naveen
d2a14e0f2b
🌱 Unit tests for contributors
...
Implemented unit tests for contributors.
2022-01-10 11:24:05 -06:00
naveen
911463714b
✨ Unit tests github_workflow
2022-01-10 08:29:29 -06:00
dependabot[bot]
1e821a1231
🌱 Bump ossf/scorecard-action from 0.0.1 to 0.0.2
...
Bumps [ossf/scorecard-action](https://github.com/ossf/scorecard-action ) from 0.0.1 to 0.0.2.
- [Release notes](https://github.com/ossf/scorecard-action/releases )
- [Commits](175f59783f...5f4e3145c8
)
---
updated-dependencies:
- dependency-name: ossf/scorecard-action
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
2022-01-10 08:00:54 -06:00
naveen
bb42878e63
✨ Unit test for security policy
...
Unit tests for security policy
2022-01-09 23:09:22 -06:00
naveen
b5d34a6489
✨ Unit tests for listing file
...
Included tests for listing.go
2022-01-07 18:19:07 -06:00
Naveen
93e05a4e3d
✨ Unit test for maintained check ( #1449 )
...
Included unit tests for maintained check.
Co-authored-by: laurentsimon <64505099+laurentsimon@users.noreply.github.com>
2022-01-07 23:49:34 +00:00
laurentsimon
87a2d09822
🐛 Remove inconclusive result from SAST ( #1447 )
...
* remove inconclusive
* fix comment
2022-01-07 15:22:49 -08:00
Naveen
192ae4d18f
Unit tests for signed releases ( #1446 )
...
Implemented tests for signed releases.
2022-01-06 16:49:06 -08:00
Azeem Shaikh
f36e2223ce
Update BigQuery access instructions ( #1442 )
...
Co-authored-by: Naveen <172697+naveensrinivasan@users.noreply.github.com>
2022-01-06 21:06:23 +00:00
laurentsimon
e2d3e8e1a5
inconclusive results should not be reported ( #1443 )
2022-01-06 20:40:16 +00:00
laurentsimon
165d4b562f
✨ Update messages for pinning warning ( #1440 )
...
* update msg
* update msg
2022-01-06 18:03:42 +00:00
dependabot[bot]
d6c8bb40d7
🌱 Bump ossf/scorecard-action ( #1435 )
...
Bumps [ossf/scorecard-action](https://github.com/ossf/scorecard-action ) from 5fc8ff3ee41559cbd1079b561414c8fe3272afab to 0.0.1. This release includes the previously tagged commit.
- [Release notes](https://github.com/ossf/scorecard-action/releases )
- [Commits](5fc8ff3ee4...175f59783f
)
---
updated-dependencies:
- dependency-name: ossf/scorecard-action
dependency-type: direct:production
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Naveen <172697+naveensrinivasan@users.noreply.github.com>
2022-01-06 17:33:31 +00:00
naveen
cc4b52b0d8
✨ Included test for OSV Vulnerabilities
2022-01-06 10:21:18 -06:00
laurentsimon
f94bf80dda
Delete scorecard-policy.yml ( #1439 )
...
We no longer need this policy file.
2022-01-06 01:35:02 +00:00
laurentsimon
7a91384f8d
✨ Add line numbers for insecure downloads ( #1413 )
...
* add lines for docker files
* support for other constructs
* other insecure patterns
* fixes
* fixes
* comments
2022-01-06 00:13:53 +00:00
laurentsimon
48f10693e0
add stepsec ( #1438 )
2022-01-05 22:53:50 +00:00
olivekl
09a41a93b4
Update README.md ( #1436 )
...
Add risk levels to table of Scorecards Checks section; remove lists of each risk level in the Scoring section. (To streamline navigation; keeps the same info but just in shorter format)
2022-01-05 22:01:51 +00:00
naveen
25cfdb7b13
Fixed the long lines
2022-01-04 13:55:58 -06:00
naveen
de39061cc5
🌱 Refactor vulnerabilities client
2022-01-04 13:55:58 -06:00
naveen
c8f15a495e
🌱 Refactor the osv check into a interface
...
Refactor the osv check into a interface for that it can be tested.
2022-01-04 13:55:58 -06:00
laurentsimon
c11772788a
add links ( #1433 )
2022-01-04 12:05:15 -06:00
dependabot[bot]
f84475d77e
🌱 Bump distroless/base in /cron/webhook
...
Bumps distroless/base from `46d4514` to `02f6671`.
---
updated-dependencies:
- dependency-name: distroless/base
dependency-type: direct:production
...
Signed-off-by: dependabot[bot] <support@github.com>
2022-01-01 12:01:57 -06:00
laurentsimon
5613b68191
fix linnks ( #1430 )
2021-12-31 23:26:14 +00:00
dependabot[bot]
2ac1d738ac
🌱 Bump distroless/base from 46d4514
to 02f6671
...
Bumps distroless/base from `46d4514` to `02f6671`.
---
updated-dependencies:
- dependency-name: distroless/base
dependency-type: direct:production
...
Signed-off-by: dependabot[bot] <support@github.com>
2021-12-31 14:03:36 -06:00
dependabot[bot]
4c7289a09f
🌱 Bump distroless/base in /cron/controller
...
Bumps distroless/base from `46d4514` to `02f6671`.
---
updated-dependencies:
- dependency-name: distroless/base
dependency-type: direct:production
...
Signed-off-by: dependabot[bot] <support@github.com>
2021-12-31 13:18:26 -06:00
laurentsimon
5d472a8eab
update doc ( #1431 )
2021-12-31 12:53:27 -06:00
laurentsimon
ea7c9c1d32
update doc ( #1429 )
2021-12-28 20:00:53 -06:00
Naveen
f965a82e2c
📖 Included goreport in the README ( #1409 )
...
Co-authored-by: Azeem Shaikh <azeemshaikh38@gmail.com>
2021-12-28 16:15:49 +00:00
dependabot[bot]
8b41a86377
🌱 Bump distroless/base in /cron/worker
...
Bumps distroless/base from `46d4514` to `02f6671`.
---
updated-dependencies:
- dependency-name: distroless/base
dependency-type: direct:production
...
Signed-off-by: dependabot[bot] <support@github.com>
2021-12-28 09:45:29 -06:00
laurentsimon
30aaa2677c
enum start at 0 ( #1422 )
2021-12-24 02:53:17 +00:00
laurentsimon
0e20950839
fix ( #1419 )
2021-12-24 01:16:10 +00:00
laurentsimon
70fa923907
info to debug ( #1416 )
2021-12-23 17:27:40 -06:00
laurentsimon
cf71c9539c
✨ Add details to message for default location in SARIF ( #1414 )
...
* add details to message
* fix
2021-12-23 19:06:02 +00:00
dependabot[bot]
eef99b5ce0
🌱 Bump actions/setup-go from 2.1.4 to 2.1.5 ( #1407 )
2021-12-22 08:40:44 -06:00
laurentsimon
3c1e8148d4
✨ Do not expose sarif and policy command ( #1405 )
...
* hide sarif support
* use variable
2021-12-21 18:05:56 +00:00
laurentsimon
6f21258131
reduce score by 1 ( #1404 )
2021-12-21 17:28:31 +00:00
dependabot[bot]
090ae4f0bb
🌱 Bump actions/stale from 4.0.0 to 4.1.0 ( #1384 )
...
Bumps [actions/stale](https://github.com/actions/stale ) from 4.0.0 to 4.1.0.
- [Release notes](https://github.com/actions/stale/releases )
- [Changelog](https://github.com/actions/stale/blob/main/CHANGELOG.md )
- [Commits](cdf15f641a...7fb802b307
)
---
updated-dependencies:
- dependency-name: actions/stale
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Naveen <172697+naveensrinivasan@users.noreply.github.com>
2021-12-17 17:53:20 +00:00
dependabot[bot]
f9daa4e3cc
🌱 Bump github.com/rhysd/actionlint from 1.6.7 to 1.6.8 ( #1267 )
...
Bumps [github.com/rhysd/actionlint](https://github.com/rhysd/actionlint ) from 1.6.7 to 1.6.8.
- [Release notes](https://github.com/rhysd/actionlint/releases )
- [Changelog](https://github.com/rhysd/actionlint/blob/main/CHANGELOG.md )
- [Commits](https://github.com/rhysd/actionlint/compare/v1.6.7...v1.6.8 )
---
updated-dependencies:
- dependency-name: github.com/rhysd/actionlint
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Naveen <172697+naveensrinivasan@users.noreply.github.com>
2021-12-17 17:24:32 +00:00
laurentsimon
df3d50df76
🐛 Fix score calculation for multiple files ( #1401 )
...
* multi file support
* fix multi-files permissions
* change name
* add tests
* use struct for files
* comments
* comment
2021-12-16 23:16:02 +00:00
laurentsimon
3d9b1d2900
✨ [RAW] Branch Protection support ( #1396 )
...
* raw bp
* missing files
* context never nil
* support raw bp
* unit tests
* remove comments
* merging
* linter
2021-12-16 21:42:05 +00:00
asraa
c795615321
✨ Enable dangerous workflow in release test ( #1402 )
...
* enable dangerous workflow in release test
Signed-off-by: Asra Ali <asraa@google.com>
* fix
Signed-off-by: Asra Ali <asraa@google.com>
Co-authored-by: Azeem Shaikh <azeemshaikh38@gmail.com>
2021-12-16 18:49:49 +00:00
Azeem Shaikh
26733c95be
Update timeout for retries ( #1403 )
...
Co-authored-by: Azeem Shaikh <azeems@google.com>
2021-12-16 10:25:35 -08:00
Azeem Shaikh
be7fe32866
Fix more retry breakages ( #1398 )
...
Co-authored-by: Azeem Shaikh <azeems@google.com>
2021-12-15 23:27:23 +00:00
Azeem Shaikh
ecc96576f4
Refactor to improve readability ( #1394 )
...
Co-authored-by: Azeem Shaikh <azeems@google.com>
2021-12-15 15:01:34 -08:00
Azeem Shaikh
bbbca2bd87
Fix retry workflow ( #1397 )
...
Co-authored-by: Azeem Shaikh <azeems@google.com>
2021-12-15 14:31:46 -08:00
naveen
a13b63eae2
🌱 Improves the ci-e2e with retries
2021-12-15 12:50:36 -06:00
laurentsimon
f2cee41ca9
✨ [RAW]: dependency update tool ( #1391 )
...
* dependency update tool
* rename
* missing files
* add fields
* rm field
2021-12-15 17:02:31 +00:00
Jason Hall
cef72f0f7d
🐛 Fix ko build workflows in Makefile ( #1392 )
...
* Use ko to build everything in cloudbuild.yaml
* --push=false and undo cloudbuild.yaml changes for now
2021-12-15 10:35:07 -06:00
laurentsimon
46e94eb925
✨ [DRAFT: RAW]: Security policy support ( #1372 )
...
* raw sec policy
* missing file
* fix validation of check.yml
* updates
* comments
* dea code
* comments
2021-12-14 23:51:42 +00:00
laurentsimon
551961718d
✨ [RAW] End-to-end support for raw results for Binary-Artifacts ( #1255 )
...
* split binary artifact check
* fix
* missing file
* comments
* fix
* comments
* draft
* merge fix
* fix merge
* add indirection
* comments
* comments
* linter
* comments
* updates
* updates
* updates
* linter
* comments
2021-12-14 21:10:24 +00:00