{"date":"2022-10-24","repo":{"name":"github.com/StefanSchroeder/Gocal","commit":"278882f07a55a5958311d100b5d8120dafa69853"},"scorecard":{"version":"v4.5.0","commit":"69eb1ccf1d0cf8c5b291044479f18672bf250325"},"score":4.6,"checks":[{"name":"Binary-Artifacts","score":10,"reason":"no binaries found in the repo","details":null,"documentation":{"short":"Determines if the project has generated executable (binary) artifacts in the source repository.","url":"https://github.com/ossf/scorecard/blob/69eb1ccf1d0cf8c5b291044479f18672bf250325/docs/checks.md#binary-artifacts"}},{"name":"Branch-Protection","score":-1,"reason":"internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration","details":null,"documentation":{"short":"Determines if the default and release branches are protected with GitHub's branch protection settings.","url":"https://github.com/ossf/scorecard/blob/69eb1ccf1d0cf8c5b291044479f18672bf250325/docs/checks.md#branch-protection"}},{"name":"CI-Tests","score":-1,"reason":"no pull request found","details":null,"documentation":{"short":"Determines if the project runs tests before pull requests are merged.","url":"https://github.com/ossf/scorecard/blob/69eb1ccf1d0cf8c5b291044479f18672bf250325/docs/checks.md#ci-tests"}},{"name":"CII-Best-Practices","score":0,"reason":"no badge detected","details":null,"documentation":{"short":"Determines if the project has a CII Best Practices Badge.","url":"https://github.com/ossf/scorecard/blob/69eb1ccf1d0cf8c5b291044479f18672bf250325/docs/checks.md#cii-best-practices"}},{"name":"Code-Review","score":0,"reason":"no reviews found","details":["Warn: no reviews found for commit: 278882f07a55a5958311d100b5d8120dafa69853","Warn: no reviews found for commit: fda8dd58ca3c830d316debd7cff184cdbe1fca20","Warn: no reviews found for commit: e51d7074edb20ea0c40108a615b519e14d1a0d38","Warn: no reviews found for commit: 9a231d50cef019298b9a9a6dfd6d30ad94c38d9f","Warn: no reviews found for commit: 00a2517d976f0e8491c6ed69201922bc82a2115a","Warn: no reviews found for commit: f9c000be25421b49d6485c079bc18b1538135e36","Warn: no reviews found for commit: a168faa549f599288721beb1f3dcfe4e3bb09c5d","Warn: no reviews found for commit: 54358ac848f3ebe203a200d59b0ada1c3949ce80","Warn: no reviews found for commit: 947b4b79e4e8dda1f786a23014648c81bf59ceda","Warn: no reviews found for commit: a7ba192b8ed79e8dfc89a1b6626393ccc79dd140","Warn: no reviews found for commit: 15dbc08fa85f5020f8a78c4bc70afc7226433c90","Warn: no reviews found for commit: 834fcac29e4ec7c1aff972a02ebcb6bec28a46b4","Warn: no reviews found for commit: 78ae8f97681449a8b236206356d89adc613b28ef","Warn: no reviews found for commit: 39bac98dc5df4b6a79caa16694d5875b196e2c02","Warn: no reviews found for commit: 65bcd68dfaeeca448d81187d9209fdac7f1e8d93","Warn: no reviews found for commit: f82806cfa4773fe5d55fcb70c1d15fbdec0d9c6d","Warn: no reviews found for commit: f0d5634d52fdc21b0d2920fd6a3cffcea1d2b4fa","Warn: no reviews found for commit: 9388359bdd878ed4e720e1d3856fa93d6881cbbe","Warn: no reviews found for commit: 4cffdec513d439037486316337f658b821e2db85","Warn: no reviews found for commit: ded57e911da43c5a538bcafff8b703f20ac2d2e5","Warn: no reviews found for commit: 7d90c33525d1c0949aaa219e6ec439beaf2a3228","Warn: no reviews found for commit: 3093689e3393eb94b90c85df6ea14ce03c99ab0a","Warn: no reviews found for commit: 736dece2fd4a51ba4fad1f3fe4cfb69d206938c4","Warn: no reviews found for commit: ee8351ad301bbeb36a038ab225ad5cdacab4e506","Warn: no reviews found for commit: 4c32d9baa3587ef3559c0c457cc83747106dc95b","Warn: no reviews found for commit: b84f6568a97177847f7cde2cd2daf40ad98034e8","Warn: no reviews found for commit: 540a3ac757da98b1a02aac0defe0c5fd52ebb37f","Warn: no reviews found for commit: 9856981ffa4530beeeb16d304156dd961b91b147","Warn: no reviews found for commit: e379a175b0d7723ca4a232914f031b1480112dc6","Warn: no reviews found for commit: 97cccc6018ce2df1e348aaa79e801f9592b5ede8"],"documentation":{"short":"Determines if the project requires code review before pull requests (aka merge requests) are merged.","url":"https://github.com/ossf/scorecard/blob/69eb1ccf1d0cf8c5b291044479f18672bf250325/docs/checks.md#code-review"}},{"name":"Contributors","score":3,"reason":"1 different organizations found -- score normalized to 3","details":["Info: contributors work for -"],"documentation":{"short":"Determines if the project has a set of contributors from multiple organizations (e.g., companies).","url":"https://github.com/ossf/scorecard/blob/69eb1ccf1d0cf8c5b291044479f18672bf250325/docs/checks.md#contributors"}},{"name":"Dangerous-Workflow","score":10,"reason":"no dangerous workflow patterns detected","details":null,"documentation":{"short":"Determines if the project's GitHub Action workflows avoid dangerous patterns.","url":"https://github.com/ossf/scorecard/blob/69eb1ccf1d0cf8c5b291044479f18672bf250325/docs/checks.md#dangerous-workflow"}},{"name":"Dependency-Update-Tool","score":0,"reason":"no update tool detected","details":["Warn: dependabot config file not detected in source location.\n\t\t\tWe recommend setting this configuration in code so it can be easily verified by others.","Warn: renovatebot config file not detected in source location.\n\t\t\tWe recommend setting this configuration in code so it can be easily verified by others."],"documentation":{"short":"Determines if the project uses a dependency update tool.","url":"https://github.com/ossf/scorecard/blob/69eb1ccf1d0cf8c5b291044479f18672bf250325/docs/checks.md#dependency-update-tool"}},{"name":"Fuzzing","score":0,"reason":"project is not fuzzed","details":null,"documentation":{"short":"Determines if the project uses fuzzing.","url":"https://github.com/ossf/scorecard/blob/69eb1ccf1d0cf8c5b291044479f18672bf250325/docs/checks.md#fuzzing"}},{"name":"License","score":10,"reason":"license file detected","details":["Info: : LICENSE:1"],"documentation":{"short":"Determines if the project has defined a license.","url":"https://github.com/ossf/scorecard/blob/69eb1ccf1d0cf8c5b291044479f18672bf250325/docs/checks.md#license"}},{"name":"Maintained","score":5,"reason":"6 commit(s) out of 30 and 1 issue activity out of 7 found in the last 90 days -- score normalized to 5","details":null,"documentation":{"short":"Determines if the project is \"actively maintained\".","url":"https://github.com/ossf/scorecard/blob/69eb1ccf1d0cf8c5b291044479f18672bf250325/docs/checks.md#maintained"}},{"name":"Packaging","score":-1,"reason":"no published package detected","details":["Warn: no GitHub publishing workflow detected"],"documentation":{"short":"Determines if the project is published as a package that others can easily download, install, easily update, and uninstall.","url":"https://github.com/ossf/scorecard/blob/69eb1ccf1d0cf8c5b291044479f18672bf250325/docs/checks.md#packaging"}},{"name":"Pinned-Dependencies","score":-1,"reason":"internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration","details":null,"documentation":{"short":"Determines if the project has declared and pinned its dependencies.","url":"https://github.com/ossf/scorecard/blob/69eb1ccf1d0cf8c5b291044479f18672bf250325/docs/checks.md#pinned-dependencies"}},{"name":"SAST","score":0,"reason":"no SAST tool detected","details":["Warn: no pull requests merged into dev branch","Warn: CodeQL tool not detected"],"documentation":{"short":"Determines if the project uses static code analysis.","url":"https://github.com/ossf/scorecard/blob/69eb1ccf1d0cf8c5b291044479f18672bf250325/docs/checks.md#sast"}},{"name":"Security-Policy","score":0,"reason":"security policy file not detected","details":null,"documentation":{"short":"Determines if the project has published a security policy.","url":"https://github.com/ossf/scorecard/blob/69eb1ccf1d0cf8c5b291044479f18672bf250325/docs/checks.md#security-policy"}},{"name":"Signed-Releases","score":-1,"reason":"no releases found","details":["Warn: no GitHub releases found"],"documentation":{"short":"Determines if the project cryptographically signs release artifacts.","url":"https://github.com/ossf/scorecard/blob/69eb1ccf1d0cf8c5b291044479f18672bf250325/docs/checks.md#signed-releases"}},{"name":"Token-Permissions","score":-1,"reason":"internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration","details":null,"documentation":{"short":"Determines if the project's workflows follow the principle of least privilege.","url":"https://github.com/ossf/scorecard/blob/69eb1ccf1d0cf8c5b291044479f18672bf250325/docs/checks.md#token-permissions"}},{"name":"Vulnerabilities","score":10,"reason":"no vulnerabilities detected","details":null,"documentation":{"short":"Determines if the project has open, known unfixed vulnerabilities.","url":"https://github.com/ossf/scorecard/blob/69eb1ccf1d0cf8c5b291044479f18672bf250325/docs/checks.md#vulnerabilities"}},{"name":"Webhooks","score":-1,"reason":"check is not supported for this request: SCORECARD_V6 is not set, not running the Webhook check","details":["Warn: SCORECARD_V6 is not set, not running the Webhook check"],"documentation":{"short":"This check validate if the webhook defined in the repository have a token configured.","url":"https://github.com/ossf/scorecard/blob/69eb1ccf1d0cf8c5b291044479f18672bf250325/docs/checks.md#webhooks"}}]}