Batuhan Apaydın
6f1a43a0b6
🌱 add google/ko support for building/pusing container image ( #1127 )
...
* feat: add google/ko support for building/pusing container image
Signed-off-by: Batuhan Apaydın <batuhan.apaydin@trendyol.com>
* feat: updates according to reviews
Signed-off-by: Batuhan Apaydın <batuhan.apaydin@trendyol.com>
2021-10-26 17:22:22 +00:00
Chris McGehee
faab6969d6
Improve formatting, readability
2021-10-25 17:36:37 -05:00
Chris McGehee
c13783a040
🐛 Fixing parsing for Github workflow when matrix is an expression
2021-10-25 17:36:37 -05:00
olivekl
6f1a1cb1f4
📖 Update README.md ( #1160 )
...
* Update README.md
Add Prominent Scorecards Users section
Add email groups
Fix calendar link
* Update README.md
Add https:// to links in "Prominent Users" section
Co-authored-by: Naveen <172697+naveensrinivasan@users.noreply.github.com>
2021-10-25 22:06:53 +00:00
naveen
311d2e2e42
🌱 Reproducible builds with static binary
...
Changes to goreleaser to have static binaries and reproducible builds.
2021-10-25 15:58:47 -05:00
Naveen
c3d51a7739
🌱 Included arm64 release for darwin ( #1157 )
2021-10-25 13:56:48 -05:00
Carlos Tadeu Panato Junior
3d9c599769
🌱 fix TestGetRepoURLs tests ( #1158 )
...
* tests: fix TestGetRepoURLs tests
Signed-off-by: Carlos Panato <ctadeu@gmail.com>
* close test file
Signed-off-by: Carlos Panato <ctadeu@gmail.com>
2021-10-25 11:03:02 -05:00
naveen
54f1429eaa
🌱 Fixed typo administrator
...
Fixed typo administrator.
2021-10-23 16:29:32 -05:00
laurentsimon
950e0e3d2d
✨ Add support for file-based repo URIs ( #1113 )
...
* draft
* draft
* docker file
* error
* fix
* fix
* fixa
* bug
* comments
* missing merge
* fix
* fix rebase
* merge issue
* fix
* validate format early
* fix
* fix2
* comments
* fix
2021-10-21 20:08:56 +00:00
Azeem Shaikh
0d299c2965
Increase number of workers and 600k repos ( #1150 )
...
Co-authored-by: Azeem Shaikh <azeems@google.com>
2021-10-20 21:18:42 +00:00
Azeem Shaikh
96140f9646
Add exponential backoff to CII badge check ( #1147 )
...
Co-authored-by: Azeem Shaikh <azeems@google.com>
2021-10-20 18:13:17 +00:00
dependabot[bot]
f38abc03be
🌱 Bump actions/checkout from 1 to 2.3.5 ( #1137 )
...
Bumps [actions/checkout](https://github.com/actions/checkout ) from 1 to 2.3.5.
- [Release notes](https://github.com/actions/checkout/releases )
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md )
- [Commits](https://github.com/actions/checkout/compare/v1...1e204e9a9253d643386038d443f96446fa156a97 )
---
updated-dependencies:
- dependency-name: actions/checkout
dependency-type: direct:production
update-type: version-update:semver-major
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2021-10-19 19:28:58 +00:00
Romain Dauby
c26bea648d
📖 Minor fixes to markdown links ( #1141 )
...
* Minor fixes to markdown links
* Minor fix generate docs
2021-10-19 12:14:11 -07:00
Azeem Shaikh
b8eba248ac
Improve logging messages ( #1140 )
...
Co-authored-by: Azeem Shaikh <azeems@google.com>
2021-10-18 15:08:15 -07:00
dependabot[bot]
b3874325f8
🌱 Bump goreleaser/goreleaser-action from 2.7.0 to 2.8.0 ( #1136 )
...
Bumps [goreleaser/goreleaser-action](https://github.com/goreleaser/goreleaser-action ) from 2.7.0 to 2.8.0.
- [Release notes](https://github.com/goreleaser/goreleaser-action/releases )
- [Commits](5a54d7e660...5df302e5e9
)
---
updated-dependencies:
- dependency-name: goreleaser/goreleaser-action
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Naveen <172697+naveensrinivasan@users.noreply.github.com>
2021-10-18 15:23:28 +00:00
dependabot[bot]
a020b1632f
🌱 Bump crazy-max/ghaction-import-gpg from 4.0.0 to 4.1.0
...
Bumps [crazy-max/ghaction-import-gpg](https://github.com/crazy-max/ghaction-import-gpg ) from 4.0.0 to 4.1.0.
- [Release notes](https://github.com/crazy-max/ghaction-import-gpg/releases )
- [Changelog](https://github.com/crazy-max/ghaction-import-gpg/blob/master/CHANGELOG.md )
- [Commits](8c43807e82...cb4264d331
)
---
updated-dependencies:
- dependency-name: crazy-max/ghaction-import-gpg
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
2021-10-18 08:05:46 -07:00
Azeem Shaikh
146dc8579f
Use token server in prod cron job ( #1135 )
...
Co-authored-by: Azeem Shaikh <azeems@google.com>
2021-10-17 08:27:44 -07:00
Azeem Shaikh
5ec7b26e20
Fix connection refused
errors ( #1134 )
...
Co-authored-by: Azeem Shaikh <azeems@google.com>
2021-10-15 22:29:00 +00:00
olivekl
da94c7c253
📖 Update Install command for version 3 ( #1125 )
...
* Update Install command for version 3
Change v2@latest to v@latest in README.md
* Update install instruction to use GitHub releases
Remove `go install` instructions and replace with instructions to download binary from GitHub releases
* Update install instructions for GOPATH caps
Change gopath to GOPATH
2021-10-15 12:10:36 -07:00
Azeem Shaikh
89cae3a62a
Use GitHub auth server in cron release test ( #1133 )
...
Co-authored-by: Azeem Shaikh <azeems@google.com>
2021-10-15 10:24:31 -07:00
Azeem Shaikh
66f864022c
Add GitHub token server ( #1132 )
...
Co-authored-by: Azeem Shaikh <azeems@google.com>
2021-10-15 03:03:51 +00:00
Chris McGehee
cf9399aad4
🐛 Fixing parsing errors for github workflows ( #1131 )
2021-10-14 08:16:22 -07:00
dependabot[bot]
3233e4f5be
🌱 Bump github.com/onsi/ginkgo from 1.16.4 to 1.16.5
...
Bumps [github.com/onsi/ginkgo](https://github.com/onsi/ginkgo ) from 1.16.4 to 1.16.5.
- [Release notes](https://github.com/onsi/ginkgo/releases )
- [Changelog](https://github.com/onsi/ginkgo/blob/master/CHANGELOG.md )
- [Commits](https://github.com/onsi/ginkgo/compare/v1.16.4...v1.16.5 )
---
updated-dependencies:
- dependency-name: github.com/onsi/ginkgo
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
2021-10-12 07:56:57 -04:00
Naveen
6c1c789dc5
🌱 v3 upgrade changes ( #1118 )
...
v3 go.mod changes
2021-10-07 18:16:01 -05:00
laurentsimon
f153db5a4a
⚠️ remove CSV support ( #1119 )
...
* remove CSV support
* fixes
2021-10-07 13:54:21 -07:00
laurentsimon
8c2e123155
✨ Update BQ table in readme ( #1116 )
...
* v2 table
* comments
2021-10-07 16:26:00 +00:00
olivekl
aaff0e530c
📖 Edit and rework checks.md (via checks.yaml and main.go) ( #1114 )
...
* Update checks.yaml to generate new checks.md docs
* Update main.go
Update overview text and add link
* -m "update TODO for Contrib and Signed-Releases"
* -m "Add admin setting info to Branch-Protection"
* -m "generate docs, fix typos"
* -m "generate docs"
* -m "add links, small edits to checks.yml"
* -m "generate docs.md"
* Clarify Pinned-Dependencies remediation
* "Generate docs"
* "Add admin-only Branch-Protection checks"
* "Regenerate docs"
Co-authored-by: Azeem Shaikh <azeemshaikh38@gmail.com>
2021-10-06 22:07:49 +00:00
Azeem Shaikh
6935be8110
Disable all monitoring temporarily ( #1110 )
...
Co-authored-by: Azeem Shaikh <azeems@google.com>
2021-10-06 18:39:00 +00:00
laurentsimon
4eb5b34932
update v2 BQ table ( #1111 )
...
> LGTM. Will merge it when I rename the BQ table successfully.
Done. Merging now.
2021-10-05 19:33:09 -07:00
naveen
42fd97fa60
🐛 Incomplete regular expression for hostnames
...
This regular expression has an unescaped dot before 'com', so it might match more hosts than
expected when used.
This addresses the code scanning alert.
2021-10-05 15:30:20 -04:00
dependabot[bot]
97ae47564a
🌱 Bump mvdan.cc/sh/v3 from 3.3.1 to 3.4.0 ( #1098 )
...
Bumps [mvdan.cc/sh/v3](https://github.com/mvdan/sh ) from 3.3.1 to 3.4.0.
- [Release notes](https://github.com/mvdan/sh/releases )
- [Changelog](https://github.com/mvdan/sh/blob/master/CHANGELOG.md )
- [Commits](https://github.com/mvdan/sh/compare/v3.3.1...v3.4.0 )
---
updated-dependencies:
- dependency-name: mvdan.cc/sh/v3
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Naveen <172697+naveensrinivasan@users.noreply.github.com>
2021-10-04 23:58:03 +00:00
naveen
7ca5061efc
🌱 Remove OSV ignores
...
The checks for OSV ignored a few OSV. These have been fixed and removing
them from the ignore list.
2021-10-04 16:19:14 -05:00
naveen
6190be23d8
🌱 Upgrad xz library to FIX CVE-2021-29482
...
This fixes the https://github.com/advisories/GHSA-25xm-hr59-7c27
2021-10-04 14:38:38 -05:00
Naveen
589ceac382
🌱 Update the uuid library to avoid CVE ( #1102 )
...
Fixes OSV GO-2020-0018 https://github.com/satori/go.uuid/issues/73
2021-10-04 18:15:41 +00:00
naveen
f78bc44b94
🌱 Updates the DNS library for CVE
...
Updated the DNS library version to address the CVE
2021-10-04 12:41:15 -05:00
Naveen
aaa3512af7
🌱 Fix integration githubaction permissions ( #985 )
...
* Changed the integration GitHub action permissions to contents:read, pull-requests:write
2021-10-04 09:33:31 -05:00
laurentsimon
c39672b788
✨ Delete pushed file from previous PR ( #1096 )
...
* fixes
* fixes
* fix
2021-10-01 22:58:09 +00:00
laurentsimon
b00b3d36f0
✨ Improve GitHub SARIF generation ( #1094 )
...
* changes
* fix
* fix
* fix
* comment
* bug
* draft
* draft
* draft
* fixes
* fixes
* update tests
* linter
* comments
* comments
* comments
2021-10-01 22:01:46 +00:00
dependabot[bot]
f63f07ddc5
🌱 Bump actions/github-script from 4.1.1 to 5 ( #1067 )
...
* 🌱 Bump actions/github-script from 4.1.1 to 5
Bumps [actions/github-script](https://github.com/actions/github-script ) from 4.1.1 to 5.
- [Release notes](https://github.com/actions/github-script/releases )
- [Commits](deb7ae927c...441359b1a3
)
---
updated-dependencies:
- dependency-name: actions/github-script
dependency-type: direct:production
update-type: version-update:semver-major
...
Signed-off-by: dependabot[bot] <support@github.com>
* Update integration.yml
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Azeem Shaikh <azeemshaikh38@gmail.com>
2021-10-01 03:57:43 +00:00
dependabot[bot]
2020ccaee9
🌱 Bump distroless/base in /cron/worker ( #1078 )
...
Bumps distroless/base from `a74f307` to `3e771f1`.
---
updated-dependencies:
- dependency-name: distroless/base
dependency-type: direct:production
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Azeem Shaikh <azeemshaikh38@gmail.com>
2021-10-01 03:39:40 +00:00
laurentsimon
e60bf03d91
disable PR ( #1093 )
2021-10-01 00:13:47 +00:00
Read Sprabery
98f77eea5b
Detect unverified installs of npm packages ( #1043 )
...
Co-authored-by: Naveen <172697+naveensrinivasan@users.noreply.github.com>
2021-09-30 19:40:04 +00:00
dependabot[bot]
16b0c1c62d
🌱 Bump cloud.google.com/go/bigquery from 1.22.0 to 1.24.0 ( #1087 )
...
Bumps [cloud.google.com/go/bigquery](https://github.com/googleapis/google-cloud-go ) from 1.22.0 to 1.24.0.
- [Release notes](https://github.com/googleapis/google-cloud-go/releases )
- [Changelog](https://github.com/googleapis/google-cloud-go/blob/master/CHANGES.md )
- [Commits](https://github.com/googleapis/google-cloud-go/compare/spanner/v1.22.0...spanner/v1.24.0 )
---
updated-dependencies:
- dependency-name: cloud.google.com/go/bigquery
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Azeem Shaikh <azeemshaikh38@gmail.com>
2021-09-30 19:16:23 +00:00
dependabot[bot]
e8ec351cba
🌱 Bump github.com/bradleyfalzon/ghinstallation/v2 ( #1068 )
...
Bumps [github.com/bradleyfalzon/ghinstallation/v2](https://github.com/bradleyfalzon/ghinstallation ) from 2.0.2 to 2.0.3.
- [Release notes](https://github.com/bradleyfalzon/ghinstallation/releases )
- [Commits](https://github.com/bradleyfalzon/ghinstallation/compare/v2.0.2...v2.0.3 )
---
updated-dependencies:
- dependency-name: github.com/bradleyfalzon/ghinstallation/v2
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2021-09-30 18:07:28 +00:00
olivekl
c45f70bc90
📖 Add aggregate scoring documentation ( #1063 )
...
* Update README.md
Add scoring explanation, including aggregate scoring and risk weighting
Add Aggregate score to example output
Add omitted word
* Update README.md
Minor edit, remove word
Co-authored-by: Azeem Shaikh <azeemshaikh38@gmail.com>
2021-09-30 17:47:35 +00:00
dependabot[bot]
c10ac4bcb8
🌱 Bump distroless/base in /cron/webhook ( #1076 )
...
Bumps distroless/base from `a74f307` to `3e771f1`.
---
updated-dependencies:
- dependency-name: distroless/base
dependency-type: direct:production
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Azeem Shaikh <azeemshaikh38@gmail.com>
2021-09-30 16:45:55 +00:00
dependabot[bot]
d2f58ab8b7
🌱 Bump distroless/base in /cron/controller ( #1077 )
...
Bumps distroless/base from `a74f307` to `3e771f1`.
---
updated-dependencies:
- dependency-name: distroless/base
dependency-type: direct:production
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Azeem Shaikh <azeemshaikh38@gmail.com>
2021-09-30 16:19:05 +00:00
Azeem Shaikh
cf3550711e
200k projects ( #1091 )
...
Co-authored-by: Azeem Shaikh <azeems@google.com>
2021-09-30 15:45:51 +00:00
dependabot[bot]
701a65e60c
🌱 Bump distroless/base from 3e771f1
to 56d73a6
...
Bumps distroless/base from `3e771f1` to `56d73a6`.
---
updated-dependencies:
- dependency-name: distroless/base
dependency-type: direct:production
...
Signed-off-by: dependabot[bot] <support@github.com>
2021-09-30 06:50:25 -05:00
laurentsimon
83bb5af0ef
fix ( #1089 )
2021-09-29 23:19:44 +00:00