Scorecard - v4.11.0

What's Changed

✨ Consider haskell-actions/hlint-scan a code scanning action by @chungyc in https://github.com/ossf/scorecard/pull/2846
✨ Detect fuzzing in Haskell by the presence of property tests. by @chungyc in https://github.com/ossf/scorecard/pull/2843
✨ The SAST check will look for workflows with the "github/codeql-action/analyze" action locally instead of the GitHub Search API endpoint by @spencerschrock in https://github.com/ossf/scorecard/pull/2839
✨ Scorecard checks for unpinned dependencies that are retrieved ad-hoc using nuget and dotnet CLIs ("nuget install" and "dotnet add") by @balteravishay in https://github.com/ossf/scorecard/pull/2779
✨ show non-compliant code changes for CI-Tests, Code-Review and SAST checks in --show-details mode by @ashishkurmi in https://github.com/ossf/scorecard/pull/2835
✨ Detect semantic-release as a packaging workflow by @travi in https://github.com/ossf/scorecard/pull/2964
✨ Detect semantic-release as a releasing workflow by @travi in https://github.com/ossf/scorecard/pull/2989
✨ Add support for github GHES by @patelniketm in https://github.com/ossf/scorecard/pull/2999 and @rajbos in https://github.com/ossf/scorecard/pull/2788
✨ Detect fast-check PBT library for JavaScript Fuzzing by @dubzzz in https://github.com/ossf/scorecard/pull/3073
✨ Run Scorecard on packages hosted at Nuget.org using --nuget=<package>by @balteravishay in https://github.com/ossf/scorecard/pull/3020

SAST
🐛 Reset stored error when handler is re-inited or setup is re-run. by @spencerschrock in https://github.com/ossf/scorecard/pull/2893
🐛 Add nil check before accessing a step's uses value. by @spencerschrock in https://github.com/ossf/scorecard/pull/2935
Vulnerabilities
🐛 Give inconclusive Vulnerabilities score when osv-scanner panics by @spencerschrock in https://github.com/ossf/scorecard/pull/2896
🐛 Update osv-scanner dependency to include Vulnerabilities check fixes by @laurentS in https://github.com/ossf/scorecard/pull/2981
Pinned-Dependencies
🐛 Pip installs count for Pinned-Dependencies score by @gabibguti in https://github.com/ossf/scorecard/pull/2922
Code-Review
🐛 Code Review: Use proportional scoring by @raghavkaul in https://github.com/ossf/scorecard/pull/2882

🌱 Deprecate dependencydiff package by @naveensrinivasan in https://github.com/ossf/scorecard/pull/3125

✨ GitLab: Documentation and cleaner errors by @raghavkaul in https://github.com/ossf/scorecard/pull/2821
✨ Gitlab: CI-Tests check by @raghavkaul in https://github.com/ossf/scorecard/pull/2833
✨ Gitlab: Maintained check by @raghavkaul in https://github.com/ossf/scorecard/pull/2860
✨ Enable gitlab Packaging Reporting by @jimrobison in https://github.com/ossf/scorecard/pull/2941
✨ GitLab: Code Review check by @raghavkaul in https://github.com/ossf/scorecard/pull/2764
✨ Gitlab: License check by @raghavkaul in https://github.com/ossf/scorecard/pull/2834
🐛 Gitlab: Commit/Commitor Exceptions by @jimrobison in https://github.com/ossf/scorecard/pull/3026
🐛 Gitlab: test fixes by @raghavkaul in https://github.com/ossf/scorecard/pull/3027
✨ Gitlab: Add projects to cron by @raghavkaul in https://github.com/ossf/scorecard/pull/2936
🐛 GitLab cron: rename by @raghavkaul in https://github.com/ossf/scorecard/pull/3070
🐛 Gitlab status updates by @jimrobison in https://github.com/ossf/scorecard/pull/3052
✨ GitLab: enable more checks in cron by @raghavkaul in https://github.com/ossf/scorecard/pull/3097
✨ GitLab: Add 5000 repos to nightly worker run by @raghavkaul in https://github.com/ossf/scorecard/pull/3137

📖 Update usage message of the scorecard --verbosity flag by @andrelmbackman in https://github.com/ossf/scorecard/pull/3190
📖 Update checks.md to show the benefit of >=2 reviewers by @joycebrum in https://github.com/ossf/scorecard/pull/3013
📖 Add new frequently asked question to FAQ by @joycebrum in https://github.com/ossf/scorecard/pull/2923
📖 Adds zoom link and agenda link by @hythloda in https://github.com/ossf/scorecard/pull/3050
📖 Tweak Best Practices badge description to clarify things by @david-a-wheeler in https://github.com/ossf/scorecard/pull/2907
📖 Clarify that AI/ML doesn't count as human code review by @david-a-wheeler in https://github.com/ossf/scorecard/pull/2953
📖 Change Facilitators to Maintainers by @jeffmendoza in https://github.com/ossf/scorecard/pull/3039
📖 Make all StepSecurity app endpoint references consistent by @ashishkurmi in https://github.com/ossf/scorecard/pull/3042
📖 Fix broken links in FAQ. by @chungyc in https://github.com/ossf/scorecard/pull/2858
📖 Capitalize proper nouns like Dependabot, Renovate, and GitHub by @leec94 in https://github.com/ossf/scorecard/pull/2962
📖 Fix anchor link to the code review section by @dasfreak in https://github.com/ossf/scorecard/pull/3058

@chungyc made their first contribution in https://github.com/ossf/scorecard/pull/2846
@ashishkurmi made their first contribution in https://github.com/ossf/scorecard/pull/2835
@leec94 made their first contribution in https://github.com/ossf/scorecard/pull/2962
@jimrobison made their first contribution in https://github.com/ossf/scorecard/pull/2941
@travi made their first contribution in https://github.com/ossf/scorecard/pull/2964
@laurentS made their first contribution in https://github.com/ossf/scorecard/pull/2981
@patelniketm made their first contribution in https://github.com/ossf/scorecard/pull/2999
@rajbos made their first contribution in https://github.com/ossf/scorecard/pull/2788
@hythloda made their first contribution in https://github.com/ossf/scorecard/pull/3050
@dasfreak made their first contribution in https://github.com/ossf/scorecard/pull/3058
@dubzzz made their first contribution in https://github.com/ossf/scorecard/pull/3073
@andrelmbackman made their first contribution in https://github.com/ossf/scorecard/pull/3190

Full Changelog: https://github.com/ossf/scorecard/compare/v4.10.5...v4.11.0