Releases: ossf/pvtr-github-repo-scanner
Releases · ossf/pvtr-github-repo-scanner
v0.3.0
Immutable
release. Only release title and notes can be modified.
Changelog
🚀 Features
- feat: implement OSPS-LE-02.02 assessment for released software assets @zohayb23 (#139)
- refactor: make IsCodeRepo testable using GitHub client @zohayb23 (#110)
🐛 Bug Fixes
- fix: missed some checkouts that are still persisting credentials @jmeridth (#137)
- fix: update dependabot labels @jmeridth (#138)
- fix: bugs related to incorrect SecurityInsights loading @trumant (#132)
- fix: spelling in message @trumant (#131)
- fix: Linting the catalog/recommendations retrieval @eddie-knight (#121)
🧰 Maintenance
- test: Add unit test for getLicenseList function @zohayb23 (#125)
- chore(ci): build against latest stable go version @trumant (#135)
- chore(deps): bump the dependencies group with 3 updates @dependabot[bot] (#133)
- chore(deps): bump github.com/go-viper/mapstructure/v2 from 2.2.1 to 2.4.0 @dependabot[bot] (#128)
- test: Add unit tests for splitSpdxExpression function @zohayb23 (#126)
- test: Add success path test case for OSPS-LE-03.02 license verification @zohayb23 (#122)
- ci: Update release drafter labels and patterns @eddie-knight (#116)
- chore(deps): bump github/ospo-reusable-workflows from 0.5.2 to 0.5.3 in the dependencies group @dependabot[bot] (#117)
- chore(deps): bump the dependencies group with 2 updates @dependabot[bot] (#115)
See details of all code changes since previous release
Contributors
jmeridth, trumant, and 2 other contributors
Assets 3
v0.2.0
Contributors
jmeridth
Assets 10
v0.1.0
Warning
This release artifact is intended for development and feedback purposes only.
Please take time to understand the risks of adopting this software in its current state.
Changelog
- feat: add baseline data for recommendations @speas038 (#111)
- chore: use gemara v0.3.10 in place of sci @trumant (#95)
- feat: add Codeql config for GH advanced security @trumant (#108)
- fix: update security insights repo URL @trumant (#109)
- refactor: Move IsCodeRepo checks to reusable steps @zohayb23 (#103)
- refactor: replace interface{} with any @zohayb23 (#101)
- feat: Upgrade Privateer SDK to v1.3.0 @zohayb23 (#99)
- feat: Halt on Non-Code Repositories @zohayb23 (#97)
- fix: MFA will no longer fail if token is unprivileged @eddie-knight (#93)
- fix: Added handling for no workflows directory @eddie-knight (#92)
- fix: Correct universally failing cicdSanitizedInputParameters @eddie-knight (#91)
- fix: Add error message in the event of error on repo tree query @eddie-knight (#89)
- chore: Refactored rest logic to use more ghClient library @eddie-knight (#87)
- If SI not found, set NeedsReview instead of Failed @eddie-knight (#51)
- test: increase unit test coverage of github rest api interactions @trumant (#80)
- fix: Removed retrieval of full dependency manifest data @eddie-knight (#79)
- fix: json cannot encode if githubv4.URI is nil @eddie-knight (#78)
- refactor: introduce use of github rest api client @trumant (#73)
- feat: implement check for LE-03.02 @trumant (#69)
- feat: OSPS-VM-06 @speas038 (#63)
- feat: multiple workflows to deal with auto-labelling, auto-releasing @jmeridth (#66)
- Fix GraphQL query structure so the test run again @speas038 (#58)
- fix: improve build and lint CI workflows @trumant (#60)
- Basic implementation of QA-06.02 and QA-06.03 @trumant (#55)
- Add more specific/explicit reusable step for Github Terms of Service @trumant (#54)
- Correcting typo @trumant (#56)
- Restored check for SI with IsActive on items where SI is always needed @eddie-knight (#50)
- Adding support for OSPS-DO-04.01 and OSPS-DO-05.01 @trumant (#45)
- QA-02.01 Test Added #24 @vpavankalyan (#48)
- feat: Make more checks compatible for general public scanning @eddie-knight (#49)
- OSPS-BR-01.01 @speas038 (#39)
- QA-07 Test Added | #28 @vpavankalyan (#40)
- typofix: 'devtest' entered the code by mistake @eddie-knight (#38)
- Added QA-06.01 @eddie-knight (#37)
- Added QA-05 search for binaries by file name @eddie-knight (#14)
- Update security insights loading to ignore case @jpower432 (#15)
- Added null skip to license check @eddie-knight (#12)
- Updating local development guidance @trumant (#8)
- feat: github actions workflows for linting and build @jmeridth (#7)
- feat: CODEOWNERS @jmeridth (#9)
- Added assesment for OSPS_QA_03 @eddie-knight (#5)
- VM_02 Test Added @vpavankalyan (#1)
🐛 Bug Fixes
- fix: binary known files validation @joanagmaia (#118)
- fix: lint issues @trumant (#119)
🧰 Maintenance
- chore(deps): bump goreleaser/goreleaser-action from 6.3.0 to 6.4.0 in the dependencies group @dependabot[bot] (#112)
- chore(deps): bump actions/checkout from 4 to 5 @dependabot[bot] (#113)
- chore(deps): bump github/ospo-reusable-workflows from 0.5.1 to 0.5.2 in the dependencies group @dependabot[bot] (#107)
- chore(deps): bump the dependencies group across 1 directory with 2 updates @dependabot[bot] (#106)
- chore(deps): bump actions/checkout from 4.2.2 to 5.0.0 @dependabot[bot] (#105)
- chore(deps): bump github/ospo-reusable-workflows from 0.5.0 to 0.5.1 in the dependencies group @dependabot[bot] (#90)
- chore(deps): bump golangci/golangci-lint-action from 7.0.0 to 8.0.0 @dependabot[bot] (#81)
- chore(deps): bump github.com/revanite-io/sci from 0.3.3 to 0.3.4 in the dependencies group @dependabot[bot] (#75)
- chore(deps): bump github/ospo-reusable-workflows from 0.4.6 to 0.5.0 in the dependencies group @dependabot[bot] (#68)
- chore(deps): bump github.com/revanite-io/sci from 0.3.2 to 0.3.3 in the dependencies group across 1 directory @dependabot[bot] (#67)
- chore(deps): bump golangci/golangci-lint-action from 6.5.2 to 7.0.0 @dependabot[bot] (#44)
- chore(deps): bump actions/setup-go from 5.3.0 to 5.4.0 in the dependencies group @dependabot[bot] (#43)
- chore(deps): bump golang.org/x/net from 0.34.0 to 0.36.0 @dependabot[bot] (#6)
- chore(deps): bump the dependencies group across 1 directory with 3 updates @dependabot[bot] (#4)
See details of all code changes since previous release
Contributors
jmeridth, trumant, and 6 other contributors