Scorecard - v4.7.0

Changelog

• 7cd6406 Reduce build target radius (#2293)
• a7a503a 🌱 cron: pass config as an argument to binaries (4/n) (#2279)
• 97df43b :seedling: Reduce the number of PR's opened by dependabot (#2297)
• 88e5ff7 Improve API limiting and cache (#2294)
• f017e2e Fix typo which was causing index out of range panics (#2284)
• 08c2ee5 Modify tool installation (#2288)
• 0f87094 :sparkles: Gitlab support (#2265)
• a6983ed Fix failing linters (#2281)
• 7c24934 :seedling: Fix cosign vulnerability (#2283)
• a298132 :seedling: Bump actions/dependency-review-action from 2.1.0 to 2.2.0 (#2282)
• 9a9a1cb :bug: Add fix for issue2277 (#2278)
• d75dea8 🌱 Feature: Group commits into changesets (#2260)
• 3629fd8 :seedling: Bump github/codeql-action from 2.1.22 to 2.1.24
• 9f67c4e :seedling: Invite @spencerschrock as maintainer (#2269)
• 482a59e 🌱 Tests: Fix data race failures (#2262)
• 2231d1f 🌱 cron: make CSV header optional (3/n) (#2261)
• bde0ae1 🌱 cron: generalize config and create optional values for scorecard and criticality (2/n) (#2254)
• 9e269b8 🌱 Feature: Add scorecard attestation policy module (#2240)
• d6bef98 Wrap check errors with distinct error for scorecard-action to ignore. (#2250)
• 856d2dd :seedling: Bump sigstore/cosign-installer from 2.5.1 to 2.6.0 (#2253)
• d76ff0d :sparkles: setup-python not required by pypa/gh-action-pypi-publish (#2206)
• 11657e4 :book: Remove trailing whitespace (#2241)
• da785a2 Rename CII->OpenSSF Best Practices badge (#2239)
• c665f27 🌱 cron: allow controller to read CSVs from cloud storage (1/n) (#2235)
• 7c66ae8 :seedling: Bump imjasonh/setup-ko from 0.5 to 0.6 (#2231)
• ec15af5 :seedling: Bump github/codeql-action from 2.1.21 to 2.1.22 (#2227)
• dac68a4 :seedling: Bump github.com/onsi/gomega from 1.20.1 to 1.20.2 (#2225)
• bc5a1d6 Enable SAST check in cron by default (#2223)
• f345807 Detect pyup as an automated dependency update tool (#2226)
• d13ba3f 📖 Update instructions and other fixes in README (#2212)
• 7a2c403 :seedling: Bump github.com/onsi/ginkgo/v2 from 2.1.4 to 2.1.6 (#2220)
• 3337b6c :seedling: Bump github.com/onsi/ginkgo/v2 from 2.1.4 to 2.1.6 in /tools (#2221)
• 758cc39 Add k8s README (#2219)
• 5ac9f39 :seedling: Fix for empty repository (#2207)
• 33ab335 :seedling: Bump github.com/onsi/gomega from 1.20.0 to 1.20.1
• 621449f ✨ Add CODEOWNERS branch protection check (#2057)
• 6fc08e7 Allow contents: write for Token-Permissions when doing mvn release (#2202)
• a8e9050 ✨ Optimize SAST check (#2191)
• 11ff78e Deduplicate projects by excluding URL fragments (#2201)
• b40efd2 :seedling: Bump cloud.google.com/go/bigquery from 1.38.0 to 1.39.0
• 9460030 Make the Scalable Scorecards document public. (#2199)
• fb630a8 :seedling: Bump github/codeql-action from 2.1.20 to 2.1.21 (#2200)
• 64daafb :seedling: Bump cloud.google.com/go/pubsub from 1.24.0 to 1.25.1 (#2197)
• 32d6ba2 :seedling: Bump actions/setup-go from 3.2.1 to 3.3.0 (#2194)
• 8b3793a :seedling: Bump github/codeql-action from 2.1.19 to 2.1.20 (#2187)
• 86aa297 :seedling: Bump github.com/caarlos0/env/v6 from 6.9.3 to 6.10.0 (#2188)
• e2813b8 :seedling: Bump actions/cache from 3.0.7 to 3.0.8 (#2184)
• a4d2c01 :seedling: Bump distroless/base from 49d2923 to 533c15e (#2185)
• af2ee3d :seedling: Bump github/codeql-action from 1.0.0 to 2.1.19 (#2178)
• 77fa781 Check for security polices in RST format at toplevel and .github as well. (#2180)
• 2920b32 ✨ Improved license check (#2179)
• 25fd14d :seedling: Bump actions/dependency-review-action from 2.0.4 to 2.1.0 (#2176)
• 4a15760 Don't error on workflow parse failure in Binary-Artifacts (#2170)

Thanks for all contributors!