search

ossf / scorecard

OpenSSF Scorecard - Security health metrics for Open Source
https://scorecard.dev
Apache License 2.0
4.62k stars 503 forks source link

:sparkles: Add files support for Azure DevOps #4414

Closed JamieMagee closed 1 week ago

JamieMagee commented 1 week ago

What kind of change does this PR introduce?

Files support for the Azure DevOps client

What is the current behavior?

ListFiles, LocalPath, and GetFileReader all throw an unsupported feature error.

What is the new behavior (if this is a feature change)?**

ListFiles, LocalPath, and GetFileReader have implementations

Which issue(s) this PR fixes

Next step of #4177

Special notes for your reviewer

Does this PR introduce a user-facing change?

For user-facing changes, please add a concise, human-readable release note to the release-note

(In particular, describe what changes users might need to make in their application as a result of this pull request.)

Add files support to Azure DevOps client
JamieMagee commented 1 week ago

At a high level this looks good and matches the style in the other ones, but it's also late on a Friday. Left a few comments.

Thank you! And I completely understand.

Out of curiosity, how do file-only based checks look like on your test repo now? Such as License, and Binary-Artifacts?

They look good. Here's are a couple of examples

No license ``` $ env SCORECARD_EXPERIMENTAL=1 go run . --repo dev.azure.com/jamiemagee/jamiemagee/_git/jamiemagee --checks License Starting [License] Finished [License] RESULTS ------- Aggregate score: 0.0 / 10 Check scores: |--------|---------|---------------------------|--------------------------------------------------------------------| | SCORE | NAME | REASON | DOCUMENTATION/REMEDIATION | |--------|---------|---------------------------|--------------------------------------------------------------------| | 0 / 10 | License | license file not detected | https://github.com/ossf/scorecard/blob/main/docs/checks.md#license | |--------|---------|---------------------------|--------------------------------------------------------------------| ```
With license ``` $ env SCORECARD_EXPERIMENTAL=1 go run . --repo dev.azure.com/jamiemagee/jamiemagee/_git/jamiemagee --checks License --commit d26320a77a943045905aed76a7c08a353b3bc3c2 Starting [License] Finished [License] RESULTS ------- Aggregate score: 9.0 / 10 Check scores: |--------|---------|-----------------------|--------------------------------------------------------------------| | SCORE | NAME | REASON | DOCUMENTATION/REMEDIATION | |--------|---------|-----------------------|--------------------------------------------------------------------| | 9 / 10 | License | license file detected | https://github.com/ossf/scorecard/blob/main/docs/checks.md#license | |--------|---------|-----------------------|--------------------------------------------------------------------| ```
No binary artifacts ``` env SCORECARD_EXPERIMENTAL=1 go run . --repo dev.azure.com/jamiemagee/jamiemagee/_git/jamiemagee --checks Binary-Artifacts --commit d26320a77a943045905aed76a7c08a353b3bc3c2 Starting [Binary-Artifacts] Finished [Binary-Artifacts] RESULTS ------- Aggregate score: 10.0 / 10 Check scores: |---------|------------------|-------------------------------|-----------------------------------------------------------------------------| | SCORE | NAME | REASON | DOCUMENTATION/REMEDIATION | |---------|------------------|-------------------------------|-----------------------------------------------------------------------------| | 10 / 10 | Binary-Artifacts | no binaries found in the repo | https://github.com/ossf/scorecard/blob/main/docs/checks.md#binary-artifacts | |---------|------------------|-------------------------------|-----------------------------------------------------------------------------| ```
With binary artifacts ``` env SCORECARD_EXPERIMENTAL=1 go run . --repo dev.azure.com/jamiemagee/jamiemagee/_git/jamiemagee --checks Binary-Artifacts --commit 696984c21bbf3f37cf4d4809e0b4ff1051c40f09 Starting [Binary-Artifacts] Finished [Binary-Artifacts] RESULTS ------- Aggregate score: 9.0 / 10 Check scores: |--------|------------------|--------------------------------|-----------------------------------------------------------------------------| | SCORE | NAME | REASON | DOCUMENTATION/REMEDIATION | |--------|------------------|--------------------------------|-----------------------------------------------------------------------------| | 9 / 10 | Binary-Artifacts | binaries present in source | https://github.com/ossf/scorecard/blob/main/docs/checks.md#binary-artifacts | | | | code | | |--------|------------------|--------------------------------|-----------------------------------------------------------------------------| ```