Skip to content

v3.0
Compare
Choose a tag to compare
@github-actions github-actions released this 10 Feb 21:11
· 198 commits to main since this release
v3.0
65d6096

ghcr.io/ossf/allstar:v3.0

  • Branch Protection policy is more complete with support for requireSignedCommits, enforceOnAdmins, requireCodeOwnerReviews. Link

  • You may now opt-out repos that are forks with the optOutForkedRepos option.

  • GitHub Actions policy added to allow/require/deny configured actions in workflows. Docs

  • Generic Scorecard policy added to run any Scorecard check with a score threshold. Docs

  • Issue creation and pinging can be enabled / disabled based on a weekly schedule. Link

  • The Outside Collaborators policy now allows exemptions. Link

  • When the Allstar action is changed from issue to fix. Existing issues will be closed.

  • Issue ping duration is configurable at the operator level with NOTICE_PING_DURATION_HOURS. Link

  • Org config may now point to a secondary repository for config and merge overrides. Docs

  • Individual repo config files are now allowed to be placed in the central org config repository. Example: in the .allstar repo, you can have a /branch_protection.yaml file with specific settings for that repo. Docs

  • Binary Artifacts policy configuration updated to have an ignore list. Link

  • Dangerous Workflow policy added. This policy checks the GitHub Actions workflow configuration files (.github/workflows), for any patterns that match known dangerous behavior. Docs

Assets 2
Loading