mirror of
https://github.com/ossf/scorecard.git
synced 2024-09-21 05:57:42 +03:00
6d35c865e6
* Continue on error detecting OS Signed-off-by: Pedro Kaj Kjellerup Nacht <pnacht@google.com> * Add tests for error detecting OS Signed-off-by: Pedro Kaj Kjellerup Nacht <pnacht@google.com> * Add ElementError to identify elements that errored Signed-off-by: Pedro Kaj Kjellerup Nacht <pnacht@google.com> * Add Incomplete field to PinningDependenciesData Will store all errors handled during analysis, which may lead to incomplete results. Signed-off-by: Pedro Kaj Kjellerup Nacht <pnacht@google.com> * Register job steps that errored out Signed-off-by: Pedro Kaj Kjellerup Nacht <pnacht@google.com> * Add tests that incomplete steps are caught Signed-off-by: Pedro Kaj Kjellerup Nacht <pnacht@google.com> * Add warnings to details about incomplete steps Signed-off-by: Pedro Kaj Kjellerup Nacht <pnacht@google.com> * Add tests that incomplete steps generate warnings Signed-off-by: Pedro Kaj Kjellerup Nacht <pnacht@google.com> * Register shell files skipped due to parser errors Signed-off-by: Pedro Kaj Kjellerup Nacht <pnacht@google.com> * Add tests showing when parser errors affect analysis Dockerfile pinning is not affected. Everything in a 'broken' Dockerfile RUN block is ignored Everything in a 'broken' shell script is ignored testdata/script-invalid.sh modified to demonstrate the above Signed-off-by: Pedro Kaj Kjellerup Nacht <pnacht@google.com> * Incomplete results logged as Info, not Warn Signed-off-by: Pedro Kaj Kjellerup Nacht <pnacht@google.com> * Remove `Type` from logging of incomplete results Signed-off-by: Pedro Kaj Kjellerup Nacht <pnacht@google.com> * Update tests after rebase Signed-off-by: Pedro Kaj Kjellerup Nacht <pnacht@google.com> * Add Unwrap for ElementError, improve its docs Signed-off-by: Pedro Kaj Kjellerup Nacht <pnacht@google.com> * Add ElementError case to evaluation unit test Signed-off-by: Pedro Kaj Kjellerup Nacht <pnacht@google.com> * Move ElementError to checker/raw_result checker/raw_result defines types used to describe analysis results. ElementError is meant to describe potential flaws in the analysis and is therefore a sort of analysis result itself. Signed-off-by: Pedro Kaj Kjellerup Nacht <pnacht@google.com> * Use finding.Location for ElementError.Element Signed-off-by: Pedro Kaj Kjellerup Nacht <pnacht@google.com> * Use an ElementError for script parser errors Signed-off-by: Pedro Kaj Kjellerup Nacht <pnacht@google.com> * Replace .Incomplete []error with .ProcessingErrors []ElementError Signed-off-by: Pedro Kaj Kjellerup Nacht <pnacht@google.com> * Adopt from reviewer comments - Replace ElementError's `Element *finding.Location` with `Location finding.Location` - Rename ErrorJobOSParsing to ErrJobOSParsing to satisfy linter - Fix unit test Signed-off-by: Pedro Kaj Kjellerup Nacht <pnacht@google.com> --------- Signed-off-by: Pedro Kaj Kjellerup Nacht <pnacht@google.com> |
||
|---|---|---|
| .. | ||
| evaluation | ||
| fileparser | ||
| raw | ||
| testdata | ||
| all_checks_test.go | ||
| all_checks.go | ||
| binary_artifact_test.go | ||
| binary_artifact.go | ||
| branch_protection_test.go | ||
| branch_protection.go | ||
| ci_tests_test.go | ||
| ci_tests.go | ||
| cii_best_practices_test.go | ||
| cii_best_practices.go | ||
| code_review_test.go | ||
| code_review.go | ||
| contributors_test.go | ||
| contributors.go | ||
| dangerous_workflow.go | ||
| dependency_update_tool_test.go | ||
| dependency_update_tool.go | ||
| errors.go | ||
| fuzzing_test.go | ||
| fuzzing.go | ||
| license_test.go | ||
| license.go | ||
| maintained_test.go | ||
| maintained.go | ||
| packaging.go | ||
| permissions_test.go | ||
| permissions.go | ||
| pinned_dependencies.go | ||
| probes.go | ||
| sast_test.go | ||
| sast.go | ||
| security_policy_test.go | ||
| security_policy.go | ||
| signed_releases_test.go | ||
| signed_releases.go | ||
| vulnerabilities_test.go | ||
| vulnerabilities.go | ||
| webhook_test.go | ||
| webhook.go | ||
| write.md | ||