Scorecard - v4.0.0


Description

This release of Scorecard provides bug fixes, enhancements and new features and many other changes. The project remains available via a docker image.

Release Notes

New code features and enhancements

  • A new Scorecard GitHub Action
  • New checks: License and Dangerous-Workflow
  • Improved scoring system for complex checks like Branch-Protection, Token-Permissions
  • Improved Fuzzing check to support ClusterFuzzLite
  • Added support for new SAST tools like LGTM and SonarCloud in SAST check
  • Support for local code repository (using --local option)
  • Improved parsing of GitHub workflows
  • Improved test coverage
  • Scaled weekly cron job repos to analyze ~1M projects

Scaling

LTS

Contributors

Huge thanks to all community contributors

@laurentsimon, @naveensrinivasan, @chrismcgehee, @azeemshaikh38, @asraa, @olivekl, @evverx, @developer-guy, @oliverchang, @varunsh-coder, @david-a-wheeler, @imjasonh, @nanikjava, @JamieMagee, @lehors, @r0mdau, @cpanato, @dota17, @Juneezee,

New Contributors

  • @varunsh-coder made their first contribution in https://github.com/ossf/scorecard/pull/1326
  • @dota17 made their first contribution in https://github.com/ossf/scorecard/pull/1341
  • @lehors made their first contribution in https://github.com/ossf/scorecard/pull/1312
  • @JamieMagee made their first contribution in https://github.com/ossf/scorecard/pull/1378
  • @imjasonh made their first contribution in https://github.com/ossf/scorecard/pull/1392

Mailing lists

Full Changelog: https://github.com/ossf/scorecard/compare/v3.0.0...v4.0.0


Details

date
Jan. 13, 2022, 7:50 p.m.
name
v4.0.0
type
Major
👇
Register or login to:
  • 🔍View and search all Scorecard releases.
  • 🛠️Create and share lists to track your tools.
  • 🚨Setup notifications for major, security, feature or patch updates.
  • 🚀Much more coming soon!
Continue with GitHub
Continue with Google
or