Skip to content
Compare
Choose a tag to compare
@spencerschrock spencerschrock released this 23 Jun 21:19
· 171 commits to main since this release
v2.2.0
08b4669

What's Changed

  • 🌱 Bump github.com/ossf/scorecard/v4 from v4.10.5 to v4.11.0 by @spencerschrock in #1192

Scorecard Result Viewer

Thanks to contributions from @cynthia-sg and @tegioz at CLOMonitor, there is a new Scorecard Result visualization page at https://securityscorecards.dev/viewer/?uri=<project-url>.

As an example, you can see our own score visualized here
Checkout our README to learn how to link your README badge to the new visualization page.

Publishing Results

This release contains two fixes which will improve the user experience when publish_results is true

  • Runs that fail our workflow restrictions will fail with a 400 response indicating the problem, instead of a vague 500 status. (#1156, resolved #1150)
  • Scorecard action will retry when signing results and submitting them to our web API. This should help with flakiness from connection failures. (#1191)

Docs

  • 📖 Update README to accept fine-grained tokens by @pnacht in #1175
  • 📖 Update installation instructions to match current GitHub UI by @joycebrum in #1153
  • 📖 Document the GitHub action workflow restrictions when publishing results. by @spencerschrock in

New Contributors

Full Changelog: v2.1.3...v2.2.0