Skip to content

v5.5.0

Latest

Choose a tag to compare

@spencerschrock spencerschrock released this 23 Apr 21:41
v5.5.0
c395761

What's Changed

General

  • The official Scorecard docker images are hosted on GitHub Container Registry starting with v5.5.0.
    Older releases will be brought over from Google Container/Artifact Registry, before being discontinued.(@spencerschrock in #4885)
  • Scorecard will now skip checks that don't apply to the current repo type by @JamieMagee in #5000.
    If any checks no longer run that previously ran, and you think are supported by the underlying forge please file an issue.

Checks

Branch-Protection

  • 🌱 Use rulesets if one exists when classic branch protection rule is inaccessible by @trask in #4853

CII-Best-Practices

  • ✨ Support custom CII_Best_Practices_URL via environment variable. by @kash2104 in #4882

Dangerous-Workflow

  • 🐛 detect toJSON(github.event) in Dangerous-Workflow check by @heathdutton in #4898

Contributors

  • 🐛 Skip CODEOWNERS file in contributors check if there is a parsing error by @juanis2112 in #4851

Dependency-Update-Tool

Fuzzing

Docs

Other

New Contributors

Full Changelog: v5.4.0...v5.5.0