ossf/scorecard v4.1.0

on GitHub

Changelog

• 33f80c9 Fix golangci-lint issues
• 53bae3e feat: upgrade to ko v0.10.0
• 1306b34 🌱 Bump ossf/scorecard-action from 1.0.3 to 1.0.4
• 33a01f7 🐛 Add custom packaging workflow for Python
• bba55d4 🌱 Parallelize builds
• 1aff6db 🌱 Ignore docker builds
• 674146c Make verbosity levels case insensitive (#1650)
• db1d568 🌱 Remove building ko to speed up builds
• e6f6c56 🌱 Bump github.com/onsi/ginkgo/v2 from 2.0.0 to 2.1.3
• 4ebd8af 🌱 Bump github.com/onsi/ginkgo/v2 from 2.0.0 to 2.1.3 in /tools
• ba503c3 ✨ githubrepo: Allow providing an already authenticated transport (#1644)
• cda7a1b Add tests for graphQL costs (#1643)
• de5224b Update e2e tests (#1641)
• 2b206dc Remove Version field from LogMessage (#1640)
• 3551134 🌱 Parallelize the builds
• e7fd58d ✨ Check for secrets in pull_request_target (#1634)
• e3637c9 🌱 Bump cloud.google.com/go/bigquery from 1.27.0 to 1.28.0
• 1e488a8 Fix for repos which do not squash PR commits (#1637)
• f3332ce Add validation for commit-based APIs (#1635)
• eb0730a 🌱 Bump github.com/goreleaser/goreleaser in /tools (#1632)
• 394789c README.md: Add OpenSSF Best Practices badge (#1629)
• 2e3e505 Simplify DetailLogger interface (#1628)
• 38be00c Reduce query cost by analysing lesser associatedPR (#1624)
• 7de151c ✨ Check for secrets in workflows run on pull requests (#1615)
• 9b921f0 🌱 Bump actions/setup-go from 2.1.5 to 2.2.0 (#1619)
• 61e52d4 update workflow (#1617)
• 368c105 🌱 Bump cloud.google.com/go/pubsub from 1.17.0 to 1.18.0 (#1616)
• 6930c3a Add support for commit-based Scorecard (#1613)
• 1c95237 Only run allowed checks in different modes (#1579)
• eac2aec Add support for commit-based lookup to GitHub APIs (#1612)
• 68bf172 🌱 Unit tests fileparser/listing
• 30fc06e Fixed the formatting issue
• aaf7a9f 🌱 Cache builds between runs
• 049db38 🌱 Unit tests for dependency_update_tool
• 8733080 checks/packaging.go: ignore workflows/<>/ files (#1591)
• 95e7c03 Update the biweekly meeting times (#1603)
• 80cc0dd 🌱 Unit tests checks/ci_tests_test.go
• f84291d 🐛 Fix Dependabot check to accept .yaml file extension (#1601)
• 5e1fd52 🌱 Tweaking codecov config
• 35aad1d 🌱 Unit tests code-review for raw
• 674f747 🌱 Unit tests for vulnerabilities raw package
• 28bf341 📖 recommend nix-shell over nix-env
• 634643e 🌱 Unit test for fileparser/listing
• 88aa0e8 📖 Add make install to Environment Setup
• 4581c36 Remove ListMergedPRs API (#1566)
• 9037444 ✨ Raw data for code review check (#1505)
• 7032b19 Ignore all files under testdata/ (#1594)
• 0670b8b pkg/sarif.go: Add score in message (#1593)
• 009aa85 🌱 Unit tests for Vulnerabilities
• 05cedd7 🌱 Categorize the Makefile
• 79b216c checks/security_policy_test.go: updated unit tests (#1590)
• 24842de 📖 remove inaccurate claim about github rendering emoji
• 86d8281 Do not parse non-dockerfile (#1583)
• 2d0e538 Revert Committer.Name change (#1576)
• e4eb6d2 🌱 Unit tests for security policy
• 9d38be4 🌱 Bump ossf/scorecard-action from 1.0.2 to 1.0.3
• cbbfebb ✨ Mention renovatebot's settings (#1575)
• 3995d31 Refactor some code (#1567)
• fae5ff3 🌱 Unit tests for fileparser
• 58865e9 Only return PRs assicated with recent commits (#1562)
• 53f21cb README: s/Justin/Stephen (#1565)
• 6962fb4 Use committer name if login isn't available (#1558)
• 29b14f8 Fix nil-ptr issue in e2e tests (#1561)
• 70afae8 🌱 Remove dead code
• 4c266d7 🌱 Unit test for dependency_update_tool
• b4eec8e 🌱 Bump github.com/onsi/gomega from 1.18.0 to 1.18.1
• a69e1d9 🌱 Add Dart and Flutter CI systems to CI tests check. (#1548)
• 40a9d48 Link to responsible disclosure guidelines in Security-Policy remediation doc (#1545)
• 17467c1 🌱 Unit tests for binary_artifact (#1512)
• 15a204f 🌱 Bump github.com/goreleaser/goreleaser in /tools
• 074ba5a 🌱 Bump github.com/onsi/ginkgo from 1.16.4 to 1.16.5 in /tools (#1541)
• bd2171b 🌱 Bump github.com/golangci/golangci-lint from 1.42.1 to 1.44.0 in /tools (#1540)
• 10a5c1a 🌱 Bump github.com/goreleaser/goreleaser in /tools
• d2d9ff4 🌱 Bump golang.org/x/tools from 0.1.8 to 0.1.9
• 3d5a08d 🌱 Included dependabot setting for tools
• d50788f Add Slack channel badge (#1536)
• 5f9fff3 ✨ Separate check from policies for the Vulnerabilities check (#1532)
• 7a6eb28 Not considering an issue as having activity if closed recently (#1531)
• 16c0d37 🌱 CODEOWNERS: Add Stephen Augustus (justaugustus) as maintainer (#1530)
• e774015 🌱 Unit tests for Fuzzing
• 41adfe7 ⚠️ log: Initial logr/logrusr implementation (#1516)
• da116d3 🌱 Bump cloud.google.com/go/bigquery from 1.26.0 to 1.27.0
• 19a73a4 🌱 Bump ossf/scorecard-action from 1.0.1 to 1.0.2
• d4d81a0 🌱 Unit tests dependency_update_tool
• b6cba86 🐛 Issue activity only counts if done by a maintainer (#1515)
• 5b98576 🌱 Bump github.com/onsi/gomega from 1.17.0 to 1.18.0
• 4122c79 🌱 Unit tests for binary artifacts
• 8a64075 🌱 Fix the reflect.DeepEqual with google cmp
• 66a91dd 🌱 Unit tests for branch protection raw
• ab16cdb 🌱 Fix Vulns for containerd
• 90a0689 🌱 Unit test for fileparser
• 062e33b 📖 Dependabot config file link (#1498)
• 0d76dea go.mod: Update github.com/google/go-containerregistry to v0.8.0 (#1506)
• 13b78ab ⚠️ Create a dedicated logging package to encapsulate calls to zap (#1502)
• f4e9dfd 🌱 Unit tests for binaryartifacts
• 5777826 🌱 Bump github.com/google/go-cmp from 0.5.6 to 0.5.7
• 026d98e 🌱 Included e2e coverage for codecov
• c3589e8 📖 Updated codecov badge
• 2dcdbcd 🌱 Track code coverage
• 9973bde ✨ Unit tests for dependency update
• 96ea22e Add and use compressed Scorecard logos (#1492)
• fc87431 Add exemption to stale issue workflow (#1486)
• b8e054b 🌱 Bump goreleaser/goreleaser-action from 2.8.0 to 2.8.1
• 4837262 🌱 Bump ossf/scorecard-action from 1.0.0 to 1.0.1
• 5d3f198 ✨ Unit test for SAST (#1482)

Thanks for all contributors!