crash.software
Projects
Pull Requests
Issues
Builds
scorecard
Code
Files
Commits
Branches
Tags
Pull Requests
Code Comments
Code Compare
Issues
Builds
Statistics
Child Projects
cra.sh
RESTful API
Projects STRLCPY scorecard Commits ed556949
🤬
  • ■ ■ ■ ■
    cmd/root.go
    skipped 112 lines
    113 113   if !strings.EqualFold(o.Commit, clients.HeadSHA) {
    114 114   requiredRequestTypes = append(requiredRequestTypes, checker.CommitBased)
    115 115   }
    116  - enabledChecks, err := policy.GetEnabled(pol, o.ChecksToRun, requiredRequestTypes)
     116 + enabledChecks, err := policy.GetEnabled(pol, o.Checks(), requiredRequestTypes)
    117 117   if err != nil {
    118 118   return fmt.Errorf("GetEnabled: %w", err)
    119 119   }
    skipped 55 lines
  • ■ ■ ■ ■ ■ ■
    options/options.go
    skipped 18 lines
    19 19   "errors"
    20 20   "fmt"
    21 21   "os"
     22 + "strings"
    22 23   
    23 24   "github.com/caarlos0/env/v6"
    24 25   
    skipped 179 lines
    204 205  }
    205 206   
    206 207  // Feature flags.
     208 + 
     209 +// GitHub integration support.
     210 +// See https://github.com/ossf/scorecard-action/issues/1107.
     211 +// NOTE: We don't add a field to to the Option structure to simplify
     212 +// integration. If we did, the Action would also need to be aware
     213 +// of the integration and pass the relevant values. This
     214 +// would add redundancy and complicate maintenance.
     215 +func (o *Options) IsInternalGitHubIntegrationEnabled() bool {
     216 + return (os.Getenv("CI") == "true") &&
     217 + (os.Getenv("SCORECARD_INTERNAL_GITHUB_INTEGRATION") == "1") &&
     218 + (os.Getenv("GITHUB_EVENT_NAME") == "dynamic")
     219 +}
     220 + 
     221 +// Checks returns the list of checks and honours the
     222 +// GitHub integration.
     223 +func (o *Options) Checks() []string {
     224 + if o.IsInternalGitHubIntegrationEnabled() {
     225 + // Overwrite the list of checks.
     226 + s := os.Getenv("SCORECARD_INTERNAL_GITHUB_CHECKS")
     227 + l := strings.Split(s, ",")
     228 + for i := range l {
     229 + l[i] = strings.TrimSpace(l[i])
     230 + }
     231 + return l
     232 + }
     233 + return o.ChecksToRun
     234 +}
    207 235   
    208 236  // isExperimentalEnabled returns true if experimental features were enabled via
    209 237  // environment variable.
    skipped 29 lines
  • ■ ■ ■ ■ ■ ■
    pkg/sarif.go
    skipped 17 lines
    18 18   "encoding/json"
    19 19   "fmt"
    20 20   "io"
     21 + "os"
    21 22   "sort"
    22 23   "strings"
    23 24   "time"
    skipped 7 lines
    31 32   sce "github.com/ossf/scorecard/v4/errors"
    32 33   "github.com/ossf/scorecard/v4/finding"
    33 34   "github.com/ossf/scorecard/v4/log"
     35 + "github.com/ossf/scorecard/v4/options"
    34 36   spol "github.com/ossf/scorecard/v4/policy"
    35 37  )
    36 38   
    skipped 569 lines
    606 608   return messageWithScore(check.Reason, score)
    607 609  }
    608 610   
     611 +func toolName(opts *options.Options) string {
     612 + if opts.IsInternalGitHubIntegrationEnabled() {
     613 + return strings.TrimSpace(os.Getenv("SCORECARD_INTERNAL_GITHUB_SARIF_TOOL_NAME"))
     614 + }
     615 + return "scorecard"
     616 +}
     617 + 
    609 618  // AsSARIF outputs ScorecardResult in SARIF 2.1.0 format.
    610 619  func (r *ScorecardResult) AsSARIF(showDetails bool, logLevel log.Level,
    611 620   writer io.Writer, checkDocs docs.Doc, policy *spol.ScorecardPolicy,
     621 + opts *options.Options,
    612 622  ) error {
    613 623   //nolint
    614 624   // https://docs.oasis-open.org/sarif/sarif/v2.1.0/cs01/sarif-v2.1.0-cs01.html.
    skipped 20 lines
    635 645   if err != nil {
    636 646   return sce.WithMessage(sce.ErrScorecardInternal, fmt.Sprintf("computeCategory: %v: %s", err, check.Name))
    637 647   }
    638  - run := getOrCreateSARIFRun(runs, category, "https://github.com/ossf/scorecard", "scorecard",
     648 + run := getOrCreateSARIFRun(runs, category, "https://github.com/ossf/scorecard", toolName(opts),
    639 649   r.Scorecard.Version, r.Scorecard.CommitSHA, r.Date, "supply-chain")
    640 650   
    641 651   // Always add rules to indicate which checks were run.
    skipped 70 lines
  • ■ ■ ■ ■ ■
    pkg/sarif_test.go
    skipped 25 lines
    26 26   "github.com/ossf/scorecard/v4/checker"
    27 27   "github.com/ossf/scorecard/v4/finding"
    28 28   "github.com/ossf/scorecard/v4/log"
     29 + "github.com/ossf/scorecard/v4/options"
    29 30   spol "github.com/ossf/scorecard/v4/policy"
    30 31   rules "github.com/ossf/scorecard/v4/rule"
    31 32  )
    skipped 815 lines
    847 848   
    848 849   var result bytes.Buffer
    849 850   err = tt.result.AsSARIF(tt.showDetails, tt.logLevel, &result,
    850  - checkDocs, &tt.policy)
     851 + checkDocs, &tt.policy, &options.Options{})
    851 852   if err != nil {
    852 853   t.Fatalf("%s: AsSARIF: %v", tt.name, err)
    853 854   }
    skipped 9 lines
  • ■ ■ ■ ■
    pkg/scorecard_result.go
    skipped 113 lines
    114 114   err = results.AsString(opts.ShowDetails, log.ParseLevel(opts.LogLevel), doc, os.Stdout)
    115 115   case options.FormatSarif:
    116 116   // TODO: support config files and update checker.MaxResultScore.
    117  - err = results.AsSARIF(opts.ShowDetails, log.ParseLevel(opts.LogLevel), os.Stdout, doc, policy)
     117 + err = results.AsSARIF(opts.ShowDetails, log.ParseLevel(opts.LogLevel), os.Stdout, doc, policy, opts)
    118 118   case options.FormatJSON:
    119 119   err = results.AsJSON2(opts.ShowDetails, log.ParseLevel(opts.LogLevel), doc, os.Stdout)
    120 120   case options.FormatSJSON:
    skipped 95 lines
Please wait...
Page is in error, reload to recover