* undo pat scope doc change
Signed-off-by: Spencer Schrock <sschrock@google.com>
* add Go resources
some contributors may be unfamiliar with the language
Signed-off-by: Spencer Schrock <sschrock@google.com>
---------
Signed-off-by: Spencer Schrock <sschrock@google.com>
* feature dco requirement more prominently
Signed-off-by: Spencer Schrock <sschrock@google.com>
* recommend merge commits to sync PR
Signed-off-by: Spencer Schrock <sschrock@google.com>
* fix make target table
Signed-off-by: Spencer Schrock <sschrock@google.com>
* remove references to old Go environment variables
GO111MODULE is no longer used as of Go 1.17.
GOPATH is still used for other purposes, but not in 'development mode'.
https://go.dev/wiki/GOPATH
Signed-off-by: Spencer Schrock <sschrock@google.com>
* misc minor clarifications
Signed-off-by: Spencer Schrock <sschrock@google.com>
* remove reference to errors from CONTRIBUTORS.md
I don't think this is one of the top things we should be displaying to someone
Signed-off-by: Spencer Schrock <sschrock@google.com>
* mention make in environment
Signed-off-by: Spencer Schrock <sschrock@google.com>
* no scopes needed for PATs
Signed-off-by: Spencer Schrock <sschrock@google.com>
* highlight other scorecard options
Signed-off-by: Spencer Schrock <sschrock@google.com>
* allow shell codeblocks to be pasted into a shell
the comment style was wrong and the $ was interpretted as a command.
Signed-off-by: Spencer Schrock <sschrock@google.com>
---------
Signed-off-by: Spencer Schrock <sschrock@google.com>
* 📖 Add documentation about probes and contributing
Signed-off-by: Adam Korczynski <adam@adalogics.com>
* change 'subdirectory' to 'directory'
Signed-off-by: Adam Korczynski <adam@adalogics.com>
* fix 'golangci' typo
Signed-off-by: Adam Korczynski <adam@adalogics.com>
* Added 'make fix-linter' to Makefile
Signed-off-by: Adam Korczynski <adam@adalogics.com>
* Move commands to their own table
Signed-off-by: Adam Korczynski <adam@adalogics.com>
* change 'problem' to 'supply-chain security risk'
Signed-off-by: Adam Korczynski <adam@adalogics.com>
* Add sentence about what a finding is
Signed-off-by: Adam Korczynski <adam@adalogics.com>
* remove sentence about running make rule locally
Signed-off-by: Adam Korczynski <adam@adalogics.com>
* change 'supply-chain security risk' to 'heuristic'
Signed-off-by: Adam Korczynski <adam@adalogics.com>
* Modify text on where to set remediation data
Signed-off-by: Adam Korczynski <adam@adalogics.com>
* Add example
Signed-off-by: Adam Korczynski <adam@adalogics.com>
* add line about discussing changes to the score in a GitHub issue
Signed-off-by: Adam Korczynski <adam@adalogics.com>
---------
Signed-off-by: Adam Korczynski <adam@adalogics.com>
* upgrade go.mod to 1.21
Signed-off-by: Spencer Schrock <sschrock@google.com>
* use slices from stdlib
Signed-off-by: Spencer Schrock <sschrock@google.com>
* use max/min builtins
Signed-off-by: Spencer Schrock <sschrock@google.com>
* multierrors
possibly spin this off into its own PR
Signed-off-by: Spencer Schrock <sschrock@google.com>
* dont call rand.Seed
As of Go 1.20, the generator is seeded randomly at startup.
https://pkg.go.dev/math/rand#Seed
Signed-off-by: Spencer Schrock <sschrock@google.com>
* update minimum Go version in documentation
Signed-off-by: Spencer Schrock <sschrock@google.com>
---------
Signed-off-by: Spencer Schrock <sschrock@google.com>
* Bump dockerfiles to 1.21
* Go minimum version should match our go.mod
* Bump GitHub action go version to 1.21 and ensure all workflows use env variable.
---------
Signed-off-by: Spencer Schrock <sschrock@google.com>
* Change docs on how to run and debug locally
Signed-off-by: Gabriela Gutierrez <gabigutierrez@google.com>
* Remove docs section on debug Go lang
Signed-off-by: Gabriela Gutierrez <gabigutierrez@google.com>
Signed-off-by: Gabriela Gutierrez <gabigutierrez@google.com>
* updated makefile to include unit-test and unit-test-attestor and contributing doc to include e2e-pat
Signed-off-by: Dave Banerjee <dave.banerjee@ibm.com>
* updated docs
Signed-off-by: Dave Banerjee <dave.banerjee@ibm.com>
Signed-off-by: Dave Banerjee <dave.banerjee@ibm.com>
Co-authored-by: Dave Banerjee <Dave.Banerjee@ibm.com>
Fix link to projects.csv in README.md
Remove out of date info on daily cron job from CONTRIBUTING.md and fix
various links.
Signed-off-by: Arnaud J Le Hors <lehors@us.ibm.com>
Co-authored-by: Azeem Shaikh <azeemshaikh38@gmail.com>
The `CONTRIBUTING.md` documentation was obsolete when discussing
documentation updates. It gave the wrong location for `checks.yaml`,
wrong command to update `checks.md`, and failed to note that some
documentation wasn't in `checks.yaml`.
This commit updates the docs-about-docs so it's hopefully
correct again :-).
Signed-off-by: David A. Wheeler <dwheeler@dwheeler.com>
Co-authored-by: Abhishek Arya <inferno@chromium.org>
* Fix lint issues: whitespace linter
* Fix lint issues: wrapcheck linter
* Fix lint issues: errcheck linter
* Fix lint issues: paralleltest linter
* Fix lint issues: gocritic linter
Most changes from this commit are from passing checker.CheckResult by reference and not by value. gocritic identified that as a huge parameter.
gocritic also prefers regexp.MustCompile over Compile when the pattern is a const
Validated the presence of the GITHU_AUTH_TOKEN variable presence before running the e2e.
Update the contributing doc with scopes of the personal access token.
Updated the workflow to include the e2e tests.
* Updated the contributing guidelines with Environment Setup,
Contributing steps, How to build scorecard locally, What to do before
submitting a pull request and Where the CI Tests are configured.
Signed-off-by: naveen <172697+naveensrinivasan@users.noreply.github.com>