Scorecard - v4.13.0
Security
What's Changed
New
- Binary Artifacts:
- :sparkles: The Binary-Artifacts check supports local repos again by @spencerschrock in https://github.com/ossf/scorecard/pull/3415
-
:sparkles: Check for static archives in Binary Artifacts by @DavidKorczynski in https://github.com/ossf/scorecard/pull/3454
-
Branch Protection:
- :sparkles: Branch protection now considers repository rulesets by @thepwagner in https://github.com/ossf/scorecard/pull/3354
-
:sparkles: Move "EnforcesAdmins" to tier 5 Branch-Protection by @spencerschrock in https://github.com/ossf/scorecard/pull/3502
-
Pinned-Dependencies:
-
:sparkles: Only score detected ecosystems by @gabibguti in https://github.com/ossf/scorecard/pull/3436
-
Permissions:
-
:sparkles: broaden job matcher for semantic release by @secustor in https://github.com/ossf/scorecard/pull/3506
-
CLI:
- :sparkles: Increase PyPI parsing flexibility for
--pypi
flag by @joshgc in https://github.com/ossf/scorecard/pull/3423 - :sparkles: Add --output argument to write results to file by @gabibguti in https://github.com/ossf/scorecard/pull/3482
Bug Fixes
- License:
- :bug: Fixed situations where the Licenses folder wasn't being detected. by @spencerschrock in https://github.com/ossf/scorecard/pull/3412
- :bug: Licenses: Get License SPDXId from GitLab API by @raghavkaul in https://github.com/ossf/scorecard/pull/3413
- :bug: License: npe by @raghavkaul in https://github.com/ossf/scorecard/pull/3500
- Security Policy:
- :bug: The Security-Policy check will no longer print to the log if the org's .github repo is empty by @spencerschrock in https://github.com/ossf/scorecard/pull/3433
- Pinned-Dependencies:
- :bug: Add go installs to Pinned-Dependencies score by @gabibguti in https://github.com/ossf/scorecard/pull/3424
- Fuzzing:
- :bug: GitLab: Fix URI() used for OSS-Fuzz detection by @raghavkaul in https://github.com/ossf/scorecard/pull/3477
- :bug: Fix parsing OSSFuzz project repos with subfolders and capitalization. by @spencerschrock in https://github.com/ossf/scorecard/pull/3364
- Misc:
- :bug: Print Info in Empty Repo Scans by @leec94 in https://github.com/ossf/scorecard/pull/3426
- :bug: Set repo commit SHA in results after fetching successfully. by @spencerschrock in https://github.com/ossf/scorecard/pull/3514
- :bug: Fix loop aliasing errors. by @spencerschrock in https://github.com/ossf/scorecard/pull/3414
Docs
- :book: Added CDLA data license for the API to the README by @david-a-wheeler in https://github.com/ossf/scorecard/pull/3404
- :book: Update bestpractices links by @fredgan in https://github.com/ossf/scorecard/pull/3448
- :book: Add webviewer link by @olivekl in https://github.com/ossf/scorecard/pull/3490
- :book: Add gitlab links to viewer example by @olivekl in https://github.com/ossf/scorecard/pull/3494
- :book: Update docs for Signed-Releases check by @raghavkaul in https://github.com/ossf/scorecard/pull/3469
- :book: Fix documentation typos by @omahs in https://github.com/ossf/scorecard/pull/3505
New Contributors
- @joshgc made their first contribution in https://github.com/ossf/scorecard/pull/3423
- @AdamKorcz made their first contribution in https://github.com/ossf/scorecard/pull/3449
- @DavidKorczynski made their first contribution in https://github.com/ossf/scorecard/pull/3454
- @afmarcum made their first contribution in https://github.com/ossf/scorecard/pull/3455
- @fredgan made their first contribution in https://github.com/ossf/scorecard/pull/3448
- @omahs made their first contribution in https://github.com/ossf/scorecard/pull/3505
- @secustor made their first contribution in https://github.com/ossf/scorecard/pull/3506
Full Changelog: https://github.com/ossf/scorecard/compare/v4.12.0...v4.13.0
Security
Security wording was detected, but no CVEs were found.
Details
date
Oct. 6, 2023, 5:32 p.m.
name
v4.13.0
type
Minor
official page
👇
Register or login to:
- 🔍View and search all Scorecard releases.
- 🛠️Create and share lists to track your tools.
- 🚨Setup notifications for major, security, feature or patch updates.
- 🚀Much more coming soon!