{"date":"2022-08-18","repo":{"name":"github.com/pyhoneybot/honeybot","commit":"2c1dcc6c1b7aff7bd50323ebbb45f7b21dc59f77"},"scorecard":{"version":"v4.3.1","commit":"3155d134e59d8f47261b1ae9d143034c69572227"},"score":5.1,"checks":[{"name":"Binary-Artifacts","score":10,"reason":"no binaries found in the repo","details":null,"documentation":{"short":"Determines if the project has generated executable (binary) artifacts in the source repository.","url":"https://github.com/ossf/scorecard/blob/3155d134e59d8f47261b1ae9d143034c69572227/docs/checks.md#binary-artifacts"}},{"name":"Branch-Protection","score":0,"reason":"branch protection not enabled on development/release branches","details":["Warn: branch protection not enabled for branch 'master'"],"documentation":{"short":"Determines if the default and release branches are protected with GitHub's branch protection settings.","url":"https://github.com/ossf/scorecard/blob/3155d134e59d8f47261b1ae9d143034c69572227/docs/checks.md#branch-protection"}},{"name":"CI-Tests","score":10,"reason":"21 out of 21 merged PRs checked by a CI test -- score normalized to 10","details":null,"documentation":{"short":"Determines if the project runs tests before pull requests are merged.","url":"https://github.com/ossf/scorecard/blob/3155d134e59d8f47261b1ae9d143034c69572227/docs/checks.md#ci-tests"}},{"name":"CII-Best-Practices","score":2,"reason":"badge detected: in_progress","details":null,"documentation":{"short":"Determines if the project has a CII Best Practices Badge.","url":"https://github.com/ossf/scorecard/blob/3155d134e59d8f47261b1ae9d143034c69572227/docs/checks.md#cii-best-practices"}},{"name":"Code-Review","score":4,"reason":"GitHub code reviews found for 12 commits out of the last 30 -- score normalized to 4","details":["Warn: no reviews found for commit: 2c1dcc6c1b7aff7bd50323ebbb45f7b21dc59f77","Warn: no reviews found for commit: 45a5f4fbb4d52dbf5d300b4a3e63a2e5258faa6a","Warn: no reviews found for commit: f5c38076ef0b0b1d77db886d5816c0594ce571e8","Warn: no reviews found for commit: 9e412787472486d5a1c8d836810035c67534821f","Warn: no reviews found for commit: acf896e3841c6bcd17c9f2d80b47d1d4e2ad62b5","Warn: no reviews found for commit: 2290f9fedf100e55b9592b0bed417ba7849fcf5d","Warn: no reviews found for commit: 2a062a6a62c6552b1e77fbeb66f6362414ea0473","Warn: no reviews found for commit: e36630c1ff90cacb557383c75275bc7e53d46ca5","Warn: no reviews found for commit: c72416e9588aef712296778c2ec5421b55854669","Warn: no reviews found for commit: b969f370be566d386fae7f8e313e0a5e897bc199","Warn: no reviews found for commit: f8196e4a203406d2bb4e77f84f6e85b4fc2bd50c","Warn: no reviews found for commit: d4790b224b5f2ce08eb503d3669425f3b8b587a8","Warn: no reviews found for commit: b5ec01cf0e3f55de8ce4f8fdbf6f02cfd20b117b","Warn: no reviews found for commit: 98479b3f73596ee5e925006a5b4076554ff40866","Warn: no reviews found for commit: f28fe327d3a074b76438fec5bf07c92d6226678b","Warn: no reviews found for commit: e4d2d0170b008af6cc371d878d1909a32e0766d9","Warn: no reviews found for commit: b7fcb27275ed739d302dd202f78d1c12c6abae3f","Warn: no reviews found for commit: aa8f0238ffb070bdd3fb85f7305b2fb6fda23317"],"documentation":{"short":"Determines if the project requires code review before pull requests (aka merge requests) are merged.","url":"https://github.com/ossf/scorecard/blob/3155d134e59d8f47261b1ae9d143034c69572227/docs/checks.md#code-review"}},{"name":"Contributors","score":10,"reason":"13 different organizations found -- score normalized to 10","details":["Info: contributors work for AetheriaTempName,FlaskCon,Maurilearn,banrisul,cars.com,compileralchemy,flaskcwg,jamstackpy,jp morgan chase,national solar observatory,pyhoneybot,pymug,shopyo"],"documentation":{"short":"Determines if the project has a set of contributors from multiple organizations (e.g., companies).","url":"https://github.com/ossf/scorecard/blob/3155d134e59d8f47261b1ae9d143034c69572227/docs/checks.md#contributors"}},{"name":"Dangerous-Workflow","score":10,"reason":"no dangerous workflow patterns detected","details":null,"documentation":{"short":"Determines if the project's GitHub Action workflows avoid dangerous patterns.","url":"https://github.com/ossf/scorecard/blob/3155d134e59d8f47261b1ae9d143034c69572227/docs/checks.md#dangerous-workflow"}},{"name":"Dependency-Update-Tool","score":0,"reason":"no update tool detected","details":["Warn: dependabot config file not detected in source location.\n\t\t\tWe recommend setting this configuration in code so it can be easily verified by others.","Warn: renovatebot config file not detected in source location.\n\t\t\tWe recommend setting this configuration in code so it can be easily verified by others."],"documentation":{"short":"Determines if the project uses a dependency update tool.","url":"https://github.com/ossf/scorecard/blob/3155d134e59d8f47261b1ae9d143034c69572227/docs/checks.md#dependency-update-tool"}},{"name":"Fuzzing","score":0,"reason":"project is not fuzzed","details":null,"documentation":{"short":"Determines if the project uses fuzzing.","url":"https://github.com/ossf/scorecard/blob/3155d134e59d8f47261b1ae9d143034c69572227/docs/checks.md#fuzzing"}},{"name":"License","score":10,"reason":"license file detected","details":["Info: : LICENSE:1"],"documentation":{"short":"Determines if the project has defined a license.","url":"https://github.com/ossf/scorecard/blob/3155d134e59d8f47261b1ae9d143034c69572227/docs/checks.md#license"}},{"name":"Maintained","score":10,"reason":"30 commit(s) out of 30 and 5 issue activity out of 30 found in the last 90 days -- score normalized to 10","details":null,"documentation":{"short":"Determines if the project is \"actively maintained\".","url":"https://github.com/ossf/scorecard/blob/3155d134e59d8f47261b1ae9d143034c69572227/docs/checks.md#maintained"}},{"name":"Packaging","score":-1,"reason":"no published package detected","details":["Warn: no GitHub publishing workflow detected"],"documentation":{"short":"Determines if the project is published as a package that others can easily download, install, easily update, and uninstall.","url":"https://github.com/ossf/scorecard/blob/3155d134e59d8f47261b1ae9d143034c69572227/docs/checks.md#packaging"}},{"name":"Pinned-Dependencies","score":7,"reason":"dependency not pinned by hash detected -- score normalized to 7","details":["Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build.yml:31","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build.yml:33","Warn: containerImage not pinned by hash: docker/Dockerfile:1","Warn: pipCommand not pinned by hash: docker/Dockerfile:7-17","Warn: pipCommand not pinned by hash: docker/Dockerfile:7-17","Warn: pipCommand not pinned by hash: .github/workflows/build.yml:41","Warn: pipCommand not pinned by hash: .github/workflows/build.yml:42","Warn: pipCommand not pinned by hash: .github/workflows/build.yml:43","Warn: pipCommand not pinned by hash: .github/workflows/build.yml:44","Info: Third-party GitHubActions are pinned","Info: no insecure (not pinned by hash) dependency downloads found in Dockerfiles","Info: no insecure (not pinned by hash) dependency downloads found in shell scripts"],"documentation":{"short":"Determines if the project has declared and pinned its dependencies.","url":"https://github.com/ossf/scorecard/blob/3155d134e59d8f47261b1ae9d143034c69572227/docs/checks.md#pinned-dependencies"}},{"name":"SAST","score":0,"reason":"SAST tool is not run on all commits -- score normalized to 0","details":["Warn: 0 commits out of 21 are checked with a SAST tool","Warn: CodeQL tool not detected"],"documentation":{"short":"Determines if the project uses static code analysis.","url":"https://github.com/ossf/scorecard/blob/3155d134e59d8f47261b1ae9d143034c69572227/docs/checks.md#sast"}},{"name":"Security-Policy","score":0,"reason":"security policy file not detected","details":null,"documentation":{"short":"Determines if the project has published a security policy.","url":"https://github.com/ossf/scorecard/blob/3155d134e59d8f47261b1ae9d143034c69572227/docs/checks.md#security-policy"}},{"name":"Signed-Releases","score":-1,"reason":"no releases found","details":["Warn: no GitHub releases found"],"documentation":{"short":"Determines if the project cryptographically signs release artifacts.","url":"https://github.com/ossf/scorecard/blob/3155d134e59d8f47261b1ae9d143034c69572227/docs/checks.md#signed-releases"}},{"name":"Token-Permissions","score":0,"reason":"non read-only tokens detected in GitHub workflows","details":["Warn: no top level permission defined: .github/workflows/build.yml:1","Info: top level permissions set to 'read-all': .github/workflows/scorecards.yml:11","Info: job level 'actions' permission set to 'read': .github/workflows/scorecards.yml:24","Info: job level 'contents' permission set to 'read': .github/workflows/scorecards.yml:23"],"documentation":{"short":"Determines if the project's workflows follow the principle of least privilege.","url":"https://github.com/ossf/scorecard/blob/3155d134e59d8f47261b1ae9d143034c69572227/docs/checks.md#token-permissions"}},{"name":"Vulnerabilities","score":10,"reason":"no vulnerabilities detected","details":null,"documentation":{"short":"Determines if the project has open, known unfixed vulnerabilities.","url":"https://github.com/ossf/scorecard/blob/3155d134e59d8f47261b1ae9d143034c69572227/docs/checks.md#vulnerabilities"}},{"name":"Webhooks","score":-1,"reason":"check is not supported for this request: SCORECARD_V6 is not set, not running the Webhook check","details":["Warn: SCORECARD_V6 is not set, not running the Webhook check"],"documentation":{"short":"This check validate if the webhook defined in the repository have a token configured.","url":"https://github.com/ossf/scorecard/blob/3155d134e59d8f47261b1ae9d143034c69572227/docs/checks.md#webhooks"}}]}