github ossf/scorecard v4.0.0

latest releases: v5.0.0, v5.0.0-rc2, v5.0.0-rc1...
2 years ago

Description

This release of Scorecard provides bug fixes, enhancements and new features and many other changes. The project remains available via a docker image.

Release Notes

New code features and enhancements

  • A new Scorecard GitHub Action
  • New checks: License and Dangerous-Workflow
  • Improved scoring system for complex checks like Branch-Protection, Token-Permissions
  • Improved Fuzzing check to support ClusterFuzzLite
  • Added support for new SAST tools like LGTM and SonarCloud in SAST check
  • Support for local code repository (using --local option)
  • Improved parsing of GitHub workflows
  • Improved test coverage
  • Scaled weekly cron job repos to analyze ~1M projects

Scaling

LTS

Contributors

Huge thanks to all community contributors

@laurentsimon, @naveensrinivasan, @chrismcgehee, @azeemshaikh38, @asraa, @olivekl, @evverx, @developer-guy, @oliverchang, @varunsh-coder, @david-a-wheeler, @imjasonh, @nanikjava, @JamieMagee, @lehors, @r0mdau, @cpanato, @dota17, @Juneezee,

New Contributors

Mailing lists

Full Changelog: v3.0.0...v4.0.0

Don't miss a new scorecard release

NewReleases is sending notifications on new releases.