allstar-app[bot]
commented
5 days ago The policy result has been updated.
Project is out of compliance with Security Scorecards policy
Rule Description This is a generic passthrough policy that runs the configured checks from Security Scorecards. Please see the Security Scorecards Documentation for more information on each check. The score was 0, and the passing threshold is 7. Results from policy: Branch-Protection : branch protection not enabled on development/release branches
- [0]:branch protection not enabled for branch 'main'
First 10 Results from policy: Code-Review : found 15 unreviewed changesets out of 15 -- score normalized to 0
- [0]:couldn't find approvals for revision: 31c9e089ae4108deeefe6488929f74c05270b5d4 platform: Unknown
- [0]:couldn't find approvals for revision: 6c8333ef883c1443bed75c7cef70337e4499178a platform: Unknown
- [0]:couldn't find approvals for revision: 38e3c2d2618558723127329870eb89ccf672e23e platform: Unknown
- [0]:couldn't find approvals for revision: b693141c803a51d6e663f43ba1ee81cdfdd6c8b6 platform: Unknown
- [0]:couldn't find approvals for revision: c6730d8b2d0a4247361e95ec410e6dccd2f3d567 platform: Unknown
- [0]:couldn't find approvals for revision: 276038b7c04470830a888a69cd39a74b5a9d057d platform: Unknown
- [0]:couldn't find approvals for revision: ed2616d5078fced8d9ca31ab5adc8377cf785b39 platform: Unknown
- [0]:couldn't find approvals for revision: fe4e538f559bfc5da7dd158fd5b88fb8f8896857 platform: Unknown
- [0]:couldn't find approvals for revision: a88a23f5e0b13208b723601641bfa12bc20d59f9 platform: Unknown
- [0]:couldn't find approvals for revision: 2a3f4c3f3c71dcbaf1d3eafa2938898413eee3b8 platform: Unknown
- Run a Scorecards scan to see full list.
Results from policy: Contributors : 0 different organizations found -- score normalized to 0
- [0]:no contributors have an org or company
Results from policy: Dependency-Update-Tool : no update tool detected
- tool 'RenovateBot' is not used
- tool 'Dependabot' is not used
- tool 'PyUp' is not used
- tool 'Sonatype Lift' is not used
First 10 Results from policy: Fuzzing : project is not fuzzed
- no OSSFuzz integration found
- no OneFuzz integration found
- no GoBuiltInFuzzer integration found
- no PythonAtherisFuzzer integration found
- no CLibFuzzer integration found
- no CppLibFuzzer integration found
- no SwiftLibFuzzer integration found
- no RustCargoFuzzer integration found
- no JavaJazzerFuzzer integration found
- no ClusterFuzzLite integration found
- Run a Scorecards scan to see full list.
Results from policy: License : license file not detected
Results from policy: Maintained : repo was created 41 days ago, not enough maintenance history
- [0]:repo was created in the last 90 days (Created at: 2024-09-09T18:02:48Z), please review its contents carefully
Results from policy: SAST : no SAST tool detected
- [0]:no pull requests merged into dev branch
- [0]:CodeQL tool not detected
Results from policy: Security-Policy : security policy file not detected
- no security policy file detected
- no security file to analyze
- no security file to analyze
- no security file to analyze
Results from policy: Signed-Releases : 0 out of 1 artifacts are signed or have provenance
- [0]:GitHub release found: v0.1.0
- https://api.github.com/repos/Deluxz1/demo/releases/180239442[0]:release artifact v0.1.0 does not have provenance
- https://api.github.com/repos/Deluxz1/demo/releases/180239442[0]:release artifact v0.1.0 not signed
This issue was automatically created by Allstar.
Security Policy Violation Project is out of compliance with Security Scorecards policy
Rule Description This is a generic passthrough policy that runs the configured checks from Security Scorecards. Please see the Security Scorecards Documentation for more information on each check. The score was 0, and the passing threshold is 7. Results from policy: Branch-Protection : branch protection not enabled on development/release branches
First 10 Results from policy: Code-Review : found 15 unreviewed changesets out of 15 -- score normalized to 0
Results from policy: Contributors : 0 different organizations found -- score normalized to 0
Results from policy: Dependency-Update-Tool : no update tool detected
First 10 Results from policy: Fuzzing : project is not fuzzed
Results from policy: License : license file not detected
Results from policy: Maintained : repo was created 41 days ago, not enough maintenance history
Results from policy: SAST : no SAST tool detected
Results from policy: Security-Policy : security policy file not detected
Results from policy: Signed-Releases : 0 out of 1 artifacts are signed or have provenance
:warning: There is an updated version of this policy result! Click here to see the latest update
This issue will auto resolve when the policy is in compliance.
Issue created by Allstar. See https://github.com/ossf/allstar/ for more information. For questions specific to the repository, please contact the owner or maintainer.