laurentsimon
8b096ad4c0
✨ checks/evaluation logs findings ( #3409 )
...
* checks/validation logs findings
Signed-off-by: laurentsimon <laurentsimon@google.com>
* gofmt file
Signed-off-by: laurentsimon <laurentsimon@google.com>
* linter
Signed-off-by: laurentsimon <laurentsimon@google.com>
* revert go.sum
Signed-off-by: laurentsimon <laurentsimon@google.com>
* typo
Signed-off-by: laurentsimon <laurentsimon@google.com>
* add unit tests and address comments
Signed-off-by: laurentsimon <laurentsimon@google.com>
* update comment
Signed-off-by: laurentsimon <laurentsimon@google.com>
* missing file
Signed-off-by: laurentsimon <laurentsimon@google.com>
* use option 1
Signed-off-by: laurentsimon <laurentsimon@google.com>
* use got / want in test
Signed-off-by: laurentsimon <laurentsimon@google.com>
* missing tests updates
Signed-off-by: laurentsimon <laurentsimon@google.com>
---------
Signed-off-by: laurentsimon <laurentsimon@google.com>
2023-09-12 15:28:06 +00:00
laurentsimon
a8b255a224
✨ [experimental] Probe support for security policy check ( #3241 )
...
* update
Signed-off-by: laurentsimon <laurentsimon@google.com>
* update
Signed-off-by: laurentsimon <laurentsimon@google.com>
* update
Signed-off-by: laurentsimon <laurentsimon@google.com>
* update
Signed-off-by: laurentsimon <laurentsimon@google.com>
* update
Signed-off-by: laurentsimon <laurentsimon@google.com>
* update
Signed-off-by: laurentsimon <laurentsimon@google.com>
* update
Signed-off-by: laurentsimon <laurentsimon@google.com>
* update
Signed-off-by: laurentsimon <laurentsimon@google.com>
* update
Signed-off-by: laurentsimon <laurentsimon@google.com>
* update
Signed-off-by: laurentsimon <laurentsimon@google.com>
* update
Signed-off-by: laurentsimon <laurentsimon@google.com>
* update
Signed-off-by: laurentsimon <laurentsimon@google.com>
* update
Signed-off-by: laurentsimon <laurentsimon@google.com>
* fix unit tests
Signed-off-by: laurentsimon <laurentsimon@google.com>
* comments
Signed-off-by: laurentsimon <laurentsimon@google.com>
* compilation fix
Signed-off-by: laurentsimon <laurentsimon@google.com>
* missing file
Signed-off-by: laurentsimon <laurentsimon@google.com>
* missing file
Signed-off-by: laurentsimon <laurentsimon@google.com>
* update reason string
Signed-off-by: laurentsimon <laurentsimon@google.com>
* typo
Signed-off-by: laurentsimon <laurentsimon@google.com>
* fix unit tests
Signed-off-by: laurentsimon <laurentsimon@google.com>
* typo
Signed-off-by: laurentsimon <laurentsimon@google.com>
* unit tests and linnter
Signed-off-by: laurentsimon <laurentsimon@google.com>
* comments
Signed-off-by: laurentsimon <laurentsimon@google.com>
* comments
Signed-off-by: laurentsimon <laurentsimon@google.com>
* missing file
Signed-off-by: laurentsimon <laurentsimon@google.com>
* unit tests for probes
Signed-off-by: laurentsimon <laurentsimon@google.com>
* linter
Signed-off-by: laurentsimon <laurentsimon@google.com>
* revert FileSize change
Signed-off-by: laurentsimon <laurentsimon@google.com>
---------
Signed-off-by: laurentsimon <laurentsimon@google.com>
2023-08-04 04:52:15 +00:00
Arnaud J Le Hors
2169bc44c7
Use new project name in Copyright notices ( #2505 )
...
Signed-off-by: Arnaud J Le Hors <lehors@us.ibm.com>
Signed-off-by: Arnaud J Le Hors <lehors@us.ibm.com>
2022-12-01 15:08:48 -08:00
Azeem Shaikh
333618d0d2
Security-Policy
should not run on --local
(#1825 )
...
Co-authored-by: Azeem Shaikh <azeems@google.com>
2022-04-07 14:12:22 -05:00
laurentsimon
b1ab16e80f
✨ Add raw results to cron scans ( #1741 )
...
* draft
* updates
* updates
* updates
* updates
* updates
* comments
* comments
* comments
* comments
* comments
* comments
2022-03-18 19:05:14 -07:00
Azeem Shaikh
241b0f4b4d
Mark License
, Security-Policy
as commit-based ( #1711 )
...
Co-authored-by: Azeem Shaikh <azeems@google.com>
2022-03-04 11:24:06 -06:00
Azeem Shaikh
1c95237e4a
Only run allowed checks in different modes ( #1579 )
...
Co-authored-by: Azeem Shaikh <azeems@google.com>
2022-02-07 16:49:49 -08:00
naveen
f7b329e830
✨ Unit test for all_checks
...
Addresses https://github.com/ossf/scorecard/issues/435
Signed-off-by: naveen <172697+naveensrinivasan@users.noreply.github.com>
2022-01-12 17:24:38 -06:00
Azeem Shaikh
f2c57d2590
✨ Migrate to v4
2022-01-12 14:12:09 -06:00
laurentsimon
46e94eb925
✨ [DRAFT: RAW]: Security policy support ( #1372 )
...
* raw sec policy
* missing file
* fix validation of check.yml
* updates
* comments
* dea code
* comments
2021-12-14 23:51:42 +00:00
Chris McGehee
38b5199e9e
🐛 Adding line numbers to token-permissions and a couple other places ( #1363 )
...
* Adding line numbers to token-permissions and a couple other places
* Fix deadlink for security policy
Signed-off-by: Batuhan Apaydın <batuhan.apaydin@trendyol.com>
Co-authored-by: Furkan Türkal <furkan.turkal@trendyol.com>
* Updating formatting
Co-authored-by: Batuhan Apaydın <batuhan.apaydin@trendyol.com>
Co-authored-by: Furkan Türkal <furkan.turkal@trendyol.com>
2021-12-06 10:05:52 -06:00
laurentsimon
cc4949465b
✨ [Check split]: Binary-Artifacts ( #1244 )
...
* split binary artifact check
* fix
* missing file
* comments
* linter
* fix
* comments
* linter
2021-11-16 19:57:14 +00:00
laurentsimon
63e3b92466
fix ( #1277 )
2021-11-15 21:42:25 +00:00
Evgeny Vereshchagin
46611eac5d
Security-Policy: really look for the security policy
...
It was tested with the systemd project where the security policy
is kept in docs/SECURITY.md. Without this patch `scorecard`
says that the security policy can't be found.
2021-11-11 10:08:27 -06:00
laurentsimon
4cca9b4960
✨ Implement local repo client for local folders ( #1146 )
...
* draft
* draft
* docker file
* error
* fix
* fix
* bug
* comments
* missing merge
* fix
* merge issue
* fix
* validate format early
* comments
* fix
* fixes
* uncomment
* gate code for v4 code
* draft
* draft 2
* fix security-policy check
* fix
* merge fixes
* fixes
* fixes
* fixes
* fixes
* mock repo
* linter
* comments
* unit tests
* comments
2021-10-28 18:30:02 +00:00
laurentsimon
950e0e3d2d
✨ Add support for file-based repo URIs ( #1113 )
...
* draft
* draft
* docker file
* error
* fix
* fix
* fixa
* bug
* comments
* missing merge
* fix
* fix rebase
* merge issue
* fix
* validate format early
* fix
* fix2
* comments
* fix
2021-10-21 20:08:56 +00:00
Naveen
6c1c789dc5
🌱 v3 upgrade changes ( #1118 )
...
v3 go.mod changes
2021-10-07 18:16:01 -05:00
Azeem Shaikh
bc37c74b28
Remove Owner/Repo strings from CheckRequest ( #997 )
...
Co-authored-by: Azeem Shaikh <azeems@google.com>
2021-09-10 10:13:14 -07:00
Azeem Shaikh
afe5b40567
Make RepoClient as default interface for Scorecard ( #951 )
...
Co-authored-by: Azeem Shaikh <azeems@google.com>
2021-09-02 02:32:26 +00:00
Azeem Shaikh
2d65ab4f0c
Remove ErrRepoUnavailable ( #908 )
...
Co-authored-by: Azeem Shaikh <azeems@google.com>
2021-08-25 09:33:59 -07:00
Azeem Shaikh
41d0ce38c4
Replace errors.As
with Is
( #901 )
...
Co-authored-by: Azeem Shaikh <azeems@google.com>
2021-08-25 01:03:45 +00:00
laurentsimon
6403eb1382
✨ Transition Packaging, SAST, Security-policy, Signed-releases check to the new structured detail format ( #887 )
...
* move checks to new format
* fix
* comments
* fix
* comments
2021-08-24 01:44:06 +00:00
Mark J. Cox
20370f782a
🐛 Look for organisation default .github security.md files in all the locations they are allowed to be in ( #837 )
...
* The default community health files for an organisation can be in one of
three places, but the current check only looked in one of them. Expand
the check to all three places as per
https://docs.github.com/en/communities/setting-up-your-project-for-healthy-contributions/creating-a-default-community-health-file
This fixes scorecards failing to pick up the default Apache policy
https://github.com/apache/.github/blob/main/.github/SECURITY.md
Signed-off-by: Mark J. Cox <mark@awe.com>
* Wrap don't use a long line
* Follow the hint in the failure and run "gofmt -s" on it
2021-08-11 10:53:04 -07:00
Azeem Shaikh
83e9f52501
Enable revive linters which are used in google3 ( #793 )
...
Co-authored-by: Azeem Shaikh <azeems@google.com>
2021-07-31 22:31:34 +00:00
laurentsimon
29594d4294
✨ change signature of FileIfExist and FileContent ( #787 )
...
* draft
* add pinning
* remove functions
* typo
* commment
* name
2021-07-30 15:09:52 +00:00
Azeem Shaikh
df89767c35
Fix bug in SecurityPolicy ( #761 )
...
Co-authored-by: Azeem Shaikh <azeems@google.com>
2021-07-29 20:09:56 +00:00
Naveen
4d7fb5d748
🌱 Fix the go.mod with v2 upgrade ( #716 )
...
The go.mod and the related files weren't t updated with the v2 upgrade.
https://github.com/ossf/scorecard/issues/711
This fix will address the issue.
2021-07-26 13:01:25 -05:00
Azeem Shaikh
9bf1cdc9ce
Update ListFiles API to return error ( #746 )
...
Co-authored-by: Azeem Shaikh <azeems@google.com>
2021-07-25 17:47:36 -07:00
Azeem Shaikh
7c133bc767
Create APIs for MergedPRs and DefaultBranch ( #745 )
...
Co-authored-by: Azeem Shaikh <azeems@google.com>
2021-07-25 17:37:14 -07:00
laurentsimon
89c8e2af31
✨ [migration to score] 7: CI-Test, CII Best practices, security policy file ( #733 )
...
* ci, cii, sec file
* linter
* check doc
* typo
* fix
* comments
* linter
* fix sast
* fix score calc
2021-07-22 15:37:31 +00:00
Azeem Shaikh
2c2432b9df
Fix some bugs ( #659 )
...
Co-authored-by: Azeem Shaikh <azeems@google.com>
2021-07-07 15:04:43 +00:00
naveen
aeead94680
✨ Included security.rst as SecurityPolicy
...
* Included security.rst as name check for security policy.
2021-07-04 16:18:51 -05:00
Azeem Shaikh
be8aa3d713
Export registered check names ( #518 )
...
Co-authored-by: Azeem Shaikh <azeems@google.com>
2021-05-27 14:54:34 -07:00
Chris McGehee
35fece6491
Fix lint issues: lll linter ( #486 )
2021-05-22 17:29:18 +00:00
Chris McGehee
50f7ed8519
🌱 Fix lint issues: gochecknoinits linter ( #485 )
...
* Fix lint issues: gochecknoinits linter
* Fix lint issues: gochecknoinits linter
2021-05-22 13:19:52 -04:00
Abhishek Arya
5f82d2b9c0
✨ Add checks for workflow action pinning ( #466 )
...
Patch by Laurent Simon <laurentsimon@google.com>
Co-authored-by: Laurent Simon <laurentsimon@google.com>
2021-05-17 13:03:39 -07:00
Chris McGehee
06993b72ce
🐛 Fix linting issues (1 of n) ( #348 )
...
* Fix lint issues: whitespace linter
* Fix lint issues: wrapcheck linter
* Fix lint issues: errcheck linter
* Fix lint issues: paralleltest linter
* Fix lint issues: gocritic linter
Most changes from this commit are from passing checker.CheckResult by reference and not by value. gocritic identified that as a huge parameter.
gocritic also prefers regexp.MustCompile over Compile when the pattern is a const
2021-04-19 12:18:34 -07:00
Azeem Shaikh
a58818d258
🌱 : Reduce code duplication for follow-up cron refactoring ( #338 )
...
* ✨ Refactor to reduce code duplication
* ✨
* Move lib/ back to checker/
* Move lib/ back to checker/
* Move lib/ back to checker/
* Address PR comments.
* Addressing PR comments.
* Avoid printing `ShouldRetry` and `Error` in output JSON.
* Fix JSON output.
Co-authored-by: Azeem Shaikh <azeems@google.com>
2021-04-10 07:26:56 -05:00
naveen
c2ff48dc59
feat-Reduced GitHub API calls for security check
...
Reduced the number of calls to GitHub API from 16 to max of 2 calls.
Utilized tar ball to download and check for the contents of those files.
2021-02-25 21:55:54 -05:00
Nathan
554ca76bfe
Fix - golangci issues gomnd, goconst
...
Fixed the golangci issues for gomnd and goconst.
Added ginkgo dependency in the makefile.
2021-02-17 18:22:18 -05:00
Abhishek Arya
7e98eae46b
Allow other accepted variants of security.md case styles.
...
Fixes https://github.com/ossf/scorecard/issues/82
2020-11-27 13:59:07 -08:00
Abhishek Arya
dde26dfceb
Update checks for Gerrit use
2020-11-19 07:36:37 -08:00
Jamie Finnigan
879a9e2a0e
simplify by using c.Client.Repositories.DownloadContents instead
2020-11-10 09:34:09 -08:00
Jamie Finnigan
d9da174d30
extend Security-Policy check to check default community health files
2020-11-10 08:21:25 -08:00
Dan Lorenc
9f686dc707
Rename repo/modules.
2020-10-27 14:23:48 -05:00
Abhishek Arya
81eab9d2d8
Add license header and code of conduct files. ( #34 )
...
* Add license header and code of conduct files.
* Fill missing field.
2020-10-26 15:22:13 -05:00
Abhishek Arya
37362b640f
Add docs directory for security.md
...
Part of doc at
https://docs.github.com/en/free-pro-team@latest/github/managing-security-vulnerabilities/adding-a-security-policy-to-your-repository
2020-10-16 23:20:46 -07:00
Abhishek Arya
6e5ce52cae
Fix filenames to match check names, remove unneeded repos.txt. ( #15 )
...
* Fix filenames to match check names, remove unneeded repos.txt.
* Fix conflict.
* Minor fix.
2020-10-16 13:22:28 -05:00