Comments (3)
@naveensrinivasan,
How many times did you try it? I forgot to mention that it's intermittent.I also tried with go1.15.6, and it still panics.
You are right it fails when I try it within a loop. Thanks for that information 😄 .
from scorecard.
I tried it and it didn't fail for me.
./scorecard --repo=github.com/adnanh/webhook --show-details
Starting [Active]
Starting [Branch-Protection]
Starting [CI-Tests]
Starting [CII-Best-Practices]
Starting [Code-Review]
Starting [Contributors]
Starting [Frozen-Deps]
Starting [Fuzzing]
Starting [Packaging]
Starting [Pull-Requests]
Starting [SAST]
Starting [Security-Policy]
Starting [Signed-Releases]
Starting [Signed-Tags]
Finished [Fuzzing]
Finished [Frozen-Deps]
Finished [CII-Best-Practices]
Finished [Packaging]
Finished [Branch-Protection]
Finished [Signed-Tags]
Finished [Signed-Releases]
Finished [Contributors]
Finished [Security-Policy]
Finished [SAST]
Finished [Active]
Finished [Pull-Requests]
Finished [CI-Tests]
Finished [Code-Review]
RESULTS
-------
Active: Pass 10
commits in last 90 days: 18
Branch-Protection: Fail 10
!! branch protection not enabled
CI-Tests: Fail 8
CI test found: pr: 489, context: github-actions, url: https://api.github.com/repos/adnanh/webhook/check-runs/1504710886
CI test found: pr: 486, context: github-actions, url: https://api.github.com/repos/adnanh/webhook/check-runs/1454553541
CI test found: pr: 485, context: github-actions, url: https://api.github.com/repos/adnanh/webhook/check-runs/1451381442
CI test found: pr: 484, context: github-actions, url: https://api.github.com/repos/adnanh/webhook/check-runs/1450531646
CI test found: pr: 479, context: github-actions, url: https://api.github.com/repos/adnanh/webhook/check-runs/1435955645
CI test found: pr: 477, context: github-actions, url: https://api.github.com/repos/adnanh/webhook/check-runs/1414707563
CI test found: pr: 472, context: github-actions, url: https://api.github.com/repos/adnanh/webhook/check-runs/1302651275
!! found merged PR without CI test: 469
!! found merged PR without CI test: 465
!! found merged PR without CI test: 463
!! found merged PR without CI test: 462
!! found merged PR without CI test: 461
!! found merged PR without CI test: 460
!! found merged PR without CI test: 449
!! found merged PR without CI test: 447
!! found merged PR without CI test: 446
!! found merged PR without CI test: 445
!! found merged PR without CI test: 432
!! found merged PR without CI test: 431
!! found merged PR without CI test: 427
!! found merged PR without CI test: 426
!! found merged PR without CI test: 420
!! found merged PR without CI test: 417
!! found merged PR without CI test: 415
!! found merged PR without CI test: 413
found CI tests for 7 of 25 merged PRs
CII-Best-Practices: Fail 10
no badge found
Code-Review: Pass 10
found pr with committer different than author: 489
found pr with committer different than author: 486
found pr with committer different than author: 485
found pr with committer different than author: 484
found review approved pr: 479
found review approved pr: 477
found pr with committer different than author: 472
found pr with committer different than author: 469
found pr with committer different than author: 465
found pr with committer different than author: 463
found pr with committer different than author: 462
found pr with committer different than author: 461
found pr with committer different than author: 460
found pr with committer different than author: 449
found pr with committer different than author: 447
found pr with committer different than author: 446
found pr with committer different than author: 445
found pr with committer different than author: 432
found pr with committer different than author: 431
found pr with committer different than author: 427
found pr with committer different than author: 426
found pr with committer different than author: 420
found pr with committer different than author: 417
found pr with committer different than author: 415
found pr with committer different than author: 413
github code reviews found
Contributors: Pass 10
companies found: saburly,medevit,voxmedia
Frozen-Deps: Pass 10
go modules found: go.mod
Fuzzing: Fail 10
Packaging: Fail 10
!! not a packaging workflow: .github/workflows/build.yml
Pull-Requests: Pass 9
!! found commit without PR: b1f69564a3fa41b856258cb668ce0032c29294c7, committer: adnanh
!! found commit without PR: 159cb4a911d6499b70a9bab0d4ab16d142bf2af9, committer: adnanh
found commit with PR: b5af9a396881aa9a103c0daeed6060e7959add57
found commit with PR: 2e4aea4cbc6e43b8aab4a063c784f6b017a0115c
found commit with PR: b6e5b11174d01d4c53b3c24cdd3c63dbe7feb24d
found commit with PR: 9dec52c727e41866fda3bdbb6a8f8b3bbf862517
found commit with PR: f2b536dbad4a7cb8da1fbef6f506b226203c6997
found commit with PR: 62f9c01cab97598969456faa1148f3cc32c4f817
found commit with PR: 6d2f26d95283a77a97722adb57a2c6a2574576b3
found commit with PR: c2ffd465c4db38bb256606bcb8b955ec9392a442
found commit with PR: 3e18a060ae290e7fdd35d080aab5af4b3ecd7f35
found commit with PR: 6f5962f8f2592b75ccf55900eb7d27512f99c74a
found commit with PR: 346c761ef6f504362bb0869eae5a894ad39f2f1f
found commit with PR: e513eb4bf46885046be32d348d4c823e93e62121
found commit with PR: 22c8a1670b92a879580eebe48397edd343dab12c
!! found commit without PR: 9c7f8c1ac4993c56658c4afacda5f3d40630d11e, committer: web-flow
found commit with PR: 4fadb1171f22c0ef350f02b2e8a93eacb6c39530
found commit with PR: dc184d2737ff15e76a953cb76b34576e055e3ee9
found commit with PR: 7467933680e8e8b6b45ee5c8bb66d3d1fb37a256
found commit with PR: fd50118712af7d82729de9e4c9c619d0aeca6f5f
found commit with PR: 67c317e741b6a91dcde1d69a51ee8c180022cf20
found commit with PR: ab3ff0343ecd53ba872edc8c2704037bb98401de
found commit with PR: f007fa52809edc645cddb27ce688ce73f58aad92
found commit with PR: a904537367e0c7d36976e723f1c1a596c3498670
found commit with PR: 0814b10a16f8e53280d9e2138ae3a7b95381514a
found commit with PR: d2795059303521cac3fdd0a1c4feeec406512514
found commit with PR: 0f4bbfac9f871fd3b6c1c14250186a3ac30a3655
found commit with PR: 6bbf14f7d9fc0f354ef0a313e76e69e93f83a6d2
found commit with PR: 6797bf7cf71bbc5e87418126be7bf19b79e01564
found commit with PR: c6603894c1215ded1e717594b05dfb7cdd2dd81b
found PRs for 27 out of 30 commits
SAST: Fail 10
Security-Policy: Fail 10
Signed-Releases: Fail 10
release found: 2.8.0
!! release 2.8.0 has no signed artifacts
release found: 2.7.0
!! release 2.7.0 has no signed artifacts
release found: 2.6.11
!! release 2.6.11 has no signed artifacts
release found: 2.6.10
!! release 2.6.10 has no signed artifacts
release found: 2.6.9
!! release 2.6.9 has no signed artifacts
release found: 2.6.8
!! release 2.6.8 has no signed artifacts
found signed artifacts for 0 out of 6 releases
Signed-Tags: Fail 0
error, retrying: GET https://api.github.com/repos/adnanh/webhook/git/tags/4e1719d9660a6eb6d9da3eb7967c9658b8c8638b: 404 Not Found []
go version
go version go1.15.6 darwin/amd64
c00aa4b (HEAD -> fix/panic-sast, origin/main, origin/HEAD, main, feat/docker-static-builds) Add e2e tests for remaining checks.
from scorecard.
@naveensrinivasan,
How many times did you try it? I forgot to mention that it's intermittent.
I also tried with go1.15.6, and it still panics.
from scorecard.
Related Issues (20)
- BUG: Running checks with --local option HOT 11
- Feature
- Does not detect use of CodeQL (SAST) HOT 3
- Feature: New Check "Criticality and Maturity" HOT 3
- Avoiding probe explosion and boilerplate HOT 2
- Feature: Fork pull request workflows from outside collaborators HOT 3
- dangerous-workflow: check usage of $GITHUB_ENV
- BUG: Binary-Artifact and Pinned-Dependencies kill Scorecard in a repo with large files HOT 6
- Feature: Allow "incomplete" checks for --local repos HOT 1
- No Score for Dependabot alerts feature HOT 5
- Feature: New Check "Permissive License" HOT 4
- Revisit outcomes in Pinned Dependencies probes
- Feature: Check for usage of on: workflow_run trigger HOT 25
- evaluate codecov/codecov-action v4 token
- CodeReviewID appears twice and upload fails with "contains duplicate item" HOT 2
- Feature: Rename OutcomePositive/Negative to something more aligned with the security implication of a probe finding HOT 1
- BUG: License LGPL-2.1-only not discovered HOT 5
- Supporting Spack package manager HOT 2
- scorecard started reducing score for vulnerabilities in unrelated packages that aren't imported HOT 4
- cleanup branch protection tests
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from scorecard.