Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Including the Scorecard API #1938

Open
wants to merge 5 commits into
base: main
Choose a base branch
from
Open

Including the Scorecard API #1938

wants to merge 5 commits into from

Conversation

neilnaveen
Copy link
Contributor

Description of the PR

PR Checklist

  • All commits have a Developer Certificate of Origin (DCO) -- they are generated using -s flag to git commit.
  • All new changes are covered by tests
  • If GraphQL schema is changed, make generate has been run
  • If OpenAPI spec is changed, make generate has been run
  • If collectsub protobuf has been changed, make proto has been run
  • All CI checks are passing (tests and formatting)
  • All dependent PRs have already been merged

pxp928
pxp928 reviewed May 31, 2024
View reviewed changes
Copy link
Collaborator

@pxp928 pxp928 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@neilnaveen looks like you have a small lint issue.

nathannaveen
nathannaveen reviewed Jun 3, 2024
View reviewed changes
Copy link
Contributor

@nathannaveen nathannaveen left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks for doing this, LGTM, except for a small nit.

cmd/guacone/cmd/scorecard.go Outdated Show resolved Hide resolved
@nathannaveen nathannaveen mentioned this pull request Jun 4, 2024
Open
@neilnaveen
Including the Scorecard API
2db7b2b 
- Fixes guacsec#1892
- Updated tests
- Added a README for certifier/scorecard

Signed-off-by: neilnaveen <42328488+neilnaveen@users.noreply.github.com>
@neilnaveen
Fix code errors
e21211e 
Signed-off-by: neilnaveen <42328488+neilnaveen@users.noreply.github.com>
@neilnaveen
Fix flags
16ab6c6 
Signed-off-by: neilnaveen <42328488+neilnaveen@users.noreply.github.com>
@neilnaveen
add flag in store.go
e7a3aac 
Signed-off-by: neilnaveen <42328488+neilnaveen@users.noreply.github.com>
@neilnaveen
Merge branch 'main' into neil/use-scorecard-api
adc4518
@neilnaveen neilnaveen requested a review from pxp928 June 19, 2024 15:20
@pxp928 pxp928 added the needs-review Needs writer LGTM label Jun 25, 2024
lumjjb
lumjjb requested changes Jul 9, 2024
View reviewed changes
pkg/certifier/certifier.go
@@ -26,7 +26,7 @@ type Certifier interface {
// push to the docChannel to be ingested.
// Note: there is an implicit contract with "QueryComponents" where the compChan type must be the same as
// the one used by "components"
CertifyComponent(ctx context.Context, components interface{}, docChannel chan<- *processor.Document) error
CertifyComponent(ctx context.Context, components interface{}, docChannel chan<- *processor.Document, useScorecardAPI bool) error
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

there shouldn't be a scorecard specific flag for the ceritfier interface, things that are specific to the certifier should be part of the initialization of the certifier. Maybe this is something that should be part of RegisterCertifier.

pkg/certifier/scorecard/README.md
@@ -0,0 +1,29 @@
# Scorecard Certifier
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

nice addition!

@stale Stale
Copy link

stale bot commented Sep 7, 2024

This pull request has been automatically marked as stale because it has not had recent activity (60 days of inactivity).
It will be closed in 30 days if no further activity occurs.
Thank you for your contribution!

@stale stale bot added the wontfix This will not be worked on label Sep 7, 2024
@pxp928
Copy link
Collaborator

pxp928 commented Sep 20, 2024

ping to keep it from closing.

@stale stale bot removed the wontfix This will not be worked on label Sep 20, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@nathannaveen nathannaveen nathannaveen left review comments

@lumjjb lumjjb lumjjb requested changes

@jeffmendoza jeffmendoza Awaiting requested review from jeffmendoza jeffmendoza is a code owner

@pxp928 pxp928 Awaiting requested review from pxp928

Requested changes must be addressed to merge this pull request.

Assignees
No one assigned
Labels
needs-review Needs writer LGTM size/L
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

[feature] Provide Option to Use OpenSSF Scorecard REST API for Scorecard Ingestion
4 participants
@neilnaveen @pxp928 @lumjjb @nathannaveen