Release v4.13.0 · ossf/scorecard

What's Changed

Binary Artifacts:
- ✨ The Binary-Artifacts check supports local repos again by @spencerschrock in #3415
- ✨ Check for static archives in Binary Artifacts by @DavidKorczynski in #3454
Branch Protection:
- ✨ Branch protection now considers repository rulesets by @thepwagner in #3354
- ✨ Move "EnforcesAdmins" to tier 5 Branch-Protection by @spencerschrock in #3502
Pinned-Dependencies:
- ✨ Only score detected ecosystems by @gabibguti in #3436
Permissions:
- ✨ broaden job matcher for semantic release by @secustor in #3506
CLI:
- ✨ Increase PyPI parsing flexibility for --pypi flag by @joshgc in #3423
- ✨ Add --output argument to write results to file by @gabibguti in #3482

License:
- 🐛 Fixed situations where the Licenses folder wasn't being detected. by @spencerschrock in #3412
- 🐛 Licenses: Get License SPDXId from GitLab API by @raghavkaul in #3413
- 🐛 License: npe by @raghavkaul in #3500
Security Policy:
- 🐛 The Security-Policy check will no longer print to the log if the org's .github repo is empty by @spencerschrock in #3433
Pinned-Dependencies:
- 🐛 Add go installs to Pinned-Dependencies score by @gabibguti in #3424
Fuzzing:
- 🐛 GitLab: Fix URI() used for OSS-Fuzz detection by @raghavkaul in #3477
- 🐛 Fix parsing OSSFuzz project repos with subfolders and capitalization. by @spencerschrock in #3364
Misc:
- 🐛 Print Info in Empty Repo Scans by @leec94 in #3426
- 🐛 Set repo commit SHA in results after fetching successfully. by @spencerschrock in #3514
- 🐛 Fix loop aliasing errors. by @spencerschrock in #3414

📖 Added CDLA data license for the API to the README by @david-a-wheeler in #3404
📖 Update bestpractices links by @fredgan in #3448
📖 Add webviewer link by @olivekl in #3490
📖 Add gitlab links to viewer example by @olivekl in #3494
📖 Update docs for Signed-Releases check by @raghavkaul in #3469
📖 Fix documentation typos by @omahs in #3505

Full Changelog: v4.12.0...v4.13.0