github ossf/scorecard v5.5.0

8 hours ago

What's Changed

General

  • The official Scorecard docker images are hosted on GitHub Container Registry starting with v5.5.0.
    Older releases will be brought over from Google Container/Artifact Registry, before being discontinued.(@spencerschrock in #4885)
  • Scorecard will now skip checks that don't apply to the current repo type by @JamieMagee in #5000.
    If any checks no longer run that previously ran, and you think are supported by the underlying forge please file an issue.

Checks

Branch-Protection

  • 🌱 Use rulesets if one exists when classic branch protection rule is inaccessible by @trask in #4853

CII-Best-Practices

  • ✨ Support custom CII_Best_Practices_URL via environment variable. by @kash2104 in #4882

Dangerous-Workflow

  • 🐛 detect toJSON(github.event) in Dangerous-Workflow check by @heathdutton in #4898

Contributors

  • 🐛 Skip CODEOWNERS file in contributors check if there is a parsing error by @juanis2112 in #4851

Dependency-Update-Tool

Fuzzing

Docs

Other

New Contributors

Full Changelog: v5.4.0...v5.5.0

Don't miss a new scorecard release

NewReleases is sending notifications on new releases.