Comments (4)
inferno-chromium
commented on June 12, 2024
1
I think I know what the problem is. I am on vacation and planning to do a PR start of the new year!
Perfect, enjoy the holidays and merry christmas! see you in new year!
from scorecard.
inferno-chromium
commented on June 12, 2024
@naveensrinivasan - do you have ideas on a fix here ? Thanks for finding an example
from scorecard.
naveensrinivasan
commented on June 12, 2024
I think I know what the problem is. I am on vacation and planning to do a PR start of the new year!
from scorecard.
naveensrinivasan
commented on June 12, 2024
The reason the tags aren't working for certain repositories is that because the Lightweight Tags vs Annotated Tags
Basically, lightweight tags are just pointers to specific commits. No further information is saved; on the other hand, annotated tags are regular objects, which have an author and a date and can be referred because they have their own SHA key.
https://api.github.com/repos/ossf/scorecard/git/refs/tags
[
{
"ref": "refs/tags/v1.0.0",
"node_id": "MDM6UmVmMzAyNjcwNzk3OnJlZnMvdGFncy92MS4wLjA=",
"url": "https://api.github.com/repos/ossf/scorecard/git/refs/tags/v1.0.0",
"object": {
"sha": "87997ffb5724cb479223a08a2890c60b0ea4bfbd",
"type": "commit",
"url": "https://api.github.com/repos/ossf/scorecard/git/commits/87997ffb5724cb479223a08a2890c60b0ea4bfbd"
}
},
{
"ref": "refs/tags/v1.1.0",
"node_id": "MDM6UmVmMzAyNjcwNzk3OnJlZnMvdGFncy92MS4xLjA=",
"url": "https://api.github.com/repos/ossf/scorecard/git/refs/tags/v1.1.0",
"object": {
"sha": "f2c633854602cf0c8f33164a169fb0a8454bee01",
"type": "tag",
"url": "https://api.github.com/repos/ossf/scorecard/git/tags/f2c633854602cf0c8f33164a169fb0a8454bee01"
}
}
]
Annotated tags
https://api.github.com/repos/kubernetes/kubernetes/git/refs/tags
[
{
"ref": "refs/tags/v0.2",
"node_id": "MDM6UmVmMjA1ODA0OTg6cmVmcy90YWdzL3YwLjI=",
"url": "https://api.github.com/repos/kubernetes/kubernetes/git/refs/tags/v0.2",
"object": {
"sha": "64dbf9ae21dd0deb485f88b79b96eb35ca855138",
"type": "tag",
"url": "https://api.github.com/repos/kubernetes/kubernetes/git/tags/64dbf9ae21dd0deb485f88b79b96eb35ca855138"
}
}
]
The look for the tag fails because of there isn't a tag object but only a commit object.
https://api.github.com/repos/ossf/scorecard/git/commits/87997ffb5724cb479223a08a2890c60b0ea4bfbd
from scorecard.
Related Issues (20)
- BUG: URI "no file associated with this alert" in SARIF now invalid in github/codeql-action HOT 2
- 📜 GitLab Integration Check Validations HOT 1
- Feature: re-visit the need for multiple RunScorecard function HOT 2
- Feature: retrieve local branch on local / git repo
- BUG: Vulnerabilities check "Failed to resolve version"
- BUG: Pinned-Dependencies fails for jobs with complex matrix-defined OS
- BUG: Security-Policy throws a warning if target repo's org has an empty .github repo
- Feature: structured results visualization
- Allowing users to integrate external checks via blank-imports HOT 3
- GitLab: Validate CII-Best-Practices
- GitLab: Validate Code Review check
- GitLab: Validate Fuzzing check
- GitLab: Validate Contributors check
- GitLab: Validate License check HOT 1
- Feature: add tests to probe format results HOT 1
- Branch-Protection: Review/remove scoring based on Tiers
- BUG: dependabot detected in a project without dependabot HOT 1
- Feature: Consider go vet a SAST tool HOT 1
- Sudden e2e test failures in 2 tests HOT 1
- Should `security-events: read` be considered a dangerous permission? HOT 13
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from scorecard.