Dependency Review

The following issues were found:

✅ 0 vulnerable package(s)
✅ 0 package(s) with incompatible licenses
✅ 0 package(s) with invalid SPDX license definitions
⚠️ 1 package(s) with unknown licenses.

See the Details below.

License Issues

poetry.lock

Package	Version	License	Issue Type
pulumi-aws	6.42.1	Null	Unknown License

OpenSSF Scorecard

Scorecard details

Package

Version

Score

Details

pip/boto3-stubs

1.34.136

:green_circle: 5.4

Details

Check	Score	Reason
Code-Review	:warning: 0	Found 1/25 approved changesets -- score normalized to 0
Maintained	:green_circle: 10	30 commit(s) and 7 issue activity found in the last 90 days -- score normalized to 10
CII-Best-Practices	:warning: 0	no effort to earn an OpenSSF best practices badge detected
License	:green_circle: 10	license file detected
Dangerous-Workflow	:green_circle: 10	no dangerous workflow patterns detected
Security-Policy	:green_circle: 10	security policy file detected
Branch-Protection	:warning: 0	branch protection not enabled on development/release branches
Packaging	:warning: -1	packaging workflow not detected
Binary-Artifacts	:green_circle: 10	no binaries found in the repo
Signed-Releases	:warning: -1	no releases found
Token-Permissions	:warning: 0	detected GitHub workflow tokens with excessive permissions
Fuzzing	:warning: 0	project is not fuzzed
Pinned-Dependencies	:warning: 0	dependency not pinned by hash detected -- score normalized to 0
SAST	:green_circle: 7	SAST tool is not run on all commits -- score normalized to 7
Vulnerabilities	:green_circle: 10	0 existing vulnerabilities detected

pip/botocore

1.34.136

:green_circle: 8.5

Details

Check	Score	Reason
Code-Review	:warning: 0	Found 2/27 approved changesets -- score normalized to 0
Maintained	:green_circle: 10	30 commit(s) and 1 issue activity found in the last 90 days -- score normalized to 10
CII-Best-Practices	:warning: 0	no effort to earn an OpenSSF best practices badge detected
License	:green_circle: 10	license file detected
Signed-Releases	:warning: -1	no releases found
Branch-Protection	:warning: -1	internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration
Security-Policy	:green_circle: 10	security policy file detected
Token-Permissions	:green_circle: 10	GitHub workflow tokens follow principle of least privilege
Packaging	:warning: -1	packaging workflow not detected
Dangerous-Workflow	:green_circle: 10	no dangerous workflow patterns detected
Fuzzing	:green_circle: 10	project is fuzzed
SAST	:green_circle: 10	SAST tool is run on all commits
Binary-Artifacts	:green_circle: 10	no binaries found in the repo
Vulnerabilities	:green_circle: 10	0 existing vulnerabilities detected
Pinned-Dependencies	:green_circle: 8	dependency not pinned by hash detected -- score normalized to 8

pip/botocore-stubs

1.34.136

Unknown

pip/django-stubs-ext

4.2.7

:green_circle: 6.2

Details

Check	Score	Reason
Maintained	:green_circle: 10	30 commit(s) and 20 issue activity found in the last 90 days -- score normalized to 10
Code-Review	:green_circle: 10	all changesets reviewed
CII-Best-Practices	:warning: 0	no effort to earn an OpenSSF best practices badge detected
License	:green_circle: 10	license file detected
Dangerous-Workflow	:green_circle: 10	no dangerous workflow patterns detected
Token-Permissions	:green_circle: 9	detected GitHub workflow tokens with excessive permissions
Branch-Protection	:warning: 0	branch protection not enabled on development/release branches
Signed-Releases	:warning: -1	no releases found
Binary-Artifacts	:green_circle: 10	no binaries found in the repo
Fuzzing	:warning: 0	project is not fuzzed
Pinned-Dependencies	:warning: 0	dependency not pinned by hash detected -- score normalized to 0
Packaging	:warning: -1	packaging workflow not detected
Vulnerabilities	:green_circle: 10	0 existing vulnerabilities detected
Security-Policy	:warning: 0	security policy file not detected
SAST	:warning: 0	SAST tool is not run on all commits -- score normalized to 0

pip/pulumi-aws

6.42.1

Unknown

pip/setuptools

70.1.1

:green_circle: 6.4

Details

Check	Score	Reason
Code-Review	:green_circle: 8	Found 10/12 approved changesets -- score normalized to 8
Maintained	:green_circle: 10	30 commit(s) and 6 issue activity found in the last 90 days -- score normalized to 10
CII-Best-Practices	:warning: 0	no effort to earn an OpenSSF best practices badge detected
License	:green_circle: 10	license file detected
Signed-Releases	:warning: -1	no releases found
Packaging	:warning: -1	packaging workflow not detected
Dangerous-Workflow	:green_circle: 10	no dangerous workflow patterns detected
Token-Permissions	:green_circle: 10	GitHub workflow tokens follow principle of least privilege
Security-Policy	:green_circle: 10	security policy file detected
Branch-Protection	:warning: 0	branch protection not enabled on development/release branches
Binary-Artifacts	:warning: 0	binaries present in source code
Pinned-Dependencies	:warning: 0	dependency not pinned by hash detected -- score normalized to 0
Vulnerabilities	:green_circle: 10	0 existing vulnerabilities detected
Fuzzing	:green_circle: 10	project is fuzzed
SAST	:warning: 0	SAST tool is not run on all commits -- score normalized to 0

pip/boto3-stubs

1.34.135

:green_circle: 5.4

Details

Check	Score	Reason
Code-Review	:warning: 0	Found 1/25 approved changesets -- score normalized to 0
Maintained	:green_circle: 10	30 commit(s) and 7 issue activity found in the last 90 days -- score normalized to 10
CII-Best-Practices	:warning: 0	no effort to earn an OpenSSF best practices badge detected
License	:green_circle: 10	license file detected
Dangerous-Workflow	:green_circle: 10	no dangerous workflow patterns detected
Security-Policy	:green_circle: 10	security policy file detected
Branch-Protection	:warning: 0	branch protection not enabled on development/release branches
Packaging	:warning: -1	packaging workflow not detected
Binary-Artifacts	:green_circle: 10	no binaries found in the repo
Signed-Releases	:warning: -1	no releases found
Token-Permissions	:warning: 0	detected GitHub workflow tokens with excessive permissions
Fuzzing	:warning: 0	project is not fuzzed
Pinned-Dependencies	:warning: 0	dependency not pinned by hash detected -- score normalized to 0
SAST	:green_circle: 7	SAST tool is not run on all commits -- score normalized to 7
Vulnerabilities	:green_circle: 10	0 existing vulnerabilities detected

pip/botocore

1.34.135

:green_circle: 8.5

Details

Check	Score	Reason
Code-Review	:warning: 0	Found 2/27 approved changesets -- score normalized to 0
Maintained	:green_circle: 10	30 commit(s) and 1 issue activity found in the last 90 days -- score normalized to 10
CII-Best-Practices	:warning: 0	no effort to earn an OpenSSF best practices badge detected
License	:green_circle: 10	license file detected
Signed-Releases	:warning: -1	no releases found
Branch-Protection	:warning: -1	internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration
Security-Policy	:green_circle: 10	security policy file detected
Token-Permissions	:green_circle: 10	GitHub workflow tokens follow principle of least privilege
Packaging	:warning: -1	packaging workflow not detected
Dangerous-Workflow	:green_circle: 10	no dangerous workflow patterns detected
Fuzzing	:green_circle: 10	project is fuzzed
SAST	:green_circle: 10	SAST tool is run on all commits
Binary-Artifacts	:green_circle: 10	no binaries found in the repo
Vulnerabilities	:green_circle: 10	0 existing vulnerabilities detected
Pinned-Dependencies	:green_circle: 8	dependency not pinned by hash detected -- score normalized to 8

pip/botocore-stubs

1.34.135

Unknown

pip/django-stubs-ext

5.0.2

:green_circle: 6.2

Details

Check	Score	Reason
Maintained	:green_circle: 10	30 commit(s) and 20 issue activity found in the last 90 days -- score normalized to 10
Code-Review	:green_circle: 10	all changesets reviewed
CII-Best-Practices	:warning: 0	no effort to earn an OpenSSF best practices badge detected
License	:green_circle: 10	license file detected
Dangerous-Workflow	:green_circle: 10	no dangerous workflow patterns detected
Token-Permissions	:green_circle: 9	detected GitHub workflow tokens with excessive permissions
Branch-Protection	:warning: 0	branch protection not enabled on development/release branches
Signed-Releases	:warning: -1	no releases found
Binary-Artifacts	:green_circle: 10	no binaries found in the repo
Fuzzing	:warning: 0	project is not fuzzed
Pinned-Dependencies	:warning: 0	dependency not pinned by hash detected -- score normalized to 0
Packaging	:warning: -1	packaging workflow not detected
Vulnerabilities	:green_circle: 10	0 existing vulnerabilities detected
Security-Policy	:warning: 0	security policy file not detected
SAST	:warning: 0	SAST tool is not run on all commits -- score normalized to 0

pip/pulumi-aws

6.42.0

Unknown

pip/setuptools

^ 70.1.1

:green_circle: 6.4

Details

Check	Score	Reason
Code-Review	:green_circle: 8	Found 10/12 approved changesets -- score normalized to 8
Maintained	:green_circle: 10	30 commit(s) and 6 issue activity found in the last 90 days -- score normalized to 10
CII-Best-Practices	:warning: 0	no effort to earn an OpenSSF best practices badge detected
License	:green_circle: 10	license file detected
Signed-Releases	:warning: -1	no releases found
Packaging	:warning: -1	packaging workflow not detected
Dangerous-Workflow	:green_circle: 10	no dangerous workflow patterns detected
Token-Permissions	:green_circle: 10	GitHub workflow tokens follow principle of least privilege
Security-Policy	:green_circle: 10	security policy file detected
Branch-Protection	:warning: 0	branch protection not enabled on development/release branches
Binary-Artifacts	:warning: 0	binaries present in source code
Pinned-Dependencies	:warning: 0	dependency not pinned by hash detected -- score normalized to 0
Vulnerabilities	:green_circle: 10	0 existing vulnerabilities detected
Fuzzing	:green_circle: 10	project is fuzzed
SAST	:warning: 0	SAST tool is not run on all commits -- score normalized to 0

Scanned Manifest Files

poetry.lock

boto3-stubs@1.34.136
botocore@1.34.136
botocore-stubs@1.34.136
django-stubs-ext@4.2.7
pulumi-aws@6.42.1
setuptools@70.1.1
boto3-stubs@1.34.135
botocore@1.34.135
botocore-stubs@1.34.135
django-stubs-ext@5.0.2
pulumi-aws@6.42.0

pyproject.toml

setuptools@^ 70.1.1

TreyWW / MyFinances

added owner to all models #434

Description

Dependency Review

License Issues

poetry.lock

OpenSSF Scorecard

Scanned Manifest Files