Releases · ossf/criticality_score

30 Apr 01:54

calebbrown

v2.0.4

7cacdd0

v2.0.4 Latest

Latest

This release fixes a bug where the issue lookback duration was 2160 days instead of 90.

What's Changed

Add @latest to go install commands in docs. by @calebbrown in #572
Fix linter issues by @calebbrown in #589
Fix the issue lookback duration to be 90 days. by @calebbrown in #605

Full Changelog: v2.0.3...v2.0.4

Contributors

calebbrown and latest

Assets 11

17 Mar 22:30

calebbrown

v2.0.3

7af16f1

v2.0.3

What's Changed

add citation file CITATION.cff by @millecodex in #355
Included Comments for Wam by @nathannaveen in #356
Improve the scorecard version check. by @calebbrown in #373
Update scorecard dependency to v4.10.5 by @calebbrown in #376
Improve the docs for using GCP to clarify the project-ID and fix a broken command. by @calebbrown in #291
Included Tests for internal/signalio/helpers by @nathannaveen in #301
Add a -version flag by @calebbrown in #383
Update the infra to use different auth. Prod uses GH App auth. by @calebbrown in #382
Improve enumerate_github to handle GH errors better. by @calebbrown in #385
Remove an errant printf and drop replicas before restart. by @calebbrown in #386
Tweaks for the production restart. by @calebbrown in #387
Reduce resources requested by the worker. by @calebbrown in #393
Increase the number of stars for the enumeration to reduce the number of repos. by @calebbrown in #399
Fix usage example url in Readme by @coni2k in #409
Move build vcs code into a package so it can be reused. by @calebbrown in #500
Generalize the iterator implementation and add a batch iterator by @calebbrown in #502
Add a local, single worker implementation of a work loop. by @calebbrown in #505
Adds an init script and image for running collect_signals without GCP PubSub by @calebbrown in #517
Update k8s config to remove controller and pubsub for local version. by @calebbrown in #521
Fix an off-by-one error with the number of shards written. by @calebbrown in #522
Ensure init is idempotent and doesn't overwrite repo list. by @calebbrown in #524
Add GitHub error type to GraphQL error messages. by @calebbrown in #532
Add support for FORBIDDEN GraphQL responses and simplify errors. by @calebbrown in #533
Update Go version to 1.21 by @calebbrown in #543
Fix a memory leak by removing batch query reflection. by @calebbrown in #547
Tweak the timing of collection and bump number of repos. by @calebbrown in #552
Update go-graphql-client to fix error handling by @calebbrown in #556
Fix the "v2" behavior to match Go's git + mod functionality. by @calebbrown in #563

New Contributors

@millecodex made their first contribution in #355

Full Changelog: v2.0.2...v2.0.3

Contributors

calebbrown, coni2k, and 2 other contributors

Assets 12

28 Feb 02:39

calebbrown

v2.0.2

c870a89

v2.0.2

Fix SLSA3 provenance workflow.

What's Changed

Switch back to @latest now that we have tagged the most recent Go code. by @calebbrown in #338
Fix broken provenance generation - workflow must use tag. by @calebbrown in #339

Full Changelog: v2.0.1...v2.0.2

Contributors

calebbrown and latest

Assets 12

27 Feb 23:44

calebbrown

v2.0.1

f3d7dca

v2.0.1

This change fixes an issue where the criticality_score command line tool failed to work correctly on Windows.

What's Changed

Improve input iteration by adding more tests. by @calebbrown in #336
Refactored internal/scorer/scorer by @nathannaveen in #317

Full Changelog: v2.0.0...v2.0.1

Contributors

calebbrown and nathannaveen

Assets 11

24 Feb 02:32

calebbrown

v2.0.0

1e7ad38

v2.0.0

This is the first release of the revamped Criticality Score project.

It is now implemented in Go, rather than Python.

What's Changed

Add a command for enumerating GitHub repos (written in Go) by @calebbrown in #111
Remove "Finished()" API in favor of the io.EOF error. by @calebbrown in #116
Place code to be shared with signal collection into libraries. by @calebbrown in #117
Add a milestone 1 doc. by @calebbrown in #118
Initial commit of the collect_signals command. by @calebbrown in #120
Fix a div by zero bug when daysSinceCreated == 0, and there are tags. by @calebbrown in #121
Make results/csv thread-safe so it can be used across multiple workers. by @calebbrown in #122
Adds a Resolver for turning a url into a Repo. by @calebbrown in #123
Add support for multiple workers to the signal collection by @calebbrown in #125
Add retry logic for github errors to improve reliability. by @calebbrown in #127
Add deps.dev support to the signal collector. by @calebbrown in #129
Initial import of a scorer command for scoring a csv file of signals. by @calebbrown in #131
Handle the case where GitHub returns 5xx when there are lots of issues by @calebbrown in #135
Improve deps.dev support with new flags and GCP project autodetect by @calebbrown in #146
✨ Enable Scorecard badge by @azeemshaikh38 in #155
Add blob storage support for output. by @calebbrown in #166
Add support for runID in the output filename. by @calebbrown in #167
Allow options to be present in the URL query string. by @calebbrown in #168
Add copyright notice to all files by @calebbrown in #172
Add an initial k8s config for running the enumerate_github tool. by @calebbrown in #179
Fix the broken GCS link, extend the memory limits. by @calebbrown in #180
Switch to Zap for logging instead of Logrus. by @calebbrown in #182
Add support for output enumerated urls in a scorecard compatible format. by @calebbrown in #195
Migrate the collect_signals tool over to zap for logging. by @calebbrown in #196
Upgrade to Go 1.19 by @calebbrown in #208
Initial refactoring to support production workers by @calebbrown in #214
Complete refactoring of signal collection logic by @calebbrown in #220
Refactor scoring so it can be done at signal collection time as well. by @calebbrown in #224
Clone new binary criticality_score from collect_signals. by @calebbrown in #226
Make the output file an explicit flag, rather than a positional arg by @calebbrown in #228
Change how repo URL are input into criticality_score + and create a docker image by @calebbrown in #229
Implement the collect_signals worker for productionization. by @calebbrown in #230
Add marker file support to enumerate_github by @calebbrown in #231
Add a marker file type to specify how the outfile is written to the marker. by @calebbrown in #233
Make collect_signals Dockerfile work without buildkit by @calebbrown in #235
Include the job time in the output data for BQ partitioning. by @calebbrown in #236
Add JSON support for outputting signals. by @calebbrown in #237
Enable metric collection for the worker. by @calebbrown in #239
Initial version of kubernetes configs for each service. by @calebbrown in #242
Add support for a text format similar to OG python implementation. by @calebbrown in #243
Make more of the Python impl deprecated. by @calebbrown in #246
Support for CSV dumps from the production worker by @calebbrown in #245
Build a more formal deploy process and improve infra config by @calebbrown in #250
Add the Git commit ID to the data produced by the worker. by @calebbrown in #261
Ensure deps.dev data is fresh for each run of Criticality Score by @calebbrown in #267
Add /tools to dependabot config by @calebbrown in #270
Fixed issue GO-2022-1144 by @nathannaveen in #296
Updated codeql to Include Golang by @nathannaveen in #295
Updated docs for scorer input by @nathannaveen in #284
Add Milestone 2 documentation. by @calebbrown in #175
Removed GlobalRegistry from registry.go by @nathannaveen in #316
Provide working installation instructions by @jberryman in #320
Refactored Score in wam.go by @nathannaveen in #315
Refactored internal/collector/depsdev/source by @nathannaveen in #324
Included Wrapcheck linter by @nathannaveen in #327
Setup goreleaser to generate Go binaries. by @calebbrown in #331
Remove deprecated Python implementation from main branch. by @calebbrown in #333

New Contributors

@azeemshaikh38 made their first contribution in #155
@nathannaveen made their first contribution in #247
@jberryman made their first contribution in #320

Full Changelog: v1.0.7...v2.0.0

Contributors

calebbrown, jberryman, and 2 other contributors

Assets 11

23 Feb 22:11

calebbrown

v1.0.8

e6cd818

Python Deprecation

This release officially deprecates the Python implementation.

Any future work should be directed towards the Go implementation on the main branch.

This release also wraps up all the work done since v1.0.7 was released.

What's Changed

Make language parameter optional by @coni2k in #60
Create .gitignore file by @coni2k in #62
output folder update by @coni2k in #61
Bump python_requires to 3.6 by @Yikun in #65
Add logging to generate script by @coni2k in #66
Update format of generate script console output by @coni2k in #67
Make sure criticality_score between 0 and 1 by @Yikun in #69
Create codeql-analysis.yml by @naveensrinivasan in #72
Add .ropeproject folder to gitignore by @coni2k in #74
Refactor get_github_auth_token by @coni2k in #71
Correlation between Criticality Score and Popularity by @nuthanmunaiah in #77
Handle not found cases by @coni2k in #80
Fix pylint messages by @coni2k in #81
Add logger to run script by @coni2k in #83
Add page query retries when no match by @Yikun in #79
Fix regex to cover '1 commit result' case by @Yikun in #78
Update Readme file to include "all.csv" by @coni2k in #84
Create Dependabot config file by @naveensrinivasan in #86
Handle empty repo case by @coni2k in #85
Update Readme by @coni2k in #89
Handle get_tags exception by @coni2k in #87
Support generation via github orgs. by @inferno-chromium in #91
Fix a hang bug with few commits repo. by @inferno-chromium in #92
Use auth header when doing dependents query, avoid rate limit. by @inferno-chromium in #93
Add Watchers/Description Metrics by @dilanbhalla in #95
add support for R language by @i2z1 in #101
Allow overriding default parameters by @lehors in #105
Support for local csv file as input by @CannedFish in #106