Reason

no dangerous workflow patterns detected

Reason

no binaries found in the repo

Reason

license file detected

Details

• Info: project has a license file: LICENSE:0
• Info: FSF or OSI recognized license: Apache License 2.0: LICENSE:0

Reason

dependency not pinned by hash detected -- score normalized to 4

Details

• Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/github-ci.yml:16: update your workflow using https://app.stepsecurity.io/secureworkflow/vivekmore/generator-jhipster-nav-element/github-ci.yml/develop?enable=pin
• Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/github-ci.yml:17: update your workflow using https://app.stepsecurity.io/secureworkflow/vivekmore/generator-jhipster-nav-element/github-ci.yml/develop?enable=pin
• Warn: third-party GitHubAction not pinned by hash: .github/workflows/github-ci.yml:28: update your workflow using https://app.stepsecurity.io/secureworkflow/vivekmore/generator-jhipster-nav-element/github-ci.yml/develop?enable=pin
• Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/greetings.yml:9: update your workflow using https://app.stepsecurity.io/secureworkflow/vivekmore/generator-jhipster-nav-element/greetings.yml/develop?enable=pin
• Info: 0 out of 3 GitHub-owned GitHubAction dependencies pinned
• Info: 0 out of 1 third-party GitHubAction dependencies pinned
• Info: 1 out of 1 npmCommand dependencies pinned

Reason

0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0

Reason

Found 0/30 approved changesets -- score normalized to 0

Reason

detected GitHub workflow tokens with excessive permissions

Details

• Warn: no topLevel permission defined: .github/workflows/github-ci.yml:1
• Warn: no topLevel permission defined: .github/workflows/greetings.yml:1
• Info: no jobLevel write permissions found

Reason

no SAST tool detected

Details

• Warn: no pull requests merged into dev branch

Reason

no effort to earn an OpenSSF best practices badge detected

Reason

security policy file not detected

Details

• Warn: no security policy file detected
• Warn: no security file to analyze
• Warn: no security file to analyze
• Warn: no security file to analyze

Reason

project is not fuzzed

Details

• Warn: no fuzzer integrations found

Reason

branch protection not enabled on development/release branches

Details

• Warn: branch protection not enabled for branch 'develop'

Reason

27 existing vulnerabilities detected

Details

• Warn: Project is vulnerable to: GHSA-wf5p-g6vw-rhxx
• Warn: Project is vulnerable to: GHSA-grv7-fg5c-xmjg
• Warn: Project is vulnerable to: GHSA-3xgq-45jj-v275
• Warn: Project is vulnerable to: GHSA-phwq-j96m-2c2q
• Warn: Project is vulnerable to: GHSA-ghr5-ch3p-vcr6
• Warn: Project is vulnerable to: GHSA-jchw-25xp-jwwc
• Warn: Project is vulnerable to: GHSA-cxjh-pqwp-8mfp
• Warn: Project is vulnerable to: GHSA-qjmq-8hjr-qcv6
• Warn: Project is vulnerable to: GHSA-rc47-6667-2j5j
• Warn: Project is vulnerable to: GHSA-78xj-cgh5-2h22
• Warn: Project is vulnerable to: GHSA-2p57-rm9w-gvfp
• Warn: Project is vulnerable to: GHSA-9c47-m6qq-7p4h
• Warn: Project is vulnerable to: GHSA-952p-6rrq-rcjv
• Warn: Project is vulnerable to: GHSA-f8q6-p94x-37v3
• Warn: Project is vulnerable to: GHSA-9wv6-86v2-598j
• Warn: Project is vulnerable to: GHSA-p8p7-x288-28g6
• Warn: Project is vulnerable to: GHSA-c2qf-rxjj-qqgw
• Warn: Project is vulnerable to: GHSA-4rq4-32rv-6wp6
• Warn: Project is vulnerable to: GHSA-64g7-mvw6-v9qj
• Warn: Project is vulnerable to: GHSA-3f95-r44v-8mrg
• Warn: Project is vulnerable to: GHSA-28xr-mwxg-3qc8
• Warn: Project is vulnerable to: GHSA-9p95-fxvg-qgq2
• Warn: Project is vulnerable to: GHSA-9w5j-4mwv-2wj8
• Warn: Project is vulnerable to: GHSA-f5x3-32g6-xq36
• Warn: Project is vulnerable to: GHSA-72xf-g2v4-qvf3
• Warn: Project is vulnerable to: GHSA-j8xg-fqg3-53r7
• Warn: Project is vulnerable to: GHSA-776f-qx25-q3cc