Scorecard - v4.10.0
What's Changed
Check improvements
- :sparkles: Removed job-level permissions check for actions and packages by @eddie-knight in https://github.com/ossf/scorecard/pull/2367
- :sparkles: Add Sonatype Lift as a dependency update tool, doc upgrade by @theresa-m in https://github.com/ossf/scorecard/pull/2328
- :warning: OSV scanner integration by @another-rex in https://github.com/ossf/scorecard/pull/2509
Cron improvements
- 🌱 Add soft mem limit to controller k8s spec by @spencerschrock in https://github.com/ossf/scorecard/pull/2362
- 🌱 cron: generalize and expose worker (6/n) by @spencerschrock in https://github.com/ossf/scorecard/pull/2317
- 🐛 Fix typo which prevented cron metadata from going to BigQuery dataset by @spencerschrock in https://github.com/ossf/scorecard/pull/2370
- 🌱 [cron] generalize some of the transfer logic so it is easy to build new transfer agents by @calebbrown in https://github.com/ossf/scorecard/pull/2454
CLI
- ✨ Commit depth feature by @latortuga71 in https://github.com/ossf/scorecard/pull/2407
Documentation
- :book: Use scorecard (singular) consistently by @lehors in https://github.com/ossf/scorecard/pull/2428
- :book: Use new project name in Copyright notices by @lehors in https://github.com/ossf/scorecard/pull/2505
- :book: Fix copyright notices by @lehors in https://github.com/ossf/scorecard/pull/2514
- 📖 Mention 2FA relevance although not checked by Scorecard by @joycebrum in https://github.com/ossf/scorecard/pull/2528
- 📖 Clarify CII-Best-Practices score for each badge by @hugovk in https://github.com/ossf/scorecard/pull/2313
BinAuthZ support (WIP)
- ✨ CLI for scorecard-attestor by @raghavkaul in https://github.com/ossf/scorecard/pull/2309
- 🌱 Add Pinned-Dependency, Vulnerability, and Code-Review checks to attestor by @raghavkaul in
- 🌱 attestor: Dockerize + small improvements for Cloud Build usage by @raghavkaul in https://github.com/ossf/scorecard/pull/2456
- 🌱 attestor: e2e tests by @raghavkaul in https://github.com/ossf/scorecard/pull/2529
GitLab support (WIP)
- :sparkles: Gitlab support by @N8BWert https://github.com/ossf/scorecard/pull/2265
New Contributors
- @theresa-m made their first contribution in https://github.com/ossf/scorecard/pull/2328
- @dvbnrg made their first contribution in https://github.com/ossf/scorecard/pull/2366
- @hugovk made their first contribution in https://github.com/ossf/scorecard/pull/2313
- @gabibguti made their first contribution in https://github.com/ossf/scorecard/pull/2384
- @shissam made their first contribution in https://github.com/ossf/scorecard/pull/2195
- @favonia made their first contribution in https://github.com/ossf/scorecard/pull/2447
- @latortuga71 made their first contribution in https://github.com/ossf/scorecard/pull/2407
- @balhar-jakub made their first contribution in https://github.com/ossf/scorecard/pull/2488
- @another-rex made their first contribution in https://github.com/ossf/scorecard/pull/2509
Full Changelog: https://github.com/ossf/scorecard/compare/v4.8.0...v4.10.0
Details
date
Dec. 13, 2022, 11:40 p.m.
name
v4.10.0
type
Minor
official page
👇
Register or login to:
- 🔍View and search all Scorecard releases.
- 🛠️Create and share lists to track your tools.
- 🚨Setup notifications for major, security, feature or patch updates.
- 🚀Much more coming soon!