Scorecard - v4.1.0
Changelog
- 33f80c9 Fix golangci-lint issues
- 53bae3e feat: upgrade to ko v0.10.0
- 1306b34 :seedling: Bump ossf/scorecard-action from 1.0.3 to 1.0.4
- 33a01f7 :bug: Add custom packaging workflow for Python
- bba55d4 :seedling: Parallelize builds
- 1aff6db :seedling: Ignore docker builds
- 674146c Make verbosity levels case insensitive (#1650)
- db1d568 :seedling: Remove building ko to speed up builds
- e6f6c56 :seedling: Bump github.com/onsi/ginkgo/v2 from 2.0.0 to 2.1.3
- 4ebd8af :seedling: Bump github.com/onsi/ginkgo/v2 from 2.0.0 to 2.1.3 in /tools
- ba503c3 :sparkles: githubrepo: Allow providing an already authenticated transport (#1644)
- cda7a1b Add tests for graphQL costs (#1643)
- de5224b Update e2e tests (#1641)
- 2b206dc Remove
Version
field from LogMessage (#1640) - 3551134 :seedling: Parallelize the builds
- e7fd58d ✨ Check for secrets in pull_request_target (#1634)
- e3637c9 :seedling: Bump cloud.google.com/go/bigquery from 1.27.0 to 1.28.0
- 1e488a8 Fix for repos which do not squash PR commits (#1637)
- f3332ce Add validation for commit-based APIs (#1635)
- eb0730a :seedling: Bump github.com/goreleaser/goreleaser in /tools (#1632)
- 394789c README.md: Add OpenSSF Best Practices badge (#1629)
- 2e3e505 Simplify DetailLogger interface (#1628)
- 38be00c Reduce query cost by analysing lesser associatedPR (#1624)
- 7de151c ✨ Check for secrets in workflows run on pull requests (#1615)
- 9b921f0 :seedling: Bump actions/setup-go from 2.1.5 to 2.2.0 (#1619)
- 61e52d4 update workflow (#1617)
- 368c105 :seedling: Bump cloud.google.com/go/pubsub from 1.17.0 to 1.18.0 (#1616)
- 6930c3a Add support for commit-based Scorecard (#1613)
- 1c95237 Only run allowed checks in different modes (#1579)
- eac2aec Add support for commit-based lookup to GitHub APIs (#1612)
- 68bf172 :seedling: Unit tests fileparser/listing
- 30fc06e Fixed the formatting issue
- aaf7a9f :seedling: Cache builds between runs
- 049db38 :seedling: Unit tests for dependency_update_tool
- 8733080 checks/packaging.go: ignore workflows/<>/ files (#1591)
- 95e7c03 Update the biweekly meeting times (#1603)
- 80cc0dd :seedling: Unit tests checks/ci_tests_test.go
- f84291d :bug: Fix Dependabot check to accept .yaml file extension (#1601)
- 5e1fd52 :seedling: Tweaking codecov config
- 35aad1d :seedling: Unit tests code-review for raw
- 674f747 :seedling: Unit tests for vulnerabilities raw package
- 28bf341 :book: recommend
nix-shell
overnix-env
- 634643e :seedling: Unit test for fileparser/listing
- 88aa0e8 :book: Add make install to Environment Setup
- 4581c36 Remove ListMergedPRs API (#1566)
- 9037444 ✨ Raw data for code review check (#1505)
- 7032b19 Ignore all files under testdata/ (#1594)
- 0670b8b pkg/sarif.go: Add score in message (#1593)
- 009aa85 :seedling: Unit tests for Vulnerabilities
- 05cedd7 :seedling: Categorize the Makefile
- 79b216c checks/security_policy_test.go: updated unit tests (#1590)
- 24842de :book: remove inaccurate claim about github rendering emoji
- 86d8281 Do not parse non-dockerfile (#1583)
- 2d0e538 Revert
Committer.Name
change (#1576) - e4eb6d2 :seedling: Unit tests for security policy
- 9d38be4 :seedling: Bump ossf/scorecard-action from 1.0.2 to 1.0.3
- cbbfebb ✨ Mention renovatebot's settings (#1575)
- 3995d31 Refactor some code (#1567)
- fae5ff3 :seedling: Unit tests for fileparser
- 58865e9 Only return PRs assicated with recent commits (#1562)
- 53f21cb README: s/Justin/Stephen (#1565)
- 6962fb4 Use committer name if login isn't available (#1558)
- 29b14f8 Fix nil-ptr issue in e2e tests (#1561)
- 70afae8 :seedling: Remove dead code
- 4c266d7 :seedling: Unit test for dependency_update_tool
- b4eec8e :seedling: Bump github.com/onsi/gomega from 1.18.0 to 1.18.1
- a69e1d9 🌱 Add Dart and Flutter CI systems to CI tests check. (#1548)
- 40a9d48 Link to responsible disclosure guidelines in Security-Policy remediation doc (#1545)
- 17467c1 :seedling: Unit tests for binary_artifact (#1512)
- 15a204f :seedling: Bump github.com/goreleaser/goreleaser in /tools
- 074ba5a :seedling: Bump github.com/onsi/ginkgo from 1.16.4 to 1.16.5 in /tools (#1541)
- bd2171b :seedling: Bump github.com/golangci/golangci-lint from 1.42.1 to 1.44.0 in /tools (#1540)
- 10a5c1a :seedling: Bump github.com/goreleaser/goreleaser in /tools
- d2d9ff4 :seedling: Bump golang.org/x/tools from 0.1.8 to 0.1.9
- 3d5a08d :seedling: Included dependabot setting for tools
- d50788f Add Slack channel badge (#1536)
- 5f9fff3 ✨ Separate check from policies for the Vulnerabilities check (#1532)
- 7a6eb28 Not considering an issue as having activity if closed recently (#1531)
- 16c0d37 :seedling: CODEOWNERS: Add Stephen Augustus (justaugustus) as maintainer (#1530)
- e774015 :seedling: Unit tests for Fuzzing
- 41adfe7 ⚠️ log: Initial
logr
/logrusr
implementation (#1516) - da116d3 :seedling: Bump cloud.google.com/go/bigquery from 1.26.0 to 1.27.0
- 19a73a4 :seedling: Bump ossf/scorecard-action from 1.0.1 to 1.0.2
- d4d81a0 :seedling: Unit tests dependency_update_tool
- b6cba86 🐛 Issue activity only counts if done by a maintainer (#1515)
- 5b98576 :seedling: Bump github.com/onsi/gomega from 1.17.0 to 1.18.0
- 4122c79 :seedling: Unit tests for binary artifacts
- 8a64075 :seedling: Fix the reflect.DeepEqual with google cmp
- 66a91dd :seedling: Unit tests for branch protection raw
- ab16cdb :seedling: Fix Vulns for containerd
- 90a0689 :seedling: Unit test for fileparser
- 062e33b :book: Dependabot config file link (#1498)
- 0d76dea go.mod: Update github.com/google/go-containerregistry to v0.8.0 (#1506)
- 13b78ab :warning: Create a dedicated logging package to encapsulate calls to
zap
(#1502) - f4e9dfd :seedling: Unit tests for binaryartifacts
- 5777826 :seedling: Bump github.com/google/go-cmp from 0.5.6 to 0.5.7
- 026d98e :seedling: Included e2e coverage for codecov
- c3589e8 :book: Updated codecov badge
- 2dcdbcd :seedling: Track code coverage
- 9973bde :sparkles: Unit tests for dependency update
- 96ea22e Add and use compressed Scorecard logos (#1492)
- fc87431 Add exemption to stale issue workflow (#1486)
- b8e054b :seedling: Bump goreleaser/goreleaser-action from 2.8.0 to 2.8.1
- 4837262 :seedling: Bump ossf/scorecard-action from 1.0.0 to 1.0.1
- 5d3f198 :sparkles: Unit test for SAST (#1482)
Thanks for all contributors!
Details
date
Feb. 22, 2022, 1:20 a.m.
name
v4.1.0
type
Minor
official page
👇
Register or login to:
- 🔍View and search all Scorecard releases.
- 🛠️Create and share lists to track your tools.
- 🚨Setup notifications for major, security, feature or patch updates.
- 🚀Much more coming soon!