scorecard

mirror of https://github.com/ossf/scorecard.git synced 2024-11-05 05:17:00 +03:00

Author	SHA1	Message	Date
Azeem Shaikh	c03085ad9b	Remove duplicated function definitions (#1666 ) Co-authored-by: Azeem Shaikh <azeems@google.com>	2022-02-22 07:38:56 -08:00
behnazh-w	33a01f7647	🐛 Add custom packaging workflow for Python Packaging workflows are allowed to have `contents: write` permission. By adding relekang/python-semantic-release to the list of packaging GitHub Actions workflows, we avoid false positivies in the token permission check.	2022-02-17 17:16:34 -06:00
Azeem Shaikh	2b206dc365	Remove `Version` field from LogMessage (#1640 ) Co-authored-by: Azeem Shaikh <azeems@google.com>	2022-02-15 18:26:06 +00:00
laurentsimon	e7fd58d9a3	✨ Check for secrets in pull_request_target (#1634 ) * checks/dangerous_workflow.go: add pull_request_target support for secrets * missing files * linter	2022-02-15 16:04:57 +00:00
Azeem Shaikh	1e488a804f	Fix for repos which do not squash PR commits (#1637 ) Co-authored-by: Azeem Shaikh <azeems@google.com>	2022-02-14 23:33:15 +00:00
Azeem Shaikh	f3332ce129	Add validation for commit-based APIs (#1635 ) Co-authored-by: Azeem Shaikh <azeems@google.com>	2022-02-14 22:24:35 +00:00
Azeem Shaikh	2e3e505a8c	Simplify DetailLogger interface (#1628 ) Co-authored-by: Azeem Shaikh <azeems@google.com>	2022-02-11 15:48:58 -08:00
laurentsimon	7de151cf49	✨ Check for secrets in workflows run on pull requests (#1615 ) * updates * missing files * typo * linter * linter * updates * updates	2022-02-10 18:54:44 +00:00
Azeem Shaikh	6930c3ab3b	Add support for commit-based Scorecard (#1613 ) Co-authored-by: Azeem Shaikh <azeems@google.com>	2022-02-07 19:03:36 -08:00
Azeem Shaikh	1c95237e4a	Only run allowed checks in different modes (#1579 ) Co-authored-by: Azeem Shaikh <azeems@google.com>	2022-02-07 16:49:49 -08:00
naveen	68bf172e59	🌱 Unit tests fileparser/listing Unit tests fileparser/listing https://github.com/ossf/scorecard/issues/986	2022-02-07 15:33:18 -06:00
naveen	049db386a5	🌱 Unit tests for dependency_update_tool Unit tests for dependency_update_tool https://github.com/ossf/scorecard/issues/986 Signed-off-by: naveen <172697+naveensrinivasan@users.noreply.github.com>	2022-02-07 11:05:37 -06:00
laurentsimon	873308016c	checks/packaging.go: ignore workflows/<>/ files (#1591 )	2022-02-04 21:42:59 +00:00
naveen	80cc0dd11e	🌱 Unit tests checks/ci_tests_test.go Unit tests for tests checks/ci_tests_test.go https://github.com/ossf/scorecard/issues/986	2022-02-04 13:26:16 -06:00
Behnaz Hassanshahi	f84291dcfd	🐛 Fix Dependabot check to accept .yaml file extension (#1601 )	2022-02-03 23:53:32 +00:00
naveen	35aad1dce5	🌱 Unit tests code-review for raw Unit tests code-review for raw. https://github.com/ossf/scorecard/issues/986	2022-02-03 13:22:39 -06:00
naveen	674f747d47	🌱 Unit tests for vulnerabilities raw package Unit tests for vulnerabilities raw package https://github.com/ossf/scorecard/issues/986	2022-02-03 13:00:35 -06:00
naveen	634643e9f7	🌱 Unit test for fileparser/listing Unit test for fileparser/listing https://github.com/ossf/scorecard/issues/986 🌱 Unit test for fileparser/listing Unit tests for fileparser/listing https://github.com/ossf/scorecard/issues/986 Signed-off-by: naveen <172697+naveensrinivasan@users.noreply.github.com>	2022-02-03 11:01:57 -06:00
Azeem Shaikh	4581c363cf	Remove ListMergedPRs API (#1566 ) Co-authored-by: Azeem Shaikh <azeems@google.com>	2022-02-03 00:01:35 +00:00
laurentsimon	9037444513	✨ Raw data for code review check (#1505 ) * separate code review's eval and check * missing file * add comments * fix * fix * linter * fixes * fix * linter * linter * linter * draft * fixes * fixes * simplify * update date * rem comments * typo * linter * typo * linter	2022-02-02 19:51:38 +00:00
naveen	009aa85e3f	🌱 Unit tests for Vulnerabilities - Unit tests for Vulnerabilities - https://github.com/ossf/scorecard/issues/986	2022-02-02 11:55:57 -06:00
laurentsimon	79b216c956	checks/security_policy_test.go: updated unit tests (#1590 ) checks/raw/security_policy.go: add support for .adoc policies	2022-02-02 08:31:42 -08:00
laurentsimon	86d8281031	Do not parse non-dockerfile (#1583 ) * draft * checks/pinned_dependencies.go: added isDockerfiler() checks/pinned_dependencies_test.go: added TestDockerfileInvalidFiles * undo CodeQL Co-authored-by: Naveen <172697+naveensrinivasan@users.noreply.github.com>	2022-02-01 23:50:15 +00:00
naveen	e4eb6d247f	🌱 Unit tests for security policy Unit tests for security policy. https://github.com/ossf/scorecard/issues/986	2022-02-01 14:06:28 -06:00
Azeem Shaikh	3995d31abf	Refactor some code (#1567 ) Co-authored-by: Azeem Shaikh <azeems@google.com>	2022-01-31 21:41:42 +00:00
naveen	fae5ff334f	🌱 Unit tests for fileparser Included additional tests for fileparser. https://github.com/ossf/scorecard/issues/986 Signed-off-by: naveen <172697+naveensrinivasan@users.noreply.github.com>	2022-01-31 14:09:02 -06:00
naveen	70afae8b8f	🌱 Remove dead code Remove dead code which isn't being used.	2022-01-28 14:05:29 -06:00
naveen	4c266d7192	🌱 Unit test for dependency_update_tool Unit tests for dependency_update_tool https://github.com/ossf/scorecard/issues/986	2022-01-28 10:57:57 -06:00
godofredoc	a69e1d97d4	🌱 Add Dart and Flutter CI systems to CI tests check. (#1548 ) * Add Dart and Flutter CI systems to CI tests check. The current check is looking at the github checks data to identify whether a given PR ran tests. Flutter and Dart repos are failing the check becuase their systems are not recognized as CI Systems. Bug: https://github.com/ossf/scorecard/issues/1547 * Format file.	2022-01-28 01:42:50 +00:00
Naveen	17467c1f13	🌱 Unit tests for binary_artifact (#1512 )	2022-01-27 12:25:50 -06:00
laurentsimon	5f9fff3b20	✨ Separate check from policies for the Vulnerabilities check (#1532 ) * raw vulnerabilities seperation * update year * missing files * tests	2022-01-26 15:45:39 -05:00
Chris McGehee	7a6eb2812a	Not considering an issue as having activity if closed recently (#1531 ) - The person who opened the issue can close it, so an issue closing does not indicate activity by a maintainer.	2022-01-25 21:59:03 -08:00
naveen	e774015194	🌱 Unit tests for Fuzzing Unit tests checks for fuzzing. https://github.com/ossf/scorecard/issues/986 Signed-off-by: naveen <172697+naveensrinivasan@users.noreply.github.com>	2022-01-25 14:08:59 -06:00
Stephen Augustus (he/him)	41adfe7f34	⚠️ log: Initial `logr`/`logrusr` implementation (#1516 ) * log: Initial logr/logrusr implementation Signed-off-by: Stephen Augustus <foo@auggie.dev> * log: Update references to `log.Logger` Signed-off-by: Stephen Augustus <foo@auggie.dev> * go.mod: Minor reorganization of `replace`s ...to prevent automatic updates from getting added to the smaller section. Signed-off-by: Stephen Augustus <foo@auggie.dev>	2022-01-25 11:17:46 -06:00
naveen	d4d81a01df	🌱 Unit tests dependency_update_tool Unit tests dependency_update_tool https://github.com/ossf/scorecard/issues/986 Signed-off-by: naveen <172697+naveensrinivasan@users.noreply.github.com>	2022-01-24 21:38:02 -06:00
Chris McGehee	b6cba86f72	🐛 Issue activity only counts if done by a maintainer (#1515 ) * Issue activity only counts if done by a maintainer * -Using pointer so that if Github API doesn't return a value for a field, it can be nil - Updating AuthorAssociation to use an enum Co-authored-by: Azeem Shaikh <azeemshaikh38@gmail.com>	2022-01-24 16:12:54 +00:00
naveen	4122c793bc	🌱 Unit tests for binary artifacts Unit tests for binary artifacts. https://github.com/ossf/scorecard/issues/986	2022-01-23 22:59:36 -06:00
naveen	8a64075d5e	🌱 Fix the reflect.DeepEqual with google cmp Fix the reflect.DeepEqual with google cmp Signed-off-by: naveen <172697+naveensrinivasan@users.noreply.github.com>	2022-01-23 13:12:07 -06:00
naveen	66a91dd017	🌱 Unit tests for branch protection raw Unit tests for branch protection raw. https://github.com/ossf/scorecard/issues/986. Signed-off-by: naveen <172697+naveensrinivasan@users.noreply.github.com>	2022-01-22 17:54:59 -06:00
naveen	90a0689dea	🌱 Unit test for fileparser https://github.com/ossf/scorecard/issues/986	2022-01-21 12:23:11 -06:00
Stephen Augustus (he/him)	13b78ab010	⚠️ Create a dedicated logging package to encapsulate calls to `zap` (#1502 ) * log: Init log package Creates a wrapper around existing `zap.Logger` to make it easier to replace/extend with scorecard logging. Signed-off-by: Stephen Augustus <foo@auggie.dev> * log: Replace instances of `zap.Logger` with `log.Logger` Signed-off-by: Stephen Augustus <foo@auggie.dev> * log: Add logic to parse `zapcore.Level`s as strings Signed-off-by: Stephen Augustus <foo@auggie.dev> * log: Express log levels Signed-off-by: Stephen Augustus <foo@auggie.dev> * log: Replace instances of `zapcore.Level` with `log.Level` Signed-off-by: Stephen Augustus <foo@auggie.dev> * log: Fixup comments for exported functions Signed-off-by: Stephen Augustus <foo@auggie.dev>	2022-01-20 15:57:39 -08:00
naveen	f4e9dfd602	🌱 Unit tests for binaryartifacts Unit tests for binaryartifacts https://github.com/ossf/scorecard/issues/986 Signed-off-by: naveen <172697+naveensrinivasan@users.noreply.github.com>	2022-01-20 15:20:54 -06:00
naveen	9973bdeb60	✨ Unit tests for dependency update Unit tests for dependency update. https://github.com/ossf/scorecard/issues/986 Signed-off-by: naveen <172697+naveensrinivasan@users.noreply.github.com>	2022-01-19 15:34:07 -06:00
Naveen	5d3f198380	✨ Unit test for SAST (#1482 ) Addresses https://github.com/ossf/scorecard/issues/435	2022-01-15 12:22:59 -08:00
naveen	f7b329e830	✨ Unit test for all_checks Addresses https://github.com/ossf/scorecard/issues/435 Signed-off-by: naveen <172697+naveensrinivasan@users.noreply.github.com>	2022-01-12 17:24:38 -06:00
naveen	77103694fb	✨ Unit test for securitypolicy https://github.com/ossf/scorecard/issues/435 Signed-off-by: naveen <172697+naveensrinivasan@users.noreply.github.com>	2022-01-12 16:33:24 -06:00
naveen	f31d824a5e	🌱 Unit tests for code review Unit tests for code review check. Signed-off-by: naveen <172697+naveensrinivasan@users.noreply.github.com>	2022-01-12 15:35:09 -06:00
Azeem Shaikh	696553be2d	Fix linter issues (#1472 ) Co-authored-by: Azeem Shaikh <azeems@google.com>	2022-01-12 20:34:16 +00:00
Azeem Shaikh	f2c57d2590	✨ Migrate to v4	2022-01-12 14:12:09 -06:00
laurentsimon	531561c8f4	npm install-test support (#1468 )	2022-01-12 11:34:19 +11:00
naveen	ad5ffab313	✨ Unit tests for CI_Tests Implemented Unit tests for CI_Tests Signed-off-by: naveen <172697+naveensrinivasan@users.noreply.github.com>	2022-01-11 13:31:58 -06:00
laurentsimon	993e9c1010	update msg (#1457 )	2022-01-10 22:22:39 +00:00
naveen	d2a14e0f2b	🌱 Unit tests for contributors Implemented unit tests for contributors.	2022-01-10 11:24:05 -06:00
naveen	911463714b	✨ Unit tests github_workflow	2022-01-10 08:29:29 -06:00
naveen	bb42878e63	✨ Unit test for security policy Unit tests for security policy	2022-01-09 23:09:22 -06:00
naveen	b5d34a6489	✨ Unit tests for listing file Included tests for listing.go	2022-01-07 18:19:07 -06:00
Naveen	93e05a4e3d	✨ Unit test for maintained check (#1449 ) Included unit tests for maintained check. Co-authored-by: laurentsimon <64505099+laurentsimon@users.noreply.github.com>	2022-01-07 23:49:34 +00:00
laurentsimon	87a2d09822	🐛 Remove inconclusive result from SAST (#1447 ) * remove inconclusive * fix comment	2022-01-07 15:22:49 -08:00
Naveen	192ae4d18f	Unit tests for signed releases (#1446 ) Implemented tests for signed releases.	2022-01-06 16:49:06 -08:00
laurentsimon	165d4b562f	✨ Update messages for pinning warning (#1440 ) * update msg * update msg	2022-01-06 18:03:42 +00:00
naveen	cc4b52b0d8	✨ Included test for OSV Vulnerabilities	2022-01-06 10:21:18 -06:00
laurentsimon	7a91384f8d	✨ Add line numbers for insecure downloads (#1413 ) * add lines for docker files * support for other constructs * other insecure patterns * fixes * fixes * comments	2022-01-06 00:13:53 +00:00
naveen	de39061cc5	🌱 Refactor vulnerabilities client	2022-01-04 13:55:58 -06:00
naveen	c8f15a495e	🌱 Refactor the osv check into a interface Refactor the osv check into a interface for that it can be tested.	2022-01-04 13:55:58 -06:00
laurentsimon	0e20950839	fix (#1419 )	2021-12-24 01:16:10 +00:00
laurentsimon	70fa923907	info to debug (#1416 )	2021-12-23 17:27:40 -06:00
laurentsimon	cf71c9539c	✨ Add details to message for default location in SARIF (#1414 ) * add details to message * fix	2021-12-23 19:06:02 +00:00
laurentsimon	6f21258131	reduce score by 1 (#1404 )	2021-12-21 17:28:31 +00:00
laurentsimon	df3d50df76	🐛 Fix score calculation for multiple files (#1401 ) * multi file support * fix multi-files permissions * change name * add tests * use struct for files * comments * comment	2021-12-16 23:16:02 +00:00
laurentsimon	3d9b1d2900	✨ [RAW] Branch Protection support (#1396 ) * raw bp * missing files * context never nil * support raw bp * unit tests * remove comments * merging * linter	2021-12-16 21:42:05 +00:00
laurentsimon	f2cee41ca9	✨ [RAW]: dependency update tool (#1391 ) * dependency update tool * rename * missing files * add fields * rm field	2021-12-15 17:02:31 +00:00
laurentsimon	46e94eb925	✨ [DRAFT: RAW]: Security policy support (#1372 ) * raw sec policy * missing file * fix validation of check.yml * updates * comments * dea code * comments	2021-12-14 23:51:42 +00:00
laurentsimon	551961718d	✨ [RAW] End-to-end support for raw results for Binary-Artifacts (#1255 ) * split binary artifact check * fix * missing file * comments * fix * comments * draft * merge fix * fix merge * add indirection * comments * comments * linter * comments * updates * updates * updates * linter * comments	2021-12-14 21:10:24 +00:00
Chris McGehee	f991fee32d	Adding line numbers for rest of Token-Permessions (and by extension, (#1381 ) Packaging)	2021-12-14 04:14:35 +00:00
asraa	cfa1593e1c	✨ Add Script Injection to Dangerous-Workflow (#1368 ) * add dangerous workflow pattern script injection Signed-off-by: Asra Ali <asraa@google.com> * add more tests Signed-off-by: Asra Ali <asraa@google.com> * update laurent comments Signed-off-by: Asra Ali <asraa@google.com>	2021-12-09 13:53:55 -08:00
Evgeny Vereshchagin	75bcc333de	CI-Tests: look for test-related strings in target urls as well (#1374 ) Apparently some projects like systemd and bcc put links (containing the word "Jenkins") to their Jenkins instances in target urls. https://buildbot.iovisor.org/jenkins/job/bcc-pr/1157/ https://jenkins-systemd.apps.ocp.ci.centos.org/job/upstream-vagrant-archlinux-sanitizers/8288/ It's a follow-up to https://github.com/ossf/scorecard/pull/1293#issuecomment-976384882 Co-authored-by: laurentsimon <64505099+laurentsimon@users.noreply.github.com>	2021-12-08 17:34:28 +00:00
Evgeny Vereshchagin	01ebb0dcf3	Pinned-Dependencies: show where exactly parsing fails (#1297 ) Looks like due to https://github.com/mvdan/sh/issues/636 scorecard can't parse comments quoted with backticks like ``` cmd -a \ -b `# withouth backticks -c below would be a separate command` \ -c ``` and fails with something like ``` error parsing shell code: 82:26: reached EOF without closing quote ` ``` This PR turns that message into ``` error parsing shell code: vagrant/bootstrap_scripts/arch-sanitizers-clang.sh: 82:26: reached EOF without closing quote ` ``` which is a bit more useful. Co-authored-by: laurentsimon <64505099+laurentsimon@users.noreply.github.com>	2021-12-08 01:52:08 +00:00
laurentsimon	6e013cf67d	✨ Token-Permission: Allow top level permissions not defined if all run level permissions are (#1356 ) * doc * allow non defined top level * fix * e2e fix * linter	2021-12-08 01:18:28 +00:00
Evgeny Vereshchagin	2e391503e4	Code-Review: show PRs merged without code review (#1375 ) to make it easier to figure out whether those PRs are really merged without code review or whether there is a bug in scorecard like https://github.com/ossf/scorecard/issues/1260 that prevents it from finding reviewed PRs. Other than that, the "CI-Tests" check already show "untested" PRs so it seems the "Code-Review" check should follow suit.	2021-12-07 16:47:29 -08:00
Evgeny Vereshchagin	5043cbcc7c	CI-Tests: no longer fail if there are no check suites (#1335 ) In PRs like https://github.com/iovisor/bcc/pull/3626 no checks suites are triggered: ``` $ curl --silent -H "Accept: application/vnd.github.v3+json" `3fcf0f1b58/check-runs` { "total_count": 0, "check_runs": [ ] } ``` ``` curl --silent -H "Accept: application/vnd.github.v3+json" `3fcf0f1b58/check-suites` { "total_count": 0, "check_suites": [ ] } ``` The check should just keep going because "statuses" still can be triggered so it should use them instead: ``` Closes https://github.com/ossf/scorecard/issues/1285 Co-authored-by: laurentsimon <64505099+laurentsimon@users.noreply.github.com> Co-authored-by: Azeem Shaikh <azeemshaikh38@gmail.com>	2021-12-07 03:27:59 +00:00
laurentsimon	1aac7aa39c	✨ update log msg for non-pinned actions (#1370 )	2021-12-06 19:33:27 -06:00
laurentsimon	063d384b6d	move dir (#1367 )	2021-12-06 17:57:02 +00:00
laurentsimon	023eab671e	✨ Ignore local actions that are not pinned (#1357 ) * ignore local actions * missing files	2021-12-06 16:36:42 +00:00
Chris McGehee	38b5199e9e	🐛 Adding line numbers to token-permissions and a couple other places (#1363 ) * Adding line numbers to token-permissions and a couple other places * Fix deadlink for security policy Signed-off-by: Batuhan Apaydın <batuhan.apaydin@trendyol.com> Co-authored-by: Furkan Türkal <furkan.turkal@trendyol.com> * Updating formatting Co-authored-by: Batuhan Apaydın <batuhan.apaydin@trendyol.com> Co-authored-by: Furkan Türkal <furkan.turkal@trendyol.com>	2021-12-06 10:05:52 -06:00
laurentsimon	b323cded04	🐛 checks.yml not sync'ed with checks.md (#1360 ) * update docs * update * remove file * remove improper commit * fix	2021-12-04 08:56:50 -06:00
laurentsimon	afe55a83c1	🐛 Disable pinning lock file search in repo (#1315 ) * fix * linter * linter * linter * comment	2021-12-04 00:44:09 +00:00
Evgeny Vereshchagin	9f7e682fe6	CI-Check: add SemaphoreCI and Packit-as-a-Service (#1293 ) to make it more likely for some projects to pass the check https://semaphoreci.com/ https://github.com/marketplace/packit-as-a-service Co-authored-by: Naveen <172697+naveensrinivasan@users.noreply.github.com> Co-authored-by: laurentsimon <64505099+laurentsimon@users.noreply.github.com>	2021-12-03 23:33:01 +00:00
laurentsimon	aed511670f	✨ Cleanup Branch Protection and add e2e tests (#1344 ) * BP cleanup * linnter * e2e fix * linter * linter Co-authored-by: asraa <asraa@google.com>	2021-12-03 21:53:18 +00:00
Nanik	45b5a35020	✨ Add new checking for license file availability (#1178 ) * Add checking logic inside license_check.go * Add test case license_check_test.go * Add check information inside checks.yaml	2021-12-03 09:28:27 -08:00
laurentsimon	c3c017bf6f	npm ci only (#1314 )	2021-12-03 01:37:18 +00:00
laurentsimon	938c637ee0	rem audio files (#1300 ) Co-authored-by: Naveen <172697+naveensrinivasan@users.noreply.github.com> Co-authored-by: Azeem Shaikh <azeemshaikh38@gmail.com>	2021-12-03 00:54:06 +00:00
Arnaud J Le Hors	83ea9bf653	Fix faulty shell file handling (#1312 ) Parsing errors are meant to be discarded but aren't. This patch changes the code so that the error is indeed discarded and checking continues as intended and adds a unit test for it. Signed-off-by: Arnaud J Le Hors <lehors@us.ibm.com> Co-authored-by: Azeem Shaikh <azeemshaikh38@gmail.com>	2021-12-01 16:46:00 +00:00
laurentsimon	2d6bf97dd8	fix (#1331 )	2021-12-01 14:43:25 +00:00
laurentsimon	736f2e2922	✨ Allow pip install with --require-hashes only (#1313 ) * allow --require-hashes only * comment * rem log * comment * att test * Update checks/shell_download_validate.go Co-authored-by: Dustin Ingram <di@users.noreply.github.com> * Update checks/shell_download_validate.go Co-authored-by: Dustin Ingram <di@users.noreply.github.com> * Update checks/shell_download_validate.go Co-authored-by: Oliver Chang <oliverchang@users.noreply.github.com> * Update checks/shell_download_validate.go Co-authored-by: Dustin Ingram <di@users.noreply.github.com> * Update checks/shell_download_validate.go Co-authored-by: Dustin Ingram <di@users.noreply.github.com> * Update checks/shell_download_validate.go Co-authored-by: Dustin Ingram <di@users.noreply.github.com> * comments Co-authored-by: Dustin Ingram <di@users.noreply.github.com> Co-authored-by: Oliver Chang <oliverchang@users.noreply.github.com>	2021-11-23 00:02:56 +00:00
asraa	fd67ddf1c4	🌱 update dangerous workflow to use actionlint (#1328 ) * update dangerous workflow to use actionlint Signed-off-by: Asra Ali <asraa@google.com> * fix nilptr Signed-off-by: Asra Ali <asraa@google.com> Co-authored-by: Azeem Shaikh <azeemshaikh38@gmail.com>	2021-11-22 18:32:27 +00:00
Chris McGehee	9b600bdc69	Skip pinned dependencies check for template Dockerfiles (#1324 ) Co-authored-by: Azeem Shaikh <azeemshaikh38@gmail.com>	2021-11-22 16:16:03 +00:00
Chris McGehee	2d8ec84be4	Get OSes from matrix.include if present (#1323 )	2021-11-22 15:40:17 +00:00
laurentsimon	fd8731481f	✨ Update score for branch protection with levels (#1287 ) * draft * draft2 * fix * fix * fix * test * linter * comments * comment * update doc * comments	2021-11-20 01:42:21 +00:00
Evgeny Vereshchagin	9d2976592f	Signed-Releases: really look for *.sign files (#1298 ) With this patch applied projects like dracut pass the check: ``` "checks": [ { "details": [ "Debug: GitHub release found: 055", "Info: signed release artifact: dracut-055.tar.sign: https://api.github.com/repos/dracutdevs/dracut/releases/assets/37635937", "Debug: GitHub release found: 054", "Info: signed release artifact: dracut-054.tar.sign: https://api.github.com/repos/dracutdevs/dracut/releases/assets/36958052", "Debug: GitHub release found: 053", "Info: signed release artifact: dracut-053.tar.sign: https://api.github.com/repos/dracutdevs/dracut/releases/assets/32484038", "Debug: GitHub release found: 052", "Info: signed release artifact: dracut-052.tar.sign: https://api.github.com/repos/dracutdevs/dracut/releases/assets/32130796", "Debug: GitHub release found: 051", "Info: signed release artifact: dracut-051.tar.sign: https://api.github.com/repos/dracutdevs/dracut/releases/assets/31933850" ], "score": 10, "reason": "5 out of 5 artifacts are signed -- score normalized to 10", "name": "Signed-Releases", ```	2021-11-20 00:55:08 +00:00
asraa	730076fab1	🐛 fix dangerous workflow test and workflow parsing (#1283 ) * fix dangerous workflow Signed-off-by: Asra Ali <asraa@google.com> * check if removing label comment fixes Signed-off-by: Asra Ali <asraa@google.com> Co-authored-by: Azeem Shaikh <azeemshaikh38@gmail.com>	2021-11-20 00:16:02 +00:00

1 2 3 4 5 ...

414 Commits