ossf/scorecard v5.4.0
on GitHub

10 hours ago

What's Changed

General

✨ Added CLI flags to scan multiple repositories --repos, or an entire GitHub organization --org (#4793, @gabrielsoltz)

Checks

Branch-Protection

🐛 Fix branch-protection scoring so GitHub rulesets without include patterns are honored, eliminating false warnings for branches covered by those rulesets. (#4835, @trask)

Codeowners

🐛 add a codeowner expansion limit to prevent api exhaustion by @spencerschrock in #4817

Pinned-Dependencies

🐛 add check for empty github workflow uses by @spencerschrock in #4832

Vulnerabilities

🐛 Updated osv-scanner to v2.2.4 for Vulnerabilities detection. (#4833, @spencerschrock)

Docs

📖 fix dependencies typo by @martincostello in #4809

Other

🌱 MAINTAINERS: Add Adam Korczynski (AdamKorcz), ADA Logics by @justaugustus in #4808
🌱 cron add repositories: key Qwen, Meta-Llama, and OSS GPT repositories by @mkdolan in #4811
🌱 cron: repair GitHub project list with excess path components by @spencerschrock in #4819
🌱 Added additional AI project repos. by @mkdolan in #4838

New Contributors

@mkdolan made their first contribution in #4811
@gabrielsoltz made their first contribution in #4793

Full Changelog: v5.3.0...v5.4.0

Check out latest releases or
releases around ossf/scorecard v5.4.0

Don't miss a new scorecard release

NewReleases is sending notifications on new releases.

Get notifications