From 237dfbe72086f31ee3b576f6f7eb69402d8a7c3c Mon Sep 17 00:00:00 2001 From: GitHub Actions Date: Sun, 20 Oct 2024 08:30:55 +0000 Subject: [PATCH] update DSACMS data: Sun Oct 20 08:30:55 UTC 2024 --- .../_data/DSACMS/.github/.github_data.json | 42 +++++++++--------- .../DSACMS/cms-gource/cms-gource_data.json | 42 +++++++++--------- .../DSACMS/dedupliFHIR/dedupliFHIR_data.json | 44 +++++++++---------- .../drive2gource/drive2gource_data.json | 42 +++++++++--------- .../dsacms.github.io_data.json | 42 +++++++++--------- .../_data/DSACMS/metrics/metrics_data.json | 44 +++++++++---------- app/site/_data/DSACMS/open/open_data.json | 44 +++++++++---------- .../opportunities/opportunities_data.json | 42 +++++++++--------- .../oss-community-runbook_data.json | 42 +++++++++--------- .../repo-scaffolder/repo-scaffolder_data.json | 42 +++++++++--------- 10 files changed, 213 insertions(+), 213 deletions(-) diff --git a/app/site/_data/DSACMS/.github/.github_data.json b/app/site/_data/DSACMS/.github/.github_data.json index e892ea0dfe..d10ed09d42 100644 --- a/app/site/_data/DSACMS/.github/.github_data.json +++ b/app/site/_data/DSACMS/.github/.github_data.json @@ -152,14 +152,14 @@ }, "created_at": "2023-03-28T21:30:52Z", "ossf_scorecard": { - "date": "2024-10-14T20:30:05Z", + "date": "2024-10-20T08:29:47Z", "repo": { "name": "github.com/DSACMS/.github", "commit": "68aecf92b82ad7881bc5a13a33e665249e50846a" }, "scorecard": { - "version": "v5.0.0-68-g28db9a99", - "commit": "28db9a99a4c2e43e1f90a5afed6753e6ef2c36d3" + "version": "v5.0.0-74-g367426ed", + "commit": "367426ed5d9cc62f4944dc4a2174f3bbb5e22169" }, "score": 5.1, "checks": [ @@ -169,7 +169,7 @@ "reason": "no binaries found in the repo", "name": "Binary-Artifacts", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/28db9a99a4c2e43e1f90a5afed6753e6ef2c36d3/docs/checks.md#binary-artifacts", + "url": "https://github.com/ossf/scorecard/blob/367426ed5d9cc62f4944dc4a2174f3bbb5e22169/docs/checks.md#binary-artifacts", "short": "Determines if the project has generated executable (binary) artifacts in the source repository." } }, @@ -179,7 +179,7 @@ "reason": "branch protection not enabled on development/release branches", "name": "Branch-Protection", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/28db9a99a4c2e43e1f90a5afed6753e6ef2c36d3/docs/checks.md#branch-protection", + "url": "https://github.com/ossf/scorecard/blob/367426ed5d9cc62f4944dc4a2174f3bbb5e22169/docs/checks.md#branch-protection", "short": "Determines if the default and release branches are protected with GitHub's branch protection settings." } }, @@ -189,7 +189,7 @@ "reason": "0 out of 3 merged PRs checked by a CI test -- score normalized to 0", "name": "CI-Tests", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/28db9a99a4c2e43e1f90a5afed6753e6ef2c36d3/docs/checks.md#ci-tests", + "url": "https://github.com/ossf/scorecard/blob/367426ed5d9cc62f4944dc4a2174f3bbb5e22169/docs/checks.md#ci-tests", "short": "Determines if the project runs tests before pull requests are merged." } }, @@ -199,7 +199,7 @@ "reason": "no effort to earn an OpenSSF best practices badge detected", "name": "CII-Best-Practices", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/28db9a99a4c2e43e1f90a5afed6753e6ef2c36d3/docs/checks.md#cii-best-practices", + "url": "https://github.com/ossf/scorecard/blob/367426ed5d9cc62f4944dc4a2174f3bbb5e22169/docs/checks.md#cii-best-practices", "short": "Determines if the project has an OpenSSF (formerly CII) Best Practices Badge." } }, @@ -209,7 +209,7 @@ "reason": "Found 3/24 approved changesets -- score normalized to 1", "name": "Code-Review", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/28db9a99a4c2e43e1f90a5afed6753e6ef2c36d3/docs/checks.md#code-review", + "url": "https://github.com/ossf/scorecard/blob/367426ed5d9cc62f4944dc4a2174f3bbb5e22169/docs/checks.md#code-review", "short": "Determines if the project requires human code review before pull requests (aka merge requests) are merged." } }, @@ -219,7 +219,7 @@ "reason": "project has 4 contributing companies or organizations", "name": "Contributors", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/28db9a99a4c2e43e1f90a5afed6753e6ef2c36d3/docs/checks.md#contributors", + "url": "https://github.com/ossf/scorecard/blob/367426ed5d9cc62f4944dc4a2174f3bbb5e22169/docs/checks.md#contributors", "short": "Determines if the project has a set of contributors from multiple organizations (e.g., companies)." } }, @@ -229,7 +229,7 @@ "reason": "internal error: internal error: invalid GitHub workflow:\n:18:0: could not parse as YAML: yaml: line 18: found character that cannot start any token [syntax-check]", "name": "Dangerous-Workflow", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/28db9a99a4c2e43e1f90a5afed6753e6ef2c36d3/docs/checks.md#dangerous-workflow", + "url": "https://github.com/ossf/scorecard/blob/367426ed5d9cc62f4944dc4a2174f3bbb5e22169/docs/checks.md#dangerous-workflow", "short": "Determines if the project's GitHub Action workflows avoid dangerous patterns." } }, @@ -239,7 +239,7 @@ "reason": "no update tool detected", "name": "Dependency-Update-Tool", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/28db9a99a4c2e43e1f90a5afed6753e6ef2c36d3/docs/checks.md#dependency-update-tool", + "url": "https://github.com/ossf/scorecard/blob/367426ed5d9cc62f4944dc4a2174f3bbb5e22169/docs/checks.md#dependency-update-tool", "short": "Determines if the project uses a dependency update tool." } }, @@ -249,7 +249,7 @@ "reason": "project is not fuzzed", "name": "Fuzzing", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/28db9a99a4c2e43e1f90a5afed6753e6ef2c36d3/docs/checks.md#fuzzing", + "url": "https://github.com/ossf/scorecard/blob/367426ed5d9cc62f4944dc4a2174f3bbb5e22169/docs/checks.md#fuzzing", "short": "Determines if the project uses fuzzing." } }, @@ -259,7 +259,7 @@ "reason": "license file detected", "name": "License", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/28db9a99a4c2e43e1f90a5afed6753e6ef2c36d3/docs/checks.md#license", + "url": "https://github.com/ossf/scorecard/blob/367426ed5d9cc62f4944dc4a2174f3bbb5e22169/docs/checks.md#license", "short": "Determines if the project has defined a license." } }, @@ -269,7 +269,7 @@ "reason": "10 commit(s) and 2 issue activity found in the last 90 days -- score normalized to 10", "name": "Maintained", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/28db9a99a4c2e43e1f90a5afed6753e6ef2c36d3/docs/checks.md#maintained", + "url": "https://github.com/ossf/scorecard/blob/367426ed5d9cc62f4944dc4a2174f3bbb5e22169/docs/checks.md#maintained", "short": "Determines if the project is \"actively maintained\"." } }, @@ -279,7 +279,7 @@ "reason": "internal error: internal error: invalid GitHub workflow:\n:18:0: could not parse as YAML: yaml: line 18: found character that cannot start any token [syntax-check]", "name": "Packaging", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/28db9a99a4c2e43e1f90a5afed6753e6ef2c36d3/docs/checks.md#packaging", + "url": "https://github.com/ossf/scorecard/blob/367426ed5d9cc62f4944dc4a2174f3bbb5e22169/docs/checks.md#packaging", "short": "Determines if the project is published as a package that others can easily download, install, easily update, and uninstall." } }, @@ -289,7 +289,7 @@ "reason": "internal error: internal error: invalid GitHub workflow:\n:18:0: could not parse as YAML: yaml: line 18: found character that cannot start any token [syntax-check]", "name": "Pinned-Dependencies", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/28db9a99a4c2e43e1f90a5afed6753e6ef2c36d3/docs/checks.md#pinned-dependencies", + "url": "https://github.com/ossf/scorecard/blob/367426ed5d9cc62f4944dc4a2174f3bbb5e22169/docs/checks.md#pinned-dependencies", "short": "Determines if the project has declared and pinned the dependencies of its build process." } }, @@ -299,7 +299,7 @@ "reason": "internal error: internal error: invalid GitHub workflow:\n:18:0: could not parse as YAML: yaml: line 18: found character that cannot start any token [syntax-check]", "name": "SAST", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/28db9a99a4c2e43e1f90a5afed6753e6ef2c36d3/docs/checks.md#sast", + "url": "https://github.com/ossf/scorecard/blob/367426ed5d9cc62f4944dc4a2174f3bbb5e22169/docs/checks.md#sast", "short": "Determines if the project uses static code analysis." } }, @@ -309,7 +309,7 @@ "reason": "security policy file detected", "name": "Security-Policy", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/28db9a99a4c2e43e1f90a5afed6753e6ef2c36d3/docs/checks.md#security-policy", + "url": "https://github.com/ossf/scorecard/blob/367426ed5d9cc62f4944dc4a2174f3bbb5e22169/docs/checks.md#security-policy", "short": "Determines if the project has published a security policy." } }, @@ -319,7 +319,7 @@ "reason": "no releases found", "name": "Signed-Releases", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/28db9a99a4c2e43e1f90a5afed6753e6ef2c36d3/docs/checks.md#signed-releases", + "url": "https://github.com/ossf/scorecard/blob/367426ed5d9cc62f4944dc4a2174f3bbb5e22169/docs/checks.md#signed-releases", "short": "Determines if the project cryptographically signs release artifacts." } }, @@ -329,7 +329,7 @@ "reason": "internal error: internal error: invalid GitHub workflow:\n:18:0: could not parse as YAML: yaml: line 18: found character that cannot start any token [syntax-check]", "name": "Token-Permissions", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/28db9a99a4c2e43e1f90a5afed6753e6ef2c36d3/docs/checks.md#token-permissions", + "url": "https://github.com/ossf/scorecard/blob/367426ed5d9cc62f4944dc4a2174f3bbb5e22169/docs/checks.md#token-permissions", "short": "Determines if the project's workflows follow the principle of least privilege." } }, @@ -339,7 +339,7 @@ "reason": "0 existing vulnerabilities detected", "name": "Vulnerabilities", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/28db9a99a4c2e43e1f90a5afed6753e6ef2c36d3/docs/checks.md#vulnerabilities", + "url": "https://github.com/ossf/scorecard/blob/367426ed5d9cc62f4944dc4a2174f3bbb5e22169/docs/checks.md#vulnerabilities", "short": "Determines if the project has open, known unfixed vulnerabilities." } } diff --git a/app/site/_data/DSACMS/cms-gource/cms-gource_data.json b/app/site/_data/DSACMS/cms-gource/cms-gource_data.json index 2f641e5150..e18feda5ec 100644 --- a/app/site/_data/DSACMS/cms-gource/cms-gource_data.json +++ b/app/site/_data/DSACMS/cms-gource/cms-gource_data.json @@ -88,14 +88,14 @@ }, "created_at": "2023-08-21T15:47:26Z", "ossf_scorecard": { - "date": "2024-10-14T20:31:13Z", + "date": "2024-10-20T08:30:50Z", "repo": { "name": "github.com/DSACMS/cms-gource", "commit": "2cc274069a65787b994d7f30e2699f9ee0363a55" }, "scorecard": { - "version": "v5.0.0-68-g28db9a99", - "commit": "28db9a99a4c2e43e1f90a5afed6753e6ef2c36d3" + "version": "v5.0.0-74-g367426ed", + "commit": "367426ed5d9cc62f4944dc4a2174f3bbb5e22169" }, "score": 3.7, "checks": [ @@ -105,7 +105,7 @@ "reason": "no binaries found in the repo", "name": "Binary-Artifacts", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/28db9a99a4c2e43e1f90a5afed6753e6ef2c36d3/docs/checks.md#binary-artifacts", + "url": "https://github.com/ossf/scorecard/blob/367426ed5d9cc62f4944dc4a2174f3bbb5e22169/docs/checks.md#binary-artifacts", "short": "Determines if the project has generated executable (binary) artifacts in the source repository." } }, @@ -115,7 +115,7 @@ "reason": "branch protection not enabled on development/release branches", "name": "Branch-Protection", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/28db9a99a4c2e43e1f90a5afed6753e6ef2c36d3/docs/checks.md#branch-protection", + "url": "https://github.com/ossf/scorecard/blob/367426ed5d9cc62f4944dc4a2174f3bbb5e22169/docs/checks.md#branch-protection", "short": "Determines if the default and release branches are protected with GitHub's branch protection settings." } }, @@ -125,7 +125,7 @@ "reason": "no pull request found", "name": "CI-Tests", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/28db9a99a4c2e43e1f90a5afed6753e6ef2c36d3/docs/checks.md#ci-tests", + "url": "https://github.com/ossf/scorecard/blob/367426ed5d9cc62f4944dc4a2174f3bbb5e22169/docs/checks.md#ci-tests", "short": "Determines if the project runs tests before pull requests are merged." } }, @@ -135,7 +135,7 @@ "reason": "no effort to earn an OpenSSF best practices badge detected", "name": "CII-Best-Practices", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/28db9a99a4c2e43e1f90a5afed6753e6ef2c36d3/docs/checks.md#cii-best-practices", + "url": "https://github.com/ossf/scorecard/blob/367426ed5d9cc62f4944dc4a2174f3bbb5e22169/docs/checks.md#cii-best-practices", "short": "Determines if the project has an OpenSSF (formerly CII) Best Practices Badge." } }, @@ -145,7 +145,7 @@ "reason": "Found 0/26 approved changesets -- score normalized to 0", "name": "Code-Review", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/28db9a99a4c2e43e1f90a5afed6753e6ef2c36d3/docs/checks.md#code-review", + "url": "https://github.com/ossf/scorecard/blob/367426ed5d9cc62f4944dc4a2174f3bbb5e22169/docs/checks.md#code-review", "short": "Determines if the project requires human code review before pull requests (aka merge requests) are merged." } }, @@ -155,7 +155,7 @@ "reason": "project has 3 contributing companies or organizations -- score normalized to 10", "name": "Contributors", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/28db9a99a4c2e43e1f90a5afed6753e6ef2c36d3/docs/checks.md#contributors", + "url": "https://github.com/ossf/scorecard/blob/367426ed5d9cc62f4944dc4a2174f3bbb5e22169/docs/checks.md#contributors", "short": "Determines if the project has a set of contributors from multiple organizations (e.g., companies)." } }, @@ -165,7 +165,7 @@ "reason": "no workflows found", "name": "Dangerous-Workflow", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/28db9a99a4c2e43e1f90a5afed6753e6ef2c36d3/docs/checks.md#dangerous-workflow", + "url": "https://github.com/ossf/scorecard/blob/367426ed5d9cc62f4944dc4a2174f3bbb5e22169/docs/checks.md#dangerous-workflow", "short": "Determines if the project's GitHub Action workflows avoid dangerous patterns." } }, @@ -175,7 +175,7 @@ "reason": "no update tool detected", "name": "Dependency-Update-Tool", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/28db9a99a4c2e43e1f90a5afed6753e6ef2c36d3/docs/checks.md#dependency-update-tool", + "url": "https://github.com/ossf/scorecard/blob/367426ed5d9cc62f4944dc4a2174f3bbb5e22169/docs/checks.md#dependency-update-tool", "short": "Determines if the project uses a dependency update tool." } }, @@ -185,7 +185,7 @@ "reason": "project is not fuzzed", "name": "Fuzzing", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/28db9a99a4c2e43e1f90a5afed6753e6ef2c36d3/docs/checks.md#fuzzing", + "url": "https://github.com/ossf/scorecard/blob/367426ed5d9cc62f4944dc4a2174f3bbb5e22169/docs/checks.md#fuzzing", "short": "Determines if the project uses fuzzing." } }, @@ -195,7 +195,7 @@ "reason": "license file detected", "name": "License", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/28db9a99a4c2e43e1f90a5afed6753e6ef2c36d3/docs/checks.md#license", + "url": "https://github.com/ossf/scorecard/blob/367426ed5d9cc62f4944dc4a2174f3bbb5e22169/docs/checks.md#license", "short": "Determines if the project has defined a license." } }, @@ -205,7 +205,7 @@ "reason": "0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0", "name": "Maintained", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/28db9a99a4c2e43e1f90a5afed6753e6ef2c36d3/docs/checks.md#maintained", + "url": "https://github.com/ossf/scorecard/blob/367426ed5d9cc62f4944dc4a2174f3bbb5e22169/docs/checks.md#maintained", "short": "Determines if the project is \"actively maintained\"." } }, @@ -215,7 +215,7 @@ "reason": "packaging workflow not detected", "name": "Packaging", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/28db9a99a4c2e43e1f90a5afed6753e6ef2c36d3/docs/checks.md#packaging", + "url": "https://github.com/ossf/scorecard/blob/367426ed5d9cc62f4944dc4a2174f3bbb5e22169/docs/checks.md#packaging", "short": "Determines if the project is published as a package that others can easily download, install, easily update, and uninstall." } }, @@ -225,7 +225,7 @@ "reason": "no dependencies found", "name": "Pinned-Dependencies", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/28db9a99a4c2e43e1f90a5afed6753e6ef2c36d3/docs/checks.md#pinned-dependencies", + "url": "https://github.com/ossf/scorecard/blob/367426ed5d9cc62f4944dc4a2174f3bbb5e22169/docs/checks.md#pinned-dependencies", "short": "Determines if the project has declared and pinned the dependencies of its build process." } }, @@ -235,7 +235,7 @@ "reason": "no SAST tool detected", "name": "SAST", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/28db9a99a4c2e43e1f90a5afed6753e6ef2c36d3/docs/checks.md#sast", + "url": "https://github.com/ossf/scorecard/blob/367426ed5d9cc62f4944dc4a2174f3bbb5e22169/docs/checks.md#sast", "short": "Determines if the project uses static code analysis." } }, @@ -245,7 +245,7 @@ "reason": "security policy file detected", "name": "Security-Policy", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/28db9a99a4c2e43e1f90a5afed6753e6ef2c36d3/docs/checks.md#security-policy", + "url": "https://github.com/ossf/scorecard/blob/367426ed5d9cc62f4944dc4a2174f3bbb5e22169/docs/checks.md#security-policy", "short": "Determines if the project has published a security policy." } }, @@ -255,7 +255,7 @@ "reason": "no releases found", "name": "Signed-Releases", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/28db9a99a4c2e43e1f90a5afed6753e6ef2c36d3/docs/checks.md#signed-releases", + "url": "https://github.com/ossf/scorecard/blob/367426ed5d9cc62f4944dc4a2174f3bbb5e22169/docs/checks.md#signed-releases", "short": "Determines if the project cryptographically signs release artifacts." } }, @@ -265,7 +265,7 @@ "reason": "No tokens found", "name": "Token-Permissions", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/28db9a99a4c2e43e1f90a5afed6753e6ef2c36d3/docs/checks.md#token-permissions", + "url": "https://github.com/ossf/scorecard/blob/367426ed5d9cc62f4944dc4a2174f3bbb5e22169/docs/checks.md#token-permissions", "short": "Determines if the project's workflows follow the principle of least privilege." } }, @@ -275,7 +275,7 @@ "reason": "0 existing vulnerabilities detected", "name": "Vulnerabilities", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/28db9a99a4c2e43e1f90a5afed6753e6ef2c36d3/docs/checks.md#vulnerabilities", + "url": "https://github.com/ossf/scorecard/blob/367426ed5d9cc62f4944dc4a2174f3bbb5e22169/docs/checks.md#vulnerabilities", "short": "Determines if the project has open, known unfixed vulnerabilities." } } diff --git a/app/site/_data/DSACMS/dedupliFHIR/dedupliFHIR_data.json b/app/site/_data/DSACMS/dedupliFHIR/dedupliFHIR_data.json index 0a345bd7eb..325d15bd0d 100644 --- a/app/site/_data/DSACMS/dedupliFHIR/dedupliFHIR_data.json +++ b/app/site/_data/DSACMS/dedupliFHIR/dedupliFHIR_data.json @@ -336,14 +336,14 @@ }, "created_at": "2023-06-22T17:08:19Z", "ossf_scorecard": { - "date": "2024-10-14T20:30:52Z", + "date": "2024-10-20T08:30:31Z", "repo": { "name": "github.com/DSACMS/dedupliFHIR", "commit": "5996b05505ea4a9f835d357954eea83e49ebdf23" }, "scorecard": { - "version": "v5.0.0-68-g28db9a99", - "commit": "28db9a99a4c2e43e1f90a5afed6753e6ef2c36d3" + "version": "v5.0.0-74-g367426ed", + "commit": "367426ed5d9cc62f4944dc4a2174f3bbb5e22169" }, "score": 6.1, "checks": [ @@ -353,7 +353,7 @@ "reason": "no binaries found in the repo", "name": "Binary-Artifacts", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/28db9a99a4c2e43e1f90a5afed6753e6ef2c36d3/docs/checks.md#binary-artifacts", + "url": "https://github.com/ossf/scorecard/blob/367426ed5d9cc62f4944dc4a2174f3bbb5e22169/docs/checks.md#binary-artifacts", "short": "Determines if the project has generated executable (binary) artifacts in the source repository." } }, @@ -363,7 +363,7 @@ "reason": "branch protection is not maximal on development and all release branches", "name": "Branch-Protection", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/28db9a99a4c2e43e1f90a5afed6753e6ef2c36d3/docs/checks.md#branch-protection", + "url": "https://github.com/ossf/scorecard/blob/367426ed5d9cc62f4944dc4a2174f3bbb5e22169/docs/checks.md#branch-protection", "short": "Determines if the default and release branches are protected with GitHub's branch protection settings." } }, @@ -373,7 +373,7 @@ "reason": "5 out of 6 merged PRs checked by a CI test -- score normalized to 8", "name": "CI-Tests", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/28db9a99a4c2e43e1f90a5afed6753e6ef2c36d3/docs/checks.md#ci-tests", + "url": "https://github.com/ossf/scorecard/blob/367426ed5d9cc62f4944dc4a2174f3bbb5e22169/docs/checks.md#ci-tests", "short": "Determines if the project runs tests before pull requests are merged." } }, @@ -383,7 +383,7 @@ "reason": "no effort to earn an OpenSSF best practices badge detected", "name": "CII-Best-Practices", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/28db9a99a4c2e43e1f90a5afed6753e6ef2c36d3/docs/checks.md#cii-best-practices", + "url": "https://github.com/ossf/scorecard/blob/367426ed5d9cc62f4944dc4a2174f3bbb5e22169/docs/checks.md#cii-best-practices", "short": "Determines if the project has an OpenSSF (formerly CII) Best Practices Badge." } }, @@ -393,7 +393,7 @@ "reason": "Found 5/17 approved changesets -- score normalized to 2", "name": "Code-Review", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/28db9a99a4c2e43e1f90a5afed6753e6ef2c36d3/docs/checks.md#code-review", + "url": "https://github.com/ossf/scorecard/blob/367426ed5d9cc62f4944dc4a2174f3bbb5e22169/docs/checks.md#code-review", "short": "Determines if the project requires human code review before pull requests (aka merge requests) are merged." } }, @@ -403,7 +403,7 @@ "reason": "project has 4 contributing companies or organizations", "name": "Contributors", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/28db9a99a4c2e43e1f90a5afed6753e6ef2c36d3/docs/checks.md#contributors", + "url": "https://github.com/ossf/scorecard/blob/367426ed5d9cc62f4944dc4a2174f3bbb5e22169/docs/checks.md#contributors", "short": "Determines if the project has a set of contributors from multiple organizations (e.g., companies)." } }, @@ -413,7 +413,7 @@ "reason": "no dangerous workflow patterns detected", "name": "Dangerous-Workflow", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/28db9a99a4c2e43e1f90a5afed6753e6ef2c36d3/docs/checks.md#dangerous-workflow", + "url": "https://github.com/ossf/scorecard/blob/367426ed5d9cc62f4944dc4a2174f3bbb5e22169/docs/checks.md#dangerous-workflow", "short": "Determines if the project's GitHub Action workflows avoid dangerous patterns." } }, @@ -423,7 +423,7 @@ "reason": "update tool detected", "name": "Dependency-Update-Tool", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/28db9a99a4c2e43e1f90a5afed6753e6ef2c36d3/docs/checks.md#dependency-update-tool", + "url": "https://github.com/ossf/scorecard/blob/367426ed5d9cc62f4944dc4a2174f3bbb5e22169/docs/checks.md#dependency-update-tool", "short": "Determines if the project uses a dependency update tool." } }, @@ -433,7 +433,7 @@ "reason": "project is not fuzzed", "name": "Fuzzing", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/28db9a99a4c2e43e1f90a5afed6753e6ef2c36d3/docs/checks.md#fuzzing", + "url": "https://github.com/ossf/scorecard/blob/367426ed5d9cc62f4944dc4a2174f3bbb5e22169/docs/checks.md#fuzzing", "short": "Determines if the project uses fuzzing." } }, @@ -443,17 +443,17 @@ "reason": "license file detected", "name": "License", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/28db9a99a4c2e43e1f90a5afed6753e6ef2c36d3/docs/checks.md#license", + "url": "https://github.com/ossf/scorecard/blob/367426ed5d9cc62f4944dc4a2174f3bbb5e22169/docs/checks.md#license", "short": "Determines if the project has defined a license." } }, { "details": null, "score": 10, - "reason": "30 commit(s) and 3 issue activity found in the last 90 days -- score normalized to 10", + "reason": "30 commit(s) and 2 issue activity found in the last 90 days -- score normalized to 10", "name": "Maintained", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/28db9a99a4c2e43e1f90a5afed6753e6ef2c36d3/docs/checks.md#maintained", + "url": "https://github.com/ossf/scorecard/blob/367426ed5d9cc62f4944dc4a2174f3bbb5e22169/docs/checks.md#maintained", "short": "Determines if the project is \"actively maintained\"." } }, @@ -463,7 +463,7 @@ "reason": "packaging workflow not detected", "name": "Packaging", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/28db9a99a4c2e43e1f90a5afed6753e6ef2c36d3/docs/checks.md#packaging", + "url": "https://github.com/ossf/scorecard/blob/367426ed5d9cc62f4944dc4a2174f3bbb5e22169/docs/checks.md#packaging", "short": "Determines if the project is published as a package that others can easily download, install, easily update, and uninstall." } }, @@ -473,7 +473,7 @@ "reason": "dependency not pinned by hash detected -- score normalized to 0", "name": "Pinned-Dependencies", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/28db9a99a4c2e43e1f90a5afed6753e6ef2c36d3/docs/checks.md#pinned-dependencies", + "url": "https://github.com/ossf/scorecard/blob/367426ed5d9cc62f4944dc4a2174f3bbb5e22169/docs/checks.md#pinned-dependencies", "short": "Determines if the project has declared and pinned the dependencies of its build process." } }, @@ -483,7 +483,7 @@ "reason": "SAST tool is not run on all commits -- score normalized to 9", "name": "SAST", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/28db9a99a4c2e43e1f90a5afed6753e6ef2c36d3/docs/checks.md#sast", + "url": "https://github.com/ossf/scorecard/blob/367426ed5d9cc62f4944dc4a2174f3bbb5e22169/docs/checks.md#sast", "short": "Determines if the project uses static code analysis." } }, @@ -493,7 +493,7 @@ "reason": "security policy file detected", "name": "Security-Policy", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/28db9a99a4c2e43e1f90a5afed6753e6ef2c36d3/docs/checks.md#security-policy", + "url": "https://github.com/ossf/scorecard/blob/367426ed5d9cc62f4944dc4a2174f3bbb5e22169/docs/checks.md#security-policy", "short": "Determines if the project has published a security policy." } }, @@ -503,7 +503,7 @@ "reason": "Project has not signed or included provenance with any releases.", "name": "Signed-Releases", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/28db9a99a4c2e43e1f90a5afed6753e6ef2c36d3/docs/checks.md#signed-releases", + "url": "https://github.com/ossf/scorecard/blob/367426ed5d9cc62f4944dc4a2174f3bbb5e22169/docs/checks.md#signed-releases", "short": "Determines if the project cryptographically signs release artifacts." } }, @@ -513,7 +513,7 @@ "reason": "detected GitHub workflow tokens with excessive permissions", "name": "Token-Permissions", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/28db9a99a4c2e43e1f90a5afed6753e6ef2c36d3/docs/checks.md#token-permissions", + "url": "https://github.com/ossf/scorecard/blob/367426ed5d9cc62f4944dc4a2174f3bbb5e22169/docs/checks.md#token-permissions", "short": "Determines if the project's workflows follow the principle of least privilege." } }, @@ -523,7 +523,7 @@ "reason": "0 existing vulnerabilities detected", "name": "Vulnerabilities", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/28db9a99a4c2e43e1f90a5afed6753e6ef2c36d3/docs/checks.md#vulnerabilities", + "url": "https://github.com/ossf/scorecard/blob/367426ed5d9cc62f4944dc4a2174f3bbb5e22169/docs/checks.md#vulnerabilities", "short": "Determines if the project has open, known unfixed vulnerabilities." } } diff --git a/app/site/_data/DSACMS/drive2gource/drive2gource_data.json b/app/site/_data/DSACMS/drive2gource/drive2gource_data.json index 0da347effa..980f10ed93 100644 --- a/app/site/_data/DSACMS/drive2gource/drive2gource_data.json +++ b/app/site/_data/DSACMS/drive2gource/drive2gource_data.json @@ -88,14 +88,14 @@ }, "created_at": "2023-07-26T17:35:04Z", "ossf_scorecard": { - "date": "2024-10-14T20:31:10Z", + "date": "2024-10-20T08:30:47Z", "repo": { "name": "github.com/DSACMS/drive2gource", "commit": "c5b9049b2407b7c1d9adaac6ea4000a3085c9e32" }, "scorecard": { - "version": "v5.0.0-68-g28db9a99", - "commit": "28db9a99a4c2e43e1f90a5afed6753e6ef2c36d3" + "version": "v5.0.0-74-g367426ed", + "commit": "367426ed5d9cc62f4944dc4a2174f3bbb5e22169" }, "score": 3.4, "checks": [ @@ -105,7 +105,7 @@ "reason": "no binaries found in the repo", "name": "Binary-Artifacts", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/28db9a99a4c2e43e1f90a5afed6753e6ef2c36d3/docs/checks.md#binary-artifacts", + "url": "https://github.com/ossf/scorecard/blob/367426ed5d9cc62f4944dc4a2174f3bbb5e22169/docs/checks.md#binary-artifacts", "short": "Determines if the project has generated executable (binary) artifacts in the source repository." } }, @@ -115,7 +115,7 @@ "reason": "branch protection not enabled on development/release branches", "name": "Branch-Protection", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/28db9a99a4c2e43e1f90a5afed6753e6ef2c36d3/docs/checks.md#branch-protection", + "url": "https://github.com/ossf/scorecard/blob/367426ed5d9cc62f4944dc4a2174f3bbb5e22169/docs/checks.md#branch-protection", "short": "Determines if the default and release branches are protected with GitHub's branch protection settings." } }, @@ -125,7 +125,7 @@ "reason": "no pull request found", "name": "CI-Tests", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/28db9a99a4c2e43e1f90a5afed6753e6ef2c36d3/docs/checks.md#ci-tests", + "url": "https://github.com/ossf/scorecard/blob/367426ed5d9cc62f4944dc4a2174f3bbb5e22169/docs/checks.md#ci-tests", "short": "Determines if the project runs tests before pull requests are merged." } }, @@ -135,7 +135,7 @@ "reason": "no effort to earn an OpenSSF best practices badge detected", "name": "CII-Best-Practices", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/28db9a99a4c2e43e1f90a5afed6753e6ef2c36d3/docs/checks.md#cii-best-practices", + "url": "https://github.com/ossf/scorecard/blob/367426ed5d9cc62f4944dc4a2174f3bbb5e22169/docs/checks.md#cii-best-practices", "short": "Determines if the project has an OpenSSF (formerly CII) Best Practices Badge." } }, @@ -145,7 +145,7 @@ "reason": "Found 0/5 approved changesets -- score normalized to 0", "name": "Code-Review", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/28db9a99a4c2e43e1f90a5afed6753e6ef2c36d3/docs/checks.md#code-review", + "url": "https://github.com/ossf/scorecard/blob/367426ed5d9cc62f4944dc4a2174f3bbb5e22169/docs/checks.md#code-review", "short": "Determines if the project requires human code review before pull requests (aka merge requests) are merged." } }, @@ -155,7 +155,7 @@ "reason": "project has 1 contributing companies or organizations -- score normalized to 3", "name": "Contributors", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/28db9a99a4c2e43e1f90a5afed6753e6ef2c36d3/docs/checks.md#contributors", + "url": "https://github.com/ossf/scorecard/blob/367426ed5d9cc62f4944dc4a2174f3bbb5e22169/docs/checks.md#contributors", "short": "Determines if the project has a set of contributors from multiple organizations (e.g., companies)." } }, @@ -165,7 +165,7 @@ "reason": "no workflows found", "name": "Dangerous-Workflow", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/28db9a99a4c2e43e1f90a5afed6753e6ef2c36d3/docs/checks.md#dangerous-workflow", + "url": "https://github.com/ossf/scorecard/blob/367426ed5d9cc62f4944dc4a2174f3bbb5e22169/docs/checks.md#dangerous-workflow", "short": "Determines if the project's GitHub Action workflows avoid dangerous patterns." } }, @@ -175,7 +175,7 @@ "reason": "no update tool detected", "name": "Dependency-Update-Tool", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/28db9a99a4c2e43e1f90a5afed6753e6ef2c36d3/docs/checks.md#dependency-update-tool", + "url": "https://github.com/ossf/scorecard/blob/367426ed5d9cc62f4944dc4a2174f3bbb5e22169/docs/checks.md#dependency-update-tool", "short": "Determines if the project uses a dependency update tool." } }, @@ -185,7 +185,7 @@ "reason": "project is not fuzzed", "name": "Fuzzing", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/28db9a99a4c2e43e1f90a5afed6753e6ef2c36d3/docs/checks.md#fuzzing", + "url": "https://github.com/ossf/scorecard/blob/367426ed5d9cc62f4944dc4a2174f3bbb5e22169/docs/checks.md#fuzzing", "short": "Determines if the project uses fuzzing." } }, @@ -195,7 +195,7 @@ "reason": "license file detected", "name": "License", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/28db9a99a4c2e43e1f90a5afed6753e6ef2c36d3/docs/checks.md#license", + "url": "https://github.com/ossf/scorecard/blob/367426ed5d9cc62f4944dc4a2174f3bbb5e22169/docs/checks.md#license", "short": "Determines if the project has defined a license." } }, @@ -205,7 +205,7 @@ "reason": "project is archived", "name": "Maintained", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/28db9a99a4c2e43e1f90a5afed6753e6ef2c36d3/docs/checks.md#maintained", + "url": "https://github.com/ossf/scorecard/blob/367426ed5d9cc62f4944dc4a2174f3bbb5e22169/docs/checks.md#maintained", "short": "Determines if the project is \"actively maintained\"." } }, @@ -215,7 +215,7 @@ "reason": "packaging workflow not detected", "name": "Packaging", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/28db9a99a4c2e43e1f90a5afed6753e6ef2c36d3/docs/checks.md#packaging", + "url": "https://github.com/ossf/scorecard/blob/367426ed5d9cc62f4944dc4a2174f3bbb5e22169/docs/checks.md#packaging", "short": "Determines if the project is published as a package that others can easily download, install, easily update, and uninstall." } }, @@ -225,7 +225,7 @@ "reason": "no dependencies found", "name": "Pinned-Dependencies", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/28db9a99a4c2e43e1f90a5afed6753e6ef2c36d3/docs/checks.md#pinned-dependencies", + "url": "https://github.com/ossf/scorecard/blob/367426ed5d9cc62f4944dc4a2174f3bbb5e22169/docs/checks.md#pinned-dependencies", "short": "Determines if the project has declared and pinned the dependencies of its build process." } }, @@ -235,7 +235,7 @@ "reason": "no SAST tool detected", "name": "SAST", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/28db9a99a4c2e43e1f90a5afed6753e6ef2c36d3/docs/checks.md#sast", + "url": "https://github.com/ossf/scorecard/blob/367426ed5d9cc62f4944dc4a2174f3bbb5e22169/docs/checks.md#sast", "short": "Determines if the project uses static code analysis." } }, @@ -245,7 +245,7 @@ "reason": "security policy file detected", "name": "Security-Policy", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/28db9a99a4c2e43e1f90a5afed6753e6ef2c36d3/docs/checks.md#security-policy", + "url": "https://github.com/ossf/scorecard/blob/367426ed5d9cc62f4944dc4a2174f3bbb5e22169/docs/checks.md#security-policy", "short": "Determines if the project has published a security policy." } }, @@ -255,7 +255,7 @@ "reason": "no releases found", "name": "Signed-Releases", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/28db9a99a4c2e43e1f90a5afed6753e6ef2c36d3/docs/checks.md#signed-releases", + "url": "https://github.com/ossf/scorecard/blob/367426ed5d9cc62f4944dc4a2174f3bbb5e22169/docs/checks.md#signed-releases", "short": "Determines if the project cryptographically signs release artifacts." } }, @@ -265,7 +265,7 @@ "reason": "No tokens found", "name": "Token-Permissions", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/28db9a99a4c2e43e1f90a5afed6753e6ef2c36d3/docs/checks.md#token-permissions", + "url": "https://github.com/ossf/scorecard/blob/367426ed5d9cc62f4944dc4a2174f3bbb5e22169/docs/checks.md#token-permissions", "short": "Determines if the project's workflows follow the principle of least privilege." } }, @@ -275,7 +275,7 @@ "reason": "0 existing vulnerabilities detected", "name": "Vulnerabilities", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/28db9a99a4c2e43e1f90a5afed6753e6ef2c36d3/docs/checks.md#vulnerabilities", + "url": "https://github.com/ossf/scorecard/blob/367426ed5d9cc62f4944dc4a2174f3bbb5e22169/docs/checks.md#vulnerabilities", "short": "Determines if the project has open, known unfixed vulnerabilities." } } diff --git a/app/site/_data/DSACMS/dsacms.github.io/dsacms.github.io_data.json b/app/site/_data/DSACMS/dsacms.github.io/dsacms.github.io_data.json index 8f4189ab03..3ab8288d1b 100644 --- a/app/site/_data/DSACMS/dsacms.github.io/dsacms.github.io_data.json +++ b/app/site/_data/DSACMS/dsacms.github.io/dsacms.github.io_data.json @@ -94,14 +94,14 @@ }, "created_at": "2023-06-06T17:27:47Z", "ossf_scorecard": { - "date": "2024-10-14T20:30:17Z", + "date": "2024-10-20T08:29:58Z", "repo": { "name": "github.com/DSACMS/dsacms.github.io", "commit": "fc90afa8062d4abd8e9cc018de0c9b4bed37e15c" }, "scorecard": { - "version": "v5.0.0-68-g28db9a99", - "commit": "28db9a99a4c2e43e1f90a5afed6753e6ef2c36d3" + "version": "v5.0.0-74-g367426ed", + "commit": "367426ed5d9cc62f4944dc4a2174f3bbb5e22169" }, "score": 3.3, "checks": [ @@ -111,7 +111,7 @@ "reason": "no binaries found in the repo", "name": "Binary-Artifacts", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/28db9a99a4c2e43e1f90a5afed6753e6ef2c36d3/docs/checks.md#binary-artifacts", + "url": "https://github.com/ossf/scorecard/blob/367426ed5d9cc62f4944dc4a2174f3bbb5e22169/docs/checks.md#binary-artifacts", "short": "Determines if the project has generated executable (binary) artifacts in the source repository." } }, @@ -121,7 +121,7 @@ "reason": "branch protection not enabled on development/release branches", "name": "Branch-Protection", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/28db9a99a4c2e43e1f90a5afed6753e6ef2c36d3/docs/checks.md#branch-protection", + "url": "https://github.com/ossf/scorecard/blob/367426ed5d9cc62f4944dc4a2174f3bbb5e22169/docs/checks.md#branch-protection", "short": "Determines if the default and release branches are protected with GitHub's branch protection settings." } }, @@ -131,7 +131,7 @@ "reason": "no pull request found", "name": "CI-Tests", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/28db9a99a4c2e43e1f90a5afed6753e6ef2c36d3/docs/checks.md#ci-tests", + "url": "https://github.com/ossf/scorecard/blob/367426ed5d9cc62f4944dc4a2174f3bbb5e22169/docs/checks.md#ci-tests", "short": "Determines if the project runs tests before pull requests are merged." } }, @@ -141,7 +141,7 @@ "reason": "no effort to earn an OpenSSF best practices badge detected", "name": "CII-Best-Practices", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/28db9a99a4c2e43e1f90a5afed6753e6ef2c36d3/docs/checks.md#cii-best-practices", + "url": "https://github.com/ossf/scorecard/blob/367426ed5d9cc62f4944dc4a2174f3bbb5e22169/docs/checks.md#cii-best-practices", "short": "Determines if the project has an OpenSSF (formerly CII) Best Practices Badge." } }, @@ -151,7 +151,7 @@ "reason": "Found 0/3 approved changesets -- score normalized to 0", "name": "Code-Review", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/28db9a99a4c2e43e1f90a5afed6753e6ef2c36d3/docs/checks.md#code-review", + "url": "https://github.com/ossf/scorecard/blob/367426ed5d9cc62f4944dc4a2174f3bbb5e22169/docs/checks.md#code-review", "short": "Determines if the project requires human code review before pull requests (aka merge requests) are merged." } }, @@ -161,7 +161,7 @@ "reason": "project has 0 contributing companies or organizations -- score normalized to 0", "name": "Contributors", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/28db9a99a4c2e43e1f90a5afed6753e6ef2c36d3/docs/checks.md#contributors", + "url": "https://github.com/ossf/scorecard/blob/367426ed5d9cc62f4944dc4a2174f3bbb5e22169/docs/checks.md#contributors", "short": "Determines if the project has a set of contributors from multiple organizations (e.g., companies)." } }, @@ -171,7 +171,7 @@ "reason": "no workflows found", "name": "Dangerous-Workflow", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/28db9a99a4c2e43e1f90a5afed6753e6ef2c36d3/docs/checks.md#dangerous-workflow", + "url": "https://github.com/ossf/scorecard/blob/367426ed5d9cc62f4944dc4a2174f3bbb5e22169/docs/checks.md#dangerous-workflow", "short": "Determines if the project's GitHub Action workflows avoid dangerous patterns." } }, @@ -181,7 +181,7 @@ "reason": "no update tool detected", "name": "Dependency-Update-Tool", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/28db9a99a4c2e43e1f90a5afed6753e6ef2c36d3/docs/checks.md#dependency-update-tool", + "url": "https://github.com/ossf/scorecard/blob/367426ed5d9cc62f4944dc4a2174f3bbb5e22169/docs/checks.md#dependency-update-tool", "short": "Determines if the project uses a dependency update tool." } }, @@ -191,7 +191,7 @@ "reason": "project is not fuzzed", "name": "Fuzzing", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/28db9a99a4c2e43e1f90a5afed6753e6ef2c36d3/docs/checks.md#fuzzing", + "url": "https://github.com/ossf/scorecard/blob/367426ed5d9cc62f4944dc4a2174f3bbb5e22169/docs/checks.md#fuzzing", "short": "Determines if the project uses fuzzing." } }, @@ -201,7 +201,7 @@ "reason": "license file detected", "name": "License", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/28db9a99a4c2e43e1f90a5afed6753e6ef2c36d3/docs/checks.md#license", + "url": "https://github.com/ossf/scorecard/blob/367426ed5d9cc62f4944dc4a2174f3bbb5e22169/docs/checks.md#license", "short": "Determines if the project has defined a license." } }, @@ -211,7 +211,7 @@ "reason": "0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0", "name": "Maintained", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/28db9a99a4c2e43e1f90a5afed6753e6ef2c36d3/docs/checks.md#maintained", + "url": "https://github.com/ossf/scorecard/blob/367426ed5d9cc62f4944dc4a2174f3bbb5e22169/docs/checks.md#maintained", "short": "Determines if the project is \"actively maintained\"." } }, @@ -221,7 +221,7 @@ "reason": "packaging workflow not detected", "name": "Packaging", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/28db9a99a4c2e43e1f90a5afed6753e6ef2c36d3/docs/checks.md#packaging", + "url": "https://github.com/ossf/scorecard/blob/367426ed5d9cc62f4944dc4a2174f3bbb5e22169/docs/checks.md#packaging", "short": "Determines if the project is published as a package that others can easily download, install, easily update, and uninstall." } }, @@ -231,7 +231,7 @@ "reason": "no dependencies found", "name": "Pinned-Dependencies", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/28db9a99a4c2e43e1f90a5afed6753e6ef2c36d3/docs/checks.md#pinned-dependencies", + "url": "https://github.com/ossf/scorecard/blob/367426ed5d9cc62f4944dc4a2174f3bbb5e22169/docs/checks.md#pinned-dependencies", "short": "Determines if the project has declared and pinned the dependencies of its build process." } }, @@ -241,7 +241,7 @@ "reason": "no SAST tool detected", "name": "SAST", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/28db9a99a4c2e43e1f90a5afed6753e6ef2c36d3/docs/checks.md#sast", + "url": "https://github.com/ossf/scorecard/blob/367426ed5d9cc62f4944dc4a2174f3bbb5e22169/docs/checks.md#sast", "short": "Determines if the project uses static code analysis." } }, @@ -251,7 +251,7 @@ "reason": "security policy file detected", "name": "Security-Policy", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/28db9a99a4c2e43e1f90a5afed6753e6ef2c36d3/docs/checks.md#security-policy", + "url": "https://github.com/ossf/scorecard/blob/367426ed5d9cc62f4944dc4a2174f3bbb5e22169/docs/checks.md#security-policy", "short": "Determines if the project has published a security policy." } }, @@ -261,7 +261,7 @@ "reason": "no releases found", "name": "Signed-Releases", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/28db9a99a4c2e43e1f90a5afed6753e6ef2c36d3/docs/checks.md#signed-releases", + "url": "https://github.com/ossf/scorecard/blob/367426ed5d9cc62f4944dc4a2174f3bbb5e22169/docs/checks.md#signed-releases", "short": "Determines if the project cryptographically signs release artifacts." } }, @@ -271,7 +271,7 @@ "reason": "No tokens found", "name": "Token-Permissions", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/28db9a99a4c2e43e1f90a5afed6753e6ef2c36d3/docs/checks.md#token-permissions", + "url": "https://github.com/ossf/scorecard/blob/367426ed5d9cc62f4944dc4a2174f3bbb5e22169/docs/checks.md#token-permissions", "short": "Determines if the project's workflows follow the principle of least privilege." } }, @@ -281,7 +281,7 @@ "reason": "0 existing vulnerabilities detected", "name": "Vulnerabilities", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/28db9a99a4c2e43e1f90a5afed6753e6ef2c36d3/docs/checks.md#vulnerabilities", + "url": "https://github.com/ossf/scorecard/blob/367426ed5d9cc62f4944dc4a2174f3bbb5e22169/docs/checks.md#vulnerabilities", "short": "Determines if the project has open, known unfixed vulnerabilities." } } diff --git a/app/site/_data/DSACMS/metrics/metrics_data.json b/app/site/_data/DSACMS/metrics/metrics_data.json index 95bc593d47..6405a1d629 100644 --- a/app/site/_data/DSACMS/metrics/metrics_data.json +++ b/app/site/_data/DSACMS/metrics/metrics_data.json @@ -277,14 +277,14 @@ }, "created_at": "2023-07-18T14:10:58Z", "ossf_scorecard": { - "date": "2024-10-14T20:30:20Z", + "date": "2024-10-20T08:30:01Z", "repo": { "name": "github.com/DSACMS/metrics", - "commit": "8cf073e74039ab4971d422289541ebfef5793932" + "commit": "f9861eeee07f948b38b4db7b66348c7db7844876" }, "scorecard": { - "version": "v5.0.0-68-g28db9a99", - "commit": "28db9a99a4c2e43e1f90a5afed6753e6ef2c36d3" + "version": "v5.0.0-74-g367426ed", + "commit": "367426ed5d9cc62f4944dc4a2174f3bbb5e22169" }, "score": 6.5, "checks": [ @@ -294,7 +294,7 @@ "reason": "no binaries found in the repo", "name": "Binary-Artifacts", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/28db9a99a4c2e43e1f90a5afed6753e6ef2c36d3/docs/checks.md#binary-artifacts", + "url": "https://github.com/ossf/scorecard/blob/367426ed5d9cc62f4944dc4a2174f3bbb5e22169/docs/checks.md#binary-artifacts", "short": "Determines if the project has generated executable (binary) artifacts in the source repository." } }, @@ -304,7 +304,7 @@ "reason": "branch protection is not maximal on development and all release branches", "name": "Branch-Protection", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/28db9a99a4c2e43e1f90a5afed6753e6ef2c36d3/docs/checks.md#branch-protection", + "url": "https://github.com/ossf/scorecard/blob/367426ed5d9cc62f4944dc4a2174f3bbb5e22169/docs/checks.md#branch-protection", "short": "Determines if the default and release branches are protected with GitHub's branch protection settings." } }, @@ -314,7 +314,7 @@ "reason": "2 out of 2 merged PRs checked by a CI test -- score normalized to 10", "name": "CI-Tests", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/28db9a99a4c2e43e1f90a5afed6753e6ef2c36d3/docs/checks.md#ci-tests", + "url": "https://github.com/ossf/scorecard/blob/367426ed5d9cc62f4944dc4a2174f3bbb5e22169/docs/checks.md#ci-tests", "short": "Determines if the project runs tests before pull requests are merged." } }, @@ -324,7 +324,7 @@ "reason": "no effort to earn an OpenSSF best practices badge detected", "name": "CII-Best-Practices", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/28db9a99a4c2e43e1f90a5afed6753e6ef2c36d3/docs/checks.md#cii-best-practices", + "url": "https://github.com/ossf/scorecard/blob/367426ed5d9cc62f4944dc4a2174f3bbb5e22169/docs/checks.md#cii-best-practices", "short": "Determines if the project has an OpenSSF (formerly CII) Best Practices Badge." } }, @@ -334,7 +334,7 @@ "reason": "Found 0/27 approved changesets -- score normalized to 0", "name": "Code-Review", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/28db9a99a4c2e43e1f90a5afed6753e6ef2c36d3/docs/checks.md#code-review", + "url": "https://github.com/ossf/scorecard/blob/367426ed5d9cc62f4944dc4a2174f3bbb5e22169/docs/checks.md#code-review", "short": "Determines if the project requires human code review before pull requests (aka merge requests) are merged." } }, @@ -344,7 +344,7 @@ "reason": "project has 11 contributing companies or organizations", "name": "Contributors", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/28db9a99a4c2e43e1f90a5afed6753e6ef2c36d3/docs/checks.md#contributors", + "url": "https://github.com/ossf/scorecard/blob/367426ed5d9cc62f4944dc4a2174f3bbb5e22169/docs/checks.md#contributors", "short": "Determines if the project has a set of contributors from multiple organizations (e.g., companies)." } }, @@ -354,7 +354,7 @@ "reason": "no dangerous workflow patterns detected", "name": "Dangerous-Workflow", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/28db9a99a4c2e43e1f90a5afed6753e6ef2c36d3/docs/checks.md#dangerous-workflow", + "url": "https://github.com/ossf/scorecard/blob/367426ed5d9cc62f4944dc4a2174f3bbb5e22169/docs/checks.md#dangerous-workflow", "short": "Determines if the project's GitHub Action workflows avoid dangerous patterns." } }, @@ -364,7 +364,7 @@ "reason": "update tool detected", "name": "Dependency-Update-Tool", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/28db9a99a4c2e43e1f90a5afed6753e6ef2c36d3/docs/checks.md#dependency-update-tool", + "url": "https://github.com/ossf/scorecard/blob/367426ed5d9cc62f4944dc4a2174f3bbb5e22169/docs/checks.md#dependency-update-tool", "short": "Determines if the project uses a dependency update tool." } }, @@ -374,7 +374,7 @@ "reason": "project is not fuzzed", "name": "Fuzzing", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/28db9a99a4c2e43e1f90a5afed6753e6ef2c36d3/docs/checks.md#fuzzing", + "url": "https://github.com/ossf/scorecard/blob/367426ed5d9cc62f4944dc4a2174f3bbb5e22169/docs/checks.md#fuzzing", "short": "Determines if the project uses fuzzing." } }, @@ -384,7 +384,7 @@ "reason": "license file detected", "name": "License", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/28db9a99a4c2e43e1f90a5afed6753e6ef2c36d3/docs/checks.md#license", + "url": "https://github.com/ossf/scorecard/blob/367426ed5d9cc62f4944dc4a2174f3bbb5e22169/docs/checks.md#license", "short": "Determines if the project has defined a license." } }, @@ -394,7 +394,7 @@ "reason": "30 commit(s) and 20 issue activity found in the last 90 days -- score normalized to 10", "name": "Maintained", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/28db9a99a4c2e43e1f90a5afed6753e6ef2c36d3/docs/checks.md#maintained", + "url": "https://github.com/ossf/scorecard/blob/367426ed5d9cc62f4944dc4a2174f3bbb5e22169/docs/checks.md#maintained", "short": "Determines if the project is \"actively maintained\"." } }, @@ -404,7 +404,7 @@ "reason": "packaging workflow not detected", "name": "Packaging", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/28db9a99a4c2e43e1f90a5afed6753e6ef2c36d3/docs/checks.md#packaging", + "url": "https://github.com/ossf/scorecard/blob/367426ed5d9cc62f4944dc4a2174f3bbb5e22169/docs/checks.md#packaging", "short": "Determines if the project is published as a package that others can easily download, install, easily update, and uninstall." } }, @@ -414,7 +414,7 @@ "reason": "dependency not pinned by hash detected -- score normalized to 1", "name": "Pinned-Dependencies", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/28db9a99a4c2e43e1f90a5afed6753e6ef2c36d3/docs/checks.md#pinned-dependencies", + "url": "https://github.com/ossf/scorecard/blob/367426ed5d9cc62f4944dc4a2174f3bbb5e22169/docs/checks.md#pinned-dependencies", "short": "Determines if the project has declared and pinned the dependencies of its build process." } }, @@ -424,7 +424,7 @@ "reason": "SAST tool is run on all commits", "name": "SAST", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/28db9a99a4c2e43e1f90a5afed6753e6ef2c36d3/docs/checks.md#sast", + "url": "https://github.com/ossf/scorecard/blob/367426ed5d9cc62f4944dc4a2174f3bbb5e22169/docs/checks.md#sast", "short": "Determines if the project uses static code analysis." } }, @@ -434,7 +434,7 @@ "reason": "security policy file detected", "name": "Security-Policy", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/28db9a99a4c2e43e1f90a5afed6753e6ef2c36d3/docs/checks.md#security-policy", + "url": "https://github.com/ossf/scorecard/blob/367426ed5d9cc62f4944dc4a2174f3bbb5e22169/docs/checks.md#security-policy", "short": "Determines if the project has published a security policy." } }, @@ -444,7 +444,7 @@ "reason": "no releases found", "name": "Signed-Releases", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/28db9a99a4c2e43e1f90a5afed6753e6ef2c36d3/docs/checks.md#signed-releases", + "url": "https://github.com/ossf/scorecard/blob/367426ed5d9cc62f4944dc4a2174f3bbb5e22169/docs/checks.md#signed-releases", "short": "Determines if the project cryptographically signs release artifacts." } }, @@ -454,7 +454,7 @@ "reason": "detected GitHub workflow tokens with excessive permissions", "name": "Token-Permissions", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/28db9a99a4c2e43e1f90a5afed6753e6ef2c36d3/docs/checks.md#token-permissions", + "url": "https://github.com/ossf/scorecard/blob/367426ed5d9cc62f4944dc4a2174f3bbb5e22169/docs/checks.md#token-permissions", "short": "Determines if the project's workflows follow the principle of least privilege." } }, @@ -464,7 +464,7 @@ "reason": "3 existing vulnerabilities detected", "name": "Vulnerabilities", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/28db9a99a4c2e43e1f90a5afed6753e6ef2c36d3/docs/checks.md#vulnerabilities", + "url": "https://github.com/ossf/scorecard/blob/367426ed5d9cc62f4944dc4a2174f3bbb5e22169/docs/checks.md#vulnerabilities", "short": "Determines if the project has open, known unfixed vulnerabilities." } } diff --git a/app/site/_data/DSACMS/open/open_data.json b/app/site/_data/DSACMS/open/open_data.json index 06e4185302..2377a303ee 100644 --- a/app/site/_data/DSACMS/open/open_data.json +++ b/app/site/_data/DSACMS/open/open_data.json @@ -204,14 +204,14 @@ }, "created_at": "2023-06-06T16:35:30Z", "ossf_scorecard": { - "date": "2024-10-14T20:29:50Z", + "date": "2024-10-20T08:29:34Z", "repo": { "name": "github.com/DSACMS/open", "commit": "76f27f5d639953f1df350c934b865d12c5558d38" }, "scorecard": { - "version": "v5.0.0-68-g28db9a99", - "commit": "28db9a99a4c2e43e1f90a5afed6753e6ef2c36d3" + "version": "v5.0.0-74-g367426ed", + "commit": "367426ed5d9cc62f4944dc4a2174f3bbb5e22169" }, "score": 5.2, "checks": [ @@ -221,7 +221,7 @@ "reason": "no binaries found in the repo", "name": "Binary-Artifacts", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/28db9a99a4c2e43e1f90a5afed6753e6ef2c36d3/docs/checks.md#binary-artifacts", + "url": "https://github.com/ossf/scorecard/blob/367426ed5d9cc62f4944dc4a2174f3bbb5e22169/docs/checks.md#binary-artifacts", "short": "Determines if the project has generated executable (binary) artifacts in the source repository." } }, @@ -231,7 +231,7 @@ "reason": "branch protection not enabled on development/release branches", "name": "Branch-Protection", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/28db9a99a4c2e43e1f90a5afed6753e6ef2c36d3/docs/checks.md#branch-protection", + "url": "https://github.com/ossf/scorecard/blob/367426ed5d9cc62f4944dc4a2174f3bbb5e22169/docs/checks.md#branch-protection", "short": "Determines if the default and release branches are protected with GitHub's branch protection settings." } }, @@ -241,7 +241,7 @@ "reason": "6 out of 8 merged PRs checked by a CI test -- score normalized to 7", "name": "CI-Tests", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/28db9a99a4c2e43e1f90a5afed6753e6ef2c36d3/docs/checks.md#ci-tests", + "url": "https://github.com/ossf/scorecard/blob/367426ed5d9cc62f4944dc4a2174f3bbb5e22169/docs/checks.md#ci-tests", "short": "Determines if the project runs tests before pull requests are merged." } }, @@ -251,7 +251,7 @@ "reason": "no effort to earn an OpenSSF best practices badge detected", "name": "CII-Best-Practices", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/28db9a99a4c2e43e1f90a5afed6753e6ef2c36d3/docs/checks.md#cii-best-practices", + "url": "https://github.com/ossf/scorecard/blob/367426ed5d9cc62f4944dc4a2174f3bbb5e22169/docs/checks.md#cii-best-practices", "short": "Determines if the project has an OpenSSF (formerly CII) Best Practices Badge." } }, @@ -261,7 +261,7 @@ "reason": "Found 6/13 approved changesets -- score normalized to 4", "name": "Code-Review", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/28db9a99a4c2e43e1f90a5afed6753e6ef2c36d3/docs/checks.md#code-review", + "url": "https://github.com/ossf/scorecard/blob/367426ed5d9cc62f4944dc4a2174f3bbb5e22169/docs/checks.md#code-review", "short": "Determines if the project requires human code review before pull requests (aka merge requests) are merged." } }, @@ -271,7 +271,7 @@ "reason": "project has 1 contributing companies or organizations -- score normalized to 3", "name": "Contributors", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/28db9a99a4c2e43e1f90a5afed6753e6ef2c36d3/docs/checks.md#contributors", + "url": "https://github.com/ossf/scorecard/blob/367426ed5d9cc62f4944dc4a2174f3bbb5e22169/docs/checks.md#contributors", "short": "Determines if the project has a set of contributors from multiple organizations (e.g., companies)." } }, @@ -281,7 +281,7 @@ "reason": "no dangerous workflow patterns detected", "name": "Dangerous-Workflow", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/28db9a99a4c2e43e1f90a5afed6753e6ef2c36d3/docs/checks.md#dangerous-workflow", + "url": "https://github.com/ossf/scorecard/blob/367426ed5d9cc62f4944dc4a2174f3bbb5e22169/docs/checks.md#dangerous-workflow", "short": "Determines if the project's GitHub Action workflows avoid dangerous patterns." } }, @@ -291,7 +291,7 @@ "reason": "no update tool detected", "name": "Dependency-Update-Tool", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/28db9a99a4c2e43e1f90a5afed6753e6ef2c36d3/docs/checks.md#dependency-update-tool", + "url": "https://github.com/ossf/scorecard/blob/367426ed5d9cc62f4944dc4a2174f3bbb5e22169/docs/checks.md#dependency-update-tool", "short": "Determines if the project uses a dependency update tool." } }, @@ -301,7 +301,7 @@ "reason": "project is not fuzzed", "name": "Fuzzing", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/28db9a99a4c2e43e1f90a5afed6753e6ef2c36d3/docs/checks.md#fuzzing", + "url": "https://github.com/ossf/scorecard/blob/367426ed5d9cc62f4944dc4a2174f3bbb5e22169/docs/checks.md#fuzzing", "short": "Determines if the project uses fuzzing." } }, @@ -311,17 +311,17 @@ "reason": "license file detected", "name": "License", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/28db9a99a4c2e43e1f90a5afed6753e6ef2c36d3/docs/checks.md#license", + "url": "https://github.com/ossf/scorecard/blob/367426ed5d9cc62f4944dc4a2174f3bbb5e22169/docs/checks.md#license", "short": "Determines if the project has defined a license." } }, { "details": null, "score": 10, - "reason": "11 commit(s) and 16 issue activity found in the last 90 days -- score normalized to 10", + "reason": "10 commit(s) and 16 issue activity found in the last 90 days -- score normalized to 10", "name": "Maintained", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/28db9a99a4c2e43e1f90a5afed6753e6ef2c36d3/docs/checks.md#maintained", + "url": "https://github.com/ossf/scorecard/blob/367426ed5d9cc62f4944dc4a2174f3bbb5e22169/docs/checks.md#maintained", "short": "Determines if the project is \"actively maintained\"." } }, @@ -331,7 +331,7 @@ "reason": "packaging workflow not detected", "name": "Packaging", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/28db9a99a4c2e43e1f90a5afed6753e6ef2c36d3/docs/checks.md#packaging", + "url": "https://github.com/ossf/scorecard/blob/367426ed5d9cc62f4944dc4a2174f3bbb5e22169/docs/checks.md#packaging", "short": "Determines if the project is published as a package that others can easily download, install, easily update, and uninstall." } }, @@ -341,7 +341,7 @@ "reason": "dependency not pinned by hash detected -- score normalized to 1", "name": "Pinned-Dependencies", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/28db9a99a4c2e43e1f90a5afed6753e6ef2c36d3/docs/checks.md#pinned-dependencies", + "url": "https://github.com/ossf/scorecard/blob/367426ed5d9cc62f4944dc4a2174f3bbb5e22169/docs/checks.md#pinned-dependencies", "short": "Determines if the project has declared and pinned the dependencies of its build process." } }, @@ -351,7 +351,7 @@ "reason": "SAST tool is not run on all commits -- score normalized to 5", "name": "SAST", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/28db9a99a4c2e43e1f90a5afed6753e6ef2c36d3/docs/checks.md#sast", + "url": "https://github.com/ossf/scorecard/blob/367426ed5d9cc62f4944dc4a2174f3bbb5e22169/docs/checks.md#sast", "short": "Determines if the project uses static code analysis." } }, @@ -361,7 +361,7 @@ "reason": "security policy file detected", "name": "Security-Policy", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/28db9a99a4c2e43e1f90a5afed6753e6ef2c36d3/docs/checks.md#security-policy", + "url": "https://github.com/ossf/scorecard/blob/367426ed5d9cc62f4944dc4a2174f3bbb5e22169/docs/checks.md#security-policy", "short": "Determines if the project has published a security policy." } }, @@ -371,7 +371,7 @@ "reason": "no releases found", "name": "Signed-Releases", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/28db9a99a4c2e43e1f90a5afed6753e6ef2c36d3/docs/checks.md#signed-releases", + "url": "https://github.com/ossf/scorecard/blob/367426ed5d9cc62f4944dc4a2174f3bbb5e22169/docs/checks.md#signed-releases", "short": "Determines if the project cryptographically signs release artifacts." } }, @@ -381,7 +381,7 @@ "reason": "GitHub workflow tokens follow principle of least privilege", "name": "Token-Permissions", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/28db9a99a4c2e43e1f90a5afed6753e6ef2c36d3/docs/checks.md#token-permissions", + "url": "https://github.com/ossf/scorecard/blob/367426ed5d9cc62f4944dc4a2174f3bbb5e22169/docs/checks.md#token-permissions", "short": "Determines if the project's workflows follow the principle of least privilege." } }, @@ -391,7 +391,7 @@ "reason": "15 existing vulnerabilities detected", "name": "Vulnerabilities", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/28db9a99a4c2e43e1f90a5afed6753e6ef2c36d3/docs/checks.md#vulnerabilities", + "url": "https://github.com/ossf/scorecard/blob/367426ed5d9cc62f4944dc4a2174f3bbb5e22169/docs/checks.md#vulnerabilities", "short": "Determines if the project has open, known unfixed vulnerabilities." } } diff --git a/app/site/_data/DSACMS/opportunities/opportunities_data.json b/app/site/_data/DSACMS/opportunities/opportunities_data.json index c972a58029..f659c6ddf4 100644 --- a/app/site/_data/DSACMS/opportunities/opportunities_data.json +++ b/app/site/_data/DSACMS/opportunities/opportunities_data.json @@ -89,14 +89,14 @@ }, "created_at": "2023-06-29T15:55:54Z", "ossf_scorecard": { - "date": "2024-10-14T20:31:04Z", + "date": "2024-10-20T08:30:42Z", "repo": { "name": "github.com/DSACMS/opportunities", "commit": "9fc14ff61eac943699c5ed4b7328e9cb52e0a8bd" }, "scorecard": { - "version": "v5.0.0-68-g28db9a99", - "commit": "28db9a99a4c2e43e1f90a5afed6753e6ef2c36d3" + "version": "v5.0.0-74-g367426ed", + "commit": "367426ed5d9cc62f4944dc4a2174f3bbb5e22169" }, "score": 3.7, "checks": [ @@ -106,7 +106,7 @@ "reason": "no binaries found in the repo", "name": "Binary-Artifacts", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/28db9a99a4c2e43e1f90a5afed6753e6ef2c36d3/docs/checks.md#binary-artifacts", + "url": "https://github.com/ossf/scorecard/blob/367426ed5d9cc62f4944dc4a2174f3bbb5e22169/docs/checks.md#binary-artifacts", "short": "Determines if the project has generated executable (binary) artifacts in the source repository." } }, @@ -116,7 +116,7 @@ "reason": "branch protection not enabled on development/release branches", "name": "Branch-Protection", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/28db9a99a4c2e43e1f90a5afed6753e6ef2c36d3/docs/checks.md#branch-protection", + "url": "https://github.com/ossf/scorecard/blob/367426ed5d9cc62f4944dc4a2174f3bbb5e22169/docs/checks.md#branch-protection", "short": "Determines if the default and release branches are protected with GitHub's branch protection settings." } }, @@ -126,7 +126,7 @@ "reason": "no pull request found", "name": "CI-Tests", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/28db9a99a4c2e43e1f90a5afed6753e6ef2c36d3/docs/checks.md#ci-tests", + "url": "https://github.com/ossf/scorecard/blob/367426ed5d9cc62f4944dc4a2174f3bbb5e22169/docs/checks.md#ci-tests", "short": "Determines if the project runs tests before pull requests are merged." } }, @@ -136,7 +136,7 @@ "reason": "no effort to earn an OpenSSF best practices badge detected", "name": "CII-Best-Practices", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/28db9a99a4c2e43e1f90a5afed6753e6ef2c36d3/docs/checks.md#cii-best-practices", + "url": "https://github.com/ossf/scorecard/blob/367426ed5d9cc62f4944dc4a2174f3bbb5e22169/docs/checks.md#cii-best-practices", "short": "Determines if the project has an OpenSSF (formerly CII) Best Practices Badge." } }, @@ -146,7 +146,7 @@ "reason": "Found 0/30 approved changesets -- score normalized to 0", "name": "Code-Review", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/28db9a99a4c2e43e1f90a5afed6753e6ef2c36d3/docs/checks.md#code-review", + "url": "https://github.com/ossf/scorecard/blob/367426ed5d9cc62f4944dc4a2174f3bbb5e22169/docs/checks.md#code-review", "short": "Determines if the project requires human code review before pull requests (aka merge requests) are merged." } }, @@ -156,7 +156,7 @@ "reason": "project has 3 contributing companies or organizations -- score normalized to 10", "name": "Contributors", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/28db9a99a4c2e43e1f90a5afed6753e6ef2c36d3/docs/checks.md#contributors", + "url": "https://github.com/ossf/scorecard/blob/367426ed5d9cc62f4944dc4a2174f3bbb5e22169/docs/checks.md#contributors", "short": "Determines if the project has a set of contributors from multiple organizations (e.g., companies)." } }, @@ -166,7 +166,7 @@ "reason": "no workflows found", "name": "Dangerous-Workflow", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/28db9a99a4c2e43e1f90a5afed6753e6ef2c36d3/docs/checks.md#dangerous-workflow", + "url": "https://github.com/ossf/scorecard/blob/367426ed5d9cc62f4944dc4a2174f3bbb5e22169/docs/checks.md#dangerous-workflow", "short": "Determines if the project's GitHub Action workflows avoid dangerous patterns." } }, @@ -176,7 +176,7 @@ "reason": "no update tool detected", "name": "Dependency-Update-Tool", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/28db9a99a4c2e43e1f90a5afed6753e6ef2c36d3/docs/checks.md#dependency-update-tool", + "url": "https://github.com/ossf/scorecard/blob/367426ed5d9cc62f4944dc4a2174f3bbb5e22169/docs/checks.md#dependency-update-tool", "short": "Determines if the project uses a dependency update tool." } }, @@ -186,7 +186,7 @@ "reason": "project is not fuzzed", "name": "Fuzzing", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/28db9a99a4c2e43e1f90a5afed6753e6ef2c36d3/docs/checks.md#fuzzing", + "url": "https://github.com/ossf/scorecard/blob/367426ed5d9cc62f4944dc4a2174f3bbb5e22169/docs/checks.md#fuzzing", "short": "Determines if the project uses fuzzing." } }, @@ -196,7 +196,7 @@ "reason": "license file detected", "name": "License", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/28db9a99a4c2e43e1f90a5afed6753e6ef2c36d3/docs/checks.md#license", + "url": "https://github.com/ossf/scorecard/blob/367426ed5d9cc62f4944dc4a2174f3bbb5e22169/docs/checks.md#license", "short": "Determines if the project has defined a license." } }, @@ -206,7 +206,7 @@ "reason": "0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0", "name": "Maintained", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/28db9a99a4c2e43e1f90a5afed6753e6ef2c36d3/docs/checks.md#maintained", + "url": "https://github.com/ossf/scorecard/blob/367426ed5d9cc62f4944dc4a2174f3bbb5e22169/docs/checks.md#maintained", "short": "Determines if the project is \"actively maintained\"." } }, @@ -216,7 +216,7 @@ "reason": "packaging workflow not detected", "name": "Packaging", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/28db9a99a4c2e43e1f90a5afed6753e6ef2c36d3/docs/checks.md#packaging", + "url": "https://github.com/ossf/scorecard/blob/367426ed5d9cc62f4944dc4a2174f3bbb5e22169/docs/checks.md#packaging", "short": "Determines if the project is published as a package that others can easily download, install, easily update, and uninstall." } }, @@ -226,7 +226,7 @@ "reason": "no dependencies found", "name": "Pinned-Dependencies", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/28db9a99a4c2e43e1f90a5afed6753e6ef2c36d3/docs/checks.md#pinned-dependencies", + "url": "https://github.com/ossf/scorecard/blob/367426ed5d9cc62f4944dc4a2174f3bbb5e22169/docs/checks.md#pinned-dependencies", "short": "Determines if the project has declared and pinned the dependencies of its build process." } }, @@ -236,7 +236,7 @@ "reason": "no SAST tool detected", "name": "SAST", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/28db9a99a4c2e43e1f90a5afed6753e6ef2c36d3/docs/checks.md#sast", + "url": "https://github.com/ossf/scorecard/blob/367426ed5d9cc62f4944dc4a2174f3bbb5e22169/docs/checks.md#sast", "short": "Determines if the project uses static code analysis." } }, @@ -246,7 +246,7 @@ "reason": "security policy file detected", "name": "Security-Policy", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/28db9a99a4c2e43e1f90a5afed6753e6ef2c36d3/docs/checks.md#security-policy", + "url": "https://github.com/ossf/scorecard/blob/367426ed5d9cc62f4944dc4a2174f3bbb5e22169/docs/checks.md#security-policy", "short": "Determines if the project has published a security policy." } }, @@ -256,7 +256,7 @@ "reason": "no releases found", "name": "Signed-Releases", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/28db9a99a4c2e43e1f90a5afed6753e6ef2c36d3/docs/checks.md#signed-releases", + "url": "https://github.com/ossf/scorecard/blob/367426ed5d9cc62f4944dc4a2174f3bbb5e22169/docs/checks.md#signed-releases", "short": "Determines if the project cryptographically signs release artifacts." } }, @@ -266,7 +266,7 @@ "reason": "No tokens found", "name": "Token-Permissions", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/28db9a99a4c2e43e1f90a5afed6753e6ef2c36d3/docs/checks.md#token-permissions", + "url": "https://github.com/ossf/scorecard/blob/367426ed5d9cc62f4944dc4a2174f3bbb5e22169/docs/checks.md#token-permissions", "short": "Determines if the project's workflows follow the principle of least privilege." } }, @@ -276,7 +276,7 @@ "reason": "0 existing vulnerabilities detected", "name": "Vulnerabilities", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/28db9a99a4c2e43e1f90a5afed6753e6ef2c36d3/docs/checks.md#vulnerabilities", + "url": "https://github.com/ossf/scorecard/blob/367426ed5d9cc62f4944dc4a2174f3bbb5e22169/docs/checks.md#vulnerabilities", "short": "Determines if the project has open, known unfixed vulnerabilities." } } diff --git a/app/site/_data/DSACMS/oss-community-runbook/oss-community-runbook_data.json b/app/site/_data/DSACMS/oss-community-runbook/oss-community-runbook_data.json index 03b50a9c97..303636e9fa 100644 --- a/app/site/_data/DSACMS/oss-community-runbook/oss-community-runbook_data.json +++ b/app/site/_data/DSACMS/oss-community-runbook/oss-community-runbook_data.json @@ -88,14 +88,14 @@ }, "created_at": "2023-07-20T20:34:00Z", "ossf_scorecard": { - "date": "2024-10-14T20:30:14Z", + "date": "2024-10-20T08:29:55Z", "repo": { "name": "github.com/DSACMS/oss-community-runbook", "commit": "c4a8f78466aa0a118409a884344357931c55d6c3" }, "scorecard": { - "version": "v5.0.0-68-g28db9a99", - "commit": "28db9a99a4c2e43e1f90a5afed6753e6ef2c36d3" + "version": "v5.0.0-74-g367426ed", + "commit": "367426ed5d9cc62f4944dc4a2174f3bbb5e22169" }, "score": 3.3, "checks": [ @@ -105,7 +105,7 @@ "reason": "no binaries found in the repo", "name": "Binary-Artifacts", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/28db9a99a4c2e43e1f90a5afed6753e6ef2c36d3/docs/checks.md#binary-artifacts", + "url": "https://github.com/ossf/scorecard/blob/367426ed5d9cc62f4944dc4a2174f3bbb5e22169/docs/checks.md#binary-artifacts", "short": "Determines if the project has generated executable (binary) artifacts in the source repository." } }, @@ -115,7 +115,7 @@ "reason": "branch protection not enabled on development/release branches", "name": "Branch-Protection", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/28db9a99a4c2e43e1f90a5afed6753e6ef2c36d3/docs/checks.md#branch-protection", + "url": "https://github.com/ossf/scorecard/blob/367426ed5d9cc62f4944dc4a2174f3bbb5e22169/docs/checks.md#branch-protection", "short": "Determines if the default and release branches are protected with GitHub's branch protection settings." } }, @@ -125,7 +125,7 @@ "reason": "no pull request found", "name": "CI-Tests", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/28db9a99a4c2e43e1f90a5afed6753e6ef2c36d3/docs/checks.md#ci-tests", + "url": "https://github.com/ossf/scorecard/blob/367426ed5d9cc62f4944dc4a2174f3bbb5e22169/docs/checks.md#ci-tests", "short": "Determines if the project runs tests before pull requests are merged." } }, @@ -135,7 +135,7 @@ "reason": "no effort to earn an OpenSSF best practices badge detected", "name": "CII-Best-Practices", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/28db9a99a4c2e43e1f90a5afed6753e6ef2c36d3/docs/checks.md#cii-best-practices", + "url": "https://github.com/ossf/scorecard/blob/367426ed5d9cc62f4944dc4a2174f3bbb5e22169/docs/checks.md#cii-best-practices", "short": "Determines if the project has an OpenSSF (formerly CII) Best Practices Badge." } }, @@ -145,7 +145,7 @@ "reason": "Found 0/1 approved changesets -- score normalized to 0", "name": "Code-Review", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/28db9a99a4c2e43e1f90a5afed6753e6ef2c36d3/docs/checks.md#code-review", + "url": "https://github.com/ossf/scorecard/blob/367426ed5d9cc62f4944dc4a2174f3bbb5e22169/docs/checks.md#code-review", "short": "Determines if the project requires human code review before pull requests (aka merge requests) are merged." } }, @@ -155,7 +155,7 @@ "reason": "project has 0 contributing companies or organizations -- score normalized to 0", "name": "Contributors", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/28db9a99a4c2e43e1f90a5afed6753e6ef2c36d3/docs/checks.md#contributors", + "url": "https://github.com/ossf/scorecard/blob/367426ed5d9cc62f4944dc4a2174f3bbb5e22169/docs/checks.md#contributors", "short": "Determines if the project has a set of contributors from multiple organizations (e.g., companies)." } }, @@ -165,7 +165,7 @@ "reason": "no workflows found", "name": "Dangerous-Workflow", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/28db9a99a4c2e43e1f90a5afed6753e6ef2c36d3/docs/checks.md#dangerous-workflow", + "url": "https://github.com/ossf/scorecard/blob/367426ed5d9cc62f4944dc4a2174f3bbb5e22169/docs/checks.md#dangerous-workflow", "short": "Determines if the project's GitHub Action workflows avoid dangerous patterns." } }, @@ -175,7 +175,7 @@ "reason": "no update tool detected", "name": "Dependency-Update-Tool", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/28db9a99a4c2e43e1f90a5afed6753e6ef2c36d3/docs/checks.md#dependency-update-tool", + "url": "https://github.com/ossf/scorecard/blob/367426ed5d9cc62f4944dc4a2174f3bbb5e22169/docs/checks.md#dependency-update-tool", "short": "Determines if the project uses a dependency update tool." } }, @@ -185,7 +185,7 @@ "reason": "project is not fuzzed", "name": "Fuzzing", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/28db9a99a4c2e43e1f90a5afed6753e6ef2c36d3/docs/checks.md#fuzzing", + "url": "https://github.com/ossf/scorecard/blob/367426ed5d9cc62f4944dc4a2174f3bbb5e22169/docs/checks.md#fuzzing", "short": "Determines if the project uses fuzzing." } }, @@ -195,7 +195,7 @@ "reason": "license file detected", "name": "License", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/28db9a99a4c2e43e1f90a5afed6753e6ef2c36d3/docs/checks.md#license", + "url": "https://github.com/ossf/scorecard/blob/367426ed5d9cc62f4944dc4a2174f3bbb5e22169/docs/checks.md#license", "short": "Determines if the project has defined a license." } }, @@ -205,7 +205,7 @@ "reason": "0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0", "name": "Maintained", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/28db9a99a4c2e43e1f90a5afed6753e6ef2c36d3/docs/checks.md#maintained", + "url": "https://github.com/ossf/scorecard/blob/367426ed5d9cc62f4944dc4a2174f3bbb5e22169/docs/checks.md#maintained", "short": "Determines if the project is \"actively maintained\"." } }, @@ -215,7 +215,7 @@ "reason": "packaging workflow not detected", "name": "Packaging", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/28db9a99a4c2e43e1f90a5afed6753e6ef2c36d3/docs/checks.md#packaging", + "url": "https://github.com/ossf/scorecard/blob/367426ed5d9cc62f4944dc4a2174f3bbb5e22169/docs/checks.md#packaging", "short": "Determines if the project is published as a package that others can easily download, install, easily update, and uninstall." } }, @@ -225,7 +225,7 @@ "reason": "no dependencies found", "name": "Pinned-Dependencies", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/28db9a99a4c2e43e1f90a5afed6753e6ef2c36d3/docs/checks.md#pinned-dependencies", + "url": "https://github.com/ossf/scorecard/blob/367426ed5d9cc62f4944dc4a2174f3bbb5e22169/docs/checks.md#pinned-dependencies", "short": "Determines if the project has declared and pinned the dependencies of its build process." } }, @@ -235,7 +235,7 @@ "reason": "no SAST tool detected", "name": "SAST", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/28db9a99a4c2e43e1f90a5afed6753e6ef2c36d3/docs/checks.md#sast", + "url": "https://github.com/ossf/scorecard/blob/367426ed5d9cc62f4944dc4a2174f3bbb5e22169/docs/checks.md#sast", "short": "Determines if the project uses static code analysis." } }, @@ -245,7 +245,7 @@ "reason": "security policy file detected", "name": "Security-Policy", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/28db9a99a4c2e43e1f90a5afed6753e6ef2c36d3/docs/checks.md#security-policy", + "url": "https://github.com/ossf/scorecard/blob/367426ed5d9cc62f4944dc4a2174f3bbb5e22169/docs/checks.md#security-policy", "short": "Determines if the project has published a security policy." } }, @@ -255,7 +255,7 @@ "reason": "no releases found", "name": "Signed-Releases", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/28db9a99a4c2e43e1f90a5afed6753e6ef2c36d3/docs/checks.md#signed-releases", + "url": "https://github.com/ossf/scorecard/blob/367426ed5d9cc62f4944dc4a2174f3bbb5e22169/docs/checks.md#signed-releases", "short": "Determines if the project cryptographically signs release artifacts." } }, @@ -265,7 +265,7 @@ "reason": "No tokens found", "name": "Token-Permissions", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/28db9a99a4c2e43e1f90a5afed6753e6ef2c36d3/docs/checks.md#token-permissions", + "url": "https://github.com/ossf/scorecard/blob/367426ed5d9cc62f4944dc4a2174f3bbb5e22169/docs/checks.md#token-permissions", "short": "Determines if the project's workflows follow the principle of least privilege." } }, @@ -275,7 +275,7 @@ "reason": "0 existing vulnerabilities detected", "name": "Vulnerabilities", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/28db9a99a4c2e43e1f90a5afed6753e6ef2c36d3/docs/checks.md#vulnerabilities", + "url": "https://github.com/ossf/scorecard/blob/367426ed5d9cc62f4944dc4a2174f3bbb5e22169/docs/checks.md#vulnerabilities", "short": "Determines if the project has open, known unfixed vulnerabilities." } } diff --git a/app/site/_data/DSACMS/repo-scaffolder/repo-scaffolder_data.json b/app/site/_data/DSACMS/repo-scaffolder/repo-scaffolder_data.json index 98135f1b46..5aa537d2da 100644 --- a/app/site/_data/DSACMS/repo-scaffolder/repo-scaffolder_data.json +++ b/app/site/_data/DSACMS/repo-scaffolder/repo-scaffolder_data.json @@ -247,14 +247,14 @@ "repository_host": "Github.com", "maturity_model_tier": "3", "ossf_scorecard": { - "date": "2024-10-14T20:30:36Z", + "date": "2024-10-20T08:30:16Z", "repo": { "name": "github.com/DSACMS/repo-scaffolder", "commit": "1757677ce111e400870d2b60e8ffbbfaf917b41e" }, "scorecard": { - "version": "v5.0.0-68-g28db9a99", - "commit": "28db9a99a4c2e43e1f90a5afed6753e6ef2c36d3" + "version": "v5.0.0-74-g367426ed", + "commit": "367426ed5d9cc62f4944dc4a2174f3bbb5e22169" }, "score": 6.5, "checks": [ @@ -264,7 +264,7 @@ "reason": "no binaries found in the repo", "name": "Binary-Artifacts", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/28db9a99a4c2e43e1f90a5afed6753e6ef2c36d3/docs/checks.md#binary-artifacts", + "url": "https://github.com/ossf/scorecard/blob/367426ed5d9cc62f4944dc4a2174f3bbb5e22169/docs/checks.md#binary-artifacts", "short": "Determines if the project has generated executable (binary) artifacts in the source repository." } }, @@ -274,7 +274,7 @@ "reason": "branch protection is not maximal on development and all release branches", "name": "Branch-Protection", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/28db9a99a4c2e43e1f90a5afed6753e6ef2c36d3/docs/checks.md#branch-protection", + "url": "https://github.com/ossf/scorecard/blob/367426ed5d9cc62f4944dc4a2174f3bbb5e22169/docs/checks.md#branch-protection", "short": "Determines if the default and release branches are protected with GitHub's branch protection settings." } }, @@ -284,7 +284,7 @@ "reason": "10 out of 11 merged PRs checked by a CI test -- score normalized to 9", "name": "CI-Tests", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/28db9a99a4c2e43e1f90a5afed6753e6ef2c36d3/docs/checks.md#ci-tests", + "url": "https://github.com/ossf/scorecard/blob/367426ed5d9cc62f4944dc4a2174f3bbb5e22169/docs/checks.md#ci-tests", "short": "Determines if the project runs tests before pull requests are merged." } }, @@ -294,7 +294,7 @@ "reason": "no effort to earn an OpenSSF best practices badge detected", "name": "CII-Best-Practices", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/28db9a99a4c2e43e1f90a5afed6753e6ef2c36d3/docs/checks.md#cii-best-practices", + "url": "https://github.com/ossf/scorecard/blob/367426ed5d9cc62f4944dc4a2174f3bbb5e22169/docs/checks.md#cii-best-practices", "short": "Determines if the project has an OpenSSF (formerly CII) Best Practices Badge." } }, @@ -304,7 +304,7 @@ "reason": "all changesets reviewed", "name": "Code-Review", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/28db9a99a4c2e43e1f90a5afed6753e6ef2c36d3/docs/checks.md#code-review", + "url": "https://github.com/ossf/scorecard/blob/367426ed5d9cc62f4944dc4a2174f3bbb5e22169/docs/checks.md#code-review", "short": "Determines if the project requires human code review before pull requests (aka merge requests) are merged." } }, @@ -314,7 +314,7 @@ "reason": "project has 12 contributing companies or organizations", "name": "Contributors", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/28db9a99a4c2e43e1f90a5afed6753e6ef2c36d3/docs/checks.md#contributors", + "url": "https://github.com/ossf/scorecard/blob/367426ed5d9cc62f4944dc4a2174f3bbb5e22169/docs/checks.md#contributors", "short": "Determines if the project has a set of contributors from multiple organizations (e.g., companies)." } }, @@ -324,7 +324,7 @@ "reason": "no dangerous workflow patterns detected", "name": "Dangerous-Workflow", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/28db9a99a4c2e43e1f90a5afed6753e6ef2c36d3/docs/checks.md#dangerous-workflow", + "url": "https://github.com/ossf/scorecard/blob/367426ed5d9cc62f4944dc4a2174f3bbb5e22169/docs/checks.md#dangerous-workflow", "short": "Determines if the project's GitHub Action workflows avoid dangerous patterns." } }, @@ -334,7 +334,7 @@ "reason": "no update tool detected", "name": "Dependency-Update-Tool", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/28db9a99a4c2e43e1f90a5afed6753e6ef2c36d3/docs/checks.md#dependency-update-tool", + "url": "https://github.com/ossf/scorecard/blob/367426ed5d9cc62f4944dc4a2174f3bbb5e22169/docs/checks.md#dependency-update-tool", "short": "Determines if the project uses a dependency update tool." } }, @@ -344,7 +344,7 @@ "reason": "project is not fuzzed", "name": "Fuzzing", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/28db9a99a4c2e43e1f90a5afed6753e6ef2c36d3/docs/checks.md#fuzzing", + "url": "https://github.com/ossf/scorecard/blob/367426ed5d9cc62f4944dc4a2174f3bbb5e22169/docs/checks.md#fuzzing", "short": "Determines if the project uses fuzzing." } }, @@ -354,7 +354,7 @@ "reason": "license file detected", "name": "License", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/28db9a99a4c2e43e1f90a5afed6753e6ef2c36d3/docs/checks.md#license", + "url": "https://github.com/ossf/scorecard/blob/367426ed5d9cc62f4944dc4a2174f3bbb5e22169/docs/checks.md#license", "short": "Determines if the project has defined a license." } }, @@ -364,7 +364,7 @@ "reason": "30 commit(s) and 17 issue activity found in the last 90 days -- score normalized to 10", "name": "Maintained", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/28db9a99a4c2e43e1f90a5afed6753e6ef2c36d3/docs/checks.md#maintained", + "url": "https://github.com/ossf/scorecard/blob/367426ed5d9cc62f4944dc4a2174f3bbb5e22169/docs/checks.md#maintained", "short": "Determines if the project is \"actively maintained\"." } }, @@ -374,7 +374,7 @@ "reason": "packaging workflow not detected", "name": "Packaging", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/28db9a99a4c2e43e1f90a5afed6753e6ef2c36d3/docs/checks.md#packaging", + "url": "https://github.com/ossf/scorecard/blob/367426ed5d9cc62f4944dc4a2174f3bbb5e22169/docs/checks.md#packaging", "short": "Determines if the project is published as a package that others can easily download, install, easily update, and uninstall." } }, @@ -384,7 +384,7 @@ "reason": "dependency not pinned by hash detected -- score normalized to 0", "name": "Pinned-Dependencies", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/28db9a99a4c2e43e1f90a5afed6753e6ef2c36d3/docs/checks.md#pinned-dependencies", + "url": "https://github.com/ossf/scorecard/blob/367426ed5d9cc62f4944dc4a2174f3bbb5e22169/docs/checks.md#pinned-dependencies", "short": "Determines if the project has declared and pinned the dependencies of its build process." } }, @@ -394,7 +394,7 @@ "reason": "SAST tool is not run on all commits -- score normalized to 9", "name": "SAST", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/28db9a99a4c2e43e1f90a5afed6753e6ef2c36d3/docs/checks.md#sast", + "url": "https://github.com/ossf/scorecard/blob/367426ed5d9cc62f4944dc4a2174f3bbb5e22169/docs/checks.md#sast", "short": "Determines if the project uses static code analysis." } }, @@ -404,7 +404,7 @@ "reason": "security policy file detected", "name": "Security-Policy", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/28db9a99a4c2e43e1f90a5afed6753e6ef2c36d3/docs/checks.md#security-policy", + "url": "https://github.com/ossf/scorecard/blob/367426ed5d9cc62f4944dc4a2174f3bbb5e22169/docs/checks.md#security-policy", "short": "Determines if the project has published a security policy." } }, @@ -414,7 +414,7 @@ "reason": "no releases found", "name": "Signed-Releases", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/28db9a99a4c2e43e1f90a5afed6753e6ef2c36d3/docs/checks.md#signed-releases", + "url": "https://github.com/ossf/scorecard/blob/367426ed5d9cc62f4944dc4a2174f3bbb5e22169/docs/checks.md#signed-releases", "short": "Determines if the project cryptographically signs release artifacts." } }, @@ -424,7 +424,7 @@ "reason": "detected GitHub workflow tokens with excessive permissions", "name": "Token-Permissions", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/28db9a99a4c2e43e1f90a5afed6753e6ef2c36d3/docs/checks.md#token-permissions", + "url": "https://github.com/ossf/scorecard/blob/367426ed5d9cc62f4944dc4a2174f3bbb5e22169/docs/checks.md#token-permissions", "short": "Determines if the project's workflows follow the principle of least privilege." } }, @@ -434,7 +434,7 @@ "reason": "0 existing vulnerabilities detected", "name": "Vulnerabilities", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/28db9a99a4c2e43e1f90a5afed6753e6ef2c36d3/docs/checks.md#vulnerabilities", + "url": "https://github.com/ossf/scorecard/blob/367426ed5d9cc62f4944dc4a2174f3bbb5e22169/docs/checks.md#vulnerabilities", "short": "Determines if the project has open, known unfixed vulnerabilities." } }