Conventional Commits Report
| Type |
Number |
| Removed |
4 |
| Changed |
14 |
| Added |
25 |
| Bug Fixes |
2 |
:rocket: Conventional commits found.
Dependency Review
The following issues were found:
- ✅ 0 vulnerable package(s)
- ✅ 0 package(s) with incompatible licenses
- ❌ 1 package(s) with invalid SPDX license definitions
- ✅ 0 package(s) with unknown licenses.
See the Details below.
Snapshot Warnings
⚠️: No snapshots were found for the head SHA a771cbdb3cad06bd497abbff0bbc2daa8db25893.
Ensure that dependencies are being submitted on PR branches and consider enabling
retry-on-snapshot-warnings. See
the documentation for more information and troubleshooting advice.
License Issues
poetry.lock
| Package | Version | License | Issue Type |
| lxml-stubs | 0.5.1 | Apache-2.0 AND MIT AND NOASSERTION | Invalid SPDX License |
Allowed Licenses: 0BSD, AGPL-3.0-or-later, GPL-3.0-or-later, LGPL-2.1, EPL-2.0, Python-2.0, GPL-2.0-or-later, GPL-2.0-only, GPL-3.0-or-later AND LGPL-2.1-only, GPL-3.0-or-later AND LGPL-3.0 AND LGPL-3.0-only, GPL-2.0 AND GPL-2.0-only AND GPL-2.0-or-later AND LGPL-2.1-or-later, MIT, ISC, Unlicense, Apache-2.0, BSD-3-Clause, BSD-2-Clause, BSD-2-Clause AND MIT, MPL-2.0, CC-BY-4.0, CC-BY-3.0, CC-BY-SA-4.0, CC0-1.0, BSD-2-Clause AND BSD-3-Clause, BSD-3-Clause AND BSD-3-Clause-Clear, MIT OR Apache-2.0, MIT AND Python-2.0, (Apache-2.0 AND BSD-3-Clause) OR (Apache-2.0 AND MIT), (MIT OR Apache-2.0) AND Unicode-DFS-2016, OFL-1.1, Apache-2.0 AND BSD-3-Clause AND MIT AND OFL-1.1, BlueOak-1.0.0, BSL-1.0, Python-2.0.1, MIT AND PSF-2.0, LGPL-2.0-only AND LGPL-2.1-or-later, CAL-1.0
OpenSSF Scorecard
| Package | Version | Score | Details |
|---|
| actions/greenbone/actions/mypy-python | 3.*.* |
Unknown | Unknown |
| pip/autohooks-plugin-mypy | 23.10.0 |
Unknown | Unknown |
| pip/lxml-stubs | 0.5.1 |
Unknown | Unknown |
| pip/mypy | 1.10.0 |
:green_circle: 5.7 | Details| Check | Score | Reason |
|---|
| Code-Review | :green_circle: 9 | Found 27/30 approved changesets -- score normalized to 9 | | Maintained | :green_circle: 10 | 30 commit(s) and 5 issue activity found in the last 90 days -- score normalized to 10 | | CII-Best-Practices | :warning: 0 | no effort to earn an OpenSSF best practices badge detected | | License | :green_circle: 9 | license file detected | | Signed-Releases | :warning: -1 | no releases found | | Branch-Protection | :warning: -1 | internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration | | Packaging | :warning: -1 | packaging workflow not detected | | Dangerous-Workflow | :green_circle: 10 | no dangerous workflow patterns detected | | Token-Permissions | :warning: 0 | detected GitHub workflow tokens with excessive permissions | | Binary-Artifacts | :green_circle: 10 | no binaries found in the repo | | Fuzzing | :warning: 0 | project is not fuzzed | | Security-Policy | :warning: 0 | security policy file not detected | | SAST | :warning: 0 | SAST tool is not run on all commits -- score normalized to 0 | | Pinned-Dependencies | :warning: 0 | dependency not pinned by hash detected -- score normalized to 0 | | Vulnerabilities | :green_circle: 10 | 0 existing vulnerabilities detected |
|
| pip/types-paramiko | 3.4.0.20240423 |
:green_circle: 5.8 | Details| Check | Score | Reason |
|---|
| Code-Review | :green_circle: 10 | all changesets reviewed | | Maintained | :green_circle: 10 | 30 commit(s) and 21 issue activity found in the last 90 days -- score normalized to 10 | | CII-Best-Practices | :warning: 0 | no effort to earn an OpenSSF best practices badge detected | | License | :green_circle: 9 | license file detected | | Signed-Releases | :warning: -1 | no releases found | | Branch-Protection | :warning: -1 | internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration | | Dangerous-Workflow | :green_circle: 10 | no dangerous workflow patterns detected | | Token-Permissions | :warning: 0 | detected GitHub workflow tokens with excessive permissions | | Packaging | :warning: -1 | packaging workflow not detected | | Fuzzing | :warning: 0 | project is not fuzzed | | Vulnerabilities | :green_circle: 10 | 0 existing vulnerabilities detected | | SAST | :warning: 0 | SAST tool is not run on all commits -- score normalized to 0 | | Security-Policy | :warning: 0 | security policy file not detected | | Binary-Artifacts | :green_circle: 10 | no binaries found in the repo | | Pinned-Dependencies | :warning: 0 | dependency not pinned by hash detected -- score normalized to 0 |
|
| pip/defusedxml | 0.7.1 |
:green_circle: 5.9 | Details| Check | Score | Reason |
|---|
| Code-Review | :warning: 0 | Found 2/24 approved changesets -- score normalized to 0 | | Maintained | :warning: 0 | 0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0 | | CII-Best-Practices | :warning: 0 | no effort to earn an OpenSSF best practices badge detected | | License | :green_circle: 9 | license file detected | | Signed-Releases | :warning: -1 | no releases found | | Dangerous-Workflow | :green_circle: 10 | no dangerous workflow patterns detected | | Binary-Artifacts | :green_circle: 10 | no binaries found in the repo | | Security-Policy | :green_circle: 10 | security policy file detected | | Token-Permissions | :green_circle: 10 | GitHub workflow tokens follow principle of least privilege | | Pinned-Dependencies | :warning: 0 | dependency not pinned by hash detected -- score normalized to 0 | | Branch-Protection | :warning: 0 | branch protection not enabled on development/release branches | | Fuzzing | :green_circle: 10 | project is fuzzed | | Vulnerabilities | :green_circle: 10 | 0 existing vulnerabilities detected | | Packaging | :green_circle: 10 | packaging workflow detected | | SAST | :warning: 0 | SAST tool is not run on all commits -- score normalized to 0 |
|
| pip/defusedxml | >= 0.6 |
:green_circle: 5.9 | Details| Check | Score | Reason |
|---|
| Code-Review | :warning: 0 | Found 2/24 approved changesets -- score normalized to 0 | | Maintained | :warning: 0 | 0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0 | | CII-Best-Practices | :warning: 0 | no effort to earn an OpenSSF best practices badge detected | | License | :green_circle: 9 | license file detected | | Signed-Releases | :warning: -1 | no releases found | | Dangerous-Workflow | :green_circle: 10 | no dangerous workflow patterns detected | | Binary-Artifacts | :green_circle: 10 | no binaries found in the repo | | Security-Policy | :green_circle: 10 | security policy file detected | | Token-Permissions | :green_circle: 10 | GitHub workflow tokens follow principle of least privilege | | Pinned-Dependencies | :warning: 0 | dependency not pinned by hash detected -- score normalized to 0 | | Branch-Protection | :warning: 0 | branch protection not enabled on development/release branches | | Fuzzing | :green_circle: 10 | project is fuzzed | | Vulnerabilities | :green_circle: 10 | 0 existing vulnerabilities detected | | Packaging | :green_circle: 10 | packaging workflow detected | | SAST | :warning: 0 | SAST tool is not run on all commits -- score normalized to 0 |
|
Scanned Manifest Files
.github/workflows/ci.yml
- greenbone/actions/mypy-python@3.*.*
poetry.lock
pyproject.toml
Attention: Patch coverage is 95.88496% with 93 lines in your changes missing coverage. Please review.
Project coverage is 97.57%. Comparing base (0f946e6) to head (fa88c2a).
:exclamation: Current head fa88c2a differs from pull request most recent head a771cbd
Please upload reports for the commit a771cbd to get more accurate results.
Additional details and impacted files
@@ Coverage Diff @@
## main #1127 +/- ##
==========================================
- Coverage 97.85% 97.57% -0.28%
==========================================
Files 61 65 +4
Lines 4292 4541 +249
Branches 1047 831 -216
==========================================
+ Hits 4200 4431 +231
- Misses 72 74 +2
- Partials 20 36 +16
:umbrella: View full report in Codecov by Sentry.
:loudspeaker: Have feedback on the report? Share it here.
greenbone
![github-actions[bot] avatar](https://avatars.githubusercontent.com/in/15368?v=4 "Published by a pub.dev verified publisher"){kind=small}
![codecov[bot] avatar](https://avatars.githubusercontent.com/in/254?v=4 "Published by a pub.dev verified publisher"){kind=small}