Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Update Scorecard template #1917

Merged
merged 39 commits into from
Feb 12, 2023
Merged

Update Scorecard template #1917

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
39 commits
Select commit Hold shift + click to select a range
8daceb1
Merge pull request #1299 from Devils-Knight/fix-dependabot
ashishkurmi Oct 21, 2022
7105c41
remediate files & packages
Devils-Knight Oct 25, 2022
b99b655
mod tidy
Devils-Knight Oct 26, 2022
f6256ca
add version comment to pinned actions
Devils-Knight Nov 4, 2022
ffdfe27
Merge pull request #1374 from Devils-Knight/comment
varunsh-coder Nov 7, 2022
088800b
Merge branch 'int' into pr/1352
varunsh-coder Nov 7, 2022
3da1738
Merge pull request #1352 from Devils-Knight/remediation
varunsh-coder Nov 7, 2022
7bcb807
Update harden runner version
varunsh-coder Nov 9, 2022
cc5afdc
Merge pull request #1379 from step-security/update-harden-harden-int
varunsh-coder Nov 9, 2022
b994863
[UPDATE] Pin actions to vx.y.z format (#1469)
Devils-Knight Nov 19, 2022
e9482c1
Update test command
varunsh-coder Nov 21, 2022
361b35a
Merge pull request #1476 from step-security/update-workflow-test-cmd
varunsh-coder Nov 21, 2022
8e7b11c
Update test cases
varunsh-coder Nov 21, 2022
4672343
Merge pull request #1477 from step-security/update-tests
varunsh-coder Nov 21, 2022
c096e5f
Merge branch 'main' into int
varunsh-coder Nov 21, 2022
9c234e9
update pinning remediation
Devils-Knight Nov 30, 2022
a84a433
Return secret metadata
varunsh-coder Dec 1, 2022
787f313
Merge pull request #1597 from step-security/return-secret-metadata
varunsh-coder Dec 1, 2022
9372c3f
Update secrets.go
varunsh-coder Dec 1, 2022
ea1fb43
Merge pull request #1598 from step-security/return-secret-metadata
varunsh-coder Dec 1, 2022
7906268
Merge pull request #1582 from Devils-Knight/pinIssue
varunsh-coder Dec 5, 2022
0e48ac5
configuring dependabot to use INT for upggrading dependencies
ashishkurmi Dec 7, 2022
e7de507
Merge pull request #1618 from step-security/ak-dependabot-int
ashishkurmi Dec 7, 2022
b57f3f7
Merge branch 'main' into int
varunsh-coder Dec 8, 2022
086252d
Merge branch 'main' into int
varunsh-coder Dec 8, 2022
582a89d
[FEATURE] Added Template and addWorkflow function to generate Codeql …
Devils-Knight Dec 10, 2022
ee52f8f
fixed typo
Devils-Knight Dec 10, 2022
ad10892
Merge pull request #1643 from Devils-Knight/issue
varunsh-coder Dec 12, 2022
23233ec
Update addworkflow.go
varunsh-coder Dec 14, 2022
14cc00f
Merge pull request #1657 from step-security/update-workflow-env
varunsh-coder Dec 14, 2022
1c68758
Update template
varunsh-coder Dec 17, 2022
8fe562e
Merge pull request #1667 from step-security/fix-template
varunsh-coder Dec 17, 2022
7903c6b
[FEATURE] Added template for Dependency-review and Scorecards (#1755)
Devils-Knight Jan 4, 2023
559d233
Merge branch 'main' into int
varunsh-coder Feb 9, 2023
e0c7869
Update expected-codeql.yml
varunsh-coder Feb 9, 2023
571b89a
Update reference from Secure-Workflow to Secure-Repo (#1905)
Devils-Knight Feb 9, 2023
0a7ecc9
Merge branch 'main' into int
varunsh-coder Feb 12, 2023
a5395f3
Update scorecards.yml
varunsh-coder Feb 12, 2023
8673c00
Update expected-scorecards.yml
varunsh-coder Feb 12, 2023
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
6 changes: 3 additions & 3 deletions testfiles/addworkflow/expected-scorecards.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -2,7 +2,7 @@
# by a third-party and are governed by separate terms of service, privacy
# policy, and support documentation.

name: Scorecards supply-chain security
name: Scorecard supply-chain security
on:
# For Branch-Protection check. Only the default branch is supported. See
# https://github.com/ossf/scorecard/blob/main/docs/checks.md#branch-protection
Expand All @@ -19,7 +19,7 @@ permissions: read-all

jobs:
analysis:
name: Scorecards analysis
name: Scorecard analysis
runs-on: ubuntu-latest
permissions:
# Needed to upload the results to code-scanning dashboard.
Expand All @@ -36,7 +36,7 @@ jobs:
persist-credentials: false

- name: "Run analysis"
uses: ossf/scorecard-action@v2
uses: ossf/scorecard-action@99c53751e09b9529366343771cc321ec74e9bd3d # v2.0.6
with:
results_file: results.sarif
results_format: sarif
Expand Down
6 changes: 3 additions & 3 deletions workflow-templates/scorecards.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -2,7 +2,7 @@
# by a third-party and are governed by separate terms of service, privacy
# policy, and support documentation.

name: Scorecards supply-chain security
name: Scorecard supply-chain security
on:
# For Branch-Protection check. Only the default branch is supported. See
# https://github.com/ossf/scorecard/blob/main/docs/checks.md#branch-protection
Expand All @@ -19,7 +19,7 @@ permissions: read-all

jobs:
analysis:
name: Scorecards analysis
name: Scorecard analysis
runs-on: ubuntu-latest
permissions:
# Needed to upload the results to code-scanning dashboard.
Expand All @@ -36,7 +36,7 @@ jobs:
persist-credentials: false

- name: "Run analysis"
uses: ossf/scorecard-action@v2
uses: ossf/scorecard-action@99c53751e09b9529366343771cc321ec74e9bd3d # v2.0.6
with:
results_file: results.sarif
results_format: sarif
Expand Down