Releases: Be-Secure/scorecard
Releases Β· Be-Secure/scorecard
v5.0.0
v5.0.0
This tag was signed with the committerβs verified signature.
Changelog
- ea7e27e π± Bump github.com/google/go-containerregistry (ossf#4244)
- a74ffc3 π± Bump github.com/goreleaser/goreleaser/v2 from 2.0.1 to 2.1.0 in /tools (ossf#4240)
- af8fd32 π± Bump github.com/xanzy/go-gitlab from 0.106.0 to 0.107.0 (ossf#4243)
- bc30d0f π mark codeApproved and sastToolRunsOnAllCommits as experimental (ossf#4242)
- b48bdbf π± Bump github.com/moby/buildkit from 0.14.1 to 0.15.0 (ossf#4236)
- 7563971 docs: maintainer annotations (ossf#4235)
- c75c63c π± Update active cisco projects, remove cisco-open projects (ossf#4226)
- 09b58e4 β¨ Add important Go packages to projects.csv (ossf#4176)
- 78115de β¨ Add support for Nuget restore (ossf#4157)
- 32c4a43 π± Bump github.com/google/osv-scanner from 1.8.1 to 1.8.2 (ossf#4234)
- bdaef02 π± Bump chainguard/static from
a1f8a15tod94c01c(ossf#4224) - 22b0ad1 π± Bump the github-actions group with 2 updates (ossf#4221)
- 11612db π± Bump sigs.k8s.io/release-utils from 0.8.2 to 0.8.3 (ossf#4228)
- 8028c54 π± Bump github.com/google/go-containerregistry (ossf#4229)
- 0edd1aa π± Bump google.golang.org/grpc from 1.64.0 to 1.64.1 (ossf#4233)
- 513c6eb π± Add config e2e test and fix README (ossf#4232)
- c368d8a
β οΈ Rename top level package to scorecard and reduce name duplication (ossf#4227) - a9ab4a9 β¨ remove experimental gate on maintainer annotation parsing (ossf#4231)
- 59c4aa9
β οΈ rename annotation IsExempted to Annotations (ossf#4230) - eb03180
β οΈ delete dependency diff leftover file (ossf#4225) - f2fac0c π± Use new Scorecard entrypoint for CLI (ossf#4203)
- 6a58163 π± Migrate other RunScorecard callers (ossf#4208)
- edcacd8 π± Bump the distroless group across 6 directories with 1 update (ossf#4223)
- 3155309 π± Bump chainguard/static from
68b8855toa1f8a15(ossf#4214) - 98bb37f π± Bump github/codeql-action in the github-actions group (ossf#4202)
- d889dcb convert cron to use new entrypoint (ossf#4207)
- 7841828 π SECURITY: Represent response times in business days instead of hours (ossf#4217)
- efa43e1 π± Bump the golang group across 8 directories with 1 update (ossf#4216)
- 3f38548 π Update security policy to be specific to OpenSSF Scorecard (ossf#4212)
- 4895019 fix dependabot config to group docker images (ossf#4211)
- 5f7cea3 π± Use new entrypoint for scdiff (ossf#4204)
- 1c448ee cron: Add 377 Intel-owned repositories (ossf#4206)
- 6629b09 π± Add lifecycle field to probes (ossf#4147)
- 28337f1 π± maintainer annotations: improve annotation file validation (ossf#4162)
- 9f9afa0 π± Bump github.com/google/osv-scanner from 1.7.4 to 1.8.1 (ossf#4198)
- 76a04bf π± Bump github.com/xanzy/go-gitlab from 0.105.0 to 0.106.0 (ossf#4197)
- 842d550 π± Bump github.com/goreleaser/goreleaser/v2 in /tools (ossf#4199)
- c187c07 π± Bump cloud.google.com/go/pubsub from 1.38.0 to 1.40.0 (ossf#4196)
- 13c4485 π± Bump github.com/moby/buildkit from 0.14.0 to 0.14.1 (ossf#4187)
- c4e1f70 π± Bump github.com/spf13/cobra from 1.8.0 to 1.8.1 (ossf#4183)
- 89d9460 π± Bump the github-actions group across 1 directory with 3 updates (ossf#4190)
- 7918d83 π± Bump chainguard/static from
110b691to68b8855(ossf#4179) - 309b48b π± Bump github.com/hashicorp/go-retryablehttp (ossf#4195)
- a93626e π± Bump github.com/hashicorp/go-retryablehttp in /tools (ossf#4193)
- 6cae56f π± Bump goreleaser/goreleaser-action from 5.1.0 to 6.0.0 (ossf#4158)
- 0d57c02 π Generate probe markdown documentation (ossf#4184)
- 5d08c1c π± Bump github.com/google/go-containerregistry from 0.19.1 to 0.19.2 (ossf#4182)
- da0f2b4 π keep SARIF runs and rules for exempted checks, only skip the results. (ossf#4153)
- 5ef9831 π± add stack info to osv-scanner error (ossf#4172)
- c7821b6 β¨ move to cgr base image (ossf#4113)
- fc09963 π fix: correct sarif json schema url (ossf#4170)
- e23b8ad π± Bump github.com/Azure/azure-sdk-for-go/sdk/azidentity (ossf#4166)
- ed272ea π Docs: Maintainer annotations (ossf#4165)
- 157948d π± Hide maintainer annotation implementation details (ossf#4167)
- 1faca49 π± Bump google.golang.org/protobuf from 1.34.1 to 1.34.2 (ossf#4169)
- fcdc63b π Improve the REUSE parts of the License check (ossf#4155)
- fde26a0 π± Bump github.com/moby/buildkit from 0.13.2 to 0.14.0 (ossf#4168)
- 6d8f701
β οΈ Simplify RunScorecard with functional optionals (ossf#4106) - 2ed7e5e π± Bump github.com/golangci/golangci-lint from 1.59.0 to 1.59.1 in /tools (ossf#4161)
- 20ec42c
β οΈ Make all ScorecardResult format options pointers (ossf#4151) - f591fbb π± maintainer annotations: search for config (ossf#4152)
- 91532e1 π± Bump golang from 1.22.3 to 1.22.4 (ossf#4160)
- 397ca51 π± Bump the github-actions group across 1 directory with 3 updates (ossf#4159)
- bfaa9fe β¨ probe: releases with verified provenance (ossf#4141)
- 9cd1fb8 π fix Unlicense detection (ossf#4145)
- 3da6db5 β¨ announce where results are written (ossf#4132)
- 7e7e2f5 π± Bump github.com/onsi/ginkgo/v2 in /tools (ossf#4149)
- bc1c2e6 π± Bump golang.org/x/oauth2 from 0.20.0 to 0.21.0 (ossf#4148)
- 8a3cbbb
β οΈ remove dependencydiff functionality (ossf#4146) - b4d6ee4 π± Bump github.com/bradleyfalzon/ghinstallation/v2 (ossf#4137)
- eea94f5 π± Bump github.com/rhysd/actionlint from 1.7.0 to 1.7.1 (ossf#4138)
- 936efa9 π± Bump golang.org/x/text from 0.15.0 to 0.16.0 (ossf#4142)
- 0448565 π Use direct endpoint instead of search to find repository URL from npm database (ossf#4118)
- 36d8ad7 π± Bump github.com/google/osv-scanner from 1.7.3 to 1.7.4 (ossf#4139)
- bf40024 β¨ detect
sbt ci-releasepackaging workflows (ossf#4135) - 867f511 π± Bump github.com/goreleaser/goreleaser in /tools (ossf#4122)
- 6cbe95c π± Bump github.com/golangci/golangci-lint in /tools (ossf#4125)
- 02f72e0 π± Bump github.com/onsi/ginkgo/v2 from 2.17.3 to 2.19.0 (ossf#4126)
- 77dce6f
β οΈ Add ProjectPackageVersions to raw data collection (ossf#4104) - 7e6a09e π fix Docker remediations for unpinned GHA dependencies (ossf#4131)
- 2855274 β¨ Recognize scala-steward as dependency update tool (ossf#4130)
- 6b49140 π± avoid assumptions about versions in tests (ossf#4134)
- 16ed8a6 docs: Add repository guidelines e.g., for project donations (ossf#4123)
- 5447253 MAINTAINERS: Add details on the OpenSSF Scorecard Steering Committee (ossf#4129)
- 465add2 π± Bump the github-actions group with 2 updates (ossf#4127)
- d99ae69 π± Bump github.com/go-logr/logr from 1.4.1 to 1.4.2 (ossf#4120)
- 98ec491 π± Bump golang from
b1e05e2tof43c6f0in /attestor (ossf#4115) - 72d6041 π± Bump actions/checkout in the github-actions group (ossf#4116)
- 7ba6e54 π± Bump github.com/goreleaser/goreleaser in /tools (ossf#4110)
- fd2342c π± fix(cron/internal/data): rename Cactus to Cacti (ossf#4111)
- 8de9020 β¨ Add experimental check for published SBOM (ossf#3903)
- 956d7c3 π± Bump sigs.k8s.io/release-utils from 0.8.1 to 0....