The highest tagged major version is
Documentation
¶
Overview ¶
Package checks defines all Scorecard checks.
Index ¶
- Constants
- Variables
- func BinaryArtifacts(c *checker.CheckRequest) checker.CheckResult
- func BranchProtection(c *checker.CheckRequest) checker.CheckResult
- func CIIBestPractices(c *checker.CheckRequest) checker.CheckResult
- func CITests(c *checker.CheckRequest) checker.CheckResult
- func Contributors(c *checker.CheckRequest) checker.CheckResult
- func DangerousWorkflow(c *checker.CheckRequest) checker.CheckResult
- func DoesCodeReview(c *checker.CheckRequest) checker.CheckResult
- func Fuzzing(c *checker.CheckRequest) checker.CheckResult
- func HasUnfixedVulnerabilities(c *checker.CheckRequest) checker.CheckResult
- func IsMaintained(c *checker.CheckRequest) checker.CheckResult
- func Packaging(c *checker.CheckRequest) checker.CheckResult
- func PinnedDependencies(c *checker.CheckRequest) checker.CheckResult
- func SAST(c *checker.CheckRequest) checker.CheckResult
- func SecurityPolicy(c *checker.CheckRequest) checker.CheckResult
- func SignedReleases(c *checker.CheckRequest) checker.CheckResult
- func TokenPermissions(c *checker.CheckRequest) checker.CheckResult
- func UsesDependencyUpdateTool(c *checker.CheckRequest) checker.CheckResult
Constants ¶
const CheckBinaryArtifacts string = "Binary-Artifacts"
CheckBinaryArtifacts is the exported name for Binary-Artifacts check.
const (
// CheckBranchProtection is the exported name for Branch-Protected check.
CheckBranchProtection = "Branch-Protection"
)
const (
// CheckCIIBestPractices is the registered name for CIIBestPractices.
CheckCIIBestPractices = "CII-Best-Practices"
)
const (
// CheckCITests is the registered name for CITests.
CheckCITests = "CI-Tests"
)
const CheckCodeReview = "Code-Review"
CheckCodeReview is the registered name for DoesCodeReview.
const (
// CheckContributors is the registered name for Contributors.
CheckContributors = "Contributors"
)
const CheckDangerousWorkflow = "Dangerous-Workflow"
CheckDangerousWorkflow is the exported name for Dangerous-Workflow check.
const CheckDependencyUpdateTool = "Dependency-Update-Tool"
CheckDependencyUpdateTool is the exported name for Automatic-Depdendency-Update.
const CheckFuzzing = "Fuzzing"
CheckFuzzing is the registered name for Fuzzing.
const (
// CheckMaintained is the exported check name for Maintained.
CheckMaintained = "Maintained"
)
const CheckPackaging = "Packaging"
CheckPackaging is the registered name for Packaging.
const CheckPinnedDependencies = "Pinned-Dependencies"
CheckPinnedDependencies is the registered name for FrozenDeps.
const CheckSAST = "SAST"
CheckSAST is the registered name for SAST.
const CheckSecurityPolicy = "Security-Policy"
CheckSecurityPolicy is the registred name for SecurityPolicy.
const (
// CheckSignedReleases is the registered name for SignedReleases.
CheckSignedReleases = "Signed-Releases"
)
const CheckTokenPermissions = "Token-Permissions"
CheckTokenPermissions is the exported name for Token-Permissions check.
const (
// CheckVulnerabilities is the registered name for the OSV check.
CheckVulnerabilities = "Vulnerabilities"
)
Variables ¶
var AllChecks = checker.CheckNameToFnMap{}
AllChecks is the list of all security checks that will be run.
Functions ¶
func BinaryArtifacts ¶
func BinaryArtifacts(c *checker.CheckRequest) checker.CheckResult
BinaryArtifacts will check the repository contains binary artifacts.
func BranchProtection ¶
func BranchProtection(c *checker.CheckRequest) checker.CheckResult
BranchProtection runs Branch-Protection check.
func CIIBestPractices ¶
func CIIBestPractices(c *checker.CheckRequest) checker.CheckResult
CIIBestPractices runs CII-Best-Practices check.
func CITests ¶
func CITests(c *checker.CheckRequest) checker.CheckResult
CITests runs CI-Tests check.
func Contributors ¶
func Contributors(c *checker.CheckRequest) checker.CheckResult
Contributors run Contributors check.
func DangerousWorkflow ¶ added in v3.2.1
func DangerousWorkflow(c *checker.CheckRequest) checker.CheckResult
DangerousWorkflow runs Dangerous-Workflow check.
func DoesCodeReview ¶
func DoesCodeReview(c *checker.CheckRequest) checker.CheckResult
DoesCodeReview attempts to determine whether a project requires review before code gets merged. It uses a set of heuristics: - Looking at the repo configuration to see if reviews are required. - Checking if most of the recent merged PRs were "Approved". - Looking for other well-known review labels.
func Fuzzing ¶
func Fuzzing(c *checker.CheckRequest) checker.CheckResult
Fuzzing runs Fuzzing check.
func HasUnfixedVulnerabilities ¶
func HasUnfixedVulnerabilities(c *checker.CheckRequest) checker.CheckResult
HasUnfixedVulnerabilities runs Vulnerabilities check.
func IsMaintained ¶
func IsMaintained(c *checker.CheckRequest) checker.CheckResult
IsMaintained runs Maintained check.
func Packaging ¶
func Packaging(c *checker.CheckRequest) checker.CheckResult
Packaging runs Packaging check.
func PinnedDependencies ¶
func PinnedDependencies(c *checker.CheckRequest) checker.CheckResult
PinnedDependencies will check the repository if it contains frozen dependecies.
func SecurityPolicy ¶
func SecurityPolicy(c *checker.CheckRequest) checker.CheckResult
SecurityPolicy runs Security-Policy check.
func SignedReleases ¶
func SignedReleases(c *checker.CheckRequest) checker.CheckResult
SignedReleases runs Signed-Releases check.
func TokenPermissions ¶
func TokenPermissions(c *checker.CheckRequest) checker.CheckResult
TokenPermissions runs Token-Permissions check.
func UsesDependencyUpdateTool ¶
func UsesDependencyUpdateTool(c *checker.CheckRequest) checker.CheckResult
UsesDependencyUpdateTool will check the repository uses a dependency update tool.
Types ¶
This section is empty.
Source Files
¶
- all_checks.go
- binary_artifact.go
- branch_protection.go
- ci_tests.go
- cii_best_practices.go
- code_review.go
- contributors.go
- dangerous_workflow.go
- dependency_update_tool.go
- errors.go
- fuzzing.go
- maintained.go
- packaging.go
- permissions.go
- pinned_dependencies.go
- sast.go
- security_policy.go
- shell_download_validate.go
- signed_releases.go
- vulnerabilities.go
Directories