Commit Graph

108 Commits

Author SHA1 Message Date
laurentsimon
70770e4501
Feat/deps msg (#513)
* ignore testdata/ files

* fix

* comments

* typo

* more specific messages
2021-05-26 17:54:37 -07:00
Chris McGehee
6b63f3f963
🌱 Fix lint issues: Replace golint with revive (#493)
* Fix lint issues: Replace golint with revive
golint is deprecated and recommended to be replaced with revive

* Updating comments to be more accurate

* Updating comments again

Co-authored-by: Azeem Shaikh <azeemshaikh38@gmail.com>
2021-05-24 11:34:33 -07:00
Chris McGehee
61ecad3151
Add new linter: gci (#498) 2021-05-23 20:51:52 -07:00
Chris McGehee
2e7a71fbf2
Fix lint issues: goerr113 linter (#491)
Co-authored-by: Azeem Shaikh <azeemshaikh38@gmail.com>
2021-05-22 12:36:47 -07:00
Chris McGehee
26d17907a6
Fix lint issues: stylecheck linter (#487)
Co-authored-by: Naveen <172697+naveensrinivasan@users.noreply.github.com>
2021-05-22 17:45:32 +00:00
Chris McGehee
35fece6491
Fix lint issues: lll linter (#486) 2021-05-22 17:29:18 +00:00
Chris McGehee
50f7ed8519
🌱Fix lint issues: gochecknoinits linter (#485)
* Fix lint issues: gochecknoinits linter

* Fix lint issues: gochecknoinits linter
2021-05-22 13:19:52 -04:00
Chris McGehee
f996065e40 Fix lint issues: gomnd linter 2021-05-22 01:09:09 -05:00
laurentsimon
eb0af441d1
[Frozen-deps]: Ignore testdata/ files (#481)
* ignore testdata/ files

* fix

* comments

* typo

* fix

* typo
2021-05-21 08:45:55 -07:00
laurentsimon
78933ac2f4 ignore scratch frm dockerfile imports 2021-05-20 13:23:27 -05:00
Chris McGehee
e75a9e19f9
Fix lint issues: govet linter (#478)
Reordering fields reduces struct size in memory

Co-authored-by: Azeem Shaikh <azeemshaikh38@gmail.com>
2021-05-19 23:38:58 -07:00
laurentsimon
ee3f290702
Add check for Docker dependency pinning by hash (#469)
* check pinning in docker files

* Revert "check pinning in docker files"

This reverts commit c05a5007b1.

* check pinning in docker files

* Revert "check pinning in docker files"

This reverts commit c05a5007b1.

* check pinning in docker files

* Revert "check pinning in docker files"

This reverts commit c05a5007b1.

* check pinning in docker files

* Revert "check pinning in docker files"

This reverts commit c05a5007b1.

* check pinning in docker files

* Revert "check pinning in docker files"

This reverts commit c05a5007b1.

* check dependencies pinning in docker files

* check docker files hash pinning

* remove logging

* make keyword matches case-insensitive

* remove log

* update unit tests

* check fix

* check dependencies pinning in docker files

* check docker files hash pinning

* remove logging

* remove log

* check fix

* comment

* linter

* commments

* check pinning in docker files

* Revert "check pinning in docker files"

This reverts commit c05a5007b1.

* check pinning in docker files

* Revert "check pinning in docker files"

This reverts commit c05a5007b1.

* check pinning in docker files

* Revert "check pinning in docker files"

This reverts commit c05a5007b1.

* check dependencies pinning in docker files

* check docker files hash pinning

* check fix

* check dependencies pinning in docker files

* check docker files hash pinning

* remove logging

* make keyword matches case-insensitive

* remove log

* check fix

* comment

* commments

* comments

* check pinning in docker files

* Revert "check pinning in docker files"

This reverts commit c05a5007b1.

* check pinning in docker files

* Revert "check pinning in docker files"

This reverts commit c05a5007b1.

* check pinning in docker files

* Revert "check pinning in docker files"

This reverts commit c05a5007b1.

* check dependencies pinning in docker files

* check docker files hash pinning

* remove logging

* make keyword matches case-insensitive

* check fix

* check dependencies pinning in docker files

* check docker files hash pinning

* check fix

* commments

* comments

* comments

* comments

* update mod

* remove continue keyword

* linter

* linter

* linter

* comments

* cleanup

* linter

* typos

* typos
2021-05-19 09:46:39 -07:00
Abhishek Arya
5f82d2b9c0
Add checks for workflow action pinning (#466)
Patch by Laurent Simon <laurentsimon@google.com>

Co-authored-by: Laurent Simon <laurentsimon@google.com>
2021-05-17 13:03:39 -07:00
laurentsimon
e46016d244
📖 Add more detailed doc for checks (#453)
* More detailed doc

* comment
2021-05-14 17:05:59 -07:00
Chris McGehee
fc82659e9c
🌱 Fix lint issues: gocognit linter (#433)
* Fix lint issues: gocognit linter
Before refactoring, CITests had a cognitive complexity of 51
(the upper limit is 30)

* Fix lint issues: gocognit linter
Addressing feedback

* Fix lint issues: gocognit linter
Before refactoring IsBranchProtected had a complexity of 33 (upper limit is 30)

Co-authored-by: Naveen <172697+naveensrinivasan@users.noreply.github.com>
Co-authored-by: Azeem Shaikh <azeemshaikh38@gmail.com>
2021-05-14 15:41:50 -04:00
Chris McGehee
3359f601cd Fix lint issues: nolintlint linter
The nestif directive was not being used
2021-05-13 09:31:56 -05:00
Chris McGehee
566f938364
Fix lint issues: dupl linter (#448)
Co-authored-by: Naveen <172697+naveensrinivasan@users.noreply.github.com>
2021-05-13 11:58:57 +00:00
laurentsimon
e616cc3161
❇️ Add sub-checks to Branch-Protection check (#436)
* Add sub-checks to Branch-Protection check

* run gofumpt

* comments

* comments

* typo

* comments

* comments
2021-05-11 18:26:27 -07:00
Laurent Simon
feafbf2610 Fix segfault issue #419 2021-05-07 20:30:22 -05:00
naveen
997b8f4a5d 📖 Update branch protection API
* Included need for admin access to the branch protection api to work.

 * Fixes  #350
2021-05-03 11:02:19 -05:00
naveen
09af32a993 Generate docs using go instead of python
* Implemented the doc generation from python to go
 * Removed the need for json
 * Sorted the output of the generated markdown
2021-05-02 19:46:07 -05:00
Chris McGehee
6a7142fe21 Fix lint issues: golint linter 2021-05-02 14:49:40 -05:00
Chris McGehee
c97b4e7b38 Fix lint issues: gofumpt linter
The previous commit that made the gofumpt fixes caused a new lint
violation for the dupl linter. Since these are test cases, we will add
nolint for these.
2021-05-02 13:18:19 -05:00
Chris McGehee
8402e6d9d0 Fix lint issues: gofumpt linter 2021-05-02 13:18:19 -05:00
Chris McGehee
83a0fbd5eb Fix lint issues: noctx linter 2021-05-02 11:59:39 -05:00
Chris McGehee
5151e8c301 Fix lint issues: nestif linter 2021-05-02 11:41:31 -05:00
Chris McGehee
4c6b500dea Fix lint issues: lll linter 2021-05-02 11:18:26 -05:00
Chris McGehee
87b5a6a922 Fix lint issues: godot linter 2021-05-02 11:14:01 -05:00
Chris McGehee
06993b72ce
🐛 Fix linting issues (1 of n) (#348)
* Fix lint issues: whitespace linter

* Fix lint issues: wrapcheck linter

* Fix lint issues: errcheck linter

* Fix lint issues: paralleltest linter

* Fix lint issues: gocritic linter
Most changes from this commit are from passing checker.CheckResult by reference and not by value. gocritic identified that as a huge parameter.
gocritic also prefers regexp.MustCompile over Compile when the pattern is a const
2021-04-19 12:18:34 -07:00
Oliver Chang
df27afd3b3
Make checks documentation machine readable. (#345)
*  Make checks documentation machine readable.

Make checks.yaml as a machine and human readable source of truth of
checks documentation.

A tiny Python script is also added to generate checks.json and checks.md
from this file.

* move checks scripts and files
2021-04-16 11:15:56 -07:00
Azeem Shaikh
a58818d258
🌱 : Reduce code duplication for follow-up cron refactoring (#338)
*  Refactor to reduce code duplication

* 

* Move lib/ back to checker/

* Move lib/ back to checker/

* Move lib/ back to checker/

* Address PR comments.

* Addressing PR comments.

* Avoid printing `ShouldRetry` and `Error` in output JSON.

* Fix JSON output.

Co-authored-by: Azeem Shaikh <azeems@google.com>
2021-04-10 07:26:56 -05:00
Naveen
4b4d0f0a01
Fix - out of memory error for large repository (#276)
The httpcache client caches everything in memory and if the repository
is large then the process gets evicted with oom.

Changed the implementation to use the standard http client to fetch the
tarball.
2021-03-14 21:50:17 -04:00
Edoardo Tenani
7f7c9fcb89
contributors: use go-github org API (#228)
Replace direct call to HTTP URL with appropriate go-github API call.

Closes #175
2021-03-01 16:24:18 -08:00
naveen
c2ff48dc59 feat-Reduced GitHub API calls for security check
Reduced the number of calls to GitHub API from 16 to max of 2 calls.
Utilized tar ball to download and check for the contents of those files.
2021-02-25 21:55:54 -05:00
nathannaveen
1a00062a09 Fix - golangci issues gomnd, goconst
Fixed the golangci issues for gomnd and goconst.
Added ginkgo dependency in the makefile.
2021-02-17 18:22:18 -05:00
Nathan
554ca76bfe Fix - golangci issues gomnd, goconst
Fixed the golangci issues for gomnd and goconst.
Added ginkgo dependency in the makefile.
2021-02-17 18:22:18 -05:00
Naveen
30d69310c6
Fix - Organization checks for members (#170)
* Fix - Organization checks for members

* Fix - Turn off automatic releasenotes generation

Turn off automatic release notes for CII https://bestpractices.coreinfrastructure.org/

* Fix - Organization checks for members
2021-02-14 10:46:14 -05:00
naveen
4bdc158018 Fix - packging workflow for docker push 2021-02-12 21:16:44 -05:00
Abhishek Arya
ad7cc4a951 Add colon before sha. 2021-02-12 14:26:54 -05:00
naveen
2ad8b35b91 Fixes - verifiedtag checks
The reason the tags aren't working for certain repositories is that because the Lightweight Tags
vs Annotated Tags

>Basically, lightweight tags are just pointers to specific commits. No further information is saved;
on the other hand, annotated tags are regular objects, which have an author and a
date and can be referred because they have their own SHA key.

https://api.github.com/repos/ossf/scorecard/git/refs/tags

```
[
  {
    "ref": "refs/tags/v1.0.0",
    "node_id": "MDM6UmVmMzAyNjcwNzk3OnJlZnMvdGFncy92MS4wLjA=",
    "url": "https://api.github.com/repos/ossf/scorecard/git/refs/tags/v1.0.0",
    "object": {
      "sha": "87997ffb5724cb479223a08a2890c60b0ea4bfbd",
      "type": "commit",
      "url": "87997ffb57"
    }
  },
  {
    "ref": "refs/tags/v1.1.0",
    "node_id": "MDM6UmVmMzAyNjcwNzk3OnJlZnMvdGFncy92MS4xLjA=",
    "url": "https://api.github.com/repos/ossf/scorecard/git/refs/tags/v1.1.0",
    "object": {
      "sha": "f2c633854602cf0c8f33164a169fb0a8454bee01",
      "type": "tag",
      "url": "f2c6338546"
    }
  }
]
```
Annotated tags

https://api.github.com/repos/kubernetes/kubernetes/git/refs/tags

```
[
  {
    "ref": "refs/tags/v0.2",
    "node_id": "MDM6UmVmMjA1ODA0OTg6cmVmcy90YWdzL3YwLjI=",
    "url": "https://api.github.com/repos/kubernetes/kubernetes/git/refs/tags/v0.2",
    "object": {
      "sha": "64dbf9ae21dd0deb485f88b79b96eb35ca855138",
      "type": "tag",
      "url": "64dbf9ae21"
    }
  }
  ]
```

The look for the tag fails because of there isn't a tag object but only a commit object.
87997ffb57

fixes #107
2021-02-12 14:26:54 -05:00
naveen
0d77d8938f Fix - tarball URL trailing slash
Fixed the tarball URL trailing slash which was causing Frozen-Dep checks
to fail.
2021-02-02 16:04:28 -05:00
naveen
93373f7787 Fixes - Incorrect result for branch protection 2021-01-26 18:39:12 -05:00
Abhishek Arya
09b83b9bf1 Fixes
- Fix nil exception in packaging on https://github.com/OSGeo/gdal
- Add jenkins ci in ci tests, tested on https://github.com/jenkinsci/jenkins
- Generalize function name in code review check.
2021-01-24 18:36:36 -05:00
naveen
33e9189d79 fix - panic on nil
Fixed the panic by doing a nil check. Fixes #135
2021-01-18 16:11:36 -05:00
Abhishek Arya
c00aa4b606 Add e2e tests for remaining checks. 2021-01-15 15:24:04 -05:00
Abhishek Arya
bcaa2e77f9 Lint fix. 2021-01-15 13:44:52 -05:00
Abhishek Arya
b5096bff45 Fix backslash. 2021-01-15 13:44:52 -05:00
Abhishek Arya
b278475af0 Fix CodeQL failure. 2021-01-15 13:44:52 -05:00
Abhishek Arya
dc8d1fecb9 Add packaging check. 2021-01-15 13:44:52 -05:00
Naveen
7b740ce470
fix - Handle nil structs in branch protection (#124)
Handle structs that could be nil while checking for branch protection.
2021-01-07 08:54:57 -08:00