You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Would be good to get added https://securityscorecards.dev/ to better know where next improvements could happen and when evaluating the risk of using a component like this.
Would be good to get added https://securityscorecards.dev/ to better know where next improvements could happen and when evaluating the risk of using a component like this.
`scorecard --repo=https://github.com/plotly/dash
Starting [Packaging]
Starting [Security-Policy]
Starting [Pinned-Dependencies]
Starting [Signed-Releases]
Starting [Code-Review]
Starting [CI-Tests]
Starting [CII-Best-Practices]
Starting [Token-Permissions]
Starting [License]
Starting [Maintained]
Starting [SAST]
Starting [Binary-Artifacts]
Starting [Branch-Protection]
Starting [Contributors]
Starting [Fuzzing]
Starting [Vulnerabilities]
Starting [Dependency-Update-Tool]
Starting [Dangerous-Workflow]
Finished [Code-Review]
Finished [CI-Tests]
Finished [CII-Best-Practices]
Finished [Token-Permissions]
Finished [Packaging]
Finished [Security-Policy]
Finished [Pinned-Dependencies]
Finished [Signed-Releases]
Finished [SAST]
Finished [Binary-Artifacts]
Finished [License]
Finished [Maintained]
Finished [Branch-Protection]
Finished [Contributors]
Finished [Fuzzing]
Finished [Vulnerabilities]
Finished [Dependency-Update-Tool]
Finished [Dangerous-Workflow]
RESULTS
Aggregate score: 5.4 / 10
Check scores:
|---------|------------------------|--------------------------------|-----------------------------------------------------------------------------------------------------------------------|
| SCORE | NAME | REASON | DOCUMENTATION/REMEDIATION |
|---------|------------------------|--------------------------------|-----------------------------------------------------------------------------------------------------------------------|
| 10 / 10 | Binary-Artifacts | no binaries found in the repo | https://github.com/ossf/scorecard/blob/b6f48b370e61367600eafb257b4ad07feb9578ab/docs/checks.md#binary-artifacts |
|---------|------------------------|--------------------------------|-----------------------------------------------------------------------------------------------------------------------|
| 8 / 10 | Branch-Protection | branch protection is not | https://github.com/ossf/scorecard/blob/b6f48b370e61367600eafb257b4ad07feb9578ab/docs/checks.md#branch-protection |
| | | maximal on development and all | |
| | | release branches | |
|---------|------------------------|--------------------------------|-----------------------------------------------------------------------------------------------------------------------|
| 10 / 10 | CI-Tests | 7 out of 7 merged PRs | https://github.com/ossf/scorecard/blob/b6f48b370e61367600eafb257b4ad07feb9578ab/docs/checks.md#ci-tests |
| | | checked by a CI test -- score | |
| | | normalized to 10 | |
|---------|------------------------|--------------------------------|-----------------------------------------------------------------------------------------------------------------------|
| 0 / 10 | CII-Best-Practices | no effort to earn an OpenSSF | https://github.com/ossf/scorecard/blob/b6f48b370e61367600eafb257b4ad07feb9578ab/docs/checks.md#cii-best-practices |
| | | best practices badge detected | |
|---------|------------------------|--------------------------------|-----------------------------------------------------------------------------------------------------------------------|
| 8 / 10 | Code-Review | found 1 unreviewed changesets | https://github.com/ossf/scorecard/blob/b6f48b370e61367600eafb257b4ad07feb9578ab/docs/checks.md#code-review |
| | | out of 7 -- score normalized | |
| | | to 8 | |
|---------|------------------------|--------------------------------|-----------------------------------------------------------------------------------------------------------------------|
| 10 / 10 | Contributors | 25 different organizations | https://github.com/ossf/scorecard/blob/b6f48b370e61367600eafb257b4ad07feb9578ab/docs/checks.md#contributors |
| | | found -- score normalized to | |
| | | 10 | |
|---------|------------------------|--------------------------------|-----------------------------------------------------------------------------------------------------------------------|
| 10 / 10 | Dangerous-Workflow | no dangerous workflow patterns | https://github.com/ossf/scorecard/blob/b6f48b370e61367600eafb257b4ad07feb9578ab/docs/checks.md#dangerous-workflow |
| | | detected | |
|---------|------------------------|--------------------------------|-----------------------------------------------------------------------------------------------------------------------|
| 10 / 10 | Dependency-Update-Tool | update tool detected | https://github.com/ossf/scorecard/blob/b6f48b370e61367600eafb257b4ad07feb9578ab/docs/checks.md#dependency-update-tool |
|---------|------------------------|--------------------------------|-----------------------------------------------------------------------------------------------------------------------|
| 0 / 10 | Fuzzing | project is not fuzzed | https://github.com/ossf/scorecard/blob/b6f48b370e61367600eafb257b4ad07feb9578ab/docs/checks.md#fuzzing |
|---------|------------------------|--------------------------------|-----------------------------------------------------------------------------------------------------------------------|
| 10 / 10 | License | license file detected | https://github.com/ossf/scorecard/blob/b6f48b370e61367600eafb257b4ad07feb9578ab/docs/checks.md#license |
|---------|------------------------|--------------------------------|-----------------------------------------------------------------------------------------------------------------------|
| 10 / 10 | Maintained | 30 commit(s) out of 30 and 1 | https://github.com/ossf/scorecard/blob/b6f48b370e61367600eafb257b4ad07feb9578ab/docs/checks.md#maintained |
| | | issue activity out of 30 found | |
| | | in the last 90 days -- score | |
| | | normalized to 10 | |
|---------|------------------------|--------------------------------|-----------------------------------------------------------------------------------------------------------------------|
| ? | Packaging | no published package detected | https://github.com/ossf/scorecard/blob/b6f48b370e61367600eafb257b4ad07feb9578ab/docs/checks.md#packaging |
|---------|------------------------|--------------------------------|-----------------------------------------------------------------------------------------------------------------------|
| 4 / 10 | Pinned-Dependencies | dependency not pinned by hash | https://github.com/ossf/scorecard/blob/b6f48b370e61367600eafb257b4ad07feb9578ab/docs/checks.md#pinned-dependencies |
| | | detected -- score normalized | |
| | | to 4 | |
|---------|------------------------|--------------------------------|-----------------------------------------------------------------------------------------------------------------------|
| 0 / 10 | SAST | SAST tool is not run on all | https://github.com/ossf/scorecard/blob/b6f48b370e61367600eafb257b4ad07feb9578ab/docs/checks.md#sast |
| | | commits -- score normalized to | |
| | | 0 | |
|---------|------------------------|--------------------------------|-----------------------------------------------------------------------------------------------------------------------|
| 0 / 10 | Security-Policy | security policy file not | https://github.com/ossf/scorecard/blob/b6f48b370e61367600eafb257b4ad07feb9578ab/docs/checks.md#security-policy |
| | | detected | |
|---------|------------------------|--------------------------------|-----------------------------------------------------------------------------------------------------------------------|
| 0 / 10 | Signed-Releases | 0 out of 1 artifacts are | https://github.com/ossf/scorecard/blob/b6f48b370e61367600eafb257b4ad07feb9578ab/docs/checks.md#signed-releases |
| | | signed or have provenance | |
|---------|------------------------|--------------------------------|-----------------------------------------------------------------------------------------------------------------------|
| 0 / 10 | Token-Permissions | detected GitHub workflow | https://github.com/ossf/scorecard/blob/b6f48b370e61367600eafb257b4ad07feb9578ab/docs/checks.md#token-permissions |
| | | tokens with excessive | |
| | | permissions | |
|---------|------------------------|--------------------------------|-----------------------------------------------------------------------------------------------------------------------|
| 0 / 10 | Vulnerabilities | 46 existing vulnerabilities | https://github.com/ossf/scorecard/blob/b6f48b370e61367600eafb257b4ad07feb9578ab/docs/checks.md#vulnerabilities |
| | | detected | |
|---------|------------------------|--------------------------------|-----------------------------------------------------------------------------------------------------------------------|
`
The text was updated successfully, but these errors were encountered: