Avishay Balter
78115dedad
✨ Add support for Nuget restore ( #4157 )
...
* Nuget lock file support
Signed-off-by: balteraivshay <avishay.balter@gmail.com>
* fix shell download
Signed-off-by: balteraivshay <avishay.balter@gmail.com>
* Revert "fix shell download"
This reverts commit 9e66eb2280
.
Signed-off-by: Spencer Schrock <sschrock@google.com>
---------
Signed-off-by: balteraivshay <avishay.balter@gmail.com>
Signed-off-by: Spencer Schrock <sschrock@google.com>
Co-authored-by: Spencer Schrock <sschrock@google.com>
2024-07-10 23:04:59 +00:00
dependabot[bot]
32c4a43d7e
🌱 Bump github.com/google/osv-scanner from 1.8.1 to 1.8.2 ( #4234 )
CodeQL / Analyze (go) (push) Waiting to run
CodeQL / Analyze (javascript) (push) Waiting to run
gitlab-tests / gitlab-integration-trusted (push) Waiting to run
golangci-lint / check-linter (push) Waiting to run
build / unit-test (push) Waiting to run
build / generate-mocks (push) Waiting to run
build / generate-docs (push) Waiting to run
build / build-proto (push) Waiting to run
build / ${{ matrix.target }} (build-add-script) (push) Blocked by required conditions
build / ${{ matrix.target }} (build-bq-transfer) (push) Blocked by required conditions
build / ${{ matrix.target }} (build-cii-worker) (push) Blocked by required conditions
build / ${{ matrix.target }} (build-controller) (push) Blocked by required conditions
build / ${{ matrix.target }} (build-github-server) (push) Blocked by required conditions
build / ${{ matrix.target }} (build-scorecard) (push) Blocked by required conditions
build / ${{ matrix.target }} (build-shuffler) (push) Blocked by required conditions
build / ${{ matrix.target }} (build-validate-script) (push) Blocked by required conditions
build / ${{ matrix.target }} (build-webhook) (push) Blocked by required conditions
build / ${{ matrix.target }} (build-worker) (push) Blocked by required conditions
build / validate-docs (push) Waiting to run
build / add-projects (push) Waiting to run
build / validate-projects (push) Waiting to run
build / license boilerplate check (push) Waiting to run
Scorecard analysis workflow / Scorecard analysis (push) Waiting to run
2024-07-10 21:58:33 +00:00
dependabot[bot]
bdaef02d0a
🌱 Bump chainguard/static from a1f8a15
to d94c01c
( #4224 )
2024-07-10 21:39:11 +00:00
dependabot[bot]
22b0ad13e2
🌱 Bump the github-actions group with 2 updates ( #4221 )
2024-07-10 21:29:26 +00:00
dependabot[bot]
11612db5b5
🌱 Bump sigs.k8s.io/release-utils from 0.8.2 to 0.8.3 ( #4228 )
2024-07-10 21:09:33 +00:00
dependabot[bot]
8028c54ab7
🌱 Bump github.com/google/go-containerregistry ( #4229 )
2024-07-10 21:00:21 +00:00
dependabot[bot]
0edd1aae98
🌱 Bump google.golang.org/grpc from 1.64.0 to 1.64.1 ( #4233 )
2024-07-10 20:49:18 +00:00
Spencer Schrock
513c6ebbde
🌱 Add config e2e test and fix README ( #4232 )
...
* add config e2e test
Signed-off-by: Spencer Schrock <sschrock@google.com>
* update readme syntax
The old syntax was changed so the README was out of date.
This was exposed when setting up the e2e repo.
Signed-off-by: Spencer Schrock <sschrock@google.com>
* fix rename
Signed-off-by: Spencer Schrock <sschrock@google.com>
---------
Signed-off-by: Spencer Schrock <sschrock@google.com>
2024-07-10 12:52:03 -07:00
Spencer Schrock
c368d8a682
⚠️ Rename top level package to scorecard and reduce name duplication ( #4227 )
...
* move files to scorecard package
Signed-off-by: Spencer Schrock <sschrock@google.com>
* remove repetition from ScorecardResult
Signed-off-by: Spencer Schrock <sschrock@google.com>
* update comments
Signed-off-by: Spencer Schrock <sschrock@google.com>
* remove RunScorecard function
Signed-off-by: Spencer Schrock <sschrock@google.com>
* add docstrings
Signed-off-by: Spencer Schrock <sschrock@google.com>
---------
Signed-off-by: Spencer Schrock <sschrock@google.com>
2024-07-10 17:44:34 +00:00
Spencer Schrock
a9ab4a903f
✨ remove experimental gate on maintainer annotation parsing ( #4231 )
...
* ✨ remove experimental gate on maintainer annotation parsing
Signed-off-by: Spencer Schrock <sschrock@google.com>
* remove gate on cli flag
Signed-off-by: Spencer Schrock <sschrock@google.com>
---------
Signed-off-by: Spencer Schrock <sschrock@google.com>
2024-07-10 17:15:26 +00:00
Spencer Schrock
59c4aa980f
⚠️ rename annotation IsExempted to Annotations ( #4230 )
...
Signed-off-by: Spencer Schrock <sschrock@google.com>
2024-07-10 09:53:59 -07:00
Spencer Schrock
eb03180231
⚠️ delete dependency diff leftover file ( #4225 )
...
CodeQL / Analyze (go) (push) Has been cancelled
CodeQL / Analyze (javascript) (push) Has been cancelled
gitlab-tests / gitlab-integration-trusted (push) Has been cancelled
golangci-lint / check-linter (push) Has been cancelled
build / unit-test (push) Has been cancelled
build / generate-mocks (push) Has been cancelled
build / generate-docs (push) Has been cancelled
build / build-proto (push) Has been cancelled
build / validate-docs (push) Has been cancelled
build / add-projects (push) Has been cancelled
build / validate-projects (push) Has been cancelled
build / license boilerplate check (push) Has been cancelled
Scorecard analysis workflow / Scorecard analysis (push) Has been cancelled
build / ${{ matrix.target }} (build-add-script) (push) Has been cancelled
build / ${{ matrix.target }} (build-bq-transfer) (push) Has been cancelled
build / ${{ matrix.target }} (build-cii-worker) (push) Has been cancelled
build / ${{ matrix.target }} (build-controller) (push) Has been cancelled
build / ${{ matrix.target }} (build-github-server) (push) Has been cancelled
build / ${{ matrix.target }} (build-scorecard) (push) Has been cancelled
build / ${{ matrix.target }} (build-shuffler) (push) Has been cancelled
build / ${{ matrix.target }} (build-validate-script) (push) Has been cancelled
build / ${{ matrix.target }} (build-webhook) (push) Has been cancelled
build / ${{ matrix.target }} (build-worker) (push) Has been cancelled
Signed-off-by: Spencer Schrock <sschrock@google.com>
2024-07-08 19:12:34 +00:00
Spencer Schrock
f2fac0c8f9
🌱 Use new Scorecard entrypoint for CLI ( #4203 )
...
* add WithLogLevel option
Signed-off-by: Spencer Schrock <sschrock@google.com>
* migrate scorecard CLI to new Run entrypoint
Signed-off-by: Spencer Schrock <sschrock@google.com>
* delete ExperimentalRunProbes
Switch the test to using the new Run function
Signed-off-by: Spencer Schrock <sschrock@google.com>
* don't store opt slice, just call with args
Signed-off-by: Spencer Schrock <sschrock@google.com>
---------
Signed-off-by: Spencer Schrock <sschrock@google.com>
2024-07-08 18:55:04 +00:00
Spencer Schrock
6a5816347e
🌱 Migrate other RunScorecard callers ( #4208 )
...
* convert attestor
Signed-off-by: Spencer Schrock <sschrock@google.com>
* convert serve command
Signed-off-by: Spencer Schrock <sschrock@google.com>
* add WithLogLevel option
Signed-off-by: Spencer Schrock <sschrock@google.com>
* change e2e result test
Signed-off-by: Spencer Schrock <sschrock@google.com>
* change unit test
Signed-off-by: Spencer Schrock <sschrock@google.com>
---------
Signed-off-by: Spencer Schrock <sschrock@google.com>
2024-07-08 17:46:32 +00:00
dependabot[bot]
edcacd82c4
🌱 Bump the distroless group across 6 directories with 1 update ( #4223 )
2024-07-08 16:30:37 +00:00
dependabot[bot]
3155309aa8
🌱 Bump chainguard/static from 68b8855
to a1f8a15
( #4214 )
CodeQL / Analyze (go) (push) Has been cancelled
CodeQL / Analyze (javascript) (push) Has been cancelled
gitlab-tests / gitlab-integration-trusted (push) Has been cancelled
golangci-lint / check-linter (push) Has been cancelled
build / unit-test (push) Has been cancelled
build / generate-mocks (push) Has been cancelled
build / generate-docs (push) Has been cancelled
build / build-proto (push) Has been cancelled
build / validate-docs (push) Has been cancelled
build / add-projects (push) Has been cancelled
build / validate-projects (push) Has been cancelled
build / license boilerplate check (push) Has been cancelled
Scorecard analysis workflow / Scorecard analysis (push) Has been cancelled
build / ${{ matrix.target }} (build-add-script) (push) Has been cancelled
build / ${{ matrix.target }} (build-bq-transfer) (push) Has been cancelled
build / ${{ matrix.target }} (build-cii-worker) (push) Has been cancelled
build / ${{ matrix.target }} (build-controller) (push) Has been cancelled
build / ${{ matrix.target }} (build-github-server) (push) Has been cancelled
build / ${{ matrix.target }} (build-scorecard) (push) Has been cancelled
build / ${{ matrix.target }} (build-shuffler) (push) Has been cancelled
build / ${{ matrix.target }} (build-validate-script) (push) Has been cancelled
build / ${{ matrix.target }} (build-webhook) (push) Has been cancelled
build / ${{ matrix.target }} (build-worker) (push) Has been cancelled
2024-07-03 22:54:44 +00:00
dependabot[bot]
98bb37fd3f
🌱 Bump github/codeql-action in the github-actions group ( #4202 )
2024-07-03 22:42:05 +00:00
Spencer Schrock
d889dcbada
convert cron to use new entrypoint ( #4207 )
...
There are further simplifications that are possible,
but leaving for later to keep this PR small.
Signed-off-by: Spencer Schrock <sschrock@google.com>
2024-07-03 21:59:08 +00:00
Stephen Augustus
7841828bb4
📖 SECURITY: Represent response times in business days instead of hours ( #4217 )
...
Signed-off-by: Stephen Augustus <foo@auggie.dev>
2024-07-03 14:41:35 -07:00
dependabot[bot]
efa43e165c
🌱 Bump the golang group across 8 directories with 1 update ( #4216 )
2024-07-03 21:18:16 +00:00
Stephen Augustus
3f3854811a
📖 Update security policy to be specific to OpenSSF Scorecard ( #4212 )
...
* SECURITY: Revert to default OpenSSF security policy
* SECURITY: Update policy to better describe disclosure and remediation
* SECURITY: Reference LF policy and add fallback security contact
* Apply suggestions from code review
---------
Signed-off-by: Stephen Augustus <foo@auggie.dev>
Signed-off-by: Stephen Augustus <justaugustus@users.noreply.github.com>
Co-authored-by: Spencer Schrock <sschrock@google.com>
2024-07-03 20:58:58 +00:00
Spencer Schrock
4895019884
fix dependabot config to group docker images ( #4211 )
...
This is apparently required with the current implementation of multi dir PRs.
Signed-off-by: Spencer Schrock <sschrock@google.com>
2024-07-03 16:47:20 -04:00
Spencer Schrock
5f7cea3637
🌱 Use new entrypoint for scdiff ( #4204 )
...
CodeQL / Analyze (go) (push) Waiting to run
CodeQL / Analyze (javascript) (push) Waiting to run
gitlab-tests / gitlab-integration-trusted (push) Waiting to run
golangci-lint / check-linter (push) Waiting to run
build / unit-test (push) Waiting to run
build / generate-mocks (push) Waiting to run
build / generate-docs (push) Waiting to run
build / build-proto (push) Waiting to run
build / ${{ matrix.target }} (build-add-script) (push) Blocked by required conditions
build / ${{ matrix.target }} (build-bq-transfer) (push) Blocked by required conditions
build / ${{ matrix.target }} (build-cii-worker) (push) Blocked by required conditions
build / ${{ matrix.target }} (build-controller) (push) Blocked by required conditions
build / ${{ matrix.target }} (build-github-server) (push) Blocked by required conditions
build / ${{ matrix.target }} (build-scorecard) (push) Blocked by required conditions
build / ${{ matrix.target }} (build-shuffler) (push) Blocked by required conditions
build / ${{ matrix.target }} (build-validate-script) (push) Blocked by required conditions
build / ${{ matrix.target }} (build-webhook) (push) Blocked by required conditions
build / ${{ matrix.target }} (build-worker) (push) Blocked by required conditions
build / validate-docs (push) Waiting to run
build / add-projects (push) Waiting to run
build / validate-projects (push) Waiting to run
build / license boilerplate check (push) Waiting to run
Scorecard analysis workflow / Scorecard analysis (push) Waiting to run
Signed-off-by: Spencer Schrock <sschrock@google.com>
2024-07-03 17:40:48 +00:00
Ryan Ware
1c448ee652
cron: Add 377 Intel-owned repositories ( #4206 )
...
gitlab-tests / gitlab-integration-trusted (push) Waiting to run
golangci-lint / check-linter (push) Waiting to run
build / unit-test (push) Waiting to run
build / generate-mocks (push) Waiting to run
build / generate-docs (push) Waiting to run
build / build-proto (push) Waiting to run
build / ${{ matrix.target }} (build-add-script) (push) Blocked by required conditions
build / ${{ matrix.target }} (build-bq-transfer) (push) Blocked by required conditions
build / ${{ matrix.target }} (build-cii-worker) (push) Blocked by required conditions
build / ${{ matrix.target }} (build-controller) (push) Blocked by required conditions
build / ${{ matrix.target }} (build-github-server) (push) Blocked by required conditions
build / ${{ matrix.target }} (build-scorecard) (push) Blocked by required conditions
build / ${{ matrix.target }} (build-shuffler) (push) Blocked by required conditions
build / ${{ matrix.target }} (build-validate-script) (push) Blocked by required conditions
build / ${{ matrix.target }} (build-webhook) (push) Blocked by required conditions
build / ${{ matrix.target }} (build-worker) (push) Blocked by required conditions
build / validate-docs (push) Waiting to run
build / add-projects (push) Waiting to run
build / validate-projects (push) Waiting to run
build / license boilerplate check (push) Waiting to run
Scorecard analysis workflow / Scorecard analysis (push) Waiting to run
CodeQL / Analyze (go) (push) Has been cancelled
CodeQL / Analyze (javascript) (push) Has been cancelled
Signed-off-by: Ryan Ware <ryan.ware@intel.com>
2024-07-02 23:27:18 -04:00
Spencer Schrock
6629b09746
🌱 Add lifecycle field to probes ( #4147 )
...
CodeQL / Analyze (go) (push) Waiting to run
CodeQL / Analyze (javascript) (push) Waiting to run
gitlab-tests / gitlab-integration-trusted (push) Waiting to run
golangci-lint / check-linter (push) Waiting to run
build / unit-test (push) Waiting to run
build / generate-mocks (push) Waiting to run
build / generate-docs (push) Waiting to run
build / build-proto (push) Waiting to run
build / ${{ matrix.target }} (build-add-script) (push) Blocked by required conditions
build / ${{ matrix.target }} (build-bq-transfer) (push) Blocked by required conditions
build / ${{ matrix.target }} (build-cii-worker) (push) Blocked by required conditions
build / ${{ matrix.target }} (build-controller) (push) Blocked by required conditions
build / ${{ matrix.target }} (build-github-server) (push) Blocked by required conditions
build / ${{ matrix.target }} (build-scorecard) (push) Blocked by required conditions
build / ${{ matrix.target }} (build-shuffler) (push) Blocked by required conditions
build / ${{ matrix.target }} (build-validate-script) (push) Blocked by required conditions
build / ${{ matrix.target }} (build-webhook) (push) Blocked by required conditions
build / ${{ matrix.target }} (build-worker) (push) Blocked by required conditions
build / validate-docs (push) Waiting to run
build / add-projects (push) Waiting to run
build / validate-projects (push) Waiting to run
build / license boilerplate check (push) Waiting to run
Scorecard analysis workflow / Scorecard analysis (push) Waiting to run
* add lifecycle field to probe yaml definitions
Signed-off-by: Spencer Schrock <sschrock@google.com>
* classify existing probes
Some are listed as stable if they're not expected to change,
others are listed as experimental if there are still expected changes.
Signed-off-by: Spencer Schrock <sschrock@google.com>
* add lifecycle to probe readme
Signed-off-by: Spencer Schrock <sschrock@google.com>
* fix linter
Signed-off-by: Spencer Schrock <sschrock@google.com>
* add lifecycle for new probe
Signed-off-by: Spencer Schrock <sschrock@google.com>
* add probe lifecycle to documentation
Signed-off-by: Spencer Schrock <sschrock@google.com>
---------
Signed-off-by: Spencer Schrock <sschrock@google.com>
2024-07-02 17:11:19 +00:00
Raghav Kaul
28337f13b1
🌱 maintainer annotations: improve annotation file validation ( #4162 )
...
* validate check names against full list
Signed-off-by: Raghav Kaul <raghavkaul+github@google.com>
* tests: close file
Signed-off-by: Raghav Kaul <raghavkaul+github@google.com>
* update
Signed-off-by: Raghav Kaul <raghavkaul+github@google.com>
* make private
Signed-off-by: Raghav Kaul <raghavkaul+github@google.com>
* Restructure imports
Signed-off-by: Raghav Kaul <raghavkaul+github@google.com>
* update
Signed-off-by: Raghav Kaul <raghavkaul+github@google.com>
---------
Signed-off-by: Raghav Kaul <raghavkaul+github@google.com>
2024-07-02 15:40:34 +00:00
dependabot[bot]
9f9afa0c30
🌱 Bump github.com/google/osv-scanner from 1.7.4 to 1.8.1 ( #4198 )
CodeQL / Analyze (go) (push) Waiting to run
CodeQL / Analyze (javascript) (push) Waiting to run
gitlab-tests / gitlab-integration-trusted (push) Waiting to run
golangci-lint / check-linter (push) Waiting to run
build / unit-test (push) Waiting to run
build / generate-mocks (push) Waiting to run
build / generate-docs (push) Waiting to run
build / build-proto (push) Waiting to run
build / ${{ matrix.target }} (build-add-script) (push) Blocked by required conditions
build / ${{ matrix.target }} (build-bq-transfer) (push) Blocked by required conditions
build / ${{ matrix.target }} (build-cii-worker) (push) Blocked by required conditions
build / ${{ matrix.target }} (build-controller) (push) Blocked by required conditions
build / ${{ matrix.target }} (build-github-server) (push) Blocked by required conditions
build / ${{ matrix.target }} (build-scorecard) (push) Blocked by required conditions
build / ${{ matrix.target }} (build-shuffler) (push) Blocked by required conditions
build / ${{ matrix.target }} (build-validate-script) (push) Blocked by required conditions
build / ${{ matrix.target }} (build-webhook) (push) Blocked by required conditions
build / ${{ matrix.target }} (build-worker) (push) Blocked by required conditions
build / validate-docs (push) Waiting to run
build / add-projects (push) Waiting to run
build / validate-projects (push) Waiting to run
build / license boilerplate check (push) Waiting to run
Scorecard analysis workflow / Scorecard analysis (push) Waiting to run
2024-07-01 19:21:16 +00:00
dependabot[bot]
76a04bfe40
🌱 Bump github.com/xanzy/go-gitlab from 0.105.0 to 0.106.0 ( #4197 )
2024-06-27 17:11:41 +00:00
dependabot[bot]
842d550727
🌱 Bump github.com/goreleaser/goreleaser/v2 in /tools ( #4199 )
2024-06-27 16:58:18 +00:00
dependabot[bot]
c187c076a0
🌱 Bump cloud.google.com/go/pubsub from 1.38.0 to 1.40.0 ( #4196 )
2024-06-26 23:05:42 +00:00
dependabot[bot]
13c4485000
🌱 Bump github.com/moby/buildkit from 0.14.0 to 0.14.1 ( #4187 )
2024-06-26 22:49:24 +00:00
dependabot[bot]
c4e1f70113
🌱 Bump github.com/spf13/cobra from 1.8.0 to 1.8.1 ( #4183 )
2024-06-26 21:26:18 +00:00
dependabot[bot]
89d94606a1
🌱 Bump the github-actions group across 1 directory with 3 updates ( #4190 )
...
Bumps the github-actions group with 3 updates in the / directory: [actions/checkout](https://github.com/actions/checkout ), [github/codeql-action](https://github.com/github/codeql-action ) and [ko-build/setup-ko](https://github.com/ko-build/setup-ko ).
Updates `actions/checkout` from 4.1.6 to 4.1.7
- [Release notes](https://github.com/actions/checkout/releases )
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md )
- [Commits](a5ac7e51b4...692973e3d9
)
Updates `github/codeql-action` from 3.25.8 to 3.25.10
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](2e230e8fe0...23acc5c183
)
Updates `ko-build/setup-ko` from 0.6 to 0.7
- [Release notes](https://github.com/ko-build/setup-ko/releases )
- [Commits](ace48d7935...3aebd0597d
)
---
updated-dependencies:
- dependency-name: actions/checkout
dependency-type: direct:production
update-type: version-update:semver-patch
dependency-group: github-actions
- dependency-name: github/codeql-action
dependency-type: direct:production
update-type: version-update:semver-patch
dependency-group: github-actions
- dependency-name: ko-build/setup-ko
dependency-type: direct:production
update-type: version-update:semver-minor
dependency-group: github-actions
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-06-26 21:01:56 +00:00
dependabot[bot]
7918d83743
🌱 Bump chainguard/static from 110b691
to 68b8855
( #4179 )
...
Bumps chainguard/static from `110b691` to `68b8855`.
---
updated-dependencies:
- dependency-name: chainguard/static
dependency-type: direct:production
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-06-26 20:08:08 +00:00
dependabot[bot]
309b48b9fd
🌱 Bump github.com/hashicorp/go-retryablehttp ( #4195 )
2024-06-25 23:16:48 +00:00
dependabot[bot]
a93626e540
🌱 Bump github.com/hashicorp/go-retryablehttp in /tools ( #4193 )
2024-06-25 22:41:02 +00:00
dependabot[bot]
6cae56f02b
🌱 Bump goreleaser/goreleaser-action from 5.1.0 to 6.0.0 ( #4158 )
...
* 🌱 Bump goreleaser/goreleaser-action from 5.1.0 to 6.0.0
Bumps [goreleaser/goreleaser-action](https://github.com/goreleaser/goreleaser-action ) from 5.1.0 to 6.0.0.
- [Release notes](https://github.com/goreleaser/goreleaser-action/releases )
- [Commits](5742e2a039...286f3b13b1
)
---
updated-dependencies:
- dependency-name: goreleaser/goreleaser-action
dependency-type: direct:production
update-type: version-update:semver-major
...
Signed-off-by: dependabot[bot] <support@github.com>
* use --clean instead of --rm-dist
https: //goreleaser.com/deprecations#-rm-dist
Signed-off-by: Spencer Schrock <sschrock@google.com>
* the skip arguments were combined into --skip
https://goreleaser.com/deprecations/#-skip
Signed-off-by: Spencer Schrock <sschrock@google.com>
* update config for v2
Signed-off-by: Spencer Schrock <sschrock@google.com>
* use goreleaser v2 tooling for makefile
Signed-off-by: Spencer Schrock <sschrock@google.com>
---------
Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: Spencer Schrock <sschrock@google.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Spencer Schrock <sschrock@google.com>
Co-authored-by: Stephen Augustus <justaugustus@users.noreply.github.com>
2024-06-25 22:30:41 +00:00
Spencer Schrock
0d57c0224a
📖 Generate probe markdown documentation ( #4184 )
...
* generate probe markdown documentation
Walks the various probes def.yaml files and puts them in a single
markdown document. This doesn't currently include the remediation, but
neither does the existing checks.md document either.
In order to avoid duplicating yaml definitions, this existing ones were
moved to an internal directory so they can be reused.
Signed-off-by: Spencer Schrock <sschrock@google.com>
* fix linter
Signed-off-by: Spencer Schrock <sschrock@google.com>
* add probe doc generation to Makefile
Note: There is no validate-docs step for the probes code, as the
def.yml fields are validated elsewhere currently in the unit tests.
Signed-off-by: Spencer Schrock <sschrock@google.com>
* fix license for new yaml package
Signed-off-by: Spencer Schrock <sschrock@google.com>
---------
Signed-off-by: Spencer Schrock <sschrock@google.com>
2024-06-20 21:05:06 +00:00
dependabot[bot]
5d08c1cc11
🌱 Bump github.com/google/go-containerregistry from 0.19.1 to 0.19.2 ( #4182 )
...
* 🌱 Bump github.com/google/go-containerregistry
Bumps [github.com/google/go-containerregistry](https://github.com/google/go-containerregistry ) from 0.19.1 to 0.19.2.
- [Release notes](https://github.com/google/go-containerregistry/releases )
- [Changelog](https://github.com/google/go-containerregistry/blob/main/.goreleaser.yml )
- [Commits](https://github.com/google/go-containerregistry/compare/v0.19.1...v0.19.2 )
---
updated-dependencies:
- dependency-name: github.com/google/go-containerregistry
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
* update
Signed-off-by: Raghav Kaul <raghavkaul+github@google.com>
---------
Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: Raghav Kaul <raghavkaul+github@google.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Raghav Kaul <raghavkaul+github@google.com>
2024-06-17 12:04:39 -04:00
Spencer Schrock
da0f2b4ebc
🐛 keep SARIF runs and rules for exempted checks, only skip the results. ( #4153 )
...
* keep runs and rules for exempted checks, only skip the results.
Signed-off-by: Spencer Schrock <sschrock@google.com>
* update test
Signed-off-by: Spencer Schrock <sschrock@google.com>
---------
Signed-off-by: Spencer Schrock <sschrock@google.com>
2024-06-14 23:21:56 +00:00
Zxilly
5ef9831b91
🌱 add stack info to osv-scanner error ( #4172 )
...
* add stack info to osv-scanner error
Signed-off-by: Zxilly <zxilly@outlook.com>
* print error stack to stderr
Signed-off-by: Zxilly <zxilly@outlook.com>
* follow the lint rule
Signed-off-by: Zxilly <zxilly@outlook.com>
---------
Signed-off-by: Zxilly <zxilly@outlook.com>
2024-06-14 16:02:21 -07:00
Naveen
c7821b633c
✨ move to cgr base image ( #4113 )
...
- Move the static cgr.dev base image as it has less foot print and zero
vuln.
Signed-off-by: naveensrinivasan <172697+naveensrinivasan@users.noreply.github.com>
2024-06-14 16:09:44 +00:00
Zxilly
fc09963047
🐛 fix: correct sarif json schema url ( #4170 )
...
Signed-off-by: Zxilly <zxilly@outlook.com>
2024-06-13 10:26:36 -07:00
dependabot[bot]
e23b8ad91f
🌱 Bump github.com/Azure/azure-sdk-for-go/sdk/azidentity ( #4166 )
2024-06-12 20:26:39 +00:00
Raghav Kaul
ed272eab2c
📖 Docs: Maintainer annotations ( #4165 )
...
* update docs
Signed-off-by: Raghav Kaul <raghavkaul+github@google.com>
* reword
Signed-off-by: Raghav Kaul <raghavkaul+github@google.com>
* update
Signed-off-by: Raghav Kaul <raghavkaul+github@google.com>
---------
Signed-off-by: Raghav Kaul <raghavkaul+github@google.com>
2024-06-12 14:30:01 -04:00
Spencer Schrock
157948d4f0
🌱 Hide maintainer annotation implementation details ( #4167 )
...
* make validation func private
Signed-off-by: Spencer Schrock <sschrock@google.com>
* hide config validation sentinel errors
Signed-off-by: Spencer Schrock <sschrock@google.com>
---------
Signed-off-by: Spencer Schrock <sschrock@google.com>
2024-06-12 18:16:13 +00:00
dependabot[bot]
1faca4943d
🌱 Bump google.golang.org/protobuf from 1.34.1 to 1.34.2 ( #4169 )
2024-06-12 17:58:59 +00:00
Max Mehl
fcdc63b1ba
📖 Improve the REUSE parts of the License check ( #4155 )
...
* clarify that link leads to specification, not REUSE in general
Signed-off-by: Max Mehl <mail@mehl.mx>
* fix LICENSES directory name
Signed-off-by: Max Mehl <mail@mehl.mx>
* clarify that tool also looks into LICENSES directory
Signed-off-by: Max Mehl <mail@mehl.mx>
* generate checks.md
Signed-off-by: Max Mehl <mail@mehl.mx>
---------
Signed-off-by: Max Mehl <mail@mehl.mx>
2024-06-12 16:19:35 +00:00
dependabot[bot]
fde26a0ef4
🌱 Bump github.com/moby/buildkit from 0.13.2 to 0.14.0 ( #4168 )
2024-06-12 16:07:16 +00:00
Spencer Schrock
6d8f701a9d
⚠️ Simplify RunScorecard with functional optionals ( #4106 )
...
* add options for other clients
Signed-off-by: Spencer Schrock <sschrock@google.com>
* set clients to defaults if not provided?
Signed-off-by: Spencer Schrock <sschrock@google.com>
* fix shadowing
Signed-off-by: Spencer Schrock <sschrock@google.com>
* call the underlying run function
Signed-off-by: Spencer Schrock <sschrock@google.com>
* add package client
Signed-off-by: Spencer Schrock <sschrock@google.com>
* run all checks if no checks or probes provided
Signed-off-by: Spencer Schrock <sschrock@google.com>
* add WithProbes option
Signed-off-by: Spencer Schrock <sschrock@google.com>
* make github repo type public
Signed-off-by: Spencer Schrock <sschrock@google.com>
* make gitlab repo type public
Signed-off-by: Spencer Schrock <sschrock@google.com>
* make local repo type public
Signed-off-by: Spencer Schrock <sschrock@google.com>
* switch WithChecks to accepting []string
Signed-off-by: Spencer Schrock <sschrock@google.com>
* fix linter
Signed-off-by: Spencer Schrock <sschrock@google.com>
* fix linter
Signed-off-by: Spencer Schrock <sschrock@google.com>
---------
Signed-off-by: Spencer Schrock <sschrock@google.com>
2024-06-10 15:59:29 -07:00