ossf/scorecard
1
1
Fork 0
mirror of https://github.com/ossf/scorecard.git synced 2024-11-13 01:25:07 +03:00
Code Issues Actions 6 Packages Projects Releases Wiki Activity
1,017 Commits 36 Branches 42 Tags 440 MiB
c11772788a
Commit Graph

8 Commits

Author SHA1 Message Date
naveen
ce0802571a 🌱 Fixed the opencontainer image-spec vuln 2021-12-01 11:23:15 -06:00
Azeem Shaikh
de0cfbec9a Add a validation step for goreleaser 2021-11-23 13:08:26 -06:00
naveen
6e7e13ede4 🌱 Fix vulnerabilities in dependencies 2021-11-19 16:49:56 -06:00
Azeem Shaikh
51de6b6e5d
Check for issue activity in Maintained (#1251) 
Co-authored-by: Azeem Shaikh <azeems@google.com>
 2021-11-12 22:16:22 +00:00
naveen
1b885874ac 🌱 Fix CVE warning for containerd 
The containerd version <1.5.7 has CVE https://github.com/advisories/GHSA-c2h3-6mxw-7mvq
Fixed it to address the issue.
 2021-10-26 13:52:00 -05:00
Batuhan Apaydın
6f1a43a0b6
🌱 add google/ko support for building/pusing container image (#1127) 
* feat: add google/ko support for building/pusing container image

Signed-off-by: Batuhan Apaydın <batuhan.apaydin@trendyol.com>

* feat: updates according to reviews

Signed-off-by: Batuhan Apaydın <batuhan.apaydin@trendyol.com>
 2021-10-26 17:22:22 +00:00
Naveen
91eb41e235
🌱 Check for OSV for a go.mod changes (#1053) 
At present we don't have a way to identify any new dependencies to go.mod that have osv/cve.
With this it will query the osv.dev for any vulnerabilities and report if it found any.

It also has an option to ignore any vulnerabilities if we chose to ignore.

This is ignoring 3 osv that are in our dependencies.
 2021-09-22 20:41:56 +00:00
naveen
2b15b1353b 🌱 Moving tools dependencies to separate go.mod 
* Moving the tools dependencies to a separate go.mod to reduce the
dependencies on scorecard.

* This is also increases the security posture by having less dependencies
on the main go.mod
 2021-09-07 18:23:41 -05:00