-
Notifications
You must be signed in to change notification settings - Fork 2
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Scorecard issues #7
Comments
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Report
Results
score is 0: branch protection not enabled on development\/release branches: Warn: branch protection not enabled for branch 'main' Click Remediation section below to solve this issue
Suppressed Results
Nothing here.
Rules information
Rules details
Tool information
Report
Results
score is 0: no update tool detected: Warn: Config file not detected in source location for dependabot, renovatebot, Sonatype Lift, or PyUp \(Python\). We recommend setting this configuration in code so it can be easily verified by others. Click Remediation section below to solve this issue
score is 9: GitHub-owned GitHubAction not pinned by hash Remediation tip: update your workflow using \[https:\/\/app.stepsecurity.io\]\(https:\/\/app.stepsecurity.io\/secureworkflow\/codeql-agent-project\/codeql-agent-cli\/npm-publish.yml\/main?enable=pin\) Click Remediation section below for further remediation help
score is 0: no topLevel permission defined Remediation tip: Visit \[https:\/\/app.stepsecurity.io\/secureworkflow\]\(https:\/\/app.stepsecurity.io\/secureworkflow\/codeql-agent-project\/codeql-agent-cli\/npm-publish.yml\/main?enable=permissions\). Tick the 'Restrict permissions for GITHUB\_TOKEN' Untick other options NOTE: If you want to resolve multiple issues at once, you can visit \[https:\/\/app.stepsecurity.io\/securerepo\]\(https:\/\/app.stepsecurity.io\/securerepo\) instead. Click Remediation section below for further remediation help
Suppressed Results
Nothing here.
Rules information
Rules details
,
,
,
,
,
Tool information
Report
Results
score is 6: 3 out of 5 merged PRs checked by a CI test -- score normalized to 6 Click Remediation section below to solve this issue
score is 0: no badge detected Click Remediation section below to solve this issue
score is 0: found 18 unreviewed human changesets Click Remediation section below to solve this issue
score is 0: project is not fuzzed Click Remediation section below to solve this issue
score is 0: SAST tool is not run on all commits -- score normalized to 0: Warn: 0 commits out of 17 are checked with a SAST tool Warn: CodeQL tool not detected Click Remediation section below to solve this issue
score is 0: security policy file not detected Click Remediation section below to solve this issue
Suppressed Results
Nothing here.
Rules information
Rules details
,
,
,
,
,
,
,
,
,
,
Tool information
The text was updated successfully, but these errors were encountered: