ossf/scorecard
1
1
Fork 0
mirror of https://github.com/ossf/scorecard.git synced 2024-11-09 17:32:13 +03:00
Code Issues Actions 7 Packages Projects Releases Wiki Activity
1,221 Commits 32 Branches 42 Tags 440 MiB
d5893c226f
Commit Graph

105 Commits

Author SHA1 Message Date
naveensrinivasan
7d1795384c Fixed the path of the generated mock files. 
Signed-off-by: naveensrinivasan <172697+naveensrinivasan@users.noreply.github.com>
 2022-03-11 09:55:24 -06:00
naveensrinivasan
1995bc3b9c 🌱 Refactor to make it testable 
- Related to https://github.com/ossf/scorecard/issues/1568

Signed-off-by: naveensrinivasan <172697+naveensrinivasan@users.noreply.github.com>
 2022-03-11 09:55:24 -06:00
Stephen Augustus (he/him)
3070b3ca1b
cmd: Allow new scorecard to be instantiated with options (#1703) 
* cmd: Allow new scorecard commands to be instantiated with options
* options: Default flags to struct field values
* options: Use constants for flag names
* options: Simplify SARIF check

Signed-off-by: Stephen Augustus <foo@auggie.dev>
 2022-03-03 01:38:34 +00:00
Stephen Augustus (he/him)
84cdc8cbec
cmd: Refactor to make importable (#1696) 
* cmd: Refactor to make importable
* options: Add support for parsing via environment variables
* options: Support setting feature flags via option
* cmd: Replace `version` with sigs.k8s.io/release-utils/version
* cmd: Move option validation into pre-run function

Signed-off-by: Stephen Augustus <foo@auggie.dev>
 2022-03-01 21:18:44 -08:00
Stephen Augustus (he/him)
7956ff4fe7
Miscellaneous refactors to ease downstream consumption (#1645) 
* checker: Add `NewLogger` constructor for `DetailLogger` impl
* checker: Add `NewRunner` constructor for `Runner`
* cmd: Update to use refactored packages
* cmd: Move command flags and validation into an `options` package
* cmd: Move client accessors to `githubrepo` package
* cmd: Move policy and enabled checks to `policy` package
* cmd: Move results formatting to `format` package
* checker: Prefer `Set` prefixes for setters
* checker: Use `DetailLogger` return value for `NewLogger()`
* checker: Add `GetClients` accessor
* Move `FormatResults` to `pkg/`
* checks: Add getter for all checks

Signed-off-by: Stephen Augustus <foo@auggie.dev>
 2022-02-27 02:09:21 +00:00
Azeem Shaikh
674146ca3c
Make verbosity levels case insensitive (#1650) 
Co-authored-by: Azeem Shaikh <azeems@google.com>
 2022-02-16 19:33:04 +00:00
Azeem Shaikh
f3332ce129
Add validation for commit-based APIs (#1635) 
Co-authored-by: Azeem Shaikh <azeems@google.com>
 2022-02-14 22:24:35 +00:00
Azeem Shaikh
6930c3ab3b
Add support for commit-based Scorecard (#1613) 
Co-authored-by: Azeem Shaikh <azeems@google.com>
 2022-02-07 19:03:36 -08:00
Azeem Shaikh
1c95237e4a
Only run allowed checks in different modes (#1579) 
Co-authored-by: Azeem Shaikh <azeems@google.com>
 2022-02-07 16:49:49 -08:00
Azeem Shaikh
3995d31abf
Refactor some code (#1567) 
Co-authored-by: Azeem Shaikh <azeems@google.com>
 2022-01-31 21:41:42 +00:00
Stephen Augustus (he/him)
41adfe7f34
⚠️ log: Initial logr/logrusr implementation (#1516) 
* log: Initial logr/logrusr implementation

Signed-off-by: Stephen Augustus <foo@auggie.dev>

* log: Update references to `log.Logger`

Signed-off-by: Stephen Augustus <foo@auggie.dev>

* go.mod: Minor reorganization of `replace`s

...to prevent automatic updates from getting added to the smaller
section.

Signed-off-by: Stephen Augustus <foo@auggie.dev>
 2022-01-25 11:17:46 -06:00
Stephen Augustus (he/him)
13b78ab010
⚠️ Create a dedicated logging package to encapsulate calls to zap (#1502) 
* log: Init log package

Creates a wrapper around existing `zap.Logger` to make it easier
to replace/extend with scorecard logging.

Signed-off-by: Stephen Augustus <foo@auggie.dev>

* log: Replace instances of `zap.Logger` with `log.Logger`

Signed-off-by: Stephen Augustus <foo@auggie.dev>

* log: Add logic to parse `zapcore.Level`s as strings

Signed-off-by: Stephen Augustus <foo@auggie.dev>

* log: Express log levels

Signed-off-by: Stephen Augustus <foo@auggie.dev>

* log: Replace instances of `zapcore.Level` with `log.Level`

Signed-off-by: Stephen Augustus <foo@auggie.dev>

* log: Fixup comments for exported functions

Signed-off-by: Stephen Augustus <foo@auggie.dev>
 2022-01-20 15:57:39 -08:00
Azeem Shaikh
f2c57d2590 Migrate to v4 2022-01-12 14:12:09 -06:00
Azeem Shaikh
61a0124407
Enable Dangerous-Workflow & License checks for v4 (#1471) 
Co-authored-by: Azeem Shaikh <azeems@google.com>
 2022-01-12 16:27:03 +00:00
naveen
25cfdb7b13 Fixed the long lines 2022-01-04 13:55:58 -06:00
naveen
de39061cc5 🌱 Refactor vulnerabilities client 2022-01-04 13:55:58 -06:00
laurentsimon
3c1e8148d4
Do not expose sarif and policy command (#1405) 
* hide sarif support

* use variable
 2021-12-21 18:05:56 +00:00
Azeem Shaikh
ecc96576f4
Refactor to improve readability (#1394) 
Co-authored-by: Azeem Shaikh <azeems@google.com>
 2021-12-15 15:01:34 -08:00
laurentsimon
551961718d
[RAW] End-to-end support for raw results for Binary-Artifacts (#1255) 
* split binary artifact check

* fix

* missing file

* comments

* fix

* comments

* draft

* merge fix

* fix merge

* add indirection

* comments

* comments

* linter

* comments

* updates

* updates

* updates

* linter

* comments
 2021-12-14 21:10:24 +00:00
laurentsimon
86fd966dc4
Don't use the policy filename in SARIF results (#1373) 
* don't display a policy file

* fix utests

* update msg

* update test
 2021-12-10 17:07:32 -08:00
laurentsimon
b323cded04
🐛 checks.yml not sync'ed with checks.md (#1360) 
* update docs

* update

* remove file

* remove  improper commit

* fix
 2021-12-04 08:56:50 -06:00
Azeem Shaikh
84d169bf23
Use updated clients for local (#1355) 
Co-authored-by: Azeem Shaikh <azeems@google.com>
 2021-12-03 15:09:04 -08:00
Nanik
45b5a35020
Add new checking for license file availability (#1178) 
* Add checking logic inside license_check.go
    * Add test case license_check_test.go
    * Add check information inside checks.yaml
 2021-12-03 09:28:27 -08:00
dota17
6a7e314c37 1.Add the check Dangerous-Workflow 
2.Fix the typo of rubygems
 2021-12-01 07:44:28 -06:00
Azeem Shaikh
2375ae2812
Add a OssFuzzRepoClient (#1280) 
Co-authored-by: Azeem Shaikh <azeems@google.com>
 2021-11-17 03:04:37 +00:00
asraa
1050b1cd60
Add dangerous workflow check with untrusted code checkout pattern (#1168) 
* add dangerous workflow check with untrusted code checkout pattern

Signed-off-by: Asra Ali <asraa@google.com>

* update

Signed-off-by: Asra Ali <asraa@google.com>

* add env var

Signed-off-by: Asra Ali <asraa@google.com>

* fix comment

Signed-off-by: Asra Ali <asraa@google.com>

* add repos git checks.yaml

Signed-off-by: Asra Ali <asraa@google.com>

* update checks.md

Signed-off-by: Asra Ali <asraa@google.com>

* address comments

Signed-off-by: Asra Ali <asraa@google.com>

* fix merge

Signed-off-by: Asra Ali <asraa@google.com>

* add delete

Signed-off-by: Asra Ali <asraa@google.com>

* update docs

Signed-off-by: Asra Ali <asraa@google.com>

Co-authored-by: Naveen <172697+naveensrinivasan@users.noreply.github.com>
 2021-11-15 20:18:10 +00:00
Azeem Shaikh
6223b6620a
Add CIIClient interface (#1262) 
Co-authored-by: Azeem Shaikh <azeems@google.com>
 2021-11-15 02:46:41 +00:00
laurentsimon
09b7b3bd3d
Pull request support for GitHub action (#1222) 
* draft

* updates

* PR support

* comments

* comment

* category

* fix rule ID

* typo

* always populate rules

* typo
 2021-11-08 23:30:37 +00:00
laurentsimon
8805ac54d0
Add --local option to CLI (#1211) 
* unit tests

* remove log

* fix

* gate local access

* comment
 2021-11-03 15:17:58 +00:00
laurentsimon
a6d298a60a
Use checks.yaml to store which repo types are supported by each check (#1195) 
* draft

* draft 2

* remove enum

* update

* mock doc

* fix
 2021-11-02 01:43:22 +00:00
Azeem Shaikh
83649a799e
Remove repos package (#1191) 
Co-authored-by: Azeem Shaikh <azeems@google.com>
 2021-10-29 16:07:46 +00:00
laurentsimon
4cca9b4960
Implement local repo client for local folders (#1146) 
* draft

* draft

* docker file

* error

* fix

* fix

* bug

* comments

* missing merge

* fix

* merge issue

* fix

* validate format early

* comments

* fix

* fixes

* uncomment

* gate code for v4 code

* draft

* draft 2

* fix security-policy check

* fix

* merge fixes

* fixes

* fixes

* fixes

* fixes

* mock repo

* linter

* comments

* unit tests

* comments
 2021-10-28 18:30:02 +00:00
laurentsimon
950e0e3d2d
Add support for file-based repo URIs (#1113) 
* draft

* draft

* docker file

* error

* fix

* fix

* fixa

* bug

* comments

* missing merge

* fix

* fix rebase

* merge issue

* fix

* validate format early

* fix

* fix2

* comments

* fix
 2021-10-21 20:08:56 +00:00
Naveen
6c1c789dc5
🌱 v3 upgrade changes (#1118) 
v3 go.mod changes
 2021-10-07 18:16:01 -05:00
laurentsimon
f153db5a4a
⚠️ remove CSV support (#1119) 
* remove CSV support

* fixes
 2021-10-07 13:54:21 -07:00
laurentsimon
3a43c683c8
Define scorecard GitHub action (#1069) 
* test

* fix

* fix

* license
 2021-09-27 22:30:36 +00:00
laurentsimon
6b9010e575
changes (#1062) 2021-09-27 15:50:58 +00:00
laurentsimon
fb77e42da2
Per-check score threshold for SARIF (#1057) 
* fixes

* fix
 2021-09-23 23:55:41 +00:00
laurentsimon
5d6a7cd20d
Add policy file (#1002) 
* draft

* draft 2

* add tests

* check names

* fixes

* fix

* comments

* fix

* test

* remove risk

* license

* linter

* comments
 2021-09-22 16:22:49 +00:00
laurentsimon
39bd00c359
Add aggregated score (#1046) 
* ag scores

* fix

* CSV and string

* comments

* updates

* changes

* fixes
 2021-09-21 22:30:25 +00:00
laurentsimon
617820706c
Update cron's JSON format (#1001) 
* JSON2 for cron

* fixes

* linter

* fix
 2021-09-13 21:55:06 +00:00
Azeem Shaikh
e730e911e6
sce.Create -> sce.WithMessage for wrapcheck (#995) 
Co-authored-by: Azeem Shaikh <azeems@google.com>
 2021-09-10 15:50:33 +00:00
laurentsimon
d6174dbe59
semantic version (#991) 2021-09-10 07:13:17 -07:00
laurentsimon
870db56814
Cleanup documentation code (#981) 
* draft 1

* unit tests

* fix

* fixes

* fix

* mod

* comments

* fixes

* rename

* fix

* linter
 2021-09-09 22:09:39 +00:00
Azeem Shaikh
afe5b40567
Make RepoClient as default interface for Scorecard (#951) 
Co-authored-by: Azeem Shaikh <azeems@google.com>
 2021-09-02 02:32:26 +00:00
laurentsimon
8f5e742e20
Improve JSON format (#934) 
* support for verison

* fix

* fix

* linter

* typo

* fix
 2021-09-01 17:29:40 +00:00
Azeem Shaikh
41d0ce38c4
Replace errors.As with Is (#901) 
Co-authored-by: Azeem Shaikh <azeems@google.com>
 2021-08-25 01:03:45 +00:00
laurentsimon
276155d1eb
SARIF 4: Add support to output SARIF format (#866) 
* draft1

* draft2

* draft

* draft 3

* typos

* unit tests

* fixes

* fixes

* related locs

* fixes

* version

* fixes

* linter/fix

* fixes

* linter

* gofmt -s
 2021-08-23 21:31:33 +00:00
laurentsimon
23764f0168
Upload cron results to a table with new format (#830) 
* add json2 function

* asJSON2

* url2

* draft

* root

* tables and bucket

* fix

* comments

* new transfer instances

* comments

* rename files

* update k8 names

* typo

* fizes

* linter
 2021-08-16 16:38:41 +00:00
Azeem Shaikh
b7ddc9ac93
Update go-github version for consistency (#852) 
Co-authored-by: Azeem Shaikh <azeems@google.com>
 2021-08-13 00:43:22 +00:00