Azeem Shaikh
afe5b40567
Make RepoClient as default interface for Scorecard ( #951 )
...
Co-authored-by: Azeem Shaikh <azeems@google.com>
2021-09-02 02:32:26 +00:00
flying-cow
1434977ac0
:sparkling: Upgraded to go 1.17
2021-09-01 18:31:44 -04:00
Azeem Shaikh
eceb577b84
Add and use RepoClient API for ListStatuses ( #949 )
...
Co-authored-by: Azeem Shaikh <azeems@google.com>
2021-09-01 18:34:58 +00:00
Azeem Shaikh
eb2b3b2185
Add RepoClient API for ListCheckRunsForRef ( #948 )
...
Co-authored-by: Azeem Shaikh <azeems@google.com>
2021-09-01 17:43:53 +00:00
laurentsimon
8f5e742e20
✨ Improve JSON format ( #934 )
...
* support for verison
* fix
* fix
* linter
* typo
* fix
2021-09-01 17:29:40 +00:00
dependabot[bot]
b5e4c7797b
🌱 Bump distroless/base from 19d927c
to a74f307
( #945 )
...
Bumps distroless/base from `19d927c` to `a74f307`.
---
updated-dependencies:
- dependency-name: distroless/base
dependency-type: direct:production
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Azeem Shaikh <azeemshaikh38@gmail.com>
2021-09-01 10:15:03 -07:00
dependabot[bot]
992775e641
🌱 Bump distroless/base in /cron/webhook ( #946 )
...
Bumps distroless/base from `19d927c` to `a74f307`.
---
updated-dependencies:
- dependency-name: distroless/base
dependency-type: direct:production
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Azeem Shaikh <azeemshaikh38@gmail.com>
2021-09-01 16:26:27 +00:00
dependabot[bot]
dcbf7528a7
🌱 Bump cloud.google.com/go/bigquery from 1.21.0 to 1.22.0 ( #939 )
...
Bumps [cloud.google.com/go/bigquery](https://github.com/googleapis/google-cloud-go ) from 1.21.0 to 1.22.0.
- [Release notes](https://github.com/googleapis/google-cloud-go/releases )
- [Changelog](https://github.com/googleapis/google-cloud-go/blob/master/CHANGES.md )
- [Commits](https://github.com/googleapis/google-cloud-go/compare/spanner/v1.21.0...spanner/v1.22.0 )
---
updated-dependencies:
- dependency-name: cloud.google.com/go/bigquery
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Naveen <172697+naveensrinivasan@users.noreply.github.com>
Co-authored-by: Azeem Shaikh <azeemshaikh38@gmail.com>
2021-09-01 16:14:12 +00:00
Azeem Shaikh
dcbfb3ccd2
Fix syntax bug in CloudBuild YAML ( #947 )
...
Co-authored-by: Azeem Shaikh <azeems@google.com>
2021-09-01 14:35:25 +00:00
Azeem Shaikh
df2acb47e2
Add COMMIT_SHA to Scorecard docker image ( #944 )
...
Co-authored-by: Azeem Shaikh <azeems@google.com>
2021-09-01 13:28:07 +10:00
Azeem Shaikh
d6b601298c
Specify fractions instead of percentage ( #943 )
...
Co-authored-by: Azeem Shaikh <azeems@google.com>
2021-09-01 01:23:07 +00:00
Azeem Shaikh
99b9c91570
Use RepoClient API for Packaging check ( #940 )
...
Co-authored-by: Azeem Shaikh <azeems@google.com>
2021-09-01 01:05:34 +00:00
laurentsimon
bb6e010dc1
✨ Decouple scorecard json from cron json ( #941 )
...
* decouple
* linnter
2021-08-31 15:27:29 -07:00
dependabot[bot]
001ba670bb
🌱 Bump github.com/jszwec/csvutil from 1.5.0 to 1.5.1
...
Bumps [github.com/jszwec/csvutil](https://github.com/jszwec/csvutil ) from 1.5.0 to 1.5.1.
- [Release notes](https://github.com/jszwec/csvutil/releases )
- [Commits](https://github.com/jszwec/csvutil/compare/v1.5.0...v1.5.1 )
---
updated-dependencies:
- dependency-name: github.com/jszwec/csvutil
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
2021-08-31 08:06:06 -04:00
Azeem Shaikh
d6ba2cd6ac
Fix #890 ( #938 )
...
Co-authored-by: Azeem Shaikh <azeems@google.com>
2021-08-30 20:26:11 -07:00
Azeem Shaikh
e305a94e4f
Use ListReleases API for BranchProtection check ( #937 )
...
Co-authored-by: Azeem Shaikh <azeems@google.com>
2021-08-30 17:52:08 -07:00
Azeem Shaikh
9a1978a051
Use RefUpdateRule in BranchProtection check ( #936 )
...
Co-authored-by: Azeem Shaikh <azeems@google.com>
2021-08-30 23:14:42 +00:00
Azeem Shaikh
d9f5209803
Update test utils ( #933 )
...
Co-authored-by: Azeem Shaikh <azeems@google.com>
2021-08-30 14:12:57 -07:00
Chris McGehee
dbb23450e5
✨ Add line number to unpinned dependency: GitHub workflow "uses" field ( #821 )
...
* Display line number for github workflow "uses" field
* Adding test for line numbers
* Updating comment
* Updating this log message to use SARIF format
Co-authored-by: laurentsimon <64505099+laurentsimon@users.noreply.github.com>
2021-08-30 17:03:45 +00:00
Azeem Shaikh
ee6acdd6a6
Syntax bug in k8s file ( #931 )
...
Co-authored-by: Azeem Shaikh <azeems@google.com>
2021-08-30 03:47:04 +00:00
dependabot[bot]
915bad8222
🌱 Bump distroless/base in /cron/worker
...
Bumps distroless/base from `bc84925` to `19d927c`.
---
updated-dependencies:
- dependency-name: distroless/base
dependency-type: direct:production
...
Signed-off-by: dependabot[bot] <support@github.com>
2021-08-29 23:25:01 -04:00
dependabot[bot]
95c2df2faa
🌱 Bump distroless/base from bc84925
to 19d927c
in /cron/bq ( #926 )
...
Bumps distroless/base from `bc84925` to `19d927c`.
---
updated-dependencies:
- dependency-name: distroless/base
dependency-type: direct:production
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Azeem Shaikh <azeemshaikh38@gmail.com>
Co-authored-by: Naveen <172697+naveensrinivasan@users.noreply.github.com>
2021-08-30 02:31:36 +00:00
dependabot[bot]
51016ea8ae
🌱 Bump cloud.google.com/go/pubsub from 1.15.0 to 1.16.0 ( #904 )
...
Bumps [cloud.google.com/go/pubsub](https://github.com/googleapis/google-cloud-go ) from 1.15.0 to 1.16.0.
- [Release notes](https://github.com/googleapis/google-cloud-go/releases )
- [Changelog](https://github.com/googleapis/google-cloud-go/blob/master/CHANGES.md )
- [Commits](https://github.com/googleapis/google-cloud-go/compare/pubsub/v1.15.0...pubsub/v1.16.0 )
---
updated-dependencies:
- dependency-name: cloud.google.com/go/pubsub
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Naveen <172697+naveensrinivasan@users.noreply.github.com>
Co-authored-by: Azeem Shaikh <azeemshaikh38@gmail.com>
2021-08-30 02:00:18 +00:00
Azeem Shaikh
c1edcea194
Use a completion threshold for BQ transfers ( #930 )
...
Co-authored-by: Azeem Shaikh <azeems@google.com>
2021-08-29 18:45:22 -07:00
Naveen
f40fa63826
🌱 Included race flag to tests ( #921 )
...
Included the `-race` flag to tests to detect any race conditions.
Especially now that we are using the `sync` package.
2021-08-27 14:17:14 +00:00
dependabot[bot]
d9b4188d08
🌱 Bump distroless/base in /cron/webhook
...
Bumps distroless/base from `bc84925` to `19d927c`.
---
updated-dependencies:
- dependency-name: distroless/base
dependency-type: direct:production
...
Signed-off-by: dependabot[bot] <support@github.com>
2021-08-27 08:43:15 -05:00
dependabot[bot]
5b74c04e73
🌱 Bump distroless/base in /cron/controller
...
Bumps distroless/base from `bc84925` to `19d927c`.
---
updated-dependencies:
- dependency-name: distroless/base
dependency-type: direct:production
...
Signed-off-by: dependabot[bot] <support@github.com>
2021-08-26 17:27:54 -05:00
Azeem Shaikh
fe54c5131c
Only call GitHub APIs when needed ( #918 )
...
Co-authored-by: Azeem Shaikh <azeems@google.com>
2021-08-26 22:09:41 +00:00
olivekl
c9a617b236
📖 Expand "Motivation" section ( #924 )
...
* Expand "Motivation" section
Add description of the tool; introduce "checks" as a term used throughout documentation
* Update README.md
2021-08-26 20:53:40 +00:00
Azeem Shaikh
37696aceb3
Create and use MockRepoClient in unit tests ( #922 )
...
Co-authored-by: Azeem Shaikh <azeems@google.com>
2021-08-26 19:48:39 +00:00
naveen
50fd921680
🌱 Fix the dependabot settings
2021-08-26 14:29:12 -05:00
dependabot[bot]
f2afdba107
🌱 Bump actions/setup-go from 2.1.3 to 2.1.4
...
Bumps [actions/setup-go](https://github.com/actions/setup-go ) from 2.1.3 to 2.1.4.
- [Release notes](https://github.com/actions/setup-go/releases )
- [Commits](37335c7bb2...331ce1d993
)
---
updated-dependencies:
- dependency-name: actions/setup-go
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
2021-08-26 10:56:13 -05:00
dependabot[bot]
b93f385e7e
🌱 Bump distroless/base from ccbc79c
to 19d927c
...
Bumps distroless/base from `ccbc79c` to `19d927c`.
---
updated-dependencies:
- dependency-name: distroless/base
dependency-type: direct:production
...
Signed-off-by: dependabot[bot] <support@github.com>
2021-08-26 08:08:12 -05:00
laurentsimon
788fd33222
✨ Add JSON unit tests ( #915 )
...
* fix
* typo
* draft
* fixes
* typo
* add validator
* comments
* typo
2021-08-26 01:42:34 +00:00
laurentsimon
e083f04e4c
🐛 Fix date cron issue ( #914 )
...
* fix
* typo
* fix
2021-08-25 23:29:03 +00:00
Azeem Shaikh
d8e49e0dba
Remove unwanted dependencies ( #913 )
...
Co-authored-by: Azeem Shaikh <azeems@google.com>
2021-08-25 21:21:40 +00:00
laurentsimon
9eb7929ebc
🐛 Address friction logs' comments ( #899 )
...
* fixes
* fix
* fix
* fixes
* doc
* missing file
* fixes
* comments
* typo
2021-08-25 21:02:23 +00:00
Azeem Shaikh
1c7c1e3c31
Fix bug in shardNum calculation ( #910 )
...
Co-authored-by: Azeem Shaikh <azeems@google.com>
2021-08-25 19:08:03 +00:00
Azeem Shaikh
2d65ab4f0c
Remove ErrRepoUnavailable ( #908 )
...
Co-authored-by: Azeem Shaikh <azeems@google.com>
2021-08-25 09:33:59 -07:00
Azeem Shaikh
b89808ff8c
Pin protoc by SHA ( #909 )
...
Co-authored-by: Azeem Shaikh <azeems@google.com>
2021-08-25 15:54:10 +00:00
Azeem Shaikh
e73f08e76c
Fix nil ptr dereference ( #907 )
...
Co-authored-by: Azeem Shaikh <azeems@google.com>
Co-authored-by: Naveen <172697+naveensrinivasan@users.noreply.github.com>
2021-08-25 07:09:24 -07:00
Azeem Shaikh
cc30d54db2
Use arduino/setup-protoc
for installing Protoc ( #903 )
...
Co-authored-by: Azeem Shaikh <azeems@google.com>
2021-08-25 09:31:04 -04:00
Azeem Shaikh
8cf95c46e4
Use singleton pattern for OSS-Fuzz ( #902 )
...
Co-authored-by: Azeem Shaikh <azeems@google.com>
2021-08-25 03:28:49 +00:00
Azeem Shaikh
41d0ce38c4
Replace errors.As
with Is
( #901 )
...
Co-authored-by: Azeem Shaikh <azeems@google.com>
2021-08-25 01:03:45 +00:00
Azeem Shaikh
46a655d405
Fixes for Branch Protection ( #900 )
...
Co-authored-by: Azeem Shaikh <azeems@google.com>
2021-08-25 00:04:17 +00:00
dependabot[bot]
7bc2e00589
🌱 Bump peter-evans/find-comment from 1.2.0 to 1.3.0 ( #893 )
...
Bumps [peter-evans/find-comment](https://github.com/peter-evans/find-comment ) from 1.2.0 to 1.3.0.
- [Release notes](https://github.com/peter-evans/find-comment/releases )
- [Commits](309ce798ba...d2dae40ed1
)
---
updated-dependencies:
- dependency-name: peter-evans/find-comment
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Naveen <172697+naveensrinivasan@users.noreply.github.com>
2021-08-24 22:20:22 +00:00
laurentsimon
ad134ac30d
✨ Add hash to results (JSON, SARIF) ( #892 )
...
* add hash to result
* add json file
2021-08-24 16:50:47 +00:00
laurentsimon
6403eb1382
✨ Transition Packaging, SAST, Security-policy, Signed-releases check to the new structured detail format ( #887 )
...
* move checks to new format
* fix
* comments
* fix
* comments
2021-08-24 01:44:06 +00:00
laurentsimon
b731f450b9
✨ Transition Vulnerabilities, Permissions, CI-Tests, Dependency-Update-Tool, Code-Reviews to structured details ( #889 )
...
* move other checks togit add -u
* more checks
* fixes
2021-08-24 00:54:22 +00:00
Meder Kydyraliev
27c5821764
Update README.md ( #888 )
2021-08-24 00:12:03 +00:00