1.6.0

Here is a list of main updates:

• Bump log4j2 to 2.17.0

See the details in 1.6.0 milestone.

The binaries can be found on Maven Central:

<dependency>
    <groupId>com.sap.oss.phosphor</groupId>
    <artifactId>fosstars-rating-core</artifactId>
    <version>1.6.0</version>
</dependency>

1.5.0

Here is a list of main updates:

• Bump log4j2 to 2.16.0
• RoP: Readme existence check ignores lower-case files
• Added --pom option for CLI
• Use VULNERABILITIES_IN_ARTIFACT feature in the artifact security rating enhancement
• Improved data providers
• Improved the command-line tool
• Improved Markdown reports
• Updated dependencies
• Bug fixes
• Improved docs

See the details in 1.5.0 milestone.

The binaries can be found on Maven Central:

<dependency>
    <groupId>com.sap.oss.phosphor</groupId>
    <artifactId>fosstars-rating-core</artifactId>
    <version>1.5.0</version>
</dependency>

1.4.0

Here is a list of main updates:

• Use GitHub License API in LicenseInfo data provider
• Added a data provider for security reviews in OpenSSF
• POC: OWASP Dependency Check integration with Maven artifact
• OSS Rules of Play gets option to create issues for findings
• Improved data providers
• Improved the command-line tool
• Improved Markdown reports
• Updated dependencies
• Bug fixes
• Improved docs

See the details in 1.4.0 milestone.

The binaries can be found on Maven Central:

<dependency>
    <groupId>com.sap.oss.phosphor</groupId>
    <artifactId>fosstars-rating-core</artifactId>
    <version>1.4.0</version>
</dependency>

1.3.0

Here is a list of main updates:

• Added a security rating for open source artifacts
• Added Open Source Rules of Play rating
• Improved data providers
• Improved the command-line tool
• Improved Markdown reports
• Updated dependencies
• Bug fixes
• Improved docs

See the details in 1.3.0 milestone.

The binaries can be found on Maven Central:

<dependency>
    <groupId>com.sap.oss.phosphor</groupId>
    <artifactId>fosstars-rating-core</artifactId>
    <version>1.3.0</version>
</dependency>

1.2.0

Here is a list of main updates:

• Improved data providers
• Improved the command-line tool
• Improved Markdown reports
• Bug fixes
• Improved docs

See the details in 1.2.0 milestone.

The binaries can be found on Maven Central:

<dependency>
    <groupId>com.sap.oss.phosphor</groupId>
    <artifactId>fosstars-rating-core</artifactId>
    <version>1.2.0</version>
</dependency>

1.1.0

Here is a list of main updates:

• Added features for CodeQL
• Improved scores for CodeQL and LGTM
• Improved the project activity score
• Added advice and recommendations for improving scores
• Improved data providers
• Improved output of the command-line tool
• Bug fixes
• Improved docs

See the details in 1.1.0 milestone.

The binaries can be found on Maven Central:

<dependency>
    <groupId>com.sap.oss.phosphor</groupId>
    <artifactId>fosstars-rating-core</artifactId>
    <version>1.1.0</version>
</dependency>

1.0.0

Here is a list of main updates:

• Added a score for Dependabot.
• Included OwaspDependencyScanScore to the security rating.
• Improved the score for dependency scans.
• Improved the reports generated by the command line tool.
• Improved docs.

See the details in 1.0.0 milestone.

0.13.0

Here is a list of main updates:

• Improved the data providers.
• Multiple bug fixes.

See the details in 0.13.0 milestone.
The artifacts are available on Maven Central.

0.12.0

Here is a list of main updates:

• Improve the open-source security rating: added new features.
• Improved the data providers.
• Multiple bug fixes.

See the details in 0.12.0 milestone.

0.11.0

Here is a list of main updates:

• Improve the open-source security rating: added a new score, updated weights for the scores, added a new label.
• Improved the data providers.
• Multiple bug fixes.

See the details in 0.11.0 milestone.