naveen
6f2a0f43f4
Fix - Output path for the test runs
2021-02-25 15:59:39 -05:00
naveen
a7174d8ad7
Feature - Include e2e tests for docker
...
Included e2e tests for docker.
Included .Dockerignore to ignore files.
Included Docker build in the Makefile.
2021-02-25 11:02:45 -05:00
naveen
cab29a2747
Feat- Use cloud buckets for caching
...
Use cloud buckets for httpcache.
The implementation uses https://github.com/google/go-cloud for it to be
cloud vendor agnostic.
2021-02-24 11:17:50 -05:00
naveen
586e3d60be
Doc - Update README with the TOC
...
Updated the README with TOC and included instructions for docker usage.
2021-02-23 10:47:44 -05:00
Naveen
79170187a2
Feat- Included dependabot for docker ( #213 )
2021-02-23 07:34:12 -08:00
naveen
7726ca7987
Feature - Include metadata in the results
...
Included metadata that can be passed an argument to the command line.
The same metadata will returned the `json` results.
2021-02-22 19:23:46 -05:00
naveen
9510d3e0d7
Fix - default disk cache size
...
The default disk cache size is 100mb. Changed the default disk cache to
10gb.
2021-02-22 18:19:56 -05:00
Naveen
db81680172
Feat-Implement httpcache middleware for GitHub API ( #203 )
...
The GitHub API supports conditional requests
https://docs.github.com/en/rest/overview/resources-in-the-rest-api#conditional-requests
https://github.com/google/go-github supports Conditional requests
https://github.com/google/go-github#conditional-requests
As we are scaling more and more projects this would add a lot of value.
Initial run fetches information using `httpcache` as a middleware,
which caches the HTTP response initially in a large disk (PVC),
probably move to Redis later as a cache instead of disk.
Subsequent `cron runs` will utilize the `httpcache` for checking content modification and
load it from the cache if it isn't modified, which reduces the hitting the
Rate Limit of the GitHub API.
2021-02-22 17:18:28 +00:00
Naveen
66af8d8235
Doc - Update contributing to reflect changes ( #208 )
2021-02-21 16:18:03 -08:00
Naveen
e0a02567fb
Fix - Cleanup the makefile targets ( #207 )
2021-02-21 23:35:39 +00:00
naveen
5018c5012c
Fix - GitHub bot message URL for ok-to-test
...
Fixed the incorrect URL to the ok-to-test bot message
2021-02-19 14:04:24 -05:00
naveen
9c4a4596ed
Testing - Slash command
2021-02-19 14:04:24 -05:00
dependabot[bot]
030ab1dbc5
Bump peter-evans/slash-command-dispatch from v1 to v2.1.3
...
Bumps [peter-evans/slash-command-dispatch](https://github.com/peter-evans/slash-command-dispatch ) from v1 to v2.1.3.
- [Release notes](https://github.com/peter-evans/slash-command-dispatch/releases )
- [Commits](https://github.com/peter-evans/slash-command-dispatch/compare/v1...72ab5a2e417e454aa8e89c43b28e36fe331e00a5 )
Signed-off-by: dependabot[bot] <support@github.com>
2021-02-19 08:28:45 -05:00
Edoardo Tenani
efd18c84a1
roundtripper: ignore gosec G101 error
...
As per issue #172 this is not an issue, as there is no real GitHub token
in the constant.
2021-02-19 08:23:57 -05:00
naveen
1e93904a66
Fix - Remove the app reference for the slash token
2021-02-18 16:14:12 -05:00
naveen
9b4b8be7e0
Feature - ok-to-test in github action
2021-02-18 15:45:55 -05:00
naveen
e94e53965e
Fix - Changes to reflect the scorecard score
...
The score of the scorecard is improving with signed-release and updating
the tests to reflect that.
2021-02-17 20:40:58 -05:00
nathannaveen
1a00062a09
Fix - golangci issues gomnd, goconst
...
Fixed the golangci issues for gomnd and goconst.
Added ginkgo dependency in the makefile.
2021-02-17 18:22:18 -05:00
Nathan
554ca76bfe
Fix - golangci issues gomnd, goconst
...
Fixed the golangci issues for gomnd and goconst.
Added ginkgo dependency in the makefile.
2021-02-17 18:22:18 -05:00
naveen
f906f3f568
Feature - sign releases
2021-02-17 17:53:41 -05:00
naveen
f57080098c
Doc - Updates to README and CONTRIBUTING
2021-02-16 17:00:36 -05:00
naveen
ef4c8d0758
Fix - refactor the lint in the actions
2021-02-16 15:59:50 -05:00
Dan Lorenc
5958a04192
Slow down to every few days.
2021-02-16 14:48:31 -05:00
naveen
51f017b206
Fix - ignore empty github token
2021-02-16 14:35:22 -05:00
naveen
db7bfcf342
Fix - golanglint-ci report only new issues
2021-02-16 14:23:03 -05:00
naveen
ce8e1e79ea
Feature - Include additional linters for golangci
...
Included additional linters for golangci. The new linters would be
reported existing issues.
2021-02-16 14:06:59 -05:00
naveen
7a713e5b43
Feature - Serve json response in http
...
If the "Content-Type"== "application/json" then serve json response
2021-02-16 11:26:09 -05:00
dependabot[bot]
64660915d6
Bump golangci/golangci-lint-action from v2 to v2.4.0
...
Bumps [golangci/golangci-lint-action](https://github.com/golangci/golangci-lint-action ) from v2 to v2.4.0.
- [Release notes](https://github.com/golangci/golangci-lint-action/releases )
- [Commits](https://github.com/golangci/golangci-lint-action/compare/v2...544d2efb307b3f205f34886f2787046abe7fb26e )
Signed-off-by: dependabot[bot] <support@github.com>
2021-02-15 08:48:59 -05:00
Abhishek Arya
5fcaa98d6f
Add top 200 for all langs from criticality score repo. ( #181 )
...
From https://github.com/ossf/criticality_score#public-data
and combine with existing projects list.
2021-02-14 16:39:16 -05:00
naveen
b20e33c24b
Fix - go build to static binaries
2021-02-14 15:01:41 -05:00
Abhishek Arya
fc251d9d42
Add security policy to e2e test.
2021-02-14 12:50:24 -05:00
naveen
af2132e927
Fix- e2e tests to include the executable
...
Included e2e tests for the executable with JSON
2021-02-14 11:46:17 -05:00
Naveen
30d69310c6
Fix - Organization checks for members ( #170 )
...
* Fix - Organization checks for members
* Fix - Turn off automatic releasenotes generation
Turn off automatic release notes for CII https://bestpractices.coreinfrastructure.org/
* Fix - Organization checks for members
2021-02-14 10:46:14 -05:00
naveen
70ff5a94ce
Fix - Turn off automatic releasenotes generation
...
Turn off automatic release notes for CII https://bestpractices.coreinfrastructure.org/
2021-02-14 10:31:35 -05:00
Abhishek Arya
7336fa167a
Add SECURITY.md
...
Based on template from Anne.
Fixes https://github.com/ossf/scorecard/issues/165
2021-02-13 14:53:06 -05:00
naveen
4bdc158018
Fix - packging workflow for docker push
2021-02-12 21:16:44 -05:00
Naveen
c77e995ae5
Fix - output message for non default output ( #167 )
...
The json output had non-json output. Fixed it output only for default
output.
2021-02-12 18:13:54 -08:00
naveen
cb7ee064b9
Feature - container scanning for scorecard
2021-02-12 17:01:58 -05:00
Abhishek Arya
ad7cc4a951
Add colon before sha.
2021-02-12 14:26:54 -05:00
naveen
2ad8b35b91
Fixes - verifiedtag checks
...
The reason the tags aren't working for certain repositories is that because the Lightweight Tags
vs Annotated Tags
>Basically, lightweight tags are just pointers to specific commits. No further information is saved;
on the other hand, annotated tags are regular objects, which have an author and a
date and can be referred because they have their own SHA key.
https://api.github.com/repos/ossf/scorecard/git/refs/tags
```
[
{
"ref": "refs/tags/v1.0.0",
"node_id": "MDM6UmVmMzAyNjcwNzk3OnJlZnMvdGFncy92MS4wLjA=",
"url": "https://api.github.com/repos/ossf/scorecard/git/refs/tags/v1.0.0 ",
"object": {
"sha": "87997ffb5724cb479223a08a2890c60b0ea4bfbd",
"type": "commit",
"url": "87997ffb57
"
}
},
{
"ref": "refs/tags/v1.1.0",
"node_id": "MDM6UmVmMzAyNjcwNzk3OnJlZnMvdGFncy92MS4xLjA=",
"url": "https://api.github.com/repos/ossf/scorecard/git/refs/tags/v1.1.0 ",
"object": {
"sha": "f2c633854602cf0c8f33164a169fb0a8454bee01",
"type": "tag",
"url": "f2c6338546
"
}
}
]
```
Annotated tags
https://api.github.com/repos/kubernetes/kubernetes/git/refs/tags
```
[
{
"ref": "refs/tags/v0.2",
"node_id": "MDM6UmVmMjA1ODA0OTg6cmVmcy90YWdzL3YwLjI=",
"url": "https://api.github.com/repos/kubernetes/kubernetes/git/refs/tags/v0.2 ",
"object": {
"sha": "64dbf9ae21dd0deb485f88b79b96eb35ca855138",
"type": "tag",
"url": "64dbf9ae21
"
}
}
]
```
The look for the tag fails because of there isn't a tag object but only a commit object.
87997ffb57
fixes #107
2021-02-12 14:26:54 -05:00
Naveen
ca1d6e85f0
Doc - Update README with the docker image ( #163 )
2021-02-11 15:27:16 -08:00
naveen
0b85e7e2e8
Fix - docker latest image
2021-02-11 16:32:07 -05:00
dependabot[bot]
2c23a47857
Bump github.com/spf13/cobra from 1.1.2 to 1.1.3
...
Bumps [github.com/spf13/cobra](https://github.com/spf13/cobra ) from 1.1.2 to 1.1.3.
- [Release notes](https://github.com/spf13/cobra/releases )
- [Changelog](https://github.com/spf13/cobra/blob/master/CHANGELOG.md )
- [Commits](https://github.com/spf13/cobra/compare/v1.1.2...v1.1.3 )
Signed-off-by: dependabot[bot] <support@github.com>
2021-02-11 11:15:34 -05:00
James Pether Sörling
127fda75ff
Update projects.txt ( #151 )
...
Add 3 projects by https://github.com/Hack23
Co-authored-by: Naveen <172697+naveensrinivasan@users.noreply.github.com>
Co-authored-by: dlorenc <lorenc.d@gmail.com>
2021-02-10 21:08:11 +00:00
naveen
6dd3698be8
Fix - Fixes the e2e tests for PR's
2021-02-10 16:07:03 -05:00
dependabot[bot]
7ef0cf9c55
Bump github.com/spf13/cobra from 1.1.1 to 1.1.2 ( #154 )
...
Bumps [github.com/spf13/cobra](https://github.com/spf13/cobra ) from 1.1.1 to 1.1.2.
- [Release notes](https://github.com/spf13/cobra/releases )
- [Changelog](https://github.com/spf13/cobra/blob/master/CHANGELOG.md )
- [Commits](https://github.com/spf13/cobra/compare/v1.1.1...v1.1.2 )
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2021-02-09 22:58:55 -08:00
naveen
7e158f80e5
Docker releases to GitHub Docker registry
...
This will release docker container to GitHub docker registry.
2021-02-09 10:54:01 -05:00
naveen
7ab314db7d
Fix - dependabot githubactions location
2021-02-06 14:22:06 -05:00
naveen
bcf8d0df92
Fix - dependabot yaml error
2021-02-06 12:49:11 -05:00
naveen
4ad4a4204b
Feature - enabled dependabot for githubactions
2021-02-06 12:33:46 -05:00