v4.11.0

What's Changed

New

• ✨ Consider haskell-actions/hlint-scan a code scanning action by @chungyc in #2846
• ✨ Detect fuzzing in Haskell by the presence of property tests. by @chungyc in #2843
• ✨ The SAST check will look for workflows with the "github/codeql-action/analyze" action locally instead of the GitHub Search API endpoint by @spencerschrock in #2839
• ✨ Scorecard checks for unpinned dependencies that are retrieved ad-hoc using nuget and dotnet CLIs ("nuget install" and "dotnet add") by @balteravishay in #2779
• ✨ show non-compliant code changes for CI-Tests, Code-Review and SAST checks in --show-details mode by @ashishkurmi in #2835
• ✨ Detect semantic-release as a packaging workflow by @travi in #2964
• ✨ Detect semantic-release as a releasing workflow by @travi in #2989
• ✨ Add support for github GHES by @patelniketm in #2999 and @rajbos in #2788
• ✨ Detect fast-check PBT library for JavaScript Fuzzing by @dubzzz in #3073
• ✨ Run Scorecard on packages hosted at Nuget.org using --nuget=<package>by @balteravishay in #3020

Bug Fixes

• SAST
  • 🐛 Reset stored error when handler is re-inited or setup is re-run. by @spencerschrock in #2893
  • 🐛 Add nil check before accessing a step's uses value. by @spencerschrock in #2935
• Vulnerabilities
  • 🐛 Give inconclusive Vulnerabilities score when osv-scanner panics by @spencerschrock in #2896
  • 🐛 Update osv-scanner dependency to include Vulnerabilities check fixes by @laurentS in #2981
• Pinned-Dependencies
  • 🐛 Pip installs count for Pinned-Dependencies score by @gabibguti in #2922
• Code-Review
  • 🐛 Code Review: Use proportional scoring by @raghavkaul in #2882

Deprecations

• 🌱 Deprecate dependencydiff package by @naveensrinivasan in #3125

GitLab support (WIP)

• ✨ GitLab: Documentation and cleaner errors by @raghavkaul in #2821
• ✨ Gitlab: CI-Tests check by @raghavkaul in #2833
• ✨ Gitlab: Maintained check by @raghavkaul in #2860
• ✨ Enable gitlab Packaging Reporting by @jimrobison in #2941
• ✨ GitLab: Code Review check by @raghavkaul in #2764
• ✨ Gitlab: License check by @raghavkaul in #2834
• 🐛 Gitlab: Commit/Commitor Exceptions by @jimrobison in #3026
• 🐛 Gitlab: test fixes by @raghavkaul in #3027
• ✨ Gitlab: Add projects to cron by @raghavkaul in #2936
• 🐛 GitLab cron: rename by @raghavkaul in #3070
• 🐛 Gitlab status updates by @jimrobison in #3052
• ✨ GitLab: enable more checks in cron by @raghavkaul in #3097
• ✨ GitLab: Add 5000 repos to nightly worker run by @raghavkaul in #3137

Docs

• 📖 Update usage message of the scorecard --verbosity flag by @andrelmbackman in #3190
• 📖 Update checks.md to show the benefit of >=2 reviewers by @joycebrum in #3013
• 📖 Add new frequently asked question to FAQ by @joycebrum in #2923
• 📖 Adds zoom link and agenda link by @hythloda in #3050
• 📖 Tweak Best Practices badge description to clarify things by @david-a-wheeler in #2907
• 📖 Clarify that AI/ML doesn't count as human code review by @david-a-wheeler in #2953
• 📖 Change Facilitators to Maintainers by @jeffmendoza in #3039
• 📖 Make all StepSecurity app endpoint references consistent by @ashishkurmi in #3042
• 📖 Fix broken links in FAQ. by @chungyc in #2858
• 📖 Capitalize proper nouns like Dependabot, Renovate, and GitHub by @leec94 in #2962
• 📖 Fix anchor link to the code review section by @dasfreak in #3058

New Contributors

• @chungyc made their first contribution in #2846
• @ashishkurmi made their first contribution in #2835
• @leec94 made their first contribution in #2962
• @jimrobison made their first contribution in #2941
• @travi made their first contribution in #2964
• @laurentS made their first contribution in #2981
• @patelniketm made their first contribution in #2999
• @rajbos made their first contribution in #2788
• @hythloda made their first contribution in #3050
• @dasfreak made their first contribution in #3058
• @dubzzz made their first contribution in #3073
• @andrelmbackman made their first contribution in #3190

Full Changelog: v4.10.5...v4.11.0