ossf/scorecard
1
1
Fork 0
mirror of https://github.com/ossf/scorecard.git synced 2024-11-05 05:17:00 +03:00
Code Issues Actions 6 Packages Projects Releases Wiki Activity
afe5b40567
scorecard/checks/testdata
History
Chris McGehee dbb23450e5
Add line number to unpinned dependency: GitHub workflow "uses" field (#821) 
* Display line number for github workflow "uses" field

* Adding test for line numbers

* Updating comment

* Updating this log message to use SARIF format

Co-authored-by: laurentsimon <64505099+laurentsimon@users.noreply.github.com>
2021-08-30 17:03:45 +00:00
..
Dockerfile-aws-file Support bash -c "CMD" for docker RUN downloads-then-exec (#600) 2021-06-23 14:09:47 +00:00
Dockerfile-comments rename Frozen-Deps to Pinned-Dependencies (#765) 2021-07-27 16:32:24 -07:00
Dockerfile-curl-file-sh Support bash -c "CMD" for docker RUN downloads-then-exec (#600) 2021-06-23 14:09:47 +00:00
Dockerfile-curl-sh Support bash -c "CMD" for docker RUN downloads-then-exec (#600) 2021-06-23 14:09:47 +00:00
Dockerfile-empty rename Frozen-Deps to Pinned-Dependencies (#765) 2021-07-27 16:32:24 -07:00
Dockerfile-gsutil-file Support bash -c "CMD" for docker RUN downloads-then-exec (#600) 2021-06-23 14:09:47 +00:00
Dockerfile-invalid Add check for Docker dependency pinning by hash (#469) 2021-05-19 09:46:39 -07:00
Dockerfile-not-pinned Add check for Docker dependency pinning by hash (#469) 2021-05-19 09:46:39 -07:00
Dockerfile-not-pinned-as [migration to score] 3: branch protection, frozen-deps, token permissions (#719) 2021-07-21 09:21:43 -07:00
Dockerfile-pinned ignore scratch frm dockerfile imports 2021-05-20 13:23:27 -05:00
Dockerfile-pinned-as ignore scratch frm dockerfile imports 2021-05-20 13:23:27 -05:00
Dockerfile-pkg-managers Detect python -m pip pkg (#611) 2021-07-09 00:48:36 +00:00
Dockerfile-proc-subs cleanup Frozen-Deps MakeResultAnd (#742) 2021-07-26 22:02:46 +00:00
Dockerfile-script-ok Check: detect downloads of scripts/binaries in docker's RUN (#584) 2021-06-21 18:45:15 +00:00
Dockerfile-some-python cleanup Frozen-Deps MakeResultAnd (#742) 2021-07-26 22:02:46 +00:00
Dockerfile-wget-bin-sh Support bash -c "CMD" for docker RUN downloads-then-exec (#600) 2021-06-23 14:09:47 +00:00
Dockerfile-wget-file Support bash -c "CMD" for docker RUN downloads-then-exec (#600) 2021-06-23 14:09:47 +00:00
github-workflow-comments rename Frozen-Deps to Pinned-Dependencies (#765) 2021-07-27 16:32:24 -07:00
github-workflow-curl-default check insecure downloads in github workflows (#610) 2021-06-25 17:30:17 +00:00
github-workflow-curl-no-default check insecure downloads in github workflows (#610) 2021-06-25 17:30:17 +00:00
github-workflow-empty rename Frozen-Deps to Pinned-Dependencies (#765) 2021-07-27 16:32:24 -07:00
github-workflow-multiple-unpinned-uses.yaml Add line number to unpinned dependency: GitHub workflow "uses" field (#821) 2021-08-30 17:03:45 +00:00
github-workflow-permissions-absent.yaml check for read-only permissions of github token (#534) 2021-06-03 16:30:37 -07:00
github-workflow-permissions-actions.yaml Make Token-Permission check more granular (#773) 2021-07-30 00:13:01 +00:00
github-workflow-permissions-contents.yaml Make Token-Permission check more granular (#773) 2021-07-30 00:13:01 +00:00
github-workflow-permissions-none.yaml check for read-only permissions of github token (#534) 2021-06-03 16:30:37 -07:00
github-workflow-permissions-nones.yaml check for read-only permissions of github token (#534) 2021-06-03 16:30:37 -07:00
github-workflow-permissions-packages.yaml Make Token-Permission check more granular (#773) 2021-07-30 00:13:01 +00:00
github-workflow-permissions-readall.yaml check for read-only permissions of github token (#534) 2021-06-03 16:30:37 -07:00
github-workflow-permissions-reads.yaml check for read-only permissions of github token (#534) 2021-06-03 16:30:37 -07:00
github-workflow-permissions-run-codeql-write.yaml Improve token permission check (#800) 2021-08-03 00:56:45 +00:00
github-workflow-permissions-run-no-codeql-write.yaml Improve token permission check (#800) 2021-08-03 00:56:45 +00:00
github-workflow-permissions-run-package-workflow-write.yaml Improve token permission check (#800) 2021-08-03 00:56:45 +00:00
github-workflow-permissions-run-package-write.yaml Improve token permission check (#800) 2021-08-03 00:56:45 +00:00
github-workflow-permissions-run-writes-2.yaml Improve token permission check (#800) 2021-08-03 00:56:45 +00:00
github-workflow-permissions-run-writes.yaml Improve token permission check (#800) 2021-08-03 00:56:45 +00:00
github-workflow-permissions-secevent-deployments.yaml Make Token-Permission check more granular (#773) 2021-07-30 00:13:01 +00:00
github-workflow-permissions-status-checks.yaml Make Token-Permission check more granular (#773) 2021-07-30 00:13:01 +00:00
github-workflow-permissions-writeall.yaml check for read-only permissions of github token (#534) 2021-06-03 16:30:37 -07:00
github-workflow-permissions-writes.yaml check for read-only permissions of github token (#534) 2021-06-03 16:30:37 -07:00
github-workflow-wget-across-steps 🐛 Only validate shell scripts supported by our parser (#862) 2021-08-19 08:18:45 -07:00
script-bash Check for shell script's insecure download (#606) 2021-06-24 17:24:14 +00:00
script-comments.sh rename Frozen-Deps to Pinned-Dependencies (#765) 2021-07-27 16:32:24 -07:00
script-empty.sh rename Frozen-Deps to Pinned-Dependencies (#765) 2021-07-27 16:32:24 -07:00
script-pkg-managers Detect python -m pip pkg (#611) 2021-07-09 00:48:36 +00:00
script-sh Check for shell script's insecure download (#606) 2021-06-24 17:24:14 +00:00
script.sh Check for shell script's insecure download (#606) 2021-06-24 17:24:14 +00:00
shell_file_awk_shebang.sh 🐛 Only validate shell scripts supported by our parser (#862) 2021-08-19 08:18:45 -07:00
shell_file_bash_shebang1.sh 🐛 Only validate shell scripts supported by our parser (#862) 2021-08-19 08:18:45 -07:00
shell_file_bash_shebang2.sh 🐛 Only validate shell scripts supported by our parser (#862) 2021-08-19 08:18:45 -07:00
shell_file_bash_shebang3.sh 🐛 Only validate shell scripts supported by our parser (#862) 2021-08-19 08:18:45 -07:00
shell_file_mksh_shebang.sh 🐛 Only validate shell scripts supported by our parser (#862) 2021-08-19 08:18:45 -07:00
shell_file_no_shebang.sh 🐛 Only validate shell scripts supported by our parser (#862) 2021-08-19 08:18:45 -07:00
shell_file_sh_shebang.sh 🐛 Only validate shell scripts supported by our parser (#862) 2021-08-19 08:18:45 -07:00
shell_file_zsh_shebang.sh 🐛 Only validate shell scripts supported by our parser (#862) 2021-08-19 08:18:45 -07:00
workflow-not-pinned.yaml Add checks for workflow action pinning (#466) 2021-05-17 13:03:39 -07:00
workflow-pinned.yaml Add checks for workflow action pinning (#466) 2021-05-17 13:03:39 -07:00