Commit Graph

139 Commits

Author SHA1 Message Date
Arnout Engelen
def5eadd77
📖 update bigquery docs in README (#2714)
Signed-off-by: Arnout Engelen <arnout@bzzt.net>
2023-03-03 14:25:05 +00:00
Theodore Tsirpanis
8add330e1d
📖 Fix links. (#2703)
* Fix link.

Signed-off-by: Theodore Tsirpanis <teo@tsirpanis.gr>

* Update two more links.

Signed-off-by: Theodore Tsirpanis <teo@tsirpanis.gr>

---------

Signed-off-by: Theodore Tsirpanis <teo@tsirpanis.gr>
2023-02-28 15:12:49 -06:00
Ashwin Ramaswami
d331f8e1b1
Fix typo (add s to ') (#2638)
Signed-off-by: Ashwin Ramaswami <aramaswamis@gmail.com>
2023-02-03 18:15:11 +00:00
raghavkaul
bf516e1824
🐛 Use leveled scoring for Code Review check (#2542)
* Ignore bot commits when calculating Code Review score

* Update clients
* Update scoring

Signed-off-by: Raghav Kaul <raghavkaul@google.com>

* Address PR comments

* Test coverage
* Docs
* Raw results

Signed-off-by: Raghav Kaul <raghavkaul@google.com>

Signed-off-by: Raghav Kaul <raghavkaul@google.com>
2023-01-10 20:46:11 -08:00
Mike Maraya
1d15e9c748
classic personal access tokens required (#2565)
Clarified that classic personal access tokens, not fine-grained ones, are needed for scorecard to work.

Signed-off-by: Mike Maraya <mmaraya@users.noreply.github.com>

Signed-off-by: Mike Maraya <mmaraya@users.noreply.github.com>
2023-01-05 19:00:35 +00:00
Joyce
e8b0223c2e
📖 Mention 2FA relevance although not checked by Scorecard (#2528)
* feat: add information about two factor authentication

Signed-off-by: Joyce Brum <joycebrum@google.com>

* fix: descriptiton of 2FA to be more complete

Signed-off-by: Joyce Brum <joycebrum@google.com>

Signed-off-by: Joyce Brum <joycebrum@google.com>
2022-12-08 12:48:13 -08:00
Arnaud J Le Hors
c3f4e31c28
📖 Use scorecard (singular) consistently (#2428)
* Use scorecard (singular) consistently
* Use OpenSSF instead of Security in name and add FAQ entry
2022-12-01 15:06:12 +05:30
Scott Brenner
b12b093f68
README formatting fix (#2356)
Signed-off-by: Scott Brenner <scott@scottbrenner.me>

Signed-off-by: Scott Brenner <scott@scottbrenner.me>
2022-10-16 14:11:12 +00:00
Bill Nottingham
36d6a340ed
Note that LGTM service is deprecated. (#2339)
Signed-off-by: Bill Nottingham <notting@tidelift.com>

Signed-off-by: Bill Nottingham <notting@tidelift.com>
2022-10-14 10:09:33 -05:00
Joyce
4b99a3a509
📖 Create the Frequently Asked Questions Document (#2327)
* docs: create faq.md file

Signed-off-by: Joyce Brum <joycebrumu.u@gmail.com>

* docs: update README to refer FAQ

Signed-off-by: Joyce Brum <joycebrumu.u@gmail.com>

* docs: minor fixes in the faq text

Signed-off-by: Joyce Brum <joycebrumu.u@gmail.com>

Signed-off-by: Joyce Brum <joycebrumu.u@gmail.com>
2022-10-05 18:31:25 +00:00
David A. Wheeler
11657e48ac
📖 Remove trailing whitespace (#2241)
Remove trailing whitespace in README.md and checks.yaml.

Trailing whitespace creates long-term hidden problems, because
in most editors they aren't visible, yet changing them creates
what appear to be spurious changes. They can also create
surprising merge conflicts. Removing them removes the problem
long term.

Signed-off-by: David A. Wheeler <dwheeler@dwheeler.com>

Signed-off-by: David A. Wheeler <dwheeler@dwheeler.com>
2022-09-08 18:12:35 +00:00
David A. Wheeler
da785a2dc8
Rename CII->OpenSSF Best Practices badge (#2239)
Signed-off-by: David A. Wheeler <dwheeler@dwheeler.com>

Signed-off-by: David A. Wheeler <dwheeler@dwheeler.com>
2022-09-08 12:07:15 -05:00
Azeem Shaikh
d13ba3f335
📖 Update instructions and other fixes in README (#2212)
* Updated instructions and some fixes to README

* Add Scorecard users

* Fix `Using Package Manager`
2022-08-31 18:24:31 +00:00
laurentsimon
887facf3ca
Use generic generator for SLSA (#2146)
* update

* update

* update

* update

* update

* update

* update

* update

* update

* update
2022-08-17 00:27:03 +00:00
raghavkaul
ff9c0626ef
🐛 Detect recently created Github repositories (#2151)
* Bugfix: Detect recently created Github repositories

Adjust the unweighted score -3 points if they were created in the last
90 days

* Address PR comments

* Address PR comments

* Make log message more urgent
* Add to raw results
* Zero 'Maintained' score if the repo is too new to evaluate

* Update docs

* Update maintained_test.go

* Fix lint error
2022-08-16 16:09:46 -07:00
Spencer Schrock
7f0258ecba
Include an example query for the public BigQuery dataset (#2123) 2022-08-04 14:04:52 -05:00
Azeem Shaikh
c581062fe7
Enable Scorecard badge (#2097)
Co-authored-by: Azeem Shaikh <azeems@google.com>
2022-07-27 19:04:07 +00:00
Naveen
7c912030b1
🌱 Naveen Company updated. (#2082)
Signed-off-by: naveensrinivasan <172697+naveensrinivasan@users.noreply.github.com>
2022-07-20 23:33:38 +00:00
Bhurinat Wangsutthitham
a905d66845
fix: invalid documentation link (#2073) 2022-07-19 14:52:35 +00:00
laurentsimon
3b7c46f779
SLSA provenance/build (#1702)
* SLSA build

* missing files

* updates

* updates

* updates

* indent fix

* update

* update

* updates

* updates

* updates

* updates
2022-06-08 09:54:09 -07:00
Arnaud J Le Hors
2c34a46503
Fix cron related documentation (#1986)
Fix link to projects.csv in README.md
Remove out of date info on daily cron job from CONTRIBUTING.md and fix
various links.

Signed-off-by: Arnaud J Le Hors <lehors@us.ibm.com>

Co-authored-by: Azeem Shaikh <azeemshaikh38@gmail.com>
2022-06-07 20:12:28 +02:00
Naveen
f712144d00
🌱 Included Stargazers over time (#1971) 2022-05-31 17:03:39 +00:00
Scott Ford
cd0470403b
📖 Fixes description for webhook check (#1882)
Signed-off-by: Scott Ford <scott@scottford.io>
2022-05-12 21:14:43 +00:00
Arnaud J Le Hors
815de1819f
📖 Remove erroneous ref to CSV output (#1813) 2022-05-09 12:15:14 +00:00
laurentsimon
b304306451
Add token needed for checks in README (#1854)
* check perm doc

* updates
2022-04-26 16:02:02 +00:00
stm9
c10a6ae0f0
Update README.md (#1716)
Updated instructions on how to access public BigQuery dataset in section [public-data] (https://github.com/ossf/scorecard/edit/main/README.md#public-data)

Co-authored-by: Azeem Shaikh <azeemshaikh38@gmail.com>
2022-03-08 15:44:38 +00:00
Stephen Augustus (he/him)
d71866ca16 Update badges to correct package version and reference URLs 2022-02-27 09:29:49 -06:00
naveensrinivasan
c664364ccf 📖 Included reference to the GoDoc 2022-02-27 09:29:49 -06:00
Stephen Augustus (he/him)
394789cf22
README.md: Add OpenSSF Best Practices badge (#1629)
Signed-off-by: Stephen Augustus <foo@auggie.dev>
2022-02-12 03:46:52 -08:00
Julia Ferraioli
95e7c030eb
Update the biweekly meeting times (#1603) 2022-02-04 20:50:41 +00:00
Arnout Engelen
28bf341a3f 📖 recommend nix-shell over nix-env
Which is more idiomatic
2022-02-03 11:53:25 -06:00
Stephen Augustus (he/him)
53f21cb523
README: s/Justin/Stephen (#1565)
...also fixes link to GitHub profile.

Signed-off-by: Stephen Augustus <foo@auggie.dev>
2022-01-29 10:32:07 -08:00
Azeem Shaikh
d50788f638
Add Slack channel badge (#1536)
Adds a new badge pointing to our Slack channel.
2022-01-26 22:48:28 +00:00
naveen
c3589e8080 📖 Updated codecov badge 2022-01-19 18:42:39 -06:00
Azeem Shaikh
96ea22eac5
Add and use compressed Scorecard logos (#1492)
Co-authored-by: Azeem Shaikh <azeems@google.com>
2022-01-19 18:08:35 +00:00
olivekl
c60b66bbc8
📖 Olivekl v4 doc updates (#1481)
* Create scorecards-analysis.yml

* Update README.md

Move Public Data section
Add placeholders for new installation organization, TODOs for public data section

* Update README.md

Remove outdated public data scoring system paragraph

* Update README.md

Add explanation of Scorecard Action install option and link out

* Update README.md

Add sentence introducing CLI installation section; move all heading down a level for that section

* Update README.md

Fix typo

* Update README.md

Remove comma

* Delete scorecards-analysis.yml file

Co-authored-by: Azeem Shaikh <azeemshaikh38@gmail.com>
2022-01-14 20:46:30 +00:00
Azeem Shaikh
f36e2223ce
Update BigQuery access instructions (#1442)
Co-authored-by: Naveen <172697+naveensrinivasan@users.noreply.github.com>
2022-01-06 21:06:23 +00:00
olivekl
09a41a93b4
Update README.md (#1436)
Add risk levels to table of Scorecards Checks section; remove lists of each risk level in the Scoring section. (To streamline navigation; keeps the same info but just in shorter format)
2022-01-05 22:01:51 +00:00
laurentsimon
c11772788a
add links (#1433) 2022-01-04 12:05:15 -06:00
laurentsimon
5d472a8eab
update doc (#1431) 2021-12-31 12:53:27 -06:00
Naveen
f965a82e2c
📖 Included goreport in the README (#1409)
Co-authored-by: Azeem Shaikh <azeemshaikh38@gmail.com>
2021-12-28 16:15:49 +00:00
olivekl
d4df1f6136
Update README.md (#1388)
Update link for more useful GH app authentication instructions
2021-12-13 20:50:43 +00:00
olivekl
fa29896003
Clarify Authentication and Token info in README.md (#1387)
Add suggestion of which PAT to set;
Add explanation of why authentication is needed;
Clarity the "either-or" options for authentication;
Add link to GH Installations (please confirm link is correct)
2021-12-13 10:08:19 -08:00
Jamie Magee
777713901e docs: add installation instructions for mac and linux 2021-12-08 18:27:41 -06:00
Chen
be9a6234b5
Update the Risk of dangerous-workflow (#1361)
Co-authored-by: Azeem Shaikh <azeemshaikh38@gmail.com>
2021-12-07 18:00:36 +00:00
laurentsimon
3eb2e5aec8
license (#1350) 2021-12-03 21:01:38 +00:00
laurentsimon
b8d7a6b722
make critical (#1348) 2021-12-03 17:55:54 +00:00
dota17
6a7e314c37 1.Add the check Dangerous-Workflow
2.Fix the typo of rubygems
2021-12-01 07:44:28 -06:00
Evgeny Vereshchagin
6a2fb2edc2
Add LGTM to the SAST check (#1232)
According to https://github.com/apps/lgtm-com
"LGTM is a code analysis platform for identifying vulnerabilities early and preventing
them from reaching production". It's used by `systemd`, `lxc` and a lot of other large
open source projects. The check is
still kind of broken in the sense that it fails to detect
projects where every PR is analyzed by LGTM before getting merged
but it's better than nothing I guess.

Co-authored-by: Naveen <172697+naveensrinivasan@users.noreply.github.com>
2021-11-10 10:09:11 -08:00
Chris McGehee
4fbd0fe93e Adding Chris as facilitator 2021-11-08 18:11:07 -06:00