├── .codecov.yml ├── .dockerignore ├── .github ├── CODEOWNERS ├── dependabot.yml └── workflows │ ├── codeql-analysis.yml │ ├── dependency-review.yml │ ├── docker-image.yml │ ├── ghcr-retention.yml │ ├── ghcr.yml │ ├── golangci.yml │ ├── scorecards.yml │ └── tests.yaml ├── .gitignore ├── .golangci.yml ├── Dockerfile ├── LICENSE ├── Makefile ├── README.md ├── RELEASE.md ├── SECURITY.md ├── action.yaml ├── artwork ├── Scorecard_Icon.png ├── Scorecard_Icon.svg ├── Scorecard_Icon_withBG.png └── Scorecard_Icon_withBG.svg ├── cloudbuild-tag.yaml ├── cloudbuild.yaml ├── cmd └── installer │ ├── README.md │ ├── main.go │ └── main_test.go ├── codeql.js ├── docs ├── authentication │ ├── classic-token.md │ └── fine-grained-auth-token.md └── development.md ├── e2e └── README.md ├── github └── github.go ├── go.mod ├── go.sum ├── images ├── actionconfirm.png ├── badge.png ├── configurescantool.png ├── exploreworkflow.png ├── install01.png ├── install02.png ├── install03.png ├── install05.png ├── remediation.png ├── searchingossf.png └── tokenscopes.png ├── install ├── cli │ └── cli.go ├── github │ └── github.go ├── install.go └── options │ ├── flags.go │ └── options.go ├── internal └── scorecard │ ├── format.go │ ├── format_test.go │ └── scorecard.go ├── main.go ├── options ├── env.go ├── options.go ├── options_test.go └── testdata │ ├── bad-data.json │ ├── fork.json │ ├── incorrect.json │ ├── non-fork.json │ └── public.json ├── policies └── template.yml └── signing ├── sign-random-data.txt ├── signing.go ├── signing_test.go └── testdata ├── cosign.bundle ├── invalid-cosign.bundle ├── results.json └── results.sarif /.codecov.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ossf/scorecard-action/HEAD/.codecov.yml -------------------------------------------------------------------------------- /.dockerignore: -------------------------------------------------------------------------------- 1 | .gitignore -------------------------------------------------------------------------------- /.github/CODEOWNERS: -------------------------------------------------------------------------------- 1 | * @ossf/scorecard-maintainers 2 | -------------------------------------------------------------------------------- /.github/dependabot.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ossf/scorecard-action/HEAD/.github/dependabot.yml -------------------------------------------------------------------------------- /.github/workflows/codeql-analysis.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ossf/scorecard-action/HEAD/.github/workflows/codeql-analysis.yml -------------------------------------------------------------------------------- /.github/workflows/dependency-review.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ossf/scorecard-action/HEAD/.github/workflows/dependency-review.yml -------------------------------------------------------------------------------- /.github/workflows/docker-image.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ossf/scorecard-action/HEAD/.github/workflows/docker-image.yml -------------------------------------------------------------------------------- /.github/workflows/ghcr-retention.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ossf/scorecard-action/HEAD/.github/workflows/ghcr-retention.yml -------------------------------------------------------------------------------- /.github/workflows/ghcr.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ossf/scorecard-action/HEAD/.github/workflows/ghcr.yml -------------------------------------------------------------------------------- /.github/workflows/golangci.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ossf/scorecard-action/HEAD/.github/workflows/golangci.yml -------------------------------------------------------------------------------- /.github/workflows/scorecards.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ossf/scorecard-action/HEAD/.github/workflows/scorecards.yml -------------------------------------------------------------------------------- /.github/workflows/tests.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ossf/scorecard-action/HEAD/.github/workflows/tests.yaml -------------------------------------------------------------------------------- /.gitignore: -------------------------------------------------------------------------------- 1 | # Testing 2 | unit-coverage.out 3 | scorecard-action 4 | output/ 5 | -------------------------------------------------------------------------------- /.golangci.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ossf/scorecard-action/HEAD/.golangci.yml -------------------------------------------------------------------------------- /Dockerfile: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ossf/scorecard-action/HEAD/Dockerfile -------------------------------------------------------------------------------- /LICENSE: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ossf/scorecard-action/HEAD/LICENSE -------------------------------------------------------------------------------- /Makefile: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ossf/scorecard-action/HEAD/Makefile -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ossf/scorecard-action/HEAD/README.md -------------------------------------------------------------------------------- /RELEASE.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ossf/scorecard-action/HEAD/RELEASE.md -------------------------------------------------------------------------------- /SECURITY.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ossf/scorecard-action/HEAD/SECURITY.md -------------------------------------------------------------------------------- /action.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ossf/scorecard-action/HEAD/action.yaml -------------------------------------------------------------------------------- /artwork/Scorecard_Icon.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ossf/scorecard-action/HEAD/artwork/Scorecard_Icon.png -------------------------------------------------------------------------------- /artwork/Scorecard_Icon.svg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ossf/scorecard-action/HEAD/artwork/Scorecard_Icon.svg -------------------------------------------------------------------------------- /artwork/Scorecard_Icon_withBG.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ossf/scorecard-action/HEAD/artwork/Scorecard_Icon_withBG.png -------------------------------------------------------------------------------- /artwork/Scorecard_Icon_withBG.svg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ossf/scorecard-action/HEAD/artwork/Scorecard_Icon_withBG.svg -------------------------------------------------------------------------------- /cloudbuild-tag.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ossf/scorecard-action/HEAD/cloudbuild-tag.yaml -------------------------------------------------------------------------------- /cloudbuild.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ossf/scorecard-action/HEAD/cloudbuild.yaml -------------------------------------------------------------------------------- /cmd/installer/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ossf/scorecard-action/HEAD/cmd/installer/README.md -------------------------------------------------------------------------------- /cmd/installer/main.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ossf/scorecard-action/HEAD/cmd/installer/main.go -------------------------------------------------------------------------------- /cmd/installer/main_test.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ossf/scorecard-action/HEAD/cmd/installer/main_test.go -------------------------------------------------------------------------------- /codeql.js: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ossf/scorecard-action/HEAD/codeql.js -------------------------------------------------------------------------------- /docs/authentication/classic-token.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ossf/scorecard-action/HEAD/docs/authentication/classic-token.md -------------------------------------------------------------------------------- /docs/authentication/fine-grained-auth-token.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ossf/scorecard-action/HEAD/docs/authentication/fine-grained-auth-token.md -------------------------------------------------------------------------------- /docs/development.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ossf/scorecard-action/HEAD/docs/development.md -------------------------------------------------------------------------------- /e2e/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ossf/scorecard-action/HEAD/e2e/README.md -------------------------------------------------------------------------------- /github/github.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ossf/scorecard-action/HEAD/github/github.go -------------------------------------------------------------------------------- /go.mod: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ossf/scorecard-action/HEAD/go.mod -------------------------------------------------------------------------------- /go.sum: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ossf/scorecard-action/HEAD/go.sum -------------------------------------------------------------------------------- /images/actionconfirm.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ossf/scorecard-action/HEAD/images/actionconfirm.png -------------------------------------------------------------------------------- /images/badge.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ossf/scorecard-action/HEAD/images/badge.png -------------------------------------------------------------------------------- /images/configurescantool.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ossf/scorecard-action/HEAD/images/configurescantool.png -------------------------------------------------------------------------------- /images/exploreworkflow.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ossf/scorecard-action/HEAD/images/exploreworkflow.png -------------------------------------------------------------------------------- /images/install01.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ossf/scorecard-action/HEAD/images/install01.png -------------------------------------------------------------------------------- /images/install02.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ossf/scorecard-action/HEAD/images/install02.png -------------------------------------------------------------------------------- /images/install03.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ossf/scorecard-action/HEAD/images/install03.png -------------------------------------------------------------------------------- /images/install05.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ossf/scorecard-action/HEAD/images/install05.png -------------------------------------------------------------------------------- /images/remediation.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ossf/scorecard-action/HEAD/images/remediation.png -------------------------------------------------------------------------------- /images/searchingossf.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ossf/scorecard-action/HEAD/images/searchingossf.png -------------------------------------------------------------------------------- /images/tokenscopes.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ossf/scorecard-action/HEAD/images/tokenscopes.png -------------------------------------------------------------------------------- /install/cli/cli.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ossf/scorecard-action/HEAD/install/cli/cli.go -------------------------------------------------------------------------------- /install/github/github.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ossf/scorecard-action/HEAD/install/github/github.go -------------------------------------------------------------------------------- /install/install.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ossf/scorecard-action/HEAD/install/install.go -------------------------------------------------------------------------------- /install/options/flags.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ossf/scorecard-action/HEAD/install/options/flags.go -------------------------------------------------------------------------------- /install/options/options.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ossf/scorecard-action/HEAD/install/options/options.go -------------------------------------------------------------------------------- /internal/scorecard/format.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ossf/scorecard-action/HEAD/internal/scorecard/format.go -------------------------------------------------------------------------------- /internal/scorecard/format_test.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ossf/scorecard-action/HEAD/internal/scorecard/format_test.go -------------------------------------------------------------------------------- /internal/scorecard/scorecard.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ossf/scorecard-action/HEAD/internal/scorecard/scorecard.go -------------------------------------------------------------------------------- /main.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ossf/scorecard-action/HEAD/main.go -------------------------------------------------------------------------------- /options/env.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ossf/scorecard-action/HEAD/options/env.go -------------------------------------------------------------------------------- /options/options.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ossf/scorecard-action/HEAD/options/options.go -------------------------------------------------------------------------------- /options/options_test.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ossf/scorecard-action/HEAD/options/options_test.go -------------------------------------------------------------------------------- /options/testdata/bad-data.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ossf/scorecard-action/HEAD/options/testdata/bad-data.json -------------------------------------------------------------------------------- /options/testdata/fork.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ossf/scorecard-action/HEAD/options/testdata/fork.json -------------------------------------------------------------------------------- /options/testdata/incorrect.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ossf/scorecard-action/HEAD/options/testdata/incorrect.json -------------------------------------------------------------------------------- /options/testdata/non-fork.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ossf/scorecard-action/HEAD/options/testdata/non-fork.json -------------------------------------------------------------------------------- /options/testdata/public.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ossf/scorecard-action/HEAD/options/testdata/public.json -------------------------------------------------------------------------------- /policies/template.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ossf/scorecard-action/HEAD/policies/template.yml -------------------------------------------------------------------------------- /signing/sign-random-data.txt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ossf/scorecard-action/HEAD/signing/sign-random-data.txt -------------------------------------------------------------------------------- /signing/signing.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ossf/scorecard-action/HEAD/signing/signing.go -------------------------------------------------------------------------------- /signing/signing_test.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ossf/scorecard-action/HEAD/signing/signing_test.go -------------------------------------------------------------------------------- /signing/testdata/cosign.bundle: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ossf/scorecard-action/HEAD/signing/testdata/cosign.bundle -------------------------------------------------------------------------------- /signing/testdata/invalid-cosign.bundle: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ossf/scorecard-action/HEAD/signing/testdata/invalid-cosign.bundle -------------------------------------------------------------------------------- /signing/testdata/results.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ossf/scorecard-action/HEAD/signing/testdata/results.json -------------------------------------------------------------------------------- /signing/testdata/results.sarif: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ossf/scorecard-action/HEAD/signing/testdata/results.sarif --------------------------------------------------------------------------------