Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

🐛 remove sonatype lift as a recognized dep update tool #3605

Merged
merged 1 commit into from
Oct 25, 2023
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
4 changes: 2 additions & 2 deletions checks/dependency_update_tool_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -77,7 +77,7 @@ func TestDependencyUpdateTool(t *testing.T) {
SearchCommits: []clients.Commit{{Committer: clients.User{ID: 111111111}}},
CallSearchCommits: 1,
expected: scut.TestReturn{
NumberOfWarn: 4,
NumberOfWarn: 3,
},
},
{
Expand All @@ -89,7 +89,7 @@ func TestDependencyUpdateTool(t *testing.T) {
SearchCommits: []clients.Commit{},
CallSearchCommits: 1,
expected: scut.TestReturn{
NumberOfWarn: 4,
NumberOfWarn: 3,
},
},

Expand Down
2 changes: 0 additions & 2 deletions checks/evaluation/dependency_update_tool.go
Original file line number Diff line number Diff line change
Expand Up @@ -21,7 +21,6 @@ import (
"github.com/ossf/scorecard/v4/probes/toolDependabotInstalled"
"github.com/ossf/scorecard/v4/probes/toolPyUpInstalled"
"github.com/ossf/scorecard/v4/probes/toolRenovateInstalled"
"github.com/ossf/scorecard/v4/probes/toolSonatypeLiftInstalled"
)

// DependencyUpdateTool applies the score policy and logs the details
Expand All @@ -33,7 +32,6 @@ func DependencyUpdateTool(name string,
toolDependabotInstalled.Probe,
toolPyUpInstalled.Probe,
toolRenovateInstalled.Probe,
toolSonatypeLiftInstalled.Probe,
}
if !finding.UniqueProbesEqual(findings, expectedProbes) {
e := sce.WithMessage(sce.ErrScorecardInternal, "invalid probe results")
Expand Down
55 changes: 1 addition & 54 deletions checks/evaluation/dependency_update_tool_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -46,10 +46,6 @@ func TestDependencyUpdateTool(t *testing.T) {
Probe: "toolRenovateInstalled",
Outcome: finding.OutcomeNegative,
},
{
Probe: "toolSonatypeLiftInstalled",
Outcome: finding.OutcomeNegative,
},
},
result: scut.TestReturn{
Score: checker.MaxResultScore,
Expand All @@ -71,10 +67,6 @@ func TestDependencyUpdateTool(t *testing.T) {
Probe: "toolRenovateInstalled",
Outcome: finding.OutcomePositive,
},
{
Probe: "toolSonatypeLiftInstalled",
Outcome: finding.OutcomeNegative,
},
},
result: scut.TestReturn{
Score: checker.MaxResultScore,
Expand All @@ -96,39 +88,6 @@ func TestDependencyUpdateTool(t *testing.T) {
Probe: "toolRenovateInstalled",
Outcome: finding.OutcomeNegative,
},
{
Probe: "toolSonatypeLiftInstalled",
Outcome: finding.OutcomeNegative,
},
},
result: scut.TestReturn{
Score: checker.MaxResultScore,
NumberOfInfo: 1,
},
},
{
name: "sonatype",
findings: []finding.Finding{
{
Probe: "toolDependabotInstalled",
Outcome: finding.OutcomeNegative,
},
{
Probe: "toolPyUpInstalled",
Outcome: finding.OutcomeNegative,
},
{
Probe: "toolRenovateInstalled",
Outcome: finding.OutcomeNegative,
},
{
Probe: "toolSonatypeLiftInstalled",
Outcome: finding.OutcomePositive,
},
{
Probe: "toolRenovateInstalled",
Outcome: finding.OutcomeNegative,
},
},
result: scut.TestReturn{
Score: checker.MaxResultScore,
Expand All @@ -150,14 +109,10 @@ func TestDependencyUpdateTool(t *testing.T) {
Probe: "toolPyUpInstalled",
Outcome: finding.OutcomeNegative,
},
{
Probe: "toolSonatypeLiftInstalled",
Outcome: finding.OutcomeNegative,
},
},
result: scut.TestReturn{
Score: checker.MinResultScore,
NumberOfWarn: 4,
NumberOfWarn: 3,
},
},
{
Expand All @@ -171,10 +126,6 @@ func TestDependencyUpdateTool(t *testing.T) {
Probe: "toolPyUpInstalled",
Outcome: finding.OutcomeNegative,
},
{
Probe: "toolSonatypeInstalled",
Outcome: finding.OutcomeNegative,
},
},
result: scut.TestReturn{
Score: checker.InconclusiveResultScore,
Expand All @@ -196,10 +147,6 @@ func TestDependencyUpdateTool(t *testing.T) {
Probe: "toolPyUpInstalled",
Outcome: finding.OutcomeNegative,
},
{
Probe: "toolSonatypeInstalled",
Outcome: finding.OutcomeNegative,
},
{
Probe: "toolInvalidProbeName",
Outcome: finding.OutcomeNegative,
Expand Down
13 changes: 0 additions & 13 deletions checks/raw/dependency_update_tool.go
Original file line number Diff line number Diff line change
Expand Up @@ -113,19 +113,6 @@ var checkDependencyFileExists fileparser.DoWhileTrueOnFilename = func(name strin
},
},
})
case ".lift.toml", ".lift/config.toml":
*ptools = append(*ptools, checker.Tool{
Name: "Sonatype Lift",
URL: asPointer("https://lift.sonatype.com"),
Desc: asPointer("Automated dependency updates. Multi-platform and multi-language."),
Files: []checker.File{
{
Path: name,
Type: finding.FileTypeSource,
Offset: checker.OffsetDefault,
},
},
})
}

// Continue iterating, even if we have found a tool.
Expand Down
5 changes: 2 additions & 3 deletions checks/raw/dependency_update_tool_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -27,7 +27,6 @@ import (
func Test_checkDependencyFileExists(t *testing.T) {
t.Parallel()

//nolint
tests := []struct {
name string
path string
Expand Down Expand Up @@ -97,13 +96,13 @@ func Test_checkDependencyFileExists(t *testing.T) {
{
name: ".lift.toml",
path: ".lift.toml",
want: true,
want: false, // support removed
wantErr: false,
},
{
name: ".lift/config.toml",
path: ".lift/config.toml",
want: true,
want: false, // support removed
wantErr: false,
},
}
Expand Down
1 change: 0 additions & 1 deletion docs/checks.md
Original file line number Diff line number Diff line change
Expand Up @@ -310,7 +310,6 @@ This check tries to determine if the project uses a dependency update tool,
specifically one of:
- [Dependabot](https://docs.github.com/en/code-security/supply-chain-security/keeping-your-dependencies-updated-automatically/configuration-options-for-dependency-updates)
- [Renovate bot](https://docs.renovatebot.com/configuration-options/)
- [Sonatype Lift](https://help.sonatype.com/lift/getting-started)
- [PyUp](https://docs.pyup.io/docs) (Python)
Out-of-date dependencies make a project vulnerable to known flaws and prone to attacks.
These tools automate the process of updating dependencies by scanning for
Expand Down
1 change: 0 additions & 1 deletion docs/checks/internal/checks.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -60,7 +60,6 @@ checks:
specifically one of:
- [Dependabot](https://docs.github.com/en/code-security/supply-chain-security/keeping-your-dependencies-updated-automatically/configuration-options-for-dependency-updates)
- [Renovate bot](https://docs.renovatebot.com/configuration-options/)
- [Sonatype Lift](https://help.sonatype.com/lift/getting-started)
- [PyUp](https://docs.pyup.io/docs) (Python)
Out-of-date dependencies make a project vulnerable to known flaws and prone to attacks.
These tools automate the process of updating dependencies by scanning for
Expand Down
2 changes: 0 additions & 2 deletions probes/entries.go
Original file line number Diff line number Diff line change
Expand Up @@ -42,7 +42,6 @@ import (
"github.com/ossf/scorecard/v4/probes/toolDependabotInstalled"
"github.com/ossf/scorecard/v4/probes/toolPyUpInstalled"
"github.com/ossf/scorecard/v4/probes/toolRenovateInstalled"
"github.com/ossf/scorecard/v4/probes/toolSonatypeLiftInstalled"
)

// ProbeImpl is the implementation of a probe.
Expand All @@ -65,7 +64,6 @@ var (
toolRenovateInstalled.Run,
toolDependabotInstalled.Run,
toolPyUpInstalled.Run,
toolSonatypeLiftInstalled.Run,
}
Fuzzing = []ProbeImpl{
fuzzedWithOSSFuzz.Run,
Expand Down
32 changes: 0 additions & 32 deletions probes/toolSonatypeLiftInstalled/def.yml

This file was deleted.

58 changes: 0 additions & 58 deletions probes/toolSonatypeLiftInstalled/impl.go

This file was deleted.

Loading
Loading