Skip to content

Commit

Permalink
remove sonatype lift
Browse files Browse the repository at this point in the history
Signed-off-by: Spencer Schrock <[email protected]>
  • Loading branch information
spencerschrock committed Oct 24, 2023
1 parent 5f171ba commit 7475206
Show file tree
Hide file tree
Showing 11 changed files with 5 additions and 294 deletions.
4 changes: 2 additions & 2 deletions checks/dependency_update_tool_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -77,7 +77,7 @@ func TestDependencyUpdateTool(t *testing.T) {
SearchCommits: []clients.Commit{{Committer: clients.User{ID: 111111111}}},
CallSearchCommits: 1,
expected: scut.TestReturn{
NumberOfWarn: 4,
NumberOfWarn: 3,
},
},
{
Expand All @@ -89,7 +89,7 @@ func TestDependencyUpdateTool(t *testing.T) {
SearchCommits: []clients.Commit{},
CallSearchCommits: 1,
expected: scut.TestReturn{
NumberOfWarn: 4,
NumberOfWarn: 3,
},
},

Expand Down
2 changes: 0 additions & 2 deletions checks/evaluation/dependency_update_tool.go
Original file line number Diff line number Diff line change
Expand Up @@ -21,7 +21,6 @@ import (
"github.com/ossf/scorecard/v4/probes/toolDependabotInstalled"
"github.com/ossf/scorecard/v4/probes/toolPyUpInstalled"
"github.com/ossf/scorecard/v4/probes/toolRenovateInstalled"
"github.com/ossf/scorecard/v4/probes/toolSonatypeLiftInstalled"
)

// DependencyUpdateTool applies the score policy and logs the details
Expand All @@ -33,7 +32,6 @@ func DependencyUpdateTool(name string,
toolDependabotInstalled.Probe,
toolPyUpInstalled.Probe,
toolRenovateInstalled.Probe,
toolSonatypeLiftInstalled.Probe,
}
if !finding.UniqueProbesEqual(findings, expectedProbes) {
e := sce.WithMessage(sce.ErrScorecardInternal, "invalid probe results")
Expand Down
55 changes: 1 addition & 54 deletions checks/evaluation/dependency_update_tool_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -46,10 +46,6 @@ func TestDependencyUpdateTool(t *testing.T) {
Probe: "toolRenovateInstalled",
Outcome: finding.OutcomeNegative,
},
{
Probe: "toolSonatypeLiftInstalled",
Outcome: finding.OutcomeNegative,
},
},
result: scut.TestReturn{
Score: checker.MaxResultScore,
Expand All @@ -71,10 +67,6 @@ func TestDependencyUpdateTool(t *testing.T) {
Probe: "toolRenovateInstalled",
Outcome: finding.OutcomePositive,
},
{
Probe: "toolSonatypeLiftInstalled",
Outcome: finding.OutcomeNegative,
},
},
result: scut.TestReturn{
Score: checker.MaxResultScore,
Expand All @@ -96,39 +88,6 @@ func TestDependencyUpdateTool(t *testing.T) {
Probe: "toolRenovateInstalled",
Outcome: finding.OutcomeNegative,
},
{
Probe: "toolSonatypeLiftInstalled",
Outcome: finding.OutcomeNegative,
},
},
result: scut.TestReturn{
Score: checker.MaxResultScore,
NumberOfInfo: 1,
},
},
{
name: "sonatype",
findings: []finding.Finding{
{
Probe: "toolDependabotInstalled",
Outcome: finding.OutcomeNegative,
},
{
Probe: "toolPyUpInstalled",
Outcome: finding.OutcomeNegative,
},
{
Probe: "toolRenovateInstalled",
Outcome: finding.OutcomeNegative,
},
{
Probe: "toolSonatypeLiftInstalled",
Outcome: finding.OutcomePositive,
},
{
Probe: "toolRenovateInstalled",
Outcome: finding.OutcomeNegative,
},
},
result: scut.TestReturn{
Score: checker.MaxResultScore,
Expand All @@ -150,14 +109,10 @@ func TestDependencyUpdateTool(t *testing.T) {
Probe: "toolPyUpInstalled",
Outcome: finding.OutcomeNegative,
},
{
Probe: "toolSonatypeLiftInstalled",
Outcome: finding.OutcomeNegative,
},
},
result: scut.TestReturn{
Score: checker.MinResultScore,
NumberOfWarn: 4,
NumberOfWarn: 3,
},
},
{
Expand All @@ -171,10 +126,6 @@ func TestDependencyUpdateTool(t *testing.T) {
Probe: "toolPyUpInstalled",
Outcome: finding.OutcomeNegative,
},
{
Probe: "toolSonatypeInstalled",
Outcome: finding.OutcomeNegative,
},
},
result: scut.TestReturn{
Score: checker.InconclusiveResultScore,
Expand All @@ -196,10 +147,6 @@ func TestDependencyUpdateTool(t *testing.T) {
Probe: "toolPyUpInstalled",
Outcome: finding.OutcomeNegative,
},
{
Probe: "toolSonatypeInstalled",
Outcome: finding.OutcomeNegative,
},
{
Probe: "toolInvalidProbeName",
Outcome: finding.OutcomeNegative,
Expand Down
13 changes: 0 additions & 13 deletions checks/raw/dependency_update_tool.go
Original file line number Diff line number Diff line change
Expand Up @@ -113,19 +113,6 @@ var checkDependencyFileExists fileparser.DoWhileTrueOnFilename = func(name strin
},
},
})
case ".lift.toml", ".lift/config.toml":
*ptools = append(*ptools, checker.Tool{
Name: "Sonatype Lift",
URL: asPointer("https://lift.sonatype.com"),
Desc: asPointer("Automated dependency updates. Multi-platform and multi-language."),
Files: []checker.File{
{
Path: name,
Type: finding.FileTypeSource,
Offset: checker.OffsetDefault,
},
},
})
}

// Continue iterating, even if we have found a tool.
Expand Down
5 changes: 2 additions & 3 deletions checks/raw/dependency_update_tool_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -27,7 +27,6 @@ import (
func Test_checkDependencyFileExists(t *testing.T) {
t.Parallel()

//nolint
tests := []struct {
name string
path string
Expand Down Expand Up @@ -97,13 +96,13 @@ func Test_checkDependencyFileExists(t *testing.T) {
{
name: ".lift.toml",
path: ".lift.toml",
want: true,
want: false, // support removed
wantErr: false,
},
{
name: ".lift/config.toml",
path: ".lift/config.toml",
want: true,
want: false, // support removed
wantErr: false,
},
}
Expand Down
1 change: 0 additions & 1 deletion docs/checks.md
Original file line number Diff line number Diff line change
Expand Up @@ -310,7 +310,6 @@ This check tries to determine if the project uses a dependency update tool,
specifically one of:
- [Dependabot](https://docs.github.com/en/code-security/supply-chain-security/keeping-your-dependencies-updated-automatically/configuration-options-for-dependency-updates)
- [Renovate bot](https://docs.renovatebot.com/configuration-options/)
- [Sonatype Lift](https://help.sonatype.com/lift/getting-started)
- [PyUp](https://docs.pyup.io/docs) (Python)
Out-of-date dependencies make a project vulnerable to known flaws and prone to attacks.
These tools automate the process of updating dependencies by scanning for
Expand Down
1 change: 0 additions & 1 deletion docs/checks/internal/checks.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -60,7 +60,6 @@ checks:
specifically one of:
- [Dependabot](https://docs.github.com/en/code-security/supply-chain-security/keeping-your-dependencies-updated-automatically/configuration-options-for-dependency-updates)
- [Renovate bot](https://docs.renovatebot.com/configuration-options/)
- [Sonatype Lift](https://help.sonatype.com/lift/getting-started)
- [PyUp](https://docs.pyup.io/docs) (Python)
Out-of-date dependencies make a project vulnerable to known flaws and prone to attacks.
These tools automate the process of updating dependencies by scanning for
Expand Down
2 changes: 0 additions & 2 deletions probes/entries.go
Original file line number Diff line number Diff line change
Expand Up @@ -42,7 +42,6 @@ import (
"github.com/ossf/scorecard/v4/probes/toolDependabotInstalled"
"github.com/ossf/scorecard/v4/probes/toolPyUpInstalled"
"github.com/ossf/scorecard/v4/probes/toolRenovateInstalled"
"github.com/ossf/scorecard/v4/probes/toolSonatypeLiftInstalled"
)

// ProbeImpl is the implementation of a probe.
Expand All @@ -65,7 +64,6 @@ var (
toolRenovateInstalled.Run,
toolDependabotInstalled.Run,
toolPyUpInstalled.Run,
toolSonatypeLiftInstalled.Run,
}
Fuzzing = []ProbeImpl{
fuzzedWithOSSFuzz.Run,
Expand Down
32 changes: 0 additions & 32 deletions probes/toolSonatypeLiftInstalled/def.yml

This file was deleted.

58 changes: 0 additions & 58 deletions probes/toolSonatypeLiftInstalled/impl.go

This file was deleted.

Loading

0 comments on commit 7475206

Please sign in to comment.