dependabot[bot]
6de7eba753
🌱 Bump kubernetes-sigs/kubebuilder-release-tools ( #3637 )
...
Bumps [kubernetes-sigs/kubebuilder-release-tools](https://github.com/kubernetes-sigs/kubebuilder-release-tools ) from 0.4.0 to 0.4.2.
- [Release notes](https://github.com/kubernetes-sigs/kubebuilder-release-tools/releases )
- [Changelog](https://github.com/kubernetes-sigs/kubebuilder-release-tools/blob/master/RELEASE.md )
- [Commits](d8367c29de...3c3411345e
)
---
updated-dependencies:
- dependency-name: kubernetes-sigs/kubebuilder-release-tools
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-11-08 15:46:20 -08:00
dependabot[bot]
e12e5376a6
🌱 Bump actions/dependency-review-action from 3.1.0 to 3.1.2 ( #3653 )
...
Bumps [actions/dependency-review-action](https://github.com/actions/dependency-review-action ) from 3.1.0 to 3.1.2.
- [Release notes](https://github.com/actions/dependency-review-action/releases )
- [Commits](6c5ccdad46...fde92acd08
)
---
updated-dependencies:
- dependency-name: actions/dependency-review-action
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-11-08 21:52:02 +00:00
Pedro Kaj Kjellerup Nacht
6d35c865e6
🐛 Pinned-Dependencies continues on error ( #3515 )
...
* Continue on error detecting OS
Signed-off-by: Pedro Kaj Kjellerup Nacht <pnacht@google.com>
* Add tests for error detecting OS
Signed-off-by: Pedro Kaj Kjellerup Nacht <pnacht@google.com>
* Add ElementError to identify elements that errored
Signed-off-by: Pedro Kaj Kjellerup Nacht <pnacht@google.com>
* Add Incomplete field to PinningDependenciesData
Will store all errors handled during analysis, which may lead to incomplete results.
Signed-off-by: Pedro Kaj Kjellerup Nacht <pnacht@google.com>
* Register job steps that errored out
Signed-off-by: Pedro Kaj Kjellerup Nacht <pnacht@google.com>
* Add tests that incomplete steps are caught
Signed-off-by: Pedro Kaj Kjellerup Nacht <pnacht@google.com>
* Add warnings to details about incomplete steps
Signed-off-by: Pedro Kaj Kjellerup Nacht <pnacht@google.com>
* Add tests that incomplete steps generate warnings
Signed-off-by: Pedro Kaj Kjellerup Nacht <pnacht@google.com>
* Register shell files skipped due to parser errors
Signed-off-by: Pedro Kaj Kjellerup Nacht <pnacht@google.com>
* Add tests showing when parser errors affect analysis
Dockerfile pinning is not affected.
Everything in a 'broken' Dockerfile RUN block is ignored
Everything in a 'broken' shell script is ignored
testdata/script-invalid.sh modified to demonstrate the above
Signed-off-by: Pedro Kaj Kjellerup Nacht <pnacht@google.com>
* Incomplete results logged as Info, not Warn
Signed-off-by: Pedro Kaj Kjellerup Nacht <pnacht@google.com>
* Remove `Type` from logging of incomplete results
Signed-off-by: Pedro Kaj Kjellerup Nacht <pnacht@google.com>
* Update tests after rebase
Signed-off-by: Pedro Kaj Kjellerup Nacht <pnacht@google.com>
* Add Unwrap for ElementError, improve its docs
Signed-off-by: Pedro Kaj Kjellerup Nacht <pnacht@google.com>
* Add ElementError case to evaluation unit test
Signed-off-by: Pedro Kaj Kjellerup Nacht <pnacht@google.com>
* Move ElementError to checker/raw_result
checker/raw_result defines types used to describe analysis results.
ElementError is meant to describe potential flaws in the analysis
and is therefore a sort of analysis result itself.
Signed-off-by: Pedro Kaj Kjellerup Nacht <pnacht@google.com>
* Use finding.Location for ElementError.Element
Signed-off-by: Pedro Kaj Kjellerup Nacht <pnacht@google.com>
* Use an ElementError for script parser errors
Signed-off-by: Pedro Kaj Kjellerup Nacht <pnacht@google.com>
* Replace .Incomplete []error with .ProcessingErrors []ElementError
Signed-off-by: Pedro Kaj Kjellerup Nacht <pnacht@google.com>
* Adopt from reviewer comments
- Replace ElementError's `Element *finding.Location`
with `Location finding.Location`
- Rename ErrorJobOSParsing to ErrJobOSParsing to satisfy linter
- Fix unit test
Signed-off-by: Pedro Kaj Kjellerup Nacht <pnacht@google.com>
---------
Signed-off-by: Pedro Kaj Kjellerup Nacht <pnacht@google.com>
2023-11-08 13:03:15 -08:00
dependabot[bot]
e16d3e3022
🌱 Bump github.com/golangci/golangci-lint in /tools ( #3645 )
...
Bumps [github.com/golangci/golangci-lint](https://github.com/golangci/golangci-lint ) from 1.55.1 to 1.55.2.
- [Release notes](https://github.com/golangci/golangci-lint/releases )
- [Changelog](https://github.com/golangci/golangci-lint/blob/master/CHANGELOG.md )
- [Commits](https://github.com/golangci/golangci-lint/compare/v1.55.1...v1.55.2 )
---
updated-dependencies:
- dependency-name: github.com/golangci/golangci-lint
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-11-08 12:37:59 -08:00
dependabot[bot]
77fa8c82fb
🌱 Bump golang.org/x/text from 0.13.0 to 0.14.0 ( #3643 )
...
Bumps [golang.org/x/text](https://github.com/golang/text ) from 0.13.0 to 0.14.0.
- [Release notes](https://github.com/golang/text/releases )
- [Commits](https://github.com/golang/text/compare/v0.13.0...v0.14.0 )
---
updated-dependencies:
- dependency-name: golang.org/x/text
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-11-08 12:19:08 -08:00
dependabot[bot]
fbffff18e0
🌱 Bump github.com/google/osv-scanner from 1.4.2 to 1.4.3 ( #3639 )
...
Bumps [github.com/google/osv-scanner](https://github.com/google/osv-scanner ) from 1.4.2 to 1.4.3.
- [Release notes](https://github.com/google/osv-scanner/releases )
- [Changelog](https://github.com/google/osv-scanner/blob/main/CHANGELOG.md )
- [Commits](https://github.com/google/osv-scanner/compare/v1.4.2...v1.4.3 )
---
updated-dependencies:
- dependency-name: github.com/google/osv-scanner
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-11-07 09:41:10 -08:00
AdamKorcz
47e04c102a
🌱 Convert SAST check to probes ( #3571 )
...
* Convert SAST checks to probes
Signed-off-by: AdamKorcz <adam@adalogics.com>
* Update checks/evaluation/sast.go
Co-authored-by: Raghav Kaul <8695110+raghavkaul@users.noreply.github.com>
Signed-off-by: AdamKorcz <44787359+AdamKorcz@users.noreply.github.com>
* preserve file info when logging positive Sonar findings
Signed-off-by: AdamKorcz <adam@adalogics.com>
* rebase
Signed-off-by: AdamKorcz <adam@adalogics.com>
* Remove warning logging
Signed-off-by: AdamKorcz <adam@adalogics.com>
* add outcome and message to finding on the same line
Signed-off-by: AdamKorcz <adam@adalogics.com>
* codeql workflow -> codeql action
Signed-off-by: AdamKorcz <adam@adalogics.com>
* 'the Sonar' -> 'Sonar' in probe def.yml
Signed-off-by: AdamKorcz <adam@adalogics.com>
* fix typo
Signed-off-by: AdamKorcz <adam@adalogics.com>
* Change how probe creates location
Signed-off-by: AdamKorcz <adam@adalogics.com>
* Change names of values
Signed-off-by: AdamKorcz <adam@adalogics.com>
* change 'SAST tool detected: xx' to 'SAST tool installed: xx'
Signed-off-by: AdamKorcz <adam@adalogics.com>
* make text in probe def.yml easier to read
Signed-off-by: AdamKorcz <adam@adalogics.com>
* Change 'to' to 'two'
Signed-off-by: AdamKorcz <adam@adalogics.com>
* Minor change
Signed-off-by: AdamKorcz <adam@adalogics.com>
---------
Signed-off-by: AdamKorcz <adam@adalogics.com>
Signed-off-by: AdamKorcz <44787359+AdamKorcz@users.noreply.github.com>
Co-authored-by: Raghav Kaul <8695110+raghavkaul@users.noreply.github.com>
2023-11-07 08:41:44 -05:00
AdamKorcz
f422f692fe
🌱 Convert Dangerous Workflow check to probes ( #3521 )
...
* 🌱 Convert Dangerous Workflow check to probes
Signed-off-by: AdamKorcz <adam@adalogics.com>
* remove hasAnyWorkflows probe
Signed-off-by: AdamKorcz <adam@adalogics.com>
* combine two conditionals into one
Signed-off-by: AdamKorcz <adam@adalogics.com>
* preserve logging from original evaluation
Signed-off-by: AdamKorcz <adam@adalogics.com>
* rebase
Signed-off-by: AdamKorcz <adam@adalogics.com>
---------
Signed-off-by: AdamKorcz <adam@adalogics.com>
2023-11-06 21:43:03 +00:00
dependabot[bot]
d0610feb9b
🌱 Bump github.com/spf13/cobra from 1.7.0 to 1.8.0 ( #3644 )
...
Bumps [github.com/spf13/cobra](https://github.com/spf13/cobra ) from 1.7.0 to 1.8.0.
- [Release notes](https://github.com/spf13/cobra/releases )
- [Commits](https://github.com/spf13/cobra/compare/v1.7.0...v1.8.0 )
---
updated-dependencies:
- dependency-name: github.com/spf13/cobra
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-11-06 11:31:50 -05:00
Spencer Schrock
70c8e05d6d
🐛 remove probe remediations from detail string ( #3642 )
...
For now, this is just producing very long detail strings.
Probably negatively affecting cron results
Signed-off-by: Spencer Schrock <sschrock@google.com>
2023-11-02 17:41:52 -07:00
dependabot[bot]
b0c782a187
🌱 Bump cloud.google.com/go/bigquery from 1.56.0 to 1.57.1 ( #3638 )
...
Bumps [cloud.google.com/go/bigquery](https://github.com/googleapis/google-cloud-go ) from 1.56.0 to 1.57.1.
- [Release notes](https://github.com/googleapis/google-cloud-go/releases )
- [Changelog](https://github.com/googleapis/google-cloud-go/blob/main/CHANGES.md )
- [Commits](https://github.com/googleapis/google-cloud-go/compare/bigquery/v1.56.0...bigquery/v1.57.1 )
---
updated-dependencies:
- dependency-name: cloud.google.com/go/bigquery
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-11-02 10:16:13 -07:00
dependabot[bot]
3cce5ad6c2
🌱 Bump github.com/onsi/gomega from 1.28.1 to 1.29.0 ( #3624 )
...
Bumps [github.com/onsi/gomega](https://github.com/onsi/gomega ) from 1.28.1 to 1.29.0.
- [Release notes](https://github.com/onsi/gomega/releases )
- [Changelog](https://github.com/onsi/gomega/blob/master/CHANGELOG.md )
- [Commits](https://github.com/onsi/gomega/compare/v1.28.1...v1.29.0 )
---
updated-dependencies:
- dependency-name: github.com/onsi/gomega
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-11-01 13:25:11 -07:00
dependabot[bot]
1b2c4cfc97
🌱 Bump github.com/go-git/go-git/v5 from 5.9.0 to 5.10.0 ( #3623 )
...
Bumps [github.com/go-git/go-git/v5](https://github.com/go-git/go-git ) from 5.9.0 to 5.10.0.
- [Release notes](https://github.com/go-git/go-git/releases )
- [Commits](https://github.com/go-git/go-git/compare/v5.9.0...v5.10.0 )
---
updated-dependencies:
- dependency-name: github.com/go-git/go-git/v5
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-11-01 20:10:52 +00:00
dependabot[bot]
dac01dbdbb
🌱 Bump github.com/go-logr/logr from 1.2.4 to 1.3.0 ( #3622 )
...
Bumps [github.com/go-logr/logr](https://github.com/go-logr/logr ) from 1.2.4 to 1.3.0.
- [Release notes](https://github.com/go-logr/logr/releases )
- [Changelog](https://github.com/go-logr/logr/blob/master/CHANGELOG.md )
- [Commits](https://github.com/go-logr/logr/compare/v1.2.4...v1.3.0 )
---
updated-dependencies:
- dependency-name: github.com/go-logr/logr
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-11-01 18:56:41 +00:00
dependabot[bot]
faffac66c9
🌱 Bump github.com/docker/docker in /tools ( #3628 )
...
Bumps [github.com/docker/docker](https://github.com/docker/docker ) from 24.0.6+incompatible to 24.0.7+incompatible.
- [Release notes](https://github.com/docker/docker/releases )
- [Commits](https://github.com/docker/docker/compare/v24.0.6...v24.0.7 )
---
updated-dependencies:
- dependency-name: github.com/docker/docker
dependency-type: indirect
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-11-01 17:46:17 +00:00
dependabot[bot]
45c5c6501c
🌱 Bump github.com/docker/docker ( #3627 )
...
Bumps [github.com/docker/docker](https://github.com/docker/docker ) from 24.0.4+incompatible to 24.0.7+incompatible.
- [Release notes](https://github.com/docker/docker/releases )
- [Commits](https://github.com/docker/docker/compare/v24.0.4...v24.0.7 )
---
updated-dependencies:
- dependency-name: github.com/docker/docker
dependency-type: indirect
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-11-01 17:18:57 +00:00
afmarcum
c52a1702de
🌱 Update stale workflow to exempt Structured Results milestone ( #3634 )
...
* 🌱 Update stale workflow to exempt Structured Results milestone
* Removed duplicate line, updated stale-pr-message, and removed custom stale labels
2023-11-01 10:02:20 -07:00
dependabot[bot]
478f347e02
🌱 Bump github.com/golangci/golangci-lint in /tools ( #3613 )
...
Bumps [github.com/golangci/golangci-lint](https://github.com/golangci/golangci-lint ) from 1.55.0 to 1.55.1.
- [Release notes](https://github.com/golangci/golangci-lint/releases )
- [Changelog](https://github.com/golangci/golangci-lint/blob/master/CHANGELOG.md )
- [Commits](https://github.com/golangci/golangci-lint/compare/v1.55.0...v1.55.1 )
---
updated-dependencies:
- dependency-name: github.com/golangci/golangci-lint
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-10-28 00:40:10 +00:00
dependabot[bot]
ab7d3645a2
🌱 Bump github.com/moby/buildkit from 0.12.2 to 0.12.3 ( #3589 )
...
Bumps [github.com/moby/buildkit](https://github.com/moby/buildkit ) from 0.12.2 to 0.12.3.
- [Release notes](https://github.com/moby/buildkit/releases )
- [Commits](https://github.com/moby/buildkit/compare/v0.12.2...v0.12.3 )
---
updated-dependencies:
- dependency-name: github.com/moby/buildkit
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-10-28 00:15:16 +00:00
dependabot[bot]
f72b774d31
🌱 Bump github.com/google/osv-scanner from 1.4.1 to 1.4.2 ( #3608 )
...
Bumps [github.com/google/osv-scanner](https://github.com/google/osv-scanner ) from 1.4.1 to 1.4.2.
- [Release notes](https://github.com/google/osv-scanner/releases )
- [Changelog](https://github.com/google/osv-scanner/blob/main/CHANGELOG.md )
- [Commits](https://github.com/google/osv-scanner/compare/v1.4.1...v1.4.2 )
---
updated-dependencies:
- dependency-name: github.com/google/osv-scanner
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-10-27 23:59:46 +00:00
dependabot[bot]
50d246696e
🌱 Bump ossf/scorecard-action from 2.3.0 to 2.3.1 ( #3599 )
...
Bumps [ossf/scorecard-action](https://github.com/ossf/scorecard-action ) from 2.3.0 to 2.3.1.
- [Release notes](https://github.com/ossf/scorecard-action/releases )
- [Changelog](https://github.com/ossf/scorecard-action/blob/main/RELEASE.md )
- [Commits](483ef80eb9...0864cf1902
)
---
updated-dependencies:
- dependency-name: ossf/scorecard-action
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-10-27 23:44:15 +00:00
dependabot[bot]
a37203402a
🌱 Bump google.golang.org/grpc from 1.58.2 to 1.58.3 in /tools ( #3612 )
...
Bumps [google.golang.org/grpc](https://github.com/grpc/grpc-go ) from 1.58.2 to 1.58.3.
- [Release notes](https://github.com/grpc/grpc-go/releases )
- [Commits](https://github.com/grpc/grpc-go/compare/v1.58.2...v1.58.3 )
---
updated-dependencies:
- dependency-name: google.golang.org/grpc
dependency-type: indirect
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-10-27 23:16:43 +00:00
dependabot[bot]
a3495dd6df
🌱 Bump google.golang.org/grpc from 1.57.0 to 1.57.1 ( #3611 )
...
Bumps [google.golang.org/grpc](https://github.com/grpc/grpc-go ) from 1.57.0 to 1.57.1.
- [Release notes](https://github.com/grpc/grpc-go/releases )
- [Commits](https://github.com/grpc/grpc-go/compare/v1.57.0...v1.57.1 )
---
updated-dependencies:
- dependency-name: google.golang.org/grpc
dependency-type: indirect
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-10-27 22:36:17 +00:00
Spencer Schrock
5f3a0e2092
🌱 Enable golangci-lint test
presets ( #3594 )
...
* enable test preset
Leaves some opinionated linters disabled with reasons.
Signed-off-by: Spencer Schrock <sschrock@google.com>
* fix tparallel issues.
Signed-off-by: Spencer Schrock <sschrock@google.com>
---------
Signed-off-by: Spencer Schrock <sschrock@google.com>
2023-10-27 15:05:40 -07:00
Stephen Augustus
b15b47aec3
CODEOWNERS: Support distribution of code reviews via team assignments ( #3620 )
...
Individual maintainer assignments within CODEOWNERS mean that we
cannot take advantage of GitHub code review distribution schemes
for team review assignments.
In this commit, we switch to team assignments within CODEOWNERS.
A common complaint with this approach is that unless you are a part
of the GitHub organization, you will not be able to view a team's
membership/understand who the maintainers of a project are.
To provide visibility into the maintainer list, we've added a
MAINTAINERS.md here as well.
Signed-off-by: Stephen Augustus <foo@auggie.dev>
2023-10-27 13:41:58 -07:00
laurentsimon
fa0e1c17e9
✨ Add WithValues function to findings ( #3619 )
...
* update
Signed-off-by: laurentsimon <laurentsimon@google.com>
* update comment
Signed-off-by: laurentsimon <laurentsimon@google.com>
* typo
Signed-off-by: laurentsimon <laurentsimon@google.com>
---------
Signed-off-by: laurentsimon <laurentsimon@google.com>
2023-10-27 11:03:15 -07:00
AdamKorcz
de022dacc4
🌱 convert vulnerabilities check to probe ( #3487 )
...
* 🌱 convert vulnerabilities check to probe
Signed-off-by: AdamKorcz <adam@adalogics.com>
* rename probe + nits
Signed-off-by: AdamKorcz <adam@adalogics.com>
* edit def.yml
Signed-off-by: AdamKorcz <adam@adalogics.com>
* Add vuln ID dynamically to def.yml
Signed-off-by: AdamKorcz <adam@adalogics.com>
* Elaborate the purpose of test data in unit test
Signed-off-by: AdamKorcz <adam@adalogics.com>
* Move logging out of loop and change logic of negativeFindings()
Signed-off-by: AdamKorcz <adam@adalogics.com>
* preserve number of vulns found in output
Signed-off-by: AdamKorcz <adam@adalogics.com>
* Preserve grouping of vulns
Signed-off-by: AdamKorcz <adam@adalogics.com>
* fix linter issues
Signed-off-by: AdamKorcz <adam@adalogics.com>
* Add remediation data
Signed-off-by: AdamKorcz <adam@adalogics.com>
* use checker.LogFindings()
Signed-off-by: AdamKorcz <adam@adalogics.com>
---------
Signed-off-by: AdamKorcz <adam@adalogics.com>
2023-10-25 10:02:24 -07:00
Spencer Schrock
f2bbd0af62
remove sonatype lift ( #3605 )
...
Signed-off-by: Spencer Schrock <sschrock@google.com>
2023-10-24 20:46:57 -04:00
Spencer Schrock
5f171ba0be
🌱 Fix linter issues caught by new linters in golangci-lint v1.55.0 ( #3603 )
...
* fix protogetter issues
Signed-off-by: Spencer Schrock <sschrock@google.com>
* de-dupe property based fuzzer description
Signed-off-by: Spencer Schrock <sschrock@google.com>
---------
Signed-off-by: Spencer Schrock <sschrock@google.com>
2023-10-24 15:04:13 -07:00
AdamKorcz
ae75bbb70e
🌱 Add probe support for contributors metrics ( #3460 )
...
* 🌱 Add probe support for contributors metrics
Signed-off-by: AdamKorcz <adam@adalogics.com>
* fix lint issues
Signed-off-by: AdamKorcz <adam@adalogics.com>
* change 'contributorsWith' to 'contributorsFrom'
Signed-off-by: AdamKorcz <adam@adalogics.com>
* change remediation difficulty
Signed-off-by: AdamKorcz <adam@adalogics.com>
* fix nits
Signed-off-by: AdamKorcz <adam@adalogics.com>
* Updates to checks and checks/evaluation
Signed-off-by: AdamKorcz <adam@adalogics.com>
* fix tests like in #3409
Signed-off-by: AdamKorcz <adam@adalogics.com>
* fix raw test
Signed-off-by: AdamKorcz <adam@adalogics.com>
* Update description in def.yml
Signed-off-by: AdamKorcz <adam@adalogics.com>
* move logic out of utils
Signed-off-by: AdamKorcz <adam@adalogics.com>
* add comment to consolidate unit test validation
Signed-off-by: AdamKorcz <adam@adalogics.com>
* change a couple of t.Fatal to t.Error
Signed-off-by: AdamKorcz <adam@adalogics.com>
* un-remove comment
Signed-off-by: AdamKorcz <adam@adalogics.com>
* remove map
Signed-off-by: AdamKorcz <adam@adalogics.com>
* fix typo
Signed-off-by: AdamKorcz <adam@adalogics.com>
* remove lint comment
Signed-off-by: AdamKorcz <adam@adalogics.com>
* fix incorrect -1/0 scoring
Signed-off-by: AdamKorcz <adam@adalogics.com>
* Do not specify 'Github' in def.yml
Signed-off-by: AdamKorcz <adam@adalogics.com>
* do not mention 'which companies' in def.yml
Signed-off-by: AdamKorcz <adam@adalogics.com>
* Rename tests
Signed-off-by: AdamKorcz <adam@adalogics.com>
* Use getRawResults and uncomment logging statement
Signed-off-by: AdamKorcz <adam@adalogics.com>
* Define return values of probe better
Signed-off-by: AdamKorcz <adam@adalogics.com>
* Use proportional score instead of min score
Signed-off-by: AdamKorcz <adam@adalogics.com>
* revert changed scoring
Signed-off-by: AdamKorcz <adam@adalogics.com>
* fix incorrect function name
Signed-off-by: AdamKorcz <adam@adalogics.com>
* remove utility function that finds non-positive outcomes
Signed-off-by: AdamKorcz <adam@adalogics.com>
* rebase with latest upstream main and fix linter issues
Signed-off-by: AdamKorcz <adam@adalogics.com>
* Log findings in one statements except a logging statements per finding
Signed-off-by: AdamKorcz <adam@adalogics.com>
* redefine conditional logic
Signed-off-by: AdamKorcz <adam@adalogics.com>
* rebase
Signed-off-by: AdamKorcz <adam@adalogics.com>
* remove unused function
Signed-off-by: AdamKorcz <adam@adalogics.com>
---------
Signed-off-by: AdamKorcz <adam@adalogics.com>
2023-10-24 14:02:18 -07:00
AdamKorcz
1aca1d9445
🌱 convert packaging check to probe ( #3486 )
...
* 🌱 convert packaging check to probe
Signed-off-by: AdamKorcz <adam@adalogics.com>
* amend text in def.yml
Signed-off-by: AdamKorcz <adam@adalogics.com>
* Correct short description in def.yml
Signed-off-by: AdamKorcz <adam@adalogics.com>
* log negative findings
Signed-off-by: AdamKorcz <adam@adalogics.com>
* rename probe
Signed-off-by: AdamKorcz <adam@adalogics.com>
* Fix the broken e2e test: The probe returned minimum score instead of inconclusive score which was not consistent with the previous scoring. This commit also removes the debug statements
Signed-off-by: AdamKorcz <adam@adalogics.com>
* change score text
Signed-off-by: AdamKorcz <adam@adalogics.com>
* include file details. process all packaging workflows
Signed-off-by: AdamKorcz <adam@adalogics.com>
---------
Signed-off-by: AdamKorcz <adam@adalogics.com>
2023-10-24 19:12:05 +00:00
AdamKorcz
0e3a5233ae
🌱 Add license probe ( #3465 )
...
* 🌱 Add license probe
Signed-off-by: AdamKorcz <adam@adalogics.com>
* [WIP] add two remaining license checks as probes
Signed-off-by: AdamKorcz <adam@adalogics.com>
* fix nits
Signed-off-by: AdamKorcz <adam@adalogics.com>
* Use Errorf in test
Signed-off-by: AdamKorcz <adam@adalogics.com>
* use zrunner
Signed-off-by: AdamKorcz <adam@adalogics.com>
* fix wrong return value
Signed-off-by: AdamKorcz <adam@adalogics.com>
* fix linting issues and remove empty default
Signed-off-by: AdamKorcz <adam@adalogics.com>
* fix double if statement
Signed-off-by: AdamKorcz <adam@adalogics.com>
* Remove struct field from test
Signed-off-by: AdamKorcz <adam@adalogics.com>
* Add test for nil-case of license files slice
Signed-off-by: AdamKorcz <adam@adalogics.com>
* rewrite multiple def.ymls
Signed-off-by: AdamKorcz <adam@adalogics.com>
* fix nits
Signed-off-by: AdamKorcz <adam@adalogics.com>
* Add unit test with multiple unapproved license files
Signed-off-by: AdamKorcz <adam@adalogics.com>
* Add link to approved license formats
Signed-off-by: AdamKorcz <adam@adalogics.com>
* fix linting
Signed-off-by: AdamKorcz <adam@adalogics.com>
* remove comment
Signed-off-by: AdamKorcz <adam@adalogics.com>
* preserve logging from original check
Signed-off-by: AdamKorcz <adam@adalogics.com>
* fix typo
Signed-off-by: AdamKorcz <adam@adalogics.com>
* remove redundant map manipulation
Signed-off-by: AdamKorcz <adam@adalogics.com>
* rename hasApproveLicense probe
Signed-off-by: AdamKorcz <adam@adalogics.com>
* Return OutcomeNotApplicable if hasFSFOrOSIApprovedLicense probe does not find a license
Signed-off-by: AdamKorcz <adam@adalogics.com>
* Include license file locations in log
Signed-off-by: AdamKorcz <adam@adalogics.com>
* fix linting issues
Signed-off-by: AdamKorcz <adam@adalogics.com>
* replace strings filtering with OutcomeNotApplicable in hasLicenseFileAtTopDir probe
Signed-off-by: AdamKorcz <adam@adalogics.com>
* Fix linter issue
Signed-off-by: AdamKorcz <adam@adalogics.com>
* Include location of found license files
Signed-off-by: AdamKorcz <adam@adalogics.com>
---------
Signed-off-by: AdamKorcz <adam@adalogics.com>
2023-10-24 11:48:41 -07:00
Raghav Kaul
622f10442c
🌱 GitLab: track coverage for gitlab e2e tests ( #3601 )
...
Signed-off-by: Raghav Kaul <raghavkaul@google.com>
2023-10-24 11:19:43 -07:00
dependabot[bot]
52f950bf77
🌱 Bump github.com/golangci/golangci-lint in /tools ( #3592 )
...
Bumps [github.com/golangci/golangci-lint](https://github.com/golangci/golangci-lint ) from 1.54.2 to 1.55.0.
- [Release notes](https://github.com/golangci/golangci-lint/releases )
- [Changelog](https://github.com/golangci/golangci-lint/blob/master/CHANGELOG.md )
- [Commits](https://github.com/golangci/golangci-lint/compare/v1.54.2...v1.55.0 )
---
updated-dependencies:
- dependency-name: github.com/golangci/golangci-lint
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-10-24 00:29:50 +00:00
Spencer Schrock
25c414d59b
🌱 remove unused osv helper tool. ( #3572 )
...
This is a followup cleanup of d4b44e52eb
(#2303 ).
Signed-off-by: Spencer Schrock <sschrock@google.com>
2023-10-23 23:35:28 +00:00
Spencer Schrock
5eca374b1e
🌱 enable style linter errname
( #3587 )
...
* enable errname linter
Signed-off-by: Spencer Schrock <sschrock@google.com>
* convert publish err to custom error type.
Signed-off-by: Spencer Schrock <sschrock@google.com>
* remove unused exported error.
Signed-off-by: Spencer Schrock <sschrock@google.com>
* convert unsupported exporter type to custom error type.
Signed-off-by: Spencer Schrock <sschrock@google.com>
* exempt public errors from linter.
Signed-off-by: Spencer Schrock <sschrock@google.com>
* exempt cron config errors from linter.
Signed-off-by: Spencer Schrock <sschrock@google.com>
---------
Signed-off-by: Spencer Schrock <sschrock@google.com>
2023-10-23 23:10:04 +00:00
Spencer Schrock
1c649cb66d
🌱 enable gomoddirectives linter. ( #3584 )
...
Signed-off-by: Spencer Schrock <sschrock@google.com>
2023-10-23 22:57:43 +00:00
Spencer Schrock
2391edfbe1
🌱 add style linters: mirror, tenv, usestdlibvars ( #3586 )
...
* fix tenv linter and bug with t.Parallel
Signed-off-by: Spencer Schrock <sschrock@google.com>
* fix usestdlibvars linter
Signed-off-by: Spencer Schrock <sschrock@google.com>
* fix mirror linter
Signed-off-by: Spencer Schrock <sschrock@google.com>
---------
Signed-off-by: Spencer Schrock <sschrock@google.com>
2023-10-23 22:40:01 +00:00
dependabot[bot]
6fb5f8a56e
🌱 Bump github.com/onsi/gomega from 1.28.0 to 1.28.1 ( #3597 )
...
Bumps [github.com/onsi/gomega](https://github.com/onsi/gomega ) from 1.28.0 to 1.28.1.
- [Release notes](https://github.com/onsi/gomega/releases )
- [Changelog](https://github.com/onsi/gomega/blob/master/CHANGELOG.md )
- [Commits](https://github.com/onsi/gomega/compare/v1.28.0...v1.28.1 )
---
updated-dependencies:
- dependency-name: github.com/onsi/gomega
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-10-23 15:17:53 -07:00
dependabot[bot]
8959d3f08a
🌱 Bump github.com/xanzy/go-gitlab from 0.93.1 to 0.93.2 ( #3593 )
...
Bumps [github.com/xanzy/go-gitlab](https://github.com/xanzy/go-gitlab ) from 0.93.1 to 0.93.2.
- [Changelog](https://github.com/xanzy/go-gitlab/blob/main/releases_test.go )
- [Commits](https://github.com/xanzy/go-gitlab/compare/v0.93.1...v0.93.2 )
---
updated-dependencies:
- dependency-name: github.com/xanzy/go-gitlab
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-10-23 14:46:56 -07:00
Gabriela Gutierrez
ca5c404a97
🐛 scanning gitlab private repositories ( #3596 )
...
* fix: Run for gitlab private repos
Signed-off-by: Gabriela Gutierrez <gabigutierrez@google.com>
* test: gitlab repo is accessible
Signed-off-by: Gabriela Gutierrez <gabigutierrez@google.com>
* fix: linter error
Signed-off-by: Gabriela Gutierrez <gabigutierrez@google.com>
---------
Signed-off-by: Gabriela Gutierrez <gabigutierrez@google.com>
Co-authored-by: Raghav Kaul <8695110+raghavkaul@users.noreply.github.com>
2023-10-23 20:57:55 +00:00
Spencer Schrock
2d9319601e
🌱 use forbidigo linter to prevent print statements ( #3585 )
...
* enable forbidigo for print statements.
include reasoning as message exposed to developer.
Signed-off-by: Spencer Schrock <sschrock@google.com>
* remove or grant exceptions for existing print statements
Signed-off-by: Spencer Schrock <sschrock@google.com>
* swap stdout to stderr
Signed-off-by: Spencer Schrock <sschrock@google.com>
* separate msg from regex for better readability.
Signed-off-by: Spencer Schrock <sschrock@google.com>
---------
Signed-off-by: Spencer Schrock <sschrock@google.com>
2023-10-23 13:12:50 -07:00
Spencer Schrock
d0cefa519a
🌱 enable the golangci-lint bugs
preset ( #3583 )
...
* enable bugs preset
Signed-off-by: Spencer Schrock <sschrock@google.com>
* fix noctx linter
Signed-off-by: Spencer Schrock <sschrock@google.com>
* fix bodyclose linter
Signed-off-by: Spencer Schrock <sschrock@google.com>
* fix contextcheck linter
Signed-off-by: Spencer Schrock <sschrock@google.com>
* This ignores all existing cases of musttag linter complaints.
This analyzer seems useful in the future, but some of this code
is old and I don't want to change it for existing code now.
Signed-off-by: Spencer Schrock <sschrock@google.com>
* ignore existing nilerr lints.
This behavior is from the initial commit, and primarily affects metrics.
Leaving as is, and hope to benefit from the linter in the future.
Signed-off-by: Spencer Schrock <sschrock@google.com>
---------
Signed-off-by: Spencer Schrock <sschrock@google.com>
2023-10-23 09:35:40 -07:00
Martin Costello
49c0eed3a4
🐛 SAST detect new GitHub app slug for CodeQL ( #3591 )
...
* Fix SAST no longer working for CodeQL
The app slug for CodeQL appears to have changed from `github-advanced-security` to `github-code-scanning`, causing the SAST rule to false-negative on commits.
Signed-off-by: martincostello <martin@martincostello.com>
* Fix lint warning
Fix lint warning.
Signed-off-by: martincostello <martin@martincostello.com>
---------
Signed-off-by: martincostello <martin@martincostello.com>
2023-10-20 14:13:08 -07:00
dependabot[bot]
4b8066a3c7
🌱 Bump actions/checkout from 4.1.0 to 4.1.1 ( #3580 )
...
Bumps [actions/checkout](https://github.com/actions/checkout ) from 4.1.0 to 4.1.1.
- [Release notes](https://github.com/actions/checkout/releases )
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md )
- [Commits](8ade135a41...b4ffde65f4
)
---
updated-dependencies:
- dependency-name: actions/checkout
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-10-19 22:28:54 +00:00
dependabot[bot]
1c0557129b
🌱 Bump github.com/google/ko from 0.14.1 to 0.15.0 in /tools ( #3578 )
...
Bumps [github.com/google/ko](https://github.com/google/ko ) from 0.14.1 to 0.15.0.
- [Release notes](https://github.com/google/ko/releases )
- [Changelog](https://github.com/ko-build/ko/blob/main/.goreleaser.yml )
- [Commits](https://github.com/google/ko/compare/v0.14.1...v0.15.0 )
---
updated-dependencies:
- dependency-name: github.com/google/ko
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-10-19 21:52:57 +00:00
dependabot[bot]
159c6c8723
🌱 Bump tj-actions/changed-files from 39.2.1 to 39.2.3 ( #3577 )
...
Bumps [tj-actions/changed-files](https://github.com/tj-actions/changed-files ) from 39.2.1 to 39.2.3.
- [Release notes](https://github.com/tj-actions/changed-files/releases )
- [Changelog](https://github.com/tj-actions/changed-files/blob/main/HISTORY.md )
- [Commits](db153baf73...95690f9ece
)
---
updated-dependencies:
- dependency-name: tj-actions/changed-files
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-10-19 21:16:50 +00:00
dependabot[bot]
836c040177
🌱 Bump github.com/bradleyfalzon/ghinstallation/v2 ( #3575 )
...
Bumps [github.com/bradleyfalzon/ghinstallation/v2](https://github.com/bradleyfalzon/ghinstallation ) from 2.7.0 to 2.8.0.
- [Release notes](https://github.com/bradleyfalzon/ghinstallation/releases )
- [Commits](https://github.com/bradleyfalzon/ghinstallation/compare/v2.7.0...v2.8.0 )
---
updated-dependencies:
- dependency-name: github.com/bradleyfalzon/ghinstallation/v2
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-10-19 20:27:09 +00:00
Pierre Cavin
f26ee46812
✨ Add fast-check test runners integrations ( #3568 )
...
Signed-off-by: Pierre Cavin <me@sherlox.io>
2023-10-19 18:41:28 +00:00
Spencer Schrock
63fff3c840
✨ scdiff: improve compare
usability ( #3573 )
...
* fallback to cron style when parsing dates.
The cron output was never updated in #2712 . In the interim, support both formats.
Signed-off-by: Spencer Schrock <sschrock@google.com>
* continue on first diff, to highlight all differences.
Signed-off-by: Spencer Schrock <sschrock@google.com>
* tests for date fallback.
Signed-off-by: Spencer Schrock <sschrock@google.com>
---------
Signed-off-by: Spencer Schrock <sschrock@google.com>
2023-10-16 16:05:12 -07:00