ossf/scorecard
1
1
Fork 0
mirror of https://github.com/ossf/scorecard.git synced 2024-09-19 04:57:14 +03:00
Code Issues Actions 2 Packages Projects Releases Wiki Activity
552 Commits 36 Branches 42 Tags 436 MiB
c741335683
Commit Graph

552 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
laurentsimon
c741335683
[migration to score] 3: branch protection, frozen-deps, token permissions (#719) 
* details-1

* nits

* typo

* commments

* dependabot and binary artifacts checks

* typo

* linter

* missing errors.go

* linter

* merge fix

* branch protection, frozen-deps, token permissions

* linter

* linter
 2021-07-21 09:21:43 -07:00
laurentsimon
5e634c8945
[migration to score] 2: dependabot and binary artifact checks (#718) 
* details-1

* nits

* typo

* commments

* dependabot and binary artifacts checks

* typo

* linter

* missing errors.go

* linter

* merge fix

* dates
 2021-07-21 09:02:43 -07:00
laurentsimon
42115ed2e3
add errors file (#720) 2021-07-20 19:06:41 +00:00
laurentsimon
ab4bb60c9c
[migration to score] 1: create errors and new functions (#712) 
* details-1

* comment

* doc

* nits

* typo

* commments

* nit

* linter
 2021-07-20 11:36:35 -07:00
laurentsimon
45ea97e502
Add more github token names for env variable (#694) 
* draft

* commit 1

* dead code

* comments

* merge fix

* typo
 2021-07-19 18:56:42 +00:00
Azeem Shaikh
ef2830ea98 Re-enable CensusTransport 2021-07-19 12:15:55 -05:00
Azeem Shaikh
35267c2514
PubSub integration test framework (#706) 
Co-authored-by: Azeem Shaikh <azeems@google.com>
 2021-07-18 17:33:45 -07:00
laurentsimon
3f2c0e6b6c
typos (#705) 2021-07-16 12:56:22 -07:00
laurentsimon
c46487bb7d
fixes (#704) 2021-07-16 12:34:23 -07:00
laurentsimon
b91658b322
packaging doc (#703) 2021-07-16 10:58:27 -07:00
dependabot[bot]
428a4d659c
🌱 Bump actions/stale from 3.0.19 to 4 (#695) 
Bumps [actions/stale](https://github.com/actions/stale) from 3.0.19 to 4.
- [Release notes](https://github.com/actions/stale/releases)
- [Changelog](https://github.com/actions/stale/blob/main/CHANGELOG.md)
- [Commits](98ed4cb500...cdf15f641a)

---
updated-dependencies:
- dependency-name: actions/stale
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Naveen <172697+naveensrinivasan@users.noreply.github.com>
 2021-07-16 17:30:01 +00:00
Naveen
f4f1e110c7
📖 Included docker documentation in README (#681) 
* Included docker run for easier consumption of scorecard.
 2021-07-16 17:18:42 +00:00
Oliver Chang
7a301f14d9
Add some new projects. (#702) 
Co-authored-by: Abhishek Arya <inferno@chromium.org>
 2021-07-16 15:48:13 +00:00
Naveen
ca4f963eb7
🌱 Fix failing e2e tests (#696) 
The packaging docker image for scorecard has been removed from github
workflow to gcr.io.

This was causing the e2e check failing.

This fix will remove that check and address the failing e2e.
 2021-07-16 08:38:53 -07:00
naveen
a55d542e0d 🌱 Remove gitcache docker 
Remove the gitcache docker image
 2021-07-14 12:31:15 -05:00
dependabot[bot]
9b07526776
🌱 Bump golang.org/x/tools from 0.1.4 to 0.1.5 (#691) 
Bumps [golang.org/x/tools](https://github.com/golang/tools) from 0.1.4 to 0.1.5.
- [Release notes](https://github.com/golang/tools/releases)
- [Commits](https://github.com/golang/tools/compare/v0.1.4...v0.1.5)

---
updated-dependencies:
- dependency-name: golang.org/x/tools
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Naveen <172697+naveensrinivasan@users.noreply.github.com>
 2021-07-14 14:50:36 +00:00
dependabot[bot]
7671752527
🌱 Bump golang from 1.16.5 to 1.16.6 (#690) 
Bumps golang from 1.16.5 to 1.16.6.

---
updated-dependencies:
- dependency-name: golang
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Naveen <172697+naveensrinivasan@users.noreply.github.com>
 2021-07-14 13:36:35 +00:00
Anton
d08874e4c5
🐛 Updated checks arguments to be case insensitive (#685) 
* Updated checks to be case insensitive

* Removed the need to have check indexes/keys lowercase

* Refactored to use strings.EqualFold()

* Refactored enabling checks into a separate function

* Refactored enableCheck() to return a bool
 2021-07-14 09:26:33 -04:00
naveen
885bdde5f0 🌱 Remove gitcache folder 2021-07-13 09:40:17 -05:00
Anton Ritter-Gogerly
0967915691 Added error for invalid checks 2021-07-13 08:18:43 -05:00
naveen
219404e0b7 🌱 Removing gitcache 
Removing gitcache
 2021-07-13 01:03:21 -05:00
Azeem Shaikh
7cf56e04af
Log error if GITHUB_AUTH_TOKEN is unset (#680) 
Co-authored-by: Azeem Shaikh <azeems@google.com>
 2021-07-12 13:59:44 -07:00
dependabot[bot]
99689245ad 🌱 Bump golang from 91b3c54 to 3ba0777 in /gitcache 
Bumps golang from `91b3c54` to `3ba0777`.

---
updated-dependencies:
- dependency-name: golang
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2021-07-12 14:02:57 -05:00
dependabot[bot]
8d9f199d51 🌱 Bump golang from 91b3c54 to 3ba0777 
Bumps golang from `91b3c54` to `3ba0777`.

---
updated-dependencies:
- dependency-name: golang
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2021-07-12 12:35:17 -05:00
dependabot[bot]
50ce017684
🌱 Bump gocloud.dev from 0.22.0 to 0.23.0 in /gitcache (#465) 
Bumps [gocloud.dev](https://github.com/google/go-cloud) from 0.22.0 to 0.23.0.
- [Release notes](https://github.com/google/go-cloud/releases)
- [Commits](https://github.com/google/go-cloud/compare/v0.22.0...v0.23.0)

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2021-07-10 15:11:30 +00:00
dependabot[bot]
467003a7e1
🌱 Bump github.com/onsi/gomega in /gitcache (#668) 
Bumps [github.com/onsi/gomega](https://github.com/onsi/gomega) from 1.13.0 to 1.14.0.
- [Release notes](https://github.com/onsi/gomega/releases)
- [Changelog](https://github.com/onsi/gomega/blob/master/CHANGELOG.md)
- [Commits](https://github.com/onsi/gomega/compare/v1.13.0...v1.14.0)

---
updated-dependencies:
- dependency-name: github.com/onsi/gomega
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2021-07-09 13:31:18 +00:00
dependabot[bot]
1e01a270ec
🌱 Bump cloud.google.com/go/pubsub from 1.12.0 to 1.12.2 (#671) 
Bumps [cloud.google.com/go/pubsub](https://github.com/googleapis/google-cloud-go) from 1.12.0 to 1.12.2.
- [Release notes](https://github.com/googleapis/google-cloud-go/releases)
- [Changelog](https://github.com/googleapis/google-cloud-go/blob/master/CHANGES.md)
- [Commits](https://github.com/googleapis/google-cloud-go/compare/pubsub/v1.12.0...pubsub/v1.12.2)

---
updated-dependencies:
- dependency-name: cloud.google.com/go/pubsub
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Azeem Shaikh <azeemshaikh38@gmail.com>
 2021-07-08 22:25:42 -07:00
Azeem Shaikh
aba44d8b9f
Handle 300 MultipleChoices HTTP status (#670) 
Co-authored-by: Azeem Shaikh <azeems@google.com>
 2021-07-09 04:42:57 +00:00
dependabot[bot]
2e347ac42b 🌱 Bump github.com/onsi/gomega from 1.13.0 to 1.14.0 
Bumps [github.com/onsi/gomega](https://github.com/onsi/gomega) from 1.13.0 to 1.14.0.
- [Release notes](https://github.com/onsi/gomega/releases)
- [Changelog](https://github.com/onsi/gomega/blob/master/CHANGELOG.md)
- [Commits](https://github.com/onsi/gomega/compare/v1.13.0...v1.14.0)

---
updated-dependencies:
- dependency-name: github.com/onsi/gomega
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
 2021-07-08 20:10:34 -05:00
naveen
7afc0918e2 Table output for the results 
* Included the table output in the default results
 2021-07-08 20:00:13 -05:00
laurentsimon
4cbb1a6062
Detect python -m pip pkg (#611) 
* commit 1

* fixes

* comments

* comments

* comment and fix

* comments

* add tests

* support double quote + fixes

* fix

* comments
 2021-07-09 00:48:36 +00:00
Azeem Shaikh
164f6094ef
Handle 404 errors for GitHub tarball (#667) 
Co-authored-by: Azeem Shaikh <azeems@google.com>
 2021-07-07 14:15:15 -07:00
Azeem Shaikh
2c2432b9df
Fix some bugs (#659) 
Co-authored-by: Azeem Shaikh <azeems@google.com>
 2021-07-07 15:04:43 +00:00
Ben Moss
959b27e81f
Minor grammar/readability docs fix (#666) 2021-07-07 07:29:45 -07:00
naveen
dcdb452a97 Sorted and grouped the output results 
* Grouped the output results to pass and fail
* Sorted them by confidence
 2021-07-06 06:57:49 -05:00
dependabot[bot]
3181aba22b 🌱 Bump github.com/spf13/cobra from 1.2.0 to 1.2.1 
Bumps [github.com/spf13/cobra](https://github.com/spf13/cobra) from 1.2.0 to 1.2.1.
- [Release notes](https://github.com/spf13/cobra/releases)
- [Changelog](https://github.com/spf13/cobra/blob/master/CHANGELOG.md)
- [Commits](https://github.com/spf13/cobra/compare/v1.2.0...v1.2.1)

---
updated-dependencies:
- dependency-name: github.com/spf13/cobra
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2021-07-05 08:52:24 -05:00
Azeem Shaikh
581e170db1
Add a tarball handler (#654) 
Co-authored-by: Azeem Shaikh <azeems@google.com>
 2021-07-04 17:35:53 -07:00
Azeem Shaikh
aab6c217cc
Add monitoring to measure remaining Github tokens (#652) 
Co-authored-by: Azeem Shaikh <azeems@google.com>
 2021-07-04 14:42:21 -07:00
naveen
aeead94680 Included security.rst as SecurityPolicy 
* Included security.rst as name check for security policy.
 2021-07-04 16:18:51 -05:00
Azeem Shaikh
68dc079b79
Fix bug causing performance issues (#649) 
Co-authored-by: Azeem Shaikh <azeems@google.com>
 2021-07-02 21:12:53 +00:00
dependabot[bot]
c61a744c1b 🌱 Bump github.com/spf13/cobra from 1.1.3 to 1.2.0 
Bumps [github.com/spf13/cobra](https://github.com/spf13/cobra) from 1.1.3 to 1.2.0.
- [Release notes](https://github.com/spf13/cobra/releases)
- [Changelog](https://github.com/spf13/cobra/blob/master/CHANGELOG.md)
- [Commits](https://github.com/spf13/cobra/compare/v1.1.3...v1.2.0)

---
updated-dependencies:
- dependency-name: github.com/spf13/cobra
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
 2021-07-02 11:27:32 -05:00
laurentsimon
e06ce1529d
don't log (#641) 2021-07-01 16:31:03 -07:00
Azeem Shaikh
08e934cbc2
Use GraphQL instead of REST to reduce token usage (#640) 
Co-authored-by: Azeem Shaikh <azeems@google.com>
 2021-07-01 15:32:57 -07:00
Azeem Shaikh
d81fd24246
Add ListFiles and GetFileContent APIs (#637) 
Co-authored-by: Azeem Shaikh <azeems@google.com>
 2021-06-30 23:49:49 -07:00
dependabot[bot]
ecab8fed52
🌱 Bump cloud.google.com/go/bigquery from 1.18.0 to 1.19.0 (#635) 
Bumps [cloud.google.com/go/bigquery](https://github.com/googleapis/google-cloud-go) from 1.18.0 to 1.19.0.
- [Release notes](https://github.com/googleapis/google-cloud-go/releases)
- [Changelog](https://github.com/googleapis/google-cloud-go/blob/master/CHANGES.md)
- [Commits](https://github.com/googleapis/google-cloud-go/compare/spanner/v1.18.0...spanner/v1.19.0)

---
updated-dependencies:
- dependency-name: cloud.google.com/go/bigquery
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: Azeem Shaikh <azeems@google.com>
 2021-06-30 11:54:01 -07:00
dependabot[bot]
1c5a247f44
🌱 Bump github.com/go-git/go-git/v5 in /gitcache (#531) 
Bumps [github.com/go-git/go-git/v5](https://github.com/go-git/go-git) from 5.3.0 to 5.4.2.
- [Release notes](https://github.com/go-git/go-git/releases)
- [Commits](https://github.com/go-git/go-git/compare/v5.3.0...v5.4.2)

---
updated-dependencies:
- dependency-name: github.com/go-git/go-git/v5
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2021-06-30 17:24:10 +00:00
dependabot[bot]
2fab861955 🌱 Bump github.com/onsi/ginkgo in /gitcache 
Bumps [github.com/onsi/ginkgo](https://github.com/onsi/ginkgo) from 1.16.2 to 1.16.4.
- [Release notes](https://github.com/onsi/ginkgo/releases)
- [Changelog](https://github.com/onsi/ginkgo/blob/master/CHANGELOG.md)
- [Commits](https://github.com/onsi/ginkgo/compare/v1.16.2...v1.16.4)

---
updated-dependencies:
- dependency-name: github.com/onsi/ginkgo
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2021-06-30 11:23:21 -05:00
dependabot[bot]
fcec1d3a3e 🌱 Bump golang from 1.16.4 to 1.16.5 in /gitcache 
Bumps golang from 1.16.4 to 1.16.5.

---
updated-dependencies:
- dependency-name: golang
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2021-06-29 15:54:08 -05:00
dependabot[bot]
7535a7688c
🌱 Bump distroless/base from bc84925 to 38778ff in /gitcache (#603) 
Bumps distroless/base from `bc84925` to `38778ff`.

---
updated-dependencies:
- dependency-name: distroless/base
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Naveen <172697+naveensrinivasan@users.noreply.github.com>
 2021-06-29 19:38:31 +00:00
laurentsimon
dd1a412b85
Update readme (#634) 
* update readme

* comments
 2021-06-29 19:02:12 +00:00