Ecosyste.ms: Issues

An open API service for providing issue and pull request metadata for open source projects.

GitHub / ossf/scorecard issues and pull requests

#4315 - Feature: Check custom CII Best Practices URL

Issue - State: open - Opened by jmgate 3 months ago - 4 comments
Labels: kind/enhancement, good first issue, check/CII-Best-Practices

#4314 - :seedling: Bump github/codeql-action from 3.26.0 to 3.26.5 in the github-actions group across 1 directory

Pull Request - State: closed - Opened by dependabot[bot] 3 months ago - 1 comment
Labels: dependencies, github_actions

#4313 - :seedling: Bump github.com/google/osv-scanner from 1.8.3 to 1.8.4

Pull Request - State: closed - Opened by dependabot[bot] 3 months ago - 2 comments
Labels: dependencies, go

#4312 - :seedling: Bump the golang group across 8 directories with 1 update

Pull Request - State: closed - Opened by dependabot[bot] 3 months ago - 1 comment
Labels: dependencies, docker

#4310 - Update verify.yml

Pull Request - State: closed - Opened by TateGunning 3 months ago - 2 comments

#4309 - :seedling: Bump github.com/onsi/ginkgo/v2 from 2.19.1 to 2.20.1 in /tools

Pull Request - State: closed - Opened by dependabot[bot] 3 months ago - 1 comment
Labels: dependencies, go

#4308 - :seedling: Bump github.com/onsi/ginkgo/v2 from 2.19.1 to 2.20.1

Pull Request - State: closed - Opened by dependabot[bot] 3 months ago - 1 comment
Labels: dependencies, go

#4306 - :seedling: Bump github/codeql-action from 3.26.0 to 3.26.2 in the github-actions group

Pull Request - State: closed - Opened by dependabot[bot] 3 months ago - 2 comments
Labels: dependencies, github_actions

#4305 - :seedling: Bump the golang group across 8 directories with 1 update

Pull Request - State: closed - Opened by dependabot[bot] 3 months ago - 2 comments
Labels: dependencies, docker

#4304 - Merge pull request #1 from ossf/main

Pull Request - State: closed - Opened by TateGunning 3 months ago - 1 comment

#4303 - Internal Go error when scanning a package internal to my own gitlab instance

Issue - State: open - Opened by andrew-lovato 3 months ago - 1 comment
Labels: kind/bug

#4302 - :seedling: Bump gocloud.dev from 0.38.0 to 0.39.0

Pull Request - State: closed - Opened by dependabot[bot] 3 months ago
Labels: dependencies, go

#4301 - :seedling: Bump github.com/golangci/golangci-lint from 1.59.1 to 1.60.1 in /tools

Pull Request - State: closed - Opened by dependabot[bot] 3 months ago - 1 comment
Labels: dependencies, go

#4300 - :seedling: Update Go toolchain to 1.23

Pull Request - State: closed - Opened by spencerschrock 3 months ago - 1 comment

#4299 - document and implement changes to the BigQuery schema

Issue - State: open - Opened by spencerschrock 3 months ago - 2 comments
Labels: kind/docs, cron-job, area/bigquery, Stale

#4298 - :seedling: Bump github.com/onsi/ginkgo/v2 from 2.19.1 to 2.20.0 in /tools

Pull Request - State: closed - Opened by dependabot[bot] 3 months ago - 1 comment
Labels: dependencies, go

#4297 - :seedling: Bump github.com/onsi/ginkgo/v2 from 2.19.1 to 2.20.0

Pull Request - State: closed - Opened by dependabot[bot] 3 months ago - 1 comment
Labels: dependencies, go

#4296 - Proposal: Align Scorecard checks with S2C2F Maturity Level 2 requirements

Issue - State: open - Opened by adriandiglio 3 months ago - 1 comment
Labels: kind/enhancement, Stale

#4295 - :seedling: Bump chainguard/static from `d751850` to `5e9c881`

Pull Request - State: closed - Opened by dependabot[bot] 3 months ago - 2 comments
Labels: dependencies, docker

#4294 - :seedling: Bump the golang group across 8 directories with 1 update

Pull Request - State: closed - Opened by dependabot[bot] 3 months ago
Labels: dependencies, docker

#4293 - :seedling: Bump the github-actions group with 4 updates

Pull Request - State: closed - Opened by dependabot[bot] 3 months ago
Labels: dependencies, github_actions

#4291 - Resource

Pull Request - State: closed - Opened by MichaelBiegluk 4 months ago

#4290 - :sparkles: Switched API release links to non-API release links

Pull Request - State: closed - Opened by klbynum 4 months ago - 3 comments

#4289 - :seedling: Add more repos to the cron analysis list

Pull Request - State: closed - Opened by katzj 4 months ago - 2 comments
Labels: Stale

#4288 - :seedling: Bump github.com/google/osv-scanner from 1.8.2 to 1.8.3

Pull Request - State: closed - Opened by dependabot[bot] 4 months ago - 2 comments
Labels: dependencies, go

#4287 - :seedling: Bump github.com/google/go-containerregistry from 0.20.1 to 0.20.2

Pull Request - State: closed - Opened by dependabot[bot] 4 months ago
Labels: dependencies, go

#4286 - :seedling: Bump golang.org/x/text from 0.16.0 to 0.17.0

Pull Request - State: closed - Opened by dependabot[bot] 4 months ago
Labels: dependencies, go

#4285 - :seedling: Bump github.com/google/ko from 0.15.4 to 0.16.0 in /tools

Pull Request - State: closed - Opened by dependabot[bot] 4 months ago
Labels: dependencies, go

#4284 - :seedling: Bump cloud.google.com/go/pubsub from 1.40.0 to 1.41.0

Pull Request - State: closed - Opened by dependabot[bot] 4 months ago
Labels: dependencies, go

#4283 - :seedling: Bump golang.org/x/oauth2 from 0.21.0 to 0.22.0

Pull Request - State: closed - Opened by dependabot[bot] 4 months ago
Labels: dependencies, go

#4282 - :seedling: Bump actions/upload-artifact from 4.3.4 to 4.3.5 in the github-actions group

Pull Request - State: closed - Opened by dependabot[bot] 4 months ago - 1 comment
Labels: dependencies, github_actions

#4281 - :seedling: Bump the golang group across 8 directories with 1 update

Pull Request - State: closed - Opened by dependabot[bot] 4 months ago
Labels: dependencies, docker

#4280 - BUG

Issue - State: closed - Opened by Azooz1988 4 months ago - 1 comment
Labels: kind/bug

#4279 - :seedling: Bump github.com/onsi/ginkgo/v2 from 2.19.0 to 2.19.1 in /tools

Pull Request - State: closed - Opened by dependabot[bot] 4 months ago
Labels: dependencies, go

#4278 - :seedling: Bump sigs.k8s.io/release-utils from 0.8.3 to 0.8.4

Pull Request - State: closed - Opened by dependabot[bot] 4 months ago
Labels: dependencies, go

#4277 - :seedling: Bump github.com/onsi/ginkgo/v2 from 2.19.0 to 2.19.1

Pull Request - State: closed - Opened by dependabot[bot] 4 months ago
Labels: dependencies, go

#4276 - :seedling: Bump the github-actions group across 1 directory with 3 updates

Pull Request - State: closed - Opened by dependabot[bot] 4 months ago
Labels: dependencies, github_actions

#4275 - :book: Updated CI-Test description

Pull Request - State: closed - Opened by Jordin221 4 months ago

#4274 - :seedling: skip failing GitHub status e2e test temporarily

Pull Request - State: closed - Opened by spencerschrock 4 months ago

#4273 - Investigate GitHub commit status failures

Issue - State: open - Opened by spencerschrock 4 months ago - 1 comment
Labels: kind/bug, GitHub, check/CI-Tests

#4272 - Update Code Section Format in Readme

Issue - State: open - Opened by Jordin221 4 months ago - 2 comments
Labels: kind/docs, Stale

#4271 - :book: Updated Vulnerability Check Description.

Pull Request - State: closed - Opened by klbynum 4 months ago

#4270 - :book: Fix typo in branch protections details

Pull Request - State: closed - Opened by martincostello 4 months ago

#4269 - Apetree100122 patch 2

Pull Request - State: closed - Opened by Apetree100122 4 months ago - 2 comments

#4268 - Update root.go

Pull Request - State: closed - Opened by Apetree100122 4 months ago

#4267 - :seedling: Bump github.com/docker/docker from 26.1.3+incompatible to 26.1.4+incompatible in /tools

Pull Request - State: closed - Opened by dependabot[bot] 4 months ago - 4 comments
Labels: dependencies, go

#4266 - :seedling: Bump github.com/onsi/gomega from 1.33.1 to 1.34.1

Pull Request - State: closed - Opened by dependabot[bot] 4 months ago
Labels: dependencies, go

#4265 - :seedling: Bump github.com/moby/buildkit from 0.15.0 to 0.15.1

Pull Request - State: closed - Opened by dependabot[bot] 4 months ago
Labels: dependencies, go

#4264 - :seedling: Bump the github-actions group with 2 updates

Pull Request - State: closed - Opened by dependabot[bot] 4 months ago - 1 comment
Labels: dependencies, github_actions

#4263 - :seedling: Bump chainguard/static from `e78eb21` to `d751850`

Pull Request - State: closed - Opened by dependabot[bot] 4 months ago
Labels: dependencies, docker

#4262 - :book: Updated Scorecard link in README.md

Pull Request - State: closed - Opened by Wavyeli32 4 months ago

#4261 - :seedling: Bump github.com/onsi/gomega from 1.33.1 to 1.34.0

Pull Request - State: closed - Opened by dependabot[bot] 4 months ago - 1 comment
Labels: dependencies, go

#4260 - :seedling: Bump gocloud.dev from 0.37.0 to 0.38.0

Pull Request - State: closed - Opened by dependabot[bot] 4 months ago
Labels: dependencies, go

#4259 - :bug: Update Org RepoClient creation to use transport from parent Client

Pull Request - State: closed - Opened by jeffmendoza 4 months ago - 2 comments

#4258 - Documentation: Document how to call Scorecard as a library.

Issue - State: open - Opened by jeffmendoza 4 months ago - 2 comments
Labels: kind/docs, kind/enhancement, Stale

#4257 - Feature scorecard.Run() should take a leveled logging object/interface instead of or alternatively to log level.

Issue - State: open - Opened by jeffmendoza 4 months ago - 3 comments
Labels: kind/enhancement, Stale

#4256 - Feature: scorecard.Run() should accept an http.RoundTripper to be used for all outgoing http requests

Issue - State: open - Opened by jeffmendoza 4 months ago - 3 comments
Labels: kind/enhancement, Stale

#4255 - BUG githubrepo.Client.GetOrgRepoClient() does not use parent Client transport

Issue - State: closed - Opened by jeffmendoza 4 months ago - 3 comments
Labels: kind/bug, check/Security-Policy

#4254 - Request: make the internal/packageclient package not internal

Issue - State: closed - Opened by jeffmendoza 4 months ago - 5 comments
Labels: kind/enhancement

#4253 - Feature: Checks should support powershell scripts

Issue - State: open - Opened by balteravishay 4 months ago
Labels: kind/enhancement

#4252 - BUG: .Net pinned dependency should support Central Package Management

Issue - State: open - Opened by balteravishay 4 months ago - 1 comment
Labels: kind/bug

#4251 - BUG: .Net Pinned dependency check ignores using RestoreLockedMode

Issue - State: closed - Opened by balteravishay 4 months ago
Labels: kind/bug

#4250 - :seedling: Bump cloud.google.com/go/bigquery from 1.61.0 to 1.62.0

Pull Request - State: closed - Opened by dependabot[bot] 4 months ago - 1 comment
Labels: dependencies, go

#4249 - :seedling: Bump the github-actions group across 1 directory with 4 updates

Pull Request - State: closed - Opened by dependabot[bot] 4 months ago
Labels: dependencies, github_actions

#4248 - :seedling: Bump chainguard/static from `d94c01c` to `e78eb21`

Pull Request - State: closed - Opened by dependabot[bot] 4 months ago
Labels: dependencies, docker

#4247 - Incorrectly formatted example link

Issue - State: closed - Opened by JeremiahAHoward 4 months ago - 2 comments
Labels: kind/bug

#4245 - restore ability to see individual PR results for SAST and Code-Review and document it

Issue - State: open - Opened by spencerschrock 4 months ago - 1 comment
Labels: kind/enhancement, check/Code-Review, check/SAST, Stale

#4244 - :seedling: Bump github.com/google/go-containerregistry from 0.20.0 to 0.20.1

Pull Request - State: closed - Opened by dependabot[bot] 4 months ago - 1 comment
Labels: dependencies, go

#4243 - :seedling: Bump github.com/xanzy/go-gitlab from 0.106.0 to 0.107.0

Pull Request - State: closed - Opened by dependabot[bot] 4 months ago
Labels: dependencies, go

#4242 - :book: mark codeApproved and sastToolRunsOnAllCommits as experimental

Pull Request - State: closed - Opened by spencerschrock 4 months ago - 1 comment

#4241 - Bug: tools/go.mod has invalid Go version 1.22

Issue - State: closed - Opened by jpmcb 4 months ago - 3 comments
Labels: kind/bug

#4240 - :seedling: Bump github.com/goreleaser/goreleaser/v2 from 2.0.1 to 2.1.0 in /tools

Pull Request - State: closed - Opened by dependabot[bot] 4 months ago
Labels: dependencies, go

#4239 - :seedling: Bump actions/setup-go from 5.0.1 to 5.0.2

Pull Request - State: closed - Opened by dependabot[bot] 4 months ago
Labels: dependencies, github_actions

#4238 - :seedling: Bump the github-actions group with 2 updates

Pull Request - State: closed - Opened by dependabot[bot] 4 months ago - 1 comment
Labels: dependencies, github_actions

#4237 - BUG Sonarcloud not detected consistently

Issue - State: closed - Opened by matmair 4 months ago - 4 comments
Labels: kind/bug, check/SAST

#4236 - :seedling: Bump github.com/moby/buildkit from 0.14.1 to 0.15.0

Pull Request - State: closed - Opened by dependabot[bot] 4 months ago
Labels: dependencies, go

#4234 - :seedling: Bump github.com/google/osv-scanner from 1.8.1 to 1.8.2

Pull Request - State: closed - Opened by dependabot[bot] 4 months ago - 3 comments
Labels: dependencies, go

#4233 - :seedling: Bump google.golang.org/grpc from 1.64.0 to 1.64.1

Pull Request - State: closed - Opened by dependabot[bot] 5 months ago - 1 comment
Labels: dependencies, go

#4232 - :seedling: Add config e2e test and fix README

Pull Request - State: closed - Opened by spencerschrock 5 months ago - 1 comment

#4230 - :warning: rename annotation IsExempted to Annotations

Pull Request - State: closed - Opened by spencerschrock 5 months ago

#4229 - :seedling: Bump github.com/google/go-containerregistry from 0.19.2 to 0.20.0

Pull Request - State: closed - Opened by dependabot[bot] 5 months ago - 1 comment
Labels: dependencies, go

#4228 - :seedling: Bump sigs.k8s.io/release-utils from 0.8.2 to 0.8.3

Pull Request - State: closed - Opened by dependabot[bot] 5 months ago - 1 comment
Labels: dependencies, go

#4227 - :warning: Rename top level package to scorecard and reduce name duplication

Pull Request - State: closed - Opened by spencerschrock 5 months ago - 3 comments

#4226 - 🌱 Update active `cisco` projects, remove `cisco-open` projects

Pull Request - State: closed - Opened by lelia 5 months ago - 2 comments

#4225 - :warning: Delete dependency diff leftover file

Pull Request - State: closed - Opened by spencerschrock 5 months ago

#4224 - :seedling: Bump chainguard/static from `a1f8a15` to `d94c01c`

Pull Request - State: closed - Opened by dependabot[bot] 5 months ago - 1 comment
Labels: dependencies, docker

#4223 - :seedling: Bump the distroless group across 6 directories with 1 update

Pull Request - State: closed - Opened by dependabot[bot] 5 months ago
Labels: dependencies, docker

#4222 - :seedling: Bump the golang group across 8 directories with 1 update

Pull Request - State: closed - Opened by dependabot[bot] 5 months ago - 1 comment
Labels: dependencies, docker

#4221 - :seedling: Bump the github-actions group with 2 updates

Pull Request - State: closed - Opened by dependabot[bot] 5 months ago - 1 comment
Labels: dependencies, github_actions

#4220 - BUG - Pinned-Dependencies has false positive on multi-stage Dockerfile

Issue - State: closed - Opened by fproulx-boostsecurity 5 months ago - 1 comment
Labels: kind/bug, check/Pinned-Dependencies

#4218 - :sparkles: Add machine-readable patch to fix script injections in workflows

Pull Request - State: closed - Opened by pnacht 5 months ago - 13 comments

#4216 - :seedling: Bump the golang group across 8 directories with 1 update

Pull Request - State: closed - Opened by dependabot[bot] 5 months ago - 2 comments
Labels: dependencies, docker

#4215 - Revisit scoring for Security Policy check

Issue - State: open - Opened by justaugustus 5 months ago - 1 comment
Labels: check/Security-Policy, Stale

#4214 - :seedling: Bump chainguard/static from `68b8855` to `a1f8a15`

Pull Request - State: closed - Opened by dependabot[bot] 5 months ago
Labels: dependencies, docker