ossf/scorecard
1
1
Fork 0
mirror of https://github.com/ossf/scorecard.git synced 2024-09-19 21:18:09 +03:00
Code Issues Actions 1 Packages Projects Releases Wiki Activity
544 Commits 36 Branches 42 Tags 436 MiB
c46487bb7d
Commit Graph

544 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Chris McGehee
82be54ba75
🌱 Fix lint issues: goerr113 linter (#398) 
* Fix lint issues: goerr113 linter
This linter encourages wrapped static errors instead of dynamic errors.

* Updating capitalization
 2021-05-06 15:32:27 -05:00
Abhishek Arya
a2d51ead20
🐛Freeze Makefile deps (#404) 
* Freeze Makefile deps

* trigger ci

* Fix build failure.
 2021-05-05 09:55:59 -07:00
dependabot[bot]
9e4ecf0a44 🌱 Bump github.com/onsi/ginkgo from 1.16.1 to 1.16.2 
Bumps [github.com/onsi/ginkgo](https://github.com/onsi/ginkgo) from 1.16.1 to 1.16.2.
- [Release notes](https://github.com/onsi/ginkgo/releases)
- [Changelog](https://github.com/onsi/ginkgo/blob/master/CHANGELOG.md)
- [Commits](https://github.com/onsi/ginkgo/compare/v1.16.1...v1.16.2)

Signed-off-by: dependabot[bot] <support@github.com>
 2021-05-05 07:12:09 -05:00
naveen
997b8f4a5d 📖 Update branch protection API 
* Included need for admin access to the branch protection api to work.

 * Fixes  #350
 2021-05-03 11:02:19 -05:00
naveen
09af32a993 Generate docs using go instead of python 
* Implemented the doc generation from python to go
 * Removed the need for json
 * Sorted the output of the generated markdown
 2021-05-02 19:46:07 -05:00
Chris McGehee
6a7142fe21 Fix lint issues: golint linter 2021-05-02 14:49:40 -05:00
Chris McGehee
a4e8751d73 Fix intermittent test failure 2021-05-02 14:13:48 -05:00
Chris McGehee
c97b4e7b38 Fix lint issues: gofumpt linter 
The previous commit that made the gofumpt fixes caused a new lint
violation for the dupl linter. Since these are test cases, we will add
nolint for these.
 2021-05-02 13:18:19 -05:00
Chris McGehee
8402e6d9d0 Fix lint issues: gofumpt linter 2021-05-02 13:18:19 -05:00
Chris McGehee
83a0fbd5eb Fix lint issues: noctx linter 2021-05-02 11:59:39 -05:00
Chris McGehee
526d9b5444 Fix lint issues: ineffassign linter 2021-05-02 11:45:40 -05:00
Chris McGehee
5151e8c301 Fix lint issues: nestif linter 2021-05-02 11:41:31 -05:00
Chris McGehee
4c6b500dea Fix lint issues: lll linter 2021-05-02 11:18:26 -05:00
Chris McGehee
87b5a6a922 Fix lint issues: godot linter 2021-05-02 11:14:01 -05:00
naveen
360d6b8381 🌱 e2e tests for cronjob 
* Implemented basic e2e tests for cornjob
 2021-05-01 16:07:26 -05:00
naveen
cd7231dd75 🌱 Cleanup dependabot config 2021-04-29 17:10:24 -05:00
naveen
a64426e369 🌱 Remove synk 
Removing synk as per our discussion.
 2021-04-29 12:32:21 -05:00
naveen
c6b4e24218 🌱 Clean and Validation of cron 
* Included validation for the cron
* Removed branch protection check from the cron
 2021-04-29 11:03:41 -05:00
naveen
da2e7029c7 🌱 Update golangci version to 1.39 
* Upgrade the golangci version to 1.39
* Changed the checkout depth
  https://github.com/golangci/golangci-lint/issues/1088#issuecomment-801540792
 2021-04-29 08:24:41 -05:00
Azeem Shaikh
d3a59eacff Move Dockerfile.gsutil to inside cron/ 2021-04-27 17:21:53 -05:00
Azeem Shaikh
86a46560c8 Rename CheckResults to Checks to match BQ schema. 2021-04-26 17:45:04 -05:00
naveen
eade3f9564 🌱 Included go mod verify for cron and scripts 
* Included go mod verify cron and scripts
 2021-04-26 10:06:14 -05:00
naveen
872e9139d8 🐛 docker build for gitcache 
* Fixed docker build for git cache
 2021-04-26 10:01:50 -05:00
naveen
f7b658d31d 🌱 Fixed lint issues in cron 
* Fixed golang ci-lint issues in cron
 2021-04-26 08:51:28 -05:00
dependabot[bot]
bdf86e00c8 🌱 Bump actions/github-script from v3 to v4.0.2 
Bumps [actions/github-script](https://github.com/actions/github-script) from v3 to v4.0.2.
- [Release notes](https://github.com/actions/github-script/releases)
- [Commits](https://github.com/actions/github-script/compare/v3...a3e7071a34d7e1f219a8a4de9a5e0a34d1ee1293)

Signed-off-by: dependabot[bot] <support@github.com>
 2021-04-26 08:30:49 -05:00
naveen
3d24435ba8 🌱 Fixing the docker build issue 2021-04-23 15:17:42 -04:00
Naveen
760e01fbb8 Revert "🌱 Bump actions/github-script from v3 to v4.0.1" 
This reverts commit 3ad35e3661.
 2021-04-23 11:53:17 -04:00
dependabot[bot]
3ad35e3661 🌱 Bump actions/github-script from v3 to v4.0.1 
Bumps [actions/github-script](https://github.com/actions/github-script) from v3 to v4.0.1.
- [Release notes](https://github.com/actions/github-script/releases)
- [Commits](https://github.com/actions/github-script/compare/v3...85e88a66eaa831097093a3d278536947f2984d20)

Signed-off-by: dependabot[bot] <support@github.com>
 2021-04-22 08:37:01 -04:00
Oliver Chang
158c2cdbde
Fix typo in scorecard date format. (#353) 2021-04-21 21:16:26 -07:00
Azeem Shaikh
bd3eff1fcf
Cron job uses line-delimited JSON (#344) 
*  Refactor to reduce code duplication

* 

* Move lib/ back to checker/

* Move lib/ back to checker/

* Move lib/ back to checker/

* Address PR comments.

* Addressing PR comments.

* Separate out ReposURL nito repos/

* Add TODO in gitcache module.

* Add RepoRequest/Response types.

* Avoid printing `ShouldRetry` and `Error` in output JSON.

* Fix JSON output.

* Simplify cmd package.

* Make cron/ a package instead of module.

* Fix TODO.

* Remove binary file.

* go.mod file.

* go.mod updates.

* Refactor cron to use in-memory JSON.

* Fix JSON output.

* Fix go.mod

* Address PR comments.

* Change %w -> %v.

* Address PR comments.

* Fix err.

Co-authored-by: Azeem Shaikh <azeems@google.com>
 2021-04-19 12:49:51 -07:00
Chris McGehee
06993b72ce
🐛 Fix linting issues (1 of n) (#348) 
* Fix lint issues: whitespace linter

* Fix lint issues: wrapcheck linter

* Fix lint issues: errcheck linter

* Fix lint issues: paralleltest linter

* Fix lint issues: gocritic linter
Most changes from this commit are from passing checker.CheckResult by reference and not by value. gocritic identified that as a huge parameter.
gocritic also prefers regexp.MustCompile over Compile when the pattern is a const
 2021-04-19 12:18:34 -07:00
Oliver Chang
df27afd3b3
Make checks documentation machine readable. (#345) 
*  Make checks documentation machine readable.

Make checks.yaml as a machine and human readable source of truth of
checks documentation.

A tiny Python script is also added to generate checks.json and checks.md
from this file.

* move checks scripts and files
 2021-04-16 11:15:56 -07:00
naveen
1d3821e08c 🌱 Fix concurrent cronjob execution 
* With the increased scans the cronjob is running longer than expected
which was causing the multiple jobs to be executing concurrently.

* Changed the concurrent policy to "Forbid" to avoid it.
 2021-04-14 09:35:26 -05:00
Naveen
8e352e408a
🌱 Included make targets for update binary (#340) 
* Include the build and go mod verify targets to the update binary.
 2021-04-13 01:36:45 +00:00
naveen
9397708318 Handle vendored repos dependency 
*Handle vendored repos for go dependency

* Add additional repositories for projects.txt
 2021-04-12 15:50:10 -05:00
Naveen
f02df30b61
Included dependency parsing for go (#337) 
* Included dependency parsing of go.mod files.
* Parse vanity URL in go.mod to add dependencies
* Updated dependencies for scorecard and cosign based on the vanity URL's.
 2021-04-10 12:21:51 -05:00
Azeem Shaikh
a58818d258
🌱 : Reduce code duplication for follow-up cron refactoring (#338) 
*  Refactor to reduce code duplication

* 

* Move lib/ back to checker/

* Move lib/ back to checker/

* Move lib/ back to checker/

* Address PR comments.

* Addressing PR comments.

* Avoid printing `ShouldRetry` and `Error` in output JSON.

* Fix JSON output.

Co-authored-by: Azeem Shaikh <azeems@google.com>
 2021-04-10 07:26:56 -05:00
naveen
6aad826067 🌱 Included dependencies for k8s 
* Included the k8s dependencies.
 2021-04-08 14:17:56 -05:00
naveen
c2236f68f8 🌱 Updated commit message for dependabot 
* Updated commit message to have 🌱 prefix in dependabot PR.
 2021-04-08 14:13:44 -05:00
dependabot[bot]
4b997019d5 Bump github.com/onsi/ginkgo from 1.16.0 to 1.16.1 in /gitcache 
Bumps [github.com/onsi/ginkgo](https://github.com/onsi/ginkgo) from 1.16.0 to 1.16.1.
- [Release notes](https://github.com/onsi/ginkgo/releases)
- [Changelog](https://github.com/onsi/ginkgo/blob/master/CHANGELOG.md)
- [Commits](https://github.com/onsi/ginkgo/compare/v1.16.0...v1.16.1)

Signed-off-by: dependabot[bot] <support@github.com>
 2021-04-08 10:52:04 -05:00
dependabot[bot]
fc0eac922a Bump github.com/onsi/ginkgo from 1.16.0 to 1.16.1 
Bumps [github.com/onsi/ginkgo](https://github.com/onsi/ginkgo) from 1.16.0 to 1.16.1.
- [Release notes](https://github.com/onsi/ginkgo/releases)
- [Changelog](https://github.com/onsi/ginkgo/blob/master/CHANGELOG.md)
- [Commits](https://github.com/onsi/ginkgo/compare/v1.16.0...v1.16.1)

Signed-off-by: dependabot[bot] <support@github.com>
 2021-04-08 09:27:08 -05:00
dependabot[bot]
f8fdccb478 Bump github.com/onsi/ginkgo from 1.15.2 to 1.16.0 in /gitcache 
Bumps [github.com/onsi/ginkgo](https://github.com/onsi/ginkgo) from 1.15.2 to 1.16.0.
- [Release notes](https://github.com/onsi/ginkgo/releases)
- [Changelog](https://github.com/onsi/ginkgo/blob/master/CHANGELOG.md)
- [Commits](https://github.com/onsi/ginkgo/compare/v1.15.2...v1.16.0)

Signed-off-by: dependabot[bot] <support@github.com>
 2021-04-05 12:22:30 -05:00
dependabot[bot]
e0cd796b7f Bump github.com/onsi/ginkgo from 1.15.2 to 1.16.0 
Bumps [github.com/onsi/ginkgo](https://github.com/onsi/ginkgo) from 1.15.2 to 1.16.0.
- [Release notes](https://github.com/onsi/ginkgo/releases)
- [Changelog](https://github.com/onsi/ginkgo/blob/master/CHANGELOG.md)
- [Commits](https://github.com/onsi/ginkgo/compare/v1.15.2...v1.16.0)

Signed-off-by: dependabot[bot] <support@github.com>
 2021-04-05 12:12:04 -05:00
asraa
8a5f9a8ea7
zero pad dates (#328) 
Signed-off-by: Asra Ali <asraa@google.com>
 2021-04-05 07:57:37 -07:00
Abhishek Arya
f15a6bfbf0
Dont retry and log http get failures. (#324) 2021-04-04 10:24:14 -07:00
Asra Ali
ed8d5801bc Add updater to collect deps in project files and add to projects.txt 
Signed-off-by: Asra Ali <asraa@google.com>
 2021-04-02 12:57:57 -05:00
dependabot[bot]
3f70d82ce0 Bump golang from 1.16.2 to 1.16.3 
Bumps golang from 1.16.2 to 1.16.3.

Signed-off-by: dependabot[bot] <support@github.com>
 2021-04-02 12:03:43 -05:00
nathannaveen
f5185e4bd6 🌱 included copyright headers. 2021-04-01 21:36:10 -05:00
naveen
6d9463bf60 🌱 Upgrade golang docker container 
Golang docker container upgrade.
 2021-04-01 19:43:30 -05:00
Chris McGehee
7432e5e6f9 using make targets in docker builds 2021-03-30 14:12:24 -04:00