What's Changed
Check improvements
- ✨ Removed job-level permissions check for actions and packages by @eddie-knight in #2367
- ✨ Add Sonatype Lift as a dependency update tool, doc upgrade by @theresa-m in #2328
- ⚠️ OSV scanner integration by @another-rex in #2509
Cron improvements
- 🌱 Add soft mem limit to controller k8s spec by @spencerschrock in #2362
- 🌱 cron: generalize and expose worker (6/n) by @spencerschrock in #2317
- 🐛 Fix typo which prevented cron metadata from going to BigQuery dataset by @spencerschrock in #2370
- 🌱 [cron] generalize some of the transfer logic so it is easy to build new transfer agents by @calebbrown in #2454
CLI
- ✨ Commit depth feature by @latortuga71 in #2407
Documentation
- 📖 Use scorecard (singular) consistently by @lehors in #2428
- 📖 Use new project name in Copyright notices by @lehors in #2505
- 📖 Fix copyright notices by @lehors in #2514
- 📖 Mention 2FA relevance although not checked by Scorecard by @joycebrum in #2528
- 📖 Clarify CII-Best-Practices score for each badge by @hugovk in #2313
BinAuthZ support (WIP)
- ✨ CLI for scorecard-attestor by @raghavkaul in #2309
- 🌱 Add Pinned-Dependency, Vulnerability, and Code-Review checks to attestor by @raghavkaul in
- 🌱 attestor: Dockerize + small improvements for Cloud Build usage by @raghavkaul in #2456
- 🌱 attestor: e2e tests by @raghavkaul in #2529
GitLab support (WIP)
New Contributors
- @theresa-m made their first contribution in #2328
- @dvbnrg made their first contribution in #2366
- @hugovk made their first contribution in #2313
- @gabibguti made their first contribution in #2384
- @shissam made their first contribution in #2195
- @favonia made their first contribution in #2447
- @latortuga71 made their first contribution in #2407
- @balhar-jakub made their first contribution in #2488
- @another-rex made their first contribution in #2509
Full Changelog: v4.8.0...v4.10.0