Closed jkremser closed 1 year ago
RESULTS ------- Aggregate score: 4.7 / 10 Check scores: |---------|------------------------|--------------------------------|-----------------------------------------------------------------------------------------------------------------------| | SCORE | NAME | REASON | DOCUMENTATION/REMEDIATION | |---------|------------------------|--------------------------------|-----------------------------------------------------------------------------------------------------------------------| | 10 / 10 | Binary-Artifacts | no binaries found in the repo | https://github.com/ossf/scorecard/blob/e42af756609b2cde6d757fd45ea05ddf0016ff62/docs/checks.md#binary-artifacts | |---------|------------------------|--------------------------------|-----------------------------------------------------------------------------------------------------------------------| | 0 / 10 | Branch-Protection | branch protection not enabled | https://github.com/ossf/scorecard/blob/e42af756609b2cde6d757fd45ea05ddf0016ff62/docs/checks.md#branch-protection | | | | on development/release | | | | | branches | | |---------|------------------------|--------------------------------|-----------------------------------------------------------------------------------------------------------------------| | 5 / 10 | CI-Tests | 2 out of 4 merged PRs | https://github.com/ossf/scorecard/blob/e42af756609b2cde6d757fd45ea05ddf0016ff62/docs/checks.md#ci-tests | | | | checked by a CI test -- score | | | | | normalized to 5 | | |---------|------------------------|--------------------------------|-----------------------------------------------------------------------------------------------------------------------| | 0 / 10 | CII-Best-Practices | no badge detected | https://github.com/ossf/scorecard/blob/e42af756609b2cde6d757fd45ea05ddf0016ff62/docs/checks.md#cii-best-practices | |---------|------------------------|--------------------------------|-----------------------------------------------------------------------------------------------------------------------| | 1 / 10 | Code-Review | GitHub code reviews found for | https://github.com/ossf/scorecard/blob/e42af756609b2cde6d757fd45ea05ddf0016ff62/docs/checks.md#code-review | | | | 4 commits out of the last 30 | | | | | -- score normalized to 1 | | |---------|------------------------|--------------------------------|-----------------------------------------------------------------------------------------------------------------------| | 10 / 10 | Contributors | 11 different organizations | https://github.com/ossf/scorecard/blob/e42af756609b2cde6d757fd45ea05ddf0016ff62/docs/checks.md#contributors | | | | found -- score normalized to | | | | | 10 | | |---------|------------------------|--------------------------------|-----------------------------------------------------------------------------------------------------------------------| | 10 / 10 | Dangerous-Workflow | no dangerous workflow patterns | https://github.com/ossf/scorecard/blob/e42af756609b2cde6d757fd45ea05ddf0016ff62/docs/checks.md#dangerous-workflow | | | | detected | | |---------|------------------------|--------------------------------|-----------------------------------------------------------------------------------------------------------------------| | 0 / 10 | Dependency-Update-Tool | no update tool detected | https://github.com/ossf/scorecard/blob/e42af756609b2cde6d757fd45ea05ddf0016ff62/docs/checks.md#dependency-update-tool | |---------|------------------------|--------------------------------|-----------------------------------------------------------------------------------------------------------------------| | 0 / 10 | Fuzzing | project is not fuzzed | https://github.com/ossf/scorecard/blob/e42af756609b2cde6d757fd45ea05ddf0016ff62/docs/checks.md#fuzzing | |---------|------------------------|--------------------------------|-----------------------------------------------------------------------------------------------------------------------| | 10 / 10 | License | license file detected | https://github.com/ossf/scorecard/blob/e42af756609b2cde6d757fd45ea05ddf0016ff62/docs/checks.md#license | |---------|------------------------|--------------------------------|-----------------------------------------------------------------------------------------------------------------------| | 10 / 10 | Maintained | 14 commit(s) out of 30 and 5 | https://github.com/ossf/scorecard/blob/e42af756609b2cde6d757fd45ea05ddf0016ff62/docs/checks.md#maintained | | | | issue activity out of 24 found | | | | | in the last 90 days -- score | | | | | normalized to 10 | | |---------|------------------------|--------------------------------|-----------------------------------------------------------------------------------------------------------------------| | 10 / 10 | Packaging | publishing workflow detected | https://github.com/ossf/scorecard/blob/e42af756609b2cde6d757fd45ea05ddf0016ff62/docs/checks.md#packaging | |---------|------------------------|--------------------------------|-----------------------------------------------------------------------------------------------------------------------| | 0 / 10 | Pinned-Dependencies | dependency not pinned by hash | https://github.com/ossf/scorecard/blob/e42af756609b2cde6d757fd45ea05ddf0016ff62/docs/checks.md#pinned-dependencies | | | | detected -- score normalized | | | | | to 0 | | |---------|------------------------|--------------------------------|-----------------------------------------------------------------------------------------------------------------------| | 5 / 10 | SAST | SAST tool is not run on all | https://github.com/ossf/scorecard/blob/e42af756609b2cde6d757fd45ea05ddf0016ff62/docs/checks.md#sast | | | | commits -- score normalized to | | | | | 5 | | |---------|------------------------|--------------------------------|-----------------------------------------------------------------------------------------------------------------------| | 0 / 10 | Security-Policy | security policy file not | https://github.com/ossf/scorecard/blob/e42af756609b2cde6d757fd45ea05ddf0016ff62/docs/checks.md#security-policy | | | | detected | | |---------|------------------------|--------------------------------|-----------------------------------------------------------------------------------------------------------------------| | 3 / 10 | Signed-Releases | 1 out of 3 artifacts are | https://github.com/ossf/scorecard/blob/e42af756609b2cde6d757fd45ea05ddf0016ff62/docs/checks.md#signed-releases | | | | signed -- score normalized to | | | | | 3 | | |---------|------------------------|--------------------------------|-----------------------------------------------------------------------------------------------------------------------| | 0 / 10 | Token-Permissions | non read-only tokens detected | https://github.com/ossf/scorecard/blob/e42af756609b2cde6d757fd45ea05ddf0016ff62/docs/checks.md#token-permissions | | | | in GitHub workflows | | |---------|------------------------|--------------------------------|-----------------------------------------------------------------------------------------------------------------------| | 10 / 10 | Vulnerabilities | no vulnerabilities detected | https://github.com/ossf/scorecard/blob/e42af756609b2cde6d757fd45ea05ddf0016ff62/docs/checks.md#vulnerabilities | |---------|------------------------|--------------------------------|-----------------------------------------------------------------------------------------------------------------------| | ? | Webhooks | check is not supported for | https://github.com/ossf/scorecard/blob/e42af756609b2cde6d757fd45ea05ddf0016ff62/docs/checks.md#webhooks | | | | this request: SCORECARD_V6 | | | | | is not set, not running the | | | | | Webhook check | | |---------|------------------------|--------------------------------|-----------------------------------------------------------------------------------------------------------------------|
scorecard --repo jkremser/log2rbac-operator
RESULTS ------- Aggregate score: 5.8 / 10
RESULTS ------- Aggregate score: 6.4 / 10
6.9
7.4
good enough, closing