ossf/scorecard
1
1
Fork 0
mirror of https://github.com/ossf/scorecard.git synced 2024-09-17 11:57:12 +03:00
Code Issues Actions 6 Packages Projects Releases Wiki Activity
1,160 Commits 36 Branches 42 Tags 436 MiB
bba55d4257
Commit Graph

1160 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
naveen
bba55d4257 🌱 Parallelize builds 
- parallelize builds
 2022-02-17 15:23:21 -06:00
naveen
1aff6db9f6 🌱 Ignore docker builds 
- ignore docker builds for non-main branches
- ignore docker builds for *.md
 2022-02-16 17:52:55 -06:00
Azeem Shaikh
674146ca3c
Make verbosity levels case insensitive (#1650) 
Co-authored-by: Azeem Shaikh <azeems@google.com>
 2022-02-16 19:33:04 +00:00
naveen
db1d568499 🌱 Remove building ko to speed up builds 
- Remove building ko as we aren't using `ko` yet.
- Every build of `ko` slows down the build time.
- When we enable `ko` which will replace `docker` then we can enable `ko` builds
 2022-02-16 10:49:27 -06:00
dependabot[bot]
e6f6c56d34 🌱 Bump github.com/onsi/ginkgo/v2 from 2.0.0 to 2.1.3 
Bumps [github.com/onsi/ginkgo/v2](https://github.com/onsi/ginkgo) from 2.0.0 to 2.1.3.
- [Release notes](https://github.com/onsi/ginkgo/releases)
- [Changelog](https://github.com/onsi/ginkgo/blob/master/CHANGELOG.md)
- [Commits](https://github.com/onsi/ginkgo/compare/v2.0.0...v2.1.3)

---
updated-dependencies:
- dependency-name: github.com/onsi/ginkgo/v2
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
 2022-02-16 08:36:38 -06:00
dependabot[bot]
4ebd8aff9c 🌱 Bump github.com/onsi/ginkgo/v2 from 2.0.0 to 2.1.3 in /tools 
Bumps [github.com/onsi/ginkgo/v2](https://github.com/onsi/ginkgo) from 2.0.0 to 2.1.3.
- [Release notes](https://github.com/onsi/ginkgo/releases)
- [Changelog](https://github.com/onsi/ginkgo/blob/master/CHANGELOG.md)
- [Commits](https://github.com/onsi/ginkgo/compare/v2.0.0...v2.1.3)

---
updated-dependencies:
- dependency-name: github.com/onsi/ginkgo/v2
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
 2022-02-16 07:13:41 -06:00
Jeff Mendoza
ba503c3bee
githubrepo: Allow providing an already authenticated transport (#1644) 2022-02-15 19:13:45 -05:00
Azeem Shaikh
cda7a1b1d4
Add tests for graphQL costs (#1643) 
Co-authored-by: Azeem Shaikh <azeems@google.com>
 2022-02-15 23:38:23 +00:00
Azeem Shaikh
de5224bbc5
Update e2e tests (#1641) 
Co-authored-by: Azeem Shaikh <azeems@google.com>
 2022-02-15 19:27:45 +00:00
Azeem Shaikh
2b206dc365
Remove Version field from LogMessage (#1640) 
Co-authored-by: Azeem Shaikh <azeems@google.com>
 2022-02-15 18:26:06 +00:00
naveen
35511342c8 🌱 Parallelize the builds 
- Created a workflow with multiple jobs for each of the docker builds
- Created a workflow with multiple jobs for each of the ko builds
- Removed the reference to dockerbuild and kobuild in the build-targets
  make target
- This should reduce the time required to finish the CI builds as it
  makes it parallel.
 2022-02-15 11:51:54 -06:00
laurentsimon
e7fd58d9a3
Check for secrets in pull_request_target (#1634) 
* checks/dangerous_workflow.go: add pull_request_target support for secrets

* missing files

* linter
 2022-02-15 16:04:57 +00:00
dependabot[bot]
e3637c9e17 🌱 Bump cloud.google.com/go/bigquery from 1.27.0 to 1.28.0 
Bumps [cloud.google.com/go/bigquery](https://github.com/googleapis/google-cloud-go) from 1.27.0 to 1.28.0.
- [Release notes](https://github.com/googleapis/google-cloud-go/releases)
- [Changelog](https://github.com/googleapis/google-cloud-go/blob/main/CHANGES.md)
- [Commits](https://github.com/googleapis/google-cloud-go/compare/spanner/v1.27.0...spanner/v1.28.0)

---
updated-dependencies:
- dependency-name: cloud.google.com/go/bigquery
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
 2022-02-15 06:21:45 -06:00
Azeem Shaikh
1e488a804f
Fix for repos which do not squash PR commits (#1637) 
Co-authored-by: Azeem Shaikh <azeems@google.com>
 2022-02-14 23:33:15 +00:00
Azeem Shaikh
f3332ce129
Add validation for commit-based APIs (#1635) 
Co-authored-by: Azeem Shaikh <azeems@google.com>
 2022-02-14 22:24:35 +00:00
dependabot[bot]
eb0730ae79
🌱 Bump github.com/goreleaser/goreleaser in /tools (#1632) 2022-02-14 11:35:10 +00:00
Stephen Augustus (he/him)
394789cf22
README.md: Add OpenSSF Best Practices badge (#1629) 
Signed-off-by: Stephen Augustus <foo@auggie.dev>
 2022-02-12 03:46:52 -08:00
Azeem Shaikh
2e3e505a8c
Simplify DetailLogger interface (#1628) 
Co-authored-by: Azeem Shaikh <azeems@google.com>
 2022-02-11 15:48:58 -08:00
Azeem Shaikh
38be00c31f
Reduce query cost by analysing lesser associatedPR (#1624) 
Co-authored-by: Azeem Shaikh <azeems@google.com>
 2022-02-10 21:50:22 -06:00
laurentsimon
7de151cf49
Check for secrets in workflows run on pull requests (#1615) 
* updates

* missing files

* typo

* linter

* linter

* updates

* updates
 2022-02-10 18:54:44 +00:00
dependabot[bot]
9b921f07c7
🌱 Bump actions/setup-go from 2.1.5 to 2.2.0 (#1619) 2022-02-10 10:13:56 +00:00
laurentsimon
61e52d4a65
update workflow (#1617) 2022-02-09 10:51:58 -08:00
dependabot[bot]
368c105abe
🌱 Bump cloud.google.com/go/pubsub from 1.17.0 to 1.18.0 (#1616) 2022-02-09 09:34:53 +00:00
Azeem Shaikh
6930c3ab3b
Add support for commit-based Scorecard (#1613) 
Co-authored-by: Azeem Shaikh <azeems@google.com>
 2022-02-07 19:03:36 -08:00
Azeem Shaikh
1c95237e4a
Only run allowed checks in different modes (#1579) 
Co-authored-by: Azeem Shaikh <azeems@google.com>
 2022-02-07 16:49:49 -08:00
Azeem Shaikh
eac2aecce6
Add support for commit-based lookup to GitHub APIs (#1612) 
Co-authored-by: Azeem Shaikh <azeems@google.com>
 2022-02-07 22:06:05 +00:00
naveen
68bf172e59 🌱 Unit tests fileparser/listing 
Unit tests fileparser/listing
 https://github.com/ossf/scorecard/issues/986
 2022-02-07 15:33:18 -06:00
Naveen
30fc06e4a8 Fixed the formatting issue 2022-02-07 15:15:57 -06:00
naveen
aaf7a9f208 🌱 Cache builds between runs 
Cache builds between runs.
 2022-02-07 11:52:36 -06:00
naveen
049db386a5 🌱 Unit tests for dependency_update_tool 
Unit tests for dependency_update_tool
 https://github.com/ossf/scorecard/issues/986

Signed-off-by: naveen <172697+naveensrinivasan@users.noreply.github.com>
 2022-02-07 11:05:37 -06:00
laurentsimon
873308016c
checks/packaging.go: ignore workflows/<>/ files (#1591) 2022-02-04 21:42:59 +00:00
Julia Ferraioli
95e7c030eb
Update the biweekly meeting times (#1603) 2022-02-04 20:50:41 +00:00
naveen
80cc0dd11e 🌱 Unit tests checks/ci_tests_test.go 
Unit tests for tests checks/ci_tests_test.go

 https://github.com/ossf/scorecard/issues/986
 2022-02-04 13:26:16 -06:00
Behnaz Hassanshahi
f84291dcfd
🐛 Fix Dependabot check to accept .yaml file extension (#1601) 2022-02-03 23:53:32 +00:00
naveen
5e1fd5230c 🌱 Tweaking codecov config 2022-02-03 15:50:16 -06:00
naveen
35aad1dce5 🌱 Unit tests code-review for raw 
Unit tests code-review for raw.
https://github.com/ossf/scorecard/issues/986
 2022-02-03 13:22:39 -06:00
naveen
674f747d47 🌱 Unit tests for vulnerabilities raw package 
Unit tests for vulnerabilities raw package

https://github.com/ossf/scorecard/issues/986
 2022-02-03 13:00:35 -06:00
Arnout Engelen
28bf341a3f 📖 recommend nix-shell over nix-env 
Which is more idiomatic
 2022-02-03 11:53:25 -06:00
naveen
634643e9f7 🌱 Unit test for fileparser/listing 
Unit test for fileparser/listing

https://github.com/ossf/scorecard/issues/986

🌱 Unit test for fileparser/listing

Unit tests for fileparser/listing

https://github.com/ossf/scorecard/issues/986

Signed-off-by: naveen <172697+naveensrinivasan@users.noreply.github.com>
 2022-02-03 11:01:57 -06:00
Martijn Pieters
88aa0e8159 📖 Add make install to Environment Setup 
Fixes #1588
 2022-02-03 10:39:37 -06:00
Azeem Shaikh
4581c363cf
Remove ListMergedPRs API (#1566) 
Co-authored-by: Azeem Shaikh <azeems@google.com>
 2022-02-03 00:01:35 +00:00
laurentsimon
9037444513
Raw data for code review check (#1505) 
* separate code review's eval and check

* missing file

* add comments

* fix

* fix

* linter

* fixes

* fix

* linter

* linter

* linter

* draft

* fixes

* fixes

* simplify

* update date

* rem comments

* typo

* linter

* typo

* linter
 2022-02-02 19:51:38 +00:00
laurentsimon
7032b1910e
Ignore all files under testdata/ (#1594) 2022-02-02 19:17:21 +00:00
laurentsimon
0670b8bdee
pkg/sarif.go: Add score in message (#1593) 
pkg/testdata/check6.sarif: Update message
 2022-02-02 18:30:04 +00:00
naveen
009aa85e3f 🌱 Unit tests for Vulnerabilities 
- Unit tests for Vulnerabilities
- https://github.com/ossf/scorecard/issues/986
 2022-02-02 11:55:57 -06:00
naveen
05cedd7cf7 🌱 Categorize the Makefile 
Categorize the makefile into sections for better readability.

Examples :- Development, Build and Tests
 2022-02-02 11:17:23 -06:00
laurentsimon
79b216c956
checks/security_policy_test.go: updated unit tests (#1590) 
checks/raw/security_policy.go: add support for .adoc policies
 2022-02-02 08:31:42 -08:00
Arnout Engelen
24842de010 📖 remove inaccurate claim about github rendering emoji 
GitHub renders `:xyz:` aliases in PR titles just fine nowadays.
 2022-02-02 09:15:27 -06:00
laurentsimon
86d8281031
Do not parse non-dockerfile (#1583) 
* draft

* checks/pinned_dependencies.go: added isDockerfiler()
checks/pinned_dependencies_test.go: added TestDockerfileInvalidFiles

* undo CodeQL

Co-authored-by: Naveen <172697+naveensrinivasan@users.noreply.github.com>
 2022-02-01 23:50:15 +00:00
Azeem Shaikh
2d0e5381c2
Revert Committer.Name change (#1576) 
Co-authored-by: Azeem Shaikh <azeems@google.com>
 2022-02-01 23:00:11 +00:00