Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

✨ New probes: code-review #3302

Merged
merged 140 commits into from
Jan 26, 2024
Merged

✨ New probes: code-review #3302

merged 140 commits into from
Jan 26, 2024

Commits on Jul 25, 2023

  1. 🌱 Bump github.com/goreleaser/goreleaser in /tools (ossf#3238) 

    Bumps [github.com/goreleaser/goreleaser](https://github.com/goreleaser/goreleaser) from 1.18.2 to 1.19.1.
- [Release notes](https://github.com/goreleaser/goreleaser/releases)
- [Changelog](https://github.com/goreleaser/goreleaser/blob/main/.goreleaser.yaml)
- [Commits](goreleaser/goreleaser@v1.18.2...v1.19.1)

---
updated-dependencies:
- dependency-name: github.com/goreleaser/goreleaser
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Signed-off-by: André Backman <andre.backman@nokia.com>
    @dependabot
    dependabot[bot] authored and André Backman committed Jul 25, 2023
    Configuration menu
    Copy the full SHA
    f0797d0 View commit details
    Browse the repository at this point in the history

  2. begin implementing probe: minTwoCodeReviewers 

    Signed-off-by: André Backman <andre.backman@nokia.com>
    @andrelmbackman
    andrelmbackman authored and André Backman committed Jul 25, 2023
    Configuration menu
    Copy the full SHA
    3849d68 View commit details
    Browse the repository at this point in the history

  3. print raw results 

    Signed-off-by: André Backman <andre.backman@nokia.com>
    @andrelmbackman
    andrelmbackman authored and André Backman committed Jul 25, 2023
    Configuration menu
    Copy the full SHA
    1faa277 View commit details
    Browse the repository at this point in the history

  4. print raw results 

    Signed-off-by: André Backman <andre.backman@nokia.com>
    @andrelmbackman
    andrelmbackman authored and André Backman committed Jul 25, 2023
    Configuration menu
    Copy the full SHA
    6364f45 View commit details
    Browse the repository at this point in the history

  5. print raw results 

    Signed-off-by: André Backman <andre.backman@nokia.com>
    @andrelmbackman
    andrelmbackman authored and André Backman committed Jul 25, 2023
    Configuration menu
    Copy the full SHA
    4bd6385 View commit details
    Browse the repository at this point in the history

  6. rename probe directory: minimumCodeReviewers 

    Signed-off-by: André Backman <andre.backman@nokia.com>
    @andrelmbackman
    andrelmbackman authored and André Backman committed Jul 25, 2023
    Configuration menu
    Copy the full SHA
    141f506 View commit details
    Browse the repository at this point in the history

  7. rename probe CodeReviewers 

    Signed-off-by: André Backman <andre.backman@nokia.com>
    @andrelmbackman
    andrelmbackman authored and André Backman committed Jul 25, 2023
    Configuration menu
    Copy the full SHA
    2f5838e View commit details
    Browse the repository at this point in the history

  8. rename import for CodeReviewers probe 

    Signed-off-by: André Backman <andre.backman@nokia.com>
    @andrelmbackman
    andrelmbackman authored and André Backman committed Jul 25, 2023
    Configuration menu
    Copy the full SHA
    28aa0dd View commit details
    Browse the repository at this point in the history

  9. update code reviewers definition 

    Signed-off-by: André Backman <andre.backman@nokia.com>
    @andrelmbackman
    andrelmbackman authored and André Backman committed Jul 25, 2023
    Configuration menu
    Copy the full SHA
    618da95 View commit details
    Browse the repository at this point in the history

  10. update code reviewers implementation; fixed embed FS usage 

    Signed-off-by: André Backman <andre.backman@nokia.com>
    @andrelmbackman
    andrelmbackman authored and André Backman committed Jul 25, 2023
    Configuration menu
    Copy the full SHA
    8041581 View commit details
    Browse the repository at this point in the history

  11. printing all findings, work out where to concatenate them 

    Signed-off-by: André Backman <andre.backman@nokia.com>
    @andrelmbackman
    andrelmbackman authored and André Backman committed Jul 25, 2023
    Configuration menu
    Copy the full SHA
    e1f4224 View commit details
    Browse the repository at this point in the history

  12. concatenated findings to one single finding, outcome is based on the … 

    …least found unique reviewers

Signed-off-by: André Backman <andre.backman@nokia.com>
    @andrelmbackman
    andrelmbackman authored and André Backman committed Jul 25, 2023
    Configuration menu
    Copy the full SHA
    de2ae3d View commit details
    Browse the repository at this point in the history

  13. refactored uniqueCodeReviewers probe, needs more error checks 

    Signed-off-by: André Backman <andre.backman@nokia.com>
    @andrelmbackman
    andrelmbackman authored and André Backman committed Jul 25, 2023
    Configuration menu
    Copy the full SHA
    4d3cafd View commit details
    Browse the repository at this point in the history

  14. add error handling for cases of non-existant author and/or reviewer l… 

    …ogins

Signed-off-by: André Backman <andre.backman@nokia.com>
    @andrelmbackman
    andrelmbackman authored and André Backman committed Jul 25, 2023
    Configuration menu
    Copy the full SHA
    f5bd4dd View commit details
    Browse the repository at this point in the history

  15. add error handling for cases of non-existant author and/or reviewer l… 

    …ogins

Signed-off-by: André Backman <andre.backman@nokia.com>
    @andrelmbackman
    andrelmbackman authored and André Backman committed Jul 25, 2023
    Configuration menu
    Copy the full SHA
    5199945 View commit details
    Browse the repository at this point in the history

  16. rename probe 

    Signed-off-by: André Backman <andre.backman@nokia.com>
    @andrelmbackman
    andrelmbackman authored and André Backman committed Jul 25, 2023
    Configuration menu
    Copy the full SHA
    801486c View commit details
    Browse the repository at this point in the history

  17. update codeReviewTwoReviewers definition 

    Signed-off-by: André Backman <andre.backman@nokia.com>
    @andrelmbackman
    andrelmbackman authored and André Backman committed Jul 25, 2023
    Configuration menu
    Copy the full SHA
    a722686 View commit details
    Browse the repository at this point in the history

  18. rename unique code reviewers probe 

    Signed-off-by: André Backman <andre.backman@nokia.com>
    @andrelmbackman
    andrelmbackman authored and André Backman committed Jul 25, 2023
    Configuration menu
    Copy the full SHA
    58951c5 View commit details
    Browse the repository at this point in the history

  19. implement codeApproved probe, validation of reviews needs fixing 

    Signed-off-by: André Backman <andre.backman@nokia.com>
    @andrelmbackman
    andrelmbackman authored and André Backman committed Jul 25, 2023
    Configuration menu
    Copy the full SHA
    aba6bde View commit details
    Browse the repository at this point in the history

  20. update codeApproved probe, validation of reviews needs fixing 

    Signed-off-by: André Backman <andre.backman@nokia.com>
    @andrelmbackman
    andrelmbackman authored and André Backman committed Jul 25, 2023
    Configuration menu
    Copy the full SHA
    35cc1d6 View commit details
    Browse the repository at this point in the history

  21. working version of codeApproved probe 

    Signed-off-by: André Backman <andre.backman@nokia.com>
    @andrelmbackman
    andrelmbackman authored and André Backman committed Jul 25, 2023
    Configuration menu
    Copy the full SHA
    82ed957 View commit details
    Browse the repository at this point in the history

  22. codeReviewed probe implemented 

    Signed-off-by: André Backman <andre.backman@nokia.com>
    @andrelmbackman
    andrelmbackman authored and André Backman committed Jul 25, 2023
    Configuration menu
    Copy the full SHA
    55a1b79 View commit details
    Browse the repository at this point in the history

  23. clean up comments, add imports, run all probes 

    Signed-off-by: André Backman <andre.backman@nokia.com>
    @andrelmbackman
    andrelmbackman authored and André Backman committed Jul 25, 2023
    Configuration menu
    Copy the full SHA
    2e97583 View commit details
    Browse the repository at this point in the history

  24. update license comments 

    Signed-off-by: André Backman <andre.backman@nokia.com>
    André Backman committed Jul 25, 2023
    Configuration menu
    Copy the full SHA
    40eb06e View commit details
    Browse the repository at this point in the history

  25. Merge branch 'main' into probes/code-review 

    Signed-off-by: André Backman <88145164+andrelmbackman@users.noreply.github.com>
    @andrelmbackman
    andrelmbackman committed Jul 25, 2023
    Configuration menu
    Copy the full SHA
    f2aa772 View commit details
    Browse the repository at this point in the history

Commits on Jul 26, 2023

  1. Update def.yml license 

    Signed-off-by: André Backman <88145164+andrelmbackman@users.noreply.github.com>
    @andrelmbackman
    andrelmbackman committed Jul 26, 2023
    Configuration menu
    Copy the full SHA
    24933f3 View commit details
    Browse the repository at this point in the history

  2. Update def.yml license 

    Signed-off-by: André Backman <88145164+andrelmbackman@users.noreply.github.com>
    @andrelmbackman
    andrelmbackman committed Jul 26, 2023
    Configuration menu
    Copy the full SHA
    87d95d3 View commit details
    Browse the repository at this point in the history

  3. Update def.yml license 

    Signed-off-by: André Backman <88145164+andrelmbackman@users.noreply.github.com>
    @andrelmbackman
    andrelmbackman committed Jul 26, 2023
    Configuration menu
    Copy the full SHA
    06b0e03 View commit details
    Browse the repository at this point in the history

  4. Update impl.go license 

    Signed-off-by: André Backman <88145164+andrelmbackman@users.noreply.github.com>
    @andrelmbackman
    andrelmbackman committed Jul 26, 2023
    Configuration menu
    Copy the full SHA
    afec9db View commit details
    Browse the repository at this point in the history

  5. Update impl.go license to Apache 2 

    Signed-off-by: André Backman <88145164+andrelmbackman@users.noreply.github.com>
    @andrelmbackman
    andrelmbackman committed Jul 26, 2023
    Configuration menu
    Copy the full SHA
    570533d View commit details
    Browse the repository at this point in the history

  6. Update impl.go license to Apache 2 

    Signed-off-by: André Backman <88145164+andrelmbackman@users.noreply.github.com>
    @andrelmbackman
    andrelmbackman committed Jul 26, 2023
    Configuration menu
    Copy the full SHA
    a1bd39d View commit details
    Browse the repository at this point in the history

  7. Update code_review.go license 

    Signed-off-by: André Backman <88145164+andrelmbackman@users.noreply.github.com>
    @andrelmbackman
    andrelmbackman committed Jul 26, 2023
    Configuration menu
    Copy the full SHA
    e761489 View commit details
    Browse the repository at this point in the history

  8. Update entries.go; CodeReviewChecks now called CodeReview 

    Signed-off-by: André Backman <88145164+andrelmbackman@users.noreply.github.com>
    @andrelmbackman
    andrelmbackman committed Jul 26, 2023
    Configuration menu
    Copy the full SHA
    39b8548 View commit details
    Browse the repository at this point in the history

  9. Update impl.go, refactor codeReviewTwoReviewers; moved utility functi… 

    …ons into impl.go

Signed-off-by: André Backman <88145164+andrelmbackman@users.noreply.github.com>
    @andrelmbackman
    andrelmbackman committed Jul 26, 2023
    Configuration menu
    Copy the full SHA
    613f48d View commit details
    Browse the repository at this point in the history

  10. Delete code_review.go utilities 

    moved utility functions to the impl.go they are used in

Signed-off-by: André Backman <88145164+andrelmbackman@users.noreply.github.com>
    @andrelmbackman
    andrelmbackman committed Jul 26, 2023
    Configuration menu
    Copy the full SHA
    c0cb1a7 View commit details
    Browse the repository at this point in the history

  11. rename probe 

    Signed-off-by: André Backman <andre.backman@nokia.com>
    @andrelmbackman
    andrelmbackman authored and André Backman committed Jul 26, 2023
    Configuration menu
    Copy the full SHA
    aaa93c4 View commit details
    Browse the repository at this point in the history

  12. update codeReviewTwoReviewers definition 

    Signed-off-by: André Backman <andre.backman@nokia.com>
    @andrelmbackman
    andrelmbackman authored and André Backman committed Jul 26, 2023
    Configuration menu
    Copy the full SHA
    155c59c View commit details
    Browse the repository at this point in the history

  13. implement codeApproved probe, validation of reviews needs fixing 

    Signed-off-by: André Backman <andre.backman@nokia.com>
    @andrelmbackman
    andrelmbackman authored and André Backman committed Jul 26, 2023
    Configuration menu
    Copy the full SHA
    4222294 View commit details
    Browse the repository at this point in the history

  14. update codeApproved probe, validation of reviews needs fixing 

    Signed-off-by: André Backman <andre.backman@nokia.com>
    @andrelmbackman
    andrelmbackman authored and André Backman committed Jul 26, 2023
    Configuration menu
    Copy the full SHA
    1be6058 View commit details
    Browse the repository at this point in the history

  15. working version of codeApproved probe 

    Signed-off-by: André Backman <andre.backman@nokia.com>
    @andrelmbackman
    andrelmbackman authored and André Backman committed Jul 26, 2023
    Configuration menu
    Copy the full SHA
    1e1b7c9 View commit details
    Browse the repository at this point in the history

  16. codeReviewed probe implemented 

    Signed-off-by: André Backman <andre.backman@nokia.com>
    @andrelmbackman
    andrelmbackman authored and André Backman committed Jul 26, 2023
    Configuration menu
    Copy the full SHA
    9253871 View commit details
    Browse the repository at this point in the history

  17. clean up comments, add imports, run all probes 

    Signed-off-by: André Backman <andre.backman@nokia.com>
    @andrelmbackman
    andrelmbackman authored and André Backman committed Jul 26, 2023
    Configuration menu
    Copy the full SHA
    36e41ff View commit details
    Browse the repository at this point in the history

  18. update license comments 

    Signed-off-by: André Backman <andre.backman@nokia.com>
    André Backman committed Jul 26, 2023
    Configuration menu
    Copy the full SHA
    f51f189 View commit details
    Browse the repository at this point in the history

  19. update license comments 

    Signed-off-by: André Backman <andre.backman@nokia.com>
    André Backman committed Jul 26, 2023
    Configuration menu
    Copy the full SHA
    bf17b43 View commit details
    Browse the repository at this point in the history

  20. 🌱 Included unit tests (ossf#3242) 

    - Included unit tests

Signed-off-by: naveensrinivasan <172697+naveensrinivasan@users.noreply.github.com>
Signed-off-by: André Backman <andre.backman@nokia.com>
    @naveensrinivasan
    naveensrinivasan authored and André Backman committed Jul 26, 2023
    Configuration menu
    Copy the full SHA
    1a3929f View commit details
    Browse the repository at this point in the history

  21. 🌱 Bump golang.org/x/text from 0.10.0 to 0.11.0 (ossf#3243) 

    Bumps [golang.org/x/text](https://github.com/golang/text) from 0.10.0 to 0.11.0.
- [Release notes](https://github.com/golang/text/releases)
- [Commits](golang/text@v0.10.0...v0.11.0)

---
updated-dependencies:
- dependency-name: golang.org/x/text
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Signed-off-by: André Backman <andre.backman@nokia.com>
    @dependabot
    dependabot[bot] authored and André Backman committed Jul 26, 2023
    Configuration menu
    Copy the full SHA
    d67eb4a View commit details
    Browse the repository at this point in the history

  22. 🌱 Bump golang.org/x/oauth2 from 0.9.0 to 0.10.0 (ossf#3244) 

    Bumps [golang.org/x/oauth2](https://github.com/golang/oauth2) from 0.9.0 to 0.10.0.
- [Commits](golang/oauth2@v0.9.0...v0.10.0)

---
updated-dependencies:
- dependency-name: golang.org/x/oauth2
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Signed-off-by: André Backman <andre.backman@nokia.com>
    @dependabot
    dependabot[bot] authored and André Backman committed Jul 26, 2023
    Configuration menu
    Copy the full SHA
    e8c2d85 View commit details
    Browse the repository at this point in the history

  23. 📖 Update Branch-Protection admin and non-admin requirements (ossf#2772) 

    * docs: Branch protection admin-only requirements

Signed-off-by: Gabriela Gutierrez <gabigutierrez@google.com>

* docs: Branch protection requirements by tier

Signed-off-by: Gabriela Gutierrez <gabigutierrez@google.com>

* docs: How get a perfect score in branch protection

Signed-off-by: Gabriela Gutierrez <gabigutierrez@google.com>

* docs: Fix local images ref in doc

Signed-off-by: Gabriela Gutierrez <gabigutierrez@google.com>

* docs: Fix typo

Co-authored-by: Pedro Nacht <pedro.k.night@gmail.com>
Signed-off-by: Gabriela Gutierrez <gabigutierrez@google.com>

* docs: Fix check specific table of contents

Signed-off-by: Gabriela Gutierrez <gabigutierrez@google.com>

* fix: Code owners setting is non admin

Signed-off-by: Gabriela Gutierrez <gabigutierrez@google.com>

* docs: Fix branch protection applied not only to main branch

Signed-off-by: Gabriela Gutierrez <gabigutierrez@google.com>

* docs: Add alt text for images

Signed-off-by: Gabriela Gutierrez <gabigutierrez@google.com>

* docs: You can get a perfect score with non admin access

Signed-off-by: Gabriela Gutierrez <gabigutierrez@google.com>

* docs: update max tier scores

Signed-off-by: Gabriela Gutierrez <gabigutierrez@google.com>

* docs: update tier 1 max points explanation

Signed-off-by: Gabriela Gutierrez <gabigutierrez@google.com>

* docs: Move changes to internal checks doc

Move changes done in docs/checks.md to docs/checks/internal/checks.yaml.

Signed-off-by: Gabriela Gutierrez <gabigutierrez@google.com>

* docs: Revert changes on checks doc

Signed-off-by: Gabriela Gutierrez <gabigutierrez@google.com>

* docs: Fix admin settings evaluated on branch protection

Signed-off-by: Gabriela Gutierrez <gabigutierrez@google.com>

* docs: Change branch protection model status checks

Signed-off-by: Gabriela Gutierrez <gabigutierrez@google.com>

* docs: Change tiers score to expected score

The expected score for the code to output is 3/10 for Tier 1 case and 7/10 for Tier 3 case. The scoring issue will be reported as bug.

Signed-off-by: Gabriela Gutierrez <gabigutierrez@google.com>

* docs: Fix Tier 3 score

Signed-off-by: Gabriela Gutierrez <gabigutierrez@google.com>

---------

Signed-off-by: Gabriela Gutierrez <gabigutierrez@google.com>
Co-authored-by: Pedro Nacht <pedro.k.night@gmail.com>
Signed-off-by: André Backman <andre.backman@nokia.com>
    @gabibguti @pnacht
    2 people authored and André Backman committed Jul 26, 2023
    Configuration menu
    Copy the full SHA
    6fc7a1c View commit details
    Browse the repository at this point in the history

  24. 🌱 Linter workflow cleanup (ossf#3247) 

    * Fix linter timeout by renaming deprecated deadline.

Signed-off-by: Spencer Schrock <sschrock@google.com>

* Disable depguard linter.

As of golangci-lint v3.5.0, the depguard linter is complaining. We don't use a .depguard.yml file, so just disabling the linter.

Signed-off-by: Spencer Schrock <sschrock@google.com>

* Move linter into own workflow.

Signed-off-by: Spencer Schrock <sschrock@google.com>

* Fix bash command substitution.

Signed-off-by: Spencer Schrock <sschrock@google.com>

* Add harden runner.

Signed-off-by: Spencer Schrock <sschrock@google.com>

* switch names to existing linter job

Signed-off-by: Spencer Schrock <sschrock@google.com>

* Update golangci-lint to v1.53.3

Signed-off-by: Spencer Schrock <sschrock@google.com>

---------

Signed-off-by: Spencer Schrock <sschrock@google.com>
Signed-off-by: André Backman <andre.backman@nokia.com>
    @spencerschrock
    spencerschrock authored and André Backman committed Jul 26, 2023
    Configuration menu
    Copy the full SHA
    65fe692 View commit details
    Browse the repository at this point in the history

  25. 🌱 Bump tj-actions/changed-files from 37.0.5 to 37.1.0 (ossf#3253) 

    Bumps [tj-actions/changed-files](https://github.com/tj-actions/changed-files) from 37.0.5 to 37.1.0.
- [Release notes](https://github.com/tj-actions/changed-files/releases)
- [Changelog](https://github.com/tj-actions/changed-files/blob/main/HISTORY.md)
- [Commits](tj-actions/changed-files@54849de...87e23c4)

---
updated-dependencies:
- dependency-name: tj-actions/changed-files
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Signed-off-by: André Backman <andre.backman@nokia.com>
    @dependabot
    dependabot[bot] authored and André Backman committed Jul 26, 2023
    Configuration menu
    Copy the full SHA
    3916141 View commit details
    Browse the repository at this point in the history

  26. 🌱 Bump github.com/goreleaser/goreleaser in /tools (ossf#3252) 

    Bumps [github.com/goreleaser/goreleaser](https://github.com/goreleaser/goreleaser) from 1.19.1 to 1.19.2.
- [Release notes](https://github.com/goreleaser/goreleaser/releases)
- [Changelog](https://github.com/goreleaser/goreleaser/blob/main/.goreleaser.yaml)
- [Commits](goreleaser/goreleaser@v1.19.1...v1.19.2)

---
updated-dependencies:
- dependency-name: github.com/goreleaser/goreleaser
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Signed-off-by: André Backman <andre.backman@nokia.com>
    @dependabot
    dependabot[bot] authored and André Backman committed Jul 26, 2023
    Configuration menu
    Copy the full SHA
    5567b9c View commit details
    Browse the repository at this point in the history

  27. 🌱 Bump golang.org/x/tools from 0.10.0 to 0.11.0 

    Bumps [golang.org/x/tools](https://github.com/golang/tools) from 0.10.0 to 0.11.0.
- [Release notes](https://github.com/golang/tools/releases)
- [Commits](golang/tools@v0.10.0...v0.11.0)

---
updated-dependencies:
- dependency-name: golang.org/x/tools
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: André Backman <andre.backman@nokia.com>
    @dependabot
    dependabot[bot] authored and André Backman committed Jul 26, 2023
    Configuration menu
    Copy the full SHA
    4ca2cac View commit details
    Browse the repository at this point in the history

  28. 🌱 Improve rate limit handling in roundtripper (ossf#3237) 

    - Add rate limit testing and handling functionality
- Add tests for successful response and Retry-After header set scenarios

Signed-off-by: naveensrinivasan <172697+naveensrinivasan@users.noreply.github.com>
Signed-off-by: André Backman <andre.backman@nokia.com>
    @naveensrinivasan
    naveensrinivasan authored and André Backman committed Jul 26, 2023
    Configuration menu
    Copy the full SHA
    7f556b5 View commit details
    Browse the repository at this point in the history

  29. 🌱 Bump tj-actions/changed-files from 37.1.0 to 37.1.1 (ossf#3259) 

    Bumps [tj-actions/changed-files](https://github.com/tj-actions/changed-files) from 37.1.0 to 37.1.1.
- [Release notes](https://github.com/tj-actions/changed-files/releases)
- [Changelog](https://github.com/tj-actions/changed-files/blob/main/HISTORY.md)
- [Commits](tj-actions/changed-files@87e23c4...1f20fb8)

---
updated-dependencies:
- dependency-name: tj-actions/changed-files
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Signed-off-by: André Backman <andre.backman@nokia.com>
    @dependabot
    dependabot[bot] authored and André Backman committed Jul 26, 2023
    Configuration menu
    Copy the full SHA
    f4256e4 View commit details
    Browse the repository at this point in the history

  30. 🌱 Bump github.com/bradleyfalzon/ghinstallation/v2 (ossf#3260) 

    Bumps [github.com/bradleyfalzon/ghinstallation/v2](https://github.com/bradleyfalzon/ghinstallation) from 2.5.0 to 2.6.0.
- [Release notes](https://github.com/bradleyfalzon/ghinstallation/releases)
- [Commits](bradleyfalzon/ghinstallation@v2.5.0...v2.6.0)

---
updated-dependencies:
- dependency-name: github.com/bradleyfalzon/ghinstallation/v2
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Signed-off-by: André Backman <andre.backman@nokia.com>
    @dependabot
    dependabot[bot] authored and André Backman committed Jul 26, 2023
    Configuration menu
    Copy the full SHA
    33f4fb3 View commit details
    Browse the repository at this point in the history

  31. 🌱Add urls for opentelemetry, micrometer and new relic to weekly cron (o… 

    …ssf#3248)

* add urls for opentelemetry and micrometer

Signed-off-by: Ajmal Kottilingal <ajmal.kottilingal@transferwise.com>

* add jakarta-activation url

Signed-off-by: Ajmal Kottilingal <ajmal.kottilingal@transferwise.com>

* adding json-path

Signed-off-by: Ajmal Kottilingal <ajmal.kottilingal@transferwise.com>

* fix uing make

Signed-off-by: Ajmal Kottilingal <ajmal.kottilingal@transferwise.com>

---------

Signed-off-by: Ajmal Kottilingal <ajmal.kottilingal@transferwise.com>
Signed-off-by: André Backman <andre.backman@nokia.com>
    @ajmalab
    ajmalab authored and André Backman committed Jul 26, 2023
    Configuration menu
    Copy the full SHA
    4b16bf9 View commit details
    Browse the repository at this point in the history

  32. 🐛 Add npm installs to Pinned-Dependencies score (ossf#2960) 

    * feat: Add npm install to pinned dependencies score

Signed-off-by: Gabriela Gutierrez <gabigutierrez@google.com>

* test: Fix pinned dependencies evaluation tests

Considering the new npm installs dependencies in Pinned-Dependencies score, there are some changes. Now, all tests generate one more Info log for "npm installs are all pinned". Also, for "various wanrings" test, the total score has to weight now 6 scores instead of 5. The new score counts 10 for actionScore, 0 for dockerFromScore, 0 for dockerDownloadScore, 0 for scriptScore, 0 for pipScore and 10 for npm score, which gives us 20/6~=3.

Signed-off-by: Gabriela Gutierrez <gabigutierrez@google.com>

* test: Fix pinned dependencies e2e tests

Considering the new npm installs dependencies in Pinned-Dependencies score, there are some changes. The repo being tested, ossf-tests/scorecard-check-pinned-dependencies-e2e, has third-party GitHub actions pinned, no npm installs, and all other dependencies types are unpinned. This gives us 8 for actionScore, 10 for npmScore and 0 for all other scores. Previously the total score was 8/5~=1, and now the total score is 18/6=3. Also, since there are no npm installs, there's one more Info log for "npm installs are pinned".

Signed-off-by: Gabriela Gutierrez <gabigutierrez@google.com>

* test: Fix typo

Signed-off-by: Gabriela Gutierrez <gabigutierrez@google.com>

* test: Unpinned npm install score

When having one unpinned npm install and all other dependencies pinned, the score should be 50/6~=8. Also, it should raise 1 warning for the unpinned npm install, 6 infos saying the other dependency types are pinned (2 for GHAs, 2 for dockerfile image and downdloads, 1 for script downdloads and 1 for pip installs), and 0 debug logs since the npm install dependency does not have an error message.

Signed-off-by: Gabriela Gutierrez <gabigutierrez@google.com>

* test: Undefined npm install score

When an error happens to parse a npm install dependency, the error/debug message is saved in "Msg" field. In this case, we were not able to define if the npm install is pinned or not. This dependency is classified as pinned undefined. We treat such cases as pinned cases, so it logs as Info that npm installs are all pinned and counts the score as 10. Then, the final score makes it to 10 as well. Since it logs the error/debug message, the Debug log goes to 1.

Signed-off-by: Gabriela Gutierrez <gabigutierrez@google.com>

* test: Fix typo

Signed-off-by: Gabriela Gutierrez <gabigutierrez@google.com>

* test: Fix "validate various warnings and info" test

Considering the new npm installs dependencies in Pinned-Dependencies score, there are some changes. Now, all tests generate one more Info log for "npm installs are all pinned". Also, this test total score has to weight now 6 scores instead of 5. The new score counts 10 for actionScore, 0 for dockerFromScore, 0 for dockerDownloadScore, 0 for scriptScore, 0 for pipScore and 10 for npm score, which gives us 20/6~=3.

Signed-off-by: Gabriela Gutierrez <gabigutierrez@google.com>

* fix: npm dependencies pinned log

Signed-off-by: Gabriela Gutierrez <gabigutierrez@google.com>

* test: Remove test of error when parsing an npm dependency

Signed-off-by: Gabriela Gutierrez <gabigutierrez@google.com>

---------

Signed-off-by: Gabriela Gutierrez <gabigutierrez@google.com>
Signed-off-by: André Backman <andre.backman@nokia.com>
    @gabibguti
    gabibguti authored and André Backman committed Jul 26, 2023
    Configuration menu
    Copy the full SHA
    3fb0fb9 View commit details
    Browse the repository at this point in the history

  33. 🌱 Bump github.com/moby/buildkit from 0.11.6 to 0.12.0 (ossf#3264) 

    Bumps [github.com/moby/buildkit](https://github.com/moby/buildkit) from 0.11.6 to 0.12.0.
- [Release notes](https://github.com/moby/buildkit/releases)
- [Commits](moby/buildkit@v0.11.6...v0.12.0)

---
updated-dependencies:
- dependency-name: github.com/moby/buildkit
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Signed-off-by: André Backman <andre.backman@nokia.com>
    @dependabot
    dependabot[bot] authored and André Backman committed Jul 26, 2023
    Configuration menu
    Copy the full SHA
    b3383af View commit details
    Browse the repository at this point in the history

  34. Ack linter warning and add tracking issue. (ossf#3263) 

    Signed-off-by: Spencer Schrock <sschrock@google.com>
Signed-off-by: André Backman <andre.backman@nokia.com>
    @spencerschrock
    spencerschrock authored and André Backman committed Jul 26, 2023
    Configuration menu
    Copy the full SHA
    aacf508 View commit details
    Browse the repository at this point in the history

  35. 🐛 Forgive job-level permissions (ossf#3162) 

    * Forgive all job-level permissions

Signed-off-by: Pedro Kaj Kjellerup Nacht <pnacht@google.com>

* Update tests

Signed-off-by: Pedro Kaj Kjellerup Nacht <pnacht@google.com>

* Replace magic number

Signed-off-by: Pedro Kaj Kjellerup Nacht <pnacht@google.com>

* Rename test

Signed-off-by: Pedro Kaj Kjellerup Nacht <pnacht@google.com>

* Test that multiple job-level permissions are forgiven

Signed-off-by: Pedro Kaj Kjellerup Nacht <pnacht@google.com>

* Drop unused permissionIsPresent

Signed-off-by: Pedro Kaj Kjellerup Nacht <pnacht@google.com>

* Update documentation

Signed-off-by: Pedro Kaj Kjellerup Nacht <pnacht@google.com>

* Modify score descriptions

Signed-off-by: Pedro Kaj Kjellerup Nacht <pnacht@google.com>

* Document warning for job-level permissions

Signed-off-by: Pedro Kaj Kjellerup Nacht <pnacht@google.com>

* List job-level permissions that get WARNed

Signed-off-by: Pedro Kaj Kjellerup Nacht <pnacht@google.com>

---------

Signed-off-by: Pedro Kaj Kjellerup Nacht <pnacht@google.com>
Signed-off-by: André Backman <andre.backman@nokia.com>
    @pnacht
    pnacht authored and André Backman committed Jul 26, 2023
    Configuration menu
    Copy the full SHA
    afab330 View commit details
    Browse the repository at this point in the history

  36. 🐛 Fix typo (ossf#3267) 

    Signed-off-by: Eugene Kliuchnikov <eustas@google.com>
Signed-off-by: André Backman <andre.backman@nokia.com>
    @eustas
    eustas authored and André Backman committed Jul 26, 2023
    Configuration menu
    Copy the full SHA
    f21d4a9 View commit details
    Browse the repository at this point in the history

  37. 📖 Suggest new score viewer on badge documentation (ossf#3268) 

    * docs(readme): suggest new score viewer on badge documentation

Signed-off-by: Diogo Teles Sant'Anna <diogoteles@google.com>

* docs(readme): add link to ossf blogpost about the badge

Signed-off-by: Diogo Teles Sant'Anna <diogoteles@google.com>

* docs: update badge of our own README to the new viewer

Signed-off-by: Diogo Teles Sant'Anna <diogoteles@google.com>

---------

Signed-off-by: Diogo Teles Sant'Anna <diogoteles@google.com>
Signed-off-by: André Backman <andre.backman@nokia.com>
    @diogoteles08
    diogoteles08 authored and André Backman committed Jul 26, 2023
    Configuration menu
    Copy the full SHA
    7b54c57 View commit details
    Browse the repository at this point in the history

  38. 🌱 Bump tj-actions/changed-files from 37.1.1 to 37.1.2 (ossf#3266) 

    Bumps [tj-actions/changed-files](https://github.com/tj-actions/changed-files) from 37.1.1 to 37.1.2.
- [Release notes](https://github.com/tj-actions/changed-files/releases)
- [Changelog](https://github.com/tj-actions/changed-files/blob/main/HISTORY.md)
- [Commits](tj-actions/changed-files@1f20fb8...2a968ff)

---
updated-dependencies:
- dependency-name: tj-actions/changed-files
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Signed-off-by: André Backman <andre.backman@nokia.com>
    @dependabot
    dependabot[bot] authored and André Backman committed Jul 26, 2023
    Configuration menu
    Copy the full SHA
    498410a View commit details
    Browse the repository at this point in the history

  39. 🌱 Update the cover profile for e2e (ossf#3271) 

    - Update the cover profile for e2e

Signed-off-by: naveensrinivasan <172697+naveensrinivasan@users.noreply.github.com>
Signed-off-by: André Backman <andre.backman@nokia.com>
    @naveensrinivasan
    naveensrinivasan authored and André Backman committed Jul 26, 2023
    Configuration menu
    Copy the full SHA
    a09e57d View commit details
    Browse the repository at this point in the history

  40. 🌱 Improve e2e workflow tests (ossf#3273) 

    - Add e2e test for workflow runs
- Retrieve successful runs of the scorecard-analysis.yml workflow

Signed-off-by: naveensrinivasan <172697+naveensrinivasan@users.noreply.github.com>
Signed-off-by: André Backman <andre.backman@nokia.com>
    @naveensrinivasan
    naveensrinivasan authored and André Backman committed Jul 26, 2023
    Configuration menu
    Copy the full SHA
    5c9bdde View commit details
    Browse the repository at this point in the history

  41. 🌱 Excluded dependabot from codecov (ossf#3272) 

    - Exclude dependabot from codecov job in main.yml

[.github/workflows/main.yml]
- Exclude dependabot from codecov job

Signed-off-by: naveensrinivasan <172697+naveensrinivasan@users.noreply.github.com>
Signed-off-by: André Backman <andre.backman@nokia.com>
    @naveensrinivasan
    naveensrinivasan authored and André Backman committed Jul 26, 2023
    Configuration menu
    Copy the full SHA
    bc290f0 View commit details
    Browse the repository at this point in the history

  42. 🌱 Increase test coverage for searching commits (ossf#3276) 

    - Add an e2e test for searching commits by author
- Search commits by author `dependabot[bot]` and expect results

Signed-off-by: naveensrinivasan <172697+naveensrinivasan@users.noreply.github.com>
Signed-off-by: André Backman <andre.backman@nokia.com>
    @naveensrinivasan
    naveensrinivasan authored and André Backman committed Jul 26, 2023
    Configuration menu
    Copy the full SHA
    4f2eaea View commit details
    Browse the repository at this point in the history

  43. 🐛 Fix Branch-Protection scoring (ossf#3251) 

    * fix: Verify if branch is required to be up to date before merge

Signed-off-by: Gabriela Gutierrez <gabigutierrez@google.com>

* docs: Comment tracking GraphQL bug

Signed-off-by: Gabriela Gutierrez <gabigutierrez@google.com>

* fix: Add validation if pointers are not null before accessing the values

Signed-off-by: Gabriela Gutierrez <gabigutierrez@google.com>

* fix: Delete debug log file

Signed-off-by: Gabriela Gutierrez <gabigutierrez@google.com>

---------

Signed-off-by: Gabriela Gutierrez <gabigutierrez@google.com>
Signed-off-by: André Backman <andre.backman@nokia.com>
    @gabibguti
    gabibguti authored and André Backman committed Jul 26, 2023
    Configuration menu
    Copy the full SHA
    9740339 View commit details
    Browse the repository at this point in the history

  44. ✨ scdiff: generate cmd skeleton (ossf#3275) 

    * add scdiff root command

Signed-off-by: Spencer Schrock <sschrock@google.com>

* Add generate boilerplate.

Signed-off-by: Spencer Schrock <sschrock@google.com>

* get rid of init

Signed-off-by: Spencer Schrock <sschrock@google.com>

* read newline delimitted repo file

Signed-off-by: Spencer Schrock <sschrock@google.com>

* Run scorecard and echo results.

Signed-off-by: Spencer Schrock <sschrock@google.com>

* add license

Signed-off-by: Spencer Schrock <sschrock@google.com>

* add basic runner tests.

Signed-off-by: Spencer Schrock <sschrock@google.com>

* Add Runner comment.

Signed-off-by: Spencer Schrock <sschrock@google.com>

* switch to using scorecard logger.

Signed-off-by: Spencer Schrock <sschrock@google.com>

* linter fix

Signed-off-by: Spencer Schrock <sschrock@google.com>

---------

Signed-off-by: Spencer Schrock <sschrock@google.com>
Signed-off-by: André Backman <andre.backman@nokia.com>
    @spencerschrock
    spencerschrock authored and André Backman committed Jul 26, 2023
    Configuration menu
    Copy the full SHA
    4d8e1e4 View commit details
    Browse the repository at this point in the history

  45. 🌱 Delete unused project-update functionality. (ossf#3269) 

    Signed-off-by: Spencer Schrock <sschrock@google.com>
Signed-off-by: André Backman <andre.backman@nokia.com>
    @spencerschrock
    spencerschrock authored and André Backman committed Jul 26, 2023
    Configuration menu
    Copy the full SHA
    b0c125c View commit details
    Browse the repository at this point in the history

  46. 🌱 Bump tj-actions/changed-files from 37.1.2 to 37.3.0 (ossf#3280) 

    Bumps [tj-actions/changed-files](https://github.com/tj-actions/changed-files) from 37.1.2 to 37.3.0.
- [Release notes](https://github.com/tj-actions/changed-files/releases)
- [Changelog](https://github.com/tj-actions/changed-files/blob/main/HISTORY.md)
- [Commits](tj-actions/changed-files@2a968ff...3928317)

---
updated-dependencies:
- dependency-name: tj-actions/changed-files
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Signed-off-by: André Backman <andre.backman@nokia.com>
    @dependabot
    dependabot[bot] authored and André Backman committed Jul 26, 2023
    Configuration menu
    Copy the full SHA
    4662f01 View commit details
    Browse the repository at this point in the history

  47. 🌱 Bump github.com/google/osv-scanner from 1.3.5 to 1.3.6 (ossf#3281) 

    Bumps [github.com/google/osv-scanner](https://github.com/google/osv-scanner) from 1.3.5 to 1.3.6.
- [Release notes](https://github.com/google/osv-scanner/releases)
- [Changelog](https://github.com/google/osv-scanner/blob/main/CHANGELOG.md)
- [Commits](google/osv-scanner@v1.3.5...v1.3.6)

---
updated-dependencies:
- dependency-name: github.com/google/osv-scanner
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Signed-off-by: André Backman <andre.backman@nokia.com>
    @dependabot
    dependabot[bot] authored and André Backman committed Jul 26, 2023
    Configuration menu
    Copy the full SHA
    6c6b8ac View commit details
    Browse the repository at this point in the history

  48. 🌱 Bump gocloud.dev from 0.30.0 to 0.32.0 (ossf#3284) 

    Bumps [gocloud.dev](https://github.com/google/go-cloud) from 0.30.0 to 0.32.0.
- [Release notes](https://github.com/google/go-cloud/releases)
- [Commits](google/go-cloud@v0.30.0...v0.32.0)

---
updated-dependencies:
- dependency-name: gocloud.dev
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Signed-off-by: André Backman <andre.backman@nokia.com>
    @dependabot
    dependabot[bot] authored and André Backman committed Jul 26, 2023
    Configuration menu
    Copy the full SHA
    9c9bf4a View commit details
    Browse the repository at this point in the history

  49. 🌱 Include attestor Dockerfile in CI and dependabot updates (ossf#3285) 

    Signed-off-by: Spencer Schrock <sschrock@google.com>
Signed-off-by: André Backman <andre.backman@nokia.com>
    @spencerschrock
    spencerschrock authored and André Backman committed Jul 26, 2023
    Configuration menu
    Copy the full SHA
    8a4b5f8 View commit details
    Browse the repository at this point in the history

  50. 🌱 Bump tj-actions/changed-files from 37.3.0 to 37.4.0 

    Bumps [tj-actions/changed-files](https://github.com/tj-actions/changed-files) from 37.3.0 to 37.4.0.
- [Release notes](https://github.com/tj-actions/changed-files/releases)
- [Changelog](https://github.com/tj-actions/changed-files/blob/main/HISTORY.md)
- [Commits](tj-actions/changed-files@3928317...de0eba3)

---
updated-dependencies:
- dependency-name: tj-actions/changed-files
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: André Backman <andre.backman@nokia.com>
    @dependabot
    dependabot[bot] authored and André Backman committed Jul 26, 2023
    Configuration menu
    Copy the full SHA
    428a85e View commit details
    Browse the repository at this point in the history

  51. 🌱 Bump google-appengine/debian11 in /attestor 

    Bumps google-appengine/debian11 from `fed7dd5` to `97dc4fb`.

---
updated-dependencies:
- dependency-name: google-appengine/debian11
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: André Backman <andre.backman@nokia.com>
    @dependabot
    dependabot[bot] authored and André Backman committed Jul 26, 2023
    Configuration menu
    Copy the full SHA
    7b7f526 View commit details
    Browse the repository at this point in the history

  52. 🌱 Bump github.com/xanzy/go-gitlab from 0.86.0 to 0.88.0 

    Bumps [github.com/xanzy/go-gitlab](https://github.com/xanzy/go-gitlab) from 0.86.0 to 0.88.0.
- [Changelog](https://github.com/xanzy/go-gitlab/blob/master/releases_test.go)
- [Commits](xanzy/go-gitlab@v0.86.0...v0.88.0)

---
updated-dependencies:
- dependency-name: github.com/xanzy/go-gitlab
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: André Backman <andre.backman@nokia.com>
    @dependabot
    dependabot[bot] authored and André Backman committed Jul 26, 2023
    Configuration menu
    Copy the full SHA
    b469dc6 View commit details
    Browse the repository at this point in the history

  53. 🌱 Use a matrix for docker image building (ossf#3290) 

    * working matrix.

Signed-off-by: Spencer Schrock <sschrock@google.com>

* Remove unneeded env vars. Add comments.

Signed-off-by: Spencer Schrock <sschrock@google.com>

* minor syntax change.

Signed-off-by: Spencer Schrock <sschrock@google.com>

---------

Signed-off-by: Spencer Schrock <sschrock@google.com>
Signed-off-by: André Backman <andre.backman@nokia.com>
    @spencerschrock
    spencerschrock authored and André Backman committed Jul 26, 2023
    Configuration menu
    Copy the full SHA
    000756b View commit details
    Browse the repository at this point in the history

  54. 🌱 Improve e2e workflow tests (ossf#3282) 

    - Ensure that only head queries are supported in workflow tests
- Add a test to detect when a non-existent workflow file is used

[e2e/workflow_test.go]
- Add a test to check that only head queries are supported
- Add a test to check that a non-existent workflow file returns an error

Signed-off-by: naveensrinivasan <172697+naveensrinivasan@users.noreply.github.com>
Signed-off-by: André Backman <andre.backman@nokia.com>
    @naveensrinivasan
    naveensrinivasan authored and André Backman committed Jul 26, 2023
    Configuration menu
    Copy the full SHA
    9a01eaa View commit details
    Browse the repository at this point in the history

  55. 🌱 Use a matrix for when building binaries in main.yml (ossf#3291) 

    * Use matrix for build jobs.

Signed-off-by: Spencer Schrock <sschrock@google.com>

* These build targets dont seem to need protoc.

This lets us save the API quota.

Signed-off-by: Spencer Schrock <sschrock@google.com>

---------

Signed-off-by: Spencer Schrock <sschrock@google.com>
Signed-off-by: André Backman <andre.backman@nokia.com>
    @spencerschrock
    spencerschrock authored and André Backman committed Jul 26, 2023
    Configuration menu
    Copy the full SHA
    12b1ab2 View commit details
    Browse the repository at this point in the history

  56. 🌱 Fix hanging docker jobs for doc only changes. (ossf#3292) 

    Signed-off-by: Spencer Schrock <sschrock@google.com>
Signed-off-by: André Backman <andre.backman@nokia.com>
    @spencerschrock
    spencerschrock authored and André Backman committed Jul 26, 2023
    Configuration menu
    Copy the full SHA
    8a2606c View commit details
    Browse the repository at this point in the history

  57. 📖 Add contributor ladder (ossf#3246) 

    * Add contributor ladder

Signed-off-by: Pedro Kaj Kjellerup Nacht <pnacht@google.com>

* Clarify sponsorship

Signed-off-by: Pedro Kaj Kjellerup Nacht <pnacht@google.com>

* Hope for retirement warning

Signed-off-by: Pedro Kaj Kjellerup Nacht <pnacht@google.com>

* 1 maintainer can sponsor a community member

Signed-off-by: Pedro Kaj Kjellerup Nacht <pnacht@google.com>

* Apply suggestions from code review

Co-authored-by: Raghav Kaul <8695110+raghavkaul@users.noreply.github.com>
Signed-off-by: Pedro Nacht <pedro.k.night@gmail.com>

---------

Signed-off-by: Pedro Kaj Kjellerup Nacht <pnacht@google.com>
Signed-off-by: Pedro Nacht <pedro.k.night@gmail.com>
Signed-off-by: André Backman <andre.backman@nokia.com>
    @pnacht
    pnacht authored and André Backman committed Jul 26, 2023
    Configuration menu
    Copy the full SHA
    4c6eb93 View commit details
    Browse the repository at this point in the history

  58. 🌱 Consolidate GitLab e2e workflows. (ossf#3278) 

    * Move gitlab to different workflow to parallelize.

Signed-off-by: Spencer Schrock <sschrock@google.com>

* Add missing versions.

Signed-off-by: Spencer Schrock <sschrock@google.com>

---------

Signed-off-by: Spencer Schrock <sschrock@google.com>
Signed-off-by: André Backman <andre.backman@nokia.com>
    @spencerschrock
    spencerschrock authored and André Backman committed Jul 26, 2023
    Configuration menu
    Copy the full SHA
    d4f7a7e View commit details
    Browse the repository at this point in the history

  59. 🌱 Add separate cache for long-running tests (ossf#3293) 

    * Add separate cache for unit tests.

Signed-off-by: Spencer Schrock <sschrock@google.com>

* share cache with gitlab tests too.

Signed-off-by: Spencer Schrock <sschrock@google.com>

* share cache with github integration tests.

Signed-off-by: Spencer Schrock <sschrock@google.com>

* explicitly download modules in unit test job

Signed-off-by: Spencer Schrock <sschrock@google.com>

* checkout needs to be before the go.mod is read.

Signed-off-by: Spencer Schrock <sschrock@google.com>

* checkout needs to be before the go.sum files are hashed.

Signed-off-by: Spencer Schrock <sschrock@google.com>

---------

Signed-off-by: Spencer Schrock <sschrock@google.com>
Signed-off-by: André Backman <andre.backman@nokia.com>
    @spencerschrock
    spencerschrock authored and André Backman committed Jul 26, 2023
    Configuration menu
    Copy the full SHA
    fe46425 View commit details
    Browse the repository at this point in the history

  60. 🌱 Bump github.com/go-git/go-git/v5 from 5.7.0 to 5.8.0 (ossf#3297) 

    Bumps [github.com/go-git/go-git/v5](https://github.com/go-git/go-git) from 5.7.0 to 5.8.0.
- [Release notes](https://github.com/go-git/go-git/releases)
- [Commits](go-git/go-git@v5.7.0...v5.8.0)

---
updated-dependencies:
- dependency-name: github.com/go-git/go-git/v5
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Signed-off-by: André Backman <andre.backman@nokia.com>
    @dependabot
    dependabot[bot] authored and André Backman committed Jul 26, 2023
    Configuration menu
    Copy the full SHA
    3d945aa View commit details
    Browse the repository at this point in the history

  61. 🌱 Bump github.com/onsi/gomega from 1.27.8 to 1.27.9 (ossf#3298) 

    Bumps [github.com/onsi/gomega](https://github.com/onsi/gomega) from 1.27.8 to 1.27.9.
- [Release notes](https://github.com/onsi/gomega/releases)
- [Changelog](https://github.com/onsi/gomega/blob/master/CHANGELOG.md)
- [Commits](onsi/gomega@v1.27.8...v1.27.9)

---
updated-dependencies:
- dependency-name: github.com/onsi/gomega
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Signed-off-by: André Backman <andre.backman@nokia.com>
    @dependabot
    dependabot[bot] authored and André Backman committed Jul 26, 2023
    Configuration menu
    Copy the full SHA
    e36c0cf View commit details
    Browse the repository at this point in the history

  62. 🌱 Improve search commit e2e tests (ossf#3295) 

    - Add 2 tests for searching commits in e2e/searchCommits_test.go
- Fix errors in e2e/searchCommits_test.go when not using HEAD or when user does not exist

[e2e/searchCommits_test.go]
- Add 2 tests for searching commits
- Fix error when not using HEAD
- Fix error when user does not exist

Signed-off-by: naveensrinivasan <172697+naveensrinivasan@users.noreply.github.com>
Signed-off-by: André Backman <andre.backman@nokia.com>
    @naveensrinivasan
    naveensrinivasan authored and André Backman committed Jul 26, 2023
    Configuration menu
    Copy the full SHA
    bcecbe0 View commit details
    Browse the repository at this point in the history

  63. 📖 update docs for webhooks documentation (ossf#3299) 

    * update docs for webhooks documentation

Signed-off-by: leec94 <leec94@bu.edu>

* change webhook severity in readme

Signed-off-by: leec94 <leec94@bu.edu>

---------

Signed-off-by: leec94 <leec94@bu.edu>
Signed-off-by: André Backman <andre.backman@nokia.com>
    @leec94
    leec94 authored and André Backman committed Jul 26, 2023
    Configuration menu
    Copy the full SHA
    16ff86e View commit details
    Browse the repository at this point in the history

  64. 🌱 Unit tests OSSFuzz client (ossf#3301) 

    * 🌱 Unit tests OSSFuzz client

- Included tests for  IsArchived, LocalPath, ListFiles, GetFileContent, GetBranch, GetDefaultBranch, GetOrgRepoClient, GetDefaultBranchName, ListCommits, ListIssues, ListReleases, ListContributors, ListSuccessfulWorkflowRuns, ListCheckRunsForRef, ListStatuses, ListWebhooks, SearchCommits, Close, ListProgrammingLanguages,

Signed-off-by: naveensrinivasan <172697+naveensrinivasan@users.noreply.github.com>

* Improve OSSFuzz client tests

[clients/ossfuzz/client_test.go]
- Add a test for the `GetCreatedAt` method
- Fix the `URI` method to return the correct value

Signed-off-by: naveensrinivasan <172697+naveensrinivasan@users.noreply.github.com>

---------

Signed-off-by: naveensrinivasan <172697+naveensrinivasan@users.noreply.github.com>
Signed-off-by: André Backman <andre.backman@nokia.com>
    @naveensrinivasan
    naveensrinivasan authored and André Backman committed Jul 26, 2023
    Configuration menu
    Copy the full SHA
    b78351e View commit details
    Browse the repository at this point in the history

  65. 🌱 Ensure check markdown is kept in sync with source yaml. (ossf#3300) 

    * Ensure check markdown is kept in sync with check yaml.

Signed-off-by: Spencer Schrock <sschrock@google.com>

* change generate-docs target to detect changes to docs/checks.md directly.

Signed-off-by: Spencer Schrock <sschrock@google.com>

---------

Signed-off-by: Spencer Schrock <sschrock@google.com>
Signed-off-by: André Backman <andre.backman@nokia.com>
    @spencerschrock
    spencerschrock authored and André Backman committed Jul 26, 2023
    Configuration menu
    Copy the full SHA
    4df887c View commit details
    Browse the repository at this point in the history

  66. Update def.yml license 

    Signed-off-by: André Backman <88145164+andrelmbackman@users.noreply.github.com>
Signed-off-by: André Backman <andre.backman@nokia.com>
    @andrelmbackman
    andrelmbackman authored and André Backman committed Jul 26, 2023
    Configuration menu
    Copy the full SHA
    ecdac60 View commit details
    Browse the repository at this point in the history

  67. Update def.yml license 

    Signed-off-by: André Backman <88145164+andrelmbackman@users.noreply.github.com>
Signed-off-by: André Backman <andre.backman@nokia.com>
    @andrelmbackman
    andrelmbackman authored and André Backman committed Jul 26, 2023
    Configuration menu
    Copy the full SHA
    3c748e2 View commit details
    Browse the repository at this point in the history

  68. Update def.yml license 

    Signed-off-by: André Backman <88145164+andrelmbackman@users.noreply.github.com>
Signed-off-by: André Backman <andre.backman@nokia.com>
    @andrelmbackman
    andrelmbackman authored and André Backman committed Jul 26, 2023
    Configuration menu
    Copy the full SHA
    6816000 View commit details
    Browse the repository at this point in the history

  69. Update code_review.go license 

    Signed-off-by: André Backman <88145164+andrelmbackman@users.noreply.github.com>
Signed-off-by: André Backman <andre.backman@nokia.com>
    @andrelmbackman
    andrelmbackman authored and André Backman committed Jul 26, 2023
    Configuration menu
    Copy the full SHA
    3ceec71 View commit details
    Browse the repository at this point in the history

  70. Update entries.go; CodeReviewChecks now called CodeReview 

    Signed-off-by: André Backman <88145164+andrelmbackman@users.noreply.github.com>
Signed-off-by: André Backman <andre.backman@nokia.com>
    @andrelmbackman
    andrelmbackman authored and André Backman committed Jul 26, 2023
    Configuration menu
    Copy the full SHA
    6690d74 View commit details
    Browse the repository at this point in the history

  71. refactor codeReviewTwoReviewers; moved utility functions into impl.go 

    Signed-off-by: André Backman <andre.backman@nokia.com>
    André Backman committed Jul 26, 2023
    Configuration menu
    Copy the full SHA
    b5db158 View commit details
    Browse the repository at this point in the history

  72. Update impl.go, refactor codeReviewTwoReviewers; moved utility functi… 

    …ons into impl.go

Signed-off-by: André Backman <88145164+andrelmbackman@users.noreply.github.com>
    @andrelmbackman
    andrelmbackman authored and André Backman committed Jul 26, 2023
    Configuration menu
    Copy the full SHA
    8ee476b View commit details
    Browse the repository at this point in the history

  73. resolved conflicts 

    Signed-off-by: André Backman <andre.backman@nokia.com>
    André Backman committed Jul 26, 2023
    Configuration menu
    Copy the full SHA
    b9df495 View commit details
    Browse the repository at this point in the history

  74. Merge branch 'main' into probes/code-review

    @andrelmbackman
    andrelmbackman committed Jul 26, 2023
    Configuration menu
    Copy the full SHA
    30489fc View commit details
    Browse the repository at this point in the history

  75. Merge branch 'probes/code-review' of https://github.com/nokia/scorecard 

    … into probes/code-review

Signed-off-by: André Backman <andre.backman@nokia.com>
    André Backman committed Jul 26, 2023
    Configuration menu
    Copy the full SHA
    36bfc66 View commit details
    Browse the repository at this point in the history

  76. Update go.mod, aligned imports 

    Signed-off-by: André Backman <88145164+andrelmbackman@users.noreply.github.com>
    @andrelmbackman
    andrelmbackman committed Jul 26, 2023
    Configuration menu
    Copy the full SHA
    63f7aae View commit details
    Browse the repository at this point in the history

Commits on Aug 1, 2023

  1. update license comments 

    Signed-off-by: André Backman <andre.backman@nokia.com>
    André Backman committed Aug 1, 2023
    Configuration menu
    Copy the full SHA
    79fe5f0 View commit details
    Browse the repository at this point in the history

  2. update license comments 

    Signed-off-by: André Backman <andre.backman@nokia.com>
    André Backman committed Aug 1, 2023
    Configuration menu
    Copy the full SHA
    7533c8c View commit details
    Browse the repository at this point in the history

  3. change EOL = CRLF to LF 

    Signed-off-by: André Backman <andre.backman@nokia.com>
    André Backman committed Aug 1, 2023
    Configuration menu
    Copy the full SHA
    bbb281c View commit details
    Browse the repository at this point in the history

  4. add error handling in case of no changesets 

    Signed-off-by: André Backman <andre.backman@nokia.com>
    André Backman committed Aug 1, 2023
    Configuration menu
    Copy the full SHA
    685bd9e View commit details
    Browse the repository at this point in the history

  5. completed tests for code-review probes 

    Signed-off-by: André Backman <andre.backman@nokia.com>
    André Backman committed Aug 1, 2023
    Configuration menu
    Copy the full SHA
    c640b8d View commit details
    Browse the repository at this point in the history

  6. update codeReview probes and utils 

    Signed-off-by: André Backman <andre.backman@nokia.com>
    André Backman committed Aug 1, 2023
    Configuration menu
    Copy the full SHA
    da497f2 View commit details
    Browse the repository at this point in the history

  7. fixed some lint errors, check for more 

    Signed-off-by: André Backman <andre.backman@nokia.com>
    André Backman committed Aug 1, 2023
    Configuration menu
    Copy the full SHA
    1bda8a1 View commit details
    Browse the repository at this point in the history

Commits on Aug 2, 2023

  1. fixed lint issues 

    Signed-off-by: André Backman <andre.backman@nokia.com>
    André Backman committed Aug 2, 2023
    Configuration menu
    Copy the full SHA
    e7172e3 View commit details
    Browse the repository at this point in the history

  2. fix lint errors 

    Signed-off-by: André Backman <andre.backman@nokia.com>
    André Backman committed Aug 2, 2023
    Configuration menu
    Copy the full SHA
    ba6b5ee View commit details
    Browse the repository at this point in the history

  3. add test for multiple reviews with only one unique reviewer 

    Signed-off-by: André Backman <andre.backman@nokia.com>
    André Backman committed Aug 2, 2023
    Configuration menu
    Copy the full SHA
    9ec38ca View commit details
    Browse the repository at this point in the history

  4. simplify func uniqueReviewers, use map[string]bool 

    Signed-off-by: André Backman <andre.backman@nokia.com>
    André Backman committed Aug 2, 2023
    Configuration menu
    Copy the full SHA
    f561ea2 View commit details
    Browse the repository at this point in the history

  5. fix linting error 

    Signed-off-by: André Backman <andre.backman@nokia.com>
    André Backman committed Aug 2, 2023
    Configuration menu
    Copy the full SHA
    1e944dd View commit details
    Browse the repository at this point in the history

Commits on Aug 3, 2023

  1. moved probe tests to their own function 

    Signed-off-by: André Backman <andre.backman@nokia.com>
    André Backman committed Aug 3, 2023
    Configuration menu
    Copy the full SHA
    b2f8394 View commit details
    Browse the repository at this point in the history

  2. fix comment syntax 

    Signed-off-by: André Backman <andre.backman@nokia.com>
    André Backman committed Aug 3, 2023
    Configuration menu
    Copy the full SHA
    1aa08fe View commit details
    Browse the repository at this point in the history

  3. gci-ed files to fix linter errors 

    Signed-off-by: André Backman <andre.backman@nokia.com>
    André Backman committed Aug 3, 2023
    Configuration menu
    Copy the full SHA
    64cbe05 View commit details
    Browse the repository at this point in the history

  4. implement change to skip bot-authored changesets that are reviewed/ap… 

    …proved

Signed-off-by: André Backman <andre.backman@nokia.com>
    André Backman committed Aug 3, 2023
    Configuration menu
    Copy the full SHA
    57adecf View commit details
    Browse the repository at this point in the history

  5. rewrite finding message 

    Signed-off-by: André Backman <andre.backman@nokia.com>
    André Backman committed Aug 3, 2023
    Configuration menu
    Copy the full SHA
    46a889a View commit details
    Browse the repository at this point in the history

  6. fix output message; do not count the number of approved bot-authored … 

    …changesets

Signed-off-by: André Backman <andre.backman@nokia.com>
    André Backman committed Aug 3, 2023
    Configuration menu
    Copy the full SHA
    b23daa1 View commit details
    Browse the repository at this point in the history

  7. fix typos 

    Signed-off-by: André Backman <andre.backman@nokia.com>
    André Backman committed Aug 3, 2023
    Configuration menu
    Copy the full SHA
    51a9ac8 View commit details
    Browse the repository at this point in the history

Commits on Aug 4, 2023

  1. Merge branch 'main' into probes/code-review 

    Signed-off-by: André Backman <88145164+andrelmbackman@users.noreply.github.com>
    @andrelmbackman
    andrelmbackman committed Aug 4, 2023
    Configuration menu
    Copy the full SHA
    e0693be View commit details
    Browse the repository at this point in the history

Commits on Aug 18, 2023

  1. moved probe tests to their corresponding location 

    Signed-off-by: André Backman <andrebackmann@gmail.com>
    @andrelmbackman
    andrelmbackman committed Aug 18, 2023
    Configuration menu
    Copy the full SHA
    9945678 View commit details
    Browse the repository at this point in the history

  2. removed redundant probe codeReviewed 

    Signed-off-by: André Backman <andrebackmann@gmail.com>
    @andrelmbackman
    andrelmbackman committed Aug 18, 2023
    Configuration menu
    Copy the full SHA
    202c0df View commit details
    Browse the repository at this point in the history

  3. Merge branch 'main' into probes/code-review

    @andrelmbackman
    andrelmbackman committed Aug 18, 2023
    Configuration menu
    Copy the full SHA
    6f4a3c3 View commit details
    Browse the repository at this point in the history

Commits on Oct 30, 2023

  1. Merge branch 'main' into probes/code-review 

    Signed-off-by: jitsengupta17 <145664639+jitsengupta17@users.noreply.github.com>
    @jitsengupta17
    jitsengupta17 committed Oct 30, 2023
    Configuration menu
    Copy the full SHA
    4a140d5 View commit details
    Browse the repository at this point in the history

Commits on Nov 2, 2023

  1. Merge branch 'main' into probes/code-review

    @jitsengupta17
    jitsengupta17 committed Nov 2, 2023
    Configuration menu
    Copy the full SHA
    fb2abcc View commit details
    Browse the repository at this point in the history

Commits on Nov 10, 2023

  1. Merge branch 'main' into probes/code-review 

    Signed-off-by: jitsengupta17 <145664639+jitsengupta17@users.noreply.github.com>
    @jitsengupta17
    jitsengupta17 committed Nov 10, 2023
    Configuration menu
    Copy the full SHA
    a8d754b View commit details
    Browse the repository at this point in the history

Commits on Nov 20, 2023

  1. Merge branch 'main' into probes/code-review 

    Signed-off-by: jitsengupta17 <145664639+jitsengupta17@users.noreply.github.com>
    @jitsengupta17
    jitsengupta17 committed Nov 20, 2023
    Configuration menu
    Copy the full SHA
    2f0358d View commit details
    Browse the repository at this point in the history

  2. Merge branch 'main' into probes/code-review

    @jitsengupta17
    jitsengupta17 committed Nov 20, 2023
    Configuration menu
    Copy the full SHA
    5d0205a View commit details
    Browse the repository at this point in the history

  3. Update probes/codeApproved/def.yml 

    Co-authored-by: Raghav Kaul <8695110+raghavkaul@users.noreply.github.com>
Signed-off-by: jitsengupta17 <145664639+jitsengupta17@users.noreply.github.com>
    @jitsengupta17 @raghavkaul
    jitsengupta17 and raghavkaul committed Nov 20, 2023
    Configuration menu
    Copy the full SHA
    10be378 View commit details
    Browse the repository at this point in the history

  4. Update probes/codeApproved/def.yml 

    Co-authored-by: Raghav Kaul <8695110+raghavkaul@users.noreply.github.com>
Signed-off-by: jitsengupta17 <145664639+jitsengupta17@users.noreply.github.com>
    @jitsengupta17 @raghavkaul
    jitsengupta17 and raghavkaul committed Nov 20, 2023
    Configuration menu
    Copy the full SHA
    7f6c657 View commit details
    Browse the repository at this point in the history

  5. Update probes/codeApproved/def.yml 

    Co-authored-by: Raghav Kaul <8695110+raghavkaul@users.noreply.github.com>
Signed-off-by: jitsengupta17 <145664639+jitsengupta17@users.noreply.github.com>
    @jitsengupta17 @raghavkaul
    jitsengupta17 and raghavkaul committed Nov 20, 2023
    Configuration menu
    Copy the full SHA
    a1a7bd5 View commit details
    Browse the repository at this point in the history

  6. Update probes/codeApproved/def.yml 

    Co-authored-by: Raghav Kaul <8695110+raghavkaul@users.noreply.github.com>
Signed-off-by: jitsengupta17 <145664639+jitsengupta17@users.noreply.github.com>
    @jitsengupta17 @raghavkaul
    jitsengupta17 and raghavkaul committed Nov 20, 2023
    Configuration menu
    Copy the full SHA
    094d54a View commit details
    Browse the repository at this point in the history

Commits on Nov 29, 2023

  1. Update probes/codeApproved/def.yml 

    Co-authored-by: Raghav Kaul <8695110+raghavkaul@users.noreply.github.com>
Signed-off-by: jitsengupta17 <145664639+jitsengupta17@users.noreply.github.com>
    @jitsengupta17 @raghavkaul
    jitsengupta17 and raghavkaul committed Nov 29, 2023
    Configuration menu
    Copy the full SHA
    0ca2ee1 View commit details
    Browse the repository at this point in the history

  2. Update probes/codeReviewOneReviewers/def.yml 

    Co-authored-by: Raghav Kaul <8695110+raghavkaul@users.noreply.github.com>
Signed-off-by: jitsengupta17 <145664639+jitsengupta17@users.noreply.github.com>
    @jitsengupta17 @raghavkaul
    jitsengupta17 and raghavkaul committed Nov 29, 2023
    Configuration menu
    Copy the full SHA
    92d1df4 View commit details
    Browse the repository at this point in the history

  3. Merge branch 'main' into probes/code-review

    @jitsengupta17
    jitsengupta17 committed Nov 29, 2023
    Configuration menu
    Copy the full SHA
    45be498 View commit details
    Browse the repository at this point in the history

Commits on Nov 30, 2023

  1. Merge branch 'main' into probes/code-review

    @gowriNSN
    gowriNSN committed Nov 30, 2023
    Configuration menu
    Copy the full SHA
    6ecc06b View commit details
    Browse the repository at this point in the history

Commits on Jan 23, 2024

  1. Merge branch 'main' into probes/code-review 

    Signed-off-by: jitsengupta17 <145664639+jitsengupta17@users.noreply.github.com>
    @jitsengupta17
    jitsengupta17 committed Jan 23, 2024
    Configuration menu
    Copy the full SHA
    4c486eb View commit details
    Browse the repository at this point in the history

Commits on Jan 26, 2024

  1. Lint 

    Signed-off-by: Raghav Kaul <raghavkaul@google.com>
    @raghavkaul
    raghavkaul committed Jan 26, 2024
    Configuration menu
    Copy the full SHA
    5ffd59c View commit details
    Browse the repository at this point in the history

  2. Merge branch 'main' into probes/code-review

    @raghavkaul
    raghavkaul committed Jan 26, 2024
    Configuration menu
    Copy the full SHA
    722892c View commit details
    Browse the repository at this point in the history