ossf/scorecard
1
1
Fork 0
mirror of https://github.com/ossf/scorecard.git synced 2024-09-19 13:07:17 +03:00
Code Issues Actions 2 Packages Projects Releases Wiki Activity
406 Commits 36 Branches 42 Tags 436 MiB
587f41117b
Commit Graph

406 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
naveen
018043f4cf Feat - e2e tests for gitcache buckets 
Implemented e2e tests for buckets.
 2021-03-05 08:08:47 -05:00
naveen
90d3fa7e70 Fix - Change log.fatal to error 
Fix the repo parsing from log.fatal to error. This was causing the
process to terminate.
 2021-03-04 20:06:46 -05:00
naveen
abb06c9dbc feat- Reorganize the code structure 
Reorganize the code structure for testing and maintenance.

Feat - Included http endpoint
 2021-03-04 19:08:47 -05:00
Naveen
c5528dba94
Update issue templates (#235) 2021-03-04 03:30:32 +00:00
Naveen
3e979657bf
Implemented docker for gitcache (#231) 
* Implemented caching the git folder instead of just a branch.
Implemented logging.
Refactored code.

* Feat - Implemented docker for gitcache
 2021-03-04 03:22:17 +00:00
Naveen
b4c2e4fd13
feat - migrate to go 1.16 (#233) 
Upgrade to go version 1.16
 2021-03-03 18:56:29 +00:00
Naveen
f0ff62d9eb
Feat - Included dependabot for gitcache (#232) 2021-03-02 16:51:04 -08:00
Naveen
c55c380e9b
Updated README (#230) 
* Updated README

Updated README to reflect the changes that are implemented.

* Update README.md
 2021-03-02 21:16:37 +00:00
Naveen
b1f037172a
gitcache - Scaling the scorecard scans (#227) 
* Feature - implemented gitcache to scale scorecard

* Create README.md

* Update README.md

* Feature - implemented gitcache to scale scorecard
 2021-03-02 02:00:01 +00:00
Edoardo Tenani
7f7c9fcb89
contributors: use go-github org API (#228) 
Replace direct call to HTTP URL with appropriate go-github API call.

Closes #175
 2021-03-01 16:24:18 -08:00
Abhishek Arya
a44dd6a758
Add pypi and ruby gems package support. (#226) 
Adds some more package managers to
https://github.com/ossf/scorecard/issues/33

Co-authored-by: Naveen <172697+naveensrinivasan@users.noreply.github.com>
 2021-03-01 11:21:20 -05:00
Naveen
47eda487f5
Fix - Updated golangci-lint based on warnings (#225) 
Fixed these deprecated linters

golangci_lint: unexpected output on stderr: level=warning msg="[runner]
The linter 'interfacer' is deprecated due to: The repository of the linter has been archived by the owner."
level=warning msg="[runner] The linter 'maligned' is deprecated due to:
The repository of the linter has been archived by the owner. Use govet 'fieldalignment' instead."
 2021-02-27 18:55:36 -08:00
naveen
7b192a0243 feat - Included tests for disk cache 
Included tests for disk cache.
Cleaned up tests.
 2021-02-26 15:46:21 -05:00
naveen
c2ff48dc59 feat-Reduced GitHub API calls for security check 
Reduced the number of calls to GitHub API from 16 to max of 2 calls.
Utilized tar ball to download and check for the contents of those files.
 2021-02-25 21:55:54 -05:00
naveen
6f2a0f43f4 Fix - Output path for the test runs 2021-02-25 15:59:39 -05:00
naveen
a7174d8ad7 Feature - Include e2e tests for docker 
Included e2e tests for docker.
Included .Dockerignore to ignore files.
Included Docker build in the Makefile.
 2021-02-25 11:02:45 -05:00
naveen
cab29a2747 Feat- Use cloud buckets for caching 
Use cloud buckets for httpcache.

The implementation uses https://github.com/google/go-cloud for it to be
cloud vendor agnostic.
 2021-02-24 11:17:50 -05:00
naveen
586e3d60be Doc - Update README with the TOC 
Updated the README with TOC and included instructions for docker usage.
 2021-02-23 10:47:44 -05:00
Naveen
79170187a2
Feat- Included dependabot for docker (#213) 2021-02-23 07:34:12 -08:00
naveen
7726ca7987 Feature - Include metadata in the results 
Included metadata that can be passed an argument to the command line.
The same metadata will returned the `json` results.
 2021-02-22 19:23:46 -05:00
naveen
9510d3e0d7 Fix - default disk cache size 
The default disk cache size is 100mb. Changed the default disk cache to
10gb.
 2021-02-22 18:19:56 -05:00
Naveen
db81680172
Feat-Implement httpcache middleware for GitHub API (#203) 
The GitHub API supports conditional requests
https://docs.github.com/en/rest/overview/resources-in-the-rest-api#conditional-requests

https://github.com/google/go-github supports Conditional requests
https://github.com/google/go-github#conditional-requests

As we are scaling more and more projects this would add a lot of value.

Initial run fetches information using `httpcache` as a middleware,
which caches the HTTP response initially in a large disk (PVC),
probably move to Redis later as a cache instead of disk.

Subsequent `cron runs` will utilize the `httpcache` for checking content modification and
load it from the cache if it isn't modified, which reduces the hitting the
Rate Limit of the GitHub API.
 2021-02-22 17:18:28 +00:00
Naveen
66af8d8235
Doc - Update contributing to reflect changes (#208) 2021-02-21 16:18:03 -08:00
Naveen
e0a02567fb
Fix - Cleanup the makefile targets (#207) 2021-02-21 23:35:39 +00:00
naveen
5018c5012c Fix - GitHub bot message URL for ok-to-test 
Fixed the incorrect URL to the ok-to-test bot message
 2021-02-19 14:04:24 -05:00
naveen
9c4a4596ed Testing - Slash command 2021-02-19 14:04:24 -05:00
dependabot[bot]
030ab1dbc5 Bump peter-evans/slash-command-dispatch from v1 to v2.1.3 
Bumps [peter-evans/slash-command-dispatch](https://github.com/peter-evans/slash-command-dispatch) from v1 to v2.1.3.
- [Release notes](https://github.com/peter-evans/slash-command-dispatch/releases)
- [Commits](https://github.com/peter-evans/slash-command-dispatch/compare/v1...72ab5a2e417e454aa8e89c43b28e36fe331e00a5)

Signed-off-by: dependabot[bot] <support@github.com>
 2021-02-19 08:28:45 -05:00
Edoardo Tenani
efd18c84a1 roundtripper: ignore gosec G101 error 
As per issue #172 this is not an issue, as there is no real GitHub token
in the constant.
 2021-02-19 08:23:57 -05:00
naveen
1e93904a66 Fix - Remove the app reference for the slash token 2021-02-18 16:14:12 -05:00
naveen
9b4b8be7e0 Feature - ok-to-test in github action 2021-02-18 15:45:55 -05:00
naveen
e94e53965e Fix - Changes to reflect the scorecard score 
The score of the scorecard is improving with signed-release and updating
the tests to reflect that.
 2021-02-17 20:40:58 -05:00
nathannaveen
1a00062a09 Fix - golangci issues gomnd, goconst 
Fixed the golangci issues for gomnd and goconst.
Added ginkgo dependency in the makefile.
 2021-02-17 18:22:18 -05:00
Nathan
554ca76bfe Fix - golangci issues gomnd, goconst 
Fixed the golangci issues for gomnd and goconst.
Added ginkgo dependency in the makefile.
 2021-02-17 18:22:18 -05:00
naveen
f906f3f568 Feature - sign releases 2021-02-17 17:53:41 -05:00
naveen
f57080098c Doc - Updates to README and CONTRIBUTING 2021-02-16 17:00:36 -05:00
naveen
ef4c8d0758 Fix - refactor the lint in the actions 2021-02-16 15:59:50 -05:00
Dan Lorenc
5958a04192 Slow down to every few days. 2021-02-16 14:48:31 -05:00
naveen
51f017b206 Fix - ignore empty github token 2021-02-16 14:35:22 -05:00
naveen
db7bfcf342 Fix - golanglint-ci report only new issues 2021-02-16 14:23:03 -05:00
naveen
ce8e1e79ea Feature - Include additional linters for golangci 
Included additional linters for golangci. The new linters would be
reported existing issues.
 2021-02-16 14:06:59 -05:00
naveen
7a713e5b43 Feature - Serve json response in http 
If the "Content-Type"== "application/json" then serve json response
 2021-02-16 11:26:09 -05:00
dependabot[bot]
64660915d6 Bump golangci/golangci-lint-action from v2 to v2.4.0 
Bumps [golangci/golangci-lint-action](https://github.com/golangci/golangci-lint-action) from v2 to v2.4.0.
- [Release notes](https://github.com/golangci/golangci-lint-action/releases)
- [Commits](https://github.com/golangci/golangci-lint-action/compare/v2...544d2efb307b3f205f34886f2787046abe7fb26e)

Signed-off-by: dependabot[bot] <support@github.com>
 2021-02-15 08:48:59 -05:00
Abhishek Arya
5fcaa98d6f
Add top 200 for all langs from criticality score repo. (#181) 
From https://github.com/ossf/criticality_score#public-data
and combine with existing projects list.
 2021-02-14 16:39:16 -05:00
naveen
b20e33c24b Fix - go build to static binaries 2021-02-14 15:01:41 -05:00
Abhishek Arya
fc251d9d42 Add security policy to e2e test. 2021-02-14 12:50:24 -05:00
naveen
af2132e927 Fix- e2e tests to include the executable 
Included e2e tests for the executable with JSON
 2021-02-14 11:46:17 -05:00
Naveen
30d69310c6
Fix - Organization checks for members (#170) 
* Fix - Organization checks for members

* Fix - Turn off automatic releasenotes generation

Turn off automatic release notes for CII https://bestpractices.coreinfrastructure.org/

* Fix - Organization checks for members
 2021-02-14 10:46:14 -05:00
naveen
70ff5a94ce Fix - Turn off automatic releasenotes generation 
Turn off automatic release notes for CII https://bestpractices.coreinfrastructure.org/
 2021-02-14 10:31:35 -05:00
Abhishek Arya
7336fa167a Add SECURITY.md 
Based on template from Anne.
Fixes https://github.com/ossf/scorecard/issues/165
 2021-02-13 14:53:06 -05:00
naveen
4bdc158018 Fix - packging workflow for docker push 2021-02-12 21:16:44 -05:00