Gathering detailed insights and metrics for @grafana/ui
Gathering detailed insights and metrics for @grafana/ui
Installations
npm install @grafana/uiDeveloper
Developer Guide
BETA
Module System
CommonJS
Min. Node Version
Typescript Support
Yes
Node Version
20.9.0
NPM Version
10.1.0
Statistics
65,255 Stars
55,430 Commits
12,171 Forks
1,284 Watching
5,094 Branches
3,001 Contributors
Updated on 28 Nov 2024
Languages
TypeScript (56.88%)
Go (39.73%)
Rich Text Format (0.69%)
HTML (0.66%)
CUE (0.36%)
JavaScript (0.33%)
Shell (0.3%)
MDX (0.3%)
Starlark (0.27%)
SCSS (0.22%)
Jsonnet (0.08%)
Python (0.05%)
Makefile (0.05%)
Dockerfile (0.04%)
Jinja (0.02%)
CSS (0.01%)
HCL (0.01%)
Total Downloads
Cumulative downloads
Total Downloads
5,928,528
Last day
-30%
6,484
Compared to previous day
Last week
-0.5%
43,567
Compared to previous week
Last month
19.9%
194,051
Compared to previous month
Last year
-10.5%
1,339,215
Compared to previous year
Daily Downloads
Weekly Downloads
Monthly Downloads
Yearly Downloads
Dependencies
66
d3olrxjsuuidslatetslibuplotjquerylodashmomenti18nextprismjsdate-fnsansicolordownshiftimmutableis-hotkeyrc-drawerrc-sliderreact-useclassnamesrc-tooltiptinycolor2rc-cascaderreact-tableslate-react@emotion/cssreact-selectreact-window@grafana/data@types/jquery@types/lodashmicro-memoizemonaco-editorreact-i18next@emotion/react@popperjs/corecalculate-sizerc-time-pickerreact-calendarreact-colorfulreact-dropzone@grafana/schemareact-hook-formreact-inlinesvg@leeoniya/ufuzzy@hello-pangea/dnd@react-aria/focus@react-aria/utils@emotion/serialize@floating-ui/react@react-aria/dialog@types/react-table@monaco-editor/react@react-aria/overlays@grafana/faro-web-sdkreact-highlight-words@grafana/e2e-selectorsreact-loading-skeletonreact-transition-groupslate-plain-serializer@tanstack/react-virtualhoist-non-react-staticsreact-custom-scrollbars-2react-router-dom-v5-compati18next-browser-languagedetector
Dev Dependencies
72
reactchancerimrafrollupcore-jscsstypeesbuildprocesswebpackmock-raf@types/d3react-domstorybookcss-loadertypescript@babel/core@types/jest@types/node@types/uuidcommon-tagssass-loader@types/react@types/slatestyle-loader@types/chanceexpose-loader@types/prismjs@faker-js/faker@types/mock-raf@storybook/react@types/is-hotkey@types/react-dom@grafana/tsconfig@storybook/blocks@types/tinycolor2rollup-plugin-dts@storybook/theming@types/common-tags@types/react-color@types/slate-reactreact-select-eventrollup-plugin-copy@storybook/mdx2-csf@types/react-windowreact-test-rendererstorybook-dark-mode@testing-library/dom@storybook/addon-a11y@storybook/addon-docs@storybook/componentsrollup-plugin-esbuild@storybook/core-events@storybook/preset-scss@storybook/preview-api@testing-library/react@storybook/addon-actions@storybook/addon-mdx-gfmrollup-plugin-svg-import@storybook/react-webpack5@testing-library/jest-dom@types/react-test-renderer@rollup/plugin-node-resolve@storybook/addon-essentials@testing-library/user-event@storybook/addon-storysource@types/react-highlight-wordsrollup-plugin-node-externals@types/react-transition-group@types/slate-plain-serializer@types/hoist-non-react-statics@types/testing-library__jest-dom@storybook/addon-webpack5-compiler-swc
Versions
The open-source platform for monitoring and observability
Grafana allows you to query, visualize, alert on and understand your metrics no matter where they are stored. Create, explore, and share dashboards with your team and foster a data-driven culture:
- Visualizations: Fast and flexible client side graphs with a multitude of options. Panel plugins offer many different ways to visualize metrics and logs.
- Dynamic Dashboards: Create dynamic & reusable dashboards with template variables that appear as dropdowns at the top of the dashboard.
- Explore Metrics: Explore your data through ad-hoc queries and dynamic drilldown. Split view and compare different time ranges, queries and data sources side by side.
- Explore Logs: Experience the magic of switching from metrics to logs with preserved label filters. Quickly search through all your logs or streaming them live.
- Alerting: Visually define alert rules for your most important metrics. Grafana will continuously evaluate and send notifications to systems like Slack, PagerDuty, VictorOps, OpsGenie.
- Mixed Data Sources: Mix different data sources in the same graph! You can specify a data source on a per-query basis. This works for even custom datasources.
Get started
Unsure if Grafana is for you? Watch Grafana in action on play.grafana.org!
Documentation
The Grafana documentation is available at grafana.com/docs.
Contributing
If you're interested in contributing to the Grafana project:
- Start by reading the Contributing guide.
- Learn how to set up your local environment, in our Developer guide.
- Explore our beginner-friendly issues.
- Look through our style guide and Storybook.
Get involved
- Follow @grafana on X (formerly Twitter).
- Read and subscribe to the Grafana blog.
- If you have a specific question, check out our discussion forums.
- For general discussions, join us on the official Slack team.
This project is tested with BrowserStack
License
Grafana is distributed under AGPL-3.0-only. For Apache-2.0 exceptions, see LICENSING.md.
No vulnerabilities found.
Reason
30 commit(s) and 2 issue activity found in the last 90 days -- score normalized to 10
Reason
security policy file detected
Details
- Info: security policy file detected: SECURITY.md:1
- Info: Found linked content: SECURITY.md:1
- Info: Found disclosure, vulnerability, and/or timelines in security policy: SECURITY.md:1
- Info: Found text in security policy: SECURITY.md:1
Reason
license file detected
Details
- Info: project has a license file: LICENSE:0
- Info: FSF or OSI recognized license: GNU Affero General Public License v3.0: LICENSE:0
Reason
binaries present in source code
Details
- Warn: binary detected: pkg/build/wire/cmd/wire/wire:1
- Warn: binary detected: scripts/go/bin/revive:1
Reason
Found 20/26 approved changesets -- score normalized to 7
Reason
SAST tool detected but not run on all commits
Details
- Info: SAST configuration detected: CodeQL
- Info: SAST configuration detected: CodeQL
- Info: SAST configuration detected: CodeQL
- Info: SAST configuration detected: CodeQL
- Warn: 10 commits out of 30 are checked with a SAST tool
Reason
badge detected: InProgress
Reason
dependency not pinned by hash detected -- score normalized to 1
Details
- Info: Possibly incomplete results: error parsing shell code: (( can only be used to open an arithmetic cmd: scripts/build/ci-windows-test/Dockerfile:4
- Info: Possibly incomplete results: error parsing shell code: a command can only contain words and redirects; encountered (: scripts/build/ci-wix/Dockerfile:6
- Info: Possibly incomplete results: error parsing shell code: "foo(" must be followed by ): scripts/build/ci-wix/Dockerfile:8-10
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/alerting-swagger-gen.yml:13: update your workflow using https://app.stepsecurity.io/secureworkflow/grafana/grafana/alerting-swagger-gen.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/alerting-swagger-gen.yml:17: update your workflow using https://app.stepsecurity.io/secureworkflow/grafana/grafana/alerting-swagger-gen.yml/main?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/alerting-swagger-gen.yml:24: update your workflow using https://app.stepsecurity.io/secureworkflow/grafana/grafana/alerting-swagger-gen.yml/main?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/auto-milestone.yml:24: update your workflow using https://app.stepsecurity.io/secureworkflow/grafana/grafana/auto-milestone.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/backport.yml:14: update your workflow using https://app.stepsecurity.io/secureworkflow/grafana/grafana/backport.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/bump-version.yml:19: update your workflow using https://app.stepsecurity.io/secureworkflow/grafana/grafana/bump-version.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/changelog.yml:71: update your workflow using https://app.stepsecurity.io/secureworkflow/grafana/grafana/changelog.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/changelog.yml:83: update your workflow using https://app.stepsecurity.io/secureworkflow/grafana/grafana/changelog.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/close-milestone.yml:21: update your workflow using https://app.stepsecurity.io/secureworkflow/grafana/grafana/close-milestone.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/codeowners-validator.yml:12: update your workflow using https://app.stepsecurity.io/secureworkflow/grafana/grafana/codeowners-validator.yml/main?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/codeowners-validator.yml:14: update your workflow using https://app.stepsecurity.io/secureworkflow/grafana/grafana/codeowners-validator.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/codeql-analysis.yml:41: update your workflow using https://app.stepsecurity.io/secureworkflow/grafana/grafana/codeql-analysis.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/codeql-analysis.yml:49: update your workflow using https://app.stepsecurity.io/secureworkflow/grafana/grafana/codeql-analysis.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/codeql-analysis.yml:55: update your workflow using https://app.stepsecurity.io/secureworkflow/grafana/grafana/codeql-analysis.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/codeql-analysis.yml:70: update your workflow using https://app.stepsecurity.io/secureworkflow/grafana/grafana/codeql-analysis.yml/main?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/commands.yml:40: update your workflow using https://app.stepsecurity.io/secureworkflow/grafana/grafana/commands.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/commands.yml:55: update your workflow using https://app.stepsecurity.io/secureworkflow/grafana/grafana/commands.yml/main?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/community-release.yml:39: update your workflow using https://app.stepsecurity.io/secureworkflow/grafana/grafana/community-release.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/core-plugins-build-and-release.yml:44: update your workflow using https://app.stepsecurity.io/secureworkflow/grafana/grafana/core-plugins-build-and-release.yml/main?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/core-plugins-build-and-release.yml:49: update your workflow using https://app.stepsecurity.io/secureworkflow/grafana/grafana/core-plugins-build-and-release.yml/main?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/core-plugins-build-and-release.yml:57: update your workflow using https://app.stepsecurity.io/secureworkflow/grafana/grafana/core-plugins-build-and-release.yml/main?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/core-plugins-build-and-release.yml:61: update your workflow using https://app.stepsecurity.io/secureworkflow/grafana/grafana/core-plugins-build-and-release.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/core-plugins-build-and-release.yml:63: update your workflow using https://app.stepsecurity.io/secureworkflow/grafana/grafana/core-plugins-build-and-release.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/core-plugins-build-and-release.yml:100: update your workflow using https://app.stepsecurity.io/secureworkflow/grafana/grafana/core-plugins-build-and-release.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/core-plugins-build-and-release.yml:189: update your workflow using https://app.stepsecurity.io/secureworkflow/grafana/grafana/core-plugins-build-and-release.yml/main?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/dashboards-issue-add-label.yml:25: update your workflow using https://app.stepsecurity.io/secureworkflow/grafana/grafana/dashboards-issue-add-label.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/detect-breaking-changes-levitate.yml:29: update your workflow using https://app.stepsecurity.io/secureworkflow/grafana/grafana/detect-breaking-changes-levitate.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/detect-breaking-changes-levitate.yml:32: update your workflow using https://app.stepsecurity.io/secureworkflow/grafana/grafana/detect-breaking-changes-levitate.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/detect-breaking-changes-levitate.yml:41: update your workflow using https://app.stepsecurity.io/secureworkflow/grafana/grafana/detect-breaking-changes-levitate.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/detect-breaking-changes-levitate.yml:62: update your workflow using https://app.stepsecurity.io/secureworkflow/grafana/grafana/detect-breaking-changes-levitate.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/detect-breaking-changes-levitate.yml:75: update your workflow using https://app.stepsecurity.io/secureworkflow/grafana/grafana/detect-breaking-changes-levitate.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/detect-breaking-changes-levitate.yml:80: update your workflow using https://app.stepsecurity.io/secureworkflow/grafana/grafana/detect-breaking-changes-levitate.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/detect-breaking-changes-levitate.yml:89: update your workflow using https://app.stepsecurity.io/secureworkflow/grafana/grafana/detect-breaking-changes-levitate.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/detect-breaking-changes-levitate.yml:110: update your workflow using https://app.stepsecurity.io/secureworkflow/grafana/grafana/detect-breaking-changes-levitate.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/detect-breaking-changes-levitate.yml:126: update your workflow using https://app.stepsecurity.io/secureworkflow/grafana/grafana/detect-breaking-changes-levitate.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/detect-breaking-changes-levitate.yml:127: update your workflow using https://app.stepsecurity.io/secureworkflow/grafana/grafana/detect-breaking-changes-levitate.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/detect-breaking-changes-levitate.yml:132: update your workflow using https://app.stepsecurity.io/secureworkflow/grafana/grafana/detect-breaking-changes-levitate.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/detect-breaking-changes-levitate.yml:137: update your workflow using https://app.stepsecurity.io/secureworkflow/grafana/grafana/detect-breaking-changes-levitate.yml/main?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/detect-breaking-changes-levitate.yml:148: update your workflow using https://app.stepsecurity.io/secureworkflow/grafana/grafana/detect-breaking-changes-levitate.yml/main?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/detect-breaking-changes-levitate.yml:155: update your workflow using https://app.stepsecurity.io/secureworkflow/grafana/grafana/detect-breaking-changes-levitate.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/detect-breaking-changes-levitate.yml:173: update your workflow using https://app.stepsecurity.io/secureworkflow/grafana/grafana/detect-breaking-changes-levitate.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/detect-breaking-changes-levitate.yml:192: update your workflow using https://app.stepsecurity.io/secureworkflow/grafana/grafana/detect-breaking-changes-levitate.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/detect-breaking-changes-levitate.yml:195: update your workflow using https://app.stepsecurity.io/secureworkflow/grafana/grafana/detect-breaking-changes-levitate.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/detect-breaking-changes-levitate.yml:200: update your workflow using https://app.stepsecurity.io/secureworkflow/grafana/grafana/detect-breaking-changes-levitate.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/detect-breaking-changes-levitate.yml:211: update your workflow using https://app.stepsecurity.io/secureworkflow/grafana/grafana/detect-breaking-changes-levitate.yml/main?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/detect-breaking-changes-levitate.yml:241: update your workflow using https://app.stepsecurity.io/secureworkflow/grafana/grafana/detect-breaking-changes-levitate.yml/main?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/detect-breaking-changes-levitate.yml:258: update your workflow using https://app.stepsecurity.io/secureworkflow/grafana/grafana/detect-breaking-changes-levitate.yml/main?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/detect-breaking-changes-levitate.yml:268: update your workflow using https://app.stepsecurity.io/secureworkflow/grafana/grafana/detect-breaking-changes-levitate.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/detect-breaking-changes-levitate.yml:304: update your workflow using https://app.stepsecurity.io/secureworkflow/grafana/grafana/detect-breaking-changes-levitate.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/detect-breaking-changes-levitate.yml:320: update your workflow using https://app.stepsecurity.io/secureworkflow/grafana/grafana/detect-breaking-changes-levitate.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/detect-breaking-changes-levitate.yml:338: update your workflow using https://app.stepsecurity.io/secureworkflow/grafana/grafana/detect-breaking-changes-levitate.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/detect-breaking-changes-levitate.yml:355: update your workflow using https://app.stepsecurity.io/secureworkflow/grafana/grafana/detect-breaking-changes-levitate.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/doc-validator.yml:18: update your workflow using https://app.stepsecurity.io/secureworkflow/grafana/grafana/doc-validator.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ephemeral-instances-pr-comment.yml:44: update your workflow using https://app.stepsecurity.io/secureworkflow/grafana/grafana/ephemeral-instances-pr-comment.yml/main?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/github-release.yml:43: update your workflow using https://app.stepsecurity.io/secureworkflow/grafana/grafana/github-release.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/go_lint.yml:19: update your workflow using https://app.stepsecurity.io/secureworkflow/grafana/grafana/go_lint.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/go_lint.yml:20: update your workflow using https://app.stepsecurity.io/secureworkflow/grafana/grafana/go_lint.yml/main?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/go_lint.yml:26: update your workflow using https://app.stepsecurity.io/secureworkflow/grafana/grafana/go_lint.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/i18n-crowdin-download.yml:24: update your workflow using https://app.stepsecurity.io/secureworkflow/grafana/grafana/i18n-crowdin-download.yml/main?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/i18n-crowdin-download.yml:31: update your workflow using https://app.stepsecurity.io/secureworkflow/grafana/grafana/i18n-crowdin-download.yml/main?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/i18n-crowdin-download.yml:80: update your workflow using https://app.stepsecurity.io/secureworkflow/grafana/grafana/i18n-crowdin-download.yml/main?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/i18n-crowdin-download.yml:100: update your workflow using https://app.stepsecurity.io/secureworkflow/grafana/grafana/i18n-crowdin-download.yml/main?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/i18n-crowdin-download.yml:117: update your workflow using https://app.stepsecurity.io/secureworkflow/grafana/grafana/i18n-crowdin-download.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/i18n-crowdin-upload.yml:17: update your workflow using https://app.stepsecurity.io/secureworkflow/grafana/grafana/i18n-crowdin-upload.yml/main?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/i18n-crowdin-upload.yml:20: update your workflow using https://app.stepsecurity.io/secureworkflow/grafana/grafana/i18n-crowdin-upload.yml/main?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/issue-labeled.yml:56: update your workflow using https://app.stepsecurity.io/secureworkflow/grafana/grafana/issue-labeled.yml/main?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/issue-labeled.yml:89: update your workflow using https://app.stepsecurity.io/secureworkflow/grafana/grafana/issue-labeled.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/issue-opened.yml:24: update your workflow using https://app.stepsecurity.io/secureworkflow/grafana/grafana/issue-opened.yml/main?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/issue-opened.yml:40: update your workflow using https://app.stepsecurity.io/secureworkflow/grafana/grafana/issue-opened.yml/main?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/issue-opened.yml:69: update your workflow using https://app.stepsecurity.io/secureworkflow/grafana/grafana/issue-opened.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/issue-opened.yml:86: update your workflow using https://app.stepsecurity.io/secureworkflow/grafana/grafana/issue-opened.yml/main?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/issue-opened.yml:109: update your workflow using https://app.stepsecurity.io/secureworkflow/grafana/grafana/issue-opened.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/metrics-collector.yml:38: update your workflow using https://app.stepsecurity.io/secureworkflow/grafana/grafana/metrics-collector.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/pr-checks.yml:34: update your workflow using https://app.stepsecurity.io/secureworkflow/grafana/grafana/pr-checks.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/pr-codeql-analysis-go.yml:29: update your workflow using https://app.stepsecurity.io/secureworkflow/grafana/grafana/pr-codeql-analysis-go.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/pr-codeql-analysis-go.yml:37: update your workflow using https://app.stepsecurity.io/secureworkflow/grafana/grafana/pr-codeql-analysis-go.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/pr-codeql-analysis-go.yml:43: update your workflow using https://app.stepsecurity.io/secureworkflow/grafana/grafana/pr-codeql-analysis-go.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/pr-codeql-analysis-go.yml:53: update your workflow using https://app.stepsecurity.io/secureworkflow/grafana/grafana/pr-codeql-analysis-go.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/pr-codeql-analysis-javascript.yml:23: update your workflow using https://app.stepsecurity.io/secureworkflow/grafana/grafana/pr-codeql-analysis-javascript.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/pr-codeql-analysis-javascript.yml:31: update your workflow using https://app.stepsecurity.io/secureworkflow/grafana/grafana/pr-codeql-analysis-javascript.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/pr-codeql-analysis-javascript.yml:36: update your workflow using https://app.stepsecurity.io/secureworkflow/grafana/grafana/pr-codeql-analysis-javascript.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/pr-codeql-analysis-python.yml:21: update your workflow using https://app.stepsecurity.io/secureworkflow/grafana/grafana/pr-codeql-analysis-python.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/pr-codeql-analysis-python.yml:29: update your workflow using https://app.stepsecurity.io/secureworkflow/grafana/grafana/pr-codeql-analysis-python.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/pr-codeql-analysis-python.yml:34: update your workflow using https://app.stepsecurity.io/secureworkflow/grafana/grafana/pr-codeql-analysis-python.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/pr-commands.yml:33: update your workflow using https://app.stepsecurity.io/secureworkflow/grafana/grafana/pr-commands.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/pr-dependabot-update-go-workspace.yml:23: update your workflow using https://app.stepsecurity.io/secureworkflow/grafana/grafana/pr-dependabot-update-go-workspace.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/pr-dependabot-update-go-workspace.yml:29: update your workflow using https://app.stepsecurity.io/secureworkflow/grafana/grafana/pr-dependabot-update-go-workspace.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/pr-go-workspace-check.yml:24: update your workflow using https://app.stepsecurity.io/secureworkflow/grafana/grafana/pr-go-workspace-check.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/pr-go-workspace-check.yml:27: update your workflow using https://app.stepsecurity.io/secureworkflow/grafana/grafana/pr-go-workspace-check.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/pr-k8s-codegen-check.yml:21: update your workflow using https://app.stepsecurity.io/secureworkflow/grafana/grafana/pr-k8s-codegen-check.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/pr-k8s-codegen-check.yml:24: update your workflow using https://app.stepsecurity.io/secureworkflow/grafana/grafana/pr-k8s-codegen-check.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/publish-kinds-next.yml:32: update your workflow using https://app.stepsecurity.io/secureworkflow/grafana/grafana/publish-kinds-next.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/publish-kinds-next.yml:37: update your workflow using https://app.stepsecurity.io/secureworkflow/grafana/grafana/publish-kinds-next.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/publish-kinds-release.yml:34: update your workflow using https://app.stepsecurity.io/secureworkflow/grafana/grafana/publish-kinds-release.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/publish-kinds-release.yml:40: update your workflow using https://app.stepsecurity.io/secureworkflow/grafana/grafana/publish-kinds-release.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/publish-kinds-release.yml:48: update your workflow using https://app.stepsecurity.io/secureworkflow/grafana/grafana/publish-kinds-release.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/publish-technical-documentation-next.yml:18: update your workflow using https://app.stepsecurity.io/secureworkflow/grafana/grafana/publish-technical-documentation-next.yml/main?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/publish-technical-documentation-next.yml:19: update your workflow using https://app.stepsecurity.io/secureworkflow/grafana/grafana/publish-technical-documentation-next.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/publish-technical-documentation-release.yml:20: update your workflow using https://app.stepsecurity.io/secureworkflow/grafana/grafana/publish-technical-documentation-release.yml/main?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/publish-technical-documentation-release.yml:23: update your workflow using https://app.stepsecurity.io/secureworkflow/grafana/grafana/publish-technical-documentation-release.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release-pr.yml:65: update your workflow using https://app.stepsecurity.io/secureworkflow/grafana/grafana/release-pr.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release-pr.yml:71: update your workflow using https://app.stepsecurity.io/secureworkflow/grafana/grafana/release-pr.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release-pr.yml:78: update your workflow using https://app.stepsecurity.io/secureworkflow/grafana/grafana/release-pr.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/remove-milestone.yml:37: update your workflow using https://app.stepsecurity.io/secureworkflow/grafana/grafana/remove-milestone.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/sbom-report.yml:14: update your workflow using https://app.stepsecurity.io/secureworkflow/grafana/grafana/sbom-report.yml/main?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/sbom-report.yml:17: update your workflow using https://app.stepsecurity.io/secureworkflow/grafana/grafana/sbom-report.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/stale.yml:14: update your workflow using https://app.stepsecurity.io/secureworkflow/grafana/grafana/stale.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/trivy-scan.yml:19: update your workflow using https://app.stepsecurity.io/secureworkflow/grafana/grafana/trivy-scan.yml/main?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/trivy-scan.yml:21: update your workflow using https://app.stepsecurity.io/secureworkflow/grafana/grafana/trivy-scan.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/trivy-scan.yml:62: update your workflow using https://app.stepsecurity.io/secureworkflow/grafana/grafana/trivy-scan.yml/main?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/update-changelog.yml:44: update your workflow using https://app.stepsecurity.io/secureworkflow/grafana/grafana/update-changelog.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/update-make-docs.yml:11: update your workflow using https://app.stepsecurity.io/secureworkflow/grafana/grafana/update-make-docs.yml/main?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/update-make-docs.yml:12: update your workflow using https://app.stepsecurity.io/secureworkflow/grafana/grafana/update-make-docs.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/verify-kinds.yml:14: update your workflow using https://app.stepsecurity.io/secureworkflow/grafana/grafana/verify-kinds.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/verify-kinds.yml:19: update your workflow using https://app.stepsecurity.io/secureworkflow/grafana/grafana/verify-kinds.yml/main?enable=pin
- Warn: containerImage not pinned by hash: Dockerfile:11
- Warn: containerImage not pinned by hash: Dockerfile:36
- Warn: containerImage not pinned by hash: Dockerfile:95
- Warn: containerImage not pinned by hash: Dockerfile:107
- Warn: containerImage not pinned by hash: Dockerfile:108
- Warn: containerImage not pinned by hash: Dockerfile:111
- Warn: containerImage not pinned by hash: devenv/docker/blocks/alert_webhook_listener/Dockerfile:2: pin your Docker image by updating golang:latest to golang:latest@sha256:73f06be4578c9987ce560087e2e2ea6485fb605e3910542cadd8fa09fc5f3e31
- Warn: containerImage not pinned by hash: devenv/docker/blocks/auth/apache_proxy/Dockerfile:1: pin your Docker image by updating jmferrer/apache2-reverse-proxy:latest to jmferrer/apache2-reverse-proxy:latest@sha256:cd958b3505d180aa6f8b8491be8a9abdd1d8b0fdd2c1b382912f5d52a0df9d83
- Warn: containerImage not pinned by hash: devenv/docker/blocks/auth/apache_proxy_mac/Dockerfile:1: pin your Docker image by updating jmferrer/apache2-reverse-proxy:latest to jmferrer/apache2-reverse-proxy:latest@sha256:cd958b3505d180aa6f8b8491be8a9abdd1d8b0fdd2c1b382912f5d52a0df9d83
- Warn: containerImage not pinned by hash: devenv/docker/blocks/auth/nginx_proxy_mac/Dockerfile:1: pin your Docker image by updating nginx:1.19.3-alpine to nginx:1.19.3-alpine@sha256:5aa44b407756b274a600c7399418bdfb1d02c33317ae27fd5e8a333afb115db1
- Warn: containerImage not pinned by hash: devenv/docker/blocks/auth/prometheus_basic_auth_proxy/Dockerfile:1: pin your Docker image by updating nginx:1.19.3-alpine to nginx:1.19.3-alpine@sha256:5aa44b407756b274a600c7399418bdfb1d02c33317ae27fd5e8a333afb115db1
- Warn: containerImage not pinned by hash: devenv/docker/blocks/caddy_tls/build/Dockerfile:1: pin your Docker image by updating caddy:2.8.4-alpine to caddy:2.8.4-alpine@sha256:e97e0e3f8f51be708a9d5fadbbd75e3398c22fc0eecd4b26d48561e3f7daa9eb
- Warn: containerImage not pinned by hash: devenv/docker/blocks/collectd/Dockerfile:1: pin your Docker image by updating ubuntu:xenial to ubuntu:xenial@sha256:1f1a2d56de1d604801a9671f301190704c25d604a416f59e03c04f5c6ffee0d6
- Warn: containerImage not pinned by hash: devenv/docker/blocks/elastic/data/Dockerfile:1: pin your Docker image by updating node:16-alpine to node:16-alpine@sha256:a1f9d027912b58a7c75be7716c97cfbc6d3099f3a97ed84aa490be9dee20e787
- Warn: containerImage not pinned by hash: devenv/docker/blocks/loki/data/Dockerfile:1: pin your Docker image by updating node:18-alpine to node:18-alpine@sha256:7e43a2d633d91e8655a6c0f45d2ed987aa4930f0792f6d9dd3bffc7496e44882
- Warn: containerImage not pinned by hash: devenv/docker/blocks/mqtt/build/Dockerfile:1: pin your Docker image by updating emqx/nanomq:0.21.11-full to emqx/nanomq:0.21.11-full@sha256:98db3f914a8448419ae71a581ab46b6092081fd718188ec48e85c976fb1af605
- Warn: containerImage not pinned by hash: devenv/docker/blocks/mssql/build/Dockerfile:1: pin your Docker image by updating mcr.microsoft.com/mssql/server:2019-CU8-ubuntu-18.04 to mcr.microsoft.com/mssql/server:2019-CU8-ubuntu-18.04@sha256:bf3cc5fb2abfd327c6eeaf2a021869077298511eb6ded5fabd9a1e39ebff7c30
- Warn: containerImage not pinned by hash: devenv/docker/blocks/mssql_arm64/build/Dockerfile:1: pin your Docker image by updating mcr.microsoft.com/azure-sql-edge:1.0.4 to mcr.microsoft.com/azure-sql-edge:1.0.4@sha256:209a502ac7d35a8e9d5ae777bca874930950a6bf0ec4915acf23390321c576e9
- Warn: containerImage not pinned by hash: devenv/docker/blocks/mssql_tls/build/Dockerfile:1: pin your Docker image by updating mcr.microsoft.com/mssql/server:2019-CU8-ubuntu-18.04 to mcr.microsoft.com/mssql/server:2019-CU8-ubuntu-18.04@sha256:bf3cc5fb2abfd327c6eeaf2a021869077298511eb6ded5fabd9a1e39ebff7c30
- Warn: containerImage not pinned by hash: devenv/docker/blocks/mysql_opendata/Dockerfile:3: pin your Docker image by updating mysql:latest to mysql:latest@sha256:2e6739055511aed759dac119b0e41cf2fd44530d5568a1c8f7cbdba5fa9a4fef
- Warn: containerImage not pinned by hash: devenv/docker/blocks/mysql_tests/Dockerfile:2
- Warn: containerImage not pinned by hash: devenv/docker/blocks/postgres_tests/Dockerfile:2
- Warn: containerImage not pinned by hash: devenv/docker/blocks/prometheus/Dockerfile:1: pin your Docker image by updating prom/prometheus:latest to prom/prometheus:latest@sha256:3b9b2a15d376334da8c286d995777d3b9315aa666d2311170ada6059a517b74f
- Warn: containerImage not pinned by hash: devenv/docker/blocks/prometheus_high_card/Dockerfile:1
- Warn: containerImage not pinned by hash: devenv/docker/blocks/prometheus_random_data/Dockerfile:4
- Warn: containerImage not pinned by hash: devenv/docker/blocks/slow_proxy/Dockerfile:1
- Warn: containerImage not pinned by hash: devenv/docker/blocks/smtp/Dockerfile:1: pin your Docker image by updating centos:centos7 to centos:centos7@sha256:be65f488b7764ad3638f236b7b515b3678369a5124c47b8d32916d6487418ea4
- Warn: containerImage not pinned by hash: devenv/docker/buildcontainer/Dockerfile:1: pin your Docker image by updating centos:6.6 to centos:6.6@sha256:32b80b90ba17ed16e9fa3430a49f53ff6de0d4c76ad8631717a1373d5921fa26
- Warn: containerImage not pinned by hash: devenv/docker/debtest/Dockerfile:1: pin your Docker image by updating debian:jessie to debian:jessie@sha256:32ad5050caffb2c7e969dac873bce2c370015c2256ff984b70c1c08b3a2816a0
- Warn: containerImage not pinned by hash: devenv/docker/ha-test-unified-alerting/Dockerfile:1: pin your Docker image by updating golang:1.19 to golang:1.19@sha256:3025bf670b8363ec9f1b4c4f27348e6d9b7fec607c47e401e40df816853e743a
- Warn: containerImage not pinned by hash: packaging/docker/custom/Dockerfile:3
- Warn: containerImage not pinned by hash: scripts/build/ci-deploy/Dockerfile:1: pin your Docker image by updating debian:testing-20210111-slim to debian:testing-20210111-slim@sha256:44be123bee11a02b547e243f7610a40f1c2e240ccdc451bbe40084609e645155
- Warn: containerImage not pinned by hash: scripts/build/ci-deploy/Dockerfile:22: pin your Docker image by updating debian:testing-20210111-slim to debian:testing-20210111-slim@sha256:44be123bee11a02b547e243f7610a40f1c2e240ccdc451bbe40084609e645155
- Warn: containerImage not pinned by hash: scripts/build/ci-e2e/Dockerfile:1: pin your Docker image by updating node:12.19.0-buster-slim to node:12.19.0-buster-slim@sha256:abbfaad7758de248460d764e3b7177b2d0abc8c1b26c2895dec8afad999c01c8
- Warn: containerImage not pinned by hash: scripts/build/ci-msi-build/Dockerfile:1: pin your Docker image by updating grafana/wix-toolset-ci:v3 to grafana/wix-toolset-ci:v3@sha256:7535b5c91d7c50adcae1ad49d95c629e8e3b9fe78e0d0c6f39195d0df44d274b
- Warn: containerImage not pinned by hash: scripts/build/ci-windows-test/Dockerfile:1: pin your Docker image by updating golang:1.20.3-windowsservercore-1809 to golang:1.20.3-windowsservercore-1809@sha256:58cbb01a9046bb5142d9497cf723ee0f36638f03452fc926caab7632ec93618f
- Warn: containerImage not pinned by hash: scripts/build/ci-wix/Dockerfile:2: pin your Docker image by updating mcr.microsoft.com/windows:1809 to mcr.microsoft.com/windows:1809@sha256:f094d64198b7afa93f643b49f6dbe47d81ef7e2d6e83241d1cd99768490acf19
- Warn: containerImage not pinned by hash: scripts/verify-repo-update/Dockerfile.deb:1: pin your Docker image by updating ubuntu:22.04 to ubuntu:22.04@sha256:0e5e4a57c2499249aafc3b40fcd541e9a456aab7296681a3994d631587203f97
- Warn: containerImage not pinned by hash: scripts/verify-repo-update/Dockerfile.rpm:1: pin your Docker image by updating centos:7 to centos:7@sha256:be65f488b7764ad3638f236b7b515b3678369a5124c47b8d32916d6487418ea4
- Warn: goCommand not pinned by hash: Dockerfile:72-75
- Warn: pipCommand not pinned by hash: devenv/docker/blocks/collectd/Dockerfile:13
- Warn: pipCommand not pinned by hash: scripts/build/ci-deploy/Dockerfile:43-56
- Warn: chocoCommand not pinned by hash: scripts/build/ci-windows-test/Dockerfile:6
- Warn: goCommand not pinned by hash: pkg/build/wire/internal/check_api_change.sh:43
- Warn: downloadThenRun not pinned by hash: pkg/build/wire/internal/runtests.sh:31
- Warn: goCommand not pinned by hash: scripts/mixin-check.sh:5
- Warn: goCommand not pinned by hash: scripts/mixin-check.sh:6
- Warn: npmCommand not pinned by hash: .github/workflows/backport.yml:21
- Warn: npmCommand not pinned by hash: .github/workflows/close-milestone.yml:28
- Warn: npmCommand not pinned by hash: .github/workflows/commands.yml:63
- Warn: goCommand not pinned by hash: .github/workflows/core-plugins-build-and-release.yml:108
- Warn: npmCommand not pinned by hash: .github/workflows/issue-opened.yml:32
- Warn: npmCommand not pinned by hash: .github/workflows/metrics-collector.yml:45
- Warn: npmCommand not pinned by hash: .github/workflows/pr-checks.yml:41
- Warn: npmCommand not pinned by hash: .github/workflows/pr-commands.yml:40
- Warn: npmCommand not pinned by hash: .github/workflows/publish-kinds-release.yml:55
- Warn: npmCommand not pinned by hash: .github/workflows/remove-milestone.yml:44
- Info: 0 out of 83 GitHub-owned GitHubAction dependencies pinned
- Info: 19 out of 51 third-party GitHubAction dependencies pinned
- Info: 1 out of 6 goCommand dependencies pinned
- Info: 0 out of 2 pipCommand dependencies pinned
- Info: 0 out of 1 chocoCommand dependencies pinned
- Info: 0 out of 1 downloadThenRun dependencies pinned
- Info: 0 out of 9 npmCommand dependencies pinned
- Info: 0 out of 39 containerImage dependencies pinned
Reason
dangerous workflow patterns detected
Details
- Warn: script injection with untrusted input ' github.head_ref ': .github/workflows/release-comms.yml:42
Reason
detected GitHub workflow tokens with excessive permissions
Details
- Warn: jobLevel 'contents' permission set to 'write': .github/workflows/changelog.yml:62
- Info: jobLevel 'contents' permission set to 'read': .github/workflows/detect-breaking-changes-levitate.yml:122
- Warn: jobLevel 'contents' permission set to 'write': .github/workflows/i18n-crowdin-download.yml:13
- Info: jobLevel 'contents' permission set to 'read': .github/workflows/publish-technical-documentation-next.yml:14
- Info: jobLevel 'contents' permission set to 'read': .github/workflows/publish-technical-documentation-release.yml:16
- Warn: no topLevel permission defined: .github/workflows/alerting-swagger-gen.yml:1
- Warn: topLevel 'contents' permission set to 'write': .github/workflows/auto-milestone.yml:12
- Warn: no topLevel permission defined: .github/workflows/backport.yml:1
- Warn: no topLevel permission defined: .github/workflows/bump-version.yml:1
- Warn: topLevel 'contents' permission set to 'write': .github/workflows/changelog.yml:55
- Warn: no topLevel permission defined: .github/workflows/close-milestone.yml:1
- Warn: no topLevel permission defined: .github/workflows/codeowners-validator.yml:1
- Warn: topLevel 'security-events' permission set to 'write': .github/workflows/codeql-analysis.yml:22
- Info: topLevel 'contents' permission set to 'read': .github/workflows/commands.yml:16
- Info: topLevel 'contents' permission set to 'read': .github/workflows/community-release.yml:32
- Info: topLevel 'contents' permission set to 'read': .github/workflows/core-plugins-build-and-release.yml:31
- Warn: no topLevel permission defined: .github/workflows/create-security-patch-from-security-mirror.yml:1
- Info: topLevel 'contents' permission set to 'read': .github/workflows/dashboards-issue-add-label.yml:7
- Info: topLevel 'contents' permission set to 'read': .github/workflows/detect-breaking-changes-levitate.yml:10
- Warn: no topLevel permission defined: .github/workflows/doc-validator.yml:1
- Warn: no topLevel permission defined: .github/workflows/ephemeral-instances-pr-comment.yml:1
- Warn: no topLevel permission defined: .github/workflows/epic-add-to-platform-ux-parent-project.yml:1
- Warn: topLevel 'contents' permission set to 'write': .github/workflows/github-release.yml:36
- Info: topLevel 'contents' permission set to 'read': .github/workflows/go_lint.yml:13
- Warn: no topLevel permission defined: .github/workflows/i18n-crowdin-download.yml:1
- Warn: no topLevel permission defined: .github/workflows/i18n-crowdin-upload.yml:1
- Warn: no topLevel permission defined: .github/workflows/issue-labeled.yml:1
- Info: topLevel 'contents' permission set to 'read': .github/workflows/issue-opened.yml:14
- Warn: no topLevel permission defined: .github/workflows/metrics-collector.yml:1
- Warn: no topLevel permission defined: .github/workflows/milestone.yml:1
- Warn: topLevel 'statuses' permission set to 'write': .github/workflows/pr-checks.yml:22
- Warn: topLevel 'checks' permission set to 'write': .github/workflows/pr-checks.yml:23
- Warn: topLevel 'actions' permission set to 'write': .github/workflows/pr-checks.yml:24
- Info: topLevel 'contents' permission set to 'read': .github/workflows/pr-checks.yml:25
- Info: topLevel 'pull-requests' permission set to 'read': .github/workflows/pr-checks.yml:26
- Warn: topLevel 'security-events' permission set to 'write': .github/workflows/pr-codeql-analysis-go.yml:11
- Warn: topLevel 'security-events' permission set to 'write': .github/workflows/pr-codeql-analysis-javascript.yml:13
- Warn: topLevel 'security-events' permission set to 'write': .github/workflows/pr-codeql-analysis-python.yml:11
- Warn: no topLevel permission defined: .github/workflows/pr-commands.yml:1
- Warn: topLevel 'contents' permission set to 'write': .github/workflows/pr-dependabot-update-go-workspace.yml:15
- Warn: no topLevel permission defined: .github/workflows/pr-go-workspace-check.yml:1
- Warn: no topLevel permission defined: .github/workflows/pr-k8s-codegen-check.yml:1
- Warn: no topLevel permission defined: .github/workflows/pr-patch-check.yml:1
- Warn: no topLevel permission defined: .github/workflows/publish-kinds-next.yml:1
- Warn: no topLevel permission defined: .github/workflows/publish-kinds-release.yml:1
- Warn: no topLevel permission defined: .github/workflows/publish-technical-documentation-next.yml:1
- Warn: no topLevel permission defined: .github/workflows/publish-technical-documentation-release.yml:1
- Warn: no topLevel permission defined: .github/workflows/release-comms.yml:1
- Warn: topLevel 'contents' permission set to 'write': .github/workflows/release-pr.yml:37
- Warn: no topLevel permission defined: .github/workflows/remove-milestone.yml:1
- Warn: no topLevel permission defined: .github/workflows/sbom-report.yml:1
- Warn: no topLevel permission defined: .github/workflows/sync-mirror.yml:1
- Warn: no topLevel permission defined: .github/workflows/trivy-scan.yml:1
- Warn: no topLevel permission defined: .github/workflows/update-changelog.yml:1
- Warn: no topLevel permission defined: .github/workflows/update-make-docs.yml:1
- Warn: no topLevel permission defined: .github/workflows/verify-kinds.yml:1
Reason
project is not fuzzed
Details
- Warn: no fuzzer integrations found
Reason
19 existing vulnerabilities detected
Details
- Warn: Project is vulnerable to: GO-2024-3005
- Warn: Project is vulnerable to: GO-2024-2920 / GHSA-2hmf-46v7-v6fx
- Warn: Project is vulnerable to: GO-2022-0470
- Warn: Project is vulnerable to: PYSEC-2019-217 / GHSA-462w-v97r-4m45
- Warn: Project is vulnerable to: PYSEC-2021-66 / GHSA-g3rq-g295-4j3m
- Warn: Project is vulnerable to: GHSA-h5c8-rqwp-cp95
- Warn: Project is vulnerable to: GHSA-h75v-3vvj-5mfj
- Warn: Project is vulnerable to: GHSA-7q7g-4xm8-89cq
- Warn: Project is vulnerable to: GHSA-2qqx-w9hr-q5gx
- Warn: Project is vulnerable to: GHSA-2vrf-hf26-jrp5
- Warn: Project is vulnerable to: GHSA-4w4v-5hc9-xrr2
- Warn: Project is vulnerable to: GHSA-m2h2-264f-f486
- Warn: Project is vulnerable to: GHSA-m9gf-397r-hwpg
- Warn: Project is vulnerable to: GHSA-mqm9-c95h-x2p6
- Warn: Project is vulnerable to: GHSA-prc3-vjfx-vhm9
- Warn: Project is vulnerable to: GHSA-qwqh-hm9m-p5hr
- Warn: Project is vulnerable to: GHSA-pxg6-pf52-xh8x
- Warn: Project is vulnerable to: GHSA-3xgq-45jj-v275
- Warn: Project is vulnerable to: GHSA-4wx3-54gh-9fr9
Score
4.2
/10
Last Scanned on 2024-11-18
The Open Source Security Foundation is a cross-industry collaboration to improve the security of open source software (OSS). The Scorecard provides security health metrics for open source projects.
Learn More