scorecard

ossf/scorecard

Fork 0

mirror of https://github.com/ossf/scorecard.git synced 2024-09-21 05:57:42 +03:00

Commit Graph

Author SHA1 Message Date

Author	SHA1	Message	Date
Spencer Schrock	c59e93b9b2	🌱 Switch probe tests to helper func (#3782 ) * simplify test helper to verify finding outcomes Signed-off-by: Spencer Schrock <sschrock@google.com> * switch existing callers to helper func Signed-off-by: Spencer Schrock <sschrock@google.com> * remove TODO comments Signed-off-by: Spencer Schrock <sschrock@google.com> * fixup doc string Signed-off-by: Spencer Schrock <sschrock@google.com> --------- Signed-off-by: Spencer Schrock <sschrock@google.com>	2024-01-10 10:00:04 -08:00
Edgar Ramírez Mondragón	0e8e57dc3e	Support `.sigstore` bundles to check for signed releases (#3772 ) Signed-off-by: Edgar Ramírez Mondragón <edgarrm358@gmail.com>	2024-01-05 08:35:46 -08:00
AdamKorcz	2c20be03cb	convert Signed Releases to probes (#3610 ) * convert Signed Releases to probes Signed-off-by: AdamKorcz <adam@adalogics.com> * Specify that probe is for Github and Gitlab only Signed-off-by: AdamKorcz <adam@adalogics.com> * use in loop instead of Signed-off-by: AdamKorcz <adam@adalogics.com> * fix linter issues Signed-off-by: AdamKorcz <adam@adalogics.com> * fix more linter issues Signed-off-by: AdamKorcz <adam@adalogics.com> * specify Github and Gitlab in provenance def.yml Signed-off-by: AdamKorcz <adam@adalogics.com> * Add link to slsa-github-generator Signed-off-by: AdamKorcz <adam@adalogics.com> * Add instructions on signing with Cosign Signed-off-by: AdamKorcz <adam@adalogics.com> * refactor evaluation Signed-off-by: Adam Korczynski <adam@adalogics.com> * debug failing integration test Signed-off-by: Adam Korczynski <adam@adalogics.com> * remove unused nolints Signed-off-by: Adam Korczynski <adam@adalogics.com> * expose release name asset names in finding values Signed-off-by: Adam Korczynski <adam@adalogics.com> * fix failed integration test Signed-off-by: Adam Korczynski <adam@adalogics.com> * remove 'totalReleases' value from findings Signed-off-by: Adam Korczynski <adam@adalogics.com> * remove left-over cases of "totalReleases" values in findings Signed-off-by: Adam Korczynski <adam@adalogics.com> * remove remaining totalReleases values Signed-off-by: Adam Korczynski <adam@adalogics.com> * use const probe names instead of hard-coded strings Signed-off-by: Adam Korczynski <adam@adalogics.com> * remove totalReleases from test helper arguments Signed-off-by: Adam Korczynski <adam@adalogics.com> * merge test helpers Signed-off-by: Adam Korczynski <adam@adalogics.com> --------- Signed-off-by: AdamKorcz <adam@adalogics.com> Signed-off-by: Adam Korczynski <adam@adalogics.com>	2023-12-13 07:51:32 -08:00

Spencer Schrock

c59e93b9b2

🌱 Switch probe tests to helper func (#3782 )

* simplify test helper to verify finding outcomes

Signed-off-by: Spencer Schrock <sschrock@google.com>

* switch existing callers to helper func

Signed-off-by: Spencer Schrock <sschrock@google.com>

* remove TODO comments

Signed-off-by: Spencer Schrock <sschrock@google.com>

* fixup doc string

Signed-off-by: Spencer Schrock <sschrock@google.com>

---------

Signed-off-by: Spencer Schrock <sschrock@google.com>

2024-01-10 10:00:04 -08:00

Edgar Ramírez Mondragón

0e8e57dc3e

Support .sigstore bundles to check for signed releases (#3772 )

Signed-off-by: Edgar Ramírez Mondragón <edgarrm358@gmail.com>

2024-01-05 08:35:46 -08:00

AdamKorcz

2c20be03cb

convert Signed Releases to probes (#3610 )

* convert Signed Releases to probes

Signed-off-by: AdamKorcz <adam@adalogics.com>

* Specify that probe is for Github and Gitlab only

Signed-off-by: AdamKorcz <adam@adalogics.com>

* use  in loop instead of

Signed-off-by: AdamKorcz <adam@adalogics.com>

* fix linter issues

Signed-off-by: AdamKorcz <adam@adalogics.com>

* fix more linter issues

Signed-off-by: AdamKorcz <adam@adalogics.com>

* specify Github and Gitlab in provenance def.yml

Signed-off-by: AdamKorcz <adam@adalogics.com>

* Add link to slsa-github-generator

Signed-off-by: AdamKorcz <adam@adalogics.com>

* Add instructions on signing with Cosign

Signed-off-by: AdamKorcz <adam@adalogics.com>

* refactor evaluation

Signed-off-by: Adam Korczynski <adam@adalogics.com>

* debug failing integration test

Signed-off-by: Adam Korczynski <adam@adalogics.com>

* remove unused nolints

Signed-off-by: Adam Korczynski <adam@adalogics.com>

* expose release name asset names in finding values

Signed-off-by: Adam Korczynski <adam@adalogics.com>

* fix failed integration test

Signed-off-by: Adam Korczynski <adam@adalogics.com>

* remove 'totalReleases' value from findings

Signed-off-by: Adam Korczynski <adam@adalogics.com>

* remove left-over cases of "totalReleases" values in findings

Signed-off-by: Adam Korczynski <adam@adalogics.com>

* remove remaining totalReleases values

Signed-off-by: Adam Korczynski <adam@adalogics.com>

* use const probe names instead of hard-coded strings

Signed-off-by: Adam Korczynski <adam@adalogics.com>

* remove totalReleases from test helper arguments

Signed-off-by: Adam Korczynski <adam@adalogics.com>

* merge test helpers

Signed-off-by: Adam Korczynski <adam@adalogics.com>

---------

Signed-off-by: AdamKorcz <adam@adalogics.com>
Signed-off-by: Adam Korczynski <adam@adalogics.com>

2023-12-13 07:51:32 -08:00

3 Commits