Reason

no dangerous workflow patterns detected

Reason

no binaries found in the repo

Reason

license file detected

Details

• Info: project has a license file: LICENSE:0
• Info: FSF or OSI recognized license: MIT License: LICENSE:0

Reason

Found 20/25 approved changesets -- score normalized to 8

Reason

security policy file detected

Details

• Info: security policy file detected: SECURITY.md:1
• Warn: no linked content found
• Info: Found disclosure, vulnerability, and/or timelines in security policy: SECURITY.md:1
• Info: Found text in security policy: SECURITY.md:1

Reason

0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0

Reason

detected GitHub workflow tokens with excessive permissions

Details

• Warn: no topLevel permission defined: .github/workflows/docs.yml:1
• Warn: no topLevel permission defined: .github/workflows/nodejs.yml:1
• Warn: no topLevel permission defined: .github/workflows/release.yml:1
• Warn: no topLevel permission defined: .github/workflows/size.yml:1
• Info: no jobLevel write permissions found

Reason

no effort to earn an OpenSSF best practices badge detected

Reason

dependency not pinned by hash detected -- score normalized to 0

Details

• Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/docs.yml:21: update your workflow using https://app.stepsecurity.io/secureworkflow/redux-saga/redux-saga/docs.yml/main?enable=pin
• Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/docs.yml:23: update your workflow using https://app.stepsecurity.io/secureworkflow/redux-saga/redux-saga/docs.yml/main?enable=pin
• Warn: third-party GitHubAction not pinned by hash: .github/workflows/docs.yml:33: update your workflow using https://app.stepsecurity.io/secureworkflow/redux-saga/redux-saga/docs.yml/main?enable=pin
• Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/nodejs.yml:14: update your workflow using https://app.stepsecurity.io/secureworkflow/redux-saga/redux-saga/nodejs.yml/main?enable=pin
• Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/nodejs.yml:17: update your workflow using https://app.stepsecurity.io/secureworkflow/redux-saga/redux-saga/nodejs.yml/main?enable=pin
• Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release.yml:13: update your workflow using https://app.stepsecurity.io/secureworkflow/redux-saga/redux-saga/release.yml/main?enable=pin
• Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release.yml:16: update your workflow using https://app.stepsecurity.io/secureworkflow/redux-saga/redux-saga/release.yml/main?enable=pin
• Warn: third-party GitHubAction not pinned by hash: .github/workflows/release.yml:25: update your workflow using https://app.stepsecurity.io/secureworkflow/redux-saga/redux-saga/release.yml/main?enable=pin
• Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/size.yml:9: update your workflow using https://app.stepsecurity.io/secureworkflow/redux-saga/redux-saga/size.yml/main?enable=pin
• Warn: third-party GitHubAction not pinned by hash: .github/workflows/size.yml:10: update your workflow using https://app.stepsecurity.io/secureworkflow/redux-saga/redux-saga/size.yml/main?enable=pin
• Info: 0 out of 7 GitHub-owned GitHubAction dependencies pinned
• Info: 0 out of 3 third-party GitHubAction dependencies pinned

Reason

project is not fuzzed

Details

• Warn: no fuzzer integrations found

Reason

SAST tool is not run on all commits -- score normalized to 0

Details

• Warn: 0 commits out of 26 are checked with a SAST tool

Reason

156 existing vulnerabilities detected

Details

• Warn: Project is vulnerable to: GHSA-67hx-6x53-jw92
• Warn: Project is vulnerable to: GHSA-c2jc-4fpr-4vhg
• Warn: Project is vulnerable to: GHSA-whgm-jr23-g3j9
• Warn: Project is vulnerable to: GHSA-93q8-gq69-wqmw
• Warn: Project is vulnerable to: GHSA-fwr7-v2mv-hh25
• Warn: Project is vulnerable to: GHSA-wf5p-g6vw-rhxx
• Warn: Project is vulnerable to: GHSA-jr5f-v2jv-69x6
• Warn: Project is vulnerable to: GHSA-qwcr-r2fm-qrc7
• Warn: Project is vulnerable to: GHSA-grv7-fg5c-xmjg
• Warn: Project is vulnerable to: GHSA-w8qv-6jwh-64r5
• Warn: Project is vulnerable to: GHSA-pxg6-pf52-xh8x
• Warn: Project is vulnerable to: GHSA-7gc6-qh9x-w6h8
• Warn: Project is vulnerable to: GHSA-3xgq-45jj-v275
• Warn: Project is vulnerable to: GHSA-w573-4hg7-7wgq
• Warn: Project is vulnerable to: GHSA-mf6x-hrgr-658f
• Warn: Project is vulnerable to: GHSA-xrh7-m5pp-39r6
• Warn: Project is vulnerable to: GHSA-6h5x-7c5m-7cr7
• Warn: Project is vulnerable to: GHSA-rv95-896h-c2vc
• Warn: Project is vulnerable to: GHSA-qw6h-vgh9-j6wx
• Warn: Project is vulnerable to: GHSA-74fj-2j2h-c42q
• Warn: Project is vulnerable to: GHSA-pw2r-vq6v-hr8c
• Warn: Project is vulnerable to: GHSA-jchw-25xp-jwwc
• Warn: Project is vulnerable to: GHSA-cxjh-pqwp-8mfp
• Warn: Project is vulnerable to: GHSA-pfrx-2q88-qq97
• Warn: Project is vulnerable to: GHSA-rc47-6667-2j5j
• Warn: Project is vulnerable to: GHSA-c7qv-q95q-8v27
• Warn: Project is vulnerable to: GHSA-33f9-j839-rf8h
• Warn: Project is vulnerable to: GHSA-c36v-fmgq-m8hx
• Warn: Project is vulnerable to: GHSA-78xj-cgh5-2h22
• Warn: Project is vulnerable to: GHSA-2p57-rm9w-gvfp
• Warn: Project is vulnerable to: GHSA-9c47-m6qq-7p4h
• Warn: Project is vulnerable to: GHSA-76p3-8jx3-jpfq
• Warn: Project is vulnerable to: GHSA-3rfm-jhwj-7488
• Warn: Project is vulnerable to: GHSA-hhq3-ff78-jv3g
• Warn: Project is vulnerable to: GHSA-p6mc-m468-83gw
• Warn: Project is vulnerable to: GHSA-952p-6rrq-rcjv
• Warn: Project is vulnerable to: GHSA-f8q6-p94x-37v3
• Warn: Project is vulnerable to: GHSA-xvch-5gv4-984h
• Warn: Project is vulnerable to: GHSA-qrpm-p2h7-hrv2
• Warn: Project is vulnerable to: GHSA-mwcw-c2x4-8c55
• Warn: Project is vulnerable to: GHSA-r683-j2x4-v87g
• Warn: Project is vulnerable to: GHSA-5rrq-pxf6-6jx5
• Warn: Project is vulnerable to: GHSA-8fr3-hfg3-gpgp
• Warn: Project is vulnerable to: GHSA-gf8q-jrpm-jvxq
• Warn: Project is vulnerable to: GHSA-2r2c-g63r-vccr
• Warn: Project is vulnerable to: GHSA-cfm4-qjh2-4765
• Warn: Project is vulnerable to: GHSA-x4jg-mjrx-434g
• Warn: Project is vulnerable to: GHSA-rp65-9cf3-cjxr
• Warn: Project is vulnerable to: GHSA-9wv6-86v2-598j
• Warn: Project is vulnerable to: GHSA-rhx6-c78j-4q9w
• Warn: Project is vulnerable to: GHSA-7fh5-64p2-3v2j
• Warn: Project is vulnerable to: GHSA-3949-f494-cm99
• Warn: Project is vulnerable to: GHSA-x7hr-w5r2-h6wg
• Warn: Project is vulnerable to: GHSA-hrpp-h998-j3pp
• Warn: Project is vulnerable to: GHSA-c2qf-rxjj-qqgw
• Warn: Project is vulnerable to: GHSA-m6fv-jmcg-4jfg
• Warn: Project is vulnerable to: GHSA-76p7-773f-r4q5
• Warn: Project is vulnerable to: GHSA-cm22-4g7w-348p
• Warn: Project is vulnerable to: GHSA-g4rg-993r-mgx7
• Warn: Project is vulnerable to: GHSA-4rq4-32rv-6wp6
• Warn: Project is vulnerable to: GHSA-64g7-mvw6-v9qj
• Warn: Project is vulnerable to: GHSA-4wf5-vphf-c2xc
• Warn: Project is vulnerable to: GHSA-w5p7-h5w8-2hfq
• Warn: Project is vulnerable to: GHSA-fhg7-m89q-25r3
• Warn: Project is vulnerable to: GHSA-rqff-837h-mm52
• Warn: Project is vulnerable to: GHSA-8v38-pw62-9cw2
• Warn: Project is vulnerable to: GHSA-hgjh-723h-mx2j
• Warn: Project is vulnerable to: GHSA-jf5r-8hm2-f872
• Warn: Project is vulnerable to: GHSA-hc6q-2mpp-qw7j
• Warn: Project is vulnerable to: GHSA-4vvj-4cpr-p986
• Warn: Project is vulnerable to: GHSA-wr3j-pwj9-hqq6
• Warn: Project is vulnerable to: GHSA-3h5v-q93c-6h6q
• Warn: Project is vulnerable to: GHSA-rmvr-2pp2-xj38
• Warn: Project is vulnerable to: GHSA-xx4v-prfh-6cgc
• Warn: Project is vulnerable to: GHSA-6chw-6frg-f759
• Warn: Project is vulnerable to: GHSA-v88g-cgmw-v5xw
• Warn: Project is vulnerable to: GHSA-cwfw-4gq5-mrqx
• Warn: Project is vulnerable to: GHSA-g95f-p29q-9xw4
• Warn: Project is vulnerable to: GHSA-x9w5-v3q2-3rhw
• Warn: Project is vulnerable to: GHSA-gxpj-cx7g-858c
• Warn: Project is vulnerable to: GHSA-3wcq-x3mq-6r9p
• Warn: Project is vulnerable to: GHSA-ff7x-qrg7-qggm
• Warn: Project is vulnerable to: GHSA-vh7m-p724-62c2
• Warn: Project is vulnerable to: GHSA-r9p9-mrjm-926w
• Warn: Project is vulnerable to: GHSA-434g-2637-qmqr
• Warn: Project is vulnerable to: GHSA-49q7-c7j4-3p7m
• Warn: Project is vulnerable to: GHSA-977x-g7h5-7qgw
• Warn: Project is vulnerable to: GHSA-f7q4-pwc6-w24p
• Warn: Project is vulnerable to: GHSA-fc9h-whq2-v747
• Warn: Project is vulnerable to: GHSA-vjh7-7g9h-fjfh
• Warn: Project is vulnerable to: GHSA-8r6j-v8pm-fqw3
• Warn: Project is vulnerable to: MAL-2023-462
• Warn: Project is vulnerable to: GHSA-8mmm-9v2q-x3f9
• Warn: Project is vulnerable to: GHSA-ww39-953v-wcq6
• Warn: Project is vulnerable to: GHSA-w457-6q6x-cgp9
• Warn: Project is vulnerable to: GHSA-62gr-4qp9-h98f
• Warn: Project is vulnerable to: GHSA-f52g-6jhx-586p
• Warn: Project is vulnerable to: GHSA-2cf5-4w76-r9qv
• Warn: Project is vulnerable to: GHSA-3cqr-58rm-57f8
• Warn: Project is vulnerable to: GHSA-g9r4-xpmj-mj65
• Warn: Project is vulnerable to: GHSA-q2c6-c6pm-g3gh
• Warn: Project is vulnerable to: GHSA-765h-qjxv-5f44
• Warn: Project is vulnerable to: GHSA-f2jv-r9rf-7988
• Warn: Project is vulnerable to: GHSA-43f8-2h32-f4cj
• Warn: Project is vulnerable to: GHSA-pfq8-rq6v-vf5m
• Warn: Project is vulnerable to: GHSA-6x33-pw7p-hmpq
• Warn: Project is vulnerable to: GHSA-pc5p-h8pf-mvwp
• Warn: Project is vulnerable to: GHSA-qqgx-2p2h-9c37
• Warn: Project is vulnerable to: GHSA-896r-f27r-55mw
• Warn: Project is vulnerable to: GHSA-6c8f-qphg-qjgp
• Warn: Project is vulnerable to: GHSA-29mw-wpgm-hmr9
• Warn: Project is vulnerable to: GHSA-35jh-r3h4-6jhm
• Warn: Project is vulnerable to: GHSA-4xcv-9jjx-gfj3
• Warn: Project is vulnerable to: GHSA-7wpw-2hjm-89gp
• Warn: Project is vulnerable to: GHSA-vh95-rmgr-6w4m
• Warn: Project is vulnerable to: GHSA-w7rc-rwvf-8q5r
• Warn: Project is vulnerable to: GHSA-92xj-mqp7-vmcj
• Warn: Project is vulnerable to: GHSA-wxgw-qj99-44c2
• Warn: Project is vulnerable to: GHSA-5fw9-fq32-wv5p
• Warn: Project is vulnerable to: GHSA-3j8f-xvm3-ffx4
• Warn: Project is vulnerable to: GHSA-4p35-cfcx-8653
• Warn: Project is vulnerable to: GHSA-7f3x-x4pr-wqhj
• Warn: Project is vulnerable to: GHSA-jpp7-7chh-cf67
• Warn: Project is vulnerable to: GHSA-q6wq-5p59-983w
• Warn: Project is vulnerable to: GHSA-j9fq-vwqv-2fm2
• Warn: Project is vulnerable to: GHSA-pqw5-jmp5-px4v
• Warn: Project is vulnerable to: GHSA-hj48-42vr-x3v9
• Warn: Project is vulnerable to: GHSA-p8p7-x288-28g6
• Warn: Project is vulnerable to: GHSA-gcx4-mw62-g8wm
• Warn: Project is vulnerable to: GHSA-h9rv-jmmf-4pgx
• Warn: Project is vulnerable to: GHSA-hxcc-f52p-wc94
• Warn: Project is vulnerable to: GHSA-4g88-fppr-53pp
• Warn: Project is vulnerable to: GHSA-4jqc-8m5r-9rpr
• Warn: Project is vulnerable to: GHSA-c9g6-9335-x697
• Warn: Project is vulnerable to: GHSA-vx3p-948g-6vhq
• Warn: Project is vulnerable to: GHSA-3jfq-g458-7qm9
• Warn: Project is vulnerable to: GHSA-5955-9wpr-37jh
• Warn: Project is vulnerable to: GHSA-f5x3-32g6-xq36
• Warn: Project is vulnerable to: GHSA-r628-mhmh-qjhw
• Warn: Project is vulnerable to: GHSA-9r2w-394v-53qc
• Warn: Project is vulnerable to: GHSA-qq89-hq3f-393p
• Warn: Project is vulnerable to: GHSA-29xr-v42j-r956
• Warn: Project is vulnerable to: GHSA-jgrx-mgxx-jf9v
• Warn: Project is vulnerable to: GHSA-72xf-g2v4-qvf3
• Warn: Project is vulnerable to: GHSA-7p7h-4mm5-852v
• Warn: Project is vulnerable to: GHSA-38fc-wpqx-33j7
• Warn: Project is vulnerable to: GHSA-662x-fhqg-9p8v
• Warn: Project is vulnerable to: GHSA-394c-5j6w-4xmx
• Warn: Project is vulnerable to: GHSA-78cj-fxph-m83p
• Warn: Project is vulnerable to: GHSA-46c4-8wrp-j99v
• Warn: Project is vulnerable to: GHSA-9m6j-fcg5-2442
• Warn: Project is vulnerable to: GHSA-hh27-ffr2-f2jc
• Warn: Project is vulnerable to: GHSA-g78m-2chm-r7qv
• Warn: Project is vulnerable to: GHSA-6fc8-4gx4-v693
• Warn: Project is vulnerable to: GHSA-c4w7-xm78-47vh
• Warn: Project is vulnerable to: GHSA-p9pc-299p-vxgp