2021-02-22 19:23:46 -05:00
naveen
e94e53965e Fix - Changes to reflect the scorecard score 
The score of the scorecard is improving with signed-release and updating
the tests to reflect that.
 2021-02-17 20:40:58 -05:00
Abhishek Arya
fc251d9d42 Add security policy to e2e test. 2021-02-14 12:50:24 -05:00
naveen
af2132e927 Fix- e2e tests to include the executable 
Included e2e tests for the executable with JSON
 2021-02-14 11:46:17 -05:00
Naveen
30d69310c6
Fix - Organization checks for members (#170) 
* Fix - Organization checks for members

* Fix - Turn off automatic releasenotes generation

Turn off automatic release notes for CII https://bestpractices.coreinfrastructure.org/

* Fix - Organization checks for members
 2021-02-14 10:46:14 -05:00
naveen
4bdc158018 Fix - packging workflow for docker push 2021-02-12 21:16:44 -05:00
naveen
93373f7787 Fixes - Incorrect result for branch protection 2021-01-26 18:39:12 -05:00
Abhishek Arya
c00aa4b606 Add e2e tests for remaining checks. 2021-01-15 15:24:04 -05:00
Abhishek Arya
5b7ddc55ab Add e2e test. 2021-01-15 13:44:52 -05:00
naveen
c4c99cd676 feature - Included the e2e into the PR workflows 
Validated the presence of the GITHU_AUTH_TOKEN variable presence before running the e2e.

Update the contributing doc with scopes of the personal access token.

Updated the workflow to include the e2e tests.
 2021-01-13 13:04:22 -05:00
Naveen
f77da7783b
feat-e2e tests for signed tags and signed releases (#115) 
Implemented e2e tests using ginkgo for validating signed tags and signed
releases.

ginkgo is utilized as a standard BDD testing framework in other
projects like kubebuilder.
 2021-01-01 14:36:31 -06:00