Azeem Shaikh

A suggestion - could `github/codeql-action/upload-sarif` action be expanded to have a `exclude` option, wherein users can specify `ruleIDs` they want to ignore? That enables users to completely disable rules/checks they...

Or better yet - the UI should have an option to allow users to ignore all failures related to a `ruleID`.

IIUC, the problem here is that some repos do not squash when they merge a PR. So when a PR with 5 commits gets merged, each of those commits are...

> Can the "squashed" status be queried? Not AFAIK

Will take a closer look at this tomo. Overall LGTM.

LGTM. 2 open issues would be - unit tests and addressing @evverx's comment.

> Though looking at > > ``` > { > "details": [ > "Info: code-analysis tool 'CodeQL' detected in workflow: .github/workflows/codeql-analysis.yml", > "Warn: linter tool run on 0 commits out...

> re: search API in repoClient @azeemshaikh38 do we need this API at all or can we just let checks use the file listing API https://github.com/ossf/scorecard/blob/main/checks/fileparser/listing.go? It would be nice...

> Could it be that because of that the "code review" check is kind of broken as well? Code-Review does not use GitHub search APIs. It looks like #1505 changed...

> > Commits before that, give systemd/systemd a score of 10 for Code-Review > > I think commits before that are affected by #1260 so it doesn't always work as...