initia-labs / initia.js

Apache License 2.0

26 stars 30 forks source link

Create dependency-review.yml #68

Closed Vritra4 closed 3 months ago

Vritra4 commented 3 months ago

github action to review dependencies

github-actions[bot] commented 3 months ago

Dependency Review

✅ No vulnerabilities or license issues or OpenSSF Scorecard issues found.

OpenSSF Scorecard

Package

Version

Score

Details

actions/actions/checkout

4.*.*

:green_circle: 7.2

Details

Check	Score	Reason
Code-Review	:green_circle: 10	all changesets reviewed
Maintained	:green_circle: 7	9 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 7
CII-Best-Practices	:warning: 0	no effort to earn an OpenSSF best practices badge detected
License	:green_circle: 10	license file detected
Branch-Protection	:warning: -1	internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration
Signed-Releases	:warning: -1	no releases found
Dangerous-Workflow	:green_circle: 10	no dangerous workflow patterns detected
Binary-Artifacts	:green_circle: 10	no binaries found in the repo
Token-Permissions	:warning: 0	detected GitHub workflow tokens with excessive permissions
Fuzzing	:warning: 0	project is not fuzzed
Security-Policy	:green_circle: 9	security policy file detected
Pinned-Dependencies	:green_circle: 4	dependency not pinned by hash detected -- score normalized to 4
Packaging	:green_circle: 10	packaging workflow detected
SAST	:green_circle: 10	SAST tool is run on all commits
Vulnerabilities	:green_circle: 9	1 existing vulnerabilities detected

actions/actions/dependency-review-action

4.*.*

:green_circle: 7.2

Details

Check	Score	Reason
Code-Review	:green_circle: 10	all changesets reviewed
Maintained	:green_circle: 10	30 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 10
CII-Best-Practices	:warning: 0	no effort to earn an OpenSSF best practices badge detected
License	:green_circle: 10	license file detected
Branch-Protection	:warning: -1	internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration
Signed-Releases	:warning: -1	no releases found
Security-Policy	:green_circle: 9	security policy file detected
Binary-Artifacts	:green_circle: 10	no binaries found in the repo
Packaging	:warning: -1	packaging workflow not detected
Dangerous-Workflow	:green_circle: 10	no dangerous workflow patterns detected
Token-Permissions	:warning: 0	detected GitHub workflow tokens with excessive permissions
Fuzzing	:warning: 0	project is not fuzzed
Pinned-Dependencies	:warning: 1	dependency not pinned by hash detected -- score normalized to 1
SAST	:green_circle: 9	SAST tool detected but not run on all commits
Vulnerabilities	:green_circle: 10	0 existing vulnerabilities detected

Scanned Manifest Files

.github/workflows/dependency-review.yml

actions/checkout@4.*.*
actions/dependency-review-action@4.*.*