Releases: Be-Secure/scorecard
Releases · Be-Secure/scorecard
v5.0.0
v5.0.0
This tag was signed with the committer’s verified signature.
spencerschrock
Spencer Schrock
Changelog
- ea7e27e 🌱 Bump github.com/google/go-containerregistry (ossf#4244)
- a74ffc3 🌱 Bump github.com/goreleaser/goreleaser/v2 from 2.0.1 to 2.1.0 in /tools (ossf#4240)
- af8fd32 🌱 Bump github.com/xanzy/go-gitlab from 0.106.0 to 0.107.0 (ossf#4243)
- bc30d0f 📖 mark codeApproved and sastToolRunsOnAllCommits as experimental (ossf#4242)
- b48bdbf 🌱 Bump github.com/moby/buildkit from 0.14.1 to 0.15.0 (ossf#4236)
- 7563971 docs: maintainer annotations (ossf#4235)
- c75c63c 🌱 Update active cisco projects, remove cisco-open projects (ossf#4226)
- 09b58e4 ✨ Add important Go packages to projects.csv (ossf#4176)
- 78115de ✨ Add support for Nuget restore (ossf#4157)
- 32c4a43 🌱 Bump github.com/google/osv-scanner from 1.8.1 to 1.8.2 (ossf#4234)
- bdaef02 🌱 Bump chainguard/static from
a1f8a15tod94c01c(ossf#4224) - 22b0ad1 🌱 Bump the github-actions group with 2 updates (ossf#4221)
- 11612db 🌱 Bump sigs.k8s.io/release-utils from 0.8.2 to 0.8.3 (ossf#4228)
- 8028c54 🌱 Bump github.com/google/go-containerregistry (ossf#4229)
- 0edd1aa 🌱 Bump google.golang.org/grpc from 1.64.0 to 1.64.1 (ossf#4233)
- 513c6eb 🌱 Add config e2e test and fix README (ossf#4232)
- c368d8a
⚠️ Rename top level package to scorecard and reduce name duplication (ossf#4227) - a9ab4a9 ✨ remove experimental gate on maintainer annotation parsing (ossf#4231)
- 59c4aa9
⚠️ rename annotation IsExempted to Annotations (ossf#4230) - eb03180
⚠️ delete dependency diff leftover file (ossf#4225) - f2fac0c 🌱 Use new Scorecard entrypoint for CLI (ossf#4203)
- 6a58163 🌱 Migrate other RunScorecard callers (ossf#4208)
- edcacd8 🌱 Bump the distroless group across 6 directories with 1 update (ossf#4223)
- 3155309 🌱 Bump chainguard/static from
68b8855toa1f8a15(ossf#4214) - 98bb37f 🌱 Bump github/codeql-action in the github-actions group (ossf#4202)
- d889dcb convert cron to use new entrypoint (ossf#4207)
- 7841828 📖 SECURITY: Represent response times in business days instead of hours (ossf#4217)
- efa43e1 🌱 Bump the golang group across 8 directories with 1 update (ossf#4216)
- 3f38548 📖 Update security policy to be specific to OpenSSF Scorecard (ossf#4212)
- 4895019 fix dependabot config to group docker images (ossf#4211)
- 5f7cea3 🌱 Use new entrypoint for scdiff (ossf#4204)
- 1c448ee cron: Add 377 Intel-owned repositories (ossf#4206)
- 6629b09 🌱 Add lifecycle field to probes (ossf#4147)
- 28337f1 🌱 maintainer annotations: improve annotation file validation (ossf#4162)
- 9f9afa0 🌱 Bump github.com/google/osv-scanner from 1.7.4 to 1.8.1 (ossf#4198)
- 76a04bf 🌱 Bump github.com/xanzy/go-gitlab from 0.105.0 to 0.106.0 (ossf#4197)
- 842d550 🌱 Bump github.com/goreleaser/goreleaser/v2 in /tools (ossf#4199)
- c187c07 🌱 Bump cloud.google.com/go/pubsub from 1.38.0 to 1.40.0 (ossf#4196)
- 13c4485 🌱 Bump github.com/moby/buildkit from 0.14.0 to 0.14.1 (ossf#4187)
- c4e1f70 🌱 Bump github.com/spf13/cobra from 1.8.0 to 1.8.1 (ossf#4183)
- 89d9460 🌱 Bump the github-actions group across 1 directory with 3 updates (ossf#4190)
- 7918d83 🌱 Bump chainguard/static from
110b691to68b8855(ossf#4179) - 309b48b 🌱 Bump github.com/hashicorp/go-retryablehttp (ossf#4195)
- a93626e 🌱 Bump github.com/hashicorp/go-retryablehttp in /tools (ossf#4193)
- 6cae56f 🌱 Bump goreleaser/goreleaser-action from 5.1.0 to 6.0.0 (ossf#4158)
- 0d57c02 📖 Generate probe markdown documentation (ossf#4184)
- 5d08c1c 🌱 Bump github.com/google/go-containerregistry from 0.19.1 to 0.19.2 (ossf#4182)
- da0f2b4 🐛 keep SARIF runs and rules for exempted checks, only skip the results. (ossf#4153)
- 5ef9831 🌱 add stack info to osv-scanner error (ossf#4172)
- c7821b6 ✨ move to cgr base image (ossf#4113)
- fc09963 🐛 fix: correct sarif json schema url (ossf#4170)
- e23b8ad 🌱 Bump github.com/Azure/azure-sdk-for-go/sdk/azidentity (ossf#4166)
- ed272ea 📖 Docs: Maintainer annotations (ossf#4165)
- 157948d 🌱 Hide maintainer annotation implementation details (ossf#4167)
- 1faca49 🌱 Bump google.golang.org/protobuf from 1.34.1 to 1.34.2 (ossf#4169)
- fcdc63b 📖 Improve the REUSE parts of the License check (ossf#4155)
- fde26a0 🌱 Bump github.com/moby/buildkit from 0.13.2 to 0.14.0 (ossf#4168)
- 6d8f701
⚠️ Simplify RunScorecard with functional optionals (ossf#4106) - 2ed7e5e 🌱 Bump github.com/golangci/golangci-lint from 1.59.0 to 1.59.1 in /tools (ossf#4161)
- 20ec42c
⚠️ Make all ScorecardResult format options pointers (ossf#4151) - f591fbb 🌱 maintainer annotations: search for config (ossf#4152)
- 91532e1 🌱 Bump golang from 1.22.3 to 1.22.4 (ossf#4160)
- 397ca51 🌱 Bump the github-actions group across 1 directory with 3 updates (ossf#4159)
- bfaa9fe ✨ probe: releases with verified provenance (ossf#4141)
- 9cd1fb8 🐛 fix Unlicense detection (ossf#4145)
- 3da6db5 ✨ announce where results are written (ossf#4132)
- 7e7e2f5 🌱 Bump github.com/onsi/ginkgo/v2 in /tools (ossf#4149)
- bc1c2e6 🌱 Bump golang.org/x/oauth2 from 0.20.0 to 0.21.0 (ossf#4148)
- 8a3cbbb
⚠️ remove dependencydiff functionality (ossf#4146) - b4d6ee4 🌱 Bump github.com/bradleyfalzon/ghinstallation/v2 (ossf#4137)
- eea94f5 🌱 Bump github.com/rhysd/actionlint from 1.7.0 to 1.7.1 (ossf#4138)
- 936efa9 🌱 Bump golang.org/x/text from 0.15.0 to 0.16.0 (ossf#4142)
- 0448565 🐛 Use direct endpoint instead of search to find repository URL from npm database (ossf#4118)
- 36d8ad7 🌱 Bump github.com/google/osv-scanner from 1.7.3 to 1.7.4 (ossf#4139)
- bf40024 ✨ detect
sbt ci-releasepackaging workflows (ossf#4135) - 867f511 🌱 Bump github.com/goreleaser/goreleaser in /tools (ossf#4122)
- 6cbe95c 🌱 Bump github.com/golangci/golangci-lint in /tools (ossf#4125)
- 02f72e0 🌱 Bump github.com/onsi/ginkgo/v2 from 2.17.3 to 2.19.0 (ossf#4126)
- 77dce6f
⚠️ Add ProjectPackageVersions to raw data collection (ossf#4104) - 7e6a09e 🐛 fix Docker remediations for unpinned GHA dependencies (ossf#4131)
- 2855274 ✨ Recognize scala-steward as dependency update tool (ossf#4130)
- 6b49140 🌱 avoid assumptions about versions in tests (ossf#4134)
- 16ed8a6 docs: Add repository guidelines e.g., for project donations (ossf#4123)
- 5447253 MAINTAINERS: Add details on the OpenSSF Scorecard Steering Committee (ossf#4129)
- 465add2 🌱 Bump the github-actions group with 2 updates (ossf#4127)
- d99ae69 🌱 Bump github.com/go-logr/logr from 1.4.1 to 1.4.2 (ossf#4120)
- 98ec491 🌱 Bump golang from
b1e05e2tof43c6f0in /attestor (ossf#4115) - 72d6041 🌱 Bump actions/checkout in the github-actions group (ossf#4116)
- 7ba6e54 🌱 Bump github.com/goreleaser/goreleaser in /tools (ossf#4110)
- fd2342c 🌱 fix(cron/internal/data): rename Cactus to Cacti (ossf#4111)
- 8de9020 ✨ Add experimental check for published SBOM (ossf#3903)
- 956d7c3 🌱 Bump sigs.k8s.io/release-utils from 0.8.1 to 0....