ossf/scorecard
1
1
Fork 0
mirror of https://github.com/ossf/scorecard.git synced 2024-09-17 11:57:12 +03:00
Code Issues Actions 6 Packages Projects Releases Wiki Activity
208 Commits 36 Branches 42 Tags 436 MiB
7336fa167a
Commit Graph

208 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Abhishek Arya
7336fa167a Add SECURITY.md 
Based on template from Anne.
Fixes https://github.com/ossf/scorecard/issues/165
 2021-02-13 14:53:06 -05:00
naveen
4bdc158018 Fix - packging workflow for docker push 2021-02-12 21:16:44 -05:00
Naveen
c77e995ae5
Fix - output message for non default output (#167) 
The json output had non-json output. Fixed it output only for default
output.
 2021-02-12 18:13:54 -08:00
naveen
cb7ee064b9 Feature - container scanning for scorecard 2021-02-12 17:01:58 -05:00
Abhishek Arya
ad7cc4a951 Add colon before sha. 2021-02-12 14:26:54 -05:00
naveen
2ad8b35b91 Fixes - verifiedtag checks 
The reason the tags aren't working for certain repositories is that because the Lightweight Tags
vs Annotated Tags

>Basically, lightweight tags are just pointers to specific commits. No further information is saved;
on the other hand, annotated tags are regular objects, which have an author and a
date and can be referred because they have their own SHA key.

https://api.github.com/repos/ossf/scorecard/git/refs/tags

```
[
  {
    "ref": "refs/tags/v1.0.0",
    "node_id": "MDM6UmVmMzAyNjcwNzk3OnJlZnMvdGFncy92MS4wLjA=",
    "url": "https://api.github.com/repos/ossf/scorecard/git/refs/tags/v1.0.0",
    "object": {
      "sha": "87997ffb5724cb479223a08a2890c60b0ea4bfbd",
      "type": "commit",
      "url": "87997ffb57"
    }
  },
  {
    "ref": "refs/tags/v1.1.0",
    "node_id": "MDM6UmVmMzAyNjcwNzk3OnJlZnMvdGFncy92MS4xLjA=",
    "url": "https://api.github.com/repos/ossf/scorecard/git/refs/tags/v1.1.0",
    "object": {
      "sha": "f2c633854602cf0c8f33164a169fb0a8454bee01",
      "type": "tag",
      "url": "f2c6338546"
    }
  }
]
```
Annotated tags

https://api.github.com/repos/kubernetes/kubernetes/git/refs/tags

```
[
  {
    "ref": "refs/tags/v0.2",
    "node_id": "MDM6UmVmMjA1ODA0OTg6cmVmcy90YWdzL3YwLjI=",
    "url": "https://api.github.com/repos/kubernetes/kubernetes/git/refs/tags/v0.2",
    "object": {
      "sha": "64dbf9ae21dd0deb485f88b79b96eb35ca855138",
      "type": "tag",
      "url": "64dbf9ae21"
    }
  }
  ]
```

The look for the tag fails because of there isn't a tag object but only a commit object.
87997ffb57

fixes #107
 2021-02-12 14:26:54 -05:00
Naveen
ca1d6e85f0
Doc - Update README with the docker image (#163) 2021-02-11 15:27:16 -08:00
naveen
0b85e7e2e8 Fix - docker latest image 2021-02-11 16:32:07 -05:00
dependabot[bot]
2c23a47857 Bump github.com/spf13/cobra from 1.1.2 to 1.1.3 
Bumps [github.com/spf13/cobra](https://github.com/spf13/cobra) from 1.1.2 to 1.1.3.
- [Release notes](https://github.com/spf13/cobra/releases)
- [Changelog](https://github.com/spf13/cobra/blob/master/CHANGELOG.md)
- [Commits](https://github.com/spf13/cobra/compare/v1.1.2...v1.1.3)

Signed-off-by: dependabot[bot] <support@github.com>
 2021-02-11 11:15:34 -05:00
James Pether Sörling
127fda75ff
Update projects.txt (#151) 
Add 3 projects by https://github.com/Hack23

Co-authored-by: Naveen <172697+naveensrinivasan@users.noreply.github.com>
Co-authored-by: dlorenc <lorenc.d@gmail.com>
 2021-02-10 21:08:11 +00:00
naveen
6dd3698be8 Fix - Fixes the e2e tests for PR's 2021-02-10 16:07:03 -05:00
dependabot[bot]
7ef0cf9c55
Bump github.com/spf13/cobra from 1.1.1 to 1.1.2 (#154) 
Bumps [github.com/spf13/cobra](https://github.com/spf13/cobra) from 1.1.1 to 1.1.2.
- [Release notes](https://github.com/spf13/cobra/releases)
- [Changelog](https://github.com/spf13/cobra/blob/master/CHANGELOG.md)
- [Commits](https://github.com/spf13/cobra/compare/v1.1.1...v1.1.2)

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2021-02-09 22:58:55 -08:00
naveen
7e158f80e5 Docker releases to GitHub Docker registry 
This will release docker container to GitHub docker registry.
 2021-02-09 10:54:01 -05:00
naveen
7ab314db7d Fix - dependabot githubactions location 2021-02-06 14:22:06 -05:00
naveen
bcf8d0df92 Fix - dependabot yaml error 2021-02-06 12:49:11 -05:00
naveen
4ad4a4204b Feature - enabled dependabot for githubactions 2021-02-06 12:33:46 -05:00
naveen
f385b0d9df Feature - run scans from npm pacakge name 
Implemented scans from npm package name.
 2021-02-02 16:07:41 -05:00
naveen
0d77d8938f Fix - tarball URL trailing slash 
Fixed the tarball URL trailing slash which was causing Frozen-Dep checks
to fail.
 2021-02-02 16:04:28 -05:00
dependabot[bot]
038e3b65c1 Bump github.com/onsi/gomega from 1.10.4 to 1.10.5 
Bumps [github.com/onsi/gomega](https://github.com/onsi/gomega) from 1.10.4 to 1.10.5.
- [Release notes](https://github.com/onsi/gomega/releases)
- [Changelog](https://github.com/onsi/gomega/blob/master/CHANGELOG.md)
- [Commits](https://github.com/onsi/gomega/compare/v1.10.4...v1.10.5)

Signed-off-by: dependabot[bot] <support@github.com>
 2021-02-02 09:18:34 -05:00
dependabot[bot]
717701bd61 Bump github.com/onsi/ginkgo from 1.14.2 to 1.15.0 
Bumps [github.com/onsi/ginkgo](https://github.com/onsi/ginkgo) from 1.14.2 to 1.15.0.
- [Release notes](https://github.com/onsi/ginkgo/releases)
- [Changelog](https://github.com/onsi/ginkgo/blob/master/CHANGELOG.md)
- [Commits](https://github.com/onsi/ginkgo/compare/v1.14.2...v1.15.0)

Signed-off-by: dependabot[bot] <support@github.com>
 2021-02-02 09:13:35 -05:00
Abhishek Arya
8493b0b9a0 Add remediation steps for various checks. 2021-01-27 08:19:49 -05:00
naveen
93373f7787 Fixes - Incorrect result for branch protection 2021-01-26 18:39:12 -05:00
naveen
2a1463b315 Feature - Report codecoverage to codecov.io 2021-01-26 17:49:11 -05:00
Abhishek Arya
09b83b9bf1 Fixes 
- Fix nil exception in packaging on https://github.com/OSGeo/gdal
- Add jenkins ci in ci tests, tested on https://github.com/jenkinsci/jenkins
- Generalize function name in code review check.
 2021-01-24 18:36:36 -05:00
naveen
33e9189d79 fix - panic on nil 
Fixed the panic by doing a nil check. Fixes #135
 2021-01-18 16:11:36 -05:00
Abhishek Arya
c00aa4b606 Add e2e tests for remaining checks. 2021-01-15 15:24:04 -05:00
Abhishek Arya
bcaa2e77f9 Lint fix. 2021-01-15 13:44:52 -05:00
Abhishek Arya
b5096bff45 Fix backslash. 2021-01-15 13:44:52 -05:00
Abhishek Arya
b278475af0 Fix CodeQL failure. 2021-01-15 13:44:52 -05:00
Abhishek Arya
5b7ddc55ab Add e2e test. 2021-01-15 13:44:52 -05:00
Abhishek Arya
dc8d1fecb9 Add packaging check. 2021-01-15 13:44:52 -05:00
naveen
c4c99cd676 feature - Included the e2e into the PR workflows 
Validated the presence of the GITHU_AUTH_TOKEN variable presence before running the e2e.

Update the contributing doc with scopes of the personal access token.

Updated the workflow to include the e2e tests.
 2021-01-13 13:04:22 -05:00
naveen
91bfea5c2f feat - Close stale issues 
Close stale issues.
 2021-01-12 18:19:10 -05:00
naveen
1d26654130 Document - Included instruction for GITHUB_AUTH_TOKEN 
Included instruction that GITHUB_AUTH_TOKEN supports round robin with
multiple tokens.
 2021-01-11 13:19:58 -05:00
Naveen
1700c3a348
feature - Pull request template (#127) 
A standard pull request template
 2021-01-08 11:36:05 -08:00
Naveen
b11fad8a81
feature - Included the status badge in README (#125) 
Included the status badge for build, golanglint-ci and CodeQL.
 2021-01-07 11:40:55 -08:00
Naveen
7b740ce470
fix - Handle nil structs in branch protection (#124) 
Handle structs that could be nil while checking for branch protection.
 2021-01-07 08:54:57 -08:00
Naveen
9d4e5c0731
feature - CODEOWNERS for github branch protection feature (#123) 
Included the codeowners for enabling branch protection "Require review from Code Owners"

Signed-off-by: naveen <172697+naveensrinivasan@users.noreply.github.com>
 2021-01-05 12:53:35 -08:00
Abhishek Arya
fcf0ac4be5
Merge pull request #119 from naveensrinivasan/feature/protected-branches 
feature - Checks for branch protections
 2021-01-05 10:44:05 -08:00
Abhishek Arya
3191c55963
Update README.md 2021-01-05 10:43:41 -08:00
Abhishek Arya
938b9f21d7
Merge branch 'main' into feature/protected-branches 2021-01-05 10:43:17 -08:00
Abhishek Arya
b506c6f4ff
Merge pull request #122 from ossf/b5 
Remove releases from active check.
 2021-01-05 10:31:48 -08:00
Abhishek Arya
650fe0a1c3
Update README.md 2021-01-05 10:31:18 -08:00
Abhishek Arya
3c94ffaccc Remove releases from active check. 2021-01-05 09:52:41 -08:00
naveen
5d84b86148 Merge branch 'main' into feature/protected-branches 2021-01-05 12:32:06 -05:00
Abhishek Arya
b86fae0b4d
Fix https://github.com/ossf/scorecard/issues/121 2021-01-05 09:28:21 -08:00
naveen
9ce57c0804 feature - Checks for branch protections 
Implemented Branch protections checks.

Signed-off-by: naveen <172697+naveensrinivasan@users.noreply.github.com>
 2021-01-05 12:27:50 -05:00
Naveen
15a1ba0536
feat - nonroot docker container (#114) 
* feat - nonroot docker container

Changed the docker container to nonroot

* Feat - New Dockerfile for non-cron job

Created a new Dockerfile for non-cron job.
Moved the existing Dockerfile into cron folder for cron specific.

Signed-off-by: naveen <172697+naveensrinivasan@users.noreply.github.com>

* Fix - The Docker version information in the README

Updated the README to include docker version information required for
Dockerfile.

Signed-off-by: naveen <172697+naveensrinivasan@users.noreply.github.com>
 2021-01-05 07:45:15 -06:00
Abhishek Arya
9e0388fa91
Merge pull request #118 from naveensrinivasan/feature/update-readme 
feature - Update the CONTRIBUTING guidelines
 2021-01-04 10:02:25 -08:00
naveen
c5c51b9977 feature - Update the CONTRIBUTING guidelines 
* Updated the contributing guidelines with Environment Setup,
Contributing steps, How to build scorecard locally, What to do before
submitting a pull request and Where the CI Tests are configured.

Signed-off-by: naveen <172697+naveensrinivasan@users.noreply.github.com>
 2021-01-04 12:13:07 -05:00