-
Notifications
You must be signed in to change notification settings - Fork 451
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We鈥檒l occasionally send you account related emails.
Already on GitHub? Sign in to your account
馃尡 SAST: dedupe and add Pysa and Qodana probe #3743
Merged
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Signed-off-by: David Korczynski <david@adalogics.com>
DavidKorczynski
requested review from
raghavkaul and
laurentsimon
and removed request for
a team
December 19, 2023 13:52
DavidKorczynski
temporarily deployed
to
gitlab
December 19, 2023 13:52
— with
GitHub Actions
Inactive
DavidKorczynski
temporarily deployed
to
integration-test
December 19, 2023 13:52
— with
GitHub Actions
Inactive
Codecov Report
Additional details and impacted files@@ Coverage Diff @@
## main #3743 +/- ##
==========================================
+ Coverage 66.84% 68.90% +2.05%
==========================================
Files 227 229 +2
Lines 15353 15372 +19
==========================================
+ Hits 10263 10592 +329
+ Misses 4483 4129 -354
- Partials 607 651 +44 |
Signed-off-by: David Korczynski <david@adalogics.com>
DavidKorczynski
temporarily deployed
to
gitlab
December 19, 2023 14:38
— with
GitHub Actions
Inactive
DavidKorczynski
temporarily deployed
to
integration-test
December 19, 2023 14:38
— with
GitHub Actions
Inactive
Signed-off-by: David Korczynski <david@adalogics.com>
DavidKorczynski
temporarily deployed
to
gitlab
December 19, 2023 18:00
— with
GitHub Actions
Inactive
DavidKorczynski
changed the title
馃尡 Add SAST Pysa probe
馃尡 Add SAST Pysa and Qodana probe
Dec 19, 2023
DavidKorczynski
temporarily deployed
to
integration-test
December 19, 2023 18:00
— with
GitHub Actions
Inactive
Signed-off-by: David Korczynski <david@adalogics.com>
Signed-off-by: David Korczynski <david@adalogics.com>
DavidKorczynski
temporarily deployed
to
gitlab
December 19, 2023 18:06
— with
GitHub Actions
Inactive
DavidKorczynski
temporarily deployed
to
integration-test
December 19, 2023 18:06
— with
GitHub Actions
Inactive
Putting this in draft as I'll tackle #3745 first |
DavidKorczynski
temporarily deployed
to
gitlab
December 21, 2023 00:32
— with
GitHub Actions
Inactive
DavidKorczynski
temporarily deployed
to
integration-test
December 21, 2023 00:32
— with
GitHub Actions
Inactive
Ref: ossf#3745 Signed-off-by: David Korczynski <david@adalogics.com>
DavidKorczynski
force-pushed
the
new-sast-tools
branch
from
December 21, 2023 00:33
db211b9
to
060e867
Compare
DavidKorczynski
temporarily deployed
to
gitlab
December 21, 2023 00:33
— with
GitHub Actions
Inactive
DavidKorczynski
temporarily deployed
to
integration-test
December 21, 2023 00:34
— with
GitHub Actions
Inactive
Signed-off-by: David Korczynski <david@adalogics.com>
DavidKorczynski
temporarily deployed
to
gitlab
December 21, 2023 00:43
— with
GitHub Actions
Inactive
DavidKorczynski
temporarily deployed
to
integration-test
December 21, 2023 00:43
— with
GitHub Actions
Inactive
Signed-off-by: David Korczynski <david@adalogics.com>
DavidKorczynski
temporarily deployed
to
gitlab
December 21, 2023 00:47
— with
GitHub Actions
Inactive
DavidKorczynski
temporarily deployed
to
integration-test
December 21, 2023 00:47
— with
GitHub Actions
Inactive
Signed-off-by: David Korczynski <david@adalogics.com>
DavidKorczynski
temporarily deployed
to
gitlab
December 21, 2023 00:53
— with
GitHub Actions
Inactive
DavidKorczynski
temporarily deployed
to
integration-test
December 21, 2023 00:53
— with
GitHub Actions
Inactive
DavidKorczynski
changed the title
馃尡 Add SAST Pysa and Qodana probe
馃尡 SAST: dedupe and add SAST Pysa and Qodana probe
Dec 21, 2023
DavidKorczynski
changed the title
馃尡 SAST: dedupe and add SAST Pysa and Qodana probe
馃尡 SAST: dedupe and add Pysa and Qodana probe
Dec 21, 2023
Signed-off-by: David Korczynski <david@adalogics.com>
DavidKorczynski
temporarily deployed
to
gitlab
December 21, 2023 01:03
— with
GitHub Actions
Inactive
DavidKorczynski
temporarily deployed
to
integration-test
December 21, 2023 01:03
— with
GitHub Actions
Inactive
Signed-off-by: David Korczynski <david@adalogics.com>
Signed-off-by: David Korczynski <david@adalogics.com>
DavidKorczynski
temporarily deployed
to
gitlab
December 29, 2023 17:44
— with
GitHub Actions
Inactive
DavidKorczynski
temporarily deployed
to
integration-test
December 29, 2023 17:44
— with
GitHub Actions
Inactive
Signed-off-by: David Korczynski <david@adalogics.com>
DavidKorczynski
temporarily deployed
to
gitlab
December 29, 2023 17:50
— with
GitHub Actions
Inactive
DavidKorczynski
temporarily deployed
to
integration-test
December 29, 2023 17:50
— with
GitHub Actions
Inactive
/scdiff generate SAST |
spencerschrock
approved these changes
Jan 2, 2024
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks.
spencerschrock
temporarily deployed
to
integration-test
January 2, 2024 17:15
— with
GitHub Actions
Inactive
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
What kind of change does this PR introduce?
Adds a probe checking the presence of Pysa SAST Github action (https://github.com/facebook/pysa-action) and Qodana (https://www.jetbrains.com/qodana/)
Additionally, refactors duplicate code throughout the checking logic.
(Is it a bug fix, feature, docs update, something else?)
What is the current behavior?
Scorecard will not recognize Pysa/Qodana scanning as a SAST action
What is the new behavior (if this is a feature change)?**
Scorecard will recognize Pysa/Qodana scanning as a SAST action.
Which issue(s) this PR fixes
Ref: #2318
Fixes: #3709
Fixes: #3745
Special notes for your reviewer
Does this PR introduce a user-facing change?
Yes, in that it will change scoring of projects that use Pysa and users may now see Pysa-related details in the output.
(In particular, describe what changes users might need to make in their
application as a result of this pull request.)