ossf/scorecard
1
1
Fork 0
mirror of https://github.com/ossf/scorecard.git synced 2024-09-19 21:18:09 +03:00
Code Issues Actions 1 Packages Projects Releases Wiki Activity
544 Commits 36 Branches 42 Tags 436 MiB
c46487bb7d
Commit Graph

544 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
laurentsimon
c46487bb7d
fixes (#704) 2021-07-16 12:34:23 -07:00
laurentsimon
b91658b322
packaging doc (#703) 2021-07-16 10:58:27 -07:00
dependabot[bot]
428a4d659c
🌱 Bump actions/stale from 3.0.19 to 4 (#695) 
Bumps [actions/stale](https://github.com/actions/stale) from 3.0.19 to 4.
- [Release notes](https://github.com/actions/stale/releases)
- [Changelog](https://github.com/actions/stale/blob/main/CHANGELOG.md)
- [Commits](98ed4cb500...cdf15f641a)

---
updated-dependencies:
- dependency-name: actions/stale
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Naveen <172697+naveensrinivasan@users.noreply.github.com>
 2021-07-16 17:30:01 +00:00
Naveen
f4f1e110c7
📖 Included docker documentation in README (#681) 
* Included docker run for easier consumption of scorecard.
 2021-07-16 17:18:42 +00:00
Oliver Chang
7a301f14d9
Add some new projects. (#702) 
Co-authored-by: Abhishek Arya <inferno@chromium.org>
 2021-07-16 15:48:13 +00:00
Naveen
ca4f963eb7
🌱 Fix failing e2e tests (#696) 
The packaging docker image for scorecard has been removed from github
workflow to gcr.io.

This was causing the e2e check failing.

This fix will remove that check and address the failing e2e.
 2021-07-16 08:38:53 -07:00
naveen
a55d542e0d 🌱 Remove gitcache docker 
Remove the gitcache docker image
 2021-07-14 12:31:15 -05:00
dependabot[bot]
9b07526776
🌱 Bump golang.org/x/tools from 0.1.4 to 0.1.5 (#691) 
Bumps [golang.org/x/tools](https://github.com/golang/tools) from 0.1.4 to 0.1.5.
- [Release notes](https://github.com/golang/tools/releases)
- [Commits](https://github.com/golang/tools/compare/v0.1.4...v0.1.5)

---
updated-dependencies:
- dependency-name: golang.org/x/tools
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Naveen <172697+naveensrinivasan@users.noreply.github.com>
 2021-07-14 14:50:36 +00:00
dependabot[bot]
7671752527
🌱 Bump golang from 1.16.5 to 1.16.6 (#690) 
Bumps golang from 1.16.5 to 1.16.6.

---
updated-dependencies:
- dependency-name: golang
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Naveen <172697+naveensrinivasan@users.noreply.github.com>
 2021-07-14 13:36:35 +00:00
Anton
d08874e4c5
🐛 Updated checks arguments to be case insensitive (#685) 
* Updated checks to be case insensitive

* Removed the need to have check indexes/keys lowercase

* Refactored to use strings.EqualFold()

* Refactored enabling checks into a separate function

* Refactored enableCheck() to return a bool
 2021-07-14 09:26:33 -04:00
naveen
885bdde5f0 🌱 Remove gitcache folder 2021-07-13 09:40:17 -05:00
Anton Ritter-Gogerly
0967915691 Added error for invalid checks 2021-07-13 08:18:43 -05:00
naveen
219404e0b7 🌱 Removing gitcache 
Removing gitcache
 2021-07-13 01:03:21 -05:00
Azeem Shaikh
7cf56e04af
Log error if GITHUB_AUTH_TOKEN is unset (#680) 
Co-authored-by: Azeem Shaikh <azeems@google.com>
 2021-07-12 13:59:44 -07:00
dependabot[bot]
99689245ad 🌱 Bump golang from 91b3c54 to 3ba0777 in /gitcache 
Bumps golang from `91b3c54` to `3ba0777`.

---
updated-dependencies:
- dependency-name: golang
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2021-07-12 14:02:57 -05:00
dependabot[bot]
8d9f199d51 🌱 Bump golang from 91b3c54 to 3ba0777 
Bumps golang from `91b3c54` to `3ba0777`.

---
updated-dependencies:
- dependency-name: golang
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2021-07-12 12:35:17 -05:00
dependabot[bot]
50ce017684
🌱 Bump gocloud.dev from 0.22.0 to 0.23.0 in /gitcache (#465) 
Bumps [gocloud.dev](https://github.com/google/go-cloud) from 0.22.0 to 0.23.0.
- [Release notes](https://github.com/google/go-cloud/releases)
- [Commits](https://github.com/google/go-cloud/compare/v0.22.0...v0.23.0)

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2021-07-10 15:11:30 +00:00
dependabot[bot]
467003a7e1
🌱 Bump github.com/onsi/gomega in /gitcache (#668) 
Bumps [github.com/onsi/gomega](https://github.com/onsi/gomega) from 1.13.0 to 1.14.0.
- [Release notes](https://github.com/onsi/gomega/releases)
- [Changelog](https://github.com/onsi/gomega/blob/master/CHANGELOG.md)
- [Commits](https://github.com/onsi/gomega/compare/v1.13.0...v1.14.0)

---
updated-dependencies:
- dependency-name: github.com/onsi/gomega
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2021-07-09 13:31:18 +00:00
dependabot[bot]
1e01a270ec
🌱 Bump cloud.google.com/go/pubsub from 1.12.0 to 1.12.2 (#671) 
Bumps [cloud.google.com/go/pubsub](https://github.com/googleapis/google-cloud-go) from 1.12.0 to 1.12.2.
- [Release notes](https://github.com/googleapis/google-cloud-go/releases)
- [Changelog](https://github.com/googleapis/google-cloud-go/blob/master/CHANGES.md)
- [Commits](https://github.com/googleapis/google-cloud-go/compare/pubsub/v1.12.0...pubsub/v1.12.2)

---
updated-dependencies:
- dependency-name: cloud.google.com/go/pubsub
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Azeem Shaikh <azeemshaikh38@gmail.com>
 2021-07-08 22:25:42 -07:00
Azeem Shaikh
aba44d8b9f
Handle 300 MultipleChoices HTTP status (#670) 
Co-authored-by: Azeem Shaikh <azeems@google.com>
 2021-07-09 04:42:57 +00:00
dependabot[bot]
2e347ac42b 🌱 Bump github.com/onsi/gomega from 1.13.0 to 1.14.0 
Bumps [github.com/onsi/gomega](https://github.com/onsi/gomega) from 1.13.0 to 1.14.0.
- [Release notes](https://github.com/onsi/gomega/releases)
- [Changelog](https://github.com/onsi/gomega/blob/master/CHANGELOG.md)
- [Commits](https://github.com/onsi/gomega/compare/v1.13.0...v1.14.0)

---
updated-dependencies:
- dependency-name: github.com/onsi/gomega
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
 2021-07-08 20:10:34 -05:00
naveen
7afc0918e2 Table output for the results 
* Included the table output in the default results
 2021-07-08 20:00:13 -05:00
laurentsimon
4cbb1a6062
Detect python -m pip pkg (#611) 
* commit 1

* fixes

* comments

* comments

* comment and fix

* comments

* add tests

* support double quote + fixes

* fix

* comments
 2021-07-09 00:48:36 +00:00
Azeem Shaikh
164f6094ef
Handle 404 errors for GitHub tarball (#667) 
Co-authored-by: Azeem Shaikh <azeems@google.com>
 2021-07-07 14:15:15 -07:00
Azeem Shaikh
2c2432b9df
Fix some bugs (#659) 
Co-authored-by: Azeem Shaikh <azeems@google.com>
 2021-07-07 15:04:43 +00:00
Ben Moss
959b27e81f
Minor grammar/readability docs fix (#666) 2021-07-07 07:29:45 -07:00
naveen
dcdb452a97 Sorted and grouped the output results 
* Grouped the output results to pass and fail
* Sorted them by confidence
 2021-07-06 06:57:49 -05:00
dependabot[bot]
3181aba22b 🌱 Bump github.com/spf13/cobra from 1.2.0 to 1.2.1 
Bumps [github.com/spf13/cobra](https://github.com/spf13/cobra) from 1.2.0 to 1.2.1.
- [Release notes](https://github.com/spf13/cobra/releases)
- [Changelog](https://github.com/spf13/cobra/blob/master/CHANGELOG.md)
- [Commits](https://github.com/spf13/cobra/compare/v1.2.0...v1.2.1)

---
updated-dependencies:
- dependency-name: github.com/spf13/cobra
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2021-07-05 08:52:24 -05:00
Azeem Shaikh
581e170db1
Add a tarball handler (#654) 
Co-authored-by: Azeem Shaikh <azeems@google.com>
 2021-07-04 17:35:53 -07:00
Azeem Shaikh
aab6c217cc
Add monitoring to measure remaining Github tokens (#652) 
Co-authored-by: Azeem Shaikh <azeems@google.com>
 2021-07-04 14:42:21 -07:00
naveen
aeead94680 Included security.rst as SecurityPolicy 
* Included security.rst as name check for security policy.
 2021-07-04 16:18:51 -05:00
Azeem Shaikh
68dc079b79
Fix bug causing performance issues (#649) 
Co-authored-by: Azeem Shaikh <azeems@google.com>
 2021-07-02 21:12:53 +00:00
dependabot[bot]
c61a744c1b 🌱 Bump github.com/spf13/cobra from 1.1.3 to 1.2.0 
Bumps [github.com/spf13/cobra](https://github.com/spf13/cobra) from 1.1.3 to 1.2.0.
- [Release notes](https://github.com/spf13/cobra/releases)
- [Changelog](https://github.com/spf13/cobra/blob/master/CHANGELOG.md)
- [Commits](https://github.com/spf13/cobra/compare/v1.1.3...v1.2.0)

---
updated-dependencies:
- dependency-name: github.com/spf13/cobra
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
 2021-07-02 11:27:32 -05:00
laurentsimon
e06ce1529d
don't log (#641) 2021-07-01 16:31:03 -07:00
Azeem Shaikh
08e934cbc2
Use GraphQL instead of REST to reduce token usage (#640) 
Co-authored-by: Azeem Shaikh <azeems@google.com>
 2021-07-01 15:32:57 -07:00
Azeem Shaikh
d81fd24246
Add ListFiles and GetFileContent APIs (#637) 
Co-authored-by: Azeem Shaikh <azeems@google.com>
 2021-06-30 23:49:49 -07:00
dependabot[bot]
ecab8fed52
🌱 Bump cloud.google.com/go/bigquery from 1.18.0 to 1.19.0 (#635) 
Bumps [cloud.google.com/go/bigquery](https://github.com/googleapis/google-cloud-go) from 1.18.0 to 1.19.0.
- [Release notes](https://github.com/googleapis/google-cloud-go/releases)
- [Changelog](https://github.com/googleapis/google-cloud-go/blob/master/CHANGES.md)
- [Commits](https://github.com/googleapis/google-cloud-go/compare/spanner/v1.18.0...spanner/v1.19.0)

---
updated-dependencies:
- dependency-name: cloud.google.com/go/bigquery
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: Azeem Shaikh <azeems@google.com>
 2021-06-30 11:54:01 -07:00
dependabot[bot]
1c5a247f44
🌱 Bump github.com/go-git/go-git/v5 in /gitcache (#531) 
Bumps [github.com/go-git/go-git/v5](https://github.com/go-git/go-git) from 5.3.0 to 5.4.2.
- [Release notes](https://github.com/go-git/go-git/releases)
- [Commits](https://github.com/go-git/go-git/compare/v5.3.0...v5.4.2)

---
updated-dependencies:
- dependency-name: github.com/go-git/go-git/v5
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2021-06-30 17:24:10 +00:00
dependabot[bot]
2fab861955 🌱 Bump github.com/onsi/ginkgo in /gitcache 
Bumps [github.com/onsi/ginkgo](https://github.com/onsi/ginkgo) from 1.16.2 to 1.16.4.
- [Release notes](https://github.com/onsi/ginkgo/releases)
- [Changelog](https://github.com/onsi/ginkgo/blob/master/CHANGELOG.md)
- [Commits](https://github.com/onsi/ginkgo/compare/v1.16.2...v1.16.4)

---
updated-dependencies:
- dependency-name: github.com/onsi/ginkgo
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2021-06-30 11:23:21 -05:00
dependabot[bot]
fcec1d3a3e 🌱 Bump golang from 1.16.4 to 1.16.5 in /gitcache 
Bumps golang from 1.16.4 to 1.16.5.

---
updated-dependencies:
- dependency-name: golang
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2021-06-29 15:54:08 -05:00
dependabot[bot]
7535a7688c
🌱 Bump distroless/base from bc84925 to 38778ff in /gitcache (#603) 
Bumps distroless/base from `bc84925` to `38778ff`.

---
updated-dependencies:
- dependency-name: distroless/base
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Naveen <172697+naveensrinivasan@users.noreply.github.com>
 2021-06-29 19:38:31 +00:00
laurentsimon
dd1a412b85
Update readme (#634) 
* update readme

* comments
 2021-06-29 19:02:12 +00:00
Naveen
ec7755da82 Removed Code Coverage 2021-06-29 13:45:22 -05:00
dependabot[bot]
5dd7f118ae
🌱 Bump github.com/golangci/golangci-lint from 1.40.1 to 1.41.1 (#627) 
Bumps [github.com/golangci/golangci-lint](https://github.com/golangci/golangci-lint) from 1.40.1 to 1.41.1.
- [Release notes](https://github.com/golangci/golangci-lint/releases)
- [Changelog](https://github.com/golangci/golangci-lint/blob/master/CHANGELOG.md)
- [Commits](https://github.com/golangci/golangci-lint/compare/v1.40.1...v1.41.1)

---
updated-dependencies:
- dependency-name: github.com/golangci/golangci-lint
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: Azeem Shaikh <azeems@google.com>
Co-authored-by: Azeem Shaikh <azeemshaikh38@gmail.com>
Co-authored-by: Naveen <172697+naveensrinivasan@users.noreply.github.com>
 2021-06-29 10:26:16 -07:00
dependabot[bot]
6a3337d885
🌱 Bump distroless/base from bc84925 to 38778ff (#602) 
Bumps distroless/base from `bc84925` to `38778ff`.

---
updated-dependencies:
- dependency-name: distroless/base
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2021-06-29 17:06:55 +00:00
dependabot[bot]
2a0031910a
🌱 Bump go.uber.org/zap from 1.16.0 to 1.18.1 in /gitcache (#623) 
Bumps [go.uber.org/zap](https://github.com/uber-go/zap) from 1.16.0 to 1.18.1.
- [Release notes](https://github.com/uber-go/zap/releases)
- [Changelog](https://github.com/uber-go/zap/blob/master/CHANGELOG.md)
- [Commits](https://github.com/uber-go/zap/compare/v1.16.0...v1.18.1)

---
updated-dependencies:
- dependency-name: go.uber.org/zap
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Azeem Shaikh <azeemshaikh38@gmail.com>
Co-authored-by: Naveen <172697+naveensrinivasan@users.noreply.github.com>
 2021-06-29 16:53:37 +00:00
dependabot[bot]
6a2a1faa6f
🌱 Bump google.golang.org/protobuf from 1.26.0 to 1.27.1 (#624) 
Bumps [google.golang.org/protobuf](https://github.com/protocolbuffers/protobuf-go) from 1.26.0 to 1.27.1.
- [Release notes](https://github.com/protocolbuffers/protobuf-go/releases)
- [Changelog](https://github.com/protocolbuffers/protobuf-go/blob/master/release.bash)
- [Commits](https://github.com/protocolbuffers/protobuf-go/compare/v1.26.0...v1.27.1)

---
updated-dependencies:
- dependency-name: google.golang.org/protobuf
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Azeem Shaikh <azeemshaikh38@gmail.com>
 2021-06-29 08:42:40 -07:00
dependabot[bot]
fd0bb46836
🌱 Bump golang.org/x/tools from 0.1.3 to 0.1.4 (#626) 
Bumps [golang.org/x/tools](https://github.com/golang/tools) from 0.1.3 to 0.1.4.
- [Release notes](https://github.com/golang/tools/releases)
- [Commits](https://github.com/golang/tools/compare/v0.1.3...v0.1.4)

---
updated-dependencies:
- dependency-name: golang.org/x/tools
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Azeem Shaikh <azeemshaikh38@gmail.com>
 2021-06-29 01:23:05 -07:00
dependabot[bot]
18c3178a84
🌱 Bump codecov/codecov-action from 1.5.0 to 1.5.2 (#558) 
Bumps [codecov/codecov-action](https://github.com/codecov/codecov-action) from 1.5.0 to 1.5.2.
- [Release notes](https://github.com/codecov/codecov-action/releases)
- [Changelog](https://github.com/codecov/codecov-action/blob/master/CHANGELOG.md)
- [Commits](a1ed4b322b...29386c70ef)

---
updated-dependencies:
- dependency-name: codecov/codecov-action
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Azeem Shaikh <azeemshaikh38@gmail.com>
 2021-06-28 22:19:47 -07:00
dependabot[bot]
c095d6f161
🌱 Bump contrib.go.opencensus.io/exporter/stackdriver (#579) 
Bumps [contrib.go.opencensus.io/exporter/stackdriver](https://github.com/census-ecosystem/opencensus-go-exporter-stackdriver) from 0.13.6 to 0.13.8.
- [Release notes](https://github.com/census-ecosystem/opencensus-go-exporter-stackdriver/releases)
- [Commits](https://github.com/census-ecosystem/opencensus-go-exporter-stackdriver/compare/v0.13.6...v0.13.8)

---
updated-dependencies:
- dependency-name: contrib.go.opencensus.io/exporter/stackdriver
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Azeem Shaikh <azeemshaikh38@gmail.com>
 2021-06-28 21:21:12 -07:00