dependabot[bot]
|
d435e94367
|
🌱 Bump github.com/caarlos0/env/v6 from 6.9.2 to 6.9.3
Bumps [github.com/caarlos0/env/v6](https://github.com/caarlos0/env) from 6.9.2 to 6.9.3.
- [Release notes](https://github.com/caarlos0/env/releases)
- [Changelog](https://github.com/caarlos0/env/blob/main/.goreleaser.yml)
- [Commits](https://github.com/caarlos0/env/compare/v6.9.2...v6.9.3)
---
updated-dependencies:
- dependency-name: github.com/caarlos0/env/v6
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
|
2022-05-31 11:35:07 +00:00 |
|
Azeem Shaikh
|
70d045b9ef
|
Only pull required branch names (#1965)
Co-authored-by: Azeem Shaikh <azeems@google.com>
|
2022-05-27 22:25:24 +00:00 |
|
dependabot[bot]
|
1471c807da
|
🌱 Bump crazy-max/ghaction-import-gpg from 4.4.0 to 5
Bumps [crazy-max/ghaction-import-gpg](https://github.com/crazy-max/ghaction-import-gpg) from 4.4.0 to 5.
- [Release notes](https://github.com/crazy-max/ghaction-import-gpg/releases)
- [Changelog](https://github.com/crazy-max/ghaction-import-gpg/blob/master/CHANGELOG.md)
- [Commits](e00cb83a68...34ea557550 )
---
updated-dependencies:
- dependency-name: crazy-max/ghaction-import-gpg
dependency-type: direct:production
update-type: version-update:semver-major
...
Signed-off-by: dependabot[bot] <support@github.com>
|
2022-05-27 16:31:07 +00:00 |
|
dependabot[bot]
|
a997c0abe1
|
🌱 Bump actions/setup-go from 3.1.0 to 3.2.0
Bumps [actions/setup-go](https://github.com/actions/setup-go) from 3.1.0 to 3.2.0.
- [Release notes](https://github.com/actions/setup-go/releases)
- [Commits](fcdc43634a...b22fbbc292 )
---
updated-dependencies:
- dependency-name: actions/setup-go
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
|
2022-05-27 16:08:17 +00:00 |
|
dependabot[bot]
|
f8ab8d0282
|
🌱 Bump github.com/jszwec/csvutil from 1.6.0 to 1.7.0
Bumps [github.com/jszwec/csvutil](https://github.com/jszwec/csvutil) from 1.6.0 to 1.7.0.
- [Release notes](https://github.com/jszwec/csvutil/releases)
- [Commits](https://github.com/jszwec/csvutil/compare/v1.6.0...v1.7.0)
---
updated-dependencies:
- dependency-name: github.com/jszwec/csvutil
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
|
2022-05-27 15:44:07 +00:00 |
|
dependabot[bot]
|
b491e47611
|
🌱 Bump ossf/scorecard-action from 1.0.4 to 1.1.0 (#1963)
Bumps [ossf/scorecard-action](https://github.com/ossf/scorecard-action) from 1.0.4 to 1.1.0.
- [Release notes](https://github.com/ossf/scorecard-action/releases)
- [Changelog](https://github.com/ossf/scorecard-action/blob/main/RELEASE.md)
- [Commits](c1aec4ac82...5c8bc69dc8 )
---
updated-dependencies:
- dependency-name: ossf/scorecard-action
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
|
2022-05-26 18:26:59 +00:00 |
|
Azeem Shaikh
|
a30bd749cb
|
Fix bug in move to internal (#1964)
Co-authored-by: Azeem Shaikh <azeems@google.com>
|
2022-05-26 17:13:04 +00:00 |
|
Aiden Wang
|
3e2c0fa1f8
|
✨ Update message for org-level security policy files (#1939)
* modified checks/evaluation/security_policy.go (issue #1908)
* issue #1908 fixing temp save 05202022
* issue #1908 bug fixes
* debug comments deletion
* minor midifications
* temp save 0524-1
* temp save 0524-2
* bug fix #1908
* bug fix #1908 (2)
* bug fix #1908 (3)
* #1908
* merge from upstream/main & minor changes
* minor changes -2
* Update security_policy.go
* Update security_policy.go
* Update security_policy.go (linter error fix)
Co-authored-by: Aiden Wang <aidenwang@google.com>
Co-authored-by: laurentsimon <64505099+laurentsimon@users.noreply.github.com>
|
2022-05-26 15:22:30 +00:00 |
|
Azeem Shaikh
|
d1714a289a
|
Move the cron job to internal package (#1960)
Co-authored-by: Azeem Shaikh <azeems@google.com>
|
2022-05-25 15:37:22 -07:00 |
|
Azeem Shaikh
|
6a21afb410
|
Fix bug in cron setup (#1959)
Co-authored-by: Azeem Shaikh <azeems@google.com>
|
2022-05-25 20:46:50 +00:00 |
|
dependabot[bot]
|
950ff1f9e8
|
🌱 Bump mvdan.cc/sh/v3 from 3.5.0 to 3.5.1
Bumps [mvdan.cc/sh/v3](https://github.com/mvdan/sh) from 3.5.0 to 3.5.1.
- [Release notes](https://github.com/mvdan/sh/releases)
- [Changelog](https://github.com/mvdan/sh/blob/master/CHANGELOG.md)
- [Commits](https://github.com/mvdan/sh/compare/v3.5.0...v3.5.1)
---
updated-dependencies:
- dependency-name: mvdan.cc/sh/v3
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
|
2022-05-25 18:50:29 +00:00 |
|
Azeem Shaikh
|
25c7e1c7f2
|
Replace checker.Commit with clients.Commit (#1950)
Co-authored-by: Azeem Shaikh <azeems@google.com>
|
2022-05-24 23:11:37 +00:00 |
|
Azeem Shaikh
|
96fac8a941
|
Replace checker.Vuln with clients.Vuln (#1955)
Co-authored-by: Azeem Shaikh <azeems@google.com>
|
2022-05-24 20:15:37 +00:00 |
|
Azeem Shaikh
|
edd371cf7d
|
Replace checker.BP with clients.BP (#1953)
Co-authored-by: Azeem Shaikh <azeems@google.com>
|
2022-05-24 12:34:07 -07:00 |
|
dependabot[bot]
|
d5e755cb08
|
🌱 Bump actions/dependency-review-action from 1.0.1 to 1.0.2
Bumps [actions/dependency-review-action](https://github.com/actions/dependency-review-action) from 1.0.1 to 1.0.2.
- [Release notes](https://github.com/actions/dependency-review-action/releases)
- [Commits](39e692fa32...a9c83d3af6 )
---
updated-dependencies:
- dependency-name: actions/dependency-review-action
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
|
2022-05-24 13:54:08 +00:00 |
|
Azeem Shaikh
|
4b655b45ce
|
Replace checker.Webhook with clients.Webhook (#1948)
Co-authored-by: Azeem Shaikh <azeems@google.com>
|
2022-05-24 02:47:12 +00:00 |
|
Azeem Shaikh
|
9a2a4f16bd
|
Replace checker.Release with clients.Release (#1946)
Co-authored-by: Azeem Shaikh <azeems@google.com>
|
2022-05-24 02:05:02 +00:00 |
|
Azeem Shaikh
|
33e3106320
|
Replace checker.Issue with clients.Issue (#1944)
Co-authored-by: Azeem Shaikh <azeems@google.com>
|
2022-05-24 01:07:25 +00:00 |
|
laurentsimon
|
720a049464
|
updates (#1947)
|
2022-05-23 21:24:39 +00:00 |
|
Azeem Shaikh
|
1a2f08827f
|
Replace checker.CIIBadge with clients.CIIBadge (#1945)
Co-authored-by: Azeem Shaikh <azeems@google.com>
|
2022-05-23 20:30:56 +00:00 |
|
dependabot[bot]
|
108f88d056
|
🌱 Bump actions/upload-artifact from 3.0.0 to 3.1.0 (#1941)
Bumps [actions/upload-artifact](https://github.com/actions/upload-artifact) from 3.0.0 to 3.1.0.
- [Release notes](https://github.com/actions/upload-artifact/releases)
- [Commits](6673cd052c...3cea537223 )
---
updated-dependencies:
- dependency-name: actions/upload-artifact
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
|
2022-05-23 06:41:30 -05:00 |
|
Vihang Mehta
|
7ac81a334f
|
🐛Fix debug log for Piper (#1937)
Signed-off-by: Vihang Mehta <vihang@pixielabs.ai>
|
2022-05-22 23:41:45 +00:00 |
|
dependabot[bot]
|
61f24c053e
|
🌱 Bump github.com/golangci/golangci-lint in /tools (#1924)
Bumps [github.com/golangci/golangci-lint](https://github.com/golangci/golangci-lint) from 1.46.0 to 1.46.2.
- [Release notes](https://github.com/golangci/golangci-lint/releases)
- [Changelog](https://github.com/golangci/golangci-lint/blob/master/CHANGELOG.md)
- [Commits](https://github.com/golangci/golangci-lint/compare/v1.46.0...v1.46.2)
---
updated-dependencies:
- dependency-name: github.com/golangci/golangci-lint
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
|
2022-05-22 14:53:42 +00:00 |
|
dependabot[bot]
|
2d72623a6c
|
🌱 Bump github.com/rhysd/actionlint from 1.6.12 to 1.6.13
Bumps [github.com/rhysd/actionlint](https://github.com/rhysd/actionlint) from 1.6.12 to 1.6.13.
- [Release notes](https://github.com/rhysd/actionlint/releases)
- [Changelog](https://github.com/rhysd/actionlint/blob/main/CHANGELOG.md)
- [Commits](https://github.com/rhysd/actionlint/compare/v1.6.12...v1.6.13)
---
updated-dependencies:
- dependency-name: github.com/rhysd/actionlint
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
|
2022-05-22 13:49:42 +00:00 |
|
dependabot[bot]
|
7e4cd514fc
|
🌱 Bump distroless/base in /cron/controller (#1929)
Bumps distroless/base from `764b74b` to `d65ac1a`.
---
updated-dependencies:
- dependency-name: distroless/base
dependency-type: direct:production
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
|
2022-05-22 12:55:12 +00:00 |
|
laurentsimon
|
2fc48e3b38
|
✨ Use Tool for raw fuzzing results (#1935)
* updates
* updates
|
2022-05-21 01:43:09 +00:00 |
|
laurentsimon
|
af7f865b9d
|
update (#1926)
|
2022-05-20 15:59:53 +00:00 |
|
dependabot[bot]
|
399d9974e4
|
🌱 Bump distroless/base from 764b74b to d65ac1a
Bumps distroless/base from `764b74b` to `d65ac1a`.
---
updated-dependencies:
- dependency-name: distroless/base
dependency-type: direct:production
...
Signed-off-by: dependabot[bot] <support@github.com>
|
2022-05-20 01:41:04 +00:00 |
|
laurentsimon
|
8d8bcf2f69
|
✨ Raw results for Fuzzing check (#1917)
* update
* update
* update
* update
* linter
* comments
* comments
|
2022-05-20 00:55:49 +00:00 |
|
dependabot[bot]
|
fb45cd7e9d
|
🌱 Bump distroless/base in /cron/webhook
Bumps distroless/base from `764b74b` to `d65ac1a`.
---
updated-dependencies:
- dependency-name: distroless/base
dependency-type: direct:production
...
Signed-off-by: dependabot[bot] <support@github.com>
|
2022-05-19 16:45:34 +00:00 |
|
dependabot[bot]
|
c0178f953c
|
🌱 Bump github.com/google/go-containerregistry
Bumps [github.com/google/go-containerregistry](https://github.com/google/go-containerregistry) from 0.8.0 to 0.9.0.
- [Release notes](https://github.com/google/go-containerregistry/releases)
- [Changelog](https://github.com/google/go-containerregistry/blob/main/.goreleaser.yml)
- [Commits](https://github.com/google/go-containerregistry/compare/v0.8.0...v0.9.0)
---
updated-dependencies:
- dependency-name: github.com/google/go-containerregistry
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
|
2022-05-19 13:30:10 +00:00 |
|
dependabot[bot]
|
5843c148db
|
🌱 Bump distroless/base in /cron/worker
Bumps distroless/base from `764b74b` to `d65ac1a`.
---
updated-dependencies:
- dependency-name: distroless/base
dependency-type: direct:production
...
Signed-off-by: dependabot[bot] <support@github.com>
|
2022-05-19 12:54:38 +00:00 |
|
laurentsimon
|
b4700ab5df
|
✨ Raw results for Contributors check (#1919)
* update
* update
* linter
* linter
|
2022-05-18 18:13:10 +00:00 |
|
Azeem Shaikh
|
8fdb0e767e
|
Cron cleanup (#1925)
Co-authored-by: Azeem Shaikh <azeems@google.com>
|
2022-05-18 09:48:40 -07:00 |
|
dependabot[bot]
|
fc7157e38a
|
🌱 Bump actions/dependency-review-action from 1.0.0 to 1.0.1 (#1923)
Bumps [actions/dependency-review-action](https://github.com/actions/dependency-review-action) from 1.0.0 to 1.0.1.
- [Release notes](https://github.com/actions/dependency-review-action/releases)
- [Commits](3f943b86c9...39e692fa32 )
---
updated-dependencies:
- dependency-name: actions/dependency-review-action
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
|
2022-05-18 07:10:22 -05:00 |
|
Naveen
|
bbaf072dd5
|
⚠️ Remove the oldjson format from cron (#1920)
- removed the old json format from cron
fix https://github.com/ossf/scorecard/pull/1487
Signed-off-by: naveensrinivasan <172697+naveensrinivasan@users.noreply.github.com>
|
2022-05-17 17:31:25 -07:00 |
|
Appu
|
e7ef60d7fe
|
📖 Add information for pinning manfest lists (#1918)
* Add information for pinning manfest lists
Signed-off-by: Appu Goundan <appu@google.com>
* Update checks.md
|
2022-05-17 10:36:57 -07:00 |
|
dependabot[bot]
|
6406cfd4e3
|
🌱 Bump actions/setup-go from 3.0.0 to 3.1.0
Bumps [actions/setup-go](https://github.com/actions/setup-go) from 3.0.0 to 3.1.0.
- [Release notes](https://github.com/actions/setup-go/releases)
- [Commits](f6164bd8c8...fcdc43634a )
---
updated-dependencies:
- dependency-name: actions/setup-go
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
|
2022-05-16 16:52:04 +00:00 |
|
Azeem Shaikh
|
236b296403
|
Do not fail on empty repositories (#1914)
Co-authored-by: Azeem Shaikh <azeems@google.com>
|
2022-05-16 00:41:17 +00:00 |
|
laurentsimon
|
b1ab7eb9bb
|
✨ Update raw format for Dangerous workflows (#1865)
* updates
* e2e fix
* comments
|
2022-05-13 19:10:57 -07:00 |
|
Scott Ford
|
cd0470403b
|
📖 Fixes description for webhook check (#1882)
Signed-off-by: Scott Ford <scott@scottford.io>
|
2022-05-12 21:14:43 +00:00 |
|
Naveen
|
0275a94a3f
|
:warn: Remove the old Details field from CheckResult (#1906)
https://github.com/ossf/scorecard/issues/1393
Signed-off-by: naveensrinivasan <172697+naveensrinivasan@users.noreply.github.com>
|
2022-05-12 12:58:12 -07:00 |
|
naveensrinivasan
|
b9f333bc2a
|
⚠️ Remove the pass from the CheckResult
- Remove Pass field from CheckResult
Signed-off-by: naveensrinivasan <172697+naveensrinivasan@users.noreply.github.com>
|
2022-05-12 14:03:19 -05:00 |
|
dependabot[bot]
|
f0481647dd
|
🌱 Bump github.com/caarlos0/env/v6 from 6.9.1 to 6.9.2
Bumps [github.com/caarlos0/env/v6](https://github.com/caarlos0/env) from 6.9.1 to 6.9.2.
- [Release notes](https://github.com/caarlos0/env/releases)
- [Changelog](https://github.com/caarlos0/env/blob/main/.goreleaser.yml)
- [Commits](https://github.com/caarlos0/env/compare/v6.9.1...v6.9.2)
---
updated-dependencies:
- dependency-name: github.com/caarlos0/env/v6
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
|
2022-05-12 17:13:16 +00:00 |
|
dependabot[bot]
|
74f521fcf2
|
🌱 Bump mvdan.cc/sh/v3 from 3.4.3 to 3.5.0
Bumps [mvdan.cc/sh/v3](https://github.com/mvdan/sh) from 3.4.3 to 3.5.0.
- [Release notes](https://github.com/mvdan/sh/releases)
- [Changelog](https://github.com/mvdan/sh/blob/master/CHANGELOG.md)
- [Commits](https://github.com/mvdan/sh/compare/v3.4.3...v3.5.0)
---
updated-dependencies:
- dependency-name: mvdan.cc/sh/v3
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
|
2022-05-12 14:43:48 +00:00 |
|
dependabot[bot]
|
2b35afc5bb
|
🌱 Bump github.com/golangci/golangci-lint in /tools
Bumps [github.com/golangci/golangci-lint](https://github.com/golangci/golangci-lint) from 1.45.2 to 1.46.0.
- [Release notes](https://github.com/golangci/golangci-lint/releases)
- [Changelog](https://github.com/golangci/golangci-lint/blob/master/CHANGELOG.md)
- [Commits](https://github.com/golangci/golangci-lint/compare/v1.45.2...v1.46.0)
---
updated-dependencies:
- dependency-name: github.com/golangci/golangci-lint
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
|
2022-05-12 02:04:06 +00:00 |
|
laurentsimon
|
0f30f4eec7
|
✨ Make permission check aware of GH Pages Action (#1902)
* update
* update
* update
|
2022-05-11 20:41:37 -05:00 |
|
dependabot[bot]
|
2fc6fbb196
|
🌱 Bump cloud.google.com/go/bigquery from 1.31.0 to 1.32.0
Bumps [cloud.google.com/go/bigquery](https://github.com/googleapis/google-cloud-go) from 1.31.0 to 1.32.0.
- [Release notes](https://github.com/googleapis/google-cloud-go/releases)
- [Changelog](https://github.com/googleapis/google-cloud-go/blob/main/CHANGES.md)
- [Commits](https://github.com/googleapis/google-cloud-go/compare/spanner/v1.31.0...spanner/v1.32.0)
---
updated-dependencies:
- dependency-name: cloud.google.com/go/bigquery
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
|
2022-05-11 08:47:39 -05:00 |
|
Romain Dauby
|
804127f46a
|
Upgrade to buildkit 0.10.3
|
2022-05-10 10:55:48 -05:00 |
|
06kellyjac
|
c5d787a598
|
pkg: refactor out scorecard_version
|
2022-05-10 09:51:55 -05:00 |
|