Naveen
f1d7a62059
🌱 Fixed field alignment ( #3799 )
...
- Fixed field alignment
Signed-off-by: naveensrinivasan <172697+naveensrinivasan@users.noreply.github.com>
2024-01-17 19:10:33 +00:00
David E Worth
f4bf574c86
📖 fixup transposition typos in remediation package ( #3734 )
...
Signed-off-by: Dave Worth <dave@ensignia.co>
2023-12-18 15:10:12 -05:00
Spencer Schrock
1625b0c578
🌱 Disable more style linters for test files ( #3707 )
...
* disable lll linter for test files
* disable goerr113 linter for tests
* disable wrapcheck linter for tests
* fix easy linter issues in tests
---------
Signed-off-by: Spencer Schrock <sschrock@google.com>
2023-12-04 02:14:01 +00:00
Spencer Schrock
92470deac3
🌱 enable nolintlint
linter and fix violations ( #3650 )
...
* enable nolintlint
Signed-off-by: Spencer Schrock <sschrock@google.com>
* first chunk of fixing nolintlint
Signed-off-by: Spencer Schrock <sschrock@google.com>
* second chunk of fixing nolintlint
Signed-off-by: Spencer Schrock <sschrock@google.com>
* third chunk of fixing nolintlint
Signed-off-by: Spencer Schrock <sschrock@google.com>
* fourth chunk of fixing nolintlint
Signed-off-by: Spencer Schrock <sschrock@google.com>
* include reason for the specific linter config
Signed-off-by: Spencer Schrock <sschrock@google.com>
* fifth chunk of fixing nolintlint
Signed-off-by: Spencer Schrock <sschrock@google.com>
* fix linter errors that are somehow still triggering
Signed-off-by: Spencer Schrock <sschrock@google.com>
---------
Signed-off-by: Spencer Schrock <sschrock@google.com>
2023-11-15 11:44:28 -08:00
Naveen
fe7a8441ad
🌱 Improve workflow pinning remediation tests ( #3021 )
...
- Add 3 tests for workflow pinning remediation
[remediation/remediations_test.go]
- Add 3 tests for workflow pinning remediation
Signed-off-by: naveensrinivasan <172697+naveensrinivasan@users.noreply.github.com>
2023-05-22 16:55:45 +00:00
laurentsimon
2ea140a3ee
✨ Structured results for permissions ( #2584 )
...
* update
Signed-off-by: laurentsimon <laurentsimon@google.com>
* update
Signed-off-by: laurentsimon <laurentsimon@google.com>
* update
Signed-off-by: laurentsimon <laurentsimon@google.com>
* update
Signed-off-by: laurentsimon <laurentsimon@google.com>
* update
Signed-off-by: laurentsimon <laurentsimon@google.com>
* update
Signed-off-by: laurentsimon <laurentsimon@google.com>
* update
Signed-off-by: laurentsimon <laurentsimon@google.com>
* update
Signed-off-by: laurentsimon <laurentsimon@google.com>
* update
Signed-off-by: laurentsimon <laurentsimon@google.com>
* update
Signed-off-by: laurentsimon <laurentsimon@google.com>
* update
Signed-off-by: laurentsimon <laurentsimon@google.com>
* update
Signed-off-by: laurentsimon <laurentsimon@google.com>
* update
Signed-off-by: laurentsimon <laurentsimon@google.com>
* update
Signed-off-by: laurentsimon <laurentsimon@google.com>
* Update checks/evaluation/permissions/GitHubWorkflowPermissionsTopNoWrite.yml
Co-authored-by: Joyce <joycebrumu.u@gmail.com>
Signed-off-by: laurentsimon <64505099+laurentsimon@users.noreply.github.com>
* update
Signed-off-by: laurentsimon <laurentsimon@google.com>
* Update checks/evaluation/permissions/GitHubWorkflowPermissionsStepsNoWrite.yml
Co-authored-by: Joyce <joycebrumu.u@gmail.com>
Signed-off-by: laurentsimon <64505099+laurentsimon@users.noreply.github.com>
* Update checks/evaluation/permissions/GitHubWorkflowPermissionsStepsNoWrite.yml
Co-authored-by: Joyce <joycebrumu.u@gmail.com>
Signed-off-by: laurentsimon <64505099+laurentsimon@users.noreply.github.com>
* Update checks/evaluation/permissions/GitHubWorkflowPermissionsStepsNoWrite.yml
Co-authored-by: Joyce <joycebrumu.u@gmail.com>
Signed-off-by: laurentsimon <64505099+laurentsimon@users.noreply.github.com>
* update
Signed-off-by: laurentsimon <laurentsimon@google.com>
* update
Signed-off-by: laurentsimon <laurentsimon@google.com>
* update
Signed-off-by: laurentsimon <laurentsimon@google.com>
* update
Signed-off-by: laurentsimon <laurentsimon@google.com>
* update
Signed-off-by: laurentsimon <laurentsimon@google.com>
* update
Signed-off-by: laurentsimon <laurentsimon@google.com>
* update
Signed-off-by: laurentsimon <laurentsimon@google.com>
* update
Signed-off-by: laurentsimon <laurentsimon@google.com>
* update
Signed-off-by: laurentsimon <laurentsimon@google.com>
* update
Signed-off-by: laurentsimon <laurentsimon@google.com>
* update
Signed-off-by: laurentsimon <laurentsimon@google.com>
* update
Signed-off-by: laurentsimon <laurentsimon@google.com>
* update
Signed-off-by: laurentsimon <laurentsimon@google.com>
* update
Signed-off-by: laurentsimon <laurentsimon@google.com>
* update
Signed-off-by: laurentsimon <laurentsimon@google.com>
* update
Signed-off-by: laurentsimon <laurentsimon@google.com>
---------
Signed-off-by: laurentsimon <laurentsimon@google.com>
Signed-off-by: laurentsimon <64505099+laurentsimon@users.noreply.github.com>
Co-authored-by: Joyce <joycebrumu.u@gmail.com>
2023-01-30 18:41:36 -08:00
Spencer Schrock
47be52369d
🐛 Retain tag when remediating unpinned docker images. ( #2595 )
...
Signed-off-by: Spencer Schrock <sschrock@google.com>
Signed-off-by: Spencer Schrock <sschrock@google.com>
2023-01-11 12:59:17 -08:00
Arnaud J Le Hors
2169bc44c7
Use new project name in Copyright notices ( #2505 )
...
Signed-off-by: Arnaud J Le Hors <lehors@us.ibm.com>
Signed-off-by: Arnaud J Le Hors <lehors@us.ibm.com>
2022-12-01 15:08:48 -08:00
Spencer Schrock
6dcfde9299
🐛 Fix remediation text when Scorecard is run multiple times within a program ( #2168 )
...
* quick fix for wrong info in remediation text
* add test for old, incorrect behavior
* Rename Setup to New
2022-08-17 16:10:49 -05:00
Varun Sharma
86d1c7c37a
🐛 Fix bug 2051 ( #2140 )
...
* Fix bug 2051
Signed-off-by: Varun Sharma <varunsh@stepsecurity.io>
* Fix lint errors and add mock code
Signed-off-by: Varun Sharma <varunsh@stepsecurity.io>
* Fix unit test
Signed-off-by: Varun Sharma <varunsh@stepsecurity.io>
Signed-off-by: Varun Sharma <varunsh@stepsecurity.io>
Co-authored-by: laurentsimon <64505099+laurentsimon@users.noreply.github.com>
2022-08-12 16:23:07 +00:00
Spencer Schrock
096cbd0622
✨ Use crane to add hash suggestion to unpinned Docker images ( #2037 )
...
* Use crane to add hash suggestion to unpinned Docker images
* Add nil check before dereferencing name for image digest
* Reformat changes to comply with linter
* Add basic remediation for dockerfile pinning
* Deduplicate remediation code
* Remove reference to linux/amd64, as crane digest should be universal
* add remediation info to scorecard output. switch to using strings.Builder for more maintainable logic
2022-07-19 10:56:49 -07:00
laurentsimon
838f62f65a
✨ Add raw results for Token-Permissions ( #1912 )
...
* draft
* update
* update
* draft
* updates
* update
* update
* update
* update
* update
* update
* update
* update
* e2e test for empty repo
* update
* rename structure
* update
2022-07-15 21:48:50 +00:00
laurentsimon
3957460c2b
update ( #2011 )
2022-06-29 10:10:15 -07:00
laurentsimon
4bd3391a36
✨ Raw results for Pinned-Dependencies ( #1932 )
...
* backup
* update
* update
* draft
* updates
* updates
* updates
* updates
* fix
* linter
* updates
* updates
* updates
* updates
* updates
* updates
* updates
* linter
* comments
* linter
* linter
* tests
* updates
* updates
* tests
2022-06-06 14:31:22 -07:00