Changelog

Other

• ec5c8d0 Add trusted org member row and fix NaN display in PR comment (#52)
• 13acfd3 Bump aquasecurity/trivy-action from 0.34.1 to 0.34.2 (#49)
• ec75708 Bump github/codeql-action from 4.32.4 to 4.32.5 (#50)
• 2f59fb7 Bump github/codeql-action from 4.32.5 to 4.32.6 (#54)
• 7675aa5 Document API rate limit guidance for high-traffic repos (#53)
• ade2cec Test: confirm trusted orgs in reputation comment (#51)

Changelog

Other

• 6b77f7c Add GitHub API fetch functions for v3 signals
• ca68019 Add HasCompany to report.Stats for JSON observability
• b62563c Add score visual treatment with configurable thresholds
• 31f91fa Add trusted organizations scoring boost (#47)
• 78d4a89 Add v3 signal fields to report.Stats
• 2c3e457 Add v3.0.0 reputation signals design doc
• dad448f Add v3.0.0 reputation signals implementation plan
• 17b53b4 Bump actions/attest-build-provenance from 3.2.0 to 4.1.0 (#41)
• 9d61fbc Bump actions/github-script from 7.0.1 to 8.0.0 (#34)
• 29c21a1 Bump actions/upload-artifact from 6.0.0 to 7.0.0 (#40)
• a91708f Bump gitlab.com/gitlab-org/api/client-go from 1.40.1 to 1.45.0 (#42)
• 4df9515 Bump karancode/yamllint-github-action from 2.1.1 to 3.0.0 (#35)
• b2047a8 Harden repo settings and add community health files (#46)
• 4d8e054 Replace 2FA and private repos signals with pure verification ratio
• 27acd46 Simplify action to always post reputation scores on PRs
• 22d50e2 Update documentation for v3.0.0 scoring model
• b3d7f33 Upgrade scoring model to v3.0.0 with behavioral signals
• 6f85853 Wire HasCompany field in loadAuthor profile completeness check
• 00ddf33 Wire v3 signal fetches into loadAuthor and update algo tests

Changelog

Features

• 0cb238a feat: add e2e CLI tests and upgrade GitHub Actions

Changelog

Changelog

Features

• 7dd1449 feat: add --format flag with yaml output support

Other

• 7b48803 refactor: centralize Go setup and build tool defaults in composite actions
• 9cf1e89 refactor: move CLI entry point to cmd/reputer and update build tooling

Changelog

• e456c09 chore: rename the homebrew tap repo
• 5d8b12a default github-token input to github.token in composite action
• f602be8 fix GitHub Action caller example to use composite action syntax
• 920f957 update docs to reflect pkg/score extraction

Changelog

• e456c09 chore: rename the homebrew tap repo
• 5d8b12a default github-token input to github.token in composite action
• f602be8 fix GitHub Action caller example to use composite action syntax
• 920f957 update docs to reflect pkg/score extraction

Changelog

• 5c60503 add design doc for extracting scoring library into pkg/score
• 2ece167 add failing tests for pkg/score scoring library
• 14039de add implementation plan for pkg/score extraction
• 2091151 add package comment for pkg/score to satisfy revive linter
• ece7c88 add pkg/score: standalone reputation scoring library
• a8361c8 delegate report.ModelVersion and CategoryWeight to pkg/score
• 64e8c19 remove scoring math tests moved to pkg/score
• e5ba0bf replace scoring logic in github adapter with score.Compute delegation
• dd65bff use score.Categories() for report metadata in github provider

Changelog

• ebf4816 add project docs: contributing, development, code of conduct; polish README
• b3d9c5f migrate logrus to log/slog, add pkg/logging for CLI log modes
• 898e479 update README scoring to match v2 model, add prerequisites section

Changelog

• 720e31f add LastCommitDays and OrgMember fields to Stats
• 4734480 add daily vulnerability scan workflow
• b86786e add doc.go for all packages, move inline package comments
• 74f433c add http:// prefix stripping and rate-limit awareness
• b59c757 add implementation notes to scoring model v2 design
• f0bbb34 add isolated org membership test case
• 6829aa2 add ko container image build to goreleaser
• d0d3381 add logCurve and expDecay response curve functions
• a3a8fb0 add model metadata to Report struct
• aa613ae add org membership check with graceful degradation
• 0080907 add scoring model v2 design document
• 06b9b1d add scoring model v2 implementation plan
• e244a6a align codeql-action to v4.32.0, detect runner architecture
• aba1bb2 capture commit timestamps and wire scoring totals through provider
• 4c27262 clean up .gitignore, remove stale entries
• a784473 convert welcome workflow to root composite action
• c865432 extract build tool setup into composite action, add ko
• 35ec189 fix Makefile bugs, add local coverage threshold
• 0bdec06 fix nil-pointer panic, derive category weights, cosmetic cleanups
• 5fc4b2d fix scan workflow: revert to vuln-type action input
• 8af6d42 goreleaser: sign all artifacts, report sizes, add deb section
• 572660f handle file close error in reporter, add GitLab stub warning
• 8272160 harden CI/CD: timeouts, least-privilege, checksum verification
• 392dadd refactor CLI into pkg/cli with version, commit, and date ldflags
• dc96d44 remove plan docs from repo, rename .yamllint to .yamllint.yaml
• 455b440 rename pkg/reputer to pkg/reporter
• 3013c75 rewrite scoring algorithm with v2 risk-weighted categorical model
• d75ab4e update Go to 1.26.0
• a6d11f8 upgrade go-github v52 to v72, migrate GitLab to gitlab-org/api/client-go