v1.1.1

What's Changed

Fix for #323

Full Changelog: v1.1.0...v1.1.1

v1.1.0

Main changes

This release lets you run Scorecards without creating a PAT token. If you don't provide a PAT token, Scorecards will use the default GITHUB_TOKEN available in the workflow. Due to limitations of the permissions model and GitHub APIs, be aware of the following limitations:

1. Without a PAT, the Branch-Protection is not supported, so it will be disabled. You will not receive alerts for this check.
2. Scorecards only supports PAT on private repositories. If you want to install Scorecards on a private repository, you still need to use a PAT.

For more information, visit the README.md

New Contributors

• @rohankh532 made their first contribution in #112
• @justaugustus made their first contribution in #126
• @jamietanna made their first contribution in #145
• @jonasbb made their first contribution in #129
• @azeemshaikh38 made their first contribution in #247

Full Changelog: v1.0.4...v1.1.0

v1.0.4

Summary

This release fixes null repository and branch issues: see #106, #84 and #73

What's Changed

• Update codeql-analysis.yml by @jauderho in #76
• use GITHUB_REPOSITORY in shell script by @laurentsimon in #83
• Bump github/codeql-action from 1.0.30 to 1.0.31 by @dependabot in #81
• ✨ Add warning for empty repo token by @laurentsimon in #71
• 🐛 Fix default parameter requirement by @laurentsimon in #89
• ✨ Initial porting the shellscript to go by @naveensrinivasan in #87
• 🌱 Golang CI for clean code. by @naveensrinivasan in #90
• Bump github/codeql-action from 1.0.31 to 1.0.32 by @dependabot in #93
• 🌱 Porting shell script to Go by @naveensrinivasan in #94
• 🌱 More tests by @naveensrinivasan in #95
• 🐛 Fix null is fork in script by @laurentsimon in #98
• 🌱 Porting of shell script to go by @naveensrinivasan in #99
• Bump github/codeql-action from 1.0.32 to 1.1.0 by @dependabot in #102
• Bump actions/setup-go from 2.1.5 to 2.2.0 by @dependabot in #101
• 🌱 Final bits of porting the shell to go by @naveensrinivasan in #103
• 🌱 Dependabot for go by @naveensrinivasan in #104
• 🌱 Verify clean env in build by @naveensrinivasan in #105

New Contributors

• @dependabot made their first contribution in #81

Full Changelog: v1.0.3...v1.0.4

v1.0.3

What's Changed

• Bump hash for v1.0.2 by @laurentsimon in #69
• Missing slash in README.md by @ChrisCarini in #74
• 🐛 Fix null default branch/private fields by @laurentsimon in #75

New Contributors

• @ChrisCarini made their first contribution in #74

Full Changelog: v1.0.2...v1.0.3

v1.0.2

What's Changed

• Bump the hash in doc by @laurentsimon in #62
• Update README.md by @olivekl in #65
• 📖 Add doc about SAML SSO by @laurentsimon in #67
• 🐛 Support arbitrary default branch by @laurentsimon in #68

Full Changelog: v1.0.1...v1.0.2

v1.0.1

Description

This update uses Scorecards's v4.0.1 release.

What's Changed

• Fixing repo token secret typo by @abirismyname in #58
• ✨ Icons for partnered action by @laurentsimon in #59
• Bump dockerfile hash to fix SARIF semVer by @laurentsimon in #60
• Update README.md with v1.0.1 hash by @laurentsimon in #61

New Contributors

• @abirismyname made their first contribution in #58

Full Changelog: v1.0.0...v1.0.1

v1.0.0

Description

This release of Scorecard's GitHub action is the first stable release. It uses Scorecard's V4 version.

Contributors

Huge thanks to all community contributors

@laurentsimon, @naveensrinivasan, @azeemshaikh38, @olivekl

New Contributors

• @olivekl made their first contribution in #46

Mailing lists

• Stay updated with new releases and other announcements by joining ossf-scorecard-announce@googlegroups.com.
• Ask questions, get access to design docs, etc. by joining ossf-scorecard-dev@googlegroups.com.

Full Changelog: v0.0.2...v1.0.0

Testing release (v0.0.2) before official release

Pre-release test

Testing release (v0.0.1) before official release

Pre-release test