remove sonatype lift (ossf#3605)

Signed-off-by: Spencer Schrock <sschrock@google.com> Signed-off-by: Allen Shearin <allen.p.shearin@gmail.com>
kgangerlm · Nov 13, 2023 · ddcc218 · ddcc218
1 parent 7c9eea0
commit ddcc218
Show file tree

Hide file tree

Showing 11 changed files with 5 additions and 294 deletions.
diff --git a/checks/dependency_update_tool_test.go b/checks/dependency_update_tool_test.go
@@ -77,7 +77,7 @@ func TestDependencyUpdateTool(t *testing.T) {
 			SearchCommits:     []clients.Commit{{Committer: clients.User{ID: 111111111}}},
 			CallSearchCommits: 1,
 			expected: scut.TestReturn{
-				NumberOfWarn: 4,
+				NumberOfWarn: 3,
 			},
 		},
 		{
@@ -89,7 +89,7 @@ func TestDependencyUpdateTool(t *testing.T) {
 			SearchCommits:     []clients.Commit{},
 			CallSearchCommits: 1,
 			expected: scut.TestReturn{
-				NumberOfWarn: 4,
+				NumberOfWarn: 3,
 			},
 		},
 

diff --git a/checks/evaluation/dependency_update_tool.go b/checks/evaluation/dependency_update_tool.go
@@ -21,7 +21,6 @@ import (
 	"github.com/ossf/scorecard/v4/probes/toolDependabotInstalled"
 	"github.com/ossf/scorecard/v4/probes/toolPyUpInstalled"
 	"github.com/ossf/scorecard/v4/probes/toolRenovateInstalled"
-	"github.com/ossf/scorecard/v4/probes/toolSonatypeLiftInstalled"
 )
 
 // DependencyUpdateTool applies the score policy and logs the details
@@ -33,7 +32,6 @@ func DependencyUpdateTool(name string,
 		toolDependabotInstalled.Probe,
 		toolPyUpInstalled.Probe,
 		toolRenovateInstalled.Probe,
-		toolSonatypeLiftInstalled.Probe,
 	}
 	if !finding.UniqueProbesEqual(findings, expectedProbes) {
 		e := sce.WithMessage(sce.ErrScorecardInternal, "invalid probe results")

diff --git a/checks/evaluation/dependency_update_tool_test.go b/checks/evaluation/dependency_update_tool_test.go
@@ -46,10 +46,6 @@ func TestDependencyUpdateTool(t *testing.T) {
 					Probe:   "toolRenovateInstalled",
 					Outcome: finding.OutcomeNegative,
 				},
-				{
-					Probe:   "toolSonatypeLiftInstalled",
-					Outcome: finding.OutcomeNegative,
-				},
 			},
 			result: scut.TestReturn{
 				Score:        checker.MaxResultScore,
@@ -71,10 +67,6 @@ func TestDependencyUpdateTool(t *testing.T) {
 					Probe:   "toolRenovateInstalled",
 					Outcome: finding.OutcomePositive,
 				},
-				{
-					Probe:   "toolSonatypeLiftInstalled",
-					Outcome: finding.OutcomeNegative,
-				},
 			},
 			result: scut.TestReturn{
 				Score:        checker.MaxResultScore,
@@ -96,39 +88,6 @@ func TestDependencyUpdateTool(t *testing.T) {
 					Probe:   "toolRenovateInstalled",
 					Outcome: finding.OutcomeNegative,
 				},
-				{
-					Probe:   "toolSonatypeLiftInstalled",
-					Outcome: finding.OutcomeNegative,
-				},
-			},
-			result: scut.TestReturn{
-				Score:        checker.MaxResultScore,
-				NumberOfInfo: 1,
-			},
-		},
-		{
-			name: "sonatype",
-			findings: []finding.Finding{
-				{
-					Probe:   "toolDependabotInstalled",
-					Outcome: finding.OutcomeNegative,
-				},
-				{
-					Probe:   "toolPyUpInstalled",
-					Outcome: finding.OutcomeNegative,
-				},
-				{
-					Probe:   "toolRenovateInstalled",
-					Outcome: finding.OutcomeNegative,
-				},
-				{
-					Probe:   "toolSonatypeLiftInstalled",
-					Outcome: finding.OutcomePositive,
-				},
-				{
-					Probe:   "toolRenovateInstalled",
-					Outcome: finding.OutcomeNegative,
-				},
 			},
 			result: scut.TestReturn{
 				Score:        checker.MaxResultScore,
@@ -150,14 +109,10 @@ func TestDependencyUpdateTool(t *testing.T) {
 					Probe:   "toolPyUpInstalled",
 					Outcome: finding.OutcomeNegative,
 				},
-				{
-					Probe:   "toolSonatypeLiftInstalled",
-					Outcome: finding.OutcomeNegative,
-				},
 			},
 			result: scut.TestReturn{
 				Score:        checker.MinResultScore,
-				NumberOfWarn: 4,
+				NumberOfWarn: 3,
 			},
 		},
 		{
@@ -171,10 +126,6 @@ func TestDependencyUpdateTool(t *testing.T) {
 					Probe:   "toolPyUpInstalled",
 					Outcome: finding.OutcomeNegative,
 				},
-				{
-					Probe:   "toolSonatypeInstalled",
-					Outcome: finding.OutcomeNegative,
-				},
 			},
 			result: scut.TestReturn{
 				Score: checker.InconclusiveResultScore,
@@ -196,10 +147,6 @@ func TestDependencyUpdateTool(t *testing.T) {
 					Probe:   "toolPyUpInstalled",
 					Outcome: finding.OutcomeNegative,
 				},
-				{
-					Probe:   "toolSonatypeInstalled",
-					Outcome: finding.OutcomeNegative,
-				},
 				{
 					Probe:   "toolInvalidProbeName",
 					Outcome: finding.OutcomeNegative,

diff --git a/checks/raw/dependency_update_tool.go b/checks/raw/dependency_update_tool.go
@@ -113,19 +113,6 @@ var checkDependencyFileExists fileparser.DoWhileTrueOnFilename = func(name strin
 				},
 			},
 		})
-	case ".lift.toml", ".lift/config.toml":
-		*ptools = append(*ptools, checker.Tool{
-			Name: "Sonatype Lift",
-			URL:  asPointer("https://lift.sonatype.com"),
-			Desc: asPointer("Automated dependency updates. Multi-platform and multi-language."),
-			Files: []checker.File{
-				{
-					Path:   name,
-					Type:   finding.FileTypeSource,
-					Offset: checker.OffsetDefault,
-				},
-			},
-		})
 	}
 
 	// Continue iterating, even if we have found a tool.

diff --git a/checks/raw/dependency_update_tool_test.go b/checks/raw/dependency_update_tool_test.go
@@ -27,7 +27,6 @@ import (
 func Test_checkDependencyFileExists(t *testing.T) {
 	t.Parallel()
 
-	//nolint
 	tests := []struct {
 		name    string
 		path    string
@@ -97,13 +96,13 @@ func Test_checkDependencyFileExists(t *testing.T) {
 		{
 			name:    ".lift.toml",
 			path:    ".lift.toml",
-			want:    true,
+			want:    false, // support removed
 			wantErr: false,
 		},
 		{
 			name:    ".lift/config.toml",
 			path:    ".lift/config.toml",
-			want:    true,
+			want:    false, // support removed
 			wantErr: false,
 		},
 	}

diff --git a/docs/checks.md b/docs/checks.md
@@ -310,7 +310,6 @@ This check tries to determine if the project uses a dependency update tool,
 specifically one of:
 - [Dependabot](https://docs.github.com/en/code-security/supply-chain-security/keeping-your-dependencies-updated-automatically/configuration-options-for-dependency-updates)
 - [Renovate bot](https://docs.renovatebot.com/configuration-options/)
-- [Sonatype Lift](https://help.sonatype.com/lift/getting-started)
 - [PyUp](https://docs.pyup.io/docs) (Python)
 Out-of-date dependencies make a project vulnerable to known flaws and prone to attacks.
 These tools automate the process of updating dependencies by scanning for

diff --git a/docs/checks/internal/checks.yaml b/docs/checks/internal/checks.yaml
@@ -60,7 +60,6 @@ checks:
       specifically one of:
       - [Dependabot](https://docs.github.com/en/code-security/supply-chain-security/keeping-your-dependencies-updated-automatically/configuration-options-for-dependency-updates)
       - [Renovate bot](https://docs.renovatebot.com/configuration-options/)
-      - [Sonatype Lift](https://help.sonatype.com/lift/getting-started)
       - [PyUp](https://docs.pyup.io/docs) (Python)
       Out-of-date dependencies make a project vulnerable to known flaws and prone to attacks.
       These tools automate the process of updating dependencies by scanning for

diff --git a/probes/entries.go b/probes/entries.go
@@ -42,7 +42,6 @@ import (
 	"github.com/ossf/scorecard/v4/probes/toolDependabotInstalled"
 	"github.com/ossf/scorecard/v4/probes/toolPyUpInstalled"
 	"github.com/ossf/scorecard/v4/probes/toolRenovateInstalled"
-	"github.com/ossf/scorecard/v4/probes/toolSonatypeLiftInstalled"
 )
 
 // ProbeImpl is the implementation of a probe.
@@ -65,7 +64,6 @@ var (
 		toolRenovateInstalled.Run,
 		toolDependabotInstalled.Run,
 		toolPyUpInstalled.Run,
-		toolSonatypeLiftInstalled.Run,
 	}
 	Fuzzing = []ProbeImpl{
 		fuzzedWithOSSFuzz.Run,

diff --git a/probes/toolSonatypeLiftInstalled/def.yml b/probes/toolSonatypeLiftInstalled/def.yml
diff --git a/probes/toolSonatypeLiftInstalled/impl.go b/probes/toolSonatypeLiftInstalled/impl.go