From 31a02f637181b410a3442422f4ae2675334108c4 Mon Sep 17 00:00:00 2001 From: laurentsimon Date: Mon, 30 Aug 2021 20:39:00 +0000 Subject: [PATCH 1/7] support for verison --- cmd/root.go | 4 +- cmd/version.go | 31 ++++--------- go.mod | 1 + go.sum | 7 +++ pkg/json.go | 40 ++++++++++++----- pkg/json.v2.schema | 69 +++++++++++++++++++---------- pkg/json_test.go | 93 +++++++++++++++++++++++++++------------ pkg/sarif.go | 4 +- pkg/sarif_test.go | 89 ++++++++++++++++++++++++++----------- pkg/scorecard.go | 8 ++-- pkg/scorecard_result.go | 16 +++++-- pkg/scorecard_version.go | 65 +++++++++++++++++++++++++++ pkg/testdata/check1.json | 24 ++++++---- pkg/testdata/check1.sarif | 2 +- pkg/testdata/check2.json | 26 ++++++----- pkg/testdata/check2.sarif | 2 +- pkg/testdata/check3.json | 40 ++++++++++------- pkg/testdata/check3.sarif | 2 +- pkg/testdata/check4.json | 42 ++++++++++-------- pkg/testdata/check4.sarif | 2 +- pkg/testdata/check5.json | 24 ++++++---- pkg/testdata/check5.sarif | 2 +- pkg/testdata/check6.json | 24 ++++++---- pkg/testdata/check6.sarif | 2 +- scripts/version-ldflags | 2 +- 25 files changed, 420 insertions(+), 201 deletions(-) create mode 100644 pkg/scorecard_version.go diff --git a/cmd/root.go b/cmd/root.go index 1d41f0f25bf..d56f98495df 100644 --- a/cmd/root.go +++ b/cmd/root.go @@ -173,9 +173,7 @@ or ./scorecard --{npm,pypi,rubgems}= [--checks=check1,...] [--show log.Fatalf("cannot read yaml file: %v", err) } // TODO: support config files and update checker.MaxResultScore. - // TODO: set version dynamically. - scorecardVersion := "1.2.3" - err = repoResult.AsSARIF(scorecardVersion, showDetails, *logLevel, os.Stdout, checkDocs, checker.MaxResultScore) + err = repoResult.AsSARIF(showDetails, *logLevel, os.Stdout, checkDocs, checker.MaxResultScore) case formatCSV: err = repoResult.AsCSV(showDetails, *logLevel, os.Stdout) case formatJSON: diff --git a/cmd/version.go b/cmd/version.go index 529cc99cfef..d780255be93 100644 --- a/cmd/version.go +++ b/cmd/version.go @@ -16,25 +16,10 @@ package cmd import ( "fmt" - "runtime" "github.com/spf13/cobra" -) -// Base version information. -// -// This is the fallback data used when version information from git is not -// provided via go ldflags in the Makefile. See version.mk. -var ( - // Output of "git describe". The prerequisite is that the branch should be - // tagged using the correct versioning strategy. - gitVersion = "unknown" - // SHA1 from git, output of $(git rev-parse HEAD). - gitCommit = "unknown" - // State of git tree, either "clean" or "dirty". - gitTreeState = "unknown" - // Build date in ISO8601 format, output of $(date -u +'%Y-%m-%dT%H:%M:%SZ'). - buildDate = "unknown" + "github.com/ossf/scorecard/v2/pkg" ) //nolint:gochecknoinits @@ -48,12 +33,12 @@ var versionCmd = &cobra.Command{ Long: ``, Run: func(cmd *cobra.Command, args []string) { // not using logger, since it prints timing info, etc - fmt.Printf("GitVersion:\t%s\n", gitVersion) - fmt.Printf("GitCommit:\t%s\n", gitCommit) - fmt.Printf("GitTreeState:\t%s\n", gitTreeState) - fmt.Printf("BuildDate:\t%s\n", buildDate) - fmt.Printf("GoVersion:\t%s\n", runtime.Version()) - fmt.Printf("Compiler:\t%s\n", runtime.Compiler) - fmt.Printf("Platform:\t%s/%s\n", runtime.GOOS, runtime.GOARCH) + fmt.Printf("GitVersion:\t%s\n", pkg.GetVersion()) + fmt.Printf("GitCommit:\t%s\n", pkg.GetCommit()) + fmt.Printf("GitTreeState:\t%s\n", pkg.GetTreeState()) + fmt.Printf("BuildDate:\t%s\n", pkg.GetBuildDate()) + fmt.Printf("GoVersion:\t%s\n", pkg.GetGoVersion()) + fmt.Printf("Compiler:\t%s\n", pkg.GetCompiler()) + fmt.Printf("Platform:\t%s/%s\n", pkg.GetOS(), pkg.GetArch()) }, } diff --git a/go.mod b/go.mod index b2c1c6a57f0..07f48ce48a7 100644 --- a/go.mod +++ b/go.mod @@ -9,6 +9,7 @@ require ( cloud.google.com/go/pubsub v1.16.0 cloud.google.com/go/trace v0.1.0 // indirect contrib.go.opencensus.io/exporter/stackdriver v0.13.8 + github.com/alecthomas/jsonschema v0.0.0-20210818095345-1014919a589c // indirect github.com/bradleyfalzon/ghinstallation v1.1.1 github.com/go-git/go-git/v5 v5.4.2 github.com/golang/mock v1.6.0 diff --git a/go.sum b/go.sum index 977bcd06860..da6ad118ec2 100644 --- a/go.sum +++ b/go.sum @@ -223,6 +223,8 @@ github.com/StackExchange/wmi v0.0.0-20180116203802-5d049714c4a6/go.mod h1:3eOhrU github.com/StackExchange/wmi v1.2.1/go.mod h1:rcmrprowKIVzvc+NUiLncP2uuArMWLCbu9SBzvHz7e8= github.com/acomagu/bufpipe v1.0.3 h1:fxAGrHZTgQ9w5QqVItgzwj235/uYZYgbXitB+dLupOk= github.com/acomagu/bufpipe v1.0.3/go.mod h1:mxdxdup/WdsKVreO5GpW4+M/1CE2sMG4jeGJ2sYmHc4= +github.com/alecthomas/jsonschema v0.0.0-20210818095345-1014919a589c h1:oJsq4z4xKgZWWOhrSZuLZ5KyYfRFytddLL1E5+psfIY= +github.com/alecthomas/jsonschema v0.0.0-20210818095345-1014919a589c/go.mod h1:/n6+1/DWPltRLWL/VKyUxg6tzsl5kHUCcraimt4vr60= github.com/alecthomas/kingpin v2.2.6+incompatible/go.mod h1:59OFYbFVLKQKq+mqrL6Rw5bR0c3ACQaawgXx0QYndlE= github.com/alecthomas/template v0.0.0-20160405071501-a0175ee3bccc/go.mod h1:LOuyumcjzFXgccqObfd/Ljyb9UuFJ6TxHnclSeseNhc= github.com/alecthomas/template v0.0.0-20190718012654-fb15b899a751/go.mod h1:LOuyumcjzFXgccqObfd/Ljyb9UuFJ6TxHnclSeseNhc= @@ -916,6 +918,8 @@ github.com/hashicorp/uuid v0.0.0-20160311170451-ebb0a03e909c/go.mod h1:fHzc09Uny github.com/hpcloud/tail v1.0.0/go.mod h1:ab1qPbhIpdTxEkNHXyeSf5vhxWSCs/tWer42PpOxQnU= github.com/huandu/xstrings v1.0.0/go.mod h1:4qWG/gcEcfX4z/mBDHJ++3ReCw9ibxbsNJbcucJdbSo= github.com/huandu/xstrings v1.2.0/go.mod h1:DvyZB1rfVYsBIigL8HwpZgxHwXozlTgGqn63UyNX5k4= +github.com/iancoleman/orderedmap v0.0.0-20190318233801-ac98e3ecb4b0 h1:i462o439ZjprVSFSZLZxcsoAe592sZB1rci2Z8j4wdk= +github.com/iancoleman/orderedmap v0.0.0-20190318233801-ac98e3ecb4b0/go.mod h1:N0Wam8K1arqPXNWjMo21EXnBPOPp36vB07FNRdD2geA= github.com/ianlancetaylor/demangle v0.0.0-20181102032728-5e5cf60278f6/go.mod h1:aSSvb/t6k1mPoxDqO4vJh6VOCGPwU4O0C2/Eqndh1Sc= github.com/ianlancetaylor/demangle v0.0.0-20200824232613-28f6c0f3b639/go.mod h1:aSSvb/t6k1mPoxDqO4vJh6VOCGPwU4O0C2/Eqndh1Sc= github.com/imdario/mergo v0.3.4/go.mod h1:2EnlNZ0deacrJVfApfmtdGgDfMuh/nq6Ok1EcJh5FfA= @@ -1091,6 +1095,8 @@ github.com/matttproud/golang_protobuf_extensions v1.0.2-0.20181231171920-c182aff github.com/maxbrunsfeld/counterfeiter/v6 v6.2.2/go.mod h1:eD9eIE7cdwcMi9rYluz88Jz2VyhSmden33/aXg4oVIY= github.com/mbilski/exhaustivestruct v1.2.0 h1:wCBmUnSYufAHO6J4AVWY6ff+oxWxsVFrwgOdMUQePUo= github.com/mbilski/exhaustivestruct v1.2.0/go.mod h1:OeTBVxQWoEmB2J2JCHmXWPJ0aksxSUOUy+nvtVEfzXc= +github.com/mcuadros/go-jsonschema-generator v0.0.0-20200330054847-ba7a369d4303 h1:mc6Th1b2xkPDUHTIUynE0LMJUgPEJdIDUjBLvj8yprs= +github.com/mcuadros/go-jsonschema-generator v0.0.0-20200330054847-ba7a369d4303/go.mod h1:O6IeMrJ2EU+kDaxu7Dchbd0fbmrsTcjg8SGYFVJCr5A= github.com/mgechev/dots v0.0.0-20190921121421-c36f7dcfbb81 h1:QASJXOGm2RZ5Ardbc86qNFvby9AqkLDibfChMtAg5QM= github.com/mgechev/dots v0.0.0-20190921121421-c36f7dcfbb81/go.mod h1:KQ7+USdGKfpPjXk4Ga+5XxQM4Lm4e3gAogrreFAYpOg= github.com/mgechev/revive v1.1.0 h1:TvabpsolbtlzZTyJcgMRN38MHrgi8C0DhmGE5dhscGY= @@ -1432,6 +1438,7 @@ github.com/stretchr/testify v0.0.0-20180303142811-b89eecf5ca5d/go.mod h1:a8OnRci github.com/stretchr/testify v1.1.4/go.mod h1:a8OnRcib4nhh0OaRAV+Yts87kKdq0PP7pXfy6kDkUVs= github.com/stretchr/testify v1.2.2/go.mod h1:a8OnRcib4nhh0OaRAV+Yts87kKdq0PP7pXfy6kDkUVs= github.com/stretchr/testify v1.3.0/go.mod h1:M5WIy9Dh21IEIfnGCwXGc5bZfKNJtfHm1UVUgZn+9EI= +github.com/stretchr/testify v1.3.1-0.20190311161405-34c6fa2dc709/go.mod h1:M5WIy9Dh21IEIfnGCwXGc5bZfKNJtfHm1UVUgZn+9EI= github.com/stretchr/testify v1.4.0/go.mod h1:j7eGeouHqKxXV5pUuKE4zz7dFj8WfuZ+81PSLYec5m4= github.com/stretchr/testify v1.5.1/go.mod h1:5W2xD1RspED5o8YsWQXVCued0rvSQ+mT+I5cxcmMvtA= github.com/stretchr/testify v1.6.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg= diff --git a/pkg/json.go b/pkg/json.go index a1ed3804aa6..7b60419af71 100644 --- a/pkg/json.go +++ b/pkg/json.go @@ -41,18 +41,28 @@ type jsonScorecardResult struct { //nolint type jsonCheckResultV2 struct { - Details []string - Score int - Reason string - Name string + Details []string `json:"details"` + Score int `json:"score"` + Reason string `json:"reason"` + Name string `json:"name"` +} + +type jsonRepoV2 struct { + Name string `json:"name"` + Commit string `json:"commit"` +} + +type jsonScorecardV2 struct { + Version string `json:"version"` + Commit string `json:"commit"` } type jsonScorecardResultV2 struct { - Repo string - Date string - Commit string - Checks []jsonCheckResultV2 - Metadata []string + Date string `json:"date"` + Repo jsonRepoV2 `json:"repo"` + Scorecard jsonScorecardV2 `json:"scorecard"` + Checks []jsonCheckResultV2 `json:"checks"` + Metadata []string `json:"metadata"` } // AsJSON exports results as JSON for new detail format. @@ -60,7 +70,7 @@ func (r *ScorecardResult) AsJSON(showDetails bool, logLevel zapcore.Level, write encoder := json.NewEncoder(writer) out := jsonScorecardResult{ - Repo: r.Repo, + Repo: r.Repo.Name, Date: r.Date.Format("2006-01-02"), Metadata: r.Metadata, } @@ -96,9 +106,15 @@ func (r *ScorecardResult) AsJSON2(showDetails bool, logLevel zapcore.Level, writ encoder := json.NewEncoder(writer) out := jsonScorecardResultV2{ - Repo: r.Repo, + Repo: jsonRepoV2{ + Name: r.Repo.Name, + Commit: r.Repo.CommitSHA, + }, + Scorecard: jsonScorecardV2{ + Version: r.Scorecard.Version, + Commit: r.Scorecard.CommitSHA, + }, Date: r.Date.Format("2006-01-02"), - Commit: r.CommitSHA, Metadata: r.Metadata, } diff --git a/pkg/json.v2.schema b/pkg/json.v2.schema index c1c8766da7d..8ea78fd7df5 100644 --- a/pkg/json.v2.schema +++ b/pkg/json.v2.schema @@ -1,60 +1,81 @@ { "$schema": "http://json-schema.org/schema#", - "$id": "https://github.com/ossf/scorecard/pkg/schema.v2.json", - "title": "Scorecard", - "description": "A tool to assess the security posture of open-source projects", "type": "object", "properties": { - "Checks": { + "checks": { "type": "array", "items": { "type": "object", "properties": { - "Details": { + "details": { "type": "array", "items": { "type": "string" } }, - "Name": { + "name": { "type": "string" }, - "Reason": { + "reason": { "type": "string" }, - "Score": { + "score": { "type": "integer" } }, "required": [ - "Details", - "Score", - "Reason", - "Name" + "details", + "score", + "reason", + "name" ] } }, - "Commit": { + "date": { "type": "string" }, - "Date": { - "type": "string" - }, - "Metadata": { + "metadata": { "type": "array", "items": { "type": "string" } }, - "Repo": { - "type": "string" + "repo": { + "type": "object", + "properties": { + "commit": { + "type": "string" + }, + "name": { + "type": "string" + } + }, + "required": [ + "name", + "commit" + ] + }, + "scorecard": { + "type": "object", + "properties": { + "commit": { + "type": "string" + }, + "version": { + "type": "string" + } + }, + "required": [ + "version", + "commit" + ] } }, "required": [ - "Repo", - "Date", - "Commit", - "Checks", - "Metadata" + "date", + "repo", + "scorecard", + "checks", + "metadata" ] } diff --git a/pkg/json_test.go b/pkg/json_test.go index 0514561d51f..e8f02bc78e2 100644 --- a/pkg/json_test.go +++ b/pkg/json_test.go @@ -34,7 +34,10 @@ import ( func TestJSONOutput(t *testing.T) { t.Parallel() - commit := "68bc59901773ab4c051dfcea0cc4201a1567ab32" + repoCommit := "68bc59901773ab4c051dfcea0cc4201a1567ab32" + scorecardCommit := "ccbc59901773ab4c051dfcea0cc4201a1567abdd" + scorecardVersion := "1.2.3" + repoName := "repo not used" date, e := time.Parse("2006-01-02", "2021-08-25") if e != nil { panic(fmt.Errorf("time.Parse: %w", e)) @@ -53,9 +56,15 @@ func TestJSONOutput(t *testing.T) { expected: "./testdata/check1.json", logLevel: zapcore.DebugLevel, result: ScorecardResult{ - Repo: "repo not used", - Date: date, - CommitSHA: commit, + Repo: RepoInfo{ + Name: repoName, + CommitSHA: repoCommit, + }, + Scorecard: ScorecardInfo{ + Version: scorecardVersion, + CommitSHA: scorecardCommit, + }, + Date: date, Checks: []checker.CheckResult{ { Details2: []checker.CheckDetail{ @@ -86,9 +95,15 @@ func TestJSONOutput(t *testing.T) { expected: "./testdata/check2.json", logLevel: zapcore.DebugLevel, result: ScorecardResult{ - Repo: "repo not used", - Date: date, - CommitSHA: commit, + Repo: RepoInfo{ + Name: repoName, + CommitSHA: repoCommit, + }, + Scorecard: ScorecardInfo{ + Version: scorecardVersion, + CommitSHA: scorecardCommit, + }, + Date: date, Checks: []checker.CheckResult{ { Details2: []checker.CheckDetail{ @@ -118,9 +133,15 @@ func TestJSONOutput(t *testing.T) { expected: "./testdata/check3.json", logLevel: zapcore.InfoLevel, result: ScorecardResult{ - Repo: "repo not used", - Date: date, - CommitSHA: commit, + Repo: RepoInfo{ + Name: repoName, + CommitSHA: repoCommit, + }, + Scorecard: ScorecardInfo{ + Version: scorecardVersion, + CommitSHA: scorecardCommit, + }, + Date: date, Checks: []checker.CheckResult{ { Details2: []checker.CheckDetail{ @@ -212,9 +233,15 @@ func TestJSONOutput(t *testing.T) { expected: "./testdata/check4.json", logLevel: zapcore.DebugLevel, result: ScorecardResult{ - Repo: "repo not used", - Date: date, - CommitSHA: commit, + Repo: RepoInfo{ + Name: repoName, + CommitSHA: repoCommit, + }, + Scorecard: ScorecardInfo{ + Version: scorecardVersion, + CommitSHA: scorecardCommit, + }, + Date: date, Checks: []checker.CheckResult{ { Details2: []checker.CheckDetail{ @@ -306,9 +333,15 @@ func TestJSONOutput(t *testing.T) { expected: "./testdata/check5.json", logLevel: zapcore.WarnLevel, result: ScorecardResult{ - Repo: "repo not used", - Date: date, - CommitSHA: commit, + Repo: RepoInfo{ + Name: repoName, + CommitSHA: repoCommit, + }, + Scorecard: ScorecardInfo{ + Version: scorecardVersion, + CommitSHA: scorecardCommit, + }, + Date: date, Checks: []checker.CheckResult{ { Details2: []checker.CheckDetail{ @@ -339,9 +372,15 @@ func TestJSONOutput(t *testing.T) { expected: "./testdata/check6.json", logLevel: zapcore.WarnLevel, result: ScorecardResult{ - Repo: "repo not used", - Date: date, - CommitSHA: commit, + Repo: RepoInfo{ + Name: repoName, + CommitSHA: repoCommit, + }, + Scorecard: ScorecardInfo{ + Version: scorecardVersion, + CommitSHA: scorecardCommit, + }, + Date: date, Checks: []checker.CheckResult{ { Details2: []checker.CheckDetail{ @@ -390,16 +429,16 @@ func TestJSONOutput(t *testing.T) { var expected bytes.Buffer n, err := expected.Write(content) if err != nil { - t.Fatalf("cannot write buffer: %v", err) + t.Fatalf("%s: cannot write buffer: %v", tt.name, err) } if n != len(content) { - t.Fatalf("write %d bytes but expected %d", n, len(content)) + t.Fatalf("%s: write %d bytes but expected %d", tt.name, n, len(content)) } var result bytes.Buffer err = tt.result.AsJSON2(tt.showDetails, tt.logLevel, &result) if err != nil { - t.Fatalf("AsJSON2: %v", err) + t.Fatalf("%s: AsJSON2: %v", tt.name, err) } // TODO: add indentation to AsJSON2() and remove @@ -408,27 +447,27 @@ func TestJSONOutput(t *testing.T) { // Unmarshall expected output. var js jsonScorecardResultV2 if err := json.Unmarshal(expected.Bytes(), &js); err != nil { - t.Fatalf("json.Unmarshal %s: %s", tt.name, err) + t.Fatalf("%s: json.Unmarshal: %s", tt.name, err) } // Marshall. var es bytes.Buffer encoder := json.NewEncoder(&es) if err := encoder.Encode(js); err != nil { - t.Fatalf("Encode %s: %s", tt.name, err) + t.Fatalf("%s: Encode: %s", tt.name, err) } // Compare outputs. r := bytes.Compare(result.Bytes(), es.Bytes()) if r != 0 { - t.Fatalf("invalid result for %s: %d", tt.name, r) + t.Fatalf("%s: invalid result %d", tt.name, r) } // Validate schema. docLoader := gojsonschema.NewReferenceLoader(fmt.Sprintf("file://%s", path.Join(cwd, tt.expected))) rr, err := schema.Validate(docLoader) if err != nil { - t.Fatalf("Validate error for %s: %s", tt.name, err.Error()) + t.Fatalf("%s: Validate error: %s", tt.name, err.Error()) } if !rr.Valid() { @@ -436,7 +475,7 @@ func TestJSONOutput(t *testing.T) { for _, desc := range rr.Errors() { s += fmt.Sprintf("- %s\n", desc) } - t.Fatalf("invalid format %s: %s", tt.name, s) + t.Fatalf("%s: invalid format: %s", tt.name, s) } }) } diff --git a/pkg/sarif.go b/pkg/sarif.go index 4be77a64219..e4f6b03cceb 100644 --- a/pkg/sarif.go +++ b/pkg/sarif.go @@ -389,7 +389,7 @@ func createSARIFResult(pos int, checkID, reason string, minScore, score int, } // AsSARIF outputs ScorecardResult in SARIF 2.1.0 format. -func (r *ScorecardResult) AsSARIF(version string, showDetails bool, logLevel zapcore.Level, +func (r *ScorecardResult) AsSARIF(showDetails bool, logLevel zapcore.Level, writer io.Writer, checkDocs docs.Doc, minScore int) error { //nolint // https://docs.oasis-open.org/sarif/sarif/v2.1.0/cs01/sarif-v2.1.0-cs01.html. @@ -397,7 +397,7 @@ func (r *ScorecardResult) AsSARIF(version string, showDetails bool, logLevel zap // see https://docs.github.com/en/code-security/secure-coding/integrating-with-code-scanning/sarif-support-for-code-scanning#supported-sarif-output-file-properties, // https://github.com/microsoft/sarif-tutorials. sarif := createSARIFHeader("https://github.com/ossf/scorecard", - "supply-chain", "scorecard", version, r.CommitSHA, r.Date) + "supply-chain", "scorecard", r.Scorecard.Version, r.Scorecard.CommitSHA, r.Date) results := []result{} rules := []rule{} diff --git a/pkg/sarif_test.go b/pkg/sarif_test.go index 9d20c667682..9e79f321cab 100644 --- a/pkg/sarif_test.go +++ b/pkg/sarif_test.go @@ -39,7 +39,10 @@ func TestSARIFOutput(t *testing.T) { Tags string `yaml:"tags"` } - commit := "68bc59901773ab4c051dfcea0cc4201a1567ab32" + repoCommit := "68bc59901773ab4c051dfcea0cc4201a1567ab32" + scorecardCommit := "ccbc59901773ab4c051dfcea0cc4201a1567abdd" + scorecardVersion := "1.2.3" + repoName := "repo not used" date, e := time.Parse(time.RFC822Z, "17 Aug 21 18:57 +0000") if e != nil { panic(fmt.Errorf("time.Parse: %w", e)) @@ -72,9 +75,15 @@ func TestSARIFOutput(t *testing.T) { }, }, result: ScorecardResult{ - Repo: "repo not used", - Date: date, - CommitSHA: commit, + Repo: RepoInfo{ + Name: repoName, + CommitSHA: repoCommit, + }, + Scorecard: ScorecardInfo{ + Version: scorecardVersion, + CommitSHA: scorecardCommit, + }, + Date: date, Checks: []checker.CheckResult{ { Details2: []checker.CheckDetail{ @@ -115,9 +124,15 @@ func TestSARIFOutput(t *testing.T) { }, }, result: ScorecardResult{ - Repo: "repo not used", - Date: date, - CommitSHA: commit, + Repo: RepoInfo{ + Name: repoName, + CommitSHA: repoCommit, + }, + Scorecard: ScorecardInfo{ + Version: scorecardVersion, + CommitSHA: scorecardCommit, + }, + Date: date, Checks: []checker.CheckResult{ { Details2: []checker.CheckDetail{ @@ -171,9 +186,15 @@ func TestSARIFOutput(t *testing.T) { }, }, result: ScorecardResult{ - Repo: "repo not used", - Date: date, - CommitSHA: commit, + Repo: RepoInfo{ + Name: repoName, + CommitSHA: repoCommit, + }, + Scorecard: ScorecardInfo{ + Version: scorecardVersion, + CommitSHA: scorecardCommit, + }, + Date: date, Checks: []checker.CheckResult{ { Details2: []checker.CheckDetail{ @@ -281,9 +302,15 @@ func TestSARIFOutput(t *testing.T) { }, }, result: ScorecardResult{ - Repo: "repo not used", - Date: date, - CommitSHA: commit, + Repo: RepoInfo{ + Name: repoName, + CommitSHA: repoCommit, + }, + Scorecard: ScorecardInfo{ + Version: scorecardVersion, + CommitSHA: scorecardCommit, + }, + Date: date, Checks: []checker.CheckResult{ { Details2: []checker.CheckDetail{ @@ -377,9 +404,15 @@ func TestSARIFOutput(t *testing.T) { }, }, result: ScorecardResult{ - Repo: "repo not used", - Date: date, - CommitSHA: commit, + Repo: RepoInfo{ + Name: repoName, + CommitSHA: repoCommit, + }, + Scorecard: ScorecardInfo{ + Version: scorecardVersion, + CommitSHA: scorecardCommit, + }, + Date: date, Checks: []checker.CheckResult{ { Details2: []checker.CheckDetail{ @@ -420,9 +453,15 @@ func TestSARIFOutput(t *testing.T) { }, }, result: ScorecardResult{ - Repo: "repo not used", - Date: date, - CommitSHA: commit, + Repo: RepoInfo{ + Name: repoName, + CommitSHA: repoCommit, + }, + Scorecard: ScorecardInfo{ + Version: scorecardVersion, + CommitSHA: scorecardCommit, + }, + Date: date, Checks: []checker.CheckResult{ { Details2: []checker.CheckDetail{ @@ -452,27 +491,27 @@ func TestSARIFOutput(t *testing.T) { var err error content, err = ioutil.ReadFile(tt.expected) if err != nil { - t.Fatalf("cannot read file: %v", err) + t.Fatalf("%s: cannot read file: %v", tt.name, err) } var expected bytes.Buffer n, err := expected.Write(content) if err != nil { - t.Fatalf("cannot write buffer: %v", err) + t.Fatalf("%s: cannot write buffer: %v", tt.name, err) } if n != len(content) { - t.Fatalf("write %d bytes but expected %d", n, len(content)) + t.Fatalf("%s: write %d bytes but expected %d", tt.name, n, len(content)) } var result bytes.Buffer - err = tt.result.AsSARIF("1.2.3", tt.showDetails, tt.logLevel, &result, tt.checkDocs, tt.minScore) + err = tt.result.AsSARIF(tt.showDetails, tt.logLevel, &result, tt.checkDocs, tt.minScore) if err != nil { - t.Fatalf("AsSARIF: %v", err) + t.Fatalf("%s: AsSARIF: %v", tt.name, err) } r := bytes.Compare(expected.Bytes(), result.Bytes()) if r != 0 { - t.Fatalf("invalid result for %s: %d", tt.name, r) + t.Fatalf("%s: invalid result: %d", tt.name, r) } }) } diff --git a/pkg/scorecard.go b/pkg/scorecard.go index 0a29ac221e8..cc986dcc784 100644 --- a/pkg/scorecard.go +++ b/pkg/scorecard.go @@ -106,9 +106,11 @@ func RunScorecards(ctx context.Context, } ret := ScorecardResult{ - Repo: repo.URL(), - Date: time.Now(), - CommitSHA: commitSHA, + Repo: RepoInfo{ + Name: repo.URL(), + CommitSHA: commitSHA, + }, + Date: time.Now(), } resultsCh := make(chan checker.CheckResult) go runEnabledChecks(ctx, repo, checksToRun, repoClient, diff --git a/pkg/scorecard_result.go b/pkg/scorecard_result.go index 8c2e9486b64..874442de368 100644 --- a/pkg/scorecard_result.go +++ b/pkg/scorecard_result.go @@ -30,11 +30,21 @@ import ( sce "github.com/ossf/scorecard/v2/errors" ) +type ScorecardInfo struct { + Version string + CommitSHA string +} + +type RepoInfo struct { + Name string + CommitSHA string +} + // ScorecardResult struct is returned on a successful Scorecard run. type ScorecardResult struct { - Repo string + Repo RepoInfo Date time.Time - CommitSHA string + Scorecard ScorecardInfo Checks []checker.CheckResult Metadata []string } @@ -42,7 +52,7 @@ type ScorecardResult struct { // AsCSV outputs ScorecardResult in CSV format. func (r *ScorecardResult) AsCSV(showDetails bool, logLevel zapcore.Level, writer io.Writer) error { w := csv.NewWriter(writer) - record := []string{r.Repo} + record := []string{r.Repo.Name} columns := []string{"Repository"} // UPGRADEv2: remove nolint after ugrade. //nolint diff --git a/pkg/scorecard_version.go b/pkg/scorecard_version.go new file mode 100644 index 00000000000..cb67fccc4c9 --- /dev/null +++ b/pkg/scorecard_version.go @@ -0,0 +1,65 @@ +// Copyright 2021 Security Scorecard Authors +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +package pkg + +import "runtime" + +// Base version information. +// +// This is the fallback data used when version information from git is not +// provided via go ldflags in the Makefile. See version.mk. +var ( + // Output of "git describe". The prerequisite is that the branch should be + // tagged using the correct versioning strategy. + gitVersion = "unknown" + // SHA1 from git, output of $(git rev-parse HEAD). + gitCommit = "unknown" + // State of git tree, either "clean" or "dirty". + gitTreeState = "unknown" + // Build date in ISO8601 format, output of $(date -u +'%Y-%m-%dT%H:%M:%SZ'). + buildDate = "unknown" +) + +func GetVersion() string { + return gitVersion +} + +func GetCommit() string { + return gitCommit +} + +func GetTreeState() string { + return gitTreeState +} + +func GetBuildDate() string { + return buildDate +} + +func GetGoVersion() string { + return runtime.Version() +} + +func GetOS() string { + return runtime.GOOS +} + +func GetArch() string { + return runtime.GOARCH +} + +func GetCompiler() string { + return runtime.Compiler +} diff --git a/pkg/testdata/check1.json b/pkg/testdata/check1.json index 22c37f5f91f..f6a06dd3d87 100644 --- a/pkg/testdata/check1.json +++ b/pkg/testdata/check1.json @@ -1,16 +1,22 @@ { - "Repo": "repo not used", - "Date": "2021-08-25", - "Commit": "68bc59901773ab4c051dfcea0cc4201a1567ab32", - "Checks": [ + "date": "2021-08-25", + "repo": { + "name": "repo not used", + "commit": "68bc59901773ab4c051dfcea0cc4201a1567ab32" + }, + "scorecard": { + "version": "1.2.3", + "commit": "ccbc59901773ab4c051dfcea0cc4201a1567abdd" + }, + "checks": [ { - "Details": [ + "details": [ "Warn: warn message: src/file1.cpp:5" ], - "Score": 5, - "Reason": "half score reason", - "Name": "Check-Name" + "score": 5, + "reason": "half score reason", + "name": "Check-Name" } ], - "Metadata": [] + "metadata": [] } diff --git a/pkg/testdata/check1.sarif b/pkg/testdata/check1.sarif index 406c93e5b0e..d1dbede523c 100644 --- a/pkg/testdata/check1.sarif +++ b/pkg/testdata/check1.sarif @@ -4,7 +4,7 @@ "runs": [ { "automationDetails": { - "id": "supply-chain/scorecard/68bc59901773ab4c051dfcea0cc4201a1567ab32-17 Aug 21 18:57 +0000" + "id": "supply-chain/scorecard/ccbc59901773ab4c051dfcea0cc4201a1567abdd-17 Aug 21 18:57 +0000" }, "tool": { "driver": { diff --git a/pkg/testdata/check2.json b/pkg/testdata/check2.json index d95d44ff82e..6623a7e2f0f 100644 --- a/pkg/testdata/check2.json +++ b/pkg/testdata/check2.json @@ -1,16 +1,22 @@ { - "Repo": "repo not used", - "Date": "2021-08-25", - "Commit": "68bc59901773ab4c051dfcea0cc4201a1567ab32", - "Checks": [ + "date": "2021-08-25", + "repo": { + "name": "repo not used", + "commit": "68bc59901773ab4c051dfcea0cc4201a1567ab32" + }, + "scorecard": { + "version": "1.2.3", + "commit": "ccbc59901773ab4c051dfcea0cc4201a1567abdd" + }, + "checks": [ { - "Details": [ + "details": [ "Warn: warn message: bin/binary.elf" ], - "Score": 0, - "Reason": "min score reason", - "Name": "Check-Name" + "score": 0, + "reason": "min score reason", + "name": "Check-Name" } ], - "Metadata": [] -} + "metadata": [] +} \ No newline at end of file diff --git a/pkg/testdata/check2.sarif b/pkg/testdata/check2.sarif index c967389a56a..d20366e7b87 100644 --- a/pkg/testdata/check2.sarif +++ b/pkg/testdata/check2.sarif @@ -4,7 +4,7 @@ "runs": [ { "automationDetails": { - "id": "supply-chain/scorecard/68bc59901773ab4c051dfcea0cc4201a1567ab32-17 Aug 21 18:57 +0000" + "id": "supply-chain/scorecard/ccbc59901773ab4c051dfcea0cc4201a1567abdd-17 Aug 21 18:57 +0000" }, "tool": { "driver": { diff --git a/pkg/testdata/check3.json b/pkg/testdata/check3.json index e523c668c1f..0ec57f291c7 100644 --- a/pkg/testdata/check3.json +++ b/pkg/testdata/check3.json @@ -1,33 +1,39 @@ { - "Repo": "repo not used", - "Date": "2021-08-25", - "Commit": "68bc59901773ab4c051dfcea0cc4201a1567ab32", - "Checks": [ + "date": "2021-08-25", + "repo": { + "name": "repo not used", + "commit": "68bc59901773ab4c051dfcea0cc4201a1567ab32" + }, + "scorecard": { + "version": "1.2.3", + "commit": "ccbc59901773ab4c051dfcea0cc4201a1567abdd" + }, + "checks": [ { - "Details": [ + "details": [ "Warn: warn message: bin/binary.elf" ], - "Score": 0, - "Reason": "min result reason", - "Name": "Check-Name" + "score": 0, + "reason": "min result reason", + "name": "Check-Name" }, { - "Details": [ + "details": [ "Warn: warn message: src/doc.txt:3" ], - "Score": 0, - "Reason": "min result reason", - "Name": "Check-Name2" + "score": 0, + "reason": "min result reason", + "name": "Check-Name2" }, { - "Details": [ + "details": [ "Info: info message: some/path.js:3", "Warn: warn message: some/path.py:3" ], - "Score": -1, - "Reason": "inconclusive reason", - "Name": "Check-Name3" + "score": -1, + "reason": "inconclusive reason", + "name": "Check-Name3" } ], - "Metadata": [] + "metadata": [] } diff --git a/pkg/testdata/check3.sarif b/pkg/testdata/check3.sarif index 16cac88fdf3..ed95ee2145e 100644 --- a/pkg/testdata/check3.sarif +++ b/pkg/testdata/check3.sarif @@ -4,7 +4,7 @@ "runs": [ { "automationDetails": { - "id": "supply-chain/scorecard/68bc59901773ab4c051dfcea0cc4201a1567ab32-17 Aug 21 18:57 +0000" + "id": "supply-chain/scorecard/ccbc59901773ab4c051dfcea0cc4201a1567abdd-17 Aug 21 18:57 +0000" }, "tool": { "driver": { diff --git a/pkg/testdata/check4.json b/pkg/testdata/check4.json index 2568dd02777..df33b363d1a 100644 --- a/pkg/testdata/check4.json +++ b/pkg/testdata/check4.json @@ -1,34 +1,40 @@ { - "Repo": "repo not used", - "Date": "2021-08-25", - "Commit": "68bc59901773ab4c051dfcea0cc4201a1567ab32", - "Checks": [ + "date": "2021-08-25", + "repo": { + "name": "repo not used", + "commit": "68bc59901773ab4c051dfcea0cc4201a1567ab32" + }, + "scorecard": { + "version": "1.2.3", + "commit": "ccbc59901773ab4c051dfcea0cc4201a1567abdd" + }, + "checks": [ { - "Details": [ + "details": [ "Warn: warn message: bin/binary.elf" ], - "Score": 0, - "Reason": "min result reason", - "Name": "Check-Name" + "score": 0, + "reason": "min result reason", + "name": "Check-Name" }, { - "Details": [ + "details": [ "Warn: warn message: src/doc.txt:3" ], - "Score": 0, - "Reason": "min result reason", - "Name": "Check-Name2" + "score": 0, + "reason": "min result reason", + "name": "Check-Name2" }, { - "Details": [ + "details": [ "Info: info message: some/path.js:3", "Warn: warn message: some/path.py:3", "Debug: debug message: some/path.go:3" ], - "Score": -1, - "Reason": "inconclusive reason", - "Name": "Check-Name3" + "score": -1, + "reason": "inconclusive reason", + "name": "Check-Name3" } ], - "Metadata": [] -} + "metadata": [] +} \ No newline at end of file diff --git a/pkg/testdata/check4.sarif b/pkg/testdata/check4.sarif index d0595018bf3..bdaa3ba8bcc 100644 --- a/pkg/testdata/check4.sarif +++ b/pkg/testdata/check4.sarif @@ -4,7 +4,7 @@ "runs": [ { "automationDetails": { - "id": "supply-chain/scorecard/68bc59901773ab4c051dfcea0cc4201a1567ab32-17 Aug 21 18:57 +0000" + "id": "supply-chain/scorecard/ccbc59901773ab4c051dfcea0cc4201a1567abdd-17 Aug 21 18:57 +0000" }, "tool": { "driver": { diff --git a/pkg/testdata/check5.json b/pkg/testdata/check5.json index 96d14760252..213163b35d0 100644 --- a/pkg/testdata/check5.json +++ b/pkg/testdata/check5.json @@ -1,16 +1,22 @@ { - "Repo": "repo not used", - "Date": "2021-08-25", - "Commit": "68bc59901773ab4c051dfcea0cc4201a1567ab32", - "Checks": [ + "date": "2021-08-25", + "repo": { + "name": "repo not used", + "commit": "68bc59901773ab4c051dfcea0cc4201a1567ab32" + }, + "scorecard": { + "version": "1.2.3", + "commit": "ccbc59901773ab4c051dfcea0cc4201a1567abdd" + }, + "checks": [ { - "Details": [ + "details": [ "Warn: warn message: src/file1.cpp:5" ], - "Score": 6, - "Reason": "six score reason", - "Name": "Check-Name" + "score": 6, + "reason": "six score reason", + "name": "Check-Name" } ], - "Metadata": [] + "metadata": [] } diff --git a/pkg/testdata/check5.sarif b/pkg/testdata/check5.sarif index f91c3ae5522..3bc6198e4c8 100644 --- a/pkg/testdata/check5.sarif +++ b/pkg/testdata/check5.sarif @@ -4,7 +4,7 @@ "runs": [ { "automationDetails": { - "id": "supply-chain/scorecard/68bc59901773ab4c051dfcea0cc4201a1567ab32-17 Aug 21 18:57 +0000" + "id": "supply-chain/scorecard/ccbc59901773ab4c051dfcea0cc4201a1567abdd-17 Aug 21 18:57 +0000" }, "tool": { "driver": { diff --git a/pkg/testdata/check6.json b/pkg/testdata/check6.json index bf6439f56cc..f3e9d0b90d9 100644 --- a/pkg/testdata/check6.json +++ b/pkg/testdata/check6.json @@ -1,16 +1,22 @@ { - "Repo": "repo not used", - "Date": "2021-08-25", - "Commit": "68bc59901773ab4c051dfcea0cc4201a1567ab32", - "Checks": [ + "date": "2021-08-25", + "repo": { + "name": "repo not used", + "commit": "68bc59901773ab4c051dfcea0cc4201a1567ab32" + }, + "scorecard": { + "version": "1.2.3", + "commit": "ccbc59901773ab4c051dfcea0cc4201a1567abdd" + }, + "checks": [ { - "Details": [ + "details": [ "Warn: warn message: https://domain.com/something" ], - "Score": 6, - "Reason": "six score reason", - "Name": "Check-Name" + "score": 6, + "reason": "six score reason", + "name": "Check-Name" } ], - "Metadata": [] + "metadata": [] } diff --git a/pkg/testdata/check6.sarif b/pkg/testdata/check6.sarif index 2ed84347ff9..4e09661e113 100644 --- a/pkg/testdata/check6.sarif +++ b/pkg/testdata/check6.sarif @@ -4,7 +4,7 @@ "runs": [ { "automationDetails": { - "id": "supply-chain/scorecard/68bc59901773ab4c051dfcea0cc4201a1567ab32-17 Aug 21 18:57 +0000" + "id": "supply-chain/scorecard/ccbc59901773ab4c051dfcea0cc4201a1567abdd-17 Aug 21 18:57 +0000" }, "tool": { "driver": { diff --git a/scripts/version-ldflags b/scripts/version-ldflags index f4513af34cd..39d54137c6a 100755 --- a/scripts/version-ldflags +++ b/scripts/version-ldflags @@ -21,5 +21,5 @@ GIT_VERSION=$(git describe --tags --always --dirty) GIT_HASH=$(git rev-parse HEAD) BUILD_DATE=$(date +'%Y-%m-%dT%H:%M:%SZ') GIT_TREESTATE=$(if git diff --quiet; then echo "clean"; else echo "dirty"; fi) -PKG=$(go list -m | head -n1)/cmd +PKG=$(go list -m | head -n1)/pkg echo "-X $PKG.gitVersion=$GIT_VERSION -X $PKG.gitCommit=$GIT_HASH -X $PKG.gitTreeState=$GIT_TREESTATE -X $PKG.buildDate=$BUILD_DATE" From 8c522505dbaa0522a658ee89dd00ac59f81a7179 Mon Sep 17 00:00:00 2001 From: laurentsimon Date: Mon, 30 Aug 2021 21:00:23 +0000 Subject: [PATCH 2/7] fix --- go.mod | 1 - go.sum | 4 ---- 2 files changed, 5 deletions(-) diff --git a/go.mod b/go.mod index 07f48ce48a7..b2c1c6a57f0 100644 --- a/go.mod +++ b/go.mod @@ -9,7 +9,6 @@ require ( cloud.google.com/go/pubsub v1.16.0 cloud.google.com/go/trace v0.1.0 // indirect contrib.go.opencensus.io/exporter/stackdriver v0.13.8 - github.com/alecthomas/jsonschema v0.0.0-20210818095345-1014919a589c // indirect github.com/bradleyfalzon/ghinstallation v1.1.1 github.com/go-git/go-git/v5 v5.4.2 github.com/golang/mock v1.6.0 diff --git a/go.sum b/go.sum index da6ad118ec2..cb7d4fc0e91 100644 --- a/go.sum +++ b/go.sum @@ -223,8 +223,6 @@ github.com/StackExchange/wmi v0.0.0-20180116203802-5d049714c4a6/go.mod h1:3eOhrU github.com/StackExchange/wmi v1.2.1/go.mod h1:rcmrprowKIVzvc+NUiLncP2uuArMWLCbu9SBzvHz7e8= github.com/acomagu/bufpipe v1.0.3 h1:fxAGrHZTgQ9w5QqVItgzwj235/uYZYgbXitB+dLupOk= github.com/acomagu/bufpipe v1.0.3/go.mod h1:mxdxdup/WdsKVreO5GpW4+M/1CE2sMG4jeGJ2sYmHc4= -github.com/alecthomas/jsonschema v0.0.0-20210818095345-1014919a589c h1:oJsq4z4xKgZWWOhrSZuLZ5KyYfRFytddLL1E5+psfIY= -github.com/alecthomas/jsonschema v0.0.0-20210818095345-1014919a589c/go.mod h1:/n6+1/DWPltRLWL/VKyUxg6tzsl5kHUCcraimt4vr60= github.com/alecthomas/kingpin v2.2.6+incompatible/go.mod h1:59OFYbFVLKQKq+mqrL6Rw5bR0c3ACQaawgXx0QYndlE= github.com/alecthomas/template v0.0.0-20160405071501-a0175ee3bccc/go.mod h1:LOuyumcjzFXgccqObfd/Ljyb9UuFJ6TxHnclSeseNhc= github.com/alecthomas/template v0.0.0-20190718012654-fb15b899a751/go.mod h1:LOuyumcjzFXgccqObfd/Ljyb9UuFJ6TxHnclSeseNhc= @@ -1095,8 +1093,6 @@ github.com/matttproud/golang_protobuf_extensions v1.0.2-0.20181231171920-c182aff github.com/maxbrunsfeld/counterfeiter/v6 v6.2.2/go.mod h1:eD9eIE7cdwcMi9rYluz88Jz2VyhSmden33/aXg4oVIY= github.com/mbilski/exhaustivestruct v1.2.0 h1:wCBmUnSYufAHO6J4AVWY6ff+oxWxsVFrwgOdMUQePUo= github.com/mbilski/exhaustivestruct v1.2.0/go.mod h1:OeTBVxQWoEmB2J2JCHmXWPJ0aksxSUOUy+nvtVEfzXc= -github.com/mcuadros/go-jsonschema-generator v0.0.0-20200330054847-ba7a369d4303 h1:mc6Th1b2xkPDUHTIUynE0LMJUgPEJdIDUjBLvj8yprs= -github.com/mcuadros/go-jsonschema-generator v0.0.0-20200330054847-ba7a369d4303/go.mod h1:O6IeMrJ2EU+kDaxu7Dchbd0fbmrsTcjg8SGYFVJCr5A= github.com/mgechev/dots v0.0.0-20190921121421-c36f7dcfbb81 h1:QASJXOGm2RZ5Ardbc86qNFvby9AqkLDibfChMtAg5QM= github.com/mgechev/dots v0.0.0-20190921121421-c36f7dcfbb81/go.mod h1:KQ7+USdGKfpPjXk4Ga+5XxQM4Lm4e3gAogrreFAYpOg= github.com/mgechev/revive v1.1.0 h1:TvabpsolbtlzZTyJcgMRN38MHrgi8C0DhmGE5dhscGY= From 913f75e865cab6a787a45fffce61e08dec25bc1f Mon Sep 17 00:00:00 2001 From: laurentsimon Date: Mon, 30 Aug 2021 21:01:12 +0000 Subject: [PATCH 3/7] fix --- go.sum | 2 -- 1 file changed, 2 deletions(-) diff --git a/go.sum b/go.sum index cb7d4fc0e91..5c76947eb1c 100644 --- a/go.sum +++ b/go.sum @@ -916,8 +916,6 @@ github.com/hashicorp/uuid v0.0.0-20160311170451-ebb0a03e909c/go.mod h1:fHzc09Uny github.com/hpcloud/tail v1.0.0/go.mod h1:ab1qPbhIpdTxEkNHXyeSf5vhxWSCs/tWer42PpOxQnU= github.com/huandu/xstrings v1.0.0/go.mod h1:4qWG/gcEcfX4z/mBDHJ++3ReCw9ibxbsNJbcucJdbSo= github.com/huandu/xstrings v1.2.0/go.mod h1:DvyZB1rfVYsBIigL8HwpZgxHwXozlTgGqn63UyNX5k4= -github.com/iancoleman/orderedmap v0.0.0-20190318233801-ac98e3ecb4b0 h1:i462o439ZjprVSFSZLZxcsoAe592sZB1rci2Z8j4wdk= -github.com/iancoleman/orderedmap v0.0.0-20190318233801-ac98e3ecb4b0/go.mod h1:N0Wam8K1arqPXNWjMo21EXnBPOPp36vB07FNRdD2geA= github.com/ianlancetaylor/demangle v0.0.0-20181102032728-5e5cf60278f6/go.mod h1:aSSvb/t6k1mPoxDqO4vJh6VOCGPwU4O0C2/Eqndh1Sc= github.com/ianlancetaylor/demangle v0.0.0-20200824232613-28f6c0f3b639/go.mod h1:aSSvb/t6k1mPoxDqO4vJh6VOCGPwU4O0C2/Eqndh1Sc= github.com/imdario/mergo v0.3.4/go.mod h1:2EnlNZ0deacrJVfApfmtdGgDfMuh/nq6Ok1EcJh5FfA= From d4db686a8c6ab6707c49848709c3fcd1d89a6324 Mon Sep 17 00:00:00 2001 From: laurentsimon Date: Tue, 31 Aug 2021 22:24:44 +0000 Subject: [PATCH 4/7] linter --- pkg/scorecard_result.go | 2 ++ pkg/scorecard_version.go | 8 ++++++++ 2 files changed, 10 insertions(+) diff --git a/pkg/scorecard_result.go b/pkg/scorecard_result.go index 874442de368..245f69fed0a 100644 --- a/pkg/scorecard_result.go +++ b/pkg/scorecard_result.go @@ -30,11 +30,13 @@ import ( sce "github.com/ossf/scorecard/v2/errors" ) +// ScorecardInfo contains information about the scorecard code tat was run. type ScorecardInfo struct { Version string CommitSHA string } +// RepoInfo contains information about the repo that was analyzed. type RepoInfo struct { Name string CommitSHA string diff --git a/pkg/scorecard_version.go b/pkg/scorecard_version.go index cb67fccc4c9..d706e7f91e0 100644 --- a/pkg/scorecard_version.go +++ b/pkg/scorecard_version.go @@ -32,34 +32,42 @@ var ( buildDate = "unknown" ) +// GetVersion returns the scorecard version. func GetVersion() string { return gitVersion } +// GetCommit returns the GitHub's commit hash that scorecard was built from. func GetCommit() string { return gitCommit } +// GetTreeState returns the git tree state. func GetTreeState() string { return gitTreeState } +// GetBuildDate returns the date scorecard was build. func GetBuildDate() string { return buildDate } +// GetGoVersion returns the Go version used to build scorecard. func GetGoVersion() string { return runtime.Version() } +// GetOS returns the OS the build can run on. func GetOS() string { return runtime.GOOS } +// GetArch returns the architecture (e.g., x86) the build can run on. func GetArch() string { return runtime.GOARCH } +// GetCompiler returns the compiler that was used to build scorecard. func GetCompiler() string { return runtime.Compiler } From f043ee72900a3aa8d9c409a70cc36616c8c6deb2 Mon Sep 17 00:00:00 2001 From: laurentsimon Date: Tue, 31 Aug 2021 22:35:42 +0000 Subject: [PATCH 5/7] typo --- pkg/scorecard_result.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pkg/scorecard_result.go b/pkg/scorecard_result.go index 245f69fed0a..0724838b309 100644 --- a/pkg/scorecard_result.go +++ b/pkg/scorecard_result.go @@ -30,7 +30,7 @@ import ( sce "github.com/ossf/scorecard/v2/errors" ) -// ScorecardInfo contains information about the scorecard code tat was run. +// ScorecardInfo contains information about the scorecard code that was run. type ScorecardInfo struct { Version string CommitSHA string From b79f574b483436a8e621272062134d127491a50e Mon Sep 17 00:00:00 2001 From: laurentsimon Date: Tue, 31 Aug 2021 22:53:24 +0000 Subject: [PATCH 6/7] fix --- cron/worker/json.go | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/cron/worker/json.go b/cron/worker/json.go index 47c59dffac2..24fea2f1d30 100644 --- a/cron/worker/json.go +++ b/cron/worker/json.go @@ -65,7 +65,7 @@ func AsJSON(r *pkg.ScorecardResult, showDetails bool, logLevel zapcore.Level, wr encoder := json.NewEncoder(writer) out := jsonScorecardCronResult{ - Repo: r.Repo, + Repo: r.Repo.Name, Date: r.Date.Format("2006-01-02"), Metadata: r.Metadata, } @@ -101,9 +101,9 @@ func AsJSON2(r *pkg.ScorecardResult, showDetails bool, logLevel zapcore.Level, w encoder := json.NewEncoder(writer) out := jsonScorecardCronResultV2{ - Repo: r.Repo, + Repo: r.Repo.Name, Date: r.Date.Format("2006-01-02"), - Commit: r.CommitSHA, + Commit: r.Repo.CommitSHA, Metadata: r.Metadata, } From 6058d0e40bb5c4c5bee8bbfb763b26d5a77f2419 Mon Sep 17 00:00:00 2001 From: laurentsimon Date: Wed, 1 Sep 2021 00:18:09 +0000 Subject: [PATCH 7/7] linter --- go.sum | 1 - 1 file changed, 1 deletion(-) diff --git a/go.sum b/go.sum index 5c76947eb1c..977bcd06860 100644 --- a/go.sum +++ b/go.sum @@ -1432,7 +1432,6 @@ github.com/stretchr/testify v0.0.0-20180303142811-b89eecf5ca5d/go.mod h1:a8OnRci github.com/stretchr/testify v1.1.4/go.mod h1:a8OnRcib4nhh0OaRAV+Yts87kKdq0PP7pXfy6kDkUVs= github.com/stretchr/testify v1.2.2/go.mod h1:a8OnRcib4nhh0OaRAV+Yts87kKdq0PP7pXfy6kDkUVs= github.com/stretchr/testify v1.3.0/go.mod h1:M5WIy9Dh21IEIfnGCwXGc5bZfKNJtfHm1UVUgZn+9EI= -github.com/stretchr/testify v1.3.1-0.20190311161405-34c6fa2dc709/go.mod h1:M5WIy9Dh21IEIfnGCwXGc5bZfKNJtfHm1UVUgZn+9EI= github.com/stretchr/testify v1.4.0/go.mod h1:j7eGeouHqKxXV5pUuKE4zz7dFj8WfuZ+81PSLYec5m4= github.com/stretchr/testify v1.5.1/go.mod h1:5W2xD1RspED5o8YsWQXVCued0rvSQ+mT+I5cxcmMvtA= github.com/stretchr/testify v1.6.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=