Last active
April 24, 2023 14:53
-
-
Save kartben/e9ad546bd3ef9cc1c5880b9dc32186e6 to your computer and use it in GitHub Desktop.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Finished [Fuzzing] | |
| Finished [CII-Best-Practices] | |
| Finished [Dangerous-Workflow] | |
| Finished [Token-Permissions] | |
| Finished [CI-Tests] | |
| Finished [SAST] | |
| Finished [Pinned-Dependencies] | |
| Finished [Vulnerabilities] | |
| Finished [Code-Review] | |
| Finished [Branch-Protection] | |
| Finished [Maintained] | |
| Finished [Signed-Releases] | |
| Finished [Packaging] | |
| Finished [Security-Policy] | |
| Finished [License] | |
| Finished [Binary-Artifacts] | |
| Finished [Dependency-Update-Tool] | |
| Finished [Contributors] | |
| |---------|------------------------|--------------------------------|-------------------------------------------------------------------------------------------------------------------------------|-----------------------------------------------------------------------------------------------------------------------| | |
| | SCORE | NAME | REASON | DETAILS | DOCUMENTATION/REMEDIATION | | |
| |---------|------------------------|--------------------------------|-------------------------------------------------------------------------------------------------------------------------------|-----------------------------------------------------------------------------------------------------------------------| | |
| | 10 / 10 | Binary-Artifacts | no binaries found in the repo | | https://github.com/ossf/scorecard/blob/8db70cfdc3eaba2afbcfe100b4d095483c382030/docs/checks.md#binary-artifacts | | |
| |---------|------------------------|--------------------------------|-------------------------------------------------------------------------------------------------------------------------------|-----------------------------------------------------------------------------------------------------------------------| | |
| | 9 / 10 | Branch-Protection | branch protection is not | Info: 'force pushes' disabled | https://github.com/ossf/scorecard/blob/8db70cfdc3eaba2afbcfe100b4d095483c382030/docs/checks.md#branch-protection | | |
| | | | maximal on development and all | on branch 'main' Info: | | | |
| | | | release branches | 'allow deletion' disabled on | | | |
| | | | | branch 'main' Info: status | | | |
| | | | | check found to merge onto on | | | |
| | | | | branch 'main' Info: number | | | |
| | | | | of required reviewers is 2 on | | | |
| | | | | branch 'main' Warn: codeowner | | | |
| | | | | review is not required on | | | |
| | | | | branch 'main' | | | |
| |---------|------------------------|--------------------------------|-------------------------------------------------------------------------------------------------------------------------------|-----------------------------------------------------------------------------------------------------------------------| | |
| | 10 / 10 | CI-Tests | 20 out of 20 merged PRs | | https://github.com/ossf/scorecard/blob/8db70cfdc3eaba2afbcfe100b4d095483c382030/docs/checks.md#ci-tests | | |
| | | | checked by a CI test -- score | | | | |
| | | | normalized to 10 | | | | |
| |---------|------------------------|--------------------------------|-------------------------------------------------------------------------------------------------------------------------------|-----------------------------------------------------------------------------------------------------------------------| | |
| | 10 / 10 | CII-Best-Practices | badge detected: gold | | https://github.com/ossf/scorecard/blob/8db70cfdc3eaba2afbcfe100b4d095483c382030/docs/checks.md#cii-best-practices | | |
| |---------|------------------------|--------------------------------|-------------------------------------------------------------------------------------------------------------------------------|-----------------------------------------------------------------------------------------------------------------------| | |
| | 10 / 10 | Code-Review | all changesets reviewed | | https://github.com/ossf/scorecard/blob/8db70cfdc3eaba2afbcfe100b4d095483c382030/docs/checks.md#code-review | | |
| |---------|------------------------|--------------------------------|-------------------------------------------------------------------------------------------------------------------------------|-----------------------------------------------------------------------------------------------------------------------| | |
| | 10 / 10 | Contributors | 23 different organizations | Info: contributors work for | https://github.com/ossf/scorecard/blob/8db70cfdc3eaba2afbcfe100b4d095483c382030/docs/checks.md#contributors | | |
| | | | found -- score normalized to | Centrinix,NordicPlayground,NordicSemiconductor,antero,connectivity,intel,jenkinsci,nordic | | | |
| | | | 10 | semiconductor,nordic semiconductor india private limited sixoctets | | | |
| | | | | systems,nordicsemiconductor,nrfconnect,nxp,openspaceaarhus,openthread,peter bigot | | | |
| | | | | consulting,pfalcon-mirrors,pfalcon-org-test,slic3r,stmicroelectronics,teslabs,vestas-wind-systems,wind | | | |
| | | | | river systems,zephyrproject-rtos | | | |
| |---------|------------------------|--------------------------------|-------------------------------------------------------------------------------------------------------------------------------|-----------------------------------------------------------------------------------------------------------------------| | |
| | 0 / 10 | Dangerous-Workflow | dangerous workflow patterns | Warn: untrusted code checkout '${{ | https://github.com/ossf/scorecard/blob/8db70cfdc3eaba2afbcfe100b4d095483c382030/docs/checks.md#dangerous-workflow | | |
| | | | detected | github.event.pull_request.head.sha | | | |
| | | | | }}': | | | |
| | | | | .github/workflows/clang.yaml:44 | | | |
| | | | | Warn: untrusted code checkout '${{ | | | |
| | | | | github.event.pull_request.head.sha | | | |
| | | | | }}': | | | |
| | | | | .github/workflows/manifest.yml:10 | | | |
| | | | | Warn: untrusted code checkout '${{ | | | |
| | | | | github.event.pull_request.head.sha | | | |
| | | | | }}': | | | |
| | | | | .github/workflows/twister.yaml:59 | | | |
| | | | | Warn: untrusted code checkout '${{ | | | |
| | | | | github.event.pull_request.head.sha | | | |
| | | | | }}': | | | |
| | | | | .github/workflows/twister.yaml:156 | | | |
| |---------|------------------------|--------------------------------|-------------------------------------------------------------------------------------------------------------------------------|-----------------------------------------------------------------------------------------------------------------------| | |
| | 0 / 10 | Dependency-Update-Tool | no update tool detected | Warn: Config file not | https://github.com/ossf/scorecard/blob/8db70cfdc3eaba2afbcfe100b4d095483c382030/docs/checks.md#dependency-update-tool | | |
| | | | | detected in source location | | | |
| | | | | for dependabot, renovatebot, | | | |
| | | | | Sonatype Lift, or PyUp | | | |
| | | | | (Python). We recommend setting | | | |
| | | | | this configuration in code so | | | |
| | | | | it can be easily verified by | | | |
| | | | | others. | | | |
| |---------|------------------------|--------------------------------|-------------------------------------------------------------------------------------------------------------------------------|-----------------------------------------------------------------------------------------------------------------------| | |
| | 0 / 10 | Fuzzing | project is not fuzzed | | https://github.com/ossf/scorecard/blob/8db70cfdc3eaba2afbcfe100b4d095483c382030/docs/checks.md#fuzzing | | |
| |---------|------------------------|--------------------------------|-------------------------------------------------------------------------------------------------------------------------------|-----------------------------------------------------------------------------------------------------------------------| | |
| | 10 / 10 | License | license file detected | Info: License file found in | https://github.com/ossf/scorecard/blob/8db70cfdc3eaba2afbcfe100b4d095483c382030/docs/checks.md#license | | |
| | | | | expected location: LICENSE:1 | | | |
| | | | | Info: FSF or OSI recognized | | | |
| | | | | license: LICENSE:1 | | | |
| |---------|------------------------|--------------------------------|-------------------------------------------------------------------------------------------------------------------------------|-----------------------------------------------------------------------------------------------------------------------| | |
| | 10 / 10 | Maintained | 30 commit(s) out of 30 and 20 | | https://github.com/ossf/scorecard/blob/8db70cfdc3eaba2afbcfe100b4d095483c382030/docs/checks.md#maintained | | |
| | | | issue activity out of 30 found | | | | |
| | | | in the last 90 days -- score | | | | |
| | | | normalized to 10 | | | | |
| |---------|------------------------|--------------------------------|-------------------------------------------------------------------------------------------------------------------------------|-----------------------------------------------------------------------------------------------------------------------| | |
| | ? | Packaging | no published package detected | Warn: no GitHub publishing | https://github.com/ossf/scorecard/blob/8db70cfdc3eaba2afbcfe100b4d095483c382030/docs/checks.md#packaging | | |
| | | | | workflow detected | | | |
| |---------|------------------------|--------------------------------|-------------------------------------------------------------------------------------------------------------------------------|-----------------------------------------------------------------------------------------------------------------------| | |
| | 7 / 10 | Pinned-Dependencies | dependency not pinned by hash | Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/assigner.yml:27: update your workflow | https://github.com/ossf/scorecard/blob/8db70cfdc3eaba2afbcfe100b4d095483c382030/docs/checks.md#pinned-dependencies | | |
| | | | detected -- score normalized | using https://app.stepsecurity.io/secureworkflow/zephyrproject-rtos/zephyr/assigner.yml/main?enable=pin Warn: | | | |
| | | | to 7 | third-party GitHubAction not pinned by hash: .github/workflows/backport.yml:27: update your workflow using | | | |
| | | | | https://app.stepsecurity.io/secureworkflow/zephyrproject-rtos/zephyr/backport.yml/main?enable=pin Warn: GitHub-owned | | | |
| | | | | GitHubAction not pinned by hash: .github/workflows/backport_issue_check.yml:16: update your workflow using | | | |
| | | | | https://app.stepsecurity.io/secureworkflow/zephyrproject-rtos/zephyr/backport_issue_check.yml/main?enable=pin Warn: | | | |
| | | | | third-party GitHubAction not pinned by hash: .github/workflows/bsim-tests-publish.yaml:16: update your workflow | | | |
| | | | | using https://app.stepsecurity.io/secureworkflow/zephyrproject-rtos/zephyr/bsim-tests-publish.yaml/main?enable=pin | | | |
| | | | | Warn: third-party GitHubAction not pinned by hash: .github/workflows/bsim-tests-publish.yaml:21: update your workflow | | | |
| | | | | using https://app.stepsecurity.io/secureworkflow/zephyrproject-rtos/zephyr/bsim-tests-publish.yaml/main?enable=pin | | | |
| | | | | Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/bsim-tests.yaml:59: update your workflow | | | |
| | | | | using https://app.stepsecurity.io/secureworkflow/zephyrproject-rtos/zephyr/bsim-tests.yaml/main?enable=pin | | | |
| | | | | Warn: third-party GitHubAction not pinned by hash: .github/workflows/bsim-tests.yaml:79: update your workflow | | | |
| | | | | using https://app.stepsecurity.io/secureworkflow/zephyrproject-rtos/zephyr/bsim-tests.yaml/main?enable=pin | | | |
| | | | | Warn: third-party GitHubAction not pinned by hash: .github/workflows/bsim-tests.yaml:92: update your workflow | | | |
| | | | | using https://app.stepsecurity.io/secureworkflow/zephyrproject-rtos/zephyr/bsim-tests.yaml/main?enable=pin | | | |
| | | | | Warn: third-party GitHubAction not pinned by hash: .github/workflows/bsim-tests.yaml:101: update your workflow | | | |
| | | | | using https://app.stepsecurity.io/secureworkflow/zephyrproject-rtos/zephyr/bsim-tests.yaml/main?enable=pin | | | |
| | | | | Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/bsim-tests.yaml:131: update your workflow | | | |
| | | | | using https://app.stepsecurity.io/secureworkflow/zephyrproject-rtos/zephyr/bsim-tests.yaml/main?enable=pin | | | |
| | | | | Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/bsim-tests.yaml:142: update your workflow | | | |
| | | | | using https://app.stepsecurity.io/secureworkflow/zephyrproject-rtos/zephyr/bsim-tests.yaml/main?enable=pin | | | |
| | | | | Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/bug_snapshot.yaml:24: update your workflow | | | |
| | | | | using https://app.stepsecurity.io/secureworkflow/zephyrproject-rtos/zephyr/bug_snapshot.yaml/main?enable=pin | | | |
| | | | | Warn: third-party GitHubAction not pinned by hash: .github/workflows/bug_snapshot.yaml:45: update your workflow | | | |
| | | | | using https://app.stepsecurity.io/secureworkflow/zephyrproject-rtos/zephyr/bug_snapshot.yaml/main?enable=pin | | | |
| | | | | Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/clang.yaml:45: update your workflow | | | |
| | | | | using https://app.stepsecurity.io/secureworkflow/zephyrproject-rtos/zephyr/clang.yaml/main?enable=pin | | | |
| | | | | Warn: third-party GitHubAction not pinned by hash: .github/workflows/clang.yaml:86: update your workflow | | | |
| | | | | using https://app.stepsecurity.io/secureworkflow/zephyrproject-rtos/zephyr/clang.yaml/main?enable=pin | | | |
| | | | | Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/clang.yaml:125: update your workflow | | | |
| | | | | using https://app.stepsecurity.io/secureworkflow/zephyrproject-rtos/zephyr/clang.yaml/main?enable=pin | | | |
| | | | | Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/clang.yaml:137: update your workflow | | | |
| | | | | using https://app.stepsecurity.io/secureworkflow/zephyrproject-rtos/zephyr/clang.yaml/main?enable=pin | | | |
| | | | | Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/clang.yaml:148: update your workflow | | | |
| | | | | using https://app.stepsecurity.io/secureworkflow/zephyrproject-rtos/zephyr/clang.yaml/main?enable=pin | | | |
| | | | | Warn: third-party GitHubAction not pinned by hash: .github/workflows/clang.yaml:156: update your workflow | | | |
| | | | | using https://app.stepsecurity.io/secureworkflow/zephyrproject-rtos/zephyr/clang.yaml/main?enable=pin Warn: | | | |
| | | | | GitHub-owned GitHubAction not pinned by hash: .github/workflows/codecov.yaml:46: update your workflow using | | | |
| | | | | https://app.stepsecurity.io/secureworkflow/zephyrproject-rtos/zephyr/codecov.yaml/main?enable=pin Warn: | | | |
| | | | | third-party GitHubAction not pinned by hash: .github/workflows/codecov.yaml:70: update your workflow using | | | |
| | | | | https://app.stepsecurity.io/secureworkflow/zephyrproject-rtos/zephyr/codecov.yaml/main?enable=pin Warn: | | | |
| | | | | GitHub-owned GitHubAction not pinned by hash: .github/workflows/codecov.yaml:106: update your workflow using | | | |
| | | | | https://app.stepsecurity.io/secureworkflow/zephyrproject-rtos/zephyr/codecov.yaml/main?enable=pin Warn: | | | |
| | | | | GitHub-owned GitHubAction not pinned by hash: .github/workflows/codecov.yaml:120: update your workflow using | | | |
| | | | | https://app.stepsecurity.io/secureworkflow/zephyrproject-rtos/zephyr/codecov.yaml/main?enable=pin Warn: | | | |
| | | | | GitHub-owned GitHubAction not pinned by hash: .github/workflows/codecov.yaml:124: update your workflow using | | | |
| | | | | https://app.stepsecurity.io/secureworkflow/zephyrproject-rtos/zephyr/codecov.yaml/main?enable=pin Warn: | | | |
| | | | | third-party GitHubAction not pinned by hash: .github/workflows/codecov.yaml:168: update your workflow using | | | |
| | | | | https://app.stepsecurity.io/secureworkflow/zephyrproject-rtos/zephyr/codecov.yaml/main?enable=pin Warn: | | | |
| | | | | GitHub-owned GitHubAction not pinned by hash: .github/workflows/coding_guidelines.yml:11: update your workflow | | | |
| | | | | using https://app.stepsecurity.io/secureworkflow/zephyrproject-rtos/zephyr/coding_guidelines.yml/main?enable=pin | | | |
| | | | | Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/coding_guidelines.yml:17: update your workflow | | | |
| | | | | using https://app.stepsecurity.io/secureworkflow/zephyrproject-rtos/zephyr/coding_guidelines.yml/main?enable=pin | | | |
| | | | | Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/compliance.yml:15: update your workflow | | | |
| | | | | using https://app.stepsecurity.io/secureworkflow/zephyrproject-rtos/zephyr/compliance.yml/main?enable=pin | | | |
| | | | | Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/compliance.yml:21: update your workflow | | | |
| | | | | using https://app.stepsecurity.io/secureworkflow/zephyrproject-rtos/zephyr/compliance.yml/main?enable=pin | | | |
| | | | | Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/compliance.yml:63: update your workflow | | | |
| | | | | using https://app.stepsecurity.io/secureworkflow/zephyrproject-rtos/zephyr/compliance.yml/main?enable=pin Warn: | | | |
| | | | | third-party GitHubAction not pinned by hash: .github/workflows/daily_test_version.yml:20: update your workflow using | | | |
| | | | | https://app.stepsecurity.io/secureworkflow/zephyrproject-rtos/zephyr/daily_test_version.yml/main?enable=pin Warn: | | | |
| | | | | GitHub-owned GitHubAction not pinned by hash: .github/workflows/daily_test_version.yml:31: update your workflow | | | |
| | | | | using https://app.stepsecurity.io/secureworkflow/zephyrproject-rtos/zephyr/daily_test_version.yml/main?enable=pin | | | |
| | | | | Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/devicetree_checks.yml:38: update your workflow | | | |
| | | | | using https://app.stepsecurity.io/secureworkflow/zephyrproject-rtos/zephyr/devicetree_checks.yml/main?enable=pin | | | |
| | | | | Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/devicetree_checks.yml:40: update your workflow | | | |
| | | | | using https://app.stepsecurity.io/secureworkflow/zephyrproject-rtos/zephyr/devicetree_checks.yml/main?enable=pin | | | |
| | | | | Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/devicetree_checks.yml:45: update your workflow | | | |
| | | | | using https://app.stepsecurity.io/secureworkflow/zephyrproject-rtos/zephyr/devicetree_checks.yml/main?enable=pin | | | |
| | | | | Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/devicetree_checks.yml:53: update your workflow | | | |
| | | | | using https://app.stepsecurity.io/secureworkflow/zephyrproject-rtos/zephyr/devicetree_checks.yml/main?enable=pin | | | |
| | | | | Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/devicetree_checks.yml:62: update your workflow | | | |
| | | | | using https://app.stepsecurity.io/secureworkflow/zephyrproject-rtos/zephyr/devicetree_checks.yml/main?enable=pin | | | |
| | | | | Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/doc-build.yml:46: update your workflow | | | |
| | | | | using https://app.stepsecurity.io/secureworkflow/zephyrproject-rtos/zephyr/doc-build.yml/main?enable=pin | | | |
| | | | | Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/doc-build.yml:57: update your workflow | | | |
| | | | | using https://app.stepsecurity.io/secureworkflow/zephyrproject-rtos/zephyr/doc-build.yml/main?enable=pin | | | |
| | | | | Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/doc-build.yml:95: update your workflow | | | |
| | | | | using https://app.stepsecurity.io/secureworkflow/zephyrproject-rtos/zephyr/doc-build.yml/main?enable=pin | | | |
| | | | | Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/doc-build.yml:111: update your workflow | | | |
| | | | | using https://app.stepsecurity.io/secureworkflow/zephyrproject-rtos/zephyr/doc-build.yml/main?enable=pin | | | |
| | | | | Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/doc-build.yml:129: update your workflow | | | |
| | | | | using https://app.stepsecurity.io/secureworkflow/zephyrproject-rtos/zephyr/doc-build.yml/main?enable=pin | | | |
| | | | | Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/doc-build.yml:137: update your workflow | | | |
| | | | | using https://app.stepsecurity.io/secureworkflow/zephyrproject-rtos/zephyr/doc-build.yml/main?enable=pin | | | |
| | | | | Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/doc-build.yml:171: update your workflow | | | |
| | | | | using https://app.stepsecurity.io/secureworkflow/zephyrproject-rtos/zephyr/doc-build.yml/main?enable=pin Warn: | | | |
| | | | | third-party GitHubAction not pinned by hash: .github/workflows/doc-publish-pr.yml:24: update your workflow | | | |
| | | | | using https://app.stepsecurity.io/secureworkflow/zephyrproject-rtos/zephyr/doc-publish-pr.yml/main?enable=pin | | | |
| | | | | Warn: third-party GitHubAction not pinned by hash: .github/workflows/doc-publish-pr.yml:35: update your workflow | | | |
| | | | | using https://app.stepsecurity.io/secureworkflow/zephyrproject-rtos/zephyr/doc-publish-pr.yml/main?enable=pin | | | |
| | | | | Warn: third-party GitHubAction not pinned by hash: .github/workflows/doc-publish-pr.yml:51: update your workflow | | | |
| | | | | using https://app.stepsecurity.io/secureworkflow/zephyrproject-rtos/zephyr/doc-publish-pr.yml/main?enable=pin | | | |
| | | | | Warn: third-party GitHubAction not pinned by hash: .github/workflows/doc-publish.yml:27: update your workflow | | | |
| | | | | using https://app.stepsecurity.io/secureworkflow/zephyrproject-rtos/zephyr/doc-publish.yml/main?enable=pin | | | |
| | | | | Warn: third-party GitHubAction not pinned by hash: .github/workflows/doc-publish.yml:37: update your workflow | | | |
| | | | | using https://app.stepsecurity.io/secureworkflow/zephyrproject-rtos/zephyr/doc-publish.yml/main?enable=pin | | | |
| | | | | Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/errno.yml:27: update your workflow using | | | |
| | | | | https://app.stepsecurity.io/secureworkflow/zephyrproject-rtos/zephyr/errno.yml/main?enable=pin Warn: GitHub-owned | | | |
| | | | | GitHubAction not pinned by hash: .github/workflows/footprint-tracking.yml:49: update your workflow using | | | |
| | | | | https://app.stepsecurity.io/secureworkflow/zephyrproject-rtos/zephyr/footprint-tracking.yml/main?enable=pin Warn: | | | |
| | | | | third-party GitHubAction not pinned by hash: .github/workflows/footprint-tracking.yml:61: update your workflow | | | |
| | | | | using https://app.stepsecurity.io/secureworkflow/zephyrproject-rtos/zephyr/footprint-tracking.yml/main?enable=pin | | | |
| | | | | Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/footprint.yml:35: update your workflow | | | |
| | | | | using https://app.stepsecurity.io/secureworkflow/zephyrproject-rtos/zephyr/footprint.yml/main?enable=pin Warn: | | | |
| | | | | third-party GitHubAction not pinned by hash: .github/workflows/issue_count.yml:30: update your workflow using | | | |
| | | | | https://app.stepsecurity.io/secureworkflow/zephyrproject-rtos/zephyr/issue_count.yml/main?enable=pin Warn: | | | |
| | | | | GitHub-owned GitHubAction not pinned by hash: .github/workflows/issue_count.yml:38: update your workflow using | | | |
| | | | | https://app.stepsecurity.io/secureworkflow/zephyrproject-rtos/zephyr/issue_count.yml/main?enable=pin Warn: | | | |
| | | | | third-party GitHubAction not pinned by hash: .github/workflows/issue_count.yml:45: update your workflow using | | | |
| | | | | https://app.stepsecurity.io/secureworkflow/zephyrproject-rtos/zephyr/issue_count.yml/main?enable=pin Warn: | | | |
| | | | | GitHub-owned GitHubAction not pinned by hash: .github/workflows/license_check.yml:11: update your workflow | | | |
| | | | | using https://app.stepsecurity.io/secureworkflow/zephyrproject-rtos/zephyr/license_check.yml/main?enable=pin | | | |
| | | | | Warn: third-party GitHubAction not pinned by hash: .github/workflows/license_check.yml:14: update your workflow | | | |
| | | | | using https://app.stepsecurity.io/secureworkflow/zephyrproject-rtos/zephyr/license_check.yml/main?enable=pin | | | |
| | | | | Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/license_check.yml:18: update your workflow | | | |
| | | | | using https://app.stepsecurity.io/secureworkflow/zephyrproject-rtos/zephyr/license_check.yml/main?enable=pin | | | |
| | | | | Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/manifest.yml:11: update your workflow | | | |
| | | | | using https://app.stepsecurity.io/secureworkflow/zephyrproject-rtos/zephyr/manifest.yml/main?enable=pin | | | |
| | | | | Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release.yml:13: update your workflow | | | |
| | | | | using https://app.stepsecurity.io/secureworkflow/zephyrproject-rtos/zephyr/release.yml/main?enable=pin | | | |
| | | | | Warn: third-party GitHubAction not pinned by hash: .github/workflows/release.yml:24: update your workflow | | | |
| | | | | using https://app.stepsecurity.io/secureworkflow/zephyrproject-rtos/zephyr/release.yml/main?enable=pin | | | |
| | | | | Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release.yml:29: update your workflow | | | |
| | | | | using https://app.stepsecurity.io/secureworkflow/zephyrproject-rtos/zephyr/release.yml/main?enable=pin | | | |
| | | | | Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release.yml:41: update your workflow | | | |
| | | | | using https://app.stepsecurity.io/secureworkflow/zephyrproject-rtos/zephyr/release.yml/main?enable=pin Warn: | | | |
| | | | | GitHub-owned GitHubAction not pinned by hash: .github/workflows/release.yml:53: update your workflow using | | | |
| | | | | https://app.stepsecurity.io/secureworkflow/zephyrproject-rtos/zephyr/release.yml/main?enable=pin Warn: third-party | | | |
| | | | | GitHubAction not pinned by hash: .github/workflows/stale-workflow-queue-cleanup.yml:21: update your workflow using | | | |
| | | | | https://app.stepsecurity.io/secureworkflow/zephyrproject-rtos/zephyr/stale-workflow-queue-cleanup.yml/main?enable=pin | | | |
| | | | | Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/stale_issue.yml:12: update your workflow | | | |
| | | | | using https://app.stepsecurity.io/secureworkflow/zephyrproject-rtos/zephyr/stale_issue.yml/main?enable=pin | | | |
| | | | | Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/twister.yaml:61: update your workflow | | | |
| | | | | using https://app.stepsecurity.io/secureworkflow/zephyrproject-rtos/zephyr/twister.yaml/main?enable=pin | | | |
| | | | | Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/twister.yaml:157: update your workflow | | | |
| | | | | using https://app.stepsecurity.io/secureworkflow/zephyrproject-rtos/zephyr/twister.yaml/main?enable=pin | | | |
| | | | | Warn: third-party GitHubAction not pinned by hash: .github/workflows/twister.yaml:199: update your workflow | | | |
| | | | | using https://app.stepsecurity.io/secureworkflow/zephyrproject-rtos/zephyr/twister.yaml/main?enable=pin | | | |
| | | | | Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/twister.yaml:261: update your workflow | | | |
| | | | | using https://app.stepsecurity.io/secureworkflow/zephyrproject-rtos/zephyr/twister.yaml/main?enable=pin | | | |
| | | | | Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/twister.yaml:285: update your workflow | | | |
| | | | | using https://app.stepsecurity.io/secureworkflow/zephyrproject-rtos/zephyr/twister.yaml/main?enable=pin | | | |
| | | | | Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/twister.yaml:291: update your workflow | | | |
| | | | | using https://app.stepsecurity.io/secureworkflow/zephyrproject-rtos/zephyr/twister.yaml/main?enable=pin | | | |
| | | | | Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/twister.yaml:317: update your workflow | | | |
| | | | | using https://app.stepsecurity.io/secureworkflow/zephyrproject-rtos/zephyr/twister.yaml/main?enable=pin | | | |
| | | | | Warn: third-party GitHubAction not pinned by hash: .github/workflows/twister.yaml:325: update your workflow | | | |
| | | | | using https://app.stepsecurity.io/secureworkflow/zephyrproject-rtos/zephyr/twister.yaml/main?enable=pin Warn: | | | |
| | | | | GitHub-owned GitHubAction not pinned by hash: .github/workflows/twister_tests.yml:36: update your workflow | | | |
| | | | | using https://app.stepsecurity.io/secureworkflow/zephyrproject-rtos/zephyr/twister_tests.yml/main?enable=pin | | | |
| | | | | Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/twister_tests.yml:38: update your workflow | | | |
| | | | | using https://app.stepsecurity.io/secureworkflow/zephyrproject-rtos/zephyr/twister_tests.yml/main?enable=pin | | | |
| | | | | Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/twister_tests.yml:43: update your workflow | | | |
| | | | | using https://app.stepsecurity.io/secureworkflow/zephyrproject-rtos/zephyr/twister_tests.yml/main?enable=pin | | | |
| | | | | Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/west_cmds.yml:39: update your workflow | | | |
| | | | | using https://app.stepsecurity.io/secureworkflow/zephyrproject-rtos/zephyr/west_cmds.yml/main?enable=pin | | | |
| | | | | Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/west_cmds.yml:41: update your workflow | | | |
| | | | | using https://app.stepsecurity.io/secureworkflow/zephyrproject-rtos/zephyr/west_cmds.yml/main?enable=pin | | | |
| | | | | Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/west_cmds.yml:46: update your workflow | | | |
| | | | | using https://app.stepsecurity.io/secureworkflow/zephyrproject-rtos/zephyr/west_cmds.yml/main?enable=pin | | | |
| | | | | Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/west_cmds.yml:54: update your workflow | | | |
| | | | | using https://app.stepsecurity.io/secureworkflow/zephyrproject-rtos/zephyr/west_cmds.yml/main?enable=pin | | | |
| | | | | Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/west_cmds.yml:63: update your workflow | | | |
| | | | | using https://app.stepsecurity.io/secureworkflow/zephyrproject-rtos/zephyr/west_cmds.yml/main?enable=pin | | | |
| | | | | Warn: pipCommand not pinned by hash: .github/workflows/assigner.yml:23 Warn: pipCommand not pinned by hash: | | | |
| | | | | .github/workflows/assigner.yml:24 Warn: pipCommand not pinned by hash: .github/workflows/backport_issue_check.yml:20 | | | |
| | | | | Warn: pipCommand not pinned by hash: .github/workflows/backport_issue_check.yml:21 Warn: pipCommand | | | |
| | | | | not pinned by hash: .github/workflows/bug_snapshot.yaml:28 Warn: pipCommand not pinned by hash: | | | |
| | | | | .github/workflows/bug_snapshot.yaml:29 Warn: pipCommand not pinned by hash: .github/workflows/clang.yaml:142 | | | |
| | | | | Warn: pipCommand not pinned by hash: .github/workflows/coding_guidelines.yml:24 Warn: pipCommand | | | |
| | | | | not pinned by hash: .github/workflows/coding_guidelines.yml:25 Warn: pipCommand not pinned by hash: | | | |
| | | | | .github/workflows/coding_guidelines.yml:26 Warn: pipCommand not pinned by hash: .github/workflows/compliance.yml:28 | | | |
| | | | | Warn: pipCommand not pinned by hash: .github/workflows/compliance.yml:29 Warn: pipCommand not pinned by hash: | | | |
| | | | | .github/workflows/compliance.yml:30 Warn: pipCommand not pinned by hash: .github/workflows/compliance.yml:31 | | | |
| | | | | Warn: pipCommand not pinned by hash: .github/workflows/daily_test_version.yml:28 Warn: pipCommand | | | |
| | | | | not pinned by hash: .github/workflows/devicetree_checks.yml:70 Warn: pipCommand not pinned by hash: | | | |
| | | | | .github/workflows/devicetree_checks.yml:71 Warn: pipCommand not pinned by hash: .github/workflows/doc-build.yml:64 | | | |
| | | | | Warn: pipCommand not pinned by hash: .github/workflows/doc-build.yml:65 Warn: pipCommand not pinned by hash: | | | |
| | | | | .github/workflows/doc-build.yml:66 Warn: pipCommand not pinned by hash: .github/workflows/doc-build.yml:67 | | | |
| | | | | Warn: pipCommand not pinned by hash: .github/workflows/doc-build.yml:150 Warn: pipCommand not pinned by hash: | | | |
| | | | | .github/workflows/doc-build.yml:151 Warn: pipCommand not pinned by hash: .github/workflows/doc-build.yml:152 | | | |
| | | | | Warn: pipCommand not pinned by hash: .github/workflows/doc-build.yml:153 Warn: pipCommand not pinned by hash: | | | |
| | | | | .github/workflows/footprint-tracking.yml:46 Warn: pipCommand not pinned by hash: .github/workflows/twister.yaml:298 | | | |
| | | | | Warn: pipCommand not pinned by hash: .github/workflows/twister.yaml:311 Warn: pipCommand not pinned by hash: | | | |
| | | | | .github/workflows/twister_tests.yml:51 Warn: pipCommand not pinned by hash: .github/workflows/west_cmds.yml:71 Warn: | | | |
| | | | | pipCommand not pinned by hash: .github/workflows/west_cmds.yml:72 Info: Dockerfile dependencies are pinned Info: | | | |
| | | | | no insecure (not pinned by hash) dependency downloads found in Dockerfiles Info: no insecure (not pinned by hash) | | | |
| | | | | dependency downloads found in shell scripts | | | |
| |---------|------------------------|--------------------------------|-------------------------------------------------------------------------------------------------------------------------------|-----------------------------------------------------------------------------------------------------------------------| | |
| | 0 / 10 | SAST | SAST tool is not run on all | Warn: 0 commits out of 30 are | https://github.com/ossf/scorecard/blob/8db70cfdc3eaba2afbcfe100b4d095483c382030/docs/checks.md#sast | | |
| | | | commits -- score normalized to | checked with a SAST tool Warn: | | | |
| | | | 0 | CodeQL tool not detected | | | |
| |---------|------------------------|--------------------------------|-------------------------------------------------------------------------------------------------------------------------------|-----------------------------------------------------------------------------------------------------------------------| | |
| | 10 / 10 | Security-Policy | security policy file detected | Info: Found linked content | https://github.com/ossf/scorecard/blob/8db70cfdc3eaba2afbcfe100b4d095483c382030/docs/checks.md#security-policy | | |
| | | | | in security policy: | | | |
| | | | | .github/SECURITY.md Info: | | | |
| | | | | Found text in security | | | |
| | | | | policy: .github/SECURITY.md | | | |
| | | | | Info: Found disclosure, | | | |
| | | | | vulnerability, and/or | | | |
| | | | | timelines in security | | | |
| | | | | policy: .github/SECURITY.md | | | |
| | | | | Info: security policy | | | |
| | | | | detected in current repo: | | | |
| | | | | .github/SECURITY.md | | | |
| |---------|------------------------|--------------------------------|-------------------------------------------------------------------------------------------------------------------------------|-----------------------------------------------------------------------------------------------------------------------| | |
| | 0 / 10 | Signed-Releases | 0 out of 5 artifacts are | Warn: release artifact v3.3.0 does not have provenance: | https://github.com/ossf/scorecard/blob/8db70cfdc3eaba2afbcfe100b4d095483c382030/docs/checks.md#signed-releases | | |
| | | | signed or have provenance | https://api.github.com/repos/zephyrproject-rtos/zephyr/releases/92933920 | | | |
| | | | | Warn: release artifact v3.3.0 not signed: | | | |
| | | | | https://api.github.com/repos/zephyrproject-rtos/zephyr/releases/92933920 | | | |
| | | | | Warn: release artifact v2.7.4 does not have provenance: | | | |
| | | | | https://api.github.com/repos/zephyrproject-rtos/zephyr/releases/87027395 | | | |
| | | | | Warn: release artifact v2.7.4 not signed: | | | |
| | | | | https://api.github.com/repos/zephyrproject-rtos/zephyr/releases/87027395 | | | |
| | | | | Warn: release artifact v3.2.0 does not have provenance: | | | |
| | | | | https://api.github.com/repos/zephyrproject-rtos/zephyr/releases/78722601 | | | |
| | | | | Warn: release artifact v3.2.0 not signed: | | | |
| | | | | https://api.github.com/repos/zephyrproject-rtos/zephyr/releases/78722601 | | | |
| | | | | Warn: release artifact v3.2.0-rc3 does not have provenance: | | | |
| | | | | https://api.github.com/repos/zephyrproject-rtos/zephyr/releases/78019389 | | | |
| | | | | Warn: release artifact v3.2.0-rc3 not signed: | | | |
| | | | | https://api.github.com/repos/zephyrproject-rtos/zephyr/releases/78019389 | | | |
| | | | | Warn: release artifact v3.2.0-rc2 does not have provenance: | | | |
| | | | | https://api.github.com/repos/zephyrproject-rtos/zephyr/releases/77432164 | | | |
| | | | | Warn: release artifact v3.2.0-rc2 not signed: | | | |
| | | | | https://api.github.com/repos/zephyrproject-rtos/zephyr/releases/77432164 | | | |
| |---------|------------------------|--------------------------------|-------------------------------------------------------------------------------------------------------------------------------|-----------------------------------------------------------------------------------------------------------------------| | |
| | 0 / 10 | Token-Permissions | non read-only tokens detected | Warn: High severity: no topLevel permission defined: .github/workflows/assigner.yml:1: Visit | https://github.com/ossf/scorecard/blob/8db70cfdc3eaba2afbcfe100b4d095483c382030/docs/checks.md#token-permissions | | |
| | | | in GitHub workflows | https://app.stepsecurity.io/secureworkflow/zephyrproject-rtos/zephyr/assigner.yml/main?enable=permissions | | | |
| | | | | Tick the 'Restrict permissions for GITHUB_TOKEN' Untick other options NOTE: If you want to resolve | | | |
| | | | | multiple issues at once, you can visit https://app.stepsecurity.io/securerepo instead. (Low effort) | | | |
| | | | | Warn: High severity: no topLevel permission defined: .github/workflows/backport.yml:1: Visit | | | |
| | | | | https://app.stepsecurity.io/secureworkflow/zephyrproject-rtos/zephyr/backport.yml/main?enable=permissions | | | |
| | | | | Tick the 'Restrict permissions for GITHUB_TOKEN' Untick other options NOTE: If you want to resolve | | | |
| | | | | multiple issues at once, you can visit https://app.stepsecurity.io/securerepo instead. (Low effort) | | | |
| | | | | Warn: High severity: no topLevel permission defined: .github/workflows/backport_issue_check.yml:1: Visit | | | |
| | | | | https://app.stepsecurity.io/secureworkflow/zephyrproject-rtos/zephyr/backport_issue_check.yml/main?enable=permissions | | | |
| | | | | Tick the 'Restrict permissions for GITHUB_TOKEN' Untick other options NOTE: If you want to resolve | | | |
| | | | | multiple issues at once, you can visit https://app.stepsecurity.io/securerepo instead. (Low effort) | | | |
| | | | | Warn: High severity: no topLevel permission defined: .github/workflows/bsim-tests-publish.yaml:1: Visit | | | |
| | | | | https://app.stepsecurity.io/secureworkflow/zephyrproject-rtos/zephyr/bsim-tests-publish.yaml/main?enable=permissions | | | |
| | | | | Tick the 'Restrict permissions for GITHUB_TOKEN' Untick other options NOTE: If you want to resolve | | | |
| | | | | multiple issues at once, you can visit https://app.stepsecurity.io/securerepo instead. (Low effort) | | | |
| | | | | Warn: High severity: no topLevel permission defined: .github/workflows/bsim-tests.yaml:1: Visit | | | |
| | | | | https://app.stepsecurity.io/secureworkflow/zephyrproject-rtos/zephyr/bsim-tests.yaml/main?enable=permissions | | | |
| | | | | Tick the 'Restrict permissions for GITHUB_TOKEN' Untick other options NOTE: If you want to resolve | | | |
| | | | | multiple issues at once, you can visit https://app.stepsecurity.io/securerepo instead. (Low effort) | | | |
| | | | | Warn: High severity: no topLevel permission defined: .github/workflows/bug_snapshot.yaml:1: Visit | | | |
| | | | | https://app.stepsecurity.io/secureworkflow/zephyrproject-rtos/zephyr/bug_snapshot.yaml/main?enable=permissions | | | |
| | | | | Tick the 'Restrict permissions for GITHUB_TOKEN' Untick other options NOTE: If you want to resolve | | | |
| | | | | multiple issues at once, you can visit https://app.stepsecurity.io/securerepo instead. (Low | | | |
| | | | | effort) Warn: High severity: no topLevel permission defined: .github/workflows/clang.yaml:1: Visit | | | |
| | | | | https://app.stepsecurity.io/secureworkflow/zephyrproject-rtos/zephyr/clang.yaml/main?enable=permissions | | | |
| | | | | Tick the 'Restrict permissions for GITHUB_TOKEN' Untick other options NOTE: If you want to resolve | | | |
| | | | | multiple issues at once, you can visit https://app.stepsecurity.io/securerepo instead. (Low effort) | | | |
| | | | | Warn: High severity: no topLevel permission defined: .github/workflows/codecov.yaml:1: Visit | | | |
| | | | | https://app.stepsecurity.io/secureworkflow/zephyrproject-rtos/zephyr/codecov.yaml/main?enable=permissions | | | |
| | | | | Tick the 'Restrict permissions for GITHUB_TOKEN' Untick other options NOTE: If you want to resolve | | | |
| | | | | multiple issues at once, you can visit https://app.stepsecurity.io/securerepo instead. (Low effort) | | | |
| | | | | Warn: High severity: no topLevel permission defined: .github/workflows/coding_guidelines.yml:1: Visit | | | |
| | | | | https://app.stepsecurity.io/secureworkflow/zephyrproject-rtos/zephyr/coding_guidelines.yml/main?enable=permissions | | | |
| | | | | Tick the 'Restrict permissions for GITHUB_TOKEN' Untick other options NOTE: If you want to resolve | | | |
| | | | | multiple issues at once, you can visit https://app.stepsecurity.io/securerepo instead. (Low effort) | | | |
| | | | | Warn: High severity: no topLevel permission defined: .github/workflows/compliance.yml:1: Visit | | | |
| | | | | https://app.stepsecurity.io/secureworkflow/zephyrproject-rtos/zephyr/compliance.yml/main?enable=permissions | | | |
| | | | | Tick the 'Restrict permissions for GITHUB_TOKEN' Untick other options NOTE: If you want to resolve | | | |
| | | | | multiple issues at once, you can visit https://app.stepsecurity.io/securerepo instead. (Low effort) | | | |
| | | | | Warn: High severity: no topLevel permission defined: .github/workflows/daily_test_version.yml:1: Visit | | | |
| | | | | https://app.stepsecurity.io/secureworkflow/zephyrproject-rtos/zephyr/daily_test_version.yml/main?enable=permissions | | | |
| | | | | Tick the 'Restrict permissions for GITHUB_TOKEN' Untick other options NOTE: If you want to resolve | | | |
| | | | | multiple issues at once, you can visit https://app.stepsecurity.io/securerepo instead. (Low effort) | | | |
| | | | | Warn: High severity: no topLevel permission defined: .github/workflows/devicetree_checks.yml:1: Visit | | | |
| | | | | https://app.stepsecurity.io/secureworkflow/zephyrproject-rtos/zephyr/devicetree_checks.yml/main?enable=permissions | | | |
| | | | | Tick the 'Restrict permissions for GITHUB_TOKEN' Untick other options NOTE: If you want to resolve | | | |
| | | | | multiple issues at once, you can visit https://app.stepsecurity.io/securerepo instead. (Low effort) | | | |
| | | | | Warn: High severity: no topLevel permission defined: .github/workflows/do_not_merge.yml:1: Visit | | | |
| | | | | https://app.stepsecurity.io/secureworkflow/zephyrproject-rtos/zephyr/do_not_merge.yml/main?enable=permissions | | | |
| | | | | Tick the 'Restrict permissions for GITHUB_TOKEN' Untick other options NOTE: If you want to resolve | | | |
| | | | | multiple issues at once, you can visit https://app.stepsecurity.io/securerepo instead. (Low effort) | | | |
| | | | | Warn: High severity: no topLevel permission defined: .github/workflows/doc-build.yml:1: Visit | | | |
| | | | | https://app.stepsecurity.io/secureworkflow/zephyrproject-rtos/zephyr/doc-build.yml/main?enable=permissions | | | |
| | | | | Tick the 'Restrict permissions for GITHUB_TOKEN' Untick other options NOTE: If you want to resolve | | | |
| | | | | multiple issues at once, you can visit https://app.stepsecurity.io/securerepo instead. (Low effort) | | | |
| | | | | Warn: High severity: no topLevel permission defined: .github/workflows/doc-publish-pr.yml:1: Visit | | | |
| | | | | https://app.stepsecurity.io/secureworkflow/zephyrproject-rtos/zephyr/doc-publish-pr.yml/main?enable=permissions | | | |
| | | | | Tick the 'Restrict permissions for GITHUB_TOKEN' Untick other options NOTE: If you want to resolve | | | |
| | | | | multiple issues at once, you can visit https://app.stepsecurity.io/securerepo instead. (Low effort) | | | |
| | | | | Warn: High severity: no topLevel permission defined: .github/workflows/doc-publish.yml:1: Visit | | | |
| | | | | https://app.stepsecurity.io/secureworkflow/zephyrproject-rtos/zephyr/doc-publish.yml/main?enable=permissions | | | |
| | | | | Tick the 'Restrict permissions for GITHUB_TOKEN' Untick other options NOTE: If you want to resolve | | | |
| | | | | multiple issues at once, you can visit https://app.stepsecurity.io/securerepo instead. (Low | | | |
| | | | | effort) Warn: High severity: no topLevel permission defined: .github/workflows/errno.yml:1: Visit | | | |
| | | | | https://app.stepsecurity.io/secureworkflow/zephyrproject-rtos/zephyr/errno.yml/main?enable=permissions | | | |
| | | | | Tick the 'Restrict permissions for GITHUB_TOKEN' Untick other options NOTE: If you want to resolve | | | |
| | | | | multiple issues at once, you can visit https://app.stepsecurity.io/securerepo instead. (Low effort) | | | |
| | | | | Warn: High severity: no topLevel permission defined: .github/workflows/footprint-tracking.yml:1: Visit | | | |
| | | | | https://app.stepsecurity.io/secureworkflow/zephyrproject-rtos/zephyr/footprint-tracking.yml/main?enable=permissions | | | |
| | | | | Tick the 'Restrict permissions for GITHUB_TOKEN' Untick other options NOTE: If you want to resolve | | | |
| | | | | multiple issues at once, you can visit https://app.stepsecurity.io/securerepo instead. (Low effort) | | | |
| | | | | Warn: High severity: no topLevel permission defined: .github/workflows/footprint.yml:1: Visit | | | |
| | | | | https://app.stepsecurity.io/secureworkflow/zephyrproject-rtos/zephyr/footprint.yml/main?enable=permissions | | | |
| | | | | Tick the 'Restrict permissions for GITHUB_TOKEN' Untick other options NOTE: If you want to resolve | | | |
| | | | | multiple issues at once, you can visit https://app.stepsecurity.io/securerepo instead. (Low effort) | | | |
| | | | | Warn: High severity: no topLevel permission defined: .github/workflows/issue_count.yml:1: Visit | | | |
| | | | | https://app.stepsecurity.io/secureworkflow/zephyrproject-rtos/zephyr/issue_count.yml/main?enable=permissions | | | |
| | | | | Tick the 'Restrict permissions for GITHUB_TOKEN' Untick other options NOTE: If you want to resolve | | | |
| | | | | multiple issues at once, you can visit https://app.stepsecurity.io/securerepo instead. (Low effort) | | | |
| | | | | Warn: High severity: no topLevel permission defined: .github/workflows/license_check.yml:1: Visit | | | |
| | | | | https://app.stepsecurity.io/secureworkflow/zephyrproject-rtos/zephyr/license_check.yml/main?enable=permissions | | | |
| | | | | Tick the 'Restrict permissions for GITHUB_TOKEN' Untick other options NOTE: If you want to resolve | | | |
| | | | | multiple issues at once, you can visit https://app.stepsecurity.io/securerepo instead. (Low effort) | | | |
| | | | | Warn: High severity: no topLevel permission defined: .github/workflows/manifest.yml:1: Visit | | | |
| | | | | https://app.stepsecurity.io/secureworkflow/zephyrproject-rtos/zephyr/manifest.yml/main?enable=permissions | | | |
| | | | | Tick the 'Restrict permissions for GITHUB_TOKEN' Untick other options NOTE: If you want to resolve | | | |
| | | | | multiple issues at once, you can visit https://app.stepsecurity.io/securerepo instead. (Low | | | |
| | | | | effort) Warn: High severity: no topLevel permission defined: .github/workflows/release.yml:1: Visit | | | |
| | | | | https://app.stepsecurity.io/secureworkflow/zephyrproject-rtos/zephyr/release.yml/main?enable=permissions | | | |
| | | | | Tick the 'Restrict permissions for GITHUB_TOKEN' Untick other options NOTE: If you want to resolve multiple | | | |
| | | | | issues at once, you can visit https://app.stepsecurity.io/securerepo instead. (Low effort) Warn: High | | | |
| | | | | severity: no topLevel permission defined: .github/workflows/stale-workflow-queue-cleanup.yml:1: Visit | | | |
| | | | | https://app.stepsecurity.io/secureworkflow/zephyrproject-rtos/zephyr/stale-workflow-queue-cleanup.yml/main?enable=permissions | | | |
| | | | | Tick the 'Restrict permissions for GITHUB_TOKEN' Untick other options NOTE: If you want to resolve | | | |
| | | | | multiple issues at once, you can visit https://app.stepsecurity.io/securerepo instead. (Low effort) | | | |
| | | | | Warn: High severity: no topLevel permission defined: .github/workflows/stale_issue.yml:1: Visit | | | |
| | | | | https://app.stepsecurity.io/secureworkflow/zephyrproject-rtos/zephyr/stale_issue.yml/main?enable=permissions | | | |
| | | | | Tick the 'Restrict permissions for GITHUB_TOKEN' Untick other options NOTE: If you want to resolve | | | |
| | | | | multiple issues at once, you can visit https://app.stepsecurity.io/securerepo instead. (Low effort) | | | |
| | | | | Warn: High severity: no topLevel permission defined: .github/workflows/twister.yaml:1: Visit | | | |
| | | | | https://app.stepsecurity.io/secureworkflow/zephyrproject-rtos/zephyr/twister.yaml/main?enable=permissions | | | |
| | | | | Tick the 'Restrict permissions for GITHUB_TOKEN' Untick other options NOTE: If you want to resolve | | | |
| | | | | multiple issues at once, you can visit https://app.stepsecurity.io/securerepo instead. (Low effort) | | | |
| | | | | Warn: High severity: no topLevel permission defined: .github/workflows/twister_tests.yml:1: Visit | | | |
| | | | | https://app.stepsecurity.io/secureworkflow/zephyrproject-rtos/zephyr/twister_tests.yml/main?enable=permissions | | | |
| | | | | Tick the 'Restrict permissions for GITHUB_TOKEN' Untick other options NOTE: If you want to resolve | | | |
| | | | | multiple issues at once, you can visit https://app.stepsecurity.io/securerepo instead. (Low effort) | | | |
| | | | | Warn: High severity: no topLevel permission defined: .github/workflows/west_cmds.yml:1: Visit | | | |
| | | | | https://app.stepsecurity.io/secureworkflow/zephyrproject-rtos/zephyr/west_cmds.yml/main?enable=permissions Tick the 'Restrict | | | |
| | | | | permissions for GITHUB_TOKEN' Untick other options NOTE: If you want to resolve multiple issues at once, you can visit | | | |
| | | | | https://app.stepsecurity.io/securerepo instead. (Low effort) Info: Medium severity: no jobLevel write permissions found | | | |
| |---------|------------------------|--------------------------------|-------------------------------------------------------------------------------------------------------------------------------|-----------------------------------------------------------------------------------------------------------------------| | |
| | 7 / 10 | Vulnerabilities | 3 existing vulnerabilities | Warn: Project is vulnerable | https://github.com/ossf/scorecard/blob/8db70cfdc3eaba2afbcfe100b4d095483c382030/docs/checks.md#vulnerabilities | | |
| | | | detected | to: GHSA-3pqx-4fqf-j49f | | | |
| | | | | / PYSEC-2020-176 Warn: | | | |
| | | | | Project is vulnerable | | | |
| | | | | to: GHSA-6757-jp84-gxfx | | | |
| | | | | / PYSEC-2020-96 Warn: | | | |
| | | | | Project is vulnerable | | | |
| | | | | to: GHSA-8q59-q68h-6hv4 / | | | |
| | | | | PYSEC-2021-142 | | | |
| |---------|------------------------|--------------------------------|-------------------------------------------------------------------------------------------------------------------------------|-----------------------------------------------------------------------------------------------------------------------| |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment