Releases: ossf/scorecard-action
Releases · ossf/scorecard-action
v2.0.3
Patch for fix in #898
v2.0.2
Fixes #895
v2.0.1
Fix for #856
v2.0.0
v2.0.0
This tag was signed with the committer’s verified signature.
naveensrinivasan
Naveen
What's Changed
- 🌱 Prepare for a pre-release of the Golang action by @azeemshaikh38 in #750
- 🌱 Bump github/codeql-action from 2.1.12 to 2.1.16 by @dependabot in #751
- 🌱 Bump debian from 11.3-slim to 11.4-slim by @dependabot in #749
- 🌱 Bump step-security/harden-runner from 1.4.3 to 1.4.4 by @dependabot in #646
- 🌱 Bump actions/setup-go from 3.2.0 to 3.2.1 by @dependabot in #748
- 🐛 Fix dependency conflicts in go.mod by @azeemshaikh38 in #771
- 🌱 Prepare for v2 beta1 release by @azeemshaikh38 in #766
- multi-repo-action: Note that tool is a work-in-progress by @naveensrinivasan in #776
- 🐛 Fix intermittent failures in CI-Tests by @azeemshaikh38 in #778
- 🌱 Bump sigs.k8s.io/release-utils from 0.7.2 to 0.7.3 by @dependabot in #775
- 🌱 Bump actions/cache from 3.0.4 to 3.0.5 by @dependabot in #769
- 📖 Update README about the restrictions for scorecard-action:v2 by @azeemshaikh38 in #779
- 🌱 Bump github/codeql-action from 2.1.16 to 2.1.17 by @dependabot in #783
- 📖 Update instructions for Scorecard badge to README by @azeemshaikh38 in #785
- 🌱 Bump debian from
f576b80toa811e62by @dependabot in #787 - 🌱 Bump github.com/ossf/scorecard/v4 from 4.4.0 to 4.5.0 by @dependabot in #786
- 🌱 Bump github/codeql-action from 2.1.17 to 2.1.18 by @dependabot in #788
- 🌱 Bump actions/cache from 3.0.5 to 3.0.6 by @dependabot in #789
- 🐛 Add request application/json request header by @azeemshaikh38 in #791
- Create a new release v2.0.0-alpha.1 by @azeemshaikh38 in #803
- 🌱 Bump actions/cache from 3.0.6 to 3.0.7 by @dependabot in #807
- Olivekl patch 1 by @olivekl in #809
- 🌱 Fix cosign vulnerability by @naveensrinivasan in #812
- 🌱 Allow for publish URL override by @azeemshaikh38 in #811
- 🌱 Bump github.com/ossf/scorecard/v4 from 4.5.0 to 4.6.0 by @dependabot in #820
- 🌱 Bump step-security/harden-runner from 1.4.4 to 1.4.5 by @dependabot in #808
- cmd/installer: Cleanups (2/n) by @justaugustus in #833
- Update comments to allow for renovatebot updates by @laurentsimon in #834
- 🌱 Bump github.com/caarlos0/env/v6 from 6.9.3 to 6.10.0 by @dependabot in #839
- 🌱 Update actions/checkout requirement to 2541b1294d2704b0964813337f33b291d3f8596b by @dependabot in #835
- 🌱 Bump github.com/sigstore/cosign from 1.11.0 to 1.11.1 by @dependabot in #842
- 🌱 Bump github/codeql-action from 2.1.18 to 2.1.21 by @dependabot in #844
- 🌱 Bump actions/setup-go from 3.2.1 to 3.3.0 by @dependabot in #843
- 🌱 Bump debian from
a811e62to68c1f6bby @dependabot in #840 - Fix workflow path in automatic creation of PR by @RadoslavGatev in #845
- 🌱 Bump actions/dependency-review-action from 310e0dd64f63b1d00101ecd3225d605a74261fb7 to 2.1.0 by @dependabot in #838
- 🌱 Bump actions/cache from 3.0.7 to 3.0.8 by @dependabot in #836
- 📖 Add docs for API by @azeemshaikh38 in #849
- 🌱 Bump github/codeql-action from 2.1.21 to 2.1.22 by @dependabot in #853
- 🌱 Included License by @naveensrinivasan in #852
- 🌱 Release v2.0.0 by @naveensrinivasan in #854
New Contributors
- @RadoslavGatev made their first contribution in #845
Full Changelog: v1.1.2...v2.0.0
Contributors
naveensrinivasan, justaugustus, and 5 other contributors
Assets 2
v2.0.0-alpha.2
Unblocks using OpenAPI/Swagger based API and adds more e2e tests
v2.0.0-alpha.1
Fixes issue where the right request headers weren't being set.
v2.0.0-beta.1
Scorecard Action's v2.0.0-beta.1 release. This is a beta release and might have few kinks that need ironing out. Accepting and appreciate feedback from our early adopters :)
- Golang based action replacing the bash action for more control and improved testing.
- Pilot the Scorecard badges feature.
- Pilot the Scorecard API.
v1.1.2
v1.1.1
v1.1.0
Main changes
This release lets you run Scorecards without creating a PAT token. If you don't provide a PAT token, Scorecards will use the default GITHUB_TOKEN available in the workflow. Due to limitations of the permissions model and GitHub APIs, be aware of the following limitations:
- Without a PAT, the Branch-Protection is not supported, so it will be disabled. You will not receive alerts for this check.
- Scorecards only supports PAT on private repositories. If you want to install Scorecards on a private repository, you still need to use a PAT.
For more information, visit the README.md
New Contributors
- @rohankh532 made their first contribution in #112
- @justaugustus made their first contribution in #126
- @jamietanna made their first contribution in #145
- @jonasbb made their first contribution in #129
- @azeemshaikh38 made their first contribution in #247
Full Changelog: v1.0.4...v1.1.0
Contributors
jonasbb, justaugustus, and 3 other contributors