mikkurogue / dagger

A small cli tool to help setup a developer environment with a simple step setup.

https://mikkurogue.github.io/dagger/

MIT License

2 stars 0 forks source link

Feat/dagger config #13

Closed mikkurogue closed 4 months ago

mikkurogue commented 4 months ago

Initial config creation

github-actions[bot] commented 4 months ago

Dependency Review

✅ No vulnerabilities or license issues or OpenSSF Scorecard issues found.

OpenSSF Scorecard

Package

Version

Score

Details

actions/actions/checkout

4.*.*

:green_circle: 7.5

Details

Check	Score	Reason
Code-Review	:green_circle: 10	all changesets reviewed
Maintained	:green_circle: 10	18 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 10
CII-Best-Practices	:warning: 0	no effort to earn an OpenSSF best practices badge detected
License	:green_circle: 10	license file detected
Branch-Protection	:warning: -1	internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration
Signed-Releases	:warning: -1	no releases found
Dangerous-Workflow	:green_circle: 10	no dangerous workflow patterns detected
Binary-Artifacts	:green_circle: 10	no binaries found in the repo
Token-Permissions	:warning: 0	detected GitHub workflow tokens with excessive permissions
Fuzzing	:warning: 0	project is not fuzzed
SAST	:green_circle: 10	SAST tool is run on all commits
Security-Policy	:green_circle: 9	security policy file detected
Pinned-Dependencies	:green_circle: 4	dependency not pinned by hash detected -- score normalized to 4
Packaging	:green_circle: 10	packaging workflow detected
Vulnerabilities	:green_circle: 9	1 existing vulnerabilities detected

actions/actions/dependency-review-action

4.*.*

:green_circle: 7.1

Details

Check	Score	Reason
Code-Review	:green_circle: 10	all changesets reviewed
Maintained	:green_circle: 10	30 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 10
CII-Best-Practices	:warning: 0	no effort to earn an OpenSSF best practices badge detected
License	:green_circle: 10	license file detected
Branch-Protection	:warning: -1	internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration
Signed-Releases	:warning: -1	no releases found
Security-Policy	:green_circle: 9	security policy file detected
Dangerous-Workflow	:green_circle: 10	no dangerous workflow patterns detected
Packaging	:warning: -1	packaging workflow not detected
Binary-Artifacts	:green_circle: 10	no binaries found in the repo
Token-Permissions	:warning: 0	detected GitHub workflow tokens with excessive permissions
Fuzzing	:warning: 0	project is not fuzzed
Pinned-Dependencies	:warning: 1	dependency not pinned by hash detected -- score normalized to 1
SAST	:green_circle: 10	SAST tool is run on all commits
Vulnerabilities	:green_circle: 9	1 existing vulnerabilities detected

Scanned Manifest Files

.github/workflows/dependency-review.yml

actions/checkout@4.*.*
actions/dependency-review-action@4.*.*