OpenSSF Scorecard - Security health metrics for Open Source
APACHE-2.0 License
Bot releases are hidden (Show)
[!IMPORTANT]
This is a v5 prerelease candidate. There may be more breaking changes before the official v5.0.0 release.
Full Changelog: https://github.com/ossf/scorecard/compare/v5.0.0-rc1...v5.0.0-rc2
Published by spencerschrock 6 months ago
[!IMPORTANT]
This is a v5 prerelease candidate. There may be more breaking changes before the official v5.0.0 release.
We invite users to try out a preview of Structured Results, the main feature from this release candidate. For more details on the feature, please check out the first paragraph of our probes README as well as our blog post (coming next week).
At a high level, structured results involves breaking the existing 19 Scorecard Checks into individual heuristics so users can pick and choose which ones they care about. You can see a list of all supported probes by checking out the probes/
directory. To run individual probes, use the --probes
CLI flag with a comma separated list of names. You must also specify the --format probe
option to see the results. Please run scorecard --help
if you need more details.
Example:
scorecard --repo github.com/ossf/scorecard --probes archived,fuzzed,hasLicenseFile --format probe
.gitlab
folder. (#3823, @spencerschrock)vendor
and third_party
directories. (#3675, @AdamKorcz).sigstore
bundles to check for signed releases (#3772, @edgarrmondragon)GitHub
GitLab
--commit-depth
support for GitLab repos (#3672, @ashearin)Local Directory
rule.Remediation
and switch users to probe.Remediation
by @spencerschrock in https://github.com/ossf/scorecard/pull/3978
.sigstore
bundles are part of check for Signed-Releases (#3922, @cpswan)Full Changelog: https://github.com/ossf/scorecard/compare/v4.13.1...v5.0.0-rc1
Published by spencerschrock 12 months ago
Fuzzing
fast-check
test runners integrations by @sheerlox in https://github.com/ossf/scorecard/pull/3568
Weekly Public Data Cron
Full Changelog: https://github.com/ossf/scorecard/compare/v4.13.0...v4.13.1
Published by spencerschrock about 1 year ago
Binary Artifacts:
Branch Protection:
Pinned-Dependencies:
Permissions:
CLI:
--pypi
flag by @joshgc in https://github.com/ossf/scorecard/pull/3423
Full Changelog: https://github.com/ossf/scorecard/compare/v4.12.0...v4.13.0
Published by raghavkaul about 1 year ago
This version of Scorecard supports GitLab repos by default.
This release also adds preliminary support for the scdiff command which can be used to compare changes in Scorecard scores for a repository between versions of Scorecard, as well as probe support for the Security-Policy check.
Finally, this release fixes scoring issues in the Branch-Protection and Pinned-Dependencies checks.
Full Changelog: https://github.com/ossf/scorecard/compare/v4.11.0...v4.12.0
Published by spencerschrock over 1 year ago
--nuget=<package>
by @balteravishay in https://github.com/ossf/scorecard/pull/3020
Full Changelog: https://github.com/ossf/scorecard/compare/v4.10.5...v4.11.0
Published by spencerschrock almost 2 years ago
Full Changelog: https://github.com/ossf/scorecard/compare/v4.10.1...v4.10.2
Published by laurentsimon almost 2 years ago
Full Changelog: https://github.com/ossf/scorecard/compare/v4.8.0...v4.10.0
Published by laurentsimon almost 2 years ago
Full Changelog: https://github.com/ossf/scorecard/compare/v4.8.0...v4.9.0
Published by laurentsimon about 2 years ago
--commit
option by @azeemshaikh38 in https://github.com/ossf/scorecard/pull/2156
Full Changelog: https://github.com/ossf/scorecard/compare/v4.5.0...v4.6.0
Published by laurentsimon over 2 years ago
clients.Contributor
with clients.User
by @azeemshaikh38 in https://github.com/ossf/scorecard/pull/1957
Full Changelog: https://github.com/ossf/scorecard/compare/v4.3.1...v4.4.0
Published by laurentsimon over 2 years ago
Fix https://github.com/ossf/scorecard-action/issues/323 via https://github.com/ossf/scorecard/pull/1947
Full Changelog: https://github.com/ossf/scorecard/compare/v4.3.0...v4.3.1
Published by azeemshaikh38 almost 3 years ago
Includes a patch to fix scorecard version
in Scorecard Docker image and some documentation changes.
scorecard version
in Scorecard Docker images by @azeemshaikh38 in https://github.com/ossf/scorecard/pull/1480
Full Changelog: https://github.com/ossf/scorecard/compare/v4.0.0...v4.0.1
Published by azeemshaikh38 almost 3 years ago
This release of Scorecard provides bug fixes, enhancements and new features and many other changes. The project remains available via a docker image.
--local
option)@laurentsimon, @naveensrinivasan, @chrismcgehee, @azeemshaikh38, @asraa, @olivekl, @evverx, @developer-guy, @oliverchang, @varunsh-coder, @david-a-wheeler, @imjasonh, @nanikjava, @JamieMagee, @lehors, @r0mdau, @cpanato, @dota17, @Juneezee,
Full Changelog: https://github.com/ossf/scorecard/compare/v3.0.0...v4.0.0
Published by laurentsimon about 3 years ago
Full Changelog: https://github.com/ossf/scorecard/compare/v3.0.0...v3.0.1
Published by laurentsimon about 3 years ago
This release of Scorecard provides bug fixes, enhancements and new features, including many changes that are not compatible with earlier versions of Scorecard. The project remains available via a docker image.
We are experimenting with new APIs based on user feedback to improve clarity and usability. Please try them out and leave us feedback on the scorecard repository!
--format json | jq
).@naveensrinivasan, @chrismcgehee, @nanikjava, @rsprabery, @slugclub, @nathan-415, @neil465, @notanton, @ben-moss, @evalphobia, @johanbrandhorst, @iamamoose, @david-a-wheeler, @olivekl, @asraa, @loosebazooka, @meder, @oliverchang, @azeemshaikh38, @laurentsimon
Published by inferno-chromium almost 4 years ago
Initial open source release.