What's Changed
- 🌱 Bump github.com/ossf/scorecard/v4 from v4.10.5 to v4.11.0 by @spencerschrock in #1192
Scorecard Result Viewer
Thanks to contributions from @cynthia-sg and @tegioz at CLOMonitor, there is a new Scorecard Result visualization page at https://securityscorecards.dev/viewer/?uri=<project-url>
.
As an example, you can see our own score visualized here
Checkout our README to learn how to link your README badge to the new visualization page.
Publishing Results
This release contains two fixes which will improve the user experience when publish_results
is true
- Runs that fail our workflow restrictions will fail with a 400 response indicating the problem, instead of a vague 500 status. (#1156, resolved #1150)
- Scorecard action will retry when signing results and submitting them to our web API. This should help with flakiness from connection failures. (#1191)
Docs
- 📖 Update README to accept fine-grained tokens by @pnacht in #1175
- 📖 Update installation instructions to match current GitHub UI by @joycebrum in #1153
- 📖 Document the GitHub action workflow restrictions when publishing results. by @spencerschrock in
New Contributors
- @bobcallaway made their first contribution in #1140
- @pnacht made their first contribution in #1175
Full Changelog: v2.1.3...v2.2.0