* initial flatten deps scan
* move 3rd party scan to separate action
* allow fork to run
* install requests
* use packages
* pip install
* rename
* conditional vuln report
* trailing whitespace
* trailing whitespace
* detailed print
* add testing file
* add upload test sarif
* results sarif
* move sarif
* upload modified sarif
* test flow
* test with results.sarif
* formatting
* test naming convention
* description with text in artifactLocation
* don't use locations
* use template sarif
* just use template
* add one field mod
* add another field mod
* use actual osvReport
* add field
* add field
* test
* no information uri
* no information uri
* add name
* template NA data for results
* back to minimal template
* dynamic rules
* template update
* no results
* only use template
* test
* new test
* new test
* add back locations
* descriptive fields
* test
* use package name
* variable commit hash
* add chromium accessibility readme support
* use batch query test
* clean up
* use variables for sarif template
* initial automating ancestor commit
* allow for workflow on testing
* install gitpython in workflow
* wrap in try
* expand try
* check commit is not none
* quiet clone
* fix commit newline
* proper print for failed deps
* remove gitpython
* remove import
* fix origin source
* remove .dart from dep names
* update dep
* typo
* update
* clone into controlled name repo now
* fix github upstream clone url
* test CVE finding
* use templated rule and result
* typo
* remove test CVE
* add link straight to OSV DB
* comments
* use os mkdir
* check time of pinned commit
* quiet git
* print osv api query results if vulns found
* move upstream mapping into DEPS file
* add testing for DEPS file
* add khronos exception
* add basic ancestor commit test
* no vulns message
* do not produce empty sarif
* add yaml
* remove unused python dep
* no change?
* no more print, causing recipe issues
* string test
* string test
* no more fstrings
* convert to .format
* syntax
* remove unused dep
* test
* switch test script
* no encoding
* add back test
* typo
* remove scan flat deps tests again
* update
* fix tests
* typo
* newline
* use checkout dir
* prefix
* update to use prefix
* lint
* runhook attempt
* lint
* lint
* lint
* lint
* no license blurb
* cleanup
* enable for main
* do not raise error
* run on branch
* data indentation
* check file existence
* workflow updates
* add push for testing
* syntax
* workflow test
* test github action
* syntax
* allow empty report
* update cron
* pin hash
* newline
* sort by key with prefix omitted
* alphabetize, copyright header
* pylint tests
* lint
* lint
* trailing whitespace?
* lint
* update
* get error types
* allow test
* use output
* only main branch
* licenses check
* results.sarif
* revert
* license updates
* add upstream
* replace Requests library with urllib, remove pylint wrapper
* lint
* undo license
* clone test nit
* isinstance
* DEPS formatting
Co-authored-by: Zachary Anderson <zanderso@users.noreply.github.com>
* use subprocess.check_output
* lint
* lint
* review syntax from comments
* remove line
* more description in error
* lint
* fix checkout path
* remove duplicate eval
* lint
* lint
* lint
* clone-test mkdir and cleanup
* use shutil.rmtree for non-empty dir
* lint
* linting
* linting
* var name
* Update ci/deps_parser_tests.py
Co-authored-by: Zachary Anderson <zanderso@users.noreply.github.com>
* Update ci/deps_parser_tests.py
Co-authored-by: Zachary Anderson <zanderso@users.noreply.github.com>
* more description
* lint
* refactor deps file parsing
* early return
* lint
Co-authored-by: Zachary Anderson <zanderso@users.noreply.github.com>
* initial flatten deps scan
* move 3rd party scan to separate action
* allow fork to run
* install requests
* use packages
* pip install
* rename
* conditional vuln report
* trailing whitespace
* trailing whitespace
* detailed print
* add testing file
* add upload test sarif
* results sarif
* move sarif
* upload modified sarif
* test flow
* test with results.sarif
* formatting
* test naming convention
* description with text in artifactLocation
* don't use locations
* use template sarif
* just use template
* add one field mod
* add another field mod
* use actual osvReport
* add field
* add field
* test
* no information uri
* no information uri
* add name
* template NA data for results
* back to minimal template
* dynamic rules
* template update
* no results
* only use template
* test
* new test
* new test
* add back locations
* descriptive fields
* test
* use package name
* variable commit hash
* add chromium accessibility readme support
* use batch query test
* clean up
* use variables for sarif template
* initial automating ancestor commit
* allow for workflow on testing
* install gitpython in workflow
* wrap in try
* expand try
* check commit is not none
* quiet clone
* fix commit newline
* proper print for failed deps
* remove gitpython
* remove import
* fix origin source
* remove .dart from dep names
* update dep
* typo
* update
* clone into controlled name repo now
* fix github upstream clone url
* test CVE finding
* use templated rule and result
* typo
* remove test CVE
* add link straight to OSV DB
* comments
* use os mkdir
* check time of pinned commit
* quiet git
* print osv api query results if vulns found
* move upstream mapping into DEPS file
* add testing for DEPS file
* add khronos exception
* add basic ancestor commit test
* no vulns message
* do not produce empty sarif
* add yaml
* remove unused python dep
* no change?
* no more print, causing recipe issues
* string test
* string test
* no more fstrings
* convert to .format
* syntax
* remove unused dep
* test
* switch test script
* no encoding
* add back test
* typo
* remove scan flat deps tests again
* update
* fix tests
* typo
* newline
* use checkout dir
* prefix
* update to use prefix
* lint
* runhook attempt
* lint
* lint
* lint
* lint
* no license blurb
* cleanup
* enable for main
* do not raise error
* run on branch
* data indentation
* check file existence
* boringssl metadata for vuln scan
* update date, add owners test
* move unsupported actions into new job
* temp remove branch protection for test
* minor change
* fake change
* no branch check
* re-enable branch protection
* updates
* refactor further into generic setup
* remove setup stage
* no more needs
* boringssl metadata for vuln scan
* update date, add owners test
* move unsupported actions into new job
* temp remove branch protection for test
* minor change
* fake change
* no branch check
* re-enable branch protection
* updates
* refactor further into generic setup
