OpenSSF Scorecard - Security health metrics for Open Source
APACHE-2.0 License
Bot releases are visible (Hide)
Published by github-actions[bot] over 2 years ago
CheckResult
CheckResult
struct (#1896)Published by github-actions[bot] over 2 years ago
Security-Policy
should not run on --local
(#1825)Security-Policy
with --local
(#1822)GITHUB_TOKEN
for downloading protoc (#1797)792dfe7
to 764b74b
02f6671
to 792dfe7
CI-Tests
to run as commit-based checkLicense
, Security-Policy
as commit-based (#1711)release-note
code fence (#1678)contents: write
permission only for jobs that are releasing (#1663)Published by github-actions[bot] over 2 years ago
Version
field from LogMessage (#1640)nix-shell
over nix-env
Committer.Name
change (#1576)logr
/logrusr
implementation (#1516)zap
(#1502)Published by azeemshaikh38 almost 3 years ago
Includes a patch to fix scorecard version
in Scorecard Docker image and some documentation changes.
scorecard version
in Scorecard Docker images by @azeemshaikh38 in https://github.com/ossf/scorecard/pull/1480
Full Changelog: https://github.com/ossf/scorecard/compare/v4.0.0...v4.0.1
Published by azeemshaikh38 almost 3 years ago
This release of Scorecard provides bug fixes, enhancements and new features and many other changes. The project remains available via a docker image.
--local
option)@laurentsimon, @naveensrinivasan, @chrismcgehee, @azeemshaikh38, @asraa, @olivekl, @evverx, @developer-guy, @oliverchang, @varunsh-coder, @david-a-wheeler, @imjasonh, @nanikjava, @JamieMagee, @lehors, @r0mdau, @cpanato, @dota17, @Juneezee,
Full Changelog: https://github.com/ossf/scorecard/compare/v3.0.0...v4.0.0
Published by github-actions[bot] almost 3 years ago
aa634bd2518328ceb1c80305c2c9008f1c176da4: 🌱 Fixes the broken e2e (@naveensrinivasan)
53ae5830968b635e94cdb95789f5b850f55ff7cb: Remove obviously invalid URLs from porjects.csv (#1165) (@azeemshaikh38)
0ba864e9c2062186bcd6f5ed0a14784d40b38e86: Avoid panic in code (#1171) (@azeemshaikh38)
d9e35cda2ac4227efecbf22988ac5745290c015d: 🐛 Fix flaky tests in cron/data/add (#1185) (@laurentsimon)
4cca9b4960bcbe59e0e2d0fdae1b5a7e34c5eee9: ✨ Implement local repo client for local folders (#1146) (@laurentsimon)
c73c5628ea96b460809301db68a59e082d12a3c4: Fix GitHub workflows failing (#1172) (@azeemshaikh38)
87359619c7340e1eefe0c051c3cccd80f1c69089: Update shard naming to allow for 1M+ shards (#1170) (@azeemshaikh38)
608866949b237ab178ee59ec49c16f07cb2d898e: 🐛 Fix ListFiles caching in localrepo client (#1190) (@laurentsimon)
b08a4a8ca7f8eee18a25be378b8f728a3467a2c5: Increase worker replicas (#1173) (@azeemshaikh38)
1db0f9745f2947a74a7bcff38e2f445486731d01: Sanitized repo URLs ~1M (#1182) (@azeemshaikh38)
138552848d7c7ec2fd5885a3d38c8a30637b06d5: Remove Repo CPU runtime stat logging (#1186) (@azeemshaikh38)
92dff665a42cd4d864707dffa5775573a20b0db0: 🌱 Bump distroless/base from 56d73a6
to 46d4514
(#1176) (@dependabot[bot])
ed2ef299f166bea3e3292dc1100bdc2f5cc10695: 🌱 Bump distroless/base in /cron/webhook (#1177) (@dependabot[bot])
6467b31c4c6b0699d6e54a9b3c3ff4215b6c62f3: 📖 Update CODEOWNERS (#1189) (@r0mdau)
52ce50c2b50c772063223df489264ff13f682b5d: 🌱 Bump distroless/base in /cron/worker (#1193) (@dependabot[bot])
148446bb835655ee63fedebd42efd3420dab96b6: 🌱 Bump distroless/base in /cron/controller (#1192) (@dependabot[bot])
83649a799ec4a7953a3180297311c4427edd0474: Remove repos
package (#1191) (@azeemshaikh38)
a53245a9fc4d90aa0f58ca5d32f356cce8e02e8a: 🐛 Fix broken e2e tests for Binary Artifacts (@naveensrinivasan)
c7511206a15deebf1c613849435878a75e1524db: 🌱 Reproducible builds in goreleaser (#1198) (@naveensrinivasan)
69f9774b932868e21609b16c3f755176c2d5d12e: Store metadata in BigQuery (#1197) (@azeemshaikh38)
d3796f29b1c83695ee38a187f90cff71ac72cd09: ✨ Add ClusterFuzzLite to Fuzzing check. (#1166) (@oliverchang)
1cc8601c2c8717699b04ba751cbf900b49087da8: 📖 Included the meeting minutes (#1202) (@naveensrinivasan)
ff316e1f978b83bd257487a2d871ac9eca449726: 🐛 Removed the Binary Artifact (@naveensrinivasan)
a6d298a60a65bf2a6ddc7db3690ae25fe186829a: ✨ Use checks.yaml to store which repo types are supported by each check (#1195) (@laurentsimon)
257d99e1c65aad07484336ad09bfed90ade35799: 🌱 Fixed the failing tests (@naveensrinivasan)
8a83a81fd7c5b1873365f1159f1c41681dd10476: ✨ Validate check.yaml's repo interface support (#1210) (@laurentsimon)
59edb12f2a3d39e0dabac75e3b37fae9166c05b5: 🐛 Use only olivekl@ in CODEOWNER (#1212) (@laurentsimon)
8805ac54d05976a6162e7258e0dde8f00d26d6bc: ✨ Add --local
option to CLI (#1211) (@laurentsimon)
6562cc1f4488c7a018b5c6b4e031f990058d95a2: 🌱 Bump actions/checkout from 2.3.5 to 2.4.0 (@dependabot[bot])
2006be181938b541cf68f76aec8496db10fc46fd: 🐛 Token permission check was failing on non-yaml files (@chrismcgehee)
ddd770ae143b582ae04cd1e1bc82f2e50bfe20ff: 📖 Updated the community links (#1216) (@naveensrinivasan)
af594d39210f97029cd207e32b703939cf42b177: spelling (#1219) (@laurentsimon)
67f070f73c31fb38684774729bbd3501b2b462c5: remove action (#1223) (@laurentsimon)
4ee366eb0ff1425f68295d1b6d9e67f59e58f393: 🌱 Move docker build checks to ko (#1214) (@naveensrinivasan)
b3ac52a06b7870133b39996972a911e8b2124642: PR support (#1227) (@laurentsimon)
f319aca82d5fd2238c37073e73de8b5172f660fb: Moving github worflow parsing to its own file (@chrismcgehee)
3dc507b9e1bc99ea3327251ea9e1a715eb5b665d: Using library to parse github workflows (@chrismcgehee)
09b7b3bd3de54001674cb13b1f812bef796c140c: ✨ Pull request support for GitHub action (#1222) (@laurentsimon)
4fbd0fe93ec800e42fddf6a66a39298c76a829bb: Adding Chris as facilitator (@chrismcgehee)
929fd6e9e4d5214bbed2c627d80fcbeb5f833c6c: deterministic sarif gen (#1233) (@laurentsimon)
ae271b451366bee8aa3fd76daaf1582e81eb2c1b: 🐛 Validate doc on pre-submit (#1235) (@laurentsimon)
6a2fb2edc25c41b08d15c91b3b2a77861bca769b: Add LGTM to the SAST check (#1232) (@evverx)
5524c9717b2f51480c4be4d273df70e497e2b49d: SAST: no longer skip "neutral" checks (#1237) (@evverx)
795505fd7f1989ed2620149e204c32d5cb1b43f7: ✨ Remove isScorecardRepo (#1236) (@laurentsimon)
46611eac5d69cc3d3a5188b59f91e982a01b0bab: Security-Policy: really look for the security policy (@evverx)
9dfac392230856d2bfff34f942adb00d80e0bad9: Fix the way diff is shown (#1249) (@azeemshaikh38)
ab2bb205d4f94d1c484220ed34a47882442fc8ed: Fix nil-ptr access bug (#1248) (@azeemshaikh38)
c8d2a513750239eb51f0e2f7133f0226cf6c67d4: Ignore nil values in Branch-Protection check (#1243) (@azeemshaikh38)
177502552a5e150c6a590b2f492d54b5f229ccfc: 🌱 Move from io/ioutil to io and os packages (#1250) (@Juneezee)
51de6b6e5d9b025561b15c30cbb498bf31101427: Check for issue activity in Maintained (#1251) (@azeemshaikh38)
16cd53de44ac7b3bc0d9619548bb3f03c049a72d: make install
was not installing to GOPATH (@chrismcgehee)
d4904555b49d033a4b66ca88c4750a7857ffc891: CI-Test: stop assuming either "statuses" or "check runs" are used (#1259) (@evverx)
6223b6620ad5b268f99f5a6daf21b766799cdda6: Add CIIClient interface (#1262) (@azeemshaikh38)
72e20a076c4b59e59799b2bbcd1468fb504a2018: Add repoClient.Close
for all e2e tests (#1265) (@azeemshaikh38)
5950fdef67d58f7aaebd68d005e0d3c92200297f: 🐛 fix special character in search query to fix fuzzing check (#1241) (@asraa)
4dde35632906a5d0e0484503c1a7cb58b4214425: Fix nil-ptr dereference (#1269) (@azeemshaikh38)
1050b1cd607b3686641c96ac071ae6774e60588f: ✨ Add dangerous workflow check with untrusted code checkout pattern (#1168) (@asraa)
63e3b92466f0403159c02f1ccedd43f9400e8b26: fix (#1277) (@laurentsimon)
4502dfb55787891d555682c1c5f6e3f83fa1d236: ✨ Reduce false positives in Token-Permissions for contents permission (#1253) (@laurentsimon)
71e8698617d25b006cf0935da5e1fb5487bff292: Add a cron job to copy CII badges data (#1278) (@azeemshaikh38)
a05ac54b67beafa69708ce4867f7f2ad32fe402a: 🐛 Fix the reproducible builds (#1282) (@naveensrinivasan)
86835fcfd6559479f603ef623d6c0948f5dae4b2: 🐛 Fix branch protection results (#1252) (@laurentsimon)
4bd24b829148ff80510e8b1a14cd998f5cafdee6: Including line number: Dockerfile FROM not pinned (#1258) (@chrismcgehee)
cc4949465b6730ee398e49a096e0132f02078372: ✨ [Check split]: Binary-Artifacts (#1244) (@laurentsimon)
0bd575641dc1a59d2971e0ffad8598965ea289cb: Binary-Artifacts: no longer complain about ".bin" files (#1288) (@evverx)
0b32cc313854146f53594186554b3539f539ae04: Fix broken e2e tests (#1291) (@azeemshaikh38)
2375ae2812319adc902f917cbdc51032b3290c54: Add a OssFuzzRepoClient (#1280) (@azeemshaikh38)
0339eeadc2dfea9765993eca4944590cb792c59b: 🌱 Fix integration test runs (#1286) (@naveensrinivasan)
8fae5b10bd9d12138af53d08ebe4416b028a7b84: Fix more nil-ptr dereferences (#1295) (@azeemshaikh38)
b4e32052fe3b6d2f8d56f6dd95f2661b3b87fca7: ci: drop trailing whitespaces (#1292) (@evverx)
e15e7b1ca5f981fcb726756b181df1f3f78b7f04: More nilptr issues (#1296) (@azeemshaikh38)
9878c4e61e1686ccce5625cff80e4775f072b1b2: Randomize the repos tested during release test (#1299) (@azeemshaikh38)
89b316c64d9384a3e049b636d98a43b7a7c2be16: Use blob-based CII client in cron job (#1284) (@azeemshaikh38)
08a78762da5a040c137ba9d2b4d34e2a2a3659d1: Run Dangerous-Workflow
in release tests (#1301) (@azeemshaikh38)
5025299eb686e8ebaf1de95a52cab5926b0c204c: Fix issues with CII client (#1309) (@azeemshaikh38)
6e7e13ede4a15e085edb789781409e3ac9883cdb: 🌱 Fix vulnerabilities in dependencies (@naveensrinivasan)
10ee2c069fd8888b2ec127d750a71cd4be037dbe: Use pull_request_target
+ protected env for e2e (#1308) (@azeemshaikh38)
730076fab1232ce5df0563f25dc952f80177f377: 🐛 fix dangerous workflow test and workflow parsing (#1283) (@asraa)
9d2976592fd04d1b5357ad1532b463fc6c4824e5: Signed-Releases: really look for *.sign files (#1298) (@evverx)
fd8731481f5d953f0bba8d1cb99ff99e3b7daf85: ✨ Update score for branch protection with levels (#1287) (@laurentsimon)
67c5e933d0e3731ee660846f38912596d7a5ccde: fix (#1318) (@laurentsimon)
23b0ddb8aa96356321cf31a2709723e29b15a951: fix (#1316) (@laurentsimon)
Published by github-actions[bot] almost 3 years ago
6f1a1cb1f4f969dc2806de46b32295997b381a31: 📖 Update README.md (#1160) (@olivekl)
c13783a040287f120146d62e86d88dcb6ed5cbdd: 🐛 Fixing parsing for Github workflow when matrix is an expression (@chrismcgehee)
faab6969d65d1ca227ebda2ff851254fc24ded40: Improve formatting, readability (@chrismcgehee)
6f1a43a0b60f2473991e21153d26e58e586b98e0: 🌱 add google/ko support for building/pusing container image (#1127) (@developer-guy)
1b885874ac1067457a75f613e5c95a8bed6ec0a2: 🌱 Fix CVE warning for containerd (@naveensrinivasan)
fd238d0e40ebc898e4aa592ad133b1f15687384f: 🌱 Fix goreleaser permission and flags (@naveensrinivasan)
Published by laurentsimon about 3 years ago
Full Changelog: https://github.com/ossf/scorecard/compare/v3.0.0...v3.0.1
Published by laurentsimon about 3 years ago
This release of Scorecard provides bug fixes, enhancements and new features, including many changes that are not compatible with earlier versions of Scorecard. The project remains available via a docker image.
We are experimenting with new APIs based on user feedback to improve clarity and usability. Please try them out and leave us feedback on the scorecard repository!
--format json | jq
).@naveensrinivasan, @chrismcgehee, @nanikjava, @rsprabery, @slugclub, @nathan-415, @neil465, @notanton, @ben-moss, @evalphobia, @johanbrandhorst, @iamamoose, @david-a-wheeler, @olivekl, @asraa, @loosebazooka, @meder, @oliverchang, @azeemshaikh38, @laurentsimon
Published by github-actions[bot] about 3 years ago
3cbe7b2 Consistent -ldflags
across go build
(#1070)
06c14a6 Minor fixes to README.md (#1066)
6b9010e changes (#1062)
2c16597 Fix GitVersion in cron job (#1065)
1d3f3e3 gpg-private-key
in goreleaser (#1064)
9df865c Regenerate docs/checks.md (#1061)
42e2b98 🌱 Bump actions/github-script from 4.1.0 to 4.1.1
0074111 Fix CodeReview bug (#1058)
fb77e42 ✨ Per-check score threshold for SARIF (#1057)
0686ed2 🐛 Fix invalid code review (#1055)
aa93ac2 Modify the text to acknowledge GitHub != universe (#1037)
5655cbb ✨ Add aggregate score to cron JSON (#1050)
b9daae1 🐛 Update message for Code-Review (#1054)
91eb41e 🌱 Check for OSV for a go.mod changes (#1053)
075cf0c 150k+ repos and num_dependents_deps.dev
metadata (#1052)
5d6a7cd ✨ Add policy file (#1002)
90332a9 🌱 Add counting of shell parsing errors (#1026)
44dd10d 📖 Olivekl patch 1 (#1039)
d4caef0 🌱 Fix GO-2020-0020 (#1047)
14dc32f Enforce non-concurrent token usage (#1048)
5fb87cb 🌱 Bump golang.org/x/tools from 0.1.5 to 0.1.6 (#1041)
39bd00c ✨ Add aggregated score (#1046)
fd6e58d 🌱 Fixes GO-2020-0017 OSV (#1045)
51e11e6 🌱 Fix GO-2021-0089 vulnerability
bc5d7a8 📖 Improve text on Packaging (#1035)
ea77ab7 fix prev PR (#1033)
45fb779 📖 Improve explanation about multiple reviewers (and their lack) (#1017)
34b97e3 ✨ Update k8's transfer releasetest-v2 (#1023)
e1a6e7d 📖 Fixed the docs for dependabot
9e81b5f 📖 Fixed the dependabot check message
30cae86 📖 Warn when checks are prone to false negatives (#1019)
1e4f723 🌱 Fixes permission for main.yml action
8b7da7c 📖 Improve rationale for Binary-Artifacts (#1016)
646b339 Explain that active maintenance isn't always needed (#1013)
6868fe6 Note that pinning is a way to mitigate dependency confusion (#1012)
6fb92a3 add version for cron (#1011)
afb01f4 Fix CII Best Practices badge info (#1010)
aa2ed45 📖 Docs: Pinned dependency doc 2 (#1004)
6178207 ✨ Update cron's JSON format (#1001)
b6cd4cf Fix CONTRIBUTING.md for doc updates 📖 (#1007)
a5a6a30 README.md: Add hyperlinks to docs/checks.md (#1008)
b0fab3f code (#1006)
4c4fb61 🌱 Bump cloud.google.com/go/pubsub from 1.16.0 to 1.17.0 (#992)
0590b03 ✨ change message to make it more easier for user (#1003)
ba53081 Tweak "pinned dependency" discussion (#999)
cc044ca 🌱 Bump go.uber.org/zap from 1.19.0 to 1.19.1 (#993)
bc37c74 Remove Owner/Repo strings from CheckRequest (#997)
e730e91 sce.Create -> sce.WithMessage for wrapcheck (#995)
1cb8c06 Bug in Makefile generate-docs (#996)
d6174db semantic version (#991)
af24ed4 🌱 Included codeql check for GitHub Actions (#988)
870db56 Cleanup documentation code (#981)
1da121d ✨ Give low importance to github-owned actions (#802) (#906)
576447a 🌱 Fix the jwt finding
924d4d5 📖 Update README.md (#976)
2b15b13 🌱 Moving tools dependencies to separate go.mod
1c7ba79 🐛 Github workflow steps run on Windows should default to pwsh as its shell (#877)
a3d63bf 🌱 Updated actions permission for codeql (#964)
942c4cf 🌱 Bump crazy-max/ghaction-import-gpg from 3.2.0 to 4 (#971)
0aa4305 🌱 Bump github.com/golangci/golangci-lint from 1.42.0 to 1.42.1 (#973)
5476b87 ✨ Removed unnecessary linters (#969)
f220924 🌱 Bump distroless/base in /cron/worker
29b7bd3 Parsing GitHub Workflows should only happen on yaml files
2ae8910 📖 Fixed the deadlink to the documentation (#963)
fda87a4 Fixed typo reepo to repo
f55b86d 🌱 Bump peter-evans/slash-command-dispatch from 2.2.1 to 2.3.0 (#955)
e30d9e5 🌱 Bump gocloud.dev from 0.23.0 to 0.24.0 (#956)
b847d54 🌱 Bump distroless/base in /cron/controller (#961)
0620758 Updated go get to go install (#953)
Published by github-actions[bot] about 3 years ago
7b912e8 Return DefaultBranch as part of ListBranches (#960)
830c4f5 100k cron job repos (#958)
afe5b40 Make RepoClient as default interface for Scorecard (#951)
1434977 :sparkling: Upgraded to go 1.17
eceb577 Add and use RepoClient API for ListStatuses (#949)
eb2b3b2 Add RepoClient API for ListCheckRunsForRef (#948)
8f5e742 ✨ Improve JSON format (#934)
b5e4c77 🌱 Bump distroless/base from 19d927c
to a74f307
(#945)
992775e 🌱 Bump distroless/base in /cron/webhook (#946)
dcbf752 🌱 Bump cloud.google.com/go/bigquery from 1.21.0 to 1.22.0 (#939)
dcbfb3c Fix syntax bug in CloudBuild YAML (#947)
df2acb4 Add COMMIT_SHA to Scorecard docker image (#944)
d6b6012 Specify fractions instead of percentage (#943)
99b9c91 Use RepoClient API for Packaging check (#940)
bb6e010 ✨ Decouple scorecard json from cron json (#941)
001ba67 🌱 Bump github.com/jszwec/csvutil from 1.5.0 to 1.5.1
d6ba2cd Fix #890 (#938)
e305a94 Use ListReleases API for BranchProtection check (#937)
9a1978a Use RefUpdateRule in BranchProtection check (#936)
d9f5209 Update test utils (#933)
dbb2345 ✨ Add line number to unpinned dependency: GitHub workflow "uses" field (#821)
ee6acdd Syntax bug in k8s file (#931)
915bad8 🌱 Bump distroless/base in /cron/worker
95c2df2 🌱 Bump distroless/base from bc84925
to 19d927c
in /cron/bq (#926)
51016ea 🌱 Bump cloud.google.com/go/pubsub from 1.15.0 to 1.16.0 (#904)
c1edcea Use a completion threshold for BQ transfers (#930)
f40fa63 🌱 Included race flag to tests (#921)
d9b4188 🌱 Bump distroless/base in /cron/webhook
5b74c04 🌱 Bump distroless/base in /cron/controller
fe54c51 Only call GitHub APIs when needed (#918)
c9a617b 📖 Expand "Motivation" section (#924)
37696ac Create and use MockRepoClient in unit tests (#922)
50fd921 🌱 Fix the dependabot settings
f2afdba 🌱 Bump actions/setup-go from 2.1.3 to 2.1.4
b93f385 🌱 Bump distroless/base from ccbc79c
to 19d927c
788fd33 ✨ Add JSON unit tests (#915)
e083f04 🐛 Fix date cron issue (#914)
d8e49e0 Remove unwanted dependencies (#913)
9eb7929 🐛 Address friction logs' comments (#899)
1c7c1e3 Fix bug in shardNum calculation (#910)
2d65ab4 Remove ErrRepoUnavailable (#908)
b89808f Pin protoc by SHA (#909)
e73f08e Fix nil ptr dereference (#907)
cc30d54 Use arduino/setup-protoc
for installing Protoc (#903)
8cf95c4 Use singleton pattern for OSS-Fuzz (#902)
41d0ce3 Replace errors.As
with Is
(#901)
46a655d Fixes for Branch Protection (#900)
7bc2e00 🌱 Bump peter-evans/find-comment from 1.2.0 to 1.3.0 (#893)
ad134ac ✨ Add hash to results (JSON, SARIF) (#892)
6403eb1 ✨ Transition Packaging, SAST, Security-policy, Signed-releases check to the new structured detail format (#887)
b731f45 ✨ Transition Vulnerabilities, Permissions, CI-Tests, Dependency-Update-Tool, Code-Reviews to structured details (#889)
27c5821 Update README.md (#888)
aea1249 Add ephemeral-storage to cron worker (#885)
276155d ✨ SARIF 4: Add support to output SARIF format (#866)
d1de6cf support v3 (#883)
bb70e15 Remove token-heavy checks from cron job (#882)
77a4160 🌱 Bump github.com/onsi/gomega from 1.15.0 to 1.16.0 (#879)
b7c0d03 Handle GitHub repos with redirects (#876)
42700ee 🌱 Bump actions/github-script from 4.0.2 to 4.1
c73b28f ✨ fix: add github.com as default for owner/repo parameter (#872)
c54d77b 🐛 Only validate shell scripts supported by our parser (#862)
04e8bcf 🌱 Bump cloud.google.com/go/bigquery from 1.20.1 to 1.21.0 (#870)
1c9a255 Update docs to use :stable
release (#865)
fa4e8a4 🌱 Bump github.com/golangci/golangci-lint from 1.41.1 to 1.42.0 (#869)
e7d9ec5 🌱 Bump cloud.google.com/go/pubsub from 1.14.0 to 1.15.0 (#858)
63a8fc7 Nil pointer dereference (#864)
cf01ea6 Fix nil pointer dereference bug (#860)
dbdcd4b ✨ SARIF 1: add structured detail (#843)
0a0d292 ✨ SARIF 3: add flag to yaml (#853)
13ef9dd Use RepoClient.Search API in SAST check (#857)
23764f0 ✨ Upload cron results to a table with new format (#830)
b3a3f7e ✨ SARIF 2: add short description to checks.yml (#848)
7233742 🌱 Bump go.uber.org/zap from 1.18.1 to 1.19.0 (#834)
42ee430 Use RepoClient API for Fuzzing (#855)
4c585f2 Fix nil pointer bug (#856)
8baaaa4 Use RepoClient API for Contributors check (#854)
b7ddc9a Update go-github version for consistency (#852)
d4701c4 Delete Signed-Tags
check from Scorecard (#851)
29fbdae Enable automated e2e testing and releases (#850)
3f9431d Update SignedReleases to use RepoClient API (#844)
e160d4a 📖 Fixed the typos and rephrased some (#849)
7790d70 Use consistent golang image across Dockerfiles (#847)
cc312f2 ✨ feature: branch protection without admin token (#823)
a10baab 🌱 Bump golang from 5cdc91c
to 3c4de86
(#846)
cbc556f Append changelog to new releases (#838)
eeb563b Update SAST and CITest with Repoclient API (#842)
5bcc1fd populate old details (#841)
977c2b8 Log runtime failures in cron job (#840)
20370f7 🐛 Look for organisation default .github security.md files in all the locations they are allowed to be in (#837)
ee8e402 🌱 Bump github.com/google/go-containerregistry (#832)
4fcb0a3 Fix a bug in flag parsing (#836)
0f6cbc1 🌱 Bump cloud.google.com/go/pubsub from 1.13.0 to 1.14.0 (#833)
6cc4135 Remove false log statement (#835)
bbf99ad 🌱 Bump cloud.google.com/go/bigquery from 1.19.0 to 1.20.1 (#820)
0561c15 Post to webhook on successful cron job completion (#829)
bc67dd3 Create a webhook for tagging Docker images (#828)
ce7d4c3 Update BQ query in README.md (#831)
a2e34ed 🌱 Bump crazy-max/ghaction-import-gpg from 3.1.0 to 3.2.0
ef9880c 🌱 Implemented ignore for license check
Published by github-actions[bot] about 3 years ago
Published by github-actions[bot] about 3 years ago
Published by github-actions[bot] about 3 years ago
Published by github-actions[bot] about 3 years ago
Published by github-actions[bot] over 3 years ago
Published by github-actions[bot] over 3 years ago
Published by github-actions[bot] over 3 years ago
json
response to the http
endpoints.2000
additional GitHub repositories.1.1.1
to 1.1.2
and github.com/spf13/cobra from 1.1.2
to 1.1.3
Thanks to all our contributors! 😊
Published by github-actions[bot] over 3 years ago
7ab314d Fix - dependabot githubactions location
bcf8d0d Fix - dependabot yaml error
4ad4a42 Feature - enabled dependabot for githubactions
f385b0d Feature - run scans from npm pacakge name
0d77d89 Fix - tarball URL trailing slash
038e3b6 Bump github.com/onsi/gomega from 1.10.4 to 1.10.5
717701b Bump github.com/onsi/ginkgo from 1.14.2 to 1.15.0
8493b0b Add remediation steps for various checks.
93373f7 Fixes - Incorrect result for branch protection
2a1463b Feature - Report codecoverage to codecov.io
09b83b9 Fixes
33e9189 fix - panic on nil
c00aa4b Add e2e tests for remaining checks.
bcaa2e7 Lint fix.
b5096bf Fix backslash.
b278475 Fix CodeQL failure.
5b7ddc5 Add e2e test.
dc8d1fe Add packaging check.
c4c99cd feature - Included the e2e into the PR workflows
91bfea5 feat - Close stale issues
1d26654 Document - Included instruction for GITHUB_AUTH_TOKEN
1700c3a feature - Pull request template (#127)
b11fad8 feature - Included the status badge in README (#125)
7b740ce fix - Handle nil structs in branch protection (#124)
9d4e5c0 feature - CODEOWNERS for github branch protection feature (#123)
fcf0ac4 Merge pull request #119 from naveensrinivasan/feature/protected-branches
3191c55 Update README.md
938b9f2 Merge branch 'main' into feature/protected-branches
b506c6f Merge pull request #122 from ossf/b5
650fe0a Update README.md
3c94ffa Remove releases from active check.
5d84b86 Merge branch 'main' into feature/protected-branches
b86fae0 Fix https://github.com/ossf/scorecard/issues/121
9ce57c0 feature - Checks for branch protections
15a1ba0 feat - nonroot docker container (#114)
9e0388f Merge pull request #118 from naveensrinivasan/feature/update-readme
c5c51b9 feature - Update the CONTRIBUTING guidelines
b216a1e Feat - implemented goreleaser for releases (#117)
f77da77 feat-e2e tests for signed tags and signed releases (#115)
3df1191 Create Dependabot config file (#116)
ddc82c6 Add --show-details to the cron job. (#113)
329a4cf Merge pull request #109 from moorereason/release-tagname
88d5218 Use release tag name instead of name in log messages
a239820 Merge pull request #108 from moorereason/iss95-ci-tests
39464a5 Refactor CI-Tests to show negative results
7937da4 Merge pull request #103 from naveensrinivasan/fix/golangrun-ci-issue
9b1e28e Merge pull request #106 from ossf/b3
2d348a7 Merge pull request #105 from naveensrinivasan/feat/makefile
91780fd Allow skipping scheme, fix regression.
a56f707 Feat - Implemented Makefile and actions for PR
06f2616 fix - golangci-lint issues
c308663 Merge pull request #102 from naveensrinivasan/fix/shellcheck
3de6a1b fix - shellcheck violations for cron.sh
6549ecc Create codeql-analysis.yml (#101)
f7cb4d7 Merge pull request #100 from naveensrinivasan/fix/http-path
4362368 Tests updated to include validation for parsing
fd3a2a8 fix - URL with trailing slash
6b80b78 Merge pull request #98 from moorereason/iss95
ac55575 Adjust details logging on a few checks
348bedb Show negative results in Signed-Releases details
eb0d488 Show negative results in Signed-Tags details
4ec34e9 Show negative results to Pull-Requests details
1991617 Merge pull request #94 from ossf/b3
7a10bed Improve SAST check.
c5abb92 Merge pull request #91 from ossf/a12
87d6954 Merge pull request #92 from ossf/b1
0bcd8ea Improve fuzzing check.
ab2c9d4 Add support for yarn, composer in frozen deps check.
983e406 Merge pull request #90 from dlorenc/moreprojects
cd16def Add 50 Google projects.
Published by inferno-chromium almost 4 years ago
Initial open source release.