AggregateScores adds up all scores and normalizes the result.

AggregateScoresWithWeight adds up all scores and normalizes the result.

CreateInconclusiveResult is used when the check runs without runtime errors, but we don't have enough evidence to set a score.

CreateMaxScoreResult is used when the check runs without runtime errors and we can assign a maximum score to the result.

CreateMinScoreResult is used when the check runs without runtime errors and we can assign a minimum score to the result.

CreateProportionalScore creates a proportional score.

CreateProportionalScoreResult is used when the check runs without runtime errors and we assign a proportional score.

CreateProportionalScoreWeighted creates the proportional score between multiple successes over the total, but some proportions are worth more.

CreateResultWithScore is used when the check runs without runtime errors, and we want to assign a specific score.

CreateRuntimeErrorResult is used when the check fails to run because of a runtime error.

GetClients returns a list of clients for running scorecard checks.

ListUnsupported returns []RequestType not in `supported` and are `required`.

LogFinding logs the given finding at the given level.

NewLogger creates a new instance of `DetailLogger`.

NewRunner creates a new instance of `Runner`.

NormalizeReason - placeholder function if we want to update range of scores.

CodeQLWorkflow represents a workflow that runs CodeQL.

CommitBased request types require checks to run on non-HEAD commit content.

DangerousWorkflowScriptInjection represents a script injection.

DangerousWorkflowUntrustedCheckout represents an untrusted checkout.

DependencyUseTypeChocoCommand is a choco command.

DependencyUseTypeDockerfileContainerImage a container image used via FROM.

DependencyUseTypeDownloadThenRun is a download followed by a run.

DependencyUseTypeGHAction is an action.

DependencyUseTypeGoCommand is a go command.

DependencyUseTypeNpmCommand is an npm command.

DependencyUseTypeNugetCommand is a nuget command.

DependencyUseTypePipCommand is a pip command.

DetailDebug is debug log.

DetailInfo is info-level log.

DetailWarn is warned log.

FileBased request types require checks to run solely on file-content.

InconclusiveResultScore is returned when no reliable information can be retrieved by a check.

sources of license information used to assert repo's license.

MaxResultScore is the best score that can be given by a check.

MinResultScore is the worst score that can be given by a check.

OffsetDefault is used if we can't determine the offset, for example when referencing a file but not a specific location in the file.

PermissionLevelNone is a permission set to `none`.

PermissionLevelRead is a permission set to `read`.

PermissionLevelUndeclared is an undeclared permission.

PermissionLevelUnknown is for other kinds of alerts, mostly to support debug messages.

PermissionLevelWrite is a permission set to `write` for a permission we consider potentially dangerous.

PermissionLocationJob is job-level workflow permission.

PermissionLocationTop is top-level workflow permission.

PysaWorkflow represents a workflow that runs Pysa.

QodanaWorkflow represents a workflow that runs Qodana.

forms of security policy hints being evaluated.

SnykWorkflow represents a workflow that runs Snyk.

SonarWorkflow represents a workflow that runs Sonar.

ArchivedStatus defines the archived status.

BinaryArtifactData contains the raw results for the Binary-Artifact check.

BranchProtectionsData contains the raw results for the Branch-Protection check.

Check defines a Scorecard check fn and its supported request types.

CheckDetail contains information for each detail.

CheckRequest struct encapsulates all data to be passed into a CheckFn.

CheckResult captures result from a check run.

CIIBestPracticesData contains data for CIIBestPractices check.

CodeReviewData contains the raw results for the Code-Review check.

ContributorsData represents contributor information.

DangerousWorkflow represents a dangerous workflow.

DangerousWorkflowData contains raw results for dangerous workflow check.

Dependency represents a dependency.

DependencyUpdateToolData contains the raw results for the Dependency-Update-Tool check.

ElementError allows us to identify the "element" that led to the given error.

File represents a file.

FuzzingData represents different fuzzing done.

license details.

LicenseData contains the raw results for the License check.

one file contains one license.

LogMessage is a structure that encapsulates detail's information.

MaintainedData contains the raw results for the Maintained check.

Package represents a package.

PackagingData contains results for the Packaging check.

PinningDependenciesData represents pinned dependency data.

ProportionalScoreWeighted is a structure that contains the fields to calculate weighted proportional scores.

RawResults contains results before a policy is applied.

Run represents a run.

Runner runs a check with retries.

SASTData contains the raw results for the SAST check.

SASTWorkflow represents a SAST workflow.

SBOM details.

SBOMData contains the raw results for the SBOM check.

SecurityPolicyData contains the raw results for the Security-Policy check.

SignedReleasesData contains the raw results for the Signed-Releases check.

TokenPermission defines a token permission result.

TokenPermissionsData represents data about a permission failure.

Tool represents a tool.

VulnerabilitiesData contains the raw results for the Vulnerabilities check.

WebhooksData contains the raw results for the Webhook check.

WorkflowJob represents a workflow job.

DetailLogger logs a CheckDetail struct.

CheckFn defined for convenience.

CheckNameToFnMap defined here for convenience.

DangerousWorkflowType represents a type of dangerous workflow.

DependencyUseType represents a type of dependency use.

PermissionLevel represents a permission type.

PermissionLocation represents a declaration type.

RequestType identifies special requirements/attributes that need to be supported by checks.

SASTWorkflowType represents a type of SAST workflow.