github ossf/scorecard v4.10.4

latest releases: v5.0.0, v5.0.0-rc2, v5.0.0-rc1...
20 months ago

Changelog

  • 9831629 Increase recordings, switch API, and lower tolerance (#2760)
  • 8966abd Initial implementation of go-git client (#2720)
  • 603263c 🐛 Fix typo in CITests runtime errors causing duplicate Code-Review checks. (#2756)
  • c20ed9e 🌱 Update .github/workflows/goreleaser.yaml (#2755)
  • 0b45c90 🌱 Bump step-security/harden-runner from 2.2.0 to 2.2.1 (#2753)
  • 23bd295 🌱 Bump github/codeql-action from 2.2.4 to 2.2.6 (#2741)
  • fc026ef 🌱 Bump github.com/google/ko from 0.12.0 to 0.13.0 in /tools (#2742)
  • 2e04214 🌱 Bump tj-actions/changed-files from 35.6.2 to 35.7.0
  • e36b590 🌱 Bump actions/cache from 3.3.0 to 3.3.1 (#2740)
  • 6ff94eb 🐛 Handle editable pip installs (#2731)
  • 110e352 ✨ Gitlab support: RepoClient (#2655)
  • 5625dda 🌱 Bump github.com/onsi/ginkgo/v2 from 2.8.3 to 2.9.0 in /tools
  • d591e38 🌱 Add RepoClient re-use E2E tests. (#2625)
  • a7e81bb 🌱 Bump actions/cache from 3.2.6 to 3.3.0 (#2738)
  • b5254fe 🌱 Bump tj-actions/changed-files from 35.6.1 to 35.6.2 (#2736)
  • 2e6347f 🌱 Bump github.com/moby/buildkit from 0.10.3 to 0.11.4 (#2735)
  • 170af75 🐛 Updates osv-scanner dependency to 1.2.0. (#2704)
  • 5f13a66 Atomically load from accessState to avoid data race. (#2732)
  • 0c090b3 🌱 Updated the coverage for tests (#2728)
  • 0169c37 🌱 Setup cron for running as GitHub App (#2721)
  • d708c6c 🌱 Bump tj-actions/changed-files from 35.5.4 to 35.6.1
  • fb12a39 🌱 Bump github.com/google/ko in /tools
  • 0bed3da 🌱 Bump github.com/jszwec/csvutil from 1.7.1 to 1.8.0 (#2698)
  • 61866a0 🐛 Check OSS Fuzz build file for Fuzzing check (#2719)
  • c06ac74 🌱 Removed failing tests (#2718)
  • b8bc65f Add projects to cronjob (#2716)
  • def5ead 📖 update bigquery docs in README (#2714)
  • 36faeac Consider 'src/test' test directories (#2706)
  • 846fb19 Refactor githubrepo CheckRun logic (#2710)
  • 82a122b 🌱 Bump sigstore/cosign-installer from 2.8.1 to 3.0.1
  • c4bd0c5 ⚠️ Update date formats and fields to RFC3339 (#2712)
  • 8add330 📖 Fix links. (#2703)
  • 35a7dd5 🌱 Bump kubernetes-sigs/kubebuilder-release-tools
  • c7e362d 🌱 Bump step-security/harden-runner from 2.1.0 to 2.2.0
  • be8a437 🌱 Bump github.com/onsi/ginkgo/v2 from 2.8.1 to 2.8.3 in /tools (#2694)
  • 034add1 🌱 Bump k8s.io/client-go from 0.18.8 to 0.20.0
  • feb267a 🌱 Bump golang.org/x/net from 0.6.0 to 0.7.0 in /tools
  • 78069d8 Consider ko-build/setup-ko as a packaging workflow (#2692)
  • db6a26e 🌱 Bump actions/cache from 3.2.3 to 3.2.6
  • 24b779f 🌱 Bump mvdan.cc/sh/v3 from 3.5.1 to 3.6.0 (#2615)
  • 48813a3 🌱 Bump golang.org/x/net from 0.5.0 to 0.7.0 (#2680)
  • d334409 Add Azure Devops as valid CI system (#2662)
  • 047c014 🌱 Bump github/codeql-action from 2.2.3 to 2.2.4 (#2676)
  • 5e6a521 🌱 Update deps for fixing GHSA-r48q-9g5r-8q2h (#2675)
  • adb1ce3 🌱 add new github.com/intel repos (#2673)
  • 603cd92 🌱 Bump github.com/onsi/ginkgo/v2 from 2.7.0 to 2.8.1 in /tools (#2660)
  • 559b71b Invite @raghavkaul as maintainer (#2663)
  • 353e2c6 🌱 Bump tj-actions/changed-files from 35.5.0 to 35.5.4 (#2674)
  • c9f582b Limit integration tests to ones that work with the GITHUB_TOKEN. (#2672)
  • 7876a13 🌱 Temporarily skip OSS-Fuzz e2e test. (#2671)
  • 93900ac 🌱 Bump github/codeql-action from 2.2.0 to 2.2.3 (#2649)
  • 8115756 🌱 Bump peter-evans/find-comment from 2.1.0 to 2.2.1 (#2641)
  • ee8dd5d Image build pipeline (#2613)
  • d331f8e Fix typo (add s to ') (#2638)
  • ac008ec 🌱 Bump tj-actions/changed-files from 35.4.4 to 35.5.0 (#2635)
  • 0f33c37 📖 Update docs on how to run and debug locally (#2587)
  • 2ea140a ✨ Structured results for permissions (#2584)
  • 4ebe521 🌱 Bump github/codeql-action from 2.1.39 to 2.2.0 (#2618)
  • 1c6ab16 🌱 Bump github.com/go-git/go-git/v5 from 5.4.2 to 5.5.2 (#2600)
  • e6a900d Handle Docker URLs for GitHub actions workflows (#2594)
  • 3f372e9 🌱 Bump tj-actions/changed-files from 35.4.1 to 35.4.4
  • 99398db 🌱 Bump github/codeql-action from 2.1.38 to 2.1.39 (#2607)
  • 9385905 Revert "perf.: run integration tests only on approved PRs (#2609)" (#2612)
  • f25d010 🌱 Bump github.com/google/addlicense in /tools (#2608)
  • a29182d perf.: run integration tests only on approved PRs (#2609)
  • 6112c07 🌱 Bump goreleaser/goreleaser-action from 3.2.0 to 4.1.0 (#2539)
  • f1ca6d7 🌱 Bump actions/cache from 3.0.11 to 3.2.3 (#2599)
  • 9c49fbf 🌱 Bump step-security/harden-runner from 2.0.0 to 2.1.0 (#2604)
  • 1b5bdb4 🌱 Bump actions/upload-artifact from 3.1.1 to 3.1.2 (#2601)
  • 67daacc 🌱 Bump tj-actions/changed-files from 35.2.0 to 35.4.1 (#2598)
  • fc299e3 🌱 Bump actions/dependency-review-action from 3.0.2 to 3.0.3 (#2585)
  • 2704fc5 🌱 Bump github.com/xanzy/go-gitlab from 0.77.0 to 0.78.0 (#2591)
  • 4a9c774 🌱 Bump github/codeql-action from 2.1.36 to 2.1.38 (#2597)
  • 811bf75 Add correct contact to CODE_OF_CONDUCT.md (#2508)
  • 47be523 🐛 Retain tag when remediating unpinned docker images. (#2595)
  • b30bc79 🌱 Bump golang.org/x/tools from 0.4.0 to 0.5.0 (#2592)
  • 3e4dca5 🌱 Bump github.com/goreleaser/goreleaser in /tools (#2586)
  • 75adffe 🌱 Bump github.com/onsi/gomega from 1.24.1 to 1.24.2 (#2562)
  • 63ffde8 🌱 Bump github.com/onsi/ginkgo/v2 from 2.5.1 to 2.7.0 (#2590)
  • bf516e1 🐛 Use leveled scoring for Code Review check (#2542)
  • ed9576c Update name of Branch Protection Rule (#2589)
  • 6ded57e 🌱 Bump github.com/onsi/ginkgo/v2 from 2.5.1 to 2.7.0 in /tools (#2588)
  • 78d0903 🌱 Bump github.com/goreleaser/goreleaser in /tools (#2573)
  • be695d1 🐛 Add wasm files as binary artifacts (#2548)
  • a2bc29a 🌱 Bump actions/checkout from 3.2.0 to 3.3.0 (#2583)
  • 1d15e9c classic personal access tokens required (#2565)
  • 7c0edac 🌱 Bump nick-invision/retry from 2.8.2 to 2.8.3 (#2576)
  • 6ff06a3 🌱 Bump actions/setup-go from 3.3.1 to 3.5.0 (#2575)
  • 72d4e98 🌱 Bump tj-actions/changed-files from 35.1.0 to 35.2.0 (#2574)
  • cf3a43f 🌱 Bump ossf/scorecard-action from 2.1.1 to 2.1.2 (#2570)
  • 4d5cbb4 🐛 Fix Renovate bot typo (#2569)
  • 90cdd98 Disable scorecard on PRs (#2571)
  • 6bf19d5 🌱 Switch from paths-ignore to changed-files action to skip required checks. (#2566)
  • c6d7680 🌱 Bump github.com/xanzy/go-gitlab from 0.76.0 to 0.77.0 (#2563)
  • 7e64b36 🌱 Bump golang.org/x/tools from 0.3.0 to 0.4.0 (#2525)

Thanks for all contributors!

Don't miss a new scorecard release

NewReleases is sending notifications on new releases.