Releases: ossf/allstar
v4.1
Highlights:
- Parameterize number of concurrent workers
- Ignore Inconclusive results in dangerous workflow check
- Clear cache between installation runs
- Update dependencies including Scorecard
Images:
- ghcr.io/ossf/allstar:v4.1
- ghcr.io/ossf/allstar:v4.1-busybox
Full Changelog: v4.0...v4.1
v4.0
Highlights:
- Many updates to Admin policy
- Add Org/Repo allow list to operator parameters
- CODEOWNERS policy
- Avoid caching tarball downloads for Scorecard policy
Images:
- ghcr.io/ossf/allstar:v4.0
- ghcr.io/ossf/allstar:v4.0-busybox
Full Changelog: v3.0...v4.0
v3.0
ghcr.io/ossf/allstar:v3.0
-
Branch Protection policy is more complete with support for requireSignedCommits, enforceOnAdmins, requireCodeOwnerReviews. Link
-
You may now opt-out repos that are forks with the optOutForkedRepos option.
-
GitHub Actions policy added to allow/require/deny configured actions in workflows. Docs
-
Generic Scorecard policy added to run any Scorecard check with a score threshold. Docs
-
Issue creation and pinging can be enabled / disabled based on a weekly schedule. Link
-
The Outside Collaborators policy now allows exemptions. Link
-
When the Allstar action is changed from issue to fix. Existing issues will be closed.
-
Issue ping duration is configurable at the operator level with NOTICE_PING_DURATION_HOURS. Link
-
Org config may now point to a secondary repository for config and merge overrides. Docs
-
Individual repo config files are now allowed to be placed in the central org config repository. Example: in the .allstar repo, you can have a /branch_protection.yaml file with specific settings for that repo. Docs
-
Binary Artifacts policy configuration updated to have an ignore list. Link
-
Dangerous Workflow policy added. This policy checks the GitHub Actions workflow configuration files (.github/workflows), for any patterns that match known dangerous behavior. Docs
v2.0
ghcr.io/ossf/allstar:v2.0