Commit Graph

1373 Commits

Author SHA1 Message Date
dependabot[bot]
d435e94367 🌱 Bump github.com/caarlos0/env/v6 from 6.9.2 to 6.9.3
Bumps [github.com/caarlos0/env/v6](https://github.com/caarlos0/env) from 6.9.2 to 6.9.3.
- [Release notes](https://github.com/caarlos0/env/releases)
- [Changelog](https://github.com/caarlos0/env/blob/main/.goreleaser.yml)
- [Commits](https://github.com/caarlos0/env/compare/v6.9.2...v6.9.3)

---
updated-dependencies:
- dependency-name: github.com/caarlos0/env/v6
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2022-05-31 11:35:07 +00:00
Azeem Shaikh
70d045b9ef
Only pull required branch names (#1965)
Co-authored-by: Azeem Shaikh <azeems@google.com>
2022-05-27 22:25:24 +00:00
dependabot[bot]
1471c807da 🌱 Bump crazy-max/ghaction-import-gpg from 4.4.0 to 5
Bumps [crazy-max/ghaction-import-gpg](https://github.com/crazy-max/ghaction-import-gpg) from 4.4.0 to 5.
- [Release notes](https://github.com/crazy-max/ghaction-import-gpg/releases)
- [Changelog](https://github.com/crazy-max/ghaction-import-gpg/blob/master/CHANGELOG.md)
- [Commits](e00cb83a68...34ea557550)

---
updated-dependencies:
- dependency-name: crazy-max/ghaction-import-gpg
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
2022-05-27 16:31:07 +00:00
dependabot[bot]
a997c0abe1 🌱 Bump actions/setup-go from 3.1.0 to 3.2.0
Bumps [actions/setup-go](https://github.com/actions/setup-go) from 3.1.0 to 3.2.0.
- [Release notes](https://github.com/actions/setup-go/releases)
- [Commits](fcdc43634a...b22fbbc292)

---
updated-dependencies:
- dependency-name: actions/setup-go
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
2022-05-27 16:08:17 +00:00
dependabot[bot]
f8ab8d0282 🌱 Bump github.com/jszwec/csvutil from 1.6.0 to 1.7.0
Bumps [github.com/jszwec/csvutil](https://github.com/jszwec/csvutil) from 1.6.0 to 1.7.0.
- [Release notes](https://github.com/jszwec/csvutil/releases)
- [Commits](https://github.com/jszwec/csvutil/compare/v1.6.0...v1.7.0)

---
updated-dependencies:
- dependency-name: github.com/jszwec/csvutil
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
2022-05-27 15:44:07 +00:00
dependabot[bot]
b491e47611
🌱 Bump ossf/scorecard-action from 1.0.4 to 1.1.0 (#1963)
Bumps [ossf/scorecard-action](https://github.com/ossf/scorecard-action) from 1.0.4 to 1.1.0.
- [Release notes](https://github.com/ossf/scorecard-action/releases)
- [Changelog](https://github.com/ossf/scorecard-action/blob/main/RELEASE.md)
- [Commits](c1aec4ac82...5c8bc69dc8)

---
updated-dependencies:
- dependency-name: ossf/scorecard-action
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-05-26 18:26:59 +00:00
Azeem Shaikh
a30bd749cb
Fix bug in move to internal (#1964)
Co-authored-by: Azeem Shaikh <azeems@google.com>
2022-05-26 17:13:04 +00:00
Aiden Wang
3e2c0fa1f8
Update message for org-level security policy files (#1939)
* modified checks/evaluation/security_policy.go (issue #1908)

* issue #1908 fixing temp save 05202022

* issue #1908 bug fixes

* debug comments deletion

* minor midifications

* temp save 0524-1

* temp save 0524-2

* bug fix #1908

* bug fix #1908 (2)

* bug fix #1908 (3)

* #1908

* merge from upstream/main & minor changes

* minor changes -2

* Update security_policy.go

* Update security_policy.go

* Update security_policy.go (linter error fix)

Co-authored-by: Aiden Wang <aidenwang@google.com>
Co-authored-by: laurentsimon <64505099+laurentsimon@users.noreply.github.com>
2022-05-26 15:22:30 +00:00
Azeem Shaikh
d1714a289a
Move the cron job to internal package (#1960)
Co-authored-by: Azeem Shaikh <azeems@google.com>
2022-05-25 15:37:22 -07:00
Azeem Shaikh
6a21afb410
Fix bug in cron setup (#1959)
Co-authored-by: Azeem Shaikh <azeems@google.com>
2022-05-25 20:46:50 +00:00
dependabot[bot]
950ff1f9e8 🌱 Bump mvdan.cc/sh/v3 from 3.5.0 to 3.5.1
Bumps [mvdan.cc/sh/v3](https://github.com/mvdan/sh) from 3.5.0 to 3.5.1.
- [Release notes](https://github.com/mvdan/sh/releases)
- [Changelog](https://github.com/mvdan/sh/blob/master/CHANGELOG.md)
- [Commits](https://github.com/mvdan/sh/compare/v3.5.0...v3.5.1)

---
updated-dependencies:
- dependency-name: mvdan.cc/sh/v3
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2022-05-25 18:50:29 +00:00
Azeem Shaikh
25c7e1c7f2
Replace checker.Commit with clients.Commit (#1950)
Co-authored-by: Azeem Shaikh <azeems@google.com>
2022-05-24 23:11:37 +00:00
Azeem Shaikh
96fac8a941
Replace checker.Vuln with clients.Vuln (#1955)
Co-authored-by: Azeem Shaikh <azeems@google.com>
2022-05-24 20:15:37 +00:00
Azeem Shaikh
edd371cf7d
Replace checker.BP with clients.BP (#1953)
Co-authored-by: Azeem Shaikh <azeems@google.com>
2022-05-24 12:34:07 -07:00
dependabot[bot]
d5e755cb08 🌱 Bump actions/dependency-review-action from 1.0.1 to 1.0.2
Bumps [actions/dependency-review-action](https://github.com/actions/dependency-review-action) from 1.0.1 to 1.0.2.
- [Release notes](https://github.com/actions/dependency-review-action/releases)
- [Commits](39e692fa32...a9c83d3af6)

---
updated-dependencies:
- dependency-name: actions/dependency-review-action
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2022-05-24 13:54:08 +00:00
Azeem Shaikh
4b655b45ce
Replace checker.Webhook with clients.Webhook (#1948)
Co-authored-by: Azeem Shaikh <azeems@google.com>
2022-05-24 02:47:12 +00:00
Azeem Shaikh
9a2a4f16bd
Replace checker.Release with clients.Release (#1946)
Co-authored-by: Azeem Shaikh <azeems@google.com>
2022-05-24 02:05:02 +00:00
Azeem Shaikh
33e3106320
Replace checker.Issue with clients.Issue (#1944)
Co-authored-by: Azeem Shaikh <azeems@google.com>
2022-05-24 01:07:25 +00:00
laurentsimon
720a049464
updates (#1947) 2022-05-23 21:24:39 +00:00
Azeem Shaikh
1a2f08827f
Replace checker.CIIBadge with clients.CIIBadge (#1945)
Co-authored-by: Azeem Shaikh <azeems@google.com>
2022-05-23 20:30:56 +00:00
dependabot[bot]
108f88d056
🌱 Bump actions/upload-artifact from 3.0.0 to 3.1.0 (#1941)
Bumps [actions/upload-artifact](https://github.com/actions/upload-artifact) from 3.0.0 to 3.1.0.
- [Release notes](https://github.com/actions/upload-artifact/releases)
- [Commits](6673cd052c...3cea537223)

---
updated-dependencies:
- dependency-name: actions/upload-artifact
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-05-23 06:41:30 -05:00
Vihang Mehta
7ac81a334f
🐛Fix debug log for Piper (#1937)
Signed-off-by: Vihang Mehta <vihang@pixielabs.ai>
2022-05-22 23:41:45 +00:00
dependabot[bot]
61f24c053e
🌱 Bump github.com/golangci/golangci-lint in /tools (#1924)
Bumps [github.com/golangci/golangci-lint](https://github.com/golangci/golangci-lint) from 1.46.0 to 1.46.2.
- [Release notes](https://github.com/golangci/golangci-lint/releases)
- [Changelog](https://github.com/golangci/golangci-lint/blob/master/CHANGELOG.md)
- [Commits](https://github.com/golangci/golangci-lint/compare/v1.46.0...v1.46.2)

---
updated-dependencies:
- dependency-name: github.com/golangci/golangci-lint
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-05-22 14:53:42 +00:00
dependabot[bot]
2d72623a6c 🌱 Bump github.com/rhysd/actionlint from 1.6.12 to 1.6.13
Bumps [github.com/rhysd/actionlint](https://github.com/rhysd/actionlint) from 1.6.12 to 1.6.13.
- [Release notes](https://github.com/rhysd/actionlint/releases)
- [Changelog](https://github.com/rhysd/actionlint/blob/main/CHANGELOG.md)
- [Commits](https://github.com/rhysd/actionlint/compare/v1.6.12...v1.6.13)

---
updated-dependencies:
- dependency-name: github.com/rhysd/actionlint
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2022-05-22 13:49:42 +00:00
dependabot[bot]
7e4cd514fc
🌱 Bump distroless/base in /cron/controller (#1929)
Bumps distroless/base from `764b74b` to `d65ac1a`.

---
updated-dependencies:
- dependency-name: distroless/base
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-05-22 12:55:12 +00:00
laurentsimon
2fc48e3b38
Use Tool for raw fuzzing results (#1935)
* updates

* updates
2022-05-21 01:43:09 +00:00
laurentsimon
af7f865b9d
update (#1926) 2022-05-20 15:59:53 +00:00
dependabot[bot]
399d9974e4 🌱 Bump distroless/base from 764b74b to d65ac1a
Bumps distroless/base from `764b74b` to `d65ac1a`.

---
updated-dependencies:
- dependency-name: distroless/base
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
2022-05-20 01:41:04 +00:00
laurentsimon
8d8bcf2f69
Raw results for Fuzzing check (#1917)
* update

* update

* update

* update

* linter

* comments

* comments
2022-05-20 00:55:49 +00:00
dependabot[bot]
fb45cd7e9d 🌱 Bump distroless/base in /cron/webhook
Bumps distroless/base from `764b74b` to `d65ac1a`.

---
updated-dependencies:
- dependency-name: distroless/base
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
2022-05-19 16:45:34 +00:00
dependabot[bot]
c0178f953c 🌱 Bump github.com/google/go-containerregistry
Bumps [github.com/google/go-containerregistry](https://github.com/google/go-containerregistry) from 0.8.0 to 0.9.0.
- [Release notes](https://github.com/google/go-containerregistry/releases)
- [Changelog](https://github.com/google/go-containerregistry/blob/main/.goreleaser.yml)
- [Commits](https://github.com/google/go-containerregistry/compare/v0.8.0...v0.9.0)

---
updated-dependencies:
- dependency-name: github.com/google/go-containerregistry
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
2022-05-19 13:30:10 +00:00
dependabot[bot]
5843c148db 🌱 Bump distroless/base in /cron/worker
Bumps distroless/base from `764b74b` to `d65ac1a`.

---
updated-dependencies:
- dependency-name: distroless/base
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
2022-05-19 12:54:38 +00:00
laurentsimon
b4700ab5df
Raw results for Contributors check (#1919)
* update

* update

* linter

* linter
2022-05-18 18:13:10 +00:00
Azeem Shaikh
8fdb0e767e
Cron cleanup (#1925)
Co-authored-by: Azeem Shaikh <azeems@google.com>
2022-05-18 09:48:40 -07:00
dependabot[bot]
fc7157e38a
🌱 Bump actions/dependency-review-action from 1.0.0 to 1.0.1 (#1923)
Bumps [actions/dependency-review-action](https://github.com/actions/dependency-review-action) from 1.0.0 to 1.0.1.
- [Release notes](https://github.com/actions/dependency-review-action/releases)
- [Commits](3f943b86c9...39e692fa32)

---
updated-dependencies:
- dependency-name: actions/dependency-review-action
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-05-18 07:10:22 -05:00
Naveen
bbaf072dd5
⚠️ Remove the oldjson format from cron (#1920)
- removed the old json format from cron
fix https://github.com/ossf/scorecard/pull/1487

Signed-off-by: naveensrinivasan <172697+naveensrinivasan@users.noreply.github.com>
2022-05-17 17:31:25 -07:00
Appu
e7ef60d7fe
📖 Add information for pinning manfest lists (#1918)
* Add information for pinning manfest lists

Signed-off-by: Appu Goundan <appu@google.com>

* Update checks.md
2022-05-17 10:36:57 -07:00
dependabot[bot]
6406cfd4e3 🌱 Bump actions/setup-go from 3.0.0 to 3.1.0
Bumps [actions/setup-go](https://github.com/actions/setup-go) from 3.0.0 to 3.1.0.
- [Release notes](https://github.com/actions/setup-go/releases)
- [Commits](f6164bd8c8...fcdc43634a)

---
updated-dependencies:
- dependency-name: actions/setup-go
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
2022-05-16 16:52:04 +00:00
Azeem Shaikh
236b296403
Do not fail on empty repositories (#1914)
Co-authored-by: Azeem Shaikh <azeems@google.com>
2022-05-16 00:41:17 +00:00
laurentsimon
b1ab7eb9bb
Update raw format for Dangerous workflows (#1865)
* updates

* e2e fix

* comments
2022-05-13 19:10:57 -07:00
Scott Ford
cd0470403b
📖 Fixes description for webhook check (#1882)
Signed-off-by: Scott Ford <scott@scottford.io>
2022-05-12 21:14:43 +00:00
Naveen
0275a94a3f
:warn: Remove the old Details field from CheckResult (#1906)
https://github.com/ossf/scorecard/issues/1393

Signed-off-by: naveensrinivasan <172697+naveensrinivasan@users.noreply.github.com>
2022-05-12 12:58:12 -07:00
naveensrinivasan
b9f333bc2a ⚠️ Remove the pass from the CheckResult
- Remove Pass field from CheckResult

Signed-off-by: naveensrinivasan <172697+naveensrinivasan@users.noreply.github.com>
2022-05-12 14:03:19 -05:00
dependabot[bot]
f0481647dd 🌱 Bump github.com/caarlos0/env/v6 from 6.9.1 to 6.9.2
Bumps [github.com/caarlos0/env/v6](https://github.com/caarlos0/env) from 6.9.1 to 6.9.2.
- [Release notes](https://github.com/caarlos0/env/releases)
- [Changelog](https://github.com/caarlos0/env/blob/main/.goreleaser.yml)
- [Commits](https://github.com/caarlos0/env/compare/v6.9.1...v6.9.2)

---
updated-dependencies:
- dependency-name: github.com/caarlos0/env/v6
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2022-05-12 17:13:16 +00:00
dependabot[bot]
74f521fcf2 🌱 Bump mvdan.cc/sh/v3 from 3.4.3 to 3.5.0
Bumps [mvdan.cc/sh/v3](https://github.com/mvdan/sh) from 3.4.3 to 3.5.0.
- [Release notes](https://github.com/mvdan/sh/releases)
- [Changelog](https://github.com/mvdan/sh/blob/master/CHANGELOG.md)
- [Commits](https://github.com/mvdan/sh/compare/v3.4.3...v3.5.0)

---
updated-dependencies:
- dependency-name: mvdan.cc/sh/v3
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
2022-05-12 14:43:48 +00:00
dependabot[bot]
2b35afc5bb 🌱 Bump github.com/golangci/golangci-lint in /tools
Bumps [github.com/golangci/golangci-lint](https://github.com/golangci/golangci-lint) from 1.45.2 to 1.46.0.
- [Release notes](https://github.com/golangci/golangci-lint/releases)
- [Changelog](https://github.com/golangci/golangci-lint/blob/master/CHANGELOG.md)
- [Commits](https://github.com/golangci/golangci-lint/compare/v1.45.2...v1.46.0)

---
updated-dependencies:
- dependency-name: github.com/golangci/golangci-lint
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
2022-05-12 02:04:06 +00:00
laurentsimon
0f30f4eec7
Make permission check aware of GH Pages Action (#1902)
* update

* update

* update
2022-05-11 20:41:37 -05:00
dependabot[bot]
2fc6fbb196 🌱 Bump cloud.google.com/go/bigquery from 1.31.0 to 1.32.0
Bumps [cloud.google.com/go/bigquery](https://github.com/googleapis/google-cloud-go) from 1.31.0 to 1.32.0.
- [Release notes](https://github.com/googleapis/google-cloud-go/releases)
- [Changelog](https://github.com/googleapis/google-cloud-go/blob/main/CHANGES.md)
- [Commits](https://github.com/googleapis/google-cloud-go/compare/spanner/v1.31.0...spanner/v1.32.0)

---
updated-dependencies:
- dependency-name: cloud.google.com/go/bigquery
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
2022-05-11 08:47:39 -05:00
Romain Dauby
804127f46a Upgrade to buildkit 0.10.3 2022-05-10 10:55:48 -05:00
06kellyjac
c5d787a598 pkg: refactor out scorecard_version 2022-05-10 09:51:55 -05:00