ossf/scorecard
1
1
Fork 0
mirror of https://github.com/ossf/scorecard.git synced 2024-09-19 13:07:17 +03:00
Code Issues Actions 2 Packages Projects Releases Wiki Activity
1,137 Commits 36 Branches 42 Tags 436 MiB
6930c3ab3b
Commit Graph

1137 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
naveen
d2a14e0f2b 🌱 Unit tests for contributors 
Implemented unit tests for contributors.
 2022-01-10 11:24:05 -06:00
naveen
911463714b Unit tests github_workflow 2022-01-10 08:29:29 -06:00
dependabot[bot]
1e821a1231 🌱 Bump ossf/scorecard-action from 0.0.1 to 0.0.2 
Bumps [ossf/scorecard-action](https://github.com/ossf/scorecard-action) from 0.0.1 to 0.0.2.
- [Release notes](https://github.com/ossf/scorecard-action/releases)
- [Commits](175f59783f...5f4e3145c8)

---
updated-dependencies:
- dependency-name: ossf/scorecard-action
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2022-01-10 08:00:54 -06:00
naveen
bb42878e63 Unit test for security policy 
Unit tests for security policy
 2022-01-09 23:09:22 -06:00
naveen
b5d34a6489 Unit tests for listing file 
Included tests for listing.go
 2022-01-07 18:19:07 -06:00
Naveen
93e05a4e3d
Unit test for maintained check (#1449) 
Included unit tests for maintained check.

Co-authored-by: laurentsimon <64505099+laurentsimon@users.noreply.github.com>
 2022-01-07 23:49:34 +00:00
laurentsimon
87a2d09822
🐛 Remove inconclusive result from SAST (#1447) 
* remove inconclusive

* fix comment
 2022-01-07 15:22:49 -08:00
Naveen
192ae4d18f
Unit tests for signed releases (#1446) 
Implemented tests for signed releases.
 2022-01-06 16:49:06 -08:00
Azeem Shaikh
f36e2223ce
Update BigQuery access instructions (#1442) 
Co-authored-by: Naveen <172697+naveensrinivasan@users.noreply.github.com>
 2022-01-06 21:06:23 +00:00
laurentsimon
e2d3e8e1a5
inconclusive results should not be reported (#1443) 2022-01-06 20:40:16 +00:00
laurentsimon
165d4b562f
Update messages for pinning warning (#1440) 
* update msg

* update msg
 2022-01-06 18:03:42 +00:00
dependabot[bot]
d6c8bb40d7
🌱 Bump ossf/scorecard-action (#1435) 
Bumps [ossf/scorecard-action](https://github.com/ossf/scorecard-action) from 5fc8ff3ee41559cbd1079b561414c8fe3272afab to 0.0.1. This release includes the previously tagged commit.
- [Release notes](https://github.com/ossf/scorecard-action/releases)
- [Commits](5fc8ff3ee4...175f59783f)

---
updated-dependencies:
- dependency-name: ossf/scorecard-action
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Naveen <172697+naveensrinivasan@users.noreply.github.com>
 2022-01-06 17:33:31 +00:00
naveen
cc4b52b0d8 Included test for OSV Vulnerabilities 2022-01-06 10:21:18 -06:00
laurentsimon
f94bf80dda
Delete scorecard-policy.yml (#1439) 
We no longer need this policy file.
 2022-01-06 01:35:02 +00:00
laurentsimon
7a91384f8d
Add line numbers for insecure downloads (#1413) 
* add lines for docker files

* support for other constructs

* other insecure patterns

* fixes

* fixes

* comments
 2022-01-06 00:13:53 +00:00
laurentsimon
48f10693e0
add stepsec (#1438) 2022-01-05 22:53:50 +00:00
olivekl
09a41a93b4
Update README.md (#1436) 
Add risk levels to table of Scorecards Checks section; remove lists of each risk level in the Scoring section. (To streamline navigation; keeps the same info but just in shorter format)
 2022-01-05 22:01:51 +00:00
naveen
25cfdb7b13 Fixed the long lines 2022-01-04 13:55:58 -06:00
naveen
de39061cc5 🌱 Refactor vulnerabilities client 2022-01-04 13:55:58 -06:00
naveen
c8f15a495e 🌱 Refactor the osv check into a interface 
Refactor the osv check into a interface for that it can be tested.
 2022-01-04 13:55:58 -06:00
laurentsimon
c11772788a
add links (#1433) 2022-01-04 12:05:15 -06:00
dependabot[bot]
f84475d77e 🌱 Bump distroless/base in /cron/webhook 
Bumps distroless/base from `46d4514` to `02f6671`.

---
updated-dependencies:
- dependency-name: distroless/base
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
 2022-01-01 12:01:57 -06:00
laurentsimon
5613b68191
fix linnks (#1430) 2021-12-31 23:26:14 +00:00
dependabot[bot]
2ac1d738ac 🌱 Bump distroless/base from 46d4514 to 02f6671 
Bumps distroless/base from `46d4514` to `02f6671`.

---
updated-dependencies:
- dependency-name: distroless/base
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
 2021-12-31 14:03:36 -06:00
dependabot[bot]
4c7289a09f 🌱 Bump distroless/base in /cron/controller 
Bumps distroless/base from `46d4514` to `02f6671`.

---
updated-dependencies:
- dependency-name: distroless/base
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
 2021-12-31 13:18:26 -06:00
laurentsimon
5d472a8eab
update doc (#1431) 2021-12-31 12:53:27 -06:00
laurentsimon
ea7c9c1d32
update doc (#1429) 2021-12-28 20:00:53 -06:00
Naveen
f965a82e2c
📖 Included goreport in the README (#1409) 
Co-authored-by: Azeem Shaikh <azeemshaikh38@gmail.com>
 2021-12-28 16:15:49 +00:00
dependabot[bot]
8b41a86377 🌱 Bump distroless/base in /cron/worker 
Bumps distroless/base from `46d4514` to `02f6671`.

---
updated-dependencies:
- dependency-name: distroless/base
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
 2021-12-28 09:45:29 -06:00
laurentsimon
30aaa2677c
enum start at 0 (#1422) 2021-12-24 02:53:17 +00:00
laurentsimon
0e20950839
fix (#1419) 2021-12-24 01:16:10 +00:00
laurentsimon
70fa923907
info to debug (#1416) 2021-12-23 17:27:40 -06:00
laurentsimon
cf71c9539c
Add details to message for default location in SARIF (#1414) 
* add details to message

* fix
 2021-12-23 19:06:02 +00:00
dependabot[bot]
eef99b5ce0
🌱 Bump actions/setup-go from 2.1.4 to 2.1.5 (#1407) 2021-12-22 08:40:44 -06:00
laurentsimon
3c1e8148d4
Do not expose sarif and policy command (#1405) 
* hide sarif support

* use variable
 2021-12-21 18:05:56 +00:00
laurentsimon
6f21258131
reduce score by 1 (#1404) 2021-12-21 17:28:31 +00:00
dependabot[bot]
090ae4f0bb
🌱 Bump actions/stale from 4.0.0 to 4.1.0 (#1384) 
Bumps [actions/stale](https://github.com/actions/stale) from 4.0.0 to 4.1.0.
- [Release notes](https://github.com/actions/stale/releases)
- [Changelog](https://github.com/actions/stale/blob/main/CHANGELOG.md)
- [Commits](cdf15f641a...7fb802b307)

---
updated-dependencies:
- dependency-name: actions/stale
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Naveen <172697+naveensrinivasan@users.noreply.github.com>
 2021-12-17 17:53:20 +00:00
dependabot[bot]
f9daa4e3cc
🌱 Bump github.com/rhysd/actionlint from 1.6.7 to 1.6.8 (#1267) 
Bumps [github.com/rhysd/actionlint](https://github.com/rhysd/actionlint) from 1.6.7 to 1.6.8.
- [Release notes](https://github.com/rhysd/actionlint/releases)
- [Changelog](https://github.com/rhysd/actionlint/blob/main/CHANGELOG.md)
- [Commits](https://github.com/rhysd/actionlint/compare/v1.6.7...v1.6.8)

---
updated-dependencies:
- dependency-name: github.com/rhysd/actionlint
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Naveen <172697+naveensrinivasan@users.noreply.github.com>
 2021-12-17 17:24:32 +00:00
laurentsimon
df3d50df76
🐛 Fix score calculation for multiple files (#1401) 
* multi file support

* fix multi-files permissions

* change name

* add tests

* use struct for files

* comments

* comment
 2021-12-16 23:16:02 +00:00
laurentsimon
3d9b1d2900
[RAW] Branch Protection support (#1396) 
* raw bp

* missing files

* context never nil

* support raw bp

* unit tests

* remove comments

* merging

* linter
 2021-12-16 21:42:05 +00:00
asraa
c795615321
Enable dangerous workflow in release test (#1402) 
* enable dangerous workflow in release test

Signed-off-by: Asra Ali <asraa@google.com>

* fix

Signed-off-by: Asra Ali <asraa@google.com>

Co-authored-by: Azeem Shaikh <azeemshaikh38@gmail.com>
 2021-12-16 18:49:49 +00:00
Azeem Shaikh
26733c95be
Update timeout for retries (#1403) 
Co-authored-by: Azeem Shaikh <azeems@google.com>
 2021-12-16 10:25:35 -08:00
Azeem Shaikh
be7fe32866
Fix more retry breakages (#1398) 
Co-authored-by: Azeem Shaikh <azeems@google.com>
 2021-12-15 23:27:23 +00:00
Azeem Shaikh
ecc96576f4
Refactor to improve readability (#1394) 
Co-authored-by: Azeem Shaikh <azeems@google.com>
 2021-12-15 15:01:34 -08:00
Azeem Shaikh
bbbca2bd87
Fix retry workflow (#1397) 
Co-authored-by: Azeem Shaikh <azeems@google.com>
 2021-12-15 14:31:46 -08:00
naveen
a13b63eae2 🌱 Improves the ci-e2e with retries 2021-12-15 12:50:36 -06:00
laurentsimon
f2cee41ca9
[RAW]: dependency update tool (#1391) 
* dependency update tool

* rename

* missing files

* add fields

* rm field
 2021-12-15 17:02:31 +00:00
Jason Hall
cef72f0f7d
🐛 Fix ko build workflows in Makefile (#1392) 
* Use ko to build everything in cloudbuild.yaml

* --push=false and undo cloudbuild.yaml changes for now
 2021-12-15 10:35:07 -06:00
laurentsimon
46e94eb925
[DRAFT: RAW]: Security policy support (#1372) 
* raw sec policy

* missing file

* fix validation of check.yml

* updates

* comments

* dea code

* comments
 2021-12-14 23:51:42 +00:00
laurentsimon
551961718d
[RAW] End-to-end support for raw results for Binary-Artifacts (#1255) 
* split binary artifact check

* fix

* missing file

* comments

* fix

* comments

* draft

* merge fix

* fix merge

* add indirection

* comments

* comments

* linter

* comments

* updates

* updates

* updates

* linter

* comments
 2021-12-14 21:10:24 +00:00