Reason

0 existing vulnerabilities detected

Reason

no binaries found in the repo

Reason

license file detected

Details

• Info: project has a license file: LICENSE.txt:0
• Warn: project license file does not contain an FSF or OSI license.

Reason

security policy file detected

Details

• Info: security policy file detected: github.com/hyperledger/.github/SECURITY.md:1
• Info: Found linked content: github.com/hyperledger/.github/SECURITY.md:1
• Warn: One or no descriptive hints of disclosure, vulnerability, and/or timelines in security policy
• Info: Found text in security policy: github.com/hyperledger/.github/SECURITY.md:1

Reason

badge detected: Passing

Reason

project is archived

Details

• Warn: Repository is archived.

Reason

Found 0/30 approved changesets -- score normalized to 0

Reason

no SAST tool detected

Details

• Warn: no pull requests merged into dev branch

Reason

branch protection not enabled on development/release branches

Details

• Warn: branch protection not enabled for branch 'main'

Reason

project is not fuzzed

Details

• Warn: no fuzzer integrations found

Reason

dependency not pinned by hash detected -- score normalized to 0

Details

• Warn: containerImage not pinned by hash: packages/composer-cli/docker/Dockerfile:16: pin your Docker image by updating node:8.15.1-alpine to node:8.15.1-alpine@sha256:8e9987a6d91d783c56980f1bd4b23b4c05f9f6076d513d6350fef8fe09ed01fd
• Warn: containerImage not pinned by hash: packages/composer-cli/docker/Dockerfile.ppc64le:15: pin your Docker image by updating ppc64le/node:8-alpine to ppc64le/node:8-alpine@sha256:5f512d81081223cca8c123237c4e6ececefe60a48b557ee0238210c3f40ac4a7
• Warn: containerImage not pinned by hash: packages/composer-playground/docker/Dockerfile:14: pin your Docker image by updating node:8.15.1-alpine to node:8.15.1-alpine@sha256:8e9987a6d91d783c56980f1bd4b23b4c05f9f6076d513d6350fef8fe09ed01fd
• Warn: containerImage not pinned by hash: packages/composer-playground/docker/Dockerfile.ppc64le:13: pin your Docker image by updating ppc64le/node:8-alpine to ppc64le/node:8-alpine@sha256:5f512d81081223cca8c123237c4e6ececefe60a48b557ee0238210c3f40ac4a7
• Warn: containerImage not pinned by hash: packages/composer-rest-server/docker/Dockerfile:14: pin your Docker image by updating node:8.15.1-alpine to node:8.15.1-alpine@sha256:8e9987a6d91d783c56980f1bd4b23b4c05f9f6076d513d6350fef8fe09ed01fd
• Warn: containerImage not pinned by hash: packages/composer-rest-server/docker/Dockerfile.ppc64le:13: pin your Docker image by updating ppc64le/node:8-alpine to ppc64le/node:8-alpine@sha256:5f512d81081223cca8c123237c4e6ececefe60a48b557ee0238210c3f40ac4a7
• Warn: containerImage not pinned by hash: packages/generator-hyperledger-composer/generators/angular/templates/Dockerfile:15
• Warn: containerImage not pinned by hash: packages/generator-hyperledger-composer/generators/angular/templates/Dockerfile:27: pin your Docker image by updating node:8-alpine to node:8-alpine@sha256:38f7bf07ffd72ac612ec8c829cb20ad416518dbb679768d7733c93175453f4d4
• Warn: npmCommand not pinned by hash: packages/composer-cli/docker/Dockerfile.ppc64le:24-25
• Warn: npmCommand not pinned by hash: packages/composer-playground/docker/Dockerfile.ppc64le:22-23
• Warn: npmCommand not pinned by hash: packages/composer-rest-server/docker/Dockerfile.ppc64le:22-23
• Warn: npmCommand not pinned by hash: packages/generator-hyperledger-composer/generators/angular/templates/Dockerfile:20-23
• Warn: npmCommand not pinned by hash: packages/generator-hyperledger-composer/generators/angular/templates/Dockerfile:32-36
• Warn: npmCommand not pinned by hash: packages/generator-hyperledger-composer/generators/angular/templates/Dockerfile:32-36
• Warn: pipCommand not pinned by hash: .travis/before-install.sh:35
• Warn: npmCommand not pinned by hash: .travis/before-install.sh:37
• Warn: downloadThenRun not pinned by hash: packages/composer-website/jekylldocs/prereqs-ubuntu.sh:61
• Info: 0 out of 1 pipCommand dependencies pinned
• Info: 0 out of 1 downloadThenRun dependencies pinned
• Info: 0 out of 8 containerImage dependencies pinned
• Info: 0 out of 7 npmCommand dependencies pinned