OpenSSF Scorecard - Security health metrics for Open Source
APACHE-2.0 License
Bot releases are visible (Hide)
[!IMPORTANT]
This is a v5 prerelease candidate. There may be more breaking changes before the official v5.0.0 release.
Full Changelog: https://github.com/ossf/scorecard/compare/v5.0.0-rc1...v5.0.0-rc2
Published by spencerschrock 6 months ago
[!IMPORTANT]
This is a v5 prerelease candidate. There may be more breaking changes before the official v5.0.0 release.
We invite users to try out a preview of Structured Results, the main feature from this release candidate. For more details on the feature, please check out the first paragraph of our probes README as well as our blog post (coming next week).
At a high level, structured results involves breaking the existing 19 Scorecard Checks into individual heuristics so users can pick and choose which ones they care about. You can see a list of all supported probes by checking out the probes/
directory. To run individual probes, use the --probes
CLI flag with a comma separated list of names. You must also specify the --format probe
option to see the results. Please run scorecard --help
if you need more details.
Example:
scorecard --repo github.com/ossf/scorecard --probes archived,fuzzed,hasLicenseFile --format probe
.gitlab
folder. (#3823, @spencerschrock)vendor
and third_party
directories. (#3675, @AdamKorcz).sigstore
bundles to check for signed releases (#3772, @edgarrmondragon)GitHub
GitLab
--commit-depth
support for GitLab repos (#3672, @ashearin)Local Directory
rule.Remediation
and switch users to probe.Remediation
by @spencerschrock in https://github.com/ossf/scorecard/pull/3978
.sigstore
bundles are part of check for Signed-Releases (#3922, @cpswan)Full Changelog: https://github.com/ossf/scorecard/compare/v4.13.1...v5.0.0-rc1
Published by spencerschrock 12 months ago
Fuzzing
fast-check
test runners integrations by @sheerlox in https://github.com/ossf/scorecard/pull/3568
Weekly Public Data Cron
Full Changelog: https://github.com/ossf/scorecard/compare/v4.13.0...v4.13.1
Published by spencerschrock about 1 year ago
Binary Artifacts:
Branch Protection:
Pinned-Dependencies:
Permissions:
CLI:
--pypi
flag by @joshgc in https://github.com/ossf/scorecard/pull/3423
Full Changelog: https://github.com/ossf/scorecard/compare/v4.12.0...v4.13.0
Published by raghavkaul about 1 year ago
This version of Scorecard supports GitLab repos by default.
This release also adds preliminary support for the scdiff command which can be used to compare changes in Scorecard scores for a repository between versions of Scorecard, as well as probe support for the Security-Policy check.
Finally, this release fixes scoring issues in the Branch-Protection and Pinned-Dependencies checks.
Full Changelog: https://github.com/ossf/scorecard/compare/v4.11.0...v4.12.0
Published by spencerschrock over 1 year ago
--nuget=<package>
by @balteravishay in https://github.com/ossf/scorecard/pull/3020
Full Changelog: https://github.com/ossf/scorecard/compare/v4.10.5...v4.11.0
Published by github-actions[bot] over 1 year ago
Full Changelog: https://github.com/ossf/scorecard/compare/v4.10.4...v4.10.5
Published by github-actions[bot] over 1 year ago
Published by github-actions[bot] over 1 year ago
Published by spencerschrock almost 2 years ago
Full Changelog: https://github.com/ossf/scorecard/compare/v4.10.1...v4.10.2
Published by github-actions[bot] almost 2 years ago
Published by github-actions[bot] almost 2 years ago
Published by laurentsimon almost 2 years ago
Full Changelog: https://github.com/ossf/scorecard/compare/v4.8.0...v4.10.0
Published by laurentsimon almost 2 years ago
Full Changelog: https://github.com/ossf/scorecard/compare/v4.8.0...v4.9.0
Published by github-actions[bot] about 2 years ago
Published by github-actions[bot] about 2 years ago
49d2923
to 533c15e
(#2185)Published by laurentsimon about 2 years ago
--commit
option by @azeemshaikh38 in https://github.com/ossf/scorecard/pull/2156
Full Changelog: https://github.com/ossf/scorecard/compare/v4.5.0...v4.6.0
Published by github-actions[bot] about 2 years ago
d65ac1a
to e672eb7
(#1994)docker run scorecard version
(#1991)Published by laurentsimon over 2 years ago
clients.Contributor
with clients.User
by @azeemshaikh38 in https://github.com/ossf/scorecard/pull/1957
Full Changelog: https://github.com/ossf/scorecard/compare/v4.3.1...v4.4.0
Published by laurentsimon over 2 years ago
Fix https://github.com/ossf/scorecard-action/issues/323 via https://github.com/ossf/scorecard/pull/1947
Full Changelog: https://github.com/ossf/scorecard/compare/v4.3.0...v4.3.1