dependabot[bot]
fc7157e38a
🌱 Bump actions/dependency-review-action from 1.0.0 to 1.0.1 ( #1923 )
...
Bumps [actions/dependency-review-action](https://github.com/actions/dependency-review-action ) from 1.0.0 to 1.0.1.
- [Release notes](https://github.com/actions/dependency-review-action/releases )
- [Commits](3f943b86c9...39e692fa32
)
---
updated-dependencies:
- dependency-name: actions/dependency-review-action
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-05-18 07:10:22 -05:00
Naveen
bbaf072dd5
⚠️ Remove the oldjson format from cron ( #1920 )
...
- removed the old json format from cron
fix https://github.com/ossf/scorecard/pull/1487
Signed-off-by: naveensrinivasan <172697+naveensrinivasan@users.noreply.github.com>
2022-05-17 17:31:25 -07:00
Appu
e7ef60d7fe
📖 Add information for pinning manfest lists ( #1918 )
...
* Add information for pinning manfest lists
Signed-off-by: Appu Goundan <appu@google.com>
* Update checks.md
2022-05-17 10:36:57 -07:00
dependabot[bot]
6406cfd4e3
🌱 Bump actions/setup-go from 3.0.0 to 3.1.0
...
Bumps [actions/setup-go](https://github.com/actions/setup-go ) from 3.0.0 to 3.1.0.
- [Release notes](https://github.com/actions/setup-go/releases )
- [Commits](f6164bd8c8...fcdc43634a
)
---
updated-dependencies:
- dependency-name: actions/setup-go
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
2022-05-16 16:52:04 +00:00
Azeem Shaikh
236b296403
Do not fail on empty repositories ( #1914 )
...
Co-authored-by: Azeem Shaikh <azeems@google.com>
2022-05-16 00:41:17 +00:00
laurentsimon
b1ab7eb9bb
✨ Update raw format for Dangerous workflows ( #1865 )
...
* updates
* e2e fix
* comments
2022-05-13 19:10:57 -07:00
Scott Ford
cd0470403b
📖 Fixes description for webhook check ( #1882 )
...
Signed-off-by: Scott Ford <scott@scottford.io>
2022-05-12 21:14:43 +00:00
Naveen
0275a94a3f
:warn: Remove the old Details field from CheckResult ( #1906 )
...
https://github.com/ossf/scorecard/issues/1393
Signed-off-by: naveensrinivasan <172697+naveensrinivasan@users.noreply.github.com>
2022-05-12 12:58:12 -07:00
naveensrinivasan
b9f333bc2a
⚠️ Remove the pass from the CheckResult
...
- Remove Pass field from CheckResult
Signed-off-by: naveensrinivasan <172697+naveensrinivasan@users.noreply.github.com>
2022-05-12 14:03:19 -05:00
dependabot[bot]
f0481647dd
🌱 Bump github.com/caarlos0/env/v6 from 6.9.1 to 6.9.2
...
Bumps [github.com/caarlos0/env/v6](https://github.com/caarlos0/env ) from 6.9.1 to 6.9.2.
- [Release notes](https://github.com/caarlos0/env/releases )
- [Changelog](https://github.com/caarlos0/env/blob/main/.goreleaser.yml )
- [Commits](https://github.com/caarlos0/env/compare/v6.9.1...v6.9.2 )
---
updated-dependencies:
- dependency-name: github.com/caarlos0/env/v6
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
2022-05-12 17:13:16 +00:00
dependabot[bot]
74f521fcf2
🌱 Bump mvdan.cc/sh/v3 from 3.4.3 to 3.5.0
...
Bumps [mvdan.cc/sh/v3](https://github.com/mvdan/sh ) from 3.4.3 to 3.5.0.
- [Release notes](https://github.com/mvdan/sh/releases )
- [Changelog](https://github.com/mvdan/sh/blob/master/CHANGELOG.md )
- [Commits](https://github.com/mvdan/sh/compare/v3.4.3...v3.5.0 )
---
updated-dependencies:
- dependency-name: mvdan.cc/sh/v3
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
2022-05-12 14:43:48 +00:00
dependabot[bot]
2b35afc5bb
🌱 Bump github.com/golangci/golangci-lint in /tools
...
Bumps [github.com/golangci/golangci-lint](https://github.com/golangci/golangci-lint ) from 1.45.2 to 1.46.0.
- [Release notes](https://github.com/golangci/golangci-lint/releases )
- [Changelog](https://github.com/golangci/golangci-lint/blob/master/CHANGELOG.md )
- [Commits](https://github.com/golangci/golangci-lint/compare/v1.45.2...v1.46.0 )
---
updated-dependencies:
- dependency-name: github.com/golangci/golangci-lint
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
2022-05-12 02:04:06 +00:00
laurentsimon
0f30f4eec7
✨ Make permission check aware of GH Pages Action ( #1902 )
...
* update
* update
* update
2022-05-11 20:41:37 -05:00
dependabot[bot]
2fc6fbb196
🌱 Bump cloud.google.com/go/bigquery from 1.31.0 to 1.32.0
...
Bumps [cloud.google.com/go/bigquery](https://github.com/googleapis/google-cloud-go ) from 1.31.0 to 1.32.0.
- [Release notes](https://github.com/googleapis/google-cloud-go/releases )
- [Changelog](https://github.com/googleapis/google-cloud-go/blob/main/CHANGES.md )
- [Commits](https://github.com/googleapis/google-cloud-go/compare/spanner/v1.31.0...spanner/v1.32.0 )
---
updated-dependencies:
- dependency-name: cloud.google.com/go/bigquery
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
2022-05-11 08:47:39 -05:00
Romain Dauby
804127f46a
Upgrade to buildkit 0.10.3
2022-05-10 10:55:48 -05:00
06kellyjac
c5d787a598
pkg: refactor out scorecard_version
2022-05-10 09:51:55 -05:00
laurentsimon
62e3de5f48
🐛 Remove Options that belong to the Action ( #1898 )
...
* updates
* tests
2022-05-09 19:40:15 +00:00
Naveen
7ff4b7e050
⚠️ Removing the confidence field from CheckResult
struct ( #1896 )
...
- Removing the confidence field from `CheckResult` struct
- https://github.com/ossf/scorecard/issues/1393
Signed-off-by: naveensrinivasan <172697+naveensrinivasan@users.noreply.github.com>
2022-05-09 17:46:24 +00:00
Arnaud J Le Hors
6d79817e3b
📖 Fix command Usage ( #1814 )
...
This changes the cmd Usage text to accurately represents the
supported syntax:
Usage:
./scorecard (--repo=<repo> | --local=<folder> | --{npm,pypi,rubygems}=<package_name>)
[--checks=check1,...] [--show-details] [flags]
...
--repo string repository to check (valid inputs: "owner/repo", "github.com/owner/repo", "https://github.com/owner/repo ")
...
Signed-off-by: Arnaud J Le Hors <lehors@us.ibm.com>
2022-05-09 10:23:13 -04:00
Arnaud J Le Hors
815de1819f
📖 Remove erroneous ref to CSV output ( #1813 )
2022-05-09 12:15:14 +00:00
Azeem Shaikh
5758364c82
Fix bug in Scorecard tag Docker image creation ( #1890 )
...
Co-authored-by: Azeem Shaikh <azeems@google.com>
2022-05-06 20:38:19 +00:00
laurentsimon
8c97d46a36
✨ Add custom remediation for workflow permissions/pinned dependencies ( #1885 )
...
* draft
* update
* updates
* updates
* updates
* updates
* updates
* updates
2022-05-06 12:52:30 -07:00
Azeem Shaikh
22694dcd41
Support commits reviewed through Piper ( #1889 )
...
Co-authored-by: Azeem Shaikh <azeems@google.com>
2022-05-06 18:41:44 +00:00
Parth Kanakiya
9a7d030902
✨ Added additional github repositories in projects.csv ( #1886 )
...
* Added additional repositories
* Added more repos
* Cleaned the repos
2022-05-06 16:13:50 +00:00
Vihang Mehta
72086c9d4c
✨ Add support for Phabricator as a code review system ( #1884 )
...
* ✨ Add support for Phabricator as a code review system
Signed-off-by: Vihang Mehta <vihang@pixielabs.ai>
* Also look for Differential Revision: to ensure that this repo uses Phabricator
Signed-off-by: Vihang Mehta <vihang@pixielabs.ai>
* Add some unit tests to cover Phabricator Review detection
Signed-off-by: Vihang Mehta <vihang@pixielabs.ai>
2022-05-05 21:48:04 +00:00
dependabot[bot]
f779fb8761
🌱 Bump cloud.google.com/go/pubsub from 1.21.0 to 1.21.1
...
Bumps [cloud.google.com/go/pubsub](https://github.com/googleapis/google-cloud-go ) from 1.21.0 to 1.21.1.
- [Release notes](https://github.com/googleapis/google-cloud-go/releases )
- [Changelog](https://github.com/googleapis/google-cloud-go/blob/main/CHANGES.md )
- [Commits](https://github.com/googleapis/google-cloud-go/compare/pubsub/v1.21.0...pubsub/v1.21.1 )
---
updated-dependencies:
- dependency-name: cloud.google.com/go/pubsub
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
2022-05-05 08:09:14 -05:00
laurentsimon
74ea0f4266
🐛 Fix .lib false positives in binary artifacts ( #1879 )
...
* ignore printable files
* updates
* e2e tests
* e2e fix
* comments
2022-05-03 13:31:51 -07:00
naveensrinivasan
2cb654102d
⚠️ Removing the pass field from result ( #1853 )
...
- Removing the pass field from result
- https://github.com/ossf/scorecard/issues/1393
Signed-off-by: naveensrinivasan <172697+naveensrinivasan@users.noreply.github.com>
2022-05-03 11:17:47 -05:00
laurentsimon
875b6f694e
🐛 Ignore shell parsing errors when reporting results ( #1878 )
...
* ignore parsing errors
* updates
2022-05-02 10:11:50 -07:00
dependabot[bot]
e97bf30ef6
🌱 Bump step-security/harden-runner from 1.4.2 to 1.4.3
...
Bumps [step-security/harden-runner](https://github.com/step-security/harden-runner ) from 1.4.2 to 1.4.3.
- [Release notes](https://github.com/step-security/harden-runner/releases )
- [Commits](34cbc43f0b...248ae51c2e
)
---
updated-dependencies:
- dependency-name: step-security/harden-runner
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
2022-05-02 08:45:02 -05:00
laurentsimon
815de5c351
Propagate error in log ( #1875 )
2022-04-27 17:41:23 +00:00
dependabot[bot]
2b68f38d16
🌱 Bump github.com/onsi/ginkgo/v2 from 2.1.3 to 2.1.4
...
Bumps [github.com/onsi/ginkgo/v2](https://github.com/onsi/ginkgo ) from 2.1.3 to 2.1.4.
- [Release notes](https://github.com/onsi/ginkgo/releases )
- [Changelog](https://github.com/onsi/ginkgo/blob/master/CHANGELOG.md )
- [Commits](https://github.com/onsi/ginkgo/compare/v2.1.3...v2.1.4 )
---
updated-dependencies:
- dependency-name: github.com/onsi/ginkgo/v2
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
2022-04-27 15:44:39 +00:00
dependabot[bot]
3a9f011398
🌱 Bump github.com/google/go-cmp from 0.5.7 to 0.5.8
...
Bumps [github.com/google/go-cmp](https://github.com/google/go-cmp ) from 0.5.7 to 0.5.8.
- [Release notes](https://github.com/google/go-cmp/releases )
- [Commits](https://github.com/google/go-cmp/compare/v0.5.7...v0.5.8 )
---
updated-dependencies:
- dependency-name: github.com/google/go-cmp
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
2022-04-27 15:20:00 +00:00
dependabot[bot]
a598b2ae78
🌱 Bump cloud.google.com/go/pubsub from 1.20.0 to 1.21.0
...
Bumps [cloud.google.com/go/pubsub](https://github.com/googleapis/google-cloud-go ) from 1.20.0 to 1.21.0.
- [Release notes](https://github.com/googleapis/google-cloud-go/releases )
- [Changelog](https://github.com/googleapis/google-cloud-go/blob/main/CHANGES.md )
- [Commits](https://github.com/googleapis/google-cloud-go/compare/pubsub/v1.20.0...pubsub/v1.21.0 )
---
updated-dependencies:
- dependency-name: cloud.google.com/go/pubsub
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
2022-04-27 14:39:07 +00:00
dependabot[bot]
ac14ce72c1
🌱 Bump github.com/onsi/ginkgo/v2 from 2.1.3 to 2.1.4 in /tools
...
Bumps [github.com/onsi/ginkgo/v2](https://github.com/onsi/ginkgo ) from 2.1.3 to 2.1.4.
- [Release notes](https://github.com/onsi/ginkgo/releases )
- [Changelog](https://github.com/onsi/ginkgo/blob/master/CHANGELOG.md )
- [Commits](https://github.com/onsi/ginkgo/compare/v2.1.3...v2.1.4 )
---
updated-dependencies:
- dependency-name: github.com/onsi/ginkgo/v2
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
2022-04-27 13:56:27 +00:00
laurentsimon
05d8c01b1c
🐛 Don't look for secrets in pull_request ( #1864 )
...
* Remove pull_request
* updates
* updates
* linter and e2e
2022-04-26 18:27:29 -07:00
laurentsimon
b304306451
✨ Add token needed for checks in README ( #1854 )
...
* check perm doc
* updates
2022-04-26 16:02:02 +00:00
laurentsimon
ac88460c75
✨ Raw results for best practices badge ( #1795 )
...
* Raw results for best practices badge
* updates
* updates
* tests
* comment
2022-04-25 17:04:21 +00:00
Alan Jowett
fe6e0917ac
✨ Support for detecting choco installer without required hash ( #1810 )
...
* Initial support for choco installer
https://github.com/ossf/scorecard/issues/1807
Signed-off-by: Alan Jowett <alanjo@microsoft.com>
* PR feedback
Signed-off-by: Alan Jowett <alanjo@microsoft.com>
* Simplify if statement
Co-authored-by: laurentsimon <64505099+laurentsimon@users.noreply.github.com>
2022-04-25 09:40:35 -07:00
dependabot[bot]
5d8a277d76
🌱 Bump crazy-max/ghaction-import-gpg from 4.3.0 to 4.4.0
...
Bumps [crazy-max/ghaction-import-gpg](https://github.com/crazy-max/ghaction-import-gpg ) from 4.3.0 to 4.4.0.
- [Release notes](https://github.com/crazy-max/ghaction-import-gpg/releases )
- [Changelog](https://github.com/crazy-max/ghaction-import-gpg/blob/master/CHANGELOG.md )
- [Commits](4d58d49bfe...e00cb83a68
)
---
updated-dependencies:
- dependency-name: crazy-max/ghaction-import-gpg
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
2022-04-25 10:28:45 -05:00
dependabot[bot]
dbaba8a536
🌱 Bump step-security/harden-runner from 1.4.1 to 1.4.2
...
Bumps [step-security/harden-runner](https://github.com/step-security/harden-runner ) from 1.4.1 to 1.4.2.
- [Release notes](https://github.com/step-security/harden-runner/releases )
- [Commits](https://github.com/step-security/harden-runner/compare/v1.4.1...34cbc43f0b10c9dda284e663cf43c2ebaf83e956 )
---
updated-dependencies:
- dependency-name: step-security/harden-runner
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
2022-04-25 09:29:45 -05:00
Naveen
44ad5f53ad
⚠️ Removing the error field from result ( #1853 )
...
- Removing the error field from result
- https://github.com/ossf/scorecard/issues/1393
Signed-off-by: naveensrinivasan <172697+naveensrinivasan@users.noreply.github.com>
2022-04-22 23:22:43 +00:00
laurentsimon
1f3861b4cc
Update env variables in cron ( #1858 )
2022-04-22 20:21:08 +00:00
dependabot[bot]
ee1086efd7
🌱 Bump codecov/codecov-action from 3.0.0 to 3.1.0
...
Bumps [codecov/codecov-action](https://github.com/codecov/codecov-action ) from 3.0.0 to 3.1.0.
- [Release notes](https://github.com/codecov/codecov-action/releases )
- [Changelog](https://github.com/codecov/codecov-action/blob/master/CHANGELOG.md )
- [Commits](e3c560433a...81cd2dc814
)
---
updated-dependencies:
- dependency-name: codecov/codecov-action
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
2022-04-22 07:25:53 -05:00
dependabot[bot]
64bf903f36
🌱 Bump actions/checkout from 3.0.1 to 3.0.2
...
Bumps [actions/checkout](https://github.com/actions/checkout ) from 3.0.1 to 3.0.2.
- [Release notes](https://github.com/actions/checkout/releases )
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md )
- [Commits](dcd71f6466...2541b1294d
)
---
updated-dependencies:
- dependency-name: actions/checkout
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
2022-04-22 07:02:44 -05:00
laurentsimon
4622952c85
✨ Raw results for dangerous workflow ( #1849 )
...
* draft
* update
* update
* updates
* comments
* comments
* comments
2022-04-21 22:02:18 +00:00
dependabot[bot]
72e248694d
🌱 Bump contrib.go.opencensus.io/exporter/stackdriver
...
Bumps [contrib.go.opencensus.io/exporter/stackdriver](https://github.com/census-ecosystem/opencensus-go-exporter-stackdriver ) from 0.13.11 to 0.13.12.
- [Release notes](https://github.com/census-ecosystem/opencensus-go-exporter-stackdriver/releases )
- [Commits](https://github.com/census-ecosystem/opencensus-go-exporter-stackdriver/compare/v0.13.11...v0.13.12 )
---
updated-dependencies:
- dependency-name: contrib.go.opencensus.io/exporter/stackdriver
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
2022-04-20 09:01:35 -05:00
naveensrinivasan
6ed6c9b70e
🌱 Publish images with ko
...
- Publish images with ko
https://github.com/ossf/scorecard/issues/744
Signed-off-by: naveensrinivasan <172697+naveensrinivasan@users.noreply.github.com>
2022-04-18 10:40:05 -05:00
laurentsimon
f99e1a1552
✨ Schema for BQ table for raw results ( #1762 )
...
* Fix schemas
* updates
* updates
* Schema for BQ table of raw result
* update
* updates
* create utility function only
* update
* updates
* updates
* manifest
2022-04-15 16:35:01 +00:00
dependabot[bot]
9532e55ee9
🌱 Bump github.com/rhysd/actionlint from 1.6.11 to 1.6.12
...
Bumps [github.com/rhysd/actionlint](https://github.com/rhysd/actionlint ) from 1.6.11 to 1.6.12.
- [Release notes](https://github.com/rhysd/actionlint/releases )
- [Changelog](https://github.com/rhysd/actionlint/blob/main/CHANGELOG.md )
- [Commits](https://github.com/rhysd/actionlint/compare/v1.6.11...v1.6.12 )
---
updated-dependencies:
- dependency-name: github.com/rhysd/actionlint
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
2022-04-15 09:13:27 -05:00