naveen
9c4a4596ed
Testing - Slash command
2021-02-19 14:04:24 -05:00
dependabot[bot]
030ab1dbc5
Bump peter-evans/slash-command-dispatch from v1 to v2.1.3
...
Bumps [peter-evans/slash-command-dispatch](https://github.com/peter-evans/slash-command-dispatch ) from v1 to v2.1.3.
- [Release notes](https://github.com/peter-evans/slash-command-dispatch/releases )
- [Commits](https://github.com/peter-evans/slash-command-dispatch/compare/v1...72ab5a2e417e454aa8e89c43b28e36fe331e00a5 )
Signed-off-by: dependabot[bot] <support@github.com>
2021-02-19 08:28:45 -05:00
Edoardo Tenani
efd18c84a1
roundtripper: ignore gosec G101 error
...
As per issue #172 this is not an issue, as there is no real GitHub token
in the constant.
2021-02-19 08:23:57 -05:00
naveen
1e93904a66
Fix - Remove the app reference for the slash token
2021-02-18 16:14:12 -05:00
naveen
9b4b8be7e0
Feature - ok-to-test in github action
2021-02-18 15:45:55 -05:00
naveen
e94e53965e
Fix - Changes to reflect the scorecard score
...
The score of the scorecard is improving with signed-release and updating
the tests to reflect that.
2021-02-17 20:40:58 -05:00
nathannaveen
1a00062a09
Fix - golangci issues gomnd, goconst
...
Fixed the golangci issues for gomnd and goconst.
Added ginkgo dependency in the makefile.
2021-02-17 18:22:18 -05:00
Nathan
554ca76bfe
Fix - golangci issues gomnd, goconst
...
Fixed the golangci issues for gomnd and goconst.
Added ginkgo dependency in the makefile.
2021-02-17 18:22:18 -05:00
naveen
f906f3f568
Feature - sign releases
2021-02-17 17:53:41 -05:00
naveen
f57080098c
Doc - Updates to README and CONTRIBUTING
2021-02-16 17:00:36 -05:00
naveen
ef4c8d0758
Fix - refactor the lint in the actions
2021-02-16 15:59:50 -05:00
Dan Lorenc
5958a04192
Slow down to every few days.
2021-02-16 14:48:31 -05:00
naveen
51f017b206
Fix - ignore empty github token
2021-02-16 14:35:22 -05:00
naveen
db7bfcf342
Fix - golanglint-ci report only new issues
2021-02-16 14:23:03 -05:00
naveen
ce8e1e79ea
Feature - Include additional linters for golangci
...
Included additional linters for golangci. The new linters would be
reported existing issues.
2021-02-16 14:06:59 -05:00
naveen
7a713e5b43
Feature - Serve json response in http
...
If the "Content-Type"== "application/json" then serve json response
2021-02-16 11:26:09 -05:00
dependabot[bot]
64660915d6
Bump golangci/golangci-lint-action from v2 to v2.4.0
...
Bumps [golangci/golangci-lint-action](https://github.com/golangci/golangci-lint-action ) from v2 to v2.4.0.
- [Release notes](https://github.com/golangci/golangci-lint-action/releases )
- [Commits](https://github.com/golangci/golangci-lint-action/compare/v2...544d2efb307b3f205f34886f2787046abe7fb26e )
Signed-off-by: dependabot[bot] <support@github.com>
2021-02-15 08:48:59 -05:00
Abhishek Arya
5fcaa98d6f
Add top 200 for all langs from criticality score repo. ( #181 )
...
From https://github.com/ossf/criticality_score#public-data
and combine with existing projects list.
2021-02-14 16:39:16 -05:00
naveen
b20e33c24b
Fix - go build to static binaries
2021-02-14 15:01:41 -05:00
Abhishek Arya
fc251d9d42
Add security policy to e2e test.
2021-02-14 12:50:24 -05:00
naveen
af2132e927
Fix- e2e tests to include the executable
...
Included e2e tests for the executable with JSON
2021-02-14 11:46:17 -05:00
Naveen
30d69310c6
Fix - Organization checks for members ( #170 )
...
* Fix - Organization checks for members
* Fix - Turn off automatic releasenotes generation
Turn off automatic release notes for CII https://bestpractices.coreinfrastructure.org/
* Fix - Organization checks for members
2021-02-14 10:46:14 -05:00
naveen
70ff5a94ce
Fix - Turn off automatic releasenotes generation
...
Turn off automatic release notes for CII https://bestpractices.coreinfrastructure.org/
2021-02-14 10:31:35 -05:00
Abhishek Arya
7336fa167a
Add SECURITY.md
...
Based on template from Anne.
Fixes https://github.com/ossf/scorecard/issues/165
2021-02-13 14:53:06 -05:00
naveen
4bdc158018
Fix - packging workflow for docker push
2021-02-12 21:16:44 -05:00
Naveen
c77e995ae5
Fix - output message for non default output ( #167 )
...
The json output had non-json output. Fixed it output only for default
output.
2021-02-12 18:13:54 -08:00
naveen
cb7ee064b9
Feature - container scanning for scorecard
2021-02-12 17:01:58 -05:00
Abhishek Arya
ad7cc4a951
Add colon before sha.
2021-02-12 14:26:54 -05:00
naveen
2ad8b35b91
Fixes - verifiedtag checks
...
The reason the tags aren't working for certain repositories is that because the Lightweight Tags
vs Annotated Tags
>Basically, lightweight tags are just pointers to specific commits. No further information is saved;
on the other hand, annotated tags are regular objects, which have an author and a
date and can be referred because they have their own SHA key.
https://api.github.com/repos/ossf/scorecard/git/refs/tags
```
[
{
"ref": "refs/tags/v1.0.0",
"node_id": "MDM6UmVmMzAyNjcwNzk3OnJlZnMvdGFncy92MS4wLjA=",
"url": "https://api.github.com/repos/ossf/scorecard/git/refs/tags/v1.0.0 ",
"object": {
"sha": "87997ffb5724cb479223a08a2890c60b0ea4bfbd",
"type": "commit",
"url": "87997ffb57
"
}
},
{
"ref": "refs/tags/v1.1.0",
"node_id": "MDM6UmVmMzAyNjcwNzk3OnJlZnMvdGFncy92MS4xLjA=",
"url": "https://api.github.com/repos/ossf/scorecard/git/refs/tags/v1.1.0 ",
"object": {
"sha": "f2c633854602cf0c8f33164a169fb0a8454bee01",
"type": "tag",
"url": "f2c6338546
"
}
}
]
```
Annotated tags
https://api.github.com/repos/kubernetes/kubernetes/git/refs/tags
```
[
{
"ref": "refs/tags/v0.2",
"node_id": "MDM6UmVmMjA1ODA0OTg6cmVmcy90YWdzL3YwLjI=",
"url": "https://api.github.com/repos/kubernetes/kubernetes/git/refs/tags/v0.2 ",
"object": {
"sha": "64dbf9ae21dd0deb485f88b79b96eb35ca855138",
"type": "tag",
"url": "64dbf9ae21
"
}
}
]
```
The look for the tag fails because of there isn't a tag object but only a commit object.
87997ffb57
fixes #107
2021-02-12 14:26:54 -05:00
Naveen
ca1d6e85f0
Doc - Update README with the docker image ( #163 )
2021-02-11 15:27:16 -08:00
naveen
0b85e7e2e8
Fix - docker latest image
2021-02-11 16:32:07 -05:00
dependabot[bot]
2c23a47857
Bump github.com/spf13/cobra from 1.1.2 to 1.1.3
...
Bumps [github.com/spf13/cobra](https://github.com/spf13/cobra ) from 1.1.2 to 1.1.3.
- [Release notes](https://github.com/spf13/cobra/releases )
- [Changelog](https://github.com/spf13/cobra/blob/master/CHANGELOG.md )
- [Commits](https://github.com/spf13/cobra/compare/v1.1.2...v1.1.3 )
Signed-off-by: dependabot[bot] <support@github.com>
2021-02-11 11:15:34 -05:00
James Pether Sörling
127fda75ff
Update projects.txt ( #151 )
...
Add 3 projects by https://github.com/Hack23
Co-authored-by: Naveen <172697+naveensrinivasan@users.noreply.github.com>
Co-authored-by: dlorenc <lorenc.d@gmail.com>
2021-02-10 21:08:11 +00:00
naveen
6dd3698be8
Fix - Fixes the e2e tests for PR's
2021-02-10 16:07:03 -05:00
dependabot[bot]
7ef0cf9c55
Bump github.com/spf13/cobra from 1.1.1 to 1.1.2 ( #154 )
...
Bumps [github.com/spf13/cobra](https://github.com/spf13/cobra ) from 1.1.1 to 1.1.2.
- [Release notes](https://github.com/spf13/cobra/releases )
- [Changelog](https://github.com/spf13/cobra/blob/master/CHANGELOG.md )
- [Commits](https://github.com/spf13/cobra/compare/v1.1.1...v1.1.2 )
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2021-02-09 22:58:55 -08:00
naveen
7e158f80e5
Docker releases to GitHub Docker registry
...
This will release docker container to GitHub docker registry.
2021-02-09 10:54:01 -05:00
naveen
7ab314db7d
Fix - dependabot githubactions location
2021-02-06 14:22:06 -05:00
naveen
bcf8d0df92
Fix - dependabot yaml error
2021-02-06 12:49:11 -05:00
naveen
4ad4a4204b
Feature - enabled dependabot for githubactions
2021-02-06 12:33:46 -05:00
naveen
f385b0d9df
Feature - run scans from npm pacakge name
...
Implemented scans from npm package name.
2021-02-02 16:07:41 -05:00
naveen
0d77d8938f
Fix - tarball URL trailing slash
...
Fixed the tarball URL trailing slash which was causing Frozen-Dep checks
to fail.
2021-02-02 16:04:28 -05:00
dependabot[bot]
038e3b65c1
Bump github.com/onsi/gomega from 1.10.4 to 1.10.5
...
Bumps [github.com/onsi/gomega](https://github.com/onsi/gomega ) from 1.10.4 to 1.10.5.
- [Release notes](https://github.com/onsi/gomega/releases )
- [Changelog](https://github.com/onsi/gomega/blob/master/CHANGELOG.md )
- [Commits](https://github.com/onsi/gomega/compare/v1.10.4...v1.10.5 )
Signed-off-by: dependabot[bot] <support@github.com>
2021-02-02 09:18:34 -05:00
dependabot[bot]
717701bd61
Bump github.com/onsi/ginkgo from 1.14.2 to 1.15.0
...
Bumps [github.com/onsi/ginkgo](https://github.com/onsi/ginkgo ) from 1.14.2 to 1.15.0.
- [Release notes](https://github.com/onsi/ginkgo/releases )
- [Changelog](https://github.com/onsi/ginkgo/blob/master/CHANGELOG.md )
- [Commits](https://github.com/onsi/ginkgo/compare/v1.14.2...v1.15.0 )
Signed-off-by: dependabot[bot] <support@github.com>
2021-02-02 09:13:35 -05:00
Abhishek Arya
8493b0b9a0
Add remediation steps for various checks.
2021-01-27 08:19:49 -05:00
naveen
93373f7787
Fixes - Incorrect result for branch protection
2021-01-26 18:39:12 -05:00
naveen
2a1463b315
Feature - Report codecoverage to codecov.io
2021-01-26 17:49:11 -05:00
Abhishek Arya
09b83b9bf1
Fixes
...
- Fix nil exception in packaging on https://github.com/OSGeo/gdal
- Add jenkins ci in ci tests, tested on https://github.com/jenkinsci/jenkins
- Generalize function name in code review check.
2021-01-24 18:36:36 -05:00
naveen
33e9189d79
fix - panic on nil
...
Fixed the panic by doing a nil check. Fixes #135
2021-01-18 16:11:36 -05:00
Abhishek Arya
c00aa4b606
Add e2e tests for remaining checks.
2021-01-15 15:24:04 -05:00
Abhishek Arya
bcaa2e77f9
Lint fix.
2021-01-15 13:44:52 -05:00