scorecard

mirror of https://github.com/ossf/scorecard.git synced 2024-11-05 05:17:00 +03:00

Author	SHA1	Message	Date
Azeem Shaikh	afe5b40567	Make RepoClient as default interface for Scorecard (#951 ) Co-authored-by: Azeem Shaikh <azeems@google.com>	2021-09-02 02:32:26 +00:00
Azeem Shaikh	eceb577b84	Add and use RepoClient API for ListStatuses (#949 ) Co-authored-by: Azeem Shaikh <azeems@google.com>	2021-09-01 18:34:58 +00:00
Azeem Shaikh	eb2b3b2185	Add RepoClient API for ListCheckRunsForRef (#948 ) Co-authored-by: Azeem Shaikh <azeems@google.com>	2021-09-01 17:43:53 +00:00
Azeem Shaikh	99b9c91570	Use RepoClient API for Packaging check (#940 ) Co-authored-by: Azeem Shaikh <azeems@google.com>	2021-09-01 01:05:34 +00:00
Azeem Shaikh	d6ba2cd6ac	Fix #890 (#938 ) Co-authored-by: Azeem Shaikh <azeems@google.com>	2021-08-30 20:26:11 -07:00
Azeem Shaikh	e305a94e4f	Use ListReleases API for BranchProtection check (#937 ) Co-authored-by: Azeem Shaikh <azeems@google.com>	2021-08-30 17:52:08 -07:00
Azeem Shaikh	9a1978a051	Use RefUpdateRule in BranchProtection check (#936 ) Co-authored-by: Azeem Shaikh <azeems@google.com>	2021-08-30 23:14:42 +00:00
Azeem Shaikh	d9f5209803	Update test utils (#933 ) Co-authored-by: Azeem Shaikh <azeems@google.com>	2021-08-30 14:12:57 -07:00
Chris McGehee	dbb23450e5	✨ Add line number to unpinned dependency: GitHub workflow "uses" field (#821 ) * Display line number for github workflow "uses" field * Adding test for line numbers * Updating comment * Updating this log message to use SARIF format Co-authored-by: laurentsimon <64505099+laurentsimon@users.noreply.github.com>	2021-08-30 17:03:45 +00:00
Azeem Shaikh	37696aceb3	Create and use MockRepoClient in unit tests (#922 ) Co-authored-by: Azeem Shaikh <azeems@google.com>	2021-08-26 19:48:39 +00:00
laurentsimon	9eb7929ebc	🐛 Address friction logs' comments (#899 ) * fixes * fix * fix * fixes * doc * missing file * fixes * comments * typo	2021-08-25 21:02:23 +00:00
Azeem Shaikh	2d65ab4f0c	Remove ErrRepoUnavailable (#908 ) Co-authored-by: Azeem Shaikh <azeems@google.com>	2021-08-25 09:33:59 -07:00
Azeem Shaikh	8cf95c46e4	Use singleton pattern for OSS-Fuzz (#902 ) Co-authored-by: Azeem Shaikh <azeems@google.com>	2021-08-25 03:28:49 +00:00
Azeem Shaikh	41d0ce38c4	Replace `errors.As` with `Is` (#901 ) Co-authored-by: Azeem Shaikh <azeems@google.com>	2021-08-25 01:03:45 +00:00
Azeem Shaikh	46a655d405	Fixes for Branch Protection (#900 ) Co-authored-by: Azeem Shaikh <azeems@google.com>	2021-08-25 00:04:17 +00:00
laurentsimon	6403eb1382	✨ Transition Packaging, SAST, Security-policy, Signed-releases check to the new structured detail format (#887 ) * move checks to new format * fix * comments * fix * comments	2021-08-24 01:44:06 +00:00
laurentsimon	b731f450b9	✨ Transition Vulnerabilities, Permissions, CI-Tests, Dependency-Update-Tool, Code-Reviews to structured details (#889 ) * move other checks togit add -u * more checks * fixes	2021-08-24 00:54:22 +00:00
laurentsimon	d1de6cf513	support v3 (#883 )	2021-08-23 18:48:29 +00:00
Chris McGehee	c54d77b0d7	🐛 Only validate shell scripts supported by our parser (#862 ) * Only validate shell scripts supported by our parser * Updating tests, code quality Co-authored-by: Abhishek Arya <inferno@chromium.org>	2021-08-19 08:18:45 -07:00
Azeem Shaikh	13ef9dd7e0	Use RepoClient.Search API in SAST check (#857 ) Co-authored-by: Azeem Shaikh <azeems@google.com>	2021-08-16 17:34:10 +00:00
laurentsimon	b3a3f7e217	✨ SARIF 2: add short description to checks.yml (#848 ) * short desc * validate new field * typos * comments * fixed	2021-08-16 15:42:55 +00:00
Azeem Shaikh	42ee430332	Use RepoClient API for Fuzzing (#855 ) Co-authored-by: Azeem Shaikh <azeems@google.com>	2021-08-14 00:34:40 +00:00
Azeem Shaikh	8baaaa4cf8	Use RepoClient API for Contributors check (#854 ) Co-authored-by: Azeem Shaikh <azeems@google.com>	2021-08-13 18:13:43 +00:00
Azeem Shaikh	b7ddc9ac93	Update go-github version for consistency (#852 ) Co-authored-by: Azeem Shaikh <azeems@google.com>	2021-08-13 00:43:22 +00:00
Azeem Shaikh	d4701c4a4e	Delete `Signed-Tags` check from Scorecard (#851 ) Co-authored-by: Azeem Shaikh <azeems@google.com>	2021-08-12 22:26:50 +00:00
Azeem Shaikh	3f9431d08c	Update SignedReleases to use RepoClient API (#844 ) Co-authored-by: Azeem Shaikh <azeems@google.com>	2021-08-12 20:46:06 +00:00
asraa	cc312f2d1d	✨ feature: branch protection without admin token (#823 ) * branch protection without admin permission Signed-off-by: Asra Ali <asraa@google.com> * handle other errors Signed-off-by: Asra Ali <asraa@google.com> * fix lint Signed-off-by: Asra Ali <asraa@google.com> Co-authored-by: Naveen <172697+naveensrinivasan@users.noreply.github.com>	2021-08-12 15:54:28 +00:00
Azeem Shaikh	eeb563be10	Update SAST and CITest with Repoclient API (#842 ) Co-authored-by: Azeem Shaikh <azeems@google.com>	2021-08-12 08:27:48 +10:00
Mark J. Cox	20370f782a	🐛 Look for organisation default .github security.md files in all the locations they are allowed to be in (#837 ) * The default community health files for an organisation can be in one of three places, but the current check only looked in one of them. Expand the check to all three places as per https://docs.github.com/en/communities/setting-up-your-project-for-healthy-contributions/creating-a-default-community-health-file This fixes scorecards failing to pick up the default Apache policy https://github.com/apache/.github/blob/main/.github/SECURITY.md Signed-off-by: Mark J. Cox <mark@awe.com> * Wrap don't use a long line * Follow the hint in the failure and run "gofmt -s" on it	2021-08-11 10:53:04 -07:00
laurentsimon	d821ea27ec	✨ improve token permission (#811 ) * sarif action * update	2021-08-05 17:10:34 +00:00
laurentsimon	e4f3ede843	✨ fix/enhance pinned-dependencies (#806 ) * commit * e2e tests * typo	2021-08-03 23:32:34 +00:00
laurentsimon	b2b37161f3	✨ Improve token permission check (#800 ) * draft * draft 2 * draft3 * fix e2e * comment * comment * check codeql * missing files * comments * nit * update msg * msg * nit * nit * msg * e2e * update doc	2021-08-03 00:56:45 +00:00
Azeem Shaikh	30bb11965a	Update `Packaging` check to use new APIs (#796 ) Co-authored-by: Azeem Shaikh <azeems@google.com>	2021-08-02 17:17:38 +00:00
laurentsimon	1bee125ab3	fix message (#798 )	2021-08-02 16:00:22 +00:00
Azeem Shaikh	6368c25f54	More linter issues (#794 ) Co-authored-by: Azeem Shaikh <azeems@google.com>	2021-08-01 03:42:14 +00:00
Azeem Shaikh	83e9f52501	Enable revive linters which are used in google3 (#793 ) Co-authored-by: Azeem Shaikh <azeems@google.com>	2021-07-31 22:31:34 +00:00
laurentsimon	29594d4294	✨ change signature of FileIfExist and FileContent (#787 ) * draft * add pinning * remove functions * typo * commment * name	2021-07-30 15:09:52 +00:00
laurentsimon	b35cbdcdcf	✨ Make Branch-Protection score more granular (#777 ) * commit * uni tests * full score * typos * update msg * remove function * comments * linter * comments	2021-07-30 01:54:19 +00:00
laurentsimon	c48fe4f9ed	✨ Make Token-Permission check more granular (#773 ) * draft * add tests * add e2e2 tests * typos * typo * fixes * linter * use named value * comments * comment	2021-07-30 00:13:01 +00:00
Azeem Shaikh	1d1e799f84	Add ListCommits and IsArchived API (#772 ) Co-authored-by: Azeem Shaikh <azeems@google.com>	2021-07-29 14:18:58 -07:00
Azeem Shaikh	1e6d99eb20	Remove PullRequest check (#771 ) Co-authored-by: Azeem Shaikh <azeems@google.com>	2021-07-29 20:58:36 +00:00
Azeem Shaikh	59e14eef80	Add validation for checks.yaml (#781 ) Co-authored-by: Azeem Shaikh <azeems@google.com>	2021-07-29 20:29:12 +00:00
Azeem Shaikh	df89767c35	Fix bug in SecurityPolicy (#761 ) Co-authored-by: Azeem Shaikh <azeems@google.com>	2021-07-29 20:09:56 +00:00
laurentsimon	8432a82bc4	✨ Add e2e tests using dedicated repo for pinned-dependencies check (#766 ) * fix * e2e * add e2e test from dedicated repo * e2e update * linter * merge	2021-07-29 11:55:25 -07:00
laurentsimon	578c71b03e	text (#776 )	2021-07-28 15:49:28 -07:00
laurentsimon	24955d62a0	text change (#775 )	2021-07-28 14:34:20 -07:00
evalphobia	a4f7d4b5b4	🐛 Fix panic error when RequiredPullRequestReviews is nil (#768 ) * Fix panic error when RequiredPullRequestReviews is nil * add test	2021-07-28 09:57:26 -04:00
laurentsimon	9edfe2a292	✨ rename Frozen-Deps to Pinned-Dependencies (#765 ) * fix * more tests * e2e * comments * change name * linnter * rename * lint	2021-07-27 16:32:24 -07:00
laurentsimon	b8825d8e34	✨ sast cleanup (#760 ) * cleanup * typo * typos * linter * comments * msg * score * comments	2021-07-27 16:16:44 +00:00
laurentsimon	c044105e33	✨ rename var (#756 ) * rename var * linter	2021-07-26 17:24:34 -07:00

1 2 3 4 5

210 Commits