Reason

no dangerous workflow patterns detected

Reason

no binaries found in the repo

Reason

license file detected

Details

• Info: project has a license file: LICENSE:0
• Info: FSF or OSI recognized license: MIT License: LICENSE:0

Reason

Found 9/30 approved changesets -- score normalized to 3

Reason

2 commit(s) and 1 issue activity found in the last 90 days -- score normalized to 2

Reason

detected GitHub workflow tokens with excessive permissions

Details

• Warn: no topLevel permission defined: .github/workflows/ci.yml:1
• Info: no jobLevel write permissions found

Reason

dependency not pinned by hash detected -- score normalized to 0

Details

• Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:26: update your workflow using https://app.stepsecurity.io/secureworkflow/zkochan/packages/ci.yml/main?enable=pin
• Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:28: update your workflow using https://app.stepsecurity.io/secureworkflow/zkochan/packages/ci.yml/main?enable=pin
• Warn: third-party GitHubAction not pinned by hash: .github/workflows/ci.yml:32: update your workflow using https://app.stepsecurity.io/secureworkflow/zkochan/packages/ci.yml/main?enable=pin
• Info: 0 out of 2 GitHub-owned GitHubAction dependencies pinned
• Info: 0 out of 1 third-party GitHubAction dependencies pinned

Reason

no effort to earn an OpenSSF best practices badge detected

Reason

security policy file not detected

Details

• Warn: no security policy file detected
• Warn: no security file to analyze
• Warn: no security file to analyze
• Warn: no security file to analyze

Reason

project is not fuzzed

Details

• Warn: no fuzzer integrations found

Reason

branch protection not enabled on development/release branches

Details

• Warn: branch protection not enabled for branch 'main'

Reason

SAST tool is not run on all commits -- score normalized to 0

Details

• Warn: 0 commits out of 9 are checked with a SAST tool

Reason

32 existing vulnerabilities detected

Details

• Warn: Project is vulnerable to: GHSA-67hx-6x53-jw92
• Warn: Project is vulnerable to: GHSA-grv7-fg5c-xmjg
• Warn: Project is vulnerable to: GHSA-v9mx-4pqq-h232
• Warn: Project is vulnerable to: GHSA-3xgq-45jj-v275
• Warn: Project is vulnerable to: GHSA-h6ch-v84p-w6p9
• Warn: Project is vulnerable to: GHSA-ff7x-qrg7-qggm
• Warn: Project is vulnerable to: GHSA-pfrx-2q88-qq97
• Warn: Project is vulnerable to: GHSA-rc47-6667-2j5j
• Warn: Project is vulnerable to: GHSA-78xj-cgh5-2h22
• Warn: Project is vulnerable to: GHSA-2p57-rm9w-gvfp
• Warn: Project is vulnerable to: GHSA-9c47-m6qq-7p4h
• Warn: Project is vulnerable to: GHSA-952p-6rrq-rcjv
• Warn: Project is vulnerable to: GHSA-wc69-rhjr-hc9g
• Warn: Project is vulnerable to: GHSA-hj9c-8jmm-8c52
• Warn: Project is vulnerable to: GHSA-p8p7-x288-28g6
• Warn: Project is vulnerable to: GHSA-gcx4-mw62-g8wm
• Warn: Project is vulnerable to: GHSA-c2qf-rxjj-qqgw
• Warn: Project is vulnerable to: GHSA-f5x3-32g6-xq36
• Warn: Project is vulnerable to: GHSA-72xf-g2v4-qvf3
• Warn: Project is vulnerable to: GHSA-w5p7-h5w8-2hfq
• Warn: Project is vulnerable to: GHSA-7p7h-4mm5-852v
• Warn: Project is vulnerable to: GHSA-4w2j-2rg4-5mjw
• Warn: Project is vulnerable to: GHSA-mrgp-mrhc-5jrq
• Warn: Project is vulnerable to: GHSA-7jxr-cg7f-gpgv
• Warn: Project is vulnerable to: GHSA-xj72-wvfv-8985
• Warn: Project is vulnerable to: GHSA-ch3r-j5x3-6q2m
• Warn: Project is vulnerable to: GHSA-p5gc-c584-jj6v
• Warn: Project is vulnerable to: GHSA-whpj-8f3w-67p5
• Warn: Project is vulnerable to: GHSA-cchq-frgv-rjh5
• Warn: Project is vulnerable to: GHSA-g644-9gfx-q4q4
• Warn: Project is vulnerable to: GHSA-j8xg-fqg3-53r7
• Warn: Project is vulnerable to: GHSA-3h5v-q93c-6h6q