mirror of
https://github.com/ossf/scorecard.git
synced 2024-09-19 21:18:09 +03:00
bdaef02d0a
168 Commits
| Author | SHA1 | Message | Date | |
|---|---|---|---|---|
afmarcum
|
0e7a09b37e
|
📖 Remove survey (#4077)
Signed-off-by: afmarcum <138055109+afmarcum@users.noreply.github.com> |
||
Gabriela Gutierrez
|
8789bbbbfc
|
⚠️ Add initial Maintainers Annotation parsing (#3905)
* feat: Get maintainers annotation from repo This commits adds functionality to read a scorecard.yml file from a repository and parse it to get the maintainers annotation. It introduces the concepts of exemptions, annotations, annotated checks, and annotation reasons. Signed-off-by: Gabriela Gutierrez <gabigutierrez@google.com> * feat: Hand off maintainers annotation for SARIF Hnad off maintainers annotation to SARIF formatting so it can decide to skip or not skip checks when creating the output. Signed-off-by: Gabriela Gutierrez <gabigutierrez@google.com> * feat: If check is annotated, skip in SARIF output Signed-off-by: Gabriela Gutierrez <gabigutierrez@google.com> * feat: Add other annotation reasons Signed-off-by: Gabriela Gutierrez <gabigutierrez@google.com> * feat: Add options to show maintainers annotations in output Signed-off-by: Gabriela Gutierrez <gabigutierrez@google.com> * feat: Output maintainers annotations in JSON Signed-off-by: Gabriela Gutierrez <gabigutierrez@google.com> * fix: Remove unnecessary maintainers annotation param in SARIF Signed-off-by: Gabriela Gutierrez <gabigutierrez@google.com> * feat: Output maintainers annotations in string default result This commit changes how data is appended to the table rows. Previously, we defined the table columns size and added information to each index. To avoid complicating the calculation of the index now that we are adding another optional column, the data is appended to the row as needed. Also, the maintainers annotation was chosen to be displayed as last column to give space for Scorecard official reasoning and documentation to appear first. Signed-off-by: Gabriela Gutierrez <gabigutierrez@google.com> * feat: Ignore annotation if check has max score Signed-off-by: Gabriela Gutierrez <gabigutierrez@google.com> * doc: Add documentation for maintainers annotation Introduce what flag should be used to show maintainers annotation and how to configure maintainers annotation for your repository. Signed-off-by: Gabriela Gutierrez <gabigutierrez@google.com> * refactor: A maintainers annotation obj can verify if a check is exempted Signed-off-by: Gabriela Gutierrez <gabigutierrez@google.com> * refactor: Get annotations function can be private Signed-off-by: Gabriela Gutierrez <gabigutierrez@google.com> * refactor: Find scorecard.yml file in the repository's root Change to "GetFileContent" method since we're looking for a specific file instead of using "OnMatchingFileContentDo" method that looks files with a specific content. This also removes the dependency from "checks/fileparser". This is necessary to move "IsCheckExempted" to checker. Signed-off-by: Gabriela Gutierrez <gabigutierrez@google.com> * fix: A check should know if it's exempted or not Moving the verification "IsCheckExempted" from maintainers_annotation package to checker package. This way a check result will define, consulting maintainers annotation, if it is exempted or not. Signed-off-by: Gabriela Gutierrez <gabigutierrez@google.com> * fix: Maintainers annotation can only be used in experimental mode Signed-off-by: Gabriela Gutierrez <gabigutierrez@google.com> * fix: Ignore if scorecard.yml does not exist Signed-off-by: Gabriela Gutierrez <gabigutierrez@google.com> * fix: Remove unnecessary maintainers annotation param Signed-off-by: Gabriela Gutierrez <gabigutierrez@google.com> * docs: Move complete mantainers annotation doc to feature folder Signed-off-by: Gabriela Gutierrez <gabigutierrez@google.com> * fix: Error logs Signed-off-by: Gabriela Gutierrez <gabigutierrez@google.com> * refactor: Rename AnnotationReason to Reason Avoid repetition in variable references. Signed-off-by: Gabriela Gutierrez <gabigutierrez@google.com> * refactor: Reason documentation Redo reason documentation as a switch case to be called when necessary instead of defining a global map. Another reason to redo this logic as switch is that switch should be more performatic then instantiating a local map. Signed-off-by: Gabriela Gutierrez <gabigutierrez@google.com> * refactor: Rename ScorecardYml to ScorecardConfig This is a better generic name to reference Scorecard configuration file and leave the file format for the implementation. Signed-off-by: Gabriela Gutierrez <gabigutierrez@google.com> * fix: Check name comparison The EqualFold comparison is already case insensitive. Signed-off-by: Gabriela Gutierrez <gabigutierrez@google.com> * refactor: Rename maintainers annotation folder/file to config Signed-off-by: Gabriela Gutierrez <gabigutierrez@google.com> * refactor: Rename and simplify parsing the config Signed-off-by: Gabriela Gutierrez <gabigutierrez@google.com> * refactor: Check parses its reasons Signed-off-by: Gabriela Gutierrez <gabigutierrez@google.com> * fix: Is check exempted Fix config struture renaming and collect all annotation reasons for a check. Don't stop in the first annotation that the check is exempted. Signed-off-by: Gabriela Gutierrez <gabigutierrez@google.com> * refactor: Rename maintainers annotation to annotations Renaming flags, function params, docs and fixing config renamings. Signed-off-by: Gabriela Gutierrez <gabigutierrez@google.com> * refactor: Separate annotations content from config parsing Signed-off-by: Gabriela Gutierrez <gabigutierrez@google.com> * fix: Omit empty annotations in JSON results Signed-off-by: Gabriela Gutierrez <gabigutierrez@google.com> * refactor: Read config file content Signed-off-by: Gabriela Gutierrez <gabigutierrez@google.com> * refactor: JSON2 result options Signed-off-by: Gabriela Gutierrez <gabigutierrez@google.com> * refactor: String result options Signed-off-by: Gabriela Gutierrez <gabigutierrez@google.com> * test: Mock GetFileReader Signed-off-by: Gabriela Gutierrez <gabigutierrez@google.com> * test: Annotation on Binary-Artifacts check Signed-off-by: Gabriela Gutierrez <gabigutierrez@google.com> * feat: Validate annotated checks Signed-off-by: Gabriela Gutierrez <gabigutierrez@google.com> * test: Annotating all checks Signed-off-by: Gabriela Gutierrez <gabigutierrez@google.com> * feat: Validate annotated reasons Signed-off-by: Gabriela Gutierrez <gabigutierrez@google.com> * test: Annotating all reasons Signed-off-by: Gabriela Gutierrez <gabigutierrez@google.com> * test: Multiple annotations Signed-off-by: Gabriela Gutierrez <gabigutierrez@google.com> * test: Binary-Artifacts exempted for testing Signed-off-by: Gabriela Gutierrez <gabigutierrez@google.com> * test: Binary-Artifacts not exempted Signed-off-by: Gabriela Gutierrez <gabigutierrez@google.com> * test: No checks exempted Signed-off-by: Gabriela Gutierrez <gabigutierrez@google.com> * test: Exemption is outdated Signed-off-by: Gabriela Gutierrez <gabigutierrez@google.com> * test: Improve reasons error comparison Signed-off-by: Gabriela Gutierrez <gabigutierrez@google.com> * test: Multiple exemption reasons in a single annotation Signed-off-by: Gabriela Gutierrez <gabigutierrez@google.com> * test: Multiple exemption reasons across annotations Signed-off-by: Gabriela Gutierrez <gabigutierrez@google.com> * fix: cmd show annotations flag doc Signed-off-by: Gabriela Gutierrez <gabigutierrez@google.com> * test: Add show annotations flag Signed-off-by: Gabriela Gutierrez <gabigutierrez@google.com> * fix: Remove unnecessary function Signed-off-by: Gabriela Gutierrez <gabigutierrez@google.com> * test: Annotations string format Signed-off-by: Gabriela Gutierrez <gabigutierrez@google.com> * test: Annotations json format Signed-off-by: Gabriela Gutierrez <gabigutierrez@google.com> * fix: Linter fallthrough Signed-off-by: Gabriela Gutierrez <gabigutierrez@google.com> * fix: Linter imports Signed-off-by: Gabriela Gutierrez <gabigutierrez@google.com> * fix: Linter unnecessart struct type declaration Signed-off-by: Gabriela Gutierrez <gabigutierrez@google.com> * fix: Linter append combine Signed-off-by: Gabriela Gutierrez <gabigutierrez@google.com> * fix: Linter struct memory Signed-off-by: Gabriela Gutierrez <gabigutierrez@google.com> * fix: Linter improve error msg in run scorecard Signed-off-by: Gabriela Gutierrez <gabigutierrez@google.com> * fix: Linter dynamic errors Signed-off-by: Gabriela Gutierrez <gabigutierrez@google.com> * docs: Disable security alerts on SARIF output Signed-off-by: Gabriela Gutierrez <gabigutierrez@google.com> * docs: Redirect to configuration doc on main README Signed-off-by: Gabriela Gutierrez <gabigutierrez@google.com> * test: Invalid check in annotations Signed-off-by: Gabriela Gutierrez <gabigutierrez@google.com> * test: Invalid reason in annotations Signed-off-by: Gabriela Gutierrez <gabigutierrez@google.com> * test: Exempt check on SARIF output clears runs Signed-off-by: Gabriela Gutierrez <gabigutierrez@google.com> * test: Add check1 annotations json Signed-off-by: Gabriela Gutierrez <gabigutierrez@google.com> * fix: On parse error return empty config file not a "dirty" one Signed-off-by: Gabriela Gutierrez <gabigutierrez@google.com> * fix: On parse config error continue execution We log the error to the user but continue execution with empty config. Signed-off-by: Gabriela Gutierrez <gabigutierrez@google.com> * fix: Merge conflics importing rules Signed-off-by: Gabriela Gutierrez <gabigutierrez@google.com> * fix: Readd is experimental enabled method This method is necessary to validate if experimental feature is enabled so it can activate show annotations feature. Signed-off-by: Gabriela Gutierrez <gabigutierrez@google.com> * feat: Wrap config parse under experimental flag Signed-off-by: Gabriela Gutierrez <gabigutierrez@google.com> * fix unit test by removing unused mock call Signed-off-by: Spencer Schrock <sschrock@google.com> --------- Signed-off-by: Gabriela Gutierrez <gabigutierrez@google.com> |
||
Raghav Kaul
|
39b56e809b
|
📖 docs: update website (#4041)
Signed-off-by: Raghav Kaul <raghavkaul+github@google.com> |
||
|
afmarcum
|
af155611a2
|
📖 Add survey announcement to readme (#3942)
* Add survey announcement to readme Signed-off-by: afmarcum <138055109+afmarcum@users.noreply.github.com> * Update README.md Co-authored-by: Spencer Schrock <sschrock@google.com> Signed-off-by: afmarcum <138055109+afmarcum@users.noreply.github.com> --------- Signed-off-by: afmarcum <138055109+afmarcum@users.noreply.github.com> Co-authored-by: Spencer Schrock <sschrock@google.com> |
||
|
afmarcum
|
5a96bddb3a
|
📖 Update README slack badge (#3906)
Signed-off-by: afmarcum <138055109+afmarcum@users.noreply.github.com> |
||
|
afmarcum
|
b03bd230e2
|
📖 Update Readme Slack references (#3839)
Signed-off-by: afmarcum <138055109+afmarcum@users.noreply.github.com> |
||
Spencer Schrock
|
e10dbb1531
|
🐛 Support self-hosted GitLab instances where base URL has a path component (#3819)
* Add GL_HOST env flag Self-hosted instances which dont use a subdomain result in broken API links. This change may not be finished, but is intended to evaluate the solution. Previously, self hosted instances where the instance is part of the path (foo.com/gitlab/owner/repo) would have their API base URL registered as foo.com/api/v4/ instead of foo.com/gitlab/api/v4/ Signed-off-by: Spencer Schrock <sschrock@google.com> * include token in gitlab project probe Signed-off-by: Spencer Schrock <sschrock@google.com> * consider GL_HOST when parsing gitlab repo urls Signed-off-by: Spencer Schrock <sschrock@google.com> * remove unneeded GL_HOST parsing now that repoURL_parse handles GL_HOST, we dont need it elsewhere. Signed-off-by: Spencer Schrock <sschrock@google.com> * cleanup Signed-off-by: Spencer Schrock <sschrock@google.com> * mention GL_HOST in readme Signed-off-by: Spencer Schrock <sschrock@google.com> * fix linter Signed-off-by: Spencer Schrock <sschrock@google.com> * handle GL_HOST without scheme Signed-off-by: Spencer Schrock <sschrock@google.com> * move api-less check earlier if we can avoid an API call, do it. Signed-off-by: Spencer Schrock <sschrock@google.com> * try listing projects with and without auth token Signed-off-by: Spencer Schrock <sschrock@google.com> * fix linter Signed-off-by: Spencer Schrock <sschrock@google.com> * revert passing token to list projects the simpler the better Signed-off-by: Spencer Schrock <sschrock@google.com> --------- Signed-off-by: Spencer Schrock <sschrock@google.com> |
||
Josh Soref
|
3b948257fc
|
📖 Fix spelling (#3804)
* spelling: accurate Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com> * spelling: administrator Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com> * spelling: analyze Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com> * spelling: andtwenty Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com> * spelling: ascii Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com> * spelling: association Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com> * spelling: at least Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com> * spelling: attestor Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com> * spelling: barbaric Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com> * spelling: bucket Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com> * spelling: by Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com> * spelling: can Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com> * spelling: case-insensitive Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com> * spelling: case-sensitive Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com> * spelling: checking Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com> * spelling: command-line Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com> * spelling: commit Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com> * spelling: committed Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com> * spelling: conclusion Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com> * spelling: corresponding Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com> * spelling: created Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com> * spelling: dataset Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com> * spelling: default Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com> * spelling: defines Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com> * spelling: dependabot Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com> * spelling: dependency Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com> * spelling: depending Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com> * spelling: desired Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com> * spelling: different Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com> * spelling: disclose Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com> * spelling: download Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com> * spelling: each Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com> * spelling: enforce Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com> * spelling: every time Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com> * spelling: exist Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com> * spelling: existing Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com> * spelling: fields Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com> * spelling: files Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com> * spelling: for Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com> * spelling: force-push Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com> * spelling: github Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com> * spelling: gitlab Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com> * spelling: ignoreed Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com> * spelling: implementation Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com> * spelling: implements Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com> * spelling: increase Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com> * spelling: indicates Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com> * spelling: initialized Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com> * spelling: instructions Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com> * spelling: invalid Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com> * spelling: marshal Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com> * spelling: match Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com> * spelling: name Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com> * spelling: nonexistent Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com> * spelling: organization Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com> * spelling: package Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com> * spelling: provenance Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com> * spelling: query Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com> * spelling: readers Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com> * spelling: receive Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com> * spelling: registered Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com> * spelling: remediate Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com> * spelling: representation Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com> * spelling: requests Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com> * spelling: requires Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com> * spelling: return Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com> * spelling: scorecard Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com> * spelling: separator Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com> * spelling: serialization Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com> * spelling: sign up Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com> * spelling: specifications Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com> * spelling: specified Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com> * spelling: success Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com> * spelling: successfully Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com> * spelling: the Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com> * spelling: their Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com> * spelling: twenty Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com> * spelling: unexpected Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com> * spelling: unused Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com> * spelling: unverified Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com> * spelling: validate Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com> * spelling: vendor Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com> * spelling: vulnerabilities Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com> * spelling: vulns Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com> * spelling: will Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com> * spelling: without Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com> * spelling: workflow Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com> * spelling: workflows Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com> --------- Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com> |
||
|
Raghav Kaul
|
6c345f12df
|
📖 Clarify lack of 2FA check in README.md (#3784)
Update docs on 2FA Closes #7 Signed-off-by: Raghav Kaul <8695110+raghavkaul@users.noreply.github.com> |
||
Caroline
|
da6d7ec251
|
📖 Update README with zoom meeting info (#3739)
* update zoom meeting info Signed-off-by: leec94 <leec94@bu.edu> * feedback Signed-off-by: leec94 <leec94@bu.edu> * correcting zoom and calendar links Signed-off-by: leec94 <leec94@bu.edu> --------- Signed-off-by: leec94 <leec94@bu.edu> |
||
ariathaker
|
ce0b54efe0
|
📖 Add beginner's guide to scorecard checks docs (#3617)
* -Added beginner's guide to scorecard checks doc -Edited README to link to the beginner's guide Signed-off-by: ariathaker <ariathaker@gmail.com> * Update beginner-checks.md Incorporating Spencer's edits. Signed-off-by: ariathaker <51683211+ariathaker@users.noreply.github.com> Signed-off-by: ariathaker <ariathaker@gmail.com> * Update docs/beginner-checks.md Co-authored-by: olivekl <83081275+olivekl@users.noreply.github.com> Signed-off-by: ariathaker <51683211+ariathaker@users.noreply.github.com> Signed-off-by: ariathaker <ariathaker@gmail.com> * Update docs/beginner-checks.md Co-authored-by: olivekl <83081275+olivekl@users.noreply.github.com> Signed-off-by: ariathaker <51683211+ariathaker@users.noreply.github.com> Signed-off-by: ariathaker <ariathaker@gmail.com> * Update docs/beginner-checks.md Co-authored-by: olivekl <83081275+olivekl@users.noreply.github.com> Signed-off-by: ariathaker <51683211+ariathaker@users.noreply.github.com> Signed-off-by: ariathaker <ariathaker@gmail.com> * Update docs/beginner-checks.md Co-authored-by: olivekl <83081275+olivekl@users.noreply.github.com> Signed-off-by: ariathaker <51683211+ariathaker@users.noreply.github.com> Signed-off-by: ariathaker <ariathaker@gmail.com> * Update docs/beginner-checks.md Co-authored-by: olivekl <83081275+olivekl@users.noreply.github.com> Signed-off-by: ariathaker <51683211+ariathaker@users.noreply.github.com> Signed-off-by: ariathaker <ariathaker@gmail.com> * Update docs/beginner-checks.md Co-authored-by: olivekl <83081275+olivekl@users.noreply.github.com> Signed-off-by: ariathaker <51683211+ariathaker@users.noreply.github.com> Signed-off-by: ariathaker <ariathaker@gmail.com> * Update beginner-checks.md Signed-off-by: ariathaker <51683211+ariathaker@users.noreply.github.com> Signed-off-by: ariathaker <ariathaker@gmail.com> * Update beginner-checks.md Signed-off-by: ariathaker <51683211+ariathaker@users.noreply.github.com> * Update beginner-checks.md Signed-off-by: ariathaker <51683211+ariathaker@users.noreply.github.com> * Update beginner-checks.md Signed-off-by: ariathaker <51683211+ariathaker@users.noreply.github.com> * Update beginner-checks.md Signed-off-by: ariathaker <51683211+ariathaker@users.noreply.github.com> --------- Signed-off-by: ariathaker <ariathaker@gmail.com> Signed-off-by: ariathaker <51683211+ariathaker@users.noreply.github.com> Co-authored-by: olivekl <83081275+olivekl@users.noreply.github.com> |
||
omahs
|
3785f9cc44
|
📖 Fix documentation typos (#3505)
* fix typo Signed-off-by: omahs <73983677+omahs@users.noreply.github.com> * fix typos Signed-off-by: omahs <73983677+omahs@users.noreply.github.com> * fix typo Signed-off-by: omahs <73983677+omahs@users.noreply.github.com> * fix typo Co-authored-by: Raghav Kaul <8695110+raghavkaul@users.noreply.github.com> Signed-off-by: omahs <73983677+omahs@users.noreply.github.com> * fix typos Signed-off-by: omahs <73983677+omahs@users.noreply.github.com> --------- Signed-off-by: omahs <73983677+omahs@users.noreply.github.com> |
||
olivekl
|
fe7906f3ba
|
📖 Add gitlab links to viewer example (#3494)
* Update README.md Signed-off-by: olivekl <olivekl@google.com> * Update faq.md Signed-off-by: olivekl <olivekl@google.com> --------- Signed-off-by: olivekl <olivekl@google.com> |
||
|
olivekl
|
5c93fe63b4
|
📖 Add webviewer link (#3490)
* Update README.md Add link to webviewer * Update faq.md Update webviewer link in FAQ * Update README.md Typo * Update faq.md Linebreak |
||
Fred Gan
|
146f0eb1e5
|
📖 Update bestpractices links (#3448)
Signed-off-by: Fred Gan <ganshaolong@vip.qq.com> |
||
David A. Wheeler
|
7f64da758a
|
📖 Added CDLA data license for the API to the README (#3404)
This fixes [PR 3107](https://github.com/ossf/scorecard/pull/3107). For some reason the original pull request didn't get through, so I've recreated it here. My thanks to @torgo for his persistence on solving this! Signed-off-by: David A. Wheeler <dwheeler@dwheeler.com> |
||
|
Raghav Kaul
|
7ed886f1bd
|
✨ GitLab: Release (#3340)
* Remove experimental flag Signed-off-by: Raghav Kaul <raghavkaul@google.com> * Docs Signed-off-by: Raghav Kaul <raghavkaul@google.com> * update tests Signed-off-by: Raghav Kaul <raghavkaul@google.com> --------- Signed-off-by: Raghav Kaul <raghavkaul@google.com> |
||
Eddie Knight
|
6b318ba190
|
Fixed slack badge (#3311)
Signed-off-by: Eddie Knight <knight@linux.com> |
||
|
Caroline
|
41a18ffada
|
📖 update docs for webhooks documentation (#3299)
* update docs for webhooks documentation Signed-off-by: leec94 <leec94@bu.edu> * change webhook severity in readme Signed-off-by: leec94 <leec94@bu.edu> --------- Signed-off-by: leec94 <leec94@bu.edu> |
||
Diogo Teles Sant'Anna
|
875262ace7
|
📖 Suggest new score viewer on badge documentation (#3268)
* docs(readme): suggest new score viewer on badge documentation Signed-off-by: Diogo Teles Sant'Anna <diogoteles@google.com> * docs(readme): add link to ossf blogpost about the badge Signed-off-by: Diogo Teles Sant'Anna <diogoteles@google.com> * docs: update badge of our own README to the new viewer Signed-off-by: Diogo Teles Sant'Anna <diogoteles@google.com> --------- Signed-off-by: Diogo Teles Sant'Anna <diogoteles@google.com> |
||
Avishay Balter
|
8c9e552f68
|
✨ add --nuget package manager flag (#3020)
* add nuget package manager Signed-off-by: Avishay <avishay.balter@gmail.com> * fix pat test messages (#2987) * also fix pat tests Signed-off-by: Raghav Kaul <raghavkaul@google.com> Signed-off-by: Avishay <avishay.balter@gmail.com> * 🌱 Bump slsa-framework/slsa-github-generator from 1.5.0 to 1.6.0 Bumps [slsa-framework/slsa-github-generator](https://github.com/slsa-framework/slsa-github-generator) from 1.5.0 to 1.6.0. - [Release notes](https://github.com/slsa-framework/slsa-github-generator/releases) - [Changelog](https://github.com/slsa-framework/slsa-github-generator/blob/main/CHANGELOG.md) - [Commits](https://github.com/slsa-framework/slsa-github-generator/compare/v1.5.0...v1.6.0) --- updated-dependencies: - dependency-name: slsa-framework/slsa-github-generator dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Signed-off-by: Avishay <avishay.balter@gmail.com> * 🌱 Bump cloud.google.com/go/bigquery from 1.51.1 to 1.51.2 (#2984) Bumps [cloud.google.com/go/bigquery](https://github.com/googleapis/google-cloud-go) from 1.51.1 to 1.51.2. - [Release notes](https://github.com/googleapis/google-cloud-go/releases) - [Changelog](https://github.com/googleapis/google-cloud-go/blob/main/CHANGES.md) - [Commits](https://github.com/googleapis/google-cloud-go/compare/bigquery/v1.51.1...bigquery/v1.51.2) --- updated-dependencies: - dependency-name: cloud.google.com/go/bigquery dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Signed-off-by: Avishay <avishay.balter@gmail.com> * 🌱 Bump golang.org/x/tools from 0.9.0 to 0.9.1 Bumps [golang.org/x/tools](https://github.com/golang/tools) from 0.9.0 to 0.9.1. - [Release notes](https://github.com/golang/tools/releases) - [Commits](https://github.com/golang/tools/compare/v0.9.0...v0.9.1) --- updated-dependencies: - dependency-name: golang.org/x/tools dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Signed-off-by: Avishay <avishay.balter@gmail.com> * 🐛 Update osv-scanner dependency to include Vulnerabilities check fixes (#2981) * Update osv-scanner dependency to include Vulnerabilities check fixes Signed-off-by: Laurent Savaëte <laurent@where.tf> * Run go mod tidy Signed-off-by: Laurent Savaëte <laurent@where.tf> --------- Signed-off-by: Laurent Savaëte <laurent@where.tf> Signed-off-by: Avishay <avishay.balter@gmail.com> * 🌱 Bump github.com/docker/distribution in /tools (#2993) Bumps [github.com/docker/distribution](https://github.com/docker/distribution) from 2.8.1+incompatible to 2.8.2+incompatible. - [Release notes](https://github.com/docker/distribution/releases) - [Commits](https://github.com/docker/distribution/compare/v2.8.1...v2.8.2) --- updated-dependencies: - dependency-name: github.com/docker/distribution dependency-type: indirect ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Signed-off-by: Avishay <avishay.balter@gmail.com> * 🌱 Gitlab: e2e test fixes in main (#2992) * test secret chagnes Signed-off-by: Raghav Kaul <raghavkaul@google.com> * update score Signed-off-by: Raghav Kaul <raghavkaul@google.com> * address cr comments Signed-off-by: Raghav Kaul <raghavkaul@google.com> * update Signed-off-by: Raghav Kaul <raghavkaul@google.com> --------- Signed-off-by: Raghav Kaul <raghavkaul@google.com> Signed-off-by: Avishay <avishay.balter@gmail.com> * 🌱 Unit tests log/log.go (#2980) - Add unit tests for the log package - Add Apache License to log_test.go Signed-off-by: naveensrinivasan <172697+naveensrinivasan@users.noreply.github.com> Signed-off-by: Avishay <avishay.balter@gmail.com> * 🌱 Bump github.com/cloudflare/circl in /tools (#2995) Bumps [github.com/cloudflare/circl](https://github.com/cloudflare/circl) from 1.2.0 to 1.3.3. - [Release notes](https://github.com/cloudflare/circl/releases) - [Commits](https://github.com/cloudflare/circl/compare/v1.2.0...v1.3.3) --- updated-dependencies: - dependency-name: github.com/cloudflare/circl dependency-type: indirect ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Signed-off-by: Avishay <avishay.balter@gmail.com> * ✨ Add releasing workflow for semantic-release (#2989) Signed-off-by: Matt Travi <programmer@travi.org> Signed-off-by: Avishay <avishay.balter@gmail.com> * 🌱 Bump slsa-framework/slsa-verifier from 2.2.0 to 2.3.0 Bumps [slsa-framework/slsa-verifier](https://github.com/slsa-framework/slsa-verifier) from 2.2.0 to 2.3.0. - [Release notes](https://github.com/slsa-framework/slsa-verifier/releases) - [Changelog](https://github.com/slsa-framework/slsa-verifier/blob/main/RELEASE.md) - [Commits](https://github.com/slsa-framework/slsa-verifier/compare/v2.2.0...v2.3.0) --- updated-dependencies: - dependency-name: slsa-framework/slsa-verifier dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Signed-off-by: Avishay <avishay.balter@gmail.com> * 🌱 Bump github.com/cloudflare/circl from 1.1.0 to 1.3.3 (#2994) Bumps [github.com/cloudflare/circl](https://github.com/cloudflare/circl) from 1.1.0 to 1.3.3. - [Release notes](https://github.com/cloudflare/circl/releases) - [Commits](https://github.com/cloudflare/circl/compare/v1.1.0...v1.3.3) --- updated-dependencies: - dependency-name: github.com/cloudflare/circl dependency-type: indirect ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Signed-off-by: Avishay <avishay.balter@gmail.com> * 🌱 Additional e2e clients/githubrepo/checkruns.go (#2934) * 🌱 Additional e2e clients/githubrepo/checkruns.go - Add `net/http` and `github.com/google/go-github/v38/github` imports - Add a test for `listCheckRunsForRef` with valid ref - Add a test for `listCheckRunsForRef` with invalid ref Signed-off-by: naveensrinivasan <172697+naveensrinivasan@users.noreply.github.com> * Based on code review comments Signed-off-by: naveensrinivasan <172697+naveensrinivasan@users.noreply.github.com> * Some tweaks Signed-off-by: naveensrinivasan <172697+naveensrinivasan@users.noreply.github.com> --------- Signed-off-by: naveensrinivasan <172697+naveensrinivasan@users.noreply.github.com> Signed-off-by: Avishay <avishay.balter@gmail.com> * 🌱 E2E for clients/githubrepo/contributors.go (#2939) * 🌱 E2E for clients/githubrepo/contributors.go - Add an end-to-end test for `contributorsHandler` Signed-off-by: naveensrinivasan <172697+naveensrinivasan@users.noreply.github.com> * Fixed based on code review comments. Signed-off-by: naveensrinivasan <172697+naveensrinivasan@users.noreply.github.com> * Fixed codereview comment. Signed-off-by: naveensrinivasan <172697+naveensrinivasan@users.noreply.github.com> --------- Signed-off-by: naveensrinivasan <172697+naveensrinivasan@users.noreply.github.com> Signed-off-by: Avishay <avishay.balter@gmail.com> * 📖 Clarify that AI/ML doesn't count as human code review (#2953) * Clarify that AI/ML doesn't count as human code review Add this clarification per the Scorecards Zoom call meeting today (2023-05-04). Signed-off-by: David A. Wheeler <dwheeler@dwheeler.com> * Tweaked per review Signed-off-by: David A. Wheeler <dwheeler@dwheeler.com> --------- Signed-off-by: David A. Wheeler <dwheeler@dwheeler.com> Signed-off-by: Avishay <avishay.balter@gmail.com> * 🌱 Bump golang from `31a8f92` to `685a22e` in /cron/internal/cii Bumps golang from `31a8f92` to `685a22e`. --- updated-dependencies: - dependency-name: golang dependency-type: direct:production ... Signed-off-by: dependabot[bot] <support@github.com> Signed-off-by: Avishay <avishay.balter@gmail.com> * 🌱 Bump golang in /cron/internal/controller Bumps golang from `31a8f92` to `685a22e`. --- updated-dependencies: - dependency-name: golang dependency-type: direct:production ... Signed-off-by: dependabot[bot] <support@github.com> Signed-off-by: Avishay <avishay.balter@gmail.com> * 🌱 Bump golang in /cron/internal/worker Bumps golang from `31a8f92` to `685a22e`. --- updated-dependencies: - dependency-name: golang dependency-type: direct:production ... Signed-off-by: dependabot[bot] <support@github.com> Signed-off-by: Avishay <avishay.balter@gmail.com> * 🌱 Bump golang in /clients/githubrepo/roundtripper/tokens/server Bumps golang from `31a8f92` to `685a22e`. --- updated-dependencies: - dependency-name: golang dependency-type: direct:production ... Signed-off-by: dependabot[bot] <support@github.com> Signed-off-by: Avishay <avishay.balter@gmail.com> * 🌱 Bump golang from `31a8f92` to `685a22e` Bumps golang from `31a8f92` to `685a22e`. --- updated-dependencies: - dependency-name: golang dependency-type: direct:production ... Signed-off-by: dependabot[bot] <support@github.com> Signed-off-by: Avishay <avishay.balter@gmail.com> * 🌱 Bump golang from `31a8f92` to `685a22e` in /cron/internal/bq Bumps golang from `31a8f92` to `685a22e`. --- updated-dependencies: - dependency-name: golang dependency-type: direct:production ... Signed-off-by: dependabot[bot] <support@github.com> Signed-off-by: Avishay <avishay.balter@gmail.com> * 🌱 Bump golang in /cron/internal/webhook Bumps golang from `31a8f92` to `685a22e`. --- updated-dependencies: - dependency-name: golang dependency-type: direct:production ... Signed-off-by: dependabot[bot] <support@github.com> Signed-off-by: Avishay <avishay.balter@gmail.com> * Clarify AI/ML not human code review - in .yml file (#3012) This clarifies that AI/ML doesn't count as human code review. This was earlier done in #2953 but that didn't modify the relevant .yml file - this does. Signed-off-by: David A. Wheeler <dwheeler@dwheeler.com> Signed-off-by: Avishay <avishay.balter@gmail.com> * 🌱 Bump golang.org/x/oauth2 from 0.7.0 to 0.8.0 (#3005) Bumps [golang.org/x/oauth2](https://github.com/golang/oauth2) from 0.7.0 to 0.8.0. - [Commits](https://github.com/golang/oauth2/compare/v0.7.0...v0.8.0) --- updated-dependencies: - dependency-name: golang.org/x/oauth2 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Signed-off-by: Avishay <avishay.balter@gmail.com> * 🌱 Unit tests for checks/raw/maintained.go (#2996) - Add tests and checks for the `Maintained` function - Add checks for `IsArchived`, `ListCommits`, `ListIssues`, and `GetCreatedAt` Signed-off-by: naveensrinivasan <172697+naveensrinivasan@users.noreply.github.com> Signed-off-by: Avishay <avishay.balter@gmail.com> * 🌱 Bump github.com/onsi/ginkgo/v2 from 2.9.4 to 2.9.5 in /tools Bumps [github.com/onsi/ginkgo/v2](https://github.com/onsi/ginkgo) from 2.9.4 to 2.9.5. - [Release notes](https://github.com/onsi/ginkgo/releases) - [Changelog](https://github.com/onsi/ginkgo/blob/master/CHANGELOG.md) - [Commits](https://github.com/onsi/ginkgo/compare/v2.9.4...v2.9.5) --- updated-dependencies: - dependency-name: github.com/onsi/ginkgo/v2 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Signed-off-by: Avishay <avishay.balter@gmail.com> * 🌱 Bump actions/setup-go from 4.0.0 to 4.0.1 Bumps [actions/setup-go](https://github.com/actions/setup-go) from 4.0.0 to 4.0.1. - [Release notes](https://github.com/actions/setup-go/releases) - [Commits]( |
||
Nicolas DUBIEN
|
d961dda3b2
|
✨ Detect fast-check PBT library for fuzz section (#3073)
* ✨ Detect fast-check PBT library for fuzz section As suggested at https://github.com/ossf/scorecard/issues/2792#issuecomment-1562007596, we add support for the detection of fast-check as a possible fuzzing solution. I also adapted the documentation related to fuzzing accordingly. Signed-off-by: Nicolas DUBIEN <github@dubien.org> * Typo Signed-off-by: Nicolas DUBIEN <github@dubien.org> * Update missing md files Signed-off-by: Nicolas DUBIEN <github@dubien.org> --------- Signed-off-by: Nicolas DUBIEN <github@dubien.org> |
||
Amanda L Martin
|
36e3364c5a
|
📖 agenda link change (#3111)
Signed-off-by: Amanda L Martin <hythloda@gmail.com> |
||
jimrobison
|
fa42daff71
|
🐛 Gitlab status updates (#3052)
* doc: Updating gitlab support validation status Signed-off-by: Robison, Jim B <jim.b.robison@lmco.com> * bug: Updated logic for gitlab to prevent exceptions based on releases Signed-off-by: Robison, Jim B <jim.b.robison@lmco.com> * test: Added initial tests for gitlab branches Signed-off-by: Robison, Jim B <jim.b.robison@lmco.com> * doc: Updated general README Signed-off-by: Robison, Jim B <jim.b.robison@lmco.com> * refactor: Cleaned up the query for pipelines to be focused on the commitID Signed-off-by: Robison, Jim B <jim.b.robison@lmco.com> * feat: Allowed for a non-graphql method of retrieving MRs associated to a commit Signed-off-by: Robison, Jim B <jim.b.robison@lmco.com> * doc: Updated status for the CI-Tests Signed-off-by: Robison, Jim B <jim.b.robison@lmco.com> * bug: Updated the host url for graphql querying. This enabled the removal of the code added for handling empty returns when executing against a non-gitlab.com repository. Signed-off-by: Robison, Jim B <jim.b.robison@lmco.com> --------- Signed-off-by: Robison, Jim B <jim.b.robison@lmco.com> Co-authored-by: Raghav Kaul <8695110+raghavkaul@users.noreply.github.com> |
||
|
Amanda L Martin
|
0888bad649
|
add zoom link and agenda link (#3050)
Signed-off-by: Amanda L Martin <hythloda@gmail.com> |
||
Jeff Mendoza
|
ad161bbdea
|
Change Facilitators to Maintainers (#3039)
Not sure what the old facilitators table was for. Current list of Maintainers is always in CODEOWNERS. Meaning of "Maintainers" still is not defined, and should be a part of an upcoming contributor ladder. Signed-off-by: Jeff Mendoza <jlm@jlm.name> |
||
Niket Patel
|
ee4f45c491
|
✨ Add support for github GHES (#2999)
* ✨ adding support for github GHES Signed-off-by: Niket Patel <patelniket@gmail.com> * fix: lint and cleanup Signed-off-by: Niket Patel <patelniket@gmail.com> * fix: flaky test Signed-off-by: Niket Patel <patelniket@gmail.com> * fix: address missing host Signed-off-by: Niket Patel <patelniket@gmail.com> * fix: lint error Signed-off-by: Niket Patel <patelniket@gmail.com> * 🌱 Additional e2e clients/githubrepo/checkruns.go (#2934) * 🌱 Additional e2e clients/githubrepo/checkruns.go - Add `net/http` and `github.com/google/go-github/v38/github` imports - Add a test for `listCheckRunsForRef` with valid ref - Add a test for `listCheckRunsForRef` with invalid ref Signed-off-by: naveensrinivasan <172697+naveensrinivasan@users.noreply.github.com> * Based on code review comments Signed-off-by: naveensrinivasan <172697+naveensrinivasan@users.noreply.github.com> * Some tweaks Signed-off-by: naveensrinivasan <172697+naveensrinivasan@users.noreply.github.com> --------- Signed-off-by: naveensrinivasan <172697+naveensrinivasan@users.noreply.github.com> Signed-off-by: Niket Patel <patelniket@gmail.com> * 🌱 E2E for clients/githubrepo/contributors.go (#2939) * 🌱 E2E for clients/githubrepo/contributors.go - Add an end-to-end test for `contributorsHandler` Signed-off-by: naveensrinivasan <172697+naveensrinivasan@users.noreply.github.com> * Fixed based on code review comments. Signed-off-by: naveensrinivasan <172697+naveensrinivasan@users.noreply.github.com> * Fixed codereview comment. Signed-off-by: naveensrinivasan <172697+naveensrinivasan@users.noreply.github.com> --------- Signed-off-by: naveensrinivasan <172697+naveensrinivasan@users.noreply.github.com> Signed-off-by: Niket Patel <patelniket@gmail.com> * chore: add GHES instructions Signed-off-by: Niket Patel <patelniket@gmail.com> * refact: use test setenv Signed-off-by: Niket Patel <patelniket@gmail.com> * fix: corp unit test Signed-off-by: Niket Patel <patelniket@gmail.com> --------- Signed-off-by: Niket Patel <patelniket@gmail.com> Signed-off-by: naveensrinivasan <172697+naveensrinivasan@users.noreply.github.com> Signed-off-by: Niket Patel <patelniketm@users.noreply.github.com> Co-authored-by: Naveen <172697+naveensrinivasan@users.noreply.github.com> Co-authored-by: raghavkaul <8695110+raghavkaul@users.noreply.github.com> |
||
|
David A. Wheeler
|
f5f32b7762
|
📖 Tweak Best Practices badge description to clarify things (#2907)
* Tweak Best Practices badge description to clarify things Signed-off-by: David A. Wheeler <dwheeler@dwheeler.com> * Provided clearer message when there's no BP badge detected Signed-off-by: David A. Wheeler <dwheeler@dwheeler.com> * Remove extra line that shouldn't be there Signed-off-by: David A. Wheeler <dwheeler@dwheeler.com> --------- Signed-off-by: David A. Wheeler <dwheeler@dwheeler.com> |
||
|
raghavkaul
|
130a31fba9
|
✨ GitLab: Documentation and cleaner errors (#2821)
* Return inconclusive if there are no workflows Signed-off-by: Raghav Kaul <raghavkaul@google.com> * Return inconclusive if we don't have any workflows Signed-off-by: Raghav Kaul <raghavkaul@google.com> * logging fixes Signed-off-by: Raghav Kaul <raghavkaul@google.com> * fix panic Signed-off-by: Raghav Kaul <raghavkaul@google.com> * Update README.md Signed-off-by: Raghav Kaul <raghavkaul@google.com> * skip error when getting external status checks (requires full api access) Signed-off-by: Raghav Kaul <raghavkaul@google.com> * update Signed-off-by: Raghav Kaul <raghavkaul@google.com> * fix dangerous workflow test Signed-off-by: Raghav Kaul <raghavkaul@google.com> --------- Signed-off-by: Raghav Kaul <raghavkaul@google.com> |
||
Arnout Engelen
|
def5eadd77
|
📖 update bigquery docs in README (#2714)
Signed-off-by: Arnout Engelen <arnout@bzzt.net> |
||
Theodore Tsirpanis
|
8add330e1d
|
📖 Fix links. (#2703)
* Fix link. Signed-off-by: Theodore Tsirpanis <teo@tsirpanis.gr> * Update two more links. Signed-off-by: Theodore Tsirpanis <teo@tsirpanis.gr> --------- Signed-off-by: Theodore Tsirpanis <teo@tsirpanis.gr> |
||
Ashwin Ramaswami
|
d331f8e1b1
|
Fix typo (add s to ') (#2638)
Signed-off-by: Ashwin Ramaswami <aramaswamis@gmail.com> |
||
|
raghavkaul
|
bf516e1824
|
🐛 Use leveled scoring for Code Review check (#2542)
* Ignore bot commits when calculating Code Review score * Update clients * Update scoring Signed-off-by: Raghav Kaul <raghavkaul@google.com> * Address PR comments * Test coverage * Docs * Raw results Signed-off-by: Raghav Kaul <raghavkaul@google.com> Signed-off-by: Raghav Kaul <raghavkaul@google.com> |
||
Mike Maraya
|
1d15e9c748
|
classic personal access tokens required (#2565)
Clarified that classic personal access tokens, not fine-grained ones, are needed for scorecard to work. Signed-off-by: Mike Maraya <mmaraya@users.noreply.github.com> Signed-off-by: Mike Maraya <mmaraya@users.noreply.github.com> |
||
Joyce
|
e8b0223c2e
|
📖 Mention 2FA relevance although not checked by Scorecard (#2528)
* feat: add information about two factor authentication Signed-off-by: Joyce Brum <joycebrum@google.com> * fix: descriptiton of 2FA to be more complete Signed-off-by: Joyce Brum <joycebrum@google.com> Signed-off-by: Joyce Brum <joycebrum@google.com> |
||
Arnaud J Le Hors
|
c3f4e31c28
|
📖 Use scorecard (singular) consistently (#2428)
* Use scorecard (singular) consistently * Use OpenSSF instead of Security in name and add FAQ entry |
||
Scott Brenner
|
b12b093f68
|
README formatting fix (#2356)
Signed-off-by: Scott Brenner <scott@scottbrenner.me> Signed-off-by: Scott Brenner <scott@scottbrenner.me> |
||
Bill Nottingham
|
36d6a340ed
|
Note that LGTM service is deprecated. (#2339)
Signed-off-by: Bill Nottingham <notting@tidelift.com> Signed-off-by: Bill Nottingham <notting@tidelift.com> |
||
Joyce
|
4b99a3a509
|
📖 Create the Frequently Asked Questions Document (#2327)
* docs: create faq.md file Signed-off-by: Joyce Brum <joycebrumu.u@gmail.com> * docs: update README to refer FAQ Signed-off-by: Joyce Brum <joycebrumu.u@gmail.com> * docs: minor fixes in the faq text Signed-off-by: Joyce Brum <joycebrumu.u@gmail.com> Signed-off-by: Joyce Brum <joycebrumu.u@gmail.com> |
||
|
David A. Wheeler
|
11657e48ac
|
📖 Remove trailing whitespace (#2241)
Remove trailing whitespace in README.md and checks.yaml. Trailing whitespace creates long-term hidden problems, because in most editors they aren't visible, yet changing them creates what appear to be spurious changes. They can also create surprising merge conflicts. Removing them removes the problem long term. Signed-off-by: David A. Wheeler <dwheeler@dwheeler.com> Signed-off-by: David A. Wheeler <dwheeler@dwheeler.com> |
||
|
David A. Wheeler
|
da785a2dc8
|
Rename CII->OpenSSF Best Practices badge (#2239)
Signed-off-by: David A. Wheeler <dwheeler@dwheeler.com> Signed-off-by: David A. Wheeler <dwheeler@dwheeler.com> |
||
Azeem Shaikh
|
d13ba3f335
|
📖 Update instructions and other fixes in README (#2212)
* Updated instructions and some fixes to README * Add Scorecard users * Fix `Using Package Manager` |
||
laurentsimon
|
887facf3ca
|
Use generic generator for SLSA (#2146)
* update * update * update * update * update * update * update * update * update * update |
||
|
raghavkaul
|
ff9c0626ef
|
🐛 Detect recently created Github repositories (#2151)
* Bugfix: Detect recently created Github repositories Adjust the unweighted score -3 points if they were created in the last 90 days * Address PR comments * Address PR comments * Make log message more urgent * Add to raw results * Zero 'Maintained' score if the repo is too new to evaluate * Update docs * Update maintained_test.go * Fix lint error |
||
|
Spencer Schrock
|
7f0258ecba
|
Include an example query for the public BigQuery dataset (#2123) | ||
|
Azeem Shaikh
|
c581062fe7
|
Enable Scorecard badge (#2097)
Co-authored-by: Azeem Shaikh <azeems@google.com> |
||
Naveen
|
7c912030b1
|
🌱 Naveen Company updated. (#2082)
Signed-off-by: naveensrinivasan <172697+naveensrinivasan@users.noreply.github.com> |
||
Bhurinat Wangsutthitham
|
a905d66845
|
fix: invalid documentation link (#2073) | ||
|
laurentsimon
|
3b7c46f779
|
✨ SLSA provenance/build (#1702)
* SLSA build * missing files * updates * updates * updates * indent fix * update * update * updates * updates * updates * updates |
||
|
Arnaud J Le Hors
|
2c34a46503
|
Fix cron related documentation (#1986)
Fix link to projects.csv in README.md Remove out of date info on daily cron job from CONTRIBUTING.md and fix various links. Signed-off-by: Arnaud J Le Hors <lehors@us.ibm.com> Co-authored-by: Azeem Shaikh <azeemshaikh38@gmail.com> |