You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Scorecard is an automated tool that assesses a number of important heuristics ("checks") associated with software security and assigns each check a score of 0-10. You can use these scores to understand specific areas to improve in order to strengthen the security posture of your project. You can also assess the risks that dependencies introduce, and make informed decisions about accepting these risks, evaluating alternative solutions, or working with the maintainers to make improvements.
Actions
Install OSSF Scorecard action to this repo
Basline (Current OSSF Scores)
❯ scorecard --repo=https://github.com/opea-project/GenAIInfra
Starting [Contributors]
Starting [Fuzzing]
Starting [License]
Starting [CII-Best-Practices]
Starting [Pinned-Dependencies]
Starting [Branch-Protection]
Starting [Maintained]
Starting [Vulnerabilities]
Starting [Security-Policy]
Starting [Packaging]
Starting [Code-Review]
Starting [SAST]
Starting [Signed-Releases]
Starting [Binary-Artifacts]
Starting [Dangerous-Workflow]
Starting [CI-Tests]
Starting [Token-Permissions]
Starting [Dependency-Update-Tool]
Finished [CI-Tests]
Finished [Token-Permissions]
Finished [Dependency-Update-Tool]
Finished [CII-Best-Practices]
Finished [Pinned-Dependencies]
Finished [Branch-Protection]
Finished [Maintained]
Finished [Vulnerabilities]
Finished [Contributors]
Finished [Fuzzing]
Finished [License]
Finished [Security-Policy]
Finished [Packaging]
Finished [Code-Review]
Finished [Signed-Releases]
Finished [Binary-Artifacts]
Finished [Dangerous-Workflow]
Finished [SAST]
RESULTS
-------
Aggregate score: 4.3 / 10
Check scores:
|---------|------------------------|--------------------------------|-----------------------------------------------------------------------------------------------------------------------|| SCORE | NAME | REASON | DOCUMENTATION/REMEDIATION ||---------|------------------------|--------------------------------|-----------------------------------------------------------------------------------------------------------------------|| 10 / 10 | Binary-Artifacts | no binaries found in the repo | https://github.com/ossf/scorecard/blob/ea7e27ed41b76ab879c862fa0ca4cc9c61764ee4/docs/checks.md#binary-artifacts ||---------|------------------------|--------------------------------|-----------------------------------------------------------------------------------------------------------------------||?| Branch-Protection | internal error: error during | https://github.com/ossf/scorecard/blob/ea7e27ed41b76ab879c862fa0ca4cc9c61764ee4/docs/checks.md#branch-protection |||| branchesHandler.setup: ||||| internal error: ||||| githubv4.Query: Resource not ||||| accessible by personal access ||||| token |||---------|------------------------|--------------------------------|-----------------------------------------------------------------------------------------------------------------------|| 10 / 10 | CI-Tests | 30 out of 30 merged PRs | https://github.com/ossf/scorecard/blob/ea7e27ed41b76ab879c862fa0ca4cc9c61764ee4/docs/checks.md#ci-tests |||| checked by a CI test -- score ||||| normalized to 10 |||---------|------------------------|--------------------------------|-----------------------------------------------------------------------------------------------------------------------|| 0 / 10 | CII-Best-Practices | no effort to earn an OpenSSF | https://github.com/ossf/scorecard/blob/ea7e27ed41b76ab879c862fa0ca4cc9c61764ee4/docs/checks.md#cii-best-practices |||| best practices badge detected |||---------|------------------------|--------------------------------|-----------------------------------------------------------------------------------------------------------------------|| 10 / 10 | Code-Review | all changesets reviewed | https://github.com/ossf/scorecard/blob/ea7e27ed41b76ab879c862fa0ca4cc9c61764ee4/docs/checks.md#code-review ||---------|------------------------|--------------------------------|-----------------------------------------------------------------------------------------------------------------------|| 10 / 10 | Contributors | project has 7 contributing | https://github.com/ossf/scorecard/blob/ea7e27ed41b76ab879c862fa0ca4cc9c61764ee4/docs/checks.md#contributors |||| companies or organizations |||---------|------------------------|--------------------------------|-----------------------------------------------------------------------------------------------------------------------|| 0 / 10 | Dangerous-Workflow | dangerous workflow patterns | https://github.com/ossf/scorecard/blob/ea7e27ed41b76ab879c862fa0ca4cc9c61764ee4/docs/checks.md#dangerous-workflow |||| detected |||---------|------------------------|--------------------------------|-----------------------------------------------------------------------------------------------------------------------|| 0 / 10 | Dependency-Update-Tool | no update tool detected | https://github.com/ossf/scorecard/blob/ea7e27ed41b76ab879c862fa0ca4cc9c61764ee4/docs/checks.md#dependency-update-tool ||---------|------------------------|--------------------------------|-----------------------------------------------------------------------------------------------------------------------|| 0 / 10 | Fuzzing | project is not fuzzed | https://github.com/ossf/scorecard/blob/ea7e27ed41b76ab879c862fa0ca4cc9c61764ee4/docs/checks.md#fuzzing ||---------|------------------------|--------------------------------|-----------------------------------------------------------------------------------------------------------------------|| 10 / 10 | License | license file detected | https://github.com/ossf/scorecard/blob/ea7e27ed41b76ab879c862fa0ca4cc9c61764ee4/docs/checks.md#license ||---------|------------------------|--------------------------------|-----------------------------------------------------------------------------------------------------------------------|| 10 / 10 | Maintained | 30 commit(s) and 25 issue | https://github.com/ossf/scorecard/blob/ea7e27ed41b76ab879c862fa0ca4cc9c61764ee4/docs/checks.md#maintained |||| activity found in the last 90 ||||| days -- score normalized to 10 |||---------|------------------------|--------------------------------|-----------------------------------------------------------------------------------------------------------------------||?| Packaging | packaging workflow not | https://github.com/ossf/scorecard/blob/ea7e27ed41b76ab879c862fa0ca4cc9c61764ee4/docs/checks.md#packaging |||| detected |||---------|------------------------|--------------------------------|-----------------------------------------------------------------------------------------------------------------------|| 0 / 10 | Pinned-Dependencies | dependency not pinned by hash| https://github.com/ossf/scorecard/blob/ea7e27ed41b76ab879c862fa0ca4cc9c61764ee4/docs/checks.md#pinned-dependencies |||| detected -- score normalized ||||| to 0 |||---------|------------------------|--------------------------------|-----------------------------------------------------------------------------------------------------------------------|| 0 / 10 | SAST | SAST tool is not run on all | https://github.com/ossf/scorecard/blob/ea7e27ed41b76ab879c862fa0ca4cc9c61764ee4/docs/checks.md#sast |||| commits -- score normalized to ||||| 0 |||---------|------------------------|--------------------------------|-----------------------------------------------------------------------------------------------------------------------|| 0 / 10 | Security-Policy | security policy file not | https://github.com/ossf/scorecard/blob/ea7e27ed41b76ab879c862fa0ca4cc9c61764ee4/docs/checks.md#security-policy |||| detected |||---------|------------------------|--------------------------------|-----------------------------------------------------------------------------------------------------------------------||?| Signed-Releases | no releases found | https://github.com/ossf/scorecard/blob/ea7e27ed41b76ab879c862fa0ca4cc9c61764ee4/docs/checks.md#signed-releases ||---------|------------------------|--------------------------------|-----------------------------------------------------------------------------------------------------------------------|| 0 / 10 | Token-Permissions | detected GitHub workflow | https://github.com/ossf/scorecard/blob/ea7e27ed41b76ab879c862fa0ca4cc9c61764ee4/docs/checks.md#token-permissions |||| tokens with excessive ||||| permissions |||---------|------------------------|--------------------------------|-----------------------------------------------------------------------------------------------------------------------|| 9 / 10 | Vulnerabilities | 1 existing vulnerabilities | https://github.com/ossf/scorecard/blob/ea7e27ed41b76ab879c862fa0ca4cc9c61764ee4/docs/checks.md#vulnerabilities |||| detected |||---------|------------------------|--------------------------------|-----------------------------------------------------------------------------------------------------------------------|
The text was updated successfully, but these errors were encountered:
Description
Actions
Basline (Current OSSF Scores)
The text was updated successfully, but these errors were encountered: