scorecard

mirror of https://github.com/ossf/scorecard.git synced 2024-09-19 13:07:17 +03:00

Author	SHA1	Message	Date
naveen	6f2a0f43f4	Fix - Output path for the test runs	2021-02-25 15:59:39 -05:00
naveen	a7174d8ad7	Feature - Include e2e tests for docker Included e2e tests for docker. Included .Dockerignore to ignore files. Included Docker build in the Makefile.	2021-02-25 11:02:45 -05:00
naveen	cab29a2747	Feat- Use cloud buckets for caching Use cloud buckets for httpcache. The implementation uses https://github.com/google/go-cloud for it to be cloud vendor agnostic.	2021-02-24 11:17:50 -05:00
naveen	586e3d60be	Doc - Update README with the TOC Updated the README with TOC and included instructions for docker usage.	2021-02-23 10:47:44 -05:00
Naveen	79170187a2	Feat- Included dependabot for docker (#213 )	2021-02-23 07:34:12 -08:00
naveen	7726ca7987	Feature - Include metadata in the results Included metadata that can be passed an argument to the command line. The same metadata will returned the `json` results.	2021-02-22 19:23:46 -05:00
naveen	9510d3e0d7	Fix - default disk cache size The default disk cache size is 100mb. Changed the default disk cache to 10gb.	2021-02-22 18:19:56 -05:00
Naveen	db81680172	Feat-Implement httpcache middleware for GitHub API (#203 ) The GitHub API supports conditional requests https://docs.github.com/en/rest/overview/resources-in-the-rest-api#conditional-requests https://github.com/google/go-github supports Conditional requests https://github.com/google/go-github#conditional-requests As we are scaling more and more projects this would add a lot of value. Initial run fetches information using `httpcache` as a middleware, which caches the HTTP response initially in a large disk (PVC), probably move to Redis later as a cache instead of disk. Subsequent `cron runs` will utilize the `httpcache` for checking content modification and load it from the cache if it isn't modified, which reduces the hitting the Rate Limit of the GitHub API.	2021-02-22 17:18:28 +00:00
Naveen	66af8d8235	Doc - Update contributing to reflect changes (#208 )	2021-02-21 16:18:03 -08:00
Naveen	e0a02567fb	Fix - Cleanup the makefile targets (#207 )	2021-02-21 23:35:39 +00:00
naveen	5018c5012c	Fix - GitHub bot message URL for ok-to-test Fixed the incorrect URL to the ok-to-test bot message	2021-02-19 14:04:24 -05:00
naveen	9c4a4596ed	Testing - Slash command	2021-02-19 14:04:24 -05:00
dependabot[bot]	030ab1dbc5	Bump peter-evans/slash-command-dispatch from v1 to v2.1.3 Bumps [peter-evans/slash-command-dispatch](https://github.com/peter-evans/slash-command-dispatch) from v1 to v2.1.3. - [Release notes](https://github.com/peter-evans/slash-command-dispatch/releases) - [Commits](https://github.com/peter-evans/slash-command-dispatch/compare/v1...72ab5a2e417e454aa8e89c43b28e36fe331e00a5) Signed-off-by: dependabot[bot] <support@github.com>	2021-02-19 08:28:45 -05:00
Edoardo Tenani	efd18c84a1	roundtripper: ignore gosec G101 error As per issue #172 this is not an issue, as there is no real GitHub token in the constant.	2021-02-19 08:23:57 -05:00
naveen	1e93904a66	Fix - Remove the app reference for the slash token	2021-02-18 16:14:12 -05:00
naveen	9b4b8be7e0	Feature - ok-to-test in github action	2021-02-18 15:45:55 -05:00
naveen	e94e53965e	Fix - Changes to reflect the scorecard score The score of the scorecard is improving with signed-release and updating the tests to reflect that.	2021-02-17 20:40:58 -05:00
nathannaveen	1a00062a09	Fix - golangci issues gomnd, goconst Fixed the golangci issues for gomnd and goconst. Added ginkgo dependency in the makefile.	2021-02-17 18:22:18 -05:00
Nathan	554ca76bfe	Fix - golangci issues gomnd, goconst Fixed the golangci issues for gomnd and goconst. Added ginkgo dependency in the makefile.	2021-02-17 18:22:18 -05:00
naveen	f906f3f568	Feature - sign releases	2021-02-17 17:53:41 -05:00
naveen	f57080098c	Doc - Updates to README and CONTRIBUTING	2021-02-16 17:00:36 -05:00
naveen	ef4c8d0758	Fix - refactor the lint in the actions	2021-02-16 15:59:50 -05:00
Dan Lorenc	5958a04192	Slow down to every few days.	2021-02-16 14:48:31 -05:00
naveen	51f017b206	Fix - ignore empty github token	2021-02-16 14:35:22 -05:00
naveen	db7bfcf342	Fix - golanglint-ci report only new issues	2021-02-16 14:23:03 -05:00
naveen	ce8e1e79ea	Feature - Include additional linters for golangci Included additional linters for golangci. The new linters would be reported existing issues.	2021-02-16 14:06:59 -05:00
naveen	7a713e5b43	Feature - Serve json response in http If the "Content-Type"== "application/json" then serve json response	2021-02-16 11:26:09 -05:00
dependabot[bot]	64660915d6	Bump golangci/golangci-lint-action from v2 to v2.4.0 Bumps [golangci/golangci-lint-action](https://github.com/golangci/golangci-lint-action) from v2 to v2.4.0. - [Release notes](https://github.com/golangci/golangci-lint-action/releases) - [Commits](https://github.com/golangci/golangci-lint-action/compare/v2...544d2efb307b3f205f34886f2787046abe7fb26e) Signed-off-by: dependabot[bot] <support@github.com>	2021-02-15 08:48:59 -05:00
Abhishek Arya	5fcaa98d6f	Add top 200 for all langs from criticality score repo. (#181 ) From https://github.com/ossf/criticality_score#public-data and combine with existing projects list.	2021-02-14 16:39:16 -05:00
naveen	b20e33c24b	Fix - go build to static binaries	2021-02-14 15:01:41 -05:00
Abhishek Arya	fc251d9d42	Add security policy to e2e test.	2021-02-14 12:50:24 -05:00
naveen	af2132e927	Fix- e2e tests to include the executable Included e2e tests for the executable with JSON	2021-02-14 11:46:17 -05:00
Naveen	30d69310c6	Fix - Organization checks for members (#170 ) * Fix - Organization checks for members * Fix - Turn off automatic releasenotes generation Turn off automatic release notes for CII https://bestpractices.coreinfrastructure.org/ * Fix - Organization checks for members	2021-02-14 10:46:14 -05:00
naveen	70ff5a94ce	Fix - Turn off automatic releasenotes generation Turn off automatic release notes for CII https://bestpractices.coreinfrastructure.org/	2021-02-14 10:31:35 -05:00
Abhishek Arya	7336fa167a	Add SECURITY.md Based on template from Anne. Fixes https://github.com/ossf/scorecard/issues/165	2021-02-13 14:53:06 -05:00
naveen	4bdc158018	Fix - packging workflow for docker push	2021-02-12 21:16:44 -05:00
Naveen	c77e995ae5	Fix - output message for non default output (#167 ) The json output had non-json output. Fixed it output only for default output.	2021-02-12 18:13:54 -08:00
naveen	cb7ee064b9	Feature - container scanning for scorecard	2021-02-12 17:01:58 -05:00
Abhishek Arya	ad7cc4a951	Add colon before sha.	2021-02-12 14:26:54 -05:00
naveen	2ad8b35b91	Fixes - verifiedtag checks The reason the tags aren't working for certain repositories is that because the Lightweight Tags vs Annotated Tags >Basically, lightweight tags are just pointers to specific commits. No further information is saved; on the other hand, annotated tags are regular objects, which have an author and a date and can be referred because they have their own SHA key. https://api.github.com/repos/ossf/scorecard/git/refs/tags ``` [ { "ref": "refs/tags/v1.0.0", "node_id": "MDM6UmVmMzAyNjcwNzk3OnJlZnMvdGFncy92MS4wLjA=", "url": "https://api.github.com/repos/ossf/scorecard/git/refs/tags/v1.0.0", "object": { "sha": "87997ffb5724cb479223a08a2890c60b0ea4bfbd", "type": "commit", "url": "`87997ffb57`" } }, { "ref": "refs/tags/v1.1.0", "node_id": "MDM6UmVmMzAyNjcwNzk3OnJlZnMvdGFncy92MS4xLjA=", "url": "https://api.github.com/repos/ossf/scorecard/git/refs/tags/v1.1.0", "object": { "sha": "f2c633854602cf0c8f33164a169fb0a8454bee01", "type": "tag", "url": "`f2c6338546`" } } ] ``` Annotated tags https://api.github.com/repos/kubernetes/kubernetes/git/refs/tags ``` [ { "ref": "refs/tags/v0.2", "node_id": "MDM6UmVmMjA1ODA0OTg6cmVmcy90YWdzL3YwLjI=", "url": "https://api.github.com/repos/kubernetes/kubernetes/git/refs/tags/v0.2", "object": { "sha": "64dbf9ae21dd0deb485f88b79b96eb35ca855138", "type": "tag", "url": "`64dbf9ae21`" } } ] ``` The look for the tag fails because of there isn't a tag object but only a commit object. `87997ffb57` fixes #107	2021-02-12 14:26:54 -05:00
Naveen	ca1d6e85f0	Doc - Update README with the docker image (#163 )	2021-02-11 15:27:16 -08:00
naveen	0b85e7e2e8	Fix - docker latest image	2021-02-11 16:32:07 -05:00
dependabot[bot]	2c23a47857	Bump github.com/spf13/cobra from 1.1.2 to 1.1.3 Bumps [github.com/spf13/cobra](https://github.com/spf13/cobra) from 1.1.2 to 1.1.3. - [Release notes](https://github.com/spf13/cobra/releases) - [Changelog](https://github.com/spf13/cobra/blob/master/CHANGELOG.md) - [Commits](https://github.com/spf13/cobra/compare/v1.1.2...v1.1.3) Signed-off-by: dependabot[bot] <support@github.com>	2021-02-11 11:15:34 -05:00
James Pether Sörling	127fda75ff	Update projects.txt (#151 ) Add 3 projects by https://github.com/Hack23 Co-authored-by: Naveen <172697+naveensrinivasan@users.noreply.github.com> Co-authored-by: dlorenc <lorenc.d@gmail.com>	2021-02-10 21:08:11 +00:00
naveen	6dd3698be8	Fix - Fixes the e2e tests for PR's	2021-02-10 16:07:03 -05:00
dependabot[bot]	7ef0cf9c55	Bump github.com/spf13/cobra from 1.1.1 to 1.1.2 (#154 ) Bumps [github.com/spf13/cobra](https://github.com/spf13/cobra) from 1.1.1 to 1.1.2. - [Release notes](https://github.com/spf13/cobra/releases) - [Changelog](https://github.com/spf13/cobra/blob/master/CHANGELOG.md) - [Commits](https://github.com/spf13/cobra/compare/v1.1.1...v1.1.2) Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2021-02-09 22:58:55 -08:00
naveen	7e158f80e5	Docker releases to GitHub Docker registry This will release docker container to GitHub docker registry.	2021-02-09 10:54:01 -05:00
naveen	7ab314db7d	Fix - dependabot githubactions location	2021-02-06 14:22:06 -05:00
naveen	bcf8d0df92	Fix - dependabot yaml error	2021-02-06 12:49:11 -05:00
naveen	4ad4a4204b	Feature - enabled dependabot for githubactions	2021-02-06 12:33:46 -05:00

... 48 49 50 51 52 ...

2692 Commits