openvas-scanner
openvas-scanner copied to clipboard
greenbone
Change: Migrate release changelog generation from Pontos to git-cliff
What:
Replaced Pontos-based changelog generation with git-cliff in release workflows.
Why:
To standardize and automate changelog generation, and remove the Pontos dependency.
How:
- Updated release workflows to use git-cliff.
- Removed Pontos references and config files.
- Verified changelog output and workflow execution.
Checklist:
- Pontos removed
- git-cliff added & tested
- Docs updated
JIRA: DOS-371
Dependency Review
The following issues were found:- ✅ 0 vulnerable package(s)
- ✅ 0 package(s) with incompatible licenses
- ✅ 0 package(s) with invalid SPDX license definitions
- ⚠️ 1 package(s) with unknown licenses.
License Issues
.github/workflows/release.yml
| Package | Version | License | Issue Type |
| greenbone/actions/uv | 3.*.* | Null | Unknown License |
Allowed Licenses: 0BSD, AGPL-3.0-or-later, Apache-2.0, BlueOak-1.0.0, BSD-2-Clause, BSD-3-Clause-Clear, BSD-3-Clause, BSL-1.0, CAL-1.0, CC-BY-3.0, CC-BY-4.0, CC-BY-SA-4.0, CC0-1.0, EPL-2.0, GPL-1.0-or-later, GPL-2.0-only, GPL-2.0-or-later, GPL-2.0, GPL-3.0-only, GPL-3.0-or-later, GPL-3.0, ISC, LGPL-2.0-only, LGPL-2.0-or-later, LGPL-2.1-only, LGPL-2.1-or-later, LGPL-2.1, LGPL-3.0-only, LGPL-3.0, LGPL-3.0-or-later, MIT, MIT-CMU, MPL-1.1, MPL-2.0, OFL-1.1, PSF-2.0, Python-2.0, Python-2.0.1, Unicode-DFS-2016, Unlicense, Zlib, ZPL-2.1
OpenSSF Scorecard
| Package | Version | Score | Details |
|---|---|---|---|
| actions/greenbone/actions/uv | 3.*.* | Unknown | Unknown |
Scanned Files
- .github/workflows/release.yml
![github-actions[bot] avatar](https://avatars.githubusercontent.com/in/15368?v=4 "Published by a pub.dev verified publisher"){kind=small}
This is just a comment so this is not merged on accident.
@ArnoStiefvater isn't that what drafts are for? Or is that not an option here(convert to draft)?
