scorecard

mirror of https://github.com/ossf/scorecard.git synced 2024-11-10 12:27:01 +03:00

Author	SHA1	Message	Date
AdamKorcz	de022dacc4	🌱 convert vulnerabilities check to probe (#3487 ) * 🌱 convert vulnerabilities check to probe Signed-off-by: AdamKorcz <adam@adalogics.com> * rename probe + nits Signed-off-by: AdamKorcz <adam@adalogics.com> * edit def.yml Signed-off-by: AdamKorcz <adam@adalogics.com> * Add vuln ID dynamically to def.yml Signed-off-by: AdamKorcz <adam@adalogics.com> * Elaborate the purpose of test data in unit test Signed-off-by: AdamKorcz <adam@adalogics.com> * Move logging out of loop and change logic of negativeFindings() Signed-off-by: AdamKorcz <adam@adalogics.com> * preserve number of vulns found in output Signed-off-by: AdamKorcz <adam@adalogics.com> * Preserve grouping of vulns Signed-off-by: AdamKorcz <adam@adalogics.com> * fix linter issues Signed-off-by: AdamKorcz <adam@adalogics.com> * Add remediation data Signed-off-by: AdamKorcz <adam@adalogics.com> * use checker.LogFindings() Signed-off-by: AdamKorcz <adam@adalogics.com> --------- Signed-off-by: AdamKorcz <adam@adalogics.com>	2023-10-25 10:02:24 -07:00
Spencer Schrock	f2bbd0af62	remove sonatype lift (#3605 ) Signed-off-by: Spencer Schrock <sschrock@google.com>	2023-10-24 20:46:57 -04:00
AdamKorcz	ae75bbb70e	🌱 Add probe support for contributors metrics (#3460 ) * 🌱 Add probe support for contributors metrics Signed-off-by: AdamKorcz <adam@adalogics.com> * fix lint issues Signed-off-by: AdamKorcz <adam@adalogics.com> * change 'contributorsWith' to 'contributorsFrom' Signed-off-by: AdamKorcz <adam@adalogics.com> * change remediation difficulty Signed-off-by: AdamKorcz <adam@adalogics.com> * fix nits Signed-off-by: AdamKorcz <adam@adalogics.com> * Updates to checks and checks/evaluation Signed-off-by: AdamKorcz <adam@adalogics.com> * fix tests like in #3409 Signed-off-by: AdamKorcz <adam@adalogics.com> * fix raw test Signed-off-by: AdamKorcz <adam@adalogics.com> * Update description in def.yml Signed-off-by: AdamKorcz <adam@adalogics.com> * move logic out of utils Signed-off-by: AdamKorcz <adam@adalogics.com> * add comment to consolidate unit test validation Signed-off-by: AdamKorcz <adam@adalogics.com> * change a couple of t.Fatal to t.Error Signed-off-by: AdamKorcz <adam@adalogics.com> * un-remove comment Signed-off-by: AdamKorcz <adam@adalogics.com> * remove map Signed-off-by: AdamKorcz <adam@adalogics.com> * fix typo Signed-off-by: AdamKorcz <adam@adalogics.com> * remove lint comment Signed-off-by: AdamKorcz <adam@adalogics.com> * fix incorrect -1/0 scoring Signed-off-by: AdamKorcz <adam@adalogics.com> * Do not specify 'Github' in def.yml Signed-off-by: AdamKorcz <adam@adalogics.com> * do not mention 'which companies' in def.yml Signed-off-by: AdamKorcz <adam@adalogics.com> * Rename tests Signed-off-by: AdamKorcz <adam@adalogics.com> * Use getRawResults and uncomment logging statement Signed-off-by: AdamKorcz <adam@adalogics.com> * Define return values of probe better Signed-off-by: AdamKorcz <adam@adalogics.com> * Use proportional score instead of min score Signed-off-by: AdamKorcz <adam@adalogics.com> * revert changed scoring Signed-off-by: AdamKorcz <adam@adalogics.com> * fix incorrect function name Signed-off-by: AdamKorcz <adam@adalogics.com> * remove utility function that finds non-positive outcomes Signed-off-by: AdamKorcz <adam@adalogics.com> * rebase with latest upstream main and fix linter issues Signed-off-by: AdamKorcz <adam@adalogics.com> * Log findings in one statements except a logging statements per finding Signed-off-by: AdamKorcz <adam@adalogics.com> * redefine conditional logic Signed-off-by: AdamKorcz <adam@adalogics.com> * rebase Signed-off-by: AdamKorcz <adam@adalogics.com> * remove unused function Signed-off-by: AdamKorcz <adam@adalogics.com> --------- Signed-off-by: AdamKorcz <adam@adalogics.com>	2023-10-24 14:02:18 -07:00
AdamKorcz	1aca1d9445	🌱 convert packaging check to probe (#3486 ) * 🌱 convert packaging check to probe Signed-off-by: AdamKorcz <adam@adalogics.com> * amend text in def.yml Signed-off-by: AdamKorcz <adam@adalogics.com> * Correct short description in def.yml Signed-off-by: AdamKorcz <adam@adalogics.com> * log negative findings Signed-off-by: AdamKorcz <adam@adalogics.com> * rename probe Signed-off-by: AdamKorcz <adam@adalogics.com> * Fix the broken e2e test: The probe returned minimum score instead of inconclusive score which was not consistent with the previous scoring. This commit also removes the debug statements Signed-off-by: AdamKorcz <adam@adalogics.com> * change score text Signed-off-by: AdamKorcz <adam@adalogics.com> * include file details. process all packaging workflows Signed-off-by: AdamKorcz <adam@adalogics.com> --------- Signed-off-by: AdamKorcz <adam@adalogics.com>	2023-10-24 19:12:05 +00:00
AdamKorcz	0e3a5233ae	🌱 Add license probe (#3465 ) * 🌱 Add license probe Signed-off-by: AdamKorcz <adam@adalogics.com> * [WIP] add two remaining license checks as probes Signed-off-by: AdamKorcz <adam@adalogics.com> * fix nits Signed-off-by: AdamKorcz <adam@adalogics.com> * Use Errorf in test Signed-off-by: AdamKorcz <adam@adalogics.com> * use zrunner Signed-off-by: AdamKorcz <adam@adalogics.com> * fix wrong return value Signed-off-by: AdamKorcz <adam@adalogics.com> * fix linting issues and remove empty default Signed-off-by: AdamKorcz <adam@adalogics.com> * fix double if statement Signed-off-by: AdamKorcz <adam@adalogics.com> * Remove struct field from test Signed-off-by: AdamKorcz <adam@adalogics.com> * Add test for nil-case of license files slice Signed-off-by: AdamKorcz <adam@adalogics.com> * rewrite multiple def.ymls Signed-off-by: AdamKorcz <adam@adalogics.com> * fix nits Signed-off-by: AdamKorcz <adam@adalogics.com> * Add unit test with multiple unapproved license files Signed-off-by: AdamKorcz <adam@adalogics.com> * Add link to approved license formats Signed-off-by: AdamKorcz <adam@adalogics.com> * fix linting Signed-off-by: AdamKorcz <adam@adalogics.com> * remove comment Signed-off-by: AdamKorcz <adam@adalogics.com> * preserve logging from original check Signed-off-by: AdamKorcz <adam@adalogics.com> * fix typo Signed-off-by: AdamKorcz <adam@adalogics.com> * remove redundant map manipulation Signed-off-by: AdamKorcz <adam@adalogics.com> * rename hasApproveLicense probe Signed-off-by: AdamKorcz <adam@adalogics.com> * Return OutcomeNotApplicable if hasFSFOrOSIApprovedLicense probe does not find a license Signed-off-by: AdamKorcz <adam@adalogics.com> * Include license file locations in log Signed-off-by: AdamKorcz <adam@adalogics.com> * fix linting issues Signed-off-by: AdamKorcz <adam@adalogics.com> * replace strings filtering with OutcomeNotApplicable in hasLicenseFileAtTopDir probe Signed-off-by: AdamKorcz <adam@adalogics.com> * Fix linter issue Signed-off-by: AdamKorcz <adam@adalogics.com> * Include location of found license files Signed-off-by: AdamKorcz <adam@adalogics.com> --------- Signed-off-by: AdamKorcz <adam@adalogics.com>	2023-10-24 11:48:41 -07:00
DavidKorczynski	bd640f72e9	✨ Add additional fuzzing probes (#3473 ) * Extend with additional fuzzing probes Signed-off-by: David Korczynski <david@adalogics.com> * fix formatting Signed-off-by: David Korczynski <david@adalogics.com> * cleanup formatting Signed-off-by: David Korczynski <david@adalogics.com> * make skip testing optional Signed-off-by: David Korczynski <david@adalogics.com> * address reviews Signed-off-by: David Korczynski <david@adalogics.com> * add todo Signed-off-by: David Korczynski <david@adalogics.com> * nit Signed-off-by: David Korczynski <david@adalogics.com> * nit Signed-off-by: David Korczynski <david@adalogics.com> * add swift fuzzing probe Signed-off-by: David Korczynski <david@adalogics.com> * avoid changing OnMatchingFileContentDo Signed-off-by: David Korczynski <david@adalogics.com> * nit Signed-off-by: David Korczynski <david@adalogics.com> * undo matching file content extension Signed-off-by: David Korczynski <david@adalogics.com> * nit: fix constant Signed-off-by: David Korczynski <david@adalogics.com> * test all fileMatchPatterns per client Signed-off-by: David Korczynski <david@adalogics.com> * fix test logging counts Signed-off-by: David Korczynski <david@adalogics.com> * nit Signed-off-by: David Korczynski <david@adalogics.com> --------- Signed-off-by: David Korczynski <david@adalogics.com>	2023-10-09 22:41:58 +00:00
AdamKorcz	1c8f6a8e62	🌱 Add probe test utility (#3541 ) Signed-off-by: AdamKorcz <adam@adalogics.com>	2023-10-06 10:51:41 -07:00
AdamKorcz	bcb88bd4f6	📖 Change thru to through (#3449 ) Signed-off-by: AdamKorcz <adam@adalogics.com>	2023-09-04 11:50:15 -07:00
laurentsimon	f05496b994	✨ Re-factor probe utils (#3408 ) * re-factor probe utils Signed-off-by: laurentsimon <laurentsimon@google.com> * missing error.go file Signed-off-by: laurentsimon <laurentsimon@google.com> --------- Signed-off-by: laurentsimon <laurentsimon@google.com>	2023-08-21 13:16:41 -07:00
laurentsimon	d177169ec2	✨ [experimental] Probe support for fuzzing check (#3230 ) * update Signed-off-by: laurentsimon <laurentsimon@google.com> * update Signed-off-by: laurentsimon <laurentsimon@google.com> * update Signed-off-by: laurentsimon <laurentsimon@google.com> * update Signed-off-by: laurentsimon <laurentsimon@google.com> * update Signed-off-by: laurentsimon <laurentsimon@google.com> * update Signed-off-by: laurentsimon <laurentsimon@google.com> * update Signed-off-by: laurentsimon <laurentsimon@google.com> * update Signed-off-by: laurentsimon <laurentsimon@google.com> * update Signed-off-by: laurentsimon <laurentsimon@google.com> * comments Signed-off-by: laurentsimon <laurentsimon@google.com> * unit tests and linter Signed-off-by: laurentsimon <laurentsimon@google.com> * remove raw from check request in e2e tests Signed-off-by: laurentsimon <laurentsimon@google.com> * remove redundant finding check Signed-off-by: laurentsimon <laurentsimon@google.com> * typo Signed-off-by: laurentsimon <laurentsimon@google.com> * adress comments Signed-off-by: laurentsimon <laurentsimon@google.com> --------- Signed-off-by: laurentsimon <laurentsimon@google.com>	2023-08-21 17:50:20 +00:00
laurentsimon	a8b255a224	✨ [experimental] Probe support for security policy check (#3241 ) * update Signed-off-by: laurentsimon <laurentsimon@google.com> * update Signed-off-by: laurentsimon <laurentsimon@google.com> * update Signed-off-by: laurentsimon <laurentsimon@google.com> * update Signed-off-by: laurentsimon <laurentsimon@google.com> * update Signed-off-by: laurentsimon <laurentsimon@google.com> * update Signed-off-by: laurentsimon <laurentsimon@google.com> * update Signed-off-by: laurentsimon <laurentsimon@google.com> * update Signed-off-by: laurentsimon <laurentsimon@google.com> * update Signed-off-by: laurentsimon <laurentsimon@google.com> * update Signed-off-by: laurentsimon <laurentsimon@google.com> * update Signed-off-by: laurentsimon <laurentsimon@google.com> * update Signed-off-by: laurentsimon <laurentsimon@google.com> * update Signed-off-by: laurentsimon <laurentsimon@google.com> * fix unit tests Signed-off-by: laurentsimon <laurentsimon@google.com> * comments Signed-off-by: laurentsimon <laurentsimon@google.com> * compilation fix Signed-off-by: laurentsimon <laurentsimon@google.com> * missing file Signed-off-by: laurentsimon <laurentsimon@google.com> * missing file Signed-off-by: laurentsimon <laurentsimon@google.com> * update reason string Signed-off-by: laurentsimon <laurentsimon@google.com> * typo Signed-off-by: laurentsimon <laurentsimon@google.com> * fix unit tests Signed-off-by: laurentsimon <laurentsimon@google.com> * typo Signed-off-by: laurentsimon <laurentsimon@google.com> * unit tests and linnter Signed-off-by: laurentsimon <laurentsimon@google.com> * comments Signed-off-by: laurentsimon <laurentsimon@google.com> * comments Signed-off-by: laurentsimon <laurentsimon@google.com> * missing file Signed-off-by: laurentsimon <laurentsimon@google.com> * unit tests for probes Signed-off-by: laurentsimon <laurentsimon@google.com> * linter Signed-off-by: laurentsimon <laurentsimon@google.com> * revert FileSize change Signed-off-by: laurentsimon <laurentsimon@google.com> --------- Signed-off-by: laurentsimon <laurentsimon@google.com>	2023-08-04 04:52:15 +00:00
Martin Costello	81ed5450b7	📖 Update GitHub documentation links (#3318 ) - Update Dependabot documentation links. - Remove language from GitHub documentation URLs. Signed-off-by: martincostello <martin@martincostello.com>	2023-07-26 12:21:22 -07:00
laurentsimon	f293779ec2	✨ [experimental] Support for new `--format probe` (#3048 ) * update Signed-off-by: laurentsimon <laurentsimon@google.com> * update Signed-off-by: laurentsimon <laurentsimon@google.com> * update Signed-off-by: laurentsimon <laurentsimon@google.com> * update Signed-off-by: laurentsimon <laurentsimon@google.com> * update Signed-off-by: laurentsimon <laurentsimon@google.com> * update Signed-off-by: laurentsimon <laurentsimon@google.com> * update Signed-off-by: laurentsimon <laurentsimon@google.com> * update Signed-off-by: laurentsimon <laurentsimon@google.com> * update Signed-off-by: laurentsimon <laurentsimon@google.com> * update Signed-off-by: laurentsimon <laurentsimon@google.com> * update Signed-off-by: laurentsimon <laurentsimon@google.com> * update Signed-off-by: laurentsimon <laurentsimon@google.com> * update Signed-off-by: laurentsimon <laurentsimon@google.com> * update Signed-off-by: laurentsimon <laurentsimon@google.com> * update Signed-off-by: laurentsimon <laurentsimon@google.com> * update Signed-off-by: laurentsimon <laurentsimon@google.com> * update Signed-off-by: laurentsimon <laurentsimon@google.com> --------- Signed-off-by: laurentsimon <laurentsimon@google.com>	2023-06-07 18:15:39 +00:00
laurentsimon	1a336d8087	✨ [experimental] Add probe code and support for Tool-Update-Dependency (#2944 ) * update Signed-off-by: laurentsimon <laurentsimon@google.com> * update Signed-off-by: laurentsimon <laurentsimon@google.com> * update Signed-off-by: laurentsimon <laurentsimon@google.com> * update Signed-off-by: laurentsimon <laurentsimon@google.com> * update Signed-off-by: laurentsimon <laurentsimon@google.com> * update Signed-off-by: laurentsimon <laurentsimon@google.com> * update Signed-off-by: laurentsimon <laurentsimon@google.com> * update Signed-off-by: laurentsimon <laurentsimon@google.com> --------- Signed-off-by: laurentsimon <laurentsimon@google.com>	2023-05-22 18:13:24 -07:00

14 Commits