Changelog
- 7cd6406 Reduce build target radius (#2293)
- a7a503a 🌱 cron: pass config as an argument to binaries (4/n) (#2279)
- 97df43b 🌱 Reduce the number of PR's opened by dependabot (#2297)
- 88e5ff7 Improve API limiting and cache (#2294)
- f017e2e Fix typo which was causing index out of range panics (#2284)
- 08c2ee5 Modify tool installation (#2288)
- 0f87094 ✨ Gitlab support (#2265)
- a6983ed Fix failing linters (#2281)
- 7c24934 🌱 Fix cosign vulnerability (#2283)
- a298132 🌱 Bump actions/dependency-review-action from 2.1.0 to 2.2.0 (#2282)
- 9a9a1cb 🐛 Add fix for issue2277 (#2278)
- d75dea8 🌱 Feature: Group commits into changesets (#2260)
- 3629fd8 🌱 Bump github/codeql-action from 2.1.22 to 2.1.24
- 9f67c4e 🌱 Invite @spencerschrock as maintainer (#2269)
- 482a59e 🌱 Tests: Fix data race failures (#2262)
- 2231d1f 🌱 cron: make CSV header optional (3/n) (#2261)
- bde0ae1 🌱 cron: generalize config and create optional values for scorecard and criticality (2/n) (#2254)
- 9e269b8 🌱 Feature: Add scorecard attestation policy module (#2240)
- d6bef98 Wrap check errors with distinct error for scorecard-action to ignore. (#2250)
- 856d2dd 🌱 Bump sigstore/cosign-installer from 2.5.1 to 2.6.0 (#2253)
- d76ff0d ✨ setup-python not required by pypa/gh-action-pypi-publish (#2206)
- 11657e4 📖 Remove trailing whitespace (#2241)
- da785a2 Rename CII->OpenSSF Best Practices badge (#2239)
- c665f27 🌱 cron: allow controller to read CSVs from cloud storage (1/n) (#2235)
- 7c66ae8 🌱 Bump imjasonh/setup-ko from 0.5 to 0.6 (#2231)
- ec15af5 🌱 Bump github/codeql-action from 2.1.21 to 2.1.22 (#2227)
- dac68a4 🌱 Bump github.com/onsi/gomega from 1.20.1 to 1.20.2 (#2225)
- bc5a1d6 Enable SAST check in cron by default (#2223)
- f345807 Detect pyup as an automated dependency update tool (#2226)
- d13ba3f 📖 Update instructions and other fixes in README (#2212)
- 7a2c403 🌱 Bump github.com/onsi/ginkgo/v2 from 2.1.4 to 2.1.6 (#2220)
- 3337b6c 🌱 Bump github.com/onsi/ginkgo/v2 from 2.1.4 to 2.1.6 in /tools (#2221)
- 758cc39 Add k8s README (#2219)
- 5ac9f39 🌱 Fix for empty repository (#2207)
- 33ab335 🌱 Bump github.com/onsi/gomega from 1.20.0 to 1.20.1
- 621449f ✨ Add CODEOWNERS branch protection check (#2057)
- 6fc08e7 Allow contents: write for Token-Permissions when doing mvn release (#2202)
- a8e9050 ✨ Optimize SAST check (#2191)
- 11ff78e Deduplicate projects by excluding URL fragments (#2201)
- b40efd2 🌱 Bump cloud.google.com/go/bigquery from 1.38.0 to 1.39.0
- 9460030 Make the Scalable Scorecards document public. (#2199)
- fb630a8 🌱 Bump github/codeql-action from 2.1.20 to 2.1.21 (#2200)
- 64daafb 🌱 Bump cloud.google.com/go/pubsub from 1.24.0 to 1.25.1 (#2197)
- 32d6ba2 🌱 Bump actions/setup-go from 3.2.1 to 3.3.0 (#2194)
- 8b3793a 🌱 Bump github/codeql-action from 2.1.19 to 2.1.20 (#2187)
- 86aa297 🌱 Bump github.com/caarlos0/env/v6 from 6.9.3 to 6.10.0 (#2188)
- e2813b8 🌱 Bump actions/cache from 3.0.7 to 3.0.8 (#2184)
- a4d2c01 🌱 Bump distroless/base from
49d2923
to533c15e
(#2185) - af2ee3d 🌱 Bump github/codeql-action from 1.0.0 to 2.1.19 (#2178)
- 77fa781 Check for security polices in RST format at toplevel and .github as well. (#2180)
- 2920b32 ✨ Improved license check (#2179)
- 25fd14d 🌱 Bump actions/dependency-review-action from 2.0.4 to 2.1.0 (#2176)
- 4a15760 Don't error on workflow parse failure in Binary-Artifacts (#2170)