v1.0.0
·
387 commits
to main
since this release
v1.0.0
naveensrinivasan
Naveen
This tag was signed with the committerβs verified signature.
naveensrinivasan
Naveen
What's Changed
- π± Skeleton to setup scorecard.dev webapp by @azeemshaikh38 in #1
- π Fix Dockerfile by @azeemshaikh38 in #2
- β¨ Expose the Scorecard webapp on external IP by @azeemshaikh38 in #3
- Setup Scorecard GitHub Action by @azeemshaikh38 in #4
- Create codeql-analysis.yml by @naveensrinivasan in #5
- β¨ Add a Security policy by @azeemshaikh38 in #6
- Create dependabot.yml by @naveensrinivasan in #7
- π± Bump ossf/scorecard-action from 0.0.1 to 0.0.2 by @dependabot in #8
- Update version in workflow comment by @laurentsimon in #10
- π± Bump distroless/base from
46d4514to02f6671by @dependabot in #9 - π± Bump ossf/scorecard-action from 0.0.2 to 1.0.1 by @dependabot in #12
- β¨ Add Google-managed SSL cert by @azeemshaikh38 in #13
- π± Bump ossf/scorecard-action from 1.0.1 to 1.0.2 by @dependabot in #15
- π± Use
GITHUB_TOKENinstead of PAT by @azeemshaikh38 in #17 - Fixing scorecard alerts by @abirismyname in #18
- Fixing Token-Permissions issue by @abirismyname in #19
- Fixing last remaining Token-Permissions issue by @abirismyname in #20
- π± Update github/codeql-action requirement to d39d5d5c9707b926d517b1b292905ef4c03aa777 by @dependabot in #25
- π± Bump ossf/scorecard-action from 1.0.2 to 1.0.3 by @dependabot in #16
- π± Bump ossf/scorecard-action from 1.0.3 to 1.0.4 by @dependabot in #26
- π± Bump actions/checkout from 2.4.0 to 3 by @dependabot in #29
- π± Bump github/codeql-action from 1.1.2 to 1.1.3 by @dependabot in #27
- π± Setup api.securityscorecards.dev by @azeemshaikh38 in #32
- π± Bump actions/upload-artifact from 2.3.1 to 3 by @dependabot in #31
- π± Bump github/codeql-action from 1.1.3 to 1.1.4 by @dependabot in #35
- Scorecard site frontend by @azeemshaikh38 in #45
- π± Dependabot PRs reviewed by scorecard-maintainers by @azeemshaikh38 in #47
- fixed vulnerabilities by @mdunbavan in #48
- Bump nth-check from 1.0.2 to 2.0.1 in /scorecards-site by @dependabot in #49
- π± Bump distroless/base from
02f6671to792dfe7by @dependabot in #51 - π± Bump github/codeql-action from 1.1.4 to 1.1.5 by @dependabot in #50
- π± Bump distroless/base from
792dfe7to764b74bby @dependabot in #53 - π± Bump github/codeql-action from 1.1.5 to 2.1.6 by @dependabot in #56
- Bump minimist from 1.2.5 to 1.2.6 in /scorecards-site by @dependabot in #57
- π± Add staging and prod deployments to scorecard-site by @azeemshaikh38 in #59
- π Fix typo in CloudBuild config by @azeemshaikh38 in #60
- π Remove
automatic_scalingsince it's default by @azeemshaikh38 in #61 - π± Bump github/codeql-action from 2.1.6 to 2.1.7 by @dependabot in #64
- π Fix UI/Content issues by @azeemshaikh38 in #67
- π± Bump github/codeql-action from 2.1.7 to 2.1.8 by @dependabot in #68
- π± Included dependency reviews check by @naveensrinivasan in #69
- GET Endpoint for Scorecard Results Retrieval by @rohankh532 in #55
- fix goat counter script load issue by @mdunbavan in #70
- Fixes/goatcounter issue by @mdunbavan in #72
- PR for issue #75 by @mdunbavan in #74
- bump fix for sidebar not loading by @mdunbavan in #76
- π± Bump actions/checkout from 3.0.0 to 3.0.1 by @dependabot in #77
- Bump async from 2.6.3 to 2.6.4 in /scorecards-site by @dependabot in #78
- π± Bump actions/checkout from 3.0.1 to 3.0.2 by @dependabot in #79
- POST Endpoint for Scorecard Results Verification & Upload by @rohankh532 in #54
- π± Bump github.com/sigstore/cosign from 1.7.1 to 1.7.2 by @dependabot in #84
- π± Bump github.com/sigstore/rekor from 0.5.0 to 0.6.0 by @dependabot in #82
- π± Bump github.com/rhysd/actionlint from 1.6.11 to 1.6.12 by @dependabot in #83
- Fix Workflow Global Permissions Nil Check by @rohankh532 in #85
- π± Bump actions/dependency-review-action from 3f943b86c9a289f4e632c632695e2e0898d9d67d to 1 by @dependabot in #91
- π± Bump github.com/go-openapi/runtime from 0.23.3 to 0.24.1 by @dependabot in #89
- π± Bump github/codeql-action from 2.1.8 to 2.1.10 by @dependabot in #90
- π± Bump github.com/sigstore/cosign from 1.7.2 to 1.8.0 by @dependabot in #87
- Fixed codeql to include Javascript by @naveensrinivasan in #92
- π± Bump github/codeql-action from 2.1.10 to 2.1.11 by @dependabot in #93
- π± Bump github.com/rhysd/actionlint from 1.6.12 to 1.6.13 by @dependabot in #94
- π± Bump distroless/base from
764b74btod65ac1aby @dependabot in #95 - π± Bump actions/upload-artifact from 3.0.0 to 3.1.0 by @dependabot in #96
- π± Bump actions/dependency-review-action from 1.0.1 to 1.0.2 by @dependabot in #97
- π± Code cleanup by @azeemshaikh38 in #102
- π± Bump ossf/scorecard-action from 1.0.4 to 1.1.1 by @dependabot in #101
- π± Bump github/codeql-action from 2.1.11 to 2.1.12 by @dependabot in #100
- π± Add CI for linter, license and build by @azeemshaikh38 in #103
- π± Fix linter issues by @azeemshaikh38 in #105
- π± More cleanup by @azeemshaikh38 in #107
- π± Remove k8s file and deploy through CloudRun by @azeemshaikh38 in #109
- π± Update the POST API request by @azeemshaikh38 in #111
- π Fix code causing errors in web server by @azeemshaikh38 in #114
- π Fix scorecard-action e2e test breakages by @azeemshaikh38 in #119
- Included endorlabs as a contributor by @naveensrinivasan in #134
- π± Replace Sigstore library calls with REST API by @azeemshaikh38 in #136
- sparkles feat: add verification for fulcio issued cert by @asraa in #138
- π± Bump github.com/google/go-cmp from 0.5.7 to 0.5.8 by @dependabot in #115
- π± Bump distroless/base from
d65ac1atoe672eb7by @dependabot in #117 - π± Bump actions/dependency-review-action from 1.0.2 to 2.0.2 by @dependabot in #120
- π± Bump ossf/scorecard-action from 1.1.1 to 1.1.2 by @dependabot in #129
- π± Bump github/codeql-action from 2.1.12 to 2.1.16 by @dependabot in #139
- π± Bump github.com/stretchr/testify from 1.7.1 to 1.8.0 by @dependabot in #132
- β¨ Verify inclusion proof for returned Rekor entry by @azeemshaikh38 in #140
- π± Bump actions/setup-go from 3.2.0 to 3.2.1 by @dependabot in #137
- π± Bump github.com/rhysd/actionlint from 1.6.13 to 1.6.15 by @dependabot in #130
- π Fix bug in uuid lookup by @azeemshaikh38 in #141
- π Rekor returns wrong UUID that needs truncation by @azeemshaikh38 in #142
- π± Bump actions/dependency-review-action from 2.0.2 to 2.0.4 by @dependabot in #143
- π± Bump distroless/base from
ad6969fto49d2923by @dependabot in #145 - π± Bump github.com/go-openapi/strfmt from 0.21.2 to 0.21.3 by @dependabot in #144
- π± Bump github.com/onsi/gomega from 1.19.0 to 1.20.0 by @dependabot in #146
- β¨ Enable Scorecard badge by @azeemshaikh38 in #149
- π Fix the job permission for Scorecard action by @azeemshaikh38 in #150
- π± Bump github/codeql-action from 2.1.16 to 2.1.17 by @dependabot in #151
- β¨ Record and return per-commit results in API by @azeemshaikh38 in #152
- deploy dist folder to test by @mdunbavan in #154
- Included additional tests for validate workflow by @naveensrinivasan in #153
- π± Bump github/codeql-action from 2.1.17 to 2.1.18 by @dependabot in #155
- create .toml file by @mdunbavan in #157
- π± Meet the requirements for Netlify's OSS plan by @azeemshaikh38 in #160
- π Update netlify.toml by @azeemshaikh38 in #161
- README: Prefer non-generated name for Netlify site badge by @justaugustus in #162
- π± Upgrade to go 1.18 by @naveensrinivasan in #159
- Bump parse-url from 6.0.0 to 6.0.5 in /scorecards-site by @dependabot in #164
- Bump terser from 4.8.0 to 4.8.1 in /scorecards-site by @dependabot in #147
- Bump got from 11.8.3 to 11.8.5 in /scorecards-site by @dependabot in #124
- π± Unit tests for extract cert info by @naveensrinivasan in #158
- π± Add Netlify badge to the site by @azeemshaikh38 in #165
- πΏ Code cleanup by @azeemshaikh38 in #166
- Updated the endor logo by @naveensrinivasan in #167
- β¨ Use OpenAPI/Swagger for API boilerplate by @azeemshaikh38 in #168
- π Fix wrong URL by @azeemshaikh38 in #169
- π± Bump actions/dependency-review-action from 2.0.4 to 2.1.0 by @dependabot in #176
- π Add documentation by @azeemshaikh38 in #179
- π± Update scorecard-action to v2:alpha by @azeemshaikh38 in #178
- π± Bump github.com/go-openapi/swag from 0.21.1 to 0.22.3 by @dependabot in #177
- π± Bump github.com/go-openapi/spec from 0.20.6 to 0.20.7 by @dependabot in #175
- π± Bump github.com/go-openapi/loads from 0.21.1 to 0.21.2 by @dependabot in #174
- π± Bump github.com/rhysd/actionlint from 1.6.15 to 1.6.16 by @dependabot in #181
- π± Bump github.com/go-openapi/errors from 0.20.2 to 0.20.3 by @dependabot in #171
- π± Bump github/codeql-action from 2.1.18 to 2.1.19 by @dependabot in #180
- π Fix bug in static page rendering by @azeemshaikh38 in #182
- β¨ Setup Cloud Endpoints by @azeemshaikh38 in #186
- π± Bump github/codeql-action from 2.1.19 to 2.1.21 by @dependabot in #187
- π± Bump actions/setup-go from 3.2.1 to 3.3.0 by @dependabot in #185
- π± Update the site title by @azeemshaikh38 in #191
- Fix - Go version by @naveensrinivasan in #195
- π± Fuzzing some funcs by @naveensrinivasan in #194
- π± Bump github.com/onsi/gomega from 1.20.0 to 1.20.2 by @dependabot in #193
New Contributors
- @naveensrinivasan made their first contribution in #5
- @dependabot made their first contribution in #8
- @laurentsimon made their first contribution in #10
- @abirismyname made their first contribution in #18
- @rohankh532 made their first contribution in #55
- @asraa made their first contribution in #138
- @justaugustus made their first contribution in #162
Full Changelog: https://github.com/ossf/scorecard-webapp/commits/v1.0.0
Contributors
naveensrinivasan, justaugustus, and 7 other contributors