Description
This release of Scorecard provides bug fixes, enhancements and new features, including many changes that are not compatible with earlier versions of Scorecard. The project remains available via a docker image.
Release Notes
API changes
We are experimenting with new APIs based on user feedback to improve clarity and usability. Please try them out and leave us feedback on the scorecard repository!
New code features and enhancements
- Numeric scoring and risk categories replace Pass/Fail.
- Aggregated score.
- Improved JSON output (
--format json | jq). - New repo interface to simplify the future integration of other code versioning systems besides GitHub.
- Use GitHub v4 (GraphQL) APIs instead of REST API to improve performance and efficiency.
- Improved documentation (checks and main README).
Removal
- Support for CSV format has been removed. Please use the JSON format to upgrade.
Scaling
- Weekly scans for 200k GitHub repos with critical ecosystems dependencies from deps.dev.
- Weekly scan results are available in a BigQuery table in the new JSON format.
LTS
- Weekly scans that output the older JSON format will continue until 31 March 2022.
- Weekly scans that output the new JSON format will be available at least until the end of 2022.
Huge thanks to all community contributors
@naveensrinivasan, @chrismcgehee, @nanikjava, @rsprabery, @slugclub, @nathan-415, @neil465, @notanton, @ben-moss, @evalphobia, @johanbrandhorst, @iamamoose, @david-a-wheeler, @olivekl, @asraa, @loosebazooka, @meder, @oliverchang, @azeemshaikh38, @laurentsimon
Mailing lists
- Stay updated with new releases and other announcements by joining ossf-scorecard-announce@googlegroups.com.
- Ask questions, get access to design docs, etc. by joining ossf-scorecard-dev@googlegroups.com.