Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

📖 👻 fix anchor link to the code review section #3058

Merged
merged 2 commits into from
May 24, 2023

Conversation

dasfreak
Copy link
Contributor

What kind of change does this PR introduce?

  • Docs update (Typo in anchor link)

What is the current behavior?

  • Anchor link does not work

What is the new behavior (if this is a feature change)?**

  • Anchor link works as expected and jumps to the right section

  • Tests for the changes have been added (for bug fixes/features)

Which issue(s) this PR fixes

NONE

Special notes for your reviewer

Does this PR introduce a user-facing change?

For user-facing changes, please add a concise, human-readable release note to
the release-note

(In particular, describe what changes users might need to make in their
application as a result of this pull request.)

NONE

@dasfreak dasfreak requested a review from olivekl as a code owner May 24, 2023 12:49
@dasfreak dasfreak changed the title fix anchor link to the code review section 📖 👻 📖 👻 fix anchor link to the code review section May 24, 2023
Copy link
Contributor

@olivekl olivekl left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks for this!

@naveensrinivasan naveensrinivasan enabled auto-merge (squash) May 24, 2023 15:09
@naveensrinivasan naveensrinivasan temporarily deployed to integration-test May 24, 2023 15:10 — with GitHub Actions Inactive
@codecov
Copy link

codecov bot commented May 24, 2023

Codecov Report

Merging #3058 (7b08c04) into main (e8bfa39) will decrease coverage by 2.89%.
The diff coverage is n/a.

Additional details and impacted files
@@            Coverage Diff             @@
##             main    #3058      +/-   ##
==========================================
- Coverage   63.42%   60.54%   -2.89%     
==========================================
  Files         166      166              
  Lines       12461    12461              
==========================================
- Hits         7904     7545     -359     
- Misses       4109     4493     +384     
+ Partials      448      423      -25     

Signed-off-by: dasfreak <dasfreak@users.noreply.github.com>
Signed-off-by: Marc Ohm <dasfreak@users.noreply.github.com>
Signed-off-by: Marc Ohm <dasfreak@users.noreply.github.com>
@naveensrinivasan naveensrinivasan temporarily deployed to integration-test May 24, 2023 15:49 — with GitHub Actions Inactive
@naveensrinivasan naveensrinivasan merged commit 387edee into ossf:main May 24, 2023
balteravishay pushed a commit to balteravishay/scorecard that referenced this pull request May 28, 2023
* fix anchor link to code-review in checks.yaml

Signed-off-by: dasfreak <dasfreak@users.noreply.github.com>
Signed-off-by: Marc Ohm <dasfreak@users.noreply.github.com>

* generate checks.md

Signed-off-by: Marc Ohm <dasfreak@users.noreply.github.com>

---------

Signed-off-by: dasfreak <dasfreak@users.noreply.github.com>
Signed-off-by: Marc Ohm <dasfreak@users.noreply.github.com>
Signed-off-by: Avishay <avishay.balter@gmail.com>
balteravishay pushed a commit to balteravishay/scorecard that referenced this pull request May 29, 2023
* fix anchor link to code-review in checks.yaml

Signed-off-by: dasfreak <dasfreak@users.noreply.github.com>
Signed-off-by: Marc Ohm <dasfreak@users.noreply.github.com>

* generate checks.md

Signed-off-by: Marc Ohm <dasfreak@users.noreply.github.com>

---------

Signed-off-by: dasfreak <dasfreak@users.noreply.github.com>
Signed-off-by: Marc Ohm <dasfreak@users.noreply.github.com>
Signed-off-by: Avishay <avishay.balter@gmail.com>
balteravishay pushed a commit to balteravishay/scorecard that referenced this pull request Jun 11, 2023
* fix anchor link to code-review in checks.yaml

Signed-off-by: dasfreak <dasfreak@users.noreply.github.com>
Signed-off-by: Marc Ohm <dasfreak@users.noreply.github.com>

* generate checks.md

Signed-off-by: Marc Ohm <dasfreak@users.noreply.github.com>

---------

Signed-off-by: dasfreak <dasfreak@users.noreply.github.com>
Signed-off-by: Marc Ohm <dasfreak@users.noreply.github.com>
Signed-off-by: Avishay <avishay.balter@gmail.com>
balteravishay pushed a commit to balteravishay/scorecard that referenced this pull request Jun 11, 2023
* fix anchor link to code-review in checks.yaml

Signed-off-by: dasfreak <dasfreak@users.noreply.github.com>
Signed-off-by: Marc Ohm <dasfreak@users.noreply.github.com>

* generate checks.md

Signed-off-by: Marc Ohm <dasfreak@users.noreply.github.com>

---------

Signed-off-by: dasfreak <dasfreak@users.noreply.github.com>
Signed-off-by: Marc Ohm <dasfreak@users.noreply.github.com>
Signed-off-by: Avishay <avishay.balter@gmail.com>
spencerschrock pushed a commit that referenced this pull request Jun 15, 2023
* add nuget package manager

Signed-off-by: Avishay <avishay.balter@gmail.com>

* fix pat test messages (#2987)

* also fix pat tests

Signed-off-by: Raghav Kaul <raghavkaul@google.com>
Signed-off-by: Avishay <avishay.balter@gmail.com>

* :seedling: Bump slsa-framework/slsa-github-generator from 1.5.0 to 1.6.0

Bumps [slsa-framework/slsa-github-generator](https://github.com/slsa-framework/slsa-github-generator) from 1.5.0 to 1.6.0.
- [Release notes](https://github.com/slsa-framework/slsa-github-generator/releases)
- [Changelog](https://github.com/slsa-framework/slsa-github-generator/blob/main/CHANGELOG.md)
- [Commits](https://github.com/slsa-framework/slsa-github-generator/compare/v1.5.0...v1.6.0)

---
updated-dependencies:
- dependency-name: slsa-framework/slsa-github-generator
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: Avishay <avishay.balter@gmail.com>

* :seedling: Bump cloud.google.com/go/bigquery from 1.51.1 to 1.51.2 (#2984)

Bumps [cloud.google.com/go/bigquery](https://github.com/googleapis/google-cloud-go) from 1.51.1 to 1.51.2.
- [Release notes](https://github.com/googleapis/google-cloud-go/releases)
- [Changelog](https://github.com/googleapis/google-cloud-go/blob/main/CHANGES.md)
- [Commits](https://github.com/googleapis/google-cloud-go/compare/bigquery/v1.51.1...bigquery/v1.51.2)

---
updated-dependencies:
- dependency-name: cloud.google.com/go/bigquery
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Signed-off-by: Avishay <avishay.balter@gmail.com>

* :seedling: Bump golang.org/x/tools from 0.9.0 to 0.9.1

Bumps [golang.org/x/tools](https://github.com/golang/tools) from 0.9.0 to 0.9.1.
- [Release notes](https://github.com/golang/tools/releases)
- [Commits](https://github.com/golang/tools/compare/v0.9.0...v0.9.1)

---
updated-dependencies:
- dependency-name: golang.org/x/tools
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: Avishay <avishay.balter@gmail.com>

* :bug: Update osv-scanner dependency to include Vulnerabilities check fixes (#2981)

* Update osv-scanner dependency to include Vulnerabilities check fixes

Signed-off-by: Laurent Savaëte <laurent@where.tf>

* Run go mod tidy

Signed-off-by: Laurent Savaëte <laurent@where.tf>

---------

Signed-off-by: Laurent Savaëte <laurent@where.tf>
Signed-off-by: Avishay <avishay.balter@gmail.com>

* :seedling: Bump github.com/docker/distribution in /tools (#2993)

Bumps [github.com/docker/distribution](https://github.com/docker/distribution) from 2.8.1+incompatible to 2.8.2+incompatible.
- [Release notes](https://github.com/docker/distribution/releases)
- [Commits](https://github.com/docker/distribution/compare/v2.8.1...v2.8.2)

---
updated-dependencies:
- dependency-name: github.com/docker/distribution
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Signed-off-by: Avishay <avishay.balter@gmail.com>

* 🌱 Gitlab: e2e test fixes in main (#2992)

* test secret chagnes

Signed-off-by: Raghav Kaul <raghavkaul@google.com>

* update score

Signed-off-by: Raghav Kaul <raghavkaul@google.com>

* address cr comments

Signed-off-by: Raghav Kaul <raghavkaul@google.com>

* update

Signed-off-by: Raghav Kaul <raghavkaul@google.com>

---------

Signed-off-by: Raghav Kaul <raghavkaul@google.com>
Signed-off-by: Avishay <avishay.balter@gmail.com>

* :seedling: Unit tests log/log.go (#2980)

- Add unit tests for the log package
- Add Apache License to log_test.go

Signed-off-by: naveensrinivasan <172697+naveensrinivasan@users.noreply.github.com>
Signed-off-by: Avishay <avishay.balter@gmail.com>

* :seedling: Bump github.com/cloudflare/circl in /tools (#2995)

Bumps [github.com/cloudflare/circl](https://github.com/cloudflare/circl) from 1.2.0 to 1.3.3.
- [Release notes](https://github.com/cloudflare/circl/releases)
- [Commits](https://github.com/cloudflare/circl/compare/v1.2.0...v1.3.3)

---
updated-dependencies:
- dependency-name: github.com/cloudflare/circl
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Signed-off-by: Avishay <avishay.balter@gmail.com>

* :sparkles: Add releasing workflow for semantic-release (#2989)

Signed-off-by: Matt Travi <programmer@travi.org>
Signed-off-by: Avishay <avishay.balter@gmail.com>

* :seedling: Bump slsa-framework/slsa-verifier from 2.2.0 to 2.3.0

Bumps [slsa-framework/slsa-verifier](https://github.com/slsa-framework/slsa-verifier) from 2.2.0 to 2.3.0.
- [Release notes](https://github.com/slsa-framework/slsa-verifier/releases)
- [Changelog](https://github.com/slsa-framework/slsa-verifier/blob/main/RELEASE.md)
- [Commits](https://github.com/slsa-framework/slsa-verifier/compare/v2.2.0...v2.3.0)

---
updated-dependencies:
- dependency-name: slsa-framework/slsa-verifier
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: Avishay <avishay.balter@gmail.com>

* :seedling: Bump github.com/cloudflare/circl from 1.1.0 to 1.3.3 (#2994)

Bumps [github.com/cloudflare/circl](https://github.com/cloudflare/circl) from 1.1.0 to 1.3.3.
- [Release notes](https://github.com/cloudflare/circl/releases)
- [Commits](https://github.com/cloudflare/circl/compare/v1.1.0...v1.3.3)

---
updated-dependencies:
- dependency-name: github.com/cloudflare/circl
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Signed-off-by: Avishay <avishay.balter@gmail.com>

* :seedling: Additional e2e clients/githubrepo/checkruns.go (#2934)

* :seedling: Additional e2e clients/githubrepo/checkruns.go

- Add `net/http` and `github.com/google/go-github/v38/github` imports
- Add a test for `listCheckRunsForRef` with valid ref
- Add a test for `listCheckRunsForRef` with invalid ref

Signed-off-by: naveensrinivasan <172697+naveensrinivasan@users.noreply.github.com>

* Based on code review comments

Signed-off-by: naveensrinivasan <172697+naveensrinivasan@users.noreply.github.com>

* Some tweaks

Signed-off-by: naveensrinivasan <172697+naveensrinivasan@users.noreply.github.com>

---------

Signed-off-by: naveensrinivasan <172697+naveensrinivasan@users.noreply.github.com>
Signed-off-by: Avishay <avishay.balter@gmail.com>

* :seedling: E2E for clients/githubrepo/contributors.go (#2939)

* :seedling: E2E for clients/githubrepo/contributors.go

- Add an end-to-end test for `contributorsHandler`

Signed-off-by: naveensrinivasan <172697+naveensrinivasan@users.noreply.github.com>

* Fixed based on code review comments.

Signed-off-by: naveensrinivasan <172697+naveensrinivasan@users.noreply.github.com>

* Fixed codereview comment.

Signed-off-by: naveensrinivasan <172697+naveensrinivasan@users.noreply.github.com>

---------

Signed-off-by: naveensrinivasan <172697+naveensrinivasan@users.noreply.github.com>
Signed-off-by: Avishay <avishay.balter@gmail.com>

* :book: Clarify that AI/ML doesn't count as human code review (#2953)

* Clarify that AI/ML doesn't count as human code review

Add this clarification per the Scorecards Zoom call meeting today
(2023-05-04).

Signed-off-by: David A. Wheeler <dwheeler@dwheeler.com>

* Tweaked per review

Signed-off-by: David A. Wheeler <dwheeler@dwheeler.com>

---------

Signed-off-by: David A. Wheeler <dwheeler@dwheeler.com>
Signed-off-by: Avishay <avishay.balter@gmail.com>

* :seedling: Bump golang from `31a8f92` to `685a22e` in /cron/internal/cii

Bumps golang from `31a8f92` to `685a22e`.

---
updated-dependencies:
- dependency-name: golang
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: Avishay <avishay.balter@gmail.com>

* :seedling: Bump golang in /cron/internal/controller

Bumps golang from `31a8f92` to `685a22e`.

---
updated-dependencies:
- dependency-name: golang
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: Avishay <avishay.balter@gmail.com>

* :seedling: Bump golang in /cron/internal/worker

Bumps golang from `31a8f92` to `685a22e`.

---
updated-dependencies:
- dependency-name: golang
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: Avishay <avishay.balter@gmail.com>

* :seedling: Bump golang in /clients/githubrepo/roundtripper/tokens/server

Bumps golang from `31a8f92` to `685a22e`.

---
updated-dependencies:
- dependency-name: golang
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: Avishay <avishay.balter@gmail.com>

* :seedling: Bump golang from `31a8f92` to `685a22e`

Bumps golang from `31a8f92` to `685a22e`.

---
updated-dependencies:
- dependency-name: golang
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: Avishay <avishay.balter@gmail.com>

* :seedling: Bump golang from `31a8f92` to `685a22e` in /cron/internal/bq

Bumps golang from `31a8f92` to `685a22e`.

---
updated-dependencies:
- dependency-name: golang
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: Avishay <avishay.balter@gmail.com>

* :seedling: Bump golang in /cron/internal/webhook

Bumps golang from `31a8f92` to `685a22e`.

---
updated-dependencies:
- dependency-name: golang
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: Avishay <avishay.balter@gmail.com>

* Clarify AI/ML not human code review - in .yml file (#3012)

This clarifies that AI/ML doesn't count as human code review.
This was earlier done in #2953 but that didn't modify the relevant
.yml file - this does.

Signed-off-by: David A. Wheeler <dwheeler@dwheeler.com>
Signed-off-by: Avishay <avishay.balter@gmail.com>

* :seedling: Bump golang.org/x/oauth2 from 0.7.0 to 0.8.0 (#3005)

Bumps [golang.org/x/oauth2](https://github.com/golang/oauth2) from 0.7.0 to 0.8.0.
- [Commits](https://github.com/golang/oauth2/compare/v0.7.0...v0.8.0)

---
updated-dependencies:
- dependency-name: golang.org/x/oauth2
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Signed-off-by: Avishay <avishay.balter@gmail.com>

* :seedling: Unit tests for checks/raw/maintained.go (#2996)

- Add tests and checks for the `Maintained` function
- Add checks for `IsArchived`, `ListCommits`, `ListIssues`, and `GetCreatedAt`

Signed-off-by: naveensrinivasan <172697+naveensrinivasan@users.noreply.github.com>
Signed-off-by: Avishay <avishay.balter@gmail.com>

* :seedling: Bump github.com/onsi/ginkgo/v2 from 2.9.4 to 2.9.5 in /tools

Bumps [github.com/onsi/ginkgo/v2](https://github.com/onsi/ginkgo) from 2.9.4 to 2.9.5.
- [Release notes](https://github.com/onsi/ginkgo/releases)
- [Changelog](https://github.com/onsi/ginkgo/blob/master/CHANGELOG.md)
- [Commits](https://github.com/onsi/ginkgo/compare/v2.9.4...v2.9.5)

---
updated-dependencies:
- dependency-name: github.com/onsi/ginkgo/v2
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: Avishay <avishay.balter@gmail.com>

* :seedling: Bump actions/setup-go from 4.0.0 to 4.0.1

Bumps [actions/setup-go](https://github.com/actions/setup-go) from 4.0.0 to 4.0.1.
- [Release notes](https://github.com/actions/setup-go/releases)
- [Commits](https://github.com/actions/setup-go/compare/4d34df0c2316fe8122ab82dc22947d607c0c91f9...fac708d6674e30b6ba41289acaab6d4b75aa0753)

---
updated-dependencies:
- dependency-name: actions/setup-go
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: Avishay <avishay.balter@gmail.com>

* :seedling: Bump codecov/codecov-action from 3.1.3 to 3.1.4

Bumps [codecov/codecov-action](https://github.com/codecov/codecov-action) from 3.1.3 to 3.1.4.
- [Release notes](https://github.com/codecov/codecov-action/releases)
- [Changelog](https://github.com/codecov/codecov-action/blob/main/CHANGELOG.md)
- [Commits](https://github.com/codecov/codecov-action/compare/894ff025c7b54547a9a2a1e9f228beae737ad3c2...eaaf4bedf32dbdc6b720b63067d99c4d77d6047d)

---
updated-dependencies:
- dependency-name: codecov/codecov-action
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: Avishay <avishay.balter@gmail.com>

* :seedling: Unit tests for Policy.go (#3003)

- Included tests for policy.go

Signed-off-by: naveensrinivasan <172697+naveensrinivasan@users.noreply.github.com>
Signed-off-by: Avishay <avishay.balter@gmail.com>

* :seedling: Bump github.com/onsi/ginkgo/v2 from 2.9.4 to 2.9.5

Bumps [github.com/onsi/ginkgo/v2](https://github.com/onsi/ginkgo) from 2.9.4 to 2.9.5.
- [Release notes](https://github.com/onsi/ginkgo/releases)
- [Changelog](https://github.com/onsi/ginkgo/blob/master/CHANGELOG.md)
- [Commits](https://github.com/onsi/ginkgo/compare/v2.9.4...v2.9.5)

---
updated-dependencies:
- dependency-name: github.com/onsi/ginkgo/v2
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: Avishay <avishay.balter@gmail.com>

* :seedling: Bump sigstore/cosign-installer from 3.0.3 to 3.0.4

Bumps [sigstore/cosign-installer](https://github.com/sigstore/cosign-installer) from 3.0.3 to 3.0.4.
- [Release notes](https://github.com/sigstore/cosign-installer/releases)
- [Commits](https://github.com/sigstore/cosign-installer/compare/204a51a57a74d190b284a0ce69b44bc37201f343...03d0fecf172873164a163bbc64bed0f3bf114ed7)

---
updated-dependencies:
- dependency-name: sigstore/cosign-installer
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: Avishay <avishay.balter@gmail.com>

* :seedling: Bump github.com/google/go-containerregistry (#3025)

Bumps [github.com/google/go-containerregistry](https://github.com/google/go-containerregistry) from 0.15.1 to 0.15.2.
- [Release notes](https://github.com/google/go-containerregistry/releases)
- [Changelog](https://github.com/google/go-containerregistry/blob/main/.goreleaser.yml)
- [Commits](https://github.com/google/go-containerregistry/compare/v0.15.1...v0.15.2)

---
updated-dependencies:
- dependency-name: github.com/google/go-containerregistry
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Signed-off-by: Avishay <avishay.balter@gmail.com>

* :seedling: Bump github.com/sirupsen/logrus from 1.9.0 to 1.9.1

Bumps [github.com/sirupsen/logrus](https://github.com/sirupsen/logrus) from 1.9.0 to 1.9.1.
- [Release notes](https://github.com/sirupsen/logrus/releases)
- [Changelog](https://github.com/sirupsen/logrus/blob/master/CHANGELOG.md)
- [Commits](https://github.com/sirupsen/logrus/compare/v1.9.0...v1.9.1)

---
updated-dependencies:
- dependency-name: github.com/sirupsen/logrus
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: Avishay <avishay.balter@gmail.com>

* :seedling: Included e2e tests for push to main (#2951)

- Update trigger for integration tests to enable running on `push` and `pull_request` on the `main` branch

Signed-off-by: naveensrinivasan <172697+naveensrinivasan@users.noreply.github.com>
Signed-off-by: Avishay <avishay.balter@gmail.com>

* :seedling: Included directories that don't require coverage (#3002)

- Included directories that don't require coverage.

Signed-off-by: naveensrinivasan <172697+naveensrinivasan@users.noreply.github.com>
Signed-off-by: Avishay <avishay.balter@gmail.com>

* :seedling: Unit tests for checks/raw/contributors.go (#2998)

- Add tests and fix casing for Contributors function in checks/raw/contributors_test.go

Signed-off-by: naveensrinivasan <172697+naveensrinivasan@users.noreply.github.com>
Signed-off-by: Avishay <avishay.balter@gmail.com>

* ✨ GitLab: Code Review check (#2764)

* Add GitLab support for Code-Review check

Signed-off-by: Raghav Kaul <raghavkaul@google.com>

* Remove spurious printf

Signed-off-by: Raghav Kaul <raghavkaul@google.com>

* Working commit

Signed-off-by: Raghav Kaul <raghavkaul@google.com>

* update

Signed-off-by: Raghav Kaul <raghavkaul@google.com>

* update

Signed-off-by: Raghav Kaul <raghavkaul@google.com>

* e2e test

Signed-off-by: Raghav Kaul <raghavkaul@google.com>

* update: test coverage

Signed-off-by: Raghav Kaul <raghavkaul@google.com>

---------

Signed-off-by: Raghav Kaul <raghavkaul@google.com>
Signed-off-by: Avishay <avishay.balter@gmail.com>

* gitlab: license check (#2834)

Signed-off-by: Raghav Kaul <raghavkaul@google.com>
Signed-off-by: Avishay <avishay.balter@gmail.com>

* :seedling: Bump github.com/sirupsen/logrus from 1.9.1 to 1.9.2 (#3031)

Bumps [github.com/sirupsen/logrus](https://github.com/sirupsen/logrus) from 1.9.1 to 1.9.2.
- [Release notes](https://github.com/sirupsen/logrus/releases)
- [Changelog](https://github.com/sirupsen/logrus/blob/master/CHANGELOG.md)
- [Commits](https://github.com/sirupsen/logrus/compare/v1.9.1...v1.9.2)

---
updated-dependencies:
- dependency-name: github.com/sirupsen/logrus
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Signed-off-by: Avishay <avishay.balter@gmail.com>

* :seedling: Bump github.com/google/osv-scanner

Bumps [github.com/google/osv-scanner](https://github.com/google/osv-scanner) from 1.3.3-0.20230509011216-baae1796eeea to 1.3.3.
- [Release notes](https://github.com/google/osv-scanner/releases)
- [Changelog](https://github.com/google/osv-scanner/blob/main/CHANGELOG.md)
- [Commits](https://github.com/google/osv-scanner/commits/v1.3.3)

---
updated-dependencies:
- dependency-name: github.com/google/osv-scanner
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: Avishay <avishay.balter@gmail.com>

* :seedling: Bump sigstore/cosign-installer from 3.0.4 to 3.0.5 (#3029)

Bumps [sigstore/cosign-installer](https://github.com/sigstore/cosign-installer) from 3.0.4 to 3.0.5.
- [Release notes](https://github.com/sigstore/cosign-installer/releases)
- [Commits](https://github.com/sigstore/cosign-installer/compare/03d0fecf172873164a163bbc64bed0f3bf114ed7...dd6b2e2b610a11fd73dd187a43d57cc1394e35f9)

---
updated-dependencies:
- dependency-name: sigstore/cosign-installer
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Signed-off-by: Avishay <avishay.balter@gmail.com>

* :seedling: Bump arduino/setup-protoc from 1.1.2 to 1.2.0

Bumps [arduino/setup-protoc](https://github.com/arduino/setup-protoc) from 1.1.2 to 1.2.0.
- [Release notes](https://github.com/arduino/setup-protoc/releases)
- [Commits](https://github.com/arduino/setup-protoc/compare/64c0c85d18e984422218383b81c52f8b077404d3...4b3578161eece2eb20a9dfd84bb8ed105e684dba)

---
updated-dependencies:
- dependency-name: arduino/setup-protoc
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: Avishay <avishay.balter@gmail.com>

* :sparkles: Add support for github GHES (#2999)

* :sparkles: adding support for github GHES

Signed-off-by: Niket Patel <patelniket@gmail.com>

* fix: lint and cleanup

Signed-off-by: Niket Patel <patelniket@gmail.com>

* fix: flaky test

Signed-off-by: Niket Patel <patelniket@gmail.com>

* fix: address missing host

Signed-off-by: Niket Patel <patelniket@gmail.com>

* fix: lint error

Signed-off-by: Niket Patel <patelniket@gmail.com>

* :seedling: Additional e2e clients/githubrepo/checkruns.go (#2934)

* :seedling: Additional e2e clients/githubrepo/checkruns.go

- Add `net/http` and `github.com/google/go-github/v38/github` imports
- Add a test for `listCheckRunsForRef` with valid ref
- Add a test for `listCheckRunsForRef` with invalid ref

Signed-off-by: naveensrinivasan <172697+naveensrinivasan@users.noreply.github.com>

* Based on code review comments

Signed-off-by: naveensrinivasan <172697+naveensrinivasan@users.noreply.github.com>

* Some tweaks

Signed-off-by: naveensrinivasan <172697+naveensrinivasan@users.noreply.github.com>

---------

Signed-off-by: naveensrinivasan <172697+naveensrinivasan@users.noreply.github.com>
Signed-off-by: Niket Patel <patelniket@gmail.com>

* :seedling: E2E for clients/githubrepo/contributors.go (#2939)

* :seedling: E2E for clients/githubrepo/contributors.go

- Add an end-to-end test for `contributorsHandler`

Signed-off-by: naveensrinivasan <172697+naveensrinivasan@users.noreply.github.com>

* Fixed based on code review comments.

Signed-off-by: naveensrinivasan <172697+naveensrinivasan@users.noreply.github.com>

* Fixed codereview comment.

Signed-off-by: naveensrinivasan <172697+naveensrinivasan@users.noreply.github.com>

---------

Signed-off-by: naveensrinivasan <172697+naveensrinivasan@users.noreply.github.com>
Signed-off-by: Niket Patel <patelniket@gmail.com>

* chore: add GHES instructions

Signed-off-by: Niket Patel <patelniket@gmail.com>

* refact: use test setenv

Signed-off-by: Niket Patel <patelniket@gmail.com>

* fix: corp unit test

Signed-off-by: Niket Patel <patelniket@gmail.com>

---------

Signed-off-by: Niket Patel <patelniket@gmail.com>
Signed-off-by: naveensrinivasan <172697+naveensrinivasan@users.noreply.github.com>
Signed-off-by: Niket Patel <patelniketm@users.noreply.github.com>
Co-authored-by: Naveen <172697+naveensrinivasan@users.noreply.github.com>
Co-authored-by: raghavkaul <8695110+raghavkaul@users.noreply.github.com>
Signed-off-by: Avishay <avishay.balter@gmail.com>

* Change Facilitators to Maintainers (#3039)

Not sure what the old facilitators table was for. Current list of Maintainers is always in CODEOWNERS.

Meaning of "Maintainers" still is not defined, and should be a part of an upcoming contributor ladder.

Signed-off-by: Jeff Mendoza <jlm@jlm.name>
Signed-off-by: Avishay <avishay.balter@gmail.com>

* :bug: Gitlab: Commit/Commitor Exceptions (#3026)

* feat: Added paging for contributor/users against gitlab projects

Signed-off-by: Robison, Jim B <jim.b.robison@lmco.com>

* refactor: Updated the bot flag for unmatched users

Signed-off-by: Robison, Jim B <jim.b.robison@lmco.com>

* fix: Not all commit users are in the git registry instance

Signed-off-by: Robison, Jim B <jim.b.robison@lmco.com>

* fix: Skipping check if the email is empty, as well as if the "email" doesn't contain a "." char.

Signed-off-by: Robison, Jim B <jim.b.robison@lmco.com>

* fix: Updated to allow for commits with PRs to be accounted/added to the client.commits

Signed-off-by: Robison, Jim B <jim.b.robison@lmco.com>

* refactor: Updated to prevent linting issue regarding nested if's

Signed-off-by: Robison, Jim B <jim.b.robison@lmco.com>

* test: Adding coverage for commits and contributors for gitlab

Signed-off-by: Robison, Jim B <jim.b.robison@lmco.com>

* refactor: Moved queries from the client to their own functions

Signed-off-by: Robison, Jim B <jim.b.robison@lmco.com>

* bug: Need to pass the ProjectID value to the contributor query

Signed-off-by: Robison, Jim B <jim.b.robison@lmco.com>

* bug: Updating project title versus projectID values for api querying

Signed-off-by: Robison, Jim B <jim.b.robison@lmco.com>

* test: Updated tests to match expected property set for projectID

Signed-off-by: Robison, Jim B <jim.b.robison@lmco.com>

* revert: Reverted based on feedback during review

Signed-off-by: Robison, Jim B <jim.b.robison@lmco.com>

---------

Signed-off-by: Robison, Jim B <jim.b.robison@lmco.com>
Signed-off-by: Avishay <avishay.balter@gmail.com>

* :seedling: Bump github.com/onsi/gomega from 1.27.6 to 1.27.7 (#3040)

Bumps [github.com/onsi/gomega](https://github.com/onsi/gomega) from 1.27.6 to 1.27.7.
- [Release notes](https://github.com/onsi/gomega/releases)
- [Changelog](https://github.com/onsi/gomega/blob/master/CHANGELOG.md)
- [Commits](https://github.com/onsi/gomega/compare/v1.27.6...v1.27.7)

---
updated-dependencies:
- dependency-name: github.com/onsi/gomega
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Signed-off-by: Avishay <avishay.balter@gmail.com>

* :book: Make all StepSecurity app endpoint references consistent (#3042)

Signed-off-by: Ashish Kurmi <akurmi@stepsecurity.io>
Signed-off-by: Avishay <avishay.balter@gmail.com>

* 📖 Update checks.md to show the benefit of >=2 reviewers (#3013)

* Update checks.yaml instead of cehcks.md

Signed-off-by: Joyce <joycebrum@google.com>

* feat: generate checks.md

Signed-off-by: Joyce Brum <joycebrum@google.com>

---------

Signed-off-by: Joyce <joycebrum@google.com>
Signed-off-by: Joyce Brum <joycebrum@google.com>
Signed-off-by: Avishay <avishay.balter@gmail.com>

* :seedling: Improve workflow pinning remediation tests (#3021)

- Add 3 tests for workflow pinning remediation

[remediation/remediations_test.go]
- Add 3 tests for workflow pinning remediation

Signed-off-by: naveensrinivasan <172697+naveensrinivasan@users.noreply.github.com>
Signed-off-by: Avishay <avishay.balter@gmail.com>

* :seedling: E2E tests for clients/githubrepo/languages_e2e_test.go (#3000)

* :seedling: E2E tests for clients/githubrepo/languages_e2e_test.go

- Included e2e tests for clients/githubrepo/languages_e2e_test.go

Signed-off-by: naveensrinivasan <172697+naveensrinivasan@users.noreply.github.com>

* Fixed the token type check.

Signed-off-by: naveensrinivasan <172697+naveensrinivasan@users.noreply.github.com>

---------

Signed-off-by: naveensrinivasan <172697+naveensrinivasan@users.noreply.github.com>
Signed-off-by: Naveen <172697+naveensrinivasan@users.noreply.github.com>
Signed-off-by: Avishay <avishay.balter@gmail.com>

* :seedling: Unit tests for pkg/json_raw_results (#3044)

* :seedling: Unit tests for pkg/json_raw_results.go

- Unit tests for pkg/json_raw_results.go

Signed-off-by: naveensrinivasan <172697+naveensrinivasan@users.noreply.github.com>

* Additional tests

Signed-off-by: naveensrinivasan <172697+naveensrinivasan@users.noreply.github.com>

---------

Signed-off-by: naveensrinivasan <172697+naveensrinivasan@users.noreply.github.com>
Signed-off-by: Avishay <avishay.balter@gmail.com>

* ✨  [experimental] Add probe code and support for Tool-Update-Dependency (#2944)

* update

Signed-off-by: laurentsimon <laurentsimon@google.com>

* update

Signed-off-by: laurentsimon <laurentsimon@google.com>

* update

Signed-off-by: laurentsimon <laurentsimon@google.com>

* update

Signed-off-by: laurentsimon <laurentsimon@google.com>

* update

Signed-off-by: laurentsimon <laurentsimon@google.com>

* update

Signed-off-by: laurentsimon <laurentsimon@google.com>

* update

Signed-off-by: laurentsimon <laurentsimon@google.com>

* update

Signed-off-by: laurentsimon <laurentsimon@google.com>

---------

Signed-off-by: laurentsimon <laurentsimon@google.com>
Signed-off-by: Avishay <avishay.balter@gmail.com>

* add zoom link and agenda link (#3050)

Signed-off-by: Amanda L Martin <hythloda@gmail.com>
Signed-off-by: Avishay <avishay.balter@gmail.com>

* :seedling: Run E2E PAT test for push to main (#3046)

- Add E2E PAT tests for push to main.

Signed-off-by: naveensrinivasan <172697+naveensrinivasan@users.noreply.github.com>
Signed-off-by: Avishay <avishay.balter@gmail.com>

* Update main.yml (#3054)

-Fixed the YAML indenting issue.

Signed-off-by: Naveen <172697+naveensrinivasan@users.noreply.github.com>
Signed-off-by: Avishay <avishay.balter@gmail.com>

* only run e2e pat on push (#3056)

Signed-off-by: Spencer Schrock <sschrock@google.com>
Signed-off-by: Avishay <avishay.balter@gmail.com>

* :seedling: Bump github.com/go-git/go-git/v5 from 5.6.1 to 5.7.0 (#3057)

Bumps [github.com/go-git/go-git/v5](https://github.com/go-git/go-git) from 5.6.1 to 5.7.0.
- [Release notes](https://github.com/go-git/go-git/releases)
- [Commits](https://github.com/go-git/go-git/compare/v5.6.1...v5.7.0)

---
updated-dependencies:
- dependency-name: github.com/go-git/go-git/v5
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Signed-off-by: Avishay <avishay.balter@gmail.com>

* :book: :ghost: fix anchor link to the code review section (#3058)

* fix anchor link to code-review in checks.yaml

Signed-off-by: dasfreak <dasfreak@users.noreply.github.com>
Signed-off-by: Marc Ohm <dasfreak@users.noreply.github.com>

* generate checks.md

Signed-off-by: Marc Ohm <dasfreak@users.noreply.github.com>

---------

Signed-off-by: dasfreak <dasfreak@users.noreply.github.com>
Signed-off-by: Marc Ohm <dasfreak@users.noreply.github.com>
Signed-off-by: Avishay <avishay.balter@gmail.com>

* 🐛 Gitlab: Tests (#3027)

* fix tests

Signed-off-by: Raghav Kaul <raghavkaul@google.com>

* use projectID instead of project where applicable

Signed-off-by: Raghav Kaul <raghavkaul@google.com>

* pass ref as listcommitoption

Signed-off-by: Raghav Kaul <raghavkaul@google.com>

* update tests

* CI-Tests: check if score > 0. pull request client is limited and can't
go back to arbitrary pull requests. CI-Tests don't run on forks, so this
can't be pinned either. But, for active repositories, we typically
expect *some* tests to be run

Signed-off-by: Raghav Kaul <raghavkaul@google.com>

* fix commitshandler commitSHA tests

Signed-off-by: Raghav Kaul <raghavkaul@google.com>

* update tests

Signed-off-by: Raghav Kaul <raghavkaul@google.com>

---------

Signed-off-by: Raghav Kaul <raghavkaul@google.com>
Signed-off-by: raghavkaul <8695110+raghavkaul@users.noreply.github.com>
Signed-off-by: Avishay <avishay.balter@gmail.com>

* :seedling: Bump github.com/goreleaser/nfpm/v2 in /tools (#3060)

Bumps [github.com/goreleaser/nfpm/v2](https://github.com/goreleaser/nfpm) from 2.28.0 to 2.29.0.
- [Release notes](https://github.com/goreleaser/nfpm/releases)
- [Changelog](https://github.com/goreleaser/nfpm/blob/main/.goreleaser.yml)
- [Commits](https://github.com/goreleaser/nfpm/compare/v2.28.0...v2.29.0)

---
updated-dependencies:
- dependency-name: github.com/goreleaser/nfpm/v2
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Signed-off-by: Avishay <avishay.balter@gmail.com>

* ✨ Gitlab: Add projects to cron (#2936)

* cron: add gitlab projects

* support gitlab client
* simplify gitlab detection

Signed-off-by: Raghav Kaul <raghavkaul@google.com>

* fix MakeGitlabRepo

* shortcut when repo url is github.com
* fixes add-projects, validate-projects

Signed-off-by: Raghav Kaul <raghavkaul@google.com>

* Move gitlab repos to release controller

Signed-off-by: Raghav Kaul <raghavkaul@google.com>

* Add csv headers

Signed-off-by: Raghav Kaul <raghavkaul@google.com>

* Use gitlab.WithBaseURL

Signed-off-by: Raghav Kaul <raghavkaul@google.com>

* formatting & logging

Signed-off-by: Raghav Kaul <raghavkaul@google.com>

* remove spurious test

Signed-off-by: Raghav Kaul <raghavkaul@google.com>

* consolidate logic

Signed-off-by: Raghav Kaul <raghavkaul@google.com>

* Turn on experimental flag

Signed-off-by: Raghav Kaul <raghavkaul@google.com>

* Add projects

Signed-off-by: Raghav Kaul <raghavkaul@google.com>

* Update client

Signed-off-by: Raghav Kaul <raghavkaul@google.com>

* update

Signed-off-by: Raghav Kaul <raghavkaul@google.com>

* update

Signed-off-by: Raghav Kaul <raghavkaul@google.com>

* update

Signed-off-by: Raghav Kaul <raghavkaul@google.com>

* update

Signed-off-by: Raghav Kaul <raghavkaul@google.com>

---------

Signed-off-by: Raghav Kaul <raghavkaul@google.com>
Signed-off-by: Avishay <avishay.balter@gmail.com>

* :seedling: Simplify caching in docker workflow (#3061)

Signed-off-by: Spencer Schrock <sschrock@google.com>
Signed-off-by: Avishay <avishay.balter@gmail.com>

* :seedling: Bump github/codeql-action from 2.3.3 to 2.3.4 (#3064)

Bumps [github/codeql-action](https://github.com/github/codeql-action) from 2.3.3 to 2.3.4.
- [Release notes](https://github.com/github/codeql-action/releases)
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md)
- [Commits](https://github.com/github/codeql-action/compare/29b1f65c5e92e24fe6b6647da1eaabe529cec70f...f0e3dfb30302f8a0881bb509b044e0de4f6ef589)

---
updated-dependencies:
- dependency-name: github/codeql-action
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Signed-off-by: Avishay <avishay.balter@gmail.com>

* :seedling: Bump cloud.google.com/go/pubsub from 1.30.1 to 1.31.0 (#3065)

Bumps [cloud.google.com/go/pubsub](https://github.com/googleapis/google-cloud-go) from 1.30.1 to 1.31.0.
- [Release notes](https://github.com/googleapis/google-cloud-go/releases)
- [Changelog](https://github.com/googleapis/google-cloud-go/blob/main/CHANGES.md)
- [Commits](https://github.com/googleapis/google-cloud-go/compare/pubsub/v1.30.1...pubsub/v1.31.0)

---
updated-dependencies:
- dependency-name: cloud.google.com/go/pubsub
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Signed-off-by: Avishay <avishay.balter@gmail.com>

* 🐛 gitlab: cron  (#3070)

Signed-off-by: Raghav Kaul <raghavkaul@google.com>
Signed-off-by: Avishay <avishay.balter@gmail.com>

* :seedling: Bump github/codeql-action from 2.3.4 to 2.3.5 (#3072)

Bumps [github/codeql-action](https://github.com/github/codeql-action) from 2.3.4 to 2.3.5.
- [Release notes](https://github.com/github/codeql-action/releases)
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md)
- [Commits](https://github.com/github/codeql-action/compare/f0e3dfb30302f8a0881bb509b044e0de4f6ef589...0225834cc549ee0ca93cb085b92954821a145866)

---
updated-dependencies:
- dependency-name: github/codeql-action
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Signed-off-by: Avishay <avishay.balter@gmail.com>

* :seedling: Bump tj-actions/changed-files from 35.9.2 to 36.0.3 (#3071)

Bumps [tj-actions/changed-files](https://github.com/tj-actions/changed-files) from 35.9.2 to 36.0.3.
- [Release notes](https://github.com/tj-actions/changed-files/releases)
- [Changelog](https://github.com/tj-actions/changed-files/blob/main/HISTORY.md)
- [Commits](https://github.com/tj-actions/changed-files/compare/b2d17f51244a144849c6b37a3a6791b98a51d86f...25eaddf37ae893cec889065e9a60439c8af6f089)

---
updated-dependencies:
- dependency-name: tj-actions/changed-files
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Signed-off-by: Avishay <avishay.balter@gmail.com>

* 🐛 Gitlab status updates (#3052)

* doc: Updating gitlab support validation status

Signed-off-by: Robison, Jim B <jim.b.robison@lmco.com>

* bug: Updated  logic for gitlab to prevent exceptions based on releases

Signed-off-by: Robison, Jim B <jim.b.robison@lmco.com>

* test: Added initial tests for gitlab branches

Signed-off-by: Robison, Jim B <jim.b.robison@lmco.com>

* doc: Updated general README

Signed-off-by: Robison, Jim B <jim.b.robison@lmco.com>

* refactor: Cleaned up the query for pipelines to be focused on the commitID

Signed-off-by: Robison, Jim B <jim.b.robison@lmco.com>

* feat: Allowed for a non-graphql method of retrieving MRs associated to a commit

Signed-off-by: Robison, Jim B <jim.b.robison@lmco.com>

* doc: Updated status for the CI-Tests

Signed-off-by: Robison, Jim B <jim.b.robison@lmco.com>

* bug: Updated the host url for graphql querying. This enabled the removal of the code added for handling empty returns when executing against a non-gitlab.com repository.

Signed-off-by: Robison, Jim B <jim.b.robison@lmco.com>

---------

Signed-off-by: Robison, Jim B <jim.b.robison@lmco.com>
Co-authored-by: Raghav Kaul <8695110+raghavkaul@users.noreply.github.com>
Signed-off-by: Avishay <avishay.balter@gmail.com>

* :seedling: Bump github.com/sigstore/rekor from 1.1.1 to 1.2.0 in /tools (#3079)

Bumps [github.com/sigstore/rekor](https://github.com/sigstore/rekor) from 1.1.1 to 1.2.0.
- [Release notes](https://github.com/sigstore/rekor/releases)
- [Changelog](https://github.com/sigstore/rekor/blob/main/CHANGELOG.md)
- [Commits](https://github.com/sigstore/rekor/compare/v1.1.1...v1.2.0)

---
updated-dependencies:
- dependency-name: github.com/sigstore/rekor
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Signed-off-by: Avishay <avishay.balter@gmail.com>

* get nuget latest version from registration URL

Signed-off-by: Avishay <avishay.balter@gmail.com>

* better coverage

Signed-off-by: Avishay <avishay.balter@gmail.com>

* sign

Signed-off-by: Avishay <avishay.balter@gmail.com>

* fix tests

Signed-off-by: Avishay <avishay.balter@gmail.com>

* more tests

Signed-off-by: Avishay <avishay.balter@gmail.com>

* client tests

Signed-off-by: Avishay <avishay.balter@gmail.com>

* lint

Signed-off-by: Avishay <avishay.balter@gmail.com>

* Apply suggestions from code review

Co-authored-by: Joel Verhagen <joel.verhagen@gmail.com>
Signed-off-by: Avishay Balter <avishay.balter@gmail.com>
Signed-off-by: Avishay <avishay.balter@gmail.com>

* :seedling: Bump golang from `685a22e` to `690e413` (#3080)

Bumps golang from `685a22e` to `690e413`.

---
updated-dependencies:
- dependency-name: golang
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Signed-off-by: Avishay <avishay.balter@gmail.com>

* :seedling: Bump golang from `685a22e` to `690e413` in /cron/internal/cii

Bumps golang from `685a22e` to `690e413`.

---
updated-dependencies:
- dependency-name: golang
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: Avishay <avishay.balter@gmail.com>

* :seedling: Bump golang in /cron/internal/controller

Bumps golang from `685a22e` to `690e413`.

---
updated-dependencies:
- dependency-name: golang
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: Avishay <avishay.balter@gmail.com>

* :seedling: Bump golang in /cron/internal/worker

Bumps golang from `685a22e` to `690e413`.

---
updated-dependencies:
- dependency-name: golang
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: Avishay <avishay.balter@gmail.com>

* :seedling: Bump golang in /clients/githubrepo/roundtripper/tokens/server

Bumps golang from `685a22e` to `690e413`.

---
updated-dependencies:
- dependency-name: golang
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: Avishay <avishay.balter@gmail.com>

* :seedling: Bump golang in /cron/internal/webhook

Bumps golang from `685a22e` to `690e413`.

---
updated-dependencies:
- dependency-name: golang
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: Avishay <avishay.balter@gmail.com>

* :seedling: Bump golang from `685a22e` to `690e413` in /cron/internal/bq

Bumps golang from `685a22e` to `690e413`.

---
updated-dependencies:
- dependency-name: golang
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: Avishay <avishay.balter@gmail.com>

* :seedling: Bump arduino/setup-protoc from 1.2.0 to 1.3.0 (#3089)

Bumps [arduino/setup-protoc](https://github.com/arduino/setup-protoc) from 1.2.0 to 1.3.0.
- [Release notes](https://github.com/arduino/setup-protoc/releases)
- [Commits](https://github.com/arduino/setup-protoc/compare/4b3578161eece2eb20a9dfd84bb8ed105e684dba...149f6c87b92550901b26acd1632e11c3662e381f)

---
updated-dependencies:
- dependency-name: arduino/setup-protoc
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Signed-off-by: Avishay <avishay.balter@gmail.com>

* :seedling: Bump tj-actions/changed-files from 36.0.3 to 36.0.9 (#3088)

Bumps [tj-actions/changed-files](https://github.com/tj-actions/changed-files) from 36.0.3 to 36.0.9.
- [Release notes](https://github.com/tj-actions/changed-files/releases)
- [Changelog](https://github.com/tj-actions/changed-files/blob/main/HISTORY.md)
- [Commits](https://github.com/tj-actions/changed-files/compare/25eaddf37ae893cec889065e9a60439c8af6f089...cf4fe8759a45edd76ed6215da3529d2dbd2a3c68)

---
updated-dependencies:
- dependency-name: tj-actions/changed-files
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Signed-off-by: Avishay <avishay.balter@gmail.com>

* pr iteration 2

Signed-off-by: Avishay <avishay.balter@gmail.com>

* pr iteration 3

Signed-off-by: Avishay <avishay.balter@gmail.com>

* switch security policy e2e test to ossf-tests repo. (#3090)

tensorflow/tensorflow is huge and was slowing down tests.
Also removed the rust e2e tests because they're already present as unit tests.

Signed-off-by: Spencer Schrock <sschrock@google.com>
Signed-off-by: Avishay <avishay.balter@gmail.com>

* :seedling: Bump github.com/onsi/ginkgo/v2 from 2.9.5 to 2.9.7 in /tools (#3094)

Bumps [github.com/onsi/ginkgo/v2](https://github.com/onsi/ginkgo) from 2.9.5 to 2.9.7.
- [Release notes](https://github.com/onsi/ginkgo/releases)
- [Changelog](https://github.com/onsi/ginkgo/blob/master/CHANGELOG.md)
- [Commits](https://github.com/onsi/ginkgo/compare/v2.9.5...v2.9.7)

---
updated-dependencies:
- dependency-name: github.com/onsi/ginkgo/v2
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Signed-off-by: Avishay <avishay.balter@gmail.com>

* :seedling: Bump github.com/onsi/ginkgo/v2 from 2.9.5 to 2.9.7 (#3093)

Bumps [github.com/onsi/ginkgo/v2](https://github.com/onsi/ginkgo) from 2.9.5 to 2.9.7.
- [Release notes](https://github.com/onsi/ginkgo/releases)
- [Changelog](https://github.com/onsi/ginkgo/blob/master/CHANGELOG.md)
- [Commits](https://github.com/onsi/ginkgo/compare/v2.9.5...v2.9.7)

---
updated-dependencies:
- dependency-name: github.com/onsi/ginkgo/v2
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Signed-off-by: Avishay <avishay.balter@gmail.com>

* :seedling: Bump actions/dependency-review-action from 3.0.4 to 3.0.6 (#3104)

Bumps [actions/dependency-review-action](https://github.com/actions/dependency-review-action) from 3.0.4 to 3.0.6.
- [Release notes](https://github.com/actions/dependency-review-action/releases)
- [Commits](https://github.com/actions/dependency-review-action/compare/f46c48ed6d4f1227fb2d9ea62bf6bcbed315589e...1360a344ccb0ab6e9475edef90ad2f46bf8003b1)

---
updated-dependencies:
- dependency-name: actions/dependency-review-action
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Signed-off-by: Avishay <avishay.balter@gmail.com>

* :seedling: Bump tj-actions/changed-files from 36.0.9 to 36.0.12 (#3108)

Bumps [tj-actions/changed-files](https://github.com/tj-actions/changed-files) from 36.0.9 to 36.0.12.
- [Release notes](https://github.com/tj-actions/changed-files/releases)
- [Changelog](https://github.com/tj-actions/changed-files/blob/main/HISTORY.md)
- [Commits](https://github.com/tj-actions/changed-files/compare/cf4fe8759a45edd76ed6215da3529d2dbd2a3c68...5978e5a2df95ef20cde627d4acb5edd1f87ba46a)

---
updated-dependencies:
- dependency-name: tj-actions/changed-files
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Signed-off-by: Avishay <avishay.balter@gmail.com>

* :seedling: Bump github.com/xanzy/go-gitlab from 0.83.0 to 0.84.0 (#3106)

Bumps [github.com/xanzy/go-gitlab](https://github.com/xanzy/go-gitlab) from 0.83.0 to 0.84.0.
- [Changelog](https://github.com/xanzy/go-gitlab/blob/master/releases_test.go)
- [Commits](https://github.com/xanzy/go-gitlab/compare/v0.83.0...v0.84.0)

---
updated-dependencies:
- dependency-name: github.com/xanzy/go-gitlab
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Signed-off-by: Avishay <avishay.balter@gmail.com>

* :seedling: Bump golang.org/x/tools from 0.9.1 to 0.9.2

Bumps [golang.org/x/tools](https://github.com/golang/tools) from 0.9.1 to 0.9.2.
- [Release notes](https://github.com/golang/tools/releases)
- [Commits](https://github.com/golang/tools/compare/v0.9.1...v0.9.2)

---
updated-dependencies:
- dependency-name: golang.org/x/tools
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: Avishay <avishay.balter@gmail.com>

* ✨ GitLab: enable more checks in cron (#3097)

* Enable checks

* Binary-Artifacts
* Code-Review
* License
* Vulnerabilities

Signed-off-by: Raghav Kaul <raghavkaul@google.com>

* Enable more checks

* CII Best Practices
* Fuzzing
* Maintained
* Packaging
* Pinned-Dependencies
* Signed-Releases

Signed-off-by: Raghav Kaul <raghavkaul@google.com>

* update repo name

Signed-off-by: Raghav Kaul <raghavkaul@google.com>

---------

Signed-off-by: Raghav Kaul <raghavkaul@google.com>
Signed-off-by: Avishay <avishay.balter@gmail.com>

* :book: agenda link change (#3111)

Signed-off-by: Amanda L Martin <hythloda@gmail.com>
Signed-off-by: Avishay <avishay.balter@gmail.com>

* :seedling: Bump github/codeql-action from 2.3.5 to 2.3.6 (#3112)

Bumps [github/codeql-action](https://github.com/github/codeql-action) from 2.3.5 to 2.3.6.
- [Release notes](https://github.com/github/codeql-action/releases)
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md)
- [Commits](https://github.com/github/codeql-action/compare/0225834cc549ee0ca93cb085b92954821a145866...83f0fe6c4988d98a455712a27f0255212bba9bd4)

---
updated-dependencies:
- dependency-name: github/codeql-action
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Signed-off-by: Avishay <avishay.balter@gmail.com>

* :seedling: Bump tj-actions/changed-files from 36.0.12 to 36.0.15 (#3116)

Bumps [tj-actions/changed-files](https://github.com/tj-actions/changed-files) from 36.0.12 to 36.0.15.
- [Release notes](https://github.com/tj-actions/changed-files/releases)
- [Changelog](https://github.com/tj-actions/changed-files/blob/main/HISTORY.md)
- [Commits](https://github.com/tj-actions/changed-files/compare/5978e5a2df95ef20cde627d4acb5edd1f87ba46a...5d2fcdb4cbef720a52f49fd05d8c7edd18a64758)

---
updated-dependencies:
- dependency-name: tj-actions/changed-files
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Signed-off-by: Avishay <avishay.balter@gmail.com>

* :seedling: Bump golang.org/x/tools from 0.9.2 to 0.9.3

Bumps [golang.org/x/tools](https://github.com/golang/tools) from 0.9.2 to 0.9.3.
- [Release notes](https://github.com/golang/tools/releases)
- [Commits](https://github.com/golang/tools/compare/v0.9.2...v0.9.3)

---
updated-dependencies:
- dependency-name: golang.org/x/tools
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: Avishay <avishay.balter@gmail.com>

* :seedling: Unit tests for option (#3109)

- Add flags for repo, local, commit, log level, NPM, PyPI, RubyGems, metadata, show details, checks to run, policy file, and format
- Add tests for checks to run and format flags

Signed-off-by: naveensrinivasan <172697+naveensrinivasan@users.noreply.github.com>
Signed-off-by: Avishay <avishay.balter@gmail.com>

* 🌱 GitLab: add gitlab auth token to cron worker env (#3117)

Signed-off-by: Raghav Kaul <raghavkaul@google.com>
Signed-off-by: Avishay <avishay.balter@gmail.com>

* Don't run pat e2e on dependabot merges (#3119)

Signed-off-by: Raghav Kaul <raghavkaul@google.com>
Signed-off-by: Avishay <avishay.balter@gmail.com>

* ✨ Detect fast-check PBT library for fuzz section (#3073)

* ✨ Detect fast-check PBT library for fuzz section

As suggested at https://github.com/ossf/scorecard/issues/2792#issuecomment-1562007596, we add support for the detection of fast-check as a possible fuzzing solution.

I also adapted the documentation related to fuzzing accordingly.

Signed-off-by: Nicolas DUBIEN <github@dubien.org>

* Typo

Signed-off-by: Nicolas DUBIEN <github@dubien.org>

* Update missing md files

Signed-off-by: Nicolas DUBIEN <github@dubien.org>

---------

Signed-off-by: Nicolas DUBIEN <github@dubien.org>
Signed-off-by: Avishay <avishay.balter@gmail.com>

* :seedling: temporarily disable failing e2e tests so we don't block all PRs. (#3130)

Signed-off-by: Spencer Schrock <sschrock@google.com>
Signed-off-by: Avishay <avishay.balter@gmail.com>

* pr comments

Signed-off-by: Avishay <avishay.balter@gmail.com>

* :seedling: Bump github.com/sirupsen/logrus from 1.9.2 to 1.9.3 (#3121)

Bumps [github.com/sirupsen/logrus](https://github.com/sirupsen/logrus) from 1.9.2 to 1.9.3.
- [Release notes](https://github.com/sirupsen/logrus/releases)
- [Changelog](https://github.com/sirupsen/logrus/blob/master/CHANGELOG.md)
- [Commits](https://github.com/sirupsen/logrus/compare/v1.9.2...v1.9.3)

---
updated-dependencies:
- dependency-name: github.com/sirupsen/logrus
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Signed-off-by: Avishay <avishay.balter@gmail.com>

* i:seedling: Ignore all pb files for test (#3127)

- Update .codecov.yml to ignore additional files

Signed-off-by: naveensrinivasan <172697+naveensrinivasan@users.noreply.github.com>
Signed-off-by: Avishay <avishay.balter@gmail.com>

* :seedling: Deprecate dependencydiff package and add access token requirement (#3125)

- Deprecate the `dependencydiff` package and the `GetDependencyDiffResults` function
- Add a line to the `.codecov.yml` to ignore the `dependencydiff` package

Signed-off-by: naveensrinivasan <172697+naveensrinivasan@users.noreply.github.com>
Signed-off-by: Avishay <avishay.balter@gmail.com>

* ✨ [experimental] Support for new `--format probe` (#3048)

* update

Signed-off-by: laurentsimon <laurentsimon@google.com>

* update

Signed-off-by: laurentsimon <laurentsimon@google.com>

* update

Signed-off-by: laurentsimon <laurentsimon@google.com>

* update

Signed-off-by: laurentsimon <laurentsimon@google.com>

* update

Signed-off-by: laurentsimon <laurentsimon@google.com>

* update

Signed-off-by: laurentsimon <laurentsimon@google.com>

* update

Signed-off-by: laurentsimon <laurentsimon@google.com>

* update

Signed-off-by: laurentsimon <laurentsimon@google.com>

* update

Signed-off-by: laurentsimon <laurentsimon@google.com>

* update

Signed-off-by: laurentsimon <laurentsimon@google.com>

* update

Signed-off-by: laurentsimon <laurentsimon@google.com>

* update

Signed-off-by: laurentsimon <laurentsimon@google.com>

* update

Signed-off-by: laurentsimon <laurentsimon@google.com>

* update

Signed-off-by: laurentsimon <laurentsimon@google.com>

* update

Signed-off-by: laurentsimon <laurentsimon@google.com>

* update

Signed-off-by: laurentsimon <laurentsimon@google.com>

* update

Signed-off-by: laurentsimon <laurentsimon@google.com>

---------

Signed-off-by: laurentsimon <laurentsimon@google.com>
Signed-off-by: Avishay <avishay.balter@gmail.com>

* :seedling: Bump distroless/base (#3122)

Bumps distroless/base from `10985f0` to `c623859`.

---
updated-dependencies:
- dependency-name: distroless/base
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Signed-off-by: Avishay <avishay.balter@gmail.com>

* :seedling: Ignore deprecation warning for dependencydiff tests. (#3136)

Signed-off-by: Spencer Schrock <sschrock@google.com>
Signed-off-by: Avishay <avishay.balter@gmail.com>

* :seedling: Bump tj-actions/changed-files from 36.0.15 to 36.0.18

Bumps [tj-actions/changed-files](https://github.com/tj-actions/changed-files) from 36.0.15 to 36.0.18.
- [Release notes](https://github.com/tj-actions/changed-files/releases)
- [Changelog](https://github.com/tj-actions/changed-files/blob/main/HISTORY.md)
- [Commits](https://github.com/tj-actions/changed-files/compare/5d2fcdb4cbef720a52f49fd05d8c7edd18a64758...07e0177b72d3640efced741cae32f9861eee1367)

---
updated-dependencies:
- dependency-name: tj-actions/changed-files
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: Avishay <avishay.balter@gmail.com>

* :seedling: Bump github.com/onsi/ginkgo/v2 from 2.9.7 to 2.10.0 in /tools (#3135)

Bumps [github.com/onsi/ginkgo/v2](https://github.com/onsi/ginkgo) from 2.9.7 to 2.10.0.
- [Release notes](https://github.com/onsi/ginkgo/releases)
- [Changelog](https://github.com/onsi/ginkgo/blob/master/CHANGELOG.md)
- [Commits](https://github.com/onsi/ginkgo/compare/v2.9.7...v2.10.0)

---
updated-dependencies:
- dependency-name: github.com/onsi/ginkgo/v2
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Signed-off-by: Avishay <avishay.balter@gmail.com>

* :seedling: Bump github.com/google/osv-scanner from 1.3.3 to 1.3.4

Bumps [github.com/google/osv-scanner](https://github.com/google/osv-scanner) from 1.3.3 to 1.3.4.
- [Release notes](https://github.com/google/osv-scanner/releases)
- [Changelog](https://github.com/google/osv-scanner/blob/main/CHANGELOG.md)
- [Commits](https://github.com/google/osv-scanner/compare/v1.3.3...v1.3.4)

---
updated-dependencies:
- dependency-name: github.com/google/osv-scanner
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: Avishay <avishay.balter@gmail.com>

* :seedling: Bump github.com/onsi/ginkgo/v2 from 2.9.7 to 2.10.0

Bumps [github.com/onsi/ginkgo/v2](https://github.com/onsi/ginkgo) from 2.9.7 to 2.10.0.
- [Release notes](https://github.com/onsi/ginkgo/releases)
- [Changelog](https://github.com/onsi/ginkgo/blob/master/CHANGELOG.md)
- [Commits](https://github.com/onsi/ginkgo/compare/v2.9.7...v2.10.0)

---
updated-dependencies:
- dependency-name: github.com/onsi/ginkgo/v2
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: Avishay <avishay.balter@gmail.com>

* :seedling: Bump github.com/onsi/gomega from 1.27.7 to 1.27.8

Bumps [github.com/onsi/gomega](https://github.com/onsi/gomega) from 1.27.7 to 1.27.8.
- [Release notes](https://github.com/onsi/gomega/releases)
- [Changelog](https://github.com/onsi/gomega/blob/master/CHANGELOG.md)
- [Commits](https://github.com/onsi/gomega/compare/v1.27.7...v1.27.8)

---
updated-dependencies:
- dependency-name: github.com/onsi/gomega
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: Avishay <avishay.balter@gmail.com>

* :seedling: Bump slsa-framework/slsa-github-generator from 1.6.0 to 1.7.0 (#3139)

Bumps [slsa-framework/slsa-github-generator](https://github.com/slsa-framework/slsa-github-generator) from 1.6.0 to 1.7.0.
- [Release notes](https://github.com/slsa-framework/slsa-github-generator/releases)
- [Changelog](https://github.com/slsa-framework/slsa-github-generator/blob/main/CHANGELOG.md)
- [Commits](https://github.com/slsa-framework/slsa-github-generator/compare/v1.6.0...v1.7.0)

---
updated-dependencies:
- dependency-name: slsa-framework/slsa-github-generator
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Signed-off-by: Avishay <avishay.balter@gmail.com>

* :seedling: Increase test coverage for finding outcomes (#3142)

* Increase test coverage for finding outcomes

- Add tests for Outcome UnmarshalYAML function in `finding/finding_test.go`

Signed-off-by: naveensrinivasan <172697+naveensrinivasan@users.noreply.github.com>

* Updates based on Codereview

- Update `Outcome` variable in `finding/finding_test.go`
- Add `t.Parallel()` for test parallelization
- Add comparison using `cmp.Diff` to test for mismatches
- Update test cases for various outcomes

Signed-off-by: naveensrinivasan <172697+naveensrinivasan@users.noreply.github.com>

---------

Signed-off-by: naveensrinivasan <172697+naveensrinivasan@users.noreply.github.com>
Signed-off-by: Avishay <avishay.balter@gmail.com>

* :seedling: Bump tj-actions/changed-files from 36.0.18 to 36.1.0 (#3143)

Bumps [tj-actions/changed-files](https://github.com/tj-actions/changed-files) from 36.0.18 to 36.1.0.
- [Release notes](https://github.com/tj-actions/changed-files/releases)
- [Changelog](https://github.com/tj-actions/changed-files/blob/main/HISTORY.md)
- [Commits](https://github.com/tj-actions/changed-files/compare/07e0177b72d3640efced741cae32f9861eee1367...fb20f4d24890fadc539505b1746d260504b213d0)

---
updated-dependencies:
- dependency-name: tj-actions/changed-files
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Signed-off-by: Avishay <avishay.balter@gmail.com>

* :seedling: Re-enable skipped e2e tests. Switch to smaller code review repo. (#3144)

* re-enable skipped ci test

Signed-off-by: Spencer Schrock <sschrock@google.com>

* re-enable skipped attestor test. switch to ossf-tests repo

Signed-off-by: Spencer Schrock <sschrock@google.com>

* remove extra policies from tests that only look at code review.

Signed-off-by: Spencer Schrock <sschrock@google.com>

* remove unneeded policies from binary artifact tests.

Signed-off-by: Spencer Schrock <sschrock@google.com>

---------

Signed-off-by: Spencer Schrock <sschrock@google.com>
Signed-off-by: Avishay <avishay.balter@gmail.com>

* add license header

Signed-off-by: Avishay <avishay.balter@gmail.com>

* pr comments

Signed-off-by: Avishay <avishay.balter@gmail.com>

* making the packages internal

Signed-off-by: Avishay <avishay.balter@gmail.com>

* generate mocks

Signed-off-by: Avishay <avishay.balter@gmail.com>

---------

Signed-off-by: Avishay <avishay.balter@gmail.com>
Signed-off-by: Avishay Balter <avishay.balter@gmail.com>
ashearin pushed a commit to kgangerlm/scorecard-gitlab that referenced this pull request Nov 13, 2023
* fix anchor link to code-review in checks.yaml

Signed-off-by: dasfreak <dasfreak@users.noreply.github.com>
Signed-off-by: Marc Ohm <dasfreak@users.noreply.github.com>

* generate checks.md

Signed-off-by: Marc Ohm <dasfreak@users.noreply.github.com>

---------

Signed-off-by: dasfreak <dasfreak@users.noreply.github.com>
Signed-off-by: Marc Ohm <dasfreak@users.noreply.github.com>
Signed-off-by: Allen Shearin <allen.p.shearin@gmail.com>
ashearin pushed a commit to kgangerlm/scorecard-gitlab that referenced this pull request Nov 13, 2023
* add nuget package manager

Signed-off-by: Avishay <avishay.balter@gmail.com>

* fix pat test messages (#2987)

* also fix pat tests

Signed-off-by: Raghav Kaul <raghavkaul@google.com>
Signed-off-by: Avishay <avishay.balter@gmail.com>

* :seedling: Bump slsa-framework/slsa-github-generator from 1.5.0 to 1.6.0

Bumps [slsa-framework/slsa-github-generator](https://github.com/slsa-framework/slsa-github-generator) from 1.5.0 to 1.6.0.
- [Release notes](https://github.com/slsa-framework/slsa-github-generator/releases)
- [Changelog](https://github.com/slsa-framework/slsa-github-generator/blob/main/CHANGELOG.md)
- [Commits](https://github.com/slsa-framework/slsa-github-generator/compare/v1.5.0...v1.6.0)

---
updated-dependencies:
- dependency-name: slsa-framework/slsa-github-generator
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: Avishay <avishay.balter@gmail.com>

* :seedling: Bump cloud.google.com/go/bigquery from 1.51.1 to 1.51.2 (#2984)

Bumps [cloud.google.com/go/bigquery](https://github.com/googleapis/google-cloud-go) from 1.51.1 to 1.51.2.
- [Release notes](https://github.com/googleapis/google-cloud-go/releases)
- [Changelog](https://github.com/googleapis/google-cloud-go/blob/main/CHANGES.md)
- [Commits](https://github.com/googleapis/google-cloud-go/compare/bigquery/v1.51.1...bigquery/v1.51.2)

---
updated-dependencies:
- dependency-name: cloud.google.com/go/bigquery
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Signed-off-by: Avishay <avishay.balter@gmail.com>

* :seedling: Bump golang.org/x/tools from 0.9.0 to 0.9.1

Bumps [golang.org/x/tools](https://github.com/golang/tools) from 0.9.0 to 0.9.1.
- [Release notes](https://github.com/golang/tools/releases)
- [Commits](https://github.com/golang/tools/compare/v0.9.0...v0.9.1)

---
updated-dependencies:
- dependency-name: golang.org/x/tools
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: Avishay <avishay.balter@gmail.com>

* :bug: Update osv-scanner dependency to include Vulnerabilities check fixes (#2981)

* Update osv-scanner dependency to include Vulnerabilities check fixes

Signed-off-by: Laurent Savaëte <laurent@where.tf>

* Run go mod tidy

Signed-off-by: Laurent Savaëte <laurent@where.tf>

---------

Signed-off-by: Laurent Savaëte <laurent@where.tf>
Signed-off-by: Avishay <avishay.balter@gmail.com>

* :seedling: Bump github.com/docker/distribution in /tools (#2993)

Bumps [github.com/docker/distribution](https://github.com/docker/distribution) from 2.8.1+incompatible to 2.8.2+incompatible.
- [Release notes](https://github.com/docker/distribution/releases)
- [Commits](https://github.com/docker/distribution/compare/v2.8.1...v2.8.2)

---
updated-dependencies:
- dependency-name: github.com/docker/distribution
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Signed-off-by: Avishay <avishay.balter@gmail.com>

* 🌱 Gitlab: e2e test fixes in main (#2992)

* test secret chagnes

Signed-off-by: Raghav Kaul <raghavkaul@google.com>

* update score

Signed-off-by: Raghav Kaul <raghavkaul@google.com>

* address cr comments

Signed-off-by: Raghav Kaul <raghavkaul@google.com>

* update

Signed-off-by: Raghav Kaul <raghavkaul@google.com>

---------

Signed-off-by: Raghav Kaul <raghavkaul@google.com>
Signed-off-by: Avishay <avishay.balter@gmail.com>

* :seedling: Unit tests log/log.go (#2980)

- Add unit tests for the log package
- Add Apache License to log_test.go

Signed-off-by: naveensrinivasan <172697+naveensrinivasan@users.noreply.github.com>
Signed-off-by: Avishay <avishay.balter@gmail.com>

* :seedling: Bump github.com/cloudflare/circl in /tools (#2995)

Bumps [github.com/cloudflare/circl](https://github.com/cloudflare/circl) from 1.2.0 to 1.3.3.
- [Release notes](https://github.com/cloudflare/circl/releases)
- [Commits](https://github.com/cloudflare/circl/compare/v1.2.0...v1.3.3)

---
updated-dependencies:
- dependency-name: github.com/cloudflare/circl
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Signed-off-by: Avishay <avishay.balter@gmail.com>

* :sparkles: Add releasing workflow for semantic-release (#2989)

Signed-off-by: Matt Travi <programmer@travi.org>
Signed-off-by: Avishay <avishay.balter@gmail.com>

* :seedling: Bump slsa-framework/slsa-verifier from 2.2.0 to 2.3.0

Bumps [slsa-framework/slsa-verifier](https://github.com/slsa-framework/slsa-verifier) from 2.2.0 to 2.3.0.
- [Release notes](https://github.com/slsa-framework/slsa-verifier/releases)
- [Changelog](https://github.com/slsa-framework/slsa-verifier/blob/main/RELEASE.md)
- [Commits](https://github.com/slsa-framework/slsa-verifier/compare/v2.2.0...v2.3.0)

---
updated-dependencies:
- dependency-name: slsa-framework/slsa-verifier
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: Avishay <avishay.balter@gmail.com>

* :seedling: Bump github.com/cloudflare/circl from 1.1.0 to 1.3.3 (#2994)

Bumps [github.com/cloudflare/circl](https://github.com/cloudflare/circl) from 1.1.0 to 1.3.3.
- [Release notes](https://github.com/cloudflare/circl/releases)
- [Commits](https://github.com/cloudflare/circl/compare/v1.1.0...v1.3.3)

---
updated-dependencies:
- dependency-name: github.com/cloudflare/circl
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Signed-off-by: Avishay <avishay.balter@gmail.com>

* :seedling: Additional e2e clients/githubrepo/checkruns.go (#2934)

* :seedling: Additional e2e clients/githubrepo/checkruns.go

- Add `net/http` and `github.com/google/go-github/v38/github` imports
- Add a test for `listCheckRunsForRef` with valid ref
- Add a test for `listCheckRunsForRef` with invalid ref

Signed-off-by: naveensrinivasan <172697+naveensrinivasan@users.noreply.github.com>

* Based on code review comments

Signed-off-by: naveensrinivasan <172697+naveensrinivasan@users.noreply.github.com>

* Some tweaks

Signed-off-by: naveensrinivasan <172697+naveensrinivasan@users.noreply.github.com>

---------

Signed-off-by: naveensrinivasan <172697+naveensrinivasan@users.noreply.github.com>
Signed-off-by: Avishay <avishay.balter@gmail.com>

* :seedling: E2E for clients/githubrepo/contributors.go (#2939)

* :seedling: E2E for clients/githubrepo/contributors.go

- Add an end-to-end test for `contributorsHandler`

Signed-off-by: naveensrinivasan <172697+naveensrinivasan@users.noreply.github.com>

* Fixed based on code review comments.

Signed-off-by: naveensrinivasan <172697+naveensrinivasan@users.noreply.github.com>

* Fixed codereview comment.

Signed-off-by: naveensrinivasan <172697+naveensrinivasan@users.noreply.github.com>

---------

Signed-off-by: naveensrinivasan <172697+naveensrinivasan@users.noreply.github.com>
Signed-off-by: Avishay <avishay.balter@gmail.com>

* :book: Clarify that AI/ML doesn't count as human code review (#2953)

* Clarify that AI/ML doesn't count as human code review

Add this clarification per the Scorecards Zoom call meeting today
(2023-05-04).

Signed-off-by: David A. Wheeler <dwheeler@dwheeler.com>

* Tweaked per review

Signed-off-by: David A. Wheeler <dwheeler@dwheeler.com>

---------

Signed-off-by: David A. Wheeler <dwheeler@dwheeler.com>
Signed-off-by: Avishay <avishay.balter@gmail.com>

* :seedling: Bump golang from `31a8f92` to `685a22e` in /cron/internal/cii

Bumps golang from `31a8f92` to `685a22e`.

---
updated-dependencies:
- dependency-name: golang
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: Avishay <avishay.balter@gmail.com>

* :seedling: Bump golang in /cron/internal/controller

Bumps golang from `31a8f92` to `685a22e`.

---
updated-dependencies:
- dependency-name: golang
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: Avishay <avishay.balter@gmail.com>

* :seedling: Bump golang in /cron/internal/worker

Bumps golang from `31a8f92` to `685a22e`.

---
updated-dependencies:
- dependency-name: golang
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: Avishay <avishay.balter@gmail.com>

* :seedling: Bump golang in /clients/githubrepo/roundtripper/tokens/server

Bumps golang from `31a8f92` to `685a22e`.

---
updated-dependencies:
- dependency-name: golang
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: Avishay <avishay.balter@gmail.com>

* :seedling: Bump golang from `31a8f92` to `685a22e`

Bumps golang from `31a8f92` to `685a22e`.

---
updated-dependencies:
- dependency-name: golang
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: Avishay <avishay.balter@gmail.com>

* :seedling: Bump golang from `31a8f92` to `685a22e` in /cron/internal/bq

Bumps golang from `31a8f92` to `685a22e`.

---
updated-dependencies:
- dependency-name: golang
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: Avishay <avishay.balter@gmail.com>

* :seedling: Bump golang in /cron/internal/webhook

Bumps golang from `31a8f92` to `685a22e`.

---
updated-dependencies:
- dependency-name: golang
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: Avishay <avishay.balter@gmail.com>

* Clarify AI/ML not human code review - in .yml file (#3012)

This clarifies that AI/ML doesn't count as human code review.
This was earlier done in #2953 but that didn't modify the relevant
.yml file - this does.

Signed-off-by: David A. Wheeler <dwheeler@dwheeler.com>
Signed-off-by: Avishay <avishay.balter@gmail.com>

* :seedling: Bump golang.org/x/oauth2 from 0.7.0 to 0.8.0 (#3005)

Bumps [golang.org/x/oauth2](https://github.com/golang/oauth2) from 0.7.0 to 0.8.0.
- [Commits](https://github.com/golang/oauth2/compare/v0.7.0...v0.8.0)

---
updated-dependencies:
- dependency-name: golang.org/x/oauth2
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Signed-off-by: Avishay <avishay.balter@gmail.com>

* :seedling: Unit tests for checks/raw/maintained.go (#2996)

- Add tests and checks for the `Maintained` function
- Add checks for `IsArchived`, `ListCommits`, `ListIssues`, and `GetCreatedAt`

Signed-off-by: naveensrinivasan <172697+naveensrinivasan@users.noreply.github.com>
Signed-off-by: Avishay <avishay.balter@gmail.com>

* :seedling: Bump github.com/onsi/ginkgo/v2 from 2.9.4 to 2.9.5 in /tools

Bumps [github.com/onsi/ginkgo/v2](https://github.com/onsi/ginkgo) from 2.9.4 to 2.9.5.
- [Release notes](https://github.com/onsi/ginkgo/releases)
- [Changelog](https://github.com/onsi/ginkgo/blob/master/CHANGELOG.md)
- [Commits](https://github.com/onsi/ginkgo/compare/v2.9.4...v2.9.5)

---
updated-dependencies:
- dependency-name: github.com/onsi/ginkgo/v2
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: Avishay <avishay.balter@gmail.com>

* :seedling: Bump actions/setup-go from 4.0.0 to 4.0.1

Bumps [actions/setup-go](https://github.com/actions/setup-go) from 4.0.0 to 4.0.1.
- [Release notes](https://github.com/actions/setup-go/releases)
- [Commits](https://github.com/actions/setup-go/compare/4d34df0c2316fe8122ab82dc22947d607c0c91f9...fac708d6674e30b6ba41289acaab6d4b75aa0753)

---
updated-dependencies:
- dependency-name: actions/setup-go
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: Avishay <avishay.balter@gmail.com>

* :seedling: Bump codecov/codecov-action from 3.1.3 to 3.1.4

Bumps [codecov/codecov-action](https://github.com/codecov/codecov-action) from 3.1.3 to 3.1.4.
- [Release notes](https://github.com/codecov/codecov-action/releases)
- [Changelog](https://github.com/codecov/codecov-action/blob/main/CHANGELOG.md)
- [Commits](https://github.com/codecov/codecov-action/compare/894ff025c7b54547a9a2a1e9f228beae737ad3c2...eaaf4bedf32dbdc6b720b63067d99c4d77d6047d)

---
updated-dependencies:
- dependency-name: codecov/codecov-action
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: Avishay <avishay.balter@gmail.com>

* :seedling: Unit tests for Policy.go (#3003)

- Included tests for policy.go

Signed-off-by: naveensrinivasan <172697+naveensrinivasan@users.noreply.github.com>
Signed-off-by: Avishay <avishay.balter@gmail.com>

* :seedling: Bump github.com/onsi/ginkgo/v2 from 2.9.4 to 2.9.5

Bumps [github.com/onsi/ginkgo/v2](https://github.com/onsi/ginkgo) from 2.9.4 to 2.9.5.
- [Release notes](https://github.com/onsi/ginkgo/releases)
- [Changelog](https://github.com/onsi/ginkgo/blob/master/CHANGELOG.md)
- [Commits](https://github.com/onsi/ginkgo/compare/v2.9.4...v2.9.5)

---
updated-dependencies:
- dependency-name: github.com/onsi/ginkgo/v2
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: Avishay <avishay.balter@gmail.com>

* :seedling: Bump sigstore/cosign-installer from 3.0.3 to 3.0.4

Bumps [sigstore/cosign-installer](https://github.com/sigstore/cosign-installer) from 3.0.3 to 3.0.4.
- [Release notes](https://github.com/sigstore/cosign-installer/releases)
- [Commits](https://github.com/sigstore/cosign-installer/compare/204a51a57a74d190b284a0ce69b44bc37201f343...03d0fecf172873164a163bbc64bed0f3bf114ed7)

---
updated-dependencies:
- dependency-name: sigstore/cosign-installer
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: Avishay <avishay.balter@gmail.com>

* :seedling: Bump github.com/google/go-containerregistry (#3025)

Bumps [github.com/google/go-containerregistry](https://github.com/google/go-containerregistry) from 0.15.1 to 0.15.2.
- [Release notes](https://github.com/google/go-containerregistry/releases)
- [Changelog](https://github.com/google/go-containerregistry/blob/main/.goreleaser.yml)
- [Commits](https://github.com/google/go-containerregistry/compare/v0.15.1...v0.15.2)

---
updated-dependencies:
- dependency-name: github.com/google/go-containerregistry
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Signed-off-by: Avishay <avishay.balter@gmail.com>

* :seedling: Bump github.com/sirupsen/logrus from 1.9.0 to 1.9.1

Bumps [github.com/sirupsen/logrus](https://github.com/sirupsen/logrus) from 1.9.0 to 1.9.1.
- [Release notes](https://github.com/sirupsen/logrus/releases)
- [Changelog](https://github.com/sirupsen/logrus/blob/master/CHANGELOG.md)
- [Commits](https://github.com/sirupsen/logrus/compare/v1.9.0...v1.9.1)

---
updated-dependencies:
- dependency-name: github.com/sirupsen/logrus
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: Avishay <avishay.balter@gmail.com>

* :seedling: Included e2e tests for push to main (#2951)

- Update trigger for integration tests to enable running on `push` and `pull_request` on the `main` branch

Signed-off-by: naveensrinivasan <172697+naveensrinivasan@users.noreply.github.com>
Signed-off-by: Avishay <avishay.balter@gmail.com>

* :seedling: Included directories that don't require coverage (#3002)

- Included directories that don't require coverage.

Signed-off-by: naveensrinivasan <172697+naveensrinivasan@users.noreply.github.com>
Signed-off-by: Avishay <avishay.balter@gmail.com>

* :seedling: Unit tests for checks/raw/contributors.go (#2998)

- Add tests and fix casing for Contributors function in checks/raw/contributors_test.go

Signed-off-by: naveensrinivasan <172697+naveensrinivasan@users.noreply.github.com>
Signed-off-by: Avishay <avishay.balter@gmail.com>

* ✨ GitLab: Code Review check (#2764)

* Add GitLab support for Code-Review check

Signed-off-by: Raghav Kaul <raghavkaul@google.com>

* Remove spurious printf

Signed-off-by: Raghav Kaul <raghavkaul@google.com>

* Working commit

Signed-off-by: Raghav Kaul <raghavkaul@google.com>

* update

Signed-off-by: Raghav Kaul <raghavkaul@google.com>

* update

Signed-off-by: Raghav Kaul <raghavkaul@google.com>

* e2e test

Signed-off-by: Raghav Kaul <raghavkaul@google.com>

* update: test coverage

Signed-off-by: Raghav Kaul <raghavkaul@google.com>

---------

Signed-off-by: Raghav Kaul <raghavkaul@google.com>
Signed-off-by: Avishay <avishay.balter@gmail.com>

* gitlab: license check (#2834)

Signed-off-by: Raghav Kaul <raghavkaul@google.com>
Signed-off-by: Avishay <avishay.balter@gmail.com>

* :seedling: Bump github.com/sirupsen/logrus from 1.9.1 to 1.9.2 (#3031)

Bumps [github.com/sirupsen/logrus](https://github.com/sirupsen/logrus) from 1.9.1 to 1.9.2.
- [Release notes](https://github.com/sirupsen/logrus/releases)
- [Changelog](https://github.com/sirupsen/logrus/blob/master/CHANGELOG.md)
- [Commits](https://github.com/sirupsen/logrus/compare/v1.9.1...v1.9.2)

---
updated-dependencies:
- dependency-name: github.com/sirupsen/logrus
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Signed-off-by: Avishay <avishay.balter@gmail.com>

* :seedling: Bump github.com/google/osv-scanner

Bumps [github.com/google/osv-scanner](https://github.com/google/osv-scanner) from 1.3.3-0.20230509011216-baae1796eeea to 1.3.3.
- [Release notes](https://github.com/google/osv-scanner/releases)
- [Changelog](https://github.com/google/osv-scanner/blob/main/CHANGELOG.md)
- [Commits](https://github.com/google/osv-scanner/commits/v1.3.3)

---
updated-dependencies:
- dependency-name: github.com/google/osv-scanner
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: Avishay <avishay.balter@gmail.com>

* :seedling: Bump sigstore/cosign-installer from 3.0.4 to 3.0.5 (#3029)

Bumps [sigstore/cosign-installer](https://github.com/sigstore/cosign-installer) from 3.0.4 to 3.0.5.
- [Release notes](https://github.com/sigstore/cosign-installer/releases)
- [Commits](https://github.com/sigstore/cosign-installer/compare/03d0fecf172873164a163bbc64bed0f3bf114ed7...dd6b2e2b610a11fd73dd187a43d57cc1394e35f9)

---
updated-dependencies:
- dependency-name: sigstore/cosign-installer
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Signed-off-by: Avishay <avishay.balter@gmail.com>

* :seedling: Bump arduino/setup-protoc from 1.1.2 to 1.2.0

Bumps [arduino/setup-protoc](https://github.com/arduino/setup-protoc) from 1.1.2 to 1.2.0.
- [Release notes](https://github.com/arduino/setup-protoc/releases)
- [Commits](https://github.com/arduino/setup-protoc/compare/64c0c85d18e984422218383b81c52f8b077404d3...4b3578161eece2eb20a9dfd84bb8ed105e684dba)

---
updated-dependencies:
- dependency-name: arduino/setup-protoc
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: Avishay <avishay.balter@gmail.com>

* :sparkles: Add support for github GHES (#2999)

* :sparkles: adding support for github GHES

Signed-off-by: Niket Patel <patelniket@gmail.com>

* fix: lint and cleanup

Signed-off-by: Niket Patel <patelniket@gmail.com>

* fix: flaky test

Signed-off-by: Niket Patel <patelniket@gmail.com>

* fix: address missing host

Signed-off-by: Niket Patel <patelniket@gmail.com>

* fix: lint error

Signed-off-by: Niket Patel <patelniket@gmail.com>

* :seedling: Additional e2e clients/githubrepo/checkruns.go (#2934)

* :seedling: Additional e2e clients/githubrepo/checkruns.go

- Add `net/http` and `github.com/google/go-github/v38/github` imports
- Add a test for `listCheckRunsForRef` with valid ref
- Add a test for `listCheckRunsForRef` with invalid ref

Signed-off-by: naveensrinivasan <172697+naveensrinivasan@users.noreply.github.com>

* Based on code review comments

Signed-off-by: naveensrinivasan <172697+naveensrinivasan@users.noreply.github.com>

* Some tweaks

Signed-off-by: naveensrinivasan <172697+naveensrinivasan@users.noreply.github.com>

---------

Signed-off-by: naveensrinivasan <172697+naveensrinivasan@users.noreply.github.com>
Signed-off-by: Niket Patel <patelniket@gmail.com>

* :seedling: E2E for clients/githubrepo/contributors.go (#2939)

* :seedling: E2E for clients/githubrepo/contributors.go

- Add an end-to-end test for `contributorsHandler`

Signed-off-by: naveensrinivasan <172697+naveensrinivasan@users.noreply.github.com>

* Fixed based on code review comments.

Signed-off-by: naveensrinivasan <172697+naveensrinivasan@users.noreply.github.com>

* Fixed codereview comment.

Signed-off-by: naveensrinivasan <172697+naveensrinivasan@users.noreply.github.com>

---------

Signed-off-by: naveensrinivasan <172697+naveensrinivasan@users.noreply.github.com>
Signed-off-by: Niket Patel <patelniket@gmail.com>

* chore: add GHES instructions

Signed-off-by: Niket Patel <patelniket@gmail.com>

* refact: use test setenv

Signed-off-by: Niket Patel <patelniket@gmail.com>

* fix: corp unit test

Signed-off-by: Niket Patel <patelniket@gmail.com>

---------

Signed-off-by: Niket Patel <patelniket@gmail.com>
Signed-off-by: naveensrinivasan <172697+naveensrinivasan@users.noreply.github.com>
Signed-off-by: Niket Patel <patelniketm@users.noreply.github.com>
Co-authored-by: Naveen <172697+naveensrinivasan@users.noreply.github.com>
Co-authored-by: raghavkaul <8695110+raghavkaul@users.noreply.github.com>
Signed-off-by: Avishay <avishay.balter@gmail.com>

* Change Facilitators to Maintainers (#3039)

Not sure what the old facilitators table was for. Current list of Maintainers is always in CODEOWNERS.

Meaning of "Maintainers" still is not defined, and should be a part of an upcoming contributor ladder.

Signed-off-by: Jeff Mendoza <jlm@jlm.name>
Signed-off-by: Avishay <avishay.balter@gmail.com>

* :bug: Gitlab: Commit/Commitor Exceptions (#3026)

* feat: Added paging for contributor/users against gitlab projects

Signed-off-by: Robison, Jim B <jim.b.robison@lmco.com>

* refactor: Updated the bot flag for unmatched users

Signed-off-by: Robison, Jim B <jim.b.robison@lmco.com>

* fix: Not all commit users are in the git registry instance

Signed-off-by: Robison, Jim B <jim.b.robison@lmco.com>

* fix: Skipping check if the email is empty, as well as if the "email" doesn't contain a "." char.

Signed-off-by: Robison, Jim B <jim.b.robison@lmco.com>

* fix: Updated to allow for commits with PRs to be accounted/added to the client.commits

Signed-off-by: Robison, Jim B <jim.b.robison@lmco.com>

* refactor: Updated to prevent linting issue regarding nested if's

Signed-off-by: Robison, Jim B <jim.b.robison@lmco.com>

* test: Adding coverage for commits and contributors for gitlab

Signed-off-by: Robison, Jim B <jim.b.robison@lmco.com>

* refactor: Moved queries from the client to their own functions

Signed-off-by: Robison, Jim B <jim.b.robison@lmco.com>

* bug: Need to pass the ProjectID value to the contributor query

Signed-off-by: Robison, Jim B <jim.b.robison@lmco.com>

* bug: Updating project title versus projectID values for api querying

Signed-off-by: Robison, Jim B <jim.b.robison@lmco.com>

* test: Updated tests to match expected property set for projectID

Signed-off-by: Robison, Jim B <jim.b.robison@lmco.com>

* revert: Reverted based on feedback during review

Signed-off-by: Robison, Jim B <jim.b.robison@lmco.com>

---------

Signed-off-by: Robison, Jim B <jim.b.robison@lmco.com>
Signed-off-by: Avishay <avishay.balter@gmail.com>

* :seedling: Bump github.com/onsi/gomega from 1.27.6 to 1.27.7 (#3040)

Bumps [github.com/onsi/gomega](https://github.com/onsi/gomega) from 1.27.6 to 1.27.7.
- [Release notes](https://github.com/onsi/gomega/releases)
- [Changelog](https://github.com/onsi/gomega/blob/master/CHANGELOG.md)
- [Commits](https://github.com/onsi/gomega/compare/v1.27.6...v1.27.7)

---
updated-dependencies:
- dependency-name: github.com/onsi/gomega
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Signed-off-by: Avishay <avishay.balter@gmail.com>

* :book: Make all StepSecurity app endpoint references consistent (#3042)

Signed-off-by: Ashish Kurmi <akurmi@stepsecurity.io>
Signed-off-by: Avishay <avishay.balter@gmail.com>

* 📖 Update checks.md to show the benefit of >=2 reviewers (#3013)

* Update checks.yaml instead of cehcks.md

Signed-off-by: Joyce <joycebrum@google.com>

* feat: generate checks.md

Signed-off-by: Joyce Brum <joycebrum@google.com>

---------

Signed-off-by: Joyce <joycebrum@google.com>
Signed-off-by: Joyce Brum <joycebrum@google.com>
Signed-off-by: Avishay <avishay.balter@gmail.com>

* :seedling: Improve workflow pinning remediation tests (#3021)

- Add 3 tests for workflow pinning remediation

[remediation/remediations_test.go]
- Add 3 tests for workflow pinning remediation

Signed-off-by: naveensrinivasan <172697+naveensrinivasan@users.noreply.github.com>
Signed-off-by: Avishay <avishay.balter@gmail.com>

* :seedling: E2E tests for clients/githubrepo/languages_e2e_test.go (#3000)

* :seedling: E2E tests for clients/githubrepo/languages_e2e_test.go

- Included e2e tests for clients/githubrepo/languages_e2e_test.go

Signed-off-by: naveensrinivasan <172697+naveensrinivasan@users.noreply.github.com>

* Fixed the token type check.

Signed-off-by: naveensrinivasan <172697+naveensrinivasan@users.noreply.github.com>

---------

Signed-off-by: naveensrinivasan <172697+naveensrinivasan@users.noreply.github.com>
Signed-off-by: Naveen <172697+naveensrinivasan@users.noreply.github.com>
Signed-off-by: Avishay <avishay.balter@gmail.com>

* :seedling: Unit tests for pkg/json_raw_results (#3044)

* :seedling: Unit tests for pkg/json_raw_results.go

- Unit tests for pkg/json_raw_results.go

Signed-off-by: naveensrinivasan <172697+naveensrinivasan@users.noreply.github.com>

* Additional tests

Signed-off-by: naveensrinivasan <172697+naveensrinivasan@users.noreply.github.com>

---------

Signed-off-by: naveensrinivasan <172697+naveensrinivasan@users.noreply.github.com>
Signed-off-by: Avishay <avishay.balter@gmail.com>

* ✨  [experimental] Add probe code and support for Tool-Update-Dependency (#2944)

* update

Signed-off-by: laurentsimon <laurentsimon@google.com>

* update

Signed-off-by: laurentsimon <laurentsimon@google.com>

* update

Signed-off-by: laurentsimon <laurentsimon@google.com>

* update

Signed-off-by: laurentsimon <laurentsimon@google.com>

* update

Signed-off-by: laurentsimon <laurentsimon@google.com>

* update

Signed-off-by: laurentsimon <laurentsimon@google.com>

* update

Signed-off-by: laurentsimon <laurentsimon@google.com>

* update

Signed-off-by: laurentsimon <laurentsimon@google.com>

---------

Signed-off-by: laurentsimon <laurentsimon@google.com>
Signed-off-by: Avishay <avishay.balter@gmail.com>

* add zoom link and agenda link (#3050)

Signed-off-by: Amanda L Martin <hythloda@gmail.com>
Signed-off-by: Avishay <avishay.balter@gmail.com>

* :seedling: Run E2E PAT test for push to main (#3046)

- Add E2E PAT tests for push to main.

Signed-off-by: naveensrinivasan <172697+naveensrinivasan@users.noreply.github.com>
Signed-off-by: Avishay <avishay.balter@gmail.com>

* Update main.yml (#3054)

-Fixed the YAML indenting issue.

Signed-off-by: Naveen <172697+naveensrinivasan@users.noreply.github.com>
Signed-off-by: Avishay <avishay.balter@gmail.com>

* only run e2e pat on push (#3056)

Signed-off-by: Spencer Schrock <sschrock@google.com>
Signed-off-by: Avishay <avishay.balter@gmail.com>

* :seedling: Bump github.com/go-git/go-git/v5 from 5.6.1 to 5.7.0 (#3057)

Bumps [github.com/go-git/go-git/v5](https://github.com/go-git/go-git) from 5.6.1 to 5.7.0.
- [Release notes](https://github.com/go-git/go-git/releases)
- [Commits](https://github.com/go-git/go-git/compare/v5.6.1...v5.7.0)

---
updated-dependencies:
- dependency-name: github.com/go-git/go-git/v5
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Signed-off-by: Avishay <avishay.balter@gmail.com>

* :book: :ghost: fix anchor link to the code review section (#3058)

* fix anchor link to code-review in checks.yaml

Signed-off-by: dasfreak <dasfreak@users.noreply.github.com>
Signed-off-by: Marc Ohm <dasfreak@users.noreply.github.com>

* generate checks.md

Signed-off-by: Marc Ohm <dasfreak@users.noreply.github.com>

---------

Signed-off-by: dasfreak <dasfreak@users.noreply.github.com>
Signed-off-by: Marc Ohm <dasfreak@users.noreply.github.com>
Signed-off-by: Avishay <avishay.balter@gmail.com>

* 🐛 Gitlab: Tests (#3027)

* fix tests

Signed-off-by: Raghav Kaul <raghavkaul@google.com>

* use projectID instead of project where applicable

Signed-off-by: Raghav Kaul <raghavkaul@google.com>

* pass ref as listcommitoption

Signed-off-by: Raghav Kaul <raghavkaul@google.com>

* update tests

* CI-Tests: check if score > 0. pull request client is limited and can't
go back to arbitrary pull requests. CI-Tests don't run on forks, so this
can't be pinned either. But, for active repositories, we typically
expect *some* tests to be run

Signed-off-by: Raghav Kaul <raghavkaul@google.com>

* fix commitshandler commitSHA tests

Signed-off-by: Raghav Kaul <raghavkaul@google.com>

* update tests

Signed-off-by: Raghav Kaul <raghavkaul@google.com>

---------

Signed-off-by: Raghav Kaul <raghavkaul@google.com>
Signed-off-by: raghavkaul <8695110+raghavkaul@users.noreply.github.com>
Signed-off-by: Avishay <avishay.balter@gmail.com>

* :seedling: Bump github.com/goreleaser/nfpm/v2 in /tools (#3060)

Bumps [github.com/goreleaser/nfpm/v2](https://github.com/goreleaser/nfpm) from 2.28.0 to 2.29.0.
- [Release notes](https://github.com/goreleaser/nfpm/releases)
- [Changelog](https://github.com/goreleaser/nfpm/blob/main/.goreleaser.yml)
- [Commits](https://github.com/goreleaser/nfpm/compare/v2.28.0...v2.29.0)

---
updated-dependencies:
- dependency-name: github.com/goreleaser/nfpm/v2
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Signed-off-by: Avishay <avishay.balter@gmail.com>

* ✨ Gitlab: Add projects to cron (#2936)

* cron: add gitlab projects

* support gitlab client
* simplify gitlab detection

Signed-off-by: Raghav Kaul <raghavkaul@google.com>

* fix MakeGitlabRepo

* shortcut when repo url is github.com
* fixes add-projects, validate-projects

Signed-off-by: Raghav Kaul <raghavkaul@google.com>

* Move gitlab repos to release controller

Signed-off-by: Raghav Kaul <raghavkaul@google.com>

* Add csv headers

Signed-off-by: Raghav Kaul <raghavkaul@google.com>

* Use gitlab.WithBaseURL

Signed-off-by: Raghav Kaul <raghavkaul@google.com>

* formatting & logging

Signed-off-by: Raghav Kaul <raghavkaul@google.com>

* remove spurious test

Signed-off-by: Raghav Kaul <raghavkaul@google.com>

* consolidate logic

Signed-off-by: Raghav Kaul <raghavkaul@google.com>

* Turn on experimental flag

Signed-off-by: Raghav Kaul <raghavkaul@google.com>

* Add projects

Signed-off-by: Raghav Kaul <raghavkaul@google.com>

* Update client

Signed-off-by: Raghav Kaul <raghavkaul@google.com>

* update

Signed-off-by: Raghav Kaul <raghavkaul@google.com>

* update

Signed-off-by: Raghav Kaul <raghavkaul@google.com>

* update

Signed-off-by: Raghav Kaul <raghavkaul@google.com>

* update

Signed-off-by: Raghav Kaul <raghavkaul@google.com>

---------

Signed-off-by: Raghav Kaul <raghavkaul@google.com>
Signed-off-by: Avishay <avishay.balter@gmail.com>

* :seedling: Simplify caching in docker workflow (#3061)

Signed-off-by: Spencer Schrock <sschrock@google.com>
Signed-off-by: Avishay <avishay.balter@gmail.com>

* :seedling: Bump github/codeql-action from 2.3.3 to 2.3.4 (#3064)

Bumps [github/codeql-action](https://github.com/github/codeql-action) from 2.3.3 to 2.3.4.
- [Release notes](https://github.com/github/codeql-action/releases)
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md)
- [Commits](https://github.com/github/codeql-action/compare/29b1f65c5e92e24fe6b6647da1eaabe529cec70f...f0e3dfb30302f8a0881bb509b044e0de4f6ef589)

---
updated-dependencies:
- dependency-name: github/codeql-action
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Signed-off-by: Avishay <avishay.balter@gmail.com>

* :seedling: Bump cloud.google.com/go/pubsub from 1.30.1 to 1.31.0 (#3065)

Bumps [cloud.google.com/go/pubsub](https://github.com/googleapis/google-cloud-go) from 1.30.1 to 1.31.0.
- [Release notes](https://github.com/googleapis/google-cloud-go/releases)
- [Changelog](https://github.com/googleapis/google-cloud-go/blob/main/CHANGES.md)
- [Commits](https://github.com/googleapis/google-cloud-go/compare/pubsub/v1.30.1...pubsub/v1.31.0)

---
updated-dependencies:
- dependency-name: cloud.google.com/go/pubsub
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Signed-off-by: Avishay <avishay.balter@gmail.com>

* 🐛 gitlab: cron  (#3070)

Signed-off-by: Raghav Kaul <raghavkaul@google.com>
Signed-off-by: Avishay <avishay.balter@gmail.com>

* :seedling: Bump github/codeql-action from 2.3.4 to 2.3.5 (#3072)

Bumps [github/codeql-action](https://github.com/github/codeql-action) from 2.3.4 to 2.3.5.
- [Release notes](https://github.com/github/codeql-action/releases)
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md)
- [Commits](https://github.com/github/codeql-action/compare/f0e3dfb30302f8a0881bb509b044e0de4f6ef589...0225834cc549ee0ca93cb085b92954821a145866)

---
updated-dependencies:
- dependency-name: github/codeql-action
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Signed-off-by: Avishay <avishay.balter@gmail.com>

* :seedling: Bump tj-actions/changed-files from 35.9.2 to 36.0.3 (#3071)

Bumps [tj-actions/changed-files](https://github.com/tj-actions/changed-files) from 35.9.2 to 36.0.3.
- [Release notes](https://github.com/tj-actions/changed-files/releases)
- [Changelog](https://github.com/tj-actions/changed-files/blob/main/HISTORY.md)
- [Commits](https://github.com/tj-actions/changed-files/compare/b2d17f51244a144849c6b37a3a6791b98a51d86f...25eaddf37ae893cec889065e9a60439c8af6f089)

---
updated-dependencies:
- dependency-name: tj-actions/changed-files
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Signed-off-by: Avishay <avishay.balter@gmail.com>

* 🐛 Gitlab status updates (#3052)

* doc: Updating gitlab support validation status

Signed-off-by: Robison, Jim B <jim.b.robison@lmco.com>

* bug: Updated  logic for gitlab to prevent exceptions based on releases

Signed-off-by: Robison, Jim B <jim.b.robison@lmco.com>

* test: Added initial tests for gitlab branches

Signed-off-by: Robison, Jim B <jim.b.robison@lmco.com>

* doc: Updated general README

Signed-off-by: Robison, Jim B <jim.b.robison@lmco.com>

* refactor: Cleaned up the query for pipelines to be focused on the commitID

Signed-off-by: Robison, Jim B <jim.b.robison@lmco.com>

* feat: Allowed for a non-graphql method of retrieving MRs associated to a commit

Signed-off-by: Robison, Jim B <jim.b.robison@lmco.com>

* doc: Updated status for the CI-Tests

Signed-off-by: Robison, Jim B <jim.b.robison@lmco.com>

* bug: Updated the host url for graphql querying. This enabled the removal of the code added for handling empty returns when executing against a non-gitlab.com repository.

Signed-off-by: Robison, Jim B <jim.b.robison@lmco.com>

---------

Signed-off-by: Robison, Jim B <jim.b.robison@lmco.com>
Co-authored-by: Raghav Kaul <8695110+raghavkaul@users.noreply.github.com>
Signed-off-by: Avishay <avishay.balter@gmail.com>

* :seedling: Bump github.com/sigstore/rekor from 1.1.1 to 1.2.0 in /tools (#3079)

Bumps [github.com/sigstore/rekor](https://github.com/sigstore/rekor) from 1.1.1 to 1.2.0.
- [Release notes](https://github.com/sigstore/rekor/releases)
- [Changelog](https://github.com/sigstore/rekor/blob/main/CHANGELOG.md)
- [Commits](https://github.com/sigstore/rekor/compare/v1.1.1...v1.2.0)

---
updated-dependencies:
- dependency-name: github.com/sigstore/rekor
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Signed-off-by: Avishay <avishay.balter@gmail.com>

* get nuget latest version from registration URL

Signed-off-by: Avishay <avishay.balter@gmail.com>

* better coverage

Signed-off-by: Avishay <avishay.balter@gmail.com>

* sign

Signed-off-by: Avishay <avishay.balter@gmail.com>

* fix tests

Signed-off-by: Avishay <avishay.balter@gmail.com>

* more tests

Signed-off-by: Avishay <avishay.balter@gmail.com>

* client tests

Signed-off-by: Avishay <avishay.balter@gmail.com>

* lint

Signed-off-by: Avishay <avishay.balter@gmail.com>

* Apply suggestions from code review

Co-authored-by: Joel Verhagen <joel.verhagen@gmail.com>
Signed-off-by: Avishay Balter <avishay.balter@gmail.com>
Signed-off-by: Avishay <avishay.balter@gmail.com>

* :seedling: Bump golang from `685a22e` to `690e413` (#3080)

Bumps golang from `685a22e` to `690e413`.

---
updated-dependencies:
- dependency-name: golang
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Signed-off-by: Avishay <avishay.balter@gmail.com>

* :seedling: Bump golang from `685a22e` to `690e413` in /cron/internal/cii

Bumps golang from `685a22e` to `690e413`.

---
updated-dependencies:
- dependency-name: golang
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: Avishay <avishay.balter@gmail.com>

* :seedling: Bump golang in /cron/internal/controller

Bumps golang from `685a22e` to `690e413`.

---
updated-dependencies:
- dependency-name: golang
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: Avishay <avishay.balter@gmail.com>

* :seedling: Bump golang in /cron/internal/worker

Bumps golang from `685a22e` to `690e413`.

---
updated-dependencies:
- dependency-name: golang
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: Avishay <avishay.balter@gmail.com>

* :seedling: Bump golang in /clients/githubrepo/roundtripper/tokens/server

Bumps golang from `685a22e` to `690e413`.

---
updated-dependencies:
- dependency-name: golang
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: Avishay <avishay.balter@gmail.com>

* :seedling: Bump golang in /cron/internal/webhook

Bumps golang from `685a22e` to `690e413`.

---
updated-dependencies:
- dependency-name: golang
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: Avishay <avishay.balter@gmail.com>

* :seedling: Bump golang from `685a22e` to `690e413` in /cron/internal/bq

Bumps golang from `685a22e` to `690e413`.

---
updated-dependencies:
- dependency-name: golang
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: Avishay <avishay.balter@gmail.com>

* :seedling: Bump arduino/setup-protoc from 1.2.0 to 1.3.0 (#3089)

Bumps [arduino/setup-protoc](https://github.com/arduino/setup-protoc) from 1.2.0 to 1.3.0.
- [Release notes](https://github.com/arduino/setup-protoc/releases)
- [Commits](https://github.com/arduino/setup-protoc/compare/4b3578161eece2eb20a9dfd84bb8ed105e684dba...149f6c87b92550901b26acd1632e11c3662e381f)

---
updated-dependencies:
- dependency-name: arduino/setup-protoc
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Signed-off-by: Avishay <avishay.balter@gmail.com>

* :seedling: Bump tj-actions/changed-files from 36.0.3 to 36.0.9 (#3088)

Bumps [tj-actions/changed-files](https://github.com/tj-actions/changed-files) from 36.0.3 to 36.0.9.
- [Release notes](https://github.com/tj-actions/changed-files/releases)
- [Changelog](https://github.com/tj-actions/changed-files/blob/main/HISTORY.md)
- [Commits](https://github.com/tj-actions/changed-files/compare/25eaddf37ae893cec889065e9a60439c8af6f089...cf4fe8759a45edd76ed6215da3529d2dbd2a3c68)

---
updated-dependencies:
- dependency-name: tj-actions/changed-files
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Signed-off-by: Avishay <avishay.balter@gmail.com>

* pr iteration 2

Signed-off-by: Avishay <avishay.balter@gmail.com>

* pr iteration 3

Signed-off-by: Avishay <avishay.balter@gmail.com>

* switch security policy e2e test to ossf-tests repo. (#3090)

tensorflow/tensorflow is huge and was slowing down tests.
Also removed the rust e2e tests because they're already present as unit tests.

Signed-off-by: Spencer Schrock <sschrock@google.com>
Signed-off-by: Avishay <avishay.balter@gmail.com>

* :seedling: Bump github.com/onsi/ginkgo/v2 from 2.9.5 to 2.9.7 in /tools (#3094)

Bumps [github.com/onsi/ginkgo/v2](https://github.com/onsi/ginkgo) from 2.9.5 to 2.9.7.
- [Release notes](https://github.com/onsi/ginkgo/releases)
- [Changelog](https://github.com/onsi/ginkgo/blob/master/CHANGELOG.md)
- [Commits](https://github.com/onsi/ginkgo/compare/v2.9.5...v2.9.7)

---
updated-dependencies:
- dependency-name: github.com/onsi/ginkgo/v2
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Signed-off-by: Avishay <avishay.balter@gmail.com>

* :seedling: Bump github.com/onsi/ginkgo/v2 from 2.9.5 to 2.9.7 (#3093)

Bumps [github.com/onsi/ginkgo/v2](https://github.com/onsi/ginkgo) from 2.9.5 to 2.9.7.
- [Release notes](https://github.com/onsi/ginkgo/releases)
- [Changelog](https://github.com/onsi/ginkgo/blob/master/CHANGELOG.md)
- [Commits](https://github.com/onsi/ginkgo/compare/v2.9.5...v2.9.7)

---
updated-dependencies:
- dependency-name: github.com/onsi/ginkgo/v2
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Signed-off-by: Avishay <avishay.balter@gmail.com>

* :seedling: Bump actions/dependency-review-action from 3.0.4 to 3.0.6 (#3104)

Bumps [actions/dependency-review-action](https://github.com/actions/dependency-review-action) from 3.0.4 to 3.0.6.
- [Release notes](https://github.com/actions/dependency-review-action/releases)
- [Commits](https://github.com/actions/dependency-review-action/compare/f46c48ed6d4f1227fb2d9ea62bf6bcbed315589e...1360a344ccb0ab6e9475edef90ad2f46bf8003b1)

---
updated-dependencies:
- dependency-name: actions/dependency-review-action
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Signed-off-by: Avishay <avishay.balter@gmail.com>

* :seedling: Bump tj-actions/changed-files from 36.0.9 to 36.0.12 (#3108)

Bumps [tj-actions/changed-files](https://github.com/tj-actions/changed-files) from 36.0.9 to 36.0.12.
- [Release notes](https://github.com/tj-actions/changed-files/releases)
- [Changelog](https://github.com/tj-actions/changed-files/blob/main/HISTORY.md)
- [Commits](https://github.com/tj-actions/changed-files/compare/cf4fe8759a45edd76ed6215da3529d2dbd2a3c68...5978e5a2df95ef20cde627d4acb5edd1f87ba46a)

---
updated-dependencies:
- dependency-name: tj-actions/changed-files
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Signed-off-by: Avishay <avishay.balter@gmail.com>

* :seedling: Bump github.com/xanzy/go-gitlab from 0.83.0 to 0.84.0 (#3106)

Bumps [github.com/xanzy/go-gitlab](https://github.com/xanzy/go-gitlab) from 0.83.0 to 0.84.0.
- [Changelog](https://github.com/xanzy/go-gitlab/blob/master/releases_test.go)
- [Commits](https://github.com/xanzy/go-gitlab/compare/v0.83.0...v0.84.0)

---
updated-dependencies:
- dependency-name: github.com/xanzy/go-gitlab
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Signed-off-by: Avishay <avishay.balter@gmail.com>

* :seedling: Bump golang.org/x/tools from 0.9.1 to 0.9.2

Bumps [golang.org/x/tools](https://github.com/golang/tools) from 0.9.1 to 0.9.2.
- [Release notes](https://github.com/golang/tools/releases)
- [Commits](https://github.com/golang/tools/compare/v0.9.1...v0.9.2)

---
updated-dependencies:
- dependency-name: golang.org/x/tools
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: Avishay <avishay.balter@gmail.com>

* ✨ GitLab: enable more checks in cron (#3097)

* Enable checks

* Binary-Artifacts
* Code-Review
* License
* Vulnerabilities

Signed-off-by: Raghav Kaul <raghavkaul@google.com>

* Enable more checks

* CII Best Practices
* Fuzzing
* Maintained
* Packaging
* Pinned-Dependencies
* Signed-Releases

Signed-off-by: Raghav Kaul <raghavkaul@google.com>

* update repo name

Signed-off-by: Raghav Kaul <raghavkaul@google.com>

---------

Signed-off-by: Raghav Kaul <raghavkaul@google.com>
Signed-off-by: Avishay <avishay.balter@gmail.com>

* :book: agenda link change (#3111)

Signed-off-by: Amanda L Martin <hythloda@gmail.com>
Signed-off-by: Avishay <avishay.balter@gmail.com>

* :seedling: Bump github/codeql-action from 2.3.5 to 2.3.6 (#3112)

Bumps [github/codeql-action](https://github.com/github/codeql-action) from 2.3.5 to 2.3.6.
- [Release notes](https://github.com/github/codeql-action/releases)
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md)
- [Commits](https://github.com/github/codeql-action/compare/0225834cc549ee0ca93cb085b92954821a145866...83f0fe6c4988d98a455712a27f0255212bba9bd4)

---
updated-dependencies:
- dependency-name: github/codeql-action
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Signed-off-by: Avishay <avishay.balter@gmail.com>

* :seedling: Bump tj-actions/changed-files from 36.0.12 to 36.0.15 (#3116)

Bumps [tj-actions/changed-files](https://github.com/tj-actions/changed-files) from 36.0.12 to 36.0.15.
- [Release notes](https://github.com/tj-actions/changed-files/releases)
- [Changelog](https://github.com/tj-actions/changed-files/blob/main/HISTORY.md)
- [Commits](https://github.com/tj-actions/changed-files/compare/5978e5a2df95ef20cde627d4acb5edd1f87ba46a...5d2fcdb4cbef720a52f49fd05d8c7edd18a64758)

---
updated-dependencies:
- dependency-name: tj-actions/changed-files
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Signed-off-by: Avishay <avishay.balter@gmail.com>

* :seedling: Bump golang.org/x/tools from 0.9.2 to 0.9.3

Bumps [golang.org/x/tools](https://github.com/golang/tools) from 0.9.2 to 0.9.3.
- [Release notes](https://github.com/golang/tools/releases)
- [Commits](https://github.com/golang/tools/compare/v0.9.2...v0.9.3)

---
updated-dependencies:
- dependency-name: golang.org/x/tools
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: Avishay <avishay.balter@gmail.com>

* :seedling: Unit tests for option (#3109)

- Add flags for repo, local, commit, log level, NPM, PyPI, RubyGems, metadata, show details, checks to run, policy file, and format
- Add tests for checks to run and format flags

Signed-off-by: naveensrinivasan <172697+naveensrinivasan@users.noreply.github.com>
Signed-off-by: Avishay <avishay.balter@gmail.com>

* 🌱 GitLab: add gitlab auth token to cron worker env (#3117)

Signed-off-by: Raghav Kaul <raghavkaul@google.com>
Signed-off-by: Avishay <avishay.balter@gmail.com>

* Don't run pat e2e on dependabot merges (#3119)

Signed-off-by: Raghav Kaul <raghavkaul@google.com>
Signed-off-by: Avishay <avishay.balter@gmail.com>

* ✨ Detect fast-check PBT library for fuzz section (#3073)

* ✨ Detect fast-check PBT library for fuzz section

As suggested at https://github.com/ossf/scorecard/issues/2792#issuecomment-1562007596, we add support for the detection of fast-check as a possible fuzzing solution.

I also adapted the documentation related to fuzzing accordingly.

Signed-off-by: Nicolas DUBIEN <github@dubien.org>

* Typo

Signed-off-by: Nicolas DUBIEN <github@dubien.org>

* Update missing md files

Signed-off-by: Nicolas DUBIEN <github@dubien.org>

---------

Signed-off-by: Nicolas DUBIEN <github@dubien.org>
Signed-off-by: Avishay <avishay.balter@gmail.com>

* :seedling: temporarily disable failing e2e tests so we don't block all PRs. (#3130)

Signed-off-by: Spencer Schrock <sschrock@google.com>
Signed-off-by: Avishay <avishay.balter@gmail.com>

* pr comments

Signed-off-by: Avishay <avishay.balter@gmail.com>

* :seedling: Bump github.com/sirupsen/logrus from 1.9.2 to 1.9.3 (#3121)

Bumps [github.com/sirupsen/logrus](https://github.com/sirupsen/logrus) from 1.9.2 to 1.9.3.
- [Release notes](https://github.com/sirupsen/logrus/releases)
- [Changelog](https://github.com/sirupsen/logrus/blob/master/CHANGELOG.md)
- [Commits](https://github.com/sirupsen/logrus/compare/v1.9.2...v1.9.3)

---
updated-dependencies:
- dependency-name: github.com/sirupsen/logrus
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Signed-off-by: Avishay <avishay.balter@gmail.com>

* i:seedling: Ignore all pb files for test (#3127)

- Update .codecov.yml to ignore additional files

Signed-off-by: naveensrinivasan <172697+naveensrinivasan@users.noreply.github.com>
Signed-off-by: Avishay <avishay.balter@gmail.com>

* :seedling: Deprecate dependencydiff package and add access token requirement (#3125)

- Deprecate the `dependencydiff` package and the `GetDependencyDiffResults` function
- Add a line to the `.codecov.yml` to ignore the `dependencydiff` package

Signed-off-by: naveensrinivasan <172697+naveensrinivasan@users.noreply.github.com>
Signed-off-by: Avishay <avishay.balter@gmail.com>

* ✨ [experimental] Support for new `--format probe` (#3048)

* update

Signed-off-by: laurentsimon <laurentsimon@google.com>

* update

Signed-off-by: laurentsimon <laurentsimon@google.com>

* update

Signed-off-by: laurentsimon <laurentsimon@google.com>

* update

Signed-off-by: laurentsimon <laurentsimon@google.com>

* update

Signed-off-by: laurentsimon <laurentsimon@google.com>

* update

Signed-off-by: laurentsimon <laurentsimon@google.com>

* update

Signed-off-by: laurentsimon <laurentsimon@google.com>

* update

Signed-off-by: laurentsimon <laurentsimon@google.com>

* update

Signed-off-by: laurentsimon <laurentsimon@google.com>

* update

Signed-off-by: laurentsimon <laurentsimon@google.com>

* update

Signed-off-by: laurentsimon <laurentsimon@google.com>

* update

Signed-off-by: laurentsimon <laurentsimon@google.com>

* update

Signed-off-by: laurentsimon <laurentsimon@google.com>

* update

Signed-off-by: laurentsimon <laurentsimon@google.com>

* update

Signed-off-by: laurentsimon <laurentsimon@google.com>

* update

Signed-off-by: laurentsimon <laurentsimon@google.com>

* update

Signed-off-by: laurentsimon <laurentsimon@google.com>

---------

Signed-off-by: laurentsimon <laurentsimon@google.com>
Signed-off-by: Avishay <avishay.balter@gmail.com>

* :seedling: Bump distroless/base (#3122)

Bumps distroless/base from `10985f0` to `c623859`.

---
updated-dependencies:
- dependency-name: distroless/base
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Signed-off-by: Avishay <avishay.balter@gmail.com>

* :seedling: Ignore deprecation warning for dependencydiff tests. (#3136)

Signed-off-by: Spencer Schrock <sschrock@google.com>
Signed-off-by: Avishay <avishay.balter@gmail.com>

* :seedling: Bump tj-actions/changed-files from 36.0.15 to 36.0.18

Bumps [tj-actions/changed-files](https://github.com/tj-actions/changed-files) from 36.0.15 to 36.0.18.
- [Release notes](https://github.com/tj-actions/changed-files/releases)
- [Changelog](https://github.com/tj-actions/changed-files/blob/main/HISTORY.md)
- [Commits](https://github.com/tj-actions/changed-files/compare/5d2fcdb4cbef720a52f49fd05d8c7edd18a64758...07e0177b72d3640efced741cae32f9861eee1367)

---
updated-dependencies:
- dependency-name: tj-actions/changed-files
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: Avishay <avishay.balter@gmail.com>

* :seedling: Bump github.com/onsi/ginkgo/v2 from 2.9.7 to 2.10.0 in /tools (#3135)

Bumps [github.com/onsi/ginkgo/v2](https://github.com/onsi/ginkgo) from 2.9.7 to 2.10.0.
- [Release notes](https://github.com/onsi/ginkgo/releases)
- [Changelog](https://github.com/onsi/ginkgo/blob/master/CHANGELOG.md)
- [Commits](https://github.com/onsi/ginkgo/compare/v2.9.7...v2.10.0)

---
updated-dependencies:
- dependency-name: github.com/onsi/ginkgo/v2
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Signed-off-by: Avishay <avishay.balter@gmail.com>

* :seedling: Bump github.com/google/osv-scanner from 1.3.3 to 1.3.4

Bumps [github.com/google/osv-scanner](https://github.com/google/osv-scanner) from 1.3.3 to 1.3.4.
- [Release notes](https://github.com/google/osv-scanner/releases)
- [Changelog](https://github.com/google/osv-scanner/blob/main/CHANGELOG.md)
- [Commits](https://github.com/google/osv-scanner/compare/v1.3.3...v1.3.4)

---
updated-dependencies:
- dependency-name: github.com/google/osv-scanner
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: Avishay <avishay.balter@gmail.com>

* :seedling: Bump github.com/onsi/ginkgo/v2 from 2.9.7 to 2.10.0

Bumps [github.com/onsi/ginkgo/v2](https://github.com/onsi/ginkgo) from 2.9.7 to 2.10.0.
- [Release notes](https://github.com/onsi/ginkgo/releases)
- [Changelog](https://github.com/onsi/ginkgo/blob/master/CHANGELOG.md)
- [Commits](https://github.com/onsi/ginkgo/compare/v2.9.7...v2.10.0)

---
updated-dependencies:
- dependency-name: github.com/onsi/ginkgo/v2
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: Avishay <avishay.balter@gmail.com>

* :seedling: Bump github.com/onsi/gomega from 1.27.7 to 1.27.8

Bumps [github.com/onsi/gomega](https://github.com/onsi/gomega) from 1.27.7 to 1.27.8.
- [Release notes](https://github.com/onsi/gomega/releases)
- [Changelog](https://github.com/onsi/gomega/blob/master/CHANGELOG.md)
- [Commits](https://github.com/onsi/gomega/compare/v1.27.7...v1.27.8)

---
updated-dependencies:
- dependency-name: github.com/onsi/gomega
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: Avishay <avishay.balter@gmail.com>

* :seedling: Bump slsa-framework/slsa-github-generator from 1.6.0 to 1.7.0 (#3139)

Bumps [slsa-framework/slsa-github-generator](https://github.com/slsa-framework/slsa-github-generator) from 1.6.0 to 1.7.0.
- [Release notes](https://github.com/slsa-framework/slsa-github-generator/releases)
- [Changelog](https://github.com/slsa-framework/slsa-github-generator/blob/main/CHANGELOG.md)
- [Commits](https://github.com/slsa-framework/slsa-github-generator/compare/v1.6.0...v1.7.0)

---
updated-dependencies:
- dependency-name: slsa-framework/slsa-github-generator
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Signed-off-by: Avishay <avishay.balter@gmail.com>

* :seedling: Increase test coverage for finding outcomes (#3142)

* Increase test coverage for finding outcomes

- Add tests for Outcome UnmarshalYAML function in `finding/finding_test.go`

Signed-off-by: naveensrinivasan <172697+naveensrinivasan@users.noreply.github.com>

* Updates based on Codereview

- Update `Outcome` variable in `finding/finding_test.go`
- Add `t.Parallel()` for test parallelization
- Add comparison using `cmp.Diff` to test for mismatches
- Update test cases for various outcomes

Signed-off-by: naveensrinivasan <172697+naveensrinivasan@users.noreply.github.com>

---------

Signed-off-by: naveensrinivasan <172697+naveensrinivasan@users.noreply.github.com>
Signed-off-by: Avishay <avishay.balter@gmail.com>

* :seedling: Bump tj-actions/changed-files from 36.0.18 to 36.1.0 (#3143)

Bumps [tj-actions/changed-files](https://github.com/tj-actions/changed-files) from 36.0.18 to 36.1.0.
- [Release notes](https://github.com/tj-actions/changed-files/releases)
- [Changelog](https://github.com/tj-actions/changed-files/blob/main/HISTORY.md)
- [Commits](https://github.com/tj-actions/changed-files/compare/07e0177b72d3640efced741cae32f9861eee1367...fb20f4d24890fadc539505b1746d260504b213d0)

---
updated-dependencies:
- dependency-name: tj-actions/changed-files
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Signed-off-by: Avishay <avishay.balter@gmail.com>

* :seedling: Re-enable skipped e2e tests. Switch to smaller code review repo. (#3144)

* re-enable skipped ci test

Signed-off-by: Spencer Schrock <sschrock@google.com>

* re-enable skipped attestor test. switch to ossf-tests repo

Signed-off-by: Spencer Schrock <sschrock@google.com>

* remove extra policies from tests that only look at code review.

Signed-off-by: Spencer Schrock <sschrock@google.com>

* remove unneeded policies from binary artifact tests.

Signed-off-by: Spencer Schrock <sschrock@google.com>

---------

Signed-off-by: Spencer Schrock <sschrock@google.com>
Signed-off-by: Avishay <avishay.balter@gmail.com>

* add license header

Signed-off-by: Avishay <avishay.balter@gmail.com>

* pr comments

Signed-off-by: Avishay <avishay.balter@gmail.com>

* making the packages internal

Signed-off-by: Avishay <avishay.balter@gmail.com>

* generate mocks

Signed-off-by: Avishay <avishay.balter@gmail.com>

---------

Signed-off-by: Avishay <avishay.balter@gmail.com>
Signed-off-by: Avishay Balter <avishay.balter@gmail.com>
Signed-off-by: Allen Shearin <allen.p.shearin@gmail.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

3 participants