{"date":"2022-09-16","repo":{"name":"github.com/j2ghz/ModSink","commit":"d2c8fd26283f729e1430ef0dbdcfde1cee6544b2"},"scorecard":{"version":"v4.5.0","commit":"69eb1ccf1d0cf8c5b291044479f18672bf250325"},"score":5.2,"checks":[{"name":"Binary-Artifacts","score":10,"reason":"no binaries found in the repo","details":null,"documentation":{"short":"Determines if the project has generated executable (binary) artifacts in the source repository.","url":"https://github.com/ossf/scorecard/blob/69eb1ccf1d0cf8c5b291044479f18672bf250325/docs/checks.md#binary-artifacts"}},{"name":"Branch-Protection","score":-1,"reason":"internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration","details":null,"documentation":{"short":"Determines if the default and release branches are protected with GitHub's branch protection settings.","url":"https://github.com/ossf/scorecard/blob/69eb1ccf1d0cf8c5b291044479f18672bf250325/docs/checks.md#branch-protection"}},{"name":"CI-Tests","score":10,"reason":"8 out of 8 merged PRs checked by a CI test -- score normalized to 10","details":null,"documentation":{"short":"Determines if the project runs tests before pull requests are merged.","url":"https://github.com/ossf/scorecard/blob/69eb1ccf1d0cf8c5b291044479f18672bf250325/docs/checks.md#ci-tests"}},{"name":"CII-Best-Practices","score":0,"reason":"no badge detected","details":null,"documentation":{"short":"Determines if the project has a CII Best Practices Badge.","url":"https://github.com/ossf/scorecard/blob/69eb1ccf1d0cf8c5b291044479f18672bf250325/docs/checks.md#cii-best-practices"}},{"name":"Code-Review","score":2,"reason":"GitHub code reviews found for 8 commits out of the last 30 -- score normalized to 2","details":["Warn: no reviews found for commit: d2c8fd26283f729e1430ef0dbdcfde1cee6544b2","Warn: no reviews found for commit: 623d5317d6c8b6d91aebfaf82d1584f1bde50b7e","Warn: no reviews found for commit: 8ab4ed96a7c1efba51645cebb70e9fc62bf5ab38","Warn: no reviews found for commit: 4ea6801549c9861ebc2fc6b2b5a88a5ead77240c","Warn: no reviews found for commit: 8bc39dda99b7448e88e594a57fd539eed5851de8","Warn: no reviews found for commit: 9fdeaae70d5eaf64aa7a7e03d59a692750935450","Warn: no reviews found for commit: b925518765588ded8b581b1b847bb3cce3222436","Warn: no reviews found for commit: 274e73e8f1badd481bb2c585aaae1587ad09a0fd","Warn: no reviews found for commit: c576189b644de9b6120d12811c187e008e85511d","Warn: no reviews found for commit: 2670a149bee89387cd63fcca5acfd8bc68d4a94f","Warn: no reviews found for commit: 140aa61f0aa9575574ec9479588cf05b69feebad","Warn: no reviews found for commit: bbc1cd49222c1a6a15f5d8d786e426e0adfeed13","Warn: no reviews found for commit: c769cd24d4049d90bc08048b16c151028618b5c4","Warn: no reviews found for commit: c661168e30da483233043f1bc6bb5bdf155871ee","Warn: no reviews found for commit: f9fc885be62a689c779ba3f117a3d61b2def15f1","Warn: no reviews found for commit: e63ed31d8697c577f0ae3337ee5e890043eee96b","Warn: no reviews found for commit: 86787d7668f1be750443a59aff49e99a06b37347","Warn: no reviews found for commit: 04e500004416aa4828f5930795454f1514cbcfe1","Warn: no reviews found for commit: a5bd473aaa6572bd03472ed572f6d003f40d587c","Warn: no reviews found for commit: 3cbfa4e11f900ea49750f4d72f0ddf12bfcc6458","Warn: no reviews found for commit: ae2c65dcc0260608414a02220d4cd31e88dc269d","Warn: no reviews found for commit: fedac345bf5ce69771c277ab1cbe7297f7411eef"],"documentation":{"short":"Determines if the project requires code review before pull requests (aka merge requests) are merged.","url":"https://github.com/ossf/scorecard/blob/69eb1ccf1d0cf8c5b291044479f18672bf250325/docs/checks.md#code-review"}},{"name":"Contributors","score":3,"reason":"1 different organizations found -- score normalized to 3","details":["Info: contributors work for tachiyomiorg"],"documentation":{"short":"Determines if the project has a set of contributors from multiple organizations (e.g., companies).","url":"https://github.com/ossf/scorecard/blob/69eb1ccf1d0cf8c5b291044479f18672bf250325/docs/checks.md#contributors"}},{"name":"Dangerous-Workflow","score":10,"reason":"no dangerous workflow patterns detected","details":null,"documentation":{"short":"Determines if the project's GitHub Action workflows avoid dangerous patterns.","url":"https://github.com/ossf/scorecard/blob/69eb1ccf1d0cf8c5b291044479f18672bf250325/docs/checks.md#dangerous-workflow"}},{"name":"Dependency-Update-Tool","score":10,"reason":"update tool detected","details":["Info: Dependabot detected: .github/dependabot.yml:1"],"documentation":{"short":"Determines if the project uses a dependency update tool.","url":"https://github.com/ossf/scorecard/blob/69eb1ccf1d0cf8c5b291044479f18672bf250325/docs/checks.md#dependency-update-tool"}},{"name":"Fuzzing","score":0,"reason":"project is not fuzzed","details":null,"documentation":{"short":"Determines if the project uses fuzzing.","url":"https://github.com/ossf/scorecard/blob/69eb1ccf1d0cf8c5b291044479f18672bf250325/docs/checks.md#fuzzing"}},{"name":"License","score":10,"reason":"license file detected","details":["Info: : LICENSE:1"],"documentation":{"short":"Determines if the project has defined a license.","url":"https://github.com/ossf/scorecard/blob/69eb1ccf1d0cf8c5b291044479f18672bf250325/docs/checks.md#license"}},{"name":"Maintained","score":2,"reason":"3 commit(s) out of 30 and 0 issue activity out of 9 found in the last 90 days -- score normalized to 2","details":null,"documentation":{"short":"Determines if the project is \"actively maintained\".","url":"https://github.com/ossf/scorecard/blob/69eb1ccf1d0cf8c5b291044479f18672bf250325/docs/checks.md#maintained"}},{"name":"Packaging","score":-1,"reason":"no published package detected","details":["Warn: no GitHub publishing workflow detected"],"documentation":{"short":"Determines if the project is published as a package that others can easily download, install, easily update, and uninstall.","url":"https://github.com/ossf/scorecard/blob/69eb1ccf1d0cf8c5b291044479f18672bf250325/docs/checks.md#packaging"}},{"name":"Pinned-Dependencies","score":-1,"reason":"internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration","details":null,"documentation":{"short":"Determines if the project has declared and pinned its dependencies.","url":"https://github.com/ossf/scorecard/blob/69eb1ccf1d0cf8c5b291044479f18672bf250325/docs/checks.md#pinned-dependencies"}},{"name":"SAST","score":0,"reason":"SAST tool is not run on all commits -- score normalized to 0","details":["Warn: 0 commits out of 8 are checked with a SAST tool","Warn: CodeQL tool not detected"],"documentation":{"short":"Determines if the project uses static code analysis.","url":"https://github.com/ossf/scorecard/blob/69eb1ccf1d0cf8c5b291044479f18672bf250325/docs/checks.md#sast"}},{"name":"Security-Policy","score":0,"reason":"security policy file not detected","details":null,"documentation":{"short":"Determines if the project has published a security policy.","url":"https://github.com/ossf/scorecard/blob/69eb1ccf1d0cf8c5b291044479f18672bf250325/docs/checks.md#security-policy"}},{"name":"Signed-Releases","score":0,"reason":"0 out of 5 artifacts are signed -- score normalized to 0","details":["Warn: release artifact v0.5.5 not signed: https://api.github.com/repos/j2ghz/ModSink/releases/64037229","Warn: release artifact v0.5.3 not signed: https://api.github.com/repos/j2ghz/ModSink/releases/60206733","Warn: release artifact v0.5.1 not signed: https://api.github.com/repos/j2ghz/ModSink/releases/59284277","Warn: release artifact 0.4.7.build.43 not signed: https://api.github.com/repos/j2ghz/ModSink/releases/17768039","Warn: release artifact 0.4.6.build.36 not signed: https://api.github.com/repos/j2ghz/ModSink/releases/17749335"],"documentation":{"short":"Determines if the project cryptographically signs release artifacts.","url":"https://github.com/ossf/scorecard/blob/69eb1ccf1d0cf8c5b291044479f18672bf250325/docs/checks.md#signed-releases"}},{"name":"Token-Permissions","score":-1,"reason":"internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration","details":null,"documentation":{"short":"Determines if the project's workflows follow the principle of least privilege.","url":"https://github.com/ossf/scorecard/blob/69eb1ccf1d0cf8c5b291044479f18672bf250325/docs/checks.md#token-permissions"}},{"name":"Vulnerabilities","score":10,"reason":"no vulnerabilities detected","details":null,"documentation":{"short":"Determines if the project has open, known unfixed vulnerabilities.","url":"https://github.com/ossf/scorecard/blob/69eb1ccf1d0cf8c5b291044479f18672bf250325/docs/checks.md#vulnerabilities"}},{"name":"Webhooks","score":-1,"reason":"check is not supported for this request: SCORECARD_V6 is not set, not running the Webhook check","details":["Warn: SCORECARD_V6 is not set, not running the Webhook check"],"documentation":{"short":"This check validate if the webhook defined in the repository have a token configured.","url":"https://github.com/ossf/scorecard/blob/69eb1ccf1d0cf8c5b291044479f18672bf250325/docs/checks.md#webhooks"}}]}