Skip to content

Commit 2882cc1

Browse files
committed
fix: apply ruff format, fix scorecard-action tag v2 -> v2.4.0
- Run ruff format on all 31 unformatted files - Fix ossf/scorecard-action@v2 (tag doesn't exist) to @v2.4.0 - Fix scorecard generator template to use v2.4.0 - All ruff check + format + 147 tests pass
1 parent 935e6c5 commit 2882cc1

33 files changed

Lines changed: 1856 additions & 968 deletions

.github/workflows/scorecard.yml

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -37,7 +37,7 @@ jobs:
3737
persist-credentials: false
3838

3939
- name: "Run Scorecard"
40-
uses: ossf/scorecard-action@v2
40+
uses: ossf/scorecard-action@v2.4.0
4141
with:
4242
results_file: results.sarif
4343
results_format: sarif

src/ossguard/analyzers/audit.py

Lines changed: 17 additions & 14 deletions
Original file line numberDiff line numberDiff line change
@@ -34,17 +34,22 @@ def config_pct(self) -> int:
3434
return int((self.config_score / self.config_total) * 100)
3535

3636
def to_json(self) -> str:
37-
return json.dumps({
38-
"audit_time": self.audit_time,
39-
"overall_grade": self.overall_grade,
40-
"config_score": f"{self.config_score}/{self.config_total}",
41-
"dep_health_score": self.dep_health.aggregate_score if self.dep_health else None,
42-
"total_vulns": self.dep_health.total_vulns if self.dep_health else 0,
43-
"reachable_vulns": self.reachability.reachable_vulns if self.reachability else 0,
44-
"noise_reduction": self.reachability.noise_reduction_pct if self.reachability else 0,
45-
"findings": self.findings,
46-
"recommendations": self.recommendations,
47-
}, indent=2)
37+
return json.dumps(
38+
{
39+
"audit_time": self.audit_time,
40+
"overall_grade": self.overall_grade,
41+
"config_score": f"{self.config_score}/{self.config_total}",
42+
"dep_health_score": self.dep_health.aggregate_score if self.dep_health else None,
43+
"total_vulns": self.dep_health.total_vulns if self.dep_health else 0,
44+
"reachable_vulns": self.reachability.reachable_vulns if self.reachability else 0,
45+
"noise_reduction": self.reachability.noise_reduction_pct
46+
if self.reachability
47+
else 0,
48+
"findings": self.findings,
49+
"recommendations": self.recommendations,
50+
},
51+
indent=2,
52+
)
4853

4954

5055
def run_audit(project_path: str | Path) -> AuditReport:
@@ -104,9 +109,7 @@ def run_audit(project_path: str | Path) -> AuditReport:
104109
report.dep_health = dep_report
105110

106111
if dep_report.critical_vulns > 0:
107-
findings.append(
108-
f"{dep_report.critical_vulns} CRITICAL vulnerabilities in dependencies"
109-
)
112+
findings.append(f"{dep_report.critical_vulns} CRITICAL vulnerabilities in dependencies")
110113
recommendations.append("Immediately update packages with critical vulns")
111114
if dep_report.high_vulns > 0:
112115
findings.append(f"{dep_report.high_vulns} HIGH severity vulnerabilities")

src/ossguard/analyzers/badge.py

Lines changed: 52 additions & 19 deletions
Original file line numberDiff line numberDiff line change
@@ -40,22 +40,54 @@ def is_ready(self) -> bool:
4040
_CRITERIA = [
4141
# Basics
4242
("basics_description", "Basics", "The project MUST have a description of what it does."),
43-
("basics_interact", "Basics", "The project MUST provide a way for users to interact with developers."),
43+
(
44+
"basics_interact",
45+
"Basics",
46+
"The project MUST provide a way for users to interact with developers.",
47+
),
4448
("basics_contribution", "Basics", "The project MUST have a contribution guide."),
45-
("basics_license", "Basics", "The project MUST be released under an OSI-approved open source license."),
49+
(
50+
"basics_license",
51+
"Basics",
52+
"The project MUST be released under an OSI-approved open source license.",
53+
),
4654
# Change control
47-
("change_public_repo", "Change Control", "The project MUST have a public version-controlled repository."),
55+
(
56+
"change_public_repo",
57+
"Change Control",
58+
"The project MUST have a public version-controlled repository.",
59+
),
4860
("change_version_semver", "Change Control", "The project MUST use semantic versioning."),
4961
# Reporting
50-
("report_vulnerability_process", "Reporting", "The project MUST have a vulnerability reporting process (SECURITY.md)."),
51-
("report_vulnerability_private", "Reporting", "The project MUST support private vulnerability reporting."),
62+
(
63+
"report_vulnerability_process",
64+
"Reporting",
65+
"The project MUST have a vulnerability reporting process (SECURITY.md).",
66+
),
67+
(
68+
"report_vulnerability_private",
69+
"Reporting",
70+
"The project MUST support private vulnerability reporting.",
71+
),
5272
# Quality
5373
("quality_tests", "Quality", "The project MUST have an automated test suite."),
5474
("quality_ci", "Quality", "The project MUST use CI to run tests automatically."),
5575
# Security
56-
("security_static_analysis", "Security", "The project MUST use at least one static analysis tool (e.g. CodeQL)."),
57-
("security_dependency_monitoring", "Security", "The project MUST monitor dependencies for known vulnerabilities."),
58-
("security_hardened_dependencies", "Security", "Dependencies MUST be updated when vulnerabilities are found."),
76+
(
77+
"security_static_analysis",
78+
"Security",
79+
"The project MUST use at least one static analysis tool (e.g. CodeQL).",
80+
),
81+
(
82+
"security_dependency_monitoring",
83+
"Security",
84+
"The project MUST monitor dependencies for known vulnerabilities.",
85+
),
86+
(
87+
"security_hardened_dependencies",
88+
"Security",
89+
"Dependencies MUST be updated when vulnerabilities are found.",
90+
),
5991
# Analysis
6092
("analysis_scorecard", "Analysis", "The project SHOULD use OpenSSF Scorecard."),
6193
("analysis_sbom", "Analysis", "The project SHOULD generate SBOMs."),
@@ -75,14 +107,16 @@ def assess_badge_readiness(project_path: str | Path) -> BadgeReport:
75107
# Assess each criterion
76108
for crit_id, category, question in _CRITERIA:
77109
status, evidence, suggestion = _assess_criterion(crit_id, info, path)
78-
criteria.append(BadgeCriterion(
79-
id=crit_id,
80-
category=category,
81-
question=question,
82-
status=status,
83-
evidence=evidence,
84-
suggestion=suggestion,
85-
))
110+
criteria.append(
111+
BadgeCriterion(
112+
id=crit_id,
113+
category=category,
114+
question=question,
115+
status=status,
116+
evidence=evidence,
117+
suggestion=suggestion,
118+
)
119+
)
86120

87121
met = sum(1 for c in criteria if c.status == "met")
88122
unmet = sum(1 for c in criteria if c.status == "unmet")
@@ -98,9 +132,7 @@ def assess_badge_readiness(project_path: str | Path) -> BadgeReport:
98132
)
99133

100134

101-
def _assess_criterion(
102-
crit_id: str, info: ProjectInfo, path: Path
103-
) -> tuple[str, str, str]:
135+
def _assess_criterion(crit_id: str, info: ProjectInfo, path: Path) -> tuple[str, str, str]:
104136
"""Assess a single criterion. Returns (status, evidence, suggestion)."""
105137

106138
if crit_id == "basics_description":
@@ -143,6 +175,7 @@ def _assess_criterion(
143175
return "met", "Version found in pyproject.toml", ""
144176
if pkg_json.exists():
145177
import json
178+
146179
data = json.loads(pkg_json.read_text())
147180
if "version" in data:
148181
return "met", f"Version {data['version']} in package.json", ""

0 commit comments

Comments
 (0)