-
Notifications
You must be signed in to change notification settings - Fork 676
Pull requests: ossf/scorecard
Author
Label
Projects
Milestones
Reviews
Assignee
Sort
Pull requests list
Detect more untrusted workflow inputs
size:XS
This PR changes 0-9 lines, ignoring generated files.
#5114
opened Jul 4, 2026 by
Kurrisua
Loading…
2 tasks done
🌱 Bump golang.org/x/net from 0.53.0 to 0.55.0 in /tools
dependencies
Pull requests that update a dependency file
go
Pull requests that update Go code
size:S
This PR changes 10-29 lines, ignoring generated files.
#5113
opened Jul 4, 2026 by
dependabot
Bot
Loading…
fix: fallback to REST API for fine-grained PAT in CheckRuns
size:XS
This PR changes 0-9 lines, ignoring generated files.
#5112
opened Jul 3, 2026 by
anushkagupta200615-jpg
Loading…
1 of 2 tasks
🌱 Hoist regex compilation out of hot paths in pinned_dependencies
size:S
This PR changes 10-29 lines, ignoring generated files.
#5111
opened Jul 3, 2026 by
matiasinsaurralde
Loading…
2 tasks done
🌱 Bump golang.org/x/net from 0.53.0 to 0.55.0
dependencies
Pull requests that update a dependency file
go
Pull requests that update Go code
size:S
This PR changes 10-29 lines, ignoring generated files.
#5110
opened Jul 1, 2026 by
dependabot
Bot
Loading…
🌱 Bump github.com/sigstore/timestamp-authority/v2 from 2.0.6 to 2.1.0 in /tools
dependencies
Pull requests that update a dependency file
go
Pull requests that update Go code
size:L
This PR changes 100-499 lines, ignoring generated files.
#5109
opened Jul 1, 2026 by
dependabot
Bot
Loading…
🌱 Bump github.com/sigstore/rekor from 1.5.0 to 1.5.2 in /tools
dependencies
Pull requests that update a dependency file
go
Pull requests that update Go code
size:L
This PR changes 100-499 lines, ignoring generated files.
#5108
opened Jun 30, 2026 by
dependabot
Bot
Loading…
🌱 Bump the gomod group across 2 directories with 20 updates
dependencies
Pull requests that update a dependency file
go
Pull requests that update Go code
size:XL
This PR changes 500-999 lines, ignoring generated files.
#5107
opened Jun 29, 2026 by
dependabot
Bot
Loading…
🌱 Bump the github-actions group across 1 directory with 13 updates
dependencies
Pull requests that update a dependency file
github_actions
Pull requests that update Github_actions code
size:XS
This PR changes 0-9 lines, ignoring generated files.
#5106
opened Jun 29, 2026 by
dependabot
Bot
Loading…
🌱 Bump actions/setup-go from 6.3.0 to 6.5.0
dependencies
Pull requests that update a dependency file
github_actions
Pull requests that update Github_actions code
size:XS
This PR changes 0-9 lines, ignoring generated files.
#5105
opened Jun 29, 2026 by
dependabot
Bot
Loading…
Detect commit committer fields in dangerous workflows
size:XS
This PR changes 0-9 lines, ignoring generated files.
#5104
opened Jun 28, 2026 by
Tom3306
Loading…
checks/sast: detect Semgrep, Bandit, and gosec SAST workflows
size:M
This PR changes 30-99 lines, ignoring generated files.
Stale
#5103
opened Jun 23, 2026 by
DevamShah
Loading…
2 tasks done
✨ Add support for Winget package manager integration
size:L
This PR changes 100-499 lines, ignoring generated files.
#5101
opened Jun 21, 2026 by
andy778
Loading…
2 tasks done
🌱 Normalize extracted file paths across repository handlers
size:M
This PR changes 30-99 lines, ignoring generated files.
#5099
opened Jun 20, 2026 by
Tanishq-mellu
Loading…
fix: detect committer context in dangerous workflows
size:XS
This PR changes 0-9 lines, ignoring generated files.
#5098
opened Jun 17, 2026 by
omobolajiadeyan
Loading…
✨ Add packaging workflow detection for changesets
size:S
This PR changes 10-29 lines, ignoring generated files.
#5097
opened Jun 16, 2026 by
gr2m
Loading…
2 tasks done
Fix tag-only release checks
size:L
This PR changes 100-499 lines, ignoring generated files.
Stale
#5095
opened Jun 14, 2026 by
din-arr
Loading…
2 tasks done
🌱 Bump chainguard/static from Pull requests that update a dependency file
docker
Pull requests that update Docker code
size:XS
This PR changes 0-9 lines, ignoring generated files.
Stale
5e9c881 to 77d8b89
dependencies
#5091
opened Jun 8, 2026 by
dependabot
Bot
Loading…
🐛 Dangerous-Workflow: detect fork repo metadata and workflow_run branch as untrusted
size:XS
This PR changes 0-9 lines, ignoring generated files.
#5085
opened Jun 2, 2026 by
arpitjain099
Loading…
2 tasks done
🐛 report repository creation from oldest commit
size:S
This PR changes 10-29 lines, ignoring generated files.
Stale
#5082
opened Jun 1, 2026 by
janderssonse
Loading…
2 tasks done
🌱 Bump github.com/go-git/go-git/v5 from 5.18.0 to 5.19.1 in /tools
dependencies
Pull requests that update a dependency file
go
Pull requests that update Go code
size:S
This PR changes 10-29 lines, ignoring generated files.
Stale
#5066
opened May 19, 2026 by
dependabot
Bot
Loading…
🌱 Bump the distroless group across 6 directories with 1 update
dependencies
Pull requests that update a dependency file
docker
Pull requests that update Docker code
size:S
This PR changes 10-29 lines, ignoring generated files.
#5064
opened May 18, 2026 by
dependabot
Bot
Loading…
🌱 Bump github.com/slack-go/slack from 0.17.3 to 0.23.1 in /tools
dependencies
Pull requests that update a dependency file
go
Pull requests that update Go code
size:XS
This PR changes 0-9 lines, ignoring generated files.
Stale
#5062
opened May 14, 2026 by
dependabot
Bot
Loading…
🌱 Bump github.com/go-git/go-billy/v5 from 5.8.0 to 5.9.0 in /tools
dependencies
Pull requests that update a dependency file
go
Pull requests that update Go code
size:XS
This PR changes 0-9 lines, ignoring generated files.
Stale
#5060
opened May 14, 2026 by
dependabot
Bot
Loading…
Previous Next
ProTip!
Adding no:label will show everything without a label.