✨ Improve JSON format (#934)

* support for verison * fix * fix * linter * typo * fix
ossf · Sep 1, 2021 · 8f5e742 · 8f5e742
1 parent b5e4c77
commit 8f5e742
Show file tree

Hide file tree

Showing 24 changed files with 425 additions and 204 deletions.
diff --git a/cmd/root.go b/cmd/root.go
@@ -173,9 +173,7 @@ or ./scorecard --{npm,pypi,rubgems}=<package_name> [--checks=check1,...] [--show
 				log.Fatalf("cannot read yaml file: %v", err)
 			}
 			// TODO: support config files and update checker.MaxResultScore.
-			// TODO: set version dynamically.
-			scorecardVersion := "1.2.3"
-			err = repoResult.AsSARIF(scorecardVersion, showDetails, *logLevel, os.Stdout, checkDocs, checker.MaxResultScore)
+			err = repoResult.AsSARIF(showDetails, *logLevel, os.Stdout, checkDocs, checker.MaxResultScore)
 		case formatCSV:
 			err = repoResult.AsCSV(showDetails, *logLevel, os.Stdout)
 		case formatJSON:

diff --git a/cmd/version.go b/cmd/version.go
@@ -16,25 +16,10 @@ package cmd
 
 import (
 	"fmt"
-	"runtime"
 
 	"github.com/spf13/cobra"
-)
 
-// Base version information.
-//
-// This is the fallback data used when version information from git is not
-// provided via go ldflags in the Makefile. See version.mk.
-var (
-	// Output of "git describe". The prerequisite is that the branch should be
-	// tagged using the correct versioning strategy.
-	gitVersion = "unknown"
-	// SHA1 from git, output of $(git rev-parse HEAD).
-	gitCommit = "unknown"
-	// State of git tree, either "clean" or "dirty".
-	gitTreeState = "unknown"
-	// Build date in ISO8601 format, output of $(date -u +'%Y-%m-%dT%H:%M:%SZ').
-	buildDate = "unknown"
+	"github.com/ossf/scorecard/v2/pkg"
 )
 
 //nolint:gochecknoinits
@@ -48,12 +33,12 @@ var versionCmd = &cobra.Command{
 	Long:  ``,
 	Run: func(cmd *cobra.Command, args []string) {
 		// not using logger, since it prints timing info, etc
-		fmt.Printf("GitVersion:\t%s\n", gitVersion)
-		fmt.Printf("GitCommit:\t%s\n", gitCommit)
-		fmt.Printf("GitTreeState:\t%s\n", gitTreeState)
-		fmt.Printf("BuildDate:\t%s\n", buildDate)
-		fmt.Printf("GoVersion:\t%s\n", runtime.Version())
-		fmt.Printf("Compiler:\t%s\n", runtime.Compiler)
-		fmt.Printf("Platform:\t%s/%s\n", runtime.GOOS, runtime.GOARCH)
+		fmt.Printf("GitVersion:\t%s\n", pkg.GetVersion())
+		fmt.Printf("GitCommit:\t%s\n", pkg.GetCommit())
+		fmt.Printf("GitTreeState:\t%s\n", pkg.GetTreeState())
+		fmt.Printf("BuildDate:\t%s\n", pkg.GetBuildDate())
+		fmt.Printf("GoVersion:\t%s\n", pkg.GetGoVersion())
+		fmt.Printf("Compiler:\t%s\n", pkg.GetCompiler())
+		fmt.Printf("Platform:\t%s/%s\n", pkg.GetOS(), pkg.GetArch())
 	},
 }
diff --git a/cron/worker/json.go b/cron/worker/json.go
@@ -65,7 +65,7 @@ func AsJSON(r *pkg.ScorecardResult, showDetails bool, logLevel zapcore.Level, wr
 	encoder := json.NewEncoder(writer)
 
 	out := jsonScorecardCronResult{
-		Repo:     r.Repo,
+		Repo:     r.Repo.Name,
 		Date:     r.Date.Format("2006-01-02"),
 		Metadata: r.Metadata,
 	}
@@ -101,9 +101,9 @@ func AsJSON2(r *pkg.ScorecardResult, showDetails bool, logLevel zapcore.Level, w
 	encoder := json.NewEncoder(writer)
 
 	out := jsonScorecardCronResultV2{
-		Repo:     r.Repo,
+		Repo:     r.Repo.Name,
 		Date:     r.Date.Format("2006-01-02"),
-		Commit:   r.CommitSHA,
+		Commit:   r.Repo.CommitSHA,
 		Metadata: r.Metadata,
 	}
 

diff --git a/pkg/json.go b/pkg/json.go
@@ -41,26 +41,36 @@ type jsonScorecardResult struct {
 
 //nolint
 type jsonCheckResultV2 struct {
-	Details []string
-	Score   int
-	Reason  string
-	Name    string
+	Details []string `json:"details"`
+	Score   int      `json:"score"`
+	Reason  string   `json:"reason"`
+	Name    string   `json:"name"`
+}
+
+type jsonRepoV2 struct {
+	Name   string `json:"name"`
+	Commit string `json:"commit"`
+}
+
+type jsonScorecardV2 struct {
+	Version string `json:"version"`
+	Commit  string `json:"commit"`
 }
 
 type jsonScorecardResultV2 struct {
-	Repo     string
-	Date     string
-	Commit   string
-	Checks   []jsonCheckResultV2
-	Metadata []string
+	Date      string              `json:"date"`
+	Repo      jsonRepoV2          `json:"repo"`
+	Scorecard jsonScorecardV2     `json:"scorecard"`
+	Checks    []jsonCheckResultV2 `json:"checks"`
+	Metadata  []string            `json:"metadata"`
 }
 
 // AsJSON exports results as JSON for new detail format.
 func (r *ScorecardResult) AsJSON(showDetails bool, logLevel zapcore.Level, writer io.Writer) error {
 	encoder := json.NewEncoder(writer)
 
 	out := jsonScorecardResult{
-		Repo:     r.Repo,
+		Repo:     r.Repo.Name,
 		Date:     r.Date.Format("2006-01-02"),
 		Metadata: r.Metadata,
 	}
@@ -96,9 +106,15 @@ func (r *ScorecardResult) AsJSON2(showDetails bool, logLevel zapcore.Level, writ
 	encoder := json.NewEncoder(writer)
 
 	out := jsonScorecardResultV2{
-		Repo:     r.Repo,
+		Repo: jsonRepoV2{
+			Name:   r.Repo.Name,
+			Commit: r.Repo.CommitSHA,
+		},
+		Scorecard: jsonScorecardV2{
+			Version: r.Scorecard.Version,
+			Commit:  r.Scorecard.CommitSHA,
+		},
 		Date:     r.Date.Format("2006-01-02"),
-		Commit:   r.CommitSHA,
 		Metadata: r.Metadata,
 	}
 

diff --git a/pkg/json.v2.schema b/pkg/json.v2.schema
@@ -1,60 +1,81 @@
 {
     "$schema": "http://json-schema.org/schema#",
-    "$id": "https://github.com/ossf/scorecard/pkg/schema.v2.json",
-    "title": "Scorecard",
-    "description": "A tool to assess the security posture of open-source projects",
     "type": "object",
     "properties": {
-        "Checks": {
+        "checks": {
             "type": "array",
             "items": {
                 "type": "object",
                 "properties": {
-                    "Details": {
+                    "details": {
                         "type": "array",
                         "items": {
                             "type": "string"
                         }
                     },
-                    "Name": {
+                    "name": {
                         "type": "string"
                     },
-                    "Reason": {
+                    "reason": {
                         "type": "string"
                     },
-                    "Score": {
+                    "score": {
                         "type": "integer"
                     }
                 },
                 "required": [
-                    "Details",
-                    "Score",
-                    "Reason",
-                    "Name"
+                    "details",
+                    "score",
+                    "reason",
+                    "name"
                 ]
             }
         },
-        "Commit": {
+        "date": {
             "type": "string"
         },
-        "Date": {
-            "type": "string"
-        },
-        "Metadata": {
+        "metadata": {
             "type": "array",
             "items": {
                 "type": "string"
             }
         },
-        "Repo": {
-            "type": "string"
+        "repo": {
+            "type": "object",
+            "properties": {
+                "commit": {
+                    "type": "string"
+                },
+                "name": {
+                    "type": "string"
+                }
+            },
+            "required": [
+                "name",
+                "commit"
+            ]
+        },
+        "scorecard": {
+            "type": "object",
+            "properties": {
+                "commit": {
+                    "type": "string"
+                },
+                "version": {
+                    "type": "string"
+                }
+            },
+            "required": [
+                "version",
+                "commit"
+            ]
         }
     },
     "required": [
-        "Repo",
-        "Date",
-        "Commit",
-        "Checks",
-        "Metadata"
+        "date",
+        "repo",
+        "scorecard",
+        "checks",
+        "metadata"
     ]
 }