-
Notifications
You must be signed in to change notification settings - Fork 672
Pull requests: ossf/scorecard
Author
Label
Projects
Milestones
Reviews
Assignee
Sort
Pull requests list
🌱 Bump github.com/sigstore/rekor from 1.5.0 to 1.5.2 in /tools
dependencies
Pull requests that update a dependency file
go
Pull requests that update Go code
size:L
This PR changes 100-499 lines, ignoring generated files.
#5108
opened Jun 30, 2026 by
dependabot
Bot
Loading…
🌱 Bump the gomod group across 2 directories with 20 updates
dependencies
Pull requests that update a dependency file
go
Pull requests that update Go code
size:XL
This PR changes 500-999 lines, ignoring generated files.
#5107
opened Jun 29, 2026 by
dependabot
Bot
Loading…
🌱 Bump the github-actions group across 1 directory with 13 updates
dependencies
Pull requests that update a dependency file
github_actions
Pull requests that update Github_actions code
size:XS
This PR changes 0-9 lines, ignoring generated files.
#5106
opened Jun 29, 2026 by
dependabot
Bot
Loading…
🌱 Bump actions/setup-go from 6.3.0 to 6.5.0
dependencies
Pull requests that update a dependency file
github_actions
Pull requests that update Github_actions code
size:XS
This PR changes 0-9 lines, ignoring generated files.
#5105
opened Jun 29, 2026 by
dependabot
Bot
Loading…
Detect commit committer fields in dangerous workflows
size:XS
This PR changes 0-9 lines, ignoring generated files.
#5104
opened Jun 28, 2026 by
Tom3306
Loading…
checks/sast: detect Semgrep, Bandit, and gosec SAST workflows
size:M
This PR changes 30-99 lines, ignoring generated files.
#5103
opened Jun 23, 2026 by
DevamShah
Loading…
2 tasks done
✨ Add support for Winget package manager integration
size:L
This PR changes 100-499 lines, ignoring generated files.
#5101
opened Jun 21, 2026 by
andy778
Loading…
2 tasks done
🌱 Normalize extracted file paths across repository handlers
size:M
This PR changes 30-99 lines, ignoring generated files.
#5099
opened Jun 20, 2026 by
Tanishq-mellu
Loading…
fix: detect committer context in dangerous workflows
size:XS
This PR changes 0-9 lines, ignoring generated files.
#5098
opened Jun 17, 2026 by
omobolajiadeyan
Loading…
✨ Add packaging workflow detection for changesets
size:S
This PR changes 10-29 lines, ignoring generated files.
#5097
opened Jun 16, 2026 by
gr2m
Loading…
2 tasks done
Fix tag-only release checks
size:L
This PR changes 100-499 lines, ignoring generated files.
Stale
#5095
opened Jun 14, 2026 by
din-arr
Loading…
2 tasks done
🌱 Bump chainguard/static from Pull requests that update a dependency file
docker
Pull requests that update Docker code
size:XS
This PR changes 0-9 lines, ignoring generated files.
Stale
5e9c881 to 77d8b89
dependencies
#5091
opened Jun 8, 2026 by
dependabot
Bot
Loading…
Expand Dangerous Workflow untrusted context detection
size:S
This PR changes 10-29 lines, ignoring generated files.
Stale
#5086
opened Jun 2, 2026 by
maheshkukreja
Loading…
🐛 Dangerous-Workflow: detect fork repo metadata and workflow_run branch as untrusted
size:XS
This PR changes 0-9 lines, ignoring generated files.
#5085
opened Jun 2, 2026 by
arpitjain099
Loading…
2 tasks done
🐛 report repository creation from oldest commit
size:S
This PR changes 10-29 lines, ignoring generated files.
Stale
#5082
opened Jun 1, 2026 by
janderssonse
Loading…
2 tasks done
🌱 Bump github.com/go-git/go-git/v5 from 5.18.0 to 5.19.1 in /tools
dependencies
Pull requests that update a dependency file
go
Pull requests that update Go code
size:S
This PR changes 10-29 lines, ignoring generated files.
#5066
opened May 19, 2026 by
dependabot
Bot
Loading…
🌱 Bump the distroless group across 6 directories with 1 update
dependencies
Pull requests that update a dependency file
docker
Pull requests that update Docker code
size:S
This PR changes 10-29 lines, ignoring generated files.
#5064
opened May 18, 2026 by
dependabot
Bot
Loading…
🌱 Bump github.com/slack-go/slack from 0.17.3 to 0.23.1 in /tools
dependencies
Pull requests that update a dependency file
go
Pull requests that update Go code
size:XS
This PR changes 0-9 lines, ignoring generated files.
Stale
#5062
opened May 14, 2026 by
dependabot
Bot
Loading…
🌱 Bump github.com/go-git/go-billy/v5 from 5.8.0 to 5.9.0 in /tools
dependencies
Pull requests that update a dependency file
go
Pull requests that update Go code
size:XS
This PR changes 0-9 lines, ignoring generated files.
Stale
#5060
opened May 14, 2026 by
dependabot
Bot
Loading…
🌱 Bump the golang group across 8 directories with 1 update
dependencies
Pull requests that update a dependency file
docker
Pull requests that update Docker code
size:S
This PR changes 10-29 lines, ignoring generated files.
#5052
opened May 11, 2026 by
dependabot
Bot
Loading…
🐛 Improve error messages for branch-protection and pip-install checks
size:S
This PR changes 10-29 lines, ignoring generated files.
Stale
#5043
opened May 2, 2026 by
alliasgher
Contributor
Loading…
🌱 chore: add additional Hiero repos to cron run.
size:XS
This PR changes 0-9 lines, ignoring generated files.
Stale
#5041
opened Apr 30, 2026 by
jwagantall
Contributor
Loading…
🌱 Bump github.com/rhysd/actionlint from 1.7.9 to 1.7.12
dependencies
Pull requests that update a dependency file
go
Pull requests that update Go code
size:XS
This PR changes 0-9 lines, ignoring generated files.
Stale
#5037
opened Apr 27, 2026 by
dependabot
Bot
Loading…
🐛 Fix scorecard completion generates
size:XS
This PR changes 0-9 lines, ignoring generated files.
#5027
opened Apr 20, 2026 by
dovydenkovas
Loading…
1 task done
Previous Next
ProTip!
What’s not been updated in a month: updated:<2026-06-01.