ossf · spencerschrock · Sep 4, 2023 · Sep 4, 2023
@@ -190,7 +190,7 @@ func CreateRuntimeErrorResult(name string, e error) CheckResult {
 		Version: 2,
 		Error:   e,
 		Score:   InconclusiveResultScore,
-		Reason:  e.Error(), // Note: message already accessible by caller thru `Error`.
+		Reason:  e.Error(), // Note: message already accessible by caller through `Error`.
 	}
 }
 

@@ -352,7 +352,7 @@ func createIgnoredPermissions(workflow *actionlint.Workflow, fp string,
 
 // Scanning tool run externally and SARIF file uploaded.
 func isSARIFUploadWorkflow(workflow *actionlint.Workflow, fp string, pdata *permissionCbData) bool {
-	// TODO: some third party tools may upload directly thru their actions.
+	// TODO: some third party tools may upload directly through their actions.
 	// Very unlikely.
 	// See https://github.com/marketplace for tools.
 	return isAllowedWorkflow(workflow, fp, pdata)

@@ -81,7 +81,7 @@ func SAST(c *checker.CheckRequest) checker.CheckResult {
 	// We assume the CodeQl config uses a cron and is not enabled as pre-submit.
 	// TODO: verify the above comment in code.
 	// We encourage developers to have sast check run on every pre-submit rather
-	// than as cron jobs thru the score computation below.
+	// than as cron jobs through the score computation below.
 	// Warning: there is a hidden assumption that *any* sast tool is equally good.
 	if sastScore != checker.InconclusiveResultScore &&
 		codeQlScore != checker.InconclusiveResultScore {

@@ -28,7 +28,7 @@ type toolMatcher interface {
 }
 
 // ToolsRun runs the probe for a tool.
-// The function iterates thru the raw results and searches for a tool of interest that is used on a repository.
+// The function iterates through the raw results and searches for a tool of interest that is used on a repository.
 // The function uses 'matcher' to identify the tool of interest.
 // If a tool is used in the repository, it creates a finding with the 'foundOutcome'.
 // If not, it returns a finding with outcome 'notFoundOutcome'.