scorecard

mirror of https://github.com/ossf/scorecard.git synced 2024-09-19 04:57:14 +03:00

Author	SHA1	Message	Date
Azeem Shaikh	de5224bbc5	Update e2e tests (#1641 ) Co-authored-by: Azeem Shaikh <azeems@google.com>	2022-02-15 19:27:45 +00:00
laurentsimon	e7fd58d9a3	✨ Check for secrets in pull_request_target (#1634 ) * checks/dangerous_workflow.go: add pull_request_target support for secrets * missing files * linter	2022-02-15 16:04:57 +00:00
Azeem Shaikh	1e488a804f	Fix for repos which do not squash PR commits (#1637 ) Co-authored-by: Azeem Shaikh <azeems@google.com>	2022-02-14 23:33:15 +00:00
Azeem Shaikh	f3332ce129	Add validation for commit-based APIs (#1635 ) Co-authored-by: Azeem Shaikh <azeems@google.com>	2022-02-14 22:24:35 +00:00
Azeem Shaikh	6930c3ab3b	Add support for commit-based Scorecard (#1613 ) Co-authored-by: Azeem Shaikh <azeems@google.com>	2022-02-07 19:03:36 -08:00
laurentsimon	9037444513	✨ Raw data for code review check (#1505 ) * separate code review's eval and check * missing file * add comments * fix * fix * linter * fixes * fix * linter * linter * linter * draft * fixes * fixes * simplify * update date * rem comments * typo * linter * typo * linter	2022-02-02 19:51:38 +00:00
laurentsimon	5f9fff3b20	✨ Separate check from policies for the Vulnerabilities check (#1532 ) * raw vulnerabilities seperation * update year * missing files * tests	2022-01-26 15:45:39 -05:00
Stephen Augustus (he/him)	41adfe7f34	⚠️ log: Initial `logr`/`logrusr` implementation (#1516 ) * log: Initial logr/logrusr implementation Signed-off-by: Stephen Augustus <foo@auggie.dev> * log: Update references to `log.Logger` Signed-off-by: Stephen Augustus <foo@auggie.dev> * go.mod: Minor reorganization of `replace`s ...to prevent automatic updates from getting added to the smaller section. Signed-off-by: Stephen Augustus <foo@auggie.dev>	2022-01-25 11:17:46 -06:00
Stephen Augustus (he/him)	13b78ab010	⚠️ Create a dedicated logging package to encapsulate calls to `zap` (#1502 ) * log: Init log package Creates a wrapper around existing `zap.Logger` to make it easier to replace/extend with scorecard logging. Signed-off-by: Stephen Augustus <foo@auggie.dev> * log: Replace instances of `zap.Logger` with `log.Logger` Signed-off-by: Stephen Augustus <foo@auggie.dev> * log: Add logic to parse `zapcore.Level`s as strings Signed-off-by: Stephen Augustus <foo@auggie.dev> * log: Express log levels Signed-off-by: Stephen Augustus <foo@auggie.dev> * log: Replace instances of `zapcore.Level` with `log.Level` Signed-off-by: Stephen Augustus <foo@auggie.dev> * log: Fixup comments for exported functions Signed-off-by: Stephen Augustus <foo@auggie.dev>	2022-01-20 15:57:39 -08:00
Azeem Shaikh	f2c57d2590	✨ Migrate to v4	2022-01-12 14:12:09 -06:00
laurentsimon	7a91384f8d	✨ Add line numbers for insecure downloads (#1413 ) * add lines for docker files * support for other constructs * other insecure patterns * fixes * fixes * comments	2022-01-06 00:13:53 +00:00
naveen	de39061cc5	🌱 Refactor vulnerabilities client	2022-01-04 13:55:58 -06:00
naveen	c8f15a495e	🌱 Refactor the osv check into a interface Refactor the osv check into a interface for that it can be tested.	2022-01-04 13:55:58 -06:00
laurentsimon	70fa923907	info to debug (#1416 )	2021-12-23 17:27:40 -06:00
laurentsimon	6f21258131	reduce score by 1 (#1404 )	2021-12-21 17:28:31 +00:00
laurentsimon	f2cee41ca9	✨ [RAW]: dependency update tool (#1391 ) * dependency update tool * rename * missing files * add fields * rm field	2021-12-15 17:02:31 +00:00
laurentsimon	b323cded04	🐛 checks.yml not sync'ed with checks.md (#1360 ) * update docs * update * remove file * remove improper commit * fix	2021-12-04 08:56:50 -06:00
laurentsimon	afe55a83c1	🐛 Disable pinning lock file search in repo (#1315 ) * fix * linter * linter * linter * comment	2021-12-04 00:44:09 +00:00
laurentsimon	aed511670f	✨ Cleanup Branch Protection and add e2e tests (#1344 ) * BP cleanup * linnter * e2e fix * linter * linter Co-authored-by: asraa <asraa@google.com>	2021-12-03 21:53:18 +00:00
Nanik	45b5a35020	✨ Add new checking for license file availability (#1178 ) * Add checking logic inside license_check.go * Add test case license_check_test.go * Add check information inside checks.yaml	2021-12-03 09:28:27 -08:00
laurentsimon	8cb4804c28	✨ Update action names (#1346 ) * update action * add schedule * comments * e2e fix	2021-12-03 02:17:00 +00:00
laurentsimon	938c637ee0	rem audio files (#1300 ) Co-authored-by: Naveen <172697+naveensrinivasan@users.noreply.github.com> Co-authored-by: Azeem Shaikh <azeemshaikh38@gmail.com>	2021-12-03 00:54:06 +00:00
laurentsimon	23b0ddb8aa	fix (#1316 )	2021-11-20 05:51:11 +00:00
laurentsimon	fd8731481f	✨ Update score for branch protection with levels (#1287 ) * draft * draft2 * fix * fix * fix * test * linter * comments * comment * update doc * comments	2021-11-20 01:42:21 +00:00
Azeem Shaikh	2375ae2812	Add a OssFuzzRepoClient (#1280 ) Co-authored-by: Azeem Shaikh <azeems@google.com>	2021-11-17 03:04:37 +00:00
Azeem Shaikh	0b32cc3138	Fix broken e2e tests (#1291 ) Co-authored-by: Azeem Shaikh <azeems@google.com>	2021-11-17 02:41:25 +00:00
laurentsimon	86835fcfd6	🐛 Fix branch protection results (#1252 ) * fix * fix * doc * fix * comment * update tests * fix * fixes * fix * disable tests temp * score change * fix * comments * docs	2021-11-16 17:27:27 +00:00
Azeem Shaikh	71e8698617	Add a cron job to copy CII badges data (#1278 ) Co-authored-by: Azeem Shaikh <azeems@google.com>	2021-11-16 04:23:00 +00:00
asraa	1050b1cd60	✨ Add dangerous workflow check with untrusted code checkout pattern (#1168 ) * add dangerous workflow check with untrusted code checkout pattern Signed-off-by: Asra Ali <asraa@google.com> * update Signed-off-by: Asra Ali <asraa@google.com> * add env var Signed-off-by: Asra Ali <asraa@google.com> * fix comment Signed-off-by: Asra Ali <asraa@google.com> * add repos git checks.yaml Signed-off-by: Asra Ali <asraa@google.com> * update checks.md Signed-off-by: Asra Ali <asraa@google.com> * address comments Signed-off-by: Asra Ali <asraa@google.com> * fix merge Signed-off-by: Asra Ali <asraa@google.com> * add delete Signed-off-by: Asra Ali <asraa@google.com> * update docs Signed-off-by: Asra Ali <asraa@google.com> Co-authored-by: Naveen <172697+naveensrinivasan@users.noreply.github.com>	2021-11-15 20:18:10 +00:00
Azeem Shaikh	72e20a076c	Add `repoClient.Close` for all e2e tests (#1265 ) Co-authored-by: Azeem Shaikh <azeems@google.com>	2021-11-15 14:53:01 +11:00
Azeem Shaikh	6223b6620a	Add CIIClient interface (#1262 ) Co-authored-by: Azeem Shaikh <azeems@google.com>	2021-11-15 02:46:41 +00:00
Azeem Shaikh	51de6b6e5d	Check for issue activity in Maintained (#1251 ) Co-authored-by: Azeem Shaikh <azeems@google.com>	2021-11-12 22:16:22 +00:00
Eng Zer Jun	177502552a	🌱 Move from io/ioutil to io and os packages (#1250 ) The io/ioutil package has been deprecated as of Go 1.16, see https://golang.org/doc/go1.16#ioutil. This commit replaces the existing io/ioutil functions with their new definitions in io and os packages. Signed-off-by: Eng Zer Jun <zerjun@eta-hd.com> Co-authored-by: laurentsimon <64505099+laurentsimon@users.noreply.github.com>	2021-11-12 19:34:46 +00:00
naveen	257d99e1c6	🌱 Fixed the failing tests The failing tests couldn't be fixed before because the code wasn't up to date in the last PR.	2021-11-02 12:03:30 -05:00
Oliver Chang	d3796f29b1	✨ Add ClusterFuzzLite to Fuzzing check. (#1166 ) * Add ClusterFuzzLite to Fuzzing check. Check for the existence of ".clusterfuzzlite/Dockerfile". Fixes #1148. * comment Co-authored-by: Naveen <172697+naveensrinivasan@users.noreply.github.com>	2021-10-29 22:33:17 -07:00
naveen	a53245a9fc	🐛 Fix broken e2e tests for Binary Artifacts Fixed the broken e2e tests for Binary artifacts.	2021-10-29 17:39:37 -05:00
naveen	aa634bd251	🌱 Fixes the broken e2e Fixes for broken e2e	2021-10-26 20:11:21 -05:00
Naveen	6c1c789dc5	🌱 v3 upgrade changes (#1118 ) v3 go.mod changes	2021-10-07 18:16:01 -05:00
Azeem Shaikh	bc37c74b28	Remove Owner/Repo strings from CheckRequest (#997 ) Co-authored-by: Azeem Shaikh <azeems@google.com>	2021-09-10 10:13:14 -07:00
neil465	5476b878bd	✨ Removed unnecessary linters (#969 ) * gomnd * prealloc * dupl	2021-09-07 10:45:12 -04:00
Azeem Shaikh	afe5b40567	Make RepoClient as default interface for Scorecard (#951 ) Co-authored-by: Azeem Shaikh <azeems@google.com>	2021-09-02 02:32:26 +00:00
Azeem Shaikh	9a1978a051	Use RefUpdateRule in BranchProtection check (#936 ) Co-authored-by: Azeem Shaikh <azeems@google.com>	2021-08-30 23:14:42 +00:00
Azeem Shaikh	d9f5209803	Update test utils (#933 ) Co-authored-by: Azeem Shaikh <azeems@google.com>	2021-08-30 14:12:57 -07:00
laurentsimon	9eb7929ebc	🐛 Address friction logs' comments (#899 ) * fixes * fix * fix * fixes * doc * missing file * fixes * comments * typo	2021-08-25 21:02:23 +00:00
Azeem Shaikh	42ee430332	Use RepoClient API for Fuzzing (#855 ) Co-authored-by: Azeem Shaikh <azeems@google.com>	2021-08-14 00:34:40 +00:00
Azeem Shaikh	4c585f2e5f	Fix nil pointer bug (#856 ) Co-authored-by: Azeem Shaikh <azeems@google.com>	2021-08-13 23:42:03 +00:00
Azeem Shaikh	8baaaa4cf8	Use RepoClient API for Contributors check (#854 ) Co-authored-by: Azeem Shaikh <azeems@google.com>	2021-08-13 18:13:43 +00:00
Azeem Shaikh	b7ddc9ac93	Update go-github version for consistency (#852 ) Co-authored-by: Azeem Shaikh <azeems@google.com>	2021-08-13 00:43:22 +00:00
Azeem Shaikh	d4701c4a4e	Delete `Signed-Tags` check from Scorecard (#851 ) Co-authored-by: Azeem Shaikh <azeems@google.com>	2021-08-12 22:26:50 +00:00
Azeem Shaikh	3f9431d08c	Update SignedReleases to use RepoClient API (#844 ) Co-authored-by: Azeem Shaikh <azeems@google.com>	2021-08-12 20:46:06 +00:00

1 2 3

115 Commits