Releases: ossf/scorecard-action
v1.1.1
v1.1.0
Main changes
This release lets you run Scorecards without creating a PAT token. If you don't provide a PAT token, Scorecards will use the default GITHUB_TOKEN
available in the workflow. Due to limitations of the permissions model and GitHub APIs, be aware of the following limitations:
- Without a PAT, the Branch-Protection is not supported, so it will be disabled. You will not receive alerts for this check.
- Scorecards only supports PAT on private repositories. If you want to install Scorecards on a private repository, you still need to use a PAT.
For more information, visit the README.md
New Contributors
- @rohankh532 made their first contribution in #112
- @justaugustus made their first contribution in #126
- @jamietanna made their first contribution in #145
- @jonasbb made their first contribution in #129
- @azeemshaikh38 made their first contribution in #247
Full Changelog: v1.0.4...v1.1.0
v1.0.4
Summary
This release fixes null
repository and branch issues: see #106, #84 and #73
What's Changed
- Update codeql-analysis.yml by @jauderho in #76
- use GITHUB_REPOSITORY in shell script by @laurentsimon in #83
- Bump github/codeql-action from 1.0.30 to 1.0.31 by @dependabot in #81
- ✨ Add warning for empty repo token by @laurentsimon in #71
- 🐛 Fix default parameter requirement by @laurentsimon in #89
- ✨ Initial porting the shellscript to go by @naveensrinivasan in #87
- 🌱 Golang CI for clean code. by @naveensrinivasan in #90
- Bump github/codeql-action from 1.0.31 to 1.0.32 by @dependabot in #93
- 🌱 Porting shell script to Go by @naveensrinivasan in #94
- 🌱 More tests by @naveensrinivasan in #95
- 🐛 Fix null is fork in script by @laurentsimon in #98
- 🌱 Porting of shell script to go by @naveensrinivasan in #99
- Bump github/codeql-action from 1.0.32 to 1.1.0 by @dependabot in #102
- Bump actions/setup-go from 2.1.5 to 2.2.0 by @dependabot in #101
- 🌱 Final bits of porting the shell to go by @naveensrinivasan in #103
- 🌱 Dependabot for go by @naveensrinivasan in #104
- 🌱 Verify clean env in build by @naveensrinivasan in #105
New Contributors
- @dependabot made their first contribution in #81
Full Changelog: v1.0.3...v1.0.4
v1.0.3
What's Changed
- Bump hash for v1.0.2 by @laurentsimon in #69
- Missing slash in README.md by @ChrisCarini in #74
- 🐛 Fix null default branch/private fields by @laurentsimon in #75
New Contributors
- @ChrisCarini made their first contribution in #74
Full Changelog: v1.0.2...v1.0.3
v1.0.2
What's Changed
- Bump the hash in doc by @laurentsimon in #62
- Update README.md by @olivekl in #65
- 📖 Add doc about SAML SSO by @laurentsimon in #67
- 🐛 Support arbitrary default branch by @laurentsimon in #68
Full Changelog: v1.0.1...v1.0.2
v1.0.1
Description
This update uses Scorecards's v4.0.1 release.
What's Changed
- Fixing repo token secret typo by @abirismyname in #58
- ✨ Icons for partnered action by @laurentsimon in #59
- Bump dockerfile hash to fix SARIF semVer by @laurentsimon in #60
- Update README.md with v1.0.1 hash by @laurentsimon in #61
New Contributors
- @abirismyname made their first contribution in #58
Full Changelog: v1.0.0...v1.0.1
v1.0.0
Description
This release of Scorecard's GitHub action is the first stable release. It uses Scorecard's V4 version.
Contributors
Huge thanks to all community contributors
@laurentsimon, @naveensrinivasan, @azeemshaikh38, @olivekl
New Contributors
Mailing lists
- Stay updated with new releases and other announcements by joining [email protected].
- Ask questions, get access to design docs, etc. by joining [email protected].
Full Changelog: v0.0.2...v1.0.0
Testing release (v0.0.2) before official release
Pre-release test
Testing release (v0.0.1) before official release
Pre-release test