ossf/scorecard
1
1
Fork 0
mirror of https://github.com/ossf/scorecard.git synced 2024-09-21 05:57:42 +03:00
Code Issues Actions 7 Packages Projects Releases Wiki Activity
2,450 Commits 35 Branches 42 Tags 436 MiB
9440b761df
Commit Graph

14 Commits

Author SHA1 Message Date
Naveen
f1d7a62059
🌱 Fixed field alignment (#3799) 
- Fixed field alignment

Signed-off-by: naveensrinivasan <172697+naveensrinivasan@users.noreply.github.com>
 2024-01-17 19:10:33 +00:00
David E Worth
f4bf574c86
📖 fixup transposition typos in remediation package (#3734) 
Signed-off-by: Dave Worth <dave@ensignia.co>
 2023-12-18 15:10:12 -05:00
Spencer Schrock
1625b0c578
🌱 Disable more style linters for test files (#3707) 
* disable lll linter for test files
* disable goerr113 linter for tests
* disable wrapcheck linter for tests
* fix easy linter issues in tests

---------

Signed-off-by: Spencer Schrock <sschrock@google.com>
 2023-12-04 02:14:01 +00:00
Spencer Schrock
92470deac3
🌱 enable nolintlint linter and fix violations (#3650) 
* enable nolintlint

Signed-off-by: Spencer Schrock <sschrock@google.com>

* first chunk of fixing nolintlint

Signed-off-by: Spencer Schrock <sschrock@google.com>

* second chunk of fixing nolintlint

Signed-off-by: Spencer Schrock <sschrock@google.com>

* third chunk of fixing nolintlint

Signed-off-by: Spencer Schrock <sschrock@google.com>

* fourth chunk of fixing nolintlint

Signed-off-by: Spencer Schrock <sschrock@google.com>

* include reason for the specific linter config

Signed-off-by: Spencer Schrock <sschrock@google.com>

* fifth chunk of fixing nolintlint

Signed-off-by: Spencer Schrock <sschrock@google.com>

* fix linter errors that are somehow still triggering

Signed-off-by: Spencer Schrock <sschrock@google.com>

---------

Signed-off-by: Spencer Schrock <sschrock@google.com>
 2023-11-15 11:44:28 -08:00
Naveen
fe7a8441ad
🌱 Improve workflow pinning remediation tests (#3021) 
- Add 3 tests for workflow pinning remediation

[remediation/remediations_test.go]
- Add 3 tests for workflow pinning remediation

Signed-off-by: naveensrinivasan <172697+naveensrinivasan@users.noreply.github.com>
 2023-05-22 16:55:45 +00:00
laurentsimon
2ea140a3ee
Structured results for permissions (#2584) 
* update

Signed-off-by: laurentsimon <laurentsimon@google.com>

* update

Signed-off-by: laurentsimon <laurentsimon@google.com>

* update

Signed-off-by: laurentsimon <laurentsimon@google.com>

* update

Signed-off-by: laurentsimon <laurentsimon@google.com>

* update

Signed-off-by: laurentsimon <laurentsimon@google.com>

* update

Signed-off-by: laurentsimon <laurentsimon@google.com>

* update

Signed-off-by: laurentsimon <laurentsimon@google.com>

* update

Signed-off-by: laurentsimon <laurentsimon@google.com>

* update

Signed-off-by: laurentsimon <laurentsimon@google.com>

* update

Signed-off-by: laurentsimon <laurentsimon@google.com>

* update

Signed-off-by: laurentsimon <laurentsimon@google.com>

* update

Signed-off-by: laurentsimon <laurentsimon@google.com>

* update

Signed-off-by: laurentsimon <laurentsimon@google.com>

* update

Signed-off-by: laurentsimon <laurentsimon@google.com>

* Update checks/evaluation/permissions/GitHubWorkflowPermissionsTopNoWrite.yml

Co-authored-by: Joyce <joycebrumu.u@gmail.com>
Signed-off-by: laurentsimon <64505099+laurentsimon@users.noreply.github.com>

* update

Signed-off-by: laurentsimon <laurentsimon@google.com>

* Update checks/evaluation/permissions/GitHubWorkflowPermissionsStepsNoWrite.yml

Co-authored-by: Joyce <joycebrumu.u@gmail.com>
Signed-off-by: laurentsimon <64505099+laurentsimon@users.noreply.github.com>

* Update checks/evaluation/permissions/GitHubWorkflowPermissionsStepsNoWrite.yml

Co-authored-by: Joyce <joycebrumu.u@gmail.com>
Signed-off-by: laurentsimon <64505099+laurentsimon@users.noreply.github.com>

* Update checks/evaluation/permissions/GitHubWorkflowPermissionsStepsNoWrite.yml

Co-authored-by: Joyce <joycebrumu.u@gmail.com>
Signed-off-by: laurentsimon <64505099+laurentsimon@users.noreply.github.com>

* update

Signed-off-by: laurentsimon <laurentsimon@google.com>

* update

Signed-off-by: laurentsimon <laurentsimon@google.com>

* update

Signed-off-by: laurentsimon <laurentsimon@google.com>

* update

Signed-off-by: laurentsimon <laurentsimon@google.com>

* update

Signed-off-by: laurentsimon <laurentsimon@google.com>

* update

Signed-off-by: laurentsimon <laurentsimon@google.com>

* update

Signed-off-by: laurentsimon <laurentsimon@google.com>

* update

Signed-off-by: laurentsimon <laurentsimon@google.com>

* update

Signed-off-by: laurentsimon <laurentsimon@google.com>

* update

Signed-off-by: laurentsimon <laurentsimon@google.com>

* update

Signed-off-by: laurentsimon <laurentsimon@google.com>

* update

Signed-off-by: laurentsimon <laurentsimon@google.com>

* update

Signed-off-by: laurentsimon <laurentsimon@google.com>

* update

Signed-off-by: laurentsimon <laurentsimon@google.com>

* update

Signed-off-by: laurentsimon <laurentsimon@google.com>

* update

Signed-off-by: laurentsimon <laurentsimon@google.com>

---------

Signed-off-by: laurentsimon <laurentsimon@google.com>
Signed-off-by: laurentsimon <64505099+laurentsimon@users.noreply.github.com>
Co-authored-by: Joyce <joycebrumu.u@gmail.com>
 2023-01-30 18:41:36 -08:00
Spencer Schrock
47be52369d
🐛 Retain tag when remediating unpinned docker images. (#2595) 
Signed-off-by: Spencer Schrock <sschrock@google.com>

Signed-off-by: Spencer Schrock <sschrock@google.com>
 2023-01-11 12:59:17 -08:00
Arnaud J Le Hors
2169bc44c7
Use new project name in Copyright notices (#2505) 
Signed-off-by: Arnaud J Le Hors <lehors@us.ibm.com>

Signed-off-by: Arnaud J Le Hors <lehors@us.ibm.com>
 2022-12-01 15:08:48 -08:00
Spencer Schrock
6dcfde9299
🐛 Fix remediation text when Scorecard is run multiple times within a program (#2168) 
* quick fix for wrong info in remediation text

* add test for old, incorrect  behavior

* Rename Setup to New
 2022-08-17 16:10:49 -05:00
Varun Sharma
86d1c7c37a
🐛 Fix bug 2051 (#2140) 
* Fix bug 2051

Signed-off-by: Varun Sharma <varunsh@stepsecurity.io>

* Fix lint errors and add mock code

Signed-off-by: Varun Sharma <varunsh@stepsecurity.io>

* Fix unit test

Signed-off-by: Varun Sharma <varunsh@stepsecurity.io>

Signed-off-by: Varun Sharma <varunsh@stepsecurity.io>
Co-authored-by: laurentsimon <64505099+laurentsimon@users.noreply.github.com>
 2022-08-12 16:23:07 +00:00
Spencer Schrock
096cbd0622
Use crane to add hash suggestion to unpinned Docker images (#2037) 
* Use crane to add hash suggestion to unpinned Docker images

* Add nil check before dereferencing name for image digest

* Reformat changes to comply with linter

* Add basic remediation for dockerfile pinning

* Deduplicate remediation code

* Remove reference to linux/amd64, as crane digest should be universal

* add remediation info to scorecard output. switch to using strings.Builder for more maintainable logic
 2022-07-19 10:56:49 -07:00
laurentsimon
838f62f65a
Add raw results for Token-Permissions (#1912) 
* draft

* update

* update

* draft

* updates

* update

* update

* update

* update

* update

* update

* update

* update

* e2e test for empty repo

* update

* rename structure

* update
 2022-07-15 21:48:50 +00:00
laurentsimon
3957460c2b
update (#2011) 2022-06-29 10:10:15 -07:00
laurentsimon
4bd3391a36
Raw results for Pinned-Dependencies (#1932) 
* backup

* update

* update

* draft

* updates

* updates

* updates

* updates

* fix

* linter

* updates

* updates

* updates

* updates

* updates

* updates

* updates

* linter

* comments

* linter

* linter

* tests

* updates

* updates

* tests
 2022-06-06 14:31:22 -07:00