test 1.8

[randomicecube]

goal: caching working

[github-actions]

Software Supply Chain Report of randomicecube/spoon - HEAD

This report is a gradual report: that is, only the highest severity smell type with issues found within this project is reported.
Gradual reports are enabled by default. You can disable this feature, and get a full report, by using the --no-gradual-report flag.

All available checks were performed.

---

How to read the results 📖

Dirty-waters has analyzed your project dependencies and found different categories for each of them:

• ⚠️⚠️⚠️ : high severity

• ⚠️⚠️: medium severity

• ⚠️: low severity

Total packages in the supply chain: 286

❗ Packages with no source code URL (⚠️⚠️⚠️) 2

⛔ Packages with repo URL that is 404 (⚠️⚠️⚠️) 1

🔧 Packages with inaccessible GitHub tag (⚠️⚠️) 42

🌵 Packages that are forks (⚠️⚠️) 1

🔒 Packages without code signature (⚠️⚠️) 286

Other info:

• Source code repo is not hosted on GitHub: 56

  This could be due to the package being hosted on a different platform or the package not having a source code repo.

Fine grained information

🐬 For further information about software supply chain smells in your project, take a look at the following tables.

Source code links that could not be found(3)

index	package_name	github_url	github_exists	command
1	org.sonatype.plexus:plexus-sec-dispatcher@1.3	No_repo_info_found		resolve-plugins
2	org.sonatype.plexus:plexus-cipher@1.4	No_repo_info_found		resolve-plugins
3	org.iq80.snappy:snappy@0.4	https://github.com/dain/snapy	False	resolve-plugins

Call to Action:

👻What do I do now?

For packages without source code & accessible release tags:

    Pull Request to the maintainer of dependency, requesting correct repository metadata and proper tagging. 

For deprecated packages:

    1. Confirm the maintainer’s deprecation intention 
    2. Check for not deprecated versions

For packages without provenance:

    Open an issue in the dependency’s repository to request the inclusion of provenance and build attestation in the CI/CD pipeline. 

For packages that are forks

    Inspect the package and its GitHub repository to verify the fork is not malicious. 

For packages without code signature:

    Open an issue in the dependency’s repository to request the inclusion of code signature in the CI/CD pipeline. 

For packages with invalid code signature:

    It's recommended to verify the code signature and contact the maintainer to fix the issue. 

---

Report created by dirty-waters.

Report created on 2025-02-19 10:08:42

• Tool version: 8ff7f306
• Project Name: randomicecube/spoon
• Project Version: HEAD

[coveralls]

Pull Request Test Coverage Report for Build #6

Details

• 0 of 0 changed or added relevant lines in 0 files are covered.
• 1 unchanged line in 1 file lost coverage.
• Overall coverage decreased (-0.003%) to 87.524%

---

Files with Coverage Reduction	New Missed Lines	%
src/main/java/spoon/pattern/internal/PatternPrinter.java	1	94.26%

Totals
Change from base Build #1:	-0.003%
Covered Lines:	30117
Relevant Lines:	34410

---

💛 - Coveralls

[github-actions]

Software Supply Chain Report of randomicecube/spoon - HEAD

This report is a gradual report: that is, only the highest severity smell type with issues found within this project is reported.
Gradual reports are enabled by default. You can disable this feature, and get a full report, by using the --no-gradual-report flag.

All available checks were performed.

---

How to read the results 📖

Dirty-waters has analyzed your project dependencies and found different categories for each of them:

• ⚠️⚠️⚠️ : high severity

• ⚠️⚠️: medium severity

• ⚠️: low severity

Total packages in the supply chain: 286

❗ Packages with no source code URL (⚠️⚠️⚠️) 2

⛔ Packages with repo URL that is 404 (⚠️⚠️⚠️) 1

🔧 Packages with inaccessible GitHub tag (⚠️⚠️) 42

🌵 Packages that are forks (⚠️⚠️) 1

🔒 Packages without code signature (⚠️⚠️) 286

Other info:

• Source code repo is not hosted on GitHub: 56

  This could be due to the package being hosted on a different platform or the package not having a source code repo.

Fine grained information

🐬 For further information about software supply chain smells in your project, take a look at the following tables.

Source code links that could not be found(3)

index	package_name	github_url	github_exists	command
1	org.sonatype.plexus:plexus-sec-dispatcher@1.3	No_repo_info_found		resolve-plugins
2	org.sonatype.plexus:plexus-cipher@1.4	No_repo_info_found		resolve-plugins
3	org.iq80.snappy:snappy@0.4	https://github.com/dain/snapy	False	resolve-plugins

Call to Action:

👻What do I do now?

For packages without source code & accessible release tags:

    Pull Request to the maintainer of dependency, requesting correct repository metadata and proper tagging. 

For deprecated packages:

    1. Confirm the maintainer’s deprecation intention 
    2. Check for not deprecated versions

For packages without provenance:

    Open an issue in the dependency’s repository to request the inclusion of provenance and build attestation in the CI/CD pipeline. 

For packages that are forks

    Inspect the package and its GitHub repository to verify the fork is not malicious. 

For packages without code signature:

    Open an issue in the dependency’s repository to request the inclusion of code signature in the CI/CD pipeline. 

For packages with invalid code signature:

    It's recommended to verify the code signature and contact the maintainer to fix the issue. 

---

Report created by dirty-waters.

Report created on 2025-02-19 12:29:05

• Tool version: 8ff7f306
• Project Name: randomicecube/spoon
• Project Version: HEAD

[github-actions]

Software Supply Chain Report of randomicecube/spoon - HEAD

This report is a gradual report: that is, only the highest severity smell type with issues found within this project is reported.
Gradual reports are enabled by default. You can disable this feature, and get a full report, by using the --no-gradual-report flag.

All available checks were performed.

---

How to read the results 📖

Dirty-waters has analyzed your project dependencies and found different categories for each of them:

• ⚠️⚠️⚠️ : high severity

• ⚠️⚠️: medium severity

• ⚠️: low severity

Total packages in the supply chain: 286

❗ Packages with no source code URL (⚠️⚠️⚠️) 2

⛔ Packages with repo URL that is 404 (⚠️⚠️⚠️) 1

🔧 Packages with inaccessible GitHub tag (⚠️⚠️) 42

🌵 Packages that are forks (⚠️⚠️) 1

🔒 Packages without code signature (⚠️⚠️) 286

Other info:

• Source code repo is not hosted on GitHub: 56

  This could be due to the package being hosted on a different platform or the package not having a source code repo.

Fine grained information

🐬 For further information about software supply chain smells in your project, take a look at the following tables.

Source code links that could not be found(3)

index	package_name	github_url	github_exists	command
1	org.sonatype.plexus:plexus-sec-dispatcher@1.3	No_repo_info_found		resolve-plugins
2	org.sonatype.plexus:plexus-cipher@1.4	No_repo_info_found		resolve-plugins
3	org.iq80.snappy:snappy@0.4	https://github.com/dain/snapy	False	resolve-plugins

Call to Action:

👻What do I do now?

For packages without source code & accessible release tags:

    Pull Request to the maintainer of dependency, requesting correct repository metadata and proper tagging. 

For deprecated packages:

    1. Confirm the maintainer’s deprecation intention 
    2. Check for not deprecated versions

For packages without provenance:

    Open an issue in the dependency’s repository to request the inclusion of provenance and build attestation in the CI/CD pipeline. 

For packages that are forks

    Inspect the package and its GitHub repository to verify the fork is not malicious. 

For packages without code signature:

    Open an issue in the dependency’s repository to request the inclusion of code signature in the CI/CD pipeline. 

For packages with invalid code signature:

    It's recommended to verify the code signature and contact the maintainer to fix the issue. 

---

Report created by dirty-waters.

Report created on 2025-02-19 12:31:58

• Tool version: 8ff7f306
• Project Name: randomicecube/spoon
• Project Version: HEAD

[randomicecube]

@I-Al-Istannen okay, from here, cache seems to be working normally -- your hint was correct!