v4.2.0
Changelog
- 44ad5f5
⚠️ Removing the error field from result (#1853) - 1f3861b Update env variables in cron (#1858)
- ee1086e 🌱 Bump codecov/codecov-action from 3.0.0 to 3.1.0
- 64bf903 🌱 Bump actions/checkout from 3.0.1 to 3.0.2
- 4622952 ✨ Raw results for dangerous workflow (#1849)
- 72e2486 🌱 Bump contrib.go.opencensus.io/exporter/stackdriver
- 6ed6c9b 🌱 Publish images with ko
- f99e1a1 ✨ Schema for BQ table for raw results (#1762)
- 9532e55 🌱 Bump github.com/rhysd/actionlint from 1.6.11 to 1.6.12
- 6c59ff9 🌱 Bump actions/checkout from 3.0.0 to 3.0.1
- ebf0d10 🌱 Bump cloud.google.com/go/bigquery from 1.30.2 to 1.31.0
- 4d1c531 ✨ Raw results for license (#1790)
- c0e41f3 Update branches_e2e_test.go (#1838)
- 410a145 fix (#1837)
- b00b316 Split NewLogger into two so we can use a custom logrus instance.
- 9120285 Fix e2e branch (#1835)
- eedd16d linter
- 6a48f17 fix
- 4b2c677 fix
- 2873c0d e2e for GITHUB_TOKEN
- a46313c 🌱 Bump cloud.google.com/go/pubsub from 1.19.0 to 1.20.0
- fb0c0e1 🌱 Bump actions/cache from 3.0.1 to 3.0.2
- f9c2f9d 🌱 Dependency review action
- 333618d
Security-Policy
should not run on--local
(#1825) - 4df16f3 🌱 Bump codecov/codecov-action from 2.1.0 to 3
- b6575a2 🌱 Bump github.com/rhysd/actionlint from 1.6.10 to 1.6.11
- 8bc0fe5 🌱 Bump contrib.go.opencensus.io/exporter/stackdriver
- a1e908b Support
Security-Policy
with--local
(#1822) - 5860896 detect workflow_run as a dangerous trigger
- 606f28a 🌱 Bump sigs.k8s.io/release-utils from 0.5.0 to 0.6.0
- 8113336 🌱 e2e for pinned_dependencies for localrepoclient
- b6b5592 🌱 e2e for dangerous_workflow local repo
- 761bb4e 🌱 Fixes the golang version
- b42a175 🌱 Bump gocloud.dev from 0.24.0 to 0.25.0
- 648b663 🌱 Experimental option for codeql
- 27dbf9c ✨ Raw results for Signed-Release check (#1789)
- e8c633a 🌱 e2e tests for security policy localrepo
- e5f5deb 🌱 e2e tests for local repoclient for permissions
- ab9769a 🌱 Fix protoc build failures
- 99ecdea 🌱 Bump actions/cache from 3.0.0 to 3.0.1
- 7dcb3cb ✨ checks: add GitHub Webhook check (#1675)
- 93889a8 install missing tool in add-projects job
- f1268bf cleanup protoc version
- d10ac0d 🌱 Bump cloud.google.com/go/bigquery from 1.30.1 to 1.30.2
- 92027ed small cleanup on the workflow jobs and remove the master branch reference (#1800)
- 389078c 🌱 Bump cloud.google.com/go/bigquery from 1.30.0 to 1.30.1
- 4956483 🌱 Bump github.com/onsi/gomega from 1.18.1 to 1.19.0
- c428e31 🌱 Bump distroless/base in /cron/worker
- 6a078c6 Use
GITHUB_TOKEN
for downloading protoc (#1797) - ce06ac1 🌱 Bump distroless/base in /cron/webhook (#1794)
- 0644b18 🌱 e2e for local repoclient license check
- cacc3e4 🌱 e2e tests binary artifacts localrepo
- 037a3f3 ✨ Raw result for Maintained check (#1780)
- 682e6ea Explicit permissions for github actions
- 007156b 🌱 Bump distroless/base in /cron/controller
- 10d46d5 🌱 Bump distroless/base from
792dfe7
to764b74b
- d2e88f2 🌱 Bump github.com/golangci/golangci-lint in /tools
- 363d1bd Add comment to update action policy file (#1751)
- 8150ab0 ✨ Make Vuln ID field lower case in raw results (#1761)
- 2bbbce7 🐛 Discard GitHub token in dangerous workflow check (#1772)
- 66b3d8c 🌱 Bump github.com/golangci/golangci-lint from 1.44.2 to 1.45.0 in /tools (#1757)
- 10bd777 🌱 Bump peter-evans/find-comment from 1.3.0 to 2
- 0a82d2b 🌱 Bump google.golang.org/protobuf from 1.27.1 to 1.28.0
- aecff0b 🌱 Bump peter-evans/create-or-update-comment from 1.4.5 to 2
- c671bac 🌱 Bump peter-evans/slash-command-dispatch from 2.3.0 to 3
- 2863566 🌱 Bump actions/upload-artifact from 2.3.1 to 3
- a69fda7 🌱 Bump actions/cache from 2.1.7 to 3
- d51e004 🌱 Bump google.golang.org/protobuf in /tools
- 06efb4a ✨ Update BQ table name for raw results (#1759)
- 1094680 🐛 Fix schemas from #1758 (#1760)
- ee623e5 Add schema for the raw JSON (#1758)
- 1c61acd Update main.yml
- 8fd286d Update stale.yml
- 76d3e10 🌱 Restrict egress on github actions
- 0c76ae3 🌱 Bump distroless/base in /cron/controller
- 64893b8 🌱 Bump step-security/harden-runner from 1.4.0 to 1.4.1
- b1ab16e ✨ Add raw results to cron scans (#1741)
- d5893c2 🌱 Bump distroless/base from
02f6671
to792dfe7
- 9e9e5a9 🌱 Bump distroless/base in /cron/webhook
- 8f6df49 🌱 Bump github.com/go-logr/logr from 1.2.2 to 1.2.3
- 23921a6 🌱 Bump distroless/base in /cron/worker
- a496d8c 🌱 Bump cloud.google.com/go/bigquery from 1.29.0 to 1.30.0
- a3f4b05 Pass in specific commit-SHA in cron job (#1739)
- ba78d0a ✨ Unit test for CLI options
- dc302bd Enable
CI-Tests
to run as commit-based check - c8acf36 🌱 .github: Audit CodeQL egress with harden-runner (#1728)
- c8af71c 🌱 Bump crazy-max/ghaction-import-gpg from 4.2.0 to 4.3.0
- 3f73d69 🌱 Bump github.com/rhysd/actionlint from 1.6.9 to 1.6.10
- 2df9d08 🌱 Bump github.com/goreleaser/goreleaser in /tools
- 7d17953 Fixed the path of the generated mock files.
- 1995bc3 🌱 Refactor to make it testable
- f2a132a 🌱 Bump github.com/spf13/cobra from 1.3.0 to 1.4.0
- e303a1b 🌱 Ignore mock clients for code coverage
- 35d3156 🌱 Unit tests for pinned_dependencies
- c10a6ae Update README.md (#1716)
- eb25816 🌱 Bump cloud.google.com/go/pubsub from 1.18.0 to 1.19.0
- e128c3d allow empty committer (#1714)
- c1761a8 Only download repo tarball when necessary
- 0268747 🌱 Bump github.com/goreleaser/goreleaser in /tools
- 4b9f038 🌱 Fix for CVE-2022-23648
- 241b0f4 Mark
License
,Security-Policy
as commit-based (#1711) - 3c92dec 🐛 Add GitHub committer verification (#1695)
- 57b4664 🌱 Bump cloud.google.com/go/bigquery from 1.28.0 to 1.29.0
- 4904b31 🌱 additional tests for github_workflow
- 3070b3c ✨ cmd: Allow new scorecard to be instantiated with options (#1703)
- d192c8e ✨ Add score to SARIF for all results (#1694)
- 3818dbe Update CODEOWNERS (#1701)
- 189cdc5 🌱 Bump actions/stale from 4.1.0 to 5
- 2381915 🌱 Bump crazy-max/ghaction-import-gpg from 4.1.0 to 4.2.0
- 13b9cc5 🌱 Bump actions/checkout from 2.4.0 to 3
- 84cdc8c ✨ cmd: Refactor to make importable (#1696)
- 738b246 Fix cmd panic (#1692)
- 8377294 🌱 Bump goreleaser/goreleaser-action from 2.9.0 to 2.9.1
- dd9ae7d 🌱 Bump actions/setup-go from 2.2.0 to 3
- 5e5abdc 🌱 Unit tests for github workflow
- ddb0fe3 ✨ Changed jsonScorecardResultV2 type Public (#1682)
- 4635570 🌱 Bump goreleaser/goreleaser-action from 2.8.1 to 2.9.0
- d71866c Update badges to correct package version and reference URLs
- c664364 📖 Included reference to the GoDoc
- 7956ff4 ✨ Miscellaneous refactors to ease downstream consumption (#1645)
- 7610519 📖 Adding missing documentation for Token-Permissions (#1656)
- 4c82c29 🌱 Bump github.com/rhysd/actionlint from 1.6.8 to 1.6.9
- 692c682 Refine copy for PR template and add a
release-note
code fence (#1678) - 504f134 Update scorecard-analysis.yml (#1674)
- faeae41 🌱 Fixes the vulnerability GHSA-qq97-vm5h-rrhg (#1672)
- 5a1ab20 🌱 Fix containerd vulns
- d94a87d 🌱 Fix containerd Vulnerability (#1560)
- 808941a ✨ Token-Permissions, Allow
contents: write
permission only for jobs that are releasing (#1663) - e41f859 Generalize CheckFileContent functions (#1670)
- 5656c3e 🌱 Ignore cron folder from codecov
- f616278 Generalize CheckIfFileExists fn (#1668)
- c03085a Remove duplicated function definitions (#1666)
- e5b62b5 🌱 Bump mvdan.cc/sh/v3 from 3.4.2 to 3.4.3 (#1665)
- 5dbc04a 🌱 Avoid duplicate builds