Azeem Shaikh
6930c3ab3b
Add support for commit-based Scorecard ( #1613 )
...
Co-authored-by: Azeem Shaikh <azeems@google.com>
2022-02-07 19:03:36 -08:00
Azeem Shaikh
1c95237e4a
Only run allowed checks in different modes ( #1579 )
...
Co-authored-by: Azeem Shaikh <azeems@google.com>
2022-02-07 16:49:49 -08:00
Azeem Shaikh
eac2aecce6
Add support for commit-based lookup to GitHub APIs ( #1612 )
...
Co-authored-by: Azeem Shaikh <azeems@google.com>
2022-02-07 22:06:05 +00:00
naveen
68bf172e59
🌱 Unit tests fileparser/listing
...
Unit tests fileparser/listing
https://github.com/ossf/scorecard/issues/986
2022-02-07 15:33:18 -06:00
Naveen
30fc06e4a8
Fixed the formatting issue
2022-02-07 15:15:57 -06:00
naveen
aaf7a9f208
🌱 Cache builds between runs
...
Cache builds between runs.
2022-02-07 11:52:36 -06:00
naveen
049db386a5
🌱 Unit tests for dependency_update_tool
...
Unit tests for dependency_update_tool
https://github.com/ossf/scorecard/issues/986
Signed-off-by: naveen <172697+naveensrinivasan@users.noreply.github.com>
2022-02-07 11:05:37 -06:00
laurentsimon
873308016c
checks/packaging.go: ignore workflows/<>/ files ( #1591 )
2022-02-04 21:42:59 +00:00
Julia Ferraioli
95e7c030eb
Update the biweekly meeting times ( #1603 )
2022-02-04 20:50:41 +00:00
naveen
80cc0dd11e
🌱 Unit tests checks/ci_tests_test.go
...
Unit tests for tests checks/ci_tests_test.go
https://github.com/ossf/scorecard/issues/986
2022-02-04 13:26:16 -06:00
Behnaz Hassanshahi
f84291dcfd
🐛 Fix Dependabot check to accept .yaml file extension ( #1601 )
2022-02-03 23:53:32 +00:00
naveen
5e1fd5230c
🌱 Tweaking codecov config
2022-02-03 15:50:16 -06:00
naveen
35aad1dce5
🌱 Unit tests code-review for raw
...
Unit tests code-review for raw.
https://github.com/ossf/scorecard/issues/986
2022-02-03 13:22:39 -06:00
naveen
674f747d47
🌱 Unit tests for vulnerabilities raw package
...
Unit tests for vulnerabilities raw package
https://github.com/ossf/scorecard/issues/986
2022-02-03 13:00:35 -06:00
Arnout Engelen
28bf341a3f
📖 recommend nix-shell
over nix-env
...
Which is more idiomatic
2022-02-03 11:53:25 -06:00
naveen
634643e9f7
🌱 Unit test for fileparser/listing
...
Unit test for fileparser/listing
https://github.com/ossf/scorecard/issues/986
🌱 Unit test for fileparser/listing
Unit tests for fileparser/listing
https://github.com/ossf/scorecard/issues/986
Signed-off-by: naveen <172697+naveensrinivasan@users.noreply.github.com>
2022-02-03 11:01:57 -06:00
Martijn Pieters
88aa0e8159
📖 Add make install to Environment Setup
...
Fixes #1588
2022-02-03 10:39:37 -06:00
Azeem Shaikh
4581c363cf
Remove ListMergedPRs API ( #1566 )
...
Co-authored-by: Azeem Shaikh <azeems@google.com>
2022-02-03 00:01:35 +00:00
laurentsimon
9037444513
✨ Raw data for code review check ( #1505 )
...
* separate code review's eval and check
* missing file
* add comments
* fix
* fix
* linter
* fixes
* fix
* linter
* linter
* linter
* draft
* fixes
* fixes
* simplify
* update date
* rem comments
* typo
* linter
* typo
* linter
2022-02-02 19:51:38 +00:00
laurentsimon
7032b1910e
Ignore all files under testdata/ ( #1594 )
2022-02-02 19:17:21 +00:00
laurentsimon
0670b8bdee
pkg/sarif.go: Add score in message ( #1593 )
...
pkg/testdata/check6.sarif: Update message
2022-02-02 18:30:04 +00:00
naveen
009aa85e3f
🌱 Unit tests for Vulnerabilities
...
- Unit tests for Vulnerabilities
- https://github.com/ossf/scorecard/issues/986
2022-02-02 11:55:57 -06:00
naveen
05cedd7cf7
🌱 Categorize the Makefile
...
Categorize the makefile into sections for better readability.
Examples :- Development, Build and Tests
2022-02-02 11:17:23 -06:00
laurentsimon
79b216c956
checks/security_policy_test.go: updated unit tests ( #1590 )
...
checks/raw/security_policy.go: add support for .adoc policies
2022-02-02 08:31:42 -08:00
Arnout Engelen
24842de010
📖 remove inaccurate claim about github rendering emoji
...
GitHub renders `:xyz:` aliases in PR titles just fine nowadays.
2022-02-02 09:15:27 -06:00
laurentsimon
86d8281031
Do not parse non-dockerfile ( #1583 )
...
* draft
* checks/pinned_dependencies.go: added isDockerfiler()
checks/pinned_dependencies_test.go: added TestDockerfileInvalidFiles
* undo CodeQL
Co-authored-by: Naveen <172697+naveensrinivasan@users.noreply.github.com>
2022-02-01 23:50:15 +00:00
Azeem Shaikh
2d0e5381c2
Revert Committer.Name
change ( #1576 )
...
Co-authored-by: Azeem Shaikh <azeems@google.com>
2022-02-01 23:00:11 +00:00
naveen
e4eb6d247f
🌱 Unit tests for security policy
...
Unit tests for security policy.
https://github.com/ossf/scorecard/issues/986
2022-02-01 14:06:28 -06:00
dependabot[bot]
9d38be486e
🌱 Bump ossf/scorecard-action from 1.0.2 to 1.0.3
...
Bumps [ossf/scorecard-action](https://github.com/ossf/scorecard-action ) from 1.0.2 to 1.0.3.
- [Release notes](https://github.com/ossf/scorecard-action/releases )
- [Commits](c8416b0b2b...b614d455ee
)
---
updated-dependencies:
- dependency-name: ossf/scorecard-action
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
2022-02-01 12:12:33 -06:00
laurentsimon
cbbfebb0e8
✨ Mention renovatebot's settings ( #1575 )
...
* uupdate doc
* docs/checks/internal/checks.yaml: updated
docs/checks.md: updated
2022-01-31 15:41:20 -08:00
Azeem Shaikh
3995d31abf
Refactor some code ( #1567 )
...
Co-authored-by: Azeem Shaikh <azeems@google.com>
2022-01-31 21:41:42 +00:00
naveen
fae5ff334f
🌱 Unit tests for fileparser
...
Included additional tests for fileparser.
https://github.com/ossf/scorecard/issues/986
Signed-off-by: naveen <172697+naveensrinivasan@users.noreply.github.com>
2022-01-31 14:09:02 -06:00
Azeem Shaikh
58865e959e
Only return PRs assicated with recent commits ( #1562 )
...
Co-authored-by: Azeem Shaikh <azeems@google.com>
2022-01-29 18:55:26 -08:00
Stephen Augustus (he/him)
53f21cb523
README: s/Justin/Stephen ( #1565 )
...
...also fixes link to GitHub profile.
Signed-off-by: Stephen Augustus <foo@auggie.dev>
2022-01-29 10:32:07 -08:00
Azeem Shaikh
6962fb4858
Use committer name if login isn't available ( #1558 )
...
Co-authored-by: Azeem Shaikh <azeems@google.com>
2022-01-29 00:25:33 +00:00
Azeem Shaikh
29b14f82e3
Fix nil-ptr issue in e2e tests ( #1561 )
...
Co-authored-by: Azeem Shaikh <azeems@google.com>
2022-01-28 22:50:58 +00:00
naveen
70afae8b8f
🌱 Remove dead code
...
Remove dead code which isn't being used.
2022-01-28 14:05:29 -06:00
naveen
4c266d7192
🌱 Unit test for dependency_update_tool
...
Unit tests for dependency_update_tool
https://github.com/ossf/scorecard/issues/986
2022-01-28 10:57:57 -06:00
dependabot[bot]
b4eec8ed94
🌱 Bump github.com/onsi/gomega from 1.18.0 to 1.18.1
...
Bumps [github.com/onsi/gomega](https://github.com/onsi/gomega ) from 1.18.0 to 1.18.1.
- [Release notes](https://github.com/onsi/gomega/releases )
- [Changelog](https://github.com/onsi/gomega/blob/master/CHANGELOG.md )
- [Commits](https://github.com/onsi/gomega/compare/v1.18.0...v1.18.1 )
---
updated-dependencies:
- dependency-name: github.com/onsi/gomega
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
2022-01-28 08:42:09 +00:00
godofredoc
a69e1d97d4
🌱 Add Dart and Flutter CI systems to CI tests check. ( #1548 )
...
* Add Dart and Flutter CI systems to CI tests check.
The current check is looking at the github checks data to identify
whether a given PR ran tests. Flutter and Dart repos are failing the
check becuase their systems are not recognized as CI Systems.
Bug: https://github.com/ossf/scorecard/issues/1547
* Format file.
2022-01-28 01:42:50 +00:00
laurentsimon
40a9d48c91
Link to responsible disclosure guidelines in Security-Policy remediation doc ( #1545 )
...
* refer to repsonsible disclosure guidelines
* typo
2022-01-27 17:21:34 -05:00
Naveen
17467c1f13
🌱 Unit tests for binary_artifact ( #1512 )
2022-01-27 12:25:50 -06:00
dependabot[bot]
15a204fe1d
🌱 Bump github.com/goreleaser/goreleaser in /tools
...
Bumps [github.com/goreleaser/goreleaser](https://github.com/goreleaser/goreleaser ) from 1.3.1 to 1.4.1.
- [Release notes](https://github.com/goreleaser/goreleaser/releases )
- [Changelog](https://github.com/goreleaser/goreleaser/blob/main/.goreleaser.yaml )
- [Commits](https://github.com/goreleaser/goreleaser/compare/v1.3.1...v1.4.1 )
---
updated-dependencies:
- dependency-name: github.com/goreleaser/goreleaser
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
2022-01-27 08:51:06 +00:00
dependabot[bot]
074ba5a109
🌱 Bump github.com/onsi/ginkgo from 1.16.4 to 1.16.5 in /tools ( #1541 )
2022-01-27 03:20:16 +00:00
dependabot[bot]
bd2171b53a
🌱 Bump github.com/golangci/golangci-lint from 1.42.1 to 1.44.0 in /tools ( #1540 )
2022-01-27 02:56:56 +00:00
dependabot[bot]
10a5c1ade5
🌱 Bump github.com/goreleaser/goreleaser in /tools
...
Bumps [github.com/goreleaser/goreleaser](https://github.com/goreleaser/goreleaser ) from 1.0.0 to 1.3.1.
- [Release notes](https://github.com/goreleaser/goreleaser/releases )
- [Changelog](https://github.com/goreleaser/goreleaser/blob/main/.goreleaser.yaml )
- [Commits](https://github.com/goreleaser/goreleaser/compare/v1.0.0...v1.3.1 )
---
updated-dependencies:
- dependency-name: github.com/goreleaser/goreleaser
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
2022-01-27 01:30:14 +00:00
dependabot[bot]
d2d9ff4b9d
🌱 Bump golang.org/x/tools from 0.1.8 to 0.1.9
...
Bumps [golang.org/x/tools](https://github.com/golang/tools ) from 0.1.8 to 0.1.9.
- [Release notes](https://github.com/golang/tools/releases )
- [Commits](https://github.com/golang/tools/compare/v0.1.8...v0.1.9 )
---
updated-dependencies:
- dependency-name: golang.org/x/tools
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
2022-01-27 01:06:45 +00:00
naveen
3d5a08d4fe
🌱 Included dependabot setting for tools
...
Included dependabot setting for tools module to get updates.
2022-01-26 18:20:31 -06:00
Azeem Shaikh
d50788f638
Add Slack channel badge ( #1536 )
...
Adds a new badge pointing to our Slack channel.
2022-01-26 22:48:28 +00:00
laurentsimon
5f9fff3b20
✨ Separate check from policies for the Vulnerabilities check ( #1532 )
...
* raw vulnerabilities seperation
* update year
* missing files
* tests
2022-01-26 15:45:39 -05:00