BenWestgate / Bails

Bails is a Bitcoin solution protecting against surveillance, censorship, and confiscation. It installs Bitcoin Core to Tails encrypted Persistent Storage, creates and recovers Bitcoin Core wallets from Codex32 (BIP93) seed backups, and creates backup Bails USB sticks and shareable blank Bails USB sticks. Learn more in README.md.
MIT License
46 stars 9 forks source link

Create dependency-review.yml #112

Closed BenWestgate closed 8 months ago

github-actions[bot] commented 8 months ago

Dependency Review

✅ No vulnerabilities or license issues or OpenSSF Scorecard issues found.

OpenSSF Scorecard

PackageVersionScoreDetails
actions/actions/checkout 4.*.* :green_circle: 7.2
Details
CheckScoreReason
Code-Review:green_circle: 10all changesets reviewed
Maintained:green_circle: 810 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 8
CII-Best-Practices:warning: 0no effort to earn an OpenSSF best practices badge detected
License:green_circle: 10license file detected
Signed-Releases:warning: -1no releases found
Branch-Protection:warning: -1internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration
Dangerous-Workflow:green_circle: 10no dangerous workflow patterns detected
Binary-Artifacts:green_circle: 10no binaries found in the repo
Token-Permissions:warning: 0detected GitHub workflow tokens with excessive permissions
Fuzzing:warning: 0project is not fuzzed
Security-Policy:green_circle: 9security policy file detected
Packaging:green_circle: 10packaging workflow detected
SAST:green_circle: 10SAST tool is run on all commits
Pinned-Dependencies:green_circle: 4dependency not pinned by hash detected -- score normalized to 4
Vulnerabilities:green_circle: 82 existing vulnerabilities detected
actions/actions/dependency-review-action 4.*.* :green_circle: 6.2
Details
CheckScoreReason
Maintained:green_circle: 1030 commit(s) and 12 issue activity found in the last 90 days -- score normalized to 10
Code-Review:green_circle: 6found 3 unreviewed changesets out of 8 -- score normalized to 6
CII-Best-Practices:warning: 0no effort to earn an OpenSSF best practices badge detected
License:green_circle: 10license file detected
Signed-Releases:warning: -1no releases found
Security-Policy:green_circle: 9security policy file detected
Packaging:warning: -1packaging workflow not detected
Dangerous-Workflow:green_circle: 10no dangerous workflow patterns detected
Branch-Protection:warning: 0branch protection not enabled on development/release branches
Binary-Artifacts:green_circle: 10no binaries found in the repo
Token-Permissions:warning: 0detected GitHub workflow tokens with excessive permissions
Fuzzing:warning: 0project is not fuzzed
SAST:green_circle: 10SAST tool is run on all commits
Pinned-Dependencies:warning: 1dependency not pinned by hash detected -- score normalized to 1
Vulnerabilities:green_circle: 100 existing vulnerabilities detected

Scanned Manifest Files

.github/workflows/dependency-review.yml
  • actions/checkout@4.*.*
  • actions/dependency-review-action@4.*.*