Skip to content

Commit

Permalink
✨ Support for GitHub's internal integration (ossf#2773)
Browse files Browse the repository at this point in the history
* update

Signed-off-by: laurentsimon <[email protected]>

* update

Signed-off-by: laurentsimon <[email protected]>

* update

Signed-off-by: laurentsimon <[email protected]>

* update

Signed-off-by: laurentsimon <[email protected]>

* update

Signed-off-by: laurentsimon <[email protected]>

* update

Signed-off-by: laurentsimon <[email protected]>

---------

Signed-off-by: laurentsimon <[email protected]>
Signed-off-by: Avishay <[email protected]>
  • Loading branch information
laurentsimon authored and balteravishay committed Apr 13, 2023
1 parent 059e5df commit 6c6135e
Show file tree
Hide file tree
Showing 5 changed files with 43 additions and 4 deletions.
2 changes: 1 addition & 1 deletion cmd/root.go
Original file line number Diff line number Diff line change
Expand Up @@ -113,7 +113,7 @@ func rootCmd(o *options.Options) error {
if !strings.EqualFold(o.Commit, clients.HeadSHA) {
requiredRequestTypes = append(requiredRequestTypes, checker.CommitBased)
}
enabledChecks, err := policy.GetEnabled(pol, o.ChecksToRun, requiredRequestTypes)
enabledChecks, err := policy.GetEnabled(pol, o.Checks(), requiredRequestTypes)
if err != nil {
return fmt.Errorf("GetEnabled: %w", err)
}
Expand Down
28 changes: 28 additions & 0 deletions options/options.go
Original file line number Diff line number Diff line change
Expand Up @@ -19,6 +19,7 @@ import (
"errors"
"fmt"
"os"
"strings"

"github.com/caarlos0/env/v6"

Expand Down Expand Up @@ -205,6 +206,33 @@ func boolSum(bools ...bool) int {

// Feature flags.

// GitHub integration support.
// See https://github.com/ossf/scorecard-action/issues/1107.
// NOTE: We don't add a field to to the Option structure to simplify
// integration. If we did, the Action would also need to be aware
// of the integration and pass the relevant values. This
// would add redundancy and complicate maintenance.
func (o *Options) IsInternalGitHubIntegrationEnabled() bool {
return (os.Getenv("CI") == "true") &&
(os.Getenv("SCORECARD_INTERNAL_GITHUB_INTEGRATION") == "1") &&
(os.Getenv("GITHUB_EVENT_NAME") == "dynamic")
}

// Checks returns the list of checks and honours the
// GitHub integration.
func (o *Options) Checks() []string {
if o.IsInternalGitHubIntegrationEnabled() {
// Overwrite the list of checks.
s := os.Getenv("SCORECARD_INTERNAL_GITHUB_CHECKS")
l := strings.Split(s, ",")
for i := range l {
l[i] = strings.TrimSpace(l[i])
}
return l
}
return o.ChecksToRun
}

// isExperimentalEnabled returns true if experimental features were enabled via
// environment variable.
func (o *Options) isExperimentalEnabled() bool {
Expand Down
12 changes: 11 additions & 1 deletion pkg/sarif.go
Original file line number Diff line number Diff line change
Expand Up @@ -18,6 +18,7 @@ import (
"encoding/json"
"fmt"
"io"
"os"
"sort"
"strings"
"time"
Expand All @@ -31,6 +32,7 @@ import (
sce "github.com/ossf/scorecard/v4/errors"
"github.com/ossf/scorecard/v4/finding"
"github.com/ossf/scorecard/v4/log"
"github.com/ossf/scorecard/v4/options"
spol "github.com/ossf/scorecard/v4/policy"
)

Expand Down Expand Up @@ -606,9 +608,17 @@ func createDefaultLocationMessage(check *checker.CheckResult, score int) string
return messageWithScore(check.Reason, score)
}

func toolName(opts *options.Options) string {
if opts.IsInternalGitHubIntegrationEnabled() {
return strings.TrimSpace(os.Getenv("SCORECARD_INTERNAL_GITHUB_SARIF_TOOL_NAME"))
}
return "scorecard"
}

// AsSARIF outputs ScorecardResult in SARIF 2.1.0 format.
func (r *ScorecardResult) AsSARIF(showDetails bool, logLevel log.Level,
writer io.Writer, checkDocs docs.Doc, policy *spol.ScorecardPolicy,
opts *options.Options,
) error {
//nolint
// https://docs.oasis-open.org/sarif/sarif/v2.1.0/cs01/sarif-v2.1.0-cs01.html.
Expand All @@ -635,7 +645,7 @@ func (r *ScorecardResult) AsSARIF(showDetails bool, logLevel log.Level,
if err != nil {
return sce.WithMessage(sce.ErrScorecardInternal, fmt.Sprintf("computeCategory: %v: %s", err, check.Name))
}
run := getOrCreateSARIFRun(runs, category, "https://github.com/ossf/scorecard", "scorecard",
run := getOrCreateSARIFRun(runs, category, "https://github.com/ossf/scorecard", toolName(opts),
r.Scorecard.Version, r.Scorecard.CommitSHA, r.Date, "supply-chain")

// Always add rules to indicate which checks were run.
Expand Down
3 changes: 2 additions & 1 deletion pkg/sarif_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -26,6 +26,7 @@ import (
"github.com/ossf/scorecard/v4/checker"
"github.com/ossf/scorecard/v4/finding"
"github.com/ossf/scorecard/v4/log"
"github.com/ossf/scorecard/v4/options"
spol "github.com/ossf/scorecard/v4/policy"
rules "github.com/ossf/scorecard/v4/rule"
)
Expand Down Expand Up @@ -847,7 +848,7 @@ func TestSARIFOutput(t *testing.T) {

var result bytes.Buffer
err = tt.result.AsSARIF(tt.showDetails, tt.logLevel, &result,
checkDocs, &tt.policy)
checkDocs, &tt.policy, &options.Options{})
if err != nil {
t.Fatalf("%s: AsSARIF: %v", tt.name, err)
}
Expand Down
2 changes: 1 addition & 1 deletion pkg/scorecard_result.go
Original file line number Diff line number Diff line change
Expand Up @@ -114,7 +114,7 @@ func FormatResults(
err = results.AsString(opts.ShowDetails, log.ParseLevel(opts.LogLevel), doc, os.Stdout)
case options.FormatSarif:
// TODO: support config files and update checker.MaxResultScore.
err = results.AsSARIF(opts.ShowDetails, log.ParseLevel(opts.LogLevel), os.Stdout, doc, policy)
err = results.AsSARIF(opts.ShowDetails, log.ParseLevel(opts.LogLevel), os.Stdout, doc, policy, opts)
case options.FormatJSON:
err = results.AsJSON2(opts.ShowDetails, log.ParseLevel(opts.LogLevel), doc, os.Stdout)
case options.FormatSJSON:
Expand Down

0 comments on commit 6c6135e

Please sign in to comment.