{"date":"2026-05-14T08:28:01Z","repo":{"name":"github.com/newrelic/newrelic-dotnet-agent","commit":"d3bb1799e7c5d62a848d637d6ed0cf055dc34004"},"scorecard":{"version":"v5.3.0","commit":"c22063e786c11f9dd714d777a687ff7c4599b600"},"score":7.8,"checks":[{"name":"Code-Review","score":10,"reason":"all changesets reviewed","details":null,"documentation":{"short":"Determines if the project requires human code review before pull requests (aka merge requests) are merged.","url":"https://github.com/ossf/scorecard/blob/c22063e786c11f9dd714d777a687ff7c4599b600/docs/checks.md#code-review"}},{"name":"Maintained","score":10,"reason":"30 commit(s) and 20 issue activity found in the last 90 days -- score normalized to 10","details":null,"documentation":{"short":"Determines if the project is \"actively maintained\".","url":"https://github.com/ossf/scorecard/blob/c22063e786c11f9dd714d777a687ff7c4599b600/docs/checks.md#maintained"}},{"name":"Dependency-Update-Tool","score":10,"reason":"update tool detected","details":["Info: detected update tool: Dependabot: .github/dependabot.yml:1"],"documentation":{"short":"Determines if the project uses a dependency update tool.","url":"https://github.com/ossf/scorecard/blob/c22063e786c11f9dd714d777a687ff7c4599b600/docs/checks.md#dependency-update-tool"}},{"name":"Dangerous-Workflow","score":10,"reason":"no dangerous workflow patterns detected","details":null,"documentation":{"short":"Determines if the project's GitHub Action workflows avoid dangerous patterns.","url":"https://github.com/ossf/scorecard/blob/c22063e786c11f9dd714d777a687ff7c4599b600/docs/checks.md#dangerous-workflow"}},{"name":"Binary-Artifacts","score":0,"reason":"binaries present in source code","details":["Warn: binary detected: build/Tools/NUnit-Console/Mono.Cecil.dll:1","Warn: binary detected: build/Tools/NUnit-Console/addins/nunit-project-loader.dll:1","Warn: binary detected: build/Tools/NUnit-Console/addins/nunit-v2-result-writer.dll:1","Warn: binary detected: build/Tools/NUnit-Console/addins/nunit.core.dll:1","Warn: binary detected: build/Tools/NUnit-Console/addins/nunit.core.interfaces.dll:1","Warn: binary detected: build/Tools/NUnit-Console/addins/nunit.v2.driver.dll:1","Warn: binary detected: build/Tools/NUnit-Console/addins/teamcity-event-listener.dll:1","Warn: binary detected: build/Tools/NUnit-Console/addins/vs-project-loader.dll:1","Warn: binary detected: build/Tools/NUnit-Console/nunit-agent-x86.exe:1","Warn: binary detected: build/Tools/NUnit-Console/nunit-agent.exe:1","Warn: binary detected: build/Tools/NUnit-Console/nunit.engine.api.dll:1","Warn: binary detected: build/Tools/NUnit-Console/nunit.engine.dll:1","Warn: binary detected: build/Tools/NUnit-Console/nunit3-console.exe:1","Warn: binary detected: build/Tools/NuGet/nuget.exe:1","Warn: binary detected: build/Tools/XUnit-Console/xunit.abstractions.dll:1","Warn: binary detected: build/Tools/XUnit-Console/xunit.console.exe:1","Warn: binary detected: build/Tools/XUnit-Console/xunit.console.x86.exe:1","Warn: binary detected: build/Tools/XUnit-Console/xunit.runner.reporters.net452.dll:1","Warn: binary detected: build/Tools/XUnit-Console/xunit.runner.utility.net452.dll:1","Warn: binary detected: build/Tools/nuget.4.4.1.exe:1","Warn: binary detected: build/Tools/nuget.exe:1","Warn: binary detected: build/Tools/sqlncli.msi:1","Warn: binary detected: build/Tools/vswhere.exe:1","Warn: binary detected: build/Tools/xsd2code/Xsd2Code.Library.dll:1","Warn: binary detected: build/Tools/xsd2code/Xsd2Code.exe:1","Warn: binary detected: tests/Agent/IntegrationTests/ExternalLibs/NewRelic.Api.Agent.dll:1"],"documentation":{"short":"Determines if the project has generated executable (binary) artifacts in the source repository.","url":"https://github.com/ossf/scorecard/blob/c22063e786c11f9dd714d777a687ff7c4599b600/docs/checks.md#binary-artifacts"}},{"name":"Token-Permissions","score":10,"reason":"GitHub workflow tokens follow principle of least privilege","details":["Warn: jobLevel 'actions' permission set to 'write': .github/workflows/all_solutions.yml:1236","Info: jobLevel 'contents' permission set to 'read': .github/workflows/all_solutions.yml:1237","Warn: jobLevel 'actions' permission set to 'write': .github/workflows/all_solutions.yml:1340","Info: jobLevel 'contents' permission set to 'read': .github/workflows/all_solutions.yml:1341","Info: jobLevel 'pull-requests' permission set to 'read': .github/workflows/all_solutions.yml:50","Info: jobLevel 'contents' permission set to 'read': .github/workflows/all_solutions.yml:49","Warn: jobLevel 'actions' permission set to 'write': .github/workflows/all_solutions.yml:180","Info: jobLevel 'contents' permission set to 'read': .github/workflows/all_solutions.yml:181","Warn: jobLevel 'actions' permission set to 'write': .github/workflows/all_solutions.yml:1132","Info: jobLevel 'contents' permission set to 'read': .github/workflows/all_solutions.yml:1133","Info: jobLevel 'contents' permission set to 'read': .github/workflows/build_profiler.yml:198","Info: jobLevel 'pull-requests' permission set to 'read': .github/workflows/build_profiler.yml:43","Info: jobLevel 'contents' permission set to 'read': .github/workflows/build_profiler.yml:42","Info: jobLevel 'contents' permission set to 'read': .github/workflows/build_profiler.yml:146","Info: jobLevel 'pull-requests' permission set to 'read': .github/workflows/check_modified_files.yml:17","Info: jobLevel 'contents' permission set to 'read': .github/workflows/codeql.yml:28","Info: jobLevel 'pull-requests' permission set to 'read': .github/workflows/codeql.yml:29","Info: jobLevel 'actions' permission set to 'read': .github/workflows/codeql.yml:38","Info: jobLevel 'contents' permission set to 'read': .github/workflows/codeql.yml:39","Info: jobLevel 'actions' permission set to 'read': .github/workflows/codeql.yml:88","Info: jobLevel 'contents' permission set to 'read': .github/workflows/codeql.yml:89","Info: jobLevel 'contents' permission set to 'read': .github/workflows/deploy_agent.yml:475","Info: jobLevel 'packages' permission set to 'read': .github/workflows/deploy_agent.yml:476","Info: jobLevel 'contents' permission set to 'read': .github/workflows/deploy_agent.yml:488","Warn: jobLevel 'contents' permission set to 'write': .github/workflows/dotty.yml:28","Warn: jobLevel 'actions' permission set to 'write': .github/workflows/linux_container_tests.yml:215","Info: jobLevel 'contents' permission set to 'read': .github/workflows/linux_container_tests.yml:216","Info: jobLevel 'pull-requests' permission set to 'read': .github/workflows/pr_title_checker.yml:22","Info: jobLevel 'contents' permission set to 'read': .github/workflows/pr_title_checker.yml:21","Warn: jobLevel 'contents' permission set to 'write': .github/workflows/release-please.yml:18","Info: jobLevel 'contents' permission set to 'read': .github/workflows/unit_tests.yml:35","Info: jobLevel 'pull-requests' permission set to 'read': .github/workflows/unit_tests.yml:36","Info: topLevel 'contents' permission set to 'read': .github/workflows/agent_metadata.yml:4","Info: topLevel 'contents' permission set to 'read': .github/workflows/all_solutions.yml:34","Info: topLevel 'contents' permission set to 'read': .github/workflows/build_buildtools.yml:14","Info: topLevel 'contents' permission set to 'read': .github/workflows/build_download_site_index_files.yml:47","Info: topLevel 'packages' permission set to 'read': .github/workflows/build_download_site_index_files.yml:48","Info: topLevel 'contents' permission set to 'read': .github/workflows/build_profiler.yml:24","Info: topLevel 'contents' permission set to 'read': .github/workflows/check_modified_files.yml:10","Info: topLevel 'contents' permission set to 'read': .github/workflows/codeql.yml:15","Info: topLevel 'contents' permission set to 'read': .github/workflows/compare_performance.yml:159","Info: topLevel 'actions' permission set to 'read': .github/workflows/compare_performance.yml:160","Info: topLevel 'contents' permission set to 'read': .github/workflows/deploy-k8s-unboundedservices.yml:26","Info: topLevel 'contents' permission set to 'read': .github/workflows/deploy_agent.yml:49","Info: topLevel 'packages' permission set to 'read': .github/workflows/deploy_agent.yml:50","Info: topLevel 'contents' permission set to 'read': .github/workflows/deploy_siteextension.yml:19","Info: topLevel 'actions' permission set to 'read': .github/workflows/deploy_siteextension.yml:18","Info: topLevel 'contents' permission set to 'read': .github/workflows/dotty.yml:21","Info: topLevel 'contents' permission set to 'read': .github/workflows/linux_container_tests.yml:38","Info: topLevel 'contents' permission set to 'read': .github/workflows/markdowncheck.yml:14","Info: topLevel 'packages' permission set to 'read': .github/workflows/post_deploy_agent.yml:37","Info: topLevel 'contents' permission set to 'read': .github/workflows/post_deploy_agent.yml:36","Info: found token with 'none' permissions: .github/workflows/pr_title_checker.yml:1","Info: topLevel 'contents' permission set to 'read': .github/workflows/publish_release_notes.yml:26","Info: topLevel 'packages' permission set to 'read': .github/workflows/publish_release_notes.yml:27","Info: topLevel 'contents' permission set to 'read': .github/workflows/release-please.yml:12","Info: topLevel permissions set to 'read-all': .github/workflows/scorecard.yml:16","Info: topLevel 'contents' permission set to 'read': .github/workflows/set_community_label.yml:8","Info: topLevel 'contents' permission set to 'read': .github/workflows/siteextension_release.yml:14","Info: topLevel 'contents' permission set to 'read': .github/workflows/unit_tests.yml:27"],"documentation":{"short":"Determines if the project's workflows follow the principle of least privilege.","url":"https://github.com/ossf/scorecard/blob/c22063e786c11f9dd714d777a687ff7c4599b600/docs/checks.md#token-permissions"}},{"name":"Vulnerabilities","score":10,"reason":"0 existing vulnerabilities detected","details":null,"documentation":{"short":"Determines if the project has open, known unfixed vulnerabilities.","url":"https://github.com/ossf/scorecard/blob/c22063e786c11f9dd714d777a687ff7c4599b600/docs/checks.md#vulnerabilities"}},{"name":"CII-Best-Practices","score":0,"reason":"no effort to earn an OpenSSF best practices badge detected","details":null,"documentation":{"short":"Determines if the project has an OpenSSF (formerly CII) Best Practices Badge.","url":"https://github.com/ossf/scorecard/blob/c22063e786c11f9dd714d777a687ff7c4599b600/docs/checks.md#cii-best-practices"}},{"name":"License","score":10,"reason":"license file detected","details":["Info: project has a license file: LICENSE:0","Info: FSF or OSI recognized license: Apache License 2.0: LICENSE:0"],"documentation":{"short":"Determines if the project has defined a license.","url":"https://github.com/ossf/scorecard/blob/c22063e786c11f9dd714d777a687ff7c4599b600/docs/checks.md#license"}},{"name":"Signed-Releases","score":-1,"reason":"no releases found","details":null,"documentation":{"short":"Determines if the project cryptographically signs release artifacts.","url":"https://github.com/ossf/scorecard/blob/c22063e786c11f9dd714d777a687ff7c4599b600/docs/checks.md#signed-releases"}},{"name":"Branch-Protection","score":5,"reason":"branch protection is not maximal on development and all release branches","details":["Info: 'allow deletion' disabled on branch 'main'","Info: 'force pushes' disabled on branch 'main'","Warn: 'branch protection settings apply to administrators' is disabled on branch 'main'","Info: 'stale review dismissal' is required to merge on branch 'main'","Warn: required approving review count is 1 on branch 'main'","Info: codeowner review is required on branch 'main'","Info: 'last push approval' is required to merge on branch 'main'","Warn: 'up-to-date branches' is disabled on branch 'main'","Info: status check found to merge onto on branch 'main'","Info: PRs are required in order to make changes on branch 'main'"],"documentation":{"short":"Determines if the default and release branches are protected with GitHub's branch protection settings.","url":"https://github.com/ossf/scorecard/blob/c22063e786c11f9dd714d777a687ff7c4599b600/docs/checks.md#branch-protection"}},{"name":"Packaging","score":10,"reason":"packaging workflow detected","details":["Info: Project packages its releases by way of GitHub Actions.: .github/workflows/build_profiler.yml:264"],"documentation":{"short":"Determines if the project is published as a package that others can easily download, install, easily update, and uninstall.","url":"https://github.com/ossf/scorecard/blob/c22063e786c11f9dd714d777a687ff7c4599b600/docs/checks.md#packaging"}},{"name":"Fuzzing","score":0,"reason":"project is not fuzzed","details":["Warn: no fuzzer integrations found"],"documentation":{"short":"Determines if the project uses fuzzing.","url":"https://github.com/ossf/scorecard/blob/c22063e786c11f9dd714d777a687ff7c4599b600/docs/checks.md#fuzzing"}},{"name":"SAST","score":10,"reason":"SAST tool is run on all commits","details":["Info: SAST configuration detected: CodeQL","Info: SAST configuration detected: CodeQL","Info: all commits (30) are checked with a SAST tool"],"documentation":{"short":"Determines if the project uses static code analysis.","url":"https://github.com/ossf/scorecard/blob/c22063e786c11f9dd714d777a687ff7c4599b600/docs/checks.md#sast"}},{"name":"Security-Policy","score":10,"reason":"security policy file detected","details":["Info: security policy file detected: github.com/newrelic/.github/SECURITY.md:1","Info: Found linked content: github.com/newrelic/.github/SECURITY.md:1","Info: Found disclosure, vulnerability, and/or timelines in security policy: github.com/newrelic/.github/SECURITY.md:1","Info: Found text in security policy: github.com/newrelic/.github/SECURITY.md:1"],"documentation":{"short":"Determines if the project has published a security policy.","url":"https://github.com/ossf/scorecard/blob/c22063e786c11f9dd714d777a687ff7c4599b600/docs/checks.md#security-policy"}},{"name":"CI-Tests","score":10,"reason":"30 out of 30 merged PRs checked by a CI test -- score normalized to 10","details":null,"documentation":{"short":"Determines if the project runs tests before pull requests are merged.","url":"https://github.com/ossf/scorecard/blob/c22063e786c11f9dd714d777a687ff7c4599b600/docs/checks.md#ci-tests"}},{"name":"Pinned-Dependencies","score":5,"reason":"dependency not pinned by hash detected -- score normalized to 5","details":["Warn: third-party GitHubAction not pinned by hash: .github/workflows/agent_metadata.yml:52: update your workflow using https://app.stepsecurity.io/secureworkflow/newrelic/newrelic-dotnet-agent/agent_metadata.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/deploy_agent.yml:466: update your workflow using https://app.stepsecurity.io/secureworkflow/newrelic/newrelic-dotnet-agent/deploy_agent.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/deploy_agent.yml:480: update your workflow using https://app.stepsecurity.io/secureworkflow/newrelic/newrelic-dotnet-agent/deploy_agent.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/deploy_agent.yml:491: update your workflow using https://app.stepsecurity.io/secureworkflow/newrelic/newrelic-dotnet-agent/deploy_agent.yml/main?enable=pin","Warn: containerImage not pinned by hash: build/Linux/build/deb/Dockerfile:1: pin your Docker image by updating debian:stable to debian:stable@sha256:23759e4f84483a4a2b312eb72e0aa68ad3526344fb2e7caa2eb64846b0d7e142","Warn: containerImage not pinned by hash: build/Linux/test/distros/centos/Dockerfile:1: pin your Docker image by updating centos:7 to centos:7@sha256:be65f488b7764ad3638f236b7b515b3678369a5124c47b8d32916d6487418ea4","Warn: containerImage not pinned by hash: build/Linux/test/distros/debian/Dockerfile:1: pin your Docker image by updating mcr.microsoft.com/dotnet/sdk:6.0 to mcr.microsoft.com/dotnet/sdk:6.0@sha256:c8fdd06e430de9f4ddd066b475ea350d771f341b77dd5ff4c2fafa748e3f2ef2","Warn: containerImage not pinned by hash: src/Agent/NewRelic/Profiler/linux/DebugDockerfile:3: pin your Docker image by updating ubuntu:18.04 to ubuntu:18.04@sha256:152dc042452c496007f07ca9127571cb9c29697f42acbfad72324b2bb2e43c98","Warn: containerImage not pinned by hash: src/Agent/NewRelic/Profiler/linux/Dockerfile.new:6: pin your Docker image by updating ubuntu:18.04 to ubuntu:18.04@sha256:152dc042452c496007f07ca9127571cb9c29697f42acbfad72324b2bb2e43c98","Warn: containerImage not pinned by hash: tests/Agent/IntegrationTests/ContainerApplications/AwsSdkTestApp/Dockerfile:5","Warn: containerImage not pinned by hash: tests/Agent/IntegrationTests/ContainerApplications/AwsSdkTestApp/Dockerfile:10","Warn: containerImage not pinned by hash: tests/Agent/IntegrationTests/ContainerApplications/AwsSdkTestApp/Dockerfile:20","Warn: containerImage not pinned by hash: tests/Agent/IntegrationTests/ContainerApplications/AwsSdkTestApp/Dockerfile:23","Warn: containerImage not pinned by hash: tests/Agent/IntegrationTests/ContainerApplications/CustomBaseContainerBuild/Dockerfile.CustomBaseImage:2","Warn: containerImage not pinned by hash: tests/Agent/IntegrationTests/ContainerApplications/KafkaTestApp/Dockerfile:3","Warn: containerImage not pinned by hash: tests/Agent/IntegrationTests/ContainerApplications/KafkaTestApp/Dockerfile:10","Warn: containerImage not pinned by hash: tests/Agent/IntegrationTests/ContainerApplications/KafkaTestApp/Dockerfile:22","Warn: containerImage not pinned by hash: tests/Agent/IntegrationTests/ContainerApplications/KafkaTestApp/Dockerfile:26","Warn: containerImage not pinned by hash: tests/Agent/IntegrationTests/ContainerApplications/MassTransitTestApp/Dockerfile:3","Warn: containerImage not pinned by hash: tests/Agent/IntegrationTests/ContainerApplications/MassTransitTestApp/Dockerfile:10","Warn: containerImage not pinned by hash: tests/Agent/IntegrationTests/ContainerApplications/MassTransitTestApp/Dockerfile:22","Warn: containerImage not pinned by hash: tests/Agent/IntegrationTests/ContainerApplications/MassTransitTestApp/Dockerfile:26","Warn: containerImage not pinned by hash: tests/Agent/IntegrationTests/ContainerApplications/MemcachedTestApp/Dockerfile:3","Warn: containerImage not pinned by hash: tests/Agent/IntegrationTests/ContainerApplications/MemcachedTestApp/Dockerfile:10","Warn: containerImage not pinned by hash: tests/Agent/IntegrationTests/ContainerApplications/MemcachedTestApp/Dockerfile:22","Warn: containerImage not pinned by hash: tests/Agent/IntegrationTests/ContainerApplications/MemcachedTestApp/Dockerfile:27","Warn: containerImage not pinned by hash: tests/Agent/IntegrationTests/ContainerApplications/SmokeTestApp/Dockerfile:5","Warn: containerImage not pinned by hash: tests/Agent/IntegrationTests/ContainerApplications/SmokeTestApp/Dockerfile:10","Warn: containerImage not pinned by hash: tests/Agent/IntegrationTests/ContainerApplications/SmokeTestApp/Dockerfile:20","Warn: containerImage not pinned by hash: tests/Agent/IntegrationTests/ContainerApplications/SmokeTestApp/Dockerfile:23","Warn: containerImage not pinned by hash: tests/Agent/IntegrationTests/ContainerApplications/SmokeTestApp/Dockerfile.amazon:7","Warn: containerImage not pinned by hash: tests/Agent/IntegrationTests/ContainerApplications/SmokeTestApp/Dockerfile.amazon:12","Warn: containerImage not pinned by hash: tests/Agent/IntegrationTests/ContainerApplications/SmokeTestApp/Dockerfile.amazon:22","Warn: containerImage not pinned by hash: tests/Agent/IntegrationTests/ContainerApplications/SmokeTestApp/Dockerfile.amazon:25","Warn: containerImage not pinned by hash: tests/Agent/IntegrationTests/ContainerApplications/SmokeTestApp/Dockerfile.centos:4: pin your Docker image by updating quay.io/centos/centos:stream9 to quay.io/centos/centos:stream9@sha256:dbd9d8293d90c33829dab178cb2713218855c11d30353ea1b2e06fb168a7ceba","Warn: containerImage not pinned by hash: tests/Agent/IntegrationTests/ContainerApplications/SmokeTestApp/Dockerfile.centos:9","Warn: containerImage not pinned by hash: tests/Agent/IntegrationTests/ContainerApplications/SmokeTestApp/Dockerfile.centos:19","Warn: containerImage not pinned by hash: tests/Agent/IntegrationTests/ContainerApplications/SmokeTestApp/Dockerfile.centos:22","Warn: containerImage not pinned by hash: tests/Agent/IntegrationTests/ContainerApplications/SmokeTestApp/Dockerfile.fedora:6","Warn: containerImage not pinned by hash: tests/Agent/IntegrationTests/ContainerApplications/SmokeTestApp/Dockerfile.fedora:11","Warn: containerImage not pinned by hash: tests/Agent/IntegrationTests/ContainerApplications/SmokeTestApp/Dockerfile.fedora:21","Warn: containerImage not pinned by hash: tests/Agent/IntegrationTests/ContainerApplications/SmokeTestApp/Dockerfile.fedora:24","Warn: containerImage not pinned by hash: tests/Agent/IntegrationTests/UnboundedServices/cosmosdb/Dockerfile:1: pin your Docker image by updating mcr.microsoft.com/cosmosdb/linux/azure-cosmos-emulator:latest to mcr.microsoft.com/cosmosdb/linux/azure-cosmos-emulator:latest@sha256:50e0086d6171874ee136458d80f413f423a01ef56b1a6009d8628cc1bd1ad4ce","Warn: containerImage not pinned by hash: tests/Agent/IntegrationTests/UnboundedServices/elastic7/Dockerfile:2: pin your Docker image by updating elasticsearch:7.17.10 to elasticsearch:7.17.10@sha256:43b9e781ebb2bd731ea3966bb816edce947e34965676046b3c0f8c17318cee72","Warn: containerImage not pinned by hash: tests/Agent/IntegrationTests/UnboundedServices/elastic8/Dockerfile:1: pin your Docker image by updating elasticsearch:8.6.2 to elasticsearch:8.6.2@sha256:93bc71907ca0e6e3b4f181e0dc850b90bb6cb2686c2778def0b8542398983c28","Warn: containerImage not pinned by hash: tests/Agent/IntegrationTests/UnboundedServices/elastic9/Dockerfile:1: pin your Docker image by updating elasticsearch:9.0.4 to elasticsearch:9.0.4@sha256:abbb10c17bf4259b3c44bb970a40fc231ad969052a58fcdcc9008fe75b1f9960","Warn: containerImage not pinned by hash: tests/Agent/IntegrationTests/UnboundedServices/mongodb32/Dockerfile:1: pin your Docker image by updating mongo:3.2 to mongo:3.2@sha256:0463a91d8eff189747348c154507afc7aba045baa40e8d58d8a4c798e71001f3","Warn: containerImage not pinned by hash: tests/Agent/IntegrationTests/UnboundedServices/mongodb60/Dockerfile:1: pin your Docker image by updating mongo:6.0.27 to mongo:6.0.27@sha256:03cda579c8caad6573cb98c2b3d5ff5ead452a6450561129b89595b4b9c18de2","Warn: containerImage not pinned by hash: tests/Agent/IntegrationTests/UnboundedServices/mssql/Dockerfile:1: pin your Docker image by updating mcr.microsoft.com/mssql/server:2022-latest to mcr.microsoft.com/mssql/server:2022-latest@sha256:d01cc45e6b920eff17abc60295b8748821e09b678f0fcf54959ef37406b80203","Warn: containerImage not pinned by hash: tests/Agent/IntegrationTests/UnboundedServices/mysql/Dockerfile:1: pin your Docker image by updating mysql:lts to mysql:lts@sha256:c11782aa2a96624c1efc121768641d96954faa136d6aa82751b032d8c426ffbc","Warn: containerImage not pinned by hash: tests/Agent/IntegrationTests/UnboundedServices/oracle/Dockerfile:1: pin your Docker image by updating container-registry.oracle.com/database/free:latest-lite to container-registry.oracle.com/database/free:latest-lite@sha256:481dbb4a1ea7cac6aadd354ff42b48fb7e4df955725158f237ad58c8fca1f458","Warn: containerImage not pinned by hash: tests/Agent/IntegrationTests/UnboundedServices/postgres/Dockerfile:1: pin your Docker image by updating postgres:15 to postgres:15@sha256:32016c79bea24c14917660106bc23a03341d94b9983aeb41f4130b4f3fbd6dd0","Warn: containerImage not pinned by hash: tests/Agent/IntegrationTests/UnboundedServices/rabbitmq/Dockerfile:1: pin your Docker image by updating rabbitmq:3.9.5 to rabbitmq:3.9.5@sha256:3b3f7b55be78e1b3c7330671ffc3f5e3670f66f040a4a429109a7f56c90464dc","Warn: containerImage not pinned by hash: tests/Agent/IntegrationTests/UnboundedServices/redis/Dockerfile:1: pin your Docker image by updating redis:6.2.5 to redis:6.2.5@sha256:c98f0230b5f1831f4f5dd764c4ea8ef11d3e3a1a3593278eb952373d97c82b27","Warn: containerImage not pinned by hash: tests/Agent/PerformanceTests/PerformanceTestApp/Dockerfile:13: pin your Docker image by updating mcr.microsoft.com/dotnet/aspnet:10.0 to mcr.microsoft.com/dotnet/aspnet:10.0@sha256:9b5222b0ff8e9eb991a7c1a64b25f0f771d21ccc05dfa1c834f5668ffd9cd73f","Warn: containerImage not pinned by hash: tests/Agent/PerformanceTests/ReportGenerator/Dockerfile:1: pin your Docker image by updating mcr.microsoft.com/dotnet/sdk:10.0 to mcr.microsoft.com/dotnet/sdk:10.0@sha256:dc8430e6024d454edadad1e160e1973be3cabbb7125998ef190d9e5c6adf7dbb","Warn: containerImage not pinned by hash: tests/Agent/PerformanceTests/ReportGenerator/Dockerfile:8: pin your Docker image by updating mcr.microsoft.com/dotnet/runtime:10.0 to mcr.microsoft.com/dotnet/runtime:10.0@sha256:dcc1b45395697ed27239d121eb8f3d5f2e2fd195257d1b8119cb3e9eb85ad44f","Warn: containerImage not pinned by hash: tests/Agent/PerformanceTests/TrafficDriver/Dockerfile:1: pin your Docker image by updating python:3.12-slim to python:3.12-slim@sha256:401f6e1a67dad31a1bd78e9ad22d0ee0a3b52154e6bd30e90be696bb6a3d7461","Warn: nugetCommand not pinned by hash: build/Linux/test/distros/centos/Dockerfile:16-18: pin your dependecies by either enabling central package management (https://learn.microsoft.com/nuget/consume-packages/Central-Package-Management) or using a lockfile (https://learn.microsoft.com/nuget/consume-packages/package-references-in-project-files#locking-dependencies)","Warn: nugetCommand not pinned by hash: build/Linux/test/distros/centos/Dockerfile:24-26: pin your dependecies by either enabling central package management (https://learn.microsoft.com/nuget/consume-packages/Central-Package-Management) or using a lockfile (https://learn.microsoft.com/nuget/consume-packages/package-references-in-project-files#locking-dependencies)","Warn: nugetCommand not pinned by hash: build/Linux/test/distros/debian/Dockerfile:11-13: pin your dependecies by either enabling central package management (https://learn.microsoft.com/nuget/consume-packages/Central-Package-Management) or using a lockfile (https://learn.microsoft.com/nuget/consume-packages/package-references-in-project-files#locking-dependencies)","Warn: nugetCommand not pinned by hash: build/Linux/test/distros/debian/Dockerfile:19-21: pin your dependecies by either enabling central package management (https://learn.microsoft.com/nuget/consume-packages/Central-Package-Management) or using a lockfile (https://learn.microsoft.com/nuget/consume-packages/package-references-in-project-files#locking-dependencies)","Warn: nugetCommand not pinned by hash: tests/Agent/IntegrationTests/ContainerApplications/AwsSdkTestApp/Dockerfile:15: pin your dependecies by either enabling central package management (https://learn.microsoft.com/nuget/consume-packages/Central-Package-Management) or using a lockfile (https://learn.microsoft.com/nuget/consume-packages/package-references-in-project-files#locking-dependencies)","Warn: downloadThenRun not pinned by hash: tests/Agent/IntegrationTests/ContainerApplications/CustomBaseContainerBuild/Dockerfile.CustomBaseImage:16","Warn: nugetCommand not pinned by hash: tests/Agent/IntegrationTests/ContainerApplications/KafkaTestApp/Dockerfile:15: pin your dependecies by either enabling central package management (https://learn.microsoft.com/nuget/consume-packages/Central-Package-Management) or using a lockfile (https://learn.microsoft.com/nuget/consume-packages/package-references-in-project-files#locking-dependencies)","Warn: nugetCommand not pinned by hash: tests/Agent/IntegrationTests/ContainerApplications/MassTransitTestApp/Dockerfile:15: pin your dependecies by either enabling central package management (https://learn.microsoft.com/nuget/consume-packages/Central-Package-Management) or using a lockfile (https://learn.microsoft.com/nuget/consume-packages/package-references-in-project-files#locking-dependencies)","Warn: nugetCommand not pinned by hash: tests/Agent/IntegrationTests/ContainerApplications/MemcachedTestApp/Dockerfile:15: pin your dependecies by either enabling central package management (https://learn.microsoft.com/nuget/consume-packages/Central-Package-Management) or using a lockfile (https://learn.microsoft.com/nuget/consume-packages/package-references-in-project-files#locking-dependencies)","Warn: nugetCommand not pinned by hash: tests/Agent/IntegrationTests/ContainerApplications/SmokeTestApp/Dockerfile:14: pin your dependecies by either enabling central package management (https://learn.microsoft.com/nuget/consume-packages/Central-Package-Management) or using a lockfile (https://learn.microsoft.com/nuget/consume-packages/package-references-in-project-files#locking-dependencies)","Warn: nugetCommand not pinned by hash: tests/Agent/IntegrationTests/ContainerApplications/SmokeTestApp/Dockerfile.amazon:16: pin your dependecies by either enabling central package management (https://learn.microsoft.com/nuget/consume-packages/Central-Package-Management) or using a lockfile (https://learn.microsoft.com/nuget/consume-packages/package-references-in-project-files#locking-dependencies)","Warn: nugetCommand not pinned by hash: tests/Agent/IntegrationTests/ContainerApplications/SmokeTestApp/Dockerfile.centos:13: pin your dependecies by either enabling central package management (https://learn.microsoft.com/nuget/consume-packages/Central-Package-Management) or using a lockfile (https://learn.microsoft.com/nuget/consume-packages/package-references-in-project-files#locking-dependencies)","Warn: nugetCommand not pinned by hash: tests/Agent/IntegrationTests/ContainerApplications/SmokeTestApp/Dockerfile.fedora:15: pin your dependecies by either enabling central package management (https://learn.microsoft.com/nuget/consume-packages/Central-Package-Management) or using a lockfile (https://learn.microsoft.com/nuget/consume-packages/package-references-in-project-files#locking-dependencies)","Warn: nugetCommand not pinned by hash: tests/Agent/PerformanceTests/PerformanceTestApp/Dockerfile:8: pin your dependecies by either enabling central package management (https://learn.microsoft.com/nuget/consume-packages/Central-Package-Management) or using a lockfile (https://learn.microsoft.com/nuget/consume-packages/package-references-in-project-files#locking-dependencies)","Warn: nugetCommand not pinned by hash: tests/Agent/PerformanceTests/ReportGenerator/Dockerfile:4: pin your dependecies by either enabling central package management (https://learn.microsoft.com/nuget/consume-packages/Central-Package-Management) or using a lockfile (https://learn.microsoft.com/nuget/consume-packages/package-references-in-project-files#locking-dependencies)","Warn: pipCommand not pinned by hash: tests/Agent/PerformanceTests/TrafficDriver/Dockerfile:6","Warn: downloadThenRun not pinned by hash: deploy/linux/deploy_scripts/libexec/jenkins-download.bash:92","Warn: nugetCommand not pinned by hash: .github/workflows/dotty.yml:57: pin your dependecies by either enabling central package management (https://learn.microsoft.com/nuget/consume-packages/Central-Package-Management) or using a lockfile (https://learn.microsoft.com/nuget/consume-packages/package-references-in-project-files#locking-dependencies)","Info: 125 out of 125 GitHub-owned GitHubAction dependencies pinned","Info:  65 out of  69 third-party GitHubAction dependencies pinned","Info:   0 out of   2 downloadThenRun dependencies pinned","Info:   0 out of   1 pipCommand dependencies pinned","Info:  10 out of  64 containerImage dependencies pinned","Info:   0 out of  15 nugetCommand dependencies pinned"],"documentation":{"short":"Determines if the project has declared and pinned the dependencies of its build process.","url":"https://github.com/ossf/scorecard/blob/c22063e786c11f9dd714d777a687ff7c4599b600/docs/checks.md#pinned-dependencies"}},{"name":"Contributors","score":10,"reason":"project has 7 contributing companies or organizations","details":["Info: found contributions from: Faithlife, LogosBible, faithlife, mysql-net, new relic, newrelic, open-telemetry"],"documentation":{"short":"Determines if the project has a set of contributors from multiple organizations (e.g., companies).","url":"https://github.com/ossf/scorecard/blob/c22063e786c11f9dd714d777a687ff7c4599b600/docs/checks.md#contributors"}}]}