naveensrinivasan
commented
3 years ago The latest master does not seem to have issues.
./scorecard --repo=github.com/ARMmbed/mbedtls --show-details --format=json | jq
{
"Repo": "github.com/ARMmbed/mbedtls",
"Date": "2021-03-05",
"Checks": [
{
"CheckName": "Active",
"Pass": true,
"Confidence": 10,
"Details": [
"commits in last 90 days: 30"
]
},
{
"CheckName": "Branch-Protection",
"Pass": false,
"Confidence": 0,
"Details": [
"error, retrying: GET https://api.github.com/repos/ARMmbed/mbedtls/branches/development/protection: 404 Not Found []"
]
},
{
"CheckName": "CI-Tests",
"Pass": true,
"Confidence": 9,
"Details": [
"CI test found: pr: 4194, context: continuous-integration/jenkins/pr-headuccess, url: https://api.github.com/repos/ARMmbed/mbedtls/statuses/ea4cc855e2abfcbaeccb67b3d22ec8baa5d43174uccess",
"CI test found: pr: 4193, context: continuous-integration/jenkins/pr-mergeuccess, url: https://api.github.com/repos/ARMmbed/mbedtls/statuses/fc2c79633b4e16ee463667b655778403913bf62duccess",
"CI test found: pr: 4181, context: continuous-integration/jenkins/pr-headuccess, url: https://api.github.com/repos/ARMmbed/mbedtls/statuses/51f5d31635064fe984cb5f57a725af2d0ad4fdc1uccess",
"CI test found: pr: 4180, context: continuous-integration/jenkins/pr-mergeuccess, url: https://api.github.com/repos/ARMmbed/mbedtls/statuses/388a9d3a8bd14a37354ee3611e58d6d92c40bf14uccess",
"CI test found: pr: 4173, context: continuous-integration/jenkins/pr-headuccess, url: https://api.github.com/repos/ARMmbed/mbedtls/statuses/9264e01730a4a99614e228bdbdbdbcbb2f4ab642uccess",
"CI test found: pr: 4168, context: continuous-integration/jenkins/pr-mergeuccess, url: https://api.github.com/repos/ARMmbed/mbedtls/statuses/e538896ad8bf1a3f0ebb7890abc6008c97c19449uccess",
"CI test found: pr: 4159, context: continuous-integration/jenkins/pr-mergeuccess, url: https://api.github.com/repos/ARMmbed/mbedtls/statuses/5fd5747402d27b5c05e00a88915980c123054057uccess",
"CI test found: pr: 4155, context: continuous-integration/jenkins/pr-mergeuccess, url: https://api.github.com/repos/ARMmbed/mbedtls/statuses/e8d7e6c6e4740215ef44ba58f6ed5e323c55463fuccess",
"!! found merged PR without CI test: 4154",
"CI test found: pr: 4150, context: continuous-integration/jenkins/pr-headuccess, url: https://api.github.com/repos/ARMmbed/mbedtls/statuses/7d48b2821808e964ab594462e419fbed0e015729uccess",
"CI test found: pr: 4148, context: PR-4148-merge TLS Testinguccess, url: https://api.github.com/repos/ARMmbed/mbedtls/statuses/f49478b1ff4424bbde076055db7d914408fb54bduccess",
"CI test found: pr: 4145, context: PR-4145-merge TLS Testinguccess, url: https://api.github.com/repos/ARMmbed/mbedtls/statuses/932ffb7ab21fb026c91742f933baf1e05cde8bbbuccess",
"CI test found: pr: 4143, context: continuous-integration/jenkins/pr-mergeuccess, url: https://api.github.com/repos/ARMmbed/mbedtls/statuses/70f654a89c053c57be38bc2cedef89f7a09f9117uccess",
"CI test found: pr: 4141, context: continuous-integration/jenkins/pr-headuccess, url: https://api.github.com/repos/ARMmbed/mbedtls/statuses/f29019f9cc699dfc8f0f03cb3f8c39138f300cafuccess",
"CI test found: pr: 4137, context: continuous-integration/jenkins/pr-mergeuccess, url: https://api.github.com/repos/ARMmbed/mbedtls/statuses/74afe47cc8552b53433d516dc576579b32284edfuccess",
"CI test found: pr: 4136, context: continuous-integration/jenkins/pr-mergeuccess, url: https://api.github.com/repos/ARMmbed/mbedtls/statuses/0279c2fc706910d02a6c6bf3464a3fb0810abd77uccess",
"CI test found: pr: 4135, context: continuous-integration/jenkins/pr-mergeuccess, url: https://api.github.com/repos/ARMmbed/mbedtls/statuses/8607f069e71442c0d918ffa372dc6ada658daa5duccess",
"CI test found: pr: 4134, context: continuous-integration/jenkins/pr-mergeuccess, url: https://api.github.com/repos/ARMmbed/mbedtls/statuses/2cf44b69414b2bf3d52fd11e4b9b856707dbf801uccess",
"CI test found: pr: 4133, context: PR-4133-merge TLS Testinguccess, url: https://api.github.com/repos/ARMmbed/mbedtls/statuses/2c5d9e6a32ec2e131eaf1c015dab65b2ff83059euccess",
"CI test found: pr: 4131, context: continuous-integration/jenkins/pr-mergeuccess, url: https://api.github.com/repos/ARMmbed/mbedtls/statuses/d17062e6bfb0005cd4147684f1ed10a43d2008a5uccess",
"CI test found: pr: 4129, context: continuous-integration/jenkins/pr-mergeuccess, url: https://api.github.com/repos/ARMmbed/mbedtls/statuses/a6d155fb47682dae909d9e186042001ba8d5f01euccess",
"CI test found: pr: 4126, context: PR-4126-merge TLS Testinguccess, url: https://api.github.com/repos/ARMmbed/mbedtls/statuses/b168c0d2e651aff4e8402208741a77f7ee81e658uccess",
"CI test found: pr: 4123, context: continuous-integration/jenkins/pr-mergeuccess, url: https://api.github.com/repos/ARMmbed/mbedtls/statuses/91892021569f3aa87d1adcfe3e4de65c85dcfa4euccess",
"CI test found: pr: 4120, context: continuous-integration/jenkins/pr-mergeuccess, url: https://api.github.com/repos/ARMmbed/mbedtls/statuses/fe9a425941ee7cf2048b12ce46389dc371524c94uccess",
"CI test found: pr: 4115, context: continuous-integration/jenkins/pr-mergeuccess, url: https://api.github.com/repos/ARMmbed/mbedtls/statuses/b22a31f805e53c1cef6880b0f2430faf0b38c78duccess",
"CI test found: pr: 4110, context: continuous-integration/jenkins/pr-mergeuccess, url: https://api.github.com/repos/ARMmbed/mbedtls/statuses/277a3a6609bf800e0b1329c012d66524d4d14c91uccess",
"found CI tests for 25 of 26 merged PRs"
]
},
{
"CheckName": "CII-Best-Practices",
"Pass": false,
"Confidence": 10,
"Details": [
"no badge found"
]
},
{
"CheckName": "Code-Review",
"Pass": true,
"Confidence": 10,
"Details": [
"found review approved pr: 4194",
"found review approved pr: 4193",
"found review approved pr: 4181",
"found review approved pr: 4180",
"found review approved pr: 4173",
"found review approved pr: 4168",
"found review approved pr: 4159",
"found review approved pr: 4155",
"found review approved pr: 4154",
"found review approved pr: 4150",
"found review approved pr: 4148",
"found review approved pr: 4145",
"found review approved pr: 4143",
"found review approved pr: 4141",
"found review approved pr: 4137",
"found review approved pr: 4136",
"found review approved pr: 4135",
"found review approved pr: 4134",
"found review approved pr: 4133",
"found review approved pr: 4131",
"found review approved pr: 4129",
"found review approved pr: 4126",
"found review approved pr: 4123",
"found review approved pr: 4120",
"found review approved pr: 4115",
"found review approved pr: 4110",
"github code reviews found"
]
},
{
"CheckName": "Contributors",
"Pass": true,
"Confidence": 10,
"Details": [
"companies found: silicon labs,microsoft,clover,arm ltd.,Linaro,arm-software @armmbed,SECURED-FP7,fermat software,armmbed,arm ltd,arm-software,arm,drunken-coders,BelledonneCommunications"
]
},
{
"CheckName": "Frozen-Deps",
"Pass": false,
"Confidence": 5,
"Details": null
},
{
"CheckName": "Fuzzing",
"Pass": true,
"Confidence": 10,
"Details": [
"found project in OSS-Fuzz"
]
},
{
"CheckName": "Packaging",
"Pass": false,
"Confidence": 0,
"Details": [
"error, retrying: GET https://api.github.com/repos/ARMmbed/mbedtls/contents/.github/workflows: 404 Not Found []"
]
},
{
"CheckName": "Pull-Requests",
"Pass": true,
"Confidence": 10,
"Details": [
"found commit with PR: 477a4636845a3ebc7510325b37359493518d04b4",
"found commit with PR: d0b0ba8179580c38940b8472bbedfd29657baf68",
"found commit with PR: 9264e01730a4a99614e228bdbdbdbcbb2f4ab642",
"found commit with PR: e538896ad8bf1a3f0ebb7890abc6008c97c19449",
"found commit with PR: 2a0278734b7fbf8a448c5220a342716041a6972d",
"found commit with PR: 34045c1d6a28cd7c8d6e4b43c4dcbf0f4f66b513",
"found commit with PR: 574cf7b59f295bc4000fc7fbe01213bb6c7ea93a",
"found commit with PR: 97c57fe4392510187e67e17470dfcecf845c6c80",
"found commit with PR: c8dab5b41e607a920689bbe846203c2083560ee6",
"found commit with PR: e28f236b6b1aca7205752c3299b1142739581f4e",
"found commit with PR: ddf437487901f61042fbd2b30b8c2a4b5a25134a",
"found commit with PR: 6667a78c9bb8233d1938f35aff7daa7cfc1ed11f",
"found commit with PR: 1c0e48a2cebadb6601dfbe8d1d68909e4d54d730",
"found commit with PR: 7f3d10de02567954077095f28211d8f0aa53c96f",
"found commit with PR: 2ac5f8c04bd9b16e04fdc1b255f9bf2d6c441635",
"found commit with PR: 78fd3b7761831b87a4ac4c086c767e955cd123f3",
"found commit with PR: f29019f9cc699dfc8f0f03cb3f8c39138f300caf",
"found commit with PR: 5a7702e76da7454861d5b9ecbd19da492141ecf2",
"found commit with PR: c86a16548c82c345d2784d6b79eecfcef71ce08a",
"found commit with PR: 6b362e6f01557bff5eb798f77ef1c4f0187d51c9",
"found commit with PR: 6e0d5bd00d84944a66353c26cc80b4cce7559337",
"found commit with PR: 65048ad648cdd7c213ac6da7ebfc2145aa8d228a",
"found commit with PR: aae718cacaeef4be546df10e2ce7f5969a765e1d",
"found commit with PR: e09ef873640a36057a1e81172061f732a195ddfd",
"found commit with PR: 313ffb8f90a2f484e1e789eef7975a79846237e9",
"found commit with PR: b9ad79417d72b856fb4917c97b2386571946f3a5",
"found commit with PR: e95a643839cb3ff7f74a525e6ea64dbe9f643491",
"found commit with PR: 2385f71abd5554c3a683c7111b46e13b4dda1f7d",
"found commit with PR: cc9db30851dd186d396752f1247b2bf9c167f43b",
"found commit with PR: 5c2665b1646e741d3ced9a111d62c091887cf38f",
"found PRs for 30 out of 30 commits"
]
},
{
"CheckName": "SAST",
"Pass": false,
"Confidence": 10,
"Details": null
},
{
"CheckName": "Security-Policy",
"Pass": false,
"Confidence": 0,
"Details": [
"error, retrying: GET https://api.github.com/repos/ARMmbed/.github: 404 Not Found []"
]
},
{
"CheckName": "Signed-Releases",
"Pass": false,
"Confidence": 0,
"Details": [
"no releases found"
]
},
{
"CheckName": "Signed-Tags",
"Pass": false,
"Confidence": 10,
"Details": [
"!! unverified tag found: yotta-2.2.2, commit: 5cbb2a1e9a114b15394e2f8eab7c544996d6ab34, reason: unsigned",
"!! unverified tag found: yotta-2.2.3, commit: 118b26b4d6b671514eedd4966217320e5a74eed4, reason: unsigned",
"!! unverified tag found: yotta-2.3.0, commit: 5934e08e7a0d544a452f31ff5785565e6ed636e5, reason: unsigned",
"!! unverified tag found: yotta-2.3.1, commit: 152af29848d533878d44b39f47970e2fd42f0f9c, reason: unsigned",
"!! unverified tag found: yotta-2.3.2, commit: 72e801213e445a41da2d1e55203964b5780379f3, reason: unsigned",
"found 0 out of 5 verified tags"
]
}
],
"MetaData": []
}
Describe the bug 2021-03-02 17:13:54.478 PSTpanic: runtime error: invalid memory address or nil pointer dereference [signal SIGSEGV: segmentation violation code=0x1 addr=0x0 pc=0x80e988] goroutine 20 [running]: github.com/ossf/scorecard/checks.BranchProtection(0xab5100, 0xc00009c000, 0xc0000d2420, 0xc0000ae0d0, 0xc000097560, 0xc00009a0d3, 0x7, 0xc00009a0db, 0x7, 0xc000093390, ...) /go/src/github.com/ossf/scorecard/checks/branch_protected.go:33 +0xe8 github.com/ossf/scorecard/checker.(*Runner).Run(0xc00013fea8, 0xa356c8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0) /go/src/github.com/ossf/scorecard/checker/checker.go:54 +0x1a5 github.com/ossf/scorecard/pkg.RunScorecards.func1(0xc00009c414, 0xab5100, 0xc00009c000, 0xc0000d2420, 0xc0000ae0d0, 0xc000097560, 0xc00009a0d3, 0x7, 0xc00009a0db, 0x7, ...) /go/src/github.com/ossf/scorecard/pkg/scorecard.go:107 +0xd4 created by github.com/ossf/scorecard/pkg.RunScorecards /go/src/github.com/ossf/scorecard/pkg/scorecard.go:104 +0x353
Reproduction steps Steps to reproduce the behavior: Probably with github.com/ARMmbed/mbedtls
Expected behavior Bail out instead of crash
Additional context Add any other context about the problem here.