Skip to content

Pull requests: ossf/scorecard

Author
Filter by author
Loading
Label
Filter by label
Loading
Use alt + click/return to exclude labels
or + click/return for logical OR
Projects
Filter by project
Loading
Milestones
Filter by milestone
Loading
Reviews
Assignee
Filter by who’s assigned
Assigned to nobody Loading
Sort

Pull requests list

Detect more untrusted workflow inputs size:XS This PR changes 0-9 lines, ignoring generated files.
#5114 opened Jul 4, 2026 by Kurrisua Loading…
2 tasks done
🌱 Bump golang.org/x/net from 0.53.0 to 0.55.0 in /tools dependencies Pull requests that update a dependency file go Pull requests that update Go code size:S This PR changes 10-29 lines, ignoring generated files.
#5113 opened Jul 4, 2026 by dependabot Bot Loading…
fix: fallback to REST API for fine-grained PAT in CheckRuns size:XS This PR changes 0-9 lines, ignoring generated files.
#5112 opened Jul 3, 2026 by anushkagupta200615-jpg Loading…
1 of 2 tasks
🌱 Hoist regex compilation out of hot paths in pinned_dependencies size:S This PR changes 10-29 lines, ignoring generated files.
#5111 opened Jul 3, 2026 by matiasinsaurralde Loading…
2 tasks done
🌱 Bump golang.org/x/net from 0.53.0 to 0.55.0 dependencies Pull requests that update a dependency file go Pull requests that update Go code size:S This PR changes 10-29 lines, ignoring generated files.
#5110 opened Jul 1, 2026 by dependabot Bot Loading…
🌱 Bump github.com/sigstore/timestamp-authority/v2 from 2.0.6 to 2.1.0 in /tools dependencies Pull requests that update a dependency file go Pull requests that update Go code size:L This PR changes 100-499 lines, ignoring generated files.
#5109 opened Jul 1, 2026 by dependabot Bot Loading…
🌱 Bump github.com/sigstore/rekor from 1.5.0 to 1.5.2 in /tools dependencies Pull requests that update a dependency file go Pull requests that update Go code size:L This PR changes 100-499 lines, ignoring generated files.
#5108 opened Jun 30, 2026 by dependabot Bot Loading…
🌱 Bump the gomod group across 2 directories with 20 updates dependencies Pull requests that update a dependency file go Pull requests that update Go code size:XL This PR changes 500-999 lines, ignoring generated files.
#5107 opened Jun 29, 2026 by dependabot Bot Loading…
🌱 Bump the github-actions group across 1 directory with 13 updates dependencies Pull requests that update a dependency file github_actions Pull requests that update Github_actions code size:XS This PR changes 0-9 lines, ignoring generated files.
#5106 opened Jun 29, 2026 by dependabot Bot Loading…
🌱 Bump actions/setup-go from 6.3.0 to 6.5.0 dependencies Pull requests that update a dependency file github_actions Pull requests that update Github_actions code size:XS This PR changes 0-9 lines, ignoring generated files.
#5105 opened Jun 29, 2026 by dependabot Bot Loading…
Detect commit committer fields in dangerous workflows size:XS This PR changes 0-9 lines, ignoring generated files.
#5104 opened Jun 28, 2026 by Tom3306 Loading…
checks/sast: detect Semgrep, Bandit, and gosec SAST workflows size:M This PR changes 30-99 lines, ignoring generated files. Stale
#5103 opened Jun 23, 2026 by DevamShah Loading…
2 tasks done
✨ Add support for Winget package manager integration size:L This PR changes 100-499 lines, ignoring generated files.
#5101 opened Jun 21, 2026 by andy778 Loading…
2 tasks done
🌱 Normalize extracted file paths across repository handlers size:M This PR changes 30-99 lines, ignoring generated files.
#5099 opened Jun 20, 2026 by Tanishq-mellu Loading…
fix: detect committer context in dangerous workflows size:XS This PR changes 0-9 lines, ignoring generated files.
#5098 opened Jun 17, 2026 by omobolajiadeyan Loading…
✨ Add packaging workflow detection for changesets size:S This PR changes 10-29 lines, ignoring generated files.
#5097 opened Jun 16, 2026 by gr2m Loading…
2 tasks done
Fix tag-only release checks size:L This PR changes 100-499 lines, ignoring generated files. Stale
#5095 opened Jun 14, 2026 by din-arr Loading…
2 tasks done
🌱 Bump chainguard/static from 5e9c881 to 77d8b89 dependencies Pull requests that update a dependency file docker Pull requests that update Docker code size:XS This PR changes 0-9 lines, ignoring generated files. Stale
#5091 opened Jun 8, 2026 by dependabot Bot Loading…
🐛 Normalize path separators for --local mode on Windows size:XS This PR changes 0-9 lines, ignoring generated files. Stale
#5089 opened Jun 6, 2026 by Shtirmann Loading…
1 of 2 tasks
🐛 Dangerous-Workflow: detect fork repo metadata and workflow_run branch as untrusted size:XS This PR changes 0-9 lines, ignoring generated files.
#5085 opened Jun 2, 2026 by arpitjain099 Loading…
2 tasks done
🐛 report repository creation from oldest commit size:S This PR changes 10-29 lines, ignoring generated files. Stale
#5082 opened Jun 1, 2026 by janderssonse Loading…
2 tasks done
🌱 Bump github.com/go-git/go-git/v5 from 5.18.0 to 5.19.1 in /tools dependencies Pull requests that update a dependency file go Pull requests that update Go code size:S This PR changes 10-29 lines, ignoring generated files. Stale
#5066 opened May 19, 2026 by dependabot Bot Loading…
🌱 Bump the distroless group across 6 directories with 1 update dependencies Pull requests that update a dependency file docker Pull requests that update Docker code size:S This PR changes 10-29 lines, ignoring generated files.
#5064 opened May 18, 2026 by dependabot Bot Loading…
🌱 Bump github.com/slack-go/slack from 0.17.3 to 0.23.1 in /tools dependencies Pull requests that update a dependency file go Pull requests that update Go code size:XS This PR changes 0-9 lines, ignoring generated files. Stale
#5062 opened May 14, 2026 by dependabot Bot Loading…
🌱 Bump github.com/go-git/go-billy/v5 from 5.8.0 to 5.9.0 in /tools dependencies Pull requests that update a dependency file go Pull requests that update Go code size:XS This PR changes 0-9 lines, ignoring generated files. Stale
#5060 opened May 14, 2026 by dependabot Bot Loading…
ProTip! Adding no:label will show everything without a label.