Skip to content

v2.2.0

Marketplace
Marketplace
Compare
Choose a tag to compare
@spencerschrock spencerschrock released this 23 Jun 21:19
· 111 commits to main since this release
v2.2.0
This tag was signed with the committer’s verified signature.
spencerschrock Spencer Schrock
SSH Key Fingerprint: iEdk6w6vKX4x8FmfzRZODCotdCVMA333R1fASrXv690 Learn about vigilant mode.
08b4669
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode.

What's Changed

Scorecard Result Viewer

Thanks to contributions from @cynthia-sg and @tegioz at CLOMonitor, there is a new Scorecard Result visualization page at https://securityscorecards.dev/viewer/?uri=<project-url>.

As an example, you can see our own score visualized here
Checkout our README to learn how to link your README badge to the new visualization page.

Publishing Results

This release contains two fixes which will improve the user experience when publish_results is true

  • Runs that fail our workflow restrictions will fail with a 400 response indicating the problem, instead of a vague 500 status. (#1156, resolved #1150)
  • Scorecard action will retry when signing results and submitting them to our web API. This should help with flakiness from connection failures. (#1191)

Docs

  • 📖 Update README to accept fine-grained tokens by @pnacht in #1175
  • 📖 Update installation instructions to match current GitHub UI by @joycebrum in #1153
  • 📖 Document the GitHub action workflow restrictions when publishing results. by @spencerschrock in

New Contributors

Full Changelog: v2.1.3...v2.2.0

Contributors

tegioz, cynthia-sg, and 4 other contributors
Assets 2