github ossf/scorecard v4.2.0
on GitHub

latest releases: v5.0.0, v5.0.0-rc2, v5.0.0-rc1...
2 years ago

Changelog

  • 44ad5f5 ⚠️ Removing the error field from result (#1853)
  • 1f3861b Update env variables in cron (#1858)
  • ee1086e 🌱 Bump codecov/codecov-action from 3.0.0 to 3.1.0
  • 64bf903 🌱 Bump actions/checkout from 3.0.1 to 3.0.2
  • 4622952 ✨ Raw results for dangerous workflow (#1849)
  • 72e2486 🌱 Bump contrib.go.opencensus.io/exporter/stackdriver
  • 6ed6c9b 🌱 Publish images with ko
  • f99e1a1 ✨ Schema for BQ table for raw results (#1762)
  • 9532e55 🌱 Bump github.com/rhysd/actionlint from 1.6.11 to 1.6.12
  • 6c59ff9 🌱 Bump actions/checkout from 3.0.0 to 3.0.1
  • ebf0d10 🌱 Bump cloud.google.com/go/bigquery from 1.30.2 to 1.31.0
  • 4d1c531 ✨ Raw results for license (#1790)
  • c0e41f3 Update branches_e2e_test.go (#1838)
  • 410a145 fix (#1837)
  • b00b316 Split NewLogger into two so we can use a custom logrus instance.
  • 9120285 Fix e2e branch (#1835)
  • eedd16d linter
  • 6a48f17 fix
  • 4b2c677 fix
  • 2873c0d e2e for GITHUB_TOKEN
  • a46313c 🌱 Bump cloud.google.com/go/pubsub from 1.19.0 to 1.20.0
  • fb0c0e1 🌱 Bump actions/cache from 3.0.1 to 3.0.2
  • f9c2f9d 🌱 Dependency review action
  • 333618d Security-Policy should not run on --local (#1825)
  • 4df16f3 🌱 Bump codecov/codecov-action from 2.1.0 to 3
  • b6575a2 🌱 Bump github.com/rhysd/actionlint from 1.6.10 to 1.6.11
  • 8bc0fe5 🌱 Bump contrib.go.opencensus.io/exporter/stackdriver
  • a1e908b Support Security-Policy with --local (#1822)
  • 5860896 detect workflow_run as a dangerous trigger
  • 606f28a 🌱 Bump sigs.k8s.io/release-utils from 0.5.0 to 0.6.0
  • 8113336 🌱 e2e for pinned_dependencies for localrepoclient
  • b6b5592 🌱 e2e for dangerous_workflow local repo
  • 761bb4e 🌱 Fixes the golang version
  • b42a175 🌱 Bump gocloud.dev from 0.24.0 to 0.25.0
  • 648b663 🌱 Experimental option for codeql
  • 27dbf9c ✨ Raw results for Signed-Release check (#1789)
  • e8c633a 🌱 e2e tests for security policy localrepo
  • e5f5deb 🌱 e2e tests for local repoclient for permissions
  • ab9769a 🌱 Fix protoc build failures
  • 99ecdea 🌱 Bump actions/cache from 3.0.0 to 3.0.1
  • 7dcb3cb ✨ checks: add GitHub Webhook check (#1675)
  • 93889a8 install missing tool in add-projects job
  • f1268bf cleanup protoc version
  • d10ac0d 🌱 Bump cloud.google.com/go/bigquery from 1.30.1 to 1.30.2
  • 92027ed small cleanup on the workflow jobs and remove the master branch reference (#1800)
  • 389078c 🌱 Bump cloud.google.com/go/bigquery from 1.30.0 to 1.30.1
  • 4956483 🌱 Bump github.com/onsi/gomega from 1.18.1 to 1.19.0
  • c428e31 🌱 Bump distroless/base in /cron/worker
  • 6a078c6 Use GITHUB_TOKEN for downloading protoc (#1797)
  • ce06ac1 🌱 Bump distroless/base in /cron/webhook (#1794)
  • 0644b18 🌱 e2e for local repoclient license check
  • cacc3e4 🌱 e2e tests binary artifacts localrepo
  • 037a3f3 ✨ Raw result for Maintained check (#1780)
  • 682e6ea Explicit permissions for github actions
  • 007156b 🌱 Bump distroless/base in /cron/controller
  • 10d46d5 🌱 Bump distroless/base from 792dfe7 to 764b74b
  • d2e88f2 🌱 Bump github.com/golangci/golangci-lint in /tools
  • 363d1bd Add comment to update action policy file (#1751)
  • 8150ab0 ✨ Make Vuln ID field lower case in raw results (#1761)
  • 2bbbce7 🐛 Discard GitHub token in dangerous workflow check (#1772)
  • 66b3d8c 🌱 Bump github.com/golangci/golangci-lint from 1.44.2 to 1.45.0 in /tools (#1757)
  • 10bd777 🌱 Bump peter-evans/find-comment from 1.3.0 to 2
  • 0a82d2b 🌱 Bump google.golang.org/protobuf from 1.27.1 to 1.28.0
  • aecff0b 🌱 Bump peter-evans/create-or-update-comment from 1.4.5 to 2
  • c671bac 🌱 Bump peter-evans/slash-command-dispatch from 2.3.0 to 3
  • 2863566 🌱 Bump actions/upload-artifact from 2.3.1 to 3
  • a69fda7 🌱 Bump actions/cache from 2.1.7 to 3
  • d51e004 🌱 Bump google.golang.org/protobuf in /tools
  • 06efb4a ✨ Update BQ table name for raw results (#1759)
  • 1094680 🐛 Fix schemas from #1758 (#1760)
  • ee623e5 Add schema for the raw JSON (#1758)
  • 1c61acd Update main.yml
  • 8fd286d Update stale.yml
  • 76d3e10 🌱 Restrict egress on github actions
  • 0c76ae3 🌱 Bump distroless/base in /cron/controller
  • 64893b8 🌱 Bump step-security/harden-runner from 1.4.0 to 1.4.1
  • b1ab16e ✨ Add raw results to cron scans (#1741)
  • d5893c2 🌱 Bump distroless/base from 02f6671 to 792dfe7
  • 9e9e5a9 🌱 Bump distroless/base in /cron/webhook
  • 8f6df49 🌱 Bump github.com/go-logr/logr from 1.2.2 to 1.2.3
  • 23921a6 🌱 Bump distroless/base in /cron/worker
  • a496d8c 🌱 Bump cloud.google.com/go/bigquery from 1.29.0 to 1.30.0
  • a3f4b05 Pass in specific commit-SHA in cron job (#1739)
  • ba78d0a ✨ Unit test for CLI options
  • dc302bd Enable CI-Tests to run as commit-based check
  • c8acf36 🌱 .github: Audit CodeQL egress with harden-runner (#1728)
  • c8af71c 🌱 Bump crazy-max/ghaction-import-gpg from 4.2.0 to 4.3.0
  • 3f73d69 🌱 Bump github.com/rhysd/actionlint from 1.6.9 to 1.6.10
  • 2df9d08 🌱 Bump github.com/goreleaser/goreleaser in /tools
  • 7d17953 Fixed the path of the generated mock files.
  • 1995bc3 🌱 Refactor to make it testable
  • f2a132a 🌱 Bump github.com/spf13/cobra from 1.3.0 to 1.4.0
  • e303a1b 🌱 Ignore mock clients for code coverage
  • 35d3156 🌱 Unit tests for pinned_dependencies
  • c10a6ae Update README.md (#1716)
  • eb25816 🌱 Bump cloud.google.com/go/pubsub from 1.18.0 to 1.19.0
  • e128c3d allow empty committer (#1714)
  • c1761a8 Only download repo tarball when necessary
  • 0268747 🌱 Bump github.com/goreleaser/goreleaser in /tools
  • 4b9f038 🌱 Fix for CVE-2022-23648
  • 241b0f4 Mark License, Security-Policy as commit-based (#1711)
  • 3c92dec 🐛 Add GitHub committer verification (#1695)
  • 57b4664 🌱 Bump cloud.google.com/go/bigquery from 1.28.0 to 1.29.0
  • 4904b31 🌱 additional tests for github_workflow
  • 3070b3c ✨ cmd: Allow new scorecard to be instantiated with options (#1703)
  • d192c8e ✨ Add score to SARIF for all results (#1694)
  • 3818dbe Update CODEOWNERS (#1701)
  • 189cdc5 🌱 Bump actions/stale from 4.1.0 to 5
  • 2381915 🌱 Bump crazy-max/ghaction-import-gpg from 4.1.0 to 4.2.0
  • 13b9cc5 🌱 Bump actions/checkout from 2.4.0 to 3
  • 84cdc8c ✨ cmd: Refactor to make importable (#1696)
  • 738b246 Fix cmd panic (#1692)
  • 8377294 🌱 Bump goreleaser/goreleaser-action from 2.9.0 to 2.9.1
  • dd9ae7d 🌱 Bump actions/setup-go from 2.2.0 to 3
  • 5e5abdc 🌱 Unit tests for github workflow
  • ddb0fe3 ✨ Changed jsonScorecardResultV2 type Public (#1682)
  • 4635570 🌱 Bump goreleaser/goreleaser-action from 2.8.1 to 2.9.0
  • d71866c Update badges to correct package version and reference URLs
  • c664364 📖 Included reference to the GoDoc
  • 7956ff4 ✨ Miscellaneous refactors to ease downstream consumption (#1645)
  • 7610519 📖 Adding missing documentation for Token-Permissions (#1656)
  • 4c82c29 🌱 Bump github.com/rhysd/actionlint from 1.6.8 to 1.6.9
  • 692c682 Refine copy for PR template and add a release-note code fence (#1678)
  • 504f134 Update scorecard-analysis.yml (#1674)
  • faeae41 🌱 Fixes the vulnerability GHSA-qq97-vm5h-rrhg (#1672)
  • 5a1ab20 🌱 Fix containerd vulns
  • d94a87d 🌱 Fix containerd Vulnerability (#1560)
  • 808941a ✨ Token-Permissions, Allow contents: write permission only for jobs that are releasing (#1663)
  • e41f859 Generalize CheckFileContent functions (#1670)
  • 5656c3e 🌱 Ignore cron folder from codecov
  • f616278 Generalize CheckIfFileExists fn (#1668)
  • c03085a Remove duplicated function definitions (#1666)
  • e5b62b5 🌱 Bump mvdan.cc/sh/v3 from 3.4.2 to 3.4.3 (#1665)
  • 5dbc04a 🌱 Avoid duplicate builds

Thanks for all contributors!

Check out latest releases or
releases around ossf/scorecard v4.2.0

Don't miss a new scorecard release

NewReleases is sending notifications on new releases.

Get notifications