Dependency Review
✅ No vulnerabilities or license issues or OpenSSF Scorecard issues found.
OpenSSF Scorecard
| Package | Version | Score | Details |
|---|
| actions/actions/checkout | 4.*.* |
:green_circle: 7.6 | Details| Check | Score | Reason |
|---|
| Code-Review | :green_circle: 10 | all changesets reviewed | | Maintained | :green_circle: 10 | 21 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 10 | | CII-Best-Practices | :warning: 0 | no effort to earn an OpenSSF best practices badge detected | | License | :green_circle: 10 | license file detected | | Signed-Releases | :warning: -1 | no releases found | | Branch-Protection | :warning: -1 | internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration | | Binary-Artifacts | :green_circle: 10 | no binaries found in the repo | | Dangerous-Workflow | :green_circle: 10 | no dangerous workflow patterns detected | | Token-Permissions | :warning: 0 | detected GitHub workflow tokens with excessive permissions | | Fuzzing | :warning: 0 | project is not fuzzed | | Packaging | :green_circle: 10 | packaging workflow detected | | Security-Policy | :green_circle: 9 | security policy file detected | | SAST | :green_circle: 10 | SAST tool is run on all commits | | Vulnerabilities | :green_circle: 10 | 0 existing vulnerabilities detected | | Pinned-Dependencies | :green_circle: 4 | dependency not pinned by hash detected -- score normalized to 4 |
|
| actions/actions/setup-node | 4.*.* |
:green_circle: 5.6 | Details| Check | Score | Reason |
|---|
| Code-Review | :green_circle: 10 | all changesets reviewed | | Maintained | :warning: 1 | 2 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 1 | | CII-Best-Practices | :warning: 0 | no effort to earn an OpenSSF best practices badge detected | | License | :green_circle: 10 | license file detected | | Branch-Protection | :warning: -1 | internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration | | Signed-Releases | :warning: -1 | no releases found | | Dangerous-Workflow | :green_circle: 10 | no dangerous workflow patterns detected | | Packaging | :warning: -1 | packaging workflow not detected | | Binary-Artifacts | :green_circle: 9 | binaries present in source code | | Token-Permissions | :warning: 0 | detected GitHub workflow tokens with excessive permissions | | Fuzzing | :warning: 0 | project is not fuzzed | | Security-Policy | :green_circle: 9 | security policy file detected | | SAST | :green_circle: 10 | SAST tool is run on all commits | | Vulnerabilities | :green_circle: 5 | 5 existing vulnerabilities detected | | Pinned-Dependencies | :warning: 0 | dependency not pinned by hash detected -- score normalized to 0 |
|
| actions/actions/checkout | 8459bc0 |
:green_circle: 7.6 | Details| Check | Score | Reason |
|---|
| Code-Review | :green_circle: 10 | all changesets reviewed | | Maintained | :green_circle: 10 | 21 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 10 | | CII-Best-Practices | :warning: 0 | no effort to earn an OpenSSF best practices badge detected | | License | :green_circle: 10 | license file detected | | Signed-Releases | :warning: -1 | no releases found | | Branch-Protection | :warning: -1 | internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration | | Binary-Artifacts | :green_circle: 10 | no binaries found in the repo | | Dangerous-Workflow | :green_circle: 10 | no dangerous workflow patterns detected | | Token-Permissions | :warning: 0 | detected GitHub workflow tokens with excessive permissions | | Fuzzing | :warning: 0 | project is not fuzzed | | Packaging | :green_circle: 10 | packaging workflow detected | | Security-Policy | :green_circle: 9 | security policy file detected | | SAST | :green_circle: 10 | SAST tool is run on all commits | | Vulnerabilities | :green_circle: 10 | 0 existing vulnerabilities detected | | Pinned-Dependencies | :green_circle: 4 | dependency not pinned by hash detected -- score normalized to 4 |
|
| actions/actions/setup-node | c2ac33f |
:green_circle: 5.6 | Details| Check | Score | Reason |
|---|
| Code-Review | :green_circle: 10 | all changesets reviewed | | Maintained | :warning: 1 | 2 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 1 | | CII-Best-Practices | :warning: 0 | no effort to earn an OpenSSF best practices badge detected | | License | :green_circle: 10 | license file detected | | Branch-Protection | :warning: -1 | internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration | | Signed-Releases | :warning: -1 | no releases found | | Dangerous-Workflow | :green_circle: 10 | no dangerous workflow patterns detected | | Packaging | :warning: -1 | packaging workflow not detected | | Binary-Artifacts | :green_circle: 9 | binaries present in source code | | Token-Permissions | :warning: 0 | detected GitHub workflow tokens with excessive permissions | | Fuzzing | :warning: 0 | project is not fuzzed | | Security-Policy | :green_circle: 9 | security policy file detected | | SAST | :green_circle: 10 | SAST tool is run on all commits | | Vulnerabilities | :green_circle: 5 | 5 existing vulnerabilities detected | | Pinned-Dependencies | :warning: 0 | dependency not pinned by hash detected -- score normalized to 0 |
|
| actions/release-drafter/release-drafter | 6.*.* |
:green_circle: 3.4 | Details| Check | Score | Reason |
|---|
| Code-Review | :green_circle: 5 | Found 13/24 approved changesets -- score normalized to 5 | | Maintained | :green_circle: 3 | 1 commit(s) and 3 issue activity found in the last 90 days -- score normalized to 3 | | CII-Best-Practices | :warning: 0 | no effort to earn an OpenSSF best practices badge detected | | License | :green_circle: 10 | license file detected | | Signed-Releases | :warning: -1 | no releases found | | Dangerous-Workflow | :green_circle: 10 | no dangerous workflow patterns detected | | Packaging | :warning: -1 | packaging workflow not detected | | Token-Permissions | :warning: 0 | detected GitHub workflow tokens with excessive permissions | | Binary-Artifacts | :green_circle: 10 | no binaries found in the repo | | Security-Policy | :warning: 0 | security policy file not detected | | SAST | :warning: 0 | SAST tool is not run on all commits -- score normalized to 0 | | Fuzzing | :warning: 0 | project is not fuzzed | | Branch-Protection | :warning: 0 | branch protection not enabled on development/release branches | | Pinned-Dependencies | :warning: 2 | dependency not pinned by hash detected -- score normalized to 2 | | Vulnerabilities | :warning: 0 | 13 existing vulnerabilities detected |
|
Scanned Manifest Files
.github/workflows/release.yml
- actions/checkout@4.*.*
- actions/setup-node@4.*.*
- actions/checkout@8459bc0
- actions/setup-node@c2ac33f
- release-drafter/release-drafter@6.*.*
All modified and coverable lines are covered by tests :white_check_mark:
Project coverage is 56.96%. Comparing base (eb7c88e) to head (5e4f7a8).
Additional details and impacted files
@@ Coverage Diff @@
## main #563 +/- ##
=======================================
Coverage 56.96% 56.96%
=======================================
Files 46 46
Lines 1566 1566
=======================================
Hits 892 892
Misses 674 674
:umbrella: View full report in Codecov by Sentry.
:loudspeaker: Have feedback on the report? Share it here.
git-proxy copied to clipboard
finos
![github-actions[bot] avatar](https://avatars.githubusercontent.com/in/15368?v=4 "Published by a pub.dev verified publisher"){kind=small}
![netlify[bot] avatar](https://avatars.githubusercontent.com/in/13473?v=4 "Published by a pub.dev verified publisher"){kind=small}
![codecov[bot] avatar](https://avatars.githubusercontent.com/in/254?v=4 "Published by a pub.dev verified publisher"){kind=small}