Scorecard - v4.11.0
What's Changed
New
- ✨ Consider haskell-actions/hlint-scan a code scanning action by @chungyc in https://github.com/ossf/scorecard/pull/2846
- ✨ Detect fuzzing in Haskell by the presence of property tests. by @chungyc in https://github.com/ossf/scorecard/pull/2843
- ✨ The SAST check will look for workflows with the "github/codeql-action/analyze" action locally instead of the GitHub Search API endpoint by @spencerschrock in https://github.com/ossf/scorecard/pull/2839
- ✨ Scorecard checks for unpinned dependencies that are retrieved ad-hoc using nuget and dotnet CLIs ("nuget install" and "dotnet add") by @balteravishay in https://github.com/ossf/scorecard/pull/2779
- ✨ show non-compliant code changes for CI-Tests, Code-Review and SAST checks in --show-details mode by @ashishkurmi in https://github.com/ossf/scorecard/pull/2835
- ✨ Detect semantic-release as a packaging workflow by @travi in https://github.com/ossf/scorecard/pull/2964
- ✨ Detect semantic-release as a releasing workflow by @travi in https://github.com/ossf/scorecard/pull/2989
- ✨ Add support for github GHES by @patelniketm in https://github.com/ossf/scorecard/pull/2999 and @rajbos in https://github.com/ossf/scorecard/pull/2788
- ✨ Detect fast-check PBT library for JavaScript Fuzzing by @dubzzz in https://github.com/ossf/scorecard/pull/3073
- ✨ Run Scorecard on packages hosted at Nuget.org using
--nuget=<package>
by @balteravishay in https://github.com/ossf/scorecard/pull/3020
Bug Fixes
- SAST
- 🐛 Reset stored error when handler is re-inited or setup is re-run. by @spencerschrock in https://github.com/ossf/scorecard/pull/2893
- 🐛 Add nil check before accessing a step's uses value. by @spencerschrock in https://github.com/ossf/scorecard/pull/2935
- Vulnerabilities
- 🐛 Give inconclusive Vulnerabilities score when osv-scanner panics by @spencerschrock in https://github.com/ossf/scorecard/pull/2896
- 🐛 Update osv-scanner dependency to include Vulnerabilities check fixes by @laurentS in https://github.com/ossf/scorecard/pull/2981
- Pinned-Dependencies
- 🐛 Pip installs count for Pinned-Dependencies score by @gabibguti in https://github.com/ossf/scorecard/pull/2922
- Code-Review
- 🐛 Code Review: Use proportional scoring by @raghavkaul in https://github.com/ossf/scorecard/pull/2882
Deprecations
- 🌱 Deprecate dependencydiff package by @naveensrinivasan in https://github.com/ossf/scorecard/pull/3125
GitLab support (WIP)
- ✨ GitLab: Documentation and cleaner errors by @raghavkaul in https://github.com/ossf/scorecard/pull/2821
- ✨ Gitlab: CI-Tests check by @raghavkaul in https://github.com/ossf/scorecard/pull/2833
- ✨ Gitlab: Maintained check by @raghavkaul in https://github.com/ossf/scorecard/pull/2860
- ✨ Enable gitlab Packaging Reporting by @jimrobison in https://github.com/ossf/scorecard/pull/2941
- ✨ GitLab: Code Review check by @raghavkaul in https://github.com/ossf/scorecard/pull/2764
- ✨ Gitlab: License check by @raghavkaul in https://github.com/ossf/scorecard/pull/2834
- 🐛 Gitlab: Commit/Commitor Exceptions by @jimrobison in https://github.com/ossf/scorecard/pull/3026
- 🐛 Gitlab: test fixes by @raghavkaul in https://github.com/ossf/scorecard/pull/3027
- ✨ Gitlab: Add projects to cron by @raghavkaul in https://github.com/ossf/scorecard/pull/2936
- 🐛 GitLab cron: rename by @raghavkaul in https://github.com/ossf/scorecard/pull/3070
- 🐛 Gitlab status updates by @jimrobison in https://github.com/ossf/scorecard/pull/3052
- ✨ GitLab: enable more checks in cron by @raghavkaul in https://github.com/ossf/scorecard/pull/3097
- ✨ GitLab: Add 5000 repos to nightly worker run by @raghavkaul in https://github.com/ossf/scorecard/pull/3137
Docs
- 📖 Update usage message of the scorecard --verbosity flag by @andrelmbackman in https://github.com/ossf/scorecard/pull/3190
- 📖 Update checks.md to show the benefit of >=2 reviewers by @joycebrum in https://github.com/ossf/scorecard/pull/3013
- 📖 Add new frequently asked question to FAQ by @joycebrum in https://github.com/ossf/scorecard/pull/2923
- 📖 Adds zoom link and agenda link by @hythloda in https://github.com/ossf/scorecard/pull/3050
- 📖 Tweak Best Practices badge description to clarify things by @david-a-wheeler in https://github.com/ossf/scorecard/pull/2907
- 📖 Clarify that AI/ML doesn't count as human code review by @david-a-wheeler in https://github.com/ossf/scorecard/pull/2953
- 📖 Change Facilitators to Maintainers by @jeffmendoza in https://github.com/ossf/scorecard/pull/3039
- 📖 Make all StepSecurity app endpoint references consistent by @ashishkurmi in https://github.com/ossf/scorecard/pull/3042
- 📖 Fix broken links in FAQ. by @chungyc in https://github.com/ossf/scorecard/pull/2858
- 📖 Capitalize proper nouns like Dependabot, Renovate, and GitHub by @leec94 in https://github.com/ossf/scorecard/pull/2962
- 📖 Fix anchor link to the code review section by @dasfreak in https://github.com/ossf/scorecard/pull/3058
New Contributors
- @chungyc made their first contribution in https://github.com/ossf/scorecard/pull/2846
- @ashishkurmi made their first contribution in https://github.com/ossf/scorecard/pull/2835
- @leec94 made their first contribution in https://github.com/ossf/scorecard/pull/2962
- @jimrobison made their first contribution in https://github.com/ossf/scorecard/pull/2941
- @travi made their first contribution in https://github.com/ossf/scorecard/pull/2964
- @laurentS made their first contribution in https://github.com/ossf/scorecard/pull/2981
- @patelniketm made their first contribution in https://github.com/ossf/scorecard/pull/2999
- @rajbos made their first contribution in https://github.com/ossf/scorecard/pull/2788
- @hythloda made their first contribution in https://github.com/ossf/scorecard/pull/3050
- @dasfreak made their first contribution in https://github.com/ossf/scorecard/pull/3058
- @dubzzz made their first contribution in https://github.com/ossf/scorecard/pull/3073
- @andrelmbackman made their first contribution in https://github.com/ossf/scorecard/pull/3190
Full Changelog: https://github.com/ossf/scorecard/compare/v4.10.5...v4.11.0
Details
date
June 22, 2023, 8 p.m.
name
v4.11.0
type
Minor
official page
👇
Register or login to:
- 🔍View and search all Scorecard releases.
- 🛠️Create and share lists to track your tools.
- 🚨Setup notifications for major, security, feature or patch updates.
- 🚀Much more coming soon!