Security Policy violation Security Scorecards

[allstar-app[bot]]

This issue was automatically created by Allstar.

Security Policy Violation Project is out of compliance with Security Scorecards policy

Rule Description This is a generic passthrough policy that runs the configured checks from Security Scorecards. Please see the Security Scorecards Documentation for more information on each check.

Results from policy: Code-Review : 0 out of last 3 changesets reviewed before merge -- score normalized to 0

---

:warning: There is an updated version of this policy result! Click here to see the latest update

---

This issue will auto resolve when the policy is in compliance.

Issue created by Allstar. See https://github.com/ossf/allstar/ for more information. For questions specific to the repository, please contact the owner or maintainer.

[allstar-app[bot]]

Updating issue after ping interval. See its status below.

---

Project is out of compliance with Security Scorecards policy

Rule Description This is a generic passthrough policy that runs the configured checks from Security Scorecards. Please see the Security Scorecards Documentation for more information on each check.

Results from policy: Code-Review : 0 out of last 3 changesets reviewed before merge -- score normalized to 0

[allstar-app[bot]]

Updating issue after ping interval. See its status below.

---

Project is out of compliance with Security Scorecards policy

Rule Description This is a generic passthrough policy that runs the configured checks from Security Scorecards. Please see the Security Scorecards Documentation for more information on each check.

Results from policy: Code-Review : 0 out of last 3 changesets reviewed before merge -- score normalized to 0

[allstar-app[bot]]

Updating issue after ping interval. See its status below.

---

Project is out of compliance with Security Scorecards policy

Rule Description This is a generic passthrough policy that runs the configured checks from Security Scorecards. Please see the Security Scorecards Documentation for more information on each check.

Results from policy: Code-Review : 0 out of last 3 changesets reviewed before merge -- score normalized to 0

[allstar-app[bot]]

The policy result has been updated.

---

Project is out of compliance with Security Scorecards policy

Rule Description This is a generic passthrough policy that runs the configured checks from Security Scorecards. Please see the Security Scorecards Documentation for more information on each check. The score was 0, and the passing threshold is 10. Results from policy: Code-Review : found 3 unreviewed changesets out of 3 -- score normalized to 0

• [0]:couldn't find approvals for revision: ee4156771cf3c3d3932197659e61beb2bd050730 platform: Unknown
• [0]:couldn't find approvals for revision: b4da28aa549d2ca2f3dea9b54908579dbfff4beb platform: Unknown
• [0]:couldn't find approvals for revision: b814aeb58924dc243438aa88df496759ffa54aae platform: Unknown

Results from policy: Dependency-Update-Tool : no update tool detected

• tool 'RenovateBot' is not used
• tool 'Dependabot' is not used
• tool 'PyUp' is not used
• tool 'Sonatype Lift' is not used

Results from policy: Pinned-Dependencies : dependency not pinned by hash detected -- score normalized to 0

• Dockerfile[1]:containerImage not pinned by hash
• Dockerfile[27]:downloadThenRun not pinned by hash
• Dockerfile[31]:downloadThenRun not pinned by hash
• Dockerfile[33]:npmCommand not pinned by hash
• Dockerfile[36]:downloadThenRun not pinned by hash
• [0]: 0 out of 1 containerImage dependencies pinned
• [0]: 0 out of 3 downloadThenRun dependencies pinned
• [0]: 0 out of 1 npmCommand dependencies pinned

Results from policy: SAST : no SAST tool detected

• [0]:no pull requests merged into dev branch
• [0]:CodeQL tool not detected

[allstar-app[bot]]

The policy result has been updated.

---

Project is out of compliance with Security Scorecards policy

Rule Description This is a generic passthrough policy that runs the configured checks from Security Scorecards. Please see the Security Scorecards Documentation for more information on each check. The score was 0, and the passing threshold is 10. Results from policy: Code-Review : found 3 unreviewed changesets out of 3 -- score normalized to 0

• [0]:couldn't find approvals for revision: ee4156771cf3c3d3932197659e61beb2bd050730 platform: Unknown
• [0]:couldn't find approvals for revision: b4da28aa549d2ca2f3dea9b54908579dbfff4beb platform: Unknown
• [0]:couldn't find approvals for revision: b814aeb58924dc243438aa88df496759ffa54aae platform: Unknown

Results from policy: Dependency-Update-Tool : no update tool detected

• tool 'RenovateBot' is not used
• tool 'Dependabot' is not used
• tool 'PyUp' is not used
• tool 'Sonatype Lift' is not used

Results from policy: Pinned-Dependencies : dependency not pinned by hash detected -- score normalized to 0

• Dockerfile[1]:containerImage not pinned by hash
• Dockerfile[27]:downloadThenRun not pinned by hash
• Dockerfile[31]:downloadThenRun not pinned by hash
• Dockerfile[33]:npmCommand not pinned by hash
• Dockerfile[36]:downloadThenRun not pinned by hash
• [0]: 0 out of 3 downloadThenRun dependencies pinned
• [0]: 0 out of 1 npmCommand dependencies pinned
• [0]: 0 out of 1 containerImage dependencies pinned

Results from policy: SAST : no SAST tool detected

• [0]:no pull requests merged into dev branch
• [0]:CodeQL tool not detected

[allstar-app[bot]]

The policy result has been updated.

---

Project is out of compliance with Security Scorecards policy

Rule Description This is a generic passthrough policy that runs the configured checks from Security Scorecards. Please see the Security Scorecards Documentation for more information on each check. The score was 0, and the passing threshold is 10. Results from policy: Code-Review : found 3 unreviewed changesets out of 3 -- score normalized to 0

• [0]:couldn't find approvals for revision: ee4156771cf3c3d3932197659e61beb2bd050730 platform: Unknown
• [0]:couldn't find approvals for revision: b4da28aa549d2ca2f3dea9b54908579dbfff4beb platform: Unknown
• [0]:couldn't find approvals for revision: b814aeb58924dc243438aa88df496759ffa54aae platform: Unknown

Results from policy: Dependency-Update-Tool : no update tool detected

• tool 'RenovateBot' is not used
• tool 'Dependabot' is not used
• tool 'PyUp' is not used
• tool 'Sonatype Lift' is not used

Results from policy: Pinned-Dependencies : dependency not pinned by hash detected -- score normalized to 0

• Dockerfile[1]:containerImage not pinned by hash
• Dockerfile[27]:downloadThenRun not pinned by hash
• Dockerfile[31]:downloadThenRun not pinned by hash
• Dockerfile[33]:npmCommand not pinned by hash
• Dockerfile[36]:downloadThenRun not pinned by hash
• [0]: 0 out of 1 containerImage dependencies pinned
• [0]: 0 out of 3 downloadThenRun dependencies pinned
• [0]: 0 out of 1 npmCommand dependencies pinned

Results from policy: SAST : no SAST tool detected

• [0]:no pull requests merged into dev branch
• [0]:CodeQL tool not detected

[allstar-app[bot]]

The policy result has been updated.

---

Project is out of compliance with Security Scorecards policy

Rule Description This is a generic passthrough policy that runs the configured checks from Security Scorecards. Please see the Security Scorecards Documentation for more information on each check. The score was 0, and the passing threshold is 10. Results from policy: Code-Review : found 3 unreviewed changesets out of 3 -- score normalized to 0

• [0]:couldn't find approvals for revision: ee4156771cf3c3d3932197659e61beb2bd050730 platform: Unknown
• [0]:couldn't find approvals for revision: b4da28aa549d2ca2f3dea9b54908579dbfff4beb platform: Unknown
• [0]:couldn't find approvals for revision: b814aeb58924dc243438aa88df496759ffa54aae platform: Unknown

Results from policy: Dependency-Update-Tool : no update tool detected

• tool 'RenovateBot' is not used
• tool 'Dependabot' is not used
• tool 'PyUp' is not used
• tool 'Sonatype Lift' is not used

Results from policy: Pinned-Dependencies : dependency not pinned by hash detected -- score normalized to 0

• Dockerfile[1]:containerImage not pinned by hash
• Dockerfile[27]:downloadThenRun not pinned by hash
• Dockerfile[31]:downloadThenRun not pinned by hash
• Dockerfile[33]:npmCommand not pinned by hash
• Dockerfile[36]:downloadThenRun not pinned by hash
• [0]: 0 out of 1 npmCommand dependencies pinned
• [0]: 0 out of 1 containerImage dependencies pinned
• [0]: 0 out of 3 downloadThenRun dependencies pinned

Results from policy: SAST : no SAST tool detected

• [0]:no pull requests merged into dev branch
• [0]:CodeQL tool not detected

[allstar-app[bot]]

The policy result has been updated.

---

Project is out of compliance with Security Scorecards policy

Rule Description This is a generic passthrough policy that runs the configured checks from Security Scorecards. Please see the Security Scorecards Documentation for more information on each check. The score was 0, and the passing threshold is 10. Results from policy: Code-Review : found 3 unreviewed changesets out of 3 -- score normalized to 0

• [0]:couldn't find approvals for revision: ee4156771cf3c3d3932197659e61beb2bd050730 platform: Unknown
• [0]:couldn't find approvals for revision: b4da28aa549d2ca2f3dea9b54908579dbfff4beb platform: Unknown
• [0]:couldn't find approvals for revision: b814aeb58924dc243438aa88df496759ffa54aae platform: Unknown

Results from policy: Dependency-Update-Tool : no update tool detected

• tool 'RenovateBot' is not used
• tool 'Dependabot' is not used
• tool 'PyUp' is not used
• tool 'Sonatype Lift' is not used

Results from policy: Pinned-Dependencies : dependency not pinned by hash detected -- score normalized to 0

• Dockerfile[1]:containerImage not pinned by hash
• Dockerfile[27]:downloadThenRun not pinned by hash
• Dockerfile[31]:downloadThenRun not pinned by hash
• Dockerfile[33]:npmCommand not pinned by hash
• Dockerfile[36]:downloadThenRun not pinned by hash
• [0]: 0 out of 3 downloadThenRun dependencies pinned
• [0]: 0 out of 1 npmCommand dependencies pinned
• [0]: 0 out of 1 containerImage dependencies pinned

Results from policy: SAST : no SAST tool detected

• [0]:no pull requests merged into dev branch
• [0]:CodeQL tool not detected

[allstar-app[bot]]

The policy result has been updated.

---

Project is out of compliance with Security Scorecards policy

Rule Description This is a generic passthrough policy that runs the configured checks from Security Scorecards. Please see the Security Scorecards Documentation for more information on each check. The score was 0, and the passing threshold is 10. Results from policy: Code-Review : found 3 unreviewed changesets out of 3 -- score normalized to 0

• [0]:couldn't find approvals for revision: ee4156771cf3c3d3932197659e61beb2bd050730 platform: Unknown
• [0]:couldn't find approvals for revision: b4da28aa549d2ca2f3dea9b54908579dbfff4beb platform: Unknown
• [0]:couldn't find approvals for revision: b814aeb58924dc243438aa88df496759ffa54aae platform: Unknown

Results from policy: Dependency-Update-Tool : no update tool detected

• tool 'RenovateBot' is not used
• tool 'Dependabot' is not used
• tool 'PyUp' is not used
• tool 'Sonatype Lift' is not used

Results from policy: Pinned-Dependencies : dependency not pinned by hash detected -- score normalized to 0

• Dockerfile[1]:containerImage not pinned by hash
• Dockerfile[27]:downloadThenRun not pinned by hash
• Dockerfile[31]:downloadThenRun not pinned by hash
• Dockerfile[33]:npmCommand not pinned by hash
• Dockerfile[36]:downloadThenRun not pinned by hash
• [0]: 0 out of 1 containerImage dependencies pinned
• [0]: 0 out of 3 downloadThenRun dependencies pinned
• [0]: 0 out of 1 npmCommand dependencies pinned

Results from policy: SAST : no SAST tool detected

• [0]:no pull requests merged into dev branch
• [0]:CodeQL tool not detected

[allstar-app[bot]]

The policy result has been updated.

---

Project is out of compliance with Security Scorecards policy

Rule Description This is a generic passthrough policy that runs the configured checks from Security Scorecards. Please see the Security Scorecards Documentation for more information on each check. The score was 0, and the passing threshold is 10. Results from policy: Code-Review : found 3 unreviewed changesets out of 3 -- score normalized to 0

• [0]:couldn't find approvals for revision: ee4156771cf3c3d3932197659e61beb2bd050730 platform: Unknown
• [0]:couldn't find approvals for revision: b4da28aa549d2ca2f3dea9b54908579dbfff4beb platform: Unknown
• [0]:couldn't find approvals for revision: b814aeb58924dc243438aa88df496759ffa54aae platform: Unknown

Results from policy: Dependency-Update-Tool : no update tool detected

• tool 'RenovateBot' is not used
• tool 'Dependabot' is not used
• tool 'PyUp' is not used
• tool 'Sonatype Lift' is not used

Results from policy: Pinned-Dependencies : dependency not pinned by hash detected -- score normalized to 0

• Dockerfile[1]:containerImage not pinned by hash
• Dockerfile[27]:downloadThenRun not pinned by hash
• Dockerfile[31]:downloadThenRun not pinned by hash
• Dockerfile[33]:npmCommand not pinned by hash
• Dockerfile[36]:downloadThenRun not pinned by hash
• [0]: 0 out of 3 downloadThenRun dependencies pinned
• [0]: 0 out of 1 npmCommand dependencies pinned
• [0]: 0 out of 1 containerImage dependencies pinned

Results from policy: SAST : no SAST tool detected

• [0]:no pull requests merged into dev branch
• [0]:CodeQL tool not detected

[allstar-app[bot]]

The policy result has been updated.

---

Project is out of compliance with Security Scorecards policy

Rule Description This is a generic passthrough policy that runs the configured checks from Security Scorecards. Please see the Security Scorecards Documentation for more information on each check. The score was 0, and the passing threshold is 10. Results from policy: Code-Review : found 3 unreviewed changesets out of 3 -- score normalized to 0

• [0]:couldn't find approvals for revision: ee4156771cf3c3d3932197659e61beb2bd050730 platform: Unknown
• [0]:couldn't find approvals for revision: b4da28aa549d2ca2f3dea9b54908579dbfff4beb platform: Unknown
• [0]:couldn't find approvals for revision: b814aeb58924dc243438aa88df496759ffa54aae platform: Unknown

Results from policy: Dependency-Update-Tool : no update tool detected

• tool 'RenovateBot' is not used
• tool 'Dependabot' is not used
• tool 'PyUp' is not used
• tool 'Sonatype Lift' is not used

Results from policy: Pinned-Dependencies : dependency not pinned by hash detected -- score normalized to 0

• Dockerfile[1]:containerImage not pinned by hash
• Dockerfile[27]:downloadThenRun not pinned by hash
• Dockerfile[31]:downloadThenRun not pinned by hash
• Dockerfile[33]:npmCommand not pinned by hash
• Dockerfile[36]:downloadThenRun not pinned by hash
• [0]: 0 out of 1 containerImage dependencies pinned
• [0]: 0 out of 3 downloadThenRun dependencies pinned
• [0]: 0 out of 1 npmCommand dependencies pinned

Results from policy: SAST : no SAST tool detected

• [0]:no pull requests merged into dev branch
• [0]:CodeQL tool not detected

[allstar-app[bot]]

The policy result has been updated.

---

Project is out of compliance with Security Scorecards policy

Rule Description This is a generic passthrough policy that runs the configured checks from Security Scorecards. Please see the Security Scorecards Documentation for more information on each check. The score was 0, and the passing threshold is 10. Results from policy: Code-Review : found 3 unreviewed changesets out of 3 -- score normalized to 0

• [0]:couldn't find approvals for revision: ee4156771cf3c3d3932197659e61beb2bd050730 platform: Unknown
• [0]:couldn't find approvals for revision: b4da28aa549d2ca2f3dea9b54908579dbfff4beb platform: Unknown
• [0]:couldn't find approvals for revision: b814aeb58924dc243438aa88df496759ffa54aae platform: Unknown

Results from policy: Dependency-Update-Tool : no update tool detected

• tool 'RenovateBot' is not used
• tool 'Dependabot' is not used
• tool 'PyUp' is not used
• tool 'Sonatype Lift' is not used

Results from policy: Pinned-Dependencies : dependency not pinned by hash detected -- score normalized to 0

• Dockerfile[1]:containerImage not pinned by hash
• Dockerfile[27]:downloadThenRun not pinned by hash
• Dockerfile[31]:downloadThenRun not pinned by hash
• Dockerfile[33]:npmCommand not pinned by hash
• Dockerfile[36]:downloadThenRun not pinned by hash
• [0]: 0 out of 3 downloadThenRun dependencies pinned
• [0]: 0 out of 1 npmCommand dependencies pinned
• [0]: 0 out of 1 containerImage dependencies pinned

Results from policy: SAST : no SAST tool detected

• [0]:no pull requests merged into dev branch
• [0]:CodeQL tool not detected

[allstar-app[bot]]

The policy result has been updated.

---

Project is out of compliance with Security Scorecards policy

Rule Description This is a generic passthrough policy that runs the configured checks from Security Scorecards. Please see the Security Scorecards Documentation for more information on each check. The score was 0, and the passing threshold is 10. Results from policy: Code-Review : found 3 unreviewed changesets out of 3 -- score normalized to 0

• [0]:couldn't find approvals for revision: ee4156771cf3c3d3932197659e61beb2bd050730 platform: Unknown
• [0]:couldn't find approvals for revision: b4da28aa549d2ca2f3dea9b54908579dbfff4beb platform: Unknown
• [0]:couldn't find approvals for revision: b814aeb58924dc243438aa88df496759ffa54aae platform: Unknown

Results from policy: Dependency-Update-Tool : no update tool detected

• tool 'RenovateBot' is not used
• tool 'Dependabot' is not used
• tool 'PyUp' is not used
• tool 'Sonatype Lift' is not used

Results from policy: Pinned-Dependencies : dependency not pinned by hash detected -- score normalized to 0

• Dockerfile[1]:containerImage not pinned by hash
• Dockerfile[27]:downloadThenRun not pinned by hash
• Dockerfile[31]:downloadThenRun not pinned by hash
• Dockerfile[33]:npmCommand not pinned by hash
• Dockerfile[36]:downloadThenRun not pinned by hash
• [0]: 0 out of 1 containerImage dependencies pinned
• [0]: 0 out of 3 downloadThenRun dependencies pinned
• [0]: 0 out of 1 npmCommand dependencies pinned

Results from policy: SAST : no SAST tool detected

• [0]:no pull requests merged into dev branch
• [0]:CodeQL tool not detected

[allstar-app[bot]]

The policy result has been updated.

---

Project is out of compliance with Security Scorecards policy

Rule Description This is a generic passthrough policy that runs the configured checks from Security Scorecards. Please see the Security Scorecards Documentation for more information on each check. The score was 0, and the passing threshold is 10. Results from policy: Code-Review : found 3 unreviewed changesets out of 3 -- score normalized to 0

• [0]:couldn't find approvals for revision: b4da28aa549d2ca2f3dea9b54908579dbfff4beb platform: Unknown
• [0]:couldn't find approvals for revision: b814aeb58924dc243438aa88df496759ffa54aae platform: Unknown
• [0]:couldn't find approvals for revision: ee4156771cf3c3d3932197659e61beb2bd050730 platform: Unknown

Results from policy: Dependency-Update-Tool : no update tool detected

• tool 'RenovateBot' is not used
• tool 'Dependabot' is not used
• tool 'PyUp' is not used
• tool 'Sonatype Lift' is not used

Results from policy: Pinned-Dependencies : dependency not pinned by hash detected -- score normalized to 0

• Dockerfile[1]:containerImage not pinned by hash
• Dockerfile[27]:downloadThenRun not pinned by hash
• Dockerfile[31]:downloadThenRun not pinned by hash
• Dockerfile[33]:npmCommand not pinned by hash
• Dockerfile[36]:downloadThenRun not pinned by hash
• [0]: 0 out of 1 containerImage dependencies pinned
• [0]: 0 out of 3 downloadThenRun dependencies pinned
• [0]: 0 out of 1 npmCommand dependencies pinned

Results from policy: SAST : no SAST tool detected

• [0]:no pull requests merged into dev branch
• [0]:CodeQL tool not detected

[allstar-app[bot]]

The policy result has been updated.

---

Project is out of compliance with Security Scorecards policy

Rule Description This is a generic passthrough policy that runs the configured checks from Security Scorecards. Please see the Security Scorecards Documentation for more information on each check. The score was 0, and the passing threshold is 10. Results from policy: Code-Review : found 3 unreviewed changesets out of 3 -- score normalized to 0

• [0]:couldn't find approvals for revision: ee4156771cf3c3d3932197659e61beb2bd050730 platform: Unknown
• [0]:couldn't find approvals for revision: b4da28aa549d2ca2f3dea9b54908579dbfff4beb platform: Unknown
• [0]:couldn't find approvals for revision: b814aeb58924dc243438aa88df496759ffa54aae platform: Unknown

Results from policy: Dependency-Update-Tool : no update tool detected

• tool 'RenovateBot' is not used
• tool 'Dependabot' is not used
• tool 'PyUp' is not used
• tool 'Sonatype Lift' is not used

Results from policy: Pinned-Dependencies : dependency not pinned by hash detected -- score normalized to 0

• Dockerfile[1]:containerImage not pinned by hash
• Dockerfile[27]:downloadThenRun not pinned by hash
• Dockerfile[31]:downloadThenRun not pinned by hash
• Dockerfile[33]:npmCommand not pinned by hash
• Dockerfile[36]:downloadThenRun not pinned by hash
• [0]: 0 out of 1 containerImage dependencies pinned
• [0]: 0 out of 3 downloadThenRun dependencies pinned
• [0]: 0 out of 1 npmCommand dependencies pinned

Results from policy: SAST : no SAST tool detected

• [0]:no pull requests merged into dev branch
• [0]:CodeQL tool not detected

[allstar-app[bot]]

The policy result has been updated.

---

Project is out of compliance with Security Scorecards policy

Rule Description This is a generic passthrough policy that runs the configured checks from Security Scorecards. Please see the Security Scorecards Documentation for more information on each check. The score was 0, and the passing threshold is 10. Results from policy: Code-Review : found 3 unreviewed changesets out of 3 -- score normalized to 0

• [0]:couldn't find approvals for revision: b4da28aa549d2ca2f3dea9b54908579dbfff4beb platform: Unknown
• [0]:couldn't find approvals for revision: b814aeb58924dc243438aa88df496759ffa54aae platform: Unknown
• [0]:couldn't find approvals for revision: ee4156771cf3c3d3932197659e61beb2bd050730 platform: Unknown

Results from policy: Dependency-Update-Tool : no update tool detected

• tool 'RenovateBot' is not used
• tool 'Dependabot' is not used
• tool 'PyUp' is not used
• tool 'Sonatype Lift' is not used

Results from policy: Pinned-Dependencies : dependency not pinned by hash detected -- score normalized to 0

• Dockerfile[1]:containerImage not pinned by hash
• Dockerfile[27]:downloadThenRun not pinned by hash
• Dockerfile[31]:downloadThenRun not pinned by hash
• Dockerfile[33]:npmCommand not pinned by hash
• Dockerfile[36]:downloadThenRun not pinned by hash
• [0]: 0 out of 1 containerImage dependencies pinned
• [0]: 0 out of 3 downloadThenRun dependencies pinned
• [0]: 0 out of 1 npmCommand dependencies pinned

Results from policy: SAST : no SAST tool detected

• [0]:no pull requests merged into dev branch
• [0]:CodeQL tool not detected

[allstar-app[bot]]

The policy result has been updated.

---

Project is out of compliance with Security Scorecards policy

Rule Description This is a generic passthrough policy that runs the configured checks from Security Scorecards. Please see the Security Scorecards Documentation for more information on each check. The score was 0, and the passing threshold is 10. Results from policy: Code-Review : found 3 unreviewed changesets out of 3 -- score normalized to 0

• [0]:couldn't find approvals for revision: ee4156771cf3c3d3932197659e61beb2bd050730 platform: Unknown
• [0]:couldn't find approvals for revision: b4da28aa549d2ca2f3dea9b54908579dbfff4beb platform: Unknown
• [0]:couldn't find approvals for revision: b814aeb58924dc243438aa88df496759ffa54aae platform: Unknown

Results from policy: Dependency-Update-Tool : no update tool detected

• tool 'RenovateBot' is not used
• tool 'Dependabot' is not used
• tool 'PyUp' is not used
• tool 'Sonatype Lift' is not used

Results from policy: Pinned-Dependencies : dependency not pinned by hash detected -- score normalized to 0

• Dockerfile[1]:containerImage not pinned by hash
• Dockerfile[27]:downloadThenRun not pinned by hash
• Dockerfile[31]:downloadThenRun not pinned by hash
• Dockerfile[33]:npmCommand not pinned by hash
• Dockerfile[36]:downloadThenRun not pinned by hash
• [0]: 0 out of 1 containerImage dependencies pinned
• [0]: 0 out of 3 downloadThenRun dependencies pinned
• [0]: 0 out of 1 npmCommand dependencies pinned

Results from policy: SAST : no SAST tool detected

• [0]:no pull requests merged into dev branch
• [0]:CodeQL tool not detected

[allstar-app[bot]]

The policy result has been updated.

---

Project is out of compliance with Security Scorecards policy

Rule Description This is a generic passthrough policy that runs the configured checks from Security Scorecards. Please see the Security Scorecards Documentation for more information on each check. The score was 0, and the passing threshold is 10. Results from policy: Code-Review : found 3 unreviewed changesets out of 3 -- score normalized to 0

• [0]:couldn't find approvals for revision: ee4156771cf3c3d3932197659e61beb2bd050730 platform: Unknown
• [0]:couldn't find approvals for revision: b4da28aa549d2ca2f3dea9b54908579dbfff4beb platform: Unknown
• [0]:couldn't find approvals for revision: b814aeb58924dc243438aa88df496759ffa54aae platform: Unknown

Results from policy: Dependency-Update-Tool : no update tool detected

• tool 'RenovateBot' is not used
• tool 'Dependabot' is not used
• tool 'PyUp' is not used
• tool 'Sonatype Lift' is not used

Results from policy: Pinned-Dependencies : dependency not pinned by hash detected -- score normalized to 0

• Dockerfile[1]:containerImage not pinned by hash
• Dockerfile[27]:downloadThenRun not pinned by hash
• Dockerfile[31]:downloadThenRun not pinned by hash
• Dockerfile[33]:npmCommand not pinned by hash
• Dockerfile[36]:downloadThenRun not pinned by hash
• [0]: 0 out of 3 downloadThenRun dependencies pinned
• [0]: 0 out of 1 npmCommand dependencies pinned
• [0]: 0 out of 1 containerImage dependencies pinned

Results from policy: SAST : no SAST tool detected

• [0]:no pull requests merged into dev branch
• [0]:CodeQL tool not detected

[allstar-app[bot]]

The policy result has been updated.

---

Project is out of compliance with Security Scorecards policy

Rule Description This is a generic passthrough policy that runs the configured checks from Security Scorecards. Please see the Security Scorecards Documentation for more information on each check. The score was 0, and the passing threshold is 10. Results from policy: Code-Review : found 3 unreviewed changesets out of 3 -- score normalized to 0

• [0]:couldn't find approvals for revision: ee4156771cf3c3d3932197659e61beb2bd050730 platform: Unknown
• [0]:couldn't find approvals for revision: b4da28aa549d2ca2f3dea9b54908579dbfff4beb platform: Unknown
• [0]:couldn't find approvals for revision: b814aeb58924dc243438aa88df496759ffa54aae platform: Unknown

Results from policy: Dependency-Update-Tool : no update tool detected

• tool 'RenovateBot' is not used
• tool 'Dependabot' is not used
• tool 'PyUp' is not used
• tool 'Sonatype Lift' is not used

Results from policy: Pinned-Dependencies : dependency not pinned by hash detected -- score normalized to 0

• Dockerfile[1]:containerImage not pinned by hash
• Dockerfile[27]:downloadThenRun not pinned by hash
• Dockerfile[31]:downloadThenRun not pinned by hash
• Dockerfile[33]:npmCommand not pinned by hash
• Dockerfile[36]:downloadThenRun not pinned by hash
• [0]: 0 out of 1 containerImage dependencies pinned
• [0]: 0 out of 3 downloadThenRun dependencies pinned
• [0]: 0 out of 1 npmCommand dependencies pinned

Results from policy: SAST : no SAST tool detected

• [0]:no pull requests merged into dev branch
• [0]:CodeQL tool not detected

[allstar-app[bot]]

The policy result has been updated.

---

Project is out of compliance with Security Scorecards policy

Rule Description This is a generic passthrough policy that runs the configured checks from Security Scorecards. Please see the Security Scorecards Documentation for more information on each check. The score was 0, and the passing threshold is 10. Results from policy: Code-Review : found 3 unreviewed changesets out of 3 -- score normalized to 0

• [0]:couldn't find approvals for revision: b4da28aa549d2ca2f3dea9b54908579dbfff4beb platform: Unknown
• [0]:couldn't find approvals for revision: b814aeb58924dc243438aa88df496759ffa54aae platform: Unknown
• [0]:couldn't find approvals for revision: ee4156771cf3c3d3932197659e61beb2bd050730 platform: Unknown

Results from policy: Dependency-Update-Tool : no update tool detected

• tool 'RenovateBot' is not used
• tool 'Dependabot' is not used
• tool 'PyUp' is not used
• tool 'Sonatype Lift' is not used

Results from policy: Pinned-Dependencies : dependency not pinned by hash detected -- score normalized to 0

• Dockerfile[1]:containerImage not pinned by hash
• Dockerfile[27]:downloadThenRun not pinned by hash
• Dockerfile[31]:downloadThenRun not pinned by hash
• Dockerfile[33]:npmCommand not pinned by hash
• Dockerfile[36]:downloadThenRun not pinned by hash
• [0]: 0 out of 3 downloadThenRun dependencies pinned
• [0]: 0 out of 1 npmCommand dependencies pinned
• [0]: 0 out of 1 containerImage dependencies pinned

Results from policy: SAST : no SAST tool detected

• [0]:no pull requests merged into dev branch
• [0]:CodeQL tool not detected

[allstar-app[bot]]

The policy result has been updated.

---

Project is out of compliance with Security Scorecards policy

Rule Description This is a generic passthrough policy that runs the configured checks from Security Scorecards. Please see the Security Scorecards Documentation for more information on each check. The score was 0, and the passing threshold is 10. Results from policy: Code-Review : found 3 unreviewed changesets out of 3 -- score normalized to 0

• [0]:couldn't find approvals for revision: ee4156771cf3c3d3932197659e61beb2bd050730 platform: Unknown
• [0]:couldn't find approvals for revision: b4da28aa549d2ca2f3dea9b54908579dbfff4beb platform: Unknown
• [0]:couldn't find approvals for revision: b814aeb58924dc243438aa88df496759ffa54aae platform: Unknown

Results from policy: Dependency-Update-Tool : no update tool detected

• tool 'RenovateBot' is not used
• tool 'Dependabot' is not used
• tool 'PyUp' is not used
• tool 'Sonatype Lift' is not used

Results from policy: Pinned-Dependencies : dependency not pinned by hash detected -- score normalized to 0

• Dockerfile[1]:containerImage not pinned by hash
• Dockerfile[27]:downloadThenRun not pinned by hash
• Dockerfile[31]:downloadThenRun not pinned by hash
• Dockerfile[33]:npmCommand not pinned by hash
• Dockerfile[36]:downloadThenRun not pinned by hash
• [0]: 0 out of 1 containerImage dependencies pinned
• [0]: 0 out of 3 downloadThenRun dependencies pinned
• [0]: 0 out of 1 npmCommand dependencies pinned

Results from policy: SAST : no SAST tool detected

• [0]:no pull requests merged into dev branch
• [0]:CodeQL tool not detected

[allstar-app[bot]]

The policy result has been updated.

---

Project is out of compliance with Security Scorecards policy

Rule Description This is a generic passthrough policy that runs the configured checks from Security Scorecards. Please see the Security Scorecards Documentation for more information on each check. The score was 0, and the passing threshold is 10. Results from policy: Code-Review : found 3 unreviewed changesets out of 3 -- score normalized to 0

• [0]:couldn't find approvals for revision: ee4156771cf3c3d3932197659e61beb2bd050730 platform: Unknown
• [0]:couldn't find approvals for revision: b4da28aa549d2ca2f3dea9b54908579dbfff4beb platform: Unknown
• [0]:couldn't find approvals for revision: b814aeb58924dc243438aa88df496759ffa54aae platform: Unknown

Results from policy: Dependency-Update-Tool : no update tool detected

• tool 'RenovateBot' is not used
• tool 'Dependabot' is not used
• tool 'PyUp' is not used
• tool 'Sonatype Lift' is not used

Results from policy: Pinned-Dependencies : dependency not pinned by hash detected -- score normalized to 0

• Dockerfile[1]:containerImage not pinned by hash
• Dockerfile[27]:downloadThenRun not pinned by hash
• Dockerfile[31]:downloadThenRun not pinned by hash
• Dockerfile[33]:npmCommand not pinned by hash
• Dockerfile[36]:downloadThenRun not pinned by hash
• [0]: 0 out of 3 downloadThenRun dependencies pinned
• [0]: 0 out of 1 npmCommand dependencies pinned
• [0]: 0 out of 1 containerImage dependencies pinned

Results from policy: SAST : no SAST tool detected

• [0]:no pull requests merged into dev branch
• [0]:CodeQL tool not detected

[allstar-app[bot]]

The policy result has been updated.

---

Project is out of compliance with Security Scorecards policy

Rule Description This is a generic passthrough policy that runs the configured checks from Security Scorecards. Please see the Security Scorecards Documentation for more information on each check. The score was 0, and the passing threshold is 10. Results from policy: Code-Review : found 3 unreviewed changesets out of 3 -- score normalized to 0

• [0]:couldn't find approvals for revision: ee4156771cf3c3d3932197659e61beb2bd050730 platform: Unknown
• [0]:couldn't find approvals for revision: b4da28aa549d2ca2f3dea9b54908579dbfff4beb platform: Unknown
• [0]:couldn't find approvals for revision: b814aeb58924dc243438aa88df496759ffa54aae platform: Unknown

Results from policy: Dependency-Update-Tool : no update tool detected

• tool 'RenovateBot' is not used
• tool 'Dependabot' is not used
• tool 'PyUp' is not used
• tool 'Sonatype Lift' is not used

Results from policy: Pinned-Dependencies : dependency not pinned by hash detected -- score normalized to 0

• Dockerfile[1]:containerImage not pinned by hash
• Dockerfile[27]:downloadThenRun not pinned by hash
• Dockerfile[31]:downloadThenRun not pinned by hash
• Dockerfile[33]:npmCommand not pinned by hash
• Dockerfile[36]:downloadThenRun not pinned by hash
• [0]: 0 out of 1 containerImage dependencies pinned
• [0]: 0 out of 3 downloadThenRun dependencies pinned
• [0]: 0 out of 1 npmCommand dependencies pinned

Results from policy: SAST : no SAST tool detected

• [0]:no pull requests merged into dev branch
• [0]:CodeQL tool not detected

[allstar-app[bot]]

The policy result has been updated.

---

Project is out of compliance with Security Scorecards policy

Rule Description This is a generic passthrough policy that runs the configured checks from Security Scorecards. Please see the Security Scorecards Documentation for more information on each check. The score was 0, and the passing threshold is 10. Results from policy: Code-Review : found 3 unreviewed changesets out of 3 -- score normalized to 0

• [0]:couldn't find approvals for revision: b4da28aa549d2ca2f3dea9b54908579dbfff4beb platform: Unknown
• [0]:couldn't find approvals for revision: b814aeb58924dc243438aa88df496759ffa54aae platform: Unknown
• [0]:couldn't find approvals for revision: ee4156771cf3c3d3932197659e61beb2bd050730 platform: Unknown

Results from policy: Dependency-Update-Tool : no update tool detected

• tool 'RenovateBot' is not used
• tool 'Dependabot' is not used
• tool 'PyUp' is not used
• tool 'Sonatype Lift' is not used

Results from policy: Pinned-Dependencies : dependency not pinned by hash detected -- score normalized to 0

• Dockerfile[1]:containerImage not pinned by hash
• Dockerfile[27]:downloadThenRun not pinned by hash
• Dockerfile[31]:downloadThenRun not pinned by hash
• Dockerfile[33]:npmCommand not pinned by hash
• Dockerfile[36]:downloadThenRun not pinned by hash
• [0]: 0 out of 1 containerImage dependencies pinned
• [0]: 0 out of 3 downloadThenRun dependencies pinned
• [0]: 0 out of 1 npmCommand dependencies pinned

Results from policy: SAST : no SAST tool detected

• [0]:no pull requests merged into dev branch
• [0]:CodeQL tool not detected

[allstar-app[bot]]

The policy result has been updated.

---

Project is out of compliance with Security Scorecards policy

Rule Description This is a generic passthrough policy that runs the configured checks from Security Scorecards. Please see the Security Scorecards Documentation for more information on each check. The score was 0, and the passing threshold is 10. Results from policy: Code-Review : found 3 unreviewed changesets out of 3 -- score normalized to 0

• [0]:couldn't find approvals for revision: ee4156771cf3c3d3932197659e61beb2bd050730 platform: Unknown
• [0]:couldn't find approvals for revision: b4da28aa549d2ca2f3dea9b54908579dbfff4beb platform: Unknown
• [0]:couldn't find approvals for revision: b814aeb58924dc243438aa88df496759ffa54aae platform: Unknown

Results from policy: Dependency-Update-Tool : no update tool detected

• tool 'RenovateBot' is not used
• tool 'Dependabot' is not used
• tool 'PyUp' is not used
• tool 'Sonatype Lift' is not used

Results from policy: Pinned-Dependencies : dependency not pinned by hash detected -- score normalized to 0

• Dockerfile[1]:containerImage not pinned by hash
• Dockerfile[27]:downloadThenRun not pinned by hash
• Dockerfile[31]:downloadThenRun not pinned by hash
• Dockerfile[33]:npmCommand not pinned by hash
• Dockerfile[36]:downloadThenRun not pinned by hash
• [0]: 0 out of 1 containerImage dependencies pinned
• [0]: 0 out of 3 downloadThenRun dependencies pinned
• [0]: 0 out of 1 npmCommand dependencies pinned

Results from policy: SAST : no SAST tool detected

• [0]:no pull requests merged into dev branch
• [0]:CodeQL tool not detected

[allstar-app[bot]]

The policy result has been updated.

---

Project is out of compliance with Security Scorecards policy

Rule Description This is a generic passthrough policy that runs the configured checks from Security Scorecards. Please see the Security Scorecards Documentation for more information on each check. The score was 0, and the passing threshold is 10. Results from policy: Code-Review : found 3 unreviewed changesets out of 3 -- score normalized to 0

• [0]:couldn't find approvals for revision: ee4156771cf3c3d3932197659e61beb2bd050730 platform: Unknown
• [0]:couldn't find approvals for revision: b4da28aa549d2ca2f3dea9b54908579dbfff4beb platform: Unknown
• [0]:couldn't find approvals for revision: b814aeb58924dc243438aa88df496759ffa54aae platform: Unknown

Results from policy: Dependency-Update-Tool : no update tool detected

• tool 'RenovateBot' is not used
• tool 'Dependabot' is not used
• tool 'PyUp' is not used
• tool 'Sonatype Lift' is not used

Results from policy: Pinned-Dependencies : dependency not pinned by hash detected -- score normalized to 0

• Dockerfile[1]:containerImage not pinned by hash
• Dockerfile[27]:downloadThenRun not pinned by hash
• Dockerfile[31]:downloadThenRun not pinned by hash
• Dockerfile[33]:npmCommand not pinned by hash
• Dockerfile[36]:downloadThenRun not pinned by hash
• [0]: 0 out of 3 downloadThenRun dependencies pinned
• [0]: 0 out of 1 npmCommand dependencies pinned
• [0]: 0 out of 1 containerImage dependencies pinned

Results from policy: SAST : no SAST tool detected

• [0]:no pull requests merged into dev branch
• [0]:CodeQL tool not detected

[allstar-app[bot]]

The policy result has been updated.

---

Project is out of compliance with Security Scorecards policy

Rule Description This is a generic passthrough policy that runs the configured checks from Security Scorecards. Please see the Security Scorecards Documentation for more information on each check. The score was 0, and the passing threshold is 10. Results from policy: Code-Review : found 3 unreviewed changesets out of 3 -- score normalized to 0

• [0]:couldn't find approvals for revision: b4da28aa549d2ca2f3dea9b54908579dbfff4beb platform: Unknown
• [0]:couldn't find approvals for revision: b814aeb58924dc243438aa88df496759ffa54aae platform: Unknown
• [0]:couldn't find approvals for revision: ee4156771cf3c3d3932197659e61beb2bd050730 platform: Unknown

Results from policy: Dependency-Update-Tool : no update tool detected

• tool 'RenovateBot' is not used
• tool 'Dependabot' is not used
• tool 'PyUp' is not used
• tool 'Sonatype Lift' is not used

Results from policy: Pinned-Dependencies : dependency not pinned by hash detected -- score normalized to 0

• Dockerfile[1]:containerImage not pinned by hash
• Dockerfile[27]:downloadThenRun not pinned by hash
• Dockerfile[31]:downloadThenRun not pinned by hash
• Dockerfile[33]:npmCommand not pinned by hash
• Dockerfile[36]:downloadThenRun not pinned by hash
• [0]: 0 out of 1 containerImage dependencies pinned
• [0]: 0 out of 3 downloadThenRun dependencies pinned
• [0]: 0 out of 1 npmCommand dependencies pinned

Results from policy: SAST : no SAST tool detected

• [0]:no pull requests merged into dev branch
• [0]:CodeQL tool not detected

[allstar-app[bot]]

The policy result has been updated.

---

Project is out of compliance with Security Scorecards policy

Rule Description This is a generic passthrough policy that runs the configured checks from Security Scorecards. Please see the Security Scorecards Documentation for more information on each check. The score was 0, and the passing threshold is 10. Results from policy: Code-Review : found 3 unreviewed changesets out of 3 -- score normalized to 0

• [0]:couldn't find approvals for revision: ee4156771cf3c3d3932197659e61beb2bd050730 platform: Unknown
• [0]:couldn't find approvals for revision: b4da28aa549d2ca2f3dea9b54908579dbfff4beb platform: Unknown
• [0]:couldn't find approvals for revision: b814aeb58924dc243438aa88df496759ffa54aae platform: Unknown

Results from policy: Dependency-Update-Tool : no update tool detected

• tool 'RenovateBot' is not used
• tool 'Dependabot' is not used
• tool 'PyUp' is not used
• tool 'Sonatype Lift' is not used

Results from policy: Pinned-Dependencies : dependency not pinned by hash detected -- score normalized to 0

• Dockerfile[1]:containerImage not pinned by hash
• Dockerfile[27]:downloadThenRun not pinned by hash
• Dockerfile[31]:downloadThenRun not pinned by hash
• Dockerfile[33]:npmCommand not pinned by hash
• Dockerfile[36]:downloadThenRun not pinned by hash
• [0]: 0 out of 1 containerImage dependencies pinned
• [0]: 0 out of 3 downloadThenRun dependencies pinned
• [0]: 0 out of 1 npmCommand dependencies pinned

Results from policy: SAST : no SAST tool detected

• [0]:no pull requests merged into dev branch
• [0]:CodeQL tool not detected

[allstar-app[bot]]

The policy result has been updated.

---

Project is out of compliance with Security Scorecards policy

Rule Description This is a generic passthrough policy that runs the configured checks from Security Scorecards. Please see the Security Scorecards Documentation for more information on each check. The score was 0, and the passing threshold is 10. Results from policy: Code-Review : found 3 unreviewed changesets out of 3 -- score normalized to 0

• [0]:couldn't find approvals for revision: b4da28aa549d2ca2f3dea9b54908579dbfff4beb platform: Unknown
• [0]:couldn't find approvals for revision: b814aeb58924dc243438aa88df496759ffa54aae platform: Unknown
• [0]:couldn't find approvals for revision: ee4156771cf3c3d3932197659e61beb2bd050730 platform: Unknown

Results from policy: Dependency-Update-Tool : no update tool detected

• tool 'RenovateBot' is not used
• tool 'Dependabot' is not used
• tool 'PyUp' is not used
• tool 'Sonatype Lift' is not used

Results from policy: Pinned-Dependencies : dependency not pinned by hash detected -- score normalized to 0

• Dockerfile[1]:containerImage not pinned by hash
• Dockerfile[27]:downloadThenRun not pinned by hash
• Dockerfile[31]:downloadThenRun not pinned by hash
• Dockerfile[33]:npmCommand not pinned by hash
• Dockerfile[36]:downloadThenRun not pinned by hash
• [0]: 0 out of 3 downloadThenRun dependencies pinned
• [0]: 0 out of 1 npmCommand dependencies pinned
• [0]: 0 out of 1 containerImage dependencies pinned

Results from policy: SAST : no SAST tool detected

• [0]:no pull requests merged into dev branch
• [0]:CodeQL tool not detected

[allstar-app[bot]]

The policy result has been updated.

---

Project is out of compliance with Security Scorecards policy

Rule Description This is a generic passthrough policy that runs the configured checks from Security Scorecards. Please see the Security Scorecards Documentation for more information on each check. The score was 0, and the passing threshold is 10. Results from policy: Code-Review : found 3 unreviewed changesets out of 3 -- score normalized to 0

• [0]:couldn't find approvals for revision: ee4156771cf3c3d3932197659e61beb2bd050730 platform: Unknown
• [0]:couldn't find approvals for revision: b4da28aa549d2ca2f3dea9b54908579dbfff4beb platform: Unknown
• [0]:couldn't find approvals for revision: b814aeb58924dc243438aa88df496759ffa54aae platform: Unknown

Results from policy: Dependency-Update-Tool : no update tool detected

• tool 'RenovateBot' is not used
• tool 'Dependabot' is not used
• tool 'PyUp' is not used
• tool 'Sonatype Lift' is not used

Results from policy: Pinned-Dependencies : dependency not pinned by hash detected -- score normalized to 0

• Dockerfile[1]:containerImage not pinned by hash
• Dockerfile[27]:downloadThenRun not pinned by hash
• Dockerfile[31]:downloadThenRun not pinned by hash
• Dockerfile[33]:npmCommand not pinned by hash
• Dockerfile[36]:downloadThenRun not pinned by hash
• [0]: 0 out of 1 containerImage dependencies pinned
• [0]: 0 out of 3 downloadThenRun dependencies pinned
• [0]: 0 out of 1 npmCommand dependencies pinned

Results from policy: SAST : no SAST tool detected

• [0]:no pull requests merged into dev branch
• [0]:CodeQL tool not detected

[allstar-app[bot]]

The policy result has been updated.

---

Project is out of compliance with Security Scorecards policy

Rule Description This is a generic passthrough policy that runs the configured checks from Security Scorecards. Please see the Security Scorecards Documentation for more information on each check. The score was 0, and the passing threshold is 10. Results from policy: Code-Review : found 3 unreviewed changesets out of 3 -- score normalized to 0

• [0]:couldn't find approvals for revision: b4da28aa549d2ca2f3dea9b54908579dbfff4beb platform: Unknown
• [0]:couldn't find approvals for revision: b814aeb58924dc243438aa88df496759ffa54aae platform: Unknown
• [0]:couldn't find approvals for revision: ee4156771cf3c3d3932197659e61beb2bd050730 platform: Unknown

Results from policy: Dependency-Update-Tool : no update tool detected

• tool 'RenovateBot' is not used
• tool 'Dependabot' is not used
• tool 'PyUp' is not used
• tool 'Sonatype Lift' is not used

Results from policy: Pinned-Dependencies : dependency not pinned by hash detected -- score normalized to 0

• Dockerfile[1]:containerImage not pinned by hash
• Dockerfile[27]:downloadThenRun not pinned by hash
• Dockerfile[31]:downloadThenRun not pinned by hash
• Dockerfile[33]:npmCommand not pinned by hash
• Dockerfile[36]:downloadThenRun not pinned by hash
• [0]: 0 out of 1 containerImage dependencies pinned
• [0]: 0 out of 3 downloadThenRun dependencies pinned
• [0]: 0 out of 1 npmCommand dependencies pinned

Results from policy: SAST : no SAST tool detected

• [0]:no pull requests merged into dev branch
• [0]:CodeQL tool not detected

[allstar-app[bot]]

The policy result has been updated.

---

Project is out of compliance with Security Scorecards policy

Rule Description This is a generic passthrough policy that runs the configured checks from Security Scorecards. Please see the Security Scorecards Documentation for more information on each check. The score was 0, and the passing threshold is 10. Results from policy: Code-Review : found 3 unreviewed changesets out of 3 -- score normalized to 0

• [0]:couldn't find approvals for revision: ee4156771cf3c3d3932197659e61beb2bd050730 platform: Unknown
• [0]:couldn't find approvals for revision: b4da28aa549d2ca2f3dea9b54908579dbfff4beb platform: Unknown
• [0]:couldn't find approvals for revision: b814aeb58924dc243438aa88df496759ffa54aae platform: Unknown

Results from policy: Dependency-Update-Tool : no update tool detected

• tool 'RenovateBot' is not used
• tool 'Dependabot' is not used
• tool 'PyUp' is not used
• tool 'Sonatype Lift' is not used

Results from policy: Pinned-Dependencies : dependency not pinned by hash detected -- score normalized to 0

• Dockerfile[1]:containerImage not pinned by hash
• Dockerfile[27]:downloadThenRun not pinned by hash
• Dockerfile[31]:downloadThenRun not pinned by hash
• Dockerfile[33]:npmCommand not pinned by hash
• Dockerfile[36]:downloadThenRun not pinned by hash
• [0]: 0 out of 1 containerImage dependencies pinned
• [0]: 0 out of 3 downloadThenRun dependencies pinned
• [0]: 0 out of 1 npmCommand dependencies pinned

Results from policy: SAST : no SAST tool detected

• [0]:no pull requests merged into dev branch
• [0]:CodeQL tool not detected

[allstar-app[bot]]

The policy result has been updated.

---

Project is out of compliance with Security Scorecards policy

Rule Description This is a generic passthrough policy that runs the configured checks from Security Scorecards. Please see the Security Scorecards Documentation for more information on each check. The score was 0, and the passing threshold is 10. Results from policy: Code-Review : found 3 unreviewed changesets out of 3 -- score normalized to 0

• [0]:couldn't find approvals for revision: ee4156771cf3c3d3932197659e61beb2bd050730 platform: Unknown
• [0]:couldn't find approvals for revision: b4da28aa549d2ca2f3dea9b54908579dbfff4beb platform: Unknown
• [0]:couldn't find approvals for revision: b814aeb58924dc243438aa88df496759ffa54aae platform: Unknown

Results from policy: Dependency-Update-Tool : no update tool detected

• tool 'RenovateBot' is not used
• tool 'Dependabot' is not used
• tool 'PyUp' is not used
• tool 'Sonatype Lift' is not used

Results from policy: Pinned-Dependencies : dependency not pinned by hash detected -- score normalized to 0

• Dockerfile[1]:containerImage not pinned by hash
• Dockerfile[27]:downloadThenRun not pinned by hash
• Dockerfile[31]:downloadThenRun not pinned by hash
• Dockerfile[33]:npmCommand not pinned by hash
• Dockerfile[36]:downloadThenRun not pinned by hash
• [0]: 0 out of 1 npmCommand dependencies pinned
• [0]: 0 out of 1 containerImage dependencies pinned
• [0]: 0 out of 3 downloadThenRun dependencies pinned

Results from policy: SAST : no SAST tool detected

• [0]:no pull requests merged into dev branch
• [0]:CodeQL tool not detected

[allstar-app[bot]]

The policy result has been updated.

---

Project is out of compliance with Security Scorecards policy

Rule Description This is a generic passthrough policy that runs the configured checks from Security Scorecards. Please see the Security Scorecards Documentation for more information on each check. The score was 0, and the passing threshold is 10. Results from policy: Code-Review : found 3 unreviewed changesets out of 3 -- score normalized to 0

• [0]:couldn't find approvals for revision: ee4156771cf3c3d3932197659e61beb2bd050730 platform: Unknown
• [0]:couldn't find approvals for revision: b4da28aa549d2ca2f3dea9b54908579dbfff4beb platform: Unknown
• [0]:couldn't find approvals for revision: b814aeb58924dc243438aa88df496759ffa54aae platform: Unknown

Results from policy: Dependency-Update-Tool : no update tool detected

• tool 'RenovateBot' is not used
• tool 'Dependabot' is not used
• tool 'PyUp' is not used
• tool 'Sonatype Lift' is not used

Results from policy: Pinned-Dependencies : dependency not pinned by hash detected -- score normalized to 0

• Dockerfile[1]:containerImage not pinned by hash
• Dockerfile[27]:downloadThenRun not pinned by hash
• Dockerfile[31]:downloadThenRun not pinned by hash
• Dockerfile[33]:npmCommand not pinned by hash
• Dockerfile[36]:downloadThenRun not pinned by hash
• [0]: 0 out of 1 containerImage dependencies pinned
• [0]: 0 out of 3 downloadThenRun dependencies pinned
• [0]: 0 out of 1 npmCommand dependencies pinned

Results from policy: SAST : no SAST tool detected

• [0]:no pull requests merged into dev branch
• [0]:CodeQL tool not detected

[allstar-app[bot]]

The policy result has been updated.

---

Project is out of compliance with Security Scorecards policy

Rule Description This is a generic passthrough policy that runs the configured checks from Security Scorecards. Please see the Security Scorecards Documentation for more information on each check. The score was 0, and the passing threshold is 10. Results from policy: Code-Review : found 3 unreviewed changesets out of 3 -- score normalized to 0

• [0]:couldn't find approvals for revision: ee4156771cf3c3d3932197659e61beb2bd050730 platform: Unknown
• [0]:couldn't find approvals for revision: b4da28aa549d2ca2f3dea9b54908579dbfff4beb platform: Unknown
• [0]:couldn't find approvals for revision: b814aeb58924dc243438aa88df496759ffa54aae platform: Unknown

Results from policy: Dependency-Update-Tool : no update tool detected

• tool 'RenovateBot' is not used
• tool 'Dependabot' is not used
• tool 'PyUp' is not used
• tool 'Sonatype Lift' is not used

Results from policy: Pinned-Dependencies : dependency not pinned by hash detected -- score normalized to 0

• Dockerfile[1]:containerImage not pinned by hash
• Dockerfile[27]:downloadThenRun not pinned by hash
• Dockerfile[31]:downloadThenRun not pinned by hash
• Dockerfile[33]:npmCommand not pinned by hash
• Dockerfile[36]:downloadThenRun not pinned by hash
• [0]: 0 out of 3 downloadThenRun dependencies pinned
• [0]: 0 out of 1 npmCommand dependencies pinned
• [0]: 0 out of 1 containerImage dependencies pinned

Results from policy: SAST : no SAST tool detected

• [0]:no pull requests merged into dev branch
• [0]:CodeQL tool not detected

[allstar-app[bot]]

The policy result has been updated.

---

Project is out of compliance with Security Scorecards policy

Rule Description This is a generic passthrough policy that runs the configured checks from Security Scorecards. Please see the Security Scorecards Documentation for more information on each check. The score was 0, and the passing threshold is 10. Results from policy: Code-Review : found 3 unreviewed changesets out of 3 -- score normalized to 0

• [0]:couldn't find approvals for revision: ee4156771cf3c3d3932197659e61beb2bd050730 platform: Unknown
• [0]:couldn't find approvals for revision: b4da28aa549d2ca2f3dea9b54908579dbfff4beb platform: Unknown
• [0]:couldn't find approvals for revision: b814aeb58924dc243438aa88df496759ffa54aae platform: Unknown

Results from policy: Dependency-Update-Tool : no update tool detected

• tool 'RenovateBot' is not used
• tool 'Dependabot' is not used
• tool 'PyUp' is not used
• tool 'Sonatype Lift' is not used

Results from policy: Pinned-Dependencies : dependency not pinned by hash detected -- score normalized to 0

• Dockerfile[1]:containerImage not pinned by hash
• Dockerfile[27]:downloadThenRun not pinned by hash
• Dockerfile[31]:downloadThenRun not pinned by hash
• Dockerfile[33]:npmCommand not pinned by hash
• Dockerfile[36]:downloadThenRun not pinned by hash
• [0]: 0 out of 1 containerImage dependencies pinned
• [0]: 0 out of 3 downloadThenRun dependencies pinned
• [0]: 0 out of 1 npmCommand dependencies pinned

Results from policy: SAST : no SAST tool detected

• [0]:no pull requests merged into dev branch
• [0]:CodeQL tool not detected

[allstar-app[bot]]

The policy result has been updated.

---

Project is out of compliance with Security Scorecards policy

Rule Description This is a generic passthrough policy that runs the configured checks from Security Scorecards. Please see the Security Scorecards Documentation for more information on each check. The score was 0, and the passing threshold is 10. Results from policy: Code-Review : found 3 unreviewed changesets out of 3 -- score normalized to 0

• [0]:couldn't find approvals for revision: ee4156771cf3c3d3932197659e61beb2bd050730 platform: Unknown
• [0]:couldn't find approvals for revision: b4da28aa549d2ca2f3dea9b54908579dbfff4beb platform: Unknown
• [0]:couldn't find approvals for revision: b814aeb58924dc243438aa88df496759ffa54aae platform: Unknown

Results from policy: Dependency-Update-Tool : no update tool detected

• tool 'RenovateBot' is not used
• tool 'Dependabot' is not used
• tool 'PyUp' is not used
• tool 'Sonatype Lift' is not used

Results from policy: Pinned-Dependencies : dependency not pinned by hash detected -- score normalized to 0

• Dockerfile[1]:containerImage not pinned by hash
• Dockerfile[27]:downloadThenRun not pinned by hash
• Dockerfile[31]:downloadThenRun not pinned by hash
• Dockerfile[33]:npmCommand not pinned by hash
• Dockerfile[36]:downloadThenRun not pinned by hash
• [0]: 0 out of 3 downloadThenRun dependencies pinned
• [0]: 0 out of 1 npmCommand dependencies pinned
• [0]: 0 out of 1 containerImage dependencies pinned

Results from policy: SAST : no SAST tool detected

• [0]:no pull requests merged into dev branch
• [0]:CodeQL tool not detected

[allstar-app[bot]]

The policy result has been updated.

---

Project is out of compliance with Security Scorecards policy

Rule Description This is a generic passthrough policy that runs the configured checks from Security Scorecards. Please see the Security Scorecards Documentation for more information on each check. The score was 0, and the passing threshold is 10. Results from policy: Code-Review : found 3 unreviewed changesets out of 3 -- score normalized to 0

• [0]:couldn't find approvals for revision: ee4156771cf3c3d3932197659e61beb2bd050730 platform: Unknown
• [0]:couldn't find approvals for revision: b4da28aa549d2ca2f3dea9b54908579dbfff4beb platform: Unknown
• [0]:couldn't find approvals for revision: b814aeb58924dc243438aa88df496759ffa54aae platform: Unknown

Results from policy: Dependency-Update-Tool : no update tool detected

• tool 'RenovateBot' is not used
• tool 'Dependabot' is not used
• tool 'PyUp' is not used
• tool 'Sonatype Lift' is not used

Results from policy: Pinned-Dependencies : dependency not pinned by hash detected -- score normalized to 0

• Dockerfile[1]:containerImage not pinned by hash
• Dockerfile[27]:downloadThenRun not pinned by hash
• Dockerfile[31]:downloadThenRun not pinned by hash
• Dockerfile[33]:npmCommand not pinned by hash
• Dockerfile[36]:downloadThenRun not pinned by hash
• [0]: 0 out of 1 containerImage dependencies pinned
• [0]: 0 out of 3 downloadThenRun dependencies pinned
• [0]: 0 out of 1 npmCommand dependencies pinned

Results from policy: SAST : no SAST tool detected

• [0]:no pull requests merged into dev branch
• [0]:CodeQL tool not detected

[allstar-app[bot]]

The policy result has been updated.

---

Project is out of compliance with Security Scorecards policy

Rule Description This is a generic passthrough policy that runs the configured checks from Security Scorecards. Please see the Security Scorecards Documentation for more information on each check. The score was 0, and the passing threshold is 10. Results from policy: Code-Review : found 3 unreviewed changesets out of 3 -- score normalized to 0

• [0]:couldn't find approvals for revision: ee4156771cf3c3d3932197659e61beb2bd050730 platform: Unknown
• [0]:couldn't find approvals for revision: b4da28aa549d2ca2f3dea9b54908579dbfff4beb platform: Unknown
• [0]:couldn't find approvals for revision: b814aeb58924dc243438aa88df496759ffa54aae platform: Unknown

Results from policy: Dependency-Update-Tool : no update tool detected

• tool 'RenovateBot' is not used
• tool 'Dependabot' is not used
• tool 'PyUp' is not used
• tool 'Sonatype Lift' is not used

Results from policy: Pinned-Dependencies : dependency not pinned by hash detected -- score normalized to 0

• Dockerfile[1]:containerImage not pinned by hash
• Dockerfile[27]:downloadThenRun not pinned by hash
• Dockerfile[31]:downloadThenRun not pinned by hash
• Dockerfile[33]:npmCommand not pinned by hash
• Dockerfile[36]:downloadThenRun not pinned by hash
• [0]: 0 out of 3 downloadThenRun dependencies pinned
• [0]: 0 out of 1 npmCommand dependencies pinned
• [0]: 0 out of 1 containerImage dependencies pinned

Results from policy: SAST : no SAST tool detected

• [0]:no pull requests merged into dev branch
• [0]:CodeQL tool not detected

[allstar-app[bot]]

The policy result has been updated.

---

Project is out of compliance with Security Scorecards policy

Rule Description This is a generic passthrough policy that runs the configured checks from Security Scorecards. Please see the Security Scorecards Documentation for more information on each check. The score was 0, and the passing threshold is 10. Results from policy: Code-Review : found 3 unreviewed changesets out of 3 -- score normalized to 0

• [0]:couldn't find approvals for revision: ee4156771cf3c3d3932197659e61beb2bd050730 platform: Unknown
• [0]:couldn't find approvals for revision: b4da28aa549d2ca2f3dea9b54908579dbfff4beb platform: Unknown
• [0]:couldn't find approvals for revision: b814aeb58924dc243438aa88df496759ffa54aae platform: Unknown

Results from policy: Dependency-Update-Tool : no update tool detected

• tool 'RenovateBot' is not used
• tool 'Dependabot' is not used
• tool 'PyUp' is not used
• tool 'Sonatype Lift' is not used

Results from policy: Pinned-Dependencies : dependency not pinned by hash detected -- score normalized to 0

• Dockerfile[1]:containerImage not pinned by hash
• Dockerfile[27]:downloadThenRun not pinned by hash
• Dockerfile[31]:downloadThenRun not pinned by hash
• Dockerfile[33]:npmCommand not pinned by hash
• Dockerfile[36]:downloadThenRun not pinned by hash
• [0]: 0 out of 1 npmCommand dependencies pinned
• [0]: 0 out of 1 containerImage dependencies pinned
• [0]: 0 out of 3 downloadThenRun dependencies pinned

Results from policy: SAST : no SAST tool detected

• [0]:no pull requests merged into dev branch
• [0]:CodeQL tool not detected

[allstar-app[bot]]

The policy result has been updated.

---

Project is out of compliance with Security Scorecards policy

Rule Description This is a generic passthrough policy that runs the configured checks from Security Scorecards. Please see the Security Scorecards Documentation for more information on each check. The score was 0, and the passing threshold is 10. Results from policy: Code-Review : found 3 unreviewed changesets out of 3 -- score normalized to 0

• [0]:couldn't find approvals for revision: ee4156771cf3c3d3932197659e61beb2bd050730 platform: Unknown
• [0]:couldn't find approvals for revision: b4da28aa549d2ca2f3dea9b54908579dbfff4beb platform: Unknown
• [0]:couldn't find approvals for revision: b814aeb58924dc243438aa88df496759ffa54aae platform: Unknown

Results from policy: Dependency-Update-Tool : no update tool detected

• tool 'RenovateBot' is not used
• tool 'Dependabot' is not used
• tool 'PyUp' is not used
• tool 'Sonatype Lift' is not used

Results from policy: Pinned-Dependencies : dependency not pinned by hash detected -- score normalized to 0

• Dockerfile[1]:containerImage not pinned by hash
• Dockerfile[27]:downloadThenRun not pinned by hash
• Dockerfile[31]:downloadThenRun not pinned by hash
• Dockerfile[33]:npmCommand not pinned by hash
• Dockerfile[36]:downloadThenRun not pinned by hash
• [0]: 0 out of 1 containerImage dependencies pinned
• [0]: 0 out of 3 downloadThenRun dependencies pinned
• [0]: 0 out of 1 npmCommand dependencies pinned

Results from policy: SAST : no SAST tool detected

• [0]:no pull requests merged into dev branch
• [0]:CodeQL tool not detected

[allstar-app[bot]]

The policy result has been updated.

---

Project is out of compliance with Security Scorecards policy

Rule Description This is a generic passthrough policy that runs the configured checks from Security Scorecards. Please see the Security Scorecards Documentation for more information on each check. The score was 0, and the passing threshold is 10. Results from policy: Code-Review : found 3 unreviewed changesets out of 3 -- score normalized to 0

• [0]:couldn't find approvals for revision: b4da28aa549d2ca2f3dea9b54908579dbfff4beb platform: Unknown
• [0]:couldn't find approvals for revision: b814aeb58924dc243438aa88df496759ffa54aae platform: Unknown
• [0]:couldn't find approvals for revision: ee4156771cf3c3d3932197659e61beb2bd050730 platform: Unknown

Results from policy: Dependency-Update-Tool : no update tool detected

• tool 'RenovateBot' is not used
• tool 'Dependabot' is not used
• tool 'PyUp' is not used
• tool 'Sonatype Lift' is not used

Results from policy: Pinned-Dependencies : dependency not pinned by hash detected -- score normalized to 0

• Dockerfile[1]:containerImage not pinned by hash
• Dockerfile[27]:downloadThenRun not pinned by hash
• Dockerfile[31]:downloadThenRun not pinned by hash
• Dockerfile[33]:npmCommand not pinned by hash
• Dockerfile[36]:downloadThenRun not pinned by hash
• [0]: 0 out of 1 containerImage dependencies pinned
• [0]: 0 out of 3 downloadThenRun dependencies pinned
• [0]: 0 out of 1 npmCommand dependencies pinned

Results from policy: SAST : no SAST tool detected

• [0]:no pull requests merged into dev branch
• [0]:CodeQL tool not detected

[allstar-app[bot]]

The policy result has been updated.

---

Project is out of compliance with Security Scorecards policy

Rule Description This is a generic passthrough policy that runs the configured checks from Security Scorecards. Please see the Security Scorecards Documentation for more information on each check. The score was 0, and the passing threshold is 10. Results from policy: Code-Review : found 3 unreviewed changesets out of 3 -- score normalized to 0

• [0]:couldn't find approvals for revision: ee4156771cf3c3d3932197659e61beb2bd050730 platform: Unknown
• [0]:couldn't find approvals for revision: b4da28aa549d2ca2f3dea9b54908579dbfff4beb platform: Unknown
• [0]:couldn't find approvals for revision: b814aeb58924dc243438aa88df496759ffa54aae platform: Unknown

Results from policy: Dependency-Update-Tool : no update tool detected

• tool 'RenovateBot' is not used
• tool 'Dependabot' is not used
• tool 'PyUp' is not used
• tool 'Sonatype Lift' is not used

Results from policy: Pinned-Dependencies : dependency not pinned by hash detected -- score normalized to 0

• Dockerfile[1]:containerImage not pinned by hash
• Dockerfile[27]:downloadThenRun not pinned by hash
• Dockerfile[31]:downloadThenRun not pinned by hash
• Dockerfile[33]:npmCommand not pinned by hash
• Dockerfile[36]:downloadThenRun not pinned by hash
• [0]: 0 out of 1 containerImage dependencies pinned
• [0]: 0 out of 3 downloadThenRun dependencies pinned
• [0]: 0 out of 1 npmCommand dependencies pinned

Results from policy: SAST : no SAST tool detected

• [0]:no pull requests merged into dev branch
• [0]:CodeQL tool not detected

[allstar-app[bot]]

The policy result has been updated.

---

Project is out of compliance with Security Scorecards policy

Rule Description This is a generic passthrough policy that runs the configured checks from Security Scorecards. Please see the Security Scorecards Documentation for more information on each check. The score was 0, and the passing threshold is 10. Results from policy: Code-Review : found 3 unreviewed changesets out of 3 -- score normalized to 0

• [0]:couldn't find approvals for revision: ee4156771cf3c3d3932197659e61beb2bd050730 platform: Unknown
• [0]:couldn't find approvals for revision: b4da28aa549d2ca2f3dea9b54908579dbfff4beb platform: Unknown
• [0]:couldn't find approvals for revision: b814aeb58924dc243438aa88df496759ffa54aae platform: Unknown

Results from policy: Dependency-Update-Tool : no update tool detected

• tool 'RenovateBot' is not used
• tool 'Dependabot' is not used
• tool 'PyUp' is not used
• tool 'Sonatype Lift' is not used

Results from policy: Pinned-Dependencies : dependency not pinned by hash detected -- score normalized to 0

• Dockerfile[1]:containerImage not pinned by hash
• Dockerfile[27]:downloadThenRun not pinned by hash
• Dockerfile[31]:downloadThenRun not pinned by hash
• Dockerfile[33]:npmCommand not pinned by hash
• Dockerfile[36]:downloadThenRun not pinned by hash
• [0]: 0 out of 3 downloadThenRun dependencies pinned
• [0]: 0 out of 1 npmCommand dependencies pinned
• [0]: 0 out of 1 containerImage dependencies pinned

Results from policy: SAST : no SAST tool detected

• [0]:no pull requests merged into dev branch
• [0]:CodeQL tool not detected

[allstar-app[bot]]

The policy result has been updated.

---

Project is out of compliance with Security Scorecards policy

Rule Description This is a generic passthrough policy that runs the configured checks from Security Scorecards. Please see the Security Scorecards Documentation for more information on each check. The score was 0, and the passing threshold is 10. Results from policy: Code-Review : found 3 unreviewed changesets out of 3 -- score normalized to 0

• [0]:couldn't find approvals for revision: ee4156771cf3c3d3932197659e61beb2bd050730 platform: Unknown
• [0]:couldn't find approvals for revision: b4da28aa549d2ca2f3dea9b54908579dbfff4beb platform: Unknown
• [0]:couldn't find approvals for revision: b814aeb58924dc243438aa88df496759ffa54aae platform: Unknown

Results from policy: Dependency-Update-Tool : no update tool detected

• tool 'RenovateBot' is not used
• tool 'Dependabot' is not used
• tool 'PyUp' is not used
• tool 'Sonatype Lift' is not used

Results from policy: Pinned-Dependencies : dependency not pinned by hash detected -- score normalized to 0

• Dockerfile[1]:containerImage not pinned by hash
• Dockerfile[27]:downloadThenRun not pinned by hash
• Dockerfile[31]:downloadThenRun not pinned by hash
• Dockerfile[33]:npmCommand not pinned by hash
• Dockerfile[36]:downloadThenRun not pinned by hash
• [0]: 0 out of 1 npmCommand dependencies pinned
• [0]: 0 out of 1 containerImage dependencies pinned
• [0]: 0 out of 3 downloadThenRun dependencies pinned

Results from policy: SAST : no SAST tool detected

• [0]:no pull requests merged into dev branch
• [0]:CodeQL tool not detected

[allstar-app[bot]]

The policy result has been updated.

---

Project is out of compliance with Security Scorecards policy

Rule Description This is a generic passthrough policy that runs the configured checks from Security Scorecards. Please see the Security Scorecards Documentation for more information on each check. The score was 0, and the passing threshold is 10. Results from policy: Code-Review : found 3 unreviewed changesets out of 3 -- score normalized to 0

• [0]:couldn't find approvals for revision: ee4156771cf3c3d3932197659e61beb2bd050730 platform: Unknown
• [0]:couldn't find approvals for revision: b4da28aa549d2ca2f3dea9b54908579dbfff4beb platform: Unknown
• [0]:couldn't find approvals for revision: b814aeb58924dc243438aa88df496759ffa54aae platform: Unknown

Results from policy: Dependency-Update-Tool : no update tool detected

• tool 'RenovateBot' is not used
• tool 'Dependabot' is not used
• tool 'PyUp' is not used
• tool 'Sonatype Lift' is not used

Results from policy: Pinned-Dependencies : dependency not pinned by hash detected -- score normalized to 0

• Dockerfile[1]:containerImage not pinned by hash
• Dockerfile[27]:downloadThenRun not pinned by hash
• Dockerfile[31]:downloadThenRun not pinned by hash
• Dockerfile[33]:npmCommand not pinned by hash
• Dockerfile[36]:downloadThenRun not pinned by hash
• [0]: 0 out of 1 containerImage dependencies pinned
• [0]: 0 out of 3 downloadThenRun dependencies pinned
• [0]: 0 out of 1 npmCommand dependencies pinned

Results from policy: SAST : no SAST tool detected

• [0]:no pull requests merged into dev branch
• [0]:CodeQL tool not detected

[allstar-app[bot]]

The policy result has been updated.

---

Project is out of compliance with Security Scorecards policy

Rule Description This is a generic passthrough policy that runs the configured checks from Security Scorecards. Please see the Security Scorecards Documentation for more information on each check. The score was 0, and the passing threshold is 10. Results from policy: Code-Review : found 3 unreviewed changesets out of 3 -- score normalized to 0

• [0]:couldn't find approvals for revision: b814aeb58924dc243438aa88df496759ffa54aae platform: Unknown
• [0]:couldn't find approvals for revision: ee4156771cf3c3d3932197659e61beb2bd050730 platform: Unknown
• [0]:couldn't find approvals for revision: b4da28aa549d2ca2f3dea9b54908579dbfff4beb platform: Unknown

Results from policy: Dependency-Update-Tool : no update tool detected

• tool 'RenovateBot' is not used
• tool 'Dependabot' is not used
• tool 'PyUp' is not used
• tool 'Sonatype Lift' is not used

Results from policy: Pinned-Dependencies : dependency not pinned by hash detected -- score normalized to 0

• Dockerfile[1]:containerImage not pinned by hash
• Dockerfile[27]:downloadThenRun not pinned by hash
• Dockerfile[31]:downloadThenRun not pinned by hash
• Dockerfile[33]:npmCommand not pinned by hash
• Dockerfile[36]:downloadThenRun not pinned by hash
• [0]: 0 out of 1 containerImage dependencies pinned
• [0]: 0 out of 3 downloadThenRun dependencies pinned
• [0]: 0 out of 1 npmCommand dependencies pinned

Results from policy: SAST : no SAST tool detected

• [0]:no pull requests merged into dev branch
• [0]:CodeQL tool not detected

[allstar-app[bot]]

The policy result has been updated.

---

Project is out of compliance with Security Scorecards policy

Rule Description This is a generic passthrough policy that runs the configured checks from Security Scorecards. Please see the Security Scorecards Documentation for more information on each check. The score was 0, and the passing threshold is 10. Results from policy: Code-Review : found 3 unreviewed changesets out of 3 -- score normalized to 0

• [0]:couldn't find approvals for revision: ee4156771cf3c3d3932197659e61beb2bd050730 platform: Unknown
• [0]:couldn't find approvals for revision: b4da28aa549d2ca2f3dea9b54908579dbfff4beb platform: Unknown
• [0]:couldn't find approvals for revision: b814aeb58924dc243438aa88df496759ffa54aae platform: Unknown

Results from policy: Dependency-Update-Tool : no update tool detected

• tool 'RenovateBot' is not used
• tool 'Dependabot' is not used
• tool 'PyUp' is not used
• tool 'Sonatype Lift' is not used

Results from policy: Pinned-Dependencies : dependency not pinned by hash detected -- score normalized to 0

• Dockerfile[1]:containerImage not pinned by hash
• Dockerfile[27]:downloadThenRun not pinned by hash
• Dockerfile[31]:downloadThenRun not pinned by hash
• Dockerfile[33]:npmCommand not pinned by hash
• Dockerfile[36]:downloadThenRun not pinned by hash
• [0]: 0 out of 1 containerImage dependencies pinned
• [0]: 0 out of 3 downloadThenRun dependencies pinned
• [0]: 0 out of 1 npmCommand dependencies pinned

Results from policy: SAST : no SAST tool detected

• [0]:no pull requests merged into dev branch
• [0]:CodeQL tool not detected

[allstar-app[bot]]

The policy result has been updated.

---

Project is out of compliance with Security Scorecards policy

Rule Description This is a generic passthrough policy that runs the configured checks from Security Scorecards. Please see the Security Scorecards Documentation for more information on each check. The score was 0, and the passing threshold is 10. Results from policy: Code-Review : found 3 unreviewed changesets out of 3 -- score normalized to 0

• [0]:couldn't find approvals for revision: ee4156771cf3c3d3932197659e61beb2bd050730 platform: Unknown
• [0]:couldn't find approvals for revision: b4da28aa549d2ca2f3dea9b54908579dbfff4beb platform: Unknown
• [0]:couldn't find approvals for revision: b814aeb58924dc243438aa88df496759ffa54aae platform: Unknown

Results from policy: Dependency-Update-Tool : no update tool detected

• tool 'RenovateBot' is not used
• tool 'Dependabot' is not used
• tool 'PyUp' is not used
• tool 'Sonatype Lift' is not used

Results from policy: Pinned-Dependencies : dependency not pinned by hash detected -- score normalized to 0

• Dockerfile[1]:containerImage not pinned by hash
• Dockerfile[27]:downloadThenRun not pinned by hash
• Dockerfile[31]:downloadThenRun not pinned by hash
• Dockerfile[33]:npmCommand not pinned by hash
• Dockerfile[36]:downloadThenRun not pinned by hash
• [0]: 0 out of 3 downloadThenRun dependencies pinned
• [0]: 0 out of 1 npmCommand dependencies pinned
• [0]: 0 out of 1 containerImage dependencies pinned

Results from policy: SAST : no SAST tool detected

• [0]:no pull requests merged into dev branch
• [0]:CodeQL tool not detected

[allstar-app[bot]]

The policy result has been updated.

---

Project is out of compliance with Security Scorecards policy

Rule Description This is a generic passthrough policy that runs the configured checks from Security Scorecards. Please see the Security Scorecards Documentation for more information on each check. The score was 0, and the passing threshold is 10. Results from policy: Code-Review : found 3 unreviewed changesets out of 3 -- score normalized to 0

• [0]:couldn't find approvals for revision: ee4156771cf3c3d3932197659e61beb2bd050730 platform: Unknown
• [0]:couldn't find approvals for revision: b4da28aa549d2ca2f3dea9b54908579dbfff4beb platform: Unknown
• [0]:couldn't find approvals for revision: b814aeb58924dc243438aa88df496759ffa54aae platform: Unknown

Results from policy: Dependency-Update-Tool : no update tool detected

• tool 'RenovateBot' is not used
• tool 'Dependabot' is not used
• tool 'PyUp' is not used
• tool 'Sonatype Lift' is not used

Results from policy: Pinned-Dependencies : dependency not pinned by hash detected -- score normalized to 0

• Dockerfile[1]:containerImage not pinned by hash
• Dockerfile[27]:downloadThenRun not pinned by hash
• Dockerfile[31]:downloadThenRun not pinned by hash
• Dockerfile[33]:npmCommand not pinned by hash
• Dockerfile[36]:downloadThenRun not pinned by hash
• [0]: 0 out of 1 containerImage dependencies pinned
• [0]: 0 out of 3 downloadThenRun dependencies pinned
• [0]: 0 out of 1 npmCommand dependencies pinned

Results from policy: SAST : no SAST tool detected

• [0]:no pull requests merged into dev branch
• [0]:CodeQL tool not detected