Scorecard - v4.6.0
What's Changed
- ✨ Enhancement: adding new entries for GH actions & Pub as ecosystems, typo fixes by @aidenwang9867 in https://github.com/ossf/scorecard/pull/2109
- feat: Add pom.xml support for sonarype SAST by @laurentsimon in https://github.com/ossf/scorecard/pull/2114
- ✨ Enhancement: Dependency-diff API optimization - changing the input param changeType from a map to an array by @aidenwang9867 in https://github.com/ossf/scorecard/pull/2111
- :seedling: Bump gocloud.dev from 0.25.0 to 0.26.0 by @dependabot in https://github.com/ossf/scorecard/pull/2121
- :seedling: Bump nick-invision/retry from 2.6.0 to 2.8.0 by @dependabot in https://github.com/ossf/scorecard/pull/2122
- 📖 Include an example query for the public BigQuery dataset by @spencerschrock in https://github.com/ossf/scorecard/pull/2123
- :seedling: Bump actions/cache from 3.0.5 to 3.0.6 by @dependabot in https://github.com/ossf/scorecard/pull/2127
- :seedling: Bump cloud.google.com/go/bigquery from 1.36.0 to 1.37.0 by @dependabot in https://github.com/ossf/scorecard/pull/2126
- :seedling: Bump nick-invision/retry from 2.8.0 to 2.8.1 by @dependabot in https://github.com/ossf/scorecard/pull/2130
- 🌱 github actions cleanup and set to get the latest go available by @cpanato in https://github.com/ossf/scorecard/pull/2135
- 🌱 Limit access to registered checks by @spencerschrock in https://github.com/ossf/scorecard/pull/2134
- ✨ support for SLSA provenance in Signed-Release by @laurentsimon in https://github.com/ossf/scorecard/pull/2131
- :sparkles: Feature: Improve Dependabot detection through PRs by @qequ in https://github.com/ossf/scorecard/pull/2125
- :sparkles: Support OneFuzz in fuzzing checks by @balteravishay in https://github.com/ossf/scorecard/pull/2141
- :bug: Fix bug 2051 by @varunsh-coder in https://github.com/ossf/scorecard/pull/2140
- :seedling: Bump actions/cache from 3.0.6 to 3.0.7 by @dependabot in https://github.com/ossf/scorecard/pull/2139
- ✨ Favor SLSA provenance over plain signature in Signed-Release by @laurentsimon in https://github.com/ossf/scorecard/pull/2144
- :seedling: Bump step-security/harden-runner from 1.4.4 to 1.4.5 by @dependabot in https://github.com/ossf/scorecard/pull/2148
- ✨ Scorecard returns a non-zero exit code if any check has a runtime error by @spencerschrock in https://github.com/ossf/scorecard/pull/2133
- :seedling: Bump cloud.google.com/go/bigquery from 1.37.0 to 1.38.0 by @dependabot in https://github.com/ossf/scorecard/pull/2149
- 🐛 Add scorecard-action to the security-events allowlist in Token Permissions check by @spencerschrock in https://github.com/ossf/scorecard/pull/2153
- 🐛 Remove duplicate projects with different casings by @azeemshaikh38 in https://github.com/ossf/scorecard/pull/2155
- 🐛 Detect recently created Github repositories by @raghavkaul in https://github.com/ossf/scorecard/pull/2151
- ✨ Unflag the
--commit
option by @azeemshaikh38 in https://github.com/ossf/scorecard/pull/2156 - Use generic generator for SLSA by @laurentsimon in https://github.com/ossf/scorecard/pull/2146
- :seedling: Upgrade to go 1.18 by @naveensrinivasan in https://github.com/ossf/scorecard/pull/2143
- :seedling: Bump sigstore/cosign-installer from 2.5.0 to 2.5.1 by @dependabot in https://github.com/ossf/scorecard/pull/2167
- 🐛 Fix remediation text when Scorecard is run multiple times within a program by @spencerschrock in https://github.com/ossf/scorecard/pull/2168
- 🌱 Update scorecard-action to v2:alpha by @azeemshaikh38 in https://github.com/ossf/scorecard/pull/2171
- ✨ Use sha256 for release hashes by @laurentsimon in https://github.com/ossf/scorecard/pull/2172
New Contributors
- @qequ made their first contribution in https://github.com/ossf/scorecard/pull/2125
- @balteravishay made their first contribution in https://github.com/ossf/scorecard/pull/2141
Full Changelog: https://github.com/ossf/scorecard/compare/v4.5.0...v4.6.0
Details
date
Aug. 18, 2022, 10:10 p.m.
name
v4.6.0
type
Minor
official page
👇
Register or login to:
- 🔍View and search all Scorecard releases.
- 🛠️Create and share lists to track your tools.
- 🚨Setup notifications for major, security, feature or patch updates.
- 🚀Much more coming soon!