Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Use best practices from openssf scorecard #84

Open
justinabrahms opened this issue Sep 30, 2022 · 0 comments
Open

Use best practices from openssf scorecard #84

justinabrahms opened this issue Sep 30, 2022 · 0 comments

Comments

@justinabrahms
Copy link
Member

justinabrahms commented Sep 30, 2022
edited
Loading 


RESULTS
-------
Aggregate score: 5.9 / 10

Check scores:
|---------|------------------------|--------------------------------|-----------------------------------------------------------------------------------------------------------------------|
|  SCORE  |          NAME          |             REASON             |                                               DOCUMENTATION/REMEDIATION                                               |
|---------|------------------------|--------------------------------|-----------------------------------------------------------------------------------------------------------------------|
| 10 / 10 | Binary-Artifacts       | no binaries found in the repo  | https://github.com/ossf/scorecard/blob/7cd6406aef0b80a819402e631919293d5eb6adcf/docs/checks.md#binary-artifacts       |
|---------|------------------------|--------------------------------|-----------------------------------------------------------------------------------------------------------------------|
| 8 / 10  | Branch-Protection      | branch protection is not       | https://github.com/ossf/scorecard/blob/7cd6406aef0b80a819402e631919293d5eb6adcf/docs/checks.md#branch-protection      |
|         |                        | maximal on development and all |                                                                                                                       |
|         |                        | release branches               |                                                                                                                       |
|---------|------------------------|--------------------------------|-----------------------------------------------------------------------------------------------------------------------|
| 8 / 10  | CI-Tests               | 18 out of 21 merged PRs        | https://github.com/ossf/scorecard/blob/7cd6406aef0b80a819402e631919293d5eb6adcf/docs/checks.md#ci-tests               |
|         |                        | checked by a CI test -- score  |                                                                                                                       |
|         |                        | normalized to 8                |                                                                                                                       |
|---------|------------------------|--------------------------------|-----------------------------------------------------------------------------------------------------------------------|
| 5 / 10  | CII-Best-Practices     | badge detected: passing        | https://github.com/ossf/scorecard/blob/7cd6406aef0b80a819402e631919293d5eb6adcf/docs/checks.md#cii-best-practices     |
|---------|------------------------|--------------------------------|-----------------------------------------------------------------------------------------------------------------------|
| 6 / 10  | Code-Review            | 23 out of last 23 changesets   | https://github.com/ossf/scorecard/blob/7cd6406aef0b80a819402e631919293d5eb6adcf/docs/checks.md#code-review            |
|         |                        | reviewed before merge -- score |                                                                                                                       |
|         |                        | normalized to 6                |                                                                                                                       |
|---------|------------------------|--------------------------------|-----------------------------------------------------------------------------------------------------------------------|
| 10 / 10 | Contributors           | 5 different organizations      | https://github.com/ossf/scorecard/blob/7cd6406aef0b80a819402e631919293d5eb6adcf/docs/checks.md#contributors           |
|         |                        | found -- score normalized to   |                                                                                                                       |
|         |                        | 10                             |                                                                                                                       |
|---------|------------------------|--------------------------------|-----------------------------------------------------------------------------------------------------------------------|
| 10 / 10 | Dangerous-Workflow     | no dangerous workflow patterns | https://github.com/ossf/scorecard/blob/7cd6406aef0b80a819402e631919293d5eb6adcf/docs/checks.md#dangerous-workflow     |
|         |                        | detected                       |                                                                                                                       |
|---------|------------------------|--------------------------------|-----------------------------------------------------------------------------------------------------------------------|
| 0 / 10  | Dependency-Update-Tool | no update tool detected        | https://github.com/ossf/scorecard/blob/7cd6406aef0b80a819402e631919293d5eb6adcf/docs/checks.md#dependency-update-tool |
|---------|------------------------|--------------------------------|-----------------------------------------------------------------------------------------------------------------------|
| 0 / 10  | Fuzzing                | project is not fuzzed          | https://github.com/ossf/scorecard/blob/7cd6406aef0b80a819402e631919293d5eb6adcf/docs/checks.md#fuzzing                |
|---------|------------------------|--------------------------------|-----------------------------------------------------------------------------------------------------------------------|
| 10 / 10 | License                | license file detected          | https://github.com/ossf/scorecard/blob/7cd6406aef0b80a819402e631919293d5eb6adcf/docs/checks.md#license                |
|---------|------------------------|--------------------------------|-----------------------------------------------------------------------------------------------------------------------|
| 10 / 10 | Maintained             | 30 commit(s) out of 30 and 28  | https://github.com/ossf/scorecard/blob/7cd6406aef0b80a819402e631919293d5eb6adcf/docs/checks.md#maintained             |
|         |                        | issue activity out of 30 found |                                                                                                                       |
|         |                        | in the last 90 days -- score   |                                                                                                                       |
|         |                        | normalized to 10               |                                                                                                                       |
|---------|------------------------|--------------------------------|-----------------------------------------------------------------------------------------------------------------------|
| ?       | Packaging              | no published package detected  | https://github.com/ossf/scorecard/blob/7cd6406aef0b80a819402e631919293d5eb6adcf/docs/checks.md#packaging              |
|---------|------------------------|--------------------------------|-----------------------------------------------------------------------------------------------------------------------|
| 7 / 10  | Pinned-Dependencies    | dependency not pinned by hash  | https://github.com/ossf/scorecard/blob/7cd6406aef0b80a819402e631919293d5eb6adcf/docs/checks.md#pinned-dependencies    |
|         |                        | detected -- score normalized   |                                                                                                                       |
|         |                        | to 7                           |                                                                                                                       |
|---------|------------------------|--------------------------------|-----------------------------------------------------------------------------------------------------------------------|
| 0 / 10  | SAST                   | SAST tool is not run on all    | https://github.com/ossf/scorecard/blob/7cd6406aef0b80a819402e631919293d5eb6adcf/docs/checks.md#sast                   |
|         |                        | commits -- score normalized to |                                                                                                                       |
|         |                        | 0                              |                                                                                                                       |
|---------|------------------------|--------------------------------|-----------------------------------------------------------------------------------------------------------------------|
| 0 / 10  | Security-Policy        | security policy file not       | https://github.com/ossf/scorecard/blob/7cd6406aef0b80a819402e631919293d5eb6adcf/docs/checks.md#security-policy        |
|         |                        | detected                       |                                                                                                                       |
|---------|------------------------|--------------------------------|-----------------------------------------------------------------------------------------------------------------------|
| ?       | Signed-Releases        | no releases found              | https://github.com/ossf/scorecard/blob/7cd6406aef0b80a819402e631919293d5eb6adcf/docs/checks.md#signed-releases        |
|---------|------------------------|--------------------------------|-----------------------------------------------------------------------------------------------------------------------|
| 0 / 10  | Token-Permissions      | non read-only tokens detected  | https://github.com/ossf/scorecard/blob/7cd6406aef0b80a819402e631919293d5eb6adcf/docs/checks.md#token-permissions      |
|         |                        | in GitHub workflows            |                                                                                                                       |
|---------|------------------------|--------------------------------|-----------------------------------------------------------------------------------------------------------------------|
| 10 / 10 | Vulnerabilities        | no vulnerabilities detected    | https://github.com/ossf/scorecard/blob/7cd6406aef0b80a819402e631919293d5eb6adcf/docs/checks.md#vulnerabilities        |
|---------|------------------------|--------------------------------|-----------------------------------------------------------------------------------------------------------------------|

GITHUB_TOKEN="..." scorecard --repo open-feature/java-sdk
@justinabrahms justinabrahms mentioned this issue Oct 3, 2022
Merged
justinabrahms added a commit that referenced this issue Oct 3, 2022
@justinabrahms
add SAST scanning
4f240b4 
Refs #84

Signed-off-by: Justin Abrahms <[email protected]>
@justinabrahms justinabrahms mentioned this issue Oct 3, 2022
Merged
justinabrahms added a commit that referenced this issue Oct 3, 2022
@justinabrahms
add SAST scanning
7906a5a 
Refs #84

Signed-off-by: Justin Abrahms <[email protected]>
justinabrahms added a commit that referenced this issue Oct 6, 2022
@justinabrahms
chore: add SAST scanning (#108)
3788a3b 
* add SAST scanning

Refs #84

Signed-off-by: Justin Abrahms <[email protected]>

* Java scanning only

Signed-off-by: Justin Abrahms <[email protected]>

* Try codeql on the normal build to see how much longer it is.

Signed-off-by: Justin Abrahms <[email protected]>

Signed-off-by: Justin Abrahms <[email protected]>
pbhandari9541 pushed a commit to pbhandari9541/java-sdk that referenced this issue Nov 3, 2022
@justinabrahms
chore: add SAST scanning (open-feature#108)
d779757 
* add SAST scanning

Refs open-feature#84

Signed-off-by: Justin Abrahms <[email protected]>

* Java scanning only

Signed-off-by: Justin Abrahms <[email protected]>

* Try codeql on the normal build to see how much longer it is.

Signed-off-by: Justin Abrahms <[email protected]>

Signed-off-by: Justin Abrahms <[email protected]>
Signed-off-by: Bhandari, Pramesh(AWF) <[email protected]>
justinabrahms added a commit that referenced this issue Nov 4, 2022
@pbhandari9541 @toddbaert
@github-actions @justinabrahms @renovate @dependabot @step-security-bot @beeme1mr @rgrassian-split @snyk-bot
fix(deps): Spot bug scope change (#173)
113b5e5 
* chore: add integration tests (#77)

* chore: add integration tests

Signed-off-by: Todd Baert <[email protected]>

* improve POM spacing

Signed-off-by: Todd Baert <[email protected]>

Signed-off-by: Todd Baert <[email protected]>
Signed-off-by: Bhandari, Pramesh(AWF) <[email protected]>

* chore(main): release dev.openfeature.javasdk 0.2.2 (#76)

Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Signed-off-by: Bhandari, Pramesh(AWF) <[email protected]>

* feat!: errorCode as enum, reason as string (#80)

* feat!: errorCode as enum, reason as string

- makes errorCode an enum
- makes reason a string
- adds errorMessage to resolution/evaluation details

Signed-off-by: Bhandari, Pramesh(AWF) <[email protected]>

* chore: add CODEOWNERS (#85)

Create CODEOWNERS

refs #83

Signed-off-by: Justin Abrahms <[email protected]>

Signed-off-by: Justin Abrahms <[email protected]>
Signed-off-by: Bhandari, Pramesh(AWF) <[email protected]>

* chore: Configure Renovate (#86)

chore(deps): add renovate.json

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Signed-off-by: Bhandari, Pramesh(AWF) <[email protected]>

* chore(deps): update dependency com.github.spotbugs:spotbugs to v4.7.2 (#87)

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Signed-off-by: Bhandari, Pramesh(AWF) <[email protected]>

* chore(deps): update dependency com.github.spotbugs:spotbugs-maven-plugin to v4.7.2.0 (#88)

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Signed-off-by: Bhandari, Pramesh(AWF) <[email protected]>

* chore(deps): update dependency org.apache.maven.plugins:maven-javadoc-plugin to v3.4.1 (#90)

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Signed-off-by: Bhandari, Pramesh(AWF) <[email protected]>

* chore(deps): update dependency org.sonatype.plugins:nexus-staging-maven-plugin to v1.6.13 (#91)

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Signed-off-by: Bhandari, Pramesh(AWF) <[email protected]>

* fix(deps): update junit5 monorepo (#92)

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Signed-off-by: Bhandari, Pramesh(AWF) <[email protected]>

* chore(deps): update dependency org.apache.maven.plugins:maven-pmd-plugin to v3.19.0 (#97)

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Signed-off-by: Bhandari, Pramesh(AWF) <[email protected]>

* fix(deps): update dependency io.cucumber:cucumber-bom to v7.8.0 (#100)

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Signed-off-by: Bhandari, Pramesh(AWF) <[email protected]>

* chore(deps): update dependency org.mockito:mockito-core to v4.8.0 (#99)

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Signed-off-by: Bhandari, Pramesh(AWF) <[email protected]>

* chore(deps): update codecov/codecov-action action to v3 (#102)

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Signed-off-by: Bhandari, Pramesh(AWF) <[email protected]>

* chore(deps): update dependency org.apache.maven.plugins:maven-gpg-plugin to v1.6 (#96)

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: Justin Abrahms <[email protected]>
Signed-off-by: Bhandari, Pramesh(AWF) <[email protected]>

* chore(deps): update dependency org.apache.maven.plugins:maven-source-plugin to v3 (#105)

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Signed-off-by: Bhandari, Pramesh(AWF) <[email protected]>

* chore(deps): update dependency org.apache.maven.plugins:maven-compiler-plugin to v3.10.1 (#95)

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Signed-off-by: Bhandari, Pramesh(AWF) <[email protected]>

* chore(deps): update dependency org.apache.maven.plugins:maven-gpg-plugin to v3 (#104)

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Signed-off-by: Bhandari, Pramesh(AWF) <[email protected]>

* chore(deps): update dependency org.apache.maven.plugins:maven-checkstyle-plugin to v3.2.0 (#94)

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Signed-off-by: Bhandari, Pramesh(AWF) <[email protected]>

* chore(deps): update actions/cache action to v3 (#101)

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Signed-off-by: Bhandari, Pramesh(AWF) <[email protected]>

* chore(deps): update dependency com.puppycrawl.tools:checkstyle to v8.45.1 (#93)

* chore(deps): update dependency com.puppycrawl.tools:checkstyle to v8.45.1

* scope property went away in the latest version

jshiell/checkstyle-idea#525 (comment)

Signed-off-by: Justin Abrahms <[email protected]>

* scope wasn't deleted on the other one

Signed-off-by: Justin Abrahms <[email protected]>

Signed-off-by: Justin Abrahms <[email protected]>
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: Justin Abrahms <[email protected]>
Signed-off-by: Bhandari, Pramesh(AWF) <[email protected]>

* refactor!: Change the package name. Everyone knows it's java (or it doesn't matter) (#111)

* Change the package name. Everyone knows it's java (or it doesn't matter)

Fixes #82

Signed-off-by: Justin Abrahms <[email protected]>

* Missed 2 strings

Signed-off-by: Justin Abrahms <[email protected]>

* remove broken flagd import until changes absorbed

Signed-off-by: Todd Baert <[email protected]>

Signed-off-by: Justin Abrahms <[email protected]>
Signed-off-by: Todd Baert <[email protected]>
Co-authored-by: Todd Baert <[email protected]>
Signed-off-by: Bhandari, Pramesh(AWF) <[email protected]>

* chore: Write perms should be as tightly scoped as possible. (#107)

* Add a dependabot file to keep deps up to date

Signed-off-by: Justin Abrahms <[email protected]>

* Move write permissions to the specific job, rather than globally

Signed-off-by: Justin Abrahms <[email protected]>

* Run code scanning (slow auto-build) weekly

Signed-off-by: Justin Abrahms <[email protected]>

Signed-off-by: Justin Abrahms <[email protected]>
Signed-off-by: Bhandari, Pramesh(AWF) <[email protected]>

* chore: fix dependabot pr titles (#118)

Signed-off-by: Todd Baert <[email protected]>

Signed-off-by: Todd Baert <[email protected]>
Signed-off-by: Bhandari, Pramesh(AWF) <[email protected]>

* chore: Bump cucumber-bom from 7.8.0 to 7.8.1 (#115)

Bump cucumber-bom from 7.8.0 to 7.8.1

Bumps [cucumber-bom](https://github.com/cucumber/cucumber-jvm) from 7.8.0 to 7.8.1.
- [Release notes](https://github.com/cucumber/cucumber-jvm/releases)
- [Changelog](https://github.com/cucumber/cucumber-jvm/blob/main/CHANGELOG.md)
- [Commits](cucumber/cucumber-jvm@v7.8.0...v7.8.1)

---
updated-dependencies:
- dependency-name: io.cucumber:cucumber-bom
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <[email protected]>

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Signed-off-by: Bhandari, Pramesh(AWF) <[email protected]>

* chore: add SAST scanning (#108)

* add SAST scanning

Refs #84

Signed-off-by: Justin Abrahms <[email protected]>

* Java scanning only

Signed-off-by: Justin Abrahms <[email protected]>

* Try codeql on the normal build to see how much longer it is.

Signed-off-by: Justin Abrahms <[email protected]>

Signed-off-by: Justin Abrahms <[email protected]>
Signed-off-by: Bhandari, Pramesh(AWF) <[email protected]>

* feat!: use evaluation context interface (#112)

* POC - use evaluation context interface

Signed-off-by: Todd Baert <[email protected]>

* make .merge non-static

Signed-off-by: Todd Baert <[email protected]>

* improve naming

Signed-off-by: Todd Baert <[email protected]>

* add @OverRide

Signed-off-by: Todd Baert <[email protected]>

* Update src/main/java/dev/openfeature/sdk/EvaluationContext.java

Co-authored-by: Justin Abrahms <[email protected]>
Signed-off-by: Todd Baert <[email protected]>

* Update src/main/java/dev/openfeature/sdk/MutableContext.java

Co-authored-by: Justin Abrahms <[email protected]>
Signed-off-by: Todd Baert <[email protected]>

* address PR feedback

Signed-off-by: Todd Baert <[email protected]>

Signed-off-by: Todd Baert <[email protected]>
Co-authored-by: Justin Abrahms <[email protected]>
Signed-off-by: Bhandari, Pramesh(AWF) <[email protected]>

* feat: Support for generating CycloneDX sboms (#119)

Signed-off-by: Justin Abrahms <[email protected]>
Signed-off-by: Bhandari, Pramesh(AWF) <[email protected]>

* chore: [StepSecurity] ci: Harden GitHub Actions (#120)

* [StepSecurity] ci: Harden GitHub Actions in release.yml

* [StepSecurity] ci: Harden GitHub Actions in static-code-scanning.yaml

* [StepSecurity] ci: Harden GitHub Actions in lint-pr.yml

* [StepSecurity] ci: Harden GitHub Actions in merge.yml

* [StepSecurity] ci: Harden GitHub Actions in pullrequest.yml

Signed-off-by: Bhandari, Pramesh(AWF) <[email protected]>

* chore: I don't think we use that permission? (#123)

I don't think we use that permission?

Signed-off-by: Justin Abrahms <[email protected]>
Signed-off-by: Bhandari, Pramesh(AWF) <[email protected]>

* chore: Document where to find our SBOMs (#124)

Signed-off-by: Bhandari, Pramesh(AWF) <[email protected]>

* chore(deps): update actions/cache digest to a3f5edc (#121)

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Signed-off-by: Bhandari, Pramesh(AWF) <[email protected]>

* chore(deps): update actions/setup-java digest to e150063 (#125)

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Signed-off-by: Bhandari, Pramesh(AWF) <[email protected]>

* chore: Remove more perms (#130)

Signed-off-by: Bhandari, Pramesh(AWF) <[email protected]>

* chore(deps): update dependency org.cyclonedx:cyclonedx-maven-plugin to v2.7.1 (#128)

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Signed-off-by: Bhandari, Pramesh(AWF) <[email protected]>

* chore(deps): update github/codeql-action digest to 3d39294 (#127)

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Signed-off-by: Bhandari, Pramesh(AWF) <[email protected]>

* chore(deps): update codecov/codecov-action digest to e0fbd59 (#126)

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Signed-off-by: Bhandari, Pramesh(AWF) <[email protected]>

* chore: Bump actions/checkout from 3.0.2 to 3.1.0 (#139)

Bumps [actions/checkout](https://github.com/actions/checkout) from 3.0.2 to 3.1.0.
- [Release notes](https://github.com/actions/checkout/releases)
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md)
- [Commits](actions/checkout@2541b12...93ea575)

---
updated-dependencies:
- dependency-name: actions/checkout
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <[email protected]>

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Signed-off-by: Bhandari, Pramesh(AWF) <[email protected]>

* chore: Bump actions/setup-java from e150063ee446b60ce2e35b040e81846da9001576 to a82e6d00200608b0b4c131bc9a89f7349786bd33 (#140)

chore: Bump actions/setup-java

Bumps [actions/setup-java](https://github.com/actions/setup-java) from e150063ee446b60ce2e35b040e81846da9001576 to a82e6d00200608b0b4c131bc9a89f7349786bd33.
- [Release notes](https://github.com/actions/setup-java/releases)
- [Commits](actions/setup-java@e150063...a82e6d0)

---
updated-dependencies:
- dependency-name: actions/setup-java
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <[email protected]>

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Signed-off-by: Bhandari, Pramesh(AWF) <[email protected]>

* chore: bump spotbugs-maven-plugin from 4.7.2.0 to 4.7.2.1 (#136)

Bumps [spotbugs-maven-plugin](https://github.com/spotbugs/spotbugs-maven-plugin) from 4.7.2.0 to 4.7.2.1.
- [Release notes](https://github.com/spotbugs/spotbugs-maven-plugin/releases)
- [Commits](spotbugs/spotbugs-maven-plugin@spotbugs-maven-plugin-4.7.2.0...spotbugs-maven-plugin-4.7.2.1)

---
updated-dependencies:
- dependency-name: com.github.spotbugs:spotbugs-maven-plugin
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <[email protected]>

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Justin Abrahms <[email protected]>
Signed-off-by: Bhandari, Pramesh(AWF) <[email protected]>

* chore: exclude component in git tag (#143)

Signed-off-by: Michael Beemer <[email protected]>

Signed-off-by: Michael Beemer <[email protected]>
Signed-off-by: Bhandari, Pramesh(AWF) <[email protected]>

* chore(deps): update dependency org.cyclonedx:cyclonedx-maven-plugin to v2.7.2 (#141)

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Signed-off-by: Bhandari, Pramesh(AWF) <[email protected]>

* feat!: add rw locks to client/api, hook accessor name (#131)

* fix: add read/write locks to client/api

Signed-off-by: Todd Baert <[email protected]>

* dont lock entire evaluation

Signed-off-by: Todd Baert <[email protected]>

* add tests

Signed-off-by: Todd Baert <[email protected]>

* fixup comment

Signed-off-by: Todd Baert <[email protected]>

* fixup pom comment

Signed-off-by: Todd Baert <[email protected]>

* increase lock granularity, imporove tests

Signed-off-by: Todd Baert <[email protected]>

* fix spotbugs

Signed-off-by: Todd Baert <[email protected]>

* remove commented test

Signed-off-by: Todd Baert <[email protected]>

Signed-off-by: Todd Baert <[email protected]>
Signed-off-by: Bhandari, Pramesh(AWF) <[email protected]>

* chore(deps): update actions/setup-java digest to 3617c43 (#132)

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Signed-off-by: Bhandari, Pramesh(AWF) <[email protected]>

* chore(deps): update amannn/action-semantic-pull-request digest to b314c1b (#135)

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: Justin Abrahms <[email protected]>
Signed-off-by: Bhandari, Pramesh(AWF) <[email protected]>

* chore: Remove dependabot. I like renovate better (#142)

Signed-off-by: Bhandari, Pramesh(AWF) <[email protected]>

* chore(deps): update amannn/action-semantic-pull-request digest to 7c194c2 (#144)

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Signed-off-by: Bhandari, Pramesh(AWF) <[email protected]>

* chore(deps): update github/codeql-action digest to 44edb7c (#133)

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Signed-off-by: Bhandari, Pramesh(AWF) <[email protected]>

* chore(deps): update actions/checkout digest to 8230315 (#122)

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Signed-off-by: Bhandari, Pramesh(AWF) <[email protected]>

* chore(main): release 0.3.0 (#114)

Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Co-authored-by: Justin Abrahms <[email protected]>
Signed-off-by: Bhandari, Pramesh(AWF) <[email protected]>

* chore: re-enable integration tests (#146)

Update test harness and re-enable integration test profile

Signed-off-by: Bhandari, Pramesh(AWF) <[email protected]>

* chore(deps): update actions/cache digest to 9b0c1fc (#145)

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: Justin Abrahms <[email protected]>
Signed-off-by: Bhandari, Pramesh(AWF) <[email protected]>

* fix: merge eval context (#149)

fix merge eval context

Signed-off-by: Robert Grassian <[email protected]>

Signed-off-by: Robert Grassian <[email protected]>
Signed-off-by: Bhandari, Pramesh(AWF) <[email protected]>

* chore(main): release 0.3.1 (#150)

Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Signed-off-by: Bhandari, Pramesh(AWF) <[email protected]>

* chore(deps): update github/codeql-action digest to 297ec80 (#147)

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Signed-off-by: Bhandari, Pramesh(AWF) <[email protected]>

* chore: update test/spec association numbers, badge (#156)

* chore: update test/spec association numbers

Signed-off-by: Todd Baert <[email protected]>

* chore: update spec tag

Signed-off-by: Todd Baert <[email protected]>

Signed-off-by: Todd Baert <[email protected]>
Signed-off-by: Bhandari, Pramesh(AWF) <[email protected]>

* chore(deps): update actions/cache digest to 2b04a41 (#158)

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Signed-off-by: Bhandari, Pramesh(AWF) <[email protected]>

* chore(security): [Snyk] Security upgrade com.github.spotbugs:spotbugs from 4.7.2 to 4.7.3 (#157)

fix: pom.xml to reduce vulnerabilities

The following vulnerabilities are fixed with an upgrade:
- https://snyk.io/vuln/SNYK-JAVA-ORGAPACHECOMMONS-3043138

Co-authored-by: snyk-bot <[email protected]>
Signed-off-by: Bhandari, Pramesh(AWF) <[email protected]>

* chore: Add docs link (#165)

Signed-off-by: Todd Baert <[email protected]>

Signed-off-by: Todd Baert <[email protected]>
Signed-off-by: Bhandari, Pramesh(AWF) <[email protected]>

* chore: Mark project as active. (#167)

Mark project as active.

Signed-off-by: Justin Abrahms <[email protected]>

Signed-off-by: Justin Abrahms <[email protected]>
Signed-off-by: Bhandari, Pramesh(AWF) <[email protected]>

* chore(main): release 1.0.0 (#168)

Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Signed-off-by: Bhandari, Pramesh(AWF) <[email protected]>

* chore(deps): update actions/cache digest to 8bec1e4 (#159)

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Signed-off-by: Bhandari, Pramesh(AWF) <[email protected]>

* changes spotbug scope to provided.

Signed-off-by: Bhandari, Pramesh(AWF) <[email protected]>

Signed-off-by: Todd Baert <[email protected]>
Signed-off-by: Bhandari, Pramesh(AWF) <[email protected]>
Signed-off-by: Justin Abrahms <[email protected]>
Signed-off-by: Justin Abrahms <[email protected]>
Signed-off-by: dependabot[bot] <[email protected]>
Signed-off-by: Michael Beemer <[email protected]>
Signed-off-by: Robert Grassian <[email protected]>
Signed-off-by: Pramesh <[email protected]>
Co-authored-by: Todd Baert <[email protected]>
Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Co-authored-by: Justin Abrahms <[email protected]>
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Step Security Bot <[email protected]>
Co-authored-by: Michael Beemer <[email protected]>
Co-authored-by: Robert Grassian <[email protected]>
Co-authored-by: snyk-bot <[email protected]>
Co-authored-by: Bhandari, Pramesh(AWF) <[email protected]>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@justinabrahms