Scorecard - v4.13.0

What's Changed

New

• Binary Artifacts:
• :sparkles: The Binary-Artifacts check supports local repos again by @spencerschrock in https://github.com/ossf/scorecard/pull/3415

• :sparkles: Check for static archives in Binary Artifacts by @DavidKorczynski in https://github.com/ossf/scorecard/pull/3454

• Branch Protection:

• :sparkles: Branch protection now considers repository rulesets by @thepwagner in https://github.com/ossf/scorecard/pull/3354

• :sparkles: Move "EnforcesAdmins" to tier 5 Branch-Protection by @spencerschrock in https://github.com/ossf/scorecard/pull/3502

• Pinned-Dependencies:

• :sparkles: Only score detected ecosystems by @gabibguti in https://github.com/ossf/scorecard/pull/3436

• Permissions:

• :sparkles: broaden job matcher for semantic release by @secustor in https://github.com/ossf/scorecard/pull/3506

• CLI:

• :sparkles: Increase PyPI parsing flexibility for --pypi flag by @joshgc in https://github.com/ossf/scorecard/pull/3423
• :sparkles: Add --output argument to write results to file by @gabibguti in https://github.com/ossf/scorecard/pull/3482

Bug Fixes

• License:
• :bug: Fixed situations where the Licenses folder wasn't being detected. by @spencerschrock in https://github.com/ossf/scorecard/pull/3412
• :bug: Licenses: Get License SPDXId from GitLab API by @raghavkaul in https://github.com/ossf/scorecard/pull/3413
• :bug: License: npe by @raghavkaul in https://github.com/ossf/scorecard/pull/3500
• Security Policy:
• :bug: The Security-Policy check will no longer print to the log if the org's .github repo is empty by @spencerschrock in https://github.com/ossf/scorecard/pull/3433
• Pinned-Dependencies:
• :bug: Add go installs to Pinned-Dependencies score by @gabibguti in https://github.com/ossf/scorecard/pull/3424
• Fuzzing:
• :bug: GitLab: Fix URI() used for OSS-Fuzz detection by @raghavkaul in https://github.com/ossf/scorecard/pull/3477
• :bug: Fix parsing OSSFuzz project repos with subfolders and capitalization. by @spencerschrock in https://github.com/ossf/scorecard/pull/3364
• Misc:
• :bug: Print Info in Empty Repo Scans by @leec94 in https://github.com/ossf/scorecard/pull/3426
• :bug: Set repo commit SHA in results after fetching successfully. by @spencerschrock in https://github.com/ossf/scorecard/pull/3514
• :bug: Fix loop aliasing errors. by @spencerschrock in https://github.com/ossf/scorecard/pull/3414

Docs

• :book: Added CDLA data license for the API to the README by @david-a-wheeler in https://github.com/ossf/scorecard/pull/3404
• :book: Update bestpractices links by @fredgan in https://github.com/ossf/scorecard/pull/3448
• :book: Add webviewer link by @olivekl in https://github.com/ossf/scorecard/pull/3490
• :book: Add gitlab links to viewer example by @olivekl in https://github.com/ossf/scorecard/pull/3494
• :book: Update docs for Signed-Releases check by @raghavkaul in https://github.com/ossf/scorecard/pull/3469
• :book: Fix documentation typos by @omahs in https://github.com/ossf/scorecard/pull/3505

New Contributors

• @joshgc made their first contribution in https://github.com/ossf/scorecard/pull/3423
• @AdamKorcz made their first contribution in https://github.com/ossf/scorecard/pull/3449
• @DavidKorczynski made their first contribution in https://github.com/ossf/scorecard/pull/3454
• @afmarcum made their first contribution in https://github.com/ossf/scorecard/pull/3455
• @fredgan made their first contribution in https://github.com/ossf/scorecard/pull/3448
• @omahs made their first contribution in https://github.com/ossf/scorecard/pull/3505
• @secustor made their first contribution in https://github.com/ossf/scorecard/pull/3506

Full Changelog: https://github.com/ossf/scorecard/compare/v4.12.0...v4.13.0