| Package | Version | Score | Details |
|---|
| pip/aiohttp | 3.9.5 |
:green_circle: 7.5 | Details| Check | Score | Reason |
|---|
| Code-Review | :green_circle: 4 | Found 7/16 approved changesets -- score normalized to 4 | | Maintained | :green_circle: 10 | 30 commit(s) and 24 issue activity found in the last 90 days -- score normalized to 10 | | CII-Best-Practices | :warning: 0 | no effort to earn an OpenSSF best practices badge detected | | License | :green_circle: 9 | license file detected | | Branch-Protection | :warning: -1 | internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration | | Dangerous-Workflow | :green_circle: 10 | no dangerous workflow patterns detected | | Binary-Artifacts | :green_circle: 10 | no binaries found in the repo | | Token-Permissions | :warning: 0 | detected GitHub workflow tokens with excessive permissions | | Fuzzing | :green_circle: 10 | project is fuzzed | | Vulnerabilities | :green_circle: 10 | 0 existing vulnerabilities detected | | Security-Policy | :green_circle: 10 | security policy file detected | | Packaging | :green_circle: 10 | packaging workflow detected | | Signed-Releases | :green_circle: 8 | 5 out of the last 5 releases have a total of 5 signed artifacts. | | SAST | :green_circle: 10 | SAST tool is run on all commits | | Pinned-Dependencies | :warning: 0 | dependency not pinned by hash detected -- score normalized to 0 |
|
| pip/aiosignal | 1.3.1 |
:green_circle: 6.2 | Details| Check | Score | Reason |
|---|
| Code-Review | :warning: -1 | Found no human activity in the last 30 changesets | | Maintained | :green_circle: 10 | 19 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 10 | | CII-Best-Practices | :warning: 0 | no effort to earn an OpenSSF best practices badge detected | | License | :green_circle: 10 | license file detected | | Signed-Releases | :warning: 0 | Project has not signed or included provenance with any releases. | | Branch-Protection | :warning: -1 | internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration | | Binary-Artifacts | :green_circle: 10 | no binaries found in the repo | | Packaging | :warning: -1 | packaging workflow not detected | | Dangerous-Workflow | :green_circle: 10 | no dangerous workflow patterns detected | | Token-Permissions | :warning: 0 | detected GitHub workflow tokens with excessive permissions | | Vulnerabilities | :green_circle: 10 | 0 existing vulnerabilities detected | | Fuzzing | :warning: 0 | project is not fuzzed | | Security-Policy | :green_circle: 10 | security policy file detected | | SAST | :green_circle: 10 | SAST tool is run on all commits | | Pinned-Dependencies | :warning: 0 | dependency not pinned by hash detected -- score normalized to 0 |
|
| pip/alabaster | 0.7.16 |
Unknown | Unknown |
| pip/annotated-types | 0.6.0 |
:green_circle: 4.6 | Details| Check | Score | Reason |
|---|
| Code-Review | :green_circle: 7 | Found 23/30 approved changesets -- score normalized to 7 | | Maintained | :green_circle: 5 | 3 commit(s) and 3 issue activity found in the last 90 days -- score normalized to 5 | | CII-Best-Practices | :warning: 0 | no effort to earn an OpenSSF best practices badge detected | | License | :green_circle: 10 | license file detected | | Signed-Releases | :warning: -1 | no releases found | | Dangerous-Workflow | :green_circle: 10 | no dangerous workflow patterns detected | | Packaging | :warning: -1 | packaging workflow not detected | | Binary-Artifacts | :green_circle: 10 | no binaries found in the repo | | Token-Permissions | :warning: 0 | detected GitHub workflow tokens with excessive permissions | | Branch-Protection | :warning: 0 | branch protection not enabled on development/release branches | | Fuzzing | :warning: 0 | project is not fuzzed | | Vulnerabilities | :green_circle: 10 | 0 existing vulnerabilities detected | | Security-Policy | :warning: 0 | security policy file not detected | | SAST | :warning: 0 | SAST tool is not run on all commits -- score normalized to 0 | | Pinned-Dependencies | :warning: 0 | dependency not pinned by hash detected -- score normalized to 0 |
|
| pip/anthropic | 0.25.8 |
Unknown | Unknown |
| pip/anyio | 4.3.0 |
:green_circle: 5.6 | Details| Check | Score | Reason |
|---|
| Code-Review | :green_circle: 5 | Found 11/20 approved changesets -- score normalized to 5 | | Maintained | :green_circle: 10 | 30 commit(s) and 16 issue activity found in the last 90 days -- score normalized to 10 | | CII-Best-Practices | :warning: 0 | no effort to earn an OpenSSF best practices badge detected | | License | :green_circle: 10 | license file detected | | Signed-Releases | :warning: -1 | no releases found | | Token-Permissions | :warning: 0 | detected GitHub workflow tokens with excessive permissions | | Binary-Artifacts | :green_circle: 10 | no binaries found in the repo | | Dangerous-Workflow | :green_circle: 10 | no dangerous workflow patterns detected | | Branch-Protection | :warning: -1 | internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration | | Vulnerabilities | :green_circle: 10 | 0 existing vulnerabilities detected | | Fuzzing | :warning: 0 | project is not fuzzed | | Security-Policy | :warning: 0 | security policy file not detected | | Packaging | :green_circle: 10 | packaging workflow detected | | SAST | :warning: 0 | SAST tool is not run on all commits -- score normalized to 0 | | Pinned-Dependencies | :warning: 0 | dependency not pinned by hash detected -- score normalized to 0 |
|
| pip/async-timeout | 4.0.3 |
:green_circle: 5.5 | Details| Check | Score | Reason |
|---|
| Maintained | :warning: 2 | 3 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 2 | | Code-Review | :green_circle: 8 | Found 5/6 approved changesets -- score normalized to 8 | | CII-Best-Practices | :warning: 0 | no effort to earn an OpenSSF best practices badge detected | | License | :green_circle: 9 | license file detected | | Signed-Releases | :warning: 0 | Project has not signed or included provenance with any releases. | | Dangerous-Workflow | :green_circle: 10 | no dangerous workflow patterns detected | | Binary-Artifacts | :green_circle: 10 | no binaries found in the repo | | Packaging | :warning: -1 | packaging workflow not detected | | Token-Permissions | :warning: 0 | detected GitHub workflow tokens with excessive permissions | | Branch-Protection | :warning: -1 | internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration | | Fuzzing | :warning: 0 | project is not fuzzed | | Vulnerabilities | :green_circle: 10 | 0 existing vulnerabilities detected | | Security-Policy | :green_circle: 10 | security policy file detected | | SAST | :green_circle: 8 | SAST tool detected but not run on all commits | | Pinned-Dependencies | :warning: 0 | dependency not pinned by hash detected -- score normalized to 0 |
|
| pip/attrs | 23.2.0 |
:green_circle: 7.5 | Details| Check | Score | Reason |
|---|
| Code-Review | :warning: 1 | Found 5/28 approved changesets -- score normalized to 1 | | Maintained | :green_circle: 10 | 30 commit(s) and 18 issue activity found in the last 90 days -- score normalized to 10 | | CII-Best-Practices | :green_circle: 5 | badge detected: Passing | | License | :green_circle: 10 | license file detected | | Signed-Releases | :warning: -1 | no releases found | | Branch-Protection | :warning: -1 | internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration | | Security-Policy | :green_circle: 10 | security policy file detected | | Dangerous-Workflow | :green_circle: 10 | no dangerous workflow patterns detected | | Binary-Artifacts | :green_circle: 10 | no binaries found in the repo | | Token-Permissions | :green_circle: 10 | GitHub workflow tokens follow principle of least privilege | | Fuzzing | :warning: 0 | project is not fuzzed | | Vulnerabilities | :green_circle: 10 | 0 existing vulnerabilities detected | | SAST | :green_circle: 7 | SAST tool detected but not run on all commits | | Packaging | :green_circle: 10 | packaging workflow detected | | Pinned-Dependencies | :warning: 0 | dependency not pinned by hash detected -- score normalized to 0 |
|
| pip/babel | 2.15.0 |
:green_circle: 5.7 | Details| Check | Score | Reason |
|---|
| Maintained | :green_circle: 10 | 7 commit(s) and 13 issue activity found in the last 90 days -- score normalized to 10 | | Code-Review | :green_circle: 5 | Found 15/28 approved changesets -- score normalized to 5 | | CII-Best-Practices | :warning: 0 | no effort to earn an OpenSSF best practices badge detected | | License | :green_circle: 10 | license file detected | | Branch-Protection | :warning: -1 | internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration | | Dangerous-Workflow | :green_circle: 10 | no dangerous workflow patterns detected | | Token-Permissions | :warning: 0 | detected GitHub workflow tokens with excessive permissions | | Binary-Artifacts | :green_circle: 10 | no binaries found in the repo | | Signed-Releases | :warning: 0 | Project has not signed or included provenance with any releases. | | Fuzzing | :green_circle: 10 | project is fuzzed | | Security-Policy | :warning: 0 | security policy file not detected | | Vulnerabilities | :green_circle: 10 | 0 existing vulnerabilities detected | | SAST | :warning: 0 | SAST tool is not run on all commits -- score normalized to 0 | | Packaging | :green_circle: 10 | packaging workflow detected | | Pinned-Dependencies | :warning: 0 | dependency not pinned by hash detected -- score normalized to 0 |
|
| pip/beautifulsoup4 | 4.12.3 |
Unknown | Unknown |
| pip/boto3 | 1.34.104 |
:green_circle: 7.9 | Details| Check | Score | Reason |
|---|
| Code-Review | :warning: 0 | Found 1/29 approved changesets -- score normalized to 0 | | Maintained | :green_circle: 10 | 30 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 10 | | CII-Best-Practices | :warning: 0 | no effort to earn an OpenSSF best practices badge detected | | License | :green_circle: 10 | license file detected | | Signed-Releases | :warning: -1 | no releases found | | Branch-Protection | :warning: -1 | internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration | | Security-Policy | :green_circle: 10 | security policy file detected | | Dangerous-Workflow | :green_circle: 10 | no dangerous workflow patterns detected | | Packaging | :warning: -1 | packaging workflow not detected | | Token-Permissions | :green_circle: 10 | GitHub workflow tokens follow principle of least privilege | | Binary-Artifacts | :green_circle: 10 | no binaries found in the repo | | Pinned-Dependencies | :green_circle: 10 | all dependencies are pinned | | Vulnerabilities | :green_circle: 10 | 0 existing vulnerabilities detected | | Fuzzing | :warning: 0 | project is not fuzzed | | SAST | :green_circle: 10 | SAST tool is run on all commits |
|
| pip/botocore | 1.34.104 |
:green_circle: 8.5 | Details| Check | Score | Reason |
|---|
| Maintained | :green_circle: 10 | 30 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 10 | | Code-Review | :warning: 0 | Found 0/28 approved changesets -- score normalized to 0 | | CII-Best-Practices | :warning: 0 | no effort to earn an OpenSSF best practices badge detected | | Signed-Releases | :warning: -1 | no releases found | | License | :green_circle: 10 | license file detected | | Branch-Protection | :warning: -1 | internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration | | Packaging | :warning: -1 | packaging workflow not detected | | Dangerous-Workflow | :green_circle: 10 | no dangerous workflow patterns detected | | Security-Policy | :green_circle: 10 | security policy file detected | | Token-Permissions | :green_circle: 10 | GitHub workflow tokens follow principle of least privilege | | Fuzzing | :green_circle: 10 | project is fuzzed | | SAST | :green_circle: 10 | SAST tool is run on all commits | | Binary-Artifacts | :green_circle: 10 | no binaries found in the repo | | Vulnerabilities | :green_circle: 10 | 0 existing vulnerabilities detected | | Pinned-Dependencies | :green_circle: 8 | dependency not pinned by hash detected -- score normalized to 8 |
|
| pip/cachetools | 5.3.3 |
:green_circle: 7.2 | Details| Check | Score | Reason |
|---|
| Code-Review | :green_circle: 4 | Found 7/17 approved changesets -- score normalized to 4 | | Maintained | :green_circle: 10 | 15 commit(s) and 7 issue activity found in the last 90 days -- score normalized to 10 | | CII-Best-Practices | :warning: 0 | no effort to earn an OpenSSF best practices badge detected | | License | :green_circle: 10 | license file detected | | Signed-Releases | :warning: -1 | no releases found | | Packaging | :warning: -1 | packaging workflow not detected | | Binary-Artifacts | :green_circle: 10 | no binaries found in the repo | | Dangerous-Workflow | :green_circle: 10 | no dangerous workflow patterns detected | | Pinned-Dependencies | :green_circle: 5 | dependency not pinned by hash detected -- score normalized to 5 | | Token-Permissions | :green_circle: 10 | GitHub workflow tokens follow principle of least privilege | | Security-Policy | :green_circle: 10 | security policy file detected | | Branch-Protection | :warning: 0 | branch protection not enabled on development/release branches | | Fuzzing | :green_circle: 10 | project is fuzzed | | Vulnerabilities | :green_circle: 10 | 0 existing vulnerabilities detected | | SAST | :warning: 0 | SAST tool is not run on all commits -- score normalized to 0 |
|
| pip/certifi | 2024.2.2 |
:green_circle: 7 | Details| Check | Score | Reason |
|---|
| Code-Review | :green_circle: 3 | Found 1/3 approved changesets -- score normalized to 3 | | Maintained | :green_circle: 10 | 19 commit(s) and 3 issue activity found in the last 90 days -- score normalized to 10 | | CII-Best-Practices | :warning: 0 | no effort to earn an OpenSSF best practices badge detected | | License | :green_circle: 9 | license file detected | | Signed-Releases | :warning: -1 | no releases found | | Binary-Artifacts | :green_circle: 10 | no binaries found in the repo | | Dangerous-Workflow | :green_circle: 10 | no dangerous workflow patterns detected | | Security-Policy | :green_circle: 10 | security policy file detected | | Pinned-Dependencies | :green_circle: 5 | dependency not pinned by hash detected -- score normalized to 5 | | Token-Permissions | :green_circle: 10 | GitHub workflow tokens follow principle of least privilege | | Fuzzing | :warning: 0 | project is not fuzzed | | Vulnerabilities | :green_circle: 10 | 0 existing vulnerabilities detected | | Branch-Protection | :green_circle: 3 | branch protection is not maximal on development and all release branches | | Packaging | :green_circle: 10 | packaging workflow detected | | SAST | :warning: 0 | SAST tool is not run on all commits -- score normalized to 0 |
|
| pip/charset-normalizer | 3.3.2 |
:green_circle: 8.4 | Details| Check | Score | Reason |
|---|
| Binary-Artifacts | :green_circle: 10 | no binaries found in the repo | | Branch-Protection | :warning: -1 | internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration | | CI-Tests | :green_circle: 10 | 29 out of 29 merged PRs checked by a CI test -- score normalized to 10 | | CII-Best-Practices | :green_circle: 5 | badge detected: passing | | Code-Review | :warning: 0 | found 2 unreviewed changesets out of 2 -- score normalized to 0 | | Contributors | :warning: 0 | 0 different organizations found -- score normalized to 0 | | Dangerous-Workflow | :green_circle: 10 | no dangerous workflow patterns detected | | Dependency-Update-Tool | :green_circle: 10 | update tool detected | | Fuzzing | :green_circle: 10 | project is fuzzed | | License | :green_circle: 10 | license file detected | | Maintained | :green_circle: 10 | 14 commit(s) out of 30 and 2 issue activity out of 30 found in the last 90 days -- score normalized to 10 | | Packaging | :green_circle: 10 | publishing workflow detected | | Pinned-Dependencies | :green_circle: 4 | dependency not pinned by hash detected -- score normalized to 4 | | SAST | :green_circle: 10 | SAST tool is run on all commits | | Security-Policy | :green_circle: 10 | security policy file detected | | Signed-Releases | :green_circle: 8 | 4 out of 5 artifacts are signed or have provenance | | Token-Permissions | :green_circle: 10 | GitHub workflow tokens follow principle of least privilege | | Vulnerabilities | :green_circle: 10 | no vulnerabilities detected |
|
| pip/colorama | 0.4.6 |
:green_circle: 4.4 | Details| Check | Score | Reason |
|---|
| Code-Review | :green_circle: 3 | Found 5/16 approved changesets -- score normalized to 3 | | Maintained | :warning: 1 | 0 commit(s) and 2 issue activity found in the last 90 days -- score normalized to 1 | | CII-Best-Practices | :warning: 0 | no effort to earn an OpenSSF best practices badge detected | | License | :green_circle: 10 | license file detected | | Signed-Releases | :warning: -1 | no releases found | | Security-Policy | :green_circle: 10 | security policy file detected | | Dangerous-Workflow | :green_circle: 10 | no dangerous workflow patterns detected | | Packaging | :warning: -1 | packaging workflow not detected | | Binary-Artifacts | :green_circle: 10 | no binaries found in the repo | | Token-Permissions | :warning: 0 | detected GitHub workflow tokens with excessive permissions | | Branch-Protection | :warning: 0 | branch protection not enabled on development/release branches | | Vulnerabilities | :green_circle: 10 | 0 existing vulnerabilities detected | | Fuzzing | :warning: 0 | project is not fuzzed | | SAST | :warning: 0 | SAST tool is not run on all commits -- score normalized to 0 | | Pinned-Dependencies | :warning: 0 | dependency not pinned by hash detected -- score normalized to 0 |
|
| pip/dataclasses-json | 0.6.6 |
:green_circle: 4.6 | Details| Check | Score | Reason |
|---|
| Maintained | :green_circle: 4 | 2 commit(s) and 3 issue activity found in the last 90 days -- score normalized to 4 | | Code-Review | :green_circle: 10 | all changesets reviewed | | CII-Best-Practices | :warning: 0 | no effort to earn an OpenSSF best practices badge detected | | License | :green_circle: 10 | license file detected | | Token-Permissions | :warning: 0 | detected GitHub workflow tokens with excessive permissions | | Branch-Protection | :warning: -1 | internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration | | Binary-Artifacts | :green_circle: 10 | no binaries found in the repo | | Dangerous-Workflow | :green_circle: 10 | no dangerous workflow patterns detected | | Fuzzing | :warning: 0 | project is not fuzzed | | Signed-Releases | :warning: -1 | no releases found | | Security-Policy | :warning: 0 | security policy file not detected | | Packaging | :green_circle: 10 | packaging workflow detected | | Vulnerabilities | :warning: 0 | 12 existing vulnerabilities detected | | SAST | :warning: 0 | SAST tool is not run on all commits -- score normalized to 0 | | Pinned-Dependencies | :warning: 0 | dependency not pinned by hash detected -- score normalized to 0 |
|
| pip/defusedxml | 0.7.1 |
:green_circle: 5.9 | Details| Check | Score | Reason |
|---|
| Code-Review | :warning: 0 | Found 2/24 approved changesets -- score normalized to 0 | | Maintained | :warning: 0 | 0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0 | | CII-Best-Practices | :warning: 0 | no effort to earn an OpenSSF best practices badge detected | | License | :green_circle: 9 | license file detected | | Signed-Releases | :warning: -1 | no releases found | | Dangerous-Workflow | :green_circle: 10 | no dangerous workflow patterns detected | | Security-Policy | :green_circle: 10 | security policy file detected | | Binary-Artifacts | :green_circle: 10 | no binaries found in the repo | | Token-Permissions | :green_circle: 10 | GitHub workflow tokens follow principle of least privilege | | Branch-Protection | :warning: 0 | branch protection not enabled on development/release branches | | Vulnerabilities | :green_circle: 10 | 0 existing vulnerabilities detected | | Fuzzing | :green_circle: 10 | project is fuzzed | | Packaging | :green_circle: 10 | packaging workflow detected | | SAST | :warning: 0 | SAST tool is not run on all commits -- score normalized to 0 | | Pinned-Dependencies | :warning: 0 | dependency not pinned by hash detected -- score normalized to 0 |
|
| pip/distro | 1.9.0 |
:green_circle: 4.4 | Details| Check | Score | Reason |
|---|
| Code-Review | :green_circle: 10 | all changesets reviewed | | Maintained | :warning: 0 | 1 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0 | | CII-Best-Practices | :warning: 0 | no effort to earn an OpenSSF best practices badge detected | | License | :green_circle: 10 | license file detected | | Signed-Releases | :warning: 0 | Project has not signed or included provenance with any releases. | | Branch-Protection | :warning: -1 | internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration | | Packaging | :warning: -1 | packaging workflow not detected | | Token-Permissions | :warning: 0 | detected GitHub workflow tokens with excessive permissions | | Dangerous-Workflow | :green_circle: 10 | no dangerous workflow patterns detected | | Binary-Artifacts | :green_circle: 10 | no binaries found in the repo | | Fuzzing | :warning: 0 | project is not fuzzed | | Vulnerabilities | :green_circle: 10 | 0 existing vulnerabilities detected | | Security-Policy | :warning: 0 | security policy file not detected | | SAST | :warning: 0 | SAST tool is not run on all commits -- score normalized to 0 | | Pinned-Dependencies | :warning: 0 | dependency not pinned by hash detected -- score normalized to 0 |
|
| pip/docutils | 0.20.1 |
Unknown | Unknown |
| pip/exceptiongroup | 1.2.1 |
Unknown | Unknown |
| pip/faiss-cpu | 1.8.0 |
:green_circle: 4.8 | Details| Check | Score | Reason |
|---|
| Code-Review | :warning: 1 | Found 2/20 approved changesets -- score normalized to 1 | | Maintained | :green_circle: 10 | 6 commit(s) and 8 issue activity found in the last 90 days -- score normalized to 10 | | CII-Best-Practices | :warning: 0 | no effort to earn an OpenSSF best practices badge detected | | License | :green_circle: 10 | license file detected | | Binary-Artifacts | :green_circle: 10 | no binaries found in the repo | | Dangerous-Workflow | :green_circle: 10 | no dangerous workflow patterns detected | | Token-Permissions | :warning: 0 | detected GitHub workflow tokens with excessive permissions | | Signed-Releases | :warning: 0 | Project has not signed or included provenance with any releases. | | Vulnerabilities | :green_circle: 10 | 0 existing vulnerabilities detected | | Fuzzing | :warning: 0 | project is not fuzzed | | Branch-Protection | :warning: -1 | internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration | | Security-Policy | :warning: 0 | security policy file not detected | | Packaging | :green_circle: 10 | packaging workflow detected | | SAST | :warning: 0 | SAST tool is not run on all commits -- score normalized to 0 | | Pinned-Dependencies | :warning: 0 | dependency not pinned by hash detected -- score normalized to 0 |
|
| pip/filelock | 3.14.0 |
Unknown | Unknown |
| pip/free-proxy | 1.1.1 |
:green_circle: 3.8 | Details| Check | Score | Reason |
|---|
| Code-Review | :green_circle: 3 | Found 4/13 approved changesets -- score normalized to 3 | | Maintained | :warning: 0 | 0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0 | | CII-Best-Practices | :warning: 0 | no effort to earn an OpenSSF best practices badge detected | | License | :green_circle: 10 | license file detected | | Signed-Releases | :warning: -1 | no releases found | | Binary-Artifacts | :green_circle: 10 | no binaries found in the repo | | Token-Permissions | :warning: -1 | No tokens found | | Packaging | :warning: -1 | packaging workflow not detected | | Pinned-Dependencies | :warning: -1 | no dependencies found | | Dangerous-Workflow | :warning: -1 | no workflows found | | Branch-Protection | :warning: -1 | internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration | | Fuzzing | :warning: 0 | project is not fuzzed | | Security-Policy | :warning: 0 | security policy file not detected | | Vulnerabilities | :green_circle: 9 | 1 existing vulnerabilities detected | | SAST | :warning: 0 | SAST tool is not run on all commits -- score normalized to 0 |
|
| pip/frozenlist | 1.4.1 |
:green_circle: 5.4 | Details| Check | Score | Reason |
|---|
| Maintained | :warning: 1 | 0 commit(s) and 2 issue activity found in the last 90 days -- score normalized to 1 | | Code-Review | :warning: 0 | Found 2/23 approved changesets -- score normalized to 0 | | CII-Best-Practices | :warning: 0 | no effort to earn an OpenSSF best practices badge detected | | License | :green_circle: 10 | license file detected | | Branch-Protection | :warning: -1 | internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration | | Dangerous-Workflow | :green_circle: 10 | no dangerous workflow patterns detected | | Binary-Artifacts | :green_circle: 10 | no binaries found in the repo | | Vulnerabilities | :green_circle: 10 | 0 existing vulnerabilities detected | | Token-Permissions | :warning: 0 | detected GitHub workflow tokens with excessive permissions | | Fuzzing | :warning: 0 | project is not fuzzed | | Signed-Releases | :green_circle: 3 | 2 out of the last 5 releases have a total of 2 signed artifacts. | | Security-Policy | :green_circle: 10 | security policy file detected | | Packaging | :green_circle: 10 | packaging workflow detected | | SAST | :green_circle: 10 | SAST tool is run on all commits | | Pinned-Dependencies | :warning: 0 | dependency not pinned by hash detected -- score normalized to 0 |
|
| pip/fsspec | 2024.3.1 |
:green_circle: 5.7 | Details| Check | Score | Reason |
|---|
| Code-Review | :green_circle: 7 | Found 23/30 approved changesets -- score normalized to 7 | | Maintained | :green_circle: 10 | 30 commit(s) and 20 issue activity found in the last 90 days -- score normalized to 10 | | CII-Best-Practices | :warning: 0 | no effort to earn an OpenSSF best practices badge detected | | Signed-Releases | :warning: -1 | no releases found | | License | :green_circle: 10 | license file detected | | Dangerous-Workflow | :green_circle: 10 | no dangerous workflow patterns detected | | Token-Permissions | :warning: 0 | detected GitHub workflow tokens with excessive permissions | | Packaging | :warning: -1 | packaging workflow not detected | | Branch-Protection | :warning: 0 | branch protection not enabled on development/release branches | | Binary-Artifacts | :green_circle: 10 | no binaries found in the repo | | Vulnerabilities | :green_circle: 10 | 0 existing vulnerabilities detected | | Fuzzing | :green_circle: 10 | project is fuzzed | | Security-Policy | :warning: 0 | security policy file not detected | | SAST | :warning: 0 | SAST tool is not run on all commits -- score normalized to 0 | | Pinned-Dependencies | :warning: 0 | dependency not pinned by hash detected -- score normalized to 0 |
|
| pip/google | 3.0.0 |
:green_circle: 3.4 | Details| Check | Score | Reason |
|---|
| Code-Review | :warning: 1 | Found 4/25 approved changesets -- score normalized to 1 | | Maintained | :green_circle: 5 | 5 commit(s) and 2 issue activity found in the last 90 days -- score normalized to 5 | | CII-Best-Practices | :warning: 0 | no effort to earn an OpenSSF best practices badge detected | | License | :green_circle: 10 | license file detected | | Signed-Releases | :warning: 0 | Project has not signed or included provenance with any releases. | | Dangerous-Workflow | :warning: -1 | no workflows found | | Binary-Artifacts | :green_circle: 10 | no binaries found in the repo | | Token-Permissions | :warning: -1 | No tokens found | | Pinned-Dependencies | :warning: -1 | no dependencies found | | Packaging | :warning: -1 | packaging workflow not detected | | Branch-Protection | :warning: 0 | branch protection not enabled on development/release branches | | Fuzzing | :warning: 0 | project is not fuzzed | | Security-Policy | :warning: 0 | security policy file not detected | | Vulnerabilities | :green_circle: 10 | 0 existing vulnerabilities detected | | SAST | :warning: 0 | SAST tool is not run on all commits -- score normalized to 0 |
|
| pip/google-ai-generativelanguage | 0.6.3 |
:green_circle: 8.1 | Details| Check | Score | Reason |
|---|
| Code-Review | :green_circle: 10 | all changesets reviewed | | Maintained | :green_circle: 10 | 30 commit(s) and 1 issue activity found in the last 90 days -- score normalized to 10 | | CII-Best-Practices | :warning: 0 | no effort to earn an OpenSSF best practices badge detected | | License | :green_circle: 10 | license file detected | | Signed-Releases | :warning: -1 | no releases found | | Branch-Protection | :warning: -1 | internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration | | Packaging | :warning: -1 | packaging workflow not detected | | Security-Policy | :green_circle: 10 | security policy file detected | | Dangerous-Workflow | :green_circle: 10 | no dangerous workflow patterns detected | | Token-Permissions | :green_circle: 10 | GitHub workflow tokens follow principle of least privilege | | SAST | :green_circle: 9 | SAST tool is not run on all commits -- score normalized to 9 | | Vulnerabilities | :green_circle: 9 | 1 existing vulnerabilities detected | | Fuzzing | :warning: 0 | project is not fuzzed | | Binary-Artifacts | :green_circle: 10 | no binaries found in the repo | | Pinned-Dependencies | :warning: 0 | dependency not pinned by hash detected -- score normalized to 0 |
|
| pip/google-api-core | 2.19.0 |
:green_circle: 7.8 | Details| Check | Score | Reason |
|---|
| Code-Review | :green_circle: 10 | all changesets reviewed | | Maintained | :green_circle: 10 | 19 commit(s) and 5 issue activity found in the last 90 days -- score normalized to 10 | | CII-Best-Practices | :warning: 0 | no effort to earn an OpenSSF best practices badge detected | | License | :green_circle: 10 | license file detected | | Branch-Protection | :warning: -1 | internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration | | Signed-Releases | :warning: -1 | no releases found | | Dangerous-Workflow | :green_circle: 10 | no dangerous workflow patterns detected | | Security-Policy | :green_circle: 10 | security policy file detected | | Packaging | :warning: -1 | packaging workflow not detected | | Token-Permissions | :warning: 0 | detected GitHub workflow tokens with excessive permissions | | Binary-Artifacts | :green_circle: 10 | no binaries found in the repo | | Fuzzing | :green_circle: 10 | project is fuzzed | | Vulnerabilities | :green_circle: 9 | 1 existing vulnerabilities detected | | SAST | :green_circle: 9 | SAST tool is not run on all commits -- score normalized to 9 | | Pinned-Dependencies | :warning: 1 | dependency not pinned by hash detected -- score normalized to 1 |
|
| pip/google-api-python-client | 2.129.0 |
:green_circle: 7.3 | Details| Check | Score | Reason |
|---|
| Maintained | :green_circle: 10 | 30 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 10 | | Code-Review | :green_circle: 10 | all changesets reviewed | | CII-Best-Practices | :warning: 0 | no effort to earn an OpenSSF best practices badge detected | | License | :green_circle: 10 | license file detected | | Branch-Protection | :warning: -1 | internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration | | Signed-Releases | :warning: -1 | no releases found | | Packaging | :warning: -1 | packaging workflow not detected | | Token-Permissions | :warning: 0 | detected GitHub workflow tokens with excessive permissions | | Security-Policy | :green_circle: 10 | security policy file detected | | Dangerous-Workflow | :green_circle: 10 | no dangerous workflow patterns detected | | Fuzzing | :green_circle: 10 | project is fuzzed | | SAST | :warning: 0 | SAST tool is not run on all commits -- score normalized to 0 | | Binary-Artifacts | :green_circle: 10 | no binaries found in the repo | | Vulnerabilities | :green_circle: 9 | 1 existing vulnerabilities detected | | Pinned-Dependencies | :warning: 2 | dependency not pinned by hash detected -- score normalized to 2 |
|
| pip/google-auth | 2.29.0 |
:green_circle: 8.4 | Details| Check | Score | Reason |
|---|
| Maintained | :green_circle: 10 | 25 commit(s) and 1 issue activity found in the last 90 days -- score normalized to 10 | | Code-Review | :green_circle: 10 | all changesets reviewed | | CII-Best-Practices | :warning: 0 | no effort to earn an OpenSSF best practices badge detected | | License | :green_circle: 10 | license file detected | | Branch-Protection | :warning: -1 | internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration | | Signed-Releases | :warning: -1 | no releases found | | Security-Policy | :green_circle: 10 | security policy file detected | | Token-Permissions | :warning: -1 | No tokens found | | Dangerous-Workflow | :warning: -1 | no workflows found | | Packaging | :warning: -1 | packaging workflow not detected | | Binary-Artifacts | :green_circle: 10 | no binaries found in the repo | | Pinned-Dependencies | :green_circle: 4 | dependency not pinned by hash detected -- score normalized to 4 | | Fuzzing | :green_circle: 10 | project is fuzzed | | Vulnerabilities | :green_circle: 9 | 1 existing vulnerabilities detected | | SAST | :green_circle: 5 | SAST tool is not run on all commits -- score normalized to 5 |
|
| pip/google-auth-httplib2 | 0.2.0 |
:green_circle: 7.5 | Details| Check | Score | Reason |
|---|
| Code-Review | :green_circle: 10 | all changesets reviewed | | Maintained | :warning: 2 | 3 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 2 | | CII-Best-Practices | :warning: 0 | no effort to earn an OpenSSF best practices badge detected | | License | :green_circle: 10 | license file detected | | Signed-Releases | :warning: -1 | no releases found | | Token-Permissions | :warning: -1 | No tokens found | | Dangerous-Workflow | :warning: -1 | no workflows found | | Packaging | :warning: -1 | packaging workflow not detected | | Security-Policy | :green_circle: 10 | security policy file detected | | Binary-Artifacts | :green_circle: 10 | no binaries found in the repo | | Branch-Protection | :warning: -1 | internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration | | Pinned-Dependencies | :green_circle: 7 | dependency not pinned by hash detected -- score normalized to 7 | | Fuzzing | :green_circle: 10 | project is fuzzed | | Vulnerabilities | :green_circle: 9 | 1 existing vulnerabilities detected | | SAST | :green_circle: 4 | SAST tool is not run on all commits -- score normalized to 4 |
|
| pip/google-generativeai | 0.5.3 |
Unknown | Unknown |
| pip/googleapis-common-protos | 1.63.0 |
:green_circle: 8.1 | Details| Check | Score | Reason |
|---|
| Code-Review | :green_circle: 10 | all changesets reviewed | | Maintained | :green_circle: 6 | 8 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 6 | | CII-Best-Practices | :warning: 0 | no effort to earn an OpenSSF best practices badge detected | | License | :green_circle: 10 | license file detected | | Signed-Releases | :warning: -1 | no releases found | | Branch-Protection | :warning: -1 | internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration | | Token-Permissions | :warning: -1 | No tokens found | | Packaging | :warning: -1 | packaging workflow not detected | | Dangerous-Workflow | :warning: -1 | no workflows found | | Security-Policy | :green_circle: 10 | security policy file detected | | Fuzzing | :green_circle: 10 | project is fuzzed | | Pinned-Dependencies | :green_circle: 6 | dependency not pinned by hash detected -- score normalized to 6 | | Binary-Artifacts | :green_circle: 10 | no binaries found in the repo | | Vulnerabilities | :green_circle: 9 | 1 existing vulnerabilities detected | | SAST | :green_circle: 6 | SAST tool is not run on all commits -- score normalized to 6 |
|
| pip/graphviz | 0.20.3 |
:green_circle: 5.5 | Details| Check | Score | Reason |
|---|
| Code-Review | :warning: 0 | Found 2/30 approved changesets -- score normalized to 0 | | Maintained | :green_circle: 10 | 22 commit(s) and 10 issue activity found in the last 90 days -- score normalized to 10 | | CII-Best-Practices | :warning: 0 | no effort to earn an OpenSSF best practices badge detected | | License | :green_circle: 10 | license file detected | | Signed-Releases | :warning: -1 | no releases found | | Dangerous-Workflow | :green_circle: 10 | no dangerous workflow patterns detected | | Packaging | :warning: -1 | packaging workflow not detected | | Token-Permissions | :warning: 0 | detected GitHub workflow tokens with excessive permissions | | Binary-Artifacts | :green_circle: 10 | no binaries found in the repo | | Branch-Protection | :warning: -1 | internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration | | Vulnerabilities | :green_circle: 10 | 0 existing vulnerabilities detected | | Fuzzing | :green_circle: 10 | project is fuzzed | | Security-Policy | :warning: 0 | security policy file not detected | | SAST | :warning: 0 | SAST tool is not run on all commits -- score normalized to 0 | | Pinned-Dependencies | :warning: 0 | dependency not pinned by hash detected -- score normalized to 0 |
|
| pip/greenlet | 3.0.3 |
:green_circle: 4.4 | Details| Check | Score | Reason |
|---|
| Code-Review | :warning: 0 | Found 2/28 approved changesets -- score normalized to 0 | | Maintained | :warning: 0 | 0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0 | | CII-Best-Practices | :warning: 0 | no effort to earn an OpenSSF best practices badge detected | | License | :green_circle: 9 | license file detected | | Signed-Releases | :warning: -1 | no releases found | | Dangerous-Workflow | :green_circle: 10 | no dangerous workflow patterns detected | | Token-Permissions | :warning: 0 | detected GitHub workflow tokens with excessive permissions | | Branch-Protection | :warning: 0 | branch protection not enabled on development/release branches | | Binary-Artifacts | :green_circle: 10 | no binaries found in the repo | | Vulnerabilities | :green_circle: 10 | 0 existing vulnerabilities detected | | Fuzzing | :warning: 0 | project is not fuzzed | | Security-Policy | :warning: 0 | security policy file not detected | | SAST | :green_circle: 10 | SAST tool is run on all commits | | Packaging | :green_circle: 10 | packaging workflow detected | | Pinned-Dependencies | :warning: 0 | dependency not pinned by hash detected -- score normalized to 0 |
|
| pip/groq | 0.5.0 |
Unknown | Unknown |
| pip/grpcio | 1.63.0 |
:green_circle: 7 | Details| Check | Score | Reason |
|---|
| Code-Review | :green_circle: 9 | Found 28/30 approved changesets -- score normalized to 9 | | Maintained | :green_circle: 10 | 30 commit(s) and 7 issue activity found in the last 90 days -- score normalized to 10 | | License | :green_circle: 10 | license file detected | | CII-Best-Practices | :green_circle: 5 | badge detected: Passing | | Branch-Protection | :warning: -1 | internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration | | Signed-Releases | :warning: -1 | no releases found | | Packaging | :warning: -1 | packaging workflow not detected | | Security-Policy | :green_circle: 9 | security policy file detected | | Dangerous-Workflow | :green_circle: 10 | no dangerous workflow patterns detected | | Token-Permissions | :green_circle: 10 | GitHub workflow tokens follow principle of least privilege | | SAST | :warning: 0 | SAST tool is not run on all commits -- score normalized to 0 | | Binary-Artifacts | :green_circle: 8 | binaries present in source code | | Fuzzing | :green_circle: 10 | project is fuzzed | | Vulnerabilities | :warning: 0 | 18 existing vulnerabilities detected | | Pinned-Dependencies | :warning: 0 | dependency not pinned by hash detected -- score normalized to 0 |
|
| pip/grpcio-status | 1.62.2 |
Unknown | Unknown |
| pip/h11 | 0.14.0 |
:green_circle: 5.2 | Details| Check | Score | Reason |
|---|
| Code-Review | :green_circle: 5 | Found 16/28 approved changesets -- score normalized to 5 | | Maintained | :warning: 2 | 3 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 2 | | CII-Best-Practices | :warning: 0 | no effort to earn an OpenSSF best practices badge detected | | License | :green_circle: 10 | license file detected | | Signed-Releases | :warning: -1 | no releases found | | Branch-Protection | :warning: -1 | internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration | | Dangerous-Workflow | :green_circle: 10 | no dangerous workflow patterns detected | | Packaging | :warning: -1 | packaging workflow not detected | | Binary-Artifacts | :green_circle: 10 | no binaries found in the repo | | Token-Permissions | :warning: 0 | detected GitHub workflow tokens with excessive permissions | | Fuzzing | :green_circle: 10 | project is fuzzed | | Security-Policy | :warning: 0 | security policy file not detected | | Vulnerabilities | :green_circle: 10 | 0 existing vulnerabilities detected | | Pinned-Dependencies | :warning: 0 | dependency not pinned by hash detected -- score normalized to 0 | | SAST | :warning: 0 | SAST tool is not run on all commits -- score normalized to 0 |
|
| pip/html2text | 2024.2.26 |
:green_circle: 6.1 | Details| Check | Score | Reason |
|---|
| Maintained | :green_circle: 10 | 5 commit(s) and 8 issue activity found in the last 90 days -- score normalized to 10 | | Code-Review | :green_circle: 6 | Found 12/19 approved changesets -- score normalized to 6 | | CII-Best-Practices | :warning: 0 | no effort to earn an OpenSSF best practices badge detected | | License | :green_circle: 10 | license file detected | | Signed-Releases | :warning: -1 | no releases found | | Dangerous-Workflow | :green_circle: 10 | no dangerous workflow patterns detected | | Packaging | :warning: -1 | packaging workflow not detected | | Branch-Protection | :warning: -1 | internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration | | Token-Permissions | :warning: 0 | detected GitHub workflow tokens with excessive permissions | | Binary-Artifacts | :green_circle: 10 | no binaries found in the repo | | Fuzzing | :green_circle: 10 | project is fuzzed | | Vulnerabilities | :green_circle: 10 | 0 existing vulnerabilities detected | | Security-Policy | :warning: 0 | security policy file not detected | | SAST | :warning: 0 | SAST tool is not run on all commits -- score normalized to 0 | | Pinned-Dependencies | :warning: 0 | dependency not pinned by hash detected -- score normalized to 0 |
|
| pip/httpcore | 1.0.5 |
:green_circle: 7.2 | Details| Check | Score | Reason |
|---|
| Maintained | :green_circle: 10 | 19 commit(s) and 2 issue activity found in the last 90 days -- score normalized to 10 | | Code-Review | :green_circle: 10 | all changesets reviewed | | CII-Best-Practices | :warning: 0 | no effort to earn an OpenSSF best practices badge detected | | License | :green_circle: 10 | license file detected | | Binary-Artifacts | :green_circle: 10 | no binaries found in the repo | | Token-Permissions | :warning: 0 | detected GitHub workflow tokens with excessive permissions | | Dangerous-Workflow | :green_circle: 10 | no dangerous workflow patterns detected | | Packaging | :warning: -1 | packaging workflow not detected | | Branch-Protection | :warning: -1 | internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration | | Signed-Releases | :warning: -1 | no releases found | | Fuzzing | :green_circle: 10 | project is fuzzed | | Vulnerabilities | :green_circle: 10 | 0 existing vulnerabilities detected | | Security-Policy | :green_circle: 10 | security policy file detected | | SAST | :warning: 0 | SAST tool is not run on all commits -- score normalized to 0 | | Pinned-Dependencies | :warning: 0 | dependency not pinned by hash detected -- score normalized to 0 |
|
| pip/httplib2 | 0.22.0 |
:green_circle: 5.6 | Details| Check | Score | Reason |
|---|
| Code-Review | :green_circle: 4 | Found 11/27 approved changesets -- score normalized to 4 | | Maintained | :warning: 0 | 0 commit(s) and 1 issue activity found in the last 90 days -- score normalized to 0 | | CII-Best-Practices | :warning: 0 | no effort to earn an OpenSSF best practices badge detected | | License | :green_circle: 9 | license file detected | | Signed-Releases | :warning: -1 | no releases found | | Token-Permissions | :warning: 0 | detected GitHub workflow tokens with excessive permissions | | Packaging | :warning: -1 | packaging workflow not detected | | Branch-Protection | :warning: -1 | internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration | | Dangerous-Workflow | :green_circle: 10 | no dangerous workflow patterns detected | | Security-Policy | :green_circle: 10 | security policy file detected | | Binary-Artifacts | :green_circle: 10 | no binaries found in the repo | | Fuzzing | :green_circle: 10 | project is fuzzed | | Vulnerabilities | :green_circle: 10 | 0 existing vulnerabilities detected | | SAST | :warning: 0 | SAST tool is not run on all commits -- score normalized to 0 | | Pinned-Dependencies | :warning: 0 | dependency not pinned by hash detected -- score normalized to 0 |
|
| pip/httpx | 0.27.0 |
:green_circle: 7.1 | Details| Check | Score | Reason |
|---|
| Code-Review | :green_circle: 9 | Found 24/25 approved changesets -- score normalized to 9 | | Maintained | :green_circle: 10 | 24 commit(s) and 10 issue activity found in the last 90 days -- score normalized to 10 | | CII-Best-Practices | :warning: 0 | no effort to earn an OpenSSF best practices badge detected | | License | :green_circle: 10 | license file detected | | Signed-Releases | :warning: -1 | no releases found | | Branch-Protection | :warning: -1 | internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration | | Token-Permissions | :warning: 0 | detected GitHub workflow tokens with excessive permissions | | Dangerous-Workflow | :green_circle: 10 | no dangerous workflow patterns detected | | Binary-Artifacts | :green_circle: 10 | no binaries found in the repo | | Packaging | :warning: -1 | packaging workflow not detected | | Fuzzing | :green_circle: 10 | project is fuzzed | | Vulnerabilities | :green_circle: 10 | 0 existing vulnerabilities detected | | Security-Policy | :green_circle: 10 | security policy file detected | | SAST | :warning: 0 | SAST tool is not run on all commits -- score normalized to 0 | | Pinned-Dependencies | :warning: 0 | dependency not pinned by hash detected -- score normalized to 0 |
|
| pip/huggingface-hub | 0.23.0 |
:green_circle: 6 | Details| Check | Score | Reason |
|---|
| Maintained | :green_circle: 10 | 30 commit(s) and 4 issue activity found in the last 90 days -- score normalized to 10 | | Code-Review | :green_circle: 8 | Found 25/30 approved changesets -- score normalized to 8 | | CII-Best-Practices | :warning: 0 | no effort to earn an OpenSSF best practices badge detected | | License | :green_circle: 10 | license file detected | | Branch-Protection | :warning: -1 | internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration | | Signed-Releases | :warning: -1 | no releases found | | Packaging | :warning: -1 | packaging workflow not detected | | Dangerous-Workflow | :green_circle: 10 | no dangerous workflow patterns detected | | Token-Permissions | :warning: 0 | detected GitHub workflow tokens with excessive permissions | | Binary-Artifacts | :green_circle: 10 | no binaries found in the repo | | Fuzzing | :warning: 0 | project is not fuzzed | | Security-Policy | :warning: 0 | security policy file not detected | | Vulnerabilities | :green_circle: 10 | 0 existing vulnerabilities detected | | Pinned-Dependencies | :warning: 0 | dependency not pinned by hash detected -- score normalized to 0 | | SAST | :green_circle: 5 | SAST tool is not run on all commits -- score normalized to 5 |
|
| pip/idna | 3.7 |
:green_circle: 7.2 | Details| Check | Score | Reason |
|---|
| Binary-Artifacts | :green_circle: 10 | no binaries found in the repo | | Branch-Protection | :warning: -1 | internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration | | CI-Tests | :green_circle: 10 | 12 out of 12 merged PRs checked by a CI test -- score normalized to 10 | | CII-Best-Practices | :warning: 0 | no effort to earn an OpenSSF best practices badge detected | | Code-Review | :green_circle: 4 | found 9 unreviewed changesets out of 15 -- score normalized to 4 | | Contributors | :green_circle: 10 | 41 different organizations found -- score normalized to 10 | | Dangerous-Workflow | :green_circle: 10 | no dangerous workflow patterns detected | | Dependency-Update-Tool | :warning: 0 | no update tool detected | | Fuzzing | :green_circle: 10 | project is fuzzed | | License | :green_circle: 10 | license file detected | | Maintained | :green_circle: 10 | 9 commit(s) out of 30 and 4 issue activity out of 30 found in the last 90 days -- score normalized to 10 | | Packaging | :warning: -1 | no published package detected | | Pinned-Dependencies | :warning: -1 | internal error: internal error: unable to determine OS for job: | | SAST | :green_circle: 5 | SAST tool is not run on all commits -- score normalized to 5 | | Security-Policy | :green_circle: 10 | security policy file detected | | Signed-Releases | :warning: 0 | 0 out of 1 artifacts are signed or have provenance | | Token-Permissions | :green_circle: 10 | GitHub workflow tokens follow principle of least privilege | | Vulnerabilities | :green_circle: 10 | no vulnerabilities detected |
|
| pip/imagesize | 1.4.1 |
:green_circle: 3 | Details| Check | Score | Reason |
|---|
| Code-Review | :warning: 0 | Found 1/27 approved changesets -- score normalized to 0 | | Maintained | :warning: 0 | 0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0 | | CII-Best-Practices | :warning: 0 | no effort to earn an OpenSSF best practices badge detected | | Signed-Releases | :warning: -1 | no releases found | | License | :green_circle: 10 | license file detected | | Packaging | :warning: -1 | packaging workflow not detected | | Dangerous-Workflow | :warning: -1 | no workflows found | | Binary-Artifacts | :green_circle: 10 | no binaries found in the repo | | Token-Permissions | :warning: -1 | No tokens found | | Branch-Protection | :warning: 0 | branch protection not enabled on development/release branches | | Pinned-Dependencies | :warning: -1 | no dependencies found | | Fuzzing | :warning: 0 | project is not fuzzed | | Vulnerabilities | :green_circle: 10 | 0 existing vulnerabilities detected | | Security-Policy | :warning: 0 | security policy file not detected | | SAST | :warning: 0 | SAST tool is not run on all commits -- score normalized to 0 |
|
| pip/importlib-metadata | 7.1.0 |
:green_circle: 6.4 | Details| Check | Score | Reason |
|---|
| Code-Review | :warning: 0 | Found 0/30 approved changesets -- score normalized to 0 | | Maintained | :green_circle: 10 | 30 commit(s) and 6 issue activity found in the last 90 days -- score normalized to 10 | | CII-Best-Practices | :warning: 0 | no effort to earn an OpenSSF best practices badge detected | | License | :green_circle: 10 | license file detected | | Binary-Artifacts | :green_circle: 8 | binaries present in source code | | Dangerous-Workflow | :green_circle: 10 | no dangerous workflow patterns detected | | Security-Policy | :green_circle: 10 | security policy file detected | | Packaging | :warning: -1 | packaging workflow not detected | | Token-Permissions | :green_circle: 10 | GitHub workflow tokens follow principle of least privilege | | SAST | :warning: 0 | no SAST tool detected | | Signed-Releases | :warning: -1 | no releases found | | Branch-Protection | :warning: 0 | branch protection not enabled on development/release branches | | Vulnerabilities | :green_circle: 10 | 0 existing vulnerabilities detected | | Fuzzing | :green_circle: 10 | project is fuzzed | | Pinned-Dependencies | :warning: 0 | dependency not pinned by hash detected -- score normalized to 0 |
|
| pip/iniconfig | 2.0.0 |
Unknown | Unknown |
| pip/jinja2 | 3.1.4 |
:green_circle: 6.9 | Details| Check | Score | Reason |
|---|
| Maintained | :green_circle: 10 | 27 commit(s) and 1 issue activity found in the last 90 days -- score normalized to 10 | | Code-Review | :warning: 0 | Found 0/18 approved changesets -- score normalized to 0 | | CII-Best-Practices | :warning: 0 | no effort to earn an OpenSSF best practices badge detected | | License | :green_circle: 10 | license file detected | | Signed-Releases | :green_circle: 10 | 2 out of the last 2 releases have a total of 2 signed artifacts. | | Branch-Protection | :warning: -1 | internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration | | Dangerous-Workflow | :green_circle: 10 | no dangerous workflow patterns detected | | Binary-Artifacts | :green_circle: 10 | no binaries found in the repo | | Token-Permissions | :warning: 0 | detected GitHub workflow tokens with excessive permissions | | Vulnerabilities | :green_circle: 10 | 0 existing vulnerabilities detected | | Pinned-Dependencies | :green_circle: 4 | dependency not pinned by hash detected -- score normalized to 4 | | Fuzzing | :green_circle: 10 | project is fuzzed | | Packaging | :green_circle: 10 | packaging workflow detected | | Security-Policy | :green_circle: 9 | security policy file detected | | SAST | :warning: 0 | SAST tool is not run on all commits -- score normalized to 0 |
|
| pip/jmespath | 1.0.1 |
:green_circle: 4.7 | Details| Check | Score | Reason |
|---|
| Code-Review | :green_circle: 5 | Found 10/17 approved changesets -- score normalized to 5 | | Maintained | :warning: 0 | 0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0 | | CII-Best-Practices | :warning: 0 | no effort to earn an OpenSSF best practices badge detected | | License | :green_circle: 10 | license file detected | | Signed-Releases | :warning: -1 | no releases found | | Token-Permissions | :warning: 0 | detected GitHub workflow tokens with excessive permissions | | Packaging | :warning: -1 | packaging workflow not detected | | Dangerous-Workflow | :green_circle: 10 | no dangerous workflow patterns detected | | Binary-Artifacts | :green_circle: 10 | no binaries found in the repo | | Branch-Protection | :warning: 0 | branch protection not enabled on development/release branches | | Fuzzing | :green_circle: 10 | project is fuzzed | | Security-Policy | :warning: 0 | security policy file not detected | | Vulnerabilities | :green_circle: 10 | 0 existing vulnerabilities detected | | Pinned-Dependencies | :warning: 2 | dependency not pinned by hash detected -- score normalized to 2 | | SAST | :warning: 0 | SAST tool is not run on all commits -- score normalized to 0 |
|
| pip/jsonpatch | 1.33 |
:green_circle: 3.9 | Details| Check | Score | Reason |
|---|
| Maintained | :warning: 0 | 1 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0 | | Code-Review | :green_circle: 5 | Found 11/20 approved changesets -- score normalized to 5 | | CII-Best-Practices | :warning: 0 | no effort to earn an OpenSSF best practices badge detected | | License | :green_circle: 10 | license file detected | | Signed-Releases | :warning: -1 | no releases found | | Packaging | :warning: -1 | packaging workflow not detected | | Dangerous-Workflow | :green_circle: 10 | no dangerous workflow patterns detected | | Binary-Artifacts | :green_circle: 10 | no binaries found in the repo | | Token-Permissions | :warning: 0 | detected GitHub workflow tokens with excessive permissions | | Branch-Protection | :warning: 0 | branch protection not enabled on development/release branches | | Fuzzing | :warning: 0 | project is not fuzzed | | Security-Policy | :warning: 0 | security policy file not detected | | Vulnerabilities | :green_circle: 10 | 0 existing vulnerabilities detected | | Pinned-Dependencies | :warning: 0 | dependency not pinned by hash detected -- score normalized to 0 | | SAST | :warning: 0 | SAST tool is not run on all commits -- score normalized to 0 |
|
| pip/jsonpointer | 2.4 |
:green_circle: 3.8 | Details| Check | Score | Reason |
|---|
| Code-Review | :green_circle: 4 | Found 6/15 approved changesets -- score normalized to 4 | | Maintained | :warning: 0 | 0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0 | | CII-Best-Practices | :warning: 0 | no effort to earn an OpenSSF best practices badge detected | | Signed-Releases | :warning: -1 | no releases found | | License | :green_circle: 9 | license file detected | | Dangerous-Workflow | :green_circle: 10 | no dangerous workflow patterns detected | | Binary-Artifacts | :green_circle: 10 | no binaries found in the repo | | Packaging | :warning: -1 | packaging workflow not detected | | Branch-Protection | :warning: 0 | branch protection not enabled on development/release branches | | Token-Permissions | :warning: 0 | detected GitHub workflow tokens with excessive permissions | | Vulnerabilities | :green_circle: 10 | 0 existing vulnerabilities detected | | Fuzzing | :warning: 0 | project is not fuzzed | | Security-Policy | :warning: 0 | security policy file not detected | | SAST | :warning: 0 | SAST tool is not run on all commits -- score normalized to 0 | | Pinned-Dependencies | :warning: 0 | dependency not pinned by hash detected -- score normalized to 0 |
|
| pip/langchain | 0.1.15 |
:green_circle: 5.3 | Details| Check | Score | Reason |
|---|
| Maintained | :green_circle: 10 | 30 commit(s) and 5 issue activity found in the last 90 days -- score normalized to 10 | | Code-Review | :green_circle: 7 | Found 22/30 approved changesets -- score normalized to 7 | | CII-Best-Practices | :warning: 0 | no effort to earn an OpenSSF best practices badge detected | | License | :green_circle: 10 | license file detected | | Signed-Releases | :warning: -1 | no releases found | | Branch-Protection | :green_circle: 3 | branch protection is not maximal on development and all release branches | | Dangerous-Workflow | :green_circle: 10 | no dangerous workflow patterns detected | | Security-Policy | :green_circle: 10 | security policy file detected | | Token-Permissions | :warning: 0 | detected GitHub workflow tokens with excessive permissions | | SAST | :warning: 0 | SAST tool is not run on all commits -- score normalized to 0 | | Binary-Artifacts | :green_circle: 10 | no binaries found in the repo | | Fuzzing | :warning: 0 | project is not fuzzed | | Packaging | :green_circle: 10 | packaging workflow detected | | Pinned-Dependencies | :warning: 0 | dependency not pinned by hash detected -- score normalized to 0 | | Vulnerabilities | :warning: 0 | 32 existing vulnerabilities detected |
|
| pip/langchain-anthropic | 0.1.11 |
:green_circle: 5.3 | Details| Check | Score | Reason |
|---|
| Maintained | :green_circle: 10 | 30 commit(s) and 5 issue activity found in the last 90 days -- score normalized to 10 | | Code-Review | :green_circle: 7 | Found 22/30 approved changesets -- score normalized to 7 | | CII-Best-Practices | :warning: 0 | no effort to earn an OpenSSF best practices badge detected | | License | :green_circle: 10 | license file detected | | Signed-Releases | :warning: -1 | no releases found | | Branch-Protection | :green_circle: 3 | branch protection is not maximal on development and all release branches | | Dangerous-Workflow | :green_circle: 10 | no dangerous workflow patterns detected | | Security-Policy | :green_circle: 10 | security policy file detected | | Token-Permissions | :warning: 0 | detected GitHub workflow tokens with excessive permissions | | SAST | :warning: 0 | SAST tool is not run on all commits -- score normalized to 0 | | Binary-Artifacts | :green_circle: 10 | no binaries found in the repo | | Fuzzing | :warning: 0 | project is not fuzzed | | Packaging | :green_circle: 10 | packaging workflow detected | | Pinned-Dependencies | :warning: 0 | dependency not pinned by hash detected -- score normalized to 0 | | Vulnerabilities | :warning: 0 | 32 existing vulnerabilities detected |
|
| pip/langchain-aws | 0.1.3 |
Unknown | Unknown |
| pip/langchain-community | 0.0.38 |
:green_circle: 5.3 | Details| Check | Score | Reason |
|---|
| Maintained | :green_circle: 10 | 30 commit(s) and 5 issue activity found in the last 90 days -- score normalized to 10 | | Code-Review | :green_circle: 7 | Found 22/30 approved changesets -- score normalized to 7 | | CII-Best-Practices | :warning: 0 | no effort to earn an OpenSSF best practices badge detected | | License | :green_circle: 10 | license file detected | | Signed-Releases | :warning: -1 | no releases found | | Branch-Protection | :green_circle: 3 | branch protection is not maximal on development and all release branches | | Dangerous-Workflow | :green_circle: 10 | no dangerous workflow patterns detected | | Security-Policy | :green_circle: 10 | security policy file detected | | Token-Permissions | :warning: 0 | detected GitHub workflow tokens with excessive permissions | | SAST | :warning: 0 | SAST tool is not run on all commits -- score normalized to 0 | | Binary-Artifacts | :green_circle: 10 | no binaries found in the repo | | Fuzzing | :warning: 0 | project is not fuzzed | | Packaging | :green_circle: 10 | packaging workflow detected | | Pinned-Dependencies | :warning: 0 | dependency not pinned by hash detected -- score normalized to 0 | | Vulnerabilities | :warning: 0 | 32 existing vulnerabilities detected |
|
| pip/langchain-core | 0.1.52 |
:green_circle: 5.3 | Details| Check | Score | Reason |
|---|
| Maintained | :green_circle: 10 | 30 commit(s) and 5 issue activity found in the last 90 days -- score normalized to 10 | | Code-Review | :green_circle: 7 | Found 22/30 approved changesets -- score normalized to 7 | | CII-Best-Practices | :warning: 0 | no effort to earn an OpenSSF best practices badge detected | | License | :green_circle: 10 | license file detected | | Signed-Releases | :warning: -1 | no releases found | | Branch-Protection | :green_circle: 3 | branch protection is not maximal on development and all release branches | | Dangerous-Workflow | :green_circle: 10 | no dangerous workflow patterns detected | | Security-Policy | :green_circle: 10 | security policy file detected | | Token-Permissions | :warning: 0 | detected GitHub workflow tokens with excessive permissions | | SAST | :warning: 0 | SAST tool is not run on all commits -- score normalized to 0 | | Binary-Artifacts | :green_circle: 10 | no binaries found in the repo | | Fuzzing | :warning: 0 | project is not fuzzed | | Packaging | :green_circle: 10 | packaging workflow detected | | Pinned-Dependencies | :warning: 0 | dependency not pinned by hash detected -- score normalized to 0 | | Vulnerabilities | :warning: 0 | 32 existing vulnerabilities detected |
|
| pip/langchain-google-genai | 1.0.3 |
Unknown | Unknown |
| pip/langchain-groq | 0.1.3 |
:green_circle: 5.3 | Details| Check | Score | Reason |
|---|
| Maintained | :green_circle: 10 | 30 commit(s) and 5 issue activity found in the last 90 days -- score normalized to 10 | | Code-Review | :green_circle: 7 | Found 22/30 approved changesets -- score normalized to 7 | | CII-Best-Practices | :warning: 0 | no effort to earn an OpenSSF best practices badge detected | | License | :green_circle: 10 | license file detected | | Signed-Releases | :warning: -1 | no releases found | | Branch-Protection | :green_circle: 3 | branch protection is not maximal on development and all release branches | | Dangerous-Workflow | :green_circle: 10 | no dangerous workflow patterns detected | | Security-Policy | :green_circle: 10 | security policy file detected | | Token-Permissions | :warning: 0 | detected GitHub workflow tokens with excessive permissions | | SAST | :warning: 0 | SAST tool is not run on all commits -- score normalized to 0 | | Binary-Artifacts | :green_circle: 10 | no binaries found in the repo | | Fuzzing | :warning: 0 | project is not fuzzed | | Packaging | :green_circle: 10 | packaging workflow detected | | Pinned-Dependencies | :warning: 0 | dependency not pinned by hash detected -- score normalized to 0 | | Vulnerabilities | :warning: 0 | 32 existing vulnerabilities detected |
|
| pip/langchain-openai | 0.1.6 |
:green_circle: 5.3 | Details| Check | Score | Reason |
|---|
| Maintained | :green_circle: 10 | 30 commit(s) and 5 issue activity found in the last 90 days -- score normalized to 10 | | Code-Review | :green_circle: 7 | Found 22/30 approved changesets -- score normalized to 7 | | CII-Best-Practices | :warning: 0 | no effort to earn an OpenSSF best practices badge detected | | License | :green_circle: 10 | license file detected | | Signed-Releases | :warning: -1 | no releases found | | Branch-Protection | :green_circle: 3 | branch protection is not maximal on development and all release branches | | Dangerous-Workflow | :green_circle: 10 | no dangerous workflow patterns detected | | Security-Policy | :green_circle: 10 | security policy file detected | | Token-Permissions | :warning: 0 | detected GitHub workflow tokens with excessive permissions | | SAST | :warning: 0 | SAST tool is not run on all commits -- score normalized to 0 | | Binary-Artifacts | :green_circle: 10 | no binaries found in the repo | | Fuzzing | :warning: 0 | project is not fuzzed | | Packaging | :green_circle: 10 | packaging workflow detected | | Pinned-Dependencies | :warning: 0 | dependency not pinned by hash detected -- score normalized to 0 | | Vulnerabilities | :warning: 0 | 32 existing vulnerabilities detected |
|
| pip/langchain-text-splitters | 0.0.1 |
:green_circle: 5.3 | Details| Check | Score | Reason |
|---|
| Maintained | :green_circle: 10 | 30 commit(s) and 5 issue activity found in the last 90 days -- score normalized to 10 | | Code-Review | :green_circle: 7 | Found 22/30 approved changesets -- score normalized to 7 | | CII-Best-Practices | :warning: 0 | no effort to earn an OpenSSF best practices badge detected | | License | :green_circle: 10 | license file detected | | Signed-Releases | :warning: -1 | no releases found | | Branch-Protection | :green_circle: 3 | branch protection is not maximal on development and all release branches | | Dangerous-Workflow | :green_circle: 10 | no dangerous workflow patterns detected | | Security-Policy | :green_circle: 10 | security policy file detected | | Token-Permissions | :warning: 0 | detected GitHub workflow tokens with excessive permissions | | SAST | :warning: 0 | SAST tool is not run on all commits -- score normalized to 0 | | Binary-Artifacts | :green_circle: 10 | no binaries found in the repo | | Fuzzing | :warning: 0 | project is not fuzzed | | Packaging | :green_circle: 10 | packaging workflow detected | | Pinned-Dependencies | :warning: 0 | dependency not pinned by hash detected -- score normalized to 0 | | Vulnerabilities | :warning: 0 | 32 existing vulnerabilities detected |
|
| pip/langsmith | 0.1.57 |
Unknown | Unknown |
| pip/lxml | 5.2.2 |
:green_circle: 6.7 | Details| Check | Score | Reason |
|---|
| Code-Review | :warning: 0 | Found 1/30 approved changesets -- score normalized to 0 | | Maintained | :green_circle: 10 | 30 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 10 | | CII-Best-Practices | :warning: 0 | no effort to earn an OpenSSF best practices badge detected | | License | :green_circle: 9 | license file detected | | Branch-Protection | :warning: -1 | internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration | | Packaging | :warning: -1 | packaging workflow not detected | | Security-Policy | :green_circle: 10 | security policy file detected | | Dangerous-Workflow | :green_circle: 10 | no dangerous workflow patterns detected | | Token-Permissions | :green_circle: 10 | GitHub workflow tokens follow principle of least privilege | | Binary-Artifacts | :green_circle: 10 | no binaries found in the repo | | Fuzzing | :green_circle: 10 | project is fuzzed | | SAST | :warning: 0 | SAST tool is not run on all commits -- score normalized to 0 | | Vulnerabilities | :green_circle: 10 | 0 existing vulnerabilities detected | | Signed-Releases | :warning: 0 | Project has not signed or included provenance with any releases. | | Pinned-Dependencies | :warning: 2 | dependency not pinned by hash detected -- score normalized to 2 |
|
| pip/markupsafe | 2.1.5 |
:green_circle: 7.1 | Details| Check | Score | Reason |
|---|
| Code-Review | :warning: 1 | Found 2/14 approved changesets -- score normalized to 1 | | Maintained | :green_circle: 10 | 22 commit(s) and 3 issue activity found in the last 90 days -- score normalized to 10 | | CII-Best-Practices | :warning: 0 | no effort to earn an OpenSSF best practices badge detected | | License | :green_circle: 10 | license file detected | | Dangerous-Workflow | :green_circle: 10 | no dangerous workflow patterns detected | | Binary-Artifacts | :green_circle: 10 | no binaries found in the repo | | Pinned-Dependencies | :green_circle: 5 | dependency not pinned by hash detected -- score normalized to 5 | | Branch-Protection | :warning: -1 | internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration | | Token-Permissions | :warning: 0 | detected GitHub workflow tokens with excessive permissions | | Signed-Releases | :green_circle: 10 | 4 out of the last 4 releases have a total of 4 signed artifacts. | | Fuzzing | :green_circle: 10 | project is fuzzed | | Vulnerabilities | :green_circle: 10 | 0 existing vulnerabilities detected | | Packaging | :green_circle: 10 | packaging workflow detected | | Security-Policy | :green_circle: 9 | security policy file detected | | SAST | :warning: 0 | SAST tool is not run on all commits -- score normalized to 0 |
|
| pip/marshmallow | 3.21.2 |
:green_circle: 6 | Details| Check | Score | Reason |
|---|
| Code-Review | :warning: 2 | Found 2/10 approved changesets -- score normalized to 2 | | Maintained | :green_circle: 10 | 30 commit(s) and 5 issue activity found in the last 90 days -- score normalized to 10 | | CII-Best-Practices | :warning: 0 | no effort to earn an OpenSSF best practices badge detected | | License | :green_circle: 10 | license file detected | | Signed-Releases | :warning: -1 | no releases found | | Token-Permissions | :warning: 0 | detected GitHub workflow tokens with excessive permissions | | Security-Policy | :green_circle: 10 | security policy file detected | | Binary-Artifacts | :green_circle: 10 | no binaries found in the repo | | Dangerous-Workflow | :green_circle: 10 | no dangerous workflow patterns detected | | Branch-Protection | :warning: -1 | internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration | | Vulnerabilities | :green_circle: 10 | 0 existing vulnerabilities detected | | Fuzzing | :warning: 0 | project is not fuzzed | | Packaging | :green_circle: 10 | packaging workflow detected | | SAST | :warning: 0 | SAST tool is not run on all commits -- score normalized to 0 | | Pinned-Dependencies | :warning: 0 | dependency not pinned by hash detected -- score normalized to 0 |
|
| pip/minify-html | 0.15.0 |
:green_circle: 3.5 | Details| Check | Score | Reason |
|---|
| Maintained | :warning: 0 | 0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0 | | Code-Review | :warning: 0 | Found 0/30 approved changesets -- score normalized to 0 | | CII-Best-Practices | :warning: 0 | no effort to earn an OpenSSF best practices badge detected | | License | :green_circle: 10 | license file detected | | Signed-Releases | :warning: 0 | Project has not signed or included provenance with any releases. | | Branch-Protection | :warning: 0 | branch protection not enabled on development/release branches | | SAST | :warning: 0 | no SAST tool detected | | Dangerous-Workflow | :green_circle: 10 | no dangerous workflow patterns detected | | Token-Permissions | :warning: 0 | detected GitHub workflow tokens with excessive permissions | | Binary-Artifacts | :green_circle: 10 | no binaries found in the repo | | Fuzzing | :warning: 0 | project is not fuzzed | | Vulnerabilities | :green_circle: 10 | 0 existing vulnerabilities detected | | Security-Policy | :warning: 0 | security policy file not detected | | Packaging | :green_circle: 10 | packaging workflow detected | | Pinned-Dependencies | :warning: 0 | dependency not pinned by hash detected -- score normalized to 0 |
|
| pip/multidict | 6.0.5 |
:green_circle: 6.7 | Details| Check | Score | Reason |
|---|
| Code-Review | :green_circle: 3 | Found 4/13 approved changesets -- score normalized to 3 | | Maintained | :green_circle: 10 | 14 commit(s) and 4 issue activity found in the last 90 days -- score normalized to 10 | | CII-Best-Practices | :warning: 0 | no effort to earn an OpenSSF best practices badge detected | | License | :green_circle: 9 | license file detected | | Binary-Artifacts | :green_circle: 10 | no binaries found in the repo | | Dangerous-Workflow | :green_circle: 10 | no dangerous workflow patterns detected | | Branch-Protection | :warning: -1 | internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration | | Token-Permissions | :warning: 0 | detected GitHub workflow tokens with excessive permissions | | Vulnerabilities | :green_circle: 10 | 0 existing vulnerabilities detected | | Fuzzing | :green_circle: 10 | project is fuzzed | | Signed-Releases | :warning: 0 | Project has not signed or included provenance with any releases. | | Security-Policy | :green_circle: 10 | security policy file detected | | Packaging | :green_circle: 10 | packaging workflow detected | | SAST | :green_circle: 10 | SAST tool is run on all commits | | Pinned-Dependencies | :warning: 0 | dependency not pinned by hash detected -- score normalized to 0 |
|
| pip/mypy-extensions | 1.0.0 |
:green_circle: 5.3 | Details| Check | Score | Reason |
|---|
| Code-Review | :green_circle: 5 | Found 12/22 approved changesets -- score normalized to 5 | | Maintained | :warning: 0 | 0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0 | | CII-Best-Practices | :warning: 0 | no effort to earn an OpenSSF best practices badge detected | | Signed-Releases | :warning: -1 | no releases found | | License | :green_circle: 9 | license file detected | | Binary-Artifacts | :green_circle: 10 | no binaries found in the repo | | Dangerous-Workflow | :green_circle: 10 | no dangerous workflow patterns detected | | Packaging | :warning: -1 | packaging workflow not detected | | Token-Permissions | :green_circle: 10 | GitHub workflow tokens follow principle of least privilege | | Branch-Protection | :warning: -1 | internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration | | Fuzzing | :warning: 0 | project is not fuzzed | | Vulnerabilities | :green_circle: 10 | 0 existing vulnerabilities detected | | Security-Policy | :warning: 0 | security policy file not detected | | SAST | :warning: 0 | SAST tool is not run on all commits -- score normalized to 0 | | Pinned-Dependencies | :warning: 0 | dependency not pinned by hash detected -- score normalized to 0 |
|
| pip/numpy | 1.26.4 |
:green_circle: 8.3 | Details| Check | Score | Reason |
|---|
| Binary-Artifacts | :green_circle: 10 | no binaries found in the repo | | Branch-Protection | :warning: -1 | internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration | | CI-Tests | :green_circle: 10 | 12 out of 12 merged PRs checked by a CI test -- score normalized to 10 | | CII-Best-Practices | :warning: 0 | no effort to earn an OpenSSF best practices badge detected | | Code-Review | :green_circle: 9 | Found 9/10 approved changesets -- score normalized to 9 | | Contributors | :green_circle: 10 | project has 95 contributing companies or organizations | | Dangerous-Workflow | :green_circle: 10 | no dangerous workflow patterns detected | | Dependency-Update-Tool | :green_circle: 10 | update tool detected | | Fuzzing | :green_circle: 10 | project is fuzzed | | License | :green_circle: 9 | license file detected | | Maintained | :green_circle: 10 | 30 commit(s) and 16 issue activity found in the last 90 days -- score normalized to 10 | | Packaging | :warning: -1 | packaging workflow not detected | | Pinned-Dependencies | :green_circle: 3 | dependency not pinned by hash detected -- score normalized to 3 | | SAST | :green_circle: 9 | SAST tool detected but not run on all commits | | Security-Policy | :green_circle: 9 | security policy file detected | | Signed-Releases | :warning: 0 | Project has not signed or included provenance with any releases. | | Token-Permissions | :green_circle: 10 | GitHub workflow tokens follow principle of least privilege | | Vulnerabilities | :green_circle: 10 | 0 existing vulnerabilities detected |
|
| pip/openai | 1.29.0 |
:green_circle: 5.9 | Details| Check | Score | Reason |
|---|
| Code-Review | :green_circle: 10 | all changesets reviewed | | Maintained | :green_circle: 10 | 30 commit(s) and 6 issue activity found in the last 90 days -- score normalized to 10 | | CII-Best-Practices | :warning: 0 | no effort to earn an OpenSSF best practices badge detected | | License | :green_circle: 10 | license file detected | | Branch-Protection | :warning: -1 | internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration | | Signed-Releases | :warning: -1 | no releases found | | Packaging | :warning: -1 | packaging workflow not detected | | Token-Permissions | :warning: 0 | detected GitHub workflow tokens with excessive permissions | | Dangerous-Workflow | :green_circle: 10 | no dangerous workflow patterns detected | | Binary-Artifacts | :green_circle: 10 | no binaries found in the repo | | Fuzzing | :warning: 0 | project is not fuzzed | | Security-Policy | :warning: 0 | security policy file not detected | | Vulnerabilities | :green_circle: 10 | 0 existing vulnerabilities detected | | SAST | :warning: 0 | SAST tool is not run on all commits -- score normalized to 0 | | Pinned-Dependencies | :warning: 0 | dependency not pinned by hash detected -- score normalized to 0 |
|
| pip/orjson | 3.10.3 |
:green_circle: 5 | Details| Check | Score | Reason |
|---|
| Maintained | :green_circle: 10 | 28 commit(s) and 8 issue activity found in the last 90 days -- score normalized to 10 | | Code-Review | :warning: 0 | Found 0/30 approved changesets -- score normalized to 0 | | CII-Best-Practices | :warning: 0 | no effort to earn an OpenSSF best practices badge detected | | License | :green_circle: 10 | license file detected | | Signed-Releases | :warning: -1 | no releases found | | Packaging | :warning: -1 | packaging workflow not detected | | Dangerous-Workflow | :green_circle: 10 | no dangerous workflow patterns detected | | Branch-Protection | :warning: 0 | branch protection not enabled on development/release branches | | Binary-Artifacts | :green_circle: 10 | no binaries found in the repo | | SAST | :warning: 0 | no SAST tool detected | | Security-Policy | :warning: 0 | security policy file not detected | | Token-Permissions | :warning: 0 | detected GitHub workflow tokens with excessive permissions | | Fuzzing | :green_circle: 10 | project is fuzzed | | Vulnerabilities | :green_circle: 10 | 0 existing vulnerabilities detected | | Pinned-Dependencies | :warning: 0 | dependency not pinned by hash detected -- score normalized to 0 |
|
| pip/packaging | 23.2 |
:green_circle: 7.4 | Details| Check | Score | Reason |
|---|
| Code-Review | :green_circle: 8 | Found 23/28 approved changesets -- score normalized to 8 | | Maintained | :green_circle: 10 | 9 commit(s) and 7 issue activity found in the last 90 days -- score normalized to 10 | | CII-Best-Practices | :warning: 0 | no effort to earn an OpenSSF best practices badge detected | | License | :green_circle: 9 | license file detected | | Signed-Releases | :warning: -1 | no releases found | | Security-Policy | :green_circle: 9 | security policy file detected | | Dangerous-Workflow | :green_circle: 10 | no dangerous workflow patterns detected | | Packaging | :warning: -1 | packaging workflow not detected | | Binary-Artifacts | :green_circle: 4 | binaries present in source code | | Token-Permissions | :warning: 0 | detected GitHub workflow tokens with excessive permissions | | Pinned-Dependencies | :green_circle: 10 | all dependencies are pinned | | Fuzzing | :green_circle: 10 | project is fuzzed | | Branch-Protection | :warning: -1 | internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration | | SAST | :green_circle: 8 | SAST tool detected but not run on all commits | | Vulnerabilities | :green_circle: 9 | 1 existing vulnerabilities detected |
|
| pip/pandas | 2.2.2 |
:green_circle: 6.4 | Details| Check | Score | Reason |
|---|
| Binary-Artifacts | :green_circle: 10 | no binaries found in the repo | | Branch-Protection | :warning: -1 | internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration | | CI-Tests | :green_circle: 10 | 30 out of 30 merged PRs checked by a CI test -- score normalized to 10 | | CII-Best-Practices | :warning: 0 | no badge detected | | Code-Review | :green_circle: 8 | 25 out of last 30 changesets reviewed before merge -- score normalized to 8 | | Contributors | :green_circle: 10 | 47 different organizations found -- score normalized to 10 | | Dangerous-Workflow | :green_circle: 10 | no dangerous workflow patterns detected | | Dependency-Update-Tool | :warning: 0 | no update tool detected | | Fuzzing | :green_circle: 10 | project is fuzzed with [OSSFuzz] | | License | :green_circle: 10 | license file detected | | Maintained | :green_circle: 10 | 30 commit(s) out of 30 and 21 issue activity out of 30 found in the last 90 days -- score normalized to 10 | | Packaging | :warning: -1 | no published package detected | | Pinned-Dependencies | :warning: 0 | dependency not pinned by hash detected -- score normalized to 0 | | SAST | :green_circle: 7 | SAST tool detected but not run on all commmits | | Security-Policy | :green_circle: 10 | security policy file detected | | Signed-Releases | :warning: 0 | 0 out of 5 artifacts are signed or have provenance | | Token-Permissions | :warning: 0 | non read-only tokens detected in GitHub workflows | | Vulnerabilities | :green_circle: 10 | no vulnerabilities detected |
|
| pip/playwright | 1.43.0 |
:green_circle: 7.2 | Details| Check | Score | Reason |
|---|
| Code-Review | :green_circle: 10 | all last 30 commits are reviewed through GitHub | | Maintained | :green_circle: 10 | 30 commit(s) out of 30 and 25 issue activity out of 30 found in the last 90 days -- score normalized to 10 | | CII-Best-Practices | :warning: 0 | no badge detected | | Vulnerabilities | :green_circle: 10 | no vulnerabilities detected | | Signed-Releases | :warning: -1 | no releases found | | License | :green_circle: 10 | license file detected | | Security-Policy | :green_circle: 10 | security policy file detected | | Token-Permissions | :warning: 0 | non read-only tokens detected in GitHub workflows | | Packaging | :warning: -1 | no published package detected | | Dangerous-Workflow | :green_circle: 10 | no dangerous workflow patterns detected | | Binary-Artifacts | :green_circle: 10 | no binaries found in the repo | | Dependency-Update-Tool | :green_circle: 10 | update tool detected | | Fuzzing | :warning: 0 | project is not fuzzed | | Pinned-Dependencies | :green_circle: 5 | dependency not pinned by hash detected -- score normalized to 5 | | Branch-Protection | :green_circle: 3 | branch protection is not maximal on development and all release branches |
|
| pip/pluggy | 1.5.0 |
:green_circle: 6.1 | Details| Check | Score | Reason |
|---|
| Code-Review | :green_circle: 10 | all changesets reviewed | | Maintained | :green_circle: 10 | 30 commit(s) and 5 issue activity found in the last 90 days -- score normalized to 10 | | CII-Best-Practices | :warning: 0 | no effort to earn an OpenSSF best practices badge detected | | License | :green_circle: 10 | license file detected | | Signed-Releases | :warning: -1 | no releases found | | Token-Permissions | :warning: 0 | detected GitHub workflow tokens with excessive permissions | | Dangerous-Workflow | :green_circle: 10 | no dangerous workflow patterns detected | | Binary-Artifacts | :green_circle: 10 | no binaries found in the repo | | Branch-Protection | :warning: 0 | branch protection not enabled on development/release branches | | Security-Policy | :green_circle: 9 | security policy file detected | | Fuzzing | :warning: 0 | project is not fuzzed | | Vulnerabilities | :green_circle: 10 | 0 existing vulnerabilities detected | | Packaging | :green_circle: 10 | packaging workflow detected | | SAST | :warning: 0 | SAST tool is not run on all commits -- score normalized to 0 | | Pinned-Dependencies | :warning: 0 | dependency not pinned by hash detected -- score normalized to 0 |
|
| pip/proto-plus | 1.23.0 |
:green_circle: 6.8 | Details| Check | Score | Reason |
|---|
| Code-Review | :green_circle: 10 | all changesets reviewed | | Maintained | :warning: 2 | 3 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 2 | | CII-Best-Practices | :warning: 0 | no effort to earn an OpenSSF best practices badge detected | | License | :green_circle: 10 | license file detected | | Branch-Protection | :warning: -1 | internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration | | Signed-Releases | :warning: -1 | no releases found | | Packaging | :warning: -1 | packaging workflow not detected | | Dangerous-Workflow | :green_circle: 10 | no dangerous workflow patterns detected | | Token-Permissions | :warning: 0 | detected GitHub workflow tokens with excessive permissions | | Binary-Artifacts | :green_circle: 10 | no binaries found in the repo | | Security-Policy | :green_circle: 10 | security policy file detected | | Fuzzing | :green_circle: 10 | project is fuzzed | | Vulnerabilities | :green_circle: 9 | 1 existing vulnerabilities detected | | SAST | :green_circle: 6 | SAST tool is not run on all commits -- score normalized to 6 | | Pinned-Dependencies | :warning: 1 | dependency not pinned by hash detected -- score normalized to 1 |
|
| pip/protobuf | 4.25.3 |
:green_circle: 7.2 | Details| Check | Score | Reason |
|---|
| Binary-Artifacts | :green_circle: 10 | no binaries found in the repo | | Branch-Protection | :warning: -1 | internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration | | CI-Tests | :green_circle: 10 | 16 out of 16 merged PRs checked by a CI test -- score normalized to 10 | | CII-Best-Practices | :warning: 0 | no effort to earn an OpenSSF best practices badge detected | | Code-Review | :green_circle: 5 | found 6 unreviewed changesets out of 14 -- score normalized to 5 | | Contributors | :green_circle: 10 | 13 different organizations found -- score normalized to 10 | | Dangerous-Workflow | :green_circle: 10 | no dangerous workflow patterns detected | | Dependency-Update-Tool | :green_circle: 10 | update tool detected | | Fuzzing | :green_circle: 10 | project is fuzzed | | License | :green_circle: 9 | license file detected | | Maintained | :green_circle: 10 | 30 commit(s) out of 30 and 2 issue activity out of 30 found in the last 90 days -- score normalized to 10 | | Packaging | :warning: -1 | no published package detected | | Pinned-Dependencies | :warning: 0 | dependency not pinned by hash detected -- score normalized to 0 | | SAST | :warning: 0 | SAST tool is not run on all commits -- score normalized to 0 | | Security-Policy | :green_circle: 10 | security policy file detected | | Signed-Releases | :warning: 0 | 0 out of 5 artifacts are signed or have provenance | | Token-Permissions | :green_circle: 10 | GitHub workflow tokens follow principle of least privilege | | Vulnerabilities | :green_circle: 7 | 3 existing vulnerabilities detected |
|
| pip/pyasn1 | 0.6.0 |
:green_circle: 5.3 | Details| Check | Score | Reason |
|---|
| Code-Review | :green_circle: 3 | Found 10/28 approved changesets -- score normalized to 3 | | Maintained | :warning: 2 | 3 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 2 | | CII-Best-Practices | :warning: 0 | no effort to earn an OpenSSF best practices badge detected | | License | :green_circle: 10 | license file detected | | Signed-Releases | :warning: -1 | no releases found | | Branch-Protection | :warning: -1 | internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration | | Dangerous-Workflow | :green_circle: 10 | no dangerous workflow patterns detected | | Binary-Artifacts | :green_circle: 10 | no binaries found in the repo | | Token-Permissions | :green_circle: 10 | GitHub workflow tokens follow principle of least privilege | | Packaging | :warning: -1 | packaging workflow not detected | | Vulnerabilities | :green_circle: 10 | 0 existing vulnerabilities detected | | Fuzzing | :warning: 0 | project is not fuzzed | | Security-Policy | :warning: 0 | security policy file not detected | | SAST | :warning: 0 | SAST tool is not run on all commits -- score normalized to 0 | | Pinned-Dependencies | :warning: 0 | dependency not pinned by hash detected -- score normalized to 0 |
|
| pip/pyasn1-modules | 0.4.0 |
Unknown | Unknown |
| pip/pydantic | 2.7.1 |
:green_circle: 6.9 | Details| Check | Score | Reason |
|---|
| Code-Review | :green_circle: 10 | all changesets reviewed | | Maintained | :green_circle: 10 | 30 commit(s) and 5 issue activity found in the last 90 days -- score normalized to 10 | | CII-Best-Practices | :warning: 0 | no effort to earn an OpenSSF best practices badge detected | | License | :green_circle: 10 | license file detected | | Branch-Protection | :warning: -1 | internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration | | Signed-Releases | :warning: -1 | no releases found | | Dangerous-Workflow | :green_circle: 10 | no dangerous workflow patterns detected | | Binary-Artifacts | :green_circle: 10 | no binaries found in the repo | | Token-Permissions | :warning: 0 | detected GitHub workflow tokens with excessive permissions | | Fuzzing | :green_circle: 10 | project is fuzzed | | Security-Policy | :green_circle: 10 | security policy file detected | | Packaging | :green_circle: 10 | packaging workflow detected | | SAST | :warning: 0 | SAST tool is not run on all commits -- score normalized to 0 | | Vulnerabilities | :green_circle: 5 | 5 existing vulnerabilities detected | | Pinned-Dependencies | :warning: 0 | dependency not pinned by hash detected -- score normalized to 0 |
|
| pip/pydantic-core | 2.18.2 |
Unknown | Unknown |
| pip/pyee | 11.1.0 |
:green_circle: 3.7 | Details| Check | Score | Reason |
|---|
| Code-Review | :warning: 2 | Found 6/25 approved changesets -- score normalized to 2 | | Maintained | :warning: 0 | 0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0 | | CII-Best-Practices | :warning: 0 | no effort to earn an OpenSSF best practices badge detected | | License | :green_circle: 10 | license file detected | | Signed-Releases | :warning: 0 | Project has not signed or included provenance with any releases. | | Dangerous-Workflow | :green_circle: 10 | no dangerous workflow patterns detected | | Token-Permissions | :warning: 0 | detected GitHub workflow tokens with excessive permissions | | Binary-Artifacts | :green_circle: 10 | no binaries found in the repo | | Branch-Protection | :warning: 0 | branch protection not enabled on development/release branches | | Fuzzing | :warning: 0 | project is not fuzzed | | Packaging | :green_circle: 10 | packaging workflow detected | | Security-Policy | :warning: 0 | security policy file not detected | | Vulnerabilities | :green_circle: 10 | 0 existing vulnerabilities detected | | SAST | :warning: 0 | SAST tool is not run on all commits -- score normalized to 0 | | Pinned-Dependencies | :warning: 0 | dependency not pinned by hash detected -- score normalized to 0 |
|
| pip/pygments | 2.18.0 |
:green_circle: 6.1 | Details| Check | Score | Reason |
|---|
| Code-Review | :warning: 2 | Found 6/22 approved changesets -- score normalized to 2 | | Maintained | :green_circle: 10 | 30 commit(s) and 7 issue activity found in the last 90 days -- score normalized to 10 | | CII-Best-Practices | :warning: 0 | no effort to earn an OpenSSF best practices badge detected | | License | :green_circle: 10 | license file detected | | Signed-Releases | :warning: -1 | no releases found | | Packaging | :warning: -1 | packaging workflow not detected | | Dangerous-Workflow | :green_circle: 10 | no dangerous workflow patterns detected | | Token-Permissions | :green_circle: 10 | GitHub workflow tokens follow principle of least privilege | | Branch-Protection | :warning: 0 | branch protection not enabled on development/release branches | | SAST | :warning: 0 | SAST tool is not run on all commits -- score normalized to 0 | | Security-Policy | :warning: 0 | security policy file not detected | | Binary-Artifacts | :green_circle: 10 | no binaries found in the repo | | Fuzzing | :green_circle: 10 | project is fuzzed | | Vulnerabilities | :green_circle: 10 | 0 existing vulnerabilities detected | | Pinned-Dependencies | :warning: 0 | dependency not pinned by hash detected -- score normalized to 0 |
|
| pip/pyparsing | 3.1.2 |
:green_circle: 6.7 | Details| Check | Score | Reason |
|---|
| Code-Review | :warning: 1 | Found 5/30 approved changesets -- score normalized to 1 | | Maintained | :green_circle: 10 | 30 commit(s) and 9 issue activity found in the last 90 days -- score normalized to 10 | | CII-Best-Practices | :warning: 0 | no effort to earn an OpenSSF best practices badge detected | | License | :green_circle: 10 | license file detected | | Branch-Protection | :warning: -1 | internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration | | Signed-Releases | :warning: 0 | Project has not signed or included provenance with any releases. | | Dangerous-Workflow | :green_circle: 10 | no dangerous workflow patterns detected | | Security-Policy | :green_circle: 10 | security policy file detected | | Token-Permissions | :green_circle: 10 | GitHub workflow tokens follow principle of least privilege | | Packaging | :warning: -1 | packaging workflow not detected | | Binary-Artifacts | :green_circle: 10 | no binaries found in the repo | | Fuzzing | :green_circle: 10 | project is fuzzed | | Vulnerabilities | :green_circle: 10 | 0 existing vulnerabilities detected | | Pinned-Dependencies | :warning: 0 | dependency not pinned by hash detected -- score normalized to 0 | | SAST | :warning: 0 | SAST tool is not run on all commits -- score normalized to 0 |
|
| pip/pytest | 8.0.0 |
:green_circle: 6.4 | Details| Check | Score | Reason |
|---|
| Code-Review | :green_circle: 10 | all changesets reviewed | | Maintained | :green_circle: 10 | 30 commit(s) and 20 issue activity found in the last 90 days -- score normalized to 10 | | CII-Best-Practices | :warning: 0 | no effort to earn an OpenSSF best practices badge detected | | License | :green_circle: 10 | license file detected | | Branch-Protection | :warning: -1 | internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration | | Signed-Releases | :warning: 0 | Project has not signed or included provenance with any releases. | | Dangerous-Workflow | :green_circle: 10 | no dangerous workflow patterns detected | | Token-Permissions | :green_circle: 9 | detected GitHub workflow tokens with excessive permissions | | Binary-Artifacts | :green_circle: 10 | no binaries found in the repo | | Fuzzing | :warning: 0 | project is not fuzzed | | Security-Policy | :warning: 0 | security policy file not detected | | Vulnerabilities | :green_circle: 10 | 0 existing vulnerabilities detected | | Packaging | :green_circle: 10 | packaging workflow detected | | SAST | :warning: 0 | SAST tool is not run on all commits -- score normalized to 0 | | Pinned-Dependencies | :warning: 0 | dependency not pinned by hash detected -- score normalized to 0 |
|
| pip/pytest-mock | 3.14.0 |
:green_circle: 5.6 | Details| Check | Score | Reason |
|---|
| Code-Review | :green_circle: 3 | Found 3/9 approved changesets -- score normalized to 3 | | Maintained | :green_circle: 10 | 22 commit(s) and 4 issue activity found in the last 90 days -- score normalized to 10 | | CII-Best-Practices | :warning: 0 | no effort to earn an OpenSSF best practices badge detected | | License | :green_circle: 10 | license file detected | | Security-Policy | :green_circle: 10 | security policy file detected | | Token-Permissions | :warning: 0 | detected GitHub workflow tokens with excessive permissions | | Binary-Artifacts | :green_circle: 10 | no binaries found in the repo | | Dangerous-Workflow | :green_circle: 10 | no dangerous workflow patterns detected | | Branch-Protection | :warning: -1 | internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration | | Fuzzing | :warning: 0 | project is not fuzzed | | Signed-Releases | :warning: 0 | Project has not signed or included provenance with any releases. | | Packaging | :green_circle: 10 | packaging workflow detected | | Vulnerabilities | :green_circle: 10 | 0 existing vulnerabilities detected | | SAST | :warning: 0 | SAST tool is not run on all commits -- score normalized to 0 | | Pinned-Dependencies | :warning: 0 | dependency not pinned by hash detected -- score normalized to 0 |
|
| pip/python-dateutil | 2.9.0.post0 |
:green_circle: 6.1 | Details| Check | Score | Reason |
|---|
| Code-Review | :green_circle: 4 | Found 4/9 approved changesets -- score normalized to 4 | | Maintained | :green_circle: 10 | 11 commit(s) and 11 issue activity found in the last 90 days -- score normalized to 10 | | CII-Best-Practices | :warning: 0 | no effort to earn an OpenSSF best practices badge detected | | License | :green_circle: 9 | license file detected | | Signed-Releases | :green_circle: 8 | 2 out of the last 2 releases have a total of 2 signed artifacts. | | Binary-Artifacts | :green_circle: 10 | no binaries found in the repo | | Dangerous-Workflow | :green_circle: 10 | no dangerous workflow patterns detected | | Packaging | :warning: -1 | packaging workflow not detected | | Token-Permissions | :warning: 0 | detected GitHub workflow tokens with excessive permissions | | Branch-Protection | :warning: -1 | internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration | | Vulnerabilities | :green_circle: 10 | 0 existing vulnerabilities detected | | Fuzzing | :green_circle: 10 | project is fuzzed | | Security-Policy | :warning: 0 | security policy file not detected | | SAST | :warning: 0 | SAST tool is not run on all commits -- score normalized to 0 | | Pinned-Dependencies | :warning: 0 | dependency not pinned by hash detected -- score normalized to 0 |
|
| pip/python-dotenv | 1.0.1 |
:green_circle: 5.1 | Details| Check | Score | Reason |
|---|
| Code-Review | :green_circle: 5 | Found 16/29 approved changesets -- score normalized to 5 | | Maintained | :green_circle: 7 | 4 commit(s) and 5 issue activity found in the last 90 days -- score normalized to 7 | | CII-Best-Practices | :warning: 0 | no effort to earn an OpenSSF best practices badge detected | | License | :green_circle: 10 | license file detected | | Dangerous-Workflow | :green_circle: 10 | no dangerous workflow patterns detected | | Security-Policy | :green_circle: 10 | security policy file detected | | Packaging | :warning: -1 | packaging workflow not detected | | Binary-Artifacts | :green_circle: 10 | no binaries found in the repo | | Token-Permissions | :warning: 0 | detected GitHub workflow tokens with excessive permissions | | Signed-Releases | :warning: -1 | no releases found | | Branch-Protection | :warning: 0 | branch protection not enabled on development/release branches | | Fuzzing | :warning: 0 | project is not fuzzed | | Vulnerabilities | :green_circle: 9 | 1 existing vulnerabilities detected | | SAST | :warning: 0 | SAST tool is not run on all commits -- score normalized to 0 | | Pinned-Dependencies | :warning: 0 | dependency not pinned by hash detected -- score normalized to 0 |
|
| pip/pytz | 2024.1 |
:green_circle: 4.6 | Details| Check | Score | Reason |
|---|
| Code-Review | :warning: 1 | Found 3/27 approved changesets -- score normalized to 1 | | Maintained | :warning: 0 | 0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0 | | CII-Best-Practices | :warning: 0 | no effort to earn an OpenSSF best practices badge detected | | License | :green_circle: 10 | license file detected | | Signed-Releases | :warning: 0 | Project has not signed or included provenance with any releases. | | Security-Policy | :green_circle: 9 | security policy file detected | | Dangerous-Workflow | :green_circle: 10 | no dangerous workflow patterns detected | | Branch-Protection | :warning: 0 | branch protection not enabled on development/release branches | | Binary-Artifacts | :green_circle: 10 | no binaries found in the repo | | Token-Permissions | :warning: 0 | detected GitHub workflow tokens with excessive permissions | | Fuzzing | :green_circle: 10 | project is fuzzed | | Vulnerabilities | :green_circle: 10 | 0 existing vulnerabilities detected | | Packaging | :green_circle: 10 | packaging workflow detected | | SAST | :warning: 0 | SAST tool is not run on all commits -- score normalized to 0 | | Pinned-Dependencies | :warning: 0 | dependency not pinned by hash detected -- score normalized to 0 |
|
| pip/pyyaml | 6.0.1 |
:green_circle: 6.4 | Details| Check | Score | Reason |
|---|
| Maintained | :green_circle: 10 | 0 commit(s) and 13 issue activity found in the last 90 days -- score normalized to 10 | | Code-Review | :warning: 2 | Found 7/30 approved changesets -- score normalized to 2 | | CII-Best-Practices | :warning: 0 | no effort to earn an OpenSSF best practices badge detected | | License | :green_circle: 10 | license file detected | | Signed-Releases | :warning: -1 | no releases found | | Branch-Protection | :warning: -1 | internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration | | Dangerous-Workflow | :green_circle: 10 | no dangerous workflow patterns detected | | Packaging | :warning: -1 | packaging workflow not detected | | Security-Policy | :green_circle: 10 | security policy file detected | | Token-Permissions | :warning: 0 | detected GitHub workflow tokens with excessive permissions | | Binary-Artifacts | :green_circle: 10 | no binaries found in the repo | | Vulnerabilities | :green_circle: 10 | 0 existing vulnerabilities detected | | Fuzzing | :green_circle: 10 | project is fuzzed | | SAST | :warning: 0 | SAST tool is not run on all commits -- score normalized to 0 | | Pinned-Dependencies | :warning: 0 | dependency not pinned by hash detected -- score normalized to 0 |
|
| pip/regex | 2024.5.10 |
:green_circle: 5.3 | Details| Check | Score | Reason |
|---|
| Code-Review | :warning: 0 | Found 0/30 approved changesets -- score normalized to 0 | | Maintained | :green_circle: 10 | 4 commit(s) and 8 issue activity found in the last 90 days -- score normalized to 10 | | CII-Best-Practices | :warning: 0 | no effort to earn an OpenSSF best practices badge detected | | License | :green_circle: 9 | license file detected | | Signed-Releases | :warning: -1 | no releases found | | Binary-Artifacts | :green_circle: 10 | no binaries found in the repo | | Token-Permissions | :warning: 0 | detected GitHub workflow tokens with excessive permissions | | Dangerous-Workflow | :green_circle: 10 | no dangerous workflow patterns detected | | Branch-Protection | :warning: 0 | branch protection not enabled on development/release branches | | SAST | :warning: 0 | no SAST tool detected | | Vulnerabilities | :green_circle: 10 | 0 existing vulnerabilities detected | | Fuzzing | :green_circle: 10 | project is fuzzed | | Security-Policy | :warning: 0 | security policy file not detected | | Packaging | :green_circle: 10 | packaging workflow detected | | Pinned-Dependencies | :warning: 0 | dependency not pinned by hash detected -- score normalized to 0 |
|
| pip/requests | 2.31.0 |
:green_circle: 8.8 | Details| Check | Score | Reason |
|---|
| Code-Review | :green_circle: 10 | all changesets reviewed | | Maintained | :green_circle: 10 | 30 commit(s) and 1 issue activity found in the last 90 days -- score normalized to 10 | | CII-Best-Practices | :warning: 0 | no effort to earn an OpenSSF best practices badge detected | | License | :green_circle: 10 | license file detected | | Signed-Releases | :warning: 0 | Project has not signed or included provenance with any releases. | | Security-Policy | :green_circle: 10 | security policy file detected | | Dangerous-Workflow | :green_circle: 10 | no dangerous workflow patterns detected | | Packaging | :warning: -1 | packaging workflow not detected | | Binary-Artifacts | :green_circle: 10 | no binaries found in the repo | | Token-Permissions | :green_circle: 10 | GitHub workflow tokens follow principle of least privilege | | Branch-Protection | :warning: -1 | internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration | | Pinned-Dependencies | :green_circle: 10 | all dependencies are pinned | | Fuzzing | :green_circle: 10 | project is fuzzed | | Vulnerabilities | :green_circle: 10 | 0 existing vulnerabilities detected | | SAST | :green_circle: 10 | SAST tool is run on all commits |
|
| pip/rsa | 4.9 |
:green_circle: 6 | Details| Check | Score | Reason |
|---|
| Code-Review | :green_circle: 4 | Found 6/15 approved changesets -- score normalized to 4 | | Maintained | :warning: 0 | 0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0 | | CII-Best-Practices | :warning: 0 | no effort to earn an OpenSSF best practices badge detected | | License | :green_circle: 9 | license file detected | | Signed-Releases | :warning: -1 | no releases found | | Branch-Protection | :warning: -1 | internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration | | Packaging | :warning: -1 | packaging workflow not detected | | Security-Policy | :green_circle: 10 | security policy file detected | | Dangerous-Workflow | :green_circle: 10 | no dangerous workflow patterns detected | | Binary-Artifacts | :green_circle: 10 | no binaries found in the repo | | Token-Permissions | :green_circle: 10 | GitHub workflow tokens follow principle of least privilege | | Fuzzing | :green_circle: 10 | project is fuzzed | | SAST | :warning: 0 | SAST tool is not run on all commits -- score normalized to 0 | | Vulnerabilities | :green_circle: 4 | 6 existing vulnerabilities detected | | Pinned-Dependencies | :warning: 0 | dependency not pinned by hash detected -- score normalized to 0 |
|
| pip/s3transfer | 0.10.1 |
:green_circle: 6.9 | Details| Check | Score | Reason |
|---|
| Maintained | :green_circle: 6 | 8 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 6 | | Code-Review | :green_circle: 4 | Found 11/23 approved changesets -- score normalized to 4 | | CII-Best-Practices | :warning: 0 | no effort to earn an OpenSSF best practices badge detected | | License | :green_circle: 10 | license file detected | | Signed-Releases | :warning: -1 | no releases found | | Branch-Protection | :warning: -1 | internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration | | Packaging | :warning: -1 | packaging workflow not detected | | Dangerous-Workflow | :green_circle: 10 | no dangerous workflow patterns detected | | Security-Policy | :green_circle: 10 | security policy file detected | | Binary-Artifacts | :green_circle: 10 | no binaries found in the repo | | Token-Permissions | :warning: 0 | detected GitHub workflow tokens with excessive permissions | | Pinned-Dependencies | :green_circle: 10 | all dependencies are pinned | | Fuzzing | :warning: 0 | project is not fuzzed | | Vulnerabilities | :green_circle: 10 | 0 existing vulnerabilities detected | | SAST | :green_circle: 10 | SAST tool is run on all commits |
|
| pip/selectolax | 0.3.21 |
:green_circle: 4.4 | Details| Check | Score | Reason |
|---|
| Code-Review | :warning: 0 | Found 1/30 approved changesets -- score normalized to 0 | | Maintained | :green_circle: 6 | 6 commit(s) and 2 issue activity found in the last 90 days -- score normalized to 6 | | CII-Best-Practices | :warning: 0 | no effort to earn an OpenSSF best practices badge detected | | License | :green_circle: 10 | license file detected | | Binary-Artifacts | :green_circle: 10 | no binaries found in the repo | | Token-Permissions | :warning: 0 | detected GitHub workflow tokens with excessive permissions | | Dangerous-Workflow | :green_circle: 10 | no dangerous workflow patterns detected | | Fuzzing | :warning: 0 | project is not fuzzed | | Vulnerabilities | :green_circle: 10 | 0 existing vulnerabilities detected | | Signed-Releases | :warning: -1 | no releases found | | Branch-Protection | :warning: 0 | branch protection not enabled on development/release branches | | Security-Policy | :warning: 0 | security policy file not detected | | Packaging | :green_circle: 10 | packaging workflow detected | | SAST | :warning: 0 | SAST tool is not run on all commits -- score normalized to 0 | | Pinned-Dependencies | :warning: 0 | dependency not pinned by hash detected -- score normalized to 0 |
|
| pip/six | 1.16.0 |
:green_circle: 4.3 | Details| Check | Score | Reason |
|---|
| Code-Review | :green_circle: 3 | Found 11/30 approved changesets -- score normalized to 3 | | Maintained | :warning: 0 | 1 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0 | | CII-Best-Practices | :warning: 0 | no effort to earn an OpenSSF best practices badge detected | | Signed-Releases | :warning: -1 | no releases found | | License | :green_circle: 10 | license file detected | | Packaging | :warning: -1 | packaging workflow not detected | | Token-Permissions | :warning: -1 | No tokens found | | Pinned-Dependencies | :warning: -1 | no dependencies found | | Binary-Artifacts | :green_circle: 10 | no binaries found in the repo | | Dangerous-Workflow | :warning: -1 | no workflows found | | Branch-Protection | :warning: 0 | branch protection not enabled on development/release branches | | Fuzzing | :green_circle: 10 | project is fuzzed | | Vulnerabilities | :green_circle: 10 | 0 existing vulnerabilities detected | | Security-Policy | :warning: 0 | security policy file not detected | | SAST | :warning: 0 | SAST tool is not run on all commits -- score normalized to 0 |
|
| pip/sniffio | 1.3.1 |
:green_circle: 5.4 | Details| Check | Score | Reason |
|---|
| Code-Review | :green_circle: 8 | Found 9/11 approved changesets -- score normalized to 8 | | Maintained | :green_circle: 8 | 10 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 8 | | CII-Best-Practices | :warning: 0 | no effort to earn an OpenSSF best practices badge detected | | License | :green_circle: 9 | license file detected | | Signed-Releases | :warning: -1 | no releases found | | Packaging | :warning: -1 | packaging workflow not detected | | Token-Permissions | :warning: 0 | detected GitHub workflow tokens with excessive permissions | | Binary-Artifacts | :green_circle: 10 | no binaries found in the repo | | Dangerous-Workflow | :green_circle: 10 | no dangerous workflow patterns detected | | Branch-Protection | :warning: -1 | internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration | | Fuzzing | :warning: 0 | project is not fuzzed | | Vulnerabilities | :green_circle: 10 | 0 existing vulnerabilities detected | | Security-Policy | :warning: 0 | security policy file not detected | | SAST | :warning: 0 | SAST tool is not run on all commits -- score normalized to 0 | | Pinned-Dependencies | :warning: 0 | dependency not pinned by hash detected -- score normalized to 0 |
|
| pip/snowballstemmer | 2.2.0 |
:green_circle: 4.4 | Details| Check | Score | Reason |
|---|
| Code-Review | :warning: 0 | Found 1/24 approved changesets -- score normalized to 0 | | Maintained | :green_circle: 10 | 19 commit(s) and 3 issue activity found in the last 90 days -- score normalized to 10 | | CII-Best-Practices | :warning: 0 | no effort to earn an OpenSSF best practices badge detected | | License | :green_circle: 10 | license file detected | | Dangerous-Workflow | :green_circle: 10 | no dangerous workflow patterns detected | | Packaging | :warning: -1 | packaging workflow not detected | | Token-Permissions | :warning: 0 | detected GitHub workflow tokens with excessive permissions | | Binary-Artifacts | :green_circle: 10 | no binaries found in the repo | | Vulnerabilities | :green_circle: 10 | 0 existing vulnerabilities detected | | Fuzzing | :warning: 0 | project is not fuzzed | | Security-Policy | :warning: 0 | security policy file not detected | | Signed-Releases | :warning: -1 | no releases found | | Branch-Protection | :warning: 0 | branch protection not enabled on development/release branches | | SAST | :warning: 0 | SAST tool is not run on all commits -- score normalized to 0 | | Pinned-Dependencies | :warning: 0 | dependency not pinned by hash detected -- score normalized to 0 |
|
| pip/soupsieve | 2.5 |
:green_circle: 5.5 | Details| Check | Score | Reason |
|---|
| Maintained | :warning: 0 | 0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0 | | Code-Review | :warning: 0 | Found 2/23 approved changesets -- score normalized to 0 | | CII-Best-Practices | :warning: 0 | no effort to earn an OpenSSF best practices badge detected | | License | :green_circle: 10 | license file detected | | Signed-Releases | :warning: -1 | no releases found | | Branch-Protection | :warning: -1 | internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration | | Security-Policy | :green_circle: 10 | security policy file detected | | Dangerous-Workflow | :green_circle: 10 | no dangerous workflow patterns detected | | Token-Permissions | :warning: 0 | detected GitHub workflow tokens with excessive permissions | | Binary-Artifacts | :green_circle: 10 | no binaries found in the repo | | Vulnerabilities | :green_circle: 10 | 0 existing vulnerabilities detected | | Fuzzing | :green_circle: 10 | project is fuzzed | | Packaging | :green_circle: 10 | packaging workflow detected | | SAST | :warning: 0 | SAST tool is not run on all commits -- score normalized to 0 | | Pinned-Dependencies | :warning: 0 | dependency not pinned by hash detected -- score normalized to 0 |
|
| pip/sphinx | 7.1.2 |
:green_circle: 6.2 | Details| Check | Score | Reason |
|---|
| Maintained | :green_circle: 10 | 30 commit(s) and 15 issue activity found in the last 90 days -- score normalized to 10 | | Code-Review | :green_circle: 4 | Found 11/24 approved changesets -- score normalized to 4 | | CII-Best-Practices | :warning: 0 | no effort to earn an OpenSSF best practices badge detected | | License | :green_circle: 9 | license file detected | | Branch-Protection | :warning: -1 | internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration | | Signed-Releases | :warning: -1 | no releases found | | Packaging | :warning: -1 | packaging workflow not detected | | Dangerous-Workflow | :green_circle: 10 | no dangerous workflow patterns detected | | Token-Permissions | :green_circle: 10 | GitHub workflow tokens follow principle of least privilege | | SAST | :warning: 0 | SAST tool is not run on all commits -- score normalized to 0 | | Binary-Artifacts | :green_circle: 10 | no binaries found in the repo | | Security-Policy | :warning: 0 | security policy file not detected | | Fuzzing | :warning: 0 | project is not fuzzed | | Vulnerabilities | :green_circle: 10 | 0 existing vulnerabilities detected | | Pinned-Dependencies | :warning: 0 | dependency not pinned by hash detected -- score normalized to 0 |
|
| pip/sphinx-rtd-theme | 2.0.0 |
:warning: 2.5 | Details| Check | Score | Reason |
|---|
| Code-Review | :green_circle: 5 | Found 17/30 approved changesets -- score normalized to 5 | | Maintained | :warning: 0 | 0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0 | | CII-Best-Practices | :warning: 0 | no effort to earn an OpenSSF best practices badge detected | | Signed-Releases | :warning: -1 | no releases found | | License | :green_circle: 10 | license file detected | | Branch-Protection | :warning: -1 | internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration | | Packaging | :warning: -1 | packaging workflow not detected | | Dangerous-Workflow | :warning: -1 | no workflows found | | Token-Permissions | :warning: -1 | No tokens found | | Binary-Artifacts | :green_circle: 10 | no binaries found in the repo | | Fuzzing | :warning: 0 | project is not fuzzed | | Security-Policy | :warning: 0 | security policy file not detected | | Pinned-Dependencies | :warning: 0 | dependency not pinned by hash detected -- score normalized to 0 | | SAST | :warning: 0 | SAST tool is not run on all commits -- score normalized to 0 | | Vulnerabilities | :warning: 0 | 24 existing vulnerabilities detected |
|
| pip/sphinxcontrib-applehelp | 1.0.8 |
:green_circle: 4.3 | Details| Check | Score | Reason |
|---|
| Code-Review | :warning: 0 | Found 2/30 approved changesets -- score normalized to 0 | | Maintained | :warning: 0 | 0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0 | | CII-Best-Practices | :warning: 0 | no effort to earn an OpenSSF best practices badge detected | | License | :green_circle: 9 | license file detected | | Signed-Releases | :warning: -1 | no releases found | | Packaging | :warning: -1 | packaging workflow not detected | | Dangerous-Workflow | :green_circle: 10 | no dangerous workflow patterns detected | | Branch-Protection | :warning: 0 | branch protection not enabled on development/release branches | | Binary-Artifacts | :green_circle: 10 | no binaries found in the repo | | Token-Permissions | :green_circle: 10 | GitHub workflow tokens follow principle of least privilege | | Fuzzing | :warning: 0 | project is not fuzzed | | Vulnerabilities | :green_circle: 10 | 0 existing vulnerabilities detected | | Security-Policy | :warning: 0 | security policy file not detected | | SAST | :warning: 0 | SAST tool is not run on all commits -- score normalized to 0 | | Pinned-Dependencies | :warning: 0 | dependency not pinned by hash detected -- score normalized to 0 |
|
| pip/sphinxcontrib-devhelp | 1.0.6 |
:green_circle: 4.3 | Details| Check | Score | Reason |
|---|
| Code-Review | :warning: 0 | Found 2/27 approved changesets -- score normalized to 0 | | Maintained | :warning: 0 | 0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0 | | CII-Best-Practices | :warning: 0 | no effort to earn an OpenSSF best practices badge detected | | License | :green_circle: 9 | license file detected | | Signed-Releases | :warning: -1 | no releases found | | Packaging | :warning: -1 | packaging workflow not detected | | Binary-Artifacts | :green_circle: 10 | no binaries found in the repo | | Branch-Protection | :warning: 0 | branch protection not enabled on development/release branches | | Dangerous-Workflow | :green_circle: 10 | no dangerous workflow patterns detected | | Token-Permissions | :green_circle: 10 | GitHub workflow tokens follow principle of least privilege | | Vulnerabilities | :green_circle: 10 | 0 existing vulnerabilities detected | | Fuzzing | :warning: 0 | project is not fuzzed | | Security-Policy | :warning: 0 | security policy file not detected | | SAST | :warning: 0 | SAST tool is not run on all commits -- score normalized to 0 | | Pinned-Dependencies | :warning: 0 | dependency not pinned by hash detected -- score normalized to 0 |
|
| pip/sphinxcontrib-htmlhelp | 2.0.5 |
:green_circle: 4.3 | Details| Check | Score | Reason |
|---|
| Code-Review | :warning: 0 | Found 1/30 approved changesets -- score normalized to 0 | | Maintained | :warning: 0 | 0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0 | | CII-Best-Practices | :warning: 0 | no effort to earn an OpenSSF best practices badge detected | | Signed-Releases | :warning: -1 | no releases found | | License | :green_circle: 9 | license file detected | | Dangerous-Workflow | :green_circle: 10 | no dangerous workflow patterns detected | | Binary-Artifacts | :green_circle: 10 | no binaries found in the repo | | Branch-Protection | :warning: 0 | branch protection not enabled on development/release branches | | Token-Permissions | :green_circle: 10 | GitHub workflow tokens follow principle of least privilege | | Packaging | :warning: -1 | packaging workflow not detected | | Fuzzing | :warning: 0 | project is not fuzzed | | Vulnerabilities | :green_circle: 10 | 0 existing vulnerabilities detected | | Security-Policy | :warning: 0 | security policy file not detected | | SAST | :warning: 0 | SAST tool is not run on all commits -- score normalized to 0 | | Pinned-Dependencies | :warning: 0 | dependency not pinned by hash detected -- score normalized to 0 |
|
| pip/sphinxcontrib-jquery | 4.1 |
:green_circle: 5 | Details| Check | Score | Reason |
|---|
| Code-Review | :warning: 2 | Found 5/22 approved changesets -- score normalized to 2 | | Maintained | :warning: 0 | 0 commit(s) and 1 issue activity found in the last 90 days -- score normalized to 0 | | CII-Best-Practices | :warning: 0 | no effort to earn an OpenSSF best practices badge detected | | License | :green_circle: 10 | license file detected | | Signed-Releases | :warning: -1 | no releases found | | Packaging | :warning: -1 | packaging workflow not detected | | Binary-Artifacts | :green_circle: 10 | no binaries found in the repo | | Branch-Protection | :warning: -1 | internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration | | Dangerous-Workflow | :green_circle: 10 | no dangerous workflow patterns detected | | Token-Permissions | :green_circle: 10 | GitHub workflow tokens follow principle of least privilege | | Vulnerabilities | :green_circle: 10 | 0 existing vulnerabilities detected | | Fuzzing | :warning: 0 | project is not fuzzed | | Security-Policy | :warning: 0 | security policy file not detected | | SAST | :warning: 0 | SAST tool is not run on all commits -- score normalized to 0 | | Pinned-Dependencies | :warning: 0 | dependency not pinned by hash detected -- score normalized to 0 |
|
| pip/sphinxcontrib-jsmath | 1.0.1 |
:green_circle: 4.3 | Details| Check | Score | Reason |
|---|
| Code-Review | :warning: 0 | Found 0/24 approved changesets -- score normalized to 0 | | Maintained | :warning: 0 | 0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0 | | CII-Best-Practices | :warning: 0 | no effort to earn an OpenSSF best practices badge detected | | Signed-Releases | :warning: -1 | no releases found | | License | :green_circle: 9 | license file detected | | Dangerous-Workflow | :green_circle: 10 | no dangerous workflow patterns detected | | Binary-Artifacts | :green_circle: 10 | no binaries found in the repo | | Branch-Protection | :warning: 0 | branch protection not enabled on development/release branches | | Token-Permissions | :green_circle: 10 | GitHub workflow tokens follow principle of least privilege | | Packaging | :warning: -1 | packaging workflow not detected | | Fuzzing | :warning: 0 | project is not fuzzed | | Vulnerabilities | :green_circle: 10 | 0 existing vulnerabilities detected | | Security-Policy | :warning: 0 | security policy file not detected | | SAST | :warning: 0 | SAST tool is not run on all commits -- score normalized to 0 | | Pinned-Dependencies | :warning: 0 | dependency not pinned by hash detected -- score normalized to 0 |
|
| pip/sphinxcontrib-qthelp | 1.0.7 |
:green_circle: 4.3 | Details| Check | Score | Reason |
|---|
| Code-Review | :warning: 0 | Found 2/28 approved changesets -- score normalized to 0 | | Maintained | :warning: 0 | 0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0 | | CII-Best-Practices | :warning: 0 | no effort to earn an OpenSSF best practices badge detected | | License | :green_circle: 9 | license file detected | | Signed-Releases | :warning: -1 | no releases found | | Dangerous-Workflow | :green_circle: 10 | no dangerous workflow patterns detected | | Packaging | :warning: -1 | packaging workflow not detected | | Token-Permissions | :green_circle: 10 | GitHub workflow tokens follow principle of least privilege | | Binary-Artifacts | :green_circle: 10 | no binaries found in the repo | | Branch-Protection | :warning: 0 | branch protection not enabled on development/release branches | | Fuzzing | :warning: 0 | project is not fuzzed | | Vulnerabilities | :green_circle: 10 | 0 existing vulnerabilities detected | | Security-Policy | :warning: 0 | security policy file not detected | | SAST | :warning: 0 | SAST tool is not run on all commits -- score normalized to 0 | | Pinned-Dependencies | :warning: 0 | dependency not pinned by hash detected -- score normalized to 0 |
|
| pip/sphinxcontrib-serializinghtml | 1.1.10 |
:green_circle: 4.3 | Details| Check | Score | Reason |
|---|
| Code-Review | :warning: 0 | Found 1/30 approved changesets -- score normalized to 0 | | Maintained | :warning: 0 | 0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0 | | CII-Best-Practices | :warning: 0 | no effort to earn an OpenSSF best practices badge detected | | License | :green_circle: 9 | license file detected | | Signed-Releases | :warning: -1 | no releases found | | Dangerous-Workflow | :green_circle: 10 | no dangerous workflow patterns detected | | Packaging | :warning: -1 | packaging workflow not detected | | Token-Permissions | :green_circle: 10 | GitHub workflow tokens follow principle of least privilege | | Binary-Artifacts | :green_circle: 10 | no binaries found in the repo | | Branch-Protection | :warning: 0 | branch protection not enabled on development/release branches | | Fuzzing | :warning: 0 | project is not fuzzed | | Vulnerabilities | :green_circle: 10 | 0 existing vulnerabilities detected | | Security-Policy | :warning: 0 | security policy file not detected | | SAST | :warning: 0 | SAST tool is not run on all commits -- score normalized to 0 | | Pinned-Dependencies | :warning: 0 | dependency not pinned by hash detected -- score normalized to 0 |
|
| pip/sqlalchemy | 2.0.30 |
:green_circle: 5.6 | Details| Check | Score | Reason |
|---|
| Code-Review | :warning: 0 | Found 1/29 approved changesets -- score normalized to 0 | | Maintained | :green_circle: 10 | 30 commit(s) and 29 issue activity found in the last 90 days -- score normalized to 10 | | CII-Best-Practices | :warning: 0 | no effort to earn an OpenSSF best practices badge detected | | License | :green_circle: 10 | license file detected | | Branch-Protection | :warning: -1 | internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration | | Signed-Releases | :warning: 0 | Project has not signed or included provenance with any releases. | | Dangerous-Workflow | :green_circle: 10 | no dangerous workflow patterns detected | | Packaging | :warning: -1 | packaging workflow not detected | | Security-Policy | :green_circle: 10 | security policy file detected | | Token-Permissions | :warning: 0 | detected GitHub workflow tokens with excessive permissions | | SAST | :warning: 0 | SAST tool is not run on all commits -- score normalized to 0 | | Binary-Artifacts | :green_circle: 10 | no binaries found in the repo | | Fuzzing | :green_circle: 10 | project is fuzzed | | Vulnerabilities | :green_circle: 10 | 0 existing vulnerabilities detected | | Pinned-Dependencies | :warning: 0 | dependency not pinned by hash detected -- score normalized to 0 |
|
| pip/tenacity | 8.3.0 |
:green_circle: 5.3 | Details| Check | Score | Reason |
|---|
| Code-Review | :green_circle: 9 | Found 21/23 approved changesets -- score normalized to 9 | | Maintained | :green_circle: 6 | 4 commit(s) and 4 issue activity found in the last 90 days -- score normalized to 6 | | CII-Best-Practices | :warning: 0 | no effort to earn an OpenSSF best practices badge detected | | License | :green_circle: 10 | license file detected | | Signed-Releases | :warning: -1 | no releases found | | Dangerous-Workflow | :green_circle: 10 | no dangerous workflow patterns detected | | Packaging | :warning: -1 | packaging workflow not detected | | Binary-Artifacts | :green_circle: 10 | no binaries found in the repo | | Token-Permissions | :warning: 0 | detected GitHub workflow tokens with excessive permissions | | Branch-Protection | :warning: -1 | internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration | | Fuzzing | :warning: 0 | project is not fuzzed | | Vulnerabilities | :green_circle: 10 | 0 existing vulnerabilities detected | | Security-Policy | :warning: 0 | security policy file not detected | | Pinned-Dependencies | :warning: 0 | dependency not pinned by hash detected -- score normalized to 0 | | SAST | :warning: 0 | SAST tool is not run on all commits -- score normalized to 0 |
|
| pip/tiktoken | 0.6.0 |
:green_circle: 4.6 | Details| Check | Score | Reason |
|---|
| Code-Review | :green_circle: 3 | Found 10/30 approved changesets -- score normalized to 3 | | Maintained | :green_circle: 5 | 1 commit(s) and 6 issue activity found in the last 90 days -- score normalized to 5 | | CII-Best-Practices | :warning: 0 | no effort to earn an OpenSSF best practices badge detected | | License | :green_circle: 10 | license file detected | | Signed-Releases | :warning: -1 | no releases found | | Packaging | :warning: -1 | packaging workflow not detected | | Binary-Artifacts | :green_circle: 10 | no binaries found in the repo | | Dangerous-Workflow | :green_circle: 10 | no dangerous workflow patterns detected | | Token-Permissions | :warning: 0 | detected GitHub workflow tokens with excessive permissions | | Branch-Protection | :warning: -1 | internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration | | Fuzzing | :warning: 0 | project is not fuzzed | | Vulnerabilities | :green_circle: 10 | 0 existing vulnerabilities detected | | Security-Policy | :warning: 0 | security policy file not detected | | SAST | :warning: 0 | SAST tool is not run on all commits -- score normalized to 0 | | Pinned-Dependencies | :warning: 0 | dependency not pinned by hash detected -- score normalized to 0 |
|
| pip/tokenizers | 0.19.1 |
:green_circle: 5.5 | Details| Check | Score | Reason |
|---|
| Code-Review | :green_circle: 6 | Found 19/28 approved changesets -- score normalized to 6 | | Maintained | :green_circle: 10 | 16 commit(s) and 3 issue activity found in the last 90 days -- score normalized to 10 | | CII-Best-Practices | :warning: 0 | no effort to earn an OpenSSF best practices badge detected | | License | :green_circle: 10 | license file detected | | Branch-Protection | :warning: -1 | internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration | | Signed-Releases | :warning: -1 | no releases found | | Dangerous-Workflow | :green_circle: 10 | no dangerous workflow patterns detected | | Binary-Artifacts | :green_circle: 10 | no binaries found in the repo | | Token-Permissions | :warning: 0 | detected GitHub workflow tokens with excessive permissions | | Security-Policy | :warning: 0 | security policy file not detected | | Fuzzing | :warning: 0 | project is not fuzzed | | Packaging | :green_circle: 10 | packaging workflow detected | | SAST | :warning: 0 | SAST tool is not run on all commits -- score normalized to 0 | | Vulnerabilities | :green_circle: 7 | 3 existing vulnerabilities detected | | Pinned-Dependencies | :warning: 0 | dependency not pinned by hash detected -- score normalized to 0 |
|
| pip/tomli | 2.0.1 |
:green_circle: 4.7 | Details| Check | Score | Reason |
|---|
| Code-Review | :warning: 2 | Found 6/26 approved changesets -- score normalized to 2 | | Maintained | :warning: 0 | 0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0 | | CII-Best-Practices | :warning: 0 | no effort to earn an OpenSSF best practices badge detected | | License | :green_circle: 10 | license file detected | | Signed-Releases | :warning: -1 | no releases found | | Dangerous-Workflow | :green_circle: 10 | no dangerous workflow patterns detected | | Token-Permissions | :warning: 0 | detected GitHub workflow tokens with excessive permissions | | Packaging | :warning: -1 | packaging workflow not detected | | Binary-Artifacts | :green_circle: 10 | no binaries found in the repo | | Fuzzing | :green_circle: 10 | project is fuzzed | | Security-Policy | :warning: 0 | security policy file not detected | | Vulnerabilities | :green_circle: 10 | 0 existing vulnerabilities detected | | Branch-Protection | :warning: -1 | internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration | | SAST | :warning: 0 | SAST tool is not run on all commits -- score normalized to 0 | | Pinned-Dependencies | :warning: 0 | dependency not pinned by hash detected -- score normalized to 0 |
|
| pip/tqdm | 4.66.4 |
:green_circle: 6 | Details| Check | Score | Reason |
|---|
| Maintained | :green_circle: 6 | 7 commit(s) and 1 issue activity found in the last 90 days -- score normalized to 6 | | Code-Review | :warning: 1 | Found 1/8 approved changesets -- score normalized to 1 | | License | :green_circle: 9 | license file detected | | CII-Best-Practices | :green_circle: 5 | badge detected: Passing | | Packaging | :warning: -1 | packaging workflow not detected | | Token-Permissions | :warning: -1 | No tokens found | | Dangerous-Workflow | :warning: -1 | no workflows found | | Pinned-Dependencies | :warning: -1 | no dependencies found | | Binary-Artifacts | :green_circle: 10 | no binaries found in the repo | | Signed-Releases | :green_circle: 8 | 5 out of the last 5 releases have a total of 5 signed artifacts. | | Branch-Protection | :warning: -1 | internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration | | Vulnerabilities | :green_circle: 10 | 0 existing vulnerabilities detected | | Fuzzing | :green_circle: 10 | project is fuzzed | | Security-Policy | :warning: 0 | security policy file not detected | | SAST | :warning: 0 | SAST tool is not run on all commits -- score normalized to 0 |
|
| pip/typing-extensions | 4.11.0 |
:green_circle: 6.4 | Details| Check | Score | Reason |
|---|
| Maintained | :green_circle: 10 | 30 commit(s) and 18 issue activity found in the last 90 days -- score normalized to 10 | | Code-Review | :green_circle: 6 | Found 20/30 approved changesets -- score normalized to 6 | | CII-Best-Practices | :warning: 0 | no effort to earn an OpenSSF best practices badge detected | | License | :green_circle: 9 | license file detected | | Signed-Releases | :warning: -1 | no releases found | | Branch-Protection | :warning: -1 | internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration | | Packaging | :warning: -1 | packaging workflow not detected | | Dangerous-Workflow | :green_circle: 10 | no dangerous workflow patterns detected | | Token-Permissions | :green_circle: 10 | GitHub workflow tokens follow principle of least privilege | | Binary-Artifacts | :green_circle: 10 | no binaries found in the repo | | Fuzzing | :warning: 0 | project is not fuzzed | | Vulnerabilities | :green_circle: 10 | 0 existing vulnerabilities detected | | Security-Policy | :warning: 0 | security policy file not detected | | SAST | :warning: 0 | SAST tool is not run on all commits -- score normalized to 0 | | Pinned-Dependencies | :warning: 0 | dependency not pinned by hash detected -- score normalized to 0 |
|
| pip/typing-inspect | 0.9.0 |
:green_circle: 4.7 | Details| Check | Score | Reason |
|---|
| Code-Review | :green_circle: 3 | Found 11/30 approved changesets -- score normalized to 3 | | Maintained | :warning: 0 | 0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0 | | CII-Best-Practices | :warning: 0 | no effort to earn an OpenSSF best practices badge detected | | Signed-Releases | :warning: -1 | no releases found | | License | :green_circle: 10 | license file detected | | Binary-Artifacts | :green_circle: 10 | no binaries found in the repo | | Dangerous-Workflow | :green_circle: 10 | no dangerous workflow patterns detected | | Packaging | :warning: -1 | packaging workflow not detected | | Token-Permissions | :green_circle: 10 | GitHub workflow tokens follow principle of least privilege | | Fuzzing | :warning: 0 | project is not fuzzed | | Branch-Protection | :warning: 0 | branch protection not enabled on development/release branches | | Vulnerabilities | :green_circle: 10 | 0 existing vulnerabilities detected | | Security-Policy | :warning: 0 | security policy file not detected | | SAST | :warning: 0 | SAST tool is not run on all commits -- score normalized to 0 | | Pinned-Dependencies | :warning: 0 | dependency not pinned by hash detected -- score normalized to 0 |
|
| pip/tzdata | 2024.1 |
:green_circle: 3.8 | Details| Check | Score | Reason |
|---|
| Code-Review | :warning: 0 | Found 1/22 approved changesets -- score normalized to 0 | | Maintained | :warning: 0 | 1 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0 | | CII-Best-Practices | :warning: 0 | no effort to earn an OpenSSF best practices badge detected | | License | :green_circle: 9 | license file detected | | Branch-Protection | :warning: -1 | internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration | | Packaging | :warning: -1 | packaging workflow not detected | | Token-Permissions | :warning: 0 | detected GitHub workflow tokens with excessive permissions | | Dangerous-Workflow | :green_circle: 10 | no dangerous workflow patterns detected | | Binary-Artifacts | :green_circle: 10 | no binaries found in the repo | | Signed-Releases | :warning: -1 | no releases found | | Fuzzing | :warning: 0 | project is not fuzzed | | Vulnerabilities | :green_circle: 10 | 0 existing vulnerabilities detected | | Security-Policy | :warning: 0 | security policy file not detected | | SAST | :warning: 0 | SAST tool is not run on all commits -- score normalized to 0 | | Pinned-Dependencies | :warning: 0 | dependency not pinned by hash detected -- score normalized to 0 |
|
| pip/uritemplate | 4.1.1 |
Unknown | Unknown |
| pip/urllib3 | 1.26.18 |
:green_circle: 9.1 | Details| Check | Score | Reason |
|---|
| Binary-Artifacts | :green_circle: 10 | no binaries found in the repo | | Branch-Protection | :green_circle: 5 | branch protection is not maximal on development and all release branches | | CI-Tests | :green_circle: 10 | 30 out of 30 merged PRs checked by a CI test -- score normalized to 10 | | CII-Best-Practices | :green_circle: 5 | badge detected: passing | | Code-Review | :green_circle: 10 | all changesets reviewed | | Contributors | :green_circle: 10 | 105 different organizations found -- score normalized to 10 | | Dangerous-Workflow | :green_circle: 10 | no dangerous workflow patterns detected | | Dependency-Update-Tool | :green_circle: 10 | update tool detected | | Fuzzing | :green_circle: 10 | project is fuzzed | | License | :green_circle: 10 | license file detected | | Maintained | :green_circle: 10 | 27 commit(s) out of 30 and 18 issue activity out of 30 found in the last 90 days -- score normalized to 10 | | Packaging | :green_circle: 10 | publishing workflow detected | | Pinned-Dependencies | :green_circle: 5 | dependency not pinned by hash detected -- score normalized to 5 | | SAST | :green_circle: 7 | SAST tool detected but not run on all commits | | Security-Policy | :green_circle: 10 | security policy file detected | | Signed-Releases | :green_circle: 9 | 23 out of 23 artifacts are signed or have provenance | | Token-Permissions | :green_circle: 10 | GitHub workflow tokens follow principle of least privilege | | Vulnerabilities | :green_circle: 10 | no vulnerabilities detected |
|
| pip/urllib3 | 2.2.1 |
:green_circle: 9.1 | Details| Check | Score | Reason |
|---|
| Binary-Artifacts | :green_circle: 10 | no binaries found in the repo | | Branch-Protection | :green_circle: 5 | branch protection is not maximal on development and all release branches | | CI-Tests | :green_circle: 10 | 30 out of 30 merged PRs checked by a CI test -- score normalized to 10 | | CII-Best-Practices | :green_circle: 5 | badge detected: passing | | Code-Review | :green_circle: 10 | all changesets reviewed | | Contributors | :green_circle: 10 | 105 different organizations found -- score normalized to 10 | | Dangerous-Workflow | :green_circle: 10 | no dangerous workflow patterns detected | | Dependency-Update-Tool | :green_circle: 10 | update tool detected | | Fuzzing | :green_circle: 10 | project is fuzzed | | License | :green_circle: 10 | license file detected | | Maintained | :green_circle: 10 | 27 commit(s) out of 30 and 18 issue activity out of 30 found in the last 90 days -- score normalized to 10 | | Packaging | :green_circle: 10 | publishing workflow detected | | Pinned-Dependencies | :green_circle: 5 | dependency not pinned by hash detected -- score normalized to 5 | | SAST | :green_circle: 7 | SAST tool detected but not run on all commits | | Security-Policy | :green_circle: 10 | security policy file detected | | Signed-Releases | :green_circle: 9 | 23 out of 23 artifacts are signed or have provenance | | Token-Permissions | :green_circle: 10 | GitHub workflow tokens follow principle of least privilege | | Vulnerabilities | :green_circle: 10 | no vulnerabilities detected |
|
| pip/yahoo-search-py | 0.3 |
Unknown | Unknown |
| pip/yarl | 1.9.4 |
:green_circle: 6.1 | Details| Check | Score | Reason |
|---|
| Code-Review | :warning: 0 | Found 1/22 approved changesets -- score normalized to 0 | | Maintained | :green_circle: 3 | 0 commit(s) and 4 issue activity found in the last 90 days -- score normalized to 3 | | CII-Best-Practices | :warning: 0 | no effort to earn an OpenSSF best practices badge detected | | License | :green_circle: 10 | license file detected | | Binary-Artifacts | :green_circle: 10 | no binaries found in the repo | | Dangerous-Workflow | :green_circle: 10 | no dangerous workflow patterns detected | | Token-Permissions | :warning: 0 | detected GitHub workflow tokens with excessive permissions | | Fuzzing | :green_circle: 10 | project is fuzzed | | Branch-Protection | :warning: -1 | internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration | | Vulnerabilities | :green_circle: 10 | 0 existing vulnerabilities detected | | Security-Policy | :green_circle: 10 | security policy file detected | | Signed-Releases | :green_circle: 3 | 2 out of the last 5 releases have a total of 2 signed artifacts. | | Packaging | :green_circle: 10 | packaging workflow detected | | SAST | :green_circle: 10 | SAST tool is run on all commits | | Pinned-Dependencies | :warning: 0 | dependency not pinned by hash detected -- score normalized to 0 |
|
| pip/zipp | 3.18.1 |
:green_circle: 6.6 | Details| Check | Score | Reason |
|---|
| Code-Review | :warning: 0 | Found 0/28 approved changesets -- score normalized to 0 | | Maintained | :green_circle: 10 | 30 commit(s) and 3 issue activity found in the last 90 days -- score normalized to 10 | | CII-Best-Practices | :warning: 0 | no effort to earn an OpenSSF best practices badge detected | | License | :green_circle: 10 | license file detected | | Dangerous-Workflow | :green_circle: 10 | no dangerous workflow patterns detected | | Packaging | :warning: -1 | packaging workflow not detected | | Binary-Artifacts | :green_circle: 10 | no binaries found in the repo | | Security-Policy | :green_circle: 10 | security policy file detected | | Token-Permissions | :green_circle: 10 | GitHub workflow tokens follow principle of least privilege | | Signed-Releases | :warning: -1 | no releases found | | Branch-Protection | :warning: 0 | branch protection not enabled on development/release branches | | Fuzzing | :green_circle: 10 | project is fuzzed | | Vulnerabilities | :green_circle: 10 | 0 existing vulnerabilities detected | | SAST | :warning: 0 | SAST tool is not run on all commits -- score normalized to 0 | | Pinned-Dependencies | :warning: 0 | dependency not pinned by hash detected -- score normalized to 0 |
|
| pip/pypdf | 4.2.0 |
:green_circle: 5.7 | Details| Check | Score | Reason |
|---|
| Maintained | :green_circle: 10 | 30 commit(s) and 26 issue activity found in the last 90 days -- score normalized to 10 | | Code-Review | :green_circle: 9 | Found 28/29 approved changesets -- score normalized to 9 | | CII-Best-Practices | :warning: 0 | no effort to earn an OpenSSF best practices badge detected | | License | :green_circle: 9 | license file detected | | Branch-Protection | :warning: -1 | internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration | | Signed-Releases | :warning: -1 | no releases found | | Dangerous-Workflow | :warning: 0 | dangerous workflow patterns detected | | Security-Policy | :green_circle: 10 | security policy file detected | | Packaging | :warning: -1 | packaging workflow not detected | | Token-Permissions | :warning: 0 | detected GitHub workflow tokens with excessive permissions | | Binary-Artifacts | :green_circle: 10 | no binaries found in the repo | | Vulnerabilities | :green_circle: 10 | 0 existing vulnerabilities detected | | Fuzzing | :green_circle: 10 | project is fuzzed | | SAST | :warning: 0 | SAST tool is not run on all commits -- score normalized to 0 | | Pinned-Dependencies | :warning: 0 | dependency not pinned by hash detected -- score normalized to 0 |
|
Scrapegraph-ai copied to clipboard
ScrapeGraphAI
![github-actions[bot] avatar](https://avatars.githubusercontent.com/in/15368?v=4 "Published by a pub.dev verified publisher"){kind=small}