scorecard

mirror of https://github.com/ossf/scorecard.git synced 2024-09-19 21:18:09 +03:00

Author	SHA1	Message	Date
Batuhan Apaydın	6f1a43a0b6	🌱 add google/ko support for building/pusing container image (#1127 ) * feat: add google/ko support for building/pusing container image Signed-off-by: Batuhan Apaydın <batuhan.apaydin@trendyol.com> * feat: updates according to reviews Signed-off-by: Batuhan Apaydın <batuhan.apaydin@trendyol.com>	2021-10-26 17:22:22 +00:00
Chris McGehee	faab6969d6	Improve formatting, readability	2021-10-25 17:36:37 -05:00
Chris McGehee	c13783a040	🐛 Fixing parsing for Github workflow when matrix is an expression	2021-10-25 17:36:37 -05:00
olivekl	6f1a1cb1f4	📖 Update README.md (#1160 ) * Update README.md Add Prominent Scorecards Users section Add email groups Fix calendar link * Update README.md Add https:// to links in "Prominent Users" section Co-authored-by: Naveen <172697+naveensrinivasan@users.noreply.github.com>	2021-10-25 22:06:53 +00:00
naveen	311d2e2e42	🌱 Reproducible builds with static binary Changes to goreleaser to have static binaries and reproducible builds.	2021-10-25 15:58:47 -05:00
Naveen	c3d51a7739	🌱 Included arm64 release for darwin (#1157 )	2021-10-25 13:56:48 -05:00
Carlos Tadeu Panato Junior	3d9c599769	🌱 fix TestGetRepoURLs tests (#1158 ) * tests: fix TestGetRepoURLs tests Signed-off-by: Carlos Panato <ctadeu@gmail.com> * close test file Signed-off-by: Carlos Panato <ctadeu@gmail.com>	2021-10-25 11:03:02 -05:00
naveen	54f1429eaa	🌱 Fixed typo administrator Fixed typo administrator.	2021-10-23 16:29:32 -05:00
laurentsimon	950e0e3d2d	✨ Add support for file-based repo URIs (#1113 ) * draft * draft * docker file * error * fix * fix * fixa * bug * comments * missing merge * fix * fix rebase * merge issue * fix * validate format early * fix * fix2 * comments * fix	2021-10-21 20:08:56 +00:00
Azeem Shaikh	0d299c2965	Increase number of workers and 600k repos (#1150 ) Co-authored-by: Azeem Shaikh <azeems@google.com>	2021-10-20 21:18:42 +00:00
Azeem Shaikh	96140f9646	Add exponential backoff to CII badge check (#1147 ) Co-authored-by: Azeem Shaikh <azeems@google.com>	2021-10-20 18:13:17 +00:00
dependabot[bot]	f38abc03be	🌱 Bump actions/checkout from 1 to 2.3.5 (#1137 ) Bumps [actions/checkout](https://github.com/actions/checkout) from 1 to 2.3.5. - [Release notes](https://github.com/actions/checkout/releases) - [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md) - [Commits](https://github.com/actions/checkout/compare/v1...1e204e9a9253d643386038d443f96446fa156a97) --- updated-dependencies: - dependency-name: actions/checkout dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2021-10-19 19:28:58 +00:00
Romain Dauby	c26bea648d	📖 Minor fixes to markdown links (#1141 ) * Minor fixes to markdown links * Minor fix generate docs	2021-10-19 12:14:11 -07:00
Azeem Shaikh	b8eba248ac	Improve logging messages (#1140 ) Co-authored-by: Azeem Shaikh <azeems@google.com>	2021-10-18 15:08:15 -07:00
dependabot[bot]	b3874325f8	🌱 Bump goreleaser/goreleaser-action from 2.7.0 to 2.8.0 (#1136 ) Bumps [goreleaser/goreleaser-action](https://github.com/goreleaser/goreleaser-action) from 2.7.0 to 2.8.0. - [Release notes](https://github.com/goreleaser/goreleaser-action/releases) - [Commits](`5a54d7e660...5df302e5e9`) --- updated-dependencies: - dependency-name: goreleaser/goreleaser-action dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Naveen <172697+naveensrinivasan@users.noreply.github.com>	2021-10-18 15:23:28 +00:00
dependabot[bot]	a020b1632f	🌱 Bump crazy-max/ghaction-import-gpg from 4.0.0 to 4.1.0 Bumps [crazy-max/ghaction-import-gpg](https://github.com/crazy-max/ghaction-import-gpg) from 4.0.0 to 4.1.0. - [Release notes](https://github.com/crazy-max/ghaction-import-gpg/releases) - [Changelog](https://github.com/crazy-max/ghaction-import-gpg/blob/master/CHANGELOG.md) - [Commits](`8c43807e82...cb4264d331`) --- updated-dependencies: - dependency-name: crazy-max/ghaction-import-gpg dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com>	2021-10-18 08:05:46 -07:00
Azeem Shaikh	146dc8579f	Use token server in prod cron job (#1135 ) Co-authored-by: Azeem Shaikh <azeems@google.com>	2021-10-17 08:27:44 -07:00
Azeem Shaikh	5ec7b26e20	Fix `connection refused` errors (#1134 ) Co-authored-by: Azeem Shaikh <azeems@google.com>	2021-10-15 22:29:00 +00:00
olivekl	da94c7c253	📖 Update Install command for version 3 (#1125 ) * Update Install command for version 3 Change v2@latest to v@latest in README.md * Update install instruction to use GitHub releases Remove `go install` instructions and replace with instructions to download binary from GitHub releases * Update install instructions for GOPATH caps Change gopath to GOPATH	2021-10-15 12:10:36 -07:00
Azeem Shaikh	89cae3a62a	Use GitHub auth server in cron release test (#1133 ) Co-authored-by: Azeem Shaikh <azeems@google.com>	2021-10-15 10:24:31 -07:00
Azeem Shaikh	66f864022c	Add GitHub token server (#1132 ) Co-authored-by: Azeem Shaikh <azeems@google.com>	2021-10-15 03:03:51 +00:00
Chris McGehee	cf9399aad4	🐛 Fixing parsing errors for github workflows (#1131 )	2021-10-14 08:16:22 -07:00
dependabot[bot]	3233e4f5be	🌱 Bump github.com/onsi/ginkgo from 1.16.4 to 1.16.5 Bumps [github.com/onsi/ginkgo](https://github.com/onsi/ginkgo) from 1.16.4 to 1.16.5. - [Release notes](https://github.com/onsi/ginkgo/releases) - [Changelog](https://github.com/onsi/ginkgo/blob/master/CHANGELOG.md) - [Commits](https://github.com/onsi/ginkgo/compare/v1.16.4...v1.16.5) --- updated-dependencies: - dependency-name: github.com/onsi/ginkgo dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com>	2021-10-12 07:56:57 -04:00
Naveen	6c1c789dc5	🌱 v3 upgrade changes (#1118 ) v3 go.mod changes	2021-10-07 18:16:01 -05:00
laurentsimon	f153db5a4a	⚠️ remove CSV support (#1119 ) * remove CSV support * fixes	2021-10-07 13:54:21 -07:00
laurentsimon	8c2e123155	✨ Update BQ table in readme (#1116 ) * v2 table * comments	2021-10-07 16:26:00 +00:00
olivekl	aaff0e530c	📖 Edit and rework checks.md (via checks.yaml and main.go) (#1114 ) * Update checks.yaml to generate new checks.md docs * Update main.go Update overview text and add link * -m "update TODO for Contrib and Signed-Releases" * -m "Add admin setting info to Branch-Protection" * -m "generate docs, fix typos" * -m "generate docs" * -m "add links, small edits to checks.yml" * -m "generate docs.md" * Clarify Pinned-Dependencies remediation * "Generate docs" * "Add admin-only Branch-Protection checks" * "Regenerate docs" Co-authored-by: Azeem Shaikh <azeemshaikh38@gmail.com>	2021-10-06 22:07:49 +00:00
Azeem Shaikh	6935be8110	Disable all monitoring temporarily (#1110 ) Co-authored-by: Azeem Shaikh <azeems@google.com>	2021-10-06 18:39:00 +00:00
laurentsimon	4eb5b34932	update v2 BQ table (#1111 ) > LGTM. Will merge it when I rename the BQ table successfully. Done. Merging now.	2021-10-05 19:33:09 -07:00
naveen	42fd97fa60	🐛Incomplete regular expression for hostnames This regular expression has an unescaped dot before 'com', so it might match more hosts than expected when used. This addresses the code scanning alert.	2021-10-05 15:30:20 -04:00
dependabot[bot]	97ae47564a	🌱 Bump mvdan.cc/sh/v3 from 3.3.1 to 3.4.0 (#1098 ) Bumps [mvdan.cc/sh/v3](https://github.com/mvdan/sh) from 3.3.1 to 3.4.0. - [Release notes](https://github.com/mvdan/sh/releases) - [Changelog](https://github.com/mvdan/sh/blob/master/CHANGELOG.md) - [Commits](https://github.com/mvdan/sh/compare/v3.3.1...v3.4.0) --- updated-dependencies: - dependency-name: mvdan.cc/sh/v3 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Naveen <172697+naveensrinivasan@users.noreply.github.com>	2021-10-04 23:58:03 +00:00
naveen	7ca5061efc	🌱 Remove OSV ignores The checks for OSV ignored a few OSV. These have been fixed and removing them from the ignore list.	2021-10-04 16:19:14 -05:00
naveen	6190be23d8	🌱Upgrad xz library to FIX CVE-2021-29482 This fixes the https://github.com/advisories/GHSA-25xm-hr59-7c27	2021-10-04 14:38:38 -05:00
Naveen	589ceac382	🌱 Update the uuid library to avoid CVE (#1102 ) Fixes OSV GO-2020-0018 https://github.com/satori/go.uuid/issues/73	2021-10-04 18:15:41 +00:00
naveen	f78bc44b94	🌱 Updates the DNS library for CVE Updated the DNS library version to address the CVE	2021-10-04 12:41:15 -05:00
Naveen	aaa3512af7	🌱 Fix integration githubaction permissions (#985 ) * Changed the integration GitHub action permissions to contents:read, pull-requests:write	2021-10-04 09:33:31 -05:00
laurentsimon	c39672b788	✨ Delete pushed file from previous PR (#1096 ) * fixes * fixes * fix	2021-10-01 22:58:09 +00:00
laurentsimon	b00b3d36f0	✨ Improve GitHub SARIF generation (#1094 ) * changes * fix * fix * fix * comment * bug * draft * draft * draft * fixes * fixes * update tests * linter * comments * comments * comments	2021-10-01 22:01:46 +00:00
dependabot[bot]	f63f07ddc5	🌱 Bump actions/github-script from 4.1.1 to 5 (#1067 ) * 🌱 Bump actions/github-script from 4.1.1 to 5 Bumps [actions/github-script](https://github.com/actions/github-script) from 4.1.1 to 5. - [Release notes](https://github.com/actions/github-script/releases) - [Commits](`deb7ae927c...441359b1a3`) --- updated-dependencies: - dependency-name: actions/github-script dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com> * Update integration.yml Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Azeem Shaikh <azeemshaikh38@gmail.com>	2021-10-01 03:57:43 +00:00
dependabot[bot]	2020ccaee9	🌱 Bump distroless/base in /cron/worker (#1078 ) Bumps distroless/base from `a74f307` to `3e771f1`. --- updated-dependencies: - dependency-name: distroless/base dependency-type: direct:production ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Azeem Shaikh <azeemshaikh38@gmail.com>	2021-10-01 03:39:40 +00:00
laurentsimon	e60bf03d91	disable PR (#1093 )	2021-10-01 00:13:47 +00:00
Read Sprabery	98f77eea5b	Detect unverified installs of npm packages (#1043 ) Co-authored-by: Naveen <172697+naveensrinivasan@users.noreply.github.com>	2021-09-30 19:40:04 +00:00
dependabot[bot]	16b0c1c62d	🌱 Bump cloud.google.com/go/bigquery from 1.22.0 to 1.24.0 (#1087 ) Bumps [cloud.google.com/go/bigquery](https://github.com/googleapis/google-cloud-go) from 1.22.0 to 1.24.0. - [Release notes](https://github.com/googleapis/google-cloud-go/releases) - [Changelog](https://github.com/googleapis/google-cloud-go/blob/master/CHANGES.md) - [Commits](https://github.com/googleapis/google-cloud-go/compare/spanner/v1.22.0...spanner/v1.24.0) --- updated-dependencies: - dependency-name: cloud.google.com/go/bigquery dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Azeem Shaikh <azeemshaikh38@gmail.com>	2021-09-30 19:16:23 +00:00
dependabot[bot]	e8ec351cba	🌱 Bump github.com/bradleyfalzon/ghinstallation/v2 (#1068 ) Bumps [github.com/bradleyfalzon/ghinstallation/v2](https://github.com/bradleyfalzon/ghinstallation) from 2.0.2 to 2.0.3. - [Release notes](https://github.com/bradleyfalzon/ghinstallation/releases) - [Commits](https://github.com/bradleyfalzon/ghinstallation/compare/v2.0.2...v2.0.3) --- updated-dependencies: - dependency-name: github.com/bradleyfalzon/ghinstallation/v2 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2021-09-30 18:07:28 +00:00
olivekl	c45f70bc90	📖 Add aggregate scoring documentation (#1063 ) * Update README.md Add scoring explanation, including aggregate scoring and risk weighting Add Aggregate score to example output Add omitted word * Update README.md Minor edit, remove word Co-authored-by: Azeem Shaikh <azeemshaikh38@gmail.com>	2021-09-30 17:47:35 +00:00
dependabot[bot]	c10ac4bcb8	🌱 Bump distroless/base in /cron/webhook (#1076 ) Bumps distroless/base from `a74f307` to `3e771f1`. --- updated-dependencies: - dependency-name: distroless/base dependency-type: direct:production ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Azeem Shaikh <azeemshaikh38@gmail.com>	2021-09-30 16:45:55 +00:00
dependabot[bot]	d2f58ab8b7	🌱 Bump distroless/base in /cron/controller (#1077 ) Bumps distroless/base from `a74f307` to `3e771f1`. --- updated-dependencies: - dependency-name: distroless/base dependency-type: direct:production ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Azeem Shaikh <azeemshaikh38@gmail.com>	2021-09-30 16:19:05 +00:00
Azeem Shaikh	cf3550711e	200k projects (#1091 ) Co-authored-by: Azeem Shaikh <azeems@google.com>	2021-09-30 15:45:51 +00:00
dependabot[bot]	701a65e60c	🌱 Bump distroless/base from `3e771f1` to `56d73a6` Bumps distroless/base from `3e771f1` to `56d73a6`. --- updated-dependencies: - dependency-name: distroless/base dependency-type: direct:production ... Signed-off-by: dependabot[bot] <support@github.com>	2021-09-30 06:50:25 -05:00
laurentsimon	83bb5af0ef	fix (#1089 )	2021-09-29 23:19:44 +00:00

... 2 3 4 5 6 ...

1005 Commits