Insights: ossf/scorecard
Overview
Could not load contribution data
Please try again later
10 Pull requests merged by 4 people
-
:seedling: Convert Dangerous Workflow check to probes
#3521 merged
Nov 6, 2023 -
:seedling: Bump github.com/spf13/cobra from 1.7.0 to 1.8.0
#3644 merged
Nov 6, 2023 -
:bug: remove probe remediations from detail strings
#3642 merged
Nov 3, 2023 -
:seedling: Bump cloud.google.com/go/bigquery from 1.56.0 to 1.57.1
#3638 merged
Nov 2, 2023 -
:seedling: Bump github.com/onsi/gomega from 1.28.1 to 1.29.0
#3624 merged
Nov 1, 2023 -
:seedling: Bump github.com/go-git/go-git/v5 from 5.9.0 to 5.10.0
#3623 merged
Nov 1, 2023 -
:seedling: Bump github.com/go-logr/logr from 1.2.4 to 1.3.0
#3622 merged
Nov 1, 2023 -
:seedling: Bump github.com/docker/docker from 24.0.6+incompatible to 24.0.7+incompatible in /tools
#3628 merged
Nov 1, 2023 -
:seedling: Bump github.com/docker/docker from 24.0.4+incompatible to 24.0.7+incompatible
#3627 merged
Nov 1, 2023 -
🌱 Update stale workflow to exempt Structured Results milestone
#3634 merged
Nov 1, 2023
8 Pull requests opened by 3 people
-
:seedling: Add dependency remediation in raw results instead of at log time
#3632 opened
Oct 31, 2023 -
:seedling: Bump kubernetes-sigs/kubebuilder-release-tools from 0.4.0 to 0.4.2
#3637 opened
Nov 2, 2023 -
:seedling: Bump github.com/google/osv-scanner from 1.4.2 to 1.4.3
#3639 opened
Nov 2, 2023 -
:seedling: scdiff: Add workflow to run `scdiff` against PRs on demand
#3640 opened
Nov 2, 2023 -
:seedling: Bump golang.org/x/text from 0.13.0 to 0.14.0
#3643 opened
Nov 6, 2023 -
:seedling: Bump github.com/golangci/golangci-lint from 1.55.1 to 1.55.2 in /tools
#3645 opened
Nov 6, 2023 -
:seedling: Bump actions/dependency-review-action from 3.1.0 to 3.1.1
#3646 opened
Nov 6, 2023 -
:seedling: Bump tj-actions/changed-files from 39.2.3 to 40.1.0
#3647 opened
Nov 6, 2023
10 Issues closed by 2 people
-
Feature: crowdsourcing scorecard run via GitHub action
#1144 closed
Nov 6, 2023 -
Feature - Scorecard should sign releases with cosign
#1201 closed
Nov 6, 2023 -
Feature: remove 1 point per unpinned action
#1343 closed
Nov 6, 2023 -
Feature: speed up Validate check in pre-submits
#1377 closed
Nov 6, 2023 -
scdiff: investigate result format
#3360 closed
Nov 3, 2023 -
Scorecard - GitHub bot account
#1729 closed
Nov 3, 2023 -
Use Kubernetes `release-notes` tool for releases
#1677 closed
Nov 2, 2023 -
Extend Vulnerabilities check with https://github.com/github/advisory-database
#1707 closed
Nov 2, 2023 -
Is there a way to influence a score by providing a proof of what's claimed as absent on a scorecard?
#3626 closed
Oct 31, 2023 -
? values in default ASCII table format are translated to -1 in JSON format
#2425 closed
Oct 31, 2023
1 Issue opened by 1 person
-
findings: values should be exported consts owned by the probe
#3641 opened
Nov 2, 2023
84 Unresolved conversations
Sometimes conversations happen on old items that aren’t yet closed. Here is a list of all the Issues and Pull Requests with unresolved conversations.
-
:seedling: Migrate Maintained check to probes
#3507 commented on
Nov 3, 2023 • 36 new comments -
:seedling: Convert SAST check to probes
#3571 commented on
Nov 6, 2023 • 26 new comments -
Feature: mis-configured OIDC
#3629 commented on
Nov 2, 2023 • 9 new comments -
🐛 Pinned-Dependencies continues on error
#3515 commented on
Nov 6, 2023 • 6 new comments -
Feature: Don't penalize Go projects for not "packaging" to a registry
#2493 commented on
Nov 6, 2023 • 4 new comments -
📖 Added beginner's guide to scorecard checks docs
#3617 commented on
Nov 1, 2023 • 4 new comments -
Feature request: Add new check for developer education
#3534 commented on
Nov 1, 2023 • 3 new comments -
:seedling: convert CITest check to probes
#3621 commented on
Nov 1, 2023 • 3 new comments -
Feature: do not filter `testdata` in results once we have raw result support is landed
#1428 commented on
Nov 4, 2023 • 2 new comments -
Feature: Add support for CVS
#920 commented on
Nov 7, 2023 • 2 new comments -
BUG: checks Signed-Releases and Packaging returning `?` when the repo actually has releases on GitHub
#2763 commented on
Oct 31, 2023 • 1 new comment -
Why
#3625 commented on
Oct 31, 2023 • 1 new comment -
BUG: CITest evaluation documentation inconsistent with implementation
#3616 commented on
Oct 31, 2023 • 1 new comment -
Feature: dangerous CI
#3630 commented on
Nov 1, 2023 • 1 new comment -
Enhancement proposal process
#1727 commented on
Nov 2, 2023 • 1 new comment -
Feature: use `go-git`
#1709 commented on
Nov 2, 2023 • 1 new comment -
Command line unit test
#1693 commented on
Nov 2, 2023 • 1 new comment -
Feature: Create a scorecard API
#1683 commented on
Nov 2, 2023 • 1 new comment -
Reduce the number of permissions we look for
#1667 commented on
Nov 2, 2023 • 1 new comment -
Create multiple SARIF results for each branch protection settings
#1626 commented on
Nov 2, 2023 • 1 new comment -
Feature - Pin dependencies - add support for gclient DEPS file
#1597 commented on
Nov 2, 2023 • 1 new comment -
[UMBRELLA] Review/expand contribution guidance
#1553 commented on
Nov 2, 2023 • 1 new comment -
Add rationales for every criterion
#1550 commented on
Nov 2, 2023 • 1 new comment -
Feature: granular remediation hints per Warning
#1522 commented on
Nov 2, 2023 • 1 new comment -
Feature: unit test need to verify Logger messages
#1509 commented on
Nov 2, 2023 • 1 new comment -
Feature: Dependency-Update-Tool should check whether tools are available
#1726 commented on
Nov 3, 2023 • 1 new comment -
Feature: Is there a way to check score based on risk levels
#1706 commented on
Nov 3, 2023 • 1 new comment -
Yarn lock support
#1652 commented on
Nov 3, 2023 • 1 new comment -
Move to cron to a separate repository
#1648 commented on
Nov 3, 2023 • 1 new comment -
Detect more unpinned golang commands
#1606 commented on
Nov 3, 2023 • 1 new comment -
SAST - Recognize Clang Tidy as a SAST tool
#1585 commented on
Nov 3, 2023 • 1 new comment -
Feature: Check that CODEOWNERS is up to date
#1554 commented on
Nov 3, 2023 • 1 new comment -
Add branch protection settings
#1563 commented on
Nov 3, 2023 • 1 new comment -
DISCUSSION: v5 milestone
#1490 commented on
Nov 3, 2023 • 1 new comment -
Feature: Detect if SBOMs generated
#1476 commented on
Nov 3, 2023 • 1 new comment -
Feature: add Scorecard to OSS-Fuzz and CIFuzz
#1389 commented on
Nov 3, 2023 • 1 new comment -
Feature: support for GCB's cloud build in Dependencies-Pinning
#1503 commented on
Nov 4, 2023 • 1 new comment -
Feature: use .gitignore for binary-artifacts when --local is used
#1499 commented on
Nov 4, 2023 • 1 new comment -
Feature: add support for all unpinned npm commmands
#1469 commented on
Nov 4, 2023 • 1 new comment -
Feature: encourage developers to share SAST results
#1427 commented on
Nov 4, 2023 • 1 new comment -
Feature: add support for keyless signed release
#1417 commented on
Nov 4, 2023 • 1 new comment -
add ability to pass ignore list
#1406 commented on
Nov 4, 2023 • 1 new comment -
Feature: add linter check
#1380 commented on
Nov 4, 2023 • 1 new comment -
Feature: add check for vulnerability alerts
#1371 commented on
Nov 4, 2023 • 1 new comment -
Feature: generate SBOMs for scorecard container images
#1366 commented on
Nov 4, 2023 • 1 new comment -
Feature: auto rebase of PRs
#1358 commented on
Nov 4, 2023 • 1 new comment -
Feature: remove support for table output
#1351 commented on
Nov 4, 2023 • 1 new comment -
Feature: more robust way of logging errors in sub-checks
#1327 commented on
Nov 4, 2023 • 1 new comment -
Calculate risk based on score of the check
#1321 commented on
Nov 4, 2023 • 1 new comment -
Feature: enable branch protection on pull request for GitHub action
#1271 commented on
Nov 4, 2023 • 1 new comment -
Feature: provide an ignore list for Binary-Artifact check in GitHub action
#1270 commented on
Nov 4, 2023 • 1 new comment -
Feature: SAST tool run on PR should count more than those run after merge
#1268 commented on
Nov 5, 2023 • 1 new comment -
Feature: Separate check for policy/score evaluation
#1245 commented on
Nov 5, 2023 • 1 new comment -
Feature: separate common shell utility function from `shell_download_validate.go`
#1220 commented on
Nov 5, 2023 • 1 new comment -
Feature - Record scorecard card scans into Rekor
#1200 commented on
Nov 5, 2023 • 1 new comment -
Feature - Managed make parser
#1194 commented on
Nov 5, 2023 • 1 new comment -
Feature - Vendor dependencies for hermetic builds
#1188 commented on
Nov 5, 2023 • 1 new comment -
Make Packaging check 'job'-aware
#1100 commented on
Nov 5, 2023 • 1 new comment -
Scorecard should try to earn a CII Best Practices badge
#1032 commented on
Nov 5, 2023 • 1 new comment -
Feature: licensing check looks for ecosystem file's license
#3168 commented on
Nov 6, 2023 • 1 new comment -
Feature: Pin dependencies for other CI/CD
#994 commented on
Nov 6, 2023 • 1 new comment -
Feature - Security Scan
#966 commented on
Nov 6, 2023 • 1 new comment -
Granular `Vulnerabilities` check
#935 commented on
Nov 6, 2023 • 1 new comment -
How can contributors result be trusted, people can create fake organizations
#859 commented on
Nov 7, 2023 • 1 new comment -
Feedback on Scorecard result data
#792 commented on
Nov 7, 2023 • 1 new comment -
New check: signed commits
#779 commented on
Nov 7, 2023 • 1 new comment -
✨ New probes: code-review
#3302 commented on
Nov 2, 2023 • 1 new comment -
:sparkles: Feat/branch protection recognize rule changes only through pr
#3499 commented on
Nov 7, 2023 • 1 new comment -
:seedling: convert binary artifact check to probe
#3508 commented on
Nov 2, 2023 • 1 new comment -
:seedling: convert CII Best Practices check to probes
#3520 commented on
Nov 3, 2023 • 1 new comment -
:seedling: convert Webhook check to probes
#3522 commented on
Nov 2, 2023 • 1 new comment -
:book: Add direct link to scorecard viewer
#3529 commented on
Nov 2, 2023 • 1 new comment -
convert Signed Releases to probes
#3610 commented on
Nov 6, 2023 • 1 new comment -
Feature: re-visit outcome definition in findings
#2928 commented on
Oct 31, 2023 • 0 new comments -
Improve Score Reporting: Signed-Releases looks at old release data
#2169 commented on
Oct 31, 2023 • 0 new comments -
Improve Score Reporting: Binary-Artifact filetype detection is not reliable
#2163 commented on
Oct 31, 2023 • 0 new comments -
Improve Score Reporting: Branch-Protection check fails with -1
#2161 commented on
Oct 31, 2023 • 0 new comments -
BUG: contributor checks does not validate number of companies per contributor
#1024 commented on
Oct 31, 2023 • 0 new comments -
e2e tests: use ginkgo's `--flake-attempts` flag instead of `nick-invision/retry`
#2897 commented on
Oct 31, 2023 • 0 new comments -
Feature: improve packaging
#688 commented on
Oct 31, 2023 • 0 new comments -
Feature: maintainer annotation
#1907 commented on
Oct 31, 2023 • 0 new comments -
Feature: Document what languages the check supports
#3615 commented on
Oct 31, 2023 • 0 new comments -
Feature: Add Scorecard GitHub Action results to the BigQuery database
#2558 commented on
Nov 1, 2023 • 0 new comments -
Split fuzzing checks in two: continuous fuzzing & fuzzers present
#3475 commented on
Nov 1, 2023 • 0 new comments