Scorecard - v4.12.0

This version of Scorecard supports GitLab repos by default.

This release also adds preliminary support for the scdiff command which can be used to compare changes in Scorecard scores for a repository between versions of Scorecard, as well as probe support for the Security-Policy check.

Finally, this release fixes scoring issues in the Branch-Protection and Pinned-Dependencies checks.

What's Changed

WIP

• ✨ GitLab: Release by @raghavkaul in #3340
• ✨ [experimental] Probe support for security policy check by @laurentsimon in #3241

Bug Fixes

• 🐛 Fix Branch-Protection scoring by @gabibguti in #3251
• 🐛 Forgive job-level permissions by @pnacht in #3162
• 🐛 Add npm installs to Pinned-Dependencies score by @gabibguti in #2960

Docs

• 📖 Add release process by @spencerschrock in #3322
• 📖 Update GitHub documentation links by @martincostello in #3318
• 📖 Fixed slack badge on README by @eddie-knight in #3311
• 📖 update docs for webhooks documentation by @leec94 in #3299
• 📖 Add contributor ladder by @pnacht in #3246
• 📖 Suggest new score viewer on badge documentation by @diogoteles08 in #3268
• 📖 Update Branch-Protection admin and non-admin requirements by @gabibguti, @pnacht in #2772

New Contributors

• @ajmalab made their first contribution in https://github.com/ossf/scorecard/pull/3248
• @eustas made their first contribution in https://github.com/ossf/scorecard/pull/3267
• @martincostello made their first contribution in https://github.com/ossf/scorecard/pull/3318
• @thepwagner made their first contribution in https://github.com/ossf/scorecard/pull/3327
• @aaguiarz made their first contribution in https://github.com/ossf/scorecard/pull/3337

Full Changelog: https://github.com/ossf/scorecard/compare/v4.11.0...v4.12.0