ossf/scorecard
1
1
Fork 0
mirror of https://github.com/ossf/scorecard.git synced 2024-09-19 13:07:17 +03:00
Code Issues Actions 2 Packages Projects Releases Wiki Activity
553 Commits 36 Branches 42 Tags 436 MiB
6f203e73b6
Commit Graph

68 Commits

Author SHA1 Message Date
laurentsimon
45ea97e502
Add more github token names for env variable (#694) 
* draft

* commit 1

* dead code

* comments

* merge fix

* typo
 2021-07-19 18:56:42 +00:00
Naveen
f4f1e110c7
📖 Included docker documentation in README (#681) 
* Included docker run for easier consumption of scorecard.
 2021-07-16 17:18:42 +00:00
laurentsimon
dd1a412b85
Update readme (#634) 
* update readme

* comments
 2021-06-29 19:02:12 +00:00
Naveen
ec7755da82 Removed Code Coverage 2021-06-29 13:45:22 -05:00
Oliver Chang
34621504fb
Add a Vulnerabilities check. (#628) 
Uses OSV to check this.

Fixes #52.
 2021-06-29 03:09:40 +00:00
Azeem Shaikh
96ea5577d1
Update documentation (#583) 
Co-authored-by: Azeem Shaikh <azeems@google.com>
 2021-06-16 21:05:46 -07:00
Naveen
ecc072c3b7
📖 Updated README with community content (#547) 
Included slack channel
Included bi-weekly meeting link
 2021-06-04 21:47:45 +00:00
Chas. J. Owens IV
1ec9ada137
correct the path to a file (#543) 
correct path to the file that lists the projects checked each night

Co-authored-by: Naveen <172697+naveensrinivasan@users.noreply.github.com>
 2021-06-04 15:08:30 +00:00
Naveen
14dfc45fae
🌱 Move the docker containers to gcr.io (#419) 
* Included a build on push to master on gcr.io
  * Updated the README with the gcr.io
  * Removed the docker.yaml build push
 2021-05-11 14:11:06 +00:00
Naveen
a440bf6294
🌱 Removed the dockerbuild experimental features (#409) 
* Removed the docker build experimental feature so that cloudbuild can
build.
 2021-05-07 07:49:30 -05:00
Oliver Chang
df27afd3b3
Make checks documentation machine readable. (#345) 
*  Make checks documentation machine readable.

Make checks.yaml as a machine and human readable source of truth of
checks documentation.

A tiny Python script is also added to generate checks.json and checks.md
from this file.

* move checks scripts and files
 2021-04-16 11:15:56 -07:00
naveen
27ec7fff8d Docs - Updated the docs for cron 
Included a section within the CONTRIBUTING.md about the dailyscore and
cron job.
 2021-03-15 12:38:58 -04:00
naveen
3d6b080241 Doc - Included gitcache documentation 
Included documentation for gitcache.
 2021-03-12 19:24:29 -05:00
Abhishek Arya
a44dd6a758
Add pypi and ruby gems package support. (#226) 
Adds some more package managers to
https://github.com/ossf/scorecard/issues/33

Co-authored-by: Naveen <172697+naveensrinivasan@users.noreply.github.com>
 2021-03-01 11:21:20 -05:00
naveen
cab29a2747 Feat- Use cloud buckets for caching 
Use cloud buckets for httpcache.

The implementation uses https://github.com/google/go-cloud for it to be
cloud vendor agnostic.
 2021-02-24 11:17:50 -05:00
naveen
586e3d60be Doc - Update README with the TOC 
Updated the README with TOC and included instructions for docker usage.
 2021-02-23 10:47:44 -05:00
Naveen
db81680172
Feat-Implement httpcache middleware for GitHub API (#203) 
The GitHub API supports conditional requests
https://docs.github.com/en/rest/overview/resources-in-the-rest-api#conditional-requests

https://github.com/google/go-github supports Conditional requests
https://github.com/google/go-github#conditional-requests

As we are scaling more and more projects this would add a lot of value.

Initial run fetches information using `httpcache` as a middleware,
which caches the HTTP response initially in a large disk (PVC),
probably move to Redis later as a cache instead of disk.

Subsequent `cron runs` will utilize the `httpcache` for checking content modification and
load it from the cache if it isn't modified, which reduces the hitting the
Rate Limit of the GitHub API.
 2021-02-22 17:18:28 +00:00
naveen
9c4a4596ed Testing - Slash command 2021-02-19 14:04:24 -05:00
naveen
f57080098c Doc - Updates to README and CONTRIBUTING 2021-02-16 17:00:36 -05:00
Abhishek Arya
fc251d9d42 Add security policy to e2e test. 2021-02-14 12:50:24 -05:00
Naveen
ca1d6e85f0
Doc - Update README with the docker image (#163) 2021-02-11 15:27:16 -08:00
naveen
f385b0d9df Feature - run scans from npm pacakge name 
Implemented scans from npm package name.
 2021-02-02 16:07:41 -05:00
Abhishek Arya
8493b0b9a0 Add remediation steps for various checks. 2021-01-27 08:19:49 -05:00
naveen
2a1463b315 Feature - Report codecoverage to codecov.io 2021-01-26 17:49:11 -05:00
Abhishek Arya
dc8d1fecb9 Add packaging check. 2021-01-15 13:44:52 -05:00
naveen
1d26654130 Document - Included instruction for GITHUB_AUTH_TOKEN 
Included instruction that GITHUB_AUTH_TOKEN supports round robin with
multiple tokens.
 2021-01-11 13:19:58 -05:00
Naveen
b11fad8a81
feature - Included the status badge in README (#125) 
Included the status badge for build, golanglint-ci and CodeQL.
 2021-01-07 11:40:55 -08:00
Abhishek Arya
3191c55963
Update README.md 2021-01-05 10:43:41 -08:00
Abhishek Arya
650fe0a1c3
Update README.md 2021-01-05 10:31:18 -08:00
naveen
5d84b86148 Merge branch 'main' into feature/protected-branches 2021-01-05 12:32:06 -05:00
Abhishek Arya
b86fae0b4d
Fix https://github.com/ossf/scorecard/issues/121 2021-01-05 09:28:21 -08:00
naveen
9ce57c0804 feature - Checks for branch protections 
Implemented Branch protections checks.

Signed-off-by: naveen <172697+naveensrinivasan@users.noreply.github.com>
 2021-01-05 12:27:50 -05:00
Naveen
15a1ba0536
feat - nonroot docker container (#114) 
* feat - nonroot docker container

Changed the docker container to nonroot

* Feat - New Dockerfile for non-cron job

Created a new Dockerfile for non-cron job.
Moved the existing Dockerfile into cron folder for cron specific.

Signed-off-by: naveen <172697+naveensrinivasan@users.noreply.github.com>

* Fix - The Docker version information in the README

Updated the README to include docker version information required for
Dockerfile.

Signed-off-by: naveen <172697+naveensrinivasan@users.noreply.github.com>
 2021-01-05 07:45:15 -06:00
Tom
87997ffb57
Update SonarCloud link in README.md (#88) 2020-12-02 08:00:29 -06:00
Tom
c3dabb2cba
Add SonarCloud to the SAST check (#85) 
* Add SonarCloud to the SAST check

* Apply review feedback
 2020-12-01 08:32:37 -06:00
dlorenc
24fa4cca5e
Add support for and hookup app based authentication for higher rate limiting. (#69) 
This also configures it in our nightly cron cluster.
 2020-11-13 11:06:46 -06:00
Abhishek Arya
f9bfb3c980
More helper links on README.md 2020-11-12 19:29:55 -08:00
Kim Lewandowski
8a14c6cea9
Merge pull request #67 from dlorenc/jsoncron 
Switch the nightly to use json.
 2020-11-12 18:18:39 -08:00
Abhishek Arya
1259d3240f
Fixes #60 (#66) 2020-11-12 20:14:59 -06:00
Dan Lorenc
3350a2d0bf Switch the nightly to use json. 2020-11-12 20:13:34 -06:00
Abhishek Arya
e6bee47202
Update README.md 2020-11-12 10:59:02 -08:00
dlorenc
62ae708944
Add a JSON format mode. (#65) 
This is usable as is, but is also desigend to be easy to import into a database.
 2020-11-12 12:47:08 -06:00
dlorenc
ef19bdf032
Add a Dockerfile and k8s cron job to upload files to GCS each night. (#59) 2020-11-12 12:26:38 -06:00
Abhishek Arya
bc5ee3cb47
Add helper hyperlinks for check references. 2020-11-09 19:15:46 -08:00
Abhishek Arya
56bd21bdba
Update README.md 2020-11-09 18:29:37 -08:00
Dan Lorenc
268aea59d2 Add CSV formatting mode. 
This allows the user to specify "--format=csv" to get the results output in CSV columns.
 2020-11-09 18:23:30 -06:00
Kim Lewandowski
68bc599017
adding logo (#44) 
Co-authored-by: Kim Lewandowski <klewandowski@google.com>
 2020-11-06 11:36:23 -06:00
Kim Lewandowski
3c790163dd moving contributing section down 2020-11-05 12:27:10 -08:00
Dan Lorenc
237e28b246 Add Best Practices WG meeting invite. 2020-10-27 14:35:05 -05:00
Kim Lewandowski
8c33c8ae69
Merge pull request #35 from dlorenc/docs 
Cleanup docs and add new page for checks.
 2020-10-26 13:55:10 -07:00