mirror of
https://github.com/ossf/scorecard.git
synced 2024-09-20 05:27:12 +03:00
2ef20f17fb
* SAST: add Snyk probe Adds Snyk's GitHub action (https://github.com/snyk/actions) as a probe. Signed-off-by: David Korczynski <david@adalogics.com> * nit Signed-off-by: David Korczynski <david@adalogics.com> * e2e: adjust sast test to additional probe Signed-off-by: David Korczynski <david@adalogics.com> * checks: sast: nit, fix e2e test Signed-off-by: DavidKorczynski <david@adalogics.com> * Add test with positive outcome Signed-off-by: David Korczynski <david@adalogics.com> * fix comment Signed-off-by: David Korczynski <david@adalogics.com> * sast: snyk: add workflow test Signed-off-by: David Korczynski <david@adalogics.com> * address review Signed-off-by: David Korczynski <david@adalogics.com> * sast: adjust snyk to be the same with sonar Signed-off-by: David Korczynski <david@adalogics.com> * provide path to WF file Signed-off-by: David Korczynski <david@adalogics.com> * adjust path for finding Signed-off-by: David Korczynski <david@adalogics.com> * use prefix rather than contains Signed-off-by: David Korczynski <david@adalogics.com> --------- Signed-off-by: David Korczynski <david@adalogics.com> Signed-off-by: DavidKorczynski <david@adalogics.com> |
||
---|---|---|
.. | ||
contributorsFromOrgOrCompany | ||
freeOfAnyBinaryArtifacts | ||
freeOfUnverifiedBinaryArtifacts | ||
fuzzedWithCLibFuzzer | ||
fuzzedWithClusterFuzzLite | ||
fuzzedWithCppLibFuzzer | ||
fuzzedWithGoNative | ||
fuzzedWithJavaJazzerFuzzer | ||
fuzzedWithOSSFuzz | ||
fuzzedWithPropertyBasedHaskell | ||
fuzzedWithPropertyBasedJavascript | ||
fuzzedWithPropertyBasedTypescript | ||
fuzzedWithPythonAtheris | ||
fuzzedWithRustCargofuzz | ||
fuzzedWithSwiftLibFuzzer | ||
hasDangerousWorkflowScriptInjection | ||
hasDangerousWorkflowUntrustedCheckout | ||
hasFSFOrOSIApprovedLicense | ||
hasLicenseFile | ||
hasLicenseFileAtTopDir | ||
hasOpenSSFBadge | ||
hasOSVVulnerabilities | ||
hasRecentCommits | ||
internal/utils | ||
issueActivityByProjectMember | ||
notArchived | ||
notCreatedRecently | ||
packagedWithAutomatedWorkflow | ||
releasesAreSigned | ||
releasesHaveProvenance | ||
sastToolCodeQLInstalled | ||
sastToolRunsOnAllCommits | ||
sastToolSnykInstalled | ||
sastToolSonarInstalled | ||
securityPolicyContainsLinks | ||
securityPolicyContainsText | ||
securityPolicyContainsVulnerabilityDisclosure | ||
securityPolicyPresent | ||
testsRunInCI | ||
toolDependabotInstalled | ||
toolPyUpInstalled | ||
toolRenovateInstalled | ||
webhooksUseSecrets | ||
zrunner | ||
entries.go |