dependabot[bot]
10bd777ddf
🌱 Bump peter-evans/find-comment from 1.3.0 to 2
...
Bumps [peter-evans/find-comment](https://github.com/peter-evans/find-comment ) from 1.3.0 to 2.
- [Release notes](https://github.com/peter-evans/find-comment/releases )
- [Commits](d2dae40ed1...1769778a0c
)
---
updated-dependencies:
- dependency-name: peter-evans/find-comment
dependency-type: direct:production
update-type: version-update:semver-major
...
Signed-off-by: dependabot[bot] <support@github.com>
2022-03-23 01:08:04 +00:00
dependabot[bot]
0a82d2b425
🌱 Bump google.golang.org/protobuf from 1.27.1 to 1.28.0
...
Bumps [google.golang.org/protobuf](https://github.com/protocolbuffers/protobuf-go ) from 1.27.1 to 1.28.0.
- [Release notes](https://github.com/protocolbuffers/protobuf-go/releases )
- [Changelog](https://github.com/protocolbuffers/protobuf-go/blob/master/release.bash )
- [Commits](https://github.com/protocolbuffers/protobuf-go/compare/v1.27.1...v1.28.0 )
---
updated-dependencies:
- dependency-name: google.golang.org/protobuf
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
2022-03-23 00:49:24 +00:00
dependabot[bot]
aecff0bc1b
🌱 Bump peter-evans/create-or-update-comment from 1.4.5 to 2
...
Bumps [peter-evans/create-or-update-comment](https://github.com/peter-evans/create-or-update-comment ) from 1.4.5 to 2.
- [Release notes](https://github.com/peter-evans/create-or-update-comment/releases )
- [Commits](a35cf36e53...c9fcb64660
)
---
updated-dependencies:
- dependency-name: peter-evans/create-or-update-comment
dependency-type: direct:production
update-type: version-update:semver-major
...
Signed-off-by: dependabot[bot] <support@github.com>
2022-03-22 23:36:02 +00:00
dependabot[bot]
c671bac37d
🌱 Bump peter-evans/slash-command-dispatch from 2.3.0 to 3
...
Bumps [peter-evans/slash-command-dispatch](https://github.com/peter-evans/slash-command-dispatch ) from 2.3.0 to 3.
- [Release notes](https://github.com/peter-evans/slash-command-dispatch/releases )
- [Commits](40877f718d...2afb49dbaa
)
---
updated-dependencies:
- dependency-name: peter-evans/slash-command-dispatch
dependency-type: direct:production
update-type: version-update:semver-major
...
Signed-off-by: dependabot[bot] <support@github.com>
2022-03-22 22:59:08 +00:00
dependabot[bot]
28635662b8
🌱 Bump actions/upload-artifact from 2.3.1 to 3
...
Bumps [actions/upload-artifact](https://github.com/actions/upload-artifact ) from 2.3.1 to 3.
- [Release notes](https://github.com/actions/upload-artifact/releases )
- [Commits](82c141cc51...6673cd052c
)
---
updated-dependencies:
- dependency-name: actions/upload-artifact
dependency-type: direct:production
update-type: version-update:semver-major
...
Signed-off-by: dependabot[bot] <support@github.com>
2022-03-22 22:11:20 +00:00
dependabot[bot]
a69fda734d
🌱 Bump actions/cache from 2.1.7 to 3
...
Bumps [actions/cache](https://github.com/actions/cache ) from 2.1.7 to 3.
- [Release notes](https://github.com/actions/cache/releases )
- [Commits](937d244753...4b0cf6cc46
)
---
updated-dependencies:
- dependency-name: actions/cache
dependency-type: direct:production
update-type: version-update:semver-major
...
Signed-off-by: dependabot[bot] <support@github.com>
2022-03-22 10:48:03 -05:00
dependabot[bot]
d51e004a13
🌱 Bump google.golang.org/protobuf in /tools
...
Bumps [google.golang.org/protobuf](https://github.com/protocolbuffers/protobuf-go ) from 1.27.1 to 1.28.0.
- [Release notes](https://github.com/protocolbuffers/protobuf-go/releases )
- [Changelog](https://github.com/protocolbuffers/protobuf-go/blob/master/release.bash )
- [Commits](https://github.com/protocolbuffers/protobuf-go/compare/v1.27.1...v1.28.0 )
---
updated-dependencies:
- dependency-name: google.golang.org/protobuf
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
2022-03-22 10:04:26 -05:00
laurentsimon
06efb4a71c
✨ Update BQ table name for raw results ( #1759 )
...
* Update name
* comments
2022-03-21 23:50:45 +00:00
laurentsimon
1094680a0f
🐛 Fix schemas from https://github.com/ossf/scorecard/pull/1758 ( #1760 )
...
* Fix schemas
* updates
* updates
2022-03-21 21:03:26 +00:00
laurentsimon
ee623e5445
Add schema for the raw JSON ( #1758 )
2022-03-21 13:08:50 -07:00
Naveen
1c61acd325
Update main.yml
2022-03-21 09:00:27 -05:00
Naveen
8fd286d225
Update stale.yml
2022-03-21 09:00:27 -05:00
naveensrinivasan
76d3e10536
🌱 Restrict egress on github actions
...
Signed-off-by: naveensrinivasan <172697+naveensrinivasan@users.noreply.github.com>
2022-03-21 09:00:27 -05:00
dependabot[bot]
0c76ae35ab
🌱 Bump distroless/base in /cron/controller
...
Bumps distroless/base from `02f6671` to `792dfe7`.
---
updated-dependencies:
- dependency-name: distroless/base
dependency-type: direct:production
...
Signed-off-by: dependabot[bot] <support@github.com>
2022-03-21 06:12:34 -05:00
dependabot[bot]
64893b84a9
🌱 Bump step-security/harden-runner from 1.4.0 to 1.4.1
...
Bumps [step-security/harden-runner](https://github.com/step-security/harden-runner ) from 1.4.0 to 1.4.1.
- [Release notes](https://github.com/step-security/harden-runner/releases )
- [Commits](bdb12b622a...9b0655f430
)
---
updated-dependencies:
- dependency-name: step-security/harden-runner
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
2022-03-21 04:44:28 -05:00
laurentsimon
b1ab16e80f
✨ Add raw results to cron scans ( #1741 )
...
* draft
* updates
* updates
* updates
* updates
* updates
* comments
* comments
* comments
* comments
* comments
* comments
2022-03-18 19:05:14 -07:00
dependabot[bot]
d5893c226f
🌱 Bump distroless/base from 02f6671
to 792dfe7
...
Bumps distroless/base from `02f6671` to `792dfe7`.
---
updated-dependencies:
- dependency-name: distroless/base
dependency-type: direct:production
...
Signed-off-by: dependabot[bot] <support@github.com>
2022-03-18 09:59:25 -05:00
dependabot[bot]
9e9e5a9392
🌱 Bump distroless/base in /cron/webhook
...
Bumps distroless/base from `02f6671` to `792dfe7`.
---
updated-dependencies:
- dependency-name: distroless/base
dependency-type: direct:production
...
Signed-off-by: dependabot[bot] <support@github.com>
2022-03-18 09:39:11 -05:00
dependabot[bot]
8f6df49de8
🌱 Bump github.com/go-logr/logr from 1.2.2 to 1.2.3
...
Bumps [github.com/go-logr/logr](https://github.com/go-logr/logr ) from 1.2.2 to 1.2.3.
- [Release notes](https://github.com/go-logr/logr/releases )
- [Changelog](https://github.com/go-logr/logr/blob/master/CHANGELOG.md )
- [Commits](https://github.com/go-logr/logr/compare/v1.2.2...v1.2.3 )
---
updated-dependencies:
- dependency-name: github.com/go-logr/logr
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
2022-03-18 09:06:22 -05:00
dependabot[bot]
23921a6cc5
🌱 Bump distroless/base in /cron/worker
...
Bumps distroless/base from `02f6671` to `792dfe7`.
---
updated-dependencies:
- dependency-name: distroless/base
dependency-type: direct:production
...
Signed-off-by: dependabot[bot] <support@github.com>
2022-03-18 08:54:35 -05:00
dependabot[bot]
a496d8ca87
🌱 Bump cloud.google.com/go/bigquery from 1.29.0 to 1.30.0
...
Bumps [cloud.google.com/go/bigquery](https://github.com/googleapis/google-cloud-go ) from 1.29.0 to 1.30.0.
- [Release notes](https://github.com/googleapis/google-cloud-go/releases )
- [Changelog](https://github.com/googleapis/google-cloud-go/blob/main/CHANGES.md )
- [Commits](https://github.com/googleapis/google-cloud-go/compare/spanner/v1.29.0...spanner/v1.30.0 )
---
updated-dependencies:
- dependency-name: cloud.google.com/go/bigquery
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
2022-03-17 12:01:45 -05:00
Azeem Shaikh
a3f4b05bbf
Pass in specific commit-SHA in cron job ( #1739 )
...
Co-authored-by: Azeem Shaikh <azeems@google.com>
2022-03-16 22:53:51 +00:00
naveensrinivasan
ba78d0aa59
✨ Unit test for CLI options
...
- Initial tests for CLI options.
2022-03-16 16:33:31 -05:00
Azeem Shaikh
dc302bde4d
Enable CI-Tests
to run as commit-based check
2022-03-16 16:20:21 -05:00
Naveen
c8acf3645f
🌱 .github: Audit CodeQL egress with harden-runner ( #1728 )
2022-03-15 16:14:03 +00:00
dependabot[bot]
c8af71cf35
🌱 Bump crazy-max/ghaction-import-gpg from 4.2.0 to 4.3.0
...
Bumps [crazy-max/ghaction-import-gpg](https://github.com/crazy-max/ghaction-import-gpg ) from 4.2.0 to 4.3.0.
- [Release notes](https://github.com/crazy-max/ghaction-import-gpg/releases )
- [Changelog](https://github.com/crazy-max/ghaction-import-gpg/blob/master/CHANGELOG.md )
- [Commits](b7c9a01276...4d58d49bfe
)
---
updated-dependencies:
- dependency-name: crazy-max/ghaction-import-gpg
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
2022-03-15 05:11:38 -05:00
dependabot[bot]
3f73d69acd
🌱 Bump github.com/rhysd/actionlint from 1.6.9 to 1.6.10
...
Bumps [github.com/rhysd/actionlint](https://github.com/rhysd/actionlint ) from 1.6.9 to 1.6.10.
- [Release notes](https://github.com/rhysd/actionlint/releases )
- [Changelog](https://github.com/rhysd/actionlint/blob/main/CHANGELOG.md )
- [Commits](https://github.com/rhysd/actionlint/compare/v1.6.9...v1.6.10 )
---
updated-dependencies:
- dependency-name: github.com/rhysd/actionlint
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
2022-03-14 06:32:30 -05:00
dependabot[bot]
2df9d088f2
🌱 Bump github.com/goreleaser/goreleaser in /tools
...
Bumps [github.com/goreleaser/goreleaser](https://github.com/goreleaser/goreleaser ) from 1.6.1 to 1.6.3.
- [Release notes](https://github.com/goreleaser/goreleaser/releases )
- [Changelog](https://github.com/goreleaser/goreleaser/blob/main/.goreleaser.yaml )
- [Commits](https://github.com/goreleaser/goreleaser/compare/v1.6.1...v1.6.3 )
---
updated-dependencies:
- dependency-name: github.com/goreleaser/goreleaser
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
2022-03-14 06:18:25 -05:00
naveensrinivasan
7d1795384c
Fixed the path of the generated mock files.
...
Signed-off-by: naveensrinivasan <172697+naveensrinivasan@users.noreply.github.com>
2022-03-11 09:55:24 -06:00
naveensrinivasan
1995bc3b9c
🌱 Refactor to make it testable
...
- Related to https://github.com/ossf/scorecard/issues/1568
Signed-off-by: naveensrinivasan <172697+naveensrinivasan@users.noreply.github.com>
2022-03-11 09:55:24 -06:00
dependabot[bot]
f2a132a430
🌱 Bump github.com/spf13/cobra from 1.3.0 to 1.4.0
...
Bumps [github.com/spf13/cobra](https://github.com/spf13/cobra ) from 1.3.0 to 1.4.0.
- [Release notes](https://github.com/spf13/cobra/releases )
- [Changelog](https://github.com/spf13/cobra/blob/master/CHANGELOG.md )
- [Commits](https://github.com/spf13/cobra/compare/v1.3.0...v1.4.0 )
---
updated-dependencies:
- dependency-name: github.com/spf13/cobra
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
2022-03-11 09:29:05 -06:00
naveensrinivasan
e303a1b8fd
🌱 Ignore mock clients for code coverage
...
- Ignoring mock clients for code coverage tracking.
2022-03-09 14:21:20 -06:00
naveensrinivasan
35d31562a0
🌱 Unit tests for pinned_dependencies
...
- Additional tests for pinned_dependencies
https://github.com/ossf/scorecard/issues/986
2022-03-09 09:53:21 -06:00
stm9
c10a6ae0f0
Update README.md ( #1716 )
...
Updated instructions on how to access public BigQuery dataset in section [public-data] (https://github.com/ossf/scorecard/edit/main/README.md#public-data )
Co-authored-by: Azeem Shaikh <azeemshaikh38@gmail.com>
2022-03-08 15:44:38 +00:00
dependabot[bot]
eb258163ea
🌱 Bump cloud.google.com/go/pubsub from 1.18.0 to 1.19.0
...
Bumps [cloud.google.com/go/pubsub](https://github.com/googleapis/google-cloud-go ) from 1.18.0 to 1.19.0.
- [Release notes](https://github.com/googleapis/google-cloud-go/releases )
- [Changelog](https://github.com/googleapis/google-cloud-go/blob/main/CHANGES.md )
- [Commits](https://github.com/googleapis/google-cloud-go/compare/pubsub/v1.18.0...pubsub/v1.19.0 )
---
updated-dependencies:
- dependency-name: cloud.google.com/go/pubsub
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
2022-03-08 06:02:44 -05:00
laurentsimon
e128c3de82
allow empty committer ( #1714 )
2022-03-07 21:25:54 +00:00
Chris McGehee
c1761a8936
Only download repo tarball when necessary
...
Previously, this was downloading the tarball for github.com/google/oss-fuzz every time scorecard was run
2022-03-07 11:52:20 -05:00
dependabot[bot]
0268747d6d
🌱 Bump github.com/goreleaser/goreleaser in /tools
...
Bumps [github.com/goreleaser/goreleaser](https://github.com/goreleaser/goreleaser ) from 1.5.0 to 1.6.1.
- [Release notes](https://github.com/goreleaser/goreleaser/releases )
- [Changelog](https://github.com/goreleaser/goreleaser/blob/main/.goreleaser.yaml )
- [Commits](https://github.com/goreleaser/goreleaser/compare/v1.5.0...v1.6.1 )
---
updated-dependencies:
- dependency-name: github.com/goreleaser/goreleaser
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
2022-03-07 05:29:32 -05:00
naveensrinivasan
4b9f0389c6
🌱 Fix for CVE-2022-23648
...
- Fix for https://github.com/advisories/GHSA-crp2-qrr5-8pq7
2022-03-06 17:08:11 -05:00
Azeem Shaikh
241b0f4b4d
Mark License
, Security-Policy
as commit-based ( #1711 )
...
Co-authored-by: Azeem Shaikh <azeems@google.com>
2022-03-04 11:24:06 -06:00
laurentsimon
3c92dec81b
🐛 Add GitHub committer verification ( #1695 )
...
* Add GitHub committer verification and fix empty reviewers
* update comment
* linter
* comments
2022-03-03 18:04:05 +00:00
dependabot[bot]
57b4664c71
🌱 Bump cloud.google.com/go/bigquery from 1.28.0 to 1.29.0
...
Bumps [cloud.google.com/go/bigquery](https://github.com/googleapis/google-cloud-go ) from 1.28.0 to 1.29.0.
- [Release notes](https://github.com/googleapis/google-cloud-go/releases )
- [Changelog](https://github.com/googleapis/google-cloud-go/blob/main/CHANGES.md )
- [Commits](https://github.com/googleapis/google-cloud-go/compare/spanner/v1.28.0...spanner/v1.29.0 )
---
updated-dependencies:
- dependency-name: cloud.google.com/go/bigquery
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
2022-03-03 07:10:50 -06:00
naveensrinivasan
4904b317ac
🌱 additional tests for github_workflow
...
- Additional tests for github_workflow
2022-03-02 20:36:34 -06:00
Stephen Augustus (he/him)
3070b3ca1b
✨ cmd: Allow new scorecard to be instantiated with options ( #1703 )
...
* cmd: Allow new scorecard commands to be instantiated with options
* options: Default flags to struct field values
* options: Use constants for flag names
* options: Simplify SARIF check
Signed-off-by: Stephen Augustus <foo@auggie.dev>
2022-03-03 01:38:34 +00:00
laurentsimon
d192c8e3ac
✨ Add score to SARIF for all results ( #1694 )
...
* add score
* fix unit tests
2022-03-02 17:06:47 -08:00
laurentsimon
3818dbe839
Update CODEOWNERS ( #1701 )
...
@inferno-chromium asked to be removed because he's not actively reviewing PRs anymore and his inbox is being bombarded :-)
cc @inferno-chromium
2022-03-02 16:21:38 +00:00
dependabot[bot]
189cdc5b9b
🌱 Bump actions/stale from 4.1.0 to 5
...
Bumps [actions/stale](https://github.com/actions/stale ) from 4.1.0 to 5.
- [Release notes](https://github.com/actions/stale/releases )
- [Changelog](https://github.com/actions/stale/blob/main/CHANGELOG.md )
- [Commits](7fb802b307...3cc1237663
)
---
updated-dependencies:
- dependency-name: actions/stale
dependency-type: direct:production
update-type: version-update:semver-major
...
Signed-off-by: dependabot[bot] <support@github.com>
2022-03-02 09:03:04 -06:00
dependabot[bot]
23819152f8
🌱 Bump crazy-max/ghaction-import-gpg from 4.1.0 to 4.2.0
...
Bumps [crazy-max/ghaction-import-gpg](https://github.com/crazy-max/ghaction-import-gpg ) from 4.1.0 to 4.2.0.
- [Release notes](https://github.com/crazy-max/ghaction-import-gpg/releases )
- [Changelog](https://github.com/crazy-max/ghaction-import-gpg/blob/master/CHANGELOG.md )
- [Commits](cb4264d331...b7c9a01276
)
---
updated-dependencies:
- dependency-name: crazy-max/ghaction-import-gpg
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
2022-03-02 08:10:27 -06:00
dependabot[bot]
13b9cc5212
🌱 Bump actions/checkout from 2.4.0 to 3
...
Bumps [actions/checkout](https://github.com/actions/checkout ) from 2.4.0 to 3.
- [Release notes](https://github.com/actions/checkout/releases )
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md )
- [Commits](ec3a7ce113...a12a3943b4
)
---
updated-dependencies:
- dependency-name: actions/checkout
dependency-type: direct:production
update-type: version-update:semver-major
...
Signed-off-by: dependabot[bot] <support@github.com>
2022-03-02 07:29:16 -06:00
Stephen Augustus (he/him)
84cdc8cbec
✨ cmd: Refactor to make importable ( #1696 )
...
* cmd: Refactor to make importable
* options: Add support for parsing via environment variables
* options: Support setting feature flags via option
* cmd: Replace `version` with sigs.k8s.io/release-utils/version
* cmd: Move option validation into pre-run function
Signed-off-by: Stephen Augustus <foo@auggie.dev>
2022-03-01 21:18:44 -08:00