[PR #295] [MERGED] Update ossf/scorecard-action action to v2.2.0 #311

New issue

Closed

opened 2026-03-03 14:30:37 +03:00 by kerem · 0 comments

kerem commented

2026-03-03 14:30:37 +03:00

Owner

📋 Pull Request Information

Original PR: https://github.com/konstruktoid/hardening/pull/295
Author: @renovate[bot]
Created: 6/23/2023
Status: ✅ Merged
Merged: 6/26/2023
Merged by: @konstruktoid

Base: master ← Head: renovate/ossf-scorecard-action-2.x

📝 Commits (1)

502e07c Update ossf/scorecard-action action to v2.2.0

📊 Changes

1 file changed (+1 additions, -1 deletions)

View changed files

📝 .github/workflows/scorecards.yml (+1 -1)

📄 Description

This PR contains the following updates:

Package	Type	Update	Change
ossf/scorecard-action	action	minor	`v2.1.3` -> `v2.2.0`

Release Notes

ossf/scorecard-action

`v2.2.0`

Compare Source

What's Changed

🌱 Bump github.com/ossf/scorecard/v4 from v4.10.5 to v4.11.0 by @spencerschrock in https://github.com/ossf/scorecard-action/pull/1192

Scorecard Result Viewer

Thanks to contributions from @cynthia-sg and @tegioz at CLOMonitor, there is a new Scorecard Result visualization page at https://securityscorecards.dev/viewer/?uri=<project-url>.

As an example, you can see our own score visualized here
Checkout our README to learn how to link your README badge to the new visualization page.

Publishing Results

This release contains two fixes which will improve the user experience when publish_results is true

Runs that fail our workflow restrictions will fail with a 400 response indicating the problem, instead of a vague 500 status. (https://github.com/ossf/scorecard-action/pull/1156, resolved https://github.com/ossf/scorecard-action/issues/1150)
Scorecard action will retry when signing results and submitting them to our web API. This should help with flakiness from connection failures. (https://github.com/ossf/scorecard-action/pull/1191)

Docs

📖 Update README to accept fine-grained tokens by @pnacht in https://github.com/ossf/scorecard-action/pull/1175
📖 Update installation instructions to match current GitHub UI by @joycebrum in https://github.com/ossf/scorecard-action/pull/1153
📖 Document the GitHub action workflow restrictions when publishing results. by @spencerschrock in

New Contributors

@bobcallaway made their first contribution in https://github.com/ossf/scorecard-action/pull/1140
@pnacht made their first contribution in https://github.com/ossf/scorecard-action/pull/1175

Full Changelog: https://github.com/ossf/scorecard-action/compare/v2.1.3...v2.2.0

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

If you want to rebase/retry this PR, check this box

This PR has been generated by Mend Renovate. View repository job log here.

_{🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.}

## 📋 Pull Request Information **Original PR:** https://github.com/konstruktoid/hardening/pull/295 **Author:** [@renovate[bot]](https://github.com/apps/renovate) **Created:** 6/23/2023 **Status:** ✅ Merged **Merged:** 6/26/2023 **Merged by:** [@konstruktoid](https://github.com/konstruktoid) **Base:** `master` ← **Head:** `renovate/ossf-scorecard-action-2.x` --- ### 📝 Commits (1) - [`502e07c`](https://github.com/konstruktoid/hardening/commit/502e07c4ff9beb34ede51e0d18aec03fe5204894) Update ossf/scorecard-action action to v2.2.0 ### 📊 Changes **1 file changed** (+1 additions, -1 deletions) <details> <summary>View changed files</summary> 📝 `.github/workflows/scorecards.yml` (+1 -1) </details> ### 📄 Description [![Mend Renovate](https://app.renovatebot.com/images/banner.svg)](https://renovatebot.com) This PR contains the following updates: | Package | Type | Update | Change | |---|---|---|---| | [ossf/scorecard-action](https://togithub.com/ossf/scorecard-action) | action | minor | `v2.1.3` -> `v2.2.0` | --- ### Release Notes <details> <summary>ossf/scorecard-action</summary> ### [`v2.2.0`](https://togithub.com/ossf/scorecard-action/releases/tag/v2.2.0) [Compare Source](https://togithub.com/ossf/scorecard-action/compare/v2.1.3...v2.2.0) #### What's Changed - :seedling: Bump github.com/ossf/scorecard/v4 from v4.10.5 to v4.11.0 by [@spencerschrock](https://togithub.com/spencerschrock) in [https://github.com/ossf/scorecard-action/pull/1192](https://togithub.com/ossf/scorecard-action/pull/1192) #### Scorecard Result Viewer Thanks to contributions from [@cynthia-sg](https://togithub.com/cynthia-sg) and [@tegioz](https://togithub.com/tegioz) at [CLOMonitor](https://togithub.com/cncf/clomonitor), there is a new Scorecard Result visualization page at `https://securityscorecards.dev/viewer/?uri=<project-url>`. - [https://github.com/ossf/scorecard-webapp/pull/406](https://togithub.com/ossf/scorecard-webapp/pull/406) - [https://github.com/ossf/scorecard-webapp/pull/422](https://togithub.com/ossf/scorecard-webapp/pull/422) As an example, you can see our own score visualized [here](https://securityscorecards.dev/viewer/?uri=github.com/ossf/scorecard) Checkout our [README](https://togithub.com/ossf/scorecard-action/blob/08b4669551908b1024bb425080c797723083c031/README.md#scorecard-badge) to learn how to link your README badge to the new visualization page. #### Publishing Results This release contains two fixes which will improve the user experience when `publish_results` is `true` - Runs that fail our [workflow restrictions](https://togithub.com/ossf/scorecard-action/blob/08b4669551908b1024bb425080c797723083c031/README.md#workflow-restrictions) will fail with a 400 response indicating the problem, instead of a vague 500 status. ([https://github.com/ossf/scorecard-action/pull/1156](https://togithub.com/ossf/scorecard-action/pull/1156), resolved [https://github.com/ossf/scorecard-action/issues/1150](https://togithub.com/ossf/scorecard-action/issues/1150)) - Scorecard action will retry when signing results and submitting them to our web API. This should help with flakiness from connection failures. ([https://github.com/ossf/scorecard-action/pull/1191](https://togithub.com/ossf/scorecard-action/pull/1191)) #### Docs - 📖 Update README to accept fine-grained tokens by [@pnacht](https://togithub.com/pnacht) in [https://github.com/ossf/scorecard-action/pull/1175](https://togithub.com/ossf/scorecard-action/pull/1175) - 📖 Update installation instructions to match current GitHub UI by [@joycebrum](https://togithub.com/joycebrum) in [https://github.com/ossf/scorecard-action/pull/1153](https://togithub.com/ossf/scorecard-action/pull/1153) - 📖 Document the GitHub action workflow restrictions when publishing results. by [@spencerschrock](https://togithub.com/spencerschrock) in #### New Contributors - [@bobcallaway](https://togithub.com/bobcallaway) made their first contribution in [https://github.com/ossf/scorecard-action/pull/1140](https://togithub.com/ossf/scorecard-action/pull/1140) - [@pnacht](https://togithub.com/pnacht) made their first contribution in [https://github.com/ossf/scorecard-action/pull/1175](https://togithub.com/ossf/scorecard-action/pull/1175) **Full Changelog**: https://github.com/ossf/scorecard-action/compare/v2.1.3...v2.2.0 </details> --- ### Configuration 📅 **Schedule**: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined). 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] If you want to rebase/retry this PR, check this box --- This PR has been generated by [Mend Renovate](https://www.mend.io/free-developer-tools/renovate/). View repository job log [here](https://developer.mend.io/github/konstruktoid/hardening).  --- <sub>🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.</sub>