What's Changed
General
- ✨ Scorecard can now generate its output as an in-toto statement by specifying --format=intoto (#4491, @puerco)
- ✨ Improved the performance of
--file-mode git(#4563, @spencerschrock) - 🐛 Ensure artifactLocation in sarif output are escaped by @xhochy in #4619
- ✨ Scorecard now supports configuration files ending in either
.ymlor.yaml(#4568, @ratancs) - 🌱 Go 1.23.0 is now required to build Scorecard or use it as a library. (#4547, @spencerschrock)
Checks
CI-Tests
- 🐛 Fixed detection for Cirrus CI (#4564, @spencerschrock)
Contributors
- ✨ Users listed in CODEOWNERS file in GitHub repos now contribute to Contributors check (#4611, @lharrison13)
SAST
- 🐛 SAST: Fixed an issue with Sonar Cloud not being detected due to a renamed GitHub app. (#4541, @spencerschrock)
Probes
- ✨ Added independent probe that checks for ecosystem specific non-memory safety practices in the codebase and flags them. (#4499, @balteravishay)
Documentation
- 📖 Fix grammar in maintained check messages. (#4618, @martincostello)
- 📖 Fix GitHub Actions badges in README.md by @PeterDaveHello in #4592
- 📖 MAINTAINERS: Reflect active project contributors and affiliations by @justaugustus in #4521
New Contributors
- @puerco made their first contribution in #4491
- @ratancs made their first contribution in #4568
- @PeterDaveHello made their first contribution in #4592
- @rscohn2 made their first contribution in #4596
- @llindsaya made their first contribution in #4605
- @xhochy made their first contribution in #4619
- @ryjones made their first contribution in #4628
Full Changelog: v5.1.1...v5.2.0