laurentsimon
608da94aaf
✨ Raw results for Packaging check ( #1913 )
...
* update
* update
* update
* update
* update
* update
* update
* updates
* update
* update
* update
* update
* update
* update
* comments
2022-06-01 16:41:20 +00:00
laurentsimon
0f30f4eec7
✨ Make permission check aware of GH Pages Action ( #1902 )
...
* update
* update
* update
2022-05-11 20:41:37 -05:00
laurentsimon
8c97d46a36
✨ Add custom remediation for workflow permissions/pinned dependencies ( #1885 )
...
* draft
* update
* updates
* updates
* updates
* updates
* updates
* updates
2022-05-06 12:52:30 -07:00
dependabot[bot]
66b3d8ce5c
🌱 Bump github.com/golangci/golangci-lint from 1.44.2 to 1.45.0 in /tools ( #1757 )
...
* 🌱 Bump github.com/golangci/golangci-lint in /tools
Bumps [github.com/golangci/golangci-lint](https://github.com/golangci/golangci-lint ) from 1.44.2 to 1.45.0.
- [Release notes](https://github.com/golangci/golangci-lint/releases )
- [Changelog](https://github.com/golangci/golangci-lint/blob/master/CHANGELOG.md )
- [Commits](https://github.com/golangci/golangci-lint/compare/v1.44.2...v1.45.0 )
---
updated-dependencies:
- dependency-name: github.com/golangci/golangci-lint
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
* golangci-lint: Surface and fix as many lint warnings automatically
Signed-off-by: Stephen Augustus <foo@auggie.dev>
* generated: Run golangci-lint with `fix: true`
Signed-off-by: Stephen Augustus <foo@auggie.dev>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Stephen Augustus <foo@auggie.dev>
2022-03-23 02:23:39 +00:00
Chris McGehee
76105194da
📖 Adding missing documentation for Token-Permissions ( #1656 )
...
* Adding missing documentation for Token-Permissions
* Make documentation for `actions` more accurate
Co-authored-by: Naveen <172697+naveensrinivasan@users.noreply.github.com>
Co-authored-by: laurentsimon <64505099+laurentsimon@users.noreply.github.com>
2022-02-25 22:47:11 +00:00
Chris McGehee
808941a4c2
✨ Token-Permissions, Allow contents: write
permission only for jobs that are releasing ( #1663 )
...
* Token-Permissions, distinguish contents/package
Allowing `contents: write` permission only for jobs that are releasing
jobs, not just packaging jobs.
2022-02-23 00:23:07 +00:00
Azeem Shaikh
e41f8595cb
Generalize CheckFileContent functions ( #1670 )
...
Co-authored-by: Azeem Shaikh <azeems@google.com>
2022-02-22 17:40:34 -06:00
Azeem Shaikh
2b206dc365
Remove Version
field from LogMessage ( #1640 )
...
Co-authored-by: Azeem Shaikh <azeems@google.com>
2022-02-15 18:26:06 +00:00
Azeem Shaikh
2e3e505a8c
Simplify DetailLogger interface ( #1628 )
...
Co-authored-by: Azeem Shaikh <azeems@google.com>
2022-02-11 15:48:58 -08:00
Azeem Shaikh
6930c3ab3b
Add support for commit-based Scorecard ( #1613 )
...
Co-authored-by: Azeem Shaikh <azeems@google.com>
2022-02-07 19:03:36 -08:00
Azeem Shaikh
1c95237e4a
Only run allowed checks in different modes ( #1579 )
...
Co-authored-by: Azeem Shaikh <azeems@google.com>
2022-02-07 16:49:49 -08:00
naveen
f7b329e830
✨ Unit test for all_checks
...
Addresses https://github.com/ossf/scorecard/issues/435
Signed-off-by: naveen <172697+naveensrinivasan@users.noreply.github.com>
2022-01-12 17:24:38 -06:00
Azeem Shaikh
f2c57d2590
✨ Migrate to v4
2022-01-12 14:12:09 -06:00
laurentsimon
993e9c1010
update msg ( #1457 )
2022-01-10 22:22:39 +00:00
laurentsimon
df3d50df76
🐛 Fix score calculation for multiple files ( #1401 )
...
* multi file support
* fix multi-files permissions
* change name
* add tests
* use struct for files
* comments
* comment
2021-12-16 23:16:02 +00:00
Chris McGehee
f991fee32d
Adding line numbers for rest of Token-Permessions (and by extension, ( #1381 )
...
Packaging)
2021-12-14 04:14:35 +00:00
laurentsimon
6e013cf67d
✨ Token-Permission: Allow top level permissions not defined if all run level permissions are ( #1356 )
...
* doc
* allow non defined top level
* fix
* e2e fix
* linter
2021-12-08 01:18:28 +00:00
Chris McGehee
38b5199e9e
🐛 Adding line numbers to token-permissions and a couple other places ( #1363 )
...
* Adding line numbers to token-permissions and a couple other places
* Fix deadlink for security policy
Signed-off-by: Batuhan Apaydın <batuhan.apaydin@trendyol.com>
Co-authored-by: Furkan Türkal <furkan.turkal@trendyol.com>
* Updating formatting
Co-authored-by: Batuhan Apaydın <batuhan.apaydin@trendyol.com>
Co-authored-by: Furkan Türkal <furkan.turkal@trendyol.com>
2021-12-06 10:05:52 -06:00
laurentsimon
cc4949465b
✨ [Check split]: Binary-Artifacts ( #1244 )
...
* split binary artifact check
* fix
* missing file
* comments
* linter
* fix
* comments
* linter
2021-11-16 19:57:14 +00:00
laurentsimon
4502dfb557
✨ Reduce false positives in Token-Permissions for contents permission ( #1253 )
...
* fix
* tests
2021-11-16 03:03:54 +00:00
Chris McGehee
3dc507b9e1
Using library to parse github workflows
2021-11-08 17:00:40 -06:00
Chris McGehee
f319aca82d
Moving github worflow parsing to its own file
2021-11-08 17:00:40 -06:00
Chris McGehee
2006be1819
🐛 Token permission check was failing on non-yaml files
2021-11-04 06:19:10 -05:00
Naveen
6c1c789dc5
🌱 v3 upgrade changes ( #1118 )
...
v3 go.mod changes
2021-10-07 18:16:01 -05:00
Azeem Shaikh
e730e911e6
sce.Create -> sce.WithMessage for wrapcheck ( #995 )
...
Co-authored-by: Azeem Shaikh <azeems@google.com>
2021-09-10 15:50:33 +00:00
laurentsimon
6403eb1382
✨ Transition Packaging, SAST, Security-policy, Signed-releases check to the new structured detail format ( #887 )
...
* move checks to new format
* fix
* comments
* fix
* comments
2021-08-24 01:44:06 +00:00
laurentsimon
b731f450b9
✨ Transition Vulnerabilities, Permissions, CI-Tests, Dependency-Update-Tool, Code-Reviews to structured details ( #889 )
...
* move other checks togit add -u
* more checks
* fixes
2021-08-24 00:54:22 +00:00
laurentsimon
d821ea27ec
✨ improve token permission ( #811 )
...
* sarif action
* update
2021-08-05 17:10:34 +00:00
laurentsimon
b2b37161f3
✨ Improve token permission check ( #800 )
...
* draft
* draft 2
* draft3
* fix e2e
* comment
* comment
* check codeql
* missing files
* comments
* nit
* update msg
* msg
* nit
* nit
* msg
* e2e
* update doc
2021-08-03 00:56:45 +00:00
Azeem Shaikh
83e9f52501
Enable revive linters which are used in google3 ( #793 )
...
Co-authored-by: Azeem Shaikh <azeems@google.com>
2021-07-31 22:31:34 +00:00
laurentsimon
29594d4294
✨ change signature of FileIfExist and FileContent ( #787 )
...
* draft
* add pinning
* remove functions
* typo
* commment
* name
2021-07-30 15:09:52 +00:00
laurentsimon
c48fe4f9ed
✨ Make Token-Permission check more granular ( #773 )
...
* draft
* add tests
* add e2e2 tests
* typos
* typo
* fixes
* linter
* use named value
* comments
* comment
2021-07-30 00:13:01 +00:00
Naveen
4d7fb5d748
🌱 Fix the go.mod with v2 upgrade ( #716 )
...
The go.mod and the related files weren't t updated with the v2 upgrade.
https://github.com/ossf/scorecard/issues/711
This fix will address the issue.
2021-07-26 13:01:25 -05:00
Azeem Shaikh
9bf1cdc9ce
Update ListFiles API to return error ( #746 )
...
Co-authored-by: Azeem Shaikh <azeems@google.com>
2021-07-25 17:47:36 -07:00
laurentsimon
c741335683
✨ [migration to score] 3: branch protection, frozen-deps, token permissions ( #719 )
...
* details-1
* nits
* typo
* commments
* dependabot and binary artifacts checks
* typo
* linter
* missing errors.go
* linter
* merge fix
* branch protection, frozen-deps, token permissions
* linter
* linter
2021-07-21 09:21:43 -07:00
laurentsimon
2c9a05c721
✨ cleanup for token doc and code ( #552 )
...
* cleanup
* comment
2021-06-07 18:01:18 +00:00
laurentsimon
d528b6e626
✨ Cleanup code for github tokens #534 ( #539 )
...
* missed comments
* comments
2021-06-04 00:12:56 +00:00
laurentsimon
37d979f79b
✨ check for read-only permissions of github token ( #534 )
...
* check for read-only permissions of github token
* linter
* linter
* doc
* comments
* commments
* fix
* generate checks.mg
* update license
* linter
* comments
* license
* linter
* missing file
* linter
* license
* cleanup
2021-06-03 16:30:37 -07:00