Reason

no binaries found in the repo

Reason

12 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 10

Reason

license file detected

Details

• Info: project has a license file: LICENSE:0
• Info: FSF or OSI recognized license: ISC License: LICENSE:0

Reason

security policy file detected

Details

• Info: security policy file detected: github.com/mapbox/.github/SECURITY.md:1
• Info: Found linked content: github.com/mapbox/.github/SECURITY.md:1
• Info: Found disclosure, vulnerability, and/or timelines in security policy: github.com/mapbox/.github/SECURITY.md:1
• Info: Found text in security policy: github.com/mapbox/.github/SECURITY.md:1

Reason

Found 6/8 approved changesets -- score normalized to 7

Reason

SAST tool is not run on all commits -- score normalized to 7

Details

• Warn: 21 commits out of 29 are checked with a SAST tool

Reason

branch protection is not maximal on development and all release branches

Details

• Warn: branch protection not enabled for branch 'release-v4.0.0-beta.0'
• Info: 'allow deletion' disabled on branch 'main'
• Info: 'force pushes' disabled on branch 'main'
• Warn: 'branch protection settings apply to administrators' is disabled on branch 'main'
• Warn: 'stale review dismissal' is disabled on branch 'main'
• Warn: required approving review count is 1 on branch 'main'
• Warn: codeowners review is not required on branch 'main'
• Warn: 'last push approval' is disabled on branch 'main'
• Warn: no status checks found to merge onto branch 'main'
• Info: PRs are required in order to make changes on branch 'main'

Reason

no effort to earn an OpenSSF best practices badge detected

Reason

project is not fuzzed

Details

• Warn: no fuzzer integrations found

Reason

40 existing vulnerabilities detected

Details

• Warn: Project is vulnerable to: GHSA-v88g-cgmw-v5xw
• Warn: Project is vulnerable to: GHSA-93q8-gq69-wqmw
• Warn: Project is vulnerable to: GHSA-4w2v-q235-vp99
• Warn: Project is vulnerable to: GHSA-cph5-m8f7-6c5x
• Warn: Project is vulnerable to: GHSA-wf5p-g6vw-rhxx
• Warn: Project is vulnerable to: GHSA-pp7h-53gx-mx7r
• Warn: Project is vulnerable to: GHSA-grv7-fg5c-xmjg
• Warn: Project is vulnerable to: GHSA-x9w5-v3q2-3rhw
• Warn: Project is vulnerable to: GHSA-3xgq-45jj-v275
• Warn: Project is vulnerable to: GHSA-gxpj-cx7g-858c
• Warn: Project is vulnerable to: GHSA-434g-2637-qmqr
• Warn: Project is vulnerable to: GHSA-49q7-c7j4-3p7m
• Warn: Project is vulnerable to: GHSA-977x-g7h5-7qgw
• Warn: Project is vulnerable to: GHSA-f7q4-pwc6-w24p
• Warn: Project is vulnerable to: GHSA-fc9h-whq2-v747
• Warn: Project is vulnerable to: GHSA-4gmj-3p3h-gm8h
• Warn: Project is vulnerable to: GHSA-74fj-2j2h-c42q
• Warn: Project is vulnerable to: GHSA-pw2r-vq6v-hr8c
• Warn: Project is vulnerable to: GHSA-jchw-25xp-jwwc
• Warn: Project is vulnerable to: GHSA-cxjh-pqwp-8mfp
• Warn: Project is vulnerable to: GHSA-44pw-h2cw-w3vq
• Warn: Project is vulnerable to: GHSA-c429-5p7v-vgjp
• Warn: Project is vulnerable to: GHSA-896r-f27r-55mw
• Warn: Project is vulnerable to: GHSA-952p-6rrq-rcjv
• Warn: Project is vulnerable to: GHSA-f8q6-p94x-37v3
• Warn: Project is vulnerable to: GHSA-vh95-rmgr-6w4m / GHSA-xvch-5gv4-984h
• Warn: Project is vulnerable to: GHSA-265q-28rp-chq5
• Warn: Project is vulnerable to: GHSA-9wv6-86v2-598j
• Warn: Project is vulnerable to: GHSA-7fh5-64p2-3v2j
• Warn: Project is vulnerable to: GHSA-p8p7-x288-28g6
• Warn: Project is vulnerable to: GHSA-c2qf-rxjj-qqgw
• Warn: Project is vulnerable to: GHSA-m6fv-jmcg-4jfg
• Warn: Project is vulnerable to: GHSA-cm22-4g7w-348p
• Warn: Project is vulnerable to: GHSA-c9g6-9335-x697
• Warn: Project is vulnerable to: GHSA-72xf-g2v4-qvf3
• Warn: Project is vulnerable to: GHSA-g3ch-rx76-35fx
• Warn: Project is vulnerable to: GHSA-j8xg-fqg3-53r7
• Warn: Project is vulnerable to: GHSA-3h5v-q93c-6h6q
• Warn: Project is vulnerable to: GHSA-f9xv-q969-pqx4
• Warn: Project is vulnerable to: GHSA-p9pc-299p-vxgp