From a0c2335d1a455f90b06011865ce46c86ec340daf Mon Sep 17 00:00:00 2001 From: GitHub Actions Date: Sun, 26 Jan 2025 09:39:34 +0000 Subject: [PATCH] update DSACMS data: Sun Jan 26 09:39:34 UTC 2025 --- .../_data/DSACMS/.github/.github_data.json | 42 +++++++-------- .../DSACMS/cms-gource/cms-gource_data.json | 42 +++++++-------- .../DSACMS/dedupliFHIR/dedupliFHIR_data.json | 48 ++++++++--------- .../drive2gource/drive2gource_data.json | 42 +++++++-------- .../dsacms.github.io_data.json | 42 +++++++-------- .../income-reporting-playbook_data.json | 42 +++++++-------- .../iv-cbv-payroll/iv-cbv-payroll_data.json | 52 +++++++++---------- .../DSACMS/iv-verify/iv-verify_data.json | 50 +++++++++--------- .../_data/DSACMS/metrics/metrics_data.json | 46 ++++++++-------- .../mural-ollama/mural-ollama_data.json | 42 +++++++-------- app/site/_data/DSACMS/open/open_data.json | 44 ++++++++-------- .../opportunities/opportunities_data.json | 42 +++++++-------- .../DSACMS/ospo-guide/ospo-guide_data.json | 52 +++++++++---------- .../oss-community-runbook_data.json | 42 +++++++-------- .../repo-scaffolder/repo-scaffolder_data.json | 52 +++++++++---------- .../repodive-tools/repodive-tools_data.json | 48 ++++++++--------- .../reverse-scorecard-generation_data.json | 42 +++++++-------- 17 files changed, 385 insertions(+), 385 deletions(-) diff --git a/app/site/_data/DSACMS/.github/.github_data.json b/app/site/_data/DSACMS/.github/.github_data.json index d2e43b8eec..8c020a5ac4 100644 --- a/app/site/_data/DSACMS/.github/.github_data.json +++ b/app/site/_data/DSACMS/.github/.github_data.json @@ -140,14 +140,14 @@ }, "created_at": "2023-03-28T21:30:52Z", "ossf_scorecard": { - "date": "2025-01-19T13:18:07Z", + "date": "2025-01-26T09:37:34Z", "repo": { "name": "github.com/DSACMS/.github", "commit": "aa056d780f03df0be0d9243e393ded2d6e3d0460" }, "scorecard": { - "version": "v5.0.0-135-gd28512b6", - "commit": "d28512b65877e042871b0df77f2204c5f65fa76b" + "version": "v5.0.0-139-gc7382821", + "commit": "c73828219b19826b3ddc4ac78882bc88746aa2ec" }, "score": 4.8, "checks": [ @@ -157,7 +157,7 @@ "reason": "no binaries found in the repo", "name": "Binary-Artifacts", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/d28512b65877e042871b0df77f2204c5f65fa76b/docs/checks.md#binary-artifacts", + "url": "https://github.com/ossf/scorecard/blob/c73828219b19826b3ddc4ac78882bc88746aa2ec/docs/checks.md#binary-artifacts", "short": "Determines if the project has generated executable (binary) artifacts in the source repository." } }, @@ -167,7 +167,7 @@ "reason": "branch protection not enabled on development/release branches", "name": "Branch-Protection", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/d28512b65877e042871b0df77f2204c5f65fa76b/docs/checks.md#branch-protection", + "url": "https://github.com/ossf/scorecard/blob/c73828219b19826b3ddc4ac78882bc88746aa2ec/docs/checks.md#branch-protection", "short": "Determines if the default and release branches are protected with GitHub's branch protection settings." } }, @@ -177,7 +177,7 @@ "reason": "0 out of 5 merged PRs checked by a CI test -- score normalized to 0", "name": "CI-Tests", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/d28512b65877e042871b0df77f2204c5f65fa76b/docs/checks.md#ci-tests", + "url": "https://github.com/ossf/scorecard/blob/c73828219b19826b3ddc4ac78882bc88746aa2ec/docs/checks.md#ci-tests", "short": "Determines if the project runs tests before pull requests are merged." } }, @@ -187,7 +187,7 @@ "reason": "no effort to earn an OpenSSF best practices badge detected", "name": "CII-Best-Practices", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/d28512b65877e042871b0df77f2204c5f65fa76b/docs/checks.md#cii-best-practices", + "url": "https://github.com/ossf/scorecard/blob/c73828219b19826b3ddc4ac78882bc88746aa2ec/docs/checks.md#cii-best-practices", "short": "Determines if the project has an OpenSSF (formerly CII) Best Practices Badge." } }, @@ -197,7 +197,7 @@ "reason": "Found 5/22 approved changesets -- score normalized to 2", "name": "Code-Review", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/d28512b65877e042871b0df77f2204c5f65fa76b/docs/checks.md#code-review", + "url": "https://github.com/ossf/scorecard/blob/c73828219b19826b3ddc4ac78882bc88746aa2ec/docs/checks.md#code-review", "short": "Determines if the project requires human code review before pull requests (aka merge requests) are merged." } }, @@ -207,7 +207,7 @@ "reason": "project has 5 contributing companies or organizations", "name": "Contributors", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/d28512b65877e042871b0df77f2204c5f65fa76b/docs/checks.md#contributors", + "url": "https://github.com/ossf/scorecard/blob/c73828219b19826b3ddc4ac78882bc88746aa2ec/docs/checks.md#contributors", "short": "Determines if the project has a set of contributors from multiple organizations (e.g., companies)." } }, @@ -217,7 +217,7 @@ "reason": "internal error: internal error: invalid GitHub workflow:\n:18:0: could not parse as YAML: yaml: line 18: found character that cannot start any token [syntax-check]", "name": "Dangerous-Workflow", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/d28512b65877e042871b0df77f2204c5f65fa76b/docs/checks.md#dangerous-workflow", + "url": "https://github.com/ossf/scorecard/blob/c73828219b19826b3ddc4ac78882bc88746aa2ec/docs/checks.md#dangerous-workflow", "short": "Determines if the project's GitHub Action workflows avoid dangerous patterns." } }, @@ -227,7 +227,7 @@ "reason": "no update tool detected", "name": "Dependency-Update-Tool", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/d28512b65877e042871b0df77f2204c5f65fa76b/docs/checks.md#dependency-update-tool", + "url": "https://github.com/ossf/scorecard/blob/c73828219b19826b3ddc4ac78882bc88746aa2ec/docs/checks.md#dependency-update-tool", "short": "Determines if the project uses a dependency update tool." } }, @@ -237,7 +237,7 @@ "reason": "project is not fuzzed", "name": "Fuzzing", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/d28512b65877e042871b0df77f2204c5f65fa76b/docs/checks.md#fuzzing", + "url": "https://github.com/ossf/scorecard/blob/c73828219b19826b3ddc4ac78882bc88746aa2ec/docs/checks.md#fuzzing", "short": "Determines if the project uses fuzzing." } }, @@ -247,7 +247,7 @@ "reason": "license file detected", "name": "License", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/d28512b65877e042871b0df77f2204c5f65fa76b/docs/checks.md#license", + "url": "https://github.com/ossf/scorecard/blob/c73828219b19826b3ddc4ac78882bc88746aa2ec/docs/checks.md#license", "short": "Determines if the project has defined a license." } }, @@ -257,7 +257,7 @@ "reason": "8 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 6", "name": "Maintained", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/d28512b65877e042871b0df77f2204c5f65fa76b/docs/checks.md#maintained", + "url": "https://github.com/ossf/scorecard/blob/c73828219b19826b3ddc4ac78882bc88746aa2ec/docs/checks.md#maintained", "short": "Determines if the project is \"actively maintained\"." } }, @@ -267,7 +267,7 @@ "reason": "internal error: internal error: invalid GitHub workflow:\n:18:0: could not parse as YAML: yaml: line 18: found character that cannot start any token [syntax-check]", "name": "Packaging", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/d28512b65877e042871b0df77f2204c5f65fa76b/docs/checks.md#packaging", + "url": "https://github.com/ossf/scorecard/blob/c73828219b19826b3ddc4ac78882bc88746aa2ec/docs/checks.md#packaging", "short": "Determines if the project is published as a package that others can easily download, install, easily update, and uninstall." } }, @@ -277,7 +277,7 @@ "reason": "internal error: internal error: invalid GitHub workflow:\n:18:0: could not parse as YAML: yaml: line 18: found character that cannot start any token [syntax-check]", "name": "Pinned-Dependencies", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/d28512b65877e042871b0df77f2204c5f65fa76b/docs/checks.md#pinned-dependencies", + "url": "https://github.com/ossf/scorecard/blob/c73828219b19826b3ddc4ac78882bc88746aa2ec/docs/checks.md#pinned-dependencies", "short": "Determines if the project has declared and pinned the dependencies of its build process." } }, @@ -287,7 +287,7 @@ "reason": "internal error: internal error: invalid GitHub workflow:\n:18:0: could not parse as YAML: yaml: line 18: found character that cannot start any token [syntax-check]", "name": "SAST", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/d28512b65877e042871b0df77f2204c5f65fa76b/docs/checks.md#sast", + "url": "https://github.com/ossf/scorecard/blob/c73828219b19826b3ddc4ac78882bc88746aa2ec/docs/checks.md#sast", "short": "Determines if the project uses static code analysis." } }, @@ -297,7 +297,7 @@ "reason": "security policy file detected", "name": "Security-Policy", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/d28512b65877e042871b0df77f2204c5f65fa76b/docs/checks.md#security-policy", + "url": "https://github.com/ossf/scorecard/blob/c73828219b19826b3ddc4ac78882bc88746aa2ec/docs/checks.md#security-policy", "short": "Determines if the project has published a security policy." } }, @@ -307,7 +307,7 @@ "reason": "no releases found", "name": "Signed-Releases", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/d28512b65877e042871b0df77f2204c5f65fa76b/docs/checks.md#signed-releases", + "url": "https://github.com/ossf/scorecard/blob/c73828219b19826b3ddc4ac78882bc88746aa2ec/docs/checks.md#signed-releases", "short": "Determines if the project cryptographically signs release artifacts." } }, @@ -317,7 +317,7 @@ "reason": "internal error: internal error: invalid GitHub workflow:\n:18:0: could not parse as YAML: yaml: line 18: found character that cannot start any token [syntax-check]", "name": "Token-Permissions", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/d28512b65877e042871b0df77f2204c5f65fa76b/docs/checks.md#token-permissions", + "url": "https://github.com/ossf/scorecard/blob/c73828219b19826b3ddc4ac78882bc88746aa2ec/docs/checks.md#token-permissions", "short": "Determines if the project's workflows follow the principle of least privilege." } }, @@ -327,7 +327,7 @@ "reason": "0 existing vulnerabilities detected", "name": "Vulnerabilities", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/d28512b65877e042871b0df77f2204c5f65fa76b/docs/checks.md#vulnerabilities", + "url": "https://github.com/ossf/scorecard/blob/c73828219b19826b3ddc4ac78882bc88746aa2ec/docs/checks.md#vulnerabilities", "short": "Determines if the project has open, known unfixed vulnerabilities." } } diff --git a/app/site/_data/DSACMS/cms-gource/cms-gource_data.json b/app/site/_data/DSACMS/cms-gource/cms-gource_data.json index 5b22e2652b..bfe0b88d8f 100644 --- a/app/site/_data/DSACMS/cms-gource/cms-gource_data.json +++ b/app/site/_data/DSACMS/cms-gource/cms-gource_data.json @@ -88,14 +88,14 @@ }, "created_at": "2023-08-21T15:47:26Z", "ossf_scorecard": { - "date": "2025-01-19T13:19:43Z", + "date": "2025-01-26T09:39:30Z", "repo": { "name": "github.com/DSACMS/cms-gource", "commit": "2cc274069a65787b994d7f30e2699f9ee0363a55" }, "scorecard": { - "version": "v5.0.0-135-gd28512b6", - "commit": "d28512b65877e042871b0df77f2204c5f65fa76b" + "version": "v5.0.0-139-gc7382821", + "commit": "c73828219b19826b3ddc4ac78882bc88746aa2ec" }, "score": 3.7, "checks": [ @@ -105,7 +105,7 @@ "reason": "no binaries found in the repo", "name": "Binary-Artifacts", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/d28512b65877e042871b0df77f2204c5f65fa76b/docs/checks.md#binary-artifacts", + "url": "https://github.com/ossf/scorecard/blob/c73828219b19826b3ddc4ac78882bc88746aa2ec/docs/checks.md#binary-artifacts", "short": "Determines if the project has generated executable (binary) artifacts in the source repository." } }, @@ -115,7 +115,7 @@ "reason": "branch protection not enabled on development/release branches", "name": "Branch-Protection", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/d28512b65877e042871b0df77f2204c5f65fa76b/docs/checks.md#branch-protection", + "url": "https://github.com/ossf/scorecard/blob/c73828219b19826b3ddc4ac78882bc88746aa2ec/docs/checks.md#branch-protection", "short": "Determines if the default and release branches are protected with GitHub's branch protection settings." } }, @@ -125,7 +125,7 @@ "reason": "no pull request found", "name": "CI-Tests", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/d28512b65877e042871b0df77f2204c5f65fa76b/docs/checks.md#ci-tests", + "url": "https://github.com/ossf/scorecard/blob/c73828219b19826b3ddc4ac78882bc88746aa2ec/docs/checks.md#ci-tests", "short": "Determines if the project runs tests before pull requests are merged." } }, @@ -135,7 +135,7 @@ "reason": "no effort to earn an OpenSSF best practices badge detected", "name": "CII-Best-Practices", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/d28512b65877e042871b0df77f2204c5f65fa76b/docs/checks.md#cii-best-practices", + "url": "https://github.com/ossf/scorecard/blob/c73828219b19826b3ddc4ac78882bc88746aa2ec/docs/checks.md#cii-best-practices", "short": "Determines if the project has an OpenSSF (formerly CII) Best Practices Badge." } }, @@ -145,7 +145,7 @@ "reason": "Found 0/26 approved changesets -- score normalized to 0", "name": "Code-Review", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/d28512b65877e042871b0df77f2204c5f65fa76b/docs/checks.md#code-review", + "url": "https://github.com/ossf/scorecard/blob/c73828219b19826b3ddc4ac78882bc88746aa2ec/docs/checks.md#code-review", "short": "Determines if the project requires human code review before pull requests (aka merge requests) are merged." } }, @@ -155,7 +155,7 @@ "reason": "project has 3 contributing companies or organizations -- score normalized to 10", "name": "Contributors", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/d28512b65877e042871b0df77f2204c5f65fa76b/docs/checks.md#contributors", + "url": "https://github.com/ossf/scorecard/blob/c73828219b19826b3ddc4ac78882bc88746aa2ec/docs/checks.md#contributors", "short": "Determines if the project has a set of contributors from multiple organizations (e.g., companies)." } }, @@ -165,7 +165,7 @@ "reason": "no workflows found", "name": "Dangerous-Workflow", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/d28512b65877e042871b0df77f2204c5f65fa76b/docs/checks.md#dangerous-workflow", + "url": "https://github.com/ossf/scorecard/blob/c73828219b19826b3ddc4ac78882bc88746aa2ec/docs/checks.md#dangerous-workflow", "short": "Determines if the project's GitHub Action workflows avoid dangerous patterns." } }, @@ -175,7 +175,7 @@ "reason": "no update tool detected", "name": "Dependency-Update-Tool", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/d28512b65877e042871b0df77f2204c5f65fa76b/docs/checks.md#dependency-update-tool", + "url": "https://github.com/ossf/scorecard/blob/c73828219b19826b3ddc4ac78882bc88746aa2ec/docs/checks.md#dependency-update-tool", "short": "Determines if the project uses a dependency update tool." } }, @@ -185,7 +185,7 @@ "reason": "project is not fuzzed", "name": "Fuzzing", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/d28512b65877e042871b0df77f2204c5f65fa76b/docs/checks.md#fuzzing", + "url": "https://github.com/ossf/scorecard/blob/c73828219b19826b3ddc4ac78882bc88746aa2ec/docs/checks.md#fuzzing", "short": "Determines if the project uses fuzzing." } }, @@ -195,7 +195,7 @@ "reason": "license file detected", "name": "License", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/d28512b65877e042871b0df77f2204c5f65fa76b/docs/checks.md#license", + "url": "https://github.com/ossf/scorecard/blob/c73828219b19826b3ddc4ac78882bc88746aa2ec/docs/checks.md#license", "short": "Determines if the project has defined a license." } }, @@ -205,7 +205,7 @@ "reason": "0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0", "name": "Maintained", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/d28512b65877e042871b0df77f2204c5f65fa76b/docs/checks.md#maintained", + "url": "https://github.com/ossf/scorecard/blob/c73828219b19826b3ddc4ac78882bc88746aa2ec/docs/checks.md#maintained", "short": "Determines if the project is \"actively maintained\"." } }, @@ -215,7 +215,7 @@ "reason": "packaging workflow not detected", "name": "Packaging", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/d28512b65877e042871b0df77f2204c5f65fa76b/docs/checks.md#packaging", + "url": "https://github.com/ossf/scorecard/blob/c73828219b19826b3ddc4ac78882bc88746aa2ec/docs/checks.md#packaging", "short": "Determines if the project is published as a package that others can easily download, install, easily update, and uninstall." } }, @@ -225,7 +225,7 @@ "reason": "no dependencies found", "name": "Pinned-Dependencies", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/d28512b65877e042871b0df77f2204c5f65fa76b/docs/checks.md#pinned-dependencies", + "url": "https://github.com/ossf/scorecard/blob/c73828219b19826b3ddc4ac78882bc88746aa2ec/docs/checks.md#pinned-dependencies", "short": "Determines if the project has declared and pinned the dependencies of its build process." } }, @@ -235,7 +235,7 @@ "reason": "no SAST tool detected", "name": "SAST", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/d28512b65877e042871b0df77f2204c5f65fa76b/docs/checks.md#sast", + "url": "https://github.com/ossf/scorecard/blob/c73828219b19826b3ddc4ac78882bc88746aa2ec/docs/checks.md#sast", "short": "Determines if the project uses static code analysis." } }, @@ -245,7 +245,7 @@ "reason": "security policy file detected", "name": "Security-Policy", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/d28512b65877e042871b0df77f2204c5f65fa76b/docs/checks.md#security-policy", + "url": "https://github.com/ossf/scorecard/blob/c73828219b19826b3ddc4ac78882bc88746aa2ec/docs/checks.md#security-policy", "short": "Determines if the project has published a security policy." } }, @@ -255,7 +255,7 @@ "reason": "no releases found", "name": "Signed-Releases", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/d28512b65877e042871b0df77f2204c5f65fa76b/docs/checks.md#signed-releases", + "url": "https://github.com/ossf/scorecard/blob/c73828219b19826b3ddc4ac78882bc88746aa2ec/docs/checks.md#signed-releases", "short": "Determines if the project cryptographically signs release artifacts." } }, @@ -265,7 +265,7 @@ "reason": "No tokens found", "name": "Token-Permissions", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/d28512b65877e042871b0df77f2204c5f65fa76b/docs/checks.md#token-permissions", + "url": "https://github.com/ossf/scorecard/blob/c73828219b19826b3ddc4ac78882bc88746aa2ec/docs/checks.md#token-permissions", "short": "Determines if the project's workflows follow the principle of least privilege." } }, @@ -275,7 +275,7 @@ "reason": "0 existing vulnerabilities detected", "name": "Vulnerabilities", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/d28512b65877e042871b0df77f2204c5f65fa76b/docs/checks.md#vulnerabilities", + "url": "https://github.com/ossf/scorecard/blob/c73828219b19826b3ddc4ac78882bc88746aa2ec/docs/checks.md#vulnerabilities", "short": "Determines if the project has open, known unfixed vulnerabilities." } } diff --git a/app/site/_data/DSACMS/dedupliFHIR/dedupliFHIR_data.json b/app/site/_data/DSACMS/dedupliFHIR/dedupliFHIR_data.json index 8cbc5090a0..b87e55637b 100644 --- a/app/site/_data/DSACMS/dedupliFHIR/dedupliFHIR_data.json +++ b/app/site/_data/DSACMS/dedupliFHIR/dedupliFHIR_data.json @@ -284,14 +284,14 @@ }, "created_at": "2023-06-22T17:08:19Z", "ossf_scorecard": { - "date": "2025-01-19T13:18:41Z", + "date": "2025-01-26T09:38:12Z", "repo": { "name": "github.com/DSACMS/dedupliFHIR", "commit": "64fad3a0af903b94e651179f0fe0e413ab381725" }, "scorecard": { - "version": "v5.0.0-135-gd28512b6", - "commit": "d28512b65877e042871b0df77f2204c5f65fa76b" + "version": "v5.0.0-139-gc7382821", + "commit": "c73828219b19826b3ddc4ac78882bc88746aa2ec" }, "score": 5.8, "checks": [ @@ -301,7 +301,7 @@ "reason": "no binaries found in the repo", "name": "Binary-Artifacts", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/d28512b65877e042871b0df77f2204c5f65fa76b/docs/checks.md#binary-artifacts", + "url": "https://github.com/ossf/scorecard/blob/c73828219b19826b3ddc4ac78882bc88746aa2ec/docs/checks.md#binary-artifacts", "short": "Determines if the project has generated executable (binary) artifacts in the source repository." } }, @@ -311,7 +311,7 @@ "reason": "branch protection is not maximal on development and all release branches", "name": "Branch-Protection", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/d28512b65877e042871b0df77f2204c5f65fa76b/docs/checks.md#branch-protection", + "url": "https://github.com/ossf/scorecard/blob/c73828219b19826b3ddc4ac78882bc88746aa2ec/docs/checks.md#branch-protection", "short": "Determines if the default and release branches are protected with GitHub's branch protection settings." } }, @@ -321,7 +321,7 @@ "reason": "5 out of 9 merged PRs checked by a CI test -- score normalized to 5", "name": "CI-Tests", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/d28512b65877e042871b0df77f2204c5f65fa76b/docs/checks.md#ci-tests", + "url": "https://github.com/ossf/scorecard/blob/c73828219b19826b3ddc4ac78882bc88746aa2ec/docs/checks.md#ci-tests", "short": "Determines if the project runs tests before pull requests are merged." } }, @@ -331,7 +331,7 @@ "reason": "no effort to earn an OpenSSF best practices badge detected", "name": "CII-Best-Practices", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/d28512b65877e042871b0df77f2204c5f65fa76b/docs/checks.md#cii-best-practices", + "url": "https://github.com/ossf/scorecard/blob/c73828219b19826b3ddc4ac78882bc88746aa2ec/docs/checks.md#cii-best-practices", "short": "Determines if the project has an OpenSSF (formerly CII) Best Practices Badge." } }, @@ -341,7 +341,7 @@ "reason": "Found 1/4 approved changesets -- score normalized to 2", "name": "Code-Review", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/d28512b65877e042871b0df77f2204c5f65fa76b/docs/checks.md#code-review", + "url": "https://github.com/ossf/scorecard/blob/c73828219b19826b3ddc4ac78882bc88746aa2ec/docs/checks.md#code-review", "short": "Determines if the project requires human code review before pull requests (aka merge requests) are merged." } }, @@ -351,7 +351,7 @@ "reason": "project has 4 contributing companies or organizations", "name": "Contributors", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/d28512b65877e042871b0df77f2204c5f65fa76b/docs/checks.md#contributors", + "url": "https://github.com/ossf/scorecard/blob/c73828219b19826b3ddc4ac78882bc88746aa2ec/docs/checks.md#contributors", "short": "Determines if the project has a set of contributors from multiple organizations (e.g., companies)." } }, @@ -361,7 +361,7 @@ "reason": "no dangerous workflow patterns detected", "name": "Dangerous-Workflow", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/d28512b65877e042871b0df77f2204c5f65fa76b/docs/checks.md#dangerous-workflow", + "url": "https://github.com/ossf/scorecard/blob/c73828219b19826b3ddc4ac78882bc88746aa2ec/docs/checks.md#dangerous-workflow", "short": "Determines if the project's GitHub Action workflows avoid dangerous patterns." } }, @@ -371,7 +371,7 @@ "reason": "update tool detected", "name": "Dependency-Update-Tool", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/d28512b65877e042871b0df77f2204c5f65fa76b/docs/checks.md#dependency-update-tool", + "url": "https://github.com/ossf/scorecard/blob/c73828219b19826b3ddc4ac78882bc88746aa2ec/docs/checks.md#dependency-update-tool", "short": "Determines if the project uses a dependency update tool." } }, @@ -381,7 +381,7 @@ "reason": "project is not fuzzed", "name": "Fuzzing", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/d28512b65877e042871b0df77f2204c5f65fa76b/docs/checks.md#fuzzing", + "url": "https://github.com/ossf/scorecard/blob/c73828219b19826b3ddc4ac78882bc88746aa2ec/docs/checks.md#fuzzing", "short": "Determines if the project uses fuzzing." } }, @@ -391,17 +391,17 @@ "reason": "license file detected", "name": "License", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/d28512b65877e042871b0df77f2204c5f65fa76b/docs/checks.md#license", + "url": "https://github.com/ossf/scorecard/blob/c73828219b19826b3ddc4ac78882bc88746aa2ec/docs/checks.md#license", "short": "Determines if the project has defined a license." } }, { "details": null, "score": 10, - "reason": "27 commit(s) and 1 issue activity found in the last 90 days -- score normalized to 10", + "reason": "26 commit(s) and 1 issue activity found in the last 90 days -- score normalized to 10", "name": "Maintained", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/d28512b65877e042871b0df77f2204c5f65fa76b/docs/checks.md#maintained", + "url": "https://github.com/ossf/scorecard/blob/c73828219b19826b3ddc4ac78882bc88746aa2ec/docs/checks.md#maintained", "short": "Determines if the project is \"actively maintained\"." } }, @@ -411,7 +411,7 @@ "reason": "packaging workflow not detected", "name": "Packaging", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/d28512b65877e042871b0df77f2204c5f65fa76b/docs/checks.md#packaging", + "url": "https://github.com/ossf/scorecard/blob/c73828219b19826b3ddc4ac78882bc88746aa2ec/docs/checks.md#packaging", "short": "Determines if the project is published as a package that others can easily download, install, easily update, and uninstall." } }, @@ -421,7 +421,7 @@ "reason": "dependency not pinned by hash detected -- score normalized to 1", "name": "Pinned-Dependencies", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/d28512b65877e042871b0df77f2204c5f65fa76b/docs/checks.md#pinned-dependencies", + "url": "https://github.com/ossf/scorecard/blob/c73828219b19826b3ddc4ac78882bc88746aa2ec/docs/checks.md#pinned-dependencies", "short": "Determines if the project has declared and pinned the dependencies of its build process." } }, @@ -431,7 +431,7 @@ "reason": "SAST tool is run on all commits", "name": "SAST", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/d28512b65877e042871b0df77f2204c5f65fa76b/docs/checks.md#sast", + "url": "https://github.com/ossf/scorecard/blob/c73828219b19826b3ddc4ac78882bc88746aa2ec/docs/checks.md#sast", "short": "Determines if the project uses static code analysis." } }, @@ -441,7 +441,7 @@ "reason": "security policy file detected", "name": "Security-Policy", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/d28512b65877e042871b0df77f2204c5f65fa76b/docs/checks.md#security-policy", + "url": "https://github.com/ossf/scorecard/blob/c73828219b19826b3ddc4ac78882bc88746aa2ec/docs/checks.md#security-policy", "short": "Determines if the project has published a security policy." } }, @@ -451,7 +451,7 @@ "reason": "Project has not signed or included provenance with any releases.", "name": "Signed-Releases", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/d28512b65877e042871b0df77f2204c5f65fa76b/docs/checks.md#signed-releases", + "url": "https://github.com/ossf/scorecard/blob/c73828219b19826b3ddc4ac78882bc88746aa2ec/docs/checks.md#signed-releases", "short": "Determines if the project cryptographically signs release artifacts." } }, @@ -461,17 +461,17 @@ "reason": "detected GitHub workflow tokens with excessive permissions", "name": "Token-Permissions", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/d28512b65877e042871b0df77f2204c5f65fa76b/docs/checks.md#token-permissions", + "url": "https://github.com/ossf/scorecard/blob/c73828219b19826b3ddc4ac78882bc88746aa2ec/docs/checks.md#token-permissions", "short": "Determines if the project's workflows follow the principle of least privilege." } }, { "details": null, - "score": 6, - "reason": "4 existing vulnerabilities detected", + "score": 5, + "reason": "5 existing vulnerabilities detected", "name": "Vulnerabilities", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/d28512b65877e042871b0df77f2204c5f65fa76b/docs/checks.md#vulnerabilities", + "url": "https://github.com/ossf/scorecard/blob/c73828219b19826b3ddc4ac78882bc88746aa2ec/docs/checks.md#vulnerabilities", "short": "Determines if the project has open, known unfixed vulnerabilities." } } diff --git a/app/site/_data/DSACMS/drive2gource/drive2gource_data.json b/app/site/_data/DSACMS/drive2gource/drive2gource_data.json index 3c7bc5d347..b55796b72d 100644 --- a/app/site/_data/DSACMS/drive2gource/drive2gource_data.json +++ b/app/site/_data/DSACMS/drive2gource/drive2gource_data.json @@ -88,14 +88,14 @@ }, "created_at": "2023-07-26T17:35:04Z", "ossf_scorecard": { - "date": "2025-01-19T13:18:53Z", + "date": "2025-01-26T09:38:29Z", "repo": { "name": "github.com/DSACMS/drive2gource", "commit": "c5b9049b2407b7c1d9adaac6ea4000a3085c9e32" }, "scorecard": { - "version": "v5.0.0-135-gd28512b6", - "commit": "d28512b65877e042871b0df77f2204c5f65fa76b" + "version": "v5.0.0-139-gc7382821", + "commit": "c73828219b19826b3ddc4ac78882bc88746aa2ec" }, "score": 3.4, "checks": [ @@ -105,7 +105,7 @@ "reason": "no binaries found in the repo", "name": "Binary-Artifacts", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/d28512b65877e042871b0df77f2204c5f65fa76b/docs/checks.md#binary-artifacts", + "url": "https://github.com/ossf/scorecard/blob/c73828219b19826b3ddc4ac78882bc88746aa2ec/docs/checks.md#binary-artifacts", "short": "Determines if the project has generated executable (binary) artifacts in the source repository." } }, @@ -115,7 +115,7 @@ "reason": "branch protection not enabled on development/release branches", "name": "Branch-Protection", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/d28512b65877e042871b0df77f2204c5f65fa76b/docs/checks.md#branch-protection", + "url": "https://github.com/ossf/scorecard/blob/c73828219b19826b3ddc4ac78882bc88746aa2ec/docs/checks.md#branch-protection", "short": "Determines if the default and release branches are protected with GitHub's branch protection settings." } }, @@ -125,7 +125,7 @@ "reason": "no pull request found", "name": "CI-Tests", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/d28512b65877e042871b0df77f2204c5f65fa76b/docs/checks.md#ci-tests", + "url": "https://github.com/ossf/scorecard/blob/c73828219b19826b3ddc4ac78882bc88746aa2ec/docs/checks.md#ci-tests", "short": "Determines if the project runs tests before pull requests are merged." } }, @@ -135,7 +135,7 @@ "reason": "no effort to earn an OpenSSF best practices badge detected", "name": "CII-Best-Practices", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/d28512b65877e042871b0df77f2204c5f65fa76b/docs/checks.md#cii-best-practices", + "url": "https://github.com/ossf/scorecard/blob/c73828219b19826b3ddc4ac78882bc88746aa2ec/docs/checks.md#cii-best-practices", "short": "Determines if the project has an OpenSSF (formerly CII) Best Practices Badge." } }, @@ -145,7 +145,7 @@ "reason": "Found 0/5 approved changesets -- score normalized to 0", "name": "Code-Review", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/d28512b65877e042871b0df77f2204c5f65fa76b/docs/checks.md#code-review", + "url": "https://github.com/ossf/scorecard/blob/c73828219b19826b3ddc4ac78882bc88746aa2ec/docs/checks.md#code-review", "short": "Determines if the project requires human code review before pull requests (aka merge requests) are merged." } }, @@ -155,7 +155,7 @@ "reason": "project has 1 contributing companies or organizations -- score normalized to 3", "name": "Contributors", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/d28512b65877e042871b0df77f2204c5f65fa76b/docs/checks.md#contributors", + "url": "https://github.com/ossf/scorecard/blob/c73828219b19826b3ddc4ac78882bc88746aa2ec/docs/checks.md#contributors", "short": "Determines if the project has a set of contributors from multiple organizations (e.g., companies)." } }, @@ -165,7 +165,7 @@ "reason": "no workflows found", "name": "Dangerous-Workflow", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/d28512b65877e042871b0df77f2204c5f65fa76b/docs/checks.md#dangerous-workflow", + "url": "https://github.com/ossf/scorecard/blob/c73828219b19826b3ddc4ac78882bc88746aa2ec/docs/checks.md#dangerous-workflow", "short": "Determines if the project's GitHub Action workflows avoid dangerous patterns." } }, @@ -175,7 +175,7 @@ "reason": "no update tool detected", "name": "Dependency-Update-Tool", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/d28512b65877e042871b0df77f2204c5f65fa76b/docs/checks.md#dependency-update-tool", + "url": "https://github.com/ossf/scorecard/blob/c73828219b19826b3ddc4ac78882bc88746aa2ec/docs/checks.md#dependency-update-tool", "short": "Determines if the project uses a dependency update tool." } }, @@ -185,7 +185,7 @@ "reason": "project is not fuzzed", "name": "Fuzzing", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/d28512b65877e042871b0df77f2204c5f65fa76b/docs/checks.md#fuzzing", + "url": "https://github.com/ossf/scorecard/blob/c73828219b19826b3ddc4ac78882bc88746aa2ec/docs/checks.md#fuzzing", "short": "Determines if the project uses fuzzing." } }, @@ -195,7 +195,7 @@ "reason": "license file detected", "name": "License", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/d28512b65877e042871b0df77f2204c5f65fa76b/docs/checks.md#license", + "url": "https://github.com/ossf/scorecard/blob/c73828219b19826b3ddc4ac78882bc88746aa2ec/docs/checks.md#license", "short": "Determines if the project has defined a license." } }, @@ -205,7 +205,7 @@ "reason": "project is archived", "name": "Maintained", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/d28512b65877e042871b0df77f2204c5f65fa76b/docs/checks.md#maintained", + "url": "https://github.com/ossf/scorecard/blob/c73828219b19826b3ddc4ac78882bc88746aa2ec/docs/checks.md#maintained", "short": "Determines if the project is \"actively maintained\"." } }, @@ -215,7 +215,7 @@ "reason": "packaging workflow not detected", "name": "Packaging", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/d28512b65877e042871b0df77f2204c5f65fa76b/docs/checks.md#packaging", + "url": "https://github.com/ossf/scorecard/blob/c73828219b19826b3ddc4ac78882bc88746aa2ec/docs/checks.md#packaging", "short": "Determines if the project is published as a package that others can easily download, install, easily update, and uninstall." } }, @@ -225,7 +225,7 @@ "reason": "no dependencies found", "name": "Pinned-Dependencies", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/d28512b65877e042871b0df77f2204c5f65fa76b/docs/checks.md#pinned-dependencies", + "url": "https://github.com/ossf/scorecard/blob/c73828219b19826b3ddc4ac78882bc88746aa2ec/docs/checks.md#pinned-dependencies", "short": "Determines if the project has declared and pinned the dependencies of its build process." } }, @@ -235,7 +235,7 @@ "reason": "no SAST tool detected", "name": "SAST", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/d28512b65877e042871b0df77f2204c5f65fa76b/docs/checks.md#sast", + "url": "https://github.com/ossf/scorecard/blob/c73828219b19826b3ddc4ac78882bc88746aa2ec/docs/checks.md#sast", "short": "Determines if the project uses static code analysis." } }, @@ -245,7 +245,7 @@ "reason": "security policy file detected", "name": "Security-Policy", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/d28512b65877e042871b0df77f2204c5f65fa76b/docs/checks.md#security-policy", + "url": "https://github.com/ossf/scorecard/blob/c73828219b19826b3ddc4ac78882bc88746aa2ec/docs/checks.md#security-policy", "short": "Determines if the project has published a security policy." } }, @@ -255,7 +255,7 @@ "reason": "no releases found", "name": "Signed-Releases", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/d28512b65877e042871b0df77f2204c5f65fa76b/docs/checks.md#signed-releases", + "url": "https://github.com/ossf/scorecard/blob/c73828219b19826b3ddc4ac78882bc88746aa2ec/docs/checks.md#signed-releases", "short": "Determines if the project cryptographically signs release artifacts." } }, @@ -265,7 +265,7 @@ "reason": "No tokens found", "name": "Token-Permissions", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/d28512b65877e042871b0df77f2204c5f65fa76b/docs/checks.md#token-permissions", + "url": "https://github.com/ossf/scorecard/blob/c73828219b19826b3ddc4ac78882bc88746aa2ec/docs/checks.md#token-permissions", "short": "Determines if the project's workflows follow the principle of least privilege." } }, @@ -275,7 +275,7 @@ "reason": "0 existing vulnerabilities detected", "name": "Vulnerabilities", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/d28512b65877e042871b0df77f2204c5f65fa76b/docs/checks.md#vulnerabilities", + "url": "https://github.com/ossf/scorecard/blob/c73828219b19826b3ddc4ac78882bc88746aa2ec/docs/checks.md#vulnerabilities", "short": "Determines if the project has open, known unfixed vulnerabilities." } } diff --git a/app/site/_data/DSACMS/dsacms.github.io/dsacms.github.io_data.json b/app/site/_data/DSACMS/dsacms.github.io/dsacms.github.io_data.json index 6170d1f498..855711a1b5 100644 --- a/app/site/_data/DSACMS/dsacms.github.io/dsacms.github.io_data.json +++ b/app/site/_data/DSACMS/dsacms.github.io/dsacms.github.io_data.json @@ -99,14 +99,14 @@ }, "created_at": "2023-06-06T17:27:47Z", "ossf_scorecard": { - "date": "2025-01-19T13:18:18Z", + "date": "2025-01-26T09:37:45Z", "repo": { "name": "github.com/DSACMS/dsacms.github.io", "commit": "5fbd2e8ade8d7c791e77df436a630c04614f0525" }, "scorecard": { - "version": "v5.0.0-135-gd28512b6", - "commit": "d28512b65877e042871b0df77f2204c5f65fa76b" + "version": "v5.0.0-139-gc7382821", + "commit": "c73828219b19826b3ddc4ac78882bc88746aa2ec" }, "score": 3.4, "checks": [ @@ -116,7 +116,7 @@ "reason": "no binaries found in the repo", "name": "Binary-Artifacts", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/d28512b65877e042871b0df77f2204c5f65fa76b/docs/checks.md#binary-artifacts", + "url": "https://github.com/ossf/scorecard/blob/c73828219b19826b3ddc4ac78882bc88746aa2ec/docs/checks.md#binary-artifacts", "short": "Determines if the project has generated executable (binary) artifacts in the source repository." } }, @@ -126,7 +126,7 @@ "reason": "branch protection not enabled on development/release branches", "name": "Branch-Protection", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/d28512b65877e042871b0df77f2204c5f65fa76b/docs/checks.md#branch-protection", + "url": "https://github.com/ossf/scorecard/blob/c73828219b19826b3ddc4ac78882bc88746aa2ec/docs/checks.md#branch-protection", "short": "Determines if the default and release branches are protected with GitHub's branch protection settings." } }, @@ -136,7 +136,7 @@ "reason": "no pull request found", "name": "CI-Tests", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/d28512b65877e042871b0df77f2204c5f65fa76b/docs/checks.md#ci-tests", + "url": "https://github.com/ossf/scorecard/blob/c73828219b19826b3ddc4ac78882bc88746aa2ec/docs/checks.md#ci-tests", "short": "Determines if the project runs tests before pull requests are merged." } }, @@ -146,7 +146,7 @@ "reason": "no effort to earn an OpenSSF best practices badge detected", "name": "CII-Best-Practices", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/d28512b65877e042871b0df77f2204c5f65fa76b/docs/checks.md#cii-best-practices", + "url": "https://github.com/ossf/scorecard/blob/c73828219b19826b3ddc4ac78882bc88746aa2ec/docs/checks.md#cii-best-practices", "short": "Determines if the project has an OpenSSF (formerly CII) Best Practices Badge." } }, @@ -156,7 +156,7 @@ "reason": "Found 0/5 approved changesets -- score normalized to 0", "name": "Code-Review", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/d28512b65877e042871b0df77f2204c5f65fa76b/docs/checks.md#code-review", + "url": "https://github.com/ossf/scorecard/blob/c73828219b19826b3ddc4ac78882bc88746aa2ec/docs/checks.md#code-review", "short": "Determines if the project requires human code review before pull requests (aka merge requests) are merged." } }, @@ -166,7 +166,7 @@ "reason": "project has 0 contributing companies or organizations -- score normalized to 0", "name": "Contributors", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/d28512b65877e042871b0df77f2204c5f65fa76b/docs/checks.md#contributors", + "url": "https://github.com/ossf/scorecard/blob/c73828219b19826b3ddc4ac78882bc88746aa2ec/docs/checks.md#contributors", "short": "Determines if the project has a set of contributors from multiple organizations (e.g., companies)." } }, @@ -176,7 +176,7 @@ "reason": "no workflows found", "name": "Dangerous-Workflow", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/d28512b65877e042871b0df77f2204c5f65fa76b/docs/checks.md#dangerous-workflow", + "url": "https://github.com/ossf/scorecard/blob/c73828219b19826b3ddc4ac78882bc88746aa2ec/docs/checks.md#dangerous-workflow", "short": "Determines if the project's GitHub Action workflows avoid dangerous patterns." } }, @@ -186,7 +186,7 @@ "reason": "no update tool detected", "name": "Dependency-Update-Tool", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/d28512b65877e042871b0df77f2204c5f65fa76b/docs/checks.md#dependency-update-tool", + "url": "https://github.com/ossf/scorecard/blob/c73828219b19826b3ddc4ac78882bc88746aa2ec/docs/checks.md#dependency-update-tool", "short": "Determines if the project uses a dependency update tool." } }, @@ -196,7 +196,7 @@ "reason": "project is not fuzzed", "name": "Fuzzing", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/d28512b65877e042871b0df77f2204c5f65fa76b/docs/checks.md#fuzzing", + "url": "https://github.com/ossf/scorecard/blob/c73828219b19826b3ddc4ac78882bc88746aa2ec/docs/checks.md#fuzzing", "short": "Determines if the project uses fuzzing." } }, @@ -206,7 +206,7 @@ "reason": "license file detected", "name": "License", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/d28512b65877e042871b0df77f2204c5f65fa76b/docs/checks.md#license", + "url": "https://github.com/ossf/scorecard/blob/c73828219b19826b3ddc4ac78882bc88746aa2ec/docs/checks.md#license", "short": "Determines if the project has defined a license." } }, @@ -216,7 +216,7 @@ "reason": "2 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 1", "name": "Maintained", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/d28512b65877e042871b0df77f2204c5f65fa76b/docs/checks.md#maintained", + "url": "https://github.com/ossf/scorecard/blob/c73828219b19826b3ddc4ac78882bc88746aa2ec/docs/checks.md#maintained", "short": "Determines if the project is \"actively maintained\"." } }, @@ -226,7 +226,7 @@ "reason": "packaging workflow not detected", "name": "Packaging", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/d28512b65877e042871b0df77f2204c5f65fa76b/docs/checks.md#packaging", + "url": "https://github.com/ossf/scorecard/blob/c73828219b19826b3ddc4ac78882bc88746aa2ec/docs/checks.md#packaging", "short": "Determines if the project is published as a package that others can easily download, install, easily update, and uninstall." } }, @@ -236,7 +236,7 @@ "reason": "no dependencies found", "name": "Pinned-Dependencies", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/d28512b65877e042871b0df77f2204c5f65fa76b/docs/checks.md#pinned-dependencies", + "url": "https://github.com/ossf/scorecard/blob/c73828219b19826b3ddc4ac78882bc88746aa2ec/docs/checks.md#pinned-dependencies", "short": "Determines if the project has declared and pinned the dependencies of its build process." } }, @@ -246,7 +246,7 @@ "reason": "no SAST tool detected", "name": "SAST", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/d28512b65877e042871b0df77f2204c5f65fa76b/docs/checks.md#sast", + "url": "https://github.com/ossf/scorecard/blob/c73828219b19826b3ddc4ac78882bc88746aa2ec/docs/checks.md#sast", "short": "Determines if the project uses static code analysis." } }, @@ -256,7 +256,7 @@ "reason": "security policy file detected", "name": "Security-Policy", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/d28512b65877e042871b0df77f2204c5f65fa76b/docs/checks.md#security-policy", + "url": "https://github.com/ossf/scorecard/blob/c73828219b19826b3ddc4ac78882bc88746aa2ec/docs/checks.md#security-policy", "short": "Determines if the project has published a security policy." } }, @@ -266,7 +266,7 @@ "reason": "no releases found", "name": "Signed-Releases", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/d28512b65877e042871b0df77f2204c5f65fa76b/docs/checks.md#signed-releases", + "url": "https://github.com/ossf/scorecard/blob/c73828219b19826b3ddc4ac78882bc88746aa2ec/docs/checks.md#signed-releases", "short": "Determines if the project cryptographically signs release artifacts." } }, @@ -276,7 +276,7 @@ "reason": "No tokens found", "name": "Token-Permissions", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/d28512b65877e042871b0df77f2204c5f65fa76b/docs/checks.md#token-permissions", + "url": "https://github.com/ossf/scorecard/blob/c73828219b19826b3ddc4ac78882bc88746aa2ec/docs/checks.md#token-permissions", "short": "Determines if the project's workflows follow the principle of least privilege." } }, @@ -286,7 +286,7 @@ "reason": "0 existing vulnerabilities detected", "name": "Vulnerabilities", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/d28512b65877e042871b0df77f2204c5f65fa76b/docs/checks.md#vulnerabilities", + "url": "https://github.com/ossf/scorecard/blob/c73828219b19826b3ddc4ac78882bc88746aa2ec/docs/checks.md#vulnerabilities", "short": "Determines if the project has open, known unfixed vulnerabilities." } } diff --git a/app/site/_data/DSACMS/income-reporting-playbook/income-reporting-playbook_data.json b/app/site/_data/DSACMS/income-reporting-playbook/income-reporting-playbook_data.json index 27293b6514..abb54a4e56 100644 --- a/app/site/_data/DSACMS/income-reporting-playbook/income-reporting-playbook_data.json +++ b/app/site/_data/DSACMS/income-reporting-playbook/income-reporting-playbook_data.json @@ -158,14 +158,14 @@ "dryness_table": "───────────────────────────────────────────────────────────────────────────────\nLanguage Files Lines Blanks Comments Code Complexity\n───────────────────────────────────────────────────────────────────────────────\nHTML 3 385 70 0 315 0\n(ULOC) 221\n-------------------------------------------------------------------------------\nMarkdown 2 97 31 0 66 0\n(ULOC) 60\n-------------------------------------------------------------------------------\nGemfile 1 10 2 2 6 0\n(ULOC) 9\n-------------------------------------------------------------------------------\nJavaScript 1 24 3 1 20 4\n(ULOC) 21\n-------------------------------------------------------------------------------\nLicense 1 121 12 0 109 0\n(ULOC) 110\n-------------------------------------------------------------------------------\nMakefile 1 9 1 0 8 0\n(ULOC) 9\n-------------------------------------------------------------------------------\nSass 1 186 26 5 155 0\n(ULOC) 110\n-------------------------------------------------------------------------------\nYAML 1 6 0 0 6 0\n(ULOC) 7\n───────────────────────────────────────────────────────────────────────────────\nTotal 11 838 145 8 685 4\n───────────────────────────────────────────────────────────────────────────────\nUnique Lines of Code (ULOC) 539\nDRYness % 0.64\n───────────────────────────────────────────────────────────────────────────────\nEstimated Cost to Develop (organic) $18,158\nEstimated Schedule Effort (organic) 3.00 months\nEstimated People Required (organic) 0.54\n───────────────────────────────────────────────────────────────────────────────\nProcessed 44873 bytes, 0.045 megabytes (SI)\n───────────────────────────────────────────────────────────────────────────────\n" }, "ossf_scorecard": { - "date": "2025-01-19T13:19:23Z", + "date": "2025-01-26T09:39:06Z", "repo": { "name": "github.com/DSACMS/income-reporting-playbook", "commit": "c3b3b541bb500cfbbdc3a8dab8ec25d490533302" }, "scorecard": { - "version": "v5.0.0-135-gd28512b6", - "commit": "d28512b65877e042871b0df77f2204c5f65fa76b" + "version": "v5.0.0-139-gc7382821", + "commit": "c73828219b19826b3ddc4ac78882bc88746aa2ec" }, "score": 2.8, "checks": [ @@ -175,7 +175,7 @@ "reason": "no binaries found in the repo", "name": "Binary-Artifacts", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/d28512b65877e042871b0df77f2204c5f65fa76b/docs/checks.md#binary-artifacts", + "url": "https://github.com/ossf/scorecard/blob/c73828219b19826b3ddc4ac78882bc88746aa2ec/docs/checks.md#binary-artifacts", "short": "Determines if the project has generated executable (binary) artifacts in the source repository." } }, @@ -185,7 +185,7 @@ "reason": "branch protection not enabled on development/release branches", "name": "Branch-Protection", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/d28512b65877e042871b0df77f2204c5f65fa76b/docs/checks.md#branch-protection", + "url": "https://github.com/ossf/scorecard/blob/c73828219b19826b3ddc4ac78882bc88746aa2ec/docs/checks.md#branch-protection", "short": "Determines if the default and release branches are protected with GitHub's branch protection settings." } }, @@ -195,7 +195,7 @@ "reason": "0 out of 4 merged PRs checked by a CI test -- score normalized to 0", "name": "CI-Tests", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/d28512b65877e042871b0df77f2204c5f65fa76b/docs/checks.md#ci-tests", + "url": "https://github.com/ossf/scorecard/blob/c73828219b19826b3ddc4ac78882bc88746aa2ec/docs/checks.md#ci-tests", "short": "Determines if the project runs tests before pull requests are merged." } }, @@ -205,7 +205,7 @@ "reason": "no effort to earn an OpenSSF best practices badge detected", "name": "CII-Best-Practices", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/d28512b65877e042871b0df77f2204c5f65fa76b/docs/checks.md#cii-best-practices", + "url": "https://github.com/ossf/scorecard/blob/c73828219b19826b3ddc4ac78882bc88746aa2ec/docs/checks.md#cii-best-practices", "short": "Determines if the project has an OpenSSF (formerly CII) Best Practices Badge." } }, @@ -215,7 +215,7 @@ "reason": "Found 3/7 approved changesets -- score normalized to 4", "name": "Code-Review", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/d28512b65877e042871b0df77f2204c5f65fa76b/docs/checks.md#code-review", + "url": "https://github.com/ossf/scorecard/blob/c73828219b19826b3ddc4ac78882bc88746aa2ec/docs/checks.md#code-review", "short": "Determines if the project requires human code review before pull requests (aka merge requests) are merged." } }, @@ -225,7 +225,7 @@ "reason": "project has 0 contributing companies or organizations -- score normalized to 0", "name": "Contributors", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/d28512b65877e042871b0df77f2204c5f65fa76b/docs/checks.md#contributors", + "url": "https://github.com/ossf/scorecard/blob/c73828219b19826b3ddc4ac78882bc88746aa2ec/docs/checks.md#contributors", "short": "Determines if the project has a set of contributors from multiple organizations (e.g., companies)." } }, @@ -235,7 +235,7 @@ "reason": "no workflows found", "name": "Dangerous-Workflow", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/d28512b65877e042871b0df77f2204c5f65fa76b/docs/checks.md#dangerous-workflow", + "url": "https://github.com/ossf/scorecard/blob/c73828219b19826b3ddc4ac78882bc88746aa2ec/docs/checks.md#dangerous-workflow", "short": "Determines if the project's GitHub Action workflows avoid dangerous patterns." } }, @@ -245,7 +245,7 @@ "reason": "no update tool detected", "name": "Dependency-Update-Tool", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/d28512b65877e042871b0df77f2204c5f65fa76b/docs/checks.md#dependency-update-tool", + "url": "https://github.com/ossf/scorecard/blob/c73828219b19826b3ddc4ac78882bc88746aa2ec/docs/checks.md#dependency-update-tool", "short": "Determines if the project uses a dependency update tool." } }, @@ -255,7 +255,7 @@ "reason": "project is not fuzzed", "name": "Fuzzing", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/d28512b65877e042871b0df77f2204c5f65fa76b/docs/checks.md#fuzzing", + "url": "https://github.com/ossf/scorecard/blob/c73828219b19826b3ddc4ac78882bc88746aa2ec/docs/checks.md#fuzzing", "short": "Determines if the project uses fuzzing." } }, @@ -265,7 +265,7 @@ "reason": "license file detected", "name": "License", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/d28512b65877e042871b0df77f2204c5f65fa76b/docs/checks.md#license", + "url": "https://github.com/ossf/scorecard/blob/c73828219b19826b3ddc4ac78882bc88746aa2ec/docs/checks.md#license", "short": "Determines if the project has defined a license." } }, @@ -275,7 +275,7 @@ "reason": "0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0", "name": "Maintained", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/d28512b65877e042871b0df77f2204c5f65fa76b/docs/checks.md#maintained", + "url": "https://github.com/ossf/scorecard/blob/c73828219b19826b3ddc4ac78882bc88746aa2ec/docs/checks.md#maintained", "short": "Determines if the project is \"actively maintained\"." } }, @@ -285,7 +285,7 @@ "reason": "packaging workflow not detected", "name": "Packaging", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/d28512b65877e042871b0df77f2204c5f65fa76b/docs/checks.md#packaging", + "url": "https://github.com/ossf/scorecard/blob/c73828219b19826b3ddc4ac78882bc88746aa2ec/docs/checks.md#packaging", "short": "Determines if the project is published as a package that others can easily download, install, easily update, and uninstall." } }, @@ -295,7 +295,7 @@ "reason": "no dependencies found", "name": "Pinned-Dependencies", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/d28512b65877e042871b0df77f2204c5f65fa76b/docs/checks.md#pinned-dependencies", + "url": "https://github.com/ossf/scorecard/blob/c73828219b19826b3ddc4ac78882bc88746aa2ec/docs/checks.md#pinned-dependencies", "short": "Determines if the project has declared and pinned the dependencies of its build process." } }, @@ -305,7 +305,7 @@ "reason": "SAST tool is not run on all commits -- score normalized to 0", "name": "SAST", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/d28512b65877e042871b0df77f2204c5f65fa76b/docs/checks.md#sast", + "url": "https://github.com/ossf/scorecard/blob/c73828219b19826b3ddc4ac78882bc88746aa2ec/docs/checks.md#sast", "short": "Determines if the project uses static code analysis." } }, @@ -315,7 +315,7 @@ "reason": "security policy file detected", "name": "Security-Policy", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/d28512b65877e042871b0df77f2204c5f65fa76b/docs/checks.md#security-policy", + "url": "https://github.com/ossf/scorecard/blob/c73828219b19826b3ddc4ac78882bc88746aa2ec/docs/checks.md#security-policy", "short": "Determines if the project has published a security policy." } }, @@ -325,7 +325,7 @@ "reason": "no releases found", "name": "Signed-Releases", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/d28512b65877e042871b0df77f2204c5f65fa76b/docs/checks.md#signed-releases", + "url": "https://github.com/ossf/scorecard/blob/c73828219b19826b3ddc4ac78882bc88746aa2ec/docs/checks.md#signed-releases", "short": "Determines if the project cryptographically signs release artifacts." } }, @@ -335,7 +335,7 @@ "reason": "No tokens found", "name": "Token-Permissions", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/d28512b65877e042871b0df77f2204c5f65fa76b/docs/checks.md#token-permissions", + "url": "https://github.com/ossf/scorecard/blob/c73828219b19826b3ddc4ac78882bc88746aa2ec/docs/checks.md#token-permissions", "short": "Determines if the project's workflows follow the principle of least privilege." } }, @@ -345,7 +345,7 @@ "reason": "8 existing vulnerabilities detected", "name": "Vulnerabilities", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/d28512b65877e042871b0df77f2204c5f65fa76b/docs/checks.md#vulnerabilities", + "url": "https://github.com/ossf/scorecard/blob/c73828219b19826b3ddc4ac78882bc88746aa2ec/docs/checks.md#vulnerabilities", "short": "Determines if the project has open, known unfixed vulnerabilities." } } diff --git a/app/site/_data/DSACMS/iv-cbv-payroll/iv-cbv-payroll_data.json b/app/site/_data/DSACMS/iv-cbv-payroll/iv-cbv-payroll_data.json index 537024522e..91368b33fb 100644 --- a/app/site/_data/DSACMS/iv-cbv-payroll/iv-cbv-payroll_data.json +++ b/app/site/_data/DSACMS/iv-cbv-payroll/iv-cbv-payroll_data.json @@ -405,16 +405,16 @@ "dryness_table": "───────────────────────────────────────────────────────────────────────────────\nLanguage Files Lines Blanks Comments Code Complexity\n───────────────────────────────────────────────────────────────────────────────\nRuby 192 10540 1581 876 8083 274\n(ULOC) 5755\n-------------------------------------------------------------------------------\nTerraform 133 5738 738 1158 3842 361\n(ULOC) 2855\n-------------------------------------------------------------------------------\nMarkdown 52 2811 926 0 1885 0\n(ULOC) 1546\n-------------------------------------------------------------------------------\nYAML 48 3064 251 330 2483 0\n(ULOC) 1983\n-------------------------------------------------------------------------------\nRuby HTML 40 1226 122 0 1104 95\n(ULOC) 711\n-------------------------------------------------------------------------------\nBASH 32 1543 206 450 887 74\n(ULOC) 919\n-------------------------------------------------------------------------------\nJSON 18 849 1 0 848 0\n(ULOC) 293\n-------------------------------------------------------------------------------\nJavaScript 15 402 53 48 301 23\n(ULOC) 290\n-------------------------------------------------------------------------------\nShell 10 220 46 22 152 20\n(ULOC) 141\n-------------------------------------------------------------------------------\nPython 4 346 42 16 288 12\n(ULOC) 225\n-------------------------------------------------------------------------------\nHTML 3 200 15 3 182 0\n(ULOC) 62\n-------------------------------------------------------------------------------\nPlain Text 3 3 0 0 3 0\n(ULOC) 4\n-------------------------------------------------------------------------------\nSass 3 186 20 26 140 0\n(ULOC) 113\n-------------------------------------------------------------------------------\nGo 2 129 18 14 97 3\n(ULOC) 83\n-------------------------------------------------------------------------------\nMakefile 2 484 103 72 309 12\n(ULOC) 312\n-------------------------------------------------------------------------------\nRakefile 2 10 2 3 5 0\n(ULOC) 9\n-------------------------------------------------------------------------------\nCSS 1 5 0 1 4 0\n(ULOC) 6\n-------------------------------------------------------------------------------\nCSV 1 444 0 0 444 0\n(ULOC) 377\n-------------------------------------------------------------------------------\nDocker ignore 1 2 1 0 1 0\n(ULOC) 2\n-------------------------------------------------------------------------------\nDockerfile 1 159 37 45 77 17\n(ULOC) 106\n-------------------------------------------------------------------------------\nGemfile 1 125 31 26 68 0\n(ULOC) 92\n-------------------------------------------------------------------------------\nLicense 1 121 12 0 109 0\n(ULOC) 110\n-------------------------------------------------------------------------------\nSQL 1 1 0 0 1 0\n(ULOC) 1\n-------------------------------------------------------------------------------\nTypeScript 1 36 7 1 28 8\n(ULOC) 24\n───────────────────────────────────────────────────────────────────────────────\nTotal 567 28644 4212 3091 21341 899\n───────────────────────────────────────────────────────────────────────────────\nUnique Lines of Code (ULOC) 15845\nDRYness % 0.55\n───────────────────────────────────────────────────────────────────────────────\nEstimated Cost to Develop (organic) $671,847\nEstimated Schedule Effort (organic) 11.82 months\nEstimated People Required (organic) 5.05\n───────────────────────────────────────────────────────────────────────────────\nProcessed 1133120 bytes, 1.133 megabytes (SI)\n───────────────────────────────────────────────────────────────────────────────\n" }, "ossf_scorecard": { - "date": "2025-01-19T13:18:55Z", + "date": "2025-01-26T09:38:32Z", "repo": { "name": "github.com/DSACMS/iv-cbv-payroll", - "commit": "57b5e24c3eac8003a95b862c54b84be5c15dc206" + "commit": "0b06da5d199793b8bc4ef256e1bd489b53d784cd" }, "scorecard": { - "version": "v5.0.0-135-gd28512b6", - "commit": "d28512b65877e042871b0df77f2204c5f65fa76b" + "version": "v5.0.0-139-gc7382821", + "commit": "c73828219b19826b3ddc4ac78882bc88746aa2ec" }, - "score": 5.2, + "score": 5.1, "checks": [ { "details": null, @@ -422,7 +422,7 @@ "reason": "no binaries found in the repo", "name": "Binary-Artifacts", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/d28512b65877e042871b0df77f2204c5f65fa76b/docs/checks.md#binary-artifacts", + "url": "https://github.com/ossf/scorecard/blob/c73828219b19826b3ddc4ac78882bc88746aa2ec/docs/checks.md#binary-artifacts", "short": "Determines if the project has generated executable (binary) artifacts in the source repository." } }, @@ -432,17 +432,17 @@ "reason": "branch protection is not maximal on development and all release branches", "name": "Branch-Protection", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/d28512b65877e042871b0df77f2204c5f65fa76b/docs/checks.md#branch-protection", + "url": "https://github.com/ossf/scorecard/blob/c73828219b19826b3ddc4ac78882bc88746aa2ec/docs/checks.md#branch-protection", "short": "Determines if the default and release branches are protected with GitHub's branch protection settings." } }, { "details": null, "score": 10, - "reason": "28 out of 28 merged PRs checked by a CI test -- score normalized to 10", + "reason": "29 out of 29 merged PRs checked by a CI test -- score normalized to 10", "name": "CI-Tests", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/d28512b65877e042871b0df77f2204c5f65fa76b/docs/checks.md#ci-tests", + "url": "https://github.com/ossf/scorecard/blob/c73828219b19826b3ddc4ac78882bc88746aa2ec/docs/checks.md#ci-tests", "short": "Determines if the project runs tests before pull requests are merged." } }, @@ -452,7 +452,7 @@ "reason": "no effort to earn an OpenSSF best practices badge detected", "name": "CII-Best-Practices", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/d28512b65877e042871b0df77f2204c5f65fa76b/docs/checks.md#cii-best-practices", + "url": "https://github.com/ossf/scorecard/blob/c73828219b19826b3ddc4ac78882bc88746aa2ec/docs/checks.md#cii-best-practices", "short": "Determines if the project has an OpenSSF (formerly CII) Best Practices Badge." } }, @@ -462,7 +462,7 @@ "reason": "Found 27/29 approved changesets -- score normalized to 9", "name": "Code-Review", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/d28512b65877e042871b0df77f2204c5f65fa76b/docs/checks.md#code-review", + "url": "https://github.com/ossf/scorecard/blob/c73828219b19826b3ddc4ac78882bc88746aa2ec/docs/checks.md#code-review", "short": "Determines if the project requires human code review before pull requests (aka merge requests) are merged." } }, @@ -472,7 +472,7 @@ "reason": "project has 14 contributing companies or organizations", "name": "Contributors", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/d28512b65877e042871b0df77f2204c5f65fa76b/docs/checks.md#contributors", + "url": "https://github.com/ossf/scorecard/blob/c73828219b19826b3ddc4ac78882bc88746aa2ec/docs/checks.md#contributors", "short": "Determines if the project has a set of contributors from multiple organizations (e.g., companies)." } }, @@ -482,7 +482,7 @@ "reason": "no dangerous workflow patterns detected", "name": "Dangerous-Workflow", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/d28512b65877e042871b0df77f2204c5f65fa76b/docs/checks.md#dangerous-workflow", + "url": "https://github.com/ossf/scorecard/blob/c73828219b19826b3ddc4ac78882bc88746aa2ec/docs/checks.md#dangerous-workflow", "short": "Determines if the project's GitHub Action workflows avoid dangerous patterns." } }, @@ -492,7 +492,7 @@ "reason": "no update tool detected", "name": "Dependency-Update-Tool", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/d28512b65877e042871b0df77f2204c5f65fa76b/docs/checks.md#dependency-update-tool", + "url": "https://github.com/ossf/scorecard/blob/c73828219b19826b3ddc4ac78882bc88746aa2ec/docs/checks.md#dependency-update-tool", "short": "Determines if the project uses a dependency update tool." } }, @@ -502,7 +502,7 @@ "reason": "project is not fuzzed", "name": "Fuzzing", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/d28512b65877e042871b0df77f2204c5f65fa76b/docs/checks.md#fuzzing", + "url": "https://github.com/ossf/scorecard/blob/c73828219b19826b3ddc4ac78882bc88746aa2ec/docs/checks.md#fuzzing", "short": "Determines if the project uses fuzzing." } }, @@ -512,7 +512,7 @@ "reason": "license file detected", "name": "License", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/d28512b65877e042871b0df77f2204c5f65fa76b/docs/checks.md#license", + "url": "https://github.com/ossf/scorecard/blob/c73828219b19826b3ddc4ac78882bc88746aa2ec/docs/checks.md#license", "short": "Determines if the project has defined a license." } }, @@ -522,7 +522,7 @@ "reason": "30 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 10", "name": "Maintained", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/d28512b65877e042871b0df77f2204c5f65fa76b/docs/checks.md#maintained", + "url": "https://github.com/ossf/scorecard/blob/c73828219b19826b3ddc4ac78882bc88746aa2ec/docs/checks.md#maintained", "short": "Determines if the project is \"actively maintained\"." } }, @@ -532,7 +532,7 @@ "reason": "packaging workflow not detected", "name": "Packaging", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/d28512b65877e042871b0df77f2204c5f65fa76b/docs/checks.md#packaging", + "url": "https://github.com/ossf/scorecard/blob/c73828219b19826b3ddc4ac78882bc88746aa2ec/docs/checks.md#packaging", "short": "Determines if the project is published as a package that others can easily download, install, easily update, and uninstall." } }, @@ -542,17 +542,17 @@ "reason": "dependency not pinned by hash detected -- score normalized to 0", "name": "Pinned-Dependencies", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/d28512b65877e042871b0df77f2204c5f65fa76b/docs/checks.md#pinned-dependencies", + "url": "https://github.com/ossf/scorecard/blob/c73828219b19826b3ddc4ac78882bc88746aa2ec/docs/checks.md#pinned-dependencies", "short": "Determines if the project has declared and pinned the dependencies of its build process." } }, { "details": null, - "score": 4, - "reason": "SAST tool is not run on all commits -- score normalized to 4", + "score": 2, + "reason": "SAST tool is not run on all commits -- score normalized to 2", "name": "SAST", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/d28512b65877e042871b0df77f2204c5f65fa76b/docs/checks.md#sast", + "url": "https://github.com/ossf/scorecard/blob/c73828219b19826b3ddc4ac78882bc88746aa2ec/docs/checks.md#sast", "short": "Determines if the project uses static code analysis." } }, @@ -562,7 +562,7 @@ "reason": "security policy file detected", "name": "Security-Policy", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/d28512b65877e042871b0df77f2204c5f65fa76b/docs/checks.md#security-policy", + "url": "https://github.com/ossf/scorecard/blob/c73828219b19826b3ddc4ac78882bc88746aa2ec/docs/checks.md#security-policy", "short": "Determines if the project has published a security policy." } }, @@ -572,7 +572,7 @@ "reason": "no releases found", "name": "Signed-Releases", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/d28512b65877e042871b0df77f2204c5f65fa76b/docs/checks.md#signed-releases", + "url": "https://github.com/ossf/scorecard/blob/c73828219b19826b3ddc4ac78882bc88746aa2ec/docs/checks.md#signed-releases", "short": "Determines if the project cryptographically signs release artifacts." } }, @@ -582,7 +582,7 @@ "reason": "detected GitHub workflow tokens with excessive permissions", "name": "Token-Permissions", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/d28512b65877e042871b0df77f2204c5f65fa76b/docs/checks.md#token-permissions", + "url": "https://github.com/ossf/scorecard/blob/c73828219b19826b3ddc4ac78882bc88746aa2ec/docs/checks.md#token-permissions", "short": "Determines if the project's workflows follow the principle of least privilege." } }, @@ -592,7 +592,7 @@ "reason": "12 existing vulnerabilities detected", "name": "Vulnerabilities", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/d28512b65877e042871b0df77f2204c5f65fa76b/docs/checks.md#vulnerabilities", + "url": "https://github.com/ossf/scorecard/blob/c73828219b19826b3ddc4ac78882bc88746aa2ec/docs/checks.md#vulnerabilities", "short": "Determines if the project has open, known unfixed vulnerabilities." } } diff --git a/app/site/_data/DSACMS/iv-verify/iv-verify_data.json b/app/site/_data/DSACMS/iv-verify/iv-verify_data.json index 6b80e133a7..c68d2725b8 100644 --- a/app/site/_data/DSACMS/iv-verify/iv-verify_data.json +++ b/app/site/_data/DSACMS/iv-verify/iv-verify_data.json @@ -187,16 +187,16 @@ "dryness_table": "───────────────────────────────────────────────────────────────────────────────\nLanguage Files Lines Blanks Comments Code Complexity\n───────────────────────────────────────────────────────────────────────────────\nTypeScript 90 4882 631 185 4066 162\n(ULOC) 2192\n-------------------------------------------------------------------------------\nMarkdown 14 814 260 0 554 0\n(ULOC) 473\n-------------------------------------------------------------------------------\nYAML 8 426 47 118 261 0\n(ULOC) 289\n-------------------------------------------------------------------------------\nJSON 7 374 0 0 374 0\n(ULOC) 345\n-------------------------------------------------------------------------------\nJavaScript 4 151 26 4 121 19\n(ULOC) 112\n-------------------------------------------------------------------------------\nCSS 2 331 45 3 283 0\n(ULOC) 211\n-------------------------------------------------------------------------------\nSVG 2 2 0 0 2 0\n(ULOC) 2\n-------------------------------------------------------------------------------\nDocker ignore 1 2 0 0 2 0\n(ULOC) 2\n-------------------------------------------------------------------------------\nDockerfile 1 25 7 8 10 1\n(ULOC) 17\n-------------------------------------------------------------------------------\nLicense 1 121 12 0 109 0\n(ULOC) 110\n───────────────────────────────────────────────────────────────────────────────\nTotal 130 7128 1028 318 5782 182\n───────────────────────────────────────────────────────────────────────────────\nUnique Lines of Code (ULOC) 3721\nDRYness % 0.52\n───────────────────────────────────────────────────────────────────────────────\nEstimated Cost to Develop (organic) $170,520\nEstimated Schedule Effort (organic) 7.02 months\nEstimated People Required (organic) 2.16\n───────────────────────────────────────────────────────────────────────────────\nProcessed 255556 bytes, 0.256 megabytes (SI)\n───────────────────────────────────────────────────────────────────────────────\n" }, "ossf_scorecard": { - "date": "2025-01-19T13:19:32Z", + "date": "2025-01-26T09:39:18Z", "repo": { "name": "github.com/DSACMS/iv-verify", "commit": "d73781c913bee97f203b91cbb7b9d2dcd642e3fb" }, "scorecard": { - "version": "v5.0.0-135-gd28512b6", - "commit": "d28512b65877e042871b0df77f2204c5f65fa76b" + "version": "v5.0.0-139-gc7382821", + "commit": "c73828219b19826b3ddc4ac78882bc88746aa2ec" }, - "score": 5.4, + "score": 5.3, "checks": [ { "details": null, @@ -204,7 +204,7 @@ "reason": "no binaries found in the repo", "name": "Binary-Artifacts", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/d28512b65877e042871b0df77f2204c5f65fa76b/docs/checks.md#binary-artifacts", + "url": "https://github.com/ossf/scorecard/blob/c73828219b19826b3ddc4ac78882bc88746aa2ec/docs/checks.md#binary-artifacts", "short": "Determines if the project has generated executable (binary) artifacts in the source repository." } }, @@ -214,7 +214,7 @@ "reason": "branch protection not enabled on development/release branches", "name": "Branch-Protection", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/d28512b65877e042871b0df77f2204c5f65fa76b/docs/checks.md#branch-protection", + "url": "https://github.com/ossf/scorecard/blob/c73828219b19826b3ddc4ac78882bc88746aa2ec/docs/checks.md#branch-protection", "short": "Determines if the default and release branches are protected with GitHub's branch protection settings." } }, @@ -224,7 +224,7 @@ "reason": "4 out of 4 merged PRs checked by a CI test -- score normalized to 10", "name": "CI-Tests", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/d28512b65877e042871b0df77f2204c5f65fa76b/docs/checks.md#ci-tests", + "url": "https://github.com/ossf/scorecard/blob/c73828219b19826b3ddc4ac78882bc88746aa2ec/docs/checks.md#ci-tests", "short": "Determines if the project runs tests before pull requests are merged." } }, @@ -234,7 +234,7 @@ "reason": "no effort to earn an OpenSSF best practices badge detected", "name": "CII-Best-Practices", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/d28512b65877e042871b0df77f2204c5f65fa76b/docs/checks.md#cii-best-practices", + "url": "https://github.com/ossf/scorecard/blob/c73828219b19826b3ddc4ac78882bc88746aa2ec/docs/checks.md#cii-best-practices", "short": "Determines if the project has an OpenSSF (formerly CII) Best Practices Badge." } }, @@ -244,7 +244,7 @@ "reason": "Found 1/17 approved changesets -- score normalized to 0", "name": "Code-Review", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/d28512b65877e042871b0df77f2204c5f65fa76b/docs/checks.md#code-review", + "url": "https://github.com/ossf/scorecard/blob/c73828219b19826b3ddc4ac78882bc88746aa2ec/docs/checks.md#code-review", "short": "Determines if the project requires human code review before pull requests (aka merge requests) are merged." } }, @@ -254,7 +254,7 @@ "reason": "project has 1 contributing companies or organizations -- score normalized to 3", "name": "Contributors", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/d28512b65877e042871b0df77f2204c5f65fa76b/docs/checks.md#contributors", + "url": "https://github.com/ossf/scorecard/blob/c73828219b19826b3ddc4ac78882bc88746aa2ec/docs/checks.md#contributors", "short": "Determines if the project has a set of contributors from multiple organizations (e.g., companies)." } }, @@ -264,7 +264,7 @@ "reason": "no dangerous workflow patterns detected", "name": "Dangerous-Workflow", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/d28512b65877e042871b0df77f2204c5f65fa76b/docs/checks.md#dangerous-workflow", + "url": "https://github.com/ossf/scorecard/blob/c73828219b19826b3ddc4ac78882bc88746aa2ec/docs/checks.md#dangerous-workflow", "short": "Determines if the project's GitHub Action workflows avoid dangerous patterns." } }, @@ -274,7 +274,7 @@ "reason": "update tool detected", "name": "Dependency-Update-Tool", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/d28512b65877e042871b0df77f2204c5f65fa76b/docs/checks.md#dependency-update-tool", + "url": "https://github.com/ossf/scorecard/blob/c73828219b19826b3ddc4ac78882bc88746aa2ec/docs/checks.md#dependency-update-tool", "short": "Determines if the project uses a dependency update tool." } }, @@ -284,7 +284,7 @@ "reason": "project is not fuzzed", "name": "Fuzzing", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/d28512b65877e042871b0df77f2204c5f65fa76b/docs/checks.md#fuzzing", + "url": "https://github.com/ossf/scorecard/blob/c73828219b19826b3ddc4ac78882bc88746aa2ec/docs/checks.md#fuzzing", "short": "Determines if the project uses fuzzing." } }, @@ -294,17 +294,17 @@ "reason": "license file detected", "name": "License", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/d28512b65877e042871b0df77f2204c5f65fa76b/docs/checks.md#license", + "url": "https://github.com/ossf/scorecard/blob/c73828219b19826b3ddc4ac78882bc88746aa2ec/docs/checks.md#license", "short": "Determines if the project has defined a license." } }, { "details": null, "score": 10, - "reason": "26 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 10", + "reason": "23 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 10", "name": "Maintained", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/d28512b65877e042871b0df77f2204c5f65fa76b/docs/checks.md#maintained", + "url": "https://github.com/ossf/scorecard/blob/c73828219b19826b3ddc4ac78882bc88746aa2ec/docs/checks.md#maintained", "short": "Determines if the project is \"actively maintained\"." } }, @@ -314,7 +314,7 @@ "reason": "packaging workflow detected", "name": "Packaging", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/d28512b65877e042871b0df77f2204c5f65fa76b/docs/checks.md#packaging", + "url": "https://github.com/ossf/scorecard/blob/c73828219b19826b3ddc4ac78882bc88746aa2ec/docs/checks.md#packaging", "short": "Determines if the project is published as a package that others can easily download, install, easily update, and uninstall." } }, @@ -324,7 +324,7 @@ "reason": "dependency not pinned by hash detected -- score normalized to 3", "name": "Pinned-Dependencies", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/d28512b65877e042871b0df77f2204c5f65fa76b/docs/checks.md#pinned-dependencies", + "url": "https://github.com/ossf/scorecard/blob/c73828219b19826b3ddc4ac78882bc88746aa2ec/docs/checks.md#pinned-dependencies", "short": "Determines if the project has declared and pinned the dependencies of its build process." } }, @@ -334,7 +334,7 @@ "reason": "SAST tool is not run on all commits -- score normalized to 0", "name": "SAST", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/d28512b65877e042871b0df77f2204c5f65fa76b/docs/checks.md#sast", + "url": "https://github.com/ossf/scorecard/blob/c73828219b19826b3ddc4ac78882bc88746aa2ec/docs/checks.md#sast", "short": "Determines if the project uses static code analysis." } }, @@ -344,7 +344,7 @@ "reason": "security policy file detected", "name": "Security-Policy", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/d28512b65877e042871b0df77f2204c5f65fa76b/docs/checks.md#security-policy", + "url": "https://github.com/ossf/scorecard/blob/c73828219b19826b3ddc4ac78882bc88746aa2ec/docs/checks.md#security-policy", "short": "Determines if the project has published a security policy." } }, @@ -354,7 +354,7 @@ "reason": "no releases found", "name": "Signed-Releases", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/d28512b65877e042871b0df77f2204c5f65fa76b/docs/checks.md#signed-releases", + "url": "https://github.com/ossf/scorecard/blob/c73828219b19826b3ddc4ac78882bc88746aa2ec/docs/checks.md#signed-releases", "short": "Determines if the project cryptographically signs release artifacts." } }, @@ -364,17 +364,17 @@ "reason": "detected GitHub workflow tokens with excessive permissions", "name": "Token-Permissions", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/d28512b65877e042871b0df77f2204c5f65fa76b/docs/checks.md#token-permissions", + "url": "https://github.com/ossf/scorecard/blob/c73828219b19826b3ddc4ac78882bc88746aa2ec/docs/checks.md#token-permissions", "short": "Determines if the project's workflows follow the principle of least privilege." } }, { "details": null, - "score": 4, - "reason": "6 existing vulnerabilities detected", + "score": 3, + "reason": "7 existing vulnerabilities detected", "name": "Vulnerabilities", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/d28512b65877e042871b0df77f2204c5f65fa76b/docs/checks.md#vulnerabilities", + "url": "https://github.com/ossf/scorecard/blob/c73828219b19826b3ddc4ac78882bc88746aa2ec/docs/checks.md#vulnerabilities", "short": "Determines if the project has open, known unfixed vulnerabilities." } } diff --git a/app/site/_data/DSACMS/metrics/metrics_data.json b/app/site/_data/DSACMS/metrics/metrics_data.json index f33ed9306b..79f55e7d00 100644 --- a/app/site/_data/DSACMS/metrics/metrics_data.json +++ b/app/site/_data/DSACMS/metrics/metrics_data.json @@ -227,14 +227,14 @@ }, "created_at": "2023-07-18T14:10:58Z", "ossf_scorecard": { - "date": "2025-01-19T13:18:20Z", + "date": "2025-01-26T09:37:48Z", "repo": { "name": "github.com/DSACMS/metrics", - "commit": "419d37de86f71b271d761708e2c7931eabb4a9ad" + "commit": "b3cf83af05b24b1626fcb0cec9002a659a6d625d" }, "scorecard": { - "version": "v5.0.0-135-gd28512b6", - "commit": "d28512b65877e042871b0df77f2204c5f65fa76b" + "version": "v5.0.0-139-gc7382821", + "commit": "c73828219b19826b3ddc4ac78882bc88746aa2ec" }, "score": 5.8, "checks": [ @@ -244,7 +244,7 @@ "reason": "no binaries found in the repo", "name": "Binary-Artifacts", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/d28512b65877e042871b0df77f2204c5f65fa76b/docs/checks.md#binary-artifacts", + "url": "https://github.com/ossf/scorecard/blob/c73828219b19826b3ddc4ac78882bc88746aa2ec/docs/checks.md#binary-artifacts", "short": "Determines if the project has generated executable (binary) artifacts in the source repository." } }, @@ -254,7 +254,7 @@ "reason": "branch protection is not maximal on development and all release branches", "name": "Branch-Protection", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/d28512b65877e042871b0df77f2204c5f65fa76b/docs/checks.md#branch-protection", + "url": "https://github.com/ossf/scorecard/blob/c73828219b19826b3ddc4ac78882bc88746aa2ec/docs/checks.md#branch-protection", "short": "Determines if the default and release branches are protected with GitHub's branch protection settings." } }, @@ -264,7 +264,7 @@ "reason": "no pull request found", "name": "CI-Tests", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/d28512b65877e042871b0df77f2204c5f65fa76b/docs/checks.md#ci-tests", + "url": "https://github.com/ossf/scorecard/blob/c73828219b19826b3ddc4ac78882bc88746aa2ec/docs/checks.md#ci-tests", "short": "Determines if the project runs tests before pull requests are merged." } }, @@ -274,7 +274,7 @@ "reason": "no effort to earn an OpenSSF best practices badge detected", "name": "CII-Best-Practices", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/d28512b65877e042871b0df77f2204c5f65fa76b/docs/checks.md#cii-best-practices", + "url": "https://github.com/ossf/scorecard/blob/c73828219b19826b3ddc4ac78882bc88746aa2ec/docs/checks.md#cii-best-practices", "short": "Determines if the project has an OpenSSF (formerly CII) Best Practices Badge." } }, @@ -284,7 +284,7 @@ "reason": "Found 0/30 approved changesets -- score normalized to 0", "name": "Code-Review", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/d28512b65877e042871b0df77f2204c5f65fa76b/docs/checks.md#code-review", + "url": "https://github.com/ossf/scorecard/blob/c73828219b19826b3ddc4ac78882bc88746aa2ec/docs/checks.md#code-review", "short": "Determines if the project requires human code review before pull requests (aka merge requests) are merged." } }, @@ -294,7 +294,7 @@ "reason": "project has 13 contributing companies or organizations", "name": "Contributors", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/d28512b65877e042871b0df77f2204c5f65fa76b/docs/checks.md#contributors", + "url": "https://github.com/ossf/scorecard/blob/c73828219b19826b3ddc4ac78882bc88746aa2ec/docs/checks.md#contributors", "short": "Determines if the project has a set of contributors from multiple organizations (e.g., companies)." } }, @@ -304,7 +304,7 @@ "reason": "no dangerous workflow patterns detected", "name": "Dangerous-Workflow", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/d28512b65877e042871b0df77f2204c5f65fa76b/docs/checks.md#dangerous-workflow", + "url": "https://github.com/ossf/scorecard/blob/c73828219b19826b3ddc4ac78882bc88746aa2ec/docs/checks.md#dangerous-workflow", "short": "Determines if the project's GitHub Action workflows avoid dangerous patterns." } }, @@ -314,7 +314,7 @@ "reason": "update tool detected", "name": "Dependency-Update-Tool", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/d28512b65877e042871b0df77f2204c5f65fa76b/docs/checks.md#dependency-update-tool", + "url": "https://github.com/ossf/scorecard/blob/c73828219b19826b3ddc4ac78882bc88746aa2ec/docs/checks.md#dependency-update-tool", "short": "Determines if the project uses a dependency update tool." } }, @@ -324,7 +324,7 @@ "reason": "project is not fuzzed", "name": "Fuzzing", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/d28512b65877e042871b0df77f2204c5f65fa76b/docs/checks.md#fuzzing", + "url": "https://github.com/ossf/scorecard/blob/c73828219b19826b3ddc4ac78882bc88746aa2ec/docs/checks.md#fuzzing", "short": "Determines if the project uses fuzzing." } }, @@ -334,17 +334,17 @@ "reason": "license file detected", "name": "License", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/d28512b65877e042871b0df77f2204c5f65fa76b/docs/checks.md#license", + "url": "https://github.com/ossf/scorecard/blob/c73828219b19826b3ddc4ac78882bc88746aa2ec/docs/checks.md#license", "short": "Determines if the project has defined a license." } }, { "details": null, "score": 10, - "reason": "30 commit(s) and 9 issue activity found in the last 90 days -- score normalized to 10", + "reason": "30 commit(s) and 6 issue activity found in the last 90 days -- score normalized to 10", "name": "Maintained", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/d28512b65877e042871b0df77f2204c5f65fa76b/docs/checks.md#maintained", + "url": "https://github.com/ossf/scorecard/blob/c73828219b19826b3ddc4ac78882bc88746aa2ec/docs/checks.md#maintained", "short": "Determines if the project is \"actively maintained\"." } }, @@ -354,7 +354,7 @@ "reason": "packaging workflow not detected", "name": "Packaging", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/d28512b65877e042871b0df77f2204c5f65fa76b/docs/checks.md#packaging", + "url": "https://github.com/ossf/scorecard/blob/c73828219b19826b3ddc4ac78882bc88746aa2ec/docs/checks.md#packaging", "short": "Determines if the project is published as a package that others can easily download, install, easily update, and uninstall." } }, @@ -364,7 +364,7 @@ "reason": "dependency not pinned by hash detected -- score normalized to 1", "name": "Pinned-Dependencies", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/d28512b65877e042871b0df77f2204c5f65fa76b/docs/checks.md#pinned-dependencies", + "url": "https://github.com/ossf/scorecard/blob/c73828219b19826b3ddc4ac78882bc88746aa2ec/docs/checks.md#pinned-dependencies", "short": "Determines if the project has declared and pinned the dependencies of its build process." } }, @@ -374,7 +374,7 @@ "reason": "SAST tool detected: CodeQL", "name": "SAST", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/d28512b65877e042871b0df77f2204c5f65fa76b/docs/checks.md#sast", + "url": "https://github.com/ossf/scorecard/blob/c73828219b19826b3ddc4ac78882bc88746aa2ec/docs/checks.md#sast", "short": "Determines if the project uses static code analysis." } }, @@ -384,7 +384,7 @@ "reason": "security policy file detected", "name": "Security-Policy", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/d28512b65877e042871b0df77f2204c5f65fa76b/docs/checks.md#security-policy", + "url": "https://github.com/ossf/scorecard/blob/c73828219b19826b3ddc4ac78882bc88746aa2ec/docs/checks.md#security-policy", "short": "Determines if the project has published a security policy." } }, @@ -394,7 +394,7 @@ "reason": "no releases found", "name": "Signed-Releases", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/d28512b65877e042871b0df77f2204c5f65fa76b/docs/checks.md#signed-releases", + "url": "https://github.com/ossf/scorecard/blob/c73828219b19826b3ddc4ac78882bc88746aa2ec/docs/checks.md#signed-releases", "short": "Determines if the project cryptographically signs release artifacts." } }, @@ -404,7 +404,7 @@ "reason": "detected GitHub workflow tokens with excessive permissions", "name": "Token-Permissions", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/d28512b65877e042871b0df77f2204c5f65fa76b/docs/checks.md#token-permissions", + "url": "https://github.com/ossf/scorecard/blob/c73828219b19826b3ddc4ac78882bc88746aa2ec/docs/checks.md#token-permissions", "short": "Determines if the project's workflows follow the principle of least privilege." } }, @@ -414,7 +414,7 @@ "reason": "10 existing vulnerabilities detected", "name": "Vulnerabilities", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/d28512b65877e042871b0df77f2204c5f65fa76b/docs/checks.md#vulnerabilities", + "url": "https://github.com/ossf/scorecard/blob/c73828219b19826b3ddc4ac78882bc88746aa2ec/docs/checks.md#vulnerabilities", "short": "Determines if the project has open, known unfixed vulnerabilities." } } diff --git a/app/site/_data/DSACMS/mural-ollama/mural-ollama_data.json b/app/site/_data/DSACMS/mural-ollama/mural-ollama_data.json index 7ba11027e8..ab528d3aa5 100644 --- a/app/site/_data/DSACMS/mural-ollama/mural-ollama_data.json +++ b/app/site/_data/DSACMS/mural-ollama/mural-ollama_data.json @@ -109,14 +109,14 @@ "dryness_table": "───────────────────────────────────────────────────────────────────────────────\nLanguage Files Lines Blanks Comments Code Complexity\n───────────────────────────────────────────────────────────────────────────────\nJSON 3 834 0 0 834 0\n(ULOC) 163\n-------------------------------------------------------------------------------\nMarkdown 3 258 85 0 173 0\n(ULOC) 134\n-------------------------------------------------------------------------------\nPython 3 492 75 4 413 30\n(ULOC) 343\n-------------------------------------------------------------------------------\nLicense 1 121 12 0 109 0\n(ULOC) 110\n-------------------------------------------------------------------------------\nYAML 1 71 9 37 25 0\n(ULOC) 56\n───────────────────────────────────────────────────────────────────────────────\nTotal 11 1776 181 41 1554 30\n───────────────────────────────────────────────────────────────────────────────\nUnique Lines of Code (ULOC) 801\nDRYness % 0.45\n───────────────────────────────────────────────────────────────────────────────\nEstimated Cost to Develop (organic) $42,915\nEstimated Schedule Effort (organic) 4.16 months\nEstimated People Required (organic) 0.92\n───────────────────────────────────────────────────────────────────────────────\nProcessed 59736 bytes, 0.060 megabytes (SI)\n───────────────────────────────────────────────────────────────────────────────\n" }, "ossf_scorecard": { - "date": "2025-01-19T13:19:30Z", + "date": "2025-01-26T09:39:14Z", "repo": { "name": "github.com/DSACMS/mural-ollama", "commit": "d85d8e8032d05d82f2fb46d9a369ce37de980b4d" }, "scorecard": { - "version": "v5.0.0-135-gd28512b6", - "commit": "d28512b65877e042871b0df77f2204c5f65fa76b" + "version": "v5.0.0-139-gc7382821", + "commit": "c73828219b19826b3ddc4ac78882bc88746aa2ec" }, "score": 3.6, "checks": [ @@ -126,7 +126,7 @@ "reason": "no binaries found in the repo", "name": "Binary-Artifacts", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/d28512b65877e042871b0df77f2204c5f65fa76b/docs/checks.md#binary-artifacts", + "url": "https://github.com/ossf/scorecard/blob/c73828219b19826b3ddc4ac78882bc88746aa2ec/docs/checks.md#binary-artifacts", "short": "Determines if the project has generated executable (binary) artifacts in the source repository." } }, @@ -136,7 +136,7 @@ "reason": "branch protection not enabled on development/release branches", "name": "Branch-Protection", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/d28512b65877e042871b0df77f2204c5f65fa76b/docs/checks.md#branch-protection", + "url": "https://github.com/ossf/scorecard/blob/c73828219b19826b3ddc4ac78882bc88746aa2ec/docs/checks.md#branch-protection", "short": "Determines if the default and release branches are protected with GitHub's branch protection settings." } }, @@ -146,7 +146,7 @@ "reason": "no pull request found", "name": "CI-Tests", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/d28512b65877e042871b0df77f2204c5f65fa76b/docs/checks.md#ci-tests", + "url": "https://github.com/ossf/scorecard/blob/c73828219b19826b3ddc4ac78882bc88746aa2ec/docs/checks.md#ci-tests", "short": "Determines if the project runs tests before pull requests are merged." } }, @@ -156,7 +156,7 @@ "reason": "no effort to earn an OpenSSF best practices badge detected", "name": "CII-Best-Practices", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/d28512b65877e042871b0df77f2204c5f65fa76b/docs/checks.md#cii-best-practices", + "url": "https://github.com/ossf/scorecard/blob/c73828219b19826b3ddc4ac78882bc88746aa2ec/docs/checks.md#cii-best-practices", "short": "Determines if the project has an OpenSSF (formerly CII) Best Practices Badge." } }, @@ -166,7 +166,7 @@ "reason": "Found 0/4 approved changesets -- score normalized to 0", "name": "Code-Review", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/d28512b65877e042871b0df77f2204c5f65fa76b/docs/checks.md#code-review", + "url": "https://github.com/ossf/scorecard/blob/c73828219b19826b3ddc4ac78882bc88746aa2ec/docs/checks.md#code-review", "short": "Determines if the project requires human code review before pull requests (aka merge requests) are merged." } }, @@ -176,7 +176,7 @@ "reason": "project has 0 contributing companies or organizations -- score normalized to 0", "name": "Contributors", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/d28512b65877e042871b0df77f2204c5f65fa76b/docs/checks.md#contributors", + "url": "https://github.com/ossf/scorecard/blob/c73828219b19826b3ddc4ac78882bc88746aa2ec/docs/checks.md#contributors", "short": "Determines if the project has a set of contributors from multiple organizations (e.g., companies)." } }, @@ -186,7 +186,7 @@ "reason": "no dangerous workflow patterns detected", "name": "Dangerous-Workflow", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/d28512b65877e042871b0df77f2204c5f65fa76b/docs/checks.md#dangerous-workflow", + "url": "https://github.com/ossf/scorecard/blob/c73828219b19826b3ddc4ac78882bc88746aa2ec/docs/checks.md#dangerous-workflow", "short": "Determines if the project's GitHub Action workflows avoid dangerous patterns." } }, @@ -196,7 +196,7 @@ "reason": "no update tool detected", "name": "Dependency-Update-Tool", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/d28512b65877e042871b0df77f2204c5f65fa76b/docs/checks.md#dependency-update-tool", + "url": "https://github.com/ossf/scorecard/blob/c73828219b19826b3ddc4ac78882bc88746aa2ec/docs/checks.md#dependency-update-tool", "short": "Determines if the project uses a dependency update tool." } }, @@ -206,7 +206,7 @@ "reason": "project is not fuzzed", "name": "Fuzzing", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/d28512b65877e042871b0df77f2204c5f65fa76b/docs/checks.md#fuzzing", + "url": "https://github.com/ossf/scorecard/blob/c73828219b19826b3ddc4ac78882bc88746aa2ec/docs/checks.md#fuzzing", "short": "Determines if the project uses fuzzing." } }, @@ -216,7 +216,7 @@ "reason": "license file detected", "name": "License", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/d28512b65877e042871b0df77f2204c5f65fa76b/docs/checks.md#license", + "url": "https://github.com/ossf/scorecard/blob/c73828219b19826b3ddc4ac78882bc88746aa2ec/docs/checks.md#license", "short": "Determines if the project has defined a license." } }, @@ -226,7 +226,7 @@ "reason": "0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0", "name": "Maintained", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/d28512b65877e042871b0df77f2204c5f65fa76b/docs/checks.md#maintained", + "url": "https://github.com/ossf/scorecard/blob/c73828219b19826b3ddc4ac78882bc88746aa2ec/docs/checks.md#maintained", "short": "Determines if the project is \"actively maintained\"." } }, @@ -236,7 +236,7 @@ "reason": "packaging workflow not detected", "name": "Packaging", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/d28512b65877e042871b0df77f2204c5f65fa76b/docs/checks.md#packaging", + "url": "https://github.com/ossf/scorecard/blob/c73828219b19826b3ddc4ac78882bc88746aa2ec/docs/checks.md#packaging", "short": "Determines if the project is published as a package that others can easily download, install, easily update, and uninstall." } }, @@ -246,7 +246,7 @@ "reason": "dependency not pinned by hash detected -- score normalized to 0", "name": "Pinned-Dependencies", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/d28512b65877e042871b0df77f2204c5f65fa76b/docs/checks.md#pinned-dependencies", + "url": "https://github.com/ossf/scorecard/blob/c73828219b19826b3ddc4ac78882bc88746aa2ec/docs/checks.md#pinned-dependencies", "short": "Determines if the project has declared and pinned the dependencies of its build process." } }, @@ -256,7 +256,7 @@ "reason": "no SAST tool detected", "name": "SAST", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/d28512b65877e042871b0df77f2204c5f65fa76b/docs/checks.md#sast", + "url": "https://github.com/ossf/scorecard/blob/c73828219b19826b3ddc4ac78882bc88746aa2ec/docs/checks.md#sast", "short": "Determines if the project uses static code analysis." } }, @@ -266,7 +266,7 @@ "reason": "security policy file detected", "name": "Security-Policy", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/d28512b65877e042871b0df77f2204c5f65fa76b/docs/checks.md#security-policy", + "url": "https://github.com/ossf/scorecard/blob/c73828219b19826b3ddc4ac78882bc88746aa2ec/docs/checks.md#security-policy", "short": "Determines if the project has published a security policy." } }, @@ -276,7 +276,7 @@ "reason": "no releases found", "name": "Signed-Releases", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/d28512b65877e042871b0df77f2204c5f65fa76b/docs/checks.md#signed-releases", + "url": "https://github.com/ossf/scorecard/blob/c73828219b19826b3ddc4ac78882bc88746aa2ec/docs/checks.md#signed-releases", "short": "Determines if the project cryptographically signs release artifacts." } }, @@ -286,7 +286,7 @@ "reason": "detected GitHub workflow tokens with excessive permissions", "name": "Token-Permissions", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/d28512b65877e042871b0df77f2204c5f65fa76b/docs/checks.md#token-permissions", + "url": "https://github.com/ossf/scorecard/blob/c73828219b19826b3ddc4ac78882bc88746aa2ec/docs/checks.md#token-permissions", "short": "Determines if the project's workflows follow the principle of least privilege." } }, @@ -296,7 +296,7 @@ "reason": "0 existing vulnerabilities detected", "name": "Vulnerabilities", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/d28512b65877e042871b0df77f2204c5f65fa76b/docs/checks.md#vulnerabilities", + "url": "https://github.com/ossf/scorecard/blob/c73828219b19826b3ddc4ac78882bc88746aa2ec/docs/checks.md#vulnerabilities", "short": "Determines if the project has open, known unfixed vulnerabilities." } } diff --git a/app/site/_data/DSACMS/open/open_data.json b/app/site/_data/DSACMS/open/open_data.json index 8efc030404..efa0dec40f 100644 --- a/app/site/_data/DSACMS/open/open_data.json +++ b/app/site/_data/DSACMS/open/open_data.json @@ -164,14 +164,14 @@ }, "created_at": "2023-06-06T16:35:30Z", "ossf_scorecard": { - "date": "2025-01-19T13:17:58Z", + "date": "2025-01-26T09:37:23Z", "repo": { "name": "github.com/DSACMS/open", "commit": "c60ab12a98f1888bdb6abb3af7e798cc2f483195" }, "scorecard": { - "version": "v5.0.0-135-gd28512b6", - "commit": "d28512b65877e042871b0df77f2204c5f65fa76b" + "version": "v5.0.0-139-gc7382821", + "commit": "c73828219b19826b3ddc4ac78882bc88746aa2ec" }, "score": 4.9, "checks": [ @@ -181,7 +181,7 @@ "reason": "no binaries found in the repo", "name": "Binary-Artifacts", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/d28512b65877e042871b0df77f2204c5f65fa76b/docs/checks.md#binary-artifacts", + "url": "https://github.com/ossf/scorecard/blob/c73828219b19826b3ddc4ac78882bc88746aa2ec/docs/checks.md#binary-artifacts", "short": "Determines if the project has generated executable (binary) artifacts in the source repository." } }, @@ -191,7 +191,7 @@ "reason": "branch protection not enabled on development/release branches", "name": "Branch-Protection", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/d28512b65877e042871b0df77f2204c5f65fa76b/docs/checks.md#branch-protection", + "url": "https://github.com/ossf/scorecard/blob/c73828219b19826b3ddc4ac78882bc88746aa2ec/docs/checks.md#branch-protection", "short": "Determines if the default and release branches are protected with GitHub's branch protection settings." } }, @@ -201,7 +201,7 @@ "reason": "5 out of 8 merged PRs checked by a CI test -- score normalized to 6", "name": "CI-Tests", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/d28512b65877e042871b0df77f2204c5f65fa76b/docs/checks.md#ci-tests", + "url": "https://github.com/ossf/scorecard/blob/c73828219b19826b3ddc4ac78882bc88746aa2ec/docs/checks.md#ci-tests", "short": "Determines if the project runs tests before pull requests are merged." } }, @@ -211,7 +211,7 @@ "reason": "no effort to earn an OpenSSF best practices badge detected", "name": "CII-Best-Practices", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/d28512b65877e042871b0df77f2204c5f65fa76b/docs/checks.md#cii-best-practices", + "url": "https://github.com/ossf/scorecard/blob/c73828219b19826b3ddc4ac78882bc88746aa2ec/docs/checks.md#cii-best-practices", "short": "Determines if the project has an OpenSSF (formerly CII) Best Practices Badge." } }, @@ -221,7 +221,7 @@ "reason": "Found 6/14 approved changesets -- score normalized to 4", "name": "Code-Review", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/d28512b65877e042871b0df77f2204c5f65fa76b/docs/checks.md#code-review", + "url": "https://github.com/ossf/scorecard/blob/c73828219b19826b3ddc4ac78882bc88746aa2ec/docs/checks.md#code-review", "short": "Determines if the project requires human code review before pull requests (aka merge requests) are merged." } }, @@ -231,7 +231,7 @@ "reason": "project has 1 contributing companies or organizations -- score normalized to 3", "name": "Contributors", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/d28512b65877e042871b0df77f2204c5f65fa76b/docs/checks.md#contributors", + "url": "https://github.com/ossf/scorecard/blob/c73828219b19826b3ddc4ac78882bc88746aa2ec/docs/checks.md#contributors", "short": "Determines if the project has a set of contributors from multiple organizations (e.g., companies)." } }, @@ -241,7 +241,7 @@ "reason": "no dangerous workflow patterns detected", "name": "Dangerous-Workflow", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/d28512b65877e042871b0df77f2204c5f65fa76b/docs/checks.md#dangerous-workflow", + "url": "https://github.com/ossf/scorecard/blob/c73828219b19826b3ddc4ac78882bc88746aa2ec/docs/checks.md#dangerous-workflow", "short": "Determines if the project's GitHub Action workflows avoid dangerous patterns." } }, @@ -251,7 +251,7 @@ "reason": "no update tool detected", "name": "Dependency-Update-Tool", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/d28512b65877e042871b0df77f2204c5f65fa76b/docs/checks.md#dependency-update-tool", + "url": "https://github.com/ossf/scorecard/blob/c73828219b19826b3ddc4ac78882bc88746aa2ec/docs/checks.md#dependency-update-tool", "short": "Determines if the project uses a dependency update tool." } }, @@ -261,7 +261,7 @@ "reason": "project is not fuzzed", "name": "Fuzzing", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/d28512b65877e042871b0df77f2204c5f65fa76b/docs/checks.md#fuzzing", + "url": "https://github.com/ossf/scorecard/blob/c73828219b19826b3ddc4ac78882bc88746aa2ec/docs/checks.md#fuzzing", "short": "Determines if the project uses fuzzing." } }, @@ -271,7 +271,7 @@ "reason": "license file detected", "name": "License", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/d28512b65877e042871b0df77f2204c5f65fa76b/docs/checks.md#license", + "url": "https://github.com/ossf/scorecard/blob/c73828219b19826b3ddc4ac78882bc88746aa2ec/docs/checks.md#license", "short": "Determines if the project has defined a license." } }, @@ -281,7 +281,7 @@ "reason": "2 commit(s) and 5 issue activity found in the last 90 days -- score normalized to 5", "name": "Maintained", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/d28512b65877e042871b0df77f2204c5f65fa76b/docs/checks.md#maintained", + "url": "https://github.com/ossf/scorecard/blob/c73828219b19826b3ddc4ac78882bc88746aa2ec/docs/checks.md#maintained", "short": "Determines if the project is \"actively maintained\"." } }, @@ -291,7 +291,7 @@ "reason": "packaging workflow not detected", "name": "Packaging", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/d28512b65877e042871b0df77f2204c5f65fa76b/docs/checks.md#packaging", + "url": "https://github.com/ossf/scorecard/blob/c73828219b19826b3ddc4ac78882bc88746aa2ec/docs/checks.md#packaging", "short": "Determines if the project is published as a package that others can easily download, install, easily update, and uninstall." } }, @@ -301,7 +301,7 @@ "reason": "dependency not pinned by hash detected -- score normalized to 4", "name": "Pinned-Dependencies", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/d28512b65877e042871b0df77f2204c5f65fa76b/docs/checks.md#pinned-dependencies", + "url": "https://github.com/ossf/scorecard/blob/c73828219b19826b3ddc4ac78882bc88746aa2ec/docs/checks.md#pinned-dependencies", "short": "Determines if the project has declared and pinned the dependencies of its build process." } }, @@ -311,7 +311,7 @@ "reason": "SAST tool is not run on all commits -- score normalized to 5", "name": "SAST", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/d28512b65877e042871b0df77f2204c5f65fa76b/docs/checks.md#sast", + "url": "https://github.com/ossf/scorecard/blob/c73828219b19826b3ddc4ac78882bc88746aa2ec/docs/checks.md#sast", "short": "Determines if the project uses static code analysis." } }, @@ -321,7 +321,7 @@ "reason": "security policy file detected", "name": "Security-Policy", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/d28512b65877e042871b0df77f2204c5f65fa76b/docs/checks.md#security-policy", + "url": "https://github.com/ossf/scorecard/blob/c73828219b19826b3ddc4ac78882bc88746aa2ec/docs/checks.md#security-policy", "short": "Determines if the project has published a security policy." } }, @@ -331,7 +331,7 @@ "reason": "no releases found", "name": "Signed-Releases", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/d28512b65877e042871b0df77f2204c5f65fa76b/docs/checks.md#signed-releases", + "url": "https://github.com/ossf/scorecard/blob/c73828219b19826b3ddc4ac78882bc88746aa2ec/docs/checks.md#signed-releases", "short": "Determines if the project cryptographically signs release artifacts." } }, @@ -341,17 +341,17 @@ "reason": "detected GitHub workflow tokens with excessive permissions", "name": "Token-Permissions", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/d28512b65877e042871b0df77f2204c5f65fa76b/docs/checks.md#token-permissions", + "url": "https://github.com/ossf/scorecard/blob/c73828219b19826b3ddc4ac78882bc88746aa2ec/docs/checks.md#token-permissions", "short": "Determines if the project's workflows follow the principle of least privilege." } }, { "details": null, "score": 0, - "reason": "17 existing vulnerabilities detected", + "reason": "18 existing vulnerabilities detected", "name": "Vulnerabilities", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/d28512b65877e042871b0df77f2204c5f65fa76b/docs/checks.md#vulnerabilities", + "url": "https://github.com/ossf/scorecard/blob/c73828219b19826b3ddc4ac78882bc88746aa2ec/docs/checks.md#vulnerabilities", "short": "Determines if the project has open, known unfixed vulnerabilities." } } diff --git a/app/site/_data/DSACMS/opportunities/opportunities_data.json b/app/site/_data/DSACMS/opportunities/opportunities_data.json index 465a3165fe..ca1f8157b8 100644 --- a/app/site/_data/DSACMS/opportunities/opportunities_data.json +++ b/app/site/_data/DSACMS/opportunities/opportunities_data.json @@ -89,14 +89,14 @@ }, "created_at": "2023-06-29T15:55:54Z", "ossf_scorecard": { - "date": "2025-01-19T13:18:49Z", + "date": "2025-01-26T09:38:24Z", "repo": { "name": "github.com/DSACMS/opportunities", "commit": "9fc14ff61eac943699c5ed4b7328e9cb52e0a8bd" }, "scorecard": { - "version": "v5.0.0-135-gd28512b6", - "commit": "d28512b65877e042871b0df77f2204c5f65fa76b" + "version": "v5.0.0-139-gc7382821", + "commit": "c73828219b19826b3ddc4ac78882bc88746aa2ec" }, "score": 3.7, "checks": [ @@ -106,7 +106,7 @@ "reason": "no binaries found in the repo", "name": "Binary-Artifacts", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/d28512b65877e042871b0df77f2204c5f65fa76b/docs/checks.md#binary-artifacts", + "url": "https://github.com/ossf/scorecard/blob/c73828219b19826b3ddc4ac78882bc88746aa2ec/docs/checks.md#binary-artifacts", "short": "Determines if the project has generated executable (binary) artifacts in the source repository." } }, @@ -116,7 +116,7 @@ "reason": "branch protection not enabled on development/release branches", "name": "Branch-Protection", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/d28512b65877e042871b0df77f2204c5f65fa76b/docs/checks.md#branch-protection", + "url": "https://github.com/ossf/scorecard/blob/c73828219b19826b3ddc4ac78882bc88746aa2ec/docs/checks.md#branch-protection", "short": "Determines if the default and release branches are protected with GitHub's branch protection settings." } }, @@ -126,7 +126,7 @@ "reason": "no pull request found", "name": "CI-Tests", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/d28512b65877e042871b0df77f2204c5f65fa76b/docs/checks.md#ci-tests", + "url": "https://github.com/ossf/scorecard/blob/c73828219b19826b3ddc4ac78882bc88746aa2ec/docs/checks.md#ci-tests", "short": "Determines if the project runs tests before pull requests are merged." } }, @@ -136,7 +136,7 @@ "reason": "no effort to earn an OpenSSF best practices badge detected", "name": "CII-Best-Practices", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/d28512b65877e042871b0df77f2204c5f65fa76b/docs/checks.md#cii-best-practices", + "url": "https://github.com/ossf/scorecard/blob/c73828219b19826b3ddc4ac78882bc88746aa2ec/docs/checks.md#cii-best-practices", "short": "Determines if the project has an OpenSSF (formerly CII) Best Practices Badge." } }, @@ -146,7 +146,7 @@ "reason": "Found 0/30 approved changesets -- score normalized to 0", "name": "Code-Review", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/d28512b65877e042871b0df77f2204c5f65fa76b/docs/checks.md#code-review", + "url": "https://github.com/ossf/scorecard/blob/c73828219b19826b3ddc4ac78882bc88746aa2ec/docs/checks.md#code-review", "short": "Determines if the project requires human code review before pull requests (aka merge requests) are merged." } }, @@ -156,7 +156,7 @@ "reason": "project has 3 contributing companies or organizations -- score normalized to 10", "name": "Contributors", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/d28512b65877e042871b0df77f2204c5f65fa76b/docs/checks.md#contributors", + "url": "https://github.com/ossf/scorecard/blob/c73828219b19826b3ddc4ac78882bc88746aa2ec/docs/checks.md#contributors", "short": "Determines if the project has a set of contributors from multiple organizations (e.g., companies)." } }, @@ -166,7 +166,7 @@ "reason": "no workflows found", "name": "Dangerous-Workflow", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/d28512b65877e042871b0df77f2204c5f65fa76b/docs/checks.md#dangerous-workflow", + "url": "https://github.com/ossf/scorecard/blob/c73828219b19826b3ddc4ac78882bc88746aa2ec/docs/checks.md#dangerous-workflow", "short": "Determines if the project's GitHub Action workflows avoid dangerous patterns." } }, @@ -176,7 +176,7 @@ "reason": "no update tool detected", "name": "Dependency-Update-Tool", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/d28512b65877e042871b0df77f2204c5f65fa76b/docs/checks.md#dependency-update-tool", + "url": "https://github.com/ossf/scorecard/blob/c73828219b19826b3ddc4ac78882bc88746aa2ec/docs/checks.md#dependency-update-tool", "short": "Determines if the project uses a dependency update tool." } }, @@ -186,7 +186,7 @@ "reason": "project is not fuzzed", "name": "Fuzzing", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/d28512b65877e042871b0df77f2204c5f65fa76b/docs/checks.md#fuzzing", + "url": "https://github.com/ossf/scorecard/blob/c73828219b19826b3ddc4ac78882bc88746aa2ec/docs/checks.md#fuzzing", "short": "Determines if the project uses fuzzing." } }, @@ -196,7 +196,7 @@ "reason": "license file detected", "name": "License", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/d28512b65877e042871b0df77f2204c5f65fa76b/docs/checks.md#license", + "url": "https://github.com/ossf/scorecard/blob/c73828219b19826b3ddc4ac78882bc88746aa2ec/docs/checks.md#license", "short": "Determines if the project has defined a license." } }, @@ -206,7 +206,7 @@ "reason": "0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0", "name": "Maintained", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/d28512b65877e042871b0df77f2204c5f65fa76b/docs/checks.md#maintained", + "url": "https://github.com/ossf/scorecard/blob/c73828219b19826b3ddc4ac78882bc88746aa2ec/docs/checks.md#maintained", "short": "Determines if the project is \"actively maintained\"." } }, @@ -216,7 +216,7 @@ "reason": "packaging workflow not detected", "name": "Packaging", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/d28512b65877e042871b0df77f2204c5f65fa76b/docs/checks.md#packaging", + "url": "https://github.com/ossf/scorecard/blob/c73828219b19826b3ddc4ac78882bc88746aa2ec/docs/checks.md#packaging", "short": "Determines if the project is published as a package that others can easily download, install, easily update, and uninstall." } }, @@ -226,7 +226,7 @@ "reason": "no dependencies found", "name": "Pinned-Dependencies", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/d28512b65877e042871b0df77f2204c5f65fa76b/docs/checks.md#pinned-dependencies", + "url": "https://github.com/ossf/scorecard/blob/c73828219b19826b3ddc4ac78882bc88746aa2ec/docs/checks.md#pinned-dependencies", "short": "Determines if the project has declared and pinned the dependencies of its build process." } }, @@ -236,7 +236,7 @@ "reason": "no SAST tool detected", "name": "SAST", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/d28512b65877e042871b0df77f2204c5f65fa76b/docs/checks.md#sast", + "url": "https://github.com/ossf/scorecard/blob/c73828219b19826b3ddc4ac78882bc88746aa2ec/docs/checks.md#sast", "short": "Determines if the project uses static code analysis." } }, @@ -246,7 +246,7 @@ "reason": "security policy file detected", "name": "Security-Policy", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/d28512b65877e042871b0df77f2204c5f65fa76b/docs/checks.md#security-policy", + "url": "https://github.com/ossf/scorecard/blob/c73828219b19826b3ddc4ac78882bc88746aa2ec/docs/checks.md#security-policy", "short": "Determines if the project has published a security policy." } }, @@ -256,7 +256,7 @@ "reason": "no releases found", "name": "Signed-Releases", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/d28512b65877e042871b0df77f2204c5f65fa76b/docs/checks.md#signed-releases", + "url": "https://github.com/ossf/scorecard/blob/c73828219b19826b3ddc4ac78882bc88746aa2ec/docs/checks.md#signed-releases", "short": "Determines if the project cryptographically signs release artifacts." } }, @@ -266,7 +266,7 @@ "reason": "No tokens found", "name": "Token-Permissions", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/d28512b65877e042871b0df77f2204c5f65fa76b/docs/checks.md#token-permissions", + "url": "https://github.com/ossf/scorecard/blob/c73828219b19826b3ddc4ac78882bc88746aa2ec/docs/checks.md#token-permissions", "short": "Determines if the project's workflows follow the principle of least privilege." } }, @@ -276,7 +276,7 @@ "reason": "0 existing vulnerabilities detected", "name": "Vulnerabilities", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/d28512b65877e042871b0df77f2204c5f65fa76b/docs/checks.md#vulnerabilities", + "url": "https://github.com/ossf/scorecard/blob/c73828219b19826b3ddc4ac78882bc88746aa2ec/docs/checks.md#vulnerabilities", "short": "Determines if the project has open, known unfixed vulnerabilities." } } diff --git a/app/site/_data/DSACMS/ospo-guide/ospo-guide_data.json b/app/site/_data/DSACMS/ospo-guide/ospo-guide_data.json index a601ff380f..910b39e1d2 100644 --- a/app/site/_data/DSACMS/ospo-guide/ospo-guide_data.json +++ b/app/site/_data/DSACMS/ospo-guide/ospo-guide_data.json @@ -79,16 +79,16 @@ "dryness_table": "───────────────────────────────────────────────────────────────────────────────\nLanguage Files Lines Blanks Comments Code Complexity\n───────────────────────────────────────────────────────────────────────────────\nMarkdown 31 1707 530 0 1177 0\n(ULOC) 1114\n-------------------------------------------------------------------------------\nLicense 1 121 12 0 109 0\n(ULOC) 110\n-------------------------------------------------------------------------------\nYAML 1 13 0 0 13 0\n(ULOC) 13\n───────────────────────────────────────────────────────────────────────────────\nTotal 33 1841 542 0 1299 0\n───────────────────────────────────────────────────────────────────────────────\nUnique Lines of Code (ULOC) 1224\nDRYness % 0.66\n───────────────────────────────────────────────────────────────────────────────\nEstimated Cost to Develop (organic) $35,553\nEstimated Schedule Effort (organic) 3.87 months\nEstimated People Required (organic) 0.82\n───────────────────────────────────────────────────────────────────────────────\nProcessed 122713 bytes, 0.123 megabytes (SI)\n───────────────────────────────────────────────────────────────────────────────\n" }, "ossf_scorecard": { - "date": "2025-01-19T13:19:12Z", + "date": "2025-01-26T09:38:52Z", "repo": { "name": "github.com/DSACMS/ospo-guide", - "commit": "20ef1ad7f04dbbace9f1110027aa2f045de76b00" + "commit": "9ce0d6077f2383f729a740a80a94836dddd287c7" }, "scorecard": { - "version": "v5.0.0-135-gd28512b6", - "commit": "d28512b65877e042871b0df77f2204c5f65fa76b" + "version": "v5.0.0-139-gc7382821", + "commit": "c73828219b19826b3ddc4ac78882bc88746aa2ec" }, - "score": 5.1, + "score": 5.2, "checks": [ { "details": null, @@ -96,7 +96,7 @@ "reason": "no binaries found in the repo", "name": "Binary-Artifacts", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/d28512b65877e042871b0df77f2204c5f65fa76b/docs/checks.md#binary-artifacts", + "url": "https://github.com/ossf/scorecard/blob/c73828219b19826b3ddc4ac78882bc88746aa2ec/docs/checks.md#binary-artifacts", "short": "Determines if the project has generated executable (binary) artifacts in the source repository." } }, @@ -106,7 +106,7 @@ "reason": "branch protection not enabled on development/release branches", "name": "Branch-Protection", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/d28512b65877e042871b0df77f2204c5f65fa76b/docs/checks.md#branch-protection", + "url": "https://github.com/ossf/scorecard/blob/c73828219b19826b3ddc4ac78882bc88746aa2ec/docs/checks.md#branch-protection", "short": "Determines if the default and release branches are protected with GitHub's branch protection settings." } }, @@ -116,7 +116,7 @@ "reason": "0 out of 10 merged PRs checked by a CI test -- score normalized to 0", "name": "CI-Tests", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/d28512b65877e042871b0df77f2204c5f65fa76b/docs/checks.md#ci-tests", + "url": "https://github.com/ossf/scorecard/blob/c73828219b19826b3ddc4ac78882bc88746aa2ec/docs/checks.md#ci-tests", "short": "Determines if the project runs tests before pull requests are merged." } }, @@ -126,17 +126,17 @@ "reason": "no effort to earn an OpenSSF best practices badge detected", "name": "CII-Best-Practices", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/d28512b65877e042871b0df77f2204c5f65fa76b/docs/checks.md#cii-best-practices", + "url": "https://github.com/ossf/scorecard/blob/c73828219b19826b3ddc4ac78882bc88746aa2ec/docs/checks.md#cii-best-practices", "short": "Determines if the project has an OpenSSF (formerly CII) Best Practices Badge." } }, { "details": null, - "score": 6, - "reason": "Found 8/12 approved changesets -- score normalized to 6", + "score": 7, + "reason": "Found 8/11 approved changesets -- score normalized to 7", "name": "Code-Review", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/d28512b65877e042871b0df77f2204c5f65fa76b/docs/checks.md#code-review", + "url": "https://github.com/ossf/scorecard/blob/c73828219b19826b3ddc4ac78882bc88746aa2ec/docs/checks.md#code-review", "short": "Determines if the project requires human code review before pull requests (aka merge requests) are merged." } }, @@ -146,7 +146,7 @@ "reason": "project has 4 contributing companies or organizations", "name": "Contributors", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/d28512b65877e042871b0df77f2204c5f65fa76b/docs/checks.md#contributors", + "url": "https://github.com/ossf/scorecard/blob/c73828219b19826b3ddc4ac78882bc88746aa2ec/docs/checks.md#contributors", "short": "Determines if the project has a set of contributors from multiple organizations (e.g., companies)." } }, @@ -156,7 +156,7 @@ "reason": "no dangerous workflow patterns detected", "name": "Dangerous-Workflow", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/d28512b65877e042871b0df77f2204c5f65fa76b/docs/checks.md#dangerous-workflow", + "url": "https://github.com/ossf/scorecard/blob/c73828219b19826b3ddc4ac78882bc88746aa2ec/docs/checks.md#dangerous-workflow", "short": "Determines if the project's GitHub Action workflows avoid dangerous patterns." } }, @@ -166,7 +166,7 @@ "reason": "no update tool detected", "name": "Dependency-Update-Tool", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/d28512b65877e042871b0df77f2204c5f65fa76b/docs/checks.md#dependency-update-tool", + "url": "https://github.com/ossf/scorecard/blob/c73828219b19826b3ddc4ac78882bc88746aa2ec/docs/checks.md#dependency-update-tool", "short": "Determines if the project uses a dependency update tool." } }, @@ -176,7 +176,7 @@ "reason": "project is not fuzzed", "name": "Fuzzing", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/d28512b65877e042871b0df77f2204c5f65fa76b/docs/checks.md#fuzzing", + "url": "https://github.com/ossf/scorecard/blob/c73828219b19826b3ddc4ac78882bc88746aa2ec/docs/checks.md#fuzzing", "short": "Determines if the project uses fuzzing." } }, @@ -186,17 +186,17 @@ "reason": "license file detected", "name": "License", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/d28512b65877e042871b0df77f2204c5f65fa76b/docs/checks.md#license", + "url": "https://github.com/ossf/scorecard/blob/c73828219b19826b3ddc4ac78882bc88746aa2ec/docs/checks.md#license", "short": "Determines if the project has defined a license." } }, { "details": null, "score": 10, - "reason": "24 commit(s) and 5 issue activity found in the last 90 days -- score normalized to 10", + "reason": "27 commit(s) and 5 issue activity found in the last 90 days -- score normalized to 10", "name": "Maintained", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/d28512b65877e042871b0df77f2204c5f65fa76b/docs/checks.md#maintained", + "url": "https://github.com/ossf/scorecard/blob/c73828219b19826b3ddc4ac78882bc88746aa2ec/docs/checks.md#maintained", "short": "Determines if the project is \"actively maintained\"." } }, @@ -206,7 +206,7 @@ "reason": "packaging workflow not detected", "name": "Packaging", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/d28512b65877e042871b0df77f2204c5f65fa76b/docs/checks.md#packaging", + "url": "https://github.com/ossf/scorecard/blob/c73828219b19826b3ddc4ac78882bc88746aa2ec/docs/checks.md#packaging", "short": "Determines if the project is published as a package that others can easily download, install, easily update, and uninstall." } }, @@ -216,7 +216,7 @@ "reason": "dependency not pinned by hash detected -- score normalized to 0", "name": "Pinned-Dependencies", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/d28512b65877e042871b0df77f2204c5f65fa76b/docs/checks.md#pinned-dependencies", + "url": "https://github.com/ossf/scorecard/blob/c73828219b19826b3ddc4ac78882bc88746aa2ec/docs/checks.md#pinned-dependencies", "short": "Determines if the project has declared and pinned the dependencies of its build process." } }, @@ -226,7 +226,7 @@ "reason": "SAST tool is not run on all commits -- score normalized to 0", "name": "SAST", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/d28512b65877e042871b0df77f2204c5f65fa76b/docs/checks.md#sast", + "url": "https://github.com/ossf/scorecard/blob/c73828219b19826b3ddc4ac78882bc88746aa2ec/docs/checks.md#sast", "short": "Determines if the project uses static code analysis." } }, @@ -236,7 +236,7 @@ "reason": "security policy file detected", "name": "Security-Policy", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/d28512b65877e042871b0df77f2204c5f65fa76b/docs/checks.md#security-policy", + "url": "https://github.com/ossf/scorecard/blob/c73828219b19826b3ddc4ac78882bc88746aa2ec/docs/checks.md#security-policy", "short": "Determines if the project has published a security policy." } }, @@ -246,7 +246,7 @@ "reason": "no releases found", "name": "Signed-Releases", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/d28512b65877e042871b0df77f2204c5f65fa76b/docs/checks.md#signed-releases", + "url": "https://github.com/ossf/scorecard/blob/c73828219b19826b3ddc4ac78882bc88746aa2ec/docs/checks.md#signed-releases", "short": "Determines if the project cryptographically signs release artifacts." } }, @@ -256,7 +256,7 @@ "reason": "detected GitHub workflow tokens with excessive permissions", "name": "Token-Permissions", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/d28512b65877e042871b0df77f2204c5f65fa76b/docs/checks.md#token-permissions", + "url": "https://github.com/ossf/scorecard/blob/c73828219b19826b3ddc4ac78882bc88746aa2ec/docs/checks.md#token-permissions", "short": "Determines if the project's workflows follow the principle of least privilege." } }, @@ -266,7 +266,7 @@ "reason": "0 existing vulnerabilities detected", "name": "Vulnerabilities", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/d28512b65877e042871b0df77f2204c5f65fa76b/docs/checks.md#vulnerabilities", + "url": "https://github.com/ossf/scorecard/blob/c73828219b19826b3ddc4ac78882bc88746aa2ec/docs/checks.md#vulnerabilities", "short": "Determines if the project has open, known unfixed vulnerabilities." } } diff --git a/app/site/_data/DSACMS/oss-community-runbook/oss-community-runbook_data.json b/app/site/_data/DSACMS/oss-community-runbook/oss-community-runbook_data.json index e5ef60de94..9c72bd32c2 100644 --- a/app/site/_data/DSACMS/oss-community-runbook/oss-community-runbook_data.json +++ b/app/site/_data/DSACMS/oss-community-runbook/oss-community-runbook_data.json @@ -88,14 +88,14 @@ }, "created_at": "2023-07-20T20:34:00Z", "ossf_scorecard": { - "date": "2025-01-19T13:19:21Z", + "date": "2025-01-26T09:39:03Z", "repo": { "name": "github.com/DSACMS/oss-community-runbook", "commit": "c4a8f78466aa0a118409a884344357931c55d6c3" }, "scorecard": { - "version": "v5.0.0-135-gd28512b6", - "commit": "d28512b65877e042871b0df77f2204c5f65fa76b" + "version": "v5.0.0-139-gc7382821", + "commit": "c73828219b19826b3ddc4ac78882bc88746aa2ec" }, "score": 3.3, "checks": [ @@ -105,7 +105,7 @@ "reason": "no binaries found in the repo", "name": "Binary-Artifacts", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/d28512b65877e042871b0df77f2204c5f65fa76b/docs/checks.md#binary-artifacts", + "url": "https://github.com/ossf/scorecard/blob/c73828219b19826b3ddc4ac78882bc88746aa2ec/docs/checks.md#binary-artifacts", "short": "Determines if the project has generated executable (binary) artifacts in the source repository." } }, @@ -115,7 +115,7 @@ "reason": "branch protection not enabled on development/release branches", "name": "Branch-Protection", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/d28512b65877e042871b0df77f2204c5f65fa76b/docs/checks.md#branch-protection", + "url": "https://github.com/ossf/scorecard/blob/c73828219b19826b3ddc4ac78882bc88746aa2ec/docs/checks.md#branch-protection", "short": "Determines if the default and release branches are protected with GitHub's branch protection settings." } }, @@ -125,7 +125,7 @@ "reason": "no pull request found", "name": "CI-Tests", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/d28512b65877e042871b0df77f2204c5f65fa76b/docs/checks.md#ci-tests", + "url": "https://github.com/ossf/scorecard/blob/c73828219b19826b3ddc4ac78882bc88746aa2ec/docs/checks.md#ci-tests", "short": "Determines if the project runs tests before pull requests are merged." } }, @@ -135,7 +135,7 @@ "reason": "no effort to earn an OpenSSF best practices badge detected", "name": "CII-Best-Practices", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/d28512b65877e042871b0df77f2204c5f65fa76b/docs/checks.md#cii-best-practices", + "url": "https://github.com/ossf/scorecard/blob/c73828219b19826b3ddc4ac78882bc88746aa2ec/docs/checks.md#cii-best-practices", "short": "Determines if the project has an OpenSSF (formerly CII) Best Practices Badge." } }, @@ -145,7 +145,7 @@ "reason": "Found 0/1 approved changesets -- score normalized to 0", "name": "Code-Review", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/d28512b65877e042871b0df77f2204c5f65fa76b/docs/checks.md#code-review", + "url": "https://github.com/ossf/scorecard/blob/c73828219b19826b3ddc4ac78882bc88746aa2ec/docs/checks.md#code-review", "short": "Determines if the project requires human code review before pull requests (aka merge requests) are merged." } }, @@ -155,7 +155,7 @@ "reason": "project has 0 contributing companies or organizations -- score normalized to 0", "name": "Contributors", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/d28512b65877e042871b0df77f2204c5f65fa76b/docs/checks.md#contributors", + "url": "https://github.com/ossf/scorecard/blob/c73828219b19826b3ddc4ac78882bc88746aa2ec/docs/checks.md#contributors", "short": "Determines if the project has a set of contributors from multiple organizations (e.g., companies)." } }, @@ -165,7 +165,7 @@ "reason": "no workflows found", "name": "Dangerous-Workflow", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/d28512b65877e042871b0df77f2204c5f65fa76b/docs/checks.md#dangerous-workflow", + "url": "https://github.com/ossf/scorecard/blob/c73828219b19826b3ddc4ac78882bc88746aa2ec/docs/checks.md#dangerous-workflow", "short": "Determines if the project's GitHub Action workflows avoid dangerous patterns." } }, @@ -175,7 +175,7 @@ "reason": "no update tool detected", "name": "Dependency-Update-Tool", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/d28512b65877e042871b0df77f2204c5f65fa76b/docs/checks.md#dependency-update-tool", + "url": "https://github.com/ossf/scorecard/blob/c73828219b19826b3ddc4ac78882bc88746aa2ec/docs/checks.md#dependency-update-tool", "short": "Determines if the project uses a dependency update tool." } }, @@ -185,7 +185,7 @@ "reason": "project is not fuzzed", "name": "Fuzzing", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/d28512b65877e042871b0df77f2204c5f65fa76b/docs/checks.md#fuzzing", + "url": "https://github.com/ossf/scorecard/blob/c73828219b19826b3ddc4ac78882bc88746aa2ec/docs/checks.md#fuzzing", "short": "Determines if the project uses fuzzing." } }, @@ -195,7 +195,7 @@ "reason": "license file detected", "name": "License", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/d28512b65877e042871b0df77f2204c5f65fa76b/docs/checks.md#license", + "url": "https://github.com/ossf/scorecard/blob/c73828219b19826b3ddc4ac78882bc88746aa2ec/docs/checks.md#license", "short": "Determines if the project has defined a license." } }, @@ -205,7 +205,7 @@ "reason": "0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0", "name": "Maintained", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/d28512b65877e042871b0df77f2204c5f65fa76b/docs/checks.md#maintained", + "url": "https://github.com/ossf/scorecard/blob/c73828219b19826b3ddc4ac78882bc88746aa2ec/docs/checks.md#maintained", "short": "Determines if the project is \"actively maintained\"." } }, @@ -215,7 +215,7 @@ "reason": "packaging workflow not detected", "name": "Packaging", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/d28512b65877e042871b0df77f2204c5f65fa76b/docs/checks.md#packaging", + "url": "https://github.com/ossf/scorecard/blob/c73828219b19826b3ddc4ac78882bc88746aa2ec/docs/checks.md#packaging", "short": "Determines if the project is published as a package that others can easily download, install, easily update, and uninstall." } }, @@ -225,7 +225,7 @@ "reason": "no dependencies found", "name": "Pinned-Dependencies", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/d28512b65877e042871b0df77f2204c5f65fa76b/docs/checks.md#pinned-dependencies", + "url": "https://github.com/ossf/scorecard/blob/c73828219b19826b3ddc4ac78882bc88746aa2ec/docs/checks.md#pinned-dependencies", "short": "Determines if the project has declared and pinned the dependencies of its build process." } }, @@ -235,7 +235,7 @@ "reason": "no SAST tool detected", "name": "SAST", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/d28512b65877e042871b0df77f2204c5f65fa76b/docs/checks.md#sast", + "url": "https://github.com/ossf/scorecard/blob/c73828219b19826b3ddc4ac78882bc88746aa2ec/docs/checks.md#sast", "short": "Determines if the project uses static code analysis." } }, @@ -245,7 +245,7 @@ "reason": "security policy file detected", "name": "Security-Policy", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/d28512b65877e042871b0df77f2204c5f65fa76b/docs/checks.md#security-policy", + "url": "https://github.com/ossf/scorecard/blob/c73828219b19826b3ddc4ac78882bc88746aa2ec/docs/checks.md#security-policy", "short": "Determines if the project has published a security policy." } }, @@ -255,7 +255,7 @@ "reason": "no releases found", "name": "Signed-Releases", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/d28512b65877e042871b0df77f2204c5f65fa76b/docs/checks.md#signed-releases", + "url": "https://github.com/ossf/scorecard/blob/c73828219b19826b3ddc4ac78882bc88746aa2ec/docs/checks.md#signed-releases", "short": "Determines if the project cryptographically signs release artifacts." } }, @@ -265,7 +265,7 @@ "reason": "No tokens found", "name": "Token-Permissions", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/d28512b65877e042871b0df77f2204c5f65fa76b/docs/checks.md#token-permissions", + "url": "https://github.com/ossf/scorecard/blob/c73828219b19826b3ddc4ac78882bc88746aa2ec/docs/checks.md#token-permissions", "short": "Determines if the project's workflows follow the principle of least privilege." } }, @@ -275,7 +275,7 @@ "reason": "0 existing vulnerabilities detected", "name": "Vulnerabilities", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/d28512b65877e042871b0df77f2204c5f65fa76b/docs/checks.md#vulnerabilities", + "url": "https://github.com/ossf/scorecard/blob/c73828219b19826b3ddc4ac78882bc88746aa2ec/docs/checks.md#vulnerabilities", "short": "Determines if the project has open, known unfixed vulnerabilities." } } diff --git a/app/site/_data/DSACMS/repo-scaffolder/repo-scaffolder_data.json b/app/site/_data/DSACMS/repo-scaffolder/repo-scaffolder_data.json index 5e0cbca300..1d61590ecb 100644 --- a/app/site/_data/DSACMS/repo-scaffolder/repo-scaffolder_data.json +++ b/app/site/_data/DSACMS/repo-scaffolder/repo-scaffolder_data.json @@ -198,14 +198,14 @@ "repository_host": "Github.com", "maturity_model_tier": "3", "ossf_scorecard": { - "date": "2025-01-19T13:18:32Z", + "date": "2025-01-26T09:37:59Z", "repo": { "name": "github.com/DSACMS/repo-scaffolder", - "commit": "6a5b72f10d4beb57b70833aabe268c5dc138afec" + "commit": "8601fc1624acb705fe7063b6f0dc84014d2afb26" }, "scorecard": { - "version": "v5.0.0-135-gd28512b6", - "commit": "d28512b65877e042871b0df77f2204c5f65fa76b" + "version": "v5.0.0-139-gc7382821", + "commit": "c73828219b19826b3ddc4ac78882bc88746aa2ec" }, "score": 6.5, "checks": [ @@ -215,7 +215,7 @@ "reason": "no binaries found in the repo", "name": "Binary-Artifacts", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/d28512b65877e042871b0df77f2204c5f65fa76b/docs/checks.md#binary-artifacts", + "url": "https://github.com/ossf/scorecard/blob/c73828219b19826b3ddc4ac78882bc88746aa2ec/docs/checks.md#binary-artifacts", "short": "Determines if the project has generated executable (binary) artifacts in the source repository." } }, @@ -225,17 +225,17 @@ "reason": "branch protection is not maximal on development and all release branches", "name": "Branch-Protection", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/d28512b65877e042871b0df77f2204c5f65fa76b/docs/checks.md#branch-protection", + "url": "https://github.com/ossf/scorecard/blob/c73828219b19826b3ddc4ac78882bc88746aa2ec/docs/checks.md#branch-protection", "short": "Determines if the default and release branches are protected with GitHub's branch protection settings." } }, { "details": null, "score": 10, - "reason": "10 out of 10 merged PRs checked by a CI test -- score normalized to 10", + "reason": "7 out of 7 merged PRs checked by a CI test -- score normalized to 10", "name": "CI-Tests", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/d28512b65877e042871b0df77f2204c5f65fa76b/docs/checks.md#ci-tests", + "url": "https://github.com/ossf/scorecard/blob/c73828219b19826b3ddc4ac78882bc88746aa2ec/docs/checks.md#ci-tests", "short": "Determines if the project runs tests before pull requests are merged." } }, @@ -245,17 +245,17 @@ "reason": "no effort to earn an OpenSSF best practices badge detected", "name": "CII-Best-Practices", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/d28512b65877e042871b0df77f2204c5f65fa76b/docs/checks.md#cii-best-practices", + "url": "https://github.com/ossf/scorecard/blob/c73828219b19826b3ddc4ac78882bc88746aa2ec/docs/checks.md#cii-best-practices", "short": "Determines if the project has an OpenSSF (formerly CII) Best Practices Badge." } }, { "details": null, - "score": 9, - "reason": "Found 9/10 approved changesets -- score normalized to 9", + "score": 10, + "reason": "all changesets reviewed", "name": "Code-Review", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/d28512b65877e042871b0df77f2204c5f65fa76b/docs/checks.md#code-review", + "url": "https://github.com/ossf/scorecard/blob/c73828219b19826b3ddc4ac78882bc88746aa2ec/docs/checks.md#code-review", "short": "Determines if the project requires human code review before pull requests (aka merge requests) are merged." } }, @@ -265,7 +265,7 @@ "reason": "project has 13 contributing companies or organizations", "name": "Contributors", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/d28512b65877e042871b0df77f2204c5f65fa76b/docs/checks.md#contributors", + "url": "https://github.com/ossf/scorecard/blob/c73828219b19826b3ddc4ac78882bc88746aa2ec/docs/checks.md#contributors", "short": "Determines if the project has a set of contributors from multiple organizations (e.g., companies)." } }, @@ -275,7 +275,7 @@ "reason": "no dangerous workflow patterns detected", "name": "Dangerous-Workflow", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/d28512b65877e042871b0df77f2204c5f65fa76b/docs/checks.md#dangerous-workflow", + "url": "https://github.com/ossf/scorecard/blob/c73828219b19826b3ddc4ac78882bc88746aa2ec/docs/checks.md#dangerous-workflow", "short": "Determines if the project's GitHub Action workflows avoid dangerous patterns." } }, @@ -285,7 +285,7 @@ "reason": "no update tool detected", "name": "Dependency-Update-Tool", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/d28512b65877e042871b0df77f2204c5f65fa76b/docs/checks.md#dependency-update-tool", + "url": "https://github.com/ossf/scorecard/blob/c73828219b19826b3ddc4ac78882bc88746aa2ec/docs/checks.md#dependency-update-tool", "short": "Determines if the project uses a dependency update tool." } }, @@ -295,7 +295,7 @@ "reason": "project is not fuzzed", "name": "Fuzzing", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/d28512b65877e042871b0df77f2204c5f65fa76b/docs/checks.md#fuzzing", + "url": "https://github.com/ossf/scorecard/blob/c73828219b19826b3ddc4ac78882bc88746aa2ec/docs/checks.md#fuzzing", "short": "Determines if the project uses fuzzing." } }, @@ -305,17 +305,17 @@ "reason": "license file detected", "name": "License", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/d28512b65877e042871b0df77f2204c5f65fa76b/docs/checks.md#license", + "url": "https://github.com/ossf/scorecard/blob/c73828219b19826b3ddc4ac78882bc88746aa2ec/docs/checks.md#license", "short": "Determines if the project has defined a license." } }, { "details": null, "score": 10, - "reason": "30 commit(s) and 14 issue activity found in the last 90 days -- score normalized to 10", + "reason": "30 commit(s) and 13 issue activity found in the last 90 days -- score normalized to 10", "name": "Maintained", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/d28512b65877e042871b0df77f2204c5f65fa76b/docs/checks.md#maintained", + "url": "https://github.com/ossf/scorecard/blob/c73828219b19826b3ddc4ac78882bc88746aa2ec/docs/checks.md#maintained", "short": "Determines if the project is \"actively maintained\"." } }, @@ -325,7 +325,7 @@ "reason": "packaging workflow not detected", "name": "Packaging", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/d28512b65877e042871b0df77f2204c5f65fa76b/docs/checks.md#packaging", + "url": "https://github.com/ossf/scorecard/blob/c73828219b19826b3ddc4ac78882bc88746aa2ec/docs/checks.md#packaging", "short": "Determines if the project is published as a package that others can easily download, install, easily update, and uninstall." } }, @@ -335,7 +335,7 @@ "reason": "dependency not pinned by hash detected -- score normalized to 0", "name": "Pinned-Dependencies", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/d28512b65877e042871b0df77f2204c5f65fa76b/docs/checks.md#pinned-dependencies", + "url": "https://github.com/ossf/scorecard/blob/c73828219b19826b3ddc4ac78882bc88746aa2ec/docs/checks.md#pinned-dependencies", "short": "Determines if the project has declared and pinned the dependencies of its build process." } }, @@ -345,7 +345,7 @@ "reason": "SAST tool is run on all commits", "name": "SAST", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/d28512b65877e042871b0df77f2204c5f65fa76b/docs/checks.md#sast", + "url": "https://github.com/ossf/scorecard/blob/c73828219b19826b3ddc4ac78882bc88746aa2ec/docs/checks.md#sast", "short": "Determines if the project uses static code analysis." } }, @@ -355,7 +355,7 @@ "reason": "security policy file detected", "name": "Security-Policy", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/d28512b65877e042871b0df77f2204c5f65fa76b/docs/checks.md#security-policy", + "url": "https://github.com/ossf/scorecard/blob/c73828219b19826b3ddc4ac78882bc88746aa2ec/docs/checks.md#security-policy", "short": "Determines if the project has published a security policy." } }, @@ -365,7 +365,7 @@ "reason": "no releases found", "name": "Signed-Releases", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/d28512b65877e042871b0df77f2204c5f65fa76b/docs/checks.md#signed-releases", + "url": "https://github.com/ossf/scorecard/blob/c73828219b19826b3ddc4ac78882bc88746aa2ec/docs/checks.md#signed-releases", "short": "Determines if the project cryptographically signs release artifacts." } }, @@ -375,7 +375,7 @@ "reason": "detected GitHub workflow tokens with excessive permissions", "name": "Token-Permissions", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/d28512b65877e042871b0df77f2204c5f65fa76b/docs/checks.md#token-permissions", + "url": "https://github.com/ossf/scorecard/blob/c73828219b19826b3ddc4ac78882bc88746aa2ec/docs/checks.md#token-permissions", "short": "Determines if the project's workflows follow the principle of least privilege." } }, @@ -385,7 +385,7 @@ "reason": "0 existing vulnerabilities detected", "name": "Vulnerabilities", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/d28512b65877e042871b0df77f2204c5f65fa76b/docs/checks.md#vulnerabilities", + "url": "https://github.com/ossf/scorecard/blob/c73828219b19826b3ddc4ac78882bc88746aa2ec/docs/checks.md#vulnerabilities", "short": "Determines if the project has open, known unfixed vulnerabilities." } } diff --git a/app/site/_data/DSACMS/repodive-tools/repodive-tools_data.json b/app/site/_data/DSACMS/repodive-tools/repodive-tools_data.json index 493a289af3..97aa1a1be3 100644 --- a/app/site/_data/DSACMS/repodive-tools/repodive-tools_data.json +++ b/app/site/_data/DSACMS/repodive-tools/repodive-tools_data.json @@ -134,16 +134,16 @@ "dryness_table": "───────────────────────────────────────────────────────────────────────────────\nLanguage Files Lines Blanks Comments Code Complexity\n───────────────────────────────────────────────────────────────────────────────\nMarkdown 4 658 244 0 414 0\n(ULOC) 371\n-------------------------------------------------------------------------------\nShell 4 166 32 34 100 23\n(ULOC) 97\n-------------------------------------------------------------------------------\nJSON 2 882 0 0 882 0\n(ULOC) 282\n-------------------------------------------------------------------------------\nPython 2 67 20 3 44 11\n(ULOC) 38\n-------------------------------------------------------------------------------\nYAML 2 82 11 26 45 0\n(ULOC) 68\n-------------------------------------------------------------------------------\nLicense 1 121 12 0 109 0\n(ULOC) 110\n───────────────────────────────────────────────────────────────────────────────\nTotal 15 1976 319 63 1594 34\n───────────────────────────────────────────────────────────────────────────────\nUnique Lines of Code (ULOC) 958\nDRYness % 0.48\n───────────────────────────────────────────────────────────────────────────────\nEstimated Cost to Develop (organic) $44,076\nEstimated Schedule Effort (organic) 4.20 months\nEstimated People Required (organic) 0.93\n───────────────────────────────────────────────────────────────────────────────\nProcessed 105334 bytes, 0.105 megabytes (SI)\n───────────────────────────────────────────────────────────────────────────────\n" }, "ossf_scorecard": { - "date": "2025-01-19T13:19:06Z", + "date": "2025-01-26T09:38:45Z", "repo": { "name": "github.com/DSACMS/repodive-tools", "commit": "0b5b1d4caebfa9270eab8178b6f05b0976a50997" }, "scorecard": { - "version": "v5.0.0-135-gd28512b6", - "commit": "d28512b65877e042871b0df77f2204c5f65fa76b" + "version": "v5.0.0-139-gc7382821", + "commit": "c73828219b19826b3ddc4ac78882bc88746aa2ec" }, - "score": 4.4, + "score": 4.3, "checks": [ { "details": null, @@ -151,7 +151,7 @@ "reason": "no binaries found in the repo", "name": "Binary-Artifacts", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/d28512b65877e042871b0df77f2204c5f65fa76b/docs/checks.md#binary-artifacts", + "url": "https://github.com/ossf/scorecard/blob/c73828219b19826b3ddc4ac78882bc88746aa2ec/docs/checks.md#binary-artifacts", "short": "Determines if the project has generated executable (binary) artifacts in the source repository." } }, @@ -161,7 +161,7 @@ "reason": "branch protection not enabled on development/release branches", "name": "Branch-Protection", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/d28512b65877e042871b0df77f2204c5f65fa76b/docs/checks.md#branch-protection", + "url": "https://github.com/ossf/scorecard/blob/c73828219b19826b3ddc4ac78882bc88746aa2ec/docs/checks.md#branch-protection", "short": "Determines if the default and release branches are protected with GitHub's branch protection settings." } }, @@ -171,7 +171,7 @@ "reason": "3 out of 3 merged PRs checked by a CI test -- score normalized to 10", "name": "CI-Tests", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/d28512b65877e042871b0df77f2204c5f65fa76b/docs/checks.md#ci-tests", + "url": "https://github.com/ossf/scorecard/blob/c73828219b19826b3ddc4ac78882bc88746aa2ec/docs/checks.md#ci-tests", "short": "Determines if the project runs tests before pull requests are merged." } }, @@ -181,7 +181,7 @@ "reason": "no effort to earn an OpenSSF best practices badge detected", "name": "CII-Best-Practices", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/d28512b65877e042871b0df77f2204c5f65fa76b/docs/checks.md#cii-best-practices", + "url": "https://github.com/ossf/scorecard/blob/c73828219b19826b3ddc4ac78882bc88746aa2ec/docs/checks.md#cii-best-practices", "short": "Determines if the project has an OpenSSF (formerly CII) Best Practices Badge." } }, @@ -191,7 +191,7 @@ "reason": "Found 1/13 approved changesets -- score normalized to 0", "name": "Code-Review", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/d28512b65877e042871b0df77f2204c5f65fa76b/docs/checks.md#code-review", + "url": "https://github.com/ossf/scorecard/blob/c73828219b19826b3ddc4ac78882bc88746aa2ec/docs/checks.md#code-review", "short": "Determines if the project requires human code review before pull requests (aka merge requests) are merged." } }, @@ -201,7 +201,7 @@ "reason": "project has 1 contributing companies or organizations -- score normalized to 3", "name": "Contributors", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/d28512b65877e042871b0df77f2204c5f65fa76b/docs/checks.md#contributors", + "url": "https://github.com/ossf/scorecard/blob/c73828219b19826b3ddc4ac78882bc88746aa2ec/docs/checks.md#contributors", "short": "Determines if the project has a set of contributors from multiple organizations (e.g., companies)." } }, @@ -211,7 +211,7 @@ "reason": "no dangerous workflow patterns detected", "name": "Dangerous-Workflow", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/d28512b65877e042871b0df77f2204c5f65fa76b/docs/checks.md#dangerous-workflow", + "url": "https://github.com/ossf/scorecard/blob/c73828219b19826b3ddc4ac78882bc88746aa2ec/docs/checks.md#dangerous-workflow", "short": "Determines if the project's GitHub Action workflows avoid dangerous patterns." } }, @@ -221,7 +221,7 @@ "reason": "no update tool detected", "name": "Dependency-Update-Tool", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/d28512b65877e042871b0df77f2204c5f65fa76b/docs/checks.md#dependency-update-tool", + "url": "https://github.com/ossf/scorecard/blob/c73828219b19826b3ddc4ac78882bc88746aa2ec/docs/checks.md#dependency-update-tool", "short": "Determines if the project uses a dependency update tool." } }, @@ -231,7 +231,7 @@ "reason": "project is not fuzzed", "name": "Fuzzing", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/d28512b65877e042871b0df77f2204c5f65fa76b/docs/checks.md#fuzzing", + "url": "https://github.com/ossf/scorecard/blob/c73828219b19826b3ddc4ac78882bc88746aa2ec/docs/checks.md#fuzzing", "short": "Determines if the project uses fuzzing." } }, @@ -241,17 +241,17 @@ "reason": "license file detected", "name": "License", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/d28512b65877e042871b0df77f2204c5f65fa76b/docs/checks.md#license", + "url": "https://github.com/ossf/scorecard/blob/c73828219b19826b3ddc4ac78882bc88746aa2ec/docs/checks.md#license", "short": "Determines if the project has defined a license." } }, { "details": null, - "score": 6, - "reason": "8 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 6", + "score": 5, + "reason": "6 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 5", "name": "Maintained", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/d28512b65877e042871b0df77f2204c5f65fa76b/docs/checks.md#maintained", + "url": "https://github.com/ossf/scorecard/blob/c73828219b19826b3ddc4ac78882bc88746aa2ec/docs/checks.md#maintained", "short": "Determines if the project is \"actively maintained\"." } }, @@ -261,7 +261,7 @@ "reason": "packaging workflow not detected", "name": "Packaging", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/d28512b65877e042871b0df77f2204c5f65fa76b/docs/checks.md#packaging", + "url": "https://github.com/ossf/scorecard/blob/c73828219b19826b3ddc4ac78882bc88746aa2ec/docs/checks.md#packaging", "short": "Determines if the project is published as a package that others can easily download, install, easily update, and uninstall." } }, @@ -271,7 +271,7 @@ "reason": "dependency not pinned by hash detected -- score normalized to 0", "name": "Pinned-Dependencies", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/d28512b65877e042871b0df77f2204c5f65fa76b/docs/checks.md#pinned-dependencies", + "url": "https://github.com/ossf/scorecard/blob/c73828219b19826b3ddc4ac78882bc88746aa2ec/docs/checks.md#pinned-dependencies", "short": "Determines if the project has declared and pinned the dependencies of its build process." } }, @@ -281,7 +281,7 @@ "reason": "SAST tool is not run on all commits -- score normalized to 0", "name": "SAST", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/d28512b65877e042871b0df77f2204c5f65fa76b/docs/checks.md#sast", + "url": "https://github.com/ossf/scorecard/blob/c73828219b19826b3ddc4ac78882bc88746aa2ec/docs/checks.md#sast", "short": "Determines if the project uses static code analysis." } }, @@ -291,7 +291,7 @@ "reason": "security policy file detected", "name": "Security-Policy", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/d28512b65877e042871b0df77f2204c5f65fa76b/docs/checks.md#security-policy", + "url": "https://github.com/ossf/scorecard/blob/c73828219b19826b3ddc4ac78882bc88746aa2ec/docs/checks.md#security-policy", "short": "Determines if the project has published a security policy." } }, @@ -301,7 +301,7 @@ "reason": "no releases found", "name": "Signed-Releases", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/d28512b65877e042871b0df77f2204c5f65fa76b/docs/checks.md#signed-releases", + "url": "https://github.com/ossf/scorecard/blob/c73828219b19826b3ddc4ac78882bc88746aa2ec/docs/checks.md#signed-releases", "short": "Determines if the project cryptographically signs release artifacts." } }, @@ -311,7 +311,7 @@ "reason": "detected GitHub workflow tokens with excessive permissions", "name": "Token-Permissions", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/d28512b65877e042871b0df77f2204c5f65fa76b/docs/checks.md#token-permissions", + "url": "https://github.com/ossf/scorecard/blob/c73828219b19826b3ddc4ac78882bc88746aa2ec/docs/checks.md#token-permissions", "short": "Determines if the project's workflows follow the principle of least privilege." } }, @@ -321,7 +321,7 @@ "reason": "0 existing vulnerabilities detected", "name": "Vulnerabilities", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/d28512b65877e042871b0df77f2204c5f65fa76b/docs/checks.md#vulnerabilities", + "url": "https://github.com/ossf/scorecard/blob/c73828219b19826b3ddc4ac78882bc88746aa2ec/docs/checks.md#vulnerabilities", "short": "Determines if the project has open, known unfixed vulnerabilities." } } diff --git a/app/site/_data/DSACMS/reverse-scorecard-generation/reverse-scorecard-generation_data.json b/app/site/_data/DSACMS/reverse-scorecard-generation/reverse-scorecard-generation_data.json index 531faccc78..e8fbd32e2e 100644 --- a/app/site/_data/DSACMS/reverse-scorecard-generation/reverse-scorecard-generation_data.json +++ b/app/site/_data/DSACMS/reverse-scorecard-generation/reverse-scorecard-generation_data.json @@ -139,14 +139,14 @@ "dryness_table": "───────────────────────────────────────────────────────────────────────────────\nLanguage Files Lines Blanks Comments Code Complexity\n───────────────────────────────────────────────────────────────────────────────\nMarkdown 3 282 92 0 190 0\n(ULOC) 133\n-------------------------------------------------------------------------------\nJSON 2 825 0 0 825 0\n(ULOC) 156\n-------------------------------------------------------------------------------\nCSV 1 1 0 0 1 0\n(ULOC) 2\n-------------------------------------------------------------------------------\nLicense 1 121 12 0 109 0\n(ULOC) 110\n-------------------------------------------------------------------------------\nPlain Text 1 3 1 0 2 0\n(ULOC) 3\n-------------------------------------------------------------------------------\nPython 1 94 17 21 56 12\n(ULOC) 78\n-------------------------------------------------------------------------------\nYAML 1 71 9 37 25 0\n(ULOC) 56\n───────────────────────────────────────────────────────────────────────────────\nTotal 10 1397 131 58 1208 12\n───────────────────────────────────────────────────────────────────────────────\nUnique Lines of Code (ULOC) 532\nDRYness % 0.38\n───────────────────────────────────────────────────────────────────────────────\nEstimated Cost to Develop (organic) $32,943\nEstimated Schedule Effort (organic) 3.76 months\nEstimated People Required (organic) 0.78\n───────────────────────────────────────────────────────────────────────────────\nProcessed 49738 bytes, 0.050 megabytes (SI)\n───────────────────────────────────────────────────────────────────────────────\n" }, "ossf_scorecard": { - "date": "2025-01-19T13:19:28Z", + "date": "2025-01-26T09:39:11Z", "repo": { "name": "github.com/DSACMS/reverse-scorecard-generation", "commit": "a7ce7b5f4823b38a2b13a3ac830cb07c5c0ee39a" }, "scorecard": { - "version": "v5.0.0-135-gd28512b6", - "commit": "d28512b65877e042871b0df77f2204c5f65fa76b" + "version": "v5.0.0-139-gc7382821", + "commit": "c73828219b19826b3ddc4ac78882bc88746aa2ec" }, "score": 3.6, "checks": [ @@ -156,7 +156,7 @@ "reason": "no binaries found in the repo", "name": "Binary-Artifacts", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/d28512b65877e042871b0df77f2204c5f65fa76b/docs/checks.md#binary-artifacts", + "url": "https://github.com/ossf/scorecard/blob/c73828219b19826b3ddc4ac78882bc88746aa2ec/docs/checks.md#binary-artifacts", "short": "Determines if the project has generated executable (binary) artifacts in the source repository." } }, @@ -166,7 +166,7 @@ "reason": "branch protection not enabled on development/release branches", "name": "Branch-Protection", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/d28512b65877e042871b0df77f2204c5f65fa76b/docs/checks.md#branch-protection", + "url": "https://github.com/ossf/scorecard/blob/c73828219b19826b3ddc4ac78882bc88746aa2ec/docs/checks.md#branch-protection", "short": "Determines if the default and release branches are protected with GitHub's branch protection settings." } }, @@ -176,7 +176,7 @@ "reason": "no pull request found", "name": "CI-Tests", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/d28512b65877e042871b0df77f2204c5f65fa76b/docs/checks.md#ci-tests", + "url": "https://github.com/ossf/scorecard/blob/c73828219b19826b3ddc4ac78882bc88746aa2ec/docs/checks.md#ci-tests", "short": "Determines if the project runs tests before pull requests are merged." } }, @@ -186,7 +186,7 @@ "reason": "no effort to earn an OpenSSF best practices badge detected", "name": "CII-Best-Practices", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/d28512b65877e042871b0df77f2204c5f65fa76b/docs/checks.md#cii-best-practices", + "url": "https://github.com/ossf/scorecard/blob/c73828219b19826b3ddc4ac78882bc88746aa2ec/docs/checks.md#cii-best-practices", "short": "Determines if the project has an OpenSSF (formerly CII) Best Practices Badge." } }, @@ -196,7 +196,7 @@ "reason": "Found 0/4 approved changesets -- score normalized to 0", "name": "Code-Review", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/d28512b65877e042871b0df77f2204c5f65fa76b/docs/checks.md#code-review", + "url": "https://github.com/ossf/scorecard/blob/c73828219b19826b3ddc4ac78882bc88746aa2ec/docs/checks.md#code-review", "short": "Determines if the project requires human code review before pull requests (aka merge requests) are merged." } }, @@ -206,7 +206,7 @@ "reason": "project has 0 contributing companies or organizations -- score normalized to 0", "name": "Contributors", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/d28512b65877e042871b0df77f2204c5f65fa76b/docs/checks.md#contributors", + "url": "https://github.com/ossf/scorecard/blob/c73828219b19826b3ddc4ac78882bc88746aa2ec/docs/checks.md#contributors", "short": "Determines if the project has a set of contributors from multiple organizations (e.g., companies)." } }, @@ -216,7 +216,7 @@ "reason": "no dangerous workflow patterns detected", "name": "Dangerous-Workflow", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/d28512b65877e042871b0df77f2204c5f65fa76b/docs/checks.md#dangerous-workflow", + "url": "https://github.com/ossf/scorecard/blob/c73828219b19826b3ddc4ac78882bc88746aa2ec/docs/checks.md#dangerous-workflow", "short": "Determines if the project's GitHub Action workflows avoid dangerous patterns." } }, @@ -226,7 +226,7 @@ "reason": "no update tool detected", "name": "Dependency-Update-Tool", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/d28512b65877e042871b0df77f2204c5f65fa76b/docs/checks.md#dependency-update-tool", + "url": "https://github.com/ossf/scorecard/blob/c73828219b19826b3ddc4ac78882bc88746aa2ec/docs/checks.md#dependency-update-tool", "short": "Determines if the project uses a dependency update tool." } }, @@ -236,7 +236,7 @@ "reason": "project is not fuzzed", "name": "Fuzzing", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/d28512b65877e042871b0df77f2204c5f65fa76b/docs/checks.md#fuzzing", + "url": "https://github.com/ossf/scorecard/blob/c73828219b19826b3ddc4ac78882bc88746aa2ec/docs/checks.md#fuzzing", "short": "Determines if the project uses fuzzing." } }, @@ -246,7 +246,7 @@ "reason": "license file detected", "name": "License", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/d28512b65877e042871b0df77f2204c5f65fa76b/docs/checks.md#license", + "url": "https://github.com/ossf/scorecard/blob/c73828219b19826b3ddc4ac78882bc88746aa2ec/docs/checks.md#license", "short": "Determines if the project has defined a license." } }, @@ -256,7 +256,7 @@ "reason": "0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0", "name": "Maintained", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/d28512b65877e042871b0df77f2204c5f65fa76b/docs/checks.md#maintained", + "url": "https://github.com/ossf/scorecard/blob/c73828219b19826b3ddc4ac78882bc88746aa2ec/docs/checks.md#maintained", "short": "Determines if the project is \"actively maintained\"." } }, @@ -266,7 +266,7 @@ "reason": "packaging workflow not detected", "name": "Packaging", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/d28512b65877e042871b0df77f2204c5f65fa76b/docs/checks.md#packaging", + "url": "https://github.com/ossf/scorecard/blob/c73828219b19826b3ddc4ac78882bc88746aa2ec/docs/checks.md#packaging", "short": "Determines if the project is published as a package that others can easily download, install, easily update, and uninstall." } }, @@ -276,7 +276,7 @@ "reason": "dependency not pinned by hash detected -- score normalized to 0", "name": "Pinned-Dependencies", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/d28512b65877e042871b0df77f2204c5f65fa76b/docs/checks.md#pinned-dependencies", + "url": "https://github.com/ossf/scorecard/blob/c73828219b19826b3ddc4ac78882bc88746aa2ec/docs/checks.md#pinned-dependencies", "short": "Determines if the project has declared and pinned the dependencies of its build process." } }, @@ -286,7 +286,7 @@ "reason": "no SAST tool detected", "name": "SAST", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/d28512b65877e042871b0df77f2204c5f65fa76b/docs/checks.md#sast", + "url": "https://github.com/ossf/scorecard/blob/c73828219b19826b3ddc4ac78882bc88746aa2ec/docs/checks.md#sast", "short": "Determines if the project uses static code analysis." } }, @@ -296,7 +296,7 @@ "reason": "security policy file detected", "name": "Security-Policy", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/d28512b65877e042871b0df77f2204c5f65fa76b/docs/checks.md#security-policy", + "url": "https://github.com/ossf/scorecard/blob/c73828219b19826b3ddc4ac78882bc88746aa2ec/docs/checks.md#security-policy", "short": "Determines if the project has published a security policy." } }, @@ -306,7 +306,7 @@ "reason": "no releases found", "name": "Signed-Releases", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/d28512b65877e042871b0df77f2204c5f65fa76b/docs/checks.md#signed-releases", + "url": "https://github.com/ossf/scorecard/blob/c73828219b19826b3ddc4ac78882bc88746aa2ec/docs/checks.md#signed-releases", "short": "Determines if the project cryptographically signs release artifacts." } }, @@ -316,7 +316,7 @@ "reason": "detected GitHub workflow tokens with excessive permissions", "name": "Token-Permissions", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/d28512b65877e042871b0df77f2204c5f65fa76b/docs/checks.md#token-permissions", + "url": "https://github.com/ossf/scorecard/blob/c73828219b19826b3ddc4ac78882bc88746aa2ec/docs/checks.md#token-permissions", "short": "Determines if the project's workflows follow the principle of least privilege." } }, @@ -326,7 +326,7 @@ "reason": "0 existing vulnerabilities detected", "name": "Vulnerabilities", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/d28512b65877e042871b0df77f2204c5f65fa76b/docs/checks.md#vulnerabilities", + "url": "https://github.com/ossf/scorecard/blob/c73828219b19826b3ddc4ac78882bc88746aa2ec/docs/checks.md#vulnerabilities", "short": "Determines if the project has open, known unfixed vulnerabilities." } }