ossf/scorecard
1
1
Fork 0
mirror of https://github.com/ossf/scorecard.git synced 2024-09-20 05:27:12 +03:00
Code Issues Actions 1 Packages Projects Releases Wiki Activity
557 Commits 36 Branches 42 Tags 436 MiB
ae33db624e
Commit Graph

8 Commits

Author SHA1 Message Date
laurentsimon
c741335683
[migration to score] 3: branch protection, frozen-deps, token permissions (#719) 
* details-1

* nits

* typo

* commments

* dependabot and binary artifacts checks

* typo

* linter

* missing errors.go

* linter

* merge fix

* branch protection, frozen-deps, token permissions

* linter

* linter
 2021-07-21 09:21:43 -07:00
laurentsimon
4cbb1a6062
Detect python -m pip pkg (#611) 
* commit 1

* fixes

* comments

* comments

* comment and fix

* comments

* add tests

* support double quote + fixes

* fix

* comments
 2021-07-09 00:48:36 +00:00
dependabot[bot]
5dd7f118ae
🌱 Bump github.com/golangci/golangci-lint from 1.40.1 to 1.41.1 (#627) 
Bumps [github.com/golangci/golangci-lint](https://github.com/golangci/golangci-lint) from 1.40.1 to 1.41.1.
- [Release notes](https://github.com/golangci/golangci-lint/releases)
- [Changelog](https://github.com/golangci/golangci-lint/blob/master/CHANGELOG.md)
- [Commits](https://github.com/golangci/golangci-lint/compare/v1.40.1...v1.41.1)

---
updated-dependencies:
- dependency-name: github.com/golangci/golangci-lint
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: Azeem Shaikh <azeems@google.com>
Co-authored-by: Azeem Shaikh <azeemshaikh38@gmail.com>
Co-authored-by: Naveen <172697+naveensrinivasan@users.noreply.github.com>
 2021-06-29 10:26:16 -07:00
laurentsimon
8960533b7b
check insecure downloads in github workflows (#610) 
* draft

* commit 2

* draft

* rem debug code

* typos

* fixes

* fix suffix

* draft

* fixes

* rem deb code

* share the github struct def

* typos

* linter

* linter

* fix

* comments
 2021-06-25 17:30:17 +00:00
laurentsimon
4b1c574420
Check for shell script's insecure download (#606) 
* draft

* commit 2

* debug code

* draft

* draft

* rem debug code

* fix return value

* rename function

* add license

* typos

* fixes

* fix suffix

* comments
 2021-06-24 17:24:14 +00:00
laurentsimon
ece69b2256
Support for package manager's unpinned downloads (#604) 
* comments

* rem debug code

* Unpinned downloads for 'go get' and 'pip install'

* updates

* debug code

* linter

* comments
 2021-06-24 16:06:25 +00:00
laurentsimon
d1d1eb2ecb
Support bash -c "CMD" for docker RUN downloads-then-exec (#600) 
* comments

* rem debug code

* debug cmd left

* linter

* typo

* add TODO

* comments
 2021-06-23 14:09:47 +00:00
laurentsimon
0ca1ace1f2
Check: detect downloads of scripts/binaries in docker's RUN (#584) 
* commit 1

* commit 2

* commit 3

* updates

* linter

* update year

* cleanup

* linter

* fix test files

* linter

* comments
 2021-06-21 18:45:15 +00:00