ossf/scorecard
1
1
Fork 0
mirror of https://github.com/ossf/scorecard.git synced 2024-09-19 21:18:09 +03:00
Code Issues Actions 1 Packages Projects Releases Wiki Activity
431 Commits 36 Branches 42 Tags 436 MiB
7b4ee9bc9f
Commit Graph

431 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
naveen
9c4a4596ed Testing - Slash command 2021-02-19 14:04:24 -05:00
dependabot[bot]
030ab1dbc5 Bump peter-evans/slash-command-dispatch from v1 to v2.1.3 
Bumps [peter-evans/slash-command-dispatch](https://github.com/peter-evans/slash-command-dispatch) from v1 to v2.1.3.
- [Release notes](https://github.com/peter-evans/slash-command-dispatch/releases)
- [Commits](https://github.com/peter-evans/slash-command-dispatch/compare/v1...72ab5a2e417e454aa8e89c43b28e36fe331e00a5)

Signed-off-by: dependabot[bot] <support@github.com>
 2021-02-19 08:28:45 -05:00
Edoardo Tenani
efd18c84a1 roundtripper: ignore gosec G101 error 
As per issue #172 this is not an issue, as there is no real GitHub token
in the constant.
 2021-02-19 08:23:57 -05:00
naveen
1e93904a66 Fix - Remove the app reference for the slash token 2021-02-18 16:14:12 -05:00
naveen
9b4b8be7e0 Feature - ok-to-test in github action 2021-02-18 15:45:55 -05:00
naveen
e94e53965e Fix - Changes to reflect the scorecard score 
The score of the scorecard is improving with signed-release and updating
the tests to reflect that.
 2021-02-17 20:40:58 -05:00
nathannaveen
1a00062a09 Fix - golangci issues gomnd, goconst 
Fixed the golangci issues for gomnd and goconst.
Added ginkgo dependency in the makefile.
 2021-02-17 18:22:18 -05:00
Nathan
554ca76bfe Fix - golangci issues gomnd, goconst 
Fixed the golangci issues for gomnd and goconst.
Added ginkgo dependency in the makefile.
 2021-02-17 18:22:18 -05:00
naveen
f906f3f568 Feature - sign releases 2021-02-17 17:53:41 -05:00
naveen
f57080098c Doc - Updates to README and CONTRIBUTING 2021-02-16 17:00:36 -05:00
naveen
ef4c8d0758 Fix - refactor the lint in the actions 2021-02-16 15:59:50 -05:00
Dan Lorenc
5958a04192 Slow down to every few days. 2021-02-16 14:48:31 -05:00
naveen
51f017b206 Fix - ignore empty github token 2021-02-16 14:35:22 -05:00
naveen
db7bfcf342 Fix - golanglint-ci report only new issues 2021-02-16 14:23:03 -05:00
naveen
ce8e1e79ea Feature - Include additional linters for golangci 
Included additional linters for golangci. The new linters would be
reported existing issues.
 2021-02-16 14:06:59 -05:00
naveen
7a713e5b43 Feature - Serve json response in http 
If the "Content-Type"== "application/json" then serve json response
 2021-02-16 11:26:09 -05:00
dependabot[bot]
64660915d6 Bump golangci/golangci-lint-action from v2 to v2.4.0 
Bumps [golangci/golangci-lint-action](https://github.com/golangci/golangci-lint-action) from v2 to v2.4.0.
- [Release notes](https://github.com/golangci/golangci-lint-action/releases)
- [Commits](https://github.com/golangci/golangci-lint-action/compare/v2...544d2efb307b3f205f34886f2787046abe7fb26e)

Signed-off-by: dependabot[bot] <support@github.com>
 2021-02-15 08:48:59 -05:00
Abhishek Arya
5fcaa98d6f
Add top 200 for all langs from criticality score repo. (#181) 
From https://github.com/ossf/criticality_score#public-data
and combine with existing projects list.
 2021-02-14 16:39:16 -05:00
naveen
b20e33c24b Fix - go build to static binaries 2021-02-14 15:01:41 -05:00
Abhishek Arya
fc251d9d42 Add security policy to e2e test. 2021-02-14 12:50:24 -05:00
naveen
af2132e927 Fix- e2e tests to include the executable 
Included e2e tests for the executable with JSON
 2021-02-14 11:46:17 -05:00
Naveen
30d69310c6
Fix - Organization checks for members (#170) 
* Fix - Organization checks for members

* Fix - Turn off automatic releasenotes generation

Turn off automatic release notes for CII https://bestpractices.coreinfrastructure.org/

* Fix - Organization checks for members
 2021-02-14 10:46:14 -05:00
naveen
70ff5a94ce Fix - Turn off automatic releasenotes generation 
Turn off automatic release notes for CII https://bestpractices.coreinfrastructure.org/
 2021-02-14 10:31:35 -05:00
Abhishek Arya
7336fa167a Add SECURITY.md 
Based on template from Anne.
Fixes https://github.com/ossf/scorecard/issues/165
 2021-02-13 14:53:06 -05:00
naveen
4bdc158018 Fix - packging workflow for docker push 2021-02-12 21:16:44 -05:00
Naveen
c77e995ae5
Fix - output message for non default output (#167) 
The json output had non-json output. Fixed it output only for default
output.
 2021-02-12 18:13:54 -08:00
naveen
cb7ee064b9 Feature - container scanning for scorecard 2021-02-12 17:01:58 -05:00
Abhishek Arya
ad7cc4a951 Add colon before sha. 2021-02-12 14:26:54 -05:00
naveen
2ad8b35b91 Fixes - verifiedtag checks 
The reason the tags aren't working for certain repositories is that because the Lightweight Tags
vs Annotated Tags

>Basically, lightweight tags are just pointers to specific commits. No further information is saved;
on the other hand, annotated tags are regular objects, which have an author and a
date and can be referred because they have their own SHA key.

https://api.github.com/repos/ossf/scorecard/git/refs/tags

```
[
  {
    "ref": "refs/tags/v1.0.0",
    "node_id": "MDM6UmVmMzAyNjcwNzk3OnJlZnMvdGFncy92MS4wLjA=",
    "url": "https://api.github.com/repos/ossf/scorecard/git/refs/tags/v1.0.0",
    "object": {
      "sha": "87997ffb5724cb479223a08a2890c60b0ea4bfbd",
      "type": "commit",
      "url": "87997ffb57"
    }
  },
  {
    "ref": "refs/tags/v1.1.0",
    "node_id": "MDM6UmVmMzAyNjcwNzk3OnJlZnMvdGFncy92MS4xLjA=",
    "url": "https://api.github.com/repos/ossf/scorecard/git/refs/tags/v1.1.0",
    "object": {
      "sha": "f2c633854602cf0c8f33164a169fb0a8454bee01",
      "type": "tag",
      "url": "f2c6338546"
    }
  }
]
```
Annotated tags

https://api.github.com/repos/kubernetes/kubernetes/git/refs/tags

```
[
  {
    "ref": "refs/tags/v0.2",
    "node_id": "MDM6UmVmMjA1ODA0OTg6cmVmcy90YWdzL3YwLjI=",
    "url": "https://api.github.com/repos/kubernetes/kubernetes/git/refs/tags/v0.2",
    "object": {
      "sha": "64dbf9ae21dd0deb485f88b79b96eb35ca855138",
      "type": "tag",
      "url": "64dbf9ae21"
    }
  }
  ]
```

The look for the tag fails because of there isn't a tag object but only a commit object.
87997ffb57

fixes #107
 2021-02-12 14:26:54 -05:00
Naveen
ca1d6e85f0
Doc - Update README with the docker image (#163) 2021-02-11 15:27:16 -08:00
naveen
0b85e7e2e8 Fix - docker latest image 2021-02-11 16:32:07 -05:00
dependabot[bot]
2c23a47857 Bump github.com/spf13/cobra from 1.1.2 to 1.1.3 
Bumps [github.com/spf13/cobra](https://github.com/spf13/cobra) from 1.1.2 to 1.1.3.
- [Release notes](https://github.com/spf13/cobra/releases)
- [Changelog](https://github.com/spf13/cobra/blob/master/CHANGELOG.md)
- [Commits](https://github.com/spf13/cobra/compare/v1.1.2...v1.1.3)

Signed-off-by: dependabot[bot] <support@github.com>
 2021-02-11 11:15:34 -05:00
James Pether Sörling
127fda75ff
Update projects.txt (#151) 
Add 3 projects by https://github.com/Hack23

Co-authored-by: Naveen <172697+naveensrinivasan@users.noreply.github.com>
Co-authored-by: dlorenc <lorenc.d@gmail.com>
 2021-02-10 21:08:11 +00:00
naveen
6dd3698be8 Fix - Fixes the e2e tests for PR's 2021-02-10 16:07:03 -05:00
dependabot[bot]
7ef0cf9c55
Bump github.com/spf13/cobra from 1.1.1 to 1.1.2 (#154) 
Bumps [github.com/spf13/cobra](https://github.com/spf13/cobra) from 1.1.1 to 1.1.2.
- [Release notes](https://github.com/spf13/cobra/releases)
- [Changelog](https://github.com/spf13/cobra/blob/master/CHANGELOG.md)
- [Commits](https://github.com/spf13/cobra/compare/v1.1.1...v1.1.2)

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2021-02-09 22:58:55 -08:00
naveen
7e158f80e5 Docker releases to GitHub Docker registry 
This will release docker container to GitHub docker registry.
 2021-02-09 10:54:01 -05:00
naveen
7ab314db7d Fix - dependabot githubactions location 2021-02-06 14:22:06 -05:00
naveen
bcf8d0df92 Fix - dependabot yaml error 2021-02-06 12:49:11 -05:00
naveen
4ad4a4204b Feature - enabled dependabot for githubactions 2021-02-06 12:33:46 -05:00
naveen
f385b0d9df Feature - run scans from npm pacakge name 
Implemented scans from npm package name.
 2021-02-02 16:07:41 -05:00
naveen
0d77d8938f Fix - tarball URL trailing slash 
Fixed the tarball URL trailing slash which was causing Frozen-Dep checks
to fail.
 2021-02-02 16:04:28 -05:00
dependabot[bot]
038e3b65c1 Bump github.com/onsi/gomega from 1.10.4 to 1.10.5 
Bumps [github.com/onsi/gomega](https://github.com/onsi/gomega) from 1.10.4 to 1.10.5.
- [Release notes](https://github.com/onsi/gomega/releases)
- [Changelog](https://github.com/onsi/gomega/blob/master/CHANGELOG.md)
- [Commits](https://github.com/onsi/gomega/compare/v1.10.4...v1.10.5)

Signed-off-by: dependabot[bot] <support@github.com>
 2021-02-02 09:18:34 -05:00
dependabot[bot]
717701bd61 Bump github.com/onsi/ginkgo from 1.14.2 to 1.15.0 
Bumps [github.com/onsi/ginkgo](https://github.com/onsi/ginkgo) from 1.14.2 to 1.15.0.
- [Release notes](https://github.com/onsi/ginkgo/releases)
- [Changelog](https://github.com/onsi/ginkgo/blob/master/CHANGELOG.md)
- [Commits](https://github.com/onsi/ginkgo/compare/v1.14.2...v1.15.0)

Signed-off-by: dependabot[bot] <support@github.com>
 2021-02-02 09:13:35 -05:00
Abhishek Arya
8493b0b9a0 Add remediation steps for various checks. 2021-01-27 08:19:49 -05:00
naveen
93373f7787 Fixes - Incorrect result for branch protection 2021-01-26 18:39:12 -05:00
naveen
2a1463b315 Feature - Report codecoverage to codecov.io 2021-01-26 17:49:11 -05:00
Abhishek Arya
09b83b9bf1 Fixes 
- Fix nil exception in packaging on https://github.com/OSGeo/gdal
- Add jenkins ci in ci tests, tested on https://github.com/jenkinsci/jenkins
- Generalize function name in code review check.
 2021-01-24 18:36:36 -05:00
naveen
33e9189d79 fix - panic on nil 
Fixed the panic by doing a nil check. Fixes #135
 2021-01-18 16:11:36 -05:00
Abhishek Arya
c00aa4b606 Add e2e tests for remaining checks. 2021-01-15 15:24:04 -05:00
Abhishek Arya
bcaa2e77f9 Lint fix. 2021-01-15 13:44:52 -05:00