mirror of
https://github.com/ossf/scorecard.git
synced 2024-11-04 03:52:31 +03:00
383e5566d0
* feat: Add go install to pinned dependencies score Signed-off-by: Gabriela Gutierrez <gabigutierrez@google.com> * test: Fix info logs count Considering the new go installs dependencies in Pinned-Dependencies score, there are some changes. Now, all tests generate one more Info log for "go installs are all pinned". Signed-off-by: Gabriela Gutierrez <gabigutierrez@google.com> * test: Fix "download then run pinned debug and warn" Considering the new go installs dependencies in Pinned-Dependencies score, there are some changes. Now, all tests have to weight 7 scores instead of 6. For "download then run pinned debug and warn", we have a 0 for 2 groups, `dockerDownloadScore` and `scriptScore`. Previously, it scored 4/6 =~ 6, and now it scores 5/7 =~ 7. Signed-off-by: Gabriela Gutierrez <gabigutierrez@google.com> * test: Fix "various warnings" Considering the new go installs dependencies in Pinned-Dependencies score, there are some changes. Now, all tests have to weight 7 scores instead of 6. For "various warnings", we have a 0 for 4 groups, `pipScore`, `dockerDownloadScore`, `scriptScore` and `dockerFromScore`. Previously, it scored 2/6 =~ 3, and now it scores 3/7 =~ 4. Signed-off-by: Gabriela Gutierrez <gabigutierrez@google.com> * test: Fix "Validate various warnings and info" Considering the new go installs dependencies in Pinned-Dependencies score, there are some changes. Now, all tests have to weight 7 scores instead of 6. For "Validate various warnings and info", we have a 0 for 4 groups, `pipScore`, `dockerDownloadScore`, `scriptScore` and `dockerFromScore`. Previously, it scored 2/6 =~ 3, and now it scores 3/7 =~ 4. Signed-off-by: Gabriela Gutierrez <gabigutierrez@google.com> * test: Fix "ossf-tests/scorecard-check-pinned-dependencies-e2e" Considering the new go installs dependencies in Pinned-Dependencies score, there are some changes. The repo being tested, `ossf-tests/scorecard-check-pinned-dependencies-e2e`, has third-party GitHub actions pinned, no npm installs, multiple go installs all pinned, and all other dependencies types are unpinned. This gives us 8 for actionScore, 10 for npm score, 10 for goScore, and 0 for all other scores. Previously the total score was 18/6 =~ 3, and now the total score is 28/7 =~ 4. Since all go installs are pinned, there's an additional info log for "go installs are pinned". Signed-off-by: Gabriela Gutierrez <gabigutierrez@google.com> * test: Unpinned go install score When having one unpinned go install and all other dependencies pinned, the score should be 60/7 =~ 8. Also, it should raise 1 warning for the unpinned go install, 7 infos saying the other dependency types are pinned (2 for GHAs, 2 for dockerfile image and downdloads, 1 for script downdloads, 1 for pip installs and 1 for npm installs), and 0 debug logs since the go install dependency does not have an error message. Signed-off-by: Gabriela Gutierrez <gabigutierrez@google.com> --------- Signed-off-by: Gabriela Gutierrez <gabigutierrez@google.com> |
||
|---|---|---|
| .. | ||
| attestor_policy_test.go | ||
| binary_artifacts_test.go | ||
| branch_protection_test.go | ||
| ci_tests_test.go | ||
| cii_best_practices_test.go | ||
| code_review_test.go | ||
| contributors_test.go | ||
| dangerous_workflow_test.go | ||
| dependency_update_tool_test.go | ||
| dependencydiff_test.go | ||
| e2e_suite_test.go | ||
| fuzzing_test.go | ||
| license_test.go | ||
| maintained_test.go | ||
| packaging_test.go | ||
| permissions_test.go | ||
| pinned_dependencies_test.go | ||
| sast_test.go | ||
| searchCommits_test.go | ||
| security_policy_test.go | ||
| signedreleases_test.go | ||
| vulnerabilities_test.go | ||
| workflow_test.go | ||