{"date":"2026-07-14T17:22:12Z","repo":{"name":"github.com/traceroot-ai/traceroot","commit":"94fc3bcd87eacd7045d00553909fcc5d87786f2d"},"scorecard":{"version":"v5.3.0","commit":"c22063e786c11f9dd714d777a687ff7c4599b600"},"score":7.1,"checks":[{"name":"Code-Review","score":8,"reason":"Found 9/11 approved changesets -- score normalized to 8","details":null,"documentation":{"short":"Determines if the project requires human code review before pull requests (aka merge requests) are merged.","url":"https://github.com/ossf/scorecard/blob/c22063e786c11f9dd714d777a687ff7c4599b600/docs/checks.md#code-review"}},{"name":"Maintained","score":10,"reason":"30 commit(s) and 27 issue activity found in the last 90 days -- score normalized to 10","details":null,"documentation":{"short":"Determines if the project is \"actively maintained\".","url":"https://github.com/ossf/scorecard/blob/c22063e786c11f9dd714d777a687ff7c4599b600/docs/checks.md#maintained"}},{"name":"Dependency-Update-Tool","score":10,"reason":"update tool detected","details":["Info: detected update tool: Dependabot: .github/dependabot.yml:1"],"documentation":{"short":"Determines if the project uses a dependency update tool.","url":"https://github.com/ossf/scorecard/blob/c22063e786c11f9dd714d777a687ff7c4599b600/docs/checks.md#dependency-update-tool"}},{"name":"Security-Policy","score":10,"reason":"security policy file detected","details":["Info: security policy file detected: SECURITY.md:1","Info: Found linked content: SECURITY.md:1","Info: Found disclosure, vulnerability, and/or timelines in security policy: SECURITY.md:1","Info: Found text in security policy: SECURITY.md:1"],"documentation":{"short":"Determines if the project has published a security policy.","url":"https://github.com/ossf/scorecard/blob/c22063e786c11f9dd714d777a687ff7c4599b600/docs/checks.md#security-policy"}},{"name":"Dangerous-Workflow","score":10,"reason":"no dangerous workflow patterns detected","details":null,"documentation":{"short":"Determines if the project's GitHub Action workflows avoid dangerous patterns.","url":"https://github.com/ossf/scorecard/blob/c22063e786c11f9dd714d777a687ff7c4599b600/docs/checks.md#dangerous-workflow"}},{"name":"Token-Permissions","score":10,"reason":"GitHub workflow tokens follow principle of least privilege","details":["Info: jobLevel 'contents' permission set to 'read': .github/workflows/scorecard.yml:19","Info: jobLevel 'actions' permission set to 'read': .github/workflows/scorecard.yml:20","Info: topLevel 'contents' permission set to 'read': .github/workflows/_docker-images-custom.yml:20","Info: topLevel 'contents' permission set to 'read': .github/workflows/announce-release-discord.yml:30","Info: topLevel 'contents' permission set to 'read': .github/workflows/build-test.yml:19","Info: topLevel 'contents' permission set to 'read': .github/workflows/docker-images.yml:26","Info: topLevel 'contents' permission set to 'read': .github/workflows/lint.yml:4","Info: topLevel permissions set to 'read-all': .github/workflows/scorecard.yml:10","Info: topLevel 'contents' permission set to 'read': .github/workflows/test.yml:15","Info: no jobLevel write permissions found"],"documentation":{"short":"Determines if the project's workflows follow the principle of least privilege.","url":"https://github.com/ossf/scorecard/blob/c22063e786c11f9dd714d777a687ff7c4599b600/docs/checks.md#token-permissions"}},{"name":"Binary-Artifacts","score":10,"reason":"no binaries found in the repo","details":null,"documentation":{"short":"Determines if the project has generated executable (binary) artifacts in the source repository.","url":"https://github.com/ossf/scorecard/blob/c22063e786c11f9dd714d777a687ff7c4599b600/docs/checks.md#binary-artifacts"}},{"name":"CII-Best-Practices","score":0,"reason":"no effort to earn an OpenSSF best practices badge detected","details":null,"documentation":{"short":"Determines if the project has an OpenSSF (formerly CII) Best Practices Badge.","url":"https://github.com/ossf/scorecard/blob/c22063e786c11f9dd714d777a687ff7c4599b600/docs/checks.md#cii-best-practices"}},{"name":"SAST","score":2,"reason":"SAST tool is not run on all commits -- score normalized to 2","details":["Warn: 7 commits out of 30 are checked with a SAST tool"],"documentation":{"short":"Determines if the project uses static code analysis.","url":"https://github.com/ossf/scorecard/blob/c22063e786c11f9dd714d777a687ff7c4599b600/docs/checks.md#sast"}},{"name":"Signed-Releases","score":-1,"reason":"no releases found","details":null,"documentation":{"short":"Determines if the project cryptographically signs release artifacts.","url":"https://github.com/ossf/scorecard/blob/c22063e786c11f9dd714d777a687ff7c4599b600/docs/checks.md#signed-releases"}},{"name":"Vulnerabilities","score":0,"reason":"83 existing vulnerabilities detected","details":["Warn: Project is vulnerable to: PYSEC-2026-2333 / GHSA-82m5-3pcp-hccq","Warn: Project is vulnerable to: PYSEC-2026-2270 / GHSA-mf9w-mj56-hr94","Warn: Project is vulnerable to: PYSEC-2026-2555 / GHSA-3644-q5cj-c5c7","Warn: Project is vulnerable to: PYSEC-2026-2192 / PYSEC-2026-2556 / GHSA-gr75-jv2w-4656","Warn: Project is vulnerable to: PYSEC-2026-1318 / GHSA-vvw2-h478-xwr3","Warn: Project is vulnerable to: PYSEC-2026-83 / GHSA-g48c-2wqr-h844","Warn: Project is vulnerable to: PYSEC-2026-2194","Warn: Project is vulnerable to: PYSEC-2026-1559 / GHSA-3wxx-q3gv-pvvv","Warn: Project is vulnerable to: PYSEC-2026-1560 / GHSA-488g-hw5f-x29p","Warn: Project is vulnerable to: PYSEC-2026-1561 / GHSA-7753-xrfw-ch36","Warn: Project is vulnerable to: PYSEC-2026-1562 / GHSA-cr7q-2w66-hjcm","Warn: Project is vulnerable to: PYSEC-2026-395 / GHSA-fxc2-8m62-m85x","Warn: Project is vulnerable to: PYSEC-2026-1563 / GHSA-j3wr-m6xh-64hg","Warn: Project is vulnerable to: PYSEC-2026-396 / GHSA-r6gp-rff2-p3hf","Warn: Project is vulnerable to: PYSEC-2026-397 / GHSA-wvpx-g427-q9wc","Warn: Project is vulnerable to: PYSEC-2026-2976 / GHSA-2jrp-274c-jhv3","Warn: Project is vulnerable to: GHSA-4x5r-pxfx-6jf8","Warn: Project is vulnerable to: GHSA-5375-pq7m-f5r2","Warn: Project is vulnerable to: GHSA-99f4-grh7-6pcq","Warn: Project is vulnerable to: GHSA-8988-4f7v-96qf","Warn: Project is vulnerable to: GHSA-q7rr-3cgh-j5r3","Warn: Project is vulnerable to: GHSA-q6x5-8v7m-xcrf","Warn: Project is vulnerable to: GHSA-35jp-ww65-95wh","Warn: Project is vulnerable to: GHSA-654m-c8p4-x5fp","Warn: Project is vulnerable to: GHSA-777c-7fjr-54vf","Warn: Project is vulnerable to: GHSA-898c-q2cr-xwhg","Warn: Project is vulnerable to: GHSA-hfxv-24rg-xrqf","Warn: Project is vulnerable to: GHSA-j5f8-grm9-p9fc","Warn: Project is vulnerable to: GHSA-p92q-9vqr-4j8v","Warn: Project is vulnerable to: GHSA-pjwm-pj3p-43mv","Warn: Project is vulnerable to: GHSA-86j7-9j95-vpqj","Warn: Project is vulnerable to: GHSA-f886-m6hf-6m8v","Warn: Project is vulnerable to: GHSA-jxxr-4gwj-5jf2","Warn: Project is vulnerable to: GHSA-39q2-94rc-95cp","Warn: Project is vulnerable to: GHSA-76mc-f452-cxcm","Warn: Project is vulnerable to: GHSA-cmwh-pvxp-8882","Warn: Project is vulnerable to: GHSA-crv5-9vww-q3g8","Warn: Project is vulnerable to: GHSA-gvmj-g25r-r7wr","Warn: Project is vulnerable to: GHSA-h7mw-gpvr-xq4m","Warn: Project is vulnerable to: GHSA-hpcv-96wg-7vj8","Warn: Project is vulnerable to: GHSA-r47g-fvhr-h676","Warn: Project is vulnerable to: GHSA-rp9w-3fw7-7cwq","Warn: Project is vulnerable to: GHSA-v9jr-rg53-9pgp","Warn: Project is vulnerable to: GHSA-vxr8-fq34-vvx9","Warn: Project is vulnerable to: GHSA-x4vx-rjvf-j5p4","Warn: Project is vulnerable to: GHSA-g7r4-m6w7-qqqr","Warn: Project is vulnerable to: GHSA-45c6-75p6-83cc","Warn: Project is vulnerable to: GHSA-5wm8-gmm8-39j9","Warn: Project is vulnerable to: GHSA-rf6f-7fwh-wjgh","Warn: Project is vulnerable to: GHSA-hmw2-7cc7-3qxx","Warn: Project is vulnerable to: GHSA-v2v4-37r5-5v8g","Warn: Project is vulnerable to: GHSA-h67p-54hq-rp68","Warn: Project is vulnerable to: GHSA-3v7f-55p6-f55p","Warn: Project is vulnerable to: GHSA-c2c7-rcm5-vvqj","Warn: Project is vulnerable to: GHSA-qx2v-qp2m-jg93","Warn: Project is vulnerable to: GHSA-2pr8-phx7-x9h3","Warn: Project is vulnerable to: GHSA-66ff-xgx4-vchm","Warn: Project is vulnerable to: GHSA-685m-2w69-288q","Warn: Project is vulnerable to: GHSA-75px-5xx7-5xc7","Warn: Project is vulnerable to: GHSA-f38q-mgvj-vph7","Warn: Project is vulnerable to: GHSA-fx83-v9x8-x52w","Warn: Project is vulnerable to: GHSA-jggg-4jg4-v7c6","Warn: Project is vulnerable to: GHSA-jvwf-75h9-cwgg","Warn: Project is vulnerable to: GHSA-wcpc-wj8m-hjx6","Warn: Project is vulnerable to: GHSA-q8mj-m7cp-5q26","Warn: Project is vulnerable to: GHSA-w7jw-789q-3m8p","Warn: Project is vulnerable to: GHSA-vmf3-w455-68vh","Warn: Project is vulnerable to: GHSA-35p6-xmwp-9g52","Warn: Project is vulnerable to: GHSA-g8m3-5g58-fq7m","Warn: Project is vulnerable to: GHSA-hm92-r4w5-c3mj","Warn: Project is vulnerable to: GHSA-p88m-4jfj-68fv","Warn: Project is vulnerable to: GHSA-pr7r-676h-xcf6","Warn: Project is vulnerable to: GHSA-vmh5-mc38-953g","Warn: Project is vulnerable to: GHSA-vxpw-j846-p89q","Warn: Project is vulnerable to: GHSA-w5hq-g745-h8pq","Warn: Project is vulnerable to: GHSA-4w7w-66w2-5vf9","Warn: Project is vulnerable to: GHSA-fx2h-pf6j-xcff","Warn: Project is vulnerable to: GHSA-p9ff-h696-f583","Warn: Project is vulnerable to: GHSA-v2wj-q39q-566r","Warn: Project is vulnerable to: GHSA-v6wh-96g9-6wx3","Warn: Project is vulnerable to: GHSA-58qx-3vcg-4xpx","Warn: Project is vulnerable to: GHSA-96hv-2xvq-fx4p","Warn: Project is vulnerable to: GHSA-48c2-rrv3-qjmp"],"documentation":{"short":"Determines if the project has open, known unfixed vulnerabilities.","url":"https://github.com/ossf/scorecard/blob/c22063e786c11f9dd714d777a687ff7c4599b600/docs/checks.md#vulnerabilities"}},{"name":"Packaging","score":10,"reason":"packaging workflow detected","details":["Info: Project packages its releases by way of GitHub Actions.: .github/workflows/_docker-images-custom.yml:28"],"documentation":{"short":"Determines if the project is published as a package that others can easily download, install, easily update, and uninstall.","url":"https://github.com/ossf/scorecard/blob/c22063e786c11f9dd714d777a687ff7c4599b600/docs/checks.md#packaging"}},{"name":"Fuzzing","score":0,"reason":"project is not fuzzed","details":["Warn: no fuzzer integrations found"],"documentation":{"short":"Determines if the project uses fuzzing.","url":"https://github.com/ossf/scorecard/blob/c22063e786c11f9dd714d777a687ff7c4599b600/docs/checks.md#fuzzing"}},{"name":"Branch-Protection","score":-1,"reason":"internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md","details":null,"documentation":{"short":"Determines if the default and release branches are protected with GitHub's branch protection settings.","url":"https://github.com/ossf/scorecard/blob/c22063e786c11f9dd714d777a687ff7c4599b600/docs/checks.md#branch-protection"}},{"name":"License","score":9,"reason":"license file detected","details":["Info: project has a license file: LICENSE:0","Warn: project license file does not contain an FSF or OSI license."],"documentation":{"short":"Determines if the project has defined a license.","url":"https://github.com/ossf/scorecard/blob/c22063e786c11f9dd714d777a687ff7c4599b600/docs/checks.md#license"}},{"name":"Pinned-Dependencies","score":0,"reason":"dependency not pinned by hash detected -- score normalized to 0","details":["Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/_docker-images-custom.yml:54: update your workflow using https://app.stepsecurity.io/secureworkflow/traceroot-ai/traceroot/_docker-images-custom.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/_docker-images-custom.yml:60: update your workflow using https://app.stepsecurity.io/secureworkflow/traceroot-ai/traceroot/_docker-images-custom.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/_docker-images-custom.yml:67: update your workflow using https://app.stepsecurity.io/secureworkflow/traceroot-ai/traceroot/_docker-images-custom.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/_docker-images-custom.yml:70: update your workflow using https://app.stepsecurity.io/secureworkflow/traceroot-ai/traceroot/_docker-images-custom.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/_docker-images-custom.yml:84: update your workflow using https://app.stepsecurity.io/secureworkflow/traceroot-ai/traceroot/_docker-images-custom.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/_docker-images-custom.yml:93: update your workflow using https://app.stepsecurity.io/secureworkflow/traceroot-ai/traceroot/_docker-images-custom.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build-test.yml:30: update your workflow using https://app.stepsecurity.io/secureworkflow/traceroot-ai/traceroot/build-test.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/build-test.yml:32: update your workflow using https://app.stepsecurity.io/secureworkflow/traceroot-ai/traceroot/build-test.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build-test.yml:36: update your workflow using https://app.stepsecurity.io/secureworkflow/traceroot-ai/traceroot/build-test.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build-test.yml:90: update your workflow using https://app.stepsecurity.io/secureworkflow/traceroot-ai/traceroot/build-test.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/build-test.yml:93: update your workflow using https://app.stepsecurity.io/secureworkflow/traceroot-ai/traceroot/build-test.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/build-test.yml:96: update your workflow using https://app.stepsecurity.io/secureworkflow/traceroot-ai/traceroot/build-test.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/docker-images.yml:59: update your workflow using https://app.stepsecurity.io/secureworkflow/traceroot-ai/traceroot/docker-images.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/docker-images.yml:64: update your workflow using https://app.stepsecurity.io/secureworkflow/traceroot-ai/traceroot/docker-images.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/docker-images.yml:71: update your workflow using https://app.stepsecurity.io/secureworkflow/traceroot-ai/traceroot/docker-images.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/docker-images.yml:74: update your workflow using https://app.stepsecurity.io/secureworkflow/traceroot-ai/traceroot/docker-images.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/docker-images.yml:82: update your workflow using https://app.stepsecurity.io/secureworkflow/traceroot-ai/traceroot/docker-images.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/docker-images.yml:91: update your workflow using https://app.stepsecurity.io/secureworkflow/traceroot-ai/traceroot/docker-images.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/lint.yml:15: update your workflow using https://app.stepsecurity.io/secureworkflow/traceroot-ai/traceroot/lint.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/lint.yml:18: update your workflow using https://app.stepsecurity.io/secureworkflow/traceroot-ai/traceroot/lint.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/lint.yml:24: update your workflow using https://app.stepsecurity.io/secureworkflow/traceroot-ai/traceroot/lint.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/lint.yml:32: update your workflow using https://app.stepsecurity.io/secureworkflow/traceroot-ai/traceroot/lint.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/lint.yml:34: update your workflow using https://app.stepsecurity.io/secureworkflow/traceroot-ai/traceroot/lint.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/lint.yml:38: update your workflow using https://app.stepsecurity.io/secureworkflow/traceroot-ai/traceroot/lint.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/scorecard.yml:24: update your workflow using https://app.stepsecurity.io/secureworkflow/traceroot-ai/traceroot/scorecard.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/scorecard.yml:29: update your workflow using https://app.stepsecurity.io/secureworkflow/traceroot-ai/traceroot/scorecard.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/scorecard.yml:36: update your workflow using https://app.stepsecurity.io/secureworkflow/traceroot-ai/traceroot/scorecard.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/scorecard.yml:43: update your workflow using https://app.stepsecurity.io/secureworkflow/traceroot-ai/traceroot/scorecard.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test.yml:213: update your workflow using https://app.stepsecurity.io/secureworkflow/traceroot-ai/traceroot/test.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test.yml:223: update your workflow using https://app.stepsecurity.io/secureworkflow/traceroot-ai/traceroot/test.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test.yml:231: update your workflow using https://app.stepsecurity.io/secureworkflow/traceroot-ai/traceroot/test.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test.yml:236: update your workflow using https://app.stepsecurity.io/secureworkflow/traceroot-ai/traceroot/test.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test.yml:273: update your workflow using https://app.stepsecurity.io/secureworkflow/traceroot-ai/traceroot/test.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test.yml:25: update your workflow using https://app.stepsecurity.io/secureworkflow/traceroot-ai/traceroot/test.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/test.yml:28: update your workflow using https://app.stepsecurity.io/secureworkflow/traceroot-ai/traceroot/test.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test.yml:50: update your workflow using https://app.stepsecurity.io/secureworkflow/traceroot-ai/traceroot/test.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/test.yml:53: update your workflow using https://app.stepsecurity.io/secureworkflow/traceroot-ai/traceroot/test.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test.yml:68: update your workflow using https://app.stepsecurity.io/secureworkflow/traceroot-ai/traceroot/test.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test.yml:82: update your workflow using https://app.stepsecurity.io/secureworkflow/traceroot-ai/traceroot/test.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/test.yml:84: update your workflow using https://app.stepsecurity.io/secureworkflow/traceroot-ai/traceroot/test.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test.yml:88: update your workflow using https://app.stepsecurity.io/secureworkflow/traceroot-ai/traceroot/test.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test.yml:158: update your workflow using https://app.stepsecurity.io/secureworkflow/traceroot-ai/traceroot/test.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test.yml:173: update your workflow using https://app.stepsecurity.io/secureworkflow/traceroot-ai/traceroot/test.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test.yml:176: update your workflow using https://app.stepsecurity.io/secureworkflow/traceroot-ai/traceroot/test.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/test.yml:181: update your workflow using https://app.stepsecurity.io/secureworkflow/traceroot-ai/traceroot/test.yml/main?enable=pin","Warn: containerImage not pinned by hash: docker/Dockerfile.agent:2: pin your Docker image by updating node:20-alpine to node:20-alpine@sha256:fb4cd12c85ee03686f6af5362a0b0d56d50c58a04632e6c0fb8363f609372293","Warn: containerImage not pinned by hash: docker/Dockerfile.agent:6","Warn: containerImage not pinned by hash: docker/Dockerfile.agent:16","Warn: containerImage not pinned by hash: docker/Dockerfile.agent:41: pin your Docker image by updating node:20-alpine to node:20-alpine@sha256:fb4cd12c85ee03686f6af5362a0b0d56d50c58a04632e6c0fb8363f609372293","Warn: containerImage not pinned by hash: docker/Dockerfile.billing:2: pin your Docker image by updating node:20-alpine to node:20-alpine@sha256:fb4cd12c85ee03686f6af5362a0b0d56d50c58a04632e6c0fb8363f609372293","Warn: containerImage not pinned by hash: docker/Dockerfile.billing:6","Warn: containerImage not pinned by hash: docker/Dockerfile.billing:17","Warn: containerImage not pinned by hash: docker/Dockerfile.billing:48: pin your Docker image by updating node:20-alpine to node:20-alpine@sha256:fb4cd12c85ee03686f6af5362a0b0d56d50c58a04632e6c0fb8363f609372293","Warn: containerImage not pinned by hash: docker/Dockerfile.detector:2: pin your Docker image by updating node:20-alpine to node:20-alpine@sha256:fb4cd12c85ee03686f6af5362a0b0d56d50c58a04632e6c0fb8363f609372293","Warn: containerImage not pinned by hash: docker/Dockerfile.detector:6","Warn: containerImage not pinned by hash: docker/Dockerfile.detector:17","Warn: containerImage not pinned by hash: docker/Dockerfile.detector:48: pin your Docker image by updating node:20-alpine to node:20-alpine@sha256:fb4cd12c85ee03686f6af5362a0b0d56d50c58a04632e6c0fb8363f609372293","Warn: containerImage not pinned by hash: docker/Dockerfile.migrate-clickhouse:3: pin your Docker image by updating golang:1.23-alpine to golang:1.23-alpine@sha256:383395b794dffa5b53012a212365d40c8e37109a626ca30d6151c8348d380b5f","Warn: containerImage not pinned by hash: docker/Dockerfile.migrate-clickhouse:6: pin your Docker image by updating alpine:3.24 to alpine:3.24@sha256:28bd5fe8b56d1bd048e5babf5b10710ebe0bae67db86916198a6eec434943f8b","Warn: containerImage not pinned by hash: docker/Dockerfile.migrate-postgres:4: pin your Docker image by updating node:20-alpine to node:20-alpine@sha256:fb4cd12c85ee03686f6af5362a0b0d56d50c58a04632e6c0fb8363f609372293","Warn: containerImage not pinned by hash: docker/Dockerfile.migrate-postgres:8","Warn: containerImage not pinned by hash: docker/Dockerfile.migrate-postgres:16","Warn: containerImage not pinned by hash: docker/Dockerfile.rest:2: pin your Docker image by updating python:3.12-slim to python:3.12-slim@sha256:c3d81d25b3154142b0b42eb1e61300024426268edeb5b5a26dd7ddf64d9daf28","Warn: containerImage not pinned by hash: docker/Dockerfile.rest:17: pin your Docker image by updating python:3.12-slim to python:3.12-slim@sha256:c3d81d25b3154142b0b42eb1e61300024426268edeb5b5a26dd7ddf64d9daf28","Warn: containerImage not pinned by hash: docker/Dockerfile.web:2: pin your Docker image by updating node:20-alpine to node:20-alpine@sha256:fb4cd12c85ee03686f6af5362a0b0d56d50c58a04632e6c0fb8363f609372293","Warn: containerImage not pinned by hash: docker/Dockerfile.web:7","Warn: containerImage not pinned by hash: docker/Dockerfile.web:24","Warn: containerImage not pinned by hash: docker/Dockerfile.web:76","Warn: containerImage not pinned by hash: docker/Dockerfile.web:84: pin your Docker image by updating node:20-alpine to node:20-alpine@sha256:fb4cd12c85ee03686f6af5362a0b0d56d50c58a04632e6c0fb8363f609372293","Warn: containerImage not pinned by hash: docker/Dockerfile.worker:2: pin your Docker image by updating python:3.12-slim to python:3.12-slim@sha256:c3d81d25b3154142b0b42eb1e61300024426268edeb5b5a26dd7ddf64d9daf28","Warn: containerImage not pinned by hash: docker/Dockerfile.worker:12: pin your Docker image by updating python:3.12-slim to python:3.12-slim@sha256:c3d81d25b3154142b0b42eb1e61300024426268edeb5b5a26dd7ddf64d9daf28","Warn: pipCommand not pinned by hash: docker/Dockerfile.rest:5","Warn: pipCommand not pinned by hash: docker/Dockerfile.worker:5","Warn: pipCommand not pinned by hash: .github/workflows/test.yml:229","Info:   0 out of  24 GitHub-owned GitHubAction dependencies pinned","Info:   0 out of  21 third-party GitHubAction dependencies pinned","Info:   0 out of  26 containerImage dependencies pinned","Info:   1 out of   1 goCommand dependencies pinned","Info:   0 out of   3 pipCommand dependencies pinned"],"documentation":{"short":"Determines if the project has declared and pinned the dependencies of its build process.","url":"https://github.com/ossf/scorecard/blob/c22063e786c11f9dd714d777a687ff7c4599b600/docs/checks.md#pinned-dependencies"}},{"name":"CI-Tests","score":10,"reason":"11 out of 11 merged PRs checked by a CI test -- score normalized to 10","details":null,"documentation":{"short":"Determines if the project runs tests before pull requests are merged.","url":"https://github.com/ossf/scorecard/blob/c22063e786c11f9dd714d777a687ff7c4599b600/docs/checks.md#ci-tests"}},{"name":"Contributors","score":10,"reason":"project has 11 contributing companies or organizations","details":["Info: found contributions from: 3388N-Nova-Robotics, McMaster-Exoskeleton, aalto university, amazon, camel-ai, cyclops-community, indian institute of technology kharagpur, mcmaster university, pyg-team, shark-auth, university of california santa cruz"],"documentation":{"short":"Determines if the project has a set of contributors from multiple organizations (e.g., companies).","url":"https://github.com/ossf/scorecard/blob/c22063e786c11f9dd714d777a687ff7c4599b600/docs/checks.md#contributors"}}]}
