laurentsimon
f2cee41ca9
✨ [RAW]: dependency update tool ( #1391 )
...
* dependency update tool
* rename
* missing files
* add fields
* rm field
2021-12-15 17:02:31 +00:00
laurentsimon
46e94eb925
✨ [DRAFT: RAW]: Security policy support ( #1372 )
...
* raw sec policy
* missing file
* fix validation of check.yml
* updates
* comments
* dea code
* comments
2021-12-14 23:51:42 +00:00
laurentsimon
551961718d
✨ [RAW] End-to-end support for raw results for Binary-Artifacts ( #1255 )
...
* split binary artifact check
* fix
* missing file
* comments
* fix
* comments
* draft
* merge fix
* fix merge
* add indirection
* comments
* comments
* linter
* comments
* updates
* updates
* updates
* linter
* comments
2021-12-14 21:10:24 +00:00
Chris McGehee
38b5199e9e
🐛 Adding line numbers to token-permissions and a couple other places ( #1363 )
...
* Adding line numbers to token-permissions and a couple other places
* Fix deadlink for security policy
Signed-off-by: Batuhan Apaydın <batuhan.apaydin@trendyol.com>
Co-authored-by: Furkan Türkal <furkan.turkal@trendyol.com>
* Updating formatting
Co-authored-by: Batuhan Apaydın <batuhan.apaydin@trendyol.com>
Co-authored-by: Furkan Türkal <furkan.turkal@trendyol.com>
2021-12-06 10:05:52 -06:00
Azeem Shaikh
2375ae2812
Add a OssFuzzRepoClient ( #1280 )
...
Co-authored-by: Azeem Shaikh <azeems@google.com>
2021-11-17 03:04:37 +00:00
Azeem Shaikh
6223b6620a
Add CIIClient interface ( #1262 )
...
Co-authored-by: Azeem Shaikh <azeems@google.com>
2021-11-15 02:46:41 +00:00
Naveen
6c1c789dc5
🌱 v3 upgrade changes ( #1118 )
...
v3 go.mod changes
2021-10-07 18:16:01 -05:00
Azeem Shaikh
bc37c74b28
Remove Owner/Repo strings from CheckRequest ( #997 )
...
Co-authored-by: Azeem Shaikh <azeems@google.com>
2021-09-10 10:13:14 -07:00
Azeem Shaikh
e730e911e6
sce.Create -> sce.WithMessage for wrapcheck ( #995 )
...
Co-authored-by: Azeem Shaikh <azeems@google.com>
2021-09-10 15:50:33 +00:00
neil465
5476b878bd
✨ Removed unnecessary linters ( #969 )
...
* gomnd
* prealloc
* dupl
2021-09-07 10:45:12 -04:00
Azeem Shaikh
afe5b40567
Make RepoClient as default interface for Scorecard ( #951 )
...
Co-authored-by: Azeem Shaikh <azeems@google.com>
2021-09-02 02:32:26 +00:00
laurentsimon
dbdcd4bea7
✨ SARIF 1: add structured detail ( #843 )
...
* sarif-1
* comment
* typos
* comments
* comments
* typo
* typo
* fixes
* linter
* linter
* linter
2021-08-16 23:26:19 +00:00
laurentsimon
23764f0168
✨ Upload cron results to a table with new format ( #830 )
...
* add json2 function
* asJSON2
* url2
* draft
* root
* tables and bucket
* fix
* comments
* new transfer instances
* comments
* rename files
* update k8 names
* typo
* fizes
* linter
2021-08-16 16:38:41 +00:00
Azeem Shaikh
b7ddc9ac93
Update go-github version for consistency ( #852 )
...
Co-authored-by: Azeem Shaikh <azeems@google.com>
2021-08-13 00:43:22 +00:00
laurentsimon
5bcc1fdc4f
populate old details ( #841 )
2021-08-11 21:16:05 +00:00
laurentsimon
6718939a08
✨ Cleanup errors and log ( #782 )
...
* cleanup
* text
* add errors
* fixes
* more
* fixes
* linnter
* comments
* name
2021-08-02 22:38:42 +00:00
Azeem Shaikh
6368c25f54
More linter issues ( #794 )
...
Co-authored-by: Azeem Shaikh <azeems@google.com>
2021-08-01 03:42:14 +00:00
Azeem Shaikh
83e9f52501
Enable revive linters which are used in google3 ( #793 )
...
Co-authored-by: Azeem Shaikh <azeems@google.com>
2021-07-31 22:31:34 +00:00
laurentsimon
b35cbdcdcf
✨ Make Branch-Protection score more granular ( #777 )
...
* commit
* uni tests
* full score
* typos
* update msg
* remove function
* comments
* linter
* comments
2021-07-30 01:54:19 +00:00
laurentsimon
6536d393f3
remove functions ( #770 )
2021-07-28 08:32:00 -07:00
laurentsimon
c044105e33
✨ rename var ( #756 )
...
* rename var
* linter
2021-07-26 17:24:34 -07:00
laurentsimon
a004ffb107
✨ cleanup Frozen-Deps MakeResultAnd
( #742 )
...
* draft
* fixes
* commi 1
* delete file
* clean
* clean 2
* linter
* fix score
* handle err
* in-proress score
* fixes
2021-07-26 22:02:46 +00:00
laurentsimon
8128f9fe68
divide by 0 ( #755 )
2021-07-26 21:37:17 +00:00
Naveen
4d7fb5d748
🌱 Fix the go.mod with v2 upgrade ( #716 )
...
The go.mod and the related files weren't t updated with the v2 upgrade.
https://github.com/ossf/scorecard/issues/711
This fix will address the issue.
2021-07-26 13:01:25 -05:00
laurentsimon
37d13c2972
✨ Code-Review cleanup ( #740 )
...
* sast cleanup
* code-review cleanup
* typo
* merge fix
2021-07-22 23:12:53 +00:00
laurentsimon
a34e326151
✨ sast cleanup ( #739 )
...
* sast cleanup
* comments
2021-07-22 18:03:31 +00:00
laurentsimon
ae33db624e
✨ [migration to score] 6: signed tags, signed release, PR, fuzzing ( #732 )
...
* yaml file
* sort checks
* comments
* signed tags
* signed release, PR, fuzzing
* typo
2021-07-21 18:10:47 -07:00
laurentsimon
53c056081b
✨ [migration to score] 5: contributors, vulnerabilities, packaging and sast ( #729 )
...
* contributors
* packaging
* vulnerabilities
* fix errors
* err
* errors
2021-07-21 13:40:16 -07:00
laurentsimon
6f203e73b6
✨ [migration to score] 4: active, fuzzing and code-review ( #721 )
...
* details-1
* nits
* typo
* commments
* dependabot and binary artifacts checks
* typo
* linter
* missing errors.go
* linter
* merge fix
* active, fuzzing and code review checks
* e2e tests for fuzzing
* fixes
2021-07-21 09:40:40 -07:00
laurentsimon
ab4bb60c9c
✨ [migration to score] 1: create errors and new functions ( #712 )
...
* details-1
* comment
* doc
* nits
* typo
* commments
* nit
* linter
2021-07-20 11:36:35 -07:00
Azeem Shaikh
9266f97ee9
Add monitoring for Scorecard errors ( #597 )
...
Co-authored-by: Azeem Shaikh <azeems@google.com>
2021-06-21 15:38:50 -07:00
Azeem Shaikh
0b62c58704
Add v0 of RepoClient interface ( #587 )
...
Co-authored-by: Azeem Shaikh <azeems@google.com>
2021-06-17 13:21:32 -07:00
asraa
b7ca0d9d1f
🐛 fix and result of multicheck ( #571 )
...
* fix multicheckand
Signed-off-by: Asra Ali <asraa@google.com>
* address comments
Signed-off-by: Asra Ali <asraa@google.com>
2021-06-14 18:00:54 +00:00
Azeem Shaikh
88f645bb76
Add per-repo CPU stats ( #562 )
...
Co-authored-by: Azeem Shaikh <azeems@google.com>
2021-06-09 14:18:40 -07:00
Azeem Shaikh
95362cceba
Reduce cardinality of OpenCensus stats ( #556 )
...
Co-authored-by: Azeem Shaikh <azeems@google.com>
2021-06-08 17:34:57 -07:00
Chris McGehee
6b63f3f963
🌱 Fix lint issues: Replace golint with revive ( #493 )
...
* Fix lint issues: Replace golint with revive
golint is deprecated and recommended to be replaced with revive
* Updating comments to be more accurate
* Updating comments again
Co-authored-by: Azeem Shaikh <azeemshaikh38@gmail.com>
2021-05-24 11:34:33 -07:00
Chris McGehee
61ecad3151
Add new linter: gci ( #498 )
2021-05-23 20:51:52 -07:00
Chris McGehee
2e7a71fbf2
Fix lint issues: goerr113 linter ( #491 )
...
Co-authored-by: Azeem Shaikh <azeemshaikh38@gmail.com>
2021-05-22 12:36:47 -07:00
Azeem Shaikh
05ae13bc18
Fix bugs in stat collection logic ( #489 )
...
Co-authored-by: Azeem Shaikh <azeems@google.com>
2021-05-21 22:04:04 -07:00
Azeem Shaikh
4584311fc6
Add monitoring to checks ( #480 )
...
Co-authored-by: Azeem Shaikh <azeems@google.com>
2021-05-20 23:47:49 -07:00
Chris McGehee
91b3641196
Fix lint issues: gocritic linter ( #477 )
2021-05-19 23:21:01 -07:00
laurentsimon
ee3f290702
✨ Add check for Docker dependency pinning by hash ( #469 )
...
* check pinning in docker files
* Revert "check pinning in docker files"
This reverts commit c05a5007b1
.
* check pinning in docker files
* Revert "check pinning in docker files"
This reverts commit c05a5007b1
.
* check pinning in docker files
* Revert "check pinning in docker files"
This reverts commit c05a5007b1
.
* check pinning in docker files
* Revert "check pinning in docker files"
This reverts commit c05a5007b1
.
* check pinning in docker files
* Revert "check pinning in docker files"
This reverts commit c05a5007b1
.
* check dependencies pinning in docker files
* check docker files hash pinning
* remove logging
* make keyword matches case-insensitive
* remove log
* update unit tests
* check fix
* check dependencies pinning in docker files
* check docker files hash pinning
* remove logging
* remove log
* check fix
* comment
* linter
* commments
* check pinning in docker files
* Revert "check pinning in docker files"
This reverts commit c05a5007b1
.
* check pinning in docker files
* Revert "check pinning in docker files"
This reverts commit c05a5007b1
.
* check pinning in docker files
* Revert "check pinning in docker files"
This reverts commit c05a5007b1
.
* check dependencies pinning in docker files
* check docker files hash pinning
* check fix
* check dependencies pinning in docker files
* check docker files hash pinning
* remove logging
* make keyword matches case-insensitive
* remove log
* check fix
* comment
* commments
* comments
* check pinning in docker files
* Revert "check pinning in docker files"
This reverts commit c05a5007b1
.
* check pinning in docker files
* Revert "check pinning in docker files"
This reverts commit c05a5007b1
.
* check pinning in docker files
* Revert "check pinning in docker files"
This reverts commit c05a5007b1
.
* check dependencies pinning in docker files
* check docker files hash pinning
* remove logging
* make keyword matches case-insensitive
* check fix
* check dependencies pinning in docker files
* check docker files hash pinning
* check fix
* commments
* comments
* comments
* comments
* update mod
* remove continue keyword
* linter
* linter
* linter
* comments
* cleanup
* linter
* typos
* typos
2021-05-19 09:46:39 -07:00
Abhishek Arya
5f82d2b9c0
✨ Add checks for workflow action pinning ( #466 )
...
Patch by Laurent Simon <laurentsimon@google.com>
Co-authored-by: Laurent Simon <laurentsimon@google.com>
2021-05-17 13:03:39 -07:00
Chris McGehee
727bb58911
🌱 Fix lint issues: govet linter ( #395 )
...
* Fix lint issues: govet linter
The fieldalignment analyzer informs you when structs would take up less
memory with their fields reordered.
* CheckResult.Details was not omitted as intended
Found by govet linter
* Removing possible breaking change
Co-authored-by: Naveen <172697+naveensrinivasan@users.noreply.github.com>
Co-authored-by: Azeem Shaikh <azeemshaikh38@gmail.com>
2021-05-11 06:52:52 -07:00
Chris McGehee
6a7142fe21
Fix lint issues: golint linter
2021-05-02 14:49:40 -05:00
Azeem Shaikh
bd3eff1fcf
✨ Cron job uses line-delimited JSON ( #344 )
...
* ✨ Refactor to reduce code duplication
* ✨
* Move lib/ back to checker/
* Move lib/ back to checker/
* Move lib/ back to checker/
* Address PR comments.
* Addressing PR comments.
* Separate out ReposURL nito repos/
* Add TODO in gitcache module.
* Add RepoRequest/Response types.
* Avoid printing `ShouldRetry` and `Error` in output JSON.
* Fix JSON output.
* Simplify cmd package.
* Make cron/ a package instead of module.
* Fix TODO.
* Remove binary file.
* go.mod file.
* go.mod updates.
* Refactor cron to use in-memory JSON.
* Fix JSON output.
* Fix go.mod
* Address PR comments.
* Change %w -> %v.
* Address PR comments.
* Fix err.
Co-authored-by: Azeem Shaikh <azeems@google.com>
2021-04-19 12:49:51 -07:00
Chris McGehee
06993b72ce
🐛 Fix linting issues (1 of n) ( #348 )
...
* Fix lint issues: whitespace linter
* Fix lint issues: wrapcheck linter
* Fix lint issues: errcheck linter
* Fix lint issues: paralleltest linter
* Fix lint issues: gocritic linter
Most changes from this commit are from passing checker.CheckResult by reference and not by value. gocritic identified that as a huge parameter.
gocritic also prefers regexp.MustCompile over Compile when the pattern is a const
2021-04-19 12:18:34 -07:00
Azeem Shaikh
a58818d258
🌱 : Reduce code duplication for follow-up cron refactoring ( #338 )
...
* ✨ Refactor to reduce code duplication
* ✨
* Move lib/ back to checker/
* Move lib/ back to checker/
* Move lib/ back to checker/
* Address PR comments.
* Addressing PR comments.
* Avoid printing `ShouldRetry` and `Error` in output JSON.
* Fix JSON output.
Co-authored-by: Azeem Shaikh <azeems@google.com>
2021-04-10 07:26:56 -05:00
Abhishek Arya
f15a6bfbf0
Dont retry and log http get failures. ( #324 )
2021-04-04 10:24:14 -07:00
naveen
c2ff48dc59
feat-Reduced GitHub API calls for security check
...
Reduced the number of calls to GitHub API from 16 to max of 2 calls.
Utilized tar ball to download and check for the contents of those files.
2021-02-25 21:55:54 -05:00