issues
search
ossf
/
scorecard
OpenSSF Scorecard - Security health metrics for Open Source
https://scorecard.dev
Apache License 2.0
4.46k
stars
489
forks
source link
issues
Newest
Newest
Most commented
Recently updated
Oldest
Least commented
Least recently updated
:seedling: Bump chainguard/static from `e78eb21` to `d751850`
#4263
dependabot[bot]
closed
2 months ago
0
:book: Updated Scorecard link in README.md
#4262
Wavyeli32
closed
1 month ago
0
:seedling: Bump github.com/onsi/gomega from 1.33.1 to 1.34.0
#4261
dependabot[bot]
closed
2 months ago
1
:seedling: Bump gocloud.dev from 0.37.0 to 0.38.0
#4260
dependabot[bot]
closed
2 months ago
0
:bug: Update Org RepoClient creation to use transport from parent Client
#4259
jeffmendoza
closed
2 months ago
2
Documentation: Document how to call Scorecard as a library.
#4258
jeffmendoza
opened
2 months ago
1
Feature scorecard.Run() should take a leveled logging object/interface instead of or alternatively to log level.
#4257
jeffmendoza
opened
2 months ago
2
Feature: scorecard.Run() should accept an http.RoundTripper to be used for all outgoing http requests
#4256
jeffmendoza
opened
2 months ago
2
BUG githubrepo.Client.GetOrgRepoClient() does not use parent Client transport
#4255
jeffmendoza
closed
2 months ago
3
Request: make the internal/packageclient package not internal
#4254
jeffmendoza
closed
2 months ago
5
Feature: Checks should support powershell scripts
#4253
balteravishay
opened
2 months ago
0
BUG: .Net pinned dependency should support Central Package Management
#4252
balteravishay
opened
2 months ago
1
BUG: .Net Pinned dependency check ignores using RestoreLockedMode
#4251
balteravishay
opened
2 months ago
0
:seedling: Bump cloud.google.com/go/bigquery from 1.61.0 to 1.62.0
#4250
dependabot[bot]
closed
2 months ago
1
:seedling: Bump the github-actions group across 1 directory with 4 updates
#4249
dependabot[bot]
closed
2 months ago
0
:seedling: Bump chainguard/static from `d94c01c` to `e78eb21`
#4248
dependabot[bot]
closed
2 months ago
0
Incorrectly formatted example link
#4247
JeremiahAHoward
closed
1 month ago
2
restore ability to see individual PR results for SAST and Code-Review and document it
#4245
spencerschrock
opened
2 months ago
1
:seedling: Bump github.com/google/go-containerregistry from 0.20.0 to 0.20.1
#4244
dependabot[bot]
closed
2 months ago
1
:seedling: Bump github.com/xanzy/go-gitlab from 0.106.0 to 0.107.0
#4243
dependabot[bot]
closed
2 months ago
0
:book: mark codeApproved and sastToolRunsOnAllCommits as experimental
#4242
spencerschrock
closed
2 months ago
1
Bug: tools/go.mod has invalid Go version 1.22
#4241
jpmcb
closed
2 months ago
3
:seedling: Bump github.com/goreleaser/goreleaser/v2 from 2.0.1 to 2.1.0 in /tools
#4240
dependabot[bot]
closed
2 months ago
0
:seedling: Bump actions/setup-go from 5.0.1 to 5.0.2
#4239
dependabot[bot]
closed
2 months ago
0
:seedling: Bump the github-actions group with 2 updates
#4238
dependabot[bot]
closed
2 months ago
1
BUG Sonarcloud not detected consistently
#4237
matmair
closed
2 months ago
4
:seedling: Bump github.com/moby/buildkit from 0.14.1 to 0.15.0
#4236
dependabot[bot]
closed
2 months ago
0
📖 Docs: Remove experimental language around maintainer annotations
#4235
raghavkaul
closed
2 months ago
0
:seedling: Bump github.com/google/osv-scanner from 1.8.1 to 1.8.2
#4234
dependabot[bot]
closed
2 months ago
3
:seedling: Bump google.golang.org/grpc from 1.64.0 to 1.64.1
#4233
dependabot[bot]
closed
2 months ago
1
:seedling: Add config e2e test and fix README
#4232
spencerschrock
closed
2 months ago
1
:sparkles: remove experimental gate on maintainer annotation parsing
#4231
spencerschrock
closed
2 months ago
0
:warning: rename annotation IsExempted to Annotations
#4230
spencerschrock
closed
2 months ago
0
:seedling: Bump github.com/google/go-containerregistry from 0.19.2 to 0.20.0
#4229
dependabot[bot]
closed
2 months ago
1
:seedling: Bump sigs.k8s.io/release-utils from 0.8.2 to 0.8.3
#4228
dependabot[bot]
closed
2 months ago
1
:warning: Rename top level package to scorecard and reduce name duplication
#4227
spencerschrock
closed
2 months ago
3
🌱 Update active `cisco` projects, remove `cisco-open` projects
#4226
lelia
closed
2 months ago
2
:warning: Delete dependency diff leftover file
#4225
spencerschrock
closed
2 months ago
0
:seedling: Bump chainguard/static from `a1f8a15` to `d94c01c`
#4224
dependabot[bot]
closed
2 months ago
1
:seedling: Bump the distroless group across 6 directories with 1 update
#4223
dependabot[bot]
closed
2 months ago
0
:seedling: Bump the golang group across 8 directories with 1 update
#4222
dependabot[bot]
closed
2 months ago
1
:seedling: Bump the github-actions group with 2 updates
#4221
dependabot[bot]
closed
2 months ago
1
BUG - Pinned-Dependencies has false positive on multi-stage Dockerfile
#4220
fproulx-boostsecurity
closed
2 months ago
1
Feature: Document whether scorecard should be used as a requirement for organizations consuming OSS
#4219
sudo-bmitch
opened
2 months ago
2
:sparkles: Add machine-readable patch to fix script injections in workflows
#4218
pnacht
opened
2 months ago
6
📖 SECURITY: Represent response times in business days instead of hours
#4217
justaugustus
closed
2 months ago
0
:seedling: Bump the golang group across 8 directories with 1 update
#4216
dependabot[bot]
closed
2 months ago
2
Revisit scoring for Security Policy check
#4215
justaugustus
opened
2 months ago
1
:seedling: Bump chainguard/static from `68b8855` to `a1f8a15`
#4214
dependabot[bot]
closed
2 months ago
0
:seedling: Bump the golang group across 8 directories with 1 update
#4213
dependabot[bot]
closed
2 months ago
3
Previous
Next