Skip to content

Instantly share code, notes, and snippets.

@kartben

kartben/openssf-scorecard-zephyr-20230424

Last active April 24, 2023 14:53
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save kartben/e9ad546bd3ef9cc1c5880b9dc32186e6 to your computer and use it in GitHub Desktop.
Save kartben/e9ad546bd3ef9cc1c5880b9dc32186e6 to your computer and use it in GitHub Desktop.
Download ZIP
Raw
openssf-scorecard-zephyr-20230424
Finished [Fuzzing]
Finished [CII-Best-Practices]
Finished [Dangerous-Workflow]
Finished [Token-Permissions]
Finished [CI-Tests]
Finished [SAST]
Finished [Pinned-Dependencies]
Finished [Vulnerabilities]
Finished [Code-Review]
Finished [Branch-Protection]
Finished [Maintained]
Finished [Signed-Releases]
Finished [Packaging]
Finished [Security-Policy]
Finished [License]
Finished [Binary-Artifacts]
Finished [Dependency-Update-Tool]
Finished [Contributors]
|---------|------------------------|--------------------------------|-------------------------------------------------------------------------------------------------------------------------------|-----------------------------------------------------------------------------------------------------------------------|
| SCORE | NAME | REASON | DETAILS | DOCUMENTATION/REMEDIATION |
|---------|------------------------|--------------------------------|-------------------------------------------------------------------------------------------------------------------------------|-----------------------------------------------------------------------------------------------------------------------|
| 10 / 10 | Binary-Artifacts | no binaries found in the repo | | https://github.com/ossf/scorecard/blob/8db70cfdc3eaba2afbcfe100b4d095483c382030/docs/checks.md#binary-artifacts |
|---------|------------------------|--------------------------------|-------------------------------------------------------------------------------------------------------------------------------|-----------------------------------------------------------------------------------------------------------------------|
| 9 / 10 | Branch-Protection | branch protection is not | Info: 'force pushes' disabled | https://github.com/ossf/scorecard/blob/8db70cfdc3eaba2afbcfe100b4d095483c382030/docs/checks.md#branch-protection |
| | | maximal on development and all | on branch 'main' Info: | |
| | | release branches | 'allow deletion' disabled on | |
| | | | branch 'main' Info: status | |
| | | | check found to merge onto on | |
| | | | branch 'main' Info: number | |
| | | | of required reviewers is 2 on | |
| | | | branch 'main' Warn: codeowner | |
| | | | review is not required on | |
| | | | branch 'main' | |
|---------|------------------------|--------------------------------|-------------------------------------------------------------------------------------------------------------------------------|-----------------------------------------------------------------------------------------------------------------------|
| 10 / 10 | CI-Tests | 20 out of 20 merged PRs | | https://github.com/ossf/scorecard/blob/8db70cfdc3eaba2afbcfe100b4d095483c382030/docs/checks.md#ci-tests |
| | | checked by a CI test -- score | | |
| | | normalized to 10 | | |
|---------|------------------------|--------------------------------|-------------------------------------------------------------------------------------------------------------------------------|-----------------------------------------------------------------------------------------------------------------------|
| 10 / 10 | CII-Best-Practices | badge detected: gold | | https://github.com/ossf/scorecard/blob/8db70cfdc3eaba2afbcfe100b4d095483c382030/docs/checks.md#cii-best-practices |
|---------|------------------------|--------------------------------|-------------------------------------------------------------------------------------------------------------------------------|-----------------------------------------------------------------------------------------------------------------------|
| 10 / 10 | Code-Review | all changesets reviewed | | https://github.com/ossf/scorecard/blob/8db70cfdc3eaba2afbcfe100b4d095483c382030/docs/checks.md#code-review |
|---------|------------------------|--------------------------------|-------------------------------------------------------------------------------------------------------------------------------|-----------------------------------------------------------------------------------------------------------------------|
| 10 / 10 | Contributors | 23 different organizations | Info: contributors work for | https://github.com/ossf/scorecard/blob/8db70cfdc3eaba2afbcfe100b4d095483c382030/docs/checks.md#contributors |
| | | found -- score normalized to | Centrinix,NordicPlayground,NordicSemiconductor,antero,connectivity,intel,jenkinsci,nordic | |
| | | 10 | semiconductor,nordic semiconductor india private limited sixoctets | |
| | | | systems,nordicsemiconductor,nrfconnect,nxp,openspaceaarhus,openthread,peter bigot | |
| | | | consulting,pfalcon-mirrors,pfalcon-org-test,slic3r,stmicroelectronics,teslabs,vestas-wind-systems,wind | |
| | | | river systems,zephyrproject-rtos | |
|---------|------------------------|--------------------------------|-------------------------------------------------------------------------------------------------------------------------------|-----------------------------------------------------------------------------------------------------------------------|
| 0 / 10 | Dangerous-Workflow | dangerous workflow patterns | Warn: untrusted code checkout '${{ | https://github.com/ossf/scorecard/blob/8db70cfdc3eaba2afbcfe100b4d095483c382030/docs/checks.md#dangerous-workflow |
| | | detected | github.event.pull_request.head.sha | |
| | | | }}': | |
| | | | .github/workflows/clang.yaml:44 | |
| | | | Warn: untrusted code checkout '${{ | |
| | | | github.event.pull_request.head.sha | |
| | | | }}': | |
| | | | .github/workflows/manifest.yml:10 | |
| | | | Warn: untrusted code checkout '${{ | |
| | | | github.event.pull_request.head.sha | |
| | | | }}': | |
| | | | .github/workflows/twister.yaml:59 | |
| | | | Warn: untrusted code checkout '${{ | |
| | | | github.event.pull_request.head.sha | |
| | | | }}': | |
| | | | .github/workflows/twister.yaml:156 | |
|---------|------------------------|--------------------------------|-------------------------------------------------------------------------------------------------------------------------------|-----------------------------------------------------------------------------------------------------------------------|
| 0 / 10 | Dependency-Update-Tool | no update tool detected | Warn: Config file not | https://github.com/ossf/scorecard/blob/8db70cfdc3eaba2afbcfe100b4d095483c382030/docs/checks.md#dependency-update-tool |
| | | | detected in source location | |
| | | | for dependabot, renovatebot, | |
| | | | Sonatype Lift, or PyUp | |
| | | | (Python). We recommend setting | |
| | | | this configuration in code so | |
| | | | it can be easily verified by | |
| | | | others. | |
|---------|------------------------|--------------------------------|-------------------------------------------------------------------------------------------------------------------------------|-----------------------------------------------------------------------------------------------------------------------|
| 0 / 10 | Fuzzing | project is not fuzzed | | https://github.com/ossf/scorecard/blob/8db70cfdc3eaba2afbcfe100b4d095483c382030/docs/checks.md#fuzzing |
|---------|------------------------|--------------------------------|-------------------------------------------------------------------------------------------------------------------------------|-----------------------------------------------------------------------------------------------------------------------|
| 10 / 10 | License | license file detected | Info: License file found in | https://github.com/ossf/scorecard/blob/8db70cfdc3eaba2afbcfe100b4d095483c382030/docs/checks.md#license |
| | | | expected location: LICENSE:1 | |
| | | | Info: FSF or OSI recognized | |
| | | | license: LICENSE:1 | |
|---------|------------------------|--------------------------------|-------------------------------------------------------------------------------------------------------------------------------|-----------------------------------------------------------------------------------------------------------------------|
| 10 / 10 | Maintained | 30 commit(s) out of 30 and 20 | | https://github.com/ossf/scorecard/blob/8db70cfdc3eaba2afbcfe100b4d095483c382030/docs/checks.md#maintained |
| | | issue activity out of 30 found | | |
| | | in the last 90 days -- score | | |
| | | normalized to 10 | | |
|---------|------------------------|--------------------------------|-------------------------------------------------------------------------------------------------------------------------------|-----------------------------------------------------------------------------------------------------------------------|
| ? | Packaging | no published package detected | Warn: no GitHub publishing | https://github.com/ossf/scorecard/blob/8db70cfdc3eaba2afbcfe100b4d095483c382030/docs/checks.md#packaging |
| | | | workflow detected | |
|---------|------------------------|--------------------------------|-------------------------------------------------------------------------------------------------------------------------------|-----------------------------------------------------------------------------------------------------------------------|
| 7 / 10 | Pinned-Dependencies | dependency not pinned by hash | Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/assigner.yml:27: update your workflow | https://github.com/ossf/scorecard/blob/8db70cfdc3eaba2afbcfe100b4d095483c382030/docs/checks.md#pinned-dependencies |
| | | detected -- score normalized | using https://app.stepsecurity.io/secureworkflow/zephyrproject-rtos/zephyr/assigner.yml/main?enable=pin Warn: | |
| | | to 7 | third-party GitHubAction not pinned by hash: .github/workflows/backport.yml:27: update your workflow using | |
| | | | https://app.stepsecurity.io/secureworkflow/zephyrproject-rtos/zephyr/backport.yml/main?enable=pin Warn: GitHub-owned | |
| | | | GitHubAction not pinned by hash: .github/workflows/backport_issue_check.yml:16: update your workflow using | |
| | | | https://app.stepsecurity.io/secureworkflow/zephyrproject-rtos/zephyr/backport_issue_check.yml/main?enable=pin Warn: | |
| | | | third-party GitHubAction not pinned by hash: .github/workflows/bsim-tests-publish.yaml:16: update your workflow | |
| | | | using https://app.stepsecurity.io/secureworkflow/zephyrproject-rtos/zephyr/bsim-tests-publish.yaml/main?enable=pin | |
| | | | Warn: third-party GitHubAction not pinned by hash: .github/workflows/bsim-tests-publish.yaml:21: update your workflow | |
| | | | using https://app.stepsecurity.io/secureworkflow/zephyrproject-rtos/zephyr/bsim-tests-publish.yaml/main?enable=pin | |
| | | | Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/bsim-tests.yaml:59: update your workflow | |
| | | | using https://app.stepsecurity.io/secureworkflow/zephyrproject-rtos/zephyr/bsim-tests.yaml/main?enable=pin | |
| | | | Warn: third-party GitHubAction not pinned by hash: .github/workflows/bsim-tests.yaml:79: update your workflow | |
| | | | using https://app.stepsecurity.io/secureworkflow/zephyrproject-rtos/zephyr/bsim-tests.yaml/main?enable=pin | |
| | | | Warn: third-party GitHubAction not pinned by hash: .github/workflows/bsim-tests.yaml:92: update your workflow | |
| | | | using https://app.stepsecurity.io/secureworkflow/zephyrproject-rtos/zephyr/bsim-tests.yaml/main?enable=pin | |
| | | | Warn: third-party GitHubAction not pinned by hash: .github/workflows/bsim-tests.yaml:101: update your workflow | |
| | | | using https://app.stepsecurity.io/secureworkflow/zephyrproject-rtos/zephyr/bsim-tests.yaml/main?enable=pin | |
| | | | Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/bsim-tests.yaml:131: update your workflow | |
| | | | using https://app.stepsecurity.io/secureworkflow/zephyrproject-rtos/zephyr/bsim-tests.yaml/main?enable=pin | |
| | | | Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/bsim-tests.yaml:142: update your workflow | |
| | | | using https://app.stepsecurity.io/secureworkflow/zephyrproject-rtos/zephyr/bsim-tests.yaml/main?enable=pin | |
| | | | Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/bug_snapshot.yaml:24: update your workflow | |
| | | | using https://app.stepsecurity.io/secureworkflow/zephyrproject-rtos/zephyr/bug_snapshot.yaml/main?enable=pin | |
| | | | Warn: third-party GitHubAction not pinned by hash: .github/workflows/bug_snapshot.yaml:45: update your workflow | |
| | | | using https://app.stepsecurity.io/secureworkflow/zephyrproject-rtos/zephyr/bug_snapshot.yaml/main?enable=pin | |
| | | | Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/clang.yaml:45: update your workflow | |
| | | | using https://app.stepsecurity.io/secureworkflow/zephyrproject-rtos/zephyr/clang.yaml/main?enable=pin | |
| | | | Warn: third-party GitHubAction not pinned by hash: .github/workflows/clang.yaml:86: update your workflow | |
| | | | using https://app.stepsecurity.io/secureworkflow/zephyrproject-rtos/zephyr/clang.yaml/main?enable=pin | |
| | | | Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/clang.yaml:125: update your workflow | |
| | | | using https://app.stepsecurity.io/secureworkflow/zephyrproject-rtos/zephyr/clang.yaml/main?enable=pin | |
| | | | Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/clang.yaml:137: update your workflow | |
| | | | using https://app.stepsecurity.io/secureworkflow/zephyrproject-rtos/zephyr/clang.yaml/main?enable=pin | |
| | | | Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/clang.yaml:148: update your workflow | |
| | | | using https://app.stepsecurity.io/secureworkflow/zephyrproject-rtos/zephyr/clang.yaml/main?enable=pin | |
| | | | Warn: third-party GitHubAction not pinned by hash: .github/workflows/clang.yaml:156: update your workflow | |
| | | | using https://app.stepsecurity.io/secureworkflow/zephyrproject-rtos/zephyr/clang.yaml/main?enable=pin Warn: | |
| | | | GitHub-owned GitHubAction not pinned by hash: .github/workflows/codecov.yaml:46: update your workflow using | |
| | | | https://app.stepsecurity.io/secureworkflow/zephyrproject-rtos/zephyr/codecov.yaml/main?enable=pin Warn: | |
| | | | third-party GitHubAction not pinned by hash: .github/workflows/codecov.yaml:70: update your workflow using | |
| | | | https://app.stepsecurity.io/secureworkflow/zephyrproject-rtos/zephyr/codecov.yaml/main?enable=pin Warn: | |
| | | | GitHub-owned GitHubAction not pinned by hash: .github/workflows/codecov.yaml:106: update your workflow using | |
| | | | https://app.stepsecurity.io/secureworkflow/zephyrproject-rtos/zephyr/codecov.yaml/main?enable=pin Warn: | |
| | | | GitHub-owned GitHubAction not pinned by hash: .github/workflows/codecov.yaml:120: update your workflow using | |
| | | | https://app.stepsecurity.io/secureworkflow/zephyrproject-rtos/zephyr/codecov.yaml/main?enable=pin Warn: | |
| | | | GitHub-owned GitHubAction not pinned by hash: .github/workflows/codecov.yaml:124: update your workflow using | |
| | | | https://app.stepsecurity.io/secureworkflow/zephyrproject-rtos/zephyr/codecov.yaml/main?enable=pin Warn: | |
| | | | third-party GitHubAction not pinned by hash: .github/workflows/codecov.yaml:168: update your workflow using | |
| | | | https://app.stepsecurity.io/secureworkflow/zephyrproject-rtos/zephyr/codecov.yaml/main?enable=pin Warn: | |
| | | | GitHub-owned GitHubAction not pinned by hash: .github/workflows/coding_guidelines.yml:11: update your workflow | |
| | | | using https://app.stepsecurity.io/secureworkflow/zephyrproject-rtos/zephyr/coding_guidelines.yml/main?enable=pin | |
| | | | Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/coding_guidelines.yml:17: update your workflow | |
| | | | using https://app.stepsecurity.io/secureworkflow/zephyrproject-rtos/zephyr/coding_guidelines.yml/main?enable=pin | |
| | | | Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/compliance.yml:15: update your workflow | |
| | | | using https://app.stepsecurity.io/secureworkflow/zephyrproject-rtos/zephyr/compliance.yml/main?enable=pin | |
| | | | Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/compliance.yml:21: update your workflow | |
| | | | using https://app.stepsecurity.io/secureworkflow/zephyrproject-rtos/zephyr/compliance.yml/main?enable=pin | |
| | | | Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/compliance.yml:63: update your workflow | |
| | | | using https://app.stepsecurity.io/secureworkflow/zephyrproject-rtos/zephyr/compliance.yml/main?enable=pin Warn: | |
| | | | third-party GitHubAction not pinned by hash: .github/workflows/daily_test_version.yml:20: update your workflow using | |
| | | | https://app.stepsecurity.io/secureworkflow/zephyrproject-rtos/zephyr/daily_test_version.yml/main?enable=pin Warn: | |
| | | | GitHub-owned GitHubAction not pinned by hash: .github/workflows/daily_test_version.yml:31: update your workflow | |
| | | | using https://app.stepsecurity.io/secureworkflow/zephyrproject-rtos/zephyr/daily_test_version.yml/main?enable=pin | |
| | | | Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/devicetree_checks.yml:38: update your workflow | |
| | | | using https://app.stepsecurity.io/secureworkflow/zephyrproject-rtos/zephyr/devicetree_checks.yml/main?enable=pin | |
| | | | Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/devicetree_checks.yml:40: update your workflow | |
| | | | using https://app.stepsecurity.io/secureworkflow/zephyrproject-rtos/zephyr/devicetree_checks.yml/main?enable=pin | |
| | | | Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/devicetree_checks.yml:45: update your workflow | |
| | | | using https://app.stepsecurity.io/secureworkflow/zephyrproject-rtos/zephyr/devicetree_checks.yml/main?enable=pin | |
| | | | Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/devicetree_checks.yml:53: update your workflow | |
| | | | using https://app.stepsecurity.io/secureworkflow/zephyrproject-rtos/zephyr/devicetree_checks.yml/main?enable=pin | |
| | | | Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/devicetree_checks.yml:62: update your workflow | |
| | | | using https://app.stepsecurity.io/secureworkflow/zephyrproject-rtos/zephyr/devicetree_checks.yml/main?enable=pin | |
| | | | Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/doc-build.yml:46: update your workflow | |
| | | | using https://app.stepsecurity.io/secureworkflow/zephyrproject-rtos/zephyr/doc-build.yml/main?enable=pin | |
| | | | Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/doc-build.yml:57: update your workflow | |
| | | | using https://app.stepsecurity.io/secureworkflow/zephyrproject-rtos/zephyr/doc-build.yml/main?enable=pin | |
| | | | Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/doc-build.yml:95: update your workflow | |
| | | | using https://app.stepsecurity.io/secureworkflow/zephyrproject-rtos/zephyr/doc-build.yml/main?enable=pin | |
| | | | Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/doc-build.yml:111: update your workflow | |
| | | | using https://app.stepsecurity.io/secureworkflow/zephyrproject-rtos/zephyr/doc-build.yml/main?enable=pin | |
| | | | Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/doc-build.yml:129: update your workflow | |
| | | | using https://app.stepsecurity.io/secureworkflow/zephyrproject-rtos/zephyr/doc-build.yml/main?enable=pin | |
| | | | Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/doc-build.yml:137: update your workflow | |
| | | | using https://app.stepsecurity.io/secureworkflow/zephyrproject-rtos/zephyr/doc-build.yml/main?enable=pin | |
| | | | Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/doc-build.yml:171: update your workflow | |
| | | | using https://app.stepsecurity.io/secureworkflow/zephyrproject-rtos/zephyr/doc-build.yml/main?enable=pin Warn: | |
| | | | third-party GitHubAction not pinned by hash: .github/workflows/doc-publish-pr.yml:24: update your workflow | |
| | | | using https://app.stepsecurity.io/secureworkflow/zephyrproject-rtos/zephyr/doc-publish-pr.yml/main?enable=pin | |
| | | | Warn: third-party GitHubAction not pinned by hash: .github/workflows/doc-publish-pr.yml:35: update your workflow | |
| | | | using https://app.stepsecurity.io/secureworkflow/zephyrproject-rtos/zephyr/doc-publish-pr.yml/main?enable=pin | |
| | | | Warn: third-party GitHubAction not pinned by hash: .github/workflows/doc-publish-pr.yml:51: update your workflow | |
| | | | using https://app.stepsecurity.io/secureworkflow/zephyrproject-rtos/zephyr/doc-publish-pr.yml/main?enable=pin | |
| | | | Warn: third-party GitHubAction not pinned by hash: .github/workflows/doc-publish.yml:27: update your workflow | |
| | | | using https://app.stepsecurity.io/secureworkflow/zephyrproject-rtos/zephyr/doc-publish.yml/main?enable=pin | |
| | | | Warn: third-party GitHubAction not pinned by hash: .github/workflows/doc-publish.yml:37: update your workflow | |
| | | | using https://app.stepsecurity.io/secureworkflow/zephyrproject-rtos/zephyr/doc-publish.yml/main?enable=pin | |
| | | | Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/errno.yml:27: update your workflow using | |
| | | | https://app.stepsecurity.io/secureworkflow/zephyrproject-rtos/zephyr/errno.yml/main?enable=pin Warn: GitHub-owned | |
| | | | GitHubAction not pinned by hash: .github/workflows/footprint-tracking.yml:49: update your workflow using | |
| | | | https://app.stepsecurity.io/secureworkflow/zephyrproject-rtos/zephyr/footprint-tracking.yml/main?enable=pin Warn: | |
| | | | third-party GitHubAction not pinned by hash: .github/workflows/footprint-tracking.yml:61: update your workflow | |
| | | | using https://app.stepsecurity.io/secureworkflow/zephyrproject-rtos/zephyr/footprint-tracking.yml/main?enable=pin | |
| | | | Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/footprint.yml:35: update your workflow | |
| | | | using https://app.stepsecurity.io/secureworkflow/zephyrproject-rtos/zephyr/footprint.yml/main?enable=pin Warn: | |
| | | | third-party GitHubAction not pinned by hash: .github/workflows/issue_count.yml:30: update your workflow using | |
| | | | https://app.stepsecurity.io/secureworkflow/zephyrproject-rtos/zephyr/issue_count.yml/main?enable=pin Warn: | |
| | | | GitHub-owned GitHubAction not pinned by hash: .github/workflows/issue_count.yml:38: update your workflow using | |
| | | | https://app.stepsecurity.io/secureworkflow/zephyrproject-rtos/zephyr/issue_count.yml/main?enable=pin Warn: | |
| | | | third-party GitHubAction not pinned by hash: .github/workflows/issue_count.yml:45: update your workflow using | |
| | | | https://app.stepsecurity.io/secureworkflow/zephyrproject-rtos/zephyr/issue_count.yml/main?enable=pin Warn: | |
| | | | GitHub-owned GitHubAction not pinned by hash: .github/workflows/license_check.yml:11: update your workflow | |
| | | | using https://app.stepsecurity.io/secureworkflow/zephyrproject-rtos/zephyr/license_check.yml/main?enable=pin | |
| | | | Warn: third-party GitHubAction not pinned by hash: .github/workflows/license_check.yml:14: update your workflow | |
| | | | using https://app.stepsecurity.io/secureworkflow/zephyrproject-rtos/zephyr/license_check.yml/main?enable=pin | |
| | | | Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/license_check.yml:18: update your workflow | |
| | | | using https://app.stepsecurity.io/secureworkflow/zephyrproject-rtos/zephyr/license_check.yml/main?enable=pin | |
| | | | Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/manifest.yml:11: update your workflow | |
| | | | using https://app.stepsecurity.io/secureworkflow/zephyrproject-rtos/zephyr/manifest.yml/main?enable=pin | |
| | | | Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release.yml:13: update your workflow | |
| | | | using https://app.stepsecurity.io/secureworkflow/zephyrproject-rtos/zephyr/release.yml/main?enable=pin | |
| | | | Warn: third-party GitHubAction not pinned by hash: .github/workflows/release.yml:24: update your workflow | |
| | | | using https://app.stepsecurity.io/secureworkflow/zephyrproject-rtos/zephyr/release.yml/main?enable=pin | |
| | | | Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release.yml:29: update your workflow | |
| | | | using https://app.stepsecurity.io/secureworkflow/zephyrproject-rtos/zephyr/release.yml/main?enable=pin | |
| | | | Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release.yml:41: update your workflow | |
| | | | using https://app.stepsecurity.io/secureworkflow/zephyrproject-rtos/zephyr/release.yml/main?enable=pin Warn: | |
| | | | GitHub-owned GitHubAction not pinned by hash: .github/workflows/release.yml:53: update your workflow using | |
| | | | https://app.stepsecurity.io/secureworkflow/zephyrproject-rtos/zephyr/release.yml/main?enable=pin Warn: third-party | |
| | | | GitHubAction not pinned by hash: .github/workflows/stale-workflow-queue-cleanup.yml:21: update your workflow using | |
| | | | https://app.stepsecurity.io/secureworkflow/zephyrproject-rtos/zephyr/stale-workflow-queue-cleanup.yml/main?enable=pin | |
| | | | Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/stale_issue.yml:12: update your workflow | |
| | | | using https://app.stepsecurity.io/secureworkflow/zephyrproject-rtos/zephyr/stale_issue.yml/main?enable=pin | |
| | | | Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/twister.yaml:61: update your workflow | |
| | | | using https://app.stepsecurity.io/secureworkflow/zephyrproject-rtos/zephyr/twister.yaml/main?enable=pin | |
| | | | Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/twister.yaml:157: update your workflow | |
| | | | using https://app.stepsecurity.io/secureworkflow/zephyrproject-rtos/zephyr/twister.yaml/main?enable=pin | |
| | | | Warn: third-party GitHubAction not pinned by hash: .github/workflows/twister.yaml:199: update your workflow | |
| | | | using https://app.stepsecurity.io/secureworkflow/zephyrproject-rtos/zephyr/twister.yaml/main?enable=pin | |
| | | | Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/twister.yaml:261: update your workflow | |
| | | | using https://app.stepsecurity.io/secureworkflow/zephyrproject-rtos/zephyr/twister.yaml/main?enable=pin | |
| | | | Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/twister.yaml:285: update your workflow | |
| | | | using https://app.stepsecurity.io/secureworkflow/zephyrproject-rtos/zephyr/twister.yaml/main?enable=pin | |
| | | | Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/twister.yaml:291: update your workflow | |
| | | | using https://app.stepsecurity.io/secureworkflow/zephyrproject-rtos/zephyr/twister.yaml/main?enable=pin | |
| | | | Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/twister.yaml:317: update your workflow | |
| | | | using https://app.stepsecurity.io/secureworkflow/zephyrproject-rtos/zephyr/twister.yaml/main?enable=pin | |
| | | | Warn: third-party GitHubAction not pinned by hash: .github/workflows/twister.yaml:325: update your workflow | |
| | | | using https://app.stepsecurity.io/secureworkflow/zephyrproject-rtos/zephyr/twister.yaml/main?enable=pin Warn: | |
| | | | GitHub-owned GitHubAction not pinned by hash: .github/workflows/twister_tests.yml:36: update your workflow | |
| | | | using https://app.stepsecurity.io/secureworkflow/zephyrproject-rtos/zephyr/twister_tests.yml/main?enable=pin | |
| | | | Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/twister_tests.yml:38: update your workflow | |
| | | | using https://app.stepsecurity.io/secureworkflow/zephyrproject-rtos/zephyr/twister_tests.yml/main?enable=pin | |
| | | | Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/twister_tests.yml:43: update your workflow | |
| | | | using https://app.stepsecurity.io/secureworkflow/zephyrproject-rtos/zephyr/twister_tests.yml/main?enable=pin | |
| | | | Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/west_cmds.yml:39: update your workflow | |
| | | | using https://app.stepsecurity.io/secureworkflow/zephyrproject-rtos/zephyr/west_cmds.yml/main?enable=pin | |
| | | | Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/west_cmds.yml:41: update your workflow | |
| | | | using https://app.stepsecurity.io/secureworkflow/zephyrproject-rtos/zephyr/west_cmds.yml/main?enable=pin | |
| | | | Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/west_cmds.yml:46: update your workflow | |
| | | | using https://app.stepsecurity.io/secureworkflow/zephyrproject-rtos/zephyr/west_cmds.yml/main?enable=pin | |
| | | | Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/west_cmds.yml:54: update your workflow | |
| | | | using https://app.stepsecurity.io/secureworkflow/zephyrproject-rtos/zephyr/west_cmds.yml/main?enable=pin | |
| | | | Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/west_cmds.yml:63: update your workflow | |
| | | | using https://app.stepsecurity.io/secureworkflow/zephyrproject-rtos/zephyr/west_cmds.yml/main?enable=pin | |
| | | | Warn: pipCommand not pinned by hash: .github/workflows/assigner.yml:23 Warn: pipCommand not pinned by hash: | |
| | | | .github/workflows/assigner.yml:24 Warn: pipCommand not pinned by hash: .github/workflows/backport_issue_check.yml:20 | |
| | | | Warn: pipCommand not pinned by hash: .github/workflows/backport_issue_check.yml:21 Warn: pipCommand | |
| | | | not pinned by hash: .github/workflows/bug_snapshot.yaml:28 Warn: pipCommand not pinned by hash: | |
| | | | .github/workflows/bug_snapshot.yaml:29 Warn: pipCommand not pinned by hash: .github/workflows/clang.yaml:142 | |
| | | | Warn: pipCommand not pinned by hash: .github/workflows/coding_guidelines.yml:24 Warn: pipCommand | |
| | | | not pinned by hash: .github/workflows/coding_guidelines.yml:25 Warn: pipCommand not pinned by hash: | |
| | | | .github/workflows/coding_guidelines.yml:26 Warn: pipCommand not pinned by hash: .github/workflows/compliance.yml:28 | |
| | | | Warn: pipCommand not pinned by hash: .github/workflows/compliance.yml:29 Warn: pipCommand not pinned by hash: | |
| | | | .github/workflows/compliance.yml:30 Warn: pipCommand not pinned by hash: .github/workflows/compliance.yml:31 | |
| | | | Warn: pipCommand not pinned by hash: .github/workflows/daily_test_version.yml:28 Warn: pipCommand | |
| | | | not pinned by hash: .github/workflows/devicetree_checks.yml:70 Warn: pipCommand not pinned by hash: | |
| | | | .github/workflows/devicetree_checks.yml:71 Warn: pipCommand not pinned by hash: .github/workflows/doc-build.yml:64 | |
| | | | Warn: pipCommand not pinned by hash: .github/workflows/doc-build.yml:65 Warn: pipCommand not pinned by hash: | |
| | | | .github/workflows/doc-build.yml:66 Warn: pipCommand not pinned by hash: .github/workflows/doc-build.yml:67 | |
| | | | Warn: pipCommand not pinned by hash: .github/workflows/doc-build.yml:150 Warn: pipCommand not pinned by hash: | |
| | | | .github/workflows/doc-build.yml:151 Warn: pipCommand not pinned by hash: .github/workflows/doc-build.yml:152 | |
| | | | Warn: pipCommand not pinned by hash: .github/workflows/doc-build.yml:153 Warn: pipCommand not pinned by hash: | |
| | | | .github/workflows/footprint-tracking.yml:46 Warn: pipCommand not pinned by hash: .github/workflows/twister.yaml:298 | |
| | | | Warn: pipCommand not pinned by hash: .github/workflows/twister.yaml:311 Warn: pipCommand not pinned by hash: | |
| | | | .github/workflows/twister_tests.yml:51 Warn: pipCommand not pinned by hash: .github/workflows/west_cmds.yml:71 Warn: | |
| | | | pipCommand not pinned by hash: .github/workflows/west_cmds.yml:72 Info: Dockerfile dependencies are pinned Info: | |
| | | | no insecure (not pinned by hash) dependency downloads found in Dockerfiles Info: no insecure (not pinned by hash) | |
| | | | dependency downloads found in shell scripts | |
|---------|------------------------|--------------------------------|-------------------------------------------------------------------------------------------------------------------------------|-----------------------------------------------------------------------------------------------------------------------|
| 0 / 10 | SAST | SAST tool is not run on all | Warn: 0 commits out of 30 are | https://github.com/ossf/scorecard/blob/8db70cfdc3eaba2afbcfe100b4d095483c382030/docs/checks.md#sast |
| | | commits -- score normalized to | checked with a SAST tool Warn: | |
| | | 0 | CodeQL tool not detected | |
|---------|------------------------|--------------------------------|-------------------------------------------------------------------------------------------------------------------------------|-----------------------------------------------------------------------------------------------------------------------|
| 10 / 10 | Security-Policy | security policy file detected | Info: Found linked content | https://github.com/ossf/scorecard/blob/8db70cfdc3eaba2afbcfe100b4d095483c382030/docs/checks.md#security-policy |
| | | | in security policy: | |
| | | | .github/SECURITY.md Info: | |
| | | | Found text in security | |
| | | | policy: .github/SECURITY.md | |
| | | | Info: Found disclosure, | |
| | | | vulnerability, and/or | |
| | | | timelines in security | |
| | | | policy: .github/SECURITY.md | |
| | | | Info: security policy | |
| | | | detected in current repo: | |
| | | | .github/SECURITY.md | |
|---------|------------------------|--------------------------------|-------------------------------------------------------------------------------------------------------------------------------|-----------------------------------------------------------------------------------------------------------------------|
| 0 / 10 | Signed-Releases | 0 out of 5 artifacts are | Warn: release artifact v3.3.0 does not have provenance: | https://github.com/ossf/scorecard/blob/8db70cfdc3eaba2afbcfe100b4d095483c382030/docs/checks.md#signed-releases |
| | | signed or have provenance | https://api.github.com/repos/zephyrproject-rtos/zephyr/releases/92933920 | |
| | | | Warn: release artifact v3.3.0 not signed: | |
| | | | https://api.github.com/repos/zephyrproject-rtos/zephyr/releases/92933920 | |
| | | | Warn: release artifact v2.7.4 does not have provenance: | |
| | | | https://api.github.com/repos/zephyrproject-rtos/zephyr/releases/87027395 | |
| | | | Warn: release artifact v2.7.4 not signed: | |
| | | | https://api.github.com/repos/zephyrproject-rtos/zephyr/releases/87027395 | |
| | | | Warn: release artifact v3.2.0 does not have provenance: | |
| | | | https://api.github.com/repos/zephyrproject-rtos/zephyr/releases/78722601 | |
| | | | Warn: release artifact v3.2.0 not signed: | |
| | | | https://api.github.com/repos/zephyrproject-rtos/zephyr/releases/78722601 | |
| | | | Warn: release artifact v3.2.0-rc3 does not have provenance: | |
| | | | https://api.github.com/repos/zephyrproject-rtos/zephyr/releases/78019389 | |
| | | | Warn: release artifact v3.2.0-rc3 not signed: | |
| | | | https://api.github.com/repos/zephyrproject-rtos/zephyr/releases/78019389 | |
| | | | Warn: release artifact v3.2.0-rc2 does not have provenance: | |
| | | | https://api.github.com/repos/zephyrproject-rtos/zephyr/releases/77432164 | |
| | | | Warn: release artifact v3.2.0-rc2 not signed: | |
| | | | https://api.github.com/repos/zephyrproject-rtos/zephyr/releases/77432164 | |
|---------|------------------------|--------------------------------|-------------------------------------------------------------------------------------------------------------------------------|-----------------------------------------------------------------------------------------------------------------------|
| 0 / 10 | Token-Permissions | non read-only tokens detected | Warn: High severity: no topLevel permission defined: .github/workflows/assigner.yml:1: Visit | https://github.com/ossf/scorecard/blob/8db70cfdc3eaba2afbcfe100b4d095483c382030/docs/checks.md#token-permissions |
| | | in GitHub workflows | https://app.stepsecurity.io/secureworkflow/zephyrproject-rtos/zephyr/assigner.yml/main?enable=permissions | |
| | | | Tick the 'Restrict permissions for GITHUB_TOKEN' Untick other options NOTE: If you want to resolve | |
| | | | multiple issues at once, you can visit https://app.stepsecurity.io/securerepo instead. (Low effort) | |
| | | | Warn: High severity: no topLevel permission defined: .github/workflows/backport.yml:1: Visit | |
| | | | https://app.stepsecurity.io/secureworkflow/zephyrproject-rtos/zephyr/backport.yml/main?enable=permissions | |
| | | | Tick the 'Restrict permissions for GITHUB_TOKEN' Untick other options NOTE: If you want to resolve | |
| | | | multiple issues at once, you can visit https://app.stepsecurity.io/securerepo instead. (Low effort) | |
| | | | Warn: High severity: no topLevel permission defined: .github/workflows/backport_issue_check.yml:1: Visit | |
| | | | https://app.stepsecurity.io/secureworkflow/zephyrproject-rtos/zephyr/backport_issue_check.yml/main?enable=permissions | |
| | | | Tick the 'Restrict permissions for GITHUB_TOKEN' Untick other options NOTE: If you want to resolve | |
| | | | multiple issues at once, you can visit https://app.stepsecurity.io/securerepo instead. (Low effort) | |
| | | | Warn: High severity: no topLevel permission defined: .github/workflows/bsim-tests-publish.yaml:1: Visit | |
| | | | https://app.stepsecurity.io/secureworkflow/zephyrproject-rtos/zephyr/bsim-tests-publish.yaml/main?enable=permissions | |
| | | | Tick the 'Restrict permissions for GITHUB_TOKEN' Untick other options NOTE: If you want to resolve | |
| | | | multiple issues at once, you can visit https://app.stepsecurity.io/securerepo instead. (Low effort) | |
| | | | Warn: High severity: no topLevel permission defined: .github/workflows/bsim-tests.yaml:1: Visit | |
| | | | https://app.stepsecurity.io/secureworkflow/zephyrproject-rtos/zephyr/bsim-tests.yaml/main?enable=permissions | |
| | | | Tick the 'Restrict permissions for GITHUB_TOKEN' Untick other options NOTE: If you want to resolve | |
| | | | multiple issues at once, you can visit https://app.stepsecurity.io/securerepo instead. (Low effort) | |
| | | | Warn: High severity: no topLevel permission defined: .github/workflows/bug_snapshot.yaml:1: Visit | |
| | | | https://app.stepsecurity.io/secureworkflow/zephyrproject-rtos/zephyr/bug_snapshot.yaml/main?enable=permissions | |
| | | | Tick the 'Restrict permissions for GITHUB_TOKEN' Untick other options NOTE: If you want to resolve | |
| | | | multiple issues at once, you can visit https://app.stepsecurity.io/securerepo instead. (Low | |
| | | | effort) Warn: High severity: no topLevel permission defined: .github/workflows/clang.yaml:1: Visit | |
| | | | https://app.stepsecurity.io/secureworkflow/zephyrproject-rtos/zephyr/clang.yaml/main?enable=permissions | |
| | | | Tick the 'Restrict permissions for GITHUB_TOKEN' Untick other options NOTE: If you want to resolve | |
| | | | multiple issues at once, you can visit https://app.stepsecurity.io/securerepo instead. (Low effort) | |
| | | | Warn: High severity: no topLevel permission defined: .github/workflows/codecov.yaml:1: Visit | |
| | | | https://app.stepsecurity.io/secureworkflow/zephyrproject-rtos/zephyr/codecov.yaml/main?enable=permissions | |
| | | | Tick the 'Restrict permissions for GITHUB_TOKEN' Untick other options NOTE: If you want to resolve | |
| | | | multiple issues at once, you can visit https://app.stepsecurity.io/securerepo instead. (Low effort) | |
| | | | Warn: High severity: no topLevel permission defined: .github/workflows/coding_guidelines.yml:1: Visit | |
| | | | https://app.stepsecurity.io/secureworkflow/zephyrproject-rtos/zephyr/coding_guidelines.yml/main?enable=permissions | |
| | | | Tick the 'Restrict permissions for GITHUB_TOKEN' Untick other options NOTE: If you want to resolve | |
| | | | multiple issues at once, you can visit https://app.stepsecurity.io/securerepo instead. (Low effort) | |
| | | | Warn: High severity: no topLevel permission defined: .github/workflows/compliance.yml:1: Visit | |
| | | | https://app.stepsecurity.io/secureworkflow/zephyrproject-rtos/zephyr/compliance.yml/main?enable=permissions | |
| | | | Tick the 'Restrict permissions for GITHUB_TOKEN' Untick other options NOTE: If you want to resolve | |
| | | | multiple issues at once, you can visit https://app.stepsecurity.io/securerepo instead. (Low effort) | |
| | | | Warn: High severity: no topLevel permission defined: .github/workflows/daily_test_version.yml:1: Visit | |
| | | | https://app.stepsecurity.io/secureworkflow/zephyrproject-rtos/zephyr/daily_test_version.yml/main?enable=permissions | |
| | | | Tick the 'Restrict permissions for GITHUB_TOKEN' Untick other options NOTE: If you want to resolve | |
| | | | multiple issues at once, you can visit https://app.stepsecurity.io/securerepo instead. (Low effort) | |
| | | | Warn: High severity: no topLevel permission defined: .github/workflows/devicetree_checks.yml:1: Visit | |
| | | | https://app.stepsecurity.io/secureworkflow/zephyrproject-rtos/zephyr/devicetree_checks.yml/main?enable=permissions | |
| | | | Tick the 'Restrict permissions for GITHUB_TOKEN' Untick other options NOTE: If you want to resolve | |
| | | | multiple issues at once, you can visit https://app.stepsecurity.io/securerepo instead. (Low effort) | |
| | | | Warn: High severity: no topLevel permission defined: .github/workflows/do_not_merge.yml:1: Visit | |
| | | | https://app.stepsecurity.io/secureworkflow/zephyrproject-rtos/zephyr/do_not_merge.yml/main?enable=permissions | |
| | | | Tick the 'Restrict permissions for GITHUB_TOKEN' Untick other options NOTE: If you want to resolve | |
| | | | multiple issues at once, you can visit https://app.stepsecurity.io/securerepo instead. (Low effort) | |
| | | | Warn: High severity: no topLevel permission defined: .github/workflows/doc-build.yml:1: Visit | |
| | | | https://app.stepsecurity.io/secureworkflow/zephyrproject-rtos/zephyr/doc-build.yml/main?enable=permissions | |
| | | | Tick the 'Restrict permissions for GITHUB_TOKEN' Untick other options NOTE: If you want to resolve | |
| | | | multiple issues at once, you can visit https://app.stepsecurity.io/securerepo instead. (Low effort) | |
| | | | Warn: High severity: no topLevel permission defined: .github/workflows/doc-publish-pr.yml:1: Visit | |
| | | | https://app.stepsecurity.io/secureworkflow/zephyrproject-rtos/zephyr/doc-publish-pr.yml/main?enable=permissions | |
| | | | Tick the 'Restrict permissions for GITHUB_TOKEN' Untick other options NOTE: If you want to resolve | |
| | | | multiple issues at once, you can visit https://app.stepsecurity.io/securerepo instead. (Low effort) | |
| | | | Warn: High severity: no topLevel permission defined: .github/workflows/doc-publish.yml:1: Visit | |
| | | | https://app.stepsecurity.io/secureworkflow/zephyrproject-rtos/zephyr/doc-publish.yml/main?enable=permissions | |
| | | | Tick the 'Restrict permissions for GITHUB_TOKEN' Untick other options NOTE: If you want to resolve | |
| | | | multiple issues at once, you can visit https://app.stepsecurity.io/securerepo instead. (Low | |
| | | | effort) Warn: High severity: no topLevel permission defined: .github/workflows/errno.yml:1: Visit | |
| | | | https://app.stepsecurity.io/secureworkflow/zephyrproject-rtos/zephyr/errno.yml/main?enable=permissions | |
| | | | Tick the 'Restrict permissions for GITHUB_TOKEN' Untick other options NOTE: If you want to resolve | |
| | | | multiple issues at once, you can visit https://app.stepsecurity.io/securerepo instead. (Low effort) | |
| | | | Warn: High severity: no topLevel permission defined: .github/workflows/footprint-tracking.yml:1: Visit | |
| | | | https://app.stepsecurity.io/secureworkflow/zephyrproject-rtos/zephyr/footprint-tracking.yml/main?enable=permissions | |
| | | | Tick the 'Restrict permissions for GITHUB_TOKEN' Untick other options NOTE: If you want to resolve | |
| | | | multiple issues at once, you can visit https://app.stepsecurity.io/securerepo instead. (Low effort) | |
| | | | Warn: High severity: no topLevel permission defined: .github/workflows/footprint.yml:1: Visit | |
| | | | https://app.stepsecurity.io/secureworkflow/zephyrproject-rtos/zephyr/footprint.yml/main?enable=permissions | |
| | | | Tick the 'Restrict permissions for GITHUB_TOKEN' Untick other options NOTE: If you want to resolve | |
| | | | multiple issues at once, you can visit https://app.stepsecurity.io/securerepo instead. (Low effort) | |
| | | | Warn: High severity: no topLevel permission defined: .github/workflows/issue_count.yml:1: Visit | |
| | | | https://app.stepsecurity.io/secureworkflow/zephyrproject-rtos/zephyr/issue_count.yml/main?enable=permissions | |
| | | | Tick the 'Restrict permissions for GITHUB_TOKEN' Untick other options NOTE: If you want to resolve | |
| | | | multiple issues at once, you can visit https://app.stepsecurity.io/securerepo instead. (Low effort) | |
| | | | Warn: High severity: no topLevel permission defined: .github/workflows/license_check.yml:1: Visit | |
| | | | https://app.stepsecurity.io/secureworkflow/zephyrproject-rtos/zephyr/license_check.yml/main?enable=permissions | |
| | | | Tick the 'Restrict permissions for GITHUB_TOKEN' Untick other options NOTE: If you want to resolve | |
| | | | multiple issues at once, you can visit https://app.stepsecurity.io/securerepo instead. (Low effort) | |
| | | | Warn: High severity: no topLevel permission defined: .github/workflows/manifest.yml:1: Visit | |
| | | | https://app.stepsecurity.io/secureworkflow/zephyrproject-rtos/zephyr/manifest.yml/main?enable=permissions | |
| | | | Tick the 'Restrict permissions for GITHUB_TOKEN' Untick other options NOTE: If you want to resolve | |
| | | | multiple issues at once, you can visit https://app.stepsecurity.io/securerepo instead. (Low | |
| | | | effort) Warn: High severity: no topLevel permission defined: .github/workflows/release.yml:1: Visit | |
| | | | https://app.stepsecurity.io/secureworkflow/zephyrproject-rtos/zephyr/release.yml/main?enable=permissions | |
| | | | Tick the 'Restrict permissions for GITHUB_TOKEN' Untick other options NOTE: If you want to resolve multiple | |
| | | | issues at once, you can visit https://app.stepsecurity.io/securerepo instead. (Low effort) Warn: High | |
| | | | severity: no topLevel permission defined: .github/workflows/stale-workflow-queue-cleanup.yml:1: Visit | |
| | | | https://app.stepsecurity.io/secureworkflow/zephyrproject-rtos/zephyr/stale-workflow-queue-cleanup.yml/main?enable=permissions | |
| | | | Tick the 'Restrict permissions for GITHUB_TOKEN' Untick other options NOTE: If you want to resolve | |
| | | | multiple issues at once, you can visit https://app.stepsecurity.io/securerepo instead. (Low effort) | |
| | | | Warn: High severity: no topLevel permission defined: .github/workflows/stale_issue.yml:1: Visit | |
| | | | https://app.stepsecurity.io/secureworkflow/zephyrproject-rtos/zephyr/stale_issue.yml/main?enable=permissions | |
| | | | Tick the 'Restrict permissions for GITHUB_TOKEN' Untick other options NOTE: If you want to resolve | |
| | | | multiple issues at once, you can visit https://app.stepsecurity.io/securerepo instead. (Low effort) | |
| | | | Warn: High severity: no topLevel permission defined: .github/workflows/twister.yaml:1: Visit | |
| | | | https://app.stepsecurity.io/secureworkflow/zephyrproject-rtos/zephyr/twister.yaml/main?enable=permissions | |
| | | | Tick the 'Restrict permissions for GITHUB_TOKEN' Untick other options NOTE: If you want to resolve | |
| | | | multiple issues at once, you can visit https://app.stepsecurity.io/securerepo instead. (Low effort) | |
| | | | Warn: High severity: no topLevel permission defined: .github/workflows/twister_tests.yml:1: Visit | |
| | | | https://app.stepsecurity.io/secureworkflow/zephyrproject-rtos/zephyr/twister_tests.yml/main?enable=permissions | |
| | | | Tick the 'Restrict permissions for GITHUB_TOKEN' Untick other options NOTE: If you want to resolve | |
| | | | multiple issues at once, you can visit https://app.stepsecurity.io/securerepo instead. (Low effort) | |
| | | | Warn: High severity: no topLevel permission defined: .github/workflows/west_cmds.yml:1: Visit | |
| | | | https://app.stepsecurity.io/secureworkflow/zephyrproject-rtos/zephyr/west_cmds.yml/main?enable=permissions Tick the 'Restrict | |
| | | | permissions for GITHUB_TOKEN' Untick other options NOTE: If you want to resolve multiple issues at once, you can visit | |
| | | | https://app.stepsecurity.io/securerepo instead. (Low effort) Info: Medium severity: no jobLevel write permissions found | |
|---------|------------------------|--------------------------------|-------------------------------------------------------------------------------------------------------------------------------|-----------------------------------------------------------------------------------------------------------------------|
| 7 / 10 | Vulnerabilities | 3 existing vulnerabilities | Warn: Project is vulnerable | https://github.com/ossf/scorecard/blob/8db70cfdc3eaba2afbcfe100b4d095483c382030/docs/checks.md#vulnerabilities |
| | | detected | to: GHSA-3pqx-4fqf-j49f | |
| | | | / PYSEC-2020-176 Warn: | |
| | | | Project is vulnerable | |
| | | | to: GHSA-6757-jp84-gxfx | |
| | | | / PYSEC-2020-96 Warn: | |
| | | | Project is vulnerable | |
| | | | to: GHSA-8q59-q68h-6hv4 / | |
| | | | PYSEC-2021-142 | |
|---------|------------------------|--------------------------------|-------------------------------------------------------------------------------------------------------------------------------|-----------------------------------------------------------------------------------------------------------------------|
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment