-
Notifications
You must be signed in to change notification settings - Fork 609
🐛 Dependency-Pinning: only score detected ecosystems #3436
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Merged
spencerschrock
merged 47 commits into
ossf:main
from
gabibguti:fix/count-existing-ecossystems-for-pinned-deps
Sep 25, 2023
+1,523
−600
Merged
Changes from 6 commits
Commits
Show all changes
47 commits
Select commit
Hold shift + click to select a range
2b2dd82
feat: Define if dependency is pinned or unpinned
gabibguti 9638a92
refactor: Convert diff var types to pointer
gabibguti e497a20
fix: Pinned Dependency field type
gabibguti 3f3dd80
feat: Count pinned and unpinned deps
gabibguti 309158a
feat: Flag not applicable ecossystems
gabibguti 14f69b1
feat: Score only applicable ecossystems
gabibguti 6ff571b
feat: If no dependencies then create inconclusive score
gabibguti 7b15634
test: GitHub Actions score and logs
gabibguti 104f969
test: Pinned dependencies score
gabibguti 5f67732
test: Ecossystems score and logs
gabibguti 5691e0d
test: Remove deleted maxScore function test
gabibguti 84757ea
test: Adding GitHub Actions dependencies to result
gabibguti 5509c47
test: Update GitHub Actions result
gabibguti 9a787c4
test: Update pip installs result
gabibguti 423cac8
fix: Handle if nuget dependency is pinned or unpinned
gabibguti 9056875
tests: Fix check warnings for unpinned dependencies
gabibguti c1a81fe
fix: Linter errors
gabibguti c8ee14a
fix: GitHub Actions pinned log
gabibguti 7f7b89d
test: Fix "ossf-tests/scorecard-check-pinned-dependencies-e2e"
gabibguti a1b1781
Revert rename `asPointer` to `asStringPointer`
gabibguti 5adf329
fix: Handle deps with parsing error and undefined pinning
gabibguti 1ad766b
test: Delete unecessary test
gabibguti 7a2a3a4
test: Add missing dep Location cases
gabibguti 4412f0e
fix: Simplify Dockerfile pinned as name logic
gabibguti 512659c
fix: If ecossystem is not found show debug log
gabibguti 9731d8a
test: Fix e2e tests and more unit tests
gabibguti 08bd85e
feat: Iterate all dependency types for final score
gabibguti e52be0b
feat: Proportional score
gabibguti 29be827
fix: GHA weights in proportional score
gabibguti 5dc6464
test: Fix scores and logs checking
gabibguti e8667cc
test: Fix e2e test
gabibguti 407773c
refactor: Rename to ProportionalScoreWeighted
gabibguti a68194b
refactor: Var declarations to create proportional score
gabibguti aa23b15
fix: Remove unnecessary pointer
gabibguti e478307
fix: Dependencies priority declaration
gabibguti 99f4dc6
fix: Ecosystem spelling
gabibguti 7000eb5
fix: Handle 0 weight and 0 total when creating proportional weighted …
gabibguti 6390493
fix: Revert -d flag identification change
gabibguti 3187362
fix: npm ci command is npm download and is pinned
gabibguti 2484ddc
fix: Linter errors
gabibguti 24f3a8f
fix: Unexport error variable to other packages
gabibguti f839462
refactor: Simplify no score groups condition
gabibguti ca725e0
feat: Log proportion of dependencies pinned
gabibguti f6ccf91
test: Fix unit tests to include info logs
gabibguti 9baf547
test: Fix e2e tests to include info logs
gabibguti b986c65
fix: Linter error
gabibguti 2e3e9a5
Merge branch 'main' into fix/count-existing-ecossystems-for-pinned-deps
spencerschrock File filter
Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Uh oh!
There was an error while loading. Please reload this page.