Scorecard - v4.10.0


What's Changed

Check improvements

  • :sparkles: Removed job-level permissions check for actions and packages by @eddie-knight in https://github.com/ossf/scorecard/pull/2367
  • :sparkles: Add Sonatype Lift as a dependency update tool, doc upgrade by @theresa-m in https://github.com/ossf/scorecard/pull/2328
  • :warning: OSV scanner integration by @another-rex in https://github.com/ossf/scorecard/pull/2509

Cron improvements

  • 🌱 Add soft mem limit to controller k8s spec by @spencerschrock in https://github.com/ossf/scorecard/pull/2362
  • 🌱 cron: generalize and expose worker (6/n) by @spencerschrock in https://github.com/ossf/scorecard/pull/2317
  • 🐛 Fix typo which prevented cron metadata from going to BigQuery dataset by @spencerschrock in https://github.com/ossf/scorecard/pull/2370
  • 🌱 [cron] generalize some of the transfer logic so it is easy to build new transfer agents by @calebbrown in https://github.com/ossf/scorecard/pull/2454

CLI

  • ✨ Commit depth feature by @latortuga71 in https://github.com/ossf/scorecard/pull/2407

Documentation

  • :book: Use scorecard (singular) consistently by @lehors in https://github.com/ossf/scorecard/pull/2428
  • :book: Use new project name in Copyright notices by @lehors in https://github.com/ossf/scorecard/pull/2505
  • :book: Fix copyright notices by @lehors in https://github.com/ossf/scorecard/pull/2514
  • 📖 Mention 2FA relevance although not checked by Scorecard by @joycebrum in https://github.com/ossf/scorecard/pull/2528
  • 📖 Clarify CII-Best-Practices score for each badge by @hugovk in https://github.com/ossf/scorecard/pull/2313

BinAuthZ support (WIP)

  • ✨ CLI for scorecard-attestor by @raghavkaul in https://github.com/ossf/scorecard/pull/2309
  • 🌱 Add Pinned-Dependency, Vulnerability, and Code-Review checks to attestor by @raghavkaul in
  • 🌱 attestor: Dockerize + small improvements for Cloud Build usage by @raghavkaul in https://github.com/ossf/scorecard/pull/2456
  • 🌱 attestor: e2e tests by @raghavkaul in https://github.com/ossf/scorecard/pull/2529

GitLab support (WIP)

  • :sparkles: Gitlab support by @N8BWert https://github.com/ossf/scorecard/pull/2265

New Contributors

  • @theresa-m made their first contribution in https://github.com/ossf/scorecard/pull/2328
  • @dvbnrg made their first contribution in https://github.com/ossf/scorecard/pull/2366
  • @hugovk made their first contribution in https://github.com/ossf/scorecard/pull/2313
  • @gabibguti made their first contribution in https://github.com/ossf/scorecard/pull/2384
  • @shissam made their first contribution in https://github.com/ossf/scorecard/pull/2195
  • @favonia made their first contribution in https://github.com/ossf/scorecard/pull/2447
  • @latortuga71 made their first contribution in https://github.com/ossf/scorecard/pull/2407
  • @balhar-jakub made their first contribution in https://github.com/ossf/scorecard/pull/2488
  • @another-rex made their first contribution in https://github.com/ossf/scorecard/pull/2509

Full Changelog: https://github.com/ossf/scorecard/compare/v4.8.0...v4.10.0


Details

date
Dec. 13, 2022, 11:40 p.m.
name
v4.10.0
type
Minor
👇
Register or login to:
  • 🔍View and search all Scorecard releases.
  • 🛠️Create and share lists to track your tools.
  • 🚨Setup notifications for major, security, feature or patch updates.
  • 🚀Much more coming soon!
Continue with GitHub
Continue with Google
or