From 7439e96ca6c9293b9de76aa51acd3ef02661e34e Mon Sep 17 00:00:00 2001 From: GitHub Actions Date: Sat, 11 Jan 2025 00:10:40 +0000 Subject: [PATCH] update DSACMS data: Sat Jan 11 00:10:40 UTC 2025 --- .../_data/DSACMS/.github/.github_data.json | 42 ++++++------- .../DSACMS/cms-gource/cms-gource_data.json | 42 ++++++------- .../DSACMS/dedupliFHIR/dedupliFHIR_data.json | 42 ++++++------- .../drive2gource/drive2gource_data.json | 42 ++++++------- .../dsacms.github.io_data.json | 42 ++++++------- .../income-reporting-playbook_data.json | 42 ++++++------- .../iv-cbv-payroll/iv-cbv-payroll_data.json | 50 +++++++-------- .../DSACMS/iv-verify/iv-verify_data.json | 44 ++++++------- .../_data/DSACMS/metrics/metrics_data.json | 62 +++++++++---------- .../mural-ollama/mural-ollama_data.json | 42 ++++++------- app/site/_data/DSACMS/open/open_data.json | 42 ++++++------- .../opportunities/opportunities_data.json | 42 ++++++------- .../DSACMS/ospo-guide/ospo-guide_data.json | 42 ++++++------- .../oss-community-runbook_data.json | 42 ++++++------- .../repo-scaffolder/repo-scaffolder_data.json | 48 +++++++------- .../repodive-tools/repodive-tools_data.json | 42 ++++++------- .../reverse-scorecard-generation_data.json | 42 ++++++------- 17 files changed, 375 insertions(+), 375 deletions(-) diff --git a/app/site/_data/DSACMS/.github/.github_data.json b/app/site/_data/DSACMS/.github/.github_data.json index 86f4a49c5c..26fdb8d9cf 100644 --- a/app/site/_data/DSACMS/.github/.github_data.json +++ b/app/site/_data/DSACMS/.github/.github_data.json @@ -145,14 +145,14 @@ }, "created_at": "2023-03-28T21:30:52Z", "ossf_scorecard": { - "date": "2025-01-05T08:47:32Z", + "date": "2025-01-11T00:08:52Z", "repo": { "name": "github.com/DSACMS/.github", "commit": "cd2f55d7147966e5d1499ffe364ce1904bc59779" }, "scorecard": { - "version": "v5.0.0-125-g975ee230", - "commit": "975ee2304ef7097c94a377fe95976604b4adcf22" + "version": "v5.0.0-132-g43d5832d", + "commit": "43d5832d25ccc597a9b94926b6ad43da25204085" }, "score": 4.4, "checks": [ @@ -162,7 +162,7 @@ "reason": "no binaries found in the repo", "name": "Binary-Artifacts", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/975ee2304ef7097c94a377fe95976604b4adcf22/docs/checks.md#binary-artifacts", + "url": "https://github.com/ossf/scorecard/blob/43d5832d25ccc597a9b94926b6ad43da25204085/docs/checks.md#binary-artifacts", "short": "Determines if the project has generated executable (binary) artifacts in the source repository." } }, @@ -172,7 +172,7 @@ "reason": "branch protection not enabled on development/release branches", "name": "Branch-Protection", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/975ee2304ef7097c94a377fe95976604b4adcf22/docs/checks.md#branch-protection", + "url": "https://github.com/ossf/scorecard/blob/43d5832d25ccc597a9b94926b6ad43da25204085/docs/checks.md#branch-protection", "short": "Determines if the default and release branches are protected with GitHub's branch protection settings." } }, @@ -182,7 +182,7 @@ "reason": "0 out of 4 merged PRs checked by a CI test -- score normalized to 0", "name": "CI-Tests", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/975ee2304ef7097c94a377fe95976604b4adcf22/docs/checks.md#ci-tests", + "url": "https://github.com/ossf/scorecard/blob/43d5832d25ccc597a9b94926b6ad43da25204085/docs/checks.md#ci-tests", "short": "Determines if the project runs tests before pull requests are merged." } }, @@ -192,7 +192,7 @@ "reason": "no effort to earn an OpenSSF best practices badge detected", "name": "CII-Best-Practices", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/975ee2304ef7097c94a377fe95976604b4adcf22/docs/checks.md#cii-best-practices", + "url": "https://github.com/ossf/scorecard/blob/43d5832d25ccc597a9b94926b6ad43da25204085/docs/checks.md#cii-best-practices", "short": "Determines if the project has an OpenSSF (formerly CII) Best Practices Badge." } }, @@ -202,7 +202,7 @@ "reason": "Found 4/23 approved changesets -- score normalized to 1", "name": "Code-Review", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/975ee2304ef7097c94a377fe95976604b4adcf22/docs/checks.md#code-review", + "url": "https://github.com/ossf/scorecard/blob/43d5832d25ccc597a9b94926b6ad43da25204085/docs/checks.md#code-review", "short": "Determines if the project requires human code review before pull requests (aka merge requests) are merged." } }, @@ -212,7 +212,7 @@ "reason": "project has 4 contributing companies or organizations", "name": "Contributors", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/975ee2304ef7097c94a377fe95976604b4adcf22/docs/checks.md#contributors", + "url": "https://github.com/ossf/scorecard/blob/43d5832d25ccc597a9b94926b6ad43da25204085/docs/checks.md#contributors", "short": "Determines if the project has a set of contributors from multiple organizations (e.g., companies)." } }, @@ -222,7 +222,7 @@ "reason": "internal error: internal error: invalid GitHub workflow:\n:18:0: could not parse as YAML: yaml: line 18: found character that cannot start any token [syntax-check]", "name": "Dangerous-Workflow", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/975ee2304ef7097c94a377fe95976604b4adcf22/docs/checks.md#dangerous-workflow", + "url": "https://github.com/ossf/scorecard/blob/43d5832d25ccc597a9b94926b6ad43da25204085/docs/checks.md#dangerous-workflow", "short": "Determines if the project's GitHub Action workflows avoid dangerous patterns." } }, @@ -232,7 +232,7 @@ "reason": "no update tool detected", "name": "Dependency-Update-Tool", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/975ee2304ef7097c94a377fe95976604b4adcf22/docs/checks.md#dependency-update-tool", + "url": "https://github.com/ossf/scorecard/blob/43d5832d25ccc597a9b94926b6ad43da25204085/docs/checks.md#dependency-update-tool", "short": "Determines if the project uses a dependency update tool." } }, @@ -242,7 +242,7 @@ "reason": "project is not fuzzed", "name": "Fuzzing", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/975ee2304ef7097c94a377fe95976604b4adcf22/docs/checks.md#fuzzing", + "url": "https://github.com/ossf/scorecard/blob/43d5832d25ccc597a9b94926b6ad43da25204085/docs/checks.md#fuzzing", "short": "Determines if the project uses fuzzing." } }, @@ -252,7 +252,7 @@ "reason": "license file detected", "name": "License", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/975ee2304ef7097c94a377fe95976604b4adcf22/docs/checks.md#license", + "url": "https://github.com/ossf/scorecard/blob/43d5832d25ccc597a9b94926b6ad43da25204085/docs/checks.md#license", "short": "Determines if the project has defined a license." } }, @@ -262,7 +262,7 @@ "reason": "5 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 4", "name": "Maintained", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/975ee2304ef7097c94a377fe95976604b4adcf22/docs/checks.md#maintained", + "url": "https://github.com/ossf/scorecard/blob/43d5832d25ccc597a9b94926b6ad43da25204085/docs/checks.md#maintained", "short": "Determines if the project is \"actively maintained\"." } }, @@ -272,7 +272,7 @@ "reason": "internal error: internal error: invalid GitHub workflow:\n:18:0: could not parse as YAML: yaml: line 18: found character that cannot start any token [syntax-check]", "name": "Packaging", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/975ee2304ef7097c94a377fe95976604b4adcf22/docs/checks.md#packaging", + "url": "https://github.com/ossf/scorecard/blob/43d5832d25ccc597a9b94926b6ad43da25204085/docs/checks.md#packaging", "short": "Determines if the project is published as a package that others can easily download, install, easily update, and uninstall." } }, @@ -282,7 +282,7 @@ "reason": "internal error: internal error: invalid GitHub workflow:\n:18:0: could not parse as YAML: yaml: line 18: found character that cannot start any token [syntax-check]", "name": "Pinned-Dependencies", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/975ee2304ef7097c94a377fe95976604b4adcf22/docs/checks.md#pinned-dependencies", + "url": "https://github.com/ossf/scorecard/blob/43d5832d25ccc597a9b94926b6ad43da25204085/docs/checks.md#pinned-dependencies", "short": "Determines if the project has declared and pinned the dependencies of its build process." } }, @@ -292,7 +292,7 @@ "reason": "internal error: internal error: invalid GitHub workflow:\n:18:0: could not parse as YAML: yaml: line 18: found character that cannot start any token [syntax-check]", "name": "SAST", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/975ee2304ef7097c94a377fe95976604b4adcf22/docs/checks.md#sast", + "url": "https://github.com/ossf/scorecard/blob/43d5832d25ccc597a9b94926b6ad43da25204085/docs/checks.md#sast", "short": "Determines if the project uses static code analysis." } }, @@ -302,7 +302,7 @@ "reason": "security policy file detected", "name": "Security-Policy", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/975ee2304ef7097c94a377fe95976604b4adcf22/docs/checks.md#security-policy", + "url": "https://github.com/ossf/scorecard/blob/43d5832d25ccc597a9b94926b6ad43da25204085/docs/checks.md#security-policy", "short": "Determines if the project has published a security policy." } }, @@ -312,7 +312,7 @@ "reason": "no releases found", "name": "Signed-Releases", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/975ee2304ef7097c94a377fe95976604b4adcf22/docs/checks.md#signed-releases", + "url": "https://github.com/ossf/scorecard/blob/43d5832d25ccc597a9b94926b6ad43da25204085/docs/checks.md#signed-releases", "short": "Determines if the project cryptographically signs release artifacts." } }, @@ -322,7 +322,7 @@ "reason": "internal error: internal error: invalid GitHub workflow:\n:18:0: could not parse as YAML: yaml: line 18: found character that cannot start any token [syntax-check]", "name": "Token-Permissions", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/975ee2304ef7097c94a377fe95976604b4adcf22/docs/checks.md#token-permissions", + "url": "https://github.com/ossf/scorecard/blob/43d5832d25ccc597a9b94926b6ad43da25204085/docs/checks.md#token-permissions", "short": "Determines if the project's workflows follow the principle of least privilege." } }, @@ -332,7 +332,7 @@ "reason": "0 existing vulnerabilities detected", "name": "Vulnerabilities", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/975ee2304ef7097c94a377fe95976604b4adcf22/docs/checks.md#vulnerabilities", + "url": "https://github.com/ossf/scorecard/blob/43d5832d25ccc597a9b94926b6ad43da25204085/docs/checks.md#vulnerabilities", "short": "Determines if the project has open, known unfixed vulnerabilities." } } diff --git a/app/site/_data/DSACMS/cms-gource/cms-gource_data.json b/app/site/_data/DSACMS/cms-gource/cms-gource_data.json index 568d0d829a..d6dc49676b 100644 --- a/app/site/_data/DSACMS/cms-gource/cms-gource_data.json +++ b/app/site/_data/DSACMS/cms-gource/cms-gource_data.json @@ -88,14 +88,14 @@ }, "created_at": "2023-08-21T15:47:26Z", "ossf_scorecard": { - "date": "2025-01-05T08:49:01Z", + "date": "2025-01-11T00:10:35Z", "repo": { "name": "github.com/DSACMS/cms-gource", "commit": "2cc274069a65787b994d7f30e2699f9ee0363a55" }, "scorecard": { - "version": "v5.0.0-125-g975ee230", - "commit": "975ee2304ef7097c94a377fe95976604b4adcf22" + "version": "v5.0.0-132-g43d5832d", + "commit": "43d5832d25ccc597a9b94926b6ad43da25204085" }, "score": 3.7, "checks": [ @@ -105,7 +105,7 @@ "reason": "no binaries found in the repo", "name": "Binary-Artifacts", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/975ee2304ef7097c94a377fe95976604b4adcf22/docs/checks.md#binary-artifacts", + "url": "https://github.com/ossf/scorecard/blob/43d5832d25ccc597a9b94926b6ad43da25204085/docs/checks.md#binary-artifacts", "short": "Determines if the project has generated executable (binary) artifacts in the source repository." } }, @@ -115,7 +115,7 @@ "reason": "branch protection not enabled on development/release branches", "name": "Branch-Protection", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/975ee2304ef7097c94a377fe95976604b4adcf22/docs/checks.md#branch-protection", + "url": "https://github.com/ossf/scorecard/blob/43d5832d25ccc597a9b94926b6ad43da25204085/docs/checks.md#branch-protection", "short": "Determines if the default and release branches are protected with GitHub's branch protection settings." } }, @@ -125,7 +125,7 @@ "reason": "no pull request found", "name": "CI-Tests", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/975ee2304ef7097c94a377fe95976604b4adcf22/docs/checks.md#ci-tests", + "url": "https://github.com/ossf/scorecard/blob/43d5832d25ccc597a9b94926b6ad43da25204085/docs/checks.md#ci-tests", "short": "Determines if the project runs tests before pull requests are merged." } }, @@ -135,7 +135,7 @@ "reason": "no effort to earn an OpenSSF best practices badge detected", "name": "CII-Best-Practices", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/975ee2304ef7097c94a377fe95976604b4adcf22/docs/checks.md#cii-best-practices", + "url": "https://github.com/ossf/scorecard/blob/43d5832d25ccc597a9b94926b6ad43da25204085/docs/checks.md#cii-best-practices", "short": "Determines if the project has an OpenSSF (formerly CII) Best Practices Badge." } }, @@ -145,7 +145,7 @@ "reason": "Found 0/26 approved changesets -- score normalized to 0", "name": "Code-Review", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/975ee2304ef7097c94a377fe95976604b4adcf22/docs/checks.md#code-review", + "url": "https://github.com/ossf/scorecard/blob/43d5832d25ccc597a9b94926b6ad43da25204085/docs/checks.md#code-review", "short": "Determines if the project requires human code review before pull requests (aka merge requests) are merged." } }, @@ -155,7 +155,7 @@ "reason": "project has 3 contributing companies or organizations -- score normalized to 10", "name": "Contributors", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/975ee2304ef7097c94a377fe95976604b4adcf22/docs/checks.md#contributors", + "url": "https://github.com/ossf/scorecard/blob/43d5832d25ccc597a9b94926b6ad43da25204085/docs/checks.md#contributors", "short": "Determines if the project has a set of contributors from multiple organizations (e.g., companies)." } }, @@ -165,7 +165,7 @@ "reason": "no workflows found", "name": "Dangerous-Workflow", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/975ee2304ef7097c94a377fe95976604b4adcf22/docs/checks.md#dangerous-workflow", + "url": "https://github.com/ossf/scorecard/blob/43d5832d25ccc597a9b94926b6ad43da25204085/docs/checks.md#dangerous-workflow", "short": "Determines if the project's GitHub Action workflows avoid dangerous patterns." } }, @@ -175,7 +175,7 @@ "reason": "no update tool detected", "name": "Dependency-Update-Tool", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/975ee2304ef7097c94a377fe95976604b4adcf22/docs/checks.md#dependency-update-tool", + "url": "https://github.com/ossf/scorecard/blob/43d5832d25ccc597a9b94926b6ad43da25204085/docs/checks.md#dependency-update-tool", "short": "Determines if the project uses a dependency update tool." } }, @@ -185,7 +185,7 @@ "reason": "project is not fuzzed", "name": "Fuzzing", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/975ee2304ef7097c94a377fe95976604b4adcf22/docs/checks.md#fuzzing", + "url": "https://github.com/ossf/scorecard/blob/43d5832d25ccc597a9b94926b6ad43da25204085/docs/checks.md#fuzzing", "short": "Determines if the project uses fuzzing." } }, @@ -195,7 +195,7 @@ "reason": "license file detected", "name": "License", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/975ee2304ef7097c94a377fe95976604b4adcf22/docs/checks.md#license", + "url": "https://github.com/ossf/scorecard/blob/43d5832d25ccc597a9b94926b6ad43da25204085/docs/checks.md#license", "short": "Determines if the project has defined a license." } }, @@ -205,7 +205,7 @@ "reason": "0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0", "name": "Maintained", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/975ee2304ef7097c94a377fe95976604b4adcf22/docs/checks.md#maintained", + "url": "https://github.com/ossf/scorecard/blob/43d5832d25ccc597a9b94926b6ad43da25204085/docs/checks.md#maintained", "short": "Determines if the project is \"actively maintained\"." } }, @@ -215,7 +215,7 @@ "reason": "packaging workflow not detected", "name": "Packaging", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/975ee2304ef7097c94a377fe95976604b4adcf22/docs/checks.md#packaging", + "url": "https://github.com/ossf/scorecard/blob/43d5832d25ccc597a9b94926b6ad43da25204085/docs/checks.md#packaging", "short": "Determines if the project is published as a package that others can easily download, install, easily update, and uninstall." } }, @@ -225,7 +225,7 @@ "reason": "no dependencies found", "name": "Pinned-Dependencies", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/975ee2304ef7097c94a377fe95976604b4adcf22/docs/checks.md#pinned-dependencies", + "url": "https://github.com/ossf/scorecard/blob/43d5832d25ccc597a9b94926b6ad43da25204085/docs/checks.md#pinned-dependencies", "short": "Determines if the project has declared and pinned the dependencies of its build process." } }, @@ -235,7 +235,7 @@ "reason": "no SAST tool detected", "name": "SAST", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/975ee2304ef7097c94a377fe95976604b4adcf22/docs/checks.md#sast", + "url": "https://github.com/ossf/scorecard/blob/43d5832d25ccc597a9b94926b6ad43da25204085/docs/checks.md#sast", "short": "Determines if the project uses static code analysis." } }, @@ -245,7 +245,7 @@ "reason": "security policy file detected", "name": "Security-Policy", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/975ee2304ef7097c94a377fe95976604b4adcf22/docs/checks.md#security-policy", + "url": "https://github.com/ossf/scorecard/blob/43d5832d25ccc597a9b94926b6ad43da25204085/docs/checks.md#security-policy", "short": "Determines if the project has published a security policy." } }, @@ -255,7 +255,7 @@ "reason": "no releases found", "name": "Signed-Releases", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/975ee2304ef7097c94a377fe95976604b4adcf22/docs/checks.md#signed-releases", + "url": "https://github.com/ossf/scorecard/blob/43d5832d25ccc597a9b94926b6ad43da25204085/docs/checks.md#signed-releases", "short": "Determines if the project cryptographically signs release artifacts." } }, @@ -265,7 +265,7 @@ "reason": "No tokens found", "name": "Token-Permissions", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/975ee2304ef7097c94a377fe95976604b4adcf22/docs/checks.md#token-permissions", + "url": "https://github.com/ossf/scorecard/blob/43d5832d25ccc597a9b94926b6ad43da25204085/docs/checks.md#token-permissions", "short": "Determines if the project's workflows follow the principle of least privilege." } }, @@ -275,7 +275,7 @@ "reason": "0 existing vulnerabilities detected", "name": "Vulnerabilities", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/975ee2304ef7097c94a377fe95976604b4adcf22/docs/checks.md#vulnerabilities", + "url": "https://github.com/ossf/scorecard/blob/43d5832d25ccc597a9b94926b6ad43da25204085/docs/checks.md#vulnerabilities", "short": "Determines if the project has open, known unfixed vulnerabilities." } } diff --git a/app/site/_data/DSACMS/dedupliFHIR/dedupliFHIR_data.json b/app/site/_data/DSACMS/dedupliFHIR/dedupliFHIR_data.json index c8835b0cb7..533da09908 100644 --- a/app/site/_data/DSACMS/dedupliFHIR/dedupliFHIR_data.json +++ b/app/site/_data/DSACMS/dedupliFHIR/dedupliFHIR_data.json @@ -288,14 +288,14 @@ }, "created_at": "2023-06-22T17:08:19Z", "ossf_scorecard": { - "date": "2025-01-05T08:48:02Z", + "date": "2025-01-11T00:09:26Z", "repo": { "name": "github.com/DSACMS/dedupliFHIR", "commit": "64fad3a0af903b94e651179f0fe0e413ab381725" }, "scorecard": { - "version": "v5.0.0-125-g975ee230", - "commit": "975ee2304ef7097c94a377fe95976604b4adcf22" + "version": "v5.0.0-132-g43d5832d", + "commit": "43d5832d25ccc597a9b94926b6ad43da25204085" }, "score": 5.8, "checks": [ @@ -305,7 +305,7 @@ "reason": "no binaries found in the repo", "name": "Binary-Artifacts", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/975ee2304ef7097c94a377fe95976604b4adcf22/docs/checks.md#binary-artifacts", + "url": "https://github.com/ossf/scorecard/blob/43d5832d25ccc597a9b94926b6ad43da25204085/docs/checks.md#binary-artifacts", "short": "Determines if the project has generated executable (binary) artifacts in the source repository." } }, @@ -315,7 +315,7 @@ "reason": "branch protection is not maximal on development and all release branches", "name": "Branch-Protection", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/975ee2304ef7097c94a377fe95976604b4adcf22/docs/checks.md#branch-protection", + "url": "https://github.com/ossf/scorecard/blob/43d5832d25ccc597a9b94926b6ad43da25204085/docs/checks.md#branch-protection", "short": "Determines if the default and release branches are protected with GitHub's branch protection settings." } }, @@ -325,7 +325,7 @@ "reason": "5 out of 9 merged PRs checked by a CI test -- score normalized to 5", "name": "CI-Tests", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/975ee2304ef7097c94a377fe95976604b4adcf22/docs/checks.md#ci-tests", + "url": "https://github.com/ossf/scorecard/blob/43d5832d25ccc597a9b94926b6ad43da25204085/docs/checks.md#ci-tests", "short": "Determines if the project runs tests before pull requests are merged." } }, @@ -335,7 +335,7 @@ "reason": "no effort to earn an OpenSSF best practices badge detected", "name": "CII-Best-Practices", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/975ee2304ef7097c94a377fe95976604b4adcf22/docs/checks.md#cii-best-practices", + "url": "https://github.com/ossf/scorecard/blob/43d5832d25ccc597a9b94926b6ad43da25204085/docs/checks.md#cii-best-practices", "short": "Determines if the project has an OpenSSF (formerly CII) Best Practices Badge." } }, @@ -345,7 +345,7 @@ "reason": "Found 1/4 approved changesets -- score normalized to 2", "name": "Code-Review", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/975ee2304ef7097c94a377fe95976604b4adcf22/docs/checks.md#code-review", + "url": "https://github.com/ossf/scorecard/blob/43d5832d25ccc597a9b94926b6ad43da25204085/docs/checks.md#code-review", "short": "Determines if the project requires human code review before pull requests (aka merge requests) are merged." } }, @@ -355,7 +355,7 @@ "reason": "project has 4 contributing companies or organizations", "name": "Contributors", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/975ee2304ef7097c94a377fe95976604b4adcf22/docs/checks.md#contributors", + "url": "https://github.com/ossf/scorecard/blob/43d5832d25ccc597a9b94926b6ad43da25204085/docs/checks.md#contributors", "short": "Determines if the project has a set of contributors from multiple organizations (e.g., companies)." } }, @@ -365,7 +365,7 @@ "reason": "no dangerous workflow patterns detected", "name": "Dangerous-Workflow", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/975ee2304ef7097c94a377fe95976604b4adcf22/docs/checks.md#dangerous-workflow", + "url": "https://github.com/ossf/scorecard/blob/43d5832d25ccc597a9b94926b6ad43da25204085/docs/checks.md#dangerous-workflow", "short": "Determines if the project's GitHub Action workflows avoid dangerous patterns." } }, @@ -375,7 +375,7 @@ "reason": "update tool detected", "name": "Dependency-Update-Tool", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/975ee2304ef7097c94a377fe95976604b4adcf22/docs/checks.md#dependency-update-tool", + "url": "https://github.com/ossf/scorecard/blob/43d5832d25ccc597a9b94926b6ad43da25204085/docs/checks.md#dependency-update-tool", "short": "Determines if the project uses a dependency update tool." } }, @@ -385,7 +385,7 @@ "reason": "project is not fuzzed", "name": "Fuzzing", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/975ee2304ef7097c94a377fe95976604b4adcf22/docs/checks.md#fuzzing", + "url": "https://github.com/ossf/scorecard/blob/43d5832d25ccc597a9b94926b6ad43da25204085/docs/checks.md#fuzzing", "short": "Determines if the project uses fuzzing." } }, @@ -395,7 +395,7 @@ "reason": "license file detected", "name": "License", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/975ee2304ef7097c94a377fe95976604b4adcf22/docs/checks.md#license", + "url": "https://github.com/ossf/scorecard/blob/43d5832d25ccc597a9b94926b6ad43da25204085/docs/checks.md#license", "short": "Determines if the project has defined a license." } }, @@ -405,7 +405,7 @@ "reason": "30 commit(s) and 1 issue activity found in the last 90 days -- score normalized to 10", "name": "Maintained", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/975ee2304ef7097c94a377fe95976604b4adcf22/docs/checks.md#maintained", + "url": "https://github.com/ossf/scorecard/blob/43d5832d25ccc597a9b94926b6ad43da25204085/docs/checks.md#maintained", "short": "Determines if the project is \"actively maintained\"." } }, @@ -415,7 +415,7 @@ "reason": "packaging workflow not detected", "name": "Packaging", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/975ee2304ef7097c94a377fe95976604b4adcf22/docs/checks.md#packaging", + "url": "https://github.com/ossf/scorecard/blob/43d5832d25ccc597a9b94926b6ad43da25204085/docs/checks.md#packaging", "short": "Determines if the project is published as a package that others can easily download, install, easily update, and uninstall." } }, @@ -425,7 +425,7 @@ "reason": "dependency not pinned by hash detected -- score normalized to 1", "name": "Pinned-Dependencies", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/975ee2304ef7097c94a377fe95976604b4adcf22/docs/checks.md#pinned-dependencies", + "url": "https://github.com/ossf/scorecard/blob/43d5832d25ccc597a9b94926b6ad43da25204085/docs/checks.md#pinned-dependencies", "short": "Determines if the project has declared and pinned the dependencies of its build process." } }, @@ -435,7 +435,7 @@ "reason": "SAST tool is run on all commits", "name": "SAST", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/975ee2304ef7097c94a377fe95976604b4adcf22/docs/checks.md#sast", + "url": "https://github.com/ossf/scorecard/blob/43d5832d25ccc597a9b94926b6ad43da25204085/docs/checks.md#sast", "short": "Determines if the project uses static code analysis." } }, @@ -445,7 +445,7 @@ "reason": "security policy file detected", "name": "Security-Policy", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/975ee2304ef7097c94a377fe95976604b4adcf22/docs/checks.md#security-policy", + "url": "https://github.com/ossf/scorecard/blob/43d5832d25ccc597a9b94926b6ad43da25204085/docs/checks.md#security-policy", "short": "Determines if the project has published a security policy." } }, @@ -455,7 +455,7 @@ "reason": "Project has not signed or included provenance with any releases.", "name": "Signed-Releases", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/975ee2304ef7097c94a377fe95976604b4adcf22/docs/checks.md#signed-releases", + "url": "https://github.com/ossf/scorecard/blob/43d5832d25ccc597a9b94926b6ad43da25204085/docs/checks.md#signed-releases", "short": "Determines if the project cryptographically signs release artifacts." } }, @@ -465,7 +465,7 @@ "reason": "detected GitHub workflow tokens with excessive permissions", "name": "Token-Permissions", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/975ee2304ef7097c94a377fe95976604b4adcf22/docs/checks.md#token-permissions", + "url": "https://github.com/ossf/scorecard/blob/43d5832d25ccc597a9b94926b6ad43da25204085/docs/checks.md#token-permissions", "short": "Determines if the project's workflows follow the principle of least privilege." } }, @@ -475,7 +475,7 @@ "reason": "4 existing vulnerabilities detected", "name": "Vulnerabilities", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/975ee2304ef7097c94a377fe95976604b4adcf22/docs/checks.md#vulnerabilities", + "url": "https://github.com/ossf/scorecard/blob/43d5832d25ccc597a9b94926b6ad43da25204085/docs/checks.md#vulnerabilities", "short": "Determines if the project has open, known unfixed vulnerabilities." } } diff --git a/app/site/_data/DSACMS/drive2gource/drive2gource_data.json b/app/site/_data/DSACMS/drive2gource/drive2gource_data.json index 96a1e91003..73c71ce824 100644 --- a/app/site/_data/DSACMS/drive2gource/drive2gource_data.json +++ b/app/site/_data/DSACMS/drive2gource/drive2gource_data.json @@ -88,14 +88,14 @@ }, "created_at": "2023-07-26T17:35:04Z", "ossf_scorecard": { - "date": "2025-01-05T08:48:14Z", + "date": "2025-01-11T00:09:41Z", "repo": { "name": "github.com/DSACMS/drive2gource", "commit": "c5b9049b2407b7c1d9adaac6ea4000a3085c9e32" }, "scorecard": { - "version": "v5.0.0-125-g975ee230", - "commit": "975ee2304ef7097c94a377fe95976604b4adcf22" + "version": "v5.0.0-132-g43d5832d", + "commit": "43d5832d25ccc597a9b94926b6ad43da25204085" }, "score": 3.4, "checks": [ @@ -105,7 +105,7 @@ "reason": "no binaries found in the repo", "name": "Binary-Artifacts", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/975ee2304ef7097c94a377fe95976604b4adcf22/docs/checks.md#binary-artifacts", + "url": "https://github.com/ossf/scorecard/blob/43d5832d25ccc597a9b94926b6ad43da25204085/docs/checks.md#binary-artifacts", "short": "Determines if the project has generated executable (binary) artifacts in the source repository." } }, @@ -115,7 +115,7 @@ "reason": "branch protection not enabled on development/release branches", "name": "Branch-Protection", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/975ee2304ef7097c94a377fe95976604b4adcf22/docs/checks.md#branch-protection", + "url": "https://github.com/ossf/scorecard/blob/43d5832d25ccc597a9b94926b6ad43da25204085/docs/checks.md#branch-protection", "short": "Determines if the default and release branches are protected with GitHub's branch protection settings." } }, @@ -125,7 +125,7 @@ "reason": "no pull request found", "name": "CI-Tests", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/975ee2304ef7097c94a377fe95976604b4adcf22/docs/checks.md#ci-tests", + "url": "https://github.com/ossf/scorecard/blob/43d5832d25ccc597a9b94926b6ad43da25204085/docs/checks.md#ci-tests", "short": "Determines if the project runs tests before pull requests are merged." } }, @@ -135,7 +135,7 @@ "reason": "no effort to earn an OpenSSF best practices badge detected", "name": "CII-Best-Practices", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/975ee2304ef7097c94a377fe95976604b4adcf22/docs/checks.md#cii-best-practices", + "url": "https://github.com/ossf/scorecard/blob/43d5832d25ccc597a9b94926b6ad43da25204085/docs/checks.md#cii-best-practices", "short": "Determines if the project has an OpenSSF (formerly CII) Best Practices Badge." } }, @@ -145,7 +145,7 @@ "reason": "Found 0/5 approved changesets -- score normalized to 0", "name": "Code-Review", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/975ee2304ef7097c94a377fe95976604b4adcf22/docs/checks.md#code-review", + "url": "https://github.com/ossf/scorecard/blob/43d5832d25ccc597a9b94926b6ad43da25204085/docs/checks.md#code-review", "short": "Determines if the project requires human code review before pull requests (aka merge requests) are merged." } }, @@ -155,7 +155,7 @@ "reason": "project has 1 contributing companies or organizations -- score normalized to 3", "name": "Contributors", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/975ee2304ef7097c94a377fe95976604b4adcf22/docs/checks.md#contributors", + "url": "https://github.com/ossf/scorecard/blob/43d5832d25ccc597a9b94926b6ad43da25204085/docs/checks.md#contributors", "short": "Determines if the project has a set of contributors from multiple organizations (e.g., companies)." } }, @@ -165,7 +165,7 @@ "reason": "no workflows found", "name": "Dangerous-Workflow", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/975ee2304ef7097c94a377fe95976604b4adcf22/docs/checks.md#dangerous-workflow", + "url": "https://github.com/ossf/scorecard/blob/43d5832d25ccc597a9b94926b6ad43da25204085/docs/checks.md#dangerous-workflow", "short": "Determines if the project's GitHub Action workflows avoid dangerous patterns." } }, @@ -175,7 +175,7 @@ "reason": "no update tool detected", "name": "Dependency-Update-Tool", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/975ee2304ef7097c94a377fe95976604b4adcf22/docs/checks.md#dependency-update-tool", + "url": "https://github.com/ossf/scorecard/blob/43d5832d25ccc597a9b94926b6ad43da25204085/docs/checks.md#dependency-update-tool", "short": "Determines if the project uses a dependency update tool." } }, @@ -185,7 +185,7 @@ "reason": "project is not fuzzed", "name": "Fuzzing", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/975ee2304ef7097c94a377fe95976604b4adcf22/docs/checks.md#fuzzing", + "url": "https://github.com/ossf/scorecard/blob/43d5832d25ccc597a9b94926b6ad43da25204085/docs/checks.md#fuzzing", "short": "Determines if the project uses fuzzing." } }, @@ -195,7 +195,7 @@ "reason": "license file detected", "name": "License", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/975ee2304ef7097c94a377fe95976604b4adcf22/docs/checks.md#license", + "url": "https://github.com/ossf/scorecard/blob/43d5832d25ccc597a9b94926b6ad43da25204085/docs/checks.md#license", "short": "Determines if the project has defined a license." } }, @@ -205,7 +205,7 @@ "reason": "project is archived", "name": "Maintained", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/975ee2304ef7097c94a377fe95976604b4adcf22/docs/checks.md#maintained", + "url": "https://github.com/ossf/scorecard/blob/43d5832d25ccc597a9b94926b6ad43da25204085/docs/checks.md#maintained", "short": "Determines if the project is \"actively maintained\"." } }, @@ -215,7 +215,7 @@ "reason": "packaging workflow not detected", "name": "Packaging", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/975ee2304ef7097c94a377fe95976604b4adcf22/docs/checks.md#packaging", + "url": "https://github.com/ossf/scorecard/blob/43d5832d25ccc597a9b94926b6ad43da25204085/docs/checks.md#packaging", "short": "Determines if the project is published as a package that others can easily download, install, easily update, and uninstall." } }, @@ -225,7 +225,7 @@ "reason": "no dependencies found", "name": "Pinned-Dependencies", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/975ee2304ef7097c94a377fe95976604b4adcf22/docs/checks.md#pinned-dependencies", + "url": "https://github.com/ossf/scorecard/blob/43d5832d25ccc597a9b94926b6ad43da25204085/docs/checks.md#pinned-dependencies", "short": "Determines if the project has declared and pinned the dependencies of its build process." } }, @@ -235,7 +235,7 @@ "reason": "no SAST tool detected", "name": "SAST", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/975ee2304ef7097c94a377fe95976604b4adcf22/docs/checks.md#sast", + "url": "https://github.com/ossf/scorecard/blob/43d5832d25ccc597a9b94926b6ad43da25204085/docs/checks.md#sast", "short": "Determines if the project uses static code analysis." } }, @@ -245,7 +245,7 @@ "reason": "security policy file detected", "name": "Security-Policy", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/975ee2304ef7097c94a377fe95976604b4adcf22/docs/checks.md#security-policy", + "url": "https://github.com/ossf/scorecard/blob/43d5832d25ccc597a9b94926b6ad43da25204085/docs/checks.md#security-policy", "short": "Determines if the project has published a security policy." } }, @@ -255,7 +255,7 @@ "reason": "no releases found", "name": "Signed-Releases", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/975ee2304ef7097c94a377fe95976604b4adcf22/docs/checks.md#signed-releases", + "url": "https://github.com/ossf/scorecard/blob/43d5832d25ccc597a9b94926b6ad43da25204085/docs/checks.md#signed-releases", "short": "Determines if the project cryptographically signs release artifacts." } }, @@ -265,7 +265,7 @@ "reason": "No tokens found", "name": "Token-Permissions", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/975ee2304ef7097c94a377fe95976604b4adcf22/docs/checks.md#token-permissions", + "url": "https://github.com/ossf/scorecard/blob/43d5832d25ccc597a9b94926b6ad43da25204085/docs/checks.md#token-permissions", "short": "Determines if the project's workflows follow the principle of least privilege." } }, @@ -275,7 +275,7 @@ "reason": "0 existing vulnerabilities detected", "name": "Vulnerabilities", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/975ee2304ef7097c94a377fe95976604b4adcf22/docs/checks.md#vulnerabilities", + "url": "https://github.com/ossf/scorecard/blob/43d5832d25ccc597a9b94926b6ad43da25204085/docs/checks.md#vulnerabilities", "short": "Determines if the project has open, known unfixed vulnerabilities." } } diff --git a/app/site/_data/DSACMS/dsacms.github.io/dsacms.github.io_data.json b/app/site/_data/DSACMS/dsacms.github.io/dsacms.github.io_data.json index 10966b4287..90f4dbf2de 100644 --- a/app/site/_data/DSACMS/dsacms.github.io/dsacms.github.io_data.json +++ b/app/site/_data/DSACMS/dsacms.github.io/dsacms.github.io_data.json @@ -104,14 +104,14 @@ }, "created_at": "2023-06-06T17:27:47Z", "ossf_scorecard": { - "date": "2025-01-05T08:47:39Z", + "date": "2025-01-11T00:09:01Z", "repo": { "name": "github.com/DSACMS/dsacms.github.io", "commit": "5fbd2e8ade8d7c791e77df436a630c04614f0525" }, "scorecard": { - "version": "v5.0.0-125-g975ee230", - "commit": "975ee2304ef7097c94a377fe95976604b4adcf22" + "version": "v5.0.0-132-g43d5832d", + "commit": "43d5832d25ccc597a9b94926b6ad43da25204085" }, "score": 3.4, "checks": [ @@ -121,7 +121,7 @@ "reason": "no binaries found in the repo", "name": "Binary-Artifacts", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/975ee2304ef7097c94a377fe95976604b4adcf22/docs/checks.md#binary-artifacts", + "url": "https://github.com/ossf/scorecard/blob/43d5832d25ccc597a9b94926b6ad43da25204085/docs/checks.md#binary-artifacts", "short": "Determines if the project has generated executable (binary) artifacts in the source repository." } }, @@ -131,7 +131,7 @@ "reason": "branch protection not enabled on development/release branches", "name": "Branch-Protection", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/975ee2304ef7097c94a377fe95976604b4adcf22/docs/checks.md#branch-protection", + "url": "https://github.com/ossf/scorecard/blob/43d5832d25ccc597a9b94926b6ad43da25204085/docs/checks.md#branch-protection", "short": "Determines if the default and release branches are protected with GitHub's branch protection settings." } }, @@ -141,7 +141,7 @@ "reason": "no pull request found", "name": "CI-Tests", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/975ee2304ef7097c94a377fe95976604b4adcf22/docs/checks.md#ci-tests", + "url": "https://github.com/ossf/scorecard/blob/43d5832d25ccc597a9b94926b6ad43da25204085/docs/checks.md#ci-tests", "short": "Determines if the project runs tests before pull requests are merged." } }, @@ -151,7 +151,7 @@ "reason": "no effort to earn an OpenSSF best practices badge detected", "name": "CII-Best-Practices", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/975ee2304ef7097c94a377fe95976604b4adcf22/docs/checks.md#cii-best-practices", + "url": "https://github.com/ossf/scorecard/blob/43d5832d25ccc597a9b94926b6ad43da25204085/docs/checks.md#cii-best-practices", "short": "Determines if the project has an OpenSSF (formerly CII) Best Practices Badge." } }, @@ -161,7 +161,7 @@ "reason": "Found 0/5 approved changesets -- score normalized to 0", "name": "Code-Review", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/975ee2304ef7097c94a377fe95976604b4adcf22/docs/checks.md#code-review", + "url": "https://github.com/ossf/scorecard/blob/43d5832d25ccc597a9b94926b6ad43da25204085/docs/checks.md#code-review", "short": "Determines if the project requires human code review before pull requests (aka merge requests) are merged." } }, @@ -171,7 +171,7 @@ "reason": "project has 0 contributing companies or organizations -- score normalized to 0", "name": "Contributors", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/975ee2304ef7097c94a377fe95976604b4adcf22/docs/checks.md#contributors", + "url": "https://github.com/ossf/scorecard/blob/43d5832d25ccc597a9b94926b6ad43da25204085/docs/checks.md#contributors", "short": "Determines if the project has a set of contributors from multiple organizations (e.g., companies)." } }, @@ -181,7 +181,7 @@ "reason": "no workflows found", "name": "Dangerous-Workflow", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/975ee2304ef7097c94a377fe95976604b4adcf22/docs/checks.md#dangerous-workflow", + "url": "https://github.com/ossf/scorecard/blob/43d5832d25ccc597a9b94926b6ad43da25204085/docs/checks.md#dangerous-workflow", "short": "Determines if the project's GitHub Action workflows avoid dangerous patterns." } }, @@ -191,7 +191,7 @@ "reason": "no update tool detected", "name": "Dependency-Update-Tool", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/975ee2304ef7097c94a377fe95976604b4adcf22/docs/checks.md#dependency-update-tool", + "url": "https://github.com/ossf/scorecard/blob/43d5832d25ccc597a9b94926b6ad43da25204085/docs/checks.md#dependency-update-tool", "short": "Determines if the project uses a dependency update tool." } }, @@ -201,7 +201,7 @@ "reason": "project is not fuzzed", "name": "Fuzzing", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/975ee2304ef7097c94a377fe95976604b4adcf22/docs/checks.md#fuzzing", + "url": "https://github.com/ossf/scorecard/blob/43d5832d25ccc597a9b94926b6ad43da25204085/docs/checks.md#fuzzing", "short": "Determines if the project uses fuzzing." } }, @@ -211,7 +211,7 @@ "reason": "license file detected", "name": "License", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/975ee2304ef7097c94a377fe95976604b4adcf22/docs/checks.md#license", + "url": "https://github.com/ossf/scorecard/blob/43d5832d25ccc597a9b94926b6ad43da25204085/docs/checks.md#license", "short": "Determines if the project has defined a license." } }, @@ -221,7 +221,7 @@ "reason": "2 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 1", "name": "Maintained", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/975ee2304ef7097c94a377fe95976604b4adcf22/docs/checks.md#maintained", + "url": "https://github.com/ossf/scorecard/blob/43d5832d25ccc597a9b94926b6ad43da25204085/docs/checks.md#maintained", "short": "Determines if the project is \"actively maintained\"." } }, @@ -231,7 +231,7 @@ "reason": "packaging workflow not detected", "name": "Packaging", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/975ee2304ef7097c94a377fe95976604b4adcf22/docs/checks.md#packaging", + "url": "https://github.com/ossf/scorecard/blob/43d5832d25ccc597a9b94926b6ad43da25204085/docs/checks.md#packaging", "short": "Determines if the project is published as a package that others can easily download, install, easily update, and uninstall." } }, @@ -241,7 +241,7 @@ "reason": "no dependencies found", "name": "Pinned-Dependencies", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/975ee2304ef7097c94a377fe95976604b4adcf22/docs/checks.md#pinned-dependencies", + "url": "https://github.com/ossf/scorecard/blob/43d5832d25ccc597a9b94926b6ad43da25204085/docs/checks.md#pinned-dependencies", "short": "Determines if the project has declared and pinned the dependencies of its build process." } }, @@ -251,7 +251,7 @@ "reason": "no SAST tool detected", "name": "SAST", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/975ee2304ef7097c94a377fe95976604b4adcf22/docs/checks.md#sast", + "url": "https://github.com/ossf/scorecard/blob/43d5832d25ccc597a9b94926b6ad43da25204085/docs/checks.md#sast", "short": "Determines if the project uses static code analysis." } }, @@ -261,7 +261,7 @@ "reason": "security policy file detected", "name": "Security-Policy", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/975ee2304ef7097c94a377fe95976604b4adcf22/docs/checks.md#security-policy", + "url": "https://github.com/ossf/scorecard/blob/43d5832d25ccc597a9b94926b6ad43da25204085/docs/checks.md#security-policy", "short": "Determines if the project has published a security policy." } }, @@ -271,7 +271,7 @@ "reason": "no releases found", "name": "Signed-Releases", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/975ee2304ef7097c94a377fe95976604b4adcf22/docs/checks.md#signed-releases", + "url": "https://github.com/ossf/scorecard/blob/43d5832d25ccc597a9b94926b6ad43da25204085/docs/checks.md#signed-releases", "short": "Determines if the project cryptographically signs release artifacts." } }, @@ -281,7 +281,7 @@ "reason": "No tokens found", "name": "Token-Permissions", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/975ee2304ef7097c94a377fe95976604b4adcf22/docs/checks.md#token-permissions", + "url": "https://github.com/ossf/scorecard/blob/43d5832d25ccc597a9b94926b6ad43da25204085/docs/checks.md#token-permissions", "short": "Determines if the project's workflows follow the principle of least privilege." } }, @@ -291,7 +291,7 @@ "reason": "0 existing vulnerabilities detected", "name": "Vulnerabilities", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/975ee2304ef7097c94a377fe95976604b4adcf22/docs/checks.md#vulnerabilities", + "url": "https://github.com/ossf/scorecard/blob/43d5832d25ccc597a9b94926b6ad43da25204085/docs/checks.md#vulnerabilities", "short": "Determines if the project has open, known unfixed vulnerabilities." } } diff --git a/app/site/_data/DSACMS/income-reporting-playbook/income-reporting-playbook_data.json b/app/site/_data/DSACMS/income-reporting-playbook/income-reporting-playbook_data.json index db70e796fb..99e06e78a0 100644 --- a/app/site/_data/DSACMS/income-reporting-playbook/income-reporting-playbook_data.json +++ b/app/site/_data/DSACMS/income-reporting-playbook/income-reporting-playbook_data.json @@ -158,14 +158,14 @@ "dryness_table": "───────────────────────────────────────────────────────────────────────────────\nLanguage Files Lines Blanks Comments Code Complexity\n───────────────────────────────────────────────────────────────────────────────\nHTML 3 385 70 0 315 0\n(ULOC) 221\n-------------------------------------------------------------------------------\nMarkdown 2 97 31 0 66 0\n(ULOC) 60\n-------------------------------------------------------------------------------\nGemfile 1 10 2 2 6 0\n(ULOC) 9\n-------------------------------------------------------------------------------\nJavaScript 1 24 3 1 20 4\n(ULOC) 21\n-------------------------------------------------------------------------------\nLicense 1 121 12 0 109 0\n(ULOC) 110\n-------------------------------------------------------------------------------\nMakefile 1 9 1 0 8 0\n(ULOC) 9\n-------------------------------------------------------------------------------\nSass 1 186 26 5 155 0\n(ULOC) 110\n-------------------------------------------------------------------------------\nYAML 1 6 0 0 6 0\n(ULOC) 7\n───────────────────────────────────────────────────────────────────────────────\nTotal 11 838 145 8 685 4\n───────────────────────────────────────────────────────────────────────────────\nUnique Lines of Code (ULOC) 539\nDRYness % 0.64\n───────────────────────────────────────────────────────────────────────────────\nEstimated Cost to Develop (organic) $18,158\nEstimated Schedule Effort (organic) 3.00 months\nEstimated People Required (organic) 0.54\n───────────────────────────────────────────────────────────────────────────────\nProcessed 44873 bytes, 0.045 megabytes (SI)\n───────────────────────────────────────────────────────────────────────────────\n" }, "ossf_scorecard": { - "date": "2025-01-05T08:48:42Z", + "date": "2025-01-11T00:10:13Z", "repo": { "name": "github.com/DSACMS/income-reporting-playbook", "commit": "c3b3b541bb500cfbbdc3a8dab8ec25d490533302" }, "scorecard": { - "version": "v5.0.0-125-g975ee230", - "commit": "975ee2304ef7097c94a377fe95976604b4adcf22" + "version": "v5.0.0-132-g43d5832d", + "commit": "43d5832d25ccc597a9b94926b6ad43da25204085" }, "score": 2.8, "checks": [ @@ -175,7 +175,7 @@ "reason": "no binaries found in the repo", "name": "Binary-Artifacts", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/975ee2304ef7097c94a377fe95976604b4adcf22/docs/checks.md#binary-artifacts", + "url": "https://github.com/ossf/scorecard/blob/43d5832d25ccc597a9b94926b6ad43da25204085/docs/checks.md#binary-artifacts", "short": "Determines if the project has generated executable (binary) artifacts in the source repository." } }, @@ -185,7 +185,7 @@ "reason": "branch protection not enabled on development/release branches", "name": "Branch-Protection", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/975ee2304ef7097c94a377fe95976604b4adcf22/docs/checks.md#branch-protection", + "url": "https://github.com/ossf/scorecard/blob/43d5832d25ccc597a9b94926b6ad43da25204085/docs/checks.md#branch-protection", "short": "Determines if the default and release branches are protected with GitHub's branch protection settings." } }, @@ -195,7 +195,7 @@ "reason": "0 out of 4 merged PRs checked by a CI test -- score normalized to 0", "name": "CI-Tests", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/975ee2304ef7097c94a377fe95976604b4adcf22/docs/checks.md#ci-tests", + "url": "https://github.com/ossf/scorecard/blob/43d5832d25ccc597a9b94926b6ad43da25204085/docs/checks.md#ci-tests", "short": "Determines if the project runs tests before pull requests are merged." } }, @@ -205,7 +205,7 @@ "reason": "no effort to earn an OpenSSF best practices badge detected", "name": "CII-Best-Practices", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/975ee2304ef7097c94a377fe95976604b4adcf22/docs/checks.md#cii-best-practices", + "url": "https://github.com/ossf/scorecard/blob/43d5832d25ccc597a9b94926b6ad43da25204085/docs/checks.md#cii-best-practices", "short": "Determines if the project has an OpenSSF (formerly CII) Best Practices Badge." } }, @@ -215,7 +215,7 @@ "reason": "Found 3/7 approved changesets -- score normalized to 4", "name": "Code-Review", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/975ee2304ef7097c94a377fe95976604b4adcf22/docs/checks.md#code-review", + "url": "https://github.com/ossf/scorecard/blob/43d5832d25ccc597a9b94926b6ad43da25204085/docs/checks.md#code-review", "short": "Determines if the project requires human code review before pull requests (aka merge requests) are merged." } }, @@ -225,7 +225,7 @@ "reason": "project has 0 contributing companies or organizations -- score normalized to 0", "name": "Contributors", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/975ee2304ef7097c94a377fe95976604b4adcf22/docs/checks.md#contributors", + "url": "https://github.com/ossf/scorecard/blob/43d5832d25ccc597a9b94926b6ad43da25204085/docs/checks.md#contributors", "short": "Determines if the project has a set of contributors from multiple organizations (e.g., companies)." } }, @@ -235,7 +235,7 @@ "reason": "no workflows found", "name": "Dangerous-Workflow", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/975ee2304ef7097c94a377fe95976604b4adcf22/docs/checks.md#dangerous-workflow", + "url": "https://github.com/ossf/scorecard/blob/43d5832d25ccc597a9b94926b6ad43da25204085/docs/checks.md#dangerous-workflow", "short": "Determines if the project's GitHub Action workflows avoid dangerous patterns." } }, @@ -245,7 +245,7 @@ "reason": "no update tool detected", "name": "Dependency-Update-Tool", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/975ee2304ef7097c94a377fe95976604b4adcf22/docs/checks.md#dependency-update-tool", + "url": "https://github.com/ossf/scorecard/blob/43d5832d25ccc597a9b94926b6ad43da25204085/docs/checks.md#dependency-update-tool", "short": "Determines if the project uses a dependency update tool." } }, @@ -255,7 +255,7 @@ "reason": "project is not fuzzed", "name": "Fuzzing", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/975ee2304ef7097c94a377fe95976604b4adcf22/docs/checks.md#fuzzing", + "url": "https://github.com/ossf/scorecard/blob/43d5832d25ccc597a9b94926b6ad43da25204085/docs/checks.md#fuzzing", "short": "Determines if the project uses fuzzing." } }, @@ -265,7 +265,7 @@ "reason": "license file detected", "name": "License", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/975ee2304ef7097c94a377fe95976604b4adcf22/docs/checks.md#license", + "url": "https://github.com/ossf/scorecard/blob/43d5832d25ccc597a9b94926b6ad43da25204085/docs/checks.md#license", "short": "Determines if the project has defined a license." } }, @@ -275,7 +275,7 @@ "reason": "0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0", "name": "Maintained", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/975ee2304ef7097c94a377fe95976604b4adcf22/docs/checks.md#maintained", + "url": "https://github.com/ossf/scorecard/blob/43d5832d25ccc597a9b94926b6ad43da25204085/docs/checks.md#maintained", "short": "Determines if the project is \"actively maintained\"." } }, @@ -285,7 +285,7 @@ "reason": "packaging workflow not detected", "name": "Packaging", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/975ee2304ef7097c94a377fe95976604b4adcf22/docs/checks.md#packaging", + "url": "https://github.com/ossf/scorecard/blob/43d5832d25ccc597a9b94926b6ad43da25204085/docs/checks.md#packaging", "short": "Determines if the project is published as a package that others can easily download, install, easily update, and uninstall." } }, @@ -295,7 +295,7 @@ "reason": "no dependencies found", "name": "Pinned-Dependencies", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/975ee2304ef7097c94a377fe95976604b4adcf22/docs/checks.md#pinned-dependencies", + "url": "https://github.com/ossf/scorecard/blob/43d5832d25ccc597a9b94926b6ad43da25204085/docs/checks.md#pinned-dependencies", "short": "Determines if the project has declared and pinned the dependencies of its build process." } }, @@ -305,7 +305,7 @@ "reason": "SAST tool is not run on all commits -- score normalized to 0", "name": "SAST", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/975ee2304ef7097c94a377fe95976604b4adcf22/docs/checks.md#sast", + "url": "https://github.com/ossf/scorecard/blob/43d5832d25ccc597a9b94926b6ad43da25204085/docs/checks.md#sast", "short": "Determines if the project uses static code analysis." } }, @@ -315,7 +315,7 @@ "reason": "security policy file detected", "name": "Security-Policy", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/975ee2304ef7097c94a377fe95976604b4adcf22/docs/checks.md#security-policy", + "url": "https://github.com/ossf/scorecard/blob/43d5832d25ccc597a9b94926b6ad43da25204085/docs/checks.md#security-policy", "short": "Determines if the project has published a security policy." } }, @@ -325,7 +325,7 @@ "reason": "no releases found", "name": "Signed-Releases", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/975ee2304ef7097c94a377fe95976604b4adcf22/docs/checks.md#signed-releases", + "url": "https://github.com/ossf/scorecard/blob/43d5832d25ccc597a9b94926b6ad43da25204085/docs/checks.md#signed-releases", "short": "Determines if the project cryptographically signs release artifacts." } }, @@ -335,7 +335,7 @@ "reason": "No tokens found", "name": "Token-Permissions", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/975ee2304ef7097c94a377fe95976604b4adcf22/docs/checks.md#token-permissions", + "url": "https://github.com/ossf/scorecard/blob/43d5832d25ccc597a9b94926b6ad43da25204085/docs/checks.md#token-permissions", "short": "Determines if the project's workflows follow the principle of least privilege." } }, @@ -345,7 +345,7 @@ "reason": "8 existing vulnerabilities detected", "name": "Vulnerabilities", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/975ee2304ef7097c94a377fe95976604b4adcf22/docs/checks.md#vulnerabilities", + "url": "https://github.com/ossf/scorecard/blob/43d5832d25ccc597a9b94926b6ad43da25204085/docs/checks.md#vulnerabilities", "short": "Determines if the project has open, known unfixed vulnerabilities." } } diff --git a/app/site/_data/DSACMS/iv-cbv-payroll/iv-cbv-payroll_data.json b/app/site/_data/DSACMS/iv-cbv-payroll/iv-cbv-payroll_data.json index 788aae0fb8..038e6e99da 100644 --- a/app/site/_data/DSACMS/iv-cbv-payroll/iv-cbv-payroll_data.json +++ b/app/site/_data/DSACMS/iv-cbv-payroll/iv-cbv-payroll_data.json @@ -405,16 +405,16 @@ "dryness_table": "───────────────────────────────────────────────────────────────────────────────\nLanguage Files Lines Blanks Comments Code Complexity\n───────────────────────────────────────────────────────────────────────────────\nRuby 188 10161 1535 851 7775 270\n(ULOC) 5624\n-------------------------------------------------------------------------------\nTerraform 133 5734 738 1158 3838 361\n(ULOC) 2853\n-------------------------------------------------------------------------------\nMarkdown 52 2811 926 0 1885 0\n(ULOC) 1546\n-------------------------------------------------------------------------------\nYAML 48 3073 250 330 2493 0\n(ULOC) 1986\n-------------------------------------------------------------------------------\nRuby HTML 40 1227 122 0 1105 95\n(ULOC) 712\n-------------------------------------------------------------------------------\nBASH 32 1543 206 450 887 74\n(ULOC) 919\n-------------------------------------------------------------------------------\nJSON 18 849 1 0 848 0\n(ULOC) 293\n-------------------------------------------------------------------------------\nJavaScript 15 402 53 48 301 23\n(ULOC) 290\n-------------------------------------------------------------------------------\nShell 10 220 46 22 152 20\n(ULOC) 141\n-------------------------------------------------------------------------------\nPython 4 346 42 16 288 12\n(ULOC) 225\n-------------------------------------------------------------------------------\nHTML 3 200 15 3 182 0\n(ULOC) 62\n-------------------------------------------------------------------------------\nPlain Text 3 3 0 0 3 0\n(ULOC) 4\n-------------------------------------------------------------------------------\nSass 3 186 20 26 140 0\n(ULOC) 113\n-------------------------------------------------------------------------------\nGo 2 129 18 14 97 3\n(ULOC) 83\n-------------------------------------------------------------------------------\nMakefile 2 484 103 72 309 12\n(ULOC) 312\n-------------------------------------------------------------------------------\nRakefile 2 10 2 3 5 0\n(ULOC) 9\n-------------------------------------------------------------------------------\nCSS 1 5 0 1 4 0\n(ULOC) 6\n-------------------------------------------------------------------------------\nCSV 1 444 0 0 444 0\n(ULOC) 377\n-------------------------------------------------------------------------------\nDocker ignore 1 2 1 0 1 0\n(ULOC) 2\n-------------------------------------------------------------------------------\nDockerfile 1 159 37 45 77 17\n(ULOC) 106\n-------------------------------------------------------------------------------\nGemfile 1 122 30 26 66 0\n(ULOC) 90\n-------------------------------------------------------------------------------\nLicense 1 121 12 0 109 0\n(ULOC) 110\n-------------------------------------------------------------------------------\nSQL 1 1 0 0 1 0\n(ULOC) 1\n-------------------------------------------------------------------------------\nTypeScript 1 36 7 1 28 8\n(ULOC) 24\n───────────────────────────────────────────────────────────────────────────────\nTotal 563 28268 4164 3066 21038 895\n───────────────────────────────────────────────────────────────────────────────\nUnique Lines of Code (ULOC) 15714\nDRYness % 0.56\n───────────────────────────────────────────────────────────────────────────────\nEstimated Cost to Develop (organic) $661,835\nEstimated Schedule Effort (organic) 11.76 months\nEstimated People Required (organic) 5.00\n───────────────────────────────────────────────────────────────────────────────\nProcessed 1118897 bytes, 1.119 megabytes (SI)\n───────────────────────────────────────────────────────────────────────────────\n" }, "ossf_scorecard": { - "date": "2025-01-05T08:48:16Z", + "date": "2025-01-11T00:09:44Z", "repo": { "name": "github.com/DSACMS/iv-cbv-payroll", - "commit": "970a639f35f35080ebf747efc7c4e9227d183f2f" + "commit": "57b5e24c3eac8003a95b862c54b84be5c15dc206" }, "scorecard": { - "version": "v5.0.0-125-g975ee230", - "commit": "975ee2304ef7097c94a377fe95976604b4adcf22" + "version": "v5.0.0-132-g43d5832d", + "commit": "43d5832d25ccc597a9b94926b6ad43da25204085" }, - "score": 5.3, + "score": 5.2, "checks": [ { "details": null, @@ -422,7 +422,7 @@ "reason": "no binaries found in the repo", "name": "Binary-Artifacts", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/975ee2304ef7097c94a377fe95976604b4adcf22/docs/checks.md#binary-artifacts", + "url": "https://github.com/ossf/scorecard/blob/43d5832d25ccc597a9b94926b6ad43da25204085/docs/checks.md#binary-artifacts", "short": "Determines if the project has generated executable (binary) artifacts in the source repository." } }, @@ -432,7 +432,7 @@ "reason": "branch protection is not maximal on development and all release branches", "name": "Branch-Protection", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/975ee2304ef7097c94a377fe95976604b4adcf22/docs/checks.md#branch-protection", + "url": "https://github.com/ossf/scorecard/blob/43d5832d25ccc597a9b94926b6ad43da25204085/docs/checks.md#branch-protection", "short": "Determines if the default and release branches are protected with GitHub's branch protection settings." } }, @@ -442,7 +442,7 @@ "reason": "28 out of 28 merged PRs checked by a CI test -- score normalized to 10", "name": "CI-Tests", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/975ee2304ef7097c94a377fe95976604b4adcf22/docs/checks.md#ci-tests", + "url": "https://github.com/ossf/scorecard/blob/43d5832d25ccc597a9b94926b6ad43da25204085/docs/checks.md#ci-tests", "short": "Determines if the project runs tests before pull requests are merged." } }, @@ -452,7 +452,7 @@ "reason": "no effort to earn an OpenSSF best practices badge detected", "name": "CII-Best-Practices", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/975ee2304ef7097c94a377fe95976604b4adcf22/docs/checks.md#cii-best-practices", + "url": "https://github.com/ossf/scorecard/blob/43d5832d25ccc597a9b94926b6ad43da25204085/docs/checks.md#cii-best-practices", "short": "Determines if the project has an OpenSSF (formerly CII) Best Practices Badge." } }, @@ -462,7 +462,7 @@ "reason": "Found 27/29 approved changesets -- score normalized to 9", "name": "Code-Review", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/975ee2304ef7097c94a377fe95976604b4adcf22/docs/checks.md#code-review", + "url": "https://github.com/ossf/scorecard/blob/43d5832d25ccc597a9b94926b6ad43da25204085/docs/checks.md#code-review", "short": "Determines if the project requires human code review before pull requests (aka merge requests) are merged." } }, @@ -472,7 +472,7 @@ "reason": "project has 14 contributing companies or organizations", "name": "Contributors", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/975ee2304ef7097c94a377fe95976604b4adcf22/docs/checks.md#contributors", + "url": "https://github.com/ossf/scorecard/blob/43d5832d25ccc597a9b94926b6ad43da25204085/docs/checks.md#contributors", "short": "Determines if the project has a set of contributors from multiple organizations (e.g., companies)." } }, @@ -482,7 +482,7 @@ "reason": "no dangerous workflow patterns detected", "name": "Dangerous-Workflow", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/975ee2304ef7097c94a377fe95976604b4adcf22/docs/checks.md#dangerous-workflow", + "url": "https://github.com/ossf/scorecard/blob/43d5832d25ccc597a9b94926b6ad43da25204085/docs/checks.md#dangerous-workflow", "short": "Determines if the project's GitHub Action workflows avoid dangerous patterns." } }, @@ -492,7 +492,7 @@ "reason": "no update tool detected", "name": "Dependency-Update-Tool", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/975ee2304ef7097c94a377fe95976604b4adcf22/docs/checks.md#dependency-update-tool", + "url": "https://github.com/ossf/scorecard/blob/43d5832d25ccc597a9b94926b6ad43da25204085/docs/checks.md#dependency-update-tool", "short": "Determines if the project uses a dependency update tool." } }, @@ -502,7 +502,7 @@ "reason": "project is not fuzzed", "name": "Fuzzing", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/975ee2304ef7097c94a377fe95976604b4adcf22/docs/checks.md#fuzzing", + "url": "https://github.com/ossf/scorecard/blob/43d5832d25ccc597a9b94926b6ad43da25204085/docs/checks.md#fuzzing", "short": "Determines if the project uses fuzzing." } }, @@ -512,7 +512,7 @@ "reason": "license file detected", "name": "License", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/975ee2304ef7097c94a377fe95976604b4adcf22/docs/checks.md#license", + "url": "https://github.com/ossf/scorecard/blob/43d5832d25ccc597a9b94926b6ad43da25204085/docs/checks.md#license", "short": "Determines if the project has defined a license." } }, @@ -522,7 +522,7 @@ "reason": "30 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 10", "name": "Maintained", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/975ee2304ef7097c94a377fe95976604b4adcf22/docs/checks.md#maintained", + "url": "https://github.com/ossf/scorecard/blob/43d5832d25ccc597a9b94926b6ad43da25204085/docs/checks.md#maintained", "short": "Determines if the project is \"actively maintained\"." } }, @@ -532,7 +532,7 @@ "reason": "packaging workflow not detected", "name": "Packaging", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/975ee2304ef7097c94a377fe95976604b4adcf22/docs/checks.md#packaging", + "url": "https://github.com/ossf/scorecard/blob/43d5832d25ccc597a9b94926b6ad43da25204085/docs/checks.md#packaging", "short": "Determines if the project is published as a package that others can easily download, install, easily update, and uninstall." } }, @@ -542,17 +542,17 @@ "reason": "dependency not pinned by hash detected -- score normalized to 0", "name": "Pinned-Dependencies", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/975ee2304ef7097c94a377fe95976604b4adcf22/docs/checks.md#pinned-dependencies", + "url": "https://github.com/ossf/scorecard/blob/43d5832d25ccc597a9b94926b6ad43da25204085/docs/checks.md#pinned-dependencies", "short": "Determines if the project has declared and pinned the dependencies of its build process." } }, { "details": null, - "score": 5, - "reason": "SAST tool is not run on all commits -- score normalized to 5", + "score": 4, + "reason": "SAST tool is not run on all commits -- score normalized to 4", "name": "SAST", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/975ee2304ef7097c94a377fe95976604b4adcf22/docs/checks.md#sast", + "url": "https://github.com/ossf/scorecard/blob/43d5832d25ccc597a9b94926b6ad43da25204085/docs/checks.md#sast", "short": "Determines if the project uses static code analysis." } }, @@ -562,7 +562,7 @@ "reason": "security policy file detected", "name": "Security-Policy", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/975ee2304ef7097c94a377fe95976604b4adcf22/docs/checks.md#security-policy", + "url": "https://github.com/ossf/scorecard/blob/43d5832d25ccc597a9b94926b6ad43da25204085/docs/checks.md#security-policy", "short": "Determines if the project has published a security policy." } }, @@ -572,7 +572,7 @@ "reason": "no releases found", "name": "Signed-Releases", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/975ee2304ef7097c94a377fe95976604b4adcf22/docs/checks.md#signed-releases", + "url": "https://github.com/ossf/scorecard/blob/43d5832d25ccc597a9b94926b6ad43da25204085/docs/checks.md#signed-releases", "short": "Determines if the project cryptographically signs release artifacts." } }, @@ -582,7 +582,7 @@ "reason": "detected GitHub workflow tokens with excessive permissions", "name": "Token-Permissions", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/975ee2304ef7097c94a377fe95976604b4adcf22/docs/checks.md#token-permissions", + "url": "https://github.com/ossf/scorecard/blob/43d5832d25ccc597a9b94926b6ad43da25204085/docs/checks.md#token-permissions", "short": "Determines if the project's workflows follow the principle of least privilege." } }, @@ -592,7 +592,7 @@ "reason": "12 existing vulnerabilities detected", "name": "Vulnerabilities", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/975ee2304ef7097c94a377fe95976604b4adcf22/docs/checks.md#vulnerabilities", + "url": "https://github.com/ossf/scorecard/blob/43d5832d25ccc597a9b94926b6ad43da25204085/docs/checks.md#vulnerabilities", "short": "Determines if the project has open, known unfixed vulnerabilities." } } diff --git a/app/site/_data/DSACMS/iv-verify/iv-verify_data.json b/app/site/_data/DSACMS/iv-verify/iv-verify_data.json index 0f60ed0f2f..b90d8c1315 100644 --- a/app/site/_data/DSACMS/iv-verify/iv-verify_data.json +++ b/app/site/_data/DSACMS/iv-verify/iv-verify_data.json @@ -187,14 +187,14 @@ "dryness_table": "───────────────────────────────────────────────────────────────────────────────\nLanguage Files Lines Blanks Comments Code Complexity\n───────────────────────────────────────────────────────────────────────────────\nTypeScript 90 4882 631 185 4066 162\n(ULOC) 2192\n-------------------------------------------------------------------------------\nMarkdown 14 814 260 0 554 0\n(ULOC) 473\n-------------------------------------------------------------------------------\nYAML 8 426 47 118 261 0\n(ULOC) 289\n-------------------------------------------------------------------------------\nJSON 7 374 0 0 374 0\n(ULOC) 345\n-------------------------------------------------------------------------------\nJavaScript 4 151 26 4 121 19\n(ULOC) 112\n-------------------------------------------------------------------------------\nCSS 2 331 45 3 283 0\n(ULOC) 211\n-------------------------------------------------------------------------------\nSVG 2 2 0 0 2 0\n(ULOC) 2\n-------------------------------------------------------------------------------\nDocker ignore 1 2 0 0 2 0\n(ULOC) 2\n-------------------------------------------------------------------------------\nDockerfile 1 25 7 8 10 1\n(ULOC) 17\n-------------------------------------------------------------------------------\nLicense 1 121 12 0 109 0\n(ULOC) 110\n───────────────────────────────────────────────────────────────────────────────\nTotal 130 7128 1028 318 5782 182\n───────────────────────────────────────────────────────────────────────────────\nUnique Lines of Code (ULOC) 3721\nDRYness % 0.52\n───────────────────────────────────────────────────────────────────────────────\nEstimated Cost to Develop (organic) $170,520\nEstimated Schedule Effort (organic) 7.02 months\nEstimated People Required (organic) 2.16\n───────────────────────────────────────────────────────────────────────────────\nProcessed 255556 bytes, 0.256 megabytes (SI)\n───────────────────────────────────────────────────────────────────────────────\n" }, "ossf_scorecard": { - "date": "2025-01-05T08:48:51Z", + "date": "2025-01-11T00:10:24Z", "repo": { "name": "github.com/DSACMS/iv-verify", "commit": "d73781c913bee97f203b91cbb7b9d2dcd642e3fb" }, "scorecard": { - "version": "v5.0.0-125-g975ee230", - "commit": "975ee2304ef7097c94a377fe95976604b4adcf22" + "version": "v5.0.0-132-g43d5832d", + "commit": "43d5832d25ccc597a9b94926b6ad43da25204085" }, "score": 5.4, "checks": [ @@ -204,7 +204,7 @@ "reason": "no binaries found in the repo", "name": "Binary-Artifacts", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/975ee2304ef7097c94a377fe95976604b4adcf22/docs/checks.md#binary-artifacts", + "url": "https://github.com/ossf/scorecard/blob/43d5832d25ccc597a9b94926b6ad43da25204085/docs/checks.md#binary-artifacts", "short": "Determines if the project has generated executable (binary) artifacts in the source repository." } }, @@ -214,7 +214,7 @@ "reason": "branch protection not enabled on development/release branches", "name": "Branch-Protection", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/975ee2304ef7097c94a377fe95976604b4adcf22/docs/checks.md#branch-protection", + "url": "https://github.com/ossf/scorecard/blob/43d5832d25ccc597a9b94926b6ad43da25204085/docs/checks.md#branch-protection", "short": "Determines if the default and release branches are protected with GitHub's branch protection settings." } }, @@ -224,7 +224,7 @@ "reason": "4 out of 4 merged PRs checked by a CI test -- score normalized to 10", "name": "CI-Tests", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/975ee2304ef7097c94a377fe95976604b4adcf22/docs/checks.md#ci-tests", + "url": "https://github.com/ossf/scorecard/blob/43d5832d25ccc597a9b94926b6ad43da25204085/docs/checks.md#ci-tests", "short": "Determines if the project runs tests before pull requests are merged." } }, @@ -234,7 +234,7 @@ "reason": "no effort to earn an OpenSSF best practices badge detected", "name": "CII-Best-Practices", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/975ee2304ef7097c94a377fe95976604b4adcf22/docs/checks.md#cii-best-practices", + "url": "https://github.com/ossf/scorecard/blob/43d5832d25ccc597a9b94926b6ad43da25204085/docs/checks.md#cii-best-practices", "short": "Determines if the project has an OpenSSF (formerly CII) Best Practices Badge." } }, @@ -244,7 +244,7 @@ "reason": "Found 1/17 approved changesets -- score normalized to 0", "name": "Code-Review", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/975ee2304ef7097c94a377fe95976604b4adcf22/docs/checks.md#code-review", + "url": "https://github.com/ossf/scorecard/blob/43d5832d25ccc597a9b94926b6ad43da25204085/docs/checks.md#code-review", "short": "Determines if the project requires human code review before pull requests (aka merge requests) are merged." } }, @@ -254,7 +254,7 @@ "reason": "project has 1 contributing companies or organizations -- score normalized to 3", "name": "Contributors", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/975ee2304ef7097c94a377fe95976604b4adcf22/docs/checks.md#contributors", + "url": "https://github.com/ossf/scorecard/blob/43d5832d25ccc597a9b94926b6ad43da25204085/docs/checks.md#contributors", "short": "Determines if the project has a set of contributors from multiple organizations (e.g., companies)." } }, @@ -264,7 +264,7 @@ "reason": "no dangerous workflow patterns detected", "name": "Dangerous-Workflow", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/975ee2304ef7097c94a377fe95976604b4adcf22/docs/checks.md#dangerous-workflow", + "url": "https://github.com/ossf/scorecard/blob/43d5832d25ccc597a9b94926b6ad43da25204085/docs/checks.md#dangerous-workflow", "short": "Determines if the project's GitHub Action workflows avoid dangerous patterns." } }, @@ -274,7 +274,7 @@ "reason": "update tool detected", "name": "Dependency-Update-Tool", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/975ee2304ef7097c94a377fe95976604b4adcf22/docs/checks.md#dependency-update-tool", + "url": "https://github.com/ossf/scorecard/blob/43d5832d25ccc597a9b94926b6ad43da25204085/docs/checks.md#dependency-update-tool", "short": "Determines if the project uses a dependency update tool." } }, @@ -284,7 +284,7 @@ "reason": "project is not fuzzed", "name": "Fuzzing", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/975ee2304ef7097c94a377fe95976604b4adcf22/docs/checks.md#fuzzing", + "url": "https://github.com/ossf/scorecard/blob/43d5832d25ccc597a9b94926b6ad43da25204085/docs/checks.md#fuzzing", "short": "Determines if the project uses fuzzing." } }, @@ -294,17 +294,17 @@ "reason": "license file detected", "name": "License", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/975ee2304ef7097c94a377fe95976604b4adcf22/docs/checks.md#license", + "url": "https://github.com/ossf/scorecard/blob/43d5832d25ccc597a9b94926b6ad43da25204085/docs/checks.md#license", "short": "Determines if the project has defined a license." } }, { "details": null, "score": 10, - "reason": "30 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 10", + "reason": "26 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 10", "name": "Maintained", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/975ee2304ef7097c94a377fe95976604b4adcf22/docs/checks.md#maintained", + "url": "https://github.com/ossf/scorecard/blob/43d5832d25ccc597a9b94926b6ad43da25204085/docs/checks.md#maintained", "short": "Determines if the project is \"actively maintained\"." } }, @@ -314,7 +314,7 @@ "reason": "packaging workflow detected", "name": "Packaging", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/975ee2304ef7097c94a377fe95976604b4adcf22/docs/checks.md#packaging", + "url": "https://github.com/ossf/scorecard/blob/43d5832d25ccc597a9b94926b6ad43da25204085/docs/checks.md#packaging", "short": "Determines if the project is published as a package that others can easily download, install, easily update, and uninstall." } }, @@ -324,7 +324,7 @@ "reason": "dependency not pinned by hash detected -- score normalized to 3", "name": "Pinned-Dependencies", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/975ee2304ef7097c94a377fe95976604b4adcf22/docs/checks.md#pinned-dependencies", + "url": "https://github.com/ossf/scorecard/blob/43d5832d25ccc597a9b94926b6ad43da25204085/docs/checks.md#pinned-dependencies", "short": "Determines if the project has declared and pinned the dependencies of its build process." } }, @@ -334,7 +334,7 @@ "reason": "SAST tool is not run on all commits -- score normalized to 0", "name": "SAST", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/975ee2304ef7097c94a377fe95976604b4adcf22/docs/checks.md#sast", + "url": "https://github.com/ossf/scorecard/blob/43d5832d25ccc597a9b94926b6ad43da25204085/docs/checks.md#sast", "short": "Determines if the project uses static code analysis." } }, @@ -344,7 +344,7 @@ "reason": "security policy file detected", "name": "Security-Policy", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/975ee2304ef7097c94a377fe95976604b4adcf22/docs/checks.md#security-policy", + "url": "https://github.com/ossf/scorecard/blob/43d5832d25ccc597a9b94926b6ad43da25204085/docs/checks.md#security-policy", "short": "Determines if the project has published a security policy." } }, @@ -354,7 +354,7 @@ "reason": "no releases found", "name": "Signed-Releases", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/975ee2304ef7097c94a377fe95976604b4adcf22/docs/checks.md#signed-releases", + "url": "https://github.com/ossf/scorecard/blob/43d5832d25ccc597a9b94926b6ad43da25204085/docs/checks.md#signed-releases", "short": "Determines if the project cryptographically signs release artifacts." } }, @@ -364,7 +364,7 @@ "reason": "detected GitHub workflow tokens with excessive permissions", "name": "Token-Permissions", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/975ee2304ef7097c94a377fe95976604b4adcf22/docs/checks.md#token-permissions", + "url": "https://github.com/ossf/scorecard/blob/43d5832d25ccc597a9b94926b6ad43da25204085/docs/checks.md#token-permissions", "short": "Determines if the project's workflows follow the principle of least privilege." } }, @@ -374,7 +374,7 @@ "reason": "6 existing vulnerabilities detected", "name": "Vulnerabilities", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/975ee2304ef7097c94a377fe95976604b4adcf22/docs/checks.md#vulnerabilities", + "url": "https://github.com/ossf/scorecard/blob/43d5832d25ccc597a9b94926b6ad43da25204085/docs/checks.md#vulnerabilities", "short": "Determines if the project has open, known unfixed vulnerabilities." } } diff --git a/app/site/_data/DSACMS/metrics/metrics_data.json b/app/site/_data/DSACMS/metrics/metrics_data.json index 9c35aa02d4..e2f6280ab2 100644 --- a/app/site/_data/DSACMS/metrics/metrics_data.json +++ b/app/site/_data/DSACMS/metrics/metrics_data.json @@ -245,16 +245,16 @@ }, "created_at": "2023-07-18T14:10:58Z", "ossf_scorecard": { - "date": "2025-01-05T08:47:42Z", + "date": "2025-01-11T00:09:04Z", "repo": { "name": "github.com/DSACMS/metrics", - "commit": "7848180ca0cc9875b5ebfaacd4ab26fcad6b31ad" + "commit": "05b7d0fda458ed4e3b20e41f11d943b7b75a3cba" }, "scorecard": { - "version": "v5.0.0-125-g975ee230", - "commit": "975ee2304ef7097c94a377fe95976604b4adcf22" + "version": "v5.0.0-132-g43d5832d", + "commit": "43d5832d25ccc597a9b94926b6ad43da25204085" }, - "score": 6.2, + "score": 6.1, "checks": [ { "details": null, @@ -262,7 +262,7 @@ "reason": "no binaries found in the repo", "name": "Binary-Artifacts", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/975ee2304ef7097c94a377fe95976604b4adcf22/docs/checks.md#binary-artifacts", + "url": "https://github.com/ossf/scorecard/blob/43d5832d25ccc597a9b94926b6ad43da25204085/docs/checks.md#binary-artifacts", "short": "Determines if the project has generated executable (binary) artifacts in the source repository." } }, @@ -272,17 +272,17 @@ "reason": "branch protection is not maximal on development and all release branches", "name": "Branch-Protection", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/975ee2304ef7097c94a377fe95976604b4adcf22/docs/checks.md#branch-protection", + "url": "https://github.com/ossf/scorecard/blob/43d5832d25ccc597a9b94926b6ad43da25204085/docs/checks.md#branch-protection", "short": "Determines if the default and release branches are protected with GitHub's branch protection settings." } }, { "details": null, - "score": -1, - "reason": "no pull request found", + "score": 10, + "reason": "4 out of 4 merged PRs checked by a CI test -- score normalized to 10", "name": "CI-Tests", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/975ee2304ef7097c94a377fe95976604b4adcf22/docs/checks.md#ci-tests", + "url": "https://github.com/ossf/scorecard/blob/43d5832d25ccc597a9b94926b6ad43da25204085/docs/checks.md#ci-tests", "short": "Determines if the project runs tests before pull requests are merged." } }, @@ -292,17 +292,17 @@ "reason": "no effort to earn an OpenSSF best practices badge detected", "name": "CII-Best-Practices", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/975ee2304ef7097c94a377fe95976604b4adcf22/docs/checks.md#cii-best-practices", + "url": "https://github.com/ossf/scorecard/blob/43d5832d25ccc597a9b94926b6ad43da25204085/docs/checks.md#cii-best-practices", "short": "Determines if the project has an OpenSSF (formerly CII) Best Practices Badge." } }, { "details": null, - "score": 0, - "reason": "Found 0/30 approved changesets -- score normalized to 0", + "score": 2, + "reason": "Found 4/19 approved changesets -- score normalized to 2", "name": "Code-Review", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/975ee2304ef7097c94a377fe95976604b4adcf22/docs/checks.md#code-review", + "url": "https://github.com/ossf/scorecard/blob/43d5832d25ccc597a9b94926b6ad43da25204085/docs/checks.md#code-review", "short": "Determines if the project requires human code review before pull requests (aka merge requests) are merged." } }, @@ -312,7 +312,7 @@ "reason": "project has 13 contributing companies or organizations", "name": "Contributors", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/975ee2304ef7097c94a377fe95976604b4adcf22/docs/checks.md#contributors", + "url": "https://github.com/ossf/scorecard/blob/43d5832d25ccc597a9b94926b6ad43da25204085/docs/checks.md#contributors", "short": "Determines if the project has a set of contributors from multiple organizations (e.g., companies)." } }, @@ -322,7 +322,7 @@ "reason": "no dangerous workflow patterns detected", "name": "Dangerous-Workflow", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/975ee2304ef7097c94a377fe95976604b4adcf22/docs/checks.md#dangerous-workflow", + "url": "https://github.com/ossf/scorecard/blob/43d5832d25ccc597a9b94926b6ad43da25204085/docs/checks.md#dangerous-workflow", "short": "Determines if the project's GitHub Action workflows avoid dangerous patterns." } }, @@ -332,7 +332,7 @@ "reason": "update tool detected", "name": "Dependency-Update-Tool", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/975ee2304ef7097c94a377fe95976604b4adcf22/docs/checks.md#dependency-update-tool", + "url": "https://github.com/ossf/scorecard/blob/43d5832d25ccc597a9b94926b6ad43da25204085/docs/checks.md#dependency-update-tool", "short": "Determines if the project uses a dependency update tool." } }, @@ -342,7 +342,7 @@ "reason": "project is not fuzzed", "name": "Fuzzing", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/975ee2304ef7097c94a377fe95976604b4adcf22/docs/checks.md#fuzzing", + "url": "https://github.com/ossf/scorecard/blob/43d5832d25ccc597a9b94926b6ad43da25204085/docs/checks.md#fuzzing", "short": "Determines if the project uses fuzzing." } }, @@ -352,17 +352,17 @@ "reason": "license file detected", "name": "License", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/975ee2304ef7097c94a377fe95976604b4adcf22/docs/checks.md#license", + "url": "https://github.com/ossf/scorecard/blob/43d5832d25ccc597a9b94926b6ad43da25204085/docs/checks.md#license", "short": "Determines if the project has defined a license." } }, { "details": null, "score": 10, - "reason": "30 commit(s) and 9 issue activity found in the last 90 days -- score normalized to 10", + "reason": "30 commit(s) and 10 issue activity found in the last 90 days -- score normalized to 10", "name": "Maintained", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/975ee2304ef7097c94a377fe95976604b4adcf22/docs/checks.md#maintained", + "url": "https://github.com/ossf/scorecard/blob/43d5832d25ccc597a9b94926b6ad43da25204085/docs/checks.md#maintained", "short": "Determines if the project is \"actively maintained\"." } }, @@ -372,7 +372,7 @@ "reason": "packaging workflow not detected", "name": "Packaging", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/975ee2304ef7097c94a377fe95976604b4adcf22/docs/checks.md#packaging", + "url": "https://github.com/ossf/scorecard/blob/43d5832d25ccc597a9b94926b6ad43da25204085/docs/checks.md#packaging", "short": "Determines if the project is published as a package that others can easily download, install, easily update, and uninstall." } }, @@ -382,17 +382,17 @@ "reason": "dependency not pinned by hash detected -- score normalized to 1", "name": "Pinned-Dependencies", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/975ee2304ef7097c94a377fe95976604b4adcf22/docs/checks.md#pinned-dependencies", + "url": "https://github.com/ossf/scorecard/blob/43d5832d25ccc597a9b94926b6ad43da25204085/docs/checks.md#pinned-dependencies", "short": "Determines if the project has declared and pinned the dependencies of its build process." } }, { "details": null, "score": 10, - "reason": "SAST tool detected: CodeQL", + "reason": "SAST tool is run on all commits", "name": "SAST", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/975ee2304ef7097c94a377fe95976604b4adcf22/docs/checks.md#sast", + "url": "https://github.com/ossf/scorecard/blob/43d5832d25ccc597a9b94926b6ad43da25204085/docs/checks.md#sast", "short": "Determines if the project uses static code analysis." } }, @@ -402,7 +402,7 @@ "reason": "security policy file detected", "name": "Security-Policy", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/975ee2304ef7097c94a377fe95976604b4adcf22/docs/checks.md#security-policy", + "url": "https://github.com/ossf/scorecard/blob/43d5832d25ccc597a9b94926b6ad43da25204085/docs/checks.md#security-policy", "short": "Determines if the project has published a security policy." } }, @@ -412,7 +412,7 @@ "reason": "no releases found", "name": "Signed-Releases", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/975ee2304ef7097c94a377fe95976604b4adcf22/docs/checks.md#signed-releases", + "url": "https://github.com/ossf/scorecard/blob/43d5832d25ccc597a9b94926b6ad43da25204085/docs/checks.md#signed-releases", "short": "Determines if the project cryptographically signs release artifacts." } }, @@ -422,17 +422,17 @@ "reason": "detected GitHub workflow tokens with excessive permissions", "name": "Token-Permissions", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/975ee2304ef7097c94a377fe95976604b4adcf22/docs/checks.md#token-permissions", + "url": "https://github.com/ossf/scorecard/blob/43d5832d25ccc597a9b94926b6ad43da25204085/docs/checks.md#token-permissions", "short": "Determines if the project's workflows follow the principle of least privilege." } }, { "details": null, - "score": 5, - "reason": "5 existing vulnerabilities detected", + "score": 0, + "reason": "10 existing vulnerabilities detected", "name": "Vulnerabilities", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/975ee2304ef7097c94a377fe95976604b4adcf22/docs/checks.md#vulnerabilities", + "url": "https://github.com/ossf/scorecard/blob/43d5832d25ccc597a9b94926b6ad43da25204085/docs/checks.md#vulnerabilities", "short": "Determines if the project has open, known unfixed vulnerabilities." } } diff --git a/app/site/_data/DSACMS/mural-ollama/mural-ollama_data.json b/app/site/_data/DSACMS/mural-ollama/mural-ollama_data.json index b264867403..170a4b6ed1 100644 --- a/app/site/_data/DSACMS/mural-ollama/mural-ollama_data.json +++ b/app/site/_data/DSACMS/mural-ollama/mural-ollama_data.json @@ -109,14 +109,14 @@ "dryness_table": "───────────────────────────────────────────────────────────────────────────────\nLanguage Files Lines Blanks Comments Code Complexity\n───────────────────────────────────────────────────────────────────────────────\nJSON 3 834 0 0 834 0\n(ULOC) 163\n-------------------------------------------------------------------------------\nMarkdown 3 258 85 0 173 0\n(ULOC) 134\n-------------------------------------------------------------------------------\nPython 3 492 75 4 413 30\n(ULOC) 343\n-------------------------------------------------------------------------------\nLicense 1 121 12 0 109 0\n(ULOC) 110\n-------------------------------------------------------------------------------\nYAML 1 71 9 37 25 0\n(ULOC) 56\n───────────────────────────────────────────────────────────────────────────────\nTotal 11 1776 181 41 1554 30\n───────────────────────────────────────────────────────────────────────────────\nUnique Lines of Code (ULOC) 801\nDRYness % 0.45\n───────────────────────────────────────────────────────────────────────────────\nEstimated Cost to Develop (organic) $42,915\nEstimated Schedule Effort (organic) 4.16 months\nEstimated People Required (organic) 0.92\n───────────────────────────────────────────────────────────────────────────────\nProcessed 59736 bytes, 0.060 megabytes (SI)\n───────────────────────────────────────────────────────────────────────────────\n" }, "ossf_scorecard": { - "date": "2025-01-05T08:48:49Z", + "date": "2025-01-11T00:10:21Z", "repo": { "name": "github.com/DSACMS/mural-ollama", "commit": "d85d8e8032d05d82f2fb46d9a369ce37de980b4d" }, "scorecard": { - "version": "v5.0.0-125-g975ee230", - "commit": "975ee2304ef7097c94a377fe95976604b4adcf22" + "version": "v5.0.0-132-g43d5832d", + "commit": "43d5832d25ccc597a9b94926b6ad43da25204085" }, "score": 3.6, "checks": [ @@ -126,7 +126,7 @@ "reason": "no binaries found in the repo", "name": "Binary-Artifacts", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/975ee2304ef7097c94a377fe95976604b4adcf22/docs/checks.md#binary-artifacts", + "url": "https://github.com/ossf/scorecard/blob/43d5832d25ccc597a9b94926b6ad43da25204085/docs/checks.md#binary-artifacts", "short": "Determines if the project has generated executable (binary) artifacts in the source repository." } }, @@ -136,7 +136,7 @@ "reason": "branch protection not enabled on development/release branches", "name": "Branch-Protection", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/975ee2304ef7097c94a377fe95976604b4adcf22/docs/checks.md#branch-protection", + "url": "https://github.com/ossf/scorecard/blob/43d5832d25ccc597a9b94926b6ad43da25204085/docs/checks.md#branch-protection", "short": "Determines if the default and release branches are protected with GitHub's branch protection settings." } }, @@ -146,7 +146,7 @@ "reason": "no pull request found", "name": "CI-Tests", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/975ee2304ef7097c94a377fe95976604b4adcf22/docs/checks.md#ci-tests", + "url": "https://github.com/ossf/scorecard/blob/43d5832d25ccc597a9b94926b6ad43da25204085/docs/checks.md#ci-tests", "short": "Determines if the project runs tests before pull requests are merged." } }, @@ -156,7 +156,7 @@ "reason": "no effort to earn an OpenSSF best practices badge detected", "name": "CII-Best-Practices", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/975ee2304ef7097c94a377fe95976604b4adcf22/docs/checks.md#cii-best-practices", + "url": "https://github.com/ossf/scorecard/blob/43d5832d25ccc597a9b94926b6ad43da25204085/docs/checks.md#cii-best-practices", "short": "Determines if the project has an OpenSSF (formerly CII) Best Practices Badge." } }, @@ -166,7 +166,7 @@ "reason": "Found 0/4 approved changesets -- score normalized to 0", "name": "Code-Review", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/975ee2304ef7097c94a377fe95976604b4adcf22/docs/checks.md#code-review", + "url": "https://github.com/ossf/scorecard/blob/43d5832d25ccc597a9b94926b6ad43da25204085/docs/checks.md#code-review", "short": "Determines if the project requires human code review before pull requests (aka merge requests) are merged." } }, @@ -176,7 +176,7 @@ "reason": "project has 0 contributing companies or organizations -- score normalized to 0", "name": "Contributors", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/975ee2304ef7097c94a377fe95976604b4adcf22/docs/checks.md#contributors", + "url": "https://github.com/ossf/scorecard/blob/43d5832d25ccc597a9b94926b6ad43da25204085/docs/checks.md#contributors", "short": "Determines if the project has a set of contributors from multiple organizations (e.g., companies)." } }, @@ -186,7 +186,7 @@ "reason": "no dangerous workflow patterns detected", "name": "Dangerous-Workflow", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/975ee2304ef7097c94a377fe95976604b4adcf22/docs/checks.md#dangerous-workflow", + "url": "https://github.com/ossf/scorecard/blob/43d5832d25ccc597a9b94926b6ad43da25204085/docs/checks.md#dangerous-workflow", "short": "Determines if the project's GitHub Action workflows avoid dangerous patterns." } }, @@ -196,7 +196,7 @@ "reason": "no update tool detected", "name": "Dependency-Update-Tool", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/975ee2304ef7097c94a377fe95976604b4adcf22/docs/checks.md#dependency-update-tool", + "url": "https://github.com/ossf/scorecard/blob/43d5832d25ccc597a9b94926b6ad43da25204085/docs/checks.md#dependency-update-tool", "short": "Determines if the project uses a dependency update tool." } }, @@ -206,7 +206,7 @@ "reason": "project is not fuzzed", "name": "Fuzzing", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/975ee2304ef7097c94a377fe95976604b4adcf22/docs/checks.md#fuzzing", + "url": "https://github.com/ossf/scorecard/blob/43d5832d25ccc597a9b94926b6ad43da25204085/docs/checks.md#fuzzing", "short": "Determines if the project uses fuzzing." } }, @@ -216,7 +216,7 @@ "reason": "license file detected", "name": "License", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/975ee2304ef7097c94a377fe95976604b4adcf22/docs/checks.md#license", + "url": "https://github.com/ossf/scorecard/blob/43d5832d25ccc597a9b94926b6ad43da25204085/docs/checks.md#license", "short": "Determines if the project has defined a license." } }, @@ -226,7 +226,7 @@ "reason": "0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0", "name": "Maintained", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/975ee2304ef7097c94a377fe95976604b4adcf22/docs/checks.md#maintained", + "url": "https://github.com/ossf/scorecard/blob/43d5832d25ccc597a9b94926b6ad43da25204085/docs/checks.md#maintained", "short": "Determines if the project is \"actively maintained\"." } }, @@ -236,7 +236,7 @@ "reason": "packaging workflow not detected", "name": "Packaging", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/975ee2304ef7097c94a377fe95976604b4adcf22/docs/checks.md#packaging", + "url": "https://github.com/ossf/scorecard/blob/43d5832d25ccc597a9b94926b6ad43da25204085/docs/checks.md#packaging", "short": "Determines if the project is published as a package that others can easily download, install, easily update, and uninstall." } }, @@ -246,7 +246,7 @@ "reason": "dependency not pinned by hash detected -- score normalized to 0", "name": "Pinned-Dependencies", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/975ee2304ef7097c94a377fe95976604b4adcf22/docs/checks.md#pinned-dependencies", + "url": "https://github.com/ossf/scorecard/blob/43d5832d25ccc597a9b94926b6ad43da25204085/docs/checks.md#pinned-dependencies", "short": "Determines if the project has declared and pinned the dependencies of its build process." } }, @@ -256,7 +256,7 @@ "reason": "no SAST tool detected", "name": "SAST", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/975ee2304ef7097c94a377fe95976604b4adcf22/docs/checks.md#sast", + "url": "https://github.com/ossf/scorecard/blob/43d5832d25ccc597a9b94926b6ad43da25204085/docs/checks.md#sast", "short": "Determines if the project uses static code analysis." } }, @@ -266,7 +266,7 @@ "reason": "security policy file detected", "name": "Security-Policy", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/975ee2304ef7097c94a377fe95976604b4adcf22/docs/checks.md#security-policy", + "url": "https://github.com/ossf/scorecard/blob/43d5832d25ccc597a9b94926b6ad43da25204085/docs/checks.md#security-policy", "short": "Determines if the project has published a security policy." } }, @@ -276,7 +276,7 @@ "reason": "no releases found", "name": "Signed-Releases", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/975ee2304ef7097c94a377fe95976604b4adcf22/docs/checks.md#signed-releases", + "url": "https://github.com/ossf/scorecard/blob/43d5832d25ccc597a9b94926b6ad43da25204085/docs/checks.md#signed-releases", "short": "Determines if the project cryptographically signs release artifacts." } }, @@ -286,7 +286,7 @@ "reason": "detected GitHub workflow tokens with excessive permissions", "name": "Token-Permissions", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/975ee2304ef7097c94a377fe95976604b4adcf22/docs/checks.md#token-permissions", + "url": "https://github.com/ossf/scorecard/blob/43d5832d25ccc597a9b94926b6ad43da25204085/docs/checks.md#token-permissions", "short": "Determines if the project's workflows follow the principle of least privilege." } }, @@ -296,7 +296,7 @@ "reason": "0 existing vulnerabilities detected", "name": "Vulnerabilities", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/975ee2304ef7097c94a377fe95976604b4adcf22/docs/checks.md#vulnerabilities", + "url": "https://github.com/ossf/scorecard/blob/43d5832d25ccc597a9b94926b6ad43da25204085/docs/checks.md#vulnerabilities", "short": "Determines if the project has open, known unfixed vulnerabilities." } } diff --git a/app/site/_data/DSACMS/open/open_data.json b/app/site/_data/DSACMS/open/open_data.json index b68509b9b7..87b8ed8f01 100644 --- a/app/site/_data/DSACMS/open/open_data.json +++ b/app/site/_data/DSACMS/open/open_data.json @@ -185,14 +185,14 @@ }, "created_at": "2023-06-06T16:35:30Z", "ossf_scorecard": { - "date": "2025-01-05T08:47:22Z", + "date": "2025-01-11T00:08:42Z", "repo": { "name": "github.com/DSACMS/open", "commit": "c60ab12a98f1888bdb6abb3af7e798cc2f483195" }, "scorecard": { - "version": "v5.0.0-125-g975ee230", - "commit": "975ee2304ef7097c94a377fe95976604b4adcf22" + "version": "v5.0.0-132-g43d5832d", + "commit": "43d5832d25ccc597a9b94926b6ad43da25204085" }, "score": 4.9, "checks": [ @@ -202,7 +202,7 @@ "reason": "no binaries found in the repo", "name": "Binary-Artifacts", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/975ee2304ef7097c94a377fe95976604b4adcf22/docs/checks.md#binary-artifacts", + "url": "https://github.com/ossf/scorecard/blob/43d5832d25ccc597a9b94926b6ad43da25204085/docs/checks.md#binary-artifacts", "short": "Determines if the project has generated executable (binary) artifacts in the source repository." } }, @@ -212,7 +212,7 @@ "reason": "branch protection not enabled on development/release branches", "name": "Branch-Protection", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/975ee2304ef7097c94a377fe95976604b4adcf22/docs/checks.md#branch-protection", + "url": "https://github.com/ossf/scorecard/blob/43d5832d25ccc597a9b94926b6ad43da25204085/docs/checks.md#branch-protection", "short": "Determines if the default and release branches are protected with GitHub's branch protection settings." } }, @@ -222,7 +222,7 @@ "reason": "5 out of 8 merged PRs checked by a CI test -- score normalized to 6", "name": "CI-Tests", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/975ee2304ef7097c94a377fe95976604b4adcf22/docs/checks.md#ci-tests", + "url": "https://github.com/ossf/scorecard/blob/43d5832d25ccc597a9b94926b6ad43da25204085/docs/checks.md#ci-tests", "short": "Determines if the project runs tests before pull requests are merged." } }, @@ -232,7 +232,7 @@ "reason": "no effort to earn an OpenSSF best practices badge detected", "name": "CII-Best-Practices", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/975ee2304ef7097c94a377fe95976604b4adcf22/docs/checks.md#cii-best-practices", + "url": "https://github.com/ossf/scorecard/blob/43d5832d25ccc597a9b94926b6ad43da25204085/docs/checks.md#cii-best-practices", "short": "Determines if the project has an OpenSSF (formerly CII) Best Practices Badge." } }, @@ -242,7 +242,7 @@ "reason": "Found 6/14 approved changesets -- score normalized to 4", "name": "Code-Review", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/975ee2304ef7097c94a377fe95976604b4adcf22/docs/checks.md#code-review", + "url": "https://github.com/ossf/scorecard/blob/43d5832d25ccc597a9b94926b6ad43da25204085/docs/checks.md#code-review", "short": "Determines if the project requires human code review before pull requests (aka merge requests) are merged." } }, @@ -252,7 +252,7 @@ "reason": "project has 1 contributing companies or organizations -- score normalized to 3", "name": "Contributors", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/975ee2304ef7097c94a377fe95976604b4adcf22/docs/checks.md#contributors", + "url": "https://github.com/ossf/scorecard/blob/43d5832d25ccc597a9b94926b6ad43da25204085/docs/checks.md#contributors", "short": "Determines if the project has a set of contributors from multiple organizations (e.g., companies)." } }, @@ -262,7 +262,7 @@ "reason": "no dangerous workflow patterns detected", "name": "Dangerous-Workflow", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/975ee2304ef7097c94a377fe95976604b4adcf22/docs/checks.md#dangerous-workflow", + "url": "https://github.com/ossf/scorecard/blob/43d5832d25ccc597a9b94926b6ad43da25204085/docs/checks.md#dangerous-workflow", "short": "Determines if the project's GitHub Action workflows avoid dangerous patterns." } }, @@ -272,7 +272,7 @@ "reason": "no update tool detected", "name": "Dependency-Update-Tool", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/975ee2304ef7097c94a377fe95976604b4adcf22/docs/checks.md#dependency-update-tool", + "url": "https://github.com/ossf/scorecard/blob/43d5832d25ccc597a9b94926b6ad43da25204085/docs/checks.md#dependency-update-tool", "short": "Determines if the project uses a dependency update tool." } }, @@ -282,7 +282,7 @@ "reason": "project is not fuzzed", "name": "Fuzzing", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/975ee2304ef7097c94a377fe95976604b4adcf22/docs/checks.md#fuzzing", + "url": "https://github.com/ossf/scorecard/blob/43d5832d25ccc597a9b94926b6ad43da25204085/docs/checks.md#fuzzing", "short": "Determines if the project uses fuzzing." } }, @@ -292,7 +292,7 @@ "reason": "license file detected", "name": "License", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/975ee2304ef7097c94a377fe95976604b4adcf22/docs/checks.md#license", + "url": "https://github.com/ossf/scorecard/blob/43d5832d25ccc597a9b94926b6ad43da25204085/docs/checks.md#license", "short": "Determines if the project has defined a license." } }, @@ -302,7 +302,7 @@ "reason": "2 commit(s) and 5 issue activity found in the last 90 days -- score normalized to 5", "name": "Maintained", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/975ee2304ef7097c94a377fe95976604b4adcf22/docs/checks.md#maintained", + "url": "https://github.com/ossf/scorecard/blob/43d5832d25ccc597a9b94926b6ad43da25204085/docs/checks.md#maintained", "short": "Determines if the project is \"actively maintained\"." } }, @@ -312,7 +312,7 @@ "reason": "packaging workflow not detected", "name": "Packaging", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/975ee2304ef7097c94a377fe95976604b4adcf22/docs/checks.md#packaging", + "url": "https://github.com/ossf/scorecard/blob/43d5832d25ccc597a9b94926b6ad43da25204085/docs/checks.md#packaging", "short": "Determines if the project is published as a package that others can easily download, install, easily update, and uninstall." } }, @@ -322,7 +322,7 @@ "reason": "dependency not pinned by hash detected -- score normalized to 4", "name": "Pinned-Dependencies", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/975ee2304ef7097c94a377fe95976604b4adcf22/docs/checks.md#pinned-dependencies", + "url": "https://github.com/ossf/scorecard/blob/43d5832d25ccc597a9b94926b6ad43da25204085/docs/checks.md#pinned-dependencies", "short": "Determines if the project has declared and pinned the dependencies of its build process." } }, @@ -332,7 +332,7 @@ "reason": "SAST tool is not run on all commits -- score normalized to 5", "name": "SAST", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/975ee2304ef7097c94a377fe95976604b4adcf22/docs/checks.md#sast", + "url": "https://github.com/ossf/scorecard/blob/43d5832d25ccc597a9b94926b6ad43da25204085/docs/checks.md#sast", "short": "Determines if the project uses static code analysis." } }, @@ -342,7 +342,7 @@ "reason": "security policy file detected", "name": "Security-Policy", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/975ee2304ef7097c94a377fe95976604b4adcf22/docs/checks.md#security-policy", + "url": "https://github.com/ossf/scorecard/blob/43d5832d25ccc597a9b94926b6ad43da25204085/docs/checks.md#security-policy", "short": "Determines if the project has published a security policy." } }, @@ -352,7 +352,7 @@ "reason": "no releases found", "name": "Signed-Releases", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/975ee2304ef7097c94a377fe95976604b4adcf22/docs/checks.md#signed-releases", + "url": "https://github.com/ossf/scorecard/blob/43d5832d25ccc597a9b94926b6ad43da25204085/docs/checks.md#signed-releases", "short": "Determines if the project cryptographically signs release artifacts." } }, @@ -362,7 +362,7 @@ "reason": "detected GitHub workflow tokens with excessive permissions", "name": "Token-Permissions", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/975ee2304ef7097c94a377fe95976604b4adcf22/docs/checks.md#token-permissions", + "url": "https://github.com/ossf/scorecard/blob/43d5832d25ccc597a9b94926b6ad43da25204085/docs/checks.md#token-permissions", "short": "Determines if the project's workflows follow the principle of least privilege." } }, @@ -372,7 +372,7 @@ "reason": "17 existing vulnerabilities detected", "name": "Vulnerabilities", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/975ee2304ef7097c94a377fe95976604b4adcf22/docs/checks.md#vulnerabilities", + "url": "https://github.com/ossf/scorecard/blob/43d5832d25ccc597a9b94926b6ad43da25204085/docs/checks.md#vulnerabilities", "short": "Determines if the project has open, known unfixed vulnerabilities." } } diff --git a/app/site/_data/DSACMS/opportunities/opportunities_data.json b/app/site/_data/DSACMS/opportunities/opportunities_data.json index 43300b13b7..29c7e668b7 100644 --- a/app/site/_data/DSACMS/opportunities/opportunities_data.json +++ b/app/site/_data/DSACMS/opportunities/opportunities_data.json @@ -89,14 +89,14 @@ }, "created_at": "2023-06-29T15:55:54Z", "ossf_scorecard": { - "date": "2025-01-05T08:48:11Z", + "date": "2025-01-11T00:09:37Z", "repo": { "name": "github.com/DSACMS/opportunities", "commit": "9fc14ff61eac943699c5ed4b7328e9cb52e0a8bd" }, "scorecard": { - "version": "v5.0.0-125-g975ee230", - "commit": "975ee2304ef7097c94a377fe95976604b4adcf22" + "version": "v5.0.0-132-g43d5832d", + "commit": "43d5832d25ccc597a9b94926b6ad43da25204085" }, "score": 3.7, "checks": [ @@ -106,7 +106,7 @@ "reason": "no binaries found in the repo", "name": "Binary-Artifacts", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/975ee2304ef7097c94a377fe95976604b4adcf22/docs/checks.md#binary-artifacts", + "url": "https://github.com/ossf/scorecard/blob/43d5832d25ccc597a9b94926b6ad43da25204085/docs/checks.md#binary-artifacts", "short": "Determines if the project has generated executable (binary) artifacts in the source repository." } }, @@ -116,7 +116,7 @@ "reason": "branch protection not enabled on development/release branches", "name": "Branch-Protection", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/975ee2304ef7097c94a377fe95976604b4adcf22/docs/checks.md#branch-protection", + "url": "https://github.com/ossf/scorecard/blob/43d5832d25ccc597a9b94926b6ad43da25204085/docs/checks.md#branch-protection", "short": "Determines if the default and release branches are protected with GitHub's branch protection settings." } }, @@ -126,7 +126,7 @@ "reason": "no pull request found", "name": "CI-Tests", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/975ee2304ef7097c94a377fe95976604b4adcf22/docs/checks.md#ci-tests", + "url": "https://github.com/ossf/scorecard/blob/43d5832d25ccc597a9b94926b6ad43da25204085/docs/checks.md#ci-tests", "short": "Determines if the project runs tests before pull requests are merged." } }, @@ -136,7 +136,7 @@ "reason": "no effort to earn an OpenSSF best practices badge detected", "name": "CII-Best-Practices", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/975ee2304ef7097c94a377fe95976604b4adcf22/docs/checks.md#cii-best-practices", + "url": "https://github.com/ossf/scorecard/blob/43d5832d25ccc597a9b94926b6ad43da25204085/docs/checks.md#cii-best-practices", "short": "Determines if the project has an OpenSSF (formerly CII) Best Practices Badge." } }, @@ -146,7 +146,7 @@ "reason": "Found 0/30 approved changesets -- score normalized to 0", "name": "Code-Review", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/975ee2304ef7097c94a377fe95976604b4adcf22/docs/checks.md#code-review", + "url": "https://github.com/ossf/scorecard/blob/43d5832d25ccc597a9b94926b6ad43da25204085/docs/checks.md#code-review", "short": "Determines if the project requires human code review before pull requests (aka merge requests) are merged." } }, @@ -156,7 +156,7 @@ "reason": "project has 3 contributing companies or organizations -- score normalized to 10", "name": "Contributors", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/975ee2304ef7097c94a377fe95976604b4adcf22/docs/checks.md#contributors", + "url": "https://github.com/ossf/scorecard/blob/43d5832d25ccc597a9b94926b6ad43da25204085/docs/checks.md#contributors", "short": "Determines if the project has a set of contributors from multiple organizations (e.g., companies)." } }, @@ -166,7 +166,7 @@ "reason": "no workflows found", "name": "Dangerous-Workflow", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/975ee2304ef7097c94a377fe95976604b4adcf22/docs/checks.md#dangerous-workflow", + "url": "https://github.com/ossf/scorecard/blob/43d5832d25ccc597a9b94926b6ad43da25204085/docs/checks.md#dangerous-workflow", "short": "Determines if the project's GitHub Action workflows avoid dangerous patterns." } }, @@ -176,7 +176,7 @@ "reason": "no update tool detected", "name": "Dependency-Update-Tool", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/975ee2304ef7097c94a377fe95976604b4adcf22/docs/checks.md#dependency-update-tool", + "url": "https://github.com/ossf/scorecard/blob/43d5832d25ccc597a9b94926b6ad43da25204085/docs/checks.md#dependency-update-tool", "short": "Determines if the project uses a dependency update tool." } }, @@ -186,7 +186,7 @@ "reason": "project is not fuzzed", "name": "Fuzzing", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/975ee2304ef7097c94a377fe95976604b4adcf22/docs/checks.md#fuzzing", + "url": "https://github.com/ossf/scorecard/blob/43d5832d25ccc597a9b94926b6ad43da25204085/docs/checks.md#fuzzing", "short": "Determines if the project uses fuzzing." } }, @@ -196,7 +196,7 @@ "reason": "license file detected", "name": "License", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/975ee2304ef7097c94a377fe95976604b4adcf22/docs/checks.md#license", + "url": "https://github.com/ossf/scorecard/blob/43d5832d25ccc597a9b94926b6ad43da25204085/docs/checks.md#license", "short": "Determines if the project has defined a license." } }, @@ -206,7 +206,7 @@ "reason": "0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0", "name": "Maintained", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/975ee2304ef7097c94a377fe95976604b4adcf22/docs/checks.md#maintained", + "url": "https://github.com/ossf/scorecard/blob/43d5832d25ccc597a9b94926b6ad43da25204085/docs/checks.md#maintained", "short": "Determines if the project is \"actively maintained\"." } }, @@ -216,7 +216,7 @@ "reason": "packaging workflow not detected", "name": "Packaging", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/975ee2304ef7097c94a377fe95976604b4adcf22/docs/checks.md#packaging", + "url": "https://github.com/ossf/scorecard/blob/43d5832d25ccc597a9b94926b6ad43da25204085/docs/checks.md#packaging", "short": "Determines if the project is published as a package that others can easily download, install, easily update, and uninstall." } }, @@ -226,7 +226,7 @@ "reason": "no dependencies found", "name": "Pinned-Dependencies", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/975ee2304ef7097c94a377fe95976604b4adcf22/docs/checks.md#pinned-dependencies", + "url": "https://github.com/ossf/scorecard/blob/43d5832d25ccc597a9b94926b6ad43da25204085/docs/checks.md#pinned-dependencies", "short": "Determines if the project has declared and pinned the dependencies of its build process." } }, @@ -236,7 +236,7 @@ "reason": "no SAST tool detected", "name": "SAST", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/975ee2304ef7097c94a377fe95976604b4adcf22/docs/checks.md#sast", + "url": "https://github.com/ossf/scorecard/blob/43d5832d25ccc597a9b94926b6ad43da25204085/docs/checks.md#sast", "short": "Determines if the project uses static code analysis." } }, @@ -246,7 +246,7 @@ "reason": "security policy file detected", "name": "Security-Policy", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/975ee2304ef7097c94a377fe95976604b4adcf22/docs/checks.md#security-policy", + "url": "https://github.com/ossf/scorecard/blob/43d5832d25ccc597a9b94926b6ad43da25204085/docs/checks.md#security-policy", "short": "Determines if the project has published a security policy." } }, @@ -256,7 +256,7 @@ "reason": "no releases found", "name": "Signed-Releases", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/975ee2304ef7097c94a377fe95976604b4adcf22/docs/checks.md#signed-releases", + "url": "https://github.com/ossf/scorecard/blob/43d5832d25ccc597a9b94926b6ad43da25204085/docs/checks.md#signed-releases", "short": "Determines if the project cryptographically signs release artifacts." } }, @@ -266,7 +266,7 @@ "reason": "No tokens found", "name": "Token-Permissions", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/975ee2304ef7097c94a377fe95976604b4adcf22/docs/checks.md#token-permissions", + "url": "https://github.com/ossf/scorecard/blob/43d5832d25ccc597a9b94926b6ad43da25204085/docs/checks.md#token-permissions", "short": "Determines if the project's workflows follow the principle of least privilege." } }, @@ -276,7 +276,7 @@ "reason": "0 existing vulnerabilities detected", "name": "Vulnerabilities", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/975ee2304ef7097c94a377fe95976604b4adcf22/docs/checks.md#vulnerabilities", + "url": "https://github.com/ossf/scorecard/blob/43d5832d25ccc597a9b94926b6ad43da25204085/docs/checks.md#vulnerabilities", "short": "Determines if the project has open, known unfixed vulnerabilities." } } diff --git a/app/site/_data/DSACMS/ospo-guide/ospo-guide_data.json b/app/site/_data/DSACMS/ospo-guide/ospo-guide_data.json index f055e078c1..ffae198975 100644 --- a/app/site/_data/DSACMS/ospo-guide/ospo-guide_data.json +++ b/app/site/_data/DSACMS/ospo-guide/ospo-guide_data.json @@ -79,14 +79,14 @@ "dryness_table": "───────────────────────────────────────────────────────────────────────────────\nLanguage Files Lines Blanks Comments Code Complexity\n───────────────────────────────────────────────────────────────────────────────\nMarkdown 29 1228 390 0 838 0\n(ULOC) 796\n-------------------------------------------------------------------------------\nLicense 1 121 12 0 109 0\n(ULOC) 110\n-------------------------------------------------------------------------------\nYAML 1 13 0 0 13 0\n(ULOC) 13\n───────────────────────────────────────────────────────────────────────────────\nTotal 31 1362 402 0 960 0\n───────────────────────────────────────────────────────────────────────────────\nUnique Lines of Code (ULOC) 906\nDRYness % 0.67\n───────────────────────────────────────────────────────────────────────────────\nEstimated Cost to Develop (organic) $25,880\nEstimated Schedule Effort (organic) 3.43 months\nEstimated People Required (organic) 0.67\n───────────────────────────────────────────────────────────────────────────────\nProcessed 85431 bytes, 0.085 megabytes (SI)\n───────────────────────────────────────────────────────────────────────────────\n" }, "ossf_scorecard": { - "date": "2025-01-05T08:48:33Z", + "date": "2025-01-11T00:10:01Z", "repo": { "name": "github.com/DSACMS/ospo-guide", "commit": "3262c457b5819b72ed7a69cf24a35e5c4cd34d37" }, "scorecard": { - "version": "v5.0.0-125-g975ee230", - "commit": "975ee2304ef7097c94a377fe95976604b4adcf22" + "version": "v5.0.0-132-g43d5832d", + "commit": "43d5832d25ccc597a9b94926b6ad43da25204085" }, "score": 5.1, "checks": [ @@ -96,7 +96,7 @@ "reason": "no binaries found in the repo", "name": "Binary-Artifacts", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/975ee2304ef7097c94a377fe95976604b4adcf22/docs/checks.md#binary-artifacts", + "url": "https://github.com/ossf/scorecard/blob/43d5832d25ccc597a9b94926b6ad43da25204085/docs/checks.md#binary-artifacts", "short": "Determines if the project has generated executable (binary) artifacts in the source repository." } }, @@ -106,7 +106,7 @@ "reason": "branch protection not enabled on development/release branches", "name": "Branch-Protection", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/975ee2304ef7097c94a377fe95976604b4adcf22/docs/checks.md#branch-protection", + "url": "https://github.com/ossf/scorecard/blob/43d5832d25ccc597a9b94926b6ad43da25204085/docs/checks.md#branch-protection", "short": "Determines if the default and release branches are protected with GitHub's branch protection settings." } }, @@ -116,7 +116,7 @@ "reason": "0 out of 11 merged PRs checked by a CI test -- score normalized to 0", "name": "CI-Tests", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/975ee2304ef7097c94a377fe95976604b4adcf22/docs/checks.md#ci-tests", + "url": "https://github.com/ossf/scorecard/blob/43d5832d25ccc597a9b94926b6ad43da25204085/docs/checks.md#ci-tests", "short": "Determines if the project runs tests before pull requests are merged." } }, @@ -126,7 +126,7 @@ "reason": "no effort to earn an OpenSSF best practices badge detected", "name": "CII-Best-Practices", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/975ee2304ef7097c94a377fe95976604b4adcf22/docs/checks.md#cii-best-practices", + "url": "https://github.com/ossf/scorecard/blob/43d5832d25ccc597a9b94926b6ad43da25204085/docs/checks.md#cii-best-practices", "short": "Determines if the project has an OpenSSF (formerly CII) Best Practices Badge." } }, @@ -136,7 +136,7 @@ "reason": "Found 9/15 approved changesets -- score normalized to 6", "name": "Code-Review", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/975ee2304ef7097c94a377fe95976604b4adcf22/docs/checks.md#code-review", + "url": "https://github.com/ossf/scorecard/blob/43d5832d25ccc597a9b94926b6ad43da25204085/docs/checks.md#code-review", "short": "Determines if the project requires human code review before pull requests (aka merge requests) are merged." } }, @@ -146,7 +146,7 @@ "reason": "project has 4 contributing companies or organizations", "name": "Contributors", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/975ee2304ef7097c94a377fe95976604b4adcf22/docs/checks.md#contributors", + "url": "https://github.com/ossf/scorecard/blob/43d5832d25ccc597a9b94926b6ad43da25204085/docs/checks.md#contributors", "short": "Determines if the project has a set of contributors from multiple organizations (e.g., companies)." } }, @@ -156,7 +156,7 @@ "reason": "no dangerous workflow patterns detected", "name": "Dangerous-Workflow", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/975ee2304ef7097c94a377fe95976604b4adcf22/docs/checks.md#dangerous-workflow", + "url": "https://github.com/ossf/scorecard/blob/43d5832d25ccc597a9b94926b6ad43da25204085/docs/checks.md#dangerous-workflow", "short": "Determines if the project's GitHub Action workflows avoid dangerous patterns." } }, @@ -166,7 +166,7 @@ "reason": "no update tool detected", "name": "Dependency-Update-Tool", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/975ee2304ef7097c94a377fe95976604b4adcf22/docs/checks.md#dependency-update-tool", + "url": "https://github.com/ossf/scorecard/blob/43d5832d25ccc597a9b94926b6ad43da25204085/docs/checks.md#dependency-update-tool", "short": "Determines if the project uses a dependency update tool." } }, @@ -176,7 +176,7 @@ "reason": "project is not fuzzed", "name": "Fuzzing", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/975ee2304ef7097c94a377fe95976604b4adcf22/docs/checks.md#fuzzing", + "url": "https://github.com/ossf/scorecard/blob/43d5832d25ccc597a9b94926b6ad43da25204085/docs/checks.md#fuzzing", "short": "Determines if the project uses fuzzing." } }, @@ -186,7 +186,7 @@ "reason": "license file detected", "name": "License", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/975ee2304ef7097c94a377fe95976604b4adcf22/docs/checks.md#license", + "url": "https://github.com/ossf/scorecard/blob/43d5832d25ccc597a9b94926b6ad43da25204085/docs/checks.md#license", "short": "Determines if the project has defined a license." } }, @@ -196,7 +196,7 @@ "reason": "18 commit(s) and 5 issue activity found in the last 90 days -- score normalized to 10", "name": "Maintained", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/975ee2304ef7097c94a377fe95976604b4adcf22/docs/checks.md#maintained", + "url": "https://github.com/ossf/scorecard/blob/43d5832d25ccc597a9b94926b6ad43da25204085/docs/checks.md#maintained", "short": "Determines if the project is \"actively maintained\"." } }, @@ -206,7 +206,7 @@ "reason": "packaging workflow not detected", "name": "Packaging", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/975ee2304ef7097c94a377fe95976604b4adcf22/docs/checks.md#packaging", + "url": "https://github.com/ossf/scorecard/blob/43d5832d25ccc597a9b94926b6ad43da25204085/docs/checks.md#packaging", "short": "Determines if the project is published as a package that others can easily download, install, easily update, and uninstall." } }, @@ -216,7 +216,7 @@ "reason": "dependency not pinned by hash detected -- score normalized to 0", "name": "Pinned-Dependencies", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/975ee2304ef7097c94a377fe95976604b4adcf22/docs/checks.md#pinned-dependencies", + "url": "https://github.com/ossf/scorecard/blob/43d5832d25ccc597a9b94926b6ad43da25204085/docs/checks.md#pinned-dependencies", "short": "Determines if the project has declared and pinned the dependencies of its build process." } }, @@ -226,7 +226,7 @@ "reason": "SAST tool is not run on all commits -- score normalized to 0", "name": "SAST", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/975ee2304ef7097c94a377fe95976604b4adcf22/docs/checks.md#sast", + "url": "https://github.com/ossf/scorecard/blob/43d5832d25ccc597a9b94926b6ad43da25204085/docs/checks.md#sast", "short": "Determines if the project uses static code analysis." } }, @@ -236,7 +236,7 @@ "reason": "security policy file detected", "name": "Security-Policy", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/975ee2304ef7097c94a377fe95976604b4adcf22/docs/checks.md#security-policy", + "url": "https://github.com/ossf/scorecard/blob/43d5832d25ccc597a9b94926b6ad43da25204085/docs/checks.md#security-policy", "short": "Determines if the project has published a security policy." } }, @@ -246,7 +246,7 @@ "reason": "no releases found", "name": "Signed-Releases", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/975ee2304ef7097c94a377fe95976604b4adcf22/docs/checks.md#signed-releases", + "url": "https://github.com/ossf/scorecard/blob/43d5832d25ccc597a9b94926b6ad43da25204085/docs/checks.md#signed-releases", "short": "Determines if the project cryptographically signs release artifacts." } }, @@ -256,7 +256,7 @@ "reason": "detected GitHub workflow tokens with excessive permissions", "name": "Token-Permissions", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/975ee2304ef7097c94a377fe95976604b4adcf22/docs/checks.md#token-permissions", + "url": "https://github.com/ossf/scorecard/blob/43d5832d25ccc597a9b94926b6ad43da25204085/docs/checks.md#token-permissions", "short": "Determines if the project's workflows follow the principle of least privilege." } }, @@ -266,7 +266,7 @@ "reason": "0 existing vulnerabilities detected", "name": "Vulnerabilities", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/975ee2304ef7097c94a377fe95976604b4adcf22/docs/checks.md#vulnerabilities", + "url": "https://github.com/ossf/scorecard/blob/43d5832d25ccc597a9b94926b6ad43da25204085/docs/checks.md#vulnerabilities", "short": "Determines if the project has open, known unfixed vulnerabilities." } } diff --git a/app/site/_data/DSACMS/oss-community-runbook/oss-community-runbook_data.json b/app/site/_data/DSACMS/oss-community-runbook/oss-community-runbook_data.json index 5772d1010b..279e08e940 100644 --- a/app/site/_data/DSACMS/oss-community-runbook/oss-community-runbook_data.json +++ b/app/site/_data/DSACMS/oss-community-runbook/oss-community-runbook_data.json @@ -88,14 +88,14 @@ }, "created_at": "2023-07-20T20:34:00Z", "ossf_scorecard": { - "date": "2025-01-05T08:48:40Z", + "date": "2025-01-11T00:10:10Z", "repo": { "name": "github.com/DSACMS/oss-community-runbook", "commit": "c4a8f78466aa0a118409a884344357931c55d6c3" }, "scorecard": { - "version": "v5.0.0-125-g975ee230", - "commit": "975ee2304ef7097c94a377fe95976604b4adcf22" + "version": "v5.0.0-132-g43d5832d", + "commit": "43d5832d25ccc597a9b94926b6ad43da25204085" }, "score": 3.3, "checks": [ @@ -105,7 +105,7 @@ "reason": "no binaries found in the repo", "name": "Binary-Artifacts", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/975ee2304ef7097c94a377fe95976604b4adcf22/docs/checks.md#binary-artifacts", + "url": "https://github.com/ossf/scorecard/blob/43d5832d25ccc597a9b94926b6ad43da25204085/docs/checks.md#binary-artifacts", "short": "Determines if the project has generated executable (binary) artifacts in the source repository." } }, @@ -115,7 +115,7 @@ "reason": "branch protection not enabled on development/release branches", "name": "Branch-Protection", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/975ee2304ef7097c94a377fe95976604b4adcf22/docs/checks.md#branch-protection", + "url": "https://github.com/ossf/scorecard/blob/43d5832d25ccc597a9b94926b6ad43da25204085/docs/checks.md#branch-protection", "short": "Determines if the default and release branches are protected with GitHub's branch protection settings." } }, @@ -125,7 +125,7 @@ "reason": "no pull request found", "name": "CI-Tests", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/975ee2304ef7097c94a377fe95976604b4adcf22/docs/checks.md#ci-tests", + "url": "https://github.com/ossf/scorecard/blob/43d5832d25ccc597a9b94926b6ad43da25204085/docs/checks.md#ci-tests", "short": "Determines if the project runs tests before pull requests are merged." } }, @@ -135,7 +135,7 @@ "reason": "no effort to earn an OpenSSF best practices badge detected", "name": "CII-Best-Practices", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/975ee2304ef7097c94a377fe95976604b4adcf22/docs/checks.md#cii-best-practices", + "url": "https://github.com/ossf/scorecard/blob/43d5832d25ccc597a9b94926b6ad43da25204085/docs/checks.md#cii-best-practices", "short": "Determines if the project has an OpenSSF (formerly CII) Best Practices Badge." } }, @@ -145,7 +145,7 @@ "reason": "Found 0/1 approved changesets -- score normalized to 0", "name": "Code-Review", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/975ee2304ef7097c94a377fe95976604b4adcf22/docs/checks.md#code-review", + "url": "https://github.com/ossf/scorecard/blob/43d5832d25ccc597a9b94926b6ad43da25204085/docs/checks.md#code-review", "short": "Determines if the project requires human code review before pull requests (aka merge requests) are merged." } }, @@ -155,7 +155,7 @@ "reason": "project has 0 contributing companies or organizations -- score normalized to 0", "name": "Contributors", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/975ee2304ef7097c94a377fe95976604b4adcf22/docs/checks.md#contributors", + "url": "https://github.com/ossf/scorecard/blob/43d5832d25ccc597a9b94926b6ad43da25204085/docs/checks.md#contributors", "short": "Determines if the project has a set of contributors from multiple organizations (e.g., companies)." } }, @@ -165,7 +165,7 @@ "reason": "no workflows found", "name": "Dangerous-Workflow", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/975ee2304ef7097c94a377fe95976604b4adcf22/docs/checks.md#dangerous-workflow", + "url": "https://github.com/ossf/scorecard/blob/43d5832d25ccc597a9b94926b6ad43da25204085/docs/checks.md#dangerous-workflow", "short": "Determines if the project's GitHub Action workflows avoid dangerous patterns." } }, @@ -175,7 +175,7 @@ "reason": "no update tool detected", "name": "Dependency-Update-Tool", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/975ee2304ef7097c94a377fe95976604b4adcf22/docs/checks.md#dependency-update-tool", + "url": "https://github.com/ossf/scorecard/blob/43d5832d25ccc597a9b94926b6ad43da25204085/docs/checks.md#dependency-update-tool", "short": "Determines if the project uses a dependency update tool." } }, @@ -185,7 +185,7 @@ "reason": "project is not fuzzed", "name": "Fuzzing", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/975ee2304ef7097c94a377fe95976604b4adcf22/docs/checks.md#fuzzing", + "url": "https://github.com/ossf/scorecard/blob/43d5832d25ccc597a9b94926b6ad43da25204085/docs/checks.md#fuzzing", "short": "Determines if the project uses fuzzing." } }, @@ -195,7 +195,7 @@ "reason": "license file detected", "name": "License", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/975ee2304ef7097c94a377fe95976604b4adcf22/docs/checks.md#license", + "url": "https://github.com/ossf/scorecard/blob/43d5832d25ccc597a9b94926b6ad43da25204085/docs/checks.md#license", "short": "Determines if the project has defined a license." } }, @@ -205,7 +205,7 @@ "reason": "0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0", "name": "Maintained", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/975ee2304ef7097c94a377fe95976604b4adcf22/docs/checks.md#maintained", + "url": "https://github.com/ossf/scorecard/blob/43d5832d25ccc597a9b94926b6ad43da25204085/docs/checks.md#maintained", "short": "Determines if the project is \"actively maintained\"." } }, @@ -215,7 +215,7 @@ "reason": "packaging workflow not detected", "name": "Packaging", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/975ee2304ef7097c94a377fe95976604b4adcf22/docs/checks.md#packaging", + "url": "https://github.com/ossf/scorecard/blob/43d5832d25ccc597a9b94926b6ad43da25204085/docs/checks.md#packaging", "short": "Determines if the project is published as a package that others can easily download, install, easily update, and uninstall." } }, @@ -225,7 +225,7 @@ "reason": "no dependencies found", "name": "Pinned-Dependencies", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/975ee2304ef7097c94a377fe95976604b4adcf22/docs/checks.md#pinned-dependencies", + "url": "https://github.com/ossf/scorecard/blob/43d5832d25ccc597a9b94926b6ad43da25204085/docs/checks.md#pinned-dependencies", "short": "Determines if the project has declared and pinned the dependencies of its build process." } }, @@ -235,7 +235,7 @@ "reason": "no SAST tool detected", "name": "SAST", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/975ee2304ef7097c94a377fe95976604b4adcf22/docs/checks.md#sast", + "url": "https://github.com/ossf/scorecard/blob/43d5832d25ccc597a9b94926b6ad43da25204085/docs/checks.md#sast", "short": "Determines if the project uses static code analysis." } }, @@ -245,7 +245,7 @@ "reason": "security policy file detected", "name": "Security-Policy", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/975ee2304ef7097c94a377fe95976604b4adcf22/docs/checks.md#security-policy", + "url": "https://github.com/ossf/scorecard/blob/43d5832d25ccc597a9b94926b6ad43da25204085/docs/checks.md#security-policy", "short": "Determines if the project has published a security policy." } }, @@ -255,7 +255,7 @@ "reason": "no releases found", "name": "Signed-Releases", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/975ee2304ef7097c94a377fe95976604b4adcf22/docs/checks.md#signed-releases", + "url": "https://github.com/ossf/scorecard/blob/43d5832d25ccc597a9b94926b6ad43da25204085/docs/checks.md#signed-releases", "short": "Determines if the project cryptographically signs release artifacts." } }, @@ -265,7 +265,7 @@ "reason": "No tokens found", "name": "Token-Permissions", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/975ee2304ef7097c94a377fe95976604b4adcf22/docs/checks.md#token-permissions", + "url": "https://github.com/ossf/scorecard/blob/43d5832d25ccc597a9b94926b6ad43da25204085/docs/checks.md#token-permissions", "short": "Determines if the project's workflows follow the principle of least privilege." } }, @@ -275,7 +275,7 @@ "reason": "0 existing vulnerabilities detected", "name": "Vulnerabilities", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/975ee2304ef7097c94a377fe95976604b4adcf22/docs/checks.md#vulnerabilities", + "url": "https://github.com/ossf/scorecard/blob/43d5832d25ccc597a9b94926b6ad43da25204085/docs/checks.md#vulnerabilities", "short": "Determines if the project has open, known unfixed vulnerabilities." } } diff --git a/app/site/_data/DSACMS/repo-scaffolder/repo-scaffolder_data.json b/app/site/_data/DSACMS/repo-scaffolder/repo-scaffolder_data.json index 90c2669a15..d99a698563 100644 --- a/app/site/_data/DSACMS/repo-scaffolder/repo-scaffolder_data.json +++ b/app/site/_data/DSACMS/repo-scaffolder/repo-scaffolder_data.json @@ -209,14 +209,14 @@ "repository_host": "Github.com", "maturity_model_tier": "3", "ossf_scorecard": { - "date": "2025-01-05T08:47:53Z", + "date": "2025-01-11T00:09:15Z", "repo": { "name": "github.com/DSACMS/repo-scaffolder", - "commit": "71f7bf7d66c0f3b00356e7314e085f9b9b4e4da2" + "commit": "16063f5d2aa05220745afbbe6fc7dbd2294d2c4f" }, "scorecard": { - "version": "v5.0.0-125-g975ee230", - "commit": "975ee2304ef7097c94a377fe95976604b4adcf22" + "version": "v5.0.0-132-g43d5832d", + "commit": "43d5832d25ccc597a9b94926b6ad43da25204085" }, "score": 6.4, "checks": [ @@ -226,7 +226,7 @@ "reason": "no binaries found in the repo", "name": "Binary-Artifacts", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/975ee2304ef7097c94a377fe95976604b4adcf22/docs/checks.md#binary-artifacts", + "url": "https://github.com/ossf/scorecard/blob/43d5832d25ccc597a9b94926b6ad43da25204085/docs/checks.md#binary-artifacts", "short": "Determines if the project has generated executable (binary) artifacts in the source repository." } }, @@ -236,17 +236,17 @@ "reason": "branch protection is not maximal on development and all release branches", "name": "Branch-Protection", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/975ee2304ef7097c94a377fe95976604b4adcf22/docs/checks.md#branch-protection", + "url": "https://github.com/ossf/scorecard/blob/43d5832d25ccc597a9b94926b6ad43da25204085/docs/checks.md#branch-protection", "short": "Determines if the default and release branches are protected with GitHub's branch protection settings." } }, { "details": null, "score": 10, - "reason": "7 out of 7 merged PRs checked by a CI test -- score normalized to 10", + "reason": "8 out of 8 merged PRs checked by a CI test -- score normalized to 10", "name": "CI-Tests", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/975ee2304ef7097c94a377fe95976604b4adcf22/docs/checks.md#ci-tests", + "url": "https://github.com/ossf/scorecard/blob/43d5832d25ccc597a9b94926b6ad43da25204085/docs/checks.md#ci-tests", "short": "Determines if the project runs tests before pull requests are merged." } }, @@ -256,17 +256,17 @@ "reason": "no effort to earn an OpenSSF best practices badge detected", "name": "CII-Best-Practices", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/975ee2304ef7097c94a377fe95976604b4adcf22/docs/checks.md#cii-best-practices", + "url": "https://github.com/ossf/scorecard/blob/43d5832d25ccc597a9b94926b6ad43da25204085/docs/checks.md#cii-best-practices", "short": "Determines if the project has an OpenSSF (formerly CII) Best Practices Badge." } }, { "details": null, "score": 8, - "reason": "Found 6/7 approved changesets -- score normalized to 8", + "reason": "Found 7/8 approved changesets -- score normalized to 8", "name": "Code-Review", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/975ee2304ef7097c94a377fe95976604b4adcf22/docs/checks.md#code-review", + "url": "https://github.com/ossf/scorecard/blob/43d5832d25ccc597a9b94926b6ad43da25204085/docs/checks.md#code-review", "short": "Determines if the project requires human code review before pull requests (aka merge requests) are merged." } }, @@ -276,7 +276,7 @@ "reason": "project has 13 contributing companies or organizations", "name": "Contributors", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/975ee2304ef7097c94a377fe95976604b4adcf22/docs/checks.md#contributors", + "url": "https://github.com/ossf/scorecard/blob/43d5832d25ccc597a9b94926b6ad43da25204085/docs/checks.md#contributors", "short": "Determines if the project has a set of contributors from multiple organizations (e.g., companies)." } }, @@ -286,7 +286,7 @@ "reason": "no dangerous workflow patterns detected", "name": "Dangerous-Workflow", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/975ee2304ef7097c94a377fe95976604b4adcf22/docs/checks.md#dangerous-workflow", + "url": "https://github.com/ossf/scorecard/blob/43d5832d25ccc597a9b94926b6ad43da25204085/docs/checks.md#dangerous-workflow", "short": "Determines if the project's GitHub Action workflows avoid dangerous patterns." } }, @@ -296,7 +296,7 @@ "reason": "no update tool detected", "name": "Dependency-Update-Tool", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/975ee2304ef7097c94a377fe95976604b4adcf22/docs/checks.md#dependency-update-tool", + "url": "https://github.com/ossf/scorecard/blob/43d5832d25ccc597a9b94926b6ad43da25204085/docs/checks.md#dependency-update-tool", "short": "Determines if the project uses a dependency update tool." } }, @@ -306,7 +306,7 @@ "reason": "project is not fuzzed", "name": "Fuzzing", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/975ee2304ef7097c94a377fe95976604b4adcf22/docs/checks.md#fuzzing", + "url": "https://github.com/ossf/scorecard/blob/43d5832d25ccc597a9b94926b6ad43da25204085/docs/checks.md#fuzzing", "short": "Determines if the project uses fuzzing." } }, @@ -316,7 +316,7 @@ "reason": "license file detected", "name": "License", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/975ee2304ef7097c94a377fe95976604b4adcf22/docs/checks.md#license", + "url": "https://github.com/ossf/scorecard/blob/43d5832d25ccc597a9b94926b6ad43da25204085/docs/checks.md#license", "short": "Determines if the project has defined a license." } }, @@ -326,7 +326,7 @@ "reason": "30 commit(s) and 14 issue activity found in the last 90 days -- score normalized to 10", "name": "Maintained", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/975ee2304ef7097c94a377fe95976604b4adcf22/docs/checks.md#maintained", + "url": "https://github.com/ossf/scorecard/blob/43d5832d25ccc597a9b94926b6ad43da25204085/docs/checks.md#maintained", "short": "Determines if the project is \"actively maintained\"." } }, @@ -336,7 +336,7 @@ "reason": "packaging workflow not detected", "name": "Packaging", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/975ee2304ef7097c94a377fe95976604b4adcf22/docs/checks.md#packaging", + "url": "https://github.com/ossf/scorecard/blob/43d5832d25ccc597a9b94926b6ad43da25204085/docs/checks.md#packaging", "short": "Determines if the project is published as a package that others can easily download, install, easily update, and uninstall." } }, @@ -346,7 +346,7 @@ "reason": "dependency not pinned by hash detected -- score normalized to 0", "name": "Pinned-Dependencies", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/975ee2304ef7097c94a377fe95976604b4adcf22/docs/checks.md#pinned-dependencies", + "url": "https://github.com/ossf/scorecard/blob/43d5832d25ccc597a9b94926b6ad43da25204085/docs/checks.md#pinned-dependencies", "short": "Determines if the project has declared and pinned the dependencies of its build process." } }, @@ -356,7 +356,7 @@ "reason": "SAST tool is run on all commits", "name": "SAST", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/975ee2304ef7097c94a377fe95976604b4adcf22/docs/checks.md#sast", + "url": "https://github.com/ossf/scorecard/blob/43d5832d25ccc597a9b94926b6ad43da25204085/docs/checks.md#sast", "short": "Determines if the project uses static code analysis." } }, @@ -366,7 +366,7 @@ "reason": "security policy file detected", "name": "Security-Policy", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/975ee2304ef7097c94a377fe95976604b4adcf22/docs/checks.md#security-policy", + "url": "https://github.com/ossf/scorecard/blob/43d5832d25ccc597a9b94926b6ad43da25204085/docs/checks.md#security-policy", "short": "Determines if the project has published a security policy." } }, @@ -376,7 +376,7 @@ "reason": "no releases found", "name": "Signed-Releases", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/975ee2304ef7097c94a377fe95976604b4adcf22/docs/checks.md#signed-releases", + "url": "https://github.com/ossf/scorecard/blob/43d5832d25ccc597a9b94926b6ad43da25204085/docs/checks.md#signed-releases", "short": "Determines if the project cryptographically signs release artifacts." } }, @@ -386,7 +386,7 @@ "reason": "detected GitHub workflow tokens with excessive permissions", "name": "Token-Permissions", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/975ee2304ef7097c94a377fe95976604b4adcf22/docs/checks.md#token-permissions", + "url": "https://github.com/ossf/scorecard/blob/43d5832d25ccc597a9b94926b6ad43da25204085/docs/checks.md#token-permissions", "short": "Determines if the project's workflows follow the principle of least privilege." } }, @@ -396,7 +396,7 @@ "reason": "0 existing vulnerabilities detected", "name": "Vulnerabilities", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/975ee2304ef7097c94a377fe95976604b4adcf22/docs/checks.md#vulnerabilities", + "url": "https://github.com/ossf/scorecard/blob/43d5832d25ccc597a9b94926b6ad43da25204085/docs/checks.md#vulnerabilities", "short": "Determines if the project has open, known unfixed vulnerabilities." } } diff --git a/app/site/_data/DSACMS/repodive-tools/repodive-tools_data.json b/app/site/_data/DSACMS/repodive-tools/repodive-tools_data.json index f6fb793603..de03211f08 100644 --- a/app/site/_data/DSACMS/repodive-tools/repodive-tools_data.json +++ b/app/site/_data/DSACMS/repodive-tools/repodive-tools_data.json @@ -134,14 +134,14 @@ "dryness_table": "───────────────────────────────────────────────────────────────────────────────\nLanguage Files Lines Blanks Comments Code Complexity\n───────────────────────────────────────────────────────────────────────────────\nMarkdown 4 658 244 0 414 0\n(ULOC) 371\n-------------------------------------------------------------------------------\nShell 4 166 32 34 100 23\n(ULOC) 97\n-------------------------------------------------------------------------------\nJSON 2 882 0 0 882 0\n(ULOC) 282\n-------------------------------------------------------------------------------\nPython 2 67 20 3 44 11\n(ULOC) 38\n-------------------------------------------------------------------------------\nYAML 2 82 11 26 45 0\n(ULOC) 68\n-------------------------------------------------------------------------------\nLicense 1 121 12 0 109 0\n(ULOC) 110\n───────────────────────────────────────────────────────────────────────────────\nTotal 15 1976 319 63 1594 34\n───────────────────────────────────────────────────────────────────────────────\nUnique Lines of Code (ULOC) 958\nDRYness % 0.48\n───────────────────────────────────────────────────────────────────────────────\nEstimated Cost to Develop (organic) $44,076\nEstimated Schedule Effort (organic) 4.20 months\nEstimated People Required (organic) 0.93\n───────────────────────────────────────────────────────────────────────────────\nProcessed 105334 bytes, 0.105 megabytes (SI)\n───────────────────────────────────────────────────────────────────────────────\n" }, "ossf_scorecard": { - "date": "2025-01-05T08:48:27Z", + "date": "2025-01-11T00:09:55Z", "repo": { "name": "github.com/DSACMS/repodive-tools", "commit": "0b5b1d4caebfa9270eab8178b6f05b0976a50997" }, "scorecard": { - "version": "v5.0.0-125-g975ee230", - "commit": "975ee2304ef7097c94a377fe95976604b4adcf22" + "version": "v5.0.0-132-g43d5832d", + "commit": "43d5832d25ccc597a9b94926b6ad43da25204085" }, "score": 4.4, "checks": [ @@ -151,7 +151,7 @@ "reason": "no binaries found in the repo", "name": "Binary-Artifacts", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/975ee2304ef7097c94a377fe95976604b4adcf22/docs/checks.md#binary-artifacts", + "url": "https://github.com/ossf/scorecard/blob/43d5832d25ccc597a9b94926b6ad43da25204085/docs/checks.md#binary-artifacts", "short": "Determines if the project has generated executable (binary) artifacts in the source repository." } }, @@ -161,7 +161,7 @@ "reason": "branch protection not enabled on development/release branches", "name": "Branch-Protection", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/975ee2304ef7097c94a377fe95976604b4adcf22/docs/checks.md#branch-protection", + "url": "https://github.com/ossf/scorecard/blob/43d5832d25ccc597a9b94926b6ad43da25204085/docs/checks.md#branch-protection", "short": "Determines if the default and release branches are protected with GitHub's branch protection settings." } }, @@ -171,7 +171,7 @@ "reason": "3 out of 3 merged PRs checked by a CI test -- score normalized to 10", "name": "CI-Tests", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/975ee2304ef7097c94a377fe95976604b4adcf22/docs/checks.md#ci-tests", + "url": "https://github.com/ossf/scorecard/blob/43d5832d25ccc597a9b94926b6ad43da25204085/docs/checks.md#ci-tests", "short": "Determines if the project runs tests before pull requests are merged." } }, @@ -181,7 +181,7 @@ "reason": "no effort to earn an OpenSSF best practices badge detected", "name": "CII-Best-Practices", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/975ee2304ef7097c94a377fe95976604b4adcf22/docs/checks.md#cii-best-practices", + "url": "https://github.com/ossf/scorecard/blob/43d5832d25ccc597a9b94926b6ad43da25204085/docs/checks.md#cii-best-practices", "short": "Determines if the project has an OpenSSF (formerly CII) Best Practices Badge." } }, @@ -191,7 +191,7 @@ "reason": "Found 1/13 approved changesets -- score normalized to 0", "name": "Code-Review", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/975ee2304ef7097c94a377fe95976604b4adcf22/docs/checks.md#code-review", + "url": "https://github.com/ossf/scorecard/blob/43d5832d25ccc597a9b94926b6ad43da25204085/docs/checks.md#code-review", "short": "Determines if the project requires human code review before pull requests (aka merge requests) are merged." } }, @@ -201,7 +201,7 @@ "reason": "project has 1 contributing companies or organizations -- score normalized to 3", "name": "Contributors", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/975ee2304ef7097c94a377fe95976604b4adcf22/docs/checks.md#contributors", + "url": "https://github.com/ossf/scorecard/blob/43d5832d25ccc597a9b94926b6ad43da25204085/docs/checks.md#contributors", "short": "Determines if the project has a set of contributors from multiple organizations (e.g., companies)." } }, @@ -211,7 +211,7 @@ "reason": "no dangerous workflow patterns detected", "name": "Dangerous-Workflow", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/975ee2304ef7097c94a377fe95976604b4adcf22/docs/checks.md#dangerous-workflow", + "url": "https://github.com/ossf/scorecard/blob/43d5832d25ccc597a9b94926b6ad43da25204085/docs/checks.md#dangerous-workflow", "short": "Determines if the project's GitHub Action workflows avoid dangerous patterns." } }, @@ -221,7 +221,7 @@ "reason": "no update tool detected", "name": "Dependency-Update-Tool", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/975ee2304ef7097c94a377fe95976604b4adcf22/docs/checks.md#dependency-update-tool", + "url": "https://github.com/ossf/scorecard/blob/43d5832d25ccc597a9b94926b6ad43da25204085/docs/checks.md#dependency-update-tool", "short": "Determines if the project uses a dependency update tool." } }, @@ -231,7 +231,7 @@ "reason": "project is not fuzzed", "name": "Fuzzing", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/975ee2304ef7097c94a377fe95976604b4adcf22/docs/checks.md#fuzzing", + "url": "https://github.com/ossf/scorecard/blob/43d5832d25ccc597a9b94926b6ad43da25204085/docs/checks.md#fuzzing", "short": "Determines if the project uses fuzzing." } }, @@ -241,7 +241,7 @@ "reason": "license file detected", "name": "License", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/975ee2304ef7097c94a377fe95976604b4adcf22/docs/checks.md#license", + "url": "https://github.com/ossf/scorecard/blob/43d5832d25ccc597a9b94926b6ad43da25204085/docs/checks.md#license", "short": "Determines if the project has defined a license." } }, @@ -251,7 +251,7 @@ "reason": "8 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 6", "name": "Maintained", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/975ee2304ef7097c94a377fe95976604b4adcf22/docs/checks.md#maintained", + "url": "https://github.com/ossf/scorecard/blob/43d5832d25ccc597a9b94926b6ad43da25204085/docs/checks.md#maintained", "short": "Determines if the project is \"actively maintained\"." } }, @@ -261,7 +261,7 @@ "reason": "packaging workflow not detected", "name": "Packaging", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/975ee2304ef7097c94a377fe95976604b4adcf22/docs/checks.md#packaging", + "url": "https://github.com/ossf/scorecard/blob/43d5832d25ccc597a9b94926b6ad43da25204085/docs/checks.md#packaging", "short": "Determines if the project is published as a package that others can easily download, install, easily update, and uninstall." } }, @@ -271,7 +271,7 @@ "reason": "dependency not pinned by hash detected -- score normalized to 0", "name": "Pinned-Dependencies", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/975ee2304ef7097c94a377fe95976604b4adcf22/docs/checks.md#pinned-dependencies", + "url": "https://github.com/ossf/scorecard/blob/43d5832d25ccc597a9b94926b6ad43da25204085/docs/checks.md#pinned-dependencies", "short": "Determines if the project has declared and pinned the dependencies of its build process." } }, @@ -281,7 +281,7 @@ "reason": "SAST tool is not run on all commits -- score normalized to 0", "name": "SAST", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/975ee2304ef7097c94a377fe95976604b4adcf22/docs/checks.md#sast", + "url": "https://github.com/ossf/scorecard/blob/43d5832d25ccc597a9b94926b6ad43da25204085/docs/checks.md#sast", "short": "Determines if the project uses static code analysis." } }, @@ -291,7 +291,7 @@ "reason": "security policy file detected", "name": "Security-Policy", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/975ee2304ef7097c94a377fe95976604b4adcf22/docs/checks.md#security-policy", + "url": "https://github.com/ossf/scorecard/blob/43d5832d25ccc597a9b94926b6ad43da25204085/docs/checks.md#security-policy", "short": "Determines if the project has published a security policy." } }, @@ -301,7 +301,7 @@ "reason": "no releases found", "name": "Signed-Releases", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/975ee2304ef7097c94a377fe95976604b4adcf22/docs/checks.md#signed-releases", + "url": "https://github.com/ossf/scorecard/blob/43d5832d25ccc597a9b94926b6ad43da25204085/docs/checks.md#signed-releases", "short": "Determines if the project cryptographically signs release artifacts." } }, @@ -311,7 +311,7 @@ "reason": "detected GitHub workflow tokens with excessive permissions", "name": "Token-Permissions", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/975ee2304ef7097c94a377fe95976604b4adcf22/docs/checks.md#token-permissions", + "url": "https://github.com/ossf/scorecard/blob/43d5832d25ccc597a9b94926b6ad43da25204085/docs/checks.md#token-permissions", "short": "Determines if the project's workflows follow the principle of least privilege." } }, @@ -321,7 +321,7 @@ "reason": "0 existing vulnerabilities detected", "name": "Vulnerabilities", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/975ee2304ef7097c94a377fe95976604b4adcf22/docs/checks.md#vulnerabilities", + "url": "https://github.com/ossf/scorecard/blob/43d5832d25ccc597a9b94926b6ad43da25204085/docs/checks.md#vulnerabilities", "short": "Determines if the project has open, known unfixed vulnerabilities." } } diff --git a/app/site/_data/DSACMS/reverse-scorecard-generation/reverse-scorecard-generation_data.json b/app/site/_data/DSACMS/reverse-scorecard-generation/reverse-scorecard-generation_data.json index b325f742f9..f7165d3d7a 100644 --- a/app/site/_data/DSACMS/reverse-scorecard-generation/reverse-scorecard-generation_data.json +++ b/app/site/_data/DSACMS/reverse-scorecard-generation/reverse-scorecard-generation_data.json @@ -139,14 +139,14 @@ "dryness_table": "───────────────────────────────────────────────────────────────────────────────\nLanguage Files Lines Blanks Comments Code Complexity\n───────────────────────────────────────────────────────────────────────────────\nMarkdown 3 282 92 0 190 0\n(ULOC) 133\n-------------------------------------------------------------------------------\nJSON 2 825 0 0 825 0\n(ULOC) 156\n-------------------------------------------------------------------------------\nCSV 1 1 0 0 1 0\n(ULOC) 2\n-------------------------------------------------------------------------------\nLicense 1 121 12 0 109 0\n(ULOC) 110\n-------------------------------------------------------------------------------\nPlain Text 1 3 1 0 2 0\n(ULOC) 3\n-------------------------------------------------------------------------------\nPython 1 94 17 21 56 12\n(ULOC) 78\n-------------------------------------------------------------------------------\nYAML 1 71 9 37 25 0\n(ULOC) 56\n───────────────────────────────────────────────────────────────────────────────\nTotal 10 1397 131 58 1208 12\n───────────────────────────────────────────────────────────────────────────────\nUnique Lines of Code (ULOC) 532\nDRYness % 0.38\n───────────────────────────────────────────────────────────────────────────────\nEstimated Cost to Develop (organic) $32,943\nEstimated Schedule Effort (organic) 3.76 months\nEstimated People Required (organic) 0.78\n───────────────────────────────────────────────────────────────────────────────\nProcessed 49738 bytes, 0.050 megabytes (SI)\n───────────────────────────────────────────────────────────────────────────────\n" }, "ossf_scorecard": { - "date": "2025-01-05T08:48:47Z", + "date": "2025-01-11T00:10:18Z", "repo": { "name": "github.com/DSACMS/reverse-scorecard-generation", "commit": "a7ce7b5f4823b38a2b13a3ac830cb07c5c0ee39a" }, "scorecard": { - "version": "v5.0.0-125-g975ee230", - "commit": "975ee2304ef7097c94a377fe95976604b4adcf22" + "version": "v5.0.0-132-g43d5832d", + "commit": "43d5832d25ccc597a9b94926b6ad43da25204085" }, "score": 3.6, "checks": [ @@ -156,7 +156,7 @@ "reason": "no binaries found in the repo", "name": "Binary-Artifacts", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/975ee2304ef7097c94a377fe95976604b4adcf22/docs/checks.md#binary-artifacts", + "url": "https://github.com/ossf/scorecard/blob/43d5832d25ccc597a9b94926b6ad43da25204085/docs/checks.md#binary-artifacts", "short": "Determines if the project has generated executable (binary) artifacts in the source repository." } }, @@ -166,7 +166,7 @@ "reason": "branch protection not enabled on development/release branches", "name": "Branch-Protection", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/975ee2304ef7097c94a377fe95976604b4adcf22/docs/checks.md#branch-protection", + "url": "https://github.com/ossf/scorecard/blob/43d5832d25ccc597a9b94926b6ad43da25204085/docs/checks.md#branch-protection", "short": "Determines if the default and release branches are protected with GitHub's branch protection settings." } }, @@ -176,7 +176,7 @@ "reason": "no pull request found", "name": "CI-Tests", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/975ee2304ef7097c94a377fe95976604b4adcf22/docs/checks.md#ci-tests", + "url": "https://github.com/ossf/scorecard/blob/43d5832d25ccc597a9b94926b6ad43da25204085/docs/checks.md#ci-tests", "short": "Determines if the project runs tests before pull requests are merged." } }, @@ -186,7 +186,7 @@ "reason": "no effort to earn an OpenSSF best practices badge detected", "name": "CII-Best-Practices", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/975ee2304ef7097c94a377fe95976604b4adcf22/docs/checks.md#cii-best-practices", + "url": "https://github.com/ossf/scorecard/blob/43d5832d25ccc597a9b94926b6ad43da25204085/docs/checks.md#cii-best-practices", "short": "Determines if the project has an OpenSSF (formerly CII) Best Practices Badge." } }, @@ -196,7 +196,7 @@ "reason": "Found 0/4 approved changesets -- score normalized to 0", "name": "Code-Review", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/975ee2304ef7097c94a377fe95976604b4adcf22/docs/checks.md#code-review", + "url": "https://github.com/ossf/scorecard/blob/43d5832d25ccc597a9b94926b6ad43da25204085/docs/checks.md#code-review", "short": "Determines if the project requires human code review before pull requests (aka merge requests) are merged." } }, @@ -206,7 +206,7 @@ "reason": "project has 0 contributing companies or organizations -- score normalized to 0", "name": "Contributors", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/975ee2304ef7097c94a377fe95976604b4adcf22/docs/checks.md#contributors", + "url": "https://github.com/ossf/scorecard/blob/43d5832d25ccc597a9b94926b6ad43da25204085/docs/checks.md#contributors", "short": "Determines if the project has a set of contributors from multiple organizations (e.g., companies)." } }, @@ -216,7 +216,7 @@ "reason": "no dangerous workflow patterns detected", "name": "Dangerous-Workflow", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/975ee2304ef7097c94a377fe95976604b4adcf22/docs/checks.md#dangerous-workflow", + "url": "https://github.com/ossf/scorecard/blob/43d5832d25ccc597a9b94926b6ad43da25204085/docs/checks.md#dangerous-workflow", "short": "Determines if the project's GitHub Action workflows avoid dangerous patterns." } }, @@ -226,7 +226,7 @@ "reason": "no update tool detected", "name": "Dependency-Update-Tool", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/975ee2304ef7097c94a377fe95976604b4adcf22/docs/checks.md#dependency-update-tool", + "url": "https://github.com/ossf/scorecard/blob/43d5832d25ccc597a9b94926b6ad43da25204085/docs/checks.md#dependency-update-tool", "short": "Determines if the project uses a dependency update tool." } }, @@ -236,7 +236,7 @@ "reason": "project is not fuzzed", "name": "Fuzzing", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/975ee2304ef7097c94a377fe95976604b4adcf22/docs/checks.md#fuzzing", + "url": "https://github.com/ossf/scorecard/blob/43d5832d25ccc597a9b94926b6ad43da25204085/docs/checks.md#fuzzing", "short": "Determines if the project uses fuzzing." } }, @@ -246,7 +246,7 @@ "reason": "license file detected", "name": "License", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/975ee2304ef7097c94a377fe95976604b4adcf22/docs/checks.md#license", + "url": "https://github.com/ossf/scorecard/blob/43d5832d25ccc597a9b94926b6ad43da25204085/docs/checks.md#license", "short": "Determines if the project has defined a license." } }, @@ -256,7 +256,7 @@ "reason": "0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0", "name": "Maintained", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/975ee2304ef7097c94a377fe95976604b4adcf22/docs/checks.md#maintained", + "url": "https://github.com/ossf/scorecard/blob/43d5832d25ccc597a9b94926b6ad43da25204085/docs/checks.md#maintained", "short": "Determines if the project is \"actively maintained\"." } }, @@ -266,7 +266,7 @@ "reason": "packaging workflow not detected", "name": "Packaging", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/975ee2304ef7097c94a377fe95976604b4adcf22/docs/checks.md#packaging", + "url": "https://github.com/ossf/scorecard/blob/43d5832d25ccc597a9b94926b6ad43da25204085/docs/checks.md#packaging", "short": "Determines if the project is published as a package that others can easily download, install, easily update, and uninstall." } }, @@ -276,7 +276,7 @@ "reason": "dependency not pinned by hash detected -- score normalized to 0", "name": "Pinned-Dependencies", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/975ee2304ef7097c94a377fe95976604b4adcf22/docs/checks.md#pinned-dependencies", + "url": "https://github.com/ossf/scorecard/blob/43d5832d25ccc597a9b94926b6ad43da25204085/docs/checks.md#pinned-dependencies", "short": "Determines if the project has declared and pinned the dependencies of its build process." } }, @@ -286,7 +286,7 @@ "reason": "no SAST tool detected", "name": "SAST", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/975ee2304ef7097c94a377fe95976604b4adcf22/docs/checks.md#sast", + "url": "https://github.com/ossf/scorecard/blob/43d5832d25ccc597a9b94926b6ad43da25204085/docs/checks.md#sast", "short": "Determines if the project uses static code analysis." } }, @@ -296,7 +296,7 @@ "reason": "security policy file detected", "name": "Security-Policy", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/975ee2304ef7097c94a377fe95976604b4adcf22/docs/checks.md#security-policy", + "url": "https://github.com/ossf/scorecard/blob/43d5832d25ccc597a9b94926b6ad43da25204085/docs/checks.md#security-policy", "short": "Determines if the project has published a security policy." } }, @@ -306,7 +306,7 @@ "reason": "no releases found", "name": "Signed-Releases", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/975ee2304ef7097c94a377fe95976604b4adcf22/docs/checks.md#signed-releases", + "url": "https://github.com/ossf/scorecard/blob/43d5832d25ccc597a9b94926b6ad43da25204085/docs/checks.md#signed-releases", "short": "Determines if the project cryptographically signs release artifacts." } }, @@ -316,7 +316,7 @@ "reason": "detected GitHub workflow tokens with excessive permissions", "name": "Token-Permissions", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/975ee2304ef7097c94a377fe95976604b4adcf22/docs/checks.md#token-permissions", + "url": "https://github.com/ossf/scorecard/blob/43d5832d25ccc597a9b94926b6ad43da25204085/docs/checks.md#token-permissions", "short": "Determines if the project's workflows follow the principle of least privilege." } }, @@ -326,7 +326,7 @@ "reason": "0 existing vulnerabilities detected", "name": "Vulnerabilities", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/975ee2304ef7097c94a377fe95976604b4adcf22/docs/checks.md#vulnerabilities", + "url": "https://github.com/ossf/scorecard/blob/43d5832d25ccc597a9b94926b6ad43da25204085/docs/checks.md#vulnerabilities", "short": "Determines if the project has open, known unfixed vulnerabilities." } }