search

sjinks / wp-two-factor-provider-webauthn

WebAuthn Provider for Two Factor plugin
https://wordpress.org/plugins/two-factor-provider-webauthn/
MIT License
14 stars 5 forks source link

ci: generate and publish provenance statement #771

Closed sjinks closed 2 months ago

github-actions[bot] commented 2 months ago

Dependency Review

✅ No vulnerabilities or license issues or OpenSSF Scorecard issues found.

OpenSSF Scorecard

PackageVersionScoreDetails
actions/10up/action-wordpress-plugin-deploy abb939a0d0bfd01063e8d1933833209201557381 :green_circle: 5.8
Details
CheckScoreReason
Code-Review:green_circle: 8Found 6/7 approved changesets -- score normalized to 8
Maintained:green_circle: 54 commit(s) and 2 issue activity found in the last 90 days -- score normalized to 5
CII-Best-Practices:warning: 0no effort to earn an OpenSSF best practices badge detected
License:green_circle: 10license file detected
Binary-Artifacts:green_circle: 10no binaries found in the repo
Packaging:warning: -1packaging workflow not detected
Dangerous-Workflow:green_circle: 10no dangerous workflow patterns detected
Token-Permissions:warning: 0detected GitHub workflow tokens with excessive permissions
Signed-Releases:warning: -1no releases found
Vulnerabilities:green_circle: 100 existing vulnerabilities detected
Branch-Protection:warning: -1internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration
Fuzzing:warning: 0project is not fuzzed
Security-Policy:green_circle: 10security policy file detected
SAST:warning: 0SAST tool is not run on all commits -- score normalized to 0
Pinned-Dependencies:warning: 0dependency not pinned by hash detected -- score normalized to 0
actions/actions/attest-build-provenance 897ed5eab6ed058a474202017ada7f40bfa52940 UnknownUnknown
actions/10up/action-wordpress-plugin-deploy stable :green_circle: 5.8
Details
CheckScoreReason
Code-Review:green_circle: 8Found 6/7 approved changesets -- score normalized to 8
Maintained:green_circle: 54 commit(s) and 2 issue activity found in the last 90 days -- score normalized to 5
CII-Best-Practices:warning: 0no effort to earn an OpenSSF best practices badge detected
License:green_circle: 10license file detected
Binary-Artifacts:green_circle: 10no binaries found in the repo
Packaging:warning: -1packaging workflow not detected
Dangerous-Workflow:green_circle: 10no dangerous workflow patterns detected
Token-Permissions:warning: 0detected GitHub workflow tokens with excessive permissions
Signed-Releases:warning: -1no releases found
Vulnerabilities:green_circle: 100 existing vulnerabilities detected
Branch-Protection:warning: -1internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration
Fuzzing:warning: 0project is not fuzzed
Security-Policy:green_circle: 10security policy file detected
SAST:warning: 0SAST tool is not run on all commits -- score normalized to 0
Pinned-Dependencies:warning: 0dependency not pinned by hash detected -- score normalized to 0

Scanned Manifest Files

.github/workflows/push-tag.yml
  • 10up/action-wordpress-plugin-deploy@abb939a0d0bfd01063e8d1933833209201557381
  • actions/attest-build-provenance@897ed5eab6ed058a474202017ada7f40bfa52940
  • 10up/action-wordpress-plugin-deploy@stable