Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

✨ Add support for Nuget restore #4157

Merged
merged 18 commits into from
Jul 10, 2024
Merged

✨ Add support for Nuget restore #4157

merged 18 commits into from
Jul 10, 2024

Commits on Jun 12, 2024

  1. Nuget lock file support 

    Signed-off-by: balteraivshay <avishay.balter@gmail.com>
    @balteravishay
    balteravishay committed Jun 12, 2024
    Configuration menu
    Copy the full SHA
    4302af6 View commit details
    Browse the repository at this point in the history

  2. 🌱 Bump github.com/google/osv-scanner from 1.7.3 to 1.7.4 (ossf#4139) 

    Bumps [github.com/google/osv-scanner](https://github.com/google/osv-scanner) from 1.7.3 to 1.7.4.
- [Release notes](https://github.com/google/osv-scanner/releases)
- [Changelog](https://github.com/google/osv-scanner/blob/main/CHANGELOG.md)
- [Commits](google/osv-scanner@v1.7.3...v1.7.4)

---
updated-dependencies:
- dependency-name: github.com/google/osv-scanner
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Signed-off-by: balteraivshay <avishay.balter@gmail.com>
    @dependabot @balteravishay
    dependabot[bot] authored and balteravishay committed Jun 12, 2024
    Configuration menu
    Copy the full SHA
    4c7e4f4 View commit details
    Browse the repository at this point in the history

  3. 🐛 Use direct endpoint instead of search to find repository URL from n… 

    …pm database (ossf#4118)

* Update endpoint used when getting repo from npm to solve ossf#3166

Signed-off-by: aklevans <alexklevans@gmail.com>

* Update test files to account for endpoint change when getting repo from npm

Signed-off-by: aklevans <alexklevans@gmail.com>

* Fix linter issues

Signed-off-by: aklevans <alexklevans@gmail.com>

* Added unit tests for ossf#3166 and ossf#2441

Signed-off-by: aklevans <alexklevans@gmail.com>

* fix linter issues and reduce mock json output in package_manager_test to only include necessary data

Signed-off-by: aklevans <alexklevans@gmail.com>

* fix linter issues in package_managers.go

Signed-off-by: aklevans <alexklevans@gmail.com>

* convert windows line breaks to linux

Signed-off-by: aklevans <alexklevans@gmail.com>

* reduce test case size, still has windows line breaks

Signed-off-by: aklevans <alexklevans@gmail.com>

* Fix unit tests

Signed-off-by: aklevans <alexklevans@gmail.com>

* attempt linter fix

Signed-off-by: aklevans <alexklevans@gmail.com>

* Fix linter issues stemming from windows line breaks

Signed-off-by: aklevans <alexklevans@gmail.com>

* Remove magic number and rename variable to be more accurate

Signed-off-by: aklevans <alexklevans@gmail.com>

---------

Signed-off-by: aklevans <alexklevans@gmail.com>
Signed-off-by: aklevans <105876795+aklevans@users.noreply.github.com>
Signed-off-by: balteraivshay <avishay.balter@gmail.com>
    @aklevans @balteravishay
    aklevans authored and balteravishay committed Jun 12, 2024
    Configuration menu
    Copy the full SHA
    4af6463 View commit details
    Browse the repository at this point in the history

  4. 🌱 Bump golang.org/x/text from 0.15.0 to 0.16.0 (ossf#4142) 

    Signed-off-by: balteraivshay <avishay.balter@gmail.com>
    @dependabot @balteravishay
    dependabot[bot] authored and balteravishay committed Jun 12, 2024
    Configuration menu
    Copy the full SHA
    a8cb31d View commit details
    Browse the repository at this point in the history

  5. 🌱 Bump github.com/rhysd/actionlint from 1.7.0 to 1.7.1 (ossf#4138) 

    Signed-off-by: balteraivshay <avishay.balter@gmail.com>
    @dependabot @balteravishay
    dependabot[bot] authored and balteravishay committed Jun 12, 2024
    Configuration menu
    Copy the full SHA
    ead508d View commit details
    Browse the repository at this point in the history

  6. 🌱 Bump github.com/bradleyfalzon/ghinstallation/v2 (ossf#4137) 

    Signed-off-by: balteraivshay <avishay.balter@gmail.com>
    @dependabot @balteravishay
    dependabot[bot] authored and balteravishay committed Jun 12, 2024
    Configuration menu
    Copy the full SHA
    12f1ca5 View commit details
    Browse the repository at this point in the history

  7. ⚠️ remove dependencydiff functionality (ossf#4146) 

    Signed-off-by: Spencer Schrock <sschrock@google.com>
Signed-off-by: balteraivshay <avishay.balter@gmail.com>
    @spencerschrock @balteravishay
    spencerschrock authored and balteravishay committed Jun 12, 2024
    Configuration menu
    Copy the full SHA
    8de4b87 View commit details
    Browse the repository at this point in the history

  8. 🌱 Bump golang.org/x/oauth2 from 0.20.0 to 0.21.0 (ossf#4148) 

    Signed-off-by: balteraivshay <avishay.balter@gmail.com>
    @dependabot @balteravishay
    dependabot[bot] authored and balteravishay committed Jun 12, 2024
    Configuration menu
    Copy the full SHA
    290cd06 View commit details
    Browse the repository at this point in the history

  9. 🌱 Bump github.com/onsi/ginkgo/v2 in /tools (ossf#4149) 

    Signed-off-by: balteraivshay <avishay.balter@gmail.com>
    @dependabot @balteravishay
    dependabot[bot] authored and balteravishay committed Jun 12, 2024
    Configuration menu
    Copy the full SHA
    2d3b251 View commit details
    Browse the repository at this point in the history

  10. ✨ announce where results are written (ossf#4132) 

    Before this change, when running with '-o foo' the output would end
with:

```
RESULTS
-------
```

This was rather confusing. There's of course many ways to make this more
clear, this commit adds a log line announcing where the output is
written to:

```
RESULTS
-------
Writing to foo
```

Signed-off-by: Arnout Engelen <arnout@bzzt.net>
Signed-off-by: balteraivshay <avishay.balter@gmail.com>
    @raboof @balteravishay
    raboof authored and balteravishay committed Jun 12, 2024
    Configuration menu
    Copy the full SHA
    eeadb43 View commit details
    Browse the repository at this point in the history

  11. 🐛 fix Unlicense detection (ossf#4145) 

    * fix unlicense detection

The code previously had some special logic for handling the Unlicense SPDX
identifier. While this worked for local file detection, it broke detection for
SPDX identifiers provided by the forge. This change moves the logic to the part
of the code concerned with local file detection, so both work now.

Signed-off-by: Spencer Schrock <sschrock@google.com>

* remove part of comment which is no longer relevant

Signed-off-by: Spencer Schrock <sschrock@google.com>

---------

Signed-off-by: Spencer Schrock <sschrock@google.com>
Signed-off-by: balteraivshay <avishay.balter@gmail.com>
    @spencerschrock @balteravishay
    spencerschrock authored and balteravishay committed Jun 12, 2024
    Configuration menu
    Copy the full SHA
    d01d57d View commit details
    Browse the repository at this point in the history

  12. fix lint 

    Signed-off-by: balteraivshay <avishay.balter@gmail.com>
    @balteravishay
    balteravishay committed Jun 12, 2024
    Configuration menu
    Copy the full SHA
    a609128 View commit details
    Browse the repository at this point in the history

  13. ✨ probe: releases with verified provenance (ossf#4141) 

    * add projectpackageversions to signed releases raw results

Signed-off-by: Raghav Kaul <raghavkaul+github@google.com>

* finding: add NewNot* helpers, fix error msg

Signed-off-by: Raghav Kaul <raghavkaul+github@google.com>

* probe: releasesHaveVerifiedProvenance

Signed-off-by: Raghav Kaul <raghavkaul+github@google.com>

* logging

Signed-off-by: Raghav Kaul <raghavkaul+github@google.com>

* fix tests and lint

Signed-off-by: Raghav Kaul <raghavkaul+github@google.com>

* address comments

Signed-off-by: Raghav Kaul <raghavkaul+github@google.com>

* remove unused

Signed-off-by: Raghav Kaul <raghavkaul+github@google.com>

* fix merge conflict

Signed-off-by: Raghav Kaul <raghavkaul+github@google.com>

---------

Signed-off-by: Raghav Kaul <raghavkaul+github@google.com>
Signed-off-by: balteraivshay <avishay.balter@gmail.com>
    @raghavkaul @balteravishay
    raghavkaul authored and balteravishay committed Jun 12, 2024
    Configuration menu
    Copy the full SHA
    8501824 View commit details
    Browse the repository at this point in the history

  14. fix shell download 

    Signed-off-by: balteraivshay <avishay.balter@gmail.com>
    @balteravishay
    balteravishay committed Jun 12, 2024
    Configuration menu
    Copy the full SHA
    9e66eb2 View commit details
    Browse the repository at this point in the history

  15. Merge branch 'main' into avbalter/support-dotnet-lock

    @balteravishay
    balteravishay committed Jun 12, 2024
    Configuration menu
    Copy the full SHA
    bb8f301 View commit details
    Browse the repository at this point in the history

Commits on Jun 13, 2024

  1. Merge branch 'main' into avbalter/support-dotnet-lock

    @balteravishay
    balteravishay committed Jun 13, 2024
    Configuration menu
    Copy the full SHA
    6decb95 View commit details
    Browse the repository at this point in the history

Commits on Jul 10, 2024

  1. Revert "fix shell download" 

    This reverts commit 9e66eb2.

Signed-off-by: Spencer Schrock <sschrock@google.com>
    @spencerschrock
    spencerschrock committed Jul 10, 2024
    Configuration menu
    Copy the full SHA
    dde4f24 View commit details
    Browse the repository at this point in the history

  2. Merge branch 'main' into avbalter/support-dotnet-lock 

    Signed-off-by: Spencer Schrock <sschrock@google.com>
    @spencerschrock
    spencerschrock committed Jul 10, 2024
    Configuration menu
    Copy the full SHA
    d47c79d View commit details
    Browse the repository at this point in the history