* add findings to check results struct
these dont make it to the JSON output format as theyre
not copied to the jsonCheckResultV2 struct in AsJSON2()
Signed-off-by: Spencer Schrock <sschrock@google.com>
* populate CheckResult findings
It would be nice if the evaluation functions did this for us,
but would require changes to theCreate*ScoreResult functions.
It was simpler just to set it in one place at the check level.
Signed-off-by: Spencer Schrock <sschrock@google.com>
---------
Signed-off-by: Spencer Schrock <sschrock@google.com>
* 🌱 migrate token permission check to probes
Signed-off-by: Adam Korczynski <adam@adalogics.com>
* combine seperate write-probes into two that combine them all
Signed-off-by: AdamKorcz <adam@adalogics.com>
* change write probes to read and write
Signed-off-by: AdamKorcz <adam@adalogics.com>
* minor nit
Signed-off-by: AdamKorcz <adam@adalogics.com>
* remove WritaAll probes
Signed-off-by: Adam Korczynski <adam@adalogics.com>
* Merge read-perm probe with job/top probes
Signed-off-by: Adam Korczynski <adam@adalogics.com>
* minor refactoring
Signed-off-by: Adam Korczynski <adam@adalogics.com>
* fix copy paste error
Signed-off-by: Adam Korczynski <adam@adalogics.com>
* fix linter issues and restructure code
Signed-off-by: Adam Korczynski <adam@adalogics.com>
* remove hasGitHubWorkflowPermissionNone probe
Signed-off-by: Adam Korczynski <adam@adalogics.com>
* Remove 'hasGitHubWorkflowPermissionUndeclared' probe
Signed-off-by: Adam Korczynski <adam@adalogics.com>
* bit of clean up
Signed-off-by: Adam Korczynski <adam@adalogics.com>
* reduce code complexity and remove comment
Signed-off-by: Adam Korczynski <adam@adalogics.com>
* simplify file location
Signed-off-by: Adam Korczynski <adam@adalogics.com>
* change probe text
Signed-off-by: Adam Korczynski <adam@adalogics.com>
* invert name of probe
Signed-off-by: Adam Korczynski <adam@adalogics.com>
* OutcomeNotApplicable -> OutcomeError
Signed-off-by: Adam Korczynski <adam@adalogics.com>
* OutcomeNotAvailable -> OutcomeNotApplicable
Signed-off-by: Adam Korczynski <adam@adalogics.com>
* more OutcomeNotAvailable -> OutcomeNotApplicable
Signed-off-by: Adam Korczynski <adam@adalogics.com>
* change name of 'notAvailableOrNotApplicable'
Signed-off-by: Adam Korczynski <adam@adalogics.com>
* fix linter issues
Signed-off-by: Adam Korczynski <adam@adalogics.com>
* add comments to remediation fields
Signed-off-by: Adam Korczynski <adam@adalogics.com>
* add check for nil-dereference
Signed-off-by: Adam Korczynski <adam@adalogics.com>
* remove the permissionLocation finding value
Signed-off-by: Adam Korczynski <adam@adalogics.com>
* rename checkAndLogNotAvailableOrNotApplicable to isBothUndeclaredAndNotAvailableOrNotApplicable
Signed-off-by: Adam Korczynski <adam@adalogics.com>
* use raw metadata for remediation output
Signed-off-by: Adam Korczynski <adam@adalogics.com>
* change 'branch' to 'defaultBranch'
Signed-off-by: Adam Korczynski <adam@adalogics.com>
* remove unused fields in rule Remediation
Signed-off-by: Adam Korczynski <adam@adalogics.com>
* fix remediation
Signed-off-by: Adam Korczynski <adam@adalogics.com>
* change 'metadata.defaultBranch' to 'metadata.repository.defaultBranch'
Signed-off-by: Adam Korczynski <adam@adalogics.com>
---------
Signed-off-by: Adam Korczynski <adam@adalogics.com>
Signed-off-by: AdamKorcz <adam@adalogics.com>
* 🌱 Bump github.com/golangci/golangci-lint in /tools
Bumps [github.com/golangci/golangci-lint](https://github.com/golangci/golangci-lint) from 1.44.2 to 1.45.0.
- [Release notes](https://github.com/golangci/golangci-lint/releases)
- [Changelog](https://github.com/golangci/golangci-lint/blob/master/CHANGELOG.md)
- [Commits](https://github.com/golangci/golangci-lint/compare/v1.44.2...v1.45.0)
---
updated-dependencies:
- dependency-name: github.com/golangci/golangci-lint
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
* golangci-lint: Surface and fix as many lint warnings automatically
Signed-off-by: Stephen Augustus <foo@auggie.dev>
* generated: Run golangci-lint with `fix: true`
Signed-off-by: Stephen Augustus <foo@auggie.dev>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Stephen Augustus <foo@auggie.dev>
* Adding missing documentation for Token-Permissions
* Make documentation for `actions` more accurate
Co-authored-by: Naveen <172697+naveensrinivasan@users.noreply.github.com>
Co-authored-by: laurentsimon <64505099+laurentsimon@users.noreply.github.com>
* Token-Permissions, distinguish contents/package
Allowing `contents: write` permission only for jobs that are releasing
jobs, not just packaging jobs.