Bump step-security/harden-runner from 2.7.0 to 2.7.1

[dependabot[bot]]

Bumps step-security/harden-runner from 2.7.0 to 2.7.1.

Release notes

Sourced from step-security/harden-runner's releases.

v2.7.1

What's Changed

Release v2.7.1 by @​varunsh-coder, @​h0x0er, @​ashishkurmi in step-security/harden-runner#397 This release:

• Improves the capability to inspect outbound HTTPS traffic on GitHub-hosted and self-hosted VM runners
• Updates README to add link to case study video on how Harden-Runner detected a supply chain attack on a Google open-source project
• Addresses minor bugs

Full Changelog: https://github.com/step-security/harden-runner/compare/v2.7.0...v2.7.1

Commits

• a4aa98b Release v2.7.1 (#397)
• 6c3b1c9 Merge pull request #379 from step-security/dependabot/github_actions/step-sec...
• 3498091 Bump step-security/harden-runner from 2.6.1 to 2.7.0
• 63a88e2 Merge pull request #378 from step-security/update-readme3
• 07e5965 Update README
• See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

[github-actions[bot]]

Dependency Review

✅ No vulnerabilities or license issues or OpenSSF Scorecard issues found.

OpenSSF Scorecard

Scorecard details

Package	Version	Score	Details
actions/step-security/harden-runner	a4aa98b93cab29d9b1101a6143fb8bce00e2eac4	:green_circle: 8.1	Details Check Score Reason Binary-Artifacts :green_circle: 10 no binaries found in the repo Branch-Protection :warning: -1 internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration CI-Tests :green_circle: 10 16 out of 16 merged PRs checked by a CI test -- score normalized to 10 CII-Best-Practices :warning: 0 no effort to earn an OpenSSF best practices badge detected Code-Review :green_circle: 10 all changesets reviewed Contributors :green_circle: 6 2 different organizations found -- score normalized to 6 Dangerous-Workflow :green_circle: 10 no dangerous workflow patterns detected Dependency-Update-Tool :green_circle: 10 update tool detected Fuzzing :warning: 0 project is not fuzzed License :green_circle: 10 license file detected Maintained :warning: 2 3 commit(s) out of 30 and 0 issue activity out of 30 found in the last 90 days -- score normalized to 2 Packaging :warning: -1 no published package detected Pinned-Dependencies :green_circle: 7 dependency not pinned by hash detected -- score normalized to 7 SAST :green_circle: 10 SAST tool is run on all commits Security-Policy :green_circle: 10 security policy file detected Signed-Releases :warning: -1 no releases found Token-Permissions :green_circle: 10 GitHub workflow tokens follow principle of least privilege Vulnerabilities :green_circle: 10 no vulnerabilities detected
actions/step-security/harden-runner	63c24ba6bd7ba022e95695ff85de572c04a18142	:green_circle: 8.1	Details Check Score Reason Binary-Artifacts :green_circle: 10 no binaries found in the repo Branch-Protection :warning: -1 internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration CI-Tests :green_circle: 10 16 out of 16 merged PRs checked by a CI test -- score normalized to 10 CII-Best-Practices :warning: 0 no effort to earn an OpenSSF best practices badge detected Code-Review :green_circle: 10 all changesets reviewed Contributors :green_circle: 6 2 different organizations found -- score normalized to 6 Dangerous-Workflow :green_circle: 10 no dangerous workflow patterns detected Dependency-Update-Tool :green_circle: 10 update tool detected Fuzzing :warning: 0 project is not fuzzed License :green_circle: 10 license file detected Maintained :warning: 2 3 commit(s) out of 30 and 0 issue activity out of 30 found in the last 90 days -- score normalized to 2 Packaging :warning: -1 no published package detected Pinned-Dependencies :green_circle: 7 dependency not pinned by hash detected -- score normalized to 7 SAST :green_circle: 10 SAST tool is run on all commits Security-Policy :green_circle: 10 security policy file detected Signed-Releases :warning: -1 no releases found Token-Permissions :green_circle: 10 GitHub workflow tokens follow principle of least privilege Vulnerabilities :green_circle: 10 no vulnerabilities detected
actions/step-security/harden-runner	a4aa98b93cab29d9b1101a6143fb8bce00e2eac4	:green_circle: 8.1	Details Check Score Reason Binary-Artifacts :green_circle: 10 no binaries found in the repo Branch-Protection :warning: -1 internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration CI-Tests :green_circle: 10 16 out of 16 merged PRs checked by a CI test -- score normalized to 10 CII-Best-Practices :warning: 0 no effort to earn an OpenSSF best practices badge detected Code-Review :green_circle: 10 all changesets reviewed Contributors :green_circle: 6 2 different organizations found -- score normalized to 6 Dangerous-Workflow :green_circle: 10 no dangerous workflow patterns detected Dependency-Update-Tool :green_circle: 10 update tool detected Fuzzing :warning: 0 project is not fuzzed License :green_circle: 10 license file detected Maintained :warning: 2 3 commit(s) out of 30 and 0 issue activity out of 30 found in the last 90 days -- score normalized to 2 Packaging :warning: -1 no published package detected Pinned-Dependencies :green_circle: 7 dependency not pinned by hash detected -- score normalized to 7 SAST :green_circle: 10 SAST tool is run on all commits Security-Policy :green_circle: 10 security policy file detected Signed-Releases :warning: -1 no releases found Token-Permissions :green_circle: 10 GitHub workflow tokens follow principle of least privilege Vulnerabilities :green_circle: 10 no vulnerabilities detected
actions/step-security/harden-runner	63c24ba6bd7ba022e95695ff85de572c04a18142	:green_circle: 8.1	Details Check Score Reason Binary-Artifacts :green_circle: 10 no binaries found in the repo Branch-Protection :warning: -1 internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration CI-Tests :green_circle: 10 16 out of 16 merged PRs checked by a CI test -- score normalized to 10 CII-Best-Practices :warning: 0 no effort to earn an OpenSSF best practices badge detected Code-Review :green_circle: 10 all changesets reviewed Contributors :green_circle: 6 2 different organizations found -- score normalized to 6 Dangerous-Workflow :green_circle: 10 no dangerous workflow patterns detected Dependency-Update-Tool :green_circle: 10 update tool detected Fuzzing :warning: 0 project is not fuzzed License :green_circle: 10 license file detected Maintained :warning: 2 3 commit(s) out of 30 and 0 issue activity out of 30 found in the last 90 days -- score normalized to 2 Packaging :warning: -1 no published package detected Pinned-Dependencies :green_circle: 7 dependency not pinned by hash detected -- score normalized to 7 SAST :green_circle: 10 SAST tool is run on all commits Security-Policy :green_circle: 10 security policy file detected Signed-Releases :warning: -1 no releases found Token-Permissions :green_circle: 10 GitHub workflow tokens follow principle of least privilege Vulnerabilities :green_circle: 10 no vulnerabilities detected
actions/step-security/harden-runner	a4aa98b93cab29d9b1101a6143fb8bce00e2eac4	:green_circle: 8.1	Details Check Score Reason Binary-Artifacts :green_circle: 10 no binaries found in the repo Branch-Protection :warning: -1 internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration CI-Tests :green_circle: 10 16 out of 16 merged PRs checked by a CI test -- score normalized to 10 CII-Best-Practices :warning: 0 no effort to earn an OpenSSF best practices badge detected Code-Review :green_circle: 10 all changesets reviewed Contributors :green_circle: 6 2 different organizations found -- score normalized to 6 Dangerous-Workflow :green_circle: 10 no dangerous workflow patterns detected Dependency-Update-Tool :green_circle: 10 update tool detected Fuzzing :warning: 0 project is not fuzzed License :green_circle: 10 license file detected Maintained :warning: 2 3 commit(s) out of 30 and 0 issue activity out of 30 found in the last 90 days -- score normalized to 2 Packaging :warning: -1 no published package detected Pinned-Dependencies :green_circle: 7 dependency not pinned by hash detected -- score normalized to 7 SAST :green_circle: 10 SAST tool is run on all commits Security-Policy :green_circle: 10 security policy file detected Signed-Releases :warning: -1 no releases found Token-Permissions :green_circle: 10 GitHub workflow tokens follow principle of least privilege Vulnerabilities :green_circle: 10 no vulnerabilities detected
actions/step-security/harden-runner	63c24ba6bd7ba022e95695ff85de572c04a18142	:green_circle: 8.1	Details Check Score Reason Binary-Artifacts :green_circle: 10 no binaries found in the repo Branch-Protection :warning: -1 internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration CI-Tests :green_circle: 10 16 out of 16 merged PRs checked by a CI test -- score normalized to 10 CII-Best-Practices :warning: 0 no effort to earn an OpenSSF best practices badge detected Code-Review :green_circle: 10 all changesets reviewed Contributors :green_circle: 6 2 different organizations found -- score normalized to 6 Dangerous-Workflow :green_circle: 10 no dangerous workflow patterns detected Dependency-Update-Tool :green_circle: 10 update tool detected Fuzzing :warning: 0 project is not fuzzed License :green_circle: 10 license file detected Maintained :warning: 2 3 commit(s) out of 30 and 0 issue activity out of 30 found in the last 90 days -- score normalized to 2 Packaging :warning: -1 no published package detected Pinned-Dependencies :green_circle: 7 dependency not pinned by hash detected -- score normalized to 7 SAST :green_circle: 10 SAST tool is run on all commits Security-Policy :green_circle: 10 security policy file detected Signed-Releases :warning: -1 no releases found Token-Permissions :green_circle: 10 GitHub workflow tokens follow principle of least privilege Vulnerabilities :green_circle: 10 no vulnerabilities detected
actions/step-security/harden-runner	a4aa98b93cab29d9b1101a6143fb8bce00e2eac4	:green_circle: 8.1	Details Check Score Reason Binary-Artifacts :green_circle: 10 no binaries found in the repo Branch-Protection :warning: -1 internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration CI-Tests :green_circle: 10 16 out of 16 merged PRs checked by a CI test -- score normalized to 10 CII-Best-Practices :warning: 0 no effort to earn an OpenSSF best practices badge detected Code-Review :green_circle: 10 all changesets reviewed Contributors :green_circle: 6 2 different organizations found -- score normalized to 6 Dangerous-Workflow :green_circle: 10 no dangerous workflow patterns detected Dependency-Update-Tool :green_circle: 10 update tool detected Fuzzing :warning: 0 project is not fuzzed License :green_circle: 10 license file detected Maintained :warning: 2 3 commit(s) out of 30 and 0 issue activity out of 30 found in the last 90 days -- score normalized to 2 Packaging :warning: -1 no published package detected Pinned-Dependencies :green_circle: 7 dependency not pinned by hash detected -- score normalized to 7 SAST :green_circle: 10 SAST tool is run on all commits Security-Policy :green_circle: 10 security policy file detected Signed-Releases :warning: -1 no releases found Token-Permissions :green_circle: 10 GitHub workflow tokens follow principle of least privilege Vulnerabilities :green_circle: 10 no vulnerabilities detected
actions/step-security/harden-runner	63c24ba6bd7ba022e95695ff85de572c04a18142	:green_circle: 8.1	Details Check Score Reason Binary-Artifacts :green_circle: 10 no binaries found in the repo Branch-Protection :warning: -1 internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration CI-Tests :green_circle: 10 16 out of 16 merged PRs checked by a CI test -- score normalized to 10 CII-Best-Practices :warning: 0 no effort to earn an OpenSSF best practices badge detected Code-Review :green_circle: 10 all changesets reviewed Contributors :green_circle: 6 2 different organizations found -- score normalized to 6 Dangerous-Workflow :green_circle: 10 no dangerous workflow patterns detected Dependency-Update-Tool :green_circle: 10 update tool detected Fuzzing :warning: 0 project is not fuzzed License :green_circle: 10 license file detected Maintained :warning: 2 3 commit(s) out of 30 and 0 issue activity out of 30 found in the last 90 days -- score normalized to 2 Packaging :warning: -1 no published package detected Pinned-Dependencies :green_circle: 7 dependency not pinned by hash detected -- score normalized to 7 SAST :green_circle: 10 SAST tool is run on all commits Security-Policy :green_circle: 10 security policy file detected Signed-Releases :warning: -1 no releases found Token-Permissions :green_circle: 10 GitHub workflow tokens follow principle of least privilege Vulnerabilities :green_circle: 10 no vulnerabilities detected
actions/step-security/harden-runner	a4aa98b93cab29d9b1101a6143fb8bce00e2eac4	:green_circle: 8.1	Details Check Score Reason Binary-Artifacts :green_circle: 10 no binaries found in the repo Branch-Protection :warning: -1 internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration CI-Tests :green_circle: 10 16 out of 16 merged PRs checked by a CI test -- score normalized to 10 CII-Best-Practices :warning: 0 no effort to earn an OpenSSF best practices badge detected Code-Review :green_circle: 10 all changesets reviewed Contributors :green_circle: 6 2 different organizations found -- score normalized to 6 Dangerous-Workflow :green_circle: 10 no dangerous workflow patterns detected Dependency-Update-Tool :green_circle: 10 update tool detected Fuzzing :warning: 0 project is not fuzzed License :green_circle: 10 license file detected Maintained :warning: 2 3 commit(s) out of 30 and 0 issue activity out of 30 found in the last 90 days -- score normalized to 2 Packaging :warning: -1 no published package detected Pinned-Dependencies :green_circle: 7 dependency not pinned by hash detected -- score normalized to 7 SAST :green_circle: 10 SAST tool is run on all commits Security-Policy :green_circle: 10 security policy file detected Signed-Releases :warning: -1 no releases found Token-Permissions :green_circle: 10 GitHub workflow tokens follow principle of least privilege Vulnerabilities :green_circle: 10 no vulnerabilities detected
actions/step-security/harden-runner	63c24ba6bd7ba022e95695ff85de572c04a18142	:green_circle: 8.1	Details Check Score Reason Binary-Artifacts :green_circle: 10 no binaries found in the repo Branch-Protection :warning: -1 internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration CI-Tests :green_circle: 10 16 out of 16 merged PRs checked by a CI test -- score normalized to 10 CII-Best-Practices :warning: 0 no effort to earn an OpenSSF best practices badge detected Code-Review :green_circle: 10 all changesets reviewed Contributors :green_circle: 6 2 different organizations found -- score normalized to 6 Dangerous-Workflow :green_circle: 10 no dangerous workflow patterns detected Dependency-Update-Tool :green_circle: 10 update tool detected Fuzzing :warning: 0 project is not fuzzed License :green_circle: 10 license file detected Maintained :warning: 2 3 commit(s) out of 30 and 0 issue activity out of 30 found in the last 90 days -- score normalized to 2 Packaging :warning: -1 no published package detected Pinned-Dependencies :green_circle: 7 dependency not pinned by hash detected -- score normalized to 7 SAST :green_circle: 10 SAST tool is run on all commits Security-Policy :green_circle: 10 security policy file detected Signed-Releases :warning: -1 no releases found Token-Permissions :green_circle: 10 GitHub workflow tokens follow principle of least privilege Vulnerabilities :green_circle: 10 no vulnerabilities detected
actions/step-security/harden-runner	a4aa98b93cab29d9b1101a6143fb8bce00e2eac4	:green_circle: 8.1	Details Check Score Reason Binary-Artifacts :green_circle: 10 no binaries found in the repo Branch-Protection :warning: -1 internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration CI-Tests :green_circle: 10 16 out of 16 merged PRs checked by a CI test -- score normalized to 10 CII-Best-Practices :warning: 0 no effort to earn an OpenSSF best practices badge detected Code-Review :green_circle: 10 all changesets reviewed Contributors :green_circle: 6 2 different organizations found -- score normalized to 6 Dangerous-Workflow :green_circle: 10 no dangerous workflow patterns detected Dependency-Update-Tool :green_circle: 10 update tool detected Fuzzing :warning: 0 project is not fuzzed License :green_circle: 10 license file detected Maintained :warning: 2 3 commit(s) out of 30 and 0 issue activity out of 30 found in the last 90 days -- score normalized to 2 Packaging :warning: -1 no published package detected Pinned-Dependencies :green_circle: 7 dependency not pinned by hash detected -- score normalized to 7 SAST :green_circle: 10 SAST tool is run on all commits Security-Policy :green_circle: 10 security policy file detected Signed-Releases :warning: -1 no releases found Token-Permissions :green_circle: 10 GitHub workflow tokens follow principle of least privilege Vulnerabilities :green_circle: 10 no vulnerabilities detected
actions/step-security/harden-runner	63c24ba6bd7ba022e95695ff85de572c04a18142	:green_circle: 8.1	Details Check Score Reason Binary-Artifacts :green_circle: 10 no binaries found in the repo Branch-Protection :warning: -1 internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration CI-Tests :green_circle: 10 16 out of 16 merged PRs checked by a CI test -- score normalized to 10 CII-Best-Practices :warning: 0 no effort to earn an OpenSSF best practices badge detected Code-Review :green_circle: 10 all changesets reviewed Contributors :green_circle: 6 2 different organizations found -- score normalized to 6 Dangerous-Workflow :green_circle: 10 no dangerous workflow patterns detected Dependency-Update-Tool :green_circle: 10 update tool detected Fuzzing :warning: 0 project is not fuzzed License :green_circle: 10 license file detected Maintained :warning: 2 3 commit(s) out of 30 and 0 issue activity out of 30 found in the last 90 days -- score normalized to 2 Packaging :warning: -1 no published package detected Pinned-Dependencies :green_circle: 7 dependency not pinned by hash detected -- score normalized to 7 SAST :green_circle: 10 SAST tool is run on all commits Security-Policy :green_circle: 10 security policy file detected Signed-Releases :warning: -1 no releases found Token-Permissions :green_circle: 10 GitHub workflow tokens follow principle of least privilege Vulnerabilities :green_circle: 10 no vulnerabilities detected
actions/step-security/harden-runner	a4aa98b93cab29d9b1101a6143fb8bce00e2eac4	:green_circle: 8.1	Details Check Score Reason Binary-Artifacts :green_circle: 10 no binaries found in the repo Branch-Protection :warning: -1 internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration CI-Tests :green_circle: 10 16 out of 16 merged PRs checked by a CI test -- score normalized to 10 CII-Best-Practices :warning: 0 no effort to earn an OpenSSF best practices badge detected Code-Review :green_circle: 10 all changesets reviewed Contributors :green_circle: 6 2 different organizations found -- score normalized to 6 Dangerous-Workflow :green_circle: 10 no dangerous workflow patterns detected Dependency-Update-Tool :green_circle: 10 update tool detected Fuzzing :warning: 0 project is not fuzzed License :green_circle: 10 license file detected Maintained :warning: 2 3 commit(s) out of 30 and 0 issue activity out of 30 found in the last 90 days -- score normalized to 2 Packaging :warning: -1 no published package detected Pinned-Dependencies :green_circle: 7 dependency not pinned by hash detected -- score normalized to 7 SAST :green_circle: 10 SAST tool is run on all commits Security-Policy :green_circle: 10 security policy file detected Signed-Releases :warning: -1 no releases found Token-Permissions :green_circle: 10 GitHub workflow tokens follow principle of least privilege Vulnerabilities :green_circle: 10 no vulnerabilities detected
actions/step-security/harden-runner	63c24ba6bd7ba022e95695ff85de572c04a18142	:green_circle: 8.1	Details Check Score Reason Binary-Artifacts :green_circle: 10 no binaries found in the repo Branch-Protection :warning: -1 internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration CI-Tests :green_circle: 10 16 out of 16 merged PRs checked by a CI test -- score normalized to 10 CII-Best-Practices :warning: 0 no effort to earn an OpenSSF best practices badge detected Code-Review :green_circle: 10 all changesets reviewed Contributors :green_circle: 6 2 different organizations found -- score normalized to 6 Dangerous-Workflow :green_circle: 10 no dangerous workflow patterns detected Dependency-Update-Tool :green_circle: 10 update tool detected Fuzzing :warning: 0 project is not fuzzed License :green_circle: 10 license file detected Maintained :warning: 2 3 commit(s) out of 30 and 0 issue activity out of 30 found in the last 90 days -- score normalized to 2 Packaging :warning: -1 no published package detected Pinned-Dependencies :green_circle: 7 dependency not pinned by hash detected -- score normalized to 7 SAST :green_circle: 10 SAST tool is run on all commits Security-Policy :green_circle: 10 security policy file detected Signed-Releases :warning: -1 no releases found Token-Permissions :green_circle: 10 GitHub workflow tokens follow principle of least privilege Vulnerabilities :green_circle: 10 no vulnerabilities detected
actions/step-security/harden-runner	a4aa98b93cab29d9b1101a6143fb8bce00e2eac4	:green_circle: 8.1	Details Check Score Reason Binary-Artifacts :green_circle: 10 no binaries found in the repo Branch-Protection :warning: -1 internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration CI-Tests :green_circle: 10 16 out of 16 merged PRs checked by a CI test -- score normalized to 10 CII-Best-Practices :warning: 0 no effort to earn an OpenSSF best practices badge detected Code-Review :green_circle: 10 all changesets reviewed Contributors :green_circle: 6 2 different organizations found -- score normalized to 6 Dangerous-Workflow :green_circle: 10 no dangerous workflow patterns detected Dependency-Update-Tool :green_circle: 10 update tool detected Fuzzing :warning: 0 project is not fuzzed License :green_circle: 10 license file detected Maintained :warning: 2 3 commit(s) out of 30 and 0 issue activity out of 30 found in the last 90 days -- score normalized to 2 Packaging :warning: -1 no published package detected Pinned-Dependencies :green_circle: 7 dependency not pinned by hash detected -- score normalized to 7 SAST :green_circle: 10 SAST tool is run on all commits Security-Policy :green_circle: 10 security policy file detected Signed-Releases :warning: -1 no releases found Token-Permissions :green_circle: 10 GitHub workflow tokens follow principle of least privilege Vulnerabilities :green_circle: 10 no vulnerabilities detected
actions/step-security/harden-runner	63c24ba6bd7ba022e95695ff85de572c04a18142	:green_circle: 8.1	Details Check Score Reason Binary-Artifacts :green_circle: 10 no binaries found in the repo Branch-Protection :warning: -1 internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration CI-Tests :green_circle: 10 16 out of 16 merged PRs checked by a CI test -- score normalized to 10 CII-Best-Practices :warning: 0 no effort to earn an OpenSSF best practices badge detected Code-Review :green_circle: 10 all changesets reviewed Contributors :green_circle: 6 2 different organizations found -- score normalized to 6 Dangerous-Workflow :green_circle: 10 no dangerous workflow patterns detected Dependency-Update-Tool :green_circle: 10 update tool detected Fuzzing :warning: 0 project is not fuzzed License :green_circle: 10 license file detected Maintained :warning: 2 3 commit(s) out of 30 and 0 issue activity out of 30 found in the last 90 days -- score normalized to 2 Packaging :warning: -1 no published package detected Pinned-Dependencies :green_circle: 7 dependency not pinned by hash detected -- score normalized to 7 SAST :green_circle: 10 SAST tool is run on all commits Security-Policy :green_circle: 10 security policy file detected Signed-Releases :warning: -1 no releases found Token-Permissions :green_circle: 10 GitHub workflow tokens follow principle of least privilege Vulnerabilities :green_circle: 10 no vulnerabilities detected
actions/step-security/harden-runner	a4aa98b93cab29d9b1101a6143fb8bce00e2eac4	:green_circle: 8.1	Details Check Score Reason Binary-Artifacts :green_circle: 10 no binaries found in the repo Branch-Protection :warning: -1 internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration CI-Tests :green_circle: 10 16 out of 16 merged PRs checked by a CI test -- score normalized to 10 CII-Best-Practices :warning: 0 no effort to earn an OpenSSF best practices badge detected Code-Review :green_circle: 10 all changesets reviewed Contributors :green_circle: 6 2 different organizations found -- score normalized to 6 Dangerous-Workflow :green_circle: 10 no dangerous workflow patterns detected Dependency-Update-Tool :green_circle: 10 update tool detected Fuzzing :warning: 0 project is not fuzzed License :green_circle: 10 license file detected Maintained :warning: 2 3 commit(s) out of 30 and 0 issue activity out of 30 found in the last 90 days -- score normalized to 2 Packaging :warning: -1 no published package detected Pinned-Dependencies :green_circle: 7 dependency not pinned by hash detected -- score normalized to 7 SAST :green_circle: 10 SAST tool is run on all commits Security-Policy :green_circle: 10 security policy file detected Signed-Releases :warning: -1 no releases found Token-Permissions :green_circle: 10 GitHub workflow tokens follow principle of least privilege Vulnerabilities :green_circle: 10 no vulnerabilities detected
actions/step-security/harden-runner	63c24ba6bd7ba022e95695ff85de572c04a18142	:green_circle: 8.1	Details Check Score Reason Binary-Artifacts :green_circle: 10 no binaries found in the repo Branch-Protection :warning: -1 internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration CI-Tests :green_circle: 10 16 out of 16 merged PRs checked by a CI test -- score normalized to 10 CII-Best-Practices :warning: 0 no effort to earn an OpenSSF best practices badge detected Code-Review :green_circle: 10 all changesets reviewed Contributors :green_circle: 6 2 different organizations found -- score normalized to 6 Dangerous-Workflow :green_circle: 10 no dangerous workflow patterns detected Dependency-Update-Tool :green_circle: 10 update tool detected Fuzzing :warning: 0 project is not fuzzed License :green_circle: 10 license file detected Maintained :warning: 2 3 commit(s) out of 30 and 0 issue activity out of 30 found in the last 90 days -- score normalized to 2 Packaging :warning: -1 no published package detected Pinned-Dependencies :green_circle: 7 dependency not pinned by hash detected -- score normalized to 7 SAST :green_circle: 10 SAST tool is run on all commits Security-Policy :green_circle: 10 security policy file detected Signed-Releases :warning: -1 no releases found Token-Permissions :green_circle: 10 GitHub workflow tokens follow principle of least privilege Vulnerabilities :green_circle: 10 no vulnerabilities detected

Scanned Manifest Files

.github/workflows/cmake-multi-platform.yml

• step-security/harden-runner@a4aa98b93cab29d9b1101a6143fb8bce00e2eac4
• step-security/harden-runner@63c24ba6bd7ba022e95695ff85de572c04a18142

.github/workflows/codeql.yml

• step-security/harden-runner@a4aa98b93cab29d9b1101a6143fb8bce00e2eac4
• step-security/harden-runner@63c24ba6bd7ba022e95695ff85de572c04a18142

.github/workflows/create-release.yml

• step-security/harden-runner@a4aa98b93cab29d9b1101a6143fb8bce00e2eac4
• step-security/harden-runner@63c24ba6bd7ba022e95695ff85de572c04a18142

.github/workflows/dependency-review.yml

• step-security/harden-runner@a4aa98b93cab29d9b1101a6143fb8bce00e2eac4
• step-security/harden-runner@63c24ba6bd7ba022e95695ff85de572c04a18142

.github/workflows/docker-publish.yml

• step-security/harden-runner@a4aa98b93cab29d9b1101a6143fb8bce00e2eac4
• step-security/harden-runner@63c24ba6bd7ba022e95695ff85de572c04a18142

.github/workflows/docker-scout-scan.yml

• step-security/harden-runner@a4aa98b93cab29d9b1101a6143fb8bce00e2eac4
• step-security/harden-runner@63c24ba6bd7ba022e95695ff85de572c04a18142

.github/workflows/jekyll-gh-pages.yml

• step-security/harden-runner@a4aa98b93cab29d9b1101a6143fb8bce00e2eac4
• step-security/harden-runner@63c24ba6bd7ba022e95695ff85de572c04a18142

.github/workflows/sbom-generate-submit.yml

• step-security/harden-runner@a4aa98b93cab29d9b1101a6143fb8bce00e2eac4
• step-security/harden-runner@63c24ba6bd7ba022e95695ff85de572c04a18142

.github/workflows/scorecard.yml

• step-security/harden-runner@a4aa98b93cab29d9b1101a6143fb8bce00e2eac4
• step-security/harden-runner@63c24ba6bd7ba022e95695ff85de572c04a18142