github ossf/scorecard v2.2.3

latest releases: v5.0.0, v5.0.0-rc2, v5.0.0-rc1...
3 years ago

Changelog

7b912e8 Return DefaultBranch as part of ListBranches (#960)
830c4f5 100k cron job repos (#958)
afe5b40 Make RepoClient as default interface for Scorecard (#951)
1434977 :sparkling: Upgraded to go 1.17
eceb577 Add and use RepoClient API for ListStatuses (#949)
eb2b3b2 Add RepoClient API for ListCheckRunsForRef (#948)
8f5e742 ✨ Improve JSON format (#934)
b5e4c77 🌱 Bump distroless/base from 19d927c to a74f307 (#945)
992775e 🌱 Bump distroless/base in /cron/webhook (#946)
dcbf752 🌱 Bump cloud.google.com/go/bigquery from 1.21.0 to 1.22.0 (#939)
dcbfb3c Fix syntax bug in CloudBuild YAML (#947)
df2acb4 Add COMMIT_SHA to Scorecard docker image (#944)
d6b6012 Specify fractions instead of percentage (#943)
99b9c91 Use RepoClient API for Packaging check (#940)
bb6e010 ✨ Decouple scorecard json from cron json (#941)
001ba67 🌱 Bump github.com/jszwec/csvutil from 1.5.0 to 1.5.1
d6ba2cd Fix #890 (#938)
e305a94 Use ListReleases API for BranchProtection check (#937)
9a1978a Use RefUpdateRule in BranchProtection check (#936)
d9f5209 Update test utils (#933)
dbb2345 ✨ Add line number to unpinned dependency: GitHub workflow "uses" field (#821)
ee6acdd Syntax bug in k8s file (#931)
915bad8 🌱 Bump distroless/base in /cron/worker
95c2df2 🌱 Bump distroless/base from bc84925 to 19d927c in /cron/bq (#926)
51016ea 🌱 Bump cloud.google.com/go/pubsub from 1.15.0 to 1.16.0 (#904)
c1edcea Use a completion threshold for BQ transfers (#930)
f40fa63 🌱 Included race flag to tests (#921)
d9b4188 🌱 Bump distroless/base in /cron/webhook
5b74c04 🌱 Bump distroless/base in /cron/controller
fe54c51 Only call GitHub APIs when needed (#918)
c9a617b 📖 Expand "Motivation" section (#924)
37696ac Create and use MockRepoClient in unit tests (#922)
50fd921 🌱 Fix the dependabot settings
f2afdba 🌱 Bump actions/setup-go from 2.1.3 to 2.1.4
b93f385 🌱 Bump distroless/base from ccbc79c to 19d927c
788fd33 ✨ Add JSON unit tests (#915)
e083f04 🐛 Fix date cron issue (#914)
d8e49e0 Remove unwanted dependencies (#913)
9eb7929 🐛 Address friction logs' comments (#899)
1c7c1e3 Fix bug in shardNum calculation (#910)
2d65ab4 Remove ErrRepoUnavailable (#908)
b89808f Pin protoc by SHA (#909)
e73f08e Fix nil ptr dereference (#907)
cc30d54 Use arduino/setup-protoc for installing Protoc (#903)
8cf95c4 Use singleton pattern for OSS-Fuzz (#902)
41d0ce3 Replace errors.As with Is (#901)
46a655d Fixes for Branch Protection (#900)
7bc2e00 🌱 Bump peter-evans/find-comment from 1.2.0 to 1.3.0 (#893)
ad134ac ✨ Add hash to results (JSON, SARIF) (#892)
6403eb1 ✨ Transition Packaging, SAST, Security-policy, Signed-releases check to the new structured detail format (#887)
b731f45 ✨ Transition Vulnerabilities, Permissions, CI-Tests, Dependency-Update-Tool, Code-Reviews to structured details (#889)
27c5821 Update README.md (#888)
aea1249 Add ephemeral-storage to cron worker (#885)
276155d ✨ SARIF 4: Add support to output SARIF format (#866)
d1de6cf support v3 (#883)
bb70e15 Remove token-heavy checks from cron job (#882)
77a4160 🌱 Bump github.com/onsi/gomega from 1.15.0 to 1.16.0 (#879)
b7c0d03 Handle GitHub repos with redirects (#876)
42700ee 🌱 Bump actions/github-script from 4.0.2 to 4.1
c73b28f ✨ fix: add github.com as default for owner/repo parameter (#872)
c54d77b 🐛 Only validate shell scripts supported by our parser (#862)
04e8bcf 🌱 Bump cloud.google.com/go/bigquery from 1.20.1 to 1.21.0 (#870)
1c9a255 Update docs to use :stable release (#865)
fa4e8a4 🌱 Bump github.com/golangci/golangci-lint from 1.41.1 to 1.42.0 (#869)
e7d9ec5 🌱 Bump cloud.google.com/go/pubsub from 1.14.0 to 1.15.0 (#858)
63a8fc7 Nil pointer dereference (#864)
cf01ea6 Fix nil pointer dereference bug (#860)
dbdcd4b ✨ SARIF 1: add structured detail (#843)
0a0d292 ✨ SARIF 3: add flag to yaml (#853)
13ef9dd Use RepoClient.Search API in SAST check (#857)
23764f0 ✨ Upload cron results to a table with new format (#830)
b3a3f7e ✨ SARIF 2: add short description to checks.yml (#848)
7233742 🌱 Bump go.uber.org/zap from 1.18.1 to 1.19.0 (#834)
42ee430 Use RepoClient API for Fuzzing (#855)
4c585f2 Fix nil pointer bug (#856)
8baaaa4 Use RepoClient API for Contributors check (#854)
b7ddc9a Update go-github version for consistency (#852)
d4701c4 Delete Signed-Tags check from Scorecard (#851)
29fbdae Enable automated e2e testing and releases (#850)
3f9431d Update SignedReleases to use RepoClient API (#844)
e160d4a 📖 Fixed the typos and rephrased some (#849)
7790d70 Use consistent golang image across Dockerfiles (#847)
cc312f2 ✨ feature: branch protection without admin token (#823)
a10baab 🌱 Bump golang from 5cdc91c to 3c4de86 (#846)
cbc556f Append changelog to new releases (#838)
eeb563b Update SAST and CITest with Repoclient API (#842)
5bcc1fd populate old details (#841)
977c2b8 Log runtime failures in cron job (#840)
20370f7 🐛 Look for organisation default .github security.md files in all the locations they are allowed to be in (#837)
ee8e402 🌱 Bump github.com/google/go-containerregistry (#832)
4fcb0a3 Fix a bug in flag parsing (#836)
0f6cbc1 🌱 Bump cloud.google.com/go/pubsub from 1.13.0 to 1.14.0 (#833)
6cc4135 Remove false log statement (#835)
bbf99ad 🌱 Bump cloud.google.com/go/bigquery from 1.19.0 to 1.20.1 (#820)
0561c15 Post to webhook on successful cron job completion (#829)
bc67dd3 Create a webhook for tagging Docker images (#828)
ce7d4c3 Update BQ query in README.md (#831)
a2e34ed 🌱 Bump crazy-max/ghaction-import-gpg from 3.1.0 to 3.2.0
ef9880c 🌱 Implemented ignore for license check

Don't miss a new scorecard release

NewReleases is sending notifications on new releases.