ossf/scorecard
1
1
Fork 0
mirror of https://github.com/ossf/scorecard.git synced 2024-09-19 04:57:14 +03:00
Code Issues Actions 2 Packages Projects Releases Wiki Activity
724 Commits 36 Branches 42 Tags 436 MiB
afe5b40567
Commit Graph

724 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Azeem Shaikh
afe5b40567
Make RepoClient as default interface for Scorecard (#951) 
Co-authored-by: Azeem Shaikh <azeems@google.com>
 2021-09-02 02:32:26 +00:00
flying-cow
1434977ac0 :sparkling: Upgraded to go 1.17 2021-09-01 18:31:44 -04:00
Azeem Shaikh
eceb577b84
Add and use RepoClient API for ListStatuses (#949) 
Co-authored-by: Azeem Shaikh <azeems@google.com>
 2021-09-01 18:34:58 +00:00
Azeem Shaikh
eb2b3b2185
Add RepoClient API for ListCheckRunsForRef (#948) 
Co-authored-by: Azeem Shaikh <azeems@google.com>
 2021-09-01 17:43:53 +00:00
laurentsimon
8f5e742e20
Improve JSON format (#934) 
* support for verison

* fix

* fix

* linter

* typo

* fix
 2021-09-01 17:29:40 +00:00
dependabot[bot]
b5e4c7797b
🌱 Bump distroless/base from 19d927c to a74f307 (#945) 
Bumps distroless/base from `19d927c` to `a74f307`.

---
updated-dependencies:
- dependency-name: distroless/base
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Azeem Shaikh <azeemshaikh38@gmail.com>
 2021-09-01 10:15:03 -07:00
dependabot[bot]
992775e641
🌱 Bump distroless/base in /cron/webhook (#946) 
Bumps distroless/base from `19d927c` to `a74f307`.

---
updated-dependencies:
- dependency-name: distroless/base
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Azeem Shaikh <azeemshaikh38@gmail.com>
 2021-09-01 16:26:27 +00:00
dependabot[bot]
dcbf7528a7
🌱 Bump cloud.google.com/go/bigquery from 1.21.0 to 1.22.0 (#939) 
Bumps [cloud.google.com/go/bigquery](https://github.com/googleapis/google-cloud-go) from 1.21.0 to 1.22.0.
- [Release notes](https://github.com/googleapis/google-cloud-go/releases)
- [Changelog](https://github.com/googleapis/google-cloud-go/blob/master/CHANGES.md)
- [Commits](https://github.com/googleapis/google-cloud-go/compare/spanner/v1.21.0...spanner/v1.22.0)

---
updated-dependencies:
- dependency-name: cloud.google.com/go/bigquery
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Naveen <172697+naveensrinivasan@users.noreply.github.com>
Co-authored-by: Azeem Shaikh <azeemshaikh38@gmail.com>
 2021-09-01 16:14:12 +00:00
Azeem Shaikh
dcbfb3ccd2
Fix syntax bug in CloudBuild YAML (#947) 
Co-authored-by: Azeem Shaikh <azeems@google.com>
 2021-09-01 14:35:25 +00:00
Azeem Shaikh
df2acb47e2
Add COMMIT_SHA to Scorecard docker image (#944) 
Co-authored-by: Azeem Shaikh <azeems@google.com>
 2021-09-01 13:28:07 +10:00
Azeem Shaikh
d6b601298c
Specify fractions instead of percentage (#943) 
Co-authored-by: Azeem Shaikh <azeems@google.com>
 2021-09-01 01:23:07 +00:00
Azeem Shaikh
99b9c91570
Use RepoClient API for Packaging check (#940) 
Co-authored-by: Azeem Shaikh <azeems@google.com>
 2021-09-01 01:05:34 +00:00
laurentsimon
bb6e010dc1
Decouple scorecard json from cron json (#941) 
* decouple

* linnter
 2021-08-31 15:27:29 -07:00
dependabot[bot]
001ba670bb 🌱 Bump github.com/jszwec/csvutil from 1.5.0 to 1.5.1 
Bumps [github.com/jszwec/csvutil](https://github.com/jszwec/csvutil) from 1.5.0 to 1.5.1.
- [Release notes](https://github.com/jszwec/csvutil/releases)
- [Commits](https://github.com/jszwec/csvutil/compare/v1.5.0...v1.5.1)

---
updated-dependencies:
- dependency-name: github.com/jszwec/csvutil
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2021-08-31 08:06:06 -04:00
Azeem Shaikh
d6ba2cd6ac
Fix #890 (#938) 
Co-authored-by: Azeem Shaikh <azeems@google.com>
 2021-08-30 20:26:11 -07:00
Azeem Shaikh
e305a94e4f
Use ListReleases API for BranchProtection check (#937) 
Co-authored-by: Azeem Shaikh <azeems@google.com>
 2021-08-30 17:52:08 -07:00
Azeem Shaikh
9a1978a051
Use RefUpdateRule in BranchProtection check (#936) 
Co-authored-by: Azeem Shaikh <azeems@google.com>
 2021-08-30 23:14:42 +00:00
Azeem Shaikh
d9f5209803
Update test utils (#933) 
Co-authored-by: Azeem Shaikh <azeems@google.com>
 2021-08-30 14:12:57 -07:00
Chris McGehee
dbb23450e5
Add line number to unpinned dependency: GitHub workflow "uses" field (#821) 
* Display line number for github workflow "uses" field

* Adding test for line numbers

* Updating comment

* Updating this log message to use SARIF format

Co-authored-by: laurentsimon <64505099+laurentsimon@users.noreply.github.com>
 2021-08-30 17:03:45 +00:00
Azeem Shaikh
ee6acdd6a6
Syntax bug in k8s file (#931) 
Co-authored-by: Azeem Shaikh <azeems@google.com>
 2021-08-30 03:47:04 +00:00
dependabot[bot]
915bad8222 🌱 Bump distroless/base in /cron/worker 
Bumps distroless/base from `bc84925` to `19d927c`.

---
updated-dependencies:
- dependency-name: distroless/base
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
 2021-08-29 23:25:01 -04:00
dependabot[bot]
95c2df2faa
🌱 Bump distroless/base from bc84925 to 19d927c in /cron/bq (#926) 
Bumps distroless/base from `bc84925` to `19d927c`.

---
updated-dependencies:
- dependency-name: distroless/base
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Azeem Shaikh <azeemshaikh38@gmail.com>
Co-authored-by: Naveen <172697+naveensrinivasan@users.noreply.github.com>
 2021-08-30 02:31:36 +00:00
dependabot[bot]
51016ea8ae
🌱 Bump cloud.google.com/go/pubsub from 1.15.0 to 1.16.0 (#904) 
Bumps [cloud.google.com/go/pubsub](https://github.com/googleapis/google-cloud-go) from 1.15.0 to 1.16.0.
- [Release notes](https://github.com/googleapis/google-cloud-go/releases)
- [Changelog](https://github.com/googleapis/google-cloud-go/blob/master/CHANGES.md)
- [Commits](https://github.com/googleapis/google-cloud-go/compare/pubsub/v1.15.0...pubsub/v1.16.0)

---
updated-dependencies:
- dependency-name: cloud.google.com/go/pubsub
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Naveen <172697+naveensrinivasan@users.noreply.github.com>
Co-authored-by: Azeem Shaikh <azeemshaikh38@gmail.com>
 2021-08-30 02:00:18 +00:00
Azeem Shaikh
c1edcea194
Use a completion threshold for BQ transfers (#930) 
Co-authored-by: Azeem Shaikh <azeems@google.com>
 2021-08-29 18:45:22 -07:00
Naveen
f40fa63826
🌱 Included race flag to tests (#921) 
Included the `-race` flag to tests to detect any race conditions.
Especially now that we are using the `sync` package.
 2021-08-27 14:17:14 +00:00
dependabot[bot]
d9b4188d08 🌱 Bump distroless/base in /cron/webhook 
Bumps distroless/base from `bc84925` to `19d927c`.

---
updated-dependencies:
- dependency-name: distroless/base
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
 2021-08-27 08:43:15 -05:00
dependabot[bot]
5b74c04e73 🌱 Bump distroless/base in /cron/controller 
Bumps distroless/base from `bc84925` to `19d927c`.

---
updated-dependencies:
- dependency-name: distroless/base
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
 2021-08-26 17:27:54 -05:00
Azeem Shaikh
fe54c5131c
Only call GitHub APIs when needed (#918) 
Co-authored-by: Azeem Shaikh <azeems@google.com>
 2021-08-26 22:09:41 +00:00
olivekl
c9a617b236
📖 Expand "Motivation" section (#924) 
* Expand "Motivation" section

Add description of the tool; introduce "checks" as a term used throughout documentation

* Update README.md
 2021-08-26 20:53:40 +00:00
Azeem Shaikh
37696aceb3
Create and use MockRepoClient in unit tests (#922) 
Co-authored-by: Azeem Shaikh <azeems@google.com>
 2021-08-26 19:48:39 +00:00
naveen
50fd921680 🌱 Fix the dependabot settings 2021-08-26 14:29:12 -05:00
dependabot[bot]
f2afdba107 🌱 Bump actions/setup-go from 2.1.3 to 2.1.4 
Bumps [actions/setup-go](https://github.com/actions/setup-go) from 2.1.3 to 2.1.4.
- [Release notes](https://github.com/actions/setup-go/releases)
- [Commits](37335c7bb2...331ce1d993)

---
updated-dependencies:
- dependency-name: actions/setup-go
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2021-08-26 10:56:13 -05:00
dependabot[bot]
b93f385e7e 🌱 Bump distroless/base from ccbc79c to 19d927c 
Bumps distroless/base from `ccbc79c` to `19d927c`.

---
updated-dependencies:
- dependency-name: distroless/base
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
 2021-08-26 08:08:12 -05:00
laurentsimon
788fd33222
Add JSON unit tests (#915) 
* fix

* typo

* draft

* fixes

* typo

* add validator

* comments

* typo
 2021-08-26 01:42:34 +00:00
laurentsimon
e083f04e4c
🐛 Fix date cron issue (#914) 
* fix

* typo

* fix
 2021-08-25 23:29:03 +00:00
Azeem Shaikh
d8e49e0dba
Remove unwanted dependencies (#913) 
Co-authored-by: Azeem Shaikh <azeems@google.com>
 2021-08-25 21:21:40 +00:00
laurentsimon
9eb7929ebc
🐛 Address friction logs' comments (#899) 
* fixes

* fix

* fix

* fixes

* doc

* missing file

* fixes

* comments

* typo
 2021-08-25 21:02:23 +00:00
Azeem Shaikh
1c7c1e3c31
Fix bug in shardNum calculation (#910) 
Co-authored-by: Azeem Shaikh <azeems@google.com>
 2021-08-25 19:08:03 +00:00
Azeem Shaikh
2d65ab4f0c
Remove ErrRepoUnavailable (#908) 
Co-authored-by: Azeem Shaikh <azeems@google.com>
 2021-08-25 09:33:59 -07:00
Azeem Shaikh
b89808ff8c
Pin protoc by SHA (#909) 
Co-authored-by: Azeem Shaikh <azeems@google.com>
 2021-08-25 15:54:10 +00:00
Azeem Shaikh
e73f08e76c
Fix nil ptr dereference (#907) 
Co-authored-by: Azeem Shaikh <azeems@google.com>
Co-authored-by: Naveen <172697+naveensrinivasan@users.noreply.github.com>
 2021-08-25 07:09:24 -07:00
Azeem Shaikh
cc30d54db2
Use arduino/setup-protoc for installing Protoc (#903) 
Co-authored-by: Azeem Shaikh <azeems@google.com>
 2021-08-25 09:31:04 -04:00
Azeem Shaikh
8cf95c46e4
Use singleton pattern for OSS-Fuzz (#902) 
Co-authored-by: Azeem Shaikh <azeems@google.com>
 2021-08-25 03:28:49 +00:00
Azeem Shaikh
41d0ce38c4
Replace errors.As with Is (#901) 
Co-authored-by: Azeem Shaikh <azeems@google.com>
 2021-08-25 01:03:45 +00:00
Azeem Shaikh
46a655d405
Fixes for Branch Protection (#900) 
Co-authored-by: Azeem Shaikh <azeems@google.com>
 2021-08-25 00:04:17 +00:00
dependabot[bot]
7bc2e00589
🌱 Bump peter-evans/find-comment from 1.2.0 to 1.3.0 (#893) 
Bumps [peter-evans/find-comment](https://github.com/peter-evans/find-comment) from 1.2.0 to 1.3.0.
- [Release notes](https://github.com/peter-evans/find-comment/releases)
- [Commits](309ce798ba...d2dae40ed1)

---
updated-dependencies:
- dependency-name: peter-evans/find-comment
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Naveen <172697+naveensrinivasan@users.noreply.github.com>
 2021-08-24 22:20:22 +00:00
laurentsimon
ad134ac30d
Add hash to results (JSON, SARIF) (#892) 
* add hash to result

* add json file
 2021-08-24 16:50:47 +00:00
laurentsimon
6403eb1382
Transition Packaging, SAST, Security-policy, Signed-releases check to the new structured detail format (#887) 
* move checks to new format

* fix

* comments

* fix

* comments
 2021-08-24 01:44:06 +00:00
laurentsimon
b731f450b9
Transition Vulnerabilities, Permissions, CI-Tests, Dependency-Update-Tool, Code-Reviews to structured details (#889) 
* move other checks togit add -u

* more checks

* fixes
 2021-08-24 00:54:22 +00:00
Meder Kydyraliev
27c5821764
Update README.md (#888) 2021-08-24 00:12:03 +00:00