{"date":"2026-04-07T10:06:14Z","repo":{"name":"github.com/trunk-io/plugins","commit":"77932fff7a65b94a26f292d7f1b82311881d90da"},"scorecard":{"version":"v5.2.1","commit":"ab2f6e92482462fe66246d9e32f642855a691dc1"},"score":6.6,"checks":[{"name":"Code-Review","score":9,"reason":"Found 24/25 approved changesets -- score normalized to 9","details":null,"documentation":{"short":"Determines if the project requires human code review before pull requests (aka merge requests) are merged.","url":"https://github.com/ossf/scorecard/blob/ab2f6e92482462fe66246d9e32f642855a691dc1/docs/checks.md#code-review"}},{"name":"Dependency-Update-Tool","score":10,"reason":"update tool detected","details":["Info: detected update tool: Dependabot: .github/dependabot.yaml:1","Info: detected update tool: RenovateBot: .github/renovate.json5:1"],"documentation":{"short":"Determines if the project uses a dependency update tool.","url":"https://github.com/ossf/scorecard/blob/ab2f6e92482462fe66246d9e32f642855a691dc1/docs/checks.md#dependency-update-tool"}},{"name":"Security-Policy","score":10,"reason":"security policy file detected","details":["Info: security policy file detected: security.md:1","Info: Found linked content: security.md:1","Info: Found disclosure, vulnerability, and/or timelines in security policy: security.md:1","Info: Found text in security policy: security.md:1"],"documentation":{"short":"Determines if the project has published a security policy.","url":"https://github.com/ossf/scorecard/blob/ab2f6e92482462fe66246d9e32f642855a691dc1/docs/checks.md#security-policy"}},{"name":"Maintained","score":2,"reason":"3 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 2","details":null,"documentation":{"short":"Determines if the project is \"actively maintained\".","url":"https://github.com/ossf/scorecard/blob/ab2f6e92482462fe66246d9e32f642855a691dc1/docs/checks.md#maintained"}},{"name":"Dangerous-Workflow","score":10,"reason":"no dangerous workflow patterns detected","details":null,"documentation":{"short":"Determines if the project's GitHub Action workflows avoid dangerous patterns.","url":"https://github.com/ossf/scorecard/blob/ab2f6e92482462fe66246d9e32f642855a691dc1/docs/checks.md#dangerous-workflow"}},{"name":"Packaging","score":-1,"reason":"packaging workflow not detected","details":["Warn: no GitHub/GitLab publishing workflow detected."],"documentation":{"short":"Determines if the project is published as a package that others can easily download, install, easily update, and uninstall.","url":"https://github.com/ossf/scorecard/blob/ab2f6e92482462fe66246d9e32f642855a691dc1/docs/checks.md#packaging"}},{"name":"Token-Permissions","score":0,"reason":"detected GitHub workflow tokens with excessive permissions","details":["Warn: jobLevel 'checks' permission set to 'write': .github/workflows/annotate_pr.yaml:14","Warn: jobLevel 'checks' permission set to 'write': .github/workflows/pr.yaml:230","Warn: jobLevel 'contents' permission set to 'write': .github/workflows/upgrade_trunk.yaml:15","Info: topLevel permissions set to 'read-all': .github/workflows/annotate_pr.yaml:7","Info: topLevel permissions set to 'read-all': .github/workflows/codeql.yml:20","Info: topLevel 'packages' permission set to 'read': .github/workflows/nightly.yaml:19","Info: topLevel 'pages' permission set to 'read': .github/workflows/nightly.yaml:20","Info: topLevel 'repository-projects' permission set to 'read': .github/workflows/nightly.yaml:22","Info: topLevel 'discussions' permission set to 'read': .github/workflows/nightly.yaml:18","Info: topLevel 'security-events' permission set to 'read': .github/workflows/nightly.yaml:23","Warn: topLevel 'statuses' permission set to 'write': .github/workflows/nightly.yaml:24","Warn: topLevel 'actions' permission set to 'write': .github/workflows/nightly.yaml:12","Warn: topLevel 'checks' permission set to 'write': .github/workflows/nightly.yaml:13","Info: topLevel 'contents' permission set to 'read': .github/workflows/nightly.yaml:14","Info: topLevel 'deployments' permission set to 'read': .github/workflows/nightly.yaml:15","Info: topLevel 'discussions' permission set to 'read': .github/workflows/pr.yaml:11","Info: topLevel 'pages' permission set to 'read': .github/workflows/pr.yaml:13","Info: topLevel 'security-events' permission set to 'read': .github/workflows/pr.yaml:16","Warn: topLevel 'actions' permission set to 'write': .github/workflows/pr.yaml:5","Info: topLevel 'deployments' permission set to 'read': .github/workflows/pr.yaml:8","Info: topLevel 'packages' permission set to 'read': .github/workflows/pr.yaml:12","Info: topLevel 'repository-projects' permission set to 'read': .github/workflows/pr.yaml:15","Warn: topLevel 'statuses' permission set to 'write': .github/workflows/pr.yaml:17","Warn: topLevel 'checks' permission set to 'write': .github/workflows/pr.yaml:6","Info: topLevel 'contents' permission set to 'read': .github/workflows/pr.yaml:7","Info: topLevel 'contents' permission set to 'read': .github/workflows/repo_tests.reusable.yaml:17","Info: topLevel 'statuses' permission set to 'read': .github/workflows/repo_tests.reusable.yaml:18","Info: topLevel permissions set to 'read-all': .github/workflows/scorecard.yml:19","Info: topLevel permissions set to 'read-all': .github/workflows/upgrade_trunk.yaml:8","Info: topLevel 'statuses' permission set to 'read': .github/workflows/upload_results.reusable.yaml:49","Warn: topLevel 'actions' permission set to 'write': .github/workflows/upload_results.reusable.yaml:47","Info: topLevel 'contents' permission set to 'read': .github/workflows/upload_results.reusable.yaml:48","Info: topLevel permissions set to 'read-all': .github/workflows/windows_nightly.yaml:6"],"documentation":{"short":"Determines if the project's workflows follow the principle of least privilege.","url":"https://github.com/ossf/scorecard/blob/ab2f6e92482462fe66246d9e32f642855a691dc1/docs/checks.md#token-permissions"}},{"name":"Binary-Artifacts","score":9,"reason":"binaries present in source code","details":["Warn: binary detected: linters/detekt/test_data/detekt_gradle/gradle/wrapper/gradle-wrapper.jar:1"],"documentation":{"short":"Determines if the project has generated executable (binary) artifacts in the source repository.","url":"https://github.com/ossf/scorecard/blob/ab2f6e92482462fe66246d9e32f642855a691dc1/docs/checks.md#binary-artifacts"}},{"name":"CII-Best-Practices","score":5,"reason":"badge detected: Passing","details":null,"documentation":{"short":"Determines if the project has an OpenSSF (formerly CII) Best Practices Badge.","url":"https://github.com/ossf/scorecard/blob/ab2f6e92482462fe66246d9e32f642855a691dc1/docs/checks.md#cii-best-practices"}},{"name":"Pinned-Dependencies","score":7,"reason":"dependency not pinned by hash detected -- score normalized to 7","details":["Info: Possibly incomplete results: error parsing shell code: if statement must end with \"fi\": linters/shfmt/test_data/basic.in.sh:0","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/pr.yaml:234: update your workflow using https://app.stepsecurity.io/secureworkflow/trunk-io/plugins/pr.yaml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/upgrade_trunk.yaml:19: update your workflow using https://app.stepsecurity.io/secureworkflow/trunk-io/plugins/upgrade_trunk.yaml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/upgrade_trunk.yaml:22: update your workflow using https://app.stepsecurity.io/secureworkflow/trunk-io/plugins/upgrade_trunk.yaml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/upload_results.reusable.yaml:261: update your workflow using https://app.stepsecurity.io/secureworkflow/trunk-io/plugins/upload_results.reusable.yaml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/upload_results.reusable.yaml:268: update your workflow using https://app.stepsecurity.io/secureworkflow/trunk-io/plugins/upload_results.reusable.yaml/main?enable=pin","Warn: containerImage not pinned by hash: linters/hadolint/test_data/basic.Dockerfile:1: pin your Docker image by updating ubuntu:22.04 to ubuntu:22.04@sha256:eb29ed27b0821dca09c2e28b39135e185fc1302036427d5f4d70a41ce8fd7659","Warn: containerImage not pinned by hash: linters/terrascan/test_data/basic.in.dockerfile:1: pin your Docker image by updating runatlantis/atlantis:v0.16.1 to runatlantis/atlantis:v0.16.1@sha256:45fbaf7e207c8d1f831ebabbbe63dae5aa769e00c24236fa6e55b616b4012bd9","Warn: containerImage not pinned by hash: linters/trivy/test_data/basic.Dockerfile:1: pin your Docker image by updating ubuntu:22.04 to ubuntu:22.04@sha256:eb29ed27b0821dca09c2e28b39135e185fc1302036427d5f4d70a41ce8fd7659","Info:  37 out of  39 GitHub-owned GitHubAction dependencies pinned","Info:  10 out of  13 third-party GitHubAction dependencies pinned","Info:   0 out of   3 containerImage dependencies pinned","Info:   3 out of   3 npmCommand dependencies pinned"],"documentation":{"short":"Determines if the project has declared and pinned the dependencies of its build process.","url":"https://github.com/ossf/scorecard/blob/ab2f6e92482462fe66246d9e32f642855a691dc1/docs/checks.md#pinned-dependencies"}},{"name":"Fuzzing","score":0,"reason":"project is not fuzzed","details":["Warn: no fuzzer integrations found"],"documentation":{"short":"Determines if the project uses fuzzing.","url":"https://github.com/ossf/scorecard/blob/ab2f6e92482462fe66246d9e32f642855a691dc1/docs/checks.md#fuzzing"}},{"name":"License","score":10,"reason":"license file detected","details":["Info: project has a license file: LICENSE:0","Info: FSF or OSI recognized license: MIT License: LICENSE:0"],"documentation":{"short":"Determines if the project has defined a license.","url":"https://github.com/ossf/scorecard/blob/ab2f6e92482462fe66246d9e32f642855a691dc1/docs/checks.md#license"}},{"name":"Signed-Releases","score":-1,"reason":"no releases found","details":null,"documentation":{"short":"Determines if the project cryptographically signs release artifacts.","url":"https://github.com/ossf/scorecard/blob/ab2f6e92482462fe66246d9e32f642855a691dc1/docs/checks.md#signed-releases"}},{"name":"Vulnerabilities","score":0,"reason":"222 existing vulnerabilities detected","details":["Warn: Project is vulnerable to: GHSA-2599-h6xx-hpxp","Warn: Project is vulnerable to: GHSA-8qf3-x8v5-2pj8","Warn: Project is vulnerable to: GHSA-pqhf-p39g-3x64","Warn: Project is vulnerable to: GHSA-w476-p2h3-79g9","Warn: Project is vulnerable to: GHSA-h47h-mwp9-c6q6","Warn: Project is vulnerable to: GHSA-4g8v-vg43-wpgf","Warn: Project is vulnerable to: GHSA-8xww-x3g3-6jcv","Warn: Project is vulnerable to: GHSA-p84v-45xj-wwqj","Warn: Project is vulnerable to: GHSA-vfg9-r3fq-jvx4","Warn: Project is vulnerable to: GHSA-vfm5-rmrh-j26v","Warn: Project is vulnerable to: GHSA-x76w-6vjr-8xgj","Warn: Project is vulnerable to: GHSA-v55j-83pf-r9cq","Warn: Project is vulnerable to: GHSA-xp5h-f8jf-rc8q","Warn: Project is vulnerable to: GHSA-579w-22j4-4749","Warn: Project is vulnerable to: GHSA-76r7-hhxj-r776","Warn: Project is vulnerable to: GHSA-73f9-jhhh-hr5m","Warn: Project is vulnerable to: GHSA-8h22-8cf7-hq6g","Warn: Project is vulnerable to: GHSA-9xrj-h377-fr87","Warn: Project is vulnerable to: GHSA-p9fm-f462-ggrg","Warn: Project is vulnerable to: GHSA-qcfx-2mfw-w4cg","Warn: Project is vulnerable to: GHSA-r46p-8f7g-vvvg","Warn: Project is vulnerable to: GHSA-r4mg-4433-c7g3","Warn: Project is vulnerable to: GHSA-2j26-frm8-cmj9","Warn: Project is vulnerable to: GHSA-89vf-4333-qx8v","Warn: Project is vulnerable to: GHSA-cg4j-q9v8-6v38","Warn: Project is vulnerable to: GHSA-cr5q-6q9f-rq6q","Warn: Project is vulnerable to: GHSA-j6gc-792m-qgm2","Warn: Project is vulnerable to: GHSA-pj73-v5mw-pm9j","Warn: Project is vulnerable to: GHSA-7fc5-f82f-cx69","Warn: Project is vulnerable to: GHSA-j3g3-5qv5-52mj","Warn: Project is vulnerable to: GHSA-353f-x4gh-cqq8","Warn: Project is vulnerable to: GHSA-5w6v-399v-w3cc","Warn: Project is vulnerable to: GHSA-mrxw-mxhj-p664","Warn: Project is vulnerable to: GHSA-pxvg-2qj5-37jq","Warn: Project is vulnerable to: GHSA-r95h-9x8f-r3f7","Warn: Project is vulnerable to: GHSA-vvfq-8hwr-qm4m","Warn: Project is vulnerable to: GHSA-wx95-c6cv-8532","Warn: Project is vulnerable to: GHSA-xc9x-jj77-9p9j","Warn: Project is vulnerable to: GHSA-68xg-gqqm-vgj8","Warn: Project is vulnerable to: GHSA-9hf4-67fc-4vf4","Warn: Project is vulnerable to: GHSA-c2f4-cvqm-65w2","Warn: Project is vulnerable to: GHSA-22f2-v57c-j9cx","Warn: Project is vulnerable to: GHSA-3h57-hmj3-gj3p","Warn: Project is vulnerable to: GHSA-54rr-7fvw-6x8f","Warn: Project is vulnerable to: GHSA-625h-95r8-8xpm","Warn: Project is vulnerable to: GHSA-6xw4-3v39-52mm","Warn: Project is vulnerable to: GHSA-7g2v-jj9q-g3rg","Warn: Project is vulnerable to: GHSA-7mqq-6cf9-v2qp","Warn: Project is vulnerable to: GHSA-7wqh-767x-r66v","Warn: Project is vulnerable to: GHSA-8cgq-6mh2-7j6v","Warn: Project is vulnerable to: GHSA-8vqr-qjwx-82mw","Warn: Project is vulnerable to: GHSA-c6qg-cjj8-47qp","Warn: Project is vulnerable to: GHSA-gjh7-p2fx-99vx","Warn: Project is vulnerable to: GHSA-h2jq-g4cq-5ppq","Warn: Project is vulnerable to: GHSA-mxw3-3hh2-x2mh","Warn: Project is vulnerable to: GHSA-p543-xpfm-54cp","Warn: Project is vulnerable to: GHSA-q2ww-5357-x388","Warn: Project is vulnerable to: GHSA-q4qf-9j86-f5mh","Warn: Project is vulnerable to: GHSA-qv7j-4883-hwh7","Warn: Project is vulnerable to: GHSA-r657-rxjc-j557","Warn: Project is vulnerable to: GHSA-v569-hp3g-36wr","Warn: Project is vulnerable to: GHSA-vgpv-f759-9wx3","Warn: Project is vulnerable to: GHSA-vpfw-47h7-xj4g","Warn: Project is vulnerable to: GHSA-w9pc-fmgc-vxvw","Warn: Project is vulnerable to: GHSA-whrj-4476-wvmp","Warn: Project is vulnerable to: GHSA-wpv5-97wm-hp9c","Warn: Project is vulnerable to: GHSA-x8cg-fq8g-mxfx","Warn: Project is vulnerable to: GHSA-xj5v-6v4g-jfw6","Warn: Project is vulnerable to: GO-2025-4261 / GHSA-263q-5cv3-xq9g","Warn: Project is vulnerable to: GHSA-3h6c-c475-jm7v","Warn: Project is vulnerable to: GO-2024-3056 / GHSA-4h4p-553m-46qh","Warn: Project is vulnerable to: GO-2024-2752 / GHSA-4rqq-rxvc-v2rc","Warn: Project is vulnerable to: GO-2025-4262 / GHSA-7xq4-mwcp-q8fx","Warn: Project is vulnerable to: GO-2025-4263 / GHSA-898p-hh3p-hf9r","Warn: Project is vulnerable to: GO-2026-4365 / GHSA-8fwc-qjw5-rvgp","Warn: Project is vulnerable to: GO-2023-1999 / GHSA-8j3v-68w3-3848","Warn: Project is vulnerable to: GO-2023-1894 / GHSA-cf6v-9j57-v6r6","Warn: Project is vulnerable to: GO-2025-4258 / GHSA-cm54-pfmc-xrwx","Warn: Project is vulnerable to: GO-2025-4264 / GHSA-f85h-c7m6-cfpm","Warn: Project is vulnerable to: GO-2023-1971 / GHSA-fg3x-rwq9-74cw","Warn: Project is vulnerable to: GO-2024-2769 / GHSA-fhv8-m4j4-cww2","Warn: Project is vulnerable to: GO-2022-0442 / GHSA-g7p7-x6w7-w6qg","Warn: Project is vulnerable to: GO-2022-0832 / GHSA-g95p-88p4-76cm","Warn: Project is vulnerable to: GO-2022-0353 / GHSA-h3q4-vmw4-cpr5","Warn: Project is vulnerable to: GO-2026-4367 / GHSA-hgr3-x44x-33hx","Warn: Project is vulnerable to: GO-2025-4265 / GHSA-hq57-c72x-4774","Warn: Project is vulnerable to: GO-2025-4266 / GHSA-jhx5-4vr4-f327","Warn: Project is vulnerable to: GO-2022-0609 / GHSA-jr9c-h74f-2v28","Warn: Project is vulnerable to: GO-2022-0450 / GHSA-p5f9-c9j9-g8qx","Warn: Project is vulnerable to: GO-2026-4274 / GHSA-pc73-rj2c-wvf9","Warn: Project is vulnerable to: GO-2022-0612 / GHSA-ph3w-2843-72mx","Warn: Project is vulnerable to: GO-2025-4267 / GHSA-rrcw-5rjv-vj26","Warn: Project is vulnerable to: GO-2025-4268 / GHSA-xfq3-qj7j-4565","Warn: Project is vulnerable to: GO-2022-0310 / GHSA-jrpg-35hw-m4p9","Warn: Project is vulnerable to: GO-2022-0830 / GHSA-g2qx-6ghw-67hm","Warn: Project is vulnerable to: GO-2022-1065 / GHSA-w8xw-7crf-h23x","Warn: Project is vulnerable to: GO-2026-4362 / GHSA-2vgv-hgv4-22mh","Warn: Project is vulnerable to: GO-2026-4363 / GHSA-393c-qgvj-3xph","Warn: Project is vulnerable to: GO-2026-4364 / GHSA-4xx9-vc8v-87hv","Warn: Project is vulnerable to: GO-2026-4366 / GHSA-9cgq-wp42-4rpq","Warn: Project is vulnerable to: GO-2026-4368 / GHSA-j8xr-c56q-m8jj","Warn: Project is vulnerable to: GO-2026-4369 / GHSA-qqgv-v353-cv8p","Warn: Project is vulnerable to: GO-2026-4370 / GHSA-rw22-5hhq-pfpf","Warn: Project is vulnerable to: GO-2021-0101 / GHSA-jq7p-26h5-w78r","Warn: Project is vulnerable to: GO-2022-0470 / GHSA-9w9f-6mg8-jp7w","Warn: Project is vulnerable to: GO-2020-0017 / GHSA-w73w-5m7g-f7qc","Warn: Project is vulnerable to: GO-2022-0579 / GHSA-36h2-95gj-w488","Warn: Project is vulnerable to: GO-2022-0309 / GHSA-4wp3-8q92-mh8w","Warn: Project is vulnerable to: GO-2022-0308 / GHSA-8h8p-x289-vvqr","Warn: Project is vulnerable to: GO-2022-0823 / GHSA-f5fj-7265-jxhj","Warn: Project is vulnerable to: GO-2022-0846 / GHSA-hpmr-prr2-cqc4","Warn: Project is vulnerable to: GO-2022-0862 / GHSA-q47x-6mqq-4w92","Warn: Project is vulnerable to: GO-2022-0314 / GHSA-r3gq-wxqf-q4gh","Warn: Project is vulnerable to: GHSA-r7h7-chh4-5rvm","Warn: Project is vulnerable to: GHSA-55m9-hm92-xm8j","Warn: Project is vulnerable to: GHSA-8gg8-wr4j-v2wr","Warn: Project is vulnerable to: GO-2023-1982 / GHSA-9c9w-9pq7-f35h","Warn: Project is vulnerable to: GO-2026-4455 / GHSA-9f8m-9547-2gqm","Warn: Project is vulnerable to: GO-2023-1936 / GHSA-9h9f-9q8g-6764","Warn: Project is vulnerable to: GO-2022-0987 / GHSA-hvw3-p9px-gpc9","Warn: Project is vulnerable to: GO-2025-3361 / GHSA-rv83-h68q-c4wq","Warn: Project is vulnerable to: GO-2024-2605 / GHSA-m7wr-2xf7-cm9p","Warn: Project is vulnerable to: GO-2024-2606 / GHSA-mrww-27vc-gghv","Warn: Project is vulnerable to: GO-2022-0762 / GHSA-3x58-xr87-2fcj","Warn: Project is vulnerable to: GO-2022-0588 / GHSA-x95h-979x-cf3j","Warn: Project is vulnerable to: GO-2022-0322 / GHSA-cg3q-j54f-5p7p","Warn: Project is vulnerable to: GO-2025-4188 / GHSA-4f99-4q7p-p3gh","Warn: Project is vulnerable to: GO-2020-0041 / GHSA-88jf-7rch-32qc","Warn: Project is vulnerable to: GO-2021-0228 / GHSA-vpx7-vm66-qx8r","Warn: Project is vulnerable to: GO-2026-4923","Warn: Project is vulnerable to: GO-2021-0112 / GHSA-f6mq-5m25-4r72","Warn: Project is vulnerable to: GO-2021-0227 / GHSA-3vm4-22fp-5rfm","Warn: Project is vulnerable to: GO-2023-2402 / GHSA-45x7-px36-x8w8","Warn: Project is vulnerable to: GO-2021-0356 / GHSA-8c26-wmh5-6g9v","Warn: Project is vulnerable to: GO-2022-0229 / GHSA-cjjc-xp8v-855w","Warn: Project is vulnerable to: GO-2025-4135 / GHSA-f6x5-jh6r-wrfv","Warn: Project is vulnerable to: GO-2020-0012 / GHSA-ffhg-7mh4-33c4","Warn: Project is vulnerable to: GO-2022-0968 / GHSA-gwc9-m7rh-j2ww","Warn: Project is vulnerable to: GO-2025-3487 / GHSA-hcg3-q754-cr77","Warn: Project is vulnerable to: GO-2025-4134 / GHSA-j5w8-q4qc-rx2x","Warn: Project is vulnerable to: GO-2022-0209 / GHSA-r5c5-pr8j-pfp7","Warn: Project is vulnerable to: GO-2024-3321 / GHSA-v778-237x-gjrc","Warn: Project is vulnerable to: GO-2023-1992 / GHSA-x3jr-pf6g-c48f","Warn: Project is vulnerable to: GO-2024-2961","Warn: Project is vulnerable to: GO-2025-4116","Warn: Project is vulnerable to: GO-2026-4815 / GHSA-44p7-9xx4-hf2g","Warn: Project is vulnerable to: GO-2024-2937 / GHSA-9phm-fm57-rhg8","Warn: Project is vulnerable to: GO-2023-1990 / GHSA-j3p8-6mrq-6g7h","Warn: Project is vulnerable to: GO-2023-1572 / GHSA-qgc7-mgm3-q253","Warn: Project is vulnerable to: GO-2023-1989 / GHSA-x92r-3vfx-4cv3","Warn: Project is vulnerable to: GO-2023-1988 / GHSA-2wrh-6pvc-2jm9","Warn: Project is vulnerable to: GO-2023-2102 / GHSA-4374-p667-p6c8","Warn: Project is vulnerable to: GO-2024-2687 / GHSA-4v7x-pqxf-cx7m","Warn: Project is vulnerable to: GO-2022-0969 / GHSA-69cg-p879-7622","Warn: Project is vulnerable to: GO-2021-0238 / GHSA-83g2-8m93-v3w7","Warn: Project is vulnerable to: GO-2022-0236 / GHSA-h86h-8ppg-mxmh","Warn: Project is vulnerable to: GHSA-qppj-fm5r-hxr3","Warn: Project is vulnerable to: GO-2025-3503 / GHSA-qxp5-gwg8-xv66","Warn: Project is vulnerable to: GO-2025-3595 / GHSA-vvgc-356p-c3xw","Warn: Project is vulnerable to: GO-2023-1571 / GHSA-vvpx-j8f3-3w6h","Warn: Project is vulnerable to: GO-2022-1144 / GHSA-xrjj-mj9h-534m","Warn: Project is vulnerable to: GO-2022-0288","Warn: Project is vulnerable to: GO-2024-3333","Warn: Project is vulnerable to: GO-2026-4440","Warn: Project is vulnerable to: GO-2026-4441","Warn: Project is vulnerable to: GO-2022-0493 / GHSA-p782-xgp4-8hr8","Warn: Project is vulnerable to: GO-2023-2153 / GHSA-m425-mq94-257g","Warn: Project is vulnerable to: GO-2026-4762 / GHSA-p77j-4mvh-x3m3","Warn: Project is vulnerable to: GO-2024-2631 / GHSA-c5q2-7r4c-mv6g","Warn: Project is vulnerable to: GO-2024-2456 / GHSA-449p-3h89-pw88","Warn: Project is vulnerable to: GO-2024-2466 / GHSA-mw99-9chc-xw7r","Warn: Project is vulnerable to: GO-2025-3367 / GHSA-r9px-m959-cxf4","Warn: Project is vulnerable to: GO-2025-3368 / GHSA-v725-9546-7q7m","Warn: Project is vulnerable to: RUSTSEC-2024-0019 / GHSA-r8w9-5wcg-vfj7","Warn: Project is vulnerable to: PYSEC-2023-98 / GHSA-2qmj-7962-cjq8","Warn: Project is vulnerable to: PYSEC-2024-118 / GHSA-3hjh-jh2h-vrg6","Warn: Project is vulnerable to: PYSEC-2024-115 / GHSA-45pg-36p6-83v9","Warn: Project is vulnerable to: PYSEC-2023-109 / GHSA-57fc-8q82-gfp3","Warn: Project is vulnerable to: PYSEC-2023-205 / GHSA-655w-fm8m-m478","Warn: Project is vulnerable to: PYSEC-2023-92 / GHSA-6643-h7h5-x9wh","Warn: Project is vulnerable to: GHSA-6h8p-4hx9-w66c","Warn: Project is vulnerable to: GHSA-7gfq-f96f-g85j","Warn: Project is vulnerable to: PYSEC-2023-110 / GHSA-7q94-qpjr-xpgm","Warn: Project is vulnerable to: GHSA-8h5w-f6q9-wg35","Warn: Project is vulnerable to: PYSEC-2023-146 / GHSA-92j5-3459-qgp4","Warn: Project is vulnerable to: PYSEC-2023-162 / GHSA-f73w-4m7g-ch9x","Warn: Project is vulnerable to: PYSEC-2023-145 / GHSA-fj32-q626-pjjc","Warn: Project is vulnerable to: PYSEC-2023-138 / GHSA-gwqq-6vq7-5j86","Warn: Project is vulnerable to: PYSEC-2024-43 / GHSA-h59x-p739-982c","Warn: Project is vulnerable to: GHSA-h9j7-5xvc-qhg5","Warn: Project is vulnerable to: PYSEC-2023-147 / GHSA-prgp-w7vf-ch62","Warn: Project is vulnerable to: GHSA-rgp8-pm28-3759","Warn: Project is vulnerable to: PYSEC-2023-91 / GHSA-x32c-59v5-h7fg","Warn: Project is vulnerable to: GHSA-3f63-hfp8-52jq","Warn: Project is vulnerable to: GHSA-44wm-f244-xhp3","Warn: Project is vulnerable to: PYSEC-2023-227 / GHSA-8ghj-p4vj-mr35","Warn: Project is vulnerable to: GHSA-j7hp-h8jx-5ppr","Warn: Project is vulnerable to: PYSEC-2022-42979 / GHSA-m2vv-5vj5-2hm7","Warn: Project is vulnerable to: OSV-2022-1074","Warn: Project is vulnerable to: OSV-2022-715","Warn: Project is vulnerable to: PYSEC-2023-175","Warn: Project is vulnerable to: GHSA-xffm-g5w8-qvg7","Warn: Project is vulnerable to: GHSA-2g4f-4pwh-qvx6","Warn: Project is vulnerable to: GHSA-f886-m6hf-6m8v","Warn: Project is vulnerable to: GHSA-v6h2-p8h4-qcjw","Warn: Project is vulnerable to: GHSA-73rr-hh4g-fpgx","Warn: Project is vulnerable to: GHSA-25h7-pfq9-p65f","Warn: Project is vulnerable to: GHSA-rf6f-7fwh-wjgh","Warn: Project is vulnerable to: GHSA-mh29-5h37-fv8m","Warn: Project is vulnerable to: GHSA-23c5-xmqv-rm74","Warn: Project is vulnerable to: GHSA-3ppc-4f35-3m26","Warn: Project is vulnerable to: GHSA-7r86-cg39-jmmj","Warn: Project is vulnerable to: GHSA-3v7f-55p6-f55p","Warn: Project is vulnerable to: GHSA-c2c7-rcm5-vvqj","Warn: Project is vulnerable to: GHSA-r275-fr43-pm7q","Warn: Project is vulnerable to: GHSA-34x7-hfp2-rc4v","Warn: Project is vulnerable to: GHSA-83g3-92jg-28cx","Warn: Project is vulnerable to: GHSA-8qq5-rm4j-mr97","Warn: Project is vulnerable to: GHSA-9ppj-qmqm-q256","Warn: Project is vulnerable to: GHSA-qffp-2rhf-9h96","Warn: Project is vulnerable to: GHSA-r6q2-hw4h-h46w","Warn: Project is vulnerable to: GHSA-48c2-rrv3-qjmp"],"documentation":{"short":"Determines if the project has open, known unfixed vulnerabilities.","url":"https://github.com/ossf/scorecard/blob/ab2f6e92482462fe66246d9e32f642855a691dc1/docs/checks.md#vulnerabilities"}},{"name":"Branch-Protection","score":8,"reason":"branch protection is not maximal on development and all release branches","details":["Info: 'allow deletion' disabled on branch 'main'","Info: 'force pushes' disabled on branch 'main'","Warn: required approving review count is 1 on branch 'main'","Warn: codeowners review is not required on branch 'main'","Info: status check found to merge onto on branch 'main'","Info: PRs are required in order to make changes on branch 'main'"],"documentation":{"short":"Determines if the default and release branches are protected with GitHub's branch protection settings.","url":"https://github.com/ossf/scorecard/blob/ab2f6e92482462fe66246d9e32f642855a691dc1/docs/checks.md#branch-protection"}},{"name":"SAST","score":10,"reason":"SAST tool is run on all commits","details":["Info: SAST configuration detected: CodeQL","Info: all commits (29) are checked with a SAST tool"],"documentation":{"short":"Determines if the project uses static code analysis.","url":"https://github.com/ossf/scorecard/blob/ab2f6e92482462fe66246d9e32f642855a691dc1/docs/checks.md#sast"}},{"name":"CI-Tests","score":10,"reason":"29 out of 29 merged PRs checked by a CI test -- score normalized to 10","details":null,"documentation":{"short":"Determines if the project runs tests before pull requests are merged.","url":"https://github.com/ossf/scorecard/blob/ab2f6e92482462fe66246d9e32f642855a691dc1/docs/checks.md#ci-tests"}},{"name":"Contributors","score":10,"reason":"project has 5 contributing companies or organizations","details":["Info: found contributions from: DukeRobotics, boundaryml, github, trunk-io, trunk.io"],"documentation":{"short":"Determines if the project has a set of contributors from multiple organizations (e.g., companies).","url":"https://github.com/ossf/scorecard/blob/ab2f6e92482462fe66246d9e32f642855a691dc1/docs/checks.md#contributors"}}]}