Giters

ossf / scorecard

OpenSSF Scorecard - Security health metrics for Open Source

Home Page:https://scorecard.dev

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

BUG: Scanning a gitlab project with no commits crashes

ashearin opened this issue · comments

commented

Describe the bug
Probably an edge case, but attempting to scan a repo with no commits fails.

$ go run main.go --repo gitlab.com/*****/test-repo
Starting [Vulnerabilities]
Starting [Dependency-Update-Tool]
Starting [Binary-Artifacts]
Starting [Maintained]
Starting [Security-Policy]
Starting [Contributors]
Starting [CII-Best-Practices]
Starting [Packaging]
Starting [Branch-Protection]
Starting [Pinned-Dependencies]
Starting [License]
Starting [Token-Permissions]
Starting [Fuzzing]
Starting [Code-Review]
Starting [Signed-Releases]
Starting [CI-Tests]
Starting [Dangerous-Workflow]
Starting [SAST]
panic: runtime error: index out of range [0] with length 0

Reproduction steps
Steps to reproduce the behavior:

  1. Create new GitLab repository (Do not initialize with a readme)
  2. Set GITLAB_AUTH_TOKEN (if above repo is private)
  3. run scorecard --repo gitlab.com/myrepo

Expected behavior
Scorecard runs/completes without error. Potentially returning a warning, but at least returning no score for anything commit based.

Additional context
Add any other context about the problem here.