github ossf/scorecard v3.2.1

latest releases: v5.0.0, v5.0.0-rc2, v5.0.0-rc1...
2 years ago

Changelog

aa634bd: 🌱 Fixes the broken e2e (@naveensrinivasan)
53ae583: Remove obviously invalid URLs from porjects.csv (#1165) (@azeemshaikh38)
0ba864e: Avoid panic in code (#1171) (@azeemshaikh38)
d9e35cd: 🐛 Fix flaky tests in cron/data/add (#1185) (@laurentsimon)
4cca9b4: ✨ Implement local repo client for local folders (#1146) (@laurentsimon)
c73c562: Fix GitHub workflows failing (#1172) (@azeemshaikh38)
8735961: Update shard naming to allow for 1M+ shards (#1170) (@azeemshaikh38)
6088669: 🐛 Fix ListFiles caching in localrepo client (#1190) (@laurentsimon)
b08a4a8: Increase worker replicas (#1173) (@azeemshaikh38)
1db0f97: Sanitized repo URLs ~1M (#1182) (@azeemshaikh38)
1385528: Remove Repo CPU runtime stat logging (#1186) (@azeemshaikh38)
92dff66: 🌱 Bump distroless/base from 56d73a6 to 46d4514 (#1176) (@dependabot[bot])
ed2ef29: 🌱 Bump distroless/base in /cron/webhook (#1177) (@dependabot[bot])
6467b31: 📖 Update CODEOWNERS (#1189) (@r0mdau)
52ce50c: 🌱 Bump distroless/base in /cron/worker (#1193) (@dependabot[bot])
148446b: 🌱 Bump distroless/base in /cron/controller (#1192) (@dependabot[bot])
83649a7: Remove repos package (#1191) (@azeemshaikh38)
a53245a: 🐛 Fix broken e2e tests for Binary Artifacts (@naveensrinivasan)
c751120: 🌱 Reproducible builds in goreleaser (#1198) (@naveensrinivasan)
69f9774: Store metadata in BigQuery (#1197) (@azeemshaikh38)
d3796f2: ✨ Add ClusterFuzzLite to Fuzzing check. (#1166) (@oliverchang)
1cc8601: 📖 Included the meeting minutes (#1202) (@naveensrinivasan)
ff316e1: 🐛 Removed the Binary Artifact (@naveensrinivasan)
a6d298a: ✨ Use checks.yaml to store which repo types are supported by each check (#1195) (@laurentsimon)
257d99e: 🌱 Fixed the failing tests (@naveensrinivasan)
8a83a81: ✨ Validate check.yaml's repo interface support (#1210) (@laurentsimon)
59edb12: 🐛 Use only olivekl@ in CODEOWNER (#1212) (@laurentsimon)
8805ac5: ✨ Add --local option to CLI (#1211) (@laurentsimon)
6562cc1: 🌱 Bump actions/checkout from 2.3.5 to 2.4.0 (@dependabot[bot])
2006be1: 🐛 Token permission check was failing on non-yaml files (@chrismcgehee)
ddd770a: 📖 Updated the community links (#1216) (@naveensrinivasan)
af594d3: spelling (#1219) (@laurentsimon)
67f070f: remove action (#1223) (@laurentsimon)
4ee366e: 🌱 Move docker build checks to ko (#1214) (@naveensrinivasan)
b3ac52a: PR support (#1227) (@laurentsimon)
f319aca: Moving github worflow parsing to its own file (@chrismcgehee)
3dc507b: Using library to parse github workflows (@chrismcgehee)
09b7b3b: ✨ Pull request support for GitHub action (#1222) (@laurentsimon)
4fbd0fe: Adding Chris as facilitator (@chrismcgehee)
929fd6e: deterministic sarif gen (#1233) (@laurentsimon)
ae271b4: 🐛 Validate doc on pre-submit (#1235) (@laurentsimon)
6a2fb2e: Add LGTM to the SAST check (#1232) (@evverx)
5524c97: SAST: no longer skip "neutral" checks (#1237) (@evverx)
795505f: ✨ Remove isScorecardRepo (#1236) (@laurentsimon)
46611ea: Security-Policy: really look for the security policy (@evverx)
9dfac39: Fix the way diff is shown (#1249) (@azeemshaikh38)
ab2bb20: Fix nil-ptr access bug (#1248) (@azeemshaikh38)
c8d2a51: Ignore nil values in Branch-Protection check (#1243) (@azeemshaikh38)
1775025: 🌱 Move from io/ioutil to io and os packages (#1250) (@Juneezee)
51de6b6: Check for issue activity in Maintained (#1251) (@azeemshaikh38)
16cd53d: make install was not installing to GOPATH (@chrismcgehee)
d490455: CI-Test: stop assuming either "statuses" or "check runs" are used (#1259) (@evverx)
6223b66: Add CIIClient interface (#1262) (@azeemshaikh38)
72e20a0: Add repoClient.Close for all e2e tests (#1265) (@azeemshaikh38)
5950fde: 🐛 fix special character in search query to fix fuzzing check (#1241) (@asraa)
4dde356: Fix nil-ptr dereference (#1269) (@azeemshaikh38)
1050b1c: ✨ Add dangerous workflow check with untrusted code checkout pattern (#1168) (@asraa)
63e3b92: fix (#1277) (@laurentsimon)
4502dfb: ✨ Reduce false positives in Token-Permissions for contents permission (#1253) (@laurentsimon)
71e8698: Add a cron job to copy CII badges data (#1278) (@azeemshaikh38)
a05ac54: 🐛 Fix the reproducible builds (#1282) (@naveensrinivasan)
86835fc: 🐛 Fix branch protection results (#1252) (@laurentsimon)
4bd24b8: Including line number: Dockerfile FROM not pinned (#1258) (@chrismcgehee)
cc49494: ✨ [Check split]: Binary-Artifacts (#1244) (@laurentsimon)
0bd5756: Binary-Artifacts: no longer complain about ".bin" files (#1288) (@evverx)
0b32cc3: Fix broken e2e tests (#1291) (@azeemshaikh38)
2375ae2: Add a OssFuzzRepoClient (#1280) (@azeemshaikh38)
0339eea: 🌱 Fix integration test runs (#1286) (@naveensrinivasan)
8fae5b1: Fix more nil-ptr dereferences (#1295) (@azeemshaikh38)
b4e3205: ci: drop trailing whitespaces (#1292) (@evverx)
e15e7b1: More nilptr issues (#1296) (@azeemshaikh38)
9878c4e: Randomize the repos tested during release test (#1299) (@azeemshaikh38)
89b316c: Use blob-based CII client in cron job (#1284) (@azeemshaikh38)
08a7876: Run Dangerous-Workflow in release tests (#1301) (@azeemshaikh38)
5025299: Fix issues with CII client (#1309) (@azeemshaikh38)
6e7e13e: 🌱 Fix vulnerabilities in dependencies (@naveensrinivasan)
10ee2c0: Use pull_request_target + protected env for e2e (#1308) (@azeemshaikh38)
730076f: 🐛 fix dangerous workflow test and workflow parsing (#1283) (@asraa)
9d29765: Signed-Releases: really look for *.sign files (#1298) (@evverx)
fd87314: ✨ Update score for branch protection with levels (#1287) (@laurentsimon)
67c5e93: fix (#1318) (@laurentsimon)
23b0ddb: fix (#1316) (@laurentsimon)

Thanks for all contributors!

Don't miss a new scorecard release

NewReleases is sending notifications on new releases.