v0.13.0

Changelog

🚀 Features

• feat: filter notrun and fix result types @zohayb23 (#196)

🐛 Bug Fixes

• fix: Add https:// prefix to PluginUri for valid SARIF URI @zohayb23 (#195)
• fix: Improve logging when an error is encontered in SI @eddie-knight (#184)

🧰 Maintenance

• chore: Update privateer-sdk to v1.13.1 with SARIF fix @zohayb23 (#193)
• chore(deps): bump github.com/privateerproj/privateer-sdk from 1.10.0 to 1.12.1 in the dependencies group @dependabot[bot] (#190)
• chore(deps): bump anchore/sbom-action from 0.20.8 to 0.20.9 in the dependencies group @dependabot[bot] (#187)
• chore(deps): bump actions/upload-artifact from 4.6.2 to 5.0.0 @dependabot[bot] (#188)
• chore(deps): bump actions/download-artifact from 5.0.0 to 6.0.0 @dependabot[bot] (#186)
• chore(deps): bump anchore/sbom-action from 0.20.6 to 0.20.8 in the dependencies group @dependabot[bot] (#183)
• test: Add mock ghclient to TestCheckFile with dependency injection @zohayb23 (#185)
• chore(deps): bump github.com/rhysd/actionlint from 1.7.7 to 1.7.8 in the dependencies group @dependabot[bot] (#182)
• chore(deps): bump github/codeql-action from 3 to 4 @dependabot[bot] (#181)
• chore: simplify catalog handling via sdk v1.10.0 @eddie-knight (#180)
• chore(deps): bump golang.org/x/oauth2 from 0.31.0 to 0.32.0 in the dependencies group across 1 directory @dependabot[bot] (#172)

See details of all code changes since previous release

v0.12.0

Changelog

🚀 Features

• feat: simplify plugin structure via SDK v1.9.0 @eddie-knight (#171)

See details of all code changes since previous release

v0.11.0

Changelog

🚀 Features

• feat(ci): add sbom generation @trumant (#165)

🧰 Maintenance

• chore: update all go builds to 1.25.1 @trumant (#164)
• chore: enforce test coverage @trumant (#159)

See details of all code changes since previous release

v0.10.0

Changelog

🚀 Features

• feat: improve AC-04.01 evaluation coverage @trumant (#158)

See details of all code changes since previous release

v0.9.0

Changelog

🚀 Features

• feat(ci): attest release artifacts @trumant (#163)

🧰 Maintenance

• chore(docs): update README @trumant (#162)

See details of all code changes since previous release

v0.8.0

Changelog

🚀 Features

• feat: add support for sarif output @eddie-knight (#156)

See details of all code changes since previous release

v0.7.0

Changelog

🚀 Features

• feat: implement OSPS-VM-03.01 private vulnerability reporting assessment @zohayb23 (#154)

🧰 Maintenance

• test: Add comprehensive unit tests for goodLicense with dependency injection @zohayb23 (#136)

See details of all code changes since previous release

v0.6.0

Changelog

🚀 Features

• feat: implement OSPS-VM-01.01 vulnerability disclosure policy assessment @zohayb23 (#153)

🐛 Bug Fixes

• fix: resolve gemara v0.9.0 compatibility issues @zohayb23 (#152)
• fix: remove code check dependency for ci check @trumant (#144)

🧰 Maintenance

• chore(deps): bump github/ospo-reusable-workflows from 0.5.3 to 0.5.4 in the dependencies group @dependabot[bot] (#151)

See details of all code changes since previous release

v0.5.1

Changelog

🚀 Features

• feat: implement OSPS-DO-03-02 identity verification assessment @zohayb23 (#149)

🐛 Bug Fixes

• fix: duplicate data loading @trumant (#148)
• fix: remove code check dependency for primary branch protection check @trumant (#142)
• fix: QA-02.01 to return NeedsReview @trumant (#146)

🧰 Maintenance

• chore(docs): rm defunct contributor guidance @trumant (#140)

See details of all code changes since previous release

v0.4.0

Changelog

🚀 Features

• feat: add support for BR-07.01 and BR-07.02 @trumant (#127)

See details of all code changes since previous release