Releases: ossf/scorecard-webapp
Releases Β· ossf/scorecard-webapp
v1.0.1
Fix for ossf/scorecard-action#910 and a query option to allow badge styling.
What's Changed
- feat: add style query to badge endpoint by @dirien in #203
- π± Bump ossf/scorecard-action from 2.0.0.pre.alpha.2 to 2.0.3 by @dependabot in #202
- π± Bump golang from 1.18.5 to 1.19.1 by @dependabot in #198
- π± Bump github.com/google/go-cmp from 0.5.8 to 0.5.9 by @dependabot in #200
- π± Bump github/codeql-action from 2.1.21 to 2.1.22 by @dependabot in #196
- π Add exception for step-security/harden-runner by @azeemshaikh38 in #204
- π± Bump github.com/rhysd/actionlint from 1.6.16 to 1.6.17 by @dependabot in #189
- π± Remove
create-issueas acceptable step by @azeemshaikh38 in #205
New Contributors
Full Changelog: v1.0.0...v1.0.1
Contributors
azeemshaikh38, dependabot, and dirien
Assets 2
v1.0.0
v1.0.0
This tag was signed with the committerβs verified signature.
naveensrinivasan
Naveen
What's Changed
- π± Skeleton to setup scorecard.dev webapp by @azeemshaikh38 in #1
- π Fix Dockerfile by @azeemshaikh38 in #2
- β¨ Expose the Scorecard webapp on external IP by @azeemshaikh38 in #3
- Setup Scorecard GitHub Action by @azeemshaikh38 in #4
- Create codeql-analysis.yml by @naveensrinivasan in #5
- β¨ Add a Security policy by @azeemshaikh38 in #6
- Create dependabot.yml by @naveensrinivasan in #7
- π± Bump ossf/scorecard-action from 0.0.1 to 0.0.2 by @dependabot in #8
- Update version in workflow comment by @laurentsimon in #10
- π± Bump distroless/base from
46d4514to02f6671by @dependabot in #9 - π± Bump ossf/scorecard-action from 0.0.2 to 1.0.1 by @dependabot in #12
- β¨ Add Google-managed SSL cert by @azeemshaikh38 in #13
- π± Bump ossf/scorecard-action from 1.0.1 to 1.0.2 by @dependabot in #15
- π± Use
GITHUB_TOKENinstead of PAT by @azeemshaikh38 in #17 - Fixing scorecard alerts by @abirismyname in #18
- Fixing Token-Permissions issue by @abirismyname in #19
- Fixing last remaining Token-Permissions issue by @abirismyname in #20
- π± Update github/codeql-action requirement to d39d5d5c9707b926d517b1b292905ef4c03aa777 by @dependabot in #25
- π± Bump ossf/scorecard-action from 1.0.2 to 1.0.3 by @dependabot in #16
- π± Bump ossf/scorecard-action from 1.0.3 to 1.0.4 by @dependabot in #26
- π± Bump actions/checkout from 2.4.0 to 3 by @dependabot in #29
- π± Bump github/codeql-action from 1.1.2 to 1.1.3 by @dependabot in #27
- π± Setup api.securityscorecards.dev by @azeemshaikh38 in #32
- π± Bump actions/upload-artifact from 2.3.1 to 3 by @dependabot in #31
- π± Bump github/codeql-action from 1.1.3 to 1.1.4 by @dependabot in #35
- Scorecard site frontend by @azeemshaikh38 in #45
- π± Dependabot PRs reviewed by scorecard-maintainers by @azeemshaikh38 in #47
- fixed vulnerabilities by @mdunbavan in #48
- Bump nth-check from 1.0.2 to 2.0.1 in /scorecards-site by @dependabot in #49
- π± Bump distroless/base from
02f6671to792dfe7by @dependabot in #51 - π± Bump github/codeql-action from 1.1.4 to 1.1.5 by @dependabot in #50
- π± Bump distroless/base from
792dfe7to764b74bby @dependabot in #53 - π± Bump github/codeql-action from 1.1.5 to 2.1.6 by @dependabot in #56
- Bump minimist from 1.2.5 to 1.2.6 in /scorecards-site by @dependabot in #57
- π± Add staging and prod deployments to scorecard-site by @azeemshaikh38 in #59
- π Fix typo in CloudBuild config by @azeemshaikh38 in #60
- π Remove
automatic_scalingsince it's default by @azeemshaikh38 in #61 - π± Bump github/codeql-action from 2.1.6 to 2.1.7 by @dependabot in #64
- π Fix UI/Content issues by @azeemshaikh38 in #67
- π± Bump github/codeql-action from 2.1.7 to 2.1.8 by @dependabot in #68
- π± Included dependency reviews check by @naveensrinivasan in #69
- GET Endpoint for Scorecard Results Retrieval by @rohankh532 in #55
- fix goat counter script load issue by @mdunbavan in #70
- Fixes/goatcounter issue by @mdunbavan in #72
- PR for issue #75 by @mdunbavan in #74
- bump fix for sidebar not loading by @mdunbavan in #76
- π± Bump actions/checkout from 3.0.0 to 3.0.1 by @dependabot in #77
- Bump async from 2.6.3 to 2.6.4 in /scorecards-site by @dependabot in #78
- π± Bump actions/checkout from 3.0.1 to 3.0.2 by @dependabot in #79
- POST Endpoint for Scorecard Results Verification & Upload by @rohankh532 in #54
- π± Bump github.com/sigstore/cosign from 1.7.1 to 1.7.2 by @dependabot in #84
- π± Bump github.com/sigstore/rekor from 0.5.0 to 0.6.0 by @dependabot in #82
- π± Bump github.com/rhysd/actionlint from 1.6.11 to 1.6.12 by @dependabot in #83
- Fix Workflow Global Permissions Nil Check by @rohankh532 in #85
- π± Bump actions/dependency-review-action from 3f943b86c9a289f4e632c632695e2e0898d9d67d to 1 by @dependabot in #91
- π± Bump github.com/go-openapi/runtime from 0.23.3 to 0.24.1 by @dependabot in #89
- π± Bump github/codeql-action from 2.1.8 to 2.1.10 by @dependabot in #90
- π± Bump github.com/sigstore/cosign from 1.7.2 to 1.8.0 by @dependabot in #87
- Fixed codeql to include Javascript by @naveensrinivasan in #92
- π± Bump github/codeql-action from 2.1.10 to 2.1.11 by @dependabot in #93
- π± Bump github.com/rhysd/actionlint from 1.6.12 to 1.6.13 by @dependabot in #94
- π± Bump distroless/base from
764b74btod65ac1aby @dependabot in #95 - π± Bump actions/upload-artifact from 3.0.0 to 3.1.0 by @dependabot in #96
- π± Bump actions/dependency-review-action from 1.0.1 to 1.0.2 by @dependabot in #97
- π± Code cleanup by @azeemshaikh38 in #102
- π± Bump ossf/scorecard-action from 1.0.4 to 1.1.1 by @dependabot in #101
- π± Bump github/codeql-action from 2.1.11 to 2.1.12 by @dependabot in #100
- π± Add CI for linter, license and build by @azeemshaikh38 in #103
- π± Fix linter issues by @azeemshaikh38 in #105
- π± More cleanup by @azeemshaikh38 in #107
- π± Remove k8s file and deploy through CloudRun by @azeemshaikh38 in #109
- π± Update the POST API request by @azeemshaikh38 in #111
- π Fix code causing errors in web server by @azeemshaikh38 in #114
- π Fix scorecard-action e2e test breakages by @azeemshaikh38 in #119
- Included endorlabs as a contributor by @naveensrinivasan in #134
- π± Replace Sigstore library calls with REST API by @azeemshaikh38 in #136
- sparkles feat: add verification for fulcio issued cert by @asraa in #138
- π± Bump github.com/google/go-cmp from 0.5.7 to 0.5.8 by @dependabot in #115
- π± Bump distroless/base from
d65ac1atoe672eb7by @dependabot in #117 - π± Bump actions/dependency-review-action from 1.0.2 to 2.0.2 by @dependabot in #120
- π± Bump ossf/scorecard-action from 1.1.1 to 1.1.2 by @dependabot in #129
- π± Bump github/codeql-action from 2.1.12 to 2.1.16 by @dependabot in #139
- π± Bump github.com/stretchr/testify from 1.7.1 to 1.8.0 by @dependabot in #132
- β¨ Verify inclusion proof for returned Rekor entry by @azeemshaikh38 in https://gi...
Contributors
naveensrinivasan, justaugustus, and 7 other contributors