Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Include OSSF Scorecard analysis using containers #62

Merged
merged 15 commits into from
Dec 12, 2024
Merged

Include OSSF Scorecard analysis using containers #62

merged 15 commits into from
Dec 12, 2024

Conversation

UlisesGascon
Copy link
Member

@UlisesGascon UlisesGascon commented Dec 12, 2024
edited
Loading

Main Changes

  • Add dependency @ulisesgascon/array-to-chunks@2.0.0 (3b299f1)
  • Add JSON Schema validations for the OpenSSF Scorecard results (42e905d and 772481f)
  • Add OSSF provider (1ecd406)
  • Add workflow upsert-ossf-scorecard (3dfdc65)

Other Changes

  • Add a sample fixture for OSSF Scorecard response (b01b9fd)
  • Add OpenSSF scorecard records to the seed script (326a584)
  • Extend test utils to support ossf scorecard operations (c9741e6)
  • Extend configuration to support OSSF Scorecard (6b06409)
  • Extend the store to support OSSF Scorecard operations (1c55a87)
  • Add todos for run upsert-ossf-scorecard testing (8e2ac1d)
  • Add analysis_execution_time in the OSSF Scorecard mapper (1cdc09f)
  • Make the OSSF Scorecard analysis more resilient (065966b)
  • Lint files (6f6d0bb and 513a28a)

Screenshots

The execution worked fine for many repositories (Express Project with 3 Github Orgs):

Screenshot from 2024-12-12 20-23-00

Screenshot from 2024-12-12 20-32-28

The table also includes the column analysis_execution_time that stores the execution time for each analysis, this will help us to know how to distribute this workload in the future. Currently, after few executions the slowest process is under 30s, the faster ones around 5s.

Context

Changelog

@UlisesGascon
chore: add dependency @ulisesgascon/array-to-chunks@2.0.0
3b299f1
@UlisesGascon
feat: add a sample fixture for OSSF Scorecard response
b01b9fd
@UlisesGascon
feat: add OpenSSF scorecards records to the seed script
326a584
@UlisesGascon
test: extend utils to support ossf scorecard operations
c9741e6
@UlisesGascon
feat: extend configuration to support OSSF Scorecard
6b06409
@UlisesGascon
feat: add JSON Schema validations for the OpenSSF Scorecard results
42e905d
@UlisesGascon
feat: improve OSSF Scorecard result schema
772481f
@UlisesGascon
feat: add OSSF provider
1ecd406
@UlisesGascon
feat: extend the store to support OSSF Scorecard operations
1c55a87
@UlisesGascon
feat: add workflow upsert-ossf-scorecard
3dfdc65
@UlisesGascon
chore: lint files
6f6d0bb
@UlisesGascon
test: add todo for run upsert-ossf-scorecard
8e2ac1d
@UlisesGascon
fix: add analysis_execution_time in the OSSF Scorecard mapper
1cdc09f
@UlisesGascon
chore: make the OSSF Scorecard analysis more resilient
065966b
@UlisesGascon UlisesGascon self-assigned this Dec 12, 2024
@socket-security Socket Security
Copy link

socket-security bot commented Dec 12, 2024
edited
Loading

New dependencies detected. Learn more about Socket for GitHub ↗︎

Package New capabilities Transitives Size Publisher
npm/@ulisesgascon/array-to-chunks@2.0.0 None 0 8.25 kB ulisesgascon

View full report↗︎

@UlisesGascon UlisesGascon force-pushed the feat/add-ossf-scorecard branch from 0753b26 to 6376ad0 Compare December 12, 2024 20:27
@UlisesGascon UlisesGascon force-pushed the feat/add-ossf-scorecard branch from 6376ad0 to 513a28a Compare December 12, 2024 20:27
@UlisesGascon UlisesGascon marked this pull request as ready for review December 12, 2024 20:28
@UlisesGascon UlisesGascon merged commit ef58387 into main Dec 12, 2024
3 checks passed
@UlisesGascon UlisesGascon deleted the feat/add-ossf-scorecard branch December 12, 2024 20:49
This was referenced Dec 12, 2024
Open
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees

@UlisesGascon UlisesGascon

Labels
providers
Projects
None yet
Milestone
Enable artifacts generation
Development

Successfully merging this pull request may close these issues.

Add workflow upsert-ossf-scorecard
1 participant
@UlisesGascon