Ecosyste.ms: Timeline
Browse the timeline of events for every public repo on GitHub. Data updated hourly from GH Archive.
spencerschrock created a comment on a pull request on ossf/scorecard
Thoughts on the CLI flag? ``` Flags: # ... --gh-git-mode fetch GitHub files using git for maximum compatibility ``` ``` go run main.go --repo kokkos/kokkos --checks Danger...
spencerschrock opened a draft pull request on ossf/scorecard
sparkles: Add GitHub git compatibility mode
#### What kind of change does this PR introduce? feature - [X] PR title follows the guidelines defined in our [pull request documentation](https://github.com/ossf/scorecard/blob/main/CONTRIBU...
spencerschrock pushed 2 commits to git-checkout spencerschrock/scorecard
- use variadic options to configure GitHub repoclient This will let us use the new entrypoint in a backwards compatibl... 480510a
- add flag to enable github git mode Signed-off-by: Spencer Schrock <[email protected]> 8c7953e
spencerschrock pushed 1 commit to git-checkout spencerschrock/scorecard
- add git handler for GitHub repositories This is primarily aimed at helping in cases where a repository's .gitattribu... d9318c3
spencerschrock created a branch on spencerschrock/scorecard
git-checkout - Security Scorecards - Security health metrics for Open Source
spencerschrock created a comment on a pull request on kokkos/kokkos
> sneaky ... lets see if it works. I think the scorecard needs to see all workflows in the tarball in order to be able to analyze them As it would see at least one workflow, it would produce a s...
spencerschrock created a comment on an issue on ossf/scorecard
> Hmm how is the state on this? We would like to avoid exporting our workflows. I've been playing around today with a compatibility mode mentioned above. Testing it on `kokkos/kokkos` shows a 10...
spencerschrock pushed 1 commit to main ossf/scorecard
- sparkles: implement more of the Azure DevOps client (#4456) * :sparkles: implement more of the Azure DevOps client ... 38673d6
spencerschrock closed a pull request on ossf/scorecard
sparkles: implement more of the Azure DevOps client
#### What kind of change does this PR introduce? Includes: - `GetBranch` - `GetSuccessfulWorkflowRuns` - `ListCheckRunsForRef` - `ListStatuses` - `ListWebhooks` - `SearchCommit...
spencerschrock created a review on a pull request on ossf/scorecard-webapp
@dependabot squash and merge
spencerschrock created a review on a pull request on ossf/scorecard-action
@dependabot squash and merge
spencerschrock created a review on a pull request on ossf/scorecard-action
@dependabot squash and merge
spencerschrock closed a pull request on ossf/scorecard-action
seedling: Bump golang from `574185e` to `7003184` in the docker-images group
Bumps the docker-images group with 1 update: golang. Updates `golang` from `574185e` to `7003184` [ ca6f586
- seedling: Bump the gomod group across 2 directories with 4 updates (#4469) d65d151
- seedling: Bump the gomod group across 2 directories with 3 updates (#4470) e950aa8
- Merge branch 'main' into jamiemagee/azure-devops-rest-of-the-owl a611c41
spencerschrock closed a pull request on ossf/scorecard
seedling: Bump the golang group across 8 directories with 1 update
Bumps the golang group with 1 update in the / directory: golang. Bumps the golang group with 1 update in the /attestor directory: golang. Bumps the golang group with 1 update in the /clients/github...
spencerschrock created a comment on a pull request on ossf/scorecard
> The SAST check specifically would need to be updated to look for all YAML files in the repository, because Azure Pipelines files can be in any arbitrary location in the repository, and look for t...
spencerschrock created a review comment on a pull request on ossf/scorecard
this upgrade should be fine performance wise, but I'd like to wait until after the holidays in case it needs to be fixed.
spencerschrock pushed 1 commit to dependabot/go_modules/gomod-61d7f57ec8 ossf/scorecard
- upgrade golang.org/x/net to avoid vuln Signed-off-by: Spencer Schrock <[email protected]> c1671ef
spencerschrock created a comment on a pull request on ossf/scorecard
@dependabot ignore gitlab.com/gitlab-org/api/client-go minor version same go 1.23.4 issue i want to avoid for now
spencerschrock created a comment on a pull request on ossf/scorecard
@dependabot ignore gitlab.com/gitlab-org/api/client-go minor version See https://gitlab.com/gitlab-org/api/client-go/-/issues/2078
spencerschrock created a comment on a pull request on ossf/scorecard
@tuminoid happy to merge this now whenever you get a chance to update the branch (no rush)
spencerschrock created a comment on an issue on ossf/scorecard
`2024.12.16` was uploaded successfully after the downgrade.
spencerschrock closed an issue on ossf/scorecard
BigQuery scorecard-v2 table doesn't have new partitions
**Describe the bug** BigQuery scorecard-v2 dataset doesn't have new partitions. The last available partition is `20241125`. **Reproduction steps** Use the following query to check for new part...
spencerschrock created a review comment on a pull request on ossf/scorecard
Sorry, I could've been more clear. I wasn't talking about `head` vs `HEAD`. But instead the ref is `main` instead of `HEAD`, and that gets passed into `c.listStatuses` and I thought the code does a...