Reason

no dangerous workflow patterns detected

Reason

no binaries found in the repo

Reason

license file detected

Details

• Info: project has a license file: LICENSE:0
• Info: FSF or OSI recognized license: MIT License: LICENSE:0

Reason

0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0

Reason

Found 2/29 approved changesets -- score normalized to 0

Reason

detected GitHub workflow tokens with excessive permissions

Details

• Warn: no topLevel permission defined: .github/workflows/release.yml:1
• Info: no jobLevel write permissions found

Reason

dependency not pinned by hash detected -- score normalized to 0

Details

• Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release.yml:15: update your workflow using https://app.stepsecurity.io/secureworkflow/serverless-plus/tencent-serverless-http/release.yml/master?enable=pin
• Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release.yml:20: update your workflow using https://app.stepsecurity.io/secureworkflow/serverless-plus/tencent-serverless-http/release.yml/master?enable=pin
• Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release.yml:27: update your workflow using https://app.stepsecurity.io/secureworkflow/serverless-plus/tencent-serverless-http/release.yml/master?enable=pin
• Warn: npmCommand not pinned by hash: .github/workflows/release.yml:38
• Warn: npmCommand not pinned by hash: .github/workflows/release.yml:39
• Info: 0 out of 3 GitHub-owned GitHubAction dependencies pinned
• Info: 0 out of 2 npmCommand dependencies pinned

Reason

no effort to earn an OpenSSF best practices badge detected

Reason

security policy file not detected

Details

• Warn: no security policy file detected
• Warn: no security file to analyze
• Warn: no security file to analyze
• Warn: no security file to analyze

Reason

project is not fuzzed

Details

• Warn: no fuzzer integrations found

Reason

branch protection not enabled on development/release branches

Details

• Warn: branch protection not enabled for branch 'master'

Reason

SAST tool is not run on all commits -- score normalized to 0

Details

• Warn: 0 commits out of 7 are checked with a SAST tool

Reason

101 existing vulnerabilities detected

Details

• Warn: Project is vulnerable to: GHSA-qwcr-r2fm-qrc7
• Warn: Project is vulnerable to: GHSA-pxg6-pf52-xh8x
• Warn: Project is vulnerable to: GHSA-rv95-896h-c2vc
• Warn: Project is vulnerable to: GHSA-qw6h-vgh9-j6wx
• Warn: Project is vulnerable to: GHSA-jf85-cpcp-j695
• Warn: Project is vulnerable to: GHSA-p6mc-m468-83gw
• Warn: Project is vulnerable to: GHSA-29mw-wpgm-hmr9
• Warn: Project is vulnerable to: GHSA-35jh-r3h4-6jhm
• Warn: Project is vulnerable to: GHSA-hj48-42vr-x3v9
• Warn: Project is vulnerable to: GHSA-9wv6-86v2-598j
• Warn: Project is vulnerable to: GHSA-p493-635q-r6gr
• Warn: Project is vulnerable to: GHSA-3965-hpx2-q597
• Warn: Project is vulnerable to: GHSA-hrpp-h998-j3pp
• Warn: Project is vulnerable to: GHSA-m6fv-jmcg-4jfg
• Warn: Project is vulnerable to: GHSA-cm22-4g7w-348p
• Warn: Project is vulnerable to: GHSA-67hx-6x53-jw92
• Warn: Project is vulnerable to: GHSA-6chw-6frg-f759
• Warn: Project is vulnerable to: GHSA-v88g-cgmw-v5xw
• Warn: Project is vulnerable to: GHSA-93q8-gq69-wqmw
• Warn: Project is vulnerable to: GHSA-fwr7-v2mv-hh25
• Warn: Project is vulnerable to: GHSA-2mj8-pj3j-h362
• Warn: Project is vulnerable to: GHSA-gqf6-75v8-vr26
• Warn: Project is vulnerable to: GHSA-v45m-2wcp-gg98
• Warn: Project is vulnerable to: GHSA-grv7-fg5c-xmjg
• Warn: Project is vulnerable to: GHSA-c6rq-rjc2-86v2
• Warn: Project is vulnerable to: GHSA-3xgq-45jj-v275
• Warn: Project is vulnerable to: GHSA-gxpj-cx7g-858c
• Warn: Project is vulnerable to: GHSA-w573-4hg7-7wgq
• Warn: Project is vulnerable to: GHSA-ff7x-qrg7-qggm
• Warn: Project is vulnerable to: GHSA-xf7w-r453-m56c
• Warn: Project is vulnerable to: GHSA-pfrx-2q88-qq97
• Warn: Project is vulnerable to: GHSA-q42p-pg8m-cqh6
• Warn: Project is vulnerable to: GHSA-w457-6q6x-cgp9
• Warn: Project is vulnerable to: GHSA-62gr-4qp9-h98f
• Warn: Project is vulnerable to: GHSA-f52g-6jhx-586p
• Warn: Project is vulnerable to: GHSA-2cf5-4w76-r9qv
• Warn: Project is vulnerable to: GHSA-3cqr-58rm-57f8
• Warn: Project is vulnerable to: GHSA-g9r4-xpmj-mj65
• Warn: Project is vulnerable to: GHSA-q2c6-c6pm-g3gh
• Warn: Project is vulnerable to: GHSA-765h-qjxv-5f44
• Warn: Project is vulnerable to: GHSA-f2jv-r9rf-7988
• Warn: Project is vulnerable to: GHSA-43f8-2h32-f4cj
• Warn: Project is vulnerable to: GHSA-rc47-6667-2j5j
• Warn: Project is vulnerable to: GHSA-pc5p-h8pf-mvwp
• Warn: Project is vulnerable to: GHSA-qqgx-2p2h-9c37
• Warn: Project is vulnerable to: GHSA-78xj-cgh5-2h22
• Warn: Project is vulnerable to: GHSA-2p57-rm9w-gvfp
• Warn: Project is vulnerable to: GHSA-8j8c-7jfh-h6hx
• Warn: Project is vulnerable to: GHSA-896r-f27r-55mw
• Warn: Project is vulnerable to: GHSA-9c47-m6qq-7p4h
• Warn: Project is vulnerable to: GHSA-6c8f-qphg-qjgp
• Warn: Project is vulnerable to: GHSA-2m96-9w4j-wgv7
• Warn: Project is vulnerable to: GHSA-h726-x36v-rx45
• Warn: Project is vulnerable to: GHSA-5947-m4fg-xhqg
• Warn: Project is vulnerable to: GHSA-779f-wgxg-qr8f
• Warn: Project is vulnerable to: GHSA-xf5p-87ch-gxw2
• Warn: Project is vulnerable to: GHSA-ch52-vgq2-943f
• Warn: Project is vulnerable to: GHSA-5v2h-r2cx-5xgj
• Warn: Project is vulnerable to: GHSA-rrrm-qjm4-v8hf
• Warn: Project is vulnerable to: GHSA-4xcv-9jjx-gfj3
• Warn: Project is vulnerable to: GHSA-7wpw-2hjm-89gp
• Warn: Project is vulnerable to: GHSA-952p-6rrq-rcjv
• Warn: Project is vulnerable to: GHSA-f8q6-p94x-37v3
• Warn: Project is vulnerable to: GHSA-vh95-rmgr-6w4m / GHSA-xvch-5gv4-984h
• Warn: Project is vulnerable to: GHSA-fhjf-83wg-r2j9
• Warn: Project is vulnerable to: GHSA-w7rc-rwvf-8q5r
• Warn: Project is vulnerable to: GHSA-r683-j2x4-v87g
• Warn: Project is vulnerable to: GHSA-5fw9-fq32-wv5p
• Warn: Project is vulnerable to: GHSA-m6cx-g6qm-p2cx
• Warn: Project is vulnerable to: GHSA-x8qc-rrcw-4r46
• Warn: Project is vulnerable to: GHSA-4328-8hgf-7wjr
• Warn: Project is vulnerable to: GHSA-93f3-23rq-pjfp
• Warn: Project is vulnerable to: GHSA-jmqm-f2gx-4fjv
• Warn: Project is vulnerable to: GHSA-pw54-mh39-w3hc / GHSA-xgh6-85xh-479p
• Warn: Project is vulnerable to: GHSA-p8p7-x288-28g6
• Warn: Project is vulnerable to: GHSA-r2j6-p67h-q639
• Warn: Project is vulnerable to: GHSA-c2qf-rxjj-qqgw
• Warn: Project is vulnerable to: GHSA-44c6-4v22-4mhx
• Warn: Project is vulnerable to: GHSA-4x5v-gmq8-25ch
• Warn: Project is vulnerable to: GHSA-jv35-xqg7-f92r
• Warn: Project is vulnerable to: GHSA-4g88-fppr-53pp
• Warn: Project is vulnerable to: GHSA-4jqc-8m5r-9rpr
• Warn: Project is vulnerable to: GHSA-4rq4-32rv-6wp6
• Warn: Project is vulnerable to: GHSA-64g7-mvw6-v9qj
• Warn: Project is vulnerable to: GHSA-vx3p-948g-6vhq
• Warn: Project is vulnerable to: GHSA-j44m-qm6p-hp7m
• Warn: Project is vulnerable to: GHSA-3jfq-g458-7qm9
• Warn: Project is vulnerable to: GHSA-5955-9wpr-37jh
• Warn: Project is vulnerable to: GHSA-f5x3-32g6-xq36
• Warn: Project is vulnerable to: GHSA-r628-mhmh-qjhw
• Warn: Project is vulnerable to: GHSA-9r2w-394v-53qc
• Warn: Project is vulnerable to: GHSA-qq89-hq3f-393p
• Warn: Project is vulnerable to: GHSA-jgrx-mgxx-jf9v
• Warn: Project is vulnerable to: GHSA-72xf-g2v4-qvf3
• Warn: Project is vulnerable to: GHSA-7p7h-4mm5-852v
• Warn: Project is vulnerable to: GHSA-38fc-wpqx-33j7
• Warn: Project is vulnerable to: GHSA-j8xg-fqg3-53r7
• Warn: Project is vulnerable to: GHSA-6fc8-4gx4-v693
• Warn: Project is vulnerable to: GHSA-3h5v-q93c-6h6q
• Warn: Project is vulnerable to: GHSA-c4w7-xm78-47vh
• Warn: Project is vulnerable to: GHSA-p9pc-299p-vxgp