BenWestgate / Bails

Bails is a Bitcoin solution protecting against surveillance, censorship, and confiscation. It installs Bitcoin Core on the encrypted Persistent Storage of Tails, creates and recovers Bitcoin Core wallets from Codex32 (BIP93) seed backups, and creates backup Bails USB sticks and shareable blank Bails USB sticks. Learn more in README.md.

MIT License

39 stars 7 forks source link

Create dependency-review.yml #112

Closed BenWestgate closed 3 months ago

github-actions[bot] commented 3 months ago

Dependency Review

✅ No vulnerabilities or license issues or OpenSSF Scorecard issues found.

OpenSSF Scorecard

Package

Version

Score

Details

actions/actions/checkout

4.*.*

:green_circle: 7.2

Details

Check	Score	Reason
Code-Review	:green_circle: 10	all changesets reviewed
Maintained	:green_circle: 8	10 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 8
CII-Best-Practices	:warning: 0	no effort to earn an OpenSSF best practices badge detected
License	:green_circle: 10	license file detected
Signed-Releases	:warning: -1	no releases found
Branch-Protection	:warning: -1	internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration
Dangerous-Workflow	:green_circle: 10	no dangerous workflow patterns detected
Binary-Artifacts	:green_circle: 10	no binaries found in the repo
Token-Permissions	:warning: 0	detected GitHub workflow tokens with excessive permissions
Fuzzing	:warning: 0	project is not fuzzed
Security-Policy	:green_circle: 9	security policy file detected
Packaging	:green_circle: 10	packaging workflow detected
SAST	:green_circle: 10	SAST tool is run on all commits
Pinned-Dependencies	:green_circle: 4	dependency not pinned by hash detected -- score normalized to 4
Vulnerabilities	:green_circle: 8	2 existing vulnerabilities detected

actions/actions/dependency-review-action

4.*.*

:green_circle: 6.2

Details

Check	Score	Reason
Maintained	:green_circle: 10	30 commit(s) and 12 issue activity found in the last 90 days -- score normalized to 10
Code-Review	:green_circle: 6	found 3 unreviewed changesets out of 8 -- score normalized to 6
CII-Best-Practices	:warning: 0	no effort to earn an OpenSSF best practices badge detected
License	:green_circle: 10	license file detected
Signed-Releases	:warning: -1	no releases found
Security-Policy	:green_circle: 9	security policy file detected
Packaging	:warning: -1	packaging workflow not detected
Dangerous-Workflow	:green_circle: 10	no dangerous workflow patterns detected
Branch-Protection	:warning: 0	branch protection not enabled on development/release branches
Binary-Artifacts	:green_circle: 10	no binaries found in the repo
Token-Permissions	:warning: 0	detected GitHub workflow tokens with excessive permissions
Fuzzing	:warning: 0	project is not fuzzed
SAST	:green_circle: 10	SAST tool is run on all commits
Pinned-Dependencies	:warning: 1	dependency not pinned by hash detected -- score normalized to 1
Vulnerabilities	:green_circle: 10	0 existing vulnerabilities detected

Scanned Manifest Files

.github/workflows/dependency-review.yml

actions/checkout@4.*.*
actions/dependency-review-action@4.*.*