ossf/scorecard
1
1
Fork 0
mirror of https://github.com/ossf/scorecard.git synced 2024-11-04 03:52:31 +03:00
Code Issues Actions 1 Packages Projects Releases Wiki Activity
1,149 Commits 36 Branches 42 Tags 438 MiB
e7fd58d9a3
Commit Graph

13 Commits

Author SHA1 Message Date
laurentsimon
e7fd58d9a3
Check for secrets in pull_request_target (#1634) 
* checks/dangerous_workflow.go: add pull_request_target support for secrets

* missing files

* linter
 2022-02-15 16:04:57 +00:00
Azeem Shaikh
2e3e505a8c
Simplify DetailLogger interface (#1628) 
Co-authored-by: Azeem Shaikh <azeems@google.com>
 2022-02-11 15:48:58 -08:00
laurentsimon
7de151cf49
Check for secrets in workflows run on pull requests (#1615) 
* updates

* missing files

* typo

* linter

* linter

* updates

* updates
 2022-02-10 18:54:44 +00:00
Azeem Shaikh
6930c3ab3b
Add support for commit-based Scorecard (#1613) 
Co-authored-by: Azeem Shaikh <azeems@google.com>
 2022-02-07 19:03:36 -08:00
Azeem Shaikh
1c95237e4a
Only run allowed checks in different modes (#1579) 
Co-authored-by: Azeem Shaikh <azeems@google.com>
 2022-02-07 16:49:49 -08:00
naveen
f7b329e830 Unit test for all_checks 
Addresses https://github.com/ossf/scorecard/issues/435

Signed-off-by: naveen <172697+naveensrinivasan@users.noreply.github.com>
 2022-01-12 17:24:38 -06:00
Azeem Shaikh
f2c57d2590 Migrate to v4 2022-01-12 14:12:09 -06:00
laurentsimon
7a91384f8d
Add line numbers for insecure downloads (#1413) 
* add lines for docker files

* support for other constructs

* other insecure patterns

* fixes

* fixes

* comments
 2022-01-06 00:13:53 +00:00
asraa
cfa1593e1c
Add Script Injection to Dangerous-Workflow (#1368) 
* add dangerous workflow pattern script injection

Signed-off-by: Asra Ali <asraa@google.com>

* add more tests

Signed-off-by: Asra Ali <asraa@google.com>

* update laurent comments

Signed-off-by: Asra Ali <asraa@google.com>
 2021-12-09 13:53:55 -08:00
asraa
fd67ddf1c4
🌱 update dangerous workflow to use actionlint (#1328) 
* update dangerous workflow to use actionlint

Signed-off-by: Asra Ali <asraa@google.com>

* fix nilptr

Signed-off-by: Asra Ali <asraa@google.com>

Co-authored-by: Azeem Shaikh <azeemshaikh38@gmail.com>
 2021-11-22 18:32:27 +00:00
asraa
730076fab1
🐛 fix dangerous workflow test and workflow parsing (#1283) 
* fix dangerous workflow

Signed-off-by: Asra Ali <asraa@google.com>

* check if removing label comment fixes

Signed-off-by: Asra Ali <asraa@google.com>

Co-authored-by: Azeem Shaikh <azeemshaikh38@gmail.com>
 2021-11-20 00:16:02 +00:00
laurentsimon
cc4949465b
[Check split]: Binary-Artifacts (#1244) 
* split binary artifact check

* fix

* missing file

* comments

* linter

* fix

* comments

* linter
 2021-11-16 19:57:14 +00:00
asraa
1050b1cd60
Add dangerous workflow check with untrusted code checkout pattern (#1168) 
* add dangerous workflow check with untrusted code checkout pattern

Signed-off-by: Asra Ali <asraa@google.com>

* update

Signed-off-by: Asra Ali <asraa@google.com>

* add env var

Signed-off-by: Asra Ali <asraa@google.com>

* fix comment

Signed-off-by: Asra Ali <asraa@google.com>

* add repos git checks.yaml

Signed-off-by: Asra Ali <asraa@google.com>

* update checks.md

Signed-off-by: Asra Ali <asraa@google.com>

* address comments

Signed-off-by: Asra Ali <asraa@google.com>

* fix merge

Signed-off-by: Asra Ali <asraa@google.com>

* add delete

Signed-off-by: Asra Ali <asraa@google.com>

* update docs

Signed-off-by: Asra Ali <asraa@google.com>

Co-authored-by: Naveen <172697+naveensrinivasan@users.noreply.github.com>
 2021-11-15 20:18:10 +00:00