[{ "date": "2022-05-30", "repo": { "name": "github.com/oasis-open/cti-python-stix2", "commit": "aac27374b380a8869dcd9765d4841983643e0eeb" }, "scorecard": { "version": "v4.3.0-36-g70d045b", "commit": "70d045b9ef00e7171ce3950aca38eef6ea4d7308" }, "checks": [{ "name": "Code-Review", "documentation": { "short": "Determines if the project requires code review before pull requests (aka merge requests) are merged.", "url": "https://github.com/ossf/scorecard/blob/70d045b9ef00e7171ce3950aca38eef6ea4d7308/docs/checks.md#code-review" }, "score": "4", "reason": "GitHub code reviews found for 13 commits out of the last 30 -- score normalized to 4", "details": ["Warn: no reviews found for commit: 81550cab92aaacbca5db0d37c607dfd1707ce4c3", "Warn: no reviews found for commit: f5ea1396a1f5bda2684e387089142eabed0a2233", "Warn: no reviews found for commit: 87d79445dcd3044147bc61bab305f6c19e2291cd", "Warn: no reviews found for commit: 66535bb550a252b048ad79226e34f9f6a2c651b7", "Warn: no reviews found for commit: 659e1fd90d3f252beaf6815a75f08b1ffa670139", "Warn: no reviews found for commit: a4ce0222bf8ef6bb04c70f9958fb7cdd7ca8f4aa", "Warn: no reviews found for commit: a3d10561220e1faa79e50ef6078d24c43a652a73", "Warn: no reviews found for commit: bd897c9848c6a16237cd4db479328d9e368b3e1c", "Warn: no reviews found for commit: 9c209edb1dfd7eda66445020071207438d2cc244", "Warn: no reviews found for commit: 31b8892681dd8a901cb37763254cee6bc93e0c90", "Warn: no reviews found for commit: 295037f92c20cfc6847e2dee0760c9d88e848442", "Warn: no reviews found for commit: d7981dce9fa24372b5f8f93f89a59be7d704bb0f", "Warn: no reviews found for commit: b2108e90c67637fdbefc8871e11fb7abb925b0dc", "Warn: no reviews found for commit: 3cee75385238725d8c6a5630838a42ae34fc7880", "Warn: no reviews found for commit: 79ceef51009e8118355ba91de5b38e6b68307ddb", "Warn: no reviews found for commit: 9f428c5efd86764f749d7d87bbba6bf488a1e40d", "Warn: no reviews found for commit: f0779d7802ca4c40e18c03d0eb25943d3845ebc0"] }, { "name": "Webhooks", "documentation": { "short": "This check validate if the webhook defined in the repository have a token configured.", "url": "https://github.com/ossf/scorecard/blob/70d045b9ef00e7171ce3950aca38eef6ea4d7308/docs/checks.md#webhooks" }, "score": "-1", "reason": "check is not supported for this request: SCORECARD_V6 is not set, not running the Webhook check", "details": ["Warn: SCORECARD_V6 is not set, not running the Webhook check"] }, { "name": "Maintained", "documentation": { "short": "Determines if the project is \"actively maintained\".", "url": "https://github.com/ossf/scorecard/blob/70d045b9ef00e7171ce3950aca38eef6ea4d7308/docs/checks.md#maintained" }, "score": "3", "reason": "4 commit(s) out of 30 and 0 issue activity out of 30 found in the last 90 days -- score normalized to 3", "details": [] }, { "name": "CII-Best-Practices", "documentation": { "short": "Determines if the project has a CII Best Practices Badge.", "url": "https://github.com/ossf/scorecard/blob/70d045b9ef00e7171ce3950aca38eef6ea4d7308/docs/checks.md#cii-best-practices" }, "score": "0", "reason": "no badge detected", "details": [] }, { "name": "Vulnerabilities", "documentation": { "short": "Determines if the project has open, known unfixed vulnerabilities.", "url": "https://github.com/ossf/scorecard/blob/70d045b9ef00e7171ce3950aca38eef6ea4d7308/docs/checks.md#vulnerabilities" }, "score": "10", "reason": "no vulnerabilities detected", "details": [] }, { "name": "Packaging", "documentation": { "short": "Determines if the project is published as a package that others can easily download, install, easily update, and uninstall.", "url": "https://github.com/ossf/scorecard/blob/70d045b9ef00e7171ce3950aca38eef6ea4d7308/docs/checks.md#packaging" }, "score": "-1", "reason": "no published package detected", "details": ["Warn: no GitHub publishing workflow detected"] }, { "name": "License", "documentation": { "short": "Determines if the project has defined a license.", "url": "https://github.com/ossf/scorecard/blob/70d045b9ef00e7171ce3950aca38eef6ea4d7308/docs/checks.md#license" }, "score": "10", "reason": "license file detected", "details": ["Info: : LICENSE:1"] }, { "name": "Dangerous-Workflow", "documentation": { "short": "Determines if the project\u0027s GitHub Action workflows avoid dangerous patterns.", "url": "https://github.com/ossf/scorecard/blob/70d045b9ef00e7171ce3950aca38eef6ea4d7308/docs/checks.md#dangerous-workflow" }, "score": "10", "reason": "no dangerous workflow patterns detected", "details": [] }, { "name": "Dependency-Update-Tool", "documentation": { "short": "Determines if the project uses a dependency update tool.", "url": "https://github.com/ossf/scorecard/blob/70d045b9ef00e7171ce3950aca38eef6ea4d7308/docs/checks.md#dependency-update-tool" }, "score": "0", "reason": "no update tool detected", "details": ["Warn: dependabot config file not detected in source location.\n\t\t\tWe recommend setting this configuration in code so it can be easily verified by others.", "Warn: renovatebot config file not detected in source location.\n\t\t\tWe recommend setting this configuration in code so it can be easily verified by others."] }, { "name": "Token-Permissions", "documentation": { "short": "Determines if the project\u0027s workflows follow the principle of least privilege.", "url": "https://github.com/ossf/scorecard/blob/70d045b9ef00e7171ce3950aca38eef6ea4d7308/docs/checks.md#token-permissions" }, "score": "0", "reason": "non read-only tokens detected in GitHub workflows", "details": ["Warn: no top level permission defined: .github/workflows/python-ci-tests.yml:1"] }, { "name": "Pinned-Dependencies", "documentation": { "short": "Determines if the project has declared and pinned its dependencies.", "url": "https://github.com/ossf/scorecard/blob/70d045b9ef00e7171ce3950aca38eef6ea4d7308/docs/checks.md#pinned-dependencies" }, "score": "6", "reason": "dependency not pinned by hash detected -- score normalized to 6", "details": ["Warn: GitHub-owned action not pinned by hash: .github/workflows/python-ci-tests.yml:16", "Warn: GitHub-owned action not pinned by hash: .github/workflows/python-ci-tests.yml:18", "Warn: third-party action not pinned by hash: .github/workflows/python-ci-tests.yml:30", "Info: Dockerfile dependencies are pinned", "Info: no insecure (not pinned by hash) dependency downloads found in Dockerfiles", "Info: no insecure (not pinned by hash) dependency downloads found in shell scripts", "Warn: pip installation not pinned by hash: .github/workflows/python-ci-tests.yml:23", "Warn: pip installation not pinned by hash: .github/workflows/python-ci-tests.yml:24", "Warn: pip installation not pinned by hash: .github/workflows/python-ci-tests.yml:25"] }, { "name": "Binary-Artifacts", "documentation": { "short": "Determines if the project has generated executable (binary) artifacts in the source repository.", "url": "https://github.com/ossf/scorecard/blob/70d045b9ef00e7171ce3950aca38eef6ea4d7308/docs/checks.md#binary-artifacts" }, "score": "10", "reason": "no binaries found in the repo", "details": [] }, { "name": "Fuzzing", "documentation": { "short": "Determines if the project uses fuzzing.", "url": "https://github.com/ossf/scorecard/blob/70d045b9ef00e7171ce3950aca38eef6ea4d7308/docs/checks.md#fuzzing" }, "score": "0", "reason": "project is not fuzzed", "details": [] }, { "name": "Signed-Releases", "documentation": { "short": "Determines if the project cryptographically signs release artifacts.", "url": "https://github.com/ossf/scorecard/blob/70d045b9ef00e7171ce3950aca38eef6ea4d7308/docs/checks.md#signed-releases" }, "score": "-1", "reason": "no releases found", "details": ["Warn: no GitHub releases found"] }, { "name": "Branch-Protection", "documentation": { "short": "Determines if the default and release branches are protected with GitHub\u0027s branch protection settings.", "url": "https://github.com/ossf/scorecard/blob/70d045b9ef00e7171ce3950aca38eef6ea4d7308/docs/checks.md#branch-protection" }, "score": "3", "reason": "branch protection is not maximal on development and all release branches", "details": ["Info: \u0027force pushes\u0027 disabled on branch \u0027master\u0027", "Info: \u0027allow deletion\u0027 disabled on branch \u0027master\u0027", "Warn: no status checks found to merge onto branch \u0027master\u0027", "Warn: number of required reviewers is only 0 on branch \u0027master\u0027"] }, { "name": "Security-Policy", "documentation": { "short": "Determines if the project has published a security policy.", "url": "https://github.com/ossf/scorecard/blob/70d045b9ef00e7171ce3950aca38eef6ea4d7308/docs/checks.md#security-policy" }, "score": "0", "reason": "security policy file not detected", "details": [] }], "metadata": [], "score": "4.6" }, { "date": "2022-06-27", "repo": { "name": "github.com/oasis-open/cti-python-stix2", "commit": "aac27374b380a8869dcd9765d4841983643e0eeb" }, "scorecard": { "version": "v4.4.0-1-g6a032a3", "commit": "6a032a30194f3c44609b193810fb884d4fb8e9e8" }, "checks": [{ "name": "Maintained", "documentation": { "short": "Determines if the project is \"actively maintained\".", "url": "https://github.com/ossf/scorecard/blob/6a032a30194f3c44609b193810fb884d4fb8e9e8/docs/checks.md#maintained" }, "score": "3", "reason": "4 commit(s) out of 30 and 0 issue activity out of 30 found in the last 90 days -- score normalized to 3", "details": [] }, { "name": "Webhooks", "documentation": { "short": "This check validate if the webhook defined in the repository have a token configured.", "url": "https://github.com/ossf/scorecard/blob/6a032a30194f3c44609b193810fb884d4fb8e9e8/docs/checks.md#webhooks" }, "score": "-1", "reason": "check is not supported for this request: SCORECARD_V6 is not set, not running the Webhook check", "details": ["Warn: SCORECARD_V6 is not set, not running the Webhook check"] }, { "name": "Code-Review", "documentation": { "short": "Determines if the project requires code review before pull requests (aka merge requests) are merged.", "url": "https://github.com/ossf/scorecard/blob/6a032a30194f3c44609b193810fb884d4fb8e9e8/docs/checks.md#code-review" }, "score": "4", "reason": "GitHub code reviews found for 13 commits out of the last 30 -- score normalized to 4", "details": ["Warn: no reviews found for commit: 81550cab92aaacbca5db0d37c607dfd1707ce4c3", "Warn: no reviews found for commit: f5ea1396a1f5bda2684e387089142eabed0a2233", "Warn: no reviews found for commit: 87d79445dcd3044147bc61bab305f6c19e2291cd", "Warn: no reviews found for commit: 66535bb550a252b048ad79226e34f9f6a2c651b7", "Warn: no reviews found for commit: 659e1fd90d3f252beaf6815a75f08b1ffa670139", "Warn: no reviews found for commit: a4ce0222bf8ef6bb04c70f9958fb7cdd7ca8f4aa", "Warn: no reviews found for commit: a3d10561220e1faa79e50ef6078d24c43a652a73", "Warn: no reviews found for commit: bd897c9848c6a16237cd4db479328d9e368b3e1c", "Warn: no reviews found for commit: 9c209edb1dfd7eda66445020071207438d2cc244", "Warn: no reviews found for commit: 31b8892681dd8a901cb37763254cee6bc93e0c90", "Warn: no reviews found for commit: 295037f92c20cfc6847e2dee0760c9d88e848442", "Warn: no reviews found for commit: d7981dce9fa24372b5f8f93f89a59be7d704bb0f", "Warn: no reviews found for commit: b2108e90c67637fdbefc8871e11fb7abb925b0dc", "Warn: no reviews found for commit: 3cee75385238725d8c6a5630838a42ae34fc7880", "Warn: no reviews found for commit: 79ceef51009e8118355ba91de5b38e6b68307ddb", "Warn: no reviews found for commit: 9f428c5efd86764f749d7d87bbba6bf488a1e40d", "Warn: no reviews found for commit: f0779d7802ca4c40e18c03d0eb25943d3845ebc0"] }, { "name": "CII-Best-Practices", "documentation": { "short": "Determines if the project has a CII Best Practices Badge.", "url": "https://github.com/ossf/scorecard/blob/6a032a30194f3c44609b193810fb884d4fb8e9e8/docs/checks.md#cii-best-practices" }, "score": "0", "reason": "no badge detected", "details": [] }, { "name": "Vulnerabilities", "documentation": { "short": "Determines if the project has open, known unfixed vulnerabilities.", "url": "https://github.com/ossf/scorecard/blob/6a032a30194f3c44609b193810fb884d4fb8e9e8/docs/checks.md#vulnerabilities" }, "score": "10", "reason": "no vulnerabilities detected", "details": [] }, { "name": "Signed-Releases", "documentation": { "short": "Determines if the project cryptographically signs release artifacts.", "url": "https://github.com/ossf/scorecard/blob/6a032a30194f3c44609b193810fb884d4fb8e9e8/docs/checks.md#signed-releases" }, "score": "-1", "reason": "no releases found", "details": ["Warn: no GitHub releases found"] }, { "name": "Branch-Protection", "documentation": { "short": "Determines if the default and release branches are protected with GitHub\u0027s branch protection settings.", "url": "https://github.com/ossf/scorecard/blob/6a032a30194f3c44609b193810fb884d4fb8e9e8/docs/checks.md#branch-protection" }, "score": "3", "reason": "branch protection is not maximal on development and all release branches", "details": ["Info: \u0027force pushes\u0027 disabled on branch \u0027master\u0027", "Info: \u0027allow deletion\u0027 disabled on branch \u0027master\u0027", "Warn: no status checks found to merge onto branch \u0027master\u0027", "Warn: number of required reviewers is only 0 on branch \u0027master\u0027"] }, { "name": "Packaging", "documentation": { "short": "Determines if the project is published as a package that others can easily download, install, easily update, and uninstall.", "url": "https://github.com/ossf/scorecard/blob/6a032a30194f3c44609b193810fb884d4fb8e9e8/docs/checks.md#packaging" }, "score": "-1", "reason": "no published package detected", "details": ["Warn: no GitHub publishing workflow detected"] }, { "name": "Dependency-Update-Tool", "documentation": { "short": "Determines if the project uses a dependency update tool.", "url": "https://github.com/ossf/scorecard/blob/6a032a30194f3c44609b193810fb884d4fb8e9e8/docs/checks.md#dependency-update-tool" }, "score": "0", "reason": "no update tool detected", "details": ["Warn: dependabot config file not detected in source location.\n\t\t\tWe recommend setting this configuration in code so it can be easily verified by others.", "Warn: renovatebot config file not detected in source location.\n\t\t\tWe recommend setting this configuration in code so it can be easily verified by others."] }, { "name": "Dangerous-Workflow", "documentation": { "short": "Determines if the project\u0027s GitHub Action workflows avoid dangerous patterns.", "url": "https://github.com/ossf/scorecard/blob/6a032a30194f3c44609b193810fb884d4fb8e9e8/docs/checks.md#dangerous-workflow" }, "score": "10", "reason": "no dangerous workflow patterns detected", "details": [] }, { "name": "Token-Permissions", "documentation": { "short": "Determines if the project\u0027s workflows follow the principle of least privilege.", "url": "https://github.com/ossf/scorecard/blob/6a032a30194f3c44609b193810fb884d4fb8e9e8/docs/checks.md#token-permissions" }, "score": "0", "reason": "non read-only tokens detected in GitHub workflows", "details": ["Warn: no top level permission defined: .github/workflows/python-ci-tests.yml:1"] }, { "name": "License", "documentation": { "short": "Determines if the project has defined a license.", "url": "https://github.com/ossf/scorecard/blob/6a032a30194f3c44609b193810fb884d4fb8e9e8/docs/checks.md#license" }, "score": "10", "reason": "license file detected", "details": ["Info: : LICENSE:1"] }, { "name": "Pinned-Dependencies", "documentation": { "short": "Determines if the project has declared and pinned its dependencies.", "url": "https://github.com/ossf/scorecard/blob/6a032a30194f3c44609b193810fb884d4fb8e9e8/docs/checks.md#pinned-dependencies" }, "score": "7", "reason": "dependency not pinned by hash detected -- score normalized to 7", "details": ["Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/python-ci-tests.yml:16", "Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/python-ci-tests.yml:18", "Warn: third-party GitHubAction not pinned by hash: .github/workflows/python-ci-tests.yml:30", "Warn: pipCommand not pinned by hash: .github/workflows/python-ci-tests.yml:23", "Warn: pipCommand not pinned by hash: .github/workflows/python-ci-tests.yml:24", "Warn: pipCommand not pinned by hash: .github/workflows/python-ci-tests.yml:25", "Info: Dockerfile dependencies are pinned", "Info: no insecure (not pinned by hash) dependency downloads found in Dockerfiles", "Info: no insecure (not pinned by hash) dependency downloads found in shell scripts"] }, { "name": "Binary-Artifacts", "documentation": { "short": "Determines if the project has generated executable (binary) artifacts in the source repository.", "url": "https://github.com/ossf/scorecard/blob/6a032a30194f3c44609b193810fb884d4fb8e9e8/docs/checks.md#binary-artifacts" }, "score": "10", "reason": "no binaries found in the repo", "details": [] }, { "name": "Security-Policy", "documentation": { "short": "Determines if the project has published a security policy.", "url": "https://github.com/ossf/scorecard/blob/6a032a30194f3c44609b193810fb884d4fb8e9e8/docs/checks.md#security-policy" }, "score": "0", "reason": "security policy file not detected", "details": [] }, { "name": "Fuzzing", "documentation": { "short": "Determines if the project uses fuzzing.", "url": "https://github.com/ossf/scorecard/blob/6a032a30194f3c44609b193810fb884d4fb8e9e8/docs/checks.md#fuzzing" }, "score": "0", "reason": "project is not fuzzed", "details": [] }], "metadata": [], "score": "4.7" }, { "date": "2022-07-25", "repo": { "name": "github.com/oasis-open/cti-python-stix2", "commit": "aac27374b380a8869dcd9765d4841983643e0eeb" }, "scorecard": { "version": "v4.4.0-48-g66708ba", "commit": "66708ba3b7316f04e9bf42bb85856d9fc8a00032" }, "checks": [{ "name": "Webhooks", "documentation": { "short": "This check validate if the webhook defined in the repository have a token configured.", "url": "https://github.com/ossf/scorecard/blob/66708ba3b7316f04e9bf42bb85856d9fc8a00032/docs/checks.md#webhooks" }, "score": "-1", "reason": "check is not supported for this request: SCORECARD_V6 is not set, not running the Webhook check", "details": ["Warn: SCORECARD_V6 is not set, not running the Webhook check"] }, { "name": "Code-Review", "documentation": { "short": "Determines if the project requires code review before pull requests (aka merge requests) are merged.", "url": "https://github.com/ossf/scorecard/blob/66708ba3b7316f04e9bf42bb85856d9fc8a00032/docs/checks.md#code-review" }, "score": "4", "reason": "GitHub code reviews found for 13 commits out of the last 30 -- score normalized to 4", "details": ["Warn: no reviews found for commit: 81550cab92aaacbca5db0d37c607dfd1707ce4c3", "Warn: no reviews found for commit: f5ea1396a1f5bda2684e387089142eabed0a2233", "Warn: no reviews found for commit: 87d79445dcd3044147bc61bab305f6c19e2291cd", "Warn: no reviews found for commit: 66535bb550a252b048ad79226e34f9f6a2c651b7", "Warn: no reviews found for commit: 659e1fd90d3f252beaf6815a75f08b1ffa670139", "Warn: no reviews found for commit: a4ce0222bf8ef6bb04c70f9958fb7cdd7ca8f4aa", "Warn: no reviews found for commit: a3d10561220e1faa79e50ef6078d24c43a652a73", "Warn: no reviews found for commit: bd897c9848c6a16237cd4db479328d9e368b3e1c", "Warn: no reviews found for commit: 9c209edb1dfd7eda66445020071207438d2cc244", "Warn: no reviews found for commit: 31b8892681dd8a901cb37763254cee6bc93e0c90", "Warn: no reviews found for commit: 295037f92c20cfc6847e2dee0760c9d88e848442", "Warn: no reviews found for commit: d7981dce9fa24372b5f8f93f89a59be7d704bb0f", "Warn: no reviews found for commit: b2108e90c67637fdbefc8871e11fb7abb925b0dc", "Warn: no reviews found for commit: 3cee75385238725d8c6a5630838a42ae34fc7880", "Warn: no reviews found for commit: 79ceef51009e8118355ba91de5b38e6b68307ddb", "Warn: no reviews found for commit: 9f428c5efd86764f749d7d87bbba6bf488a1e40d", "Warn: no reviews found for commit: f0779d7802ca4c40e18c03d0eb25943d3845ebc0"] }, { "name": "Maintained", "documentation": { "short": "Determines if the project is \"actively maintained\".", "url": "https://github.com/ossf/scorecard/blob/66708ba3b7316f04e9bf42bb85856d9fc8a00032/docs/checks.md#maintained" }, "score": "3", "reason": "4 commit(s) out of 30 and 0 issue activity out of 30 found in the last 90 days -- score normalized to 3", "details": [] }, { "name": "CII-Best-Practices", "documentation": { "short": "Determines if the project has a CII Best Practices Badge.", "url": "https://github.com/ossf/scorecard/blob/66708ba3b7316f04e9bf42bb85856d9fc8a00032/docs/checks.md#cii-best-practices" }, "score": "0", "reason": "no badge detected", "details": [] }, { "name": "Vulnerabilities", "documentation": { "short": "Determines if the project has open, known unfixed vulnerabilities.", "url": "https://github.com/ossf/scorecard/blob/66708ba3b7316f04e9bf42bb85856d9fc8a00032/docs/checks.md#vulnerabilities" }, "score": "10", "reason": "no vulnerabilities detected", "details": [] }, { "name": "Signed-Releases", "documentation": { "short": "Determines if the project cryptographically signs release artifacts.", "url": "https://github.com/ossf/scorecard/blob/66708ba3b7316f04e9bf42bb85856d9fc8a00032/docs/checks.md#signed-releases" }, "score": "-1", "reason": "no releases found", "details": ["Warn: no GitHub releases found"] }, { "name": "Branch-Protection", "documentation": { "short": "Determines if the default and release branches are protected with GitHub\u0027s branch protection settings.", "url": "https://github.com/ossf/scorecard/blob/66708ba3b7316f04e9bf42bb85856d9fc8a00032/docs/checks.md#branch-protection" }, "score": "3", "reason": "branch protection is not maximal on development and all release branches", "details": ["Info: \u0027force pushes\u0027 disabled on branch \u0027master\u0027", "Info: \u0027allow deletion\u0027 disabled on branch \u0027master\u0027", "Warn: no status checks found to merge onto branch \u0027master\u0027", "Warn: number of required reviewers is only 0 on branch \u0027master\u0027"] }, { "name": "Token-Permissions", "documentation": { "short": "Determines if the project\u0027s workflows follow the principle of least privilege.", "url": "https://github.com/ossf/scorecard/blob/66708ba3b7316f04e9bf42bb85856d9fc8a00032/docs/checks.md#token-permissions" }, "score": "0", "reason": "non read-only tokens detected in GitHub workflows", "details": ["Warn: no topLevel permission defined: .github/workflows/python-ci-tests.yml:1: update your workflow using https://app.stepsecurity.io/secureworkflow/kuberhealthy/kuberhealthy/python-ci-tests.yml/master?enable\u003dpermissions"] }, { "name": "Dangerous-Workflow", "documentation": { "short": "Determines if the project\u0027s GitHub Action workflows avoid dangerous patterns.", "url": "https://github.com/ossf/scorecard/blob/66708ba3b7316f04e9bf42bb85856d9fc8a00032/docs/checks.md#dangerous-workflow" }, "score": "10", "reason": "no dangerous workflow patterns detected", "details": [] }, { "name": "Packaging", "documentation": { "short": "Determines if the project is published as a package that others can easily download, install, easily update, and uninstall.", "url": "https://github.com/ossf/scorecard/blob/66708ba3b7316f04e9bf42bb85856d9fc8a00032/docs/checks.md#packaging" }, "score": "-1", "reason": "no published package detected", "details": ["Warn: no GitHub publishing workflow detected"] }, { "name": "Dependency-Update-Tool", "documentation": { "short": "Determines if the project uses a dependency update tool.", "url": "https://github.com/ossf/scorecard/blob/66708ba3b7316f04e9bf42bb85856d9fc8a00032/docs/checks.md#dependency-update-tool" }, "score": "0", "reason": "no update tool detected", "details": ["Warn: dependabot config file not detected in source location.\n\t\t\tWe recommend setting this configuration in code so it can be easily verified by others.", "Warn: renovatebot config file not detected in source location.\n\t\t\tWe recommend setting this configuration in code so it can be easily verified by others."] }, { "name": "License", "documentation": { "short": "Determines if the project has defined a license.", "url": "https://github.com/ossf/scorecard/blob/66708ba3b7316f04e9bf42bb85856d9fc8a00032/docs/checks.md#license" }, "score": "10", "reason": "license file detected", "details": ["Info: : LICENSE:1"] }, { "name": "Pinned-Dependencies", "documentation": { "short": "Determines if the project has declared and pinned its dependencies.", "url": "https://github.com/ossf/scorecard/blob/66708ba3b7316f04e9bf42bb85856d9fc8a00032/docs/checks.md#pinned-dependencies" }, "score": "7", "reason": "dependency not pinned by hash detected -- score normalized to 7", "details": ["Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/python-ci-tests.yml:16: update your workflow using https://app.stepsecurity.io/secureworkflow/kuberhealthy/kuberhealthy/python-ci-tests.yml/master?enable\u003dpin", "Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/python-ci-tests.yml:18: update your workflow using https://app.stepsecurity.io/secureworkflow/kuberhealthy/kuberhealthy/python-ci-tests.yml/master?enable\u003dpin", "Warn: third-party GitHubAction not pinned by hash: .github/workflows/python-ci-tests.yml:30: update your workflow using https://app.stepsecurity.io/secureworkflow/kuberhealthy/kuberhealthy/python-ci-tests.yml/master?enable\u003dpin", "Warn: pipCommand not pinned by hash: .github/workflows/python-ci-tests.yml:23", "Warn: pipCommand not pinned by hash: .github/workflows/python-ci-tests.yml:24", "Warn: pipCommand not pinned by hash: .github/workflows/python-ci-tests.yml:25", "Info: Dockerfile dependencies are pinned", "Info: no insecure (not pinned by hash) dependency downloads found in Dockerfiles", "Info: no insecure (not pinned by hash) dependency downloads found in shell scripts"] }, { "name": "Binary-Artifacts", "documentation": { "short": "Determines if the project has generated executable (binary) artifacts in the source repository.", "url": "https://github.com/ossf/scorecard/blob/66708ba3b7316f04e9bf42bb85856d9fc8a00032/docs/checks.md#binary-artifacts" }, "score": "10", "reason": "no binaries found in the repo", "details": [] }, { "name": "Security-Policy", "documentation": { "short": "Determines if the project has published a security policy.", "url": "https://github.com/ossf/scorecard/blob/66708ba3b7316f04e9bf42bb85856d9fc8a00032/docs/checks.md#security-policy" }, "score": "0", "reason": "security policy file not detected", "details": [] }, { "name": "Fuzzing", "documentation": { "short": "Determines if the project uses fuzzing.", "url": "https://github.com/ossf/scorecard/blob/66708ba3b7316f04e9bf42bb85856d9fc8a00032/docs/checks.md#fuzzing" }, "score": "0", "reason": "project is not fuzzed", "details": [] }], "metadata": [], "score": "4.7" }, { "date": "2022-08-01", "repo": { "name": "github.com/oasis-open/cti-python-stix2", "commit": "20bef319a29b5aadfe94d06683c26ebd5b0a054d" }, "scorecard": { "version": "v4.4.0-61-g7de9713", "commit": "7de97139f6c98abff9b09c3d1a3065b71f707d00" }, "checks": [{ "name": "Webhooks", "documentation": { "short": "This check validate if the webhook defined in the repository have a token configured.", "url": "https://github.com/ossf/scorecard/blob/7de97139f6c98abff9b09c3d1a3065b71f707d00/docs/checks.md#webhooks" }, "score": "-1", "reason": "check is not supported for this request: SCORECARD_V6 is not set, not running the Webhook check", "details": ["Warn: SCORECARD_V6 is not set, not running the Webhook check"] }, { "name": "Maintained", "documentation": { "short": "Determines if the project is \"actively maintained\".", "url": "https://github.com/ossf/scorecard/blob/7de97139f6c98abff9b09c3d1a3065b71f707d00/docs/checks.md#maintained" }, "score": "5", "reason": "6 commit(s) out of 30 and 0 issue activity out of 30 found in the last 90 days -- score normalized to 5", "details": [] }, { "name": "Code-Review", "documentation": { "short": "Determines if the project requires code review before pull requests (aka merge requests) are merged.", "url": "https://github.com/ossf/scorecard/blob/7de97139f6c98abff9b09c3d1a3065b71f707d00/docs/checks.md#code-review" }, "score": "6", "reason": "GitHub code reviews found for 18 commits out of the last 30 -- score normalized to 6", "details": ["Warn: no reviews found for commit: 07dddd1ac1fda6356155a1a8dd3e7859eec11077", "Warn: no reviews found for commit: b5260c95f6c1925bd951cfab07a5263d072a9760", "Warn: no reviews found for commit: 81550cab92aaacbca5db0d37c607dfd1707ce4c3", "Warn: no reviews found for commit: f5ea1396a1f5bda2684e387089142eabed0a2233", "Warn: no reviews found for commit: 87d79445dcd3044147bc61bab305f6c19e2291cd", "Warn: no reviews found for commit: 66535bb550a252b048ad79226e34f9f6a2c651b7", "Warn: no reviews found for commit: 659e1fd90d3f252beaf6815a75f08b1ffa670139", "Warn: no reviews found for commit: a4ce0222bf8ef6bb04c70f9958fb7cdd7ca8f4aa", "Warn: no reviews found for commit: a3d10561220e1faa79e50ef6078d24c43a652a73", "Warn: no reviews found for commit: bd897c9848c6a16237cd4db479328d9e368b3e1c", "Warn: no reviews found for commit: 9c209edb1dfd7eda66445020071207438d2cc244", "Warn: no reviews found for commit: 31b8892681dd8a901cb37763254cee6bc93e0c90"] }, { "name": "CII-Best-Practices", "documentation": { "short": "Determines if the project has a CII Best Practices Badge.", "url": "https://github.com/ossf/scorecard/blob/7de97139f6c98abff9b09c3d1a3065b71f707d00/docs/checks.md#cii-best-practices" }, "score": "0", "reason": "no badge detected", "details": [] }, { "name": "Vulnerabilities", "documentation": { "short": "Determines if the project has open, known unfixed vulnerabilities.", "url": "https://github.com/ossf/scorecard/blob/7de97139f6c98abff9b09c3d1a3065b71f707d00/docs/checks.md#vulnerabilities" }, "score": "10", "reason": "no vulnerabilities detected", "details": [] }, { "name": "Signed-Releases", "documentation": { "short": "Determines if the project cryptographically signs release artifacts.", "url": "https://github.com/ossf/scorecard/blob/7de97139f6c98abff9b09c3d1a3065b71f707d00/docs/checks.md#signed-releases" }, "score": "-1", "reason": "no releases found", "details": ["Warn: no GitHub releases found"] }, { "name": "Branch-Protection", "documentation": { "short": "Determines if the default and release branches are protected with GitHub\u0027s branch protection settings.", "url": "https://github.com/ossf/scorecard/blob/7de97139f6c98abff9b09c3d1a3065b71f707d00/docs/checks.md#branch-protection" }, "score": "3", "reason": "branch protection is not maximal on development and all release branches", "details": ["Info: \u0027force pushes\u0027 disabled on branch \u0027master\u0027", "Info: \u0027allow deletion\u0027 disabled on branch \u0027master\u0027", "Warn: no status checks found to merge onto branch \u0027master\u0027", "Warn: number of required reviewers is only 0 on branch \u0027master\u0027"] }, { "name": "Dangerous-Workflow", "documentation": { "short": "Determines if the project\u0027s GitHub Action workflows avoid dangerous patterns.", "url": "https://github.com/ossf/scorecard/blob/7de97139f6c98abff9b09c3d1a3065b71f707d00/docs/checks.md#dangerous-workflow" }, "score": "10", "reason": "no dangerous workflow patterns detected", "details": [] }, { "name": "Token-Permissions", "documentation": { "short": "Determines if the project\u0027s workflows follow the principle of least privilege.", "url": "https://github.com/ossf/scorecard/blob/7de97139f6c98abff9b09c3d1a3065b71f707d00/docs/checks.md#token-permissions" }, "score": "0", "reason": "non read-only tokens detected in GitHub workflows", "details": ["Warn: no topLevel permission defined: .github/workflows/python-ci-tests.yml:1: update your workflow using https://app.stepsecurity.io/secureworkflow/kne-union/react-error-boundary/python-ci-tests.yml/master?enable\u003dpermissions"] }, { "name": "License", "documentation": { "short": "Determines if the project has defined a license.", "url": "https://github.com/ossf/scorecard/blob/7de97139f6c98abff9b09c3d1a3065b71f707d00/docs/checks.md#license" }, "score": "10", "reason": "license file detected", "details": ["Info: : LICENSE:1"] }, { "name": "Dependency-Update-Tool", "documentation": { "short": "Determines if the project uses a dependency update tool.", "url": "https://github.com/ossf/scorecard/blob/7de97139f6c98abff9b09c3d1a3065b71f707d00/docs/checks.md#dependency-update-tool" }, "score": "0", "reason": "no update tool detected", "details": ["Warn: dependabot config file not detected in source location.\n\t\t\tWe recommend setting this configuration in code so it can be easily verified by others.", "Warn: renovatebot config file not detected in source location.\n\t\t\tWe recommend setting this configuration in code so it can be easily verified by others."] }, { "name": "Packaging", "documentation": { "short": "Determines if the project is published as a package that others can easily download, install, easily update, and uninstall.", "url": "https://github.com/ossf/scorecard/blob/7de97139f6c98abff9b09c3d1a3065b71f707d00/docs/checks.md#packaging" }, "score": "-1", "reason": "no published package detected", "details": ["Warn: no GitHub publishing workflow detected"] }, { "name": "Pinned-Dependencies", "documentation": { "short": "Determines if the project has declared and pinned its dependencies.", "url": "https://github.com/ossf/scorecard/blob/7de97139f6c98abff9b09c3d1a3065b71f707d00/docs/checks.md#pinned-dependencies" }, "score": "7", "reason": "dependency not pinned by hash detected -- score normalized to 7", "details": ["Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/python-ci-tests.yml:16: update your workflow using https://app.stepsecurity.io/secureworkflow/kne-union/react-error-boundary/python-ci-tests.yml/master?enable\u003dpin", "Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/python-ci-tests.yml:18: update your workflow using https://app.stepsecurity.io/secureworkflow/kne-union/react-error-boundary/python-ci-tests.yml/master?enable\u003dpin", "Warn: third-party GitHubAction not pinned by hash: .github/workflows/python-ci-tests.yml:30: update your workflow using https://app.stepsecurity.io/secureworkflow/kne-union/react-error-boundary/python-ci-tests.yml/master?enable\u003dpin", "Warn: pipCommand not pinned by hash: .github/workflows/python-ci-tests.yml:23", "Warn: pipCommand not pinned by hash: .github/workflows/python-ci-tests.yml:24", "Warn: pipCommand not pinned by hash: .github/workflows/python-ci-tests.yml:25", "Info: Dockerfile dependencies are pinned", "Info: no insecure (not pinned by hash) dependency downloads found in Dockerfiles", "Info: no insecure (not pinned by hash) dependency downloads found in shell scripts"] }, { "name": "Binary-Artifacts", "documentation": { "short": "Determines if the project has generated executable (binary) artifacts in the source repository.", "url": "https://github.com/ossf/scorecard/blob/7de97139f6c98abff9b09c3d1a3065b71f707d00/docs/checks.md#binary-artifacts" }, "score": "10", "reason": "no binaries found in the repo", "details": [] }, { "name": "Security-Policy", "documentation": { "short": "Determines if the project has published a security policy.", "url": "https://github.com/ossf/scorecard/blob/7de97139f6c98abff9b09c3d1a3065b71f707d00/docs/checks.md#security-policy" }, "score": "0", "reason": "security policy file not detected", "details": [] }, { "name": "Fuzzing", "documentation": { "short": "Determines if the project uses fuzzing.", "url": "https://github.com/ossf/scorecard/blob/7de97139f6c98abff9b09c3d1a3065b71f707d00/docs/checks.md#fuzzing" }, "score": "0", "reason": "project is not fuzzed", "details": [] }], "metadata": [], "score": "5.0" }, { "date": "2022-08-08", "repo": { "name": "github.com/oasis-open/cti-python-stix2", "commit": "20bef319a29b5aadfe94d06683c26ebd5b0a054d" }, "scorecard": { "version": "v4.5.0-9-g0eb7cb2", "commit": "0eb7cb2d748725b177d633bcd421a07fc0732721" }, "checks": [{ "name": "Maintained", "documentation": { "short": "Determines if the project is \"actively maintained\".", "url": "https://github.com/ossf/scorecard/blob/0eb7cb2d748725b177d633bcd421a07fc0732721/docs/checks.md#maintained" }, "score": "5", "reason": "6 commit(s) out of 30 and 0 issue activity out of 30 found in the last 90 days -- score normalized to 5", "details": [] }, { "name": "Code-Review", "documentation": { "short": "Determines if the project requires code review before pull requests (aka merge requests) are merged.", "url": "https://github.com/ossf/scorecard/blob/0eb7cb2d748725b177d633bcd421a07fc0732721/docs/checks.md#code-review" }, "score": "6", "reason": "GitHub code reviews found for 18 commits out of the last 30 -- score normalized to 6", "details": ["Warn: no reviews found for commit: 07dddd1ac1fda6356155a1a8dd3e7859eec11077", "Warn: no reviews found for commit: b5260c95f6c1925bd951cfab07a5263d072a9760", "Warn: no reviews found for commit: 81550cab92aaacbca5db0d37c607dfd1707ce4c3", "Warn: no reviews found for commit: f5ea1396a1f5bda2684e387089142eabed0a2233", "Warn: no reviews found for commit: 87d79445dcd3044147bc61bab305f6c19e2291cd", "Warn: no reviews found for commit: 66535bb550a252b048ad79226e34f9f6a2c651b7", "Warn: no reviews found for commit: 659e1fd90d3f252beaf6815a75f08b1ffa670139", "Warn: no reviews found for commit: a4ce0222bf8ef6bb04c70f9958fb7cdd7ca8f4aa", "Warn: no reviews found for commit: a3d10561220e1faa79e50ef6078d24c43a652a73", "Warn: no reviews found for commit: bd897c9848c6a16237cd4db479328d9e368b3e1c", "Warn: no reviews found for commit: 9c209edb1dfd7eda66445020071207438d2cc244", "Warn: no reviews found for commit: 31b8892681dd8a901cb37763254cee6bc93e0c90"] }, { "name": "Webhooks", "documentation": { "short": "This check validate if the webhook defined in the repository have a token configured.", "url": "https://github.com/ossf/scorecard/blob/0eb7cb2d748725b177d633bcd421a07fc0732721/docs/checks.md#webhooks" }, "score": "-1", "reason": "check is not supported for this request: SCORECARD_V6 is not set, not running the Webhook check", "details": ["Warn: SCORECARD_V6 is not set, not running the Webhook check"] }, { "name": "CII-Best-Practices", "documentation": { "short": "Determines if the project has a CII Best Practices Badge.", "url": "https://github.com/ossf/scorecard/blob/0eb7cb2d748725b177d633bcd421a07fc0732721/docs/checks.md#cii-best-practices" }, "score": "0", "reason": "no badge detected", "details": [] }, { "name": "Vulnerabilities", "documentation": { "short": "Determines if the project has open, known unfixed vulnerabilities.", "url": "https://github.com/ossf/scorecard/blob/0eb7cb2d748725b177d633bcd421a07fc0732721/docs/checks.md#vulnerabilities" }, "score": "10", "reason": "no vulnerabilities detected", "details": [] }, { "name": "Signed-Releases", "documentation": { "short": "Determines if the project cryptographically signs release artifacts.", "url": "https://github.com/ossf/scorecard/blob/0eb7cb2d748725b177d633bcd421a07fc0732721/docs/checks.md#signed-releases" }, "score": "-1", "reason": "no releases found", "details": ["Warn: no GitHub releases found"] }, { "name": "Branch-Protection", "documentation": { "short": "Determines if the default and release branches are protected with GitHub\u0027s branch protection settings.", "url": "https://github.com/ossf/scorecard/blob/0eb7cb2d748725b177d633bcd421a07fc0732721/docs/checks.md#branch-protection" }, "score": "3", "reason": "branch protection is not maximal on development and all release branches", "details": ["Info: \u0027force pushes\u0027 disabled on branch \u0027master\u0027", "Info: \u0027allow deletion\u0027 disabled on branch \u0027master\u0027", "Warn: no status checks found to merge onto branch \u0027master\u0027", "Warn: number of required reviewers is only 0 on branch \u0027master\u0027"] }, { "name": "Packaging", "documentation": { "short": "Determines if the project is published as a package that others can easily download, install, easily update, and uninstall.", "url": "https://github.com/ossf/scorecard/blob/0eb7cb2d748725b177d633bcd421a07fc0732721/docs/checks.md#packaging" }, "score": "-1", "reason": "no published package detected", "details": ["Warn: no GitHub publishing workflow detected"] }, { "name": "Dependency-Update-Tool", "documentation": { "short": "Determines if the project uses a dependency update tool.", "url": "https://github.com/ossf/scorecard/blob/0eb7cb2d748725b177d633bcd421a07fc0732721/docs/checks.md#dependency-update-tool" }, "score": "0", "reason": "no update tool detected", "details": ["Warn: dependabot config file not detected in source location.\n\t\t\tWe recommend setting this configuration in code so it can be easily verified by others.", "Warn: renovatebot config file not detected in source location.\n\t\t\tWe recommend setting this configuration in code so it can be easily verified by others."] }, { "name": "Dangerous-Workflow", "documentation": { "short": "Determines if the project\u0027s GitHub Action workflows avoid dangerous patterns.", "url": "https://github.com/ossf/scorecard/blob/0eb7cb2d748725b177d633bcd421a07fc0732721/docs/checks.md#dangerous-workflow" }, "score": "10", "reason": "no dangerous workflow patterns detected", "details": [] }, { "name": "Token-Permissions", "documentation": { "short": "Determines if the project\u0027s workflows follow the principle of least privilege.", "url": "https://github.com/ossf/scorecard/blob/0eb7cb2d748725b177d633bcd421a07fc0732721/docs/checks.md#token-permissions" }, "score": "0", "reason": "non read-only tokens detected in GitHub workflows", "details": ["Warn: no topLevel permission defined: .github/workflows/python-ci-tests.yml:1: update your workflow using https://app.stepsecurity.io/secureworkflow/jasan-s/ant-design/python-ci-tests.yml/master?enable\u003dpermissions"] }, { "name": "License", "documentation": { "short": "Determines if the project has defined a license.", "url": "https://github.com/ossf/scorecard/blob/0eb7cb2d748725b177d633bcd421a07fc0732721/docs/checks.md#license" }, "score": "10", "reason": "license file detected", "details": ["Info: : LICENSE:1"] }, { "name": "Pinned-Dependencies", "documentation": { "short": "Determines if the project has declared and pinned its dependencies.", "url": "https://github.com/ossf/scorecard/blob/0eb7cb2d748725b177d633bcd421a07fc0732721/docs/checks.md#pinned-dependencies" }, "score": "7", "reason": "dependency not pinned by hash detected -- score normalized to 7", "details": ["Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/python-ci-tests.yml:16: update your workflow using https://app.stepsecurity.io/secureworkflow/jasan-s/ant-design/python-ci-tests.yml/master?enable\u003dpin", "Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/python-ci-tests.yml:18: update your workflow using https://app.stepsecurity.io/secureworkflow/jasan-s/ant-design/python-ci-tests.yml/master?enable\u003dpin", "Warn: third-party GitHubAction not pinned by hash: .github/workflows/python-ci-tests.yml:30: update your workflow using https://app.stepsecurity.io/secureworkflow/jasan-s/ant-design/python-ci-tests.yml/master?enable\u003dpin", "Warn: pipCommand not pinned by hash: .github/workflows/python-ci-tests.yml:23", "Warn: pipCommand not pinned by hash: .github/workflows/python-ci-tests.yml:24", "Warn: pipCommand not pinned by hash: .github/workflows/python-ci-tests.yml:25", "Info: Dockerfile dependencies are pinned", "Info: no insecure (not pinned by hash) dependency downloads found in Dockerfiles", "Info: no insecure (not pinned by hash) dependency downloads found in shell scripts"] }, { "name": "Binary-Artifacts", "documentation": { "short": "Determines if the project has generated executable (binary) artifacts in the source repository.", "url": "https://github.com/ossf/scorecard/blob/0eb7cb2d748725b177d633bcd421a07fc0732721/docs/checks.md#binary-artifacts" }, "score": "10", "reason": "no binaries found in the repo", "details": [] }, { "name": "Security-Policy", "documentation": { "short": "Determines if the project has published a security policy.", "url": "https://github.com/ossf/scorecard/blob/0eb7cb2d748725b177d633bcd421a07fc0732721/docs/checks.md#security-policy" }, "score": "0", "reason": "security policy file not detected", "details": [] }, { "name": "Fuzzing", "documentation": { "short": "Determines if the project uses fuzzing.", "url": "https://github.com/ossf/scorecard/blob/0eb7cb2d748725b177d633bcd421a07fc0732721/docs/checks.md#fuzzing" }, "score": "0", "reason": "project is not fuzzed", "details": [] }], "metadata": [], "score": "5.0" }, { "date": "2022-08-15", "repo": { "name": "github.com/oasis-open/cti-python-stix2", "commit": "20bef319a29b5aadfe94d06683c26ebd5b0a054d" }, "scorecard": { "version": "v4.5.0-26-g10b6052", "commit": "10b6052acfb4f0b8136bc4876cb6f5b6f26bfe93" }, "checks": [{ "name": "Code-Review", "documentation": { "short": "Determines if the project requires code review before pull requests (aka merge requests) are merged.", "url": "https://github.com/ossf/scorecard/blob/10b6052acfb4f0b8136bc4876cb6f5b6f26bfe93/docs/checks.md#code-review" }, "score": "6", "reason": "GitHub code reviews found for 18 commits out of the last 30 -- score normalized to 6", "details": ["Warn: no reviews found for commit: 07dddd1ac1fda6356155a1a8dd3e7859eec11077", "Warn: no reviews found for commit: b5260c95f6c1925bd951cfab07a5263d072a9760", "Warn: no reviews found for commit: 81550cab92aaacbca5db0d37c607dfd1707ce4c3", "Warn: no reviews found for commit: f5ea1396a1f5bda2684e387089142eabed0a2233", "Warn: no reviews found for commit: 87d79445dcd3044147bc61bab305f6c19e2291cd", "Warn: no reviews found for commit: 66535bb550a252b048ad79226e34f9f6a2c651b7", "Warn: no reviews found for commit: 659e1fd90d3f252beaf6815a75f08b1ffa670139", "Warn: no reviews found for commit: a4ce0222bf8ef6bb04c70f9958fb7cdd7ca8f4aa", "Warn: no reviews found for commit: a3d10561220e1faa79e50ef6078d24c43a652a73", "Warn: no reviews found for commit: bd897c9848c6a16237cd4db479328d9e368b3e1c", "Warn: no reviews found for commit: 9c209edb1dfd7eda66445020071207438d2cc244", "Warn: no reviews found for commit: 31b8892681dd8a901cb37763254cee6bc93e0c90"] }, { "name": "Maintained", "documentation": { "short": "Determines if the project is \"actively maintained\".", "url": "https://github.com/ossf/scorecard/blob/10b6052acfb4f0b8136bc4876cb6f5b6f26bfe93/docs/checks.md#maintained" }, "score": "5", "reason": "6 commit(s) out of 30 and 0 issue activity out of 30 found in the last 90 days -- score normalized to 5", "details": [] }, { "name": "CII-Best-Practices", "documentation": { "short": "Determines if the project has a CII Best Practices Badge.", "url": "https://github.com/ossf/scorecard/blob/10b6052acfb4f0b8136bc4876cb6f5b6f26bfe93/docs/checks.md#cii-best-practices" }, "score": "0", "reason": "no badge detected", "details": [] }, { "name": "Vulnerabilities", "documentation": { "short": "Determines if the project has open, known unfixed vulnerabilities.", "url": "https://github.com/ossf/scorecard/blob/10b6052acfb4f0b8136bc4876cb6f5b6f26bfe93/docs/checks.md#vulnerabilities" }, "score": "10", "reason": "no vulnerabilities detected", "details": [] }, { "name": "Dangerous-Workflow", "documentation": { "short": "Determines if the project\u0027s GitHub Action workflows avoid dangerous patterns.", "url": "https://github.com/ossf/scorecard/blob/10b6052acfb4f0b8136bc4876cb6f5b6f26bfe93/docs/checks.md#dangerous-workflow" }, "score": "10", "reason": "no dangerous workflow patterns detected", "details": [] }, { "name": "Packaging", "documentation": { "short": "Determines if the project is published as a package that others can easily download, install, easily update, and uninstall.", "url": "https://github.com/ossf/scorecard/blob/10b6052acfb4f0b8136bc4876cb6f5b6f26bfe93/docs/checks.md#packaging" }, "score": "-1", "reason": "no published package detected", "details": ["Warn: no GitHub publishing workflow detected"] }, { "name": "License", "documentation": { "short": "Determines if the project has defined a license.", "url": "https://github.com/ossf/scorecard/blob/10b6052acfb4f0b8136bc4876cb6f5b6f26bfe93/docs/checks.md#license" }, "score": "10", "reason": "license file detected", "details": ["Info: : LICENSE:1"] }, { "name": "Token-Permissions", "documentation": { "short": "Determines if the project\u0027s workflows follow the principle of least privilege.", "url": "https://github.com/ossf/scorecard/blob/10b6052acfb4f0b8136bc4876cb6f5b6f26bfe93/docs/checks.md#token-permissions" }, "score": "0", "reason": "non read-only tokens detected in GitHub workflows", "details": ["Warn: no topLevel permission defined: .github/workflows/python-ci-tests.yml:1: update your workflow using https://app.stepsecurity.io/secureworkflow/karansuryadevra/introducing-go-the-book/python-ci-tests.yml/main?enable\u003dpermissions"] }, { "name": "Pinned-Dependencies", "documentation": { "short": "Determines if the project has declared and pinned its dependencies.", "url": "https://github.com/ossf/scorecard/blob/10b6052acfb4f0b8136bc4876cb6f5b6f26bfe93/docs/checks.md#pinned-dependencies" }, "score": "7", "reason": "dependency not pinned by hash detected -- score normalized to 7", "details": ["Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/python-ci-tests.yml:16: update your workflow using https://app.stepsecurity.io/secureworkflow/karansuryadevra/introducing-go-the-book/python-ci-tests.yml/main?enable\u003dpin", "Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/python-ci-tests.yml:18: update your workflow using https://app.stepsecurity.io/secureworkflow/karansuryadevra/introducing-go-the-book/python-ci-tests.yml/main?enable\u003dpin", "Warn: third-party GitHubAction not pinned by hash: .github/workflows/python-ci-tests.yml:30: update your workflow using https://app.stepsecurity.io/secureworkflow/karansuryadevra/introducing-go-the-book/python-ci-tests.yml/main?enable\u003dpin", "Warn: pipCommand not pinned by hash: .github/workflows/python-ci-tests.yml:23", "Warn: pipCommand not pinned by hash: .github/workflows/python-ci-tests.yml:24", "Warn: pipCommand not pinned by hash: .github/workflows/python-ci-tests.yml:25", "Info: Dockerfile dependencies are pinned", "Info: no insecure (not pinned by hash) dependency downloads found in Dockerfiles", "Info: no insecure (not pinned by hash) dependency downloads found in shell scripts"] }, { "name": "Signed-Releases", "documentation": { "short": "Determines if the project cryptographically signs release artifacts.", "url": "https://github.com/ossf/scorecard/blob/10b6052acfb4f0b8136bc4876cb6f5b6f26bfe93/docs/checks.md#signed-releases" }, "score": "-1", "reason": "no releases found", "details": ["Warn: no GitHub releases found"] }, { "name": "Branch-Protection", "documentation": { "short": "Determines if the default and release branches are protected with GitHub\u0027s branch protection settings.", "url": "https://github.com/ossf/scorecard/blob/10b6052acfb4f0b8136bc4876cb6f5b6f26bfe93/docs/checks.md#branch-protection" }, "score": "3", "reason": "branch protection is not maximal on development and all release branches", "details": ["Info: \u0027force pushes\u0027 disabled on branch \u0027master\u0027", "Info: \u0027allow deletion\u0027 disabled on branch \u0027master\u0027", "Warn: no status checks found to merge onto branch \u0027master\u0027", "Warn: number of required reviewers is only 0 on branch \u0027master\u0027"] }, { "name": "Binary-Artifacts", "documentation": { "short": "Determines if the project has generated executable (binary) artifacts in the source repository.", "url": "https://github.com/ossf/scorecard/blob/10b6052acfb4f0b8136bc4876cb6f5b6f26bfe93/docs/checks.md#binary-artifacts" }, "score": "10", "reason": "no binaries found in the repo", "details": [] }, { "name": "Security-Policy", "documentation": { "short": "Determines if the project has published a security policy.", "url": "https://github.com/ossf/scorecard/blob/10b6052acfb4f0b8136bc4876cb6f5b6f26bfe93/docs/checks.md#security-policy" }, "score": "0", "reason": "security policy file not detected", "details": [] }, { "name": "Dependency-Update-Tool", "documentation": { "short": "Determines if the project uses a dependency update tool.", "url": "https://github.com/ossf/scorecard/blob/10b6052acfb4f0b8136bc4876cb6f5b6f26bfe93/docs/checks.md#dependency-update-tool" }, "score": "0", "reason": "no update tool detected", "details": ["Warn: dependabot config file not detected in source location.\n\t\t\tWe recommend setting this configuration in code so it can be easily verified by others.", "Warn: renovatebot config file not detected in source location.\n\t\t\tWe recommend setting this configuration in code so it can be easily verified by others."] }, { "name": "Fuzzing", "documentation": { "short": "Determines if the project uses fuzzing.", "url": "https://github.com/ossf/scorecard/blob/10b6052acfb4f0b8136bc4876cb6f5b6f26bfe93/docs/checks.md#fuzzing" }, "score": "0", "reason": "project is not fuzzed", "details": [] }], "metadata": [], "score": "5.0" }]