The highest tagged major version is
Documentation
¶
Overview ¶
Package checks defines all Scorecard checks.
Index ¶
- Constants
- Variables
- func BinaryArtifacts(c *checker.CheckRequest) checker.CheckResult
- func BranchProtection(c *checker.CheckRequest) checker.CheckResult
- func CIIBestPractices(c *checker.CheckRequest) checker.CheckResult
- func CITests(c *checker.CheckRequest) checker.CheckResult
- func CodeReview(c *checker.CheckRequest) checker.CheckResult
- func Contributors(c *checker.CheckRequest) checker.CheckResult
- func DangerousWorkflow(c *checker.CheckRequest) checker.CheckResult
- func DependencyUpdateTool(c *checker.CheckRequest) checker.CheckResult
- func Fuzzing(c *checker.CheckRequest) checker.CheckResult
- func GetAll() checker.CheckNameToFnMap
- func License(c *checker.CheckRequest) checker.CheckResult
- func Maintained(c *checker.CheckRequest) checker.CheckResult
- func Packaging(c *checker.CheckRequest) checker.CheckResult
- func PinnedDependencies(c *checker.CheckRequest) checker.CheckResult
- func SAST(c *checker.CheckRequest) checker.CheckResult
- func SecurityPolicy(c *checker.CheckRequest) checker.CheckResult
- func SignedReleases(c *checker.CheckRequest) checker.CheckResult
- func TokenPermissions(c *checker.CheckRequest) checker.CheckResult
- func Vulnerabilities(c *checker.CheckRequest) checker.CheckResult
- func WebHooks(c *checker.CheckRequest) checker.CheckResult
Constants ¶
const CheckBinaryArtifacts string = "Binary-Artifacts"
CheckBinaryArtifacts is the exported name for Binary-Artifacts check.
const CheckBranchProtection = "Branch-Protection"
CheckBranchProtection is the exported name for Branch-Protected check.
const CheckCIIBestPractices = "CII-Best-Practices"
CheckCIIBestPractices is the registered name for CIIBestPractices.
const (
// CheckCITests is the registered name for CITests.
CheckCITests = "CI-Tests"
)
const CheckCodeReview = "Code-Review"
CheckCodeReview is the registered name for DoesCodeReview.
const CheckContributors = "Contributors"
CheckContributors is the registered name for Contributors.
const CheckDangerousWorkflow = "Dangerous-Workflow"
CheckDangerousWorkflow is the exported name for Dangerous-Workflow check.
const CheckDependencyUpdateTool = "Dependency-Update-Tool"
CheckDependencyUpdateTool is the exported name for Automatic-Depdendency-Update.
const CheckFuzzing = "Fuzzing"
CheckFuzzing is the registered name for Fuzzing.
const CheckLicense = "License"
CheckLicense is the registered name for License.
const CheckMaintained = "Maintained"
CheckMaintained is the exported check name for Maintained.
const CheckPackaging = "Packaging"
CheckPackaging is the registered name for Packaging.
const CheckPinnedDependencies = "Pinned-Dependencies"
CheckPinnedDependencies is the registered name for FrozenDeps.
const CheckSAST = "SAST"
CheckSAST is the registered name for SAST.
const CheckSecurityPolicy = "Security-Policy"
CheckSecurityPolicy is the registred name for SecurityPolicy.
const CheckSignedReleases = "Signed-Releases"
CheckSignedReleases is the registered name for SignedReleases.
const (
CheckTokenPermissions = "Token-Permissions"
)
CheckTokenPermissions is the exported name for Token-Permissions check.
const CheckVulnerabilities = "Vulnerabilities"
CheckVulnerabilities is the registered name for the OSV check.
const (
// CheckWebHooks is the registered name for WebHooks.
CheckWebHooks = "Webhooks"
)
Variables ¶
var AllChecks = checker.CheckNameToFnMap{}
AllChecks is the list of all security checks that will be run.
Functions ¶
func BinaryArtifacts ¶
func BinaryArtifacts(c *checker.CheckRequest) checker.CheckResult
BinaryArtifacts will check the repository contains binary artifacts.
func BranchProtection ¶
func BranchProtection(c *checker.CheckRequest) checker.CheckResult
BranchProtection runs the Branch-Protection check.
func CIIBestPractices ¶
func CIIBestPractices(c *checker.CheckRequest) checker.CheckResult
CIIBestPractices will check if the maintainers have a best practice badge.
func CITests ¶
func CITests(c *checker.CheckRequest) checker.CheckResult
CITests runs CI-Tests check.
func CodeReview ¶ added in v4.1.0
func CodeReview(c *checker.CheckRequest) checker.CheckResult
CodeReview will check if the maintainers perform code review.
func Contributors ¶
func Contributors(c *checker.CheckRequest) checker.CheckResult
Contributors run Contributors check.
func DangerousWorkflow ¶
func DangerousWorkflow(c *checker.CheckRequest) checker.CheckResult
DangerousWorkflow will check the repository contains Dangerous-Workflow.
func DependencyUpdateTool ¶
func DependencyUpdateTool(c *checker.CheckRequest) checker.CheckResult
DependencyUpdateTool checks if the repository uses a dependency update tool.
func Fuzzing ¶
func Fuzzing(c *checker.CheckRequest) checker.CheckResult
Fuzzing runs Fuzzing check.
func GetAll ¶ added in v4.2.0
func GetAll() checker.CheckNameToFnMap
GetAll returns the full list of checks, given any environment variable constraints. TODO(checks): Is this actually necessary given `AllChecks` exists?
func License ¶ added in v4.2.0
func License(c *checker.CheckRequest) checker.CheckResult
License runs License check.
func Maintained ¶ added in v4.2.0
func Maintained(c *checker.CheckRequest) checker.CheckResult
Maintained runs Maintained check.
func Packaging ¶
func Packaging(c *checker.CheckRequest) checker.CheckResult
Packaging runs Packaging check.
func PinnedDependencies ¶
func PinnedDependencies(c *checker.CheckRequest) checker.CheckResult
PinnedDependencies will check the repository if it contains frozen dependecies.
func SecurityPolicy ¶
func SecurityPolicy(c *checker.CheckRequest) checker.CheckResult
SecurityPolicy runs Security-Policy check.
func SignedReleases ¶
func SignedReleases(c *checker.CheckRequest) checker.CheckResult
SignedReleases runs Signed-Releases check.
func TokenPermissions ¶
func TokenPermissions(c *checker.CheckRequest) checker.CheckResult
TokenPermissions runs Token-Permissions check.
func Vulnerabilities ¶ added in v4.1.0
func Vulnerabilities(c *checker.CheckRequest) checker.CheckResult
Vulnerabilities runs Vulnerabilities check.
func WebHooks ¶ added in v4.2.0
func WebHooks(c *checker.CheckRequest) checker.CheckResult
WebHooks run Webhooks check.
Types ¶
This section is empty.
Source Files
¶
- all_checks.go
- binary_artifact.go
- branch_protection.go
- ci_tests.go
- cii_best_practices.go
- code_review.go
- contributors.go
- dangerous_workflow.go
- dependency_update_tool.go
- errors.go
- fuzzing.go
- license.go
- maintained.go
- packaging.go
- permissions.go
- pinned_dependencies.go
- remediations.go
- sast.go
- security_policy.go
- shell_download_validate.go
- signed_releases.go
- vulnerabilities.go
- webhook.go
Directories