Scorecard - v4.1.0

Changelog

  • 33f80c9 Fix golangci-lint issues
  • 53bae3e feat: upgrade to ko v0.10.0
  • 1306b34 :seedling: Bump ossf/scorecard-action from 1.0.3 to 1.0.4
  • 33a01f7 :bug: Add custom packaging workflow for Python
  • bba55d4 :seedling: Parallelize builds
  • 1aff6db :seedling: Ignore docker builds
  • 674146c Make verbosity levels case insensitive (#1650)
  • db1d568 :seedling: Remove building ko to speed up builds
  • e6f6c56 :seedling: Bump github.com/onsi/ginkgo/v2 from 2.0.0 to 2.1.3
  • 4ebd8af :seedling: Bump github.com/onsi/ginkgo/v2 from 2.0.0 to 2.1.3 in /tools
  • ba503c3 :sparkles: githubrepo: Allow providing an already authenticated transport (#1644)
  • cda7a1b Add tests for graphQL costs (#1643)
  • de5224b Update e2e tests (#1641)
  • 2b206dc Remove Version field from LogMessage (#1640)
  • 3551134 :seedling: Parallelize the builds
  • e7fd58d ✨ Check for secrets in pull_request_target (#1634)
  • e3637c9 :seedling: Bump cloud.google.com/go/bigquery from 1.27.0 to 1.28.0
  • 1e488a8 Fix for repos which do not squash PR commits (#1637)
  • f3332ce Add validation for commit-based APIs (#1635)
  • eb0730a :seedling: Bump github.com/goreleaser/goreleaser in /tools (#1632)
  • 394789c README.md: Add OpenSSF Best Practices badge (#1629)
  • 2e3e505 Simplify DetailLogger interface (#1628)
  • 38be00c Reduce query cost by analysing lesser associatedPR (#1624)
  • 7de151c ✨ Check for secrets in workflows run on pull requests (#1615)
  • 9b921f0 :seedling: Bump actions/setup-go from 2.1.5 to 2.2.0 (#1619)
  • 61e52d4 update workflow (#1617)
  • 368c105 :seedling: Bump cloud.google.com/go/pubsub from 1.17.0 to 1.18.0 (#1616)
  • 6930c3a Add support for commit-based Scorecard (#1613)
  • 1c95237 Only run allowed checks in different modes (#1579)
  • eac2aec Add support for commit-based lookup to GitHub APIs (#1612)
  • 68bf172 :seedling: Unit tests fileparser/listing
  • 30fc06e Fixed the formatting issue
  • aaf7a9f :seedling: Cache builds between runs
  • 049db38 :seedling: Unit tests for dependency_update_tool
  • 8733080 checks/packaging.go: ignore workflows/<>/ files (#1591)
  • 95e7c03 Update the biweekly meeting times (#1603)
  • 80cc0dd :seedling: Unit tests checks/ci_tests_test.go
  • f84291d :bug: Fix Dependabot check to accept .yaml file extension (#1601)
  • 5e1fd52 :seedling: Tweaking codecov config
  • 35aad1d :seedling: Unit tests code-review for raw
  • 674f747 :seedling: Unit tests for vulnerabilities raw package
  • 28bf341 :book: recommend nix-shell over nix-env
  • 634643e :seedling: Unit test for fileparser/listing
  • 88aa0e8 :book: Add make install to Environment Setup
  • 4581c36 Remove ListMergedPRs API (#1566)
  • 9037444 ✨ Raw data for code review check (#1505)
  • 7032b19 Ignore all files under testdata/ (#1594)
  • 0670b8b pkg/sarif.go: Add score in message (#1593)
  • 009aa85 :seedling: Unit tests for Vulnerabilities
  • 05cedd7 :seedling: Categorize the Makefile
  • 79b216c checks/security_policy_test.go: updated unit tests (#1590)
  • 24842de :book: remove inaccurate claim about github rendering emoji
  • 86d8281 Do not parse non-dockerfile (#1583)
  • 2d0e538 Revert Committer.Name change (#1576)
  • e4eb6d2 :seedling: Unit tests for security policy
  • 9d38be4 :seedling: Bump ossf/scorecard-action from 1.0.2 to 1.0.3
  • cbbfebb ✨ Mention renovatebot's settings (#1575)
  • 3995d31 Refactor some code (#1567)
  • fae5ff3 :seedling: Unit tests for fileparser
  • 58865e9 Only return PRs assicated with recent commits (#1562)
  • 53f21cb README: s/Justin/Stephen (#1565)
  • 6962fb4 Use committer name if login isn't available (#1558)
  • 29b14f8 Fix nil-ptr issue in e2e tests (#1561)
  • 70afae8 :seedling: Remove dead code
  • 4c266d7 :seedling: Unit test for dependency_update_tool
  • b4eec8e :seedling: Bump github.com/onsi/gomega from 1.18.0 to 1.18.1
  • a69e1d9 🌱 Add Dart and Flutter CI systems to CI tests check. (#1548)
  • 40a9d48 Link to responsible disclosure guidelines in Security-Policy remediation doc (#1545)
  • 17467c1 :seedling: Unit tests for binary_artifact (#1512)
  • 15a204f :seedling: Bump github.com/goreleaser/goreleaser in /tools
  • 074ba5a :seedling: Bump github.com/onsi/ginkgo from 1.16.4 to 1.16.5 in /tools (#1541)
  • bd2171b :seedling: Bump github.com/golangci/golangci-lint from 1.42.1 to 1.44.0 in /tools (#1540)
  • 10a5c1a :seedling: Bump github.com/goreleaser/goreleaser in /tools
  • d2d9ff4 :seedling: Bump golang.org/x/tools from 0.1.8 to 0.1.9
  • 3d5a08d :seedling: Included dependabot setting for tools
  • d50788f Add Slack channel badge (#1536)
  • 5f9fff3 ✨ Separate check from policies for the Vulnerabilities check (#1532)
  • 7a6eb28 Not considering an issue as having activity if closed recently (#1531)
  • 16c0d37 :seedling: CODEOWNERS: Add Stephen Augustus (justaugustus) as maintainer (#1530)
  • e774015 :seedling: Unit tests for Fuzzing
  • 41adfe7 ⚠️ log: Initial logr/logrusr implementation (#1516)
  • da116d3 :seedling: Bump cloud.google.com/go/bigquery from 1.26.0 to 1.27.0
  • 19a73a4 :seedling: Bump ossf/scorecard-action from 1.0.1 to 1.0.2
  • d4d81a0 :seedling: Unit tests dependency_update_tool
  • b6cba86 🐛 Issue activity only counts if done by a maintainer (#1515)
  • 5b98576 :seedling: Bump github.com/onsi/gomega from 1.17.0 to 1.18.0
  • 4122c79 :seedling: Unit tests for binary artifacts
  • 8a64075 :seedling: Fix the reflect.DeepEqual with google cmp
  • 66a91dd :seedling: Unit tests for branch protection raw
  • ab16cdb :seedling: Fix Vulns for containerd
  • 90a0689 :seedling: Unit test for fileparser
  • 062e33b :book: Dependabot config file link (#1498)
  • 0d76dea go.mod: Update github.com/google/go-containerregistry to v0.8.0 (#1506)
  • 13b78ab :warning: Create a dedicated logging package to encapsulate calls to zap (#1502)
  • f4e9dfd :seedling: Unit tests for binaryartifacts
  • 5777826 :seedling: Bump github.com/google/go-cmp from 0.5.6 to 0.5.7
  • 026d98e :seedling: Included e2e coverage for codecov
  • c3589e8 :book: Updated codecov badge
  • 2dcdbcd :seedling: Track code coverage
  • 9973bde :sparkles: Unit tests for dependency update
  • 96ea22e Add and use compressed Scorecard logos (#1492)
  • fc87431 Add exemption to stale issue workflow (#1486)
  • b8e054b :seedling: Bump goreleaser/goreleaser-action from 2.8.0 to 2.8.1
  • 4837262 :seedling: Bump ossf/scorecard-action from 1.0.0 to 1.0.1
  • 5d3f198 :sparkles: Unit test for SAST (#1482)

Thanks for all contributors!

Details

date
Feb. 22, 2022, 1:20 a.m.
name
v4.1.0
type
Minor
official page
https://github.com/ossf/scorecard/releases/tag/v4.1.0
👇
Register or login to:
  • 🔍View and search all Scorecard releases.
  • 🛠️Create and share lists to track your tools.
  • 🚨Setup notifications for major, security, feature or patch updates.
  • 🚀Much more coming soon!
Continue with GitHub
Continue with Google
or