Reason

no dangerous workflow patterns detected

Reason

no binaries found in the repo

Reason

license file detected

Details

• Info: project has a license file: LICENSE:0
• Info: FSF or OSI recognized license: MIT License: LICENSE:0

Reason

0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0

Reason

Found 0/7 approved changesets -- score normalized to 0

Reason

detected GitHub workflow tokens with excessive permissions

Details

• Warn: no topLevel permission defined: .github/workflows/main.yml:1
• Info: no jobLevel write permissions found

Reason

no effort to earn an OpenSSF best practices badge detected

Reason

dependency not pinned by hash detected -- score normalized to 0

Details

• Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/main.yml:21: update your workflow using https://app.stepsecurity.io/secureworkflow/VadimDez/ngx-online-status/main.yml/master?enable=pin
• Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/main.yml:24: update your workflow using https://app.stepsecurity.io/secureworkflow/VadimDez/ngx-online-status/main.yml/master?enable=pin
• Warn: npmCommand not pinned by hash: .github/workflows/main.yml:30
• Info: 0 out of 2 GitHub-owned GitHubAction dependencies pinned
• Info: 0 out of 1 npmCommand dependencies pinned

Reason

project is not fuzzed

Details

• Warn: no fuzzer integrations found

Reason

security policy file not detected

Details

• Warn: no security policy file detected
• Warn: no security file to analyze
• Warn: no security file to analyze
• Warn: no security file to analyze

Reason

branch protection not enabled on development/release branches

Details

• Warn: branch protection not enabled for branch 'master'

Reason

SAST tool is not run on all commits -- score normalized to 0

Details

• Warn: 0 commits out of 25 are checked with a SAST tool

Reason

34 existing vulnerabilities detected

Details

• Warn: Project is vulnerable to: GHSA-67hx-6x53-jw92
• Warn: Project is vulnerable to: GHSA-p8p7-x288-28g6
• Warn: Project is vulnerable to: GHSA-qwcr-r2fm-qrc7
• Warn: Project is vulnerable to: GHSA-grv7-fg5c-xmjg
• Warn: Project is vulnerable to: GHSA-pxg6-pf52-xh8x
• Warn: Project is vulnerable to: GHSA-3xgq-45jj-v275
• Warn: Project is vulnerable to: GHSA-rv95-896h-c2vc
• Warn: Project is vulnerable to: GHSA-qw6h-vgh9-j6wx
• Warn: Project is vulnerable to: GHSA-jchw-25xp-jwwc
• Warn: Project is vulnerable to: GHSA-cxjh-pqwp-8mfp
• Warn: Project is vulnerable to: GHSA-c7qv-q95q-8v27
• Warn: Project is vulnerable to: GHSA-78xj-cgh5-2h22
• Warn: Project is vulnerable to: GHSA-2p57-rm9w-gvfp
• Warn: Project is vulnerable to: GHSA-3rfm-jhwj-7488
• Warn: Project is vulnerable to: GHSA-hhq3-ff78-jv3g
• Warn: Project is vulnerable to: GHSA-952p-6rrq-rcjv
• Warn: Project is vulnerable to: GHSA-mwcw-c2x4-8c55
• Warn: Project is vulnerable to: GHSA-9wv6-86v2-598j
• Warn: Project is vulnerable to: GHSA-rhx6-c78j-4q9w
• Warn: Project is vulnerable to: GHSA-7fh5-64p2-3v2j
• Warn: Project is vulnerable to: GHSA-gcx4-mw62-g8wm
• Warn: Project is vulnerable to: GHSA-c2qf-rxjj-qqgw
• Warn: Project is vulnerable to: GHSA-m6fv-jmcg-4jfg
• Warn: Project is vulnerable to: GHSA-cm22-4g7w-348p
• Warn: Project is vulnerable to: GHSA-25hc-qcg6-38wj
• Warn: Project is vulnerable to: GHSA-cqmj-92xf-r6r9
• Warn: Project is vulnerable to: GHSA-f5x3-32g6-xq36
• Warn: Project is vulnerable to: GHSA-4wf5-vphf-c2xc
• Warn: Project is vulnerable to: GHSA-72xf-g2v4-qvf3
• Warn: Project is vulnerable to: GHSA-hc6q-2mpp-qw7j
• Warn: Project is vulnerable to: GHSA-4vvj-4cpr-p986
• Warn: Project is vulnerable to: GHSA-wr3j-pwj9-hqq6
• Warn: Project is vulnerable to: GHSA-3h5v-q93c-6h6q
• Warn: Project is vulnerable to: GHSA-776f-qx25-q3cc