diff --git a/app/site/_data/Enterprise-CMCS/T-MSIS-Analytic-File-Generation-Python/T-MSIS-Analytic-File-Generation-Python_data.json b/app/site/_data/Enterprise-CMCS/T-MSIS-Analytic-File-Generation-Python/T-MSIS-Analytic-File-Generation-Python_data.json index 61c7197dda..9170cdb598 100644 --- a/app/site/_data/Enterprise-CMCS/T-MSIS-Analytic-File-Generation-Python/T-MSIS-Analytic-File-Generation-Python_data.json +++ b/app/site/_data/Enterprise-CMCS/T-MSIS-Analytic-File-Generation-Python/T-MSIS-Analytic-File-Generation-Python_data.json @@ -74,16 +74,16 @@ "nadia_badge_name": "midsize", "created_at": "2021-11-30T17:05:47Z", "ossf_scorecard": { - "date": "2025-01-05T08:56:31Z", + "date": "2025-01-11T00:18:45Z", "repo": { "name": "github.com/Enterprise-CMCS/T-MSIS-Analytic-File-Generation-Python", - "commit": "a621b578268ea67ef5c14a23229e4765f30f2a50" + "commit": "439a7a6e30d82ce056e04775ba54d523a5713b23" }, "scorecard": { - "version": "v5.0.0-125-g975ee230", - "commit": "975ee2304ef7097c94a377fe95976604b4adcf22" + "version": "v5.0.0-132-g43d5832d", + "commit": "43d5832d25ccc597a9b94926b6ad43da25204085" }, - "score": 5.5, + "score": 5.9, "checks": [ { "details": null, @@ -91,7 +91,7 @@ "reason": "no binaries found in the repo", "name": "Binary-Artifacts", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/975ee2304ef7097c94a377fe95976604b4adcf22/docs/checks.md#binary-artifacts", + "url": "https://github.com/ossf/scorecard/blob/43d5832d25ccc597a9b94926b6ad43da25204085/docs/checks.md#binary-artifacts", "short": "Determines if the project has generated executable (binary) artifacts in the source repository." } }, @@ -101,17 +101,17 @@ "reason": "branch protection is not maximal on development and all release branches", "name": "Branch-Protection", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/975ee2304ef7097c94a377fe95976604b4adcf22/docs/checks.md#branch-protection", + "url": "https://github.com/ossf/scorecard/blob/43d5832d25ccc597a9b94926b6ad43da25204085/docs/checks.md#branch-protection", "short": "Determines if the default and release branches are protected with GitHub's branch protection settings." } }, { "details": null, "score": 0, - "reason": "0 out of 18 merged PRs checked by a CI test -- score normalized to 0", + "reason": "0 out of 15 merged PRs checked by a CI test -- score normalized to 0", "name": "CI-Tests", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/975ee2304ef7097c94a377fe95976604b4adcf22/docs/checks.md#ci-tests", + "url": "https://github.com/ossf/scorecard/blob/43d5832d25ccc597a9b94926b6ad43da25204085/docs/checks.md#ci-tests", "short": "Determines if the project runs tests before pull requests are merged." } }, @@ -121,17 +121,17 @@ "reason": "no effort to earn an OpenSSF best practices badge detected", "name": "CII-Best-Practices", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/975ee2304ef7097c94a377fe95976604b4adcf22/docs/checks.md#cii-best-practices", + "url": "https://github.com/ossf/scorecard/blob/43d5832d25ccc597a9b94926b6ad43da25204085/docs/checks.md#cii-best-practices", "short": "Determines if the project has an OpenSSF (formerly CII) Best Practices Badge." } }, { "details": null, - "score": 10, - "reason": "all changesets reviewed", + "score": 8, + "reason": "Found 13/16 approved changesets -- score normalized to 8", "name": "Code-Review", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/975ee2304ef7097c94a377fe95976604b4adcf22/docs/checks.md#code-review", + "url": "https://github.com/ossf/scorecard/blob/43d5832d25ccc597a9b94926b6ad43da25204085/docs/checks.md#code-review", "short": "Determines if the project requires human code review before pull requests (aka merge requests) are merged." } }, @@ -141,7 +141,7 @@ "reason": "project has 3 contributing companies or organizations -- score normalized to 10", "name": "Contributors", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/975ee2304ef7097c94a377fe95976604b4adcf22/docs/checks.md#contributors", + "url": "https://github.com/ossf/scorecard/blob/43d5832d25ccc597a9b94926b6ad43da25204085/docs/checks.md#contributors", "short": "Determines if the project has a set of contributors from multiple organizations (e.g., companies)." } }, @@ -151,7 +151,7 @@ "reason": "no dangerous workflow patterns detected", "name": "Dangerous-Workflow", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/975ee2304ef7097c94a377fe95976604b4adcf22/docs/checks.md#dangerous-workflow", + "url": "https://github.com/ossf/scorecard/blob/43d5832d25ccc597a9b94926b6ad43da25204085/docs/checks.md#dangerous-workflow", "short": "Determines if the project's GitHub Action workflows avoid dangerous patterns." } }, @@ -161,7 +161,7 @@ "reason": "no update tool detected", "name": "Dependency-Update-Tool", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/975ee2304ef7097c94a377fe95976604b4adcf22/docs/checks.md#dependency-update-tool", + "url": "https://github.com/ossf/scorecard/blob/43d5832d25ccc597a9b94926b6ad43da25204085/docs/checks.md#dependency-update-tool", "short": "Determines if the project uses a dependency update tool." } }, @@ -171,7 +171,7 @@ "reason": "project is not fuzzed", "name": "Fuzzing", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/975ee2304ef7097c94a377fe95976604b4adcf22/docs/checks.md#fuzzing", + "url": "https://github.com/ossf/scorecard/blob/43d5832d25ccc597a9b94926b6ad43da25204085/docs/checks.md#fuzzing", "short": "Determines if the project uses fuzzing." } }, @@ -181,17 +181,17 @@ "reason": "license file detected", "name": "License", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/975ee2304ef7097c94a377fe95976604b4adcf22/docs/checks.md#license", + "url": "https://github.com/ossf/scorecard/blob/43d5832d25ccc597a9b94926b6ad43da25204085/docs/checks.md#license", "short": "Determines if the project has defined a license." } }, { "details": null, - "score": 3, - "reason": "4 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 3", + "score": 10, + "reason": "19 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 10", "name": "Maintained", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/975ee2304ef7097c94a377fe95976604b4adcf22/docs/checks.md#maintained", + "url": "https://github.com/ossf/scorecard/blob/43d5832d25ccc597a9b94926b6ad43da25204085/docs/checks.md#maintained", "short": "Determines if the project is \"actively maintained\"." } }, @@ -201,7 +201,7 @@ "reason": "packaging workflow not detected", "name": "Packaging", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/975ee2304ef7097c94a377fe95976604b4adcf22/docs/checks.md#packaging", + "url": "https://github.com/ossf/scorecard/blob/43d5832d25ccc597a9b94926b6ad43da25204085/docs/checks.md#packaging", "short": "Determines if the project is published as a package that others can easily download, install, easily update, and uninstall." } }, @@ -211,7 +211,7 @@ "reason": "dependency not pinned by hash detected -- score normalized to 0", "name": "Pinned-Dependencies", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/975ee2304ef7097c94a377fe95976604b4adcf22/docs/checks.md#pinned-dependencies", + "url": "https://github.com/ossf/scorecard/blob/43d5832d25ccc597a9b94926b6ad43da25204085/docs/checks.md#pinned-dependencies", "short": "Determines if the project has declared and pinned the dependencies of its build process." } }, @@ -221,7 +221,7 @@ "reason": "SAST tool is not run on all commits -- score normalized to 0", "name": "SAST", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/975ee2304ef7097c94a377fe95976604b4adcf22/docs/checks.md#sast", + "url": "https://github.com/ossf/scorecard/blob/43d5832d25ccc597a9b94926b6ad43da25204085/docs/checks.md#sast", "short": "Determines if the project uses static code analysis." } }, @@ -231,7 +231,7 @@ "reason": "security policy file not detected", "name": "Security-Policy", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/975ee2304ef7097c94a377fe95976604b4adcf22/docs/checks.md#security-policy", + "url": "https://github.com/ossf/scorecard/blob/43d5832d25ccc597a9b94926b6ad43da25204085/docs/checks.md#security-policy", "short": "Determines if the project has published a security policy." } }, @@ -241,7 +241,7 @@ "reason": "no releases found", "name": "Signed-Releases", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/975ee2304ef7097c94a377fe95976604b4adcf22/docs/checks.md#signed-releases", + "url": "https://github.com/ossf/scorecard/blob/43d5832d25ccc597a9b94926b6ad43da25204085/docs/checks.md#signed-releases", "short": "Determines if the project cryptographically signs release artifacts." } }, @@ -251,7 +251,7 @@ "reason": "detected GitHub workflow tokens with excessive permissions", "name": "Token-Permissions", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/975ee2304ef7097c94a377fe95976604b4adcf22/docs/checks.md#token-permissions", + "url": "https://github.com/ossf/scorecard/blob/43d5832d25ccc597a9b94926b6ad43da25204085/docs/checks.md#token-permissions", "short": "Determines if the project's workflows follow the principle of least privilege." } }, @@ -261,7 +261,7 @@ "reason": "0 existing vulnerabilities detected", "name": "Vulnerabilities", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/975ee2304ef7097c94a377fe95976604b4adcf22/docs/checks.md#vulnerabilities", + "url": "https://github.com/ossf/scorecard/blob/43d5832d25ccc597a9b94926b6ad43da25204085/docs/checks.md#vulnerabilities", "short": "Determines if the project has open, known unfixed vulnerabilities." } } diff --git a/app/site/_data/Enterprise-CMCS/cmcs-eregulations/cmcs-eregulations_data.json b/app/site/_data/Enterprise-CMCS/cmcs-eregulations/cmcs-eregulations_data.json index 84c05d12b1..9bd6208175 100644 --- a/app/site/_data/Enterprise-CMCS/cmcs-eregulations/cmcs-eregulations_data.json +++ b/app/site/_data/Enterprise-CMCS/cmcs-eregulations/cmcs-eregulations_data.json @@ -68,14 +68,14 @@ "nadia_badge_name": "midsize", "created_at": "2020-09-28T15:44:46Z", "ossf_scorecard": { - "date": "2025-01-05T08:52:37Z", + "date": "2025-01-11T00:14:40Z", "repo": { "name": "github.com/Enterprise-CMCS/cmcs-eregulations", - "commit": "d84c5c3cb040f8b03ab4a1518943f3a5dfaae9a4" + "commit": "12199b753319e0356666a8710003dd4bc9c612b5" }, "scorecard": { - "version": "v5.0.0-125-g975ee230", - "commit": "975ee2304ef7097c94a377fe95976604b4adcf22" + "version": "v5.0.0-132-g43d5832d", + "commit": "43d5832d25ccc597a9b94926b6ad43da25204085" }, "score": 6.6, "checks": [ @@ -85,7 +85,7 @@ "reason": "no binaries found in the repo", "name": "Binary-Artifacts", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/975ee2304ef7097c94a377fe95976604b4adcf22/docs/checks.md#binary-artifacts", + "url": "https://github.com/ossf/scorecard/blob/43d5832d25ccc597a9b94926b6ad43da25204085/docs/checks.md#binary-artifacts", "short": "Determines if the project has generated executable (binary) artifacts in the source repository." } }, @@ -95,7 +95,7 @@ "reason": "branch protection is not maximal on development and all release branches", "name": "Branch-Protection", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/975ee2304ef7097c94a377fe95976604b4adcf22/docs/checks.md#branch-protection", + "url": "https://github.com/ossf/scorecard/blob/43d5832d25ccc597a9b94926b6ad43da25204085/docs/checks.md#branch-protection", "short": "Determines if the default and release branches are protected with GitHub's branch protection settings." } }, @@ -105,7 +105,7 @@ "reason": "29 out of 29 merged PRs checked by a CI test -- score normalized to 10", "name": "CI-Tests", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/975ee2304ef7097c94a377fe95976604b4adcf22/docs/checks.md#ci-tests", + "url": "https://github.com/ossf/scorecard/blob/43d5832d25ccc597a9b94926b6ad43da25204085/docs/checks.md#ci-tests", "short": "Determines if the project runs tests before pull requests are merged." } }, @@ -115,27 +115,27 @@ "reason": "no effort to earn an OpenSSF best practices badge detected", "name": "CII-Best-Practices", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/975ee2304ef7097c94a377fe95976604b4adcf22/docs/checks.md#cii-best-practices", + "url": "https://github.com/ossf/scorecard/blob/43d5832d25ccc597a9b94926b6ad43da25204085/docs/checks.md#cii-best-practices", "short": "Determines if the project has an OpenSSF (formerly CII) Best Practices Badge." } }, { "details": null, "score": 9, - "reason": "Found 19/20 approved changesets -- score normalized to 9", + "reason": "Found 20/21 approved changesets -- score normalized to 9", "name": "Code-Review", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/975ee2304ef7097c94a377fe95976604b4adcf22/docs/checks.md#code-review", + "url": "https://github.com/ossf/scorecard/blob/43d5832d25ccc597a9b94926b6ad43da25204085/docs/checks.md#code-review", "short": "Determines if the project requires human code review before pull requests (aka merge requests) are merged." } }, { "details": null, "score": 10, - "reason": "project has 11 contributing companies or organizations", + "reason": "project has 10 contributing companies or organizations", "name": "Contributors", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/975ee2304ef7097c94a377fe95976604b4adcf22/docs/checks.md#contributors", + "url": "https://github.com/ossf/scorecard/blob/43d5832d25ccc597a9b94926b6ad43da25204085/docs/checks.md#contributors", "short": "Determines if the project has a set of contributors from multiple organizations (e.g., companies)." } }, @@ -145,7 +145,7 @@ "reason": "no dangerous workflow patterns detected", "name": "Dangerous-Workflow", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/975ee2304ef7097c94a377fe95976604b4adcf22/docs/checks.md#dangerous-workflow", + "url": "https://github.com/ossf/scorecard/blob/43d5832d25ccc597a9b94926b6ad43da25204085/docs/checks.md#dangerous-workflow", "short": "Determines if the project's GitHub Action workflows avoid dangerous patterns." } }, @@ -155,7 +155,7 @@ "reason": "update tool detected", "name": "Dependency-Update-Tool", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/975ee2304ef7097c94a377fe95976604b4adcf22/docs/checks.md#dependency-update-tool", + "url": "https://github.com/ossf/scorecard/blob/43d5832d25ccc597a9b94926b6ad43da25204085/docs/checks.md#dependency-update-tool", "short": "Determines if the project uses a dependency update tool." } }, @@ -165,7 +165,7 @@ "reason": "project is not fuzzed", "name": "Fuzzing", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/975ee2304ef7097c94a377fe95976604b4adcf22/docs/checks.md#fuzzing", + "url": "https://github.com/ossf/scorecard/blob/43d5832d25ccc597a9b94926b6ad43da25204085/docs/checks.md#fuzzing", "short": "Determines if the project uses fuzzing." } }, @@ -175,7 +175,7 @@ "reason": "license file detected", "name": "License", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/975ee2304ef7097c94a377fe95976604b4adcf22/docs/checks.md#license", + "url": "https://github.com/ossf/scorecard/blob/43d5832d25ccc597a9b94926b6ad43da25204085/docs/checks.md#license", "short": "Determines if the project has defined a license." } }, @@ -185,7 +185,7 @@ "reason": "30 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 10", "name": "Maintained", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/975ee2304ef7097c94a377fe95976604b4adcf22/docs/checks.md#maintained", + "url": "https://github.com/ossf/scorecard/blob/43d5832d25ccc597a9b94926b6ad43da25204085/docs/checks.md#maintained", "short": "Determines if the project is \"actively maintained\"." } }, @@ -195,7 +195,7 @@ "reason": "packaging workflow not detected", "name": "Packaging", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/975ee2304ef7097c94a377fe95976604b4adcf22/docs/checks.md#packaging", + "url": "https://github.com/ossf/scorecard/blob/43d5832d25ccc597a9b94926b6ad43da25204085/docs/checks.md#packaging", "short": "Determines if the project is published as a package that others can easily download, install, easily update, and uninstall." } }, @@ -205,7 +205,7 @@ "reason": "dependency not pinned by hash detected -- score normalized to 0", "name": "Pinned-Dependencies", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/975ee2304ef7097c94a377fe95976604b4adcf22/docs/checks.md#pinned-dependencies", + "url": "https://github.com/ossf/scorecard/blob/43d5832d25ccc597a9b94926b6ad43da25204085/docs/checks.md#pinned-dependencies", "short": "Determines if the project has declared and pinned the dependencies of its build process." } }, @@ -215,7 +215,7 @@ "reason": "SAST tool is run on all commits", "name": "SAST", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/975ee2304ef7097c94a377fe95976604b4adcf22/docs/checks.md#sast", + "url": "https://github.com/ossf/scorecard/blob/43d5832d25ccc597a9b94926b6ad43da25204085/docs/checks.md#sast", "short": "Determines if the project uses static code analysis." } }, @@ -225,7 +225,7 @@ "reason": "security policy file detected", "name": "Security-Policy", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/975ee2304ef7097c94a377fe95976604b4adcf22/docs/checks.md#security-policy", + "url": "https://github.com/ossf/scorecard/blob/43d5832d25ccc597a9b94926b6ad43da25204085/docs/checks.md#security-policy", "short": "Determines if the project has published a security policy." } }, @@ -235,7 +235,7 @@ "reason": "no releases found", "name": "Signed-Releases", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/975ee2304ef7097c94a377fe95976604b4adcf22/docs/checks.md#signed-releases", + "url": "https://github.com/ossf/scorecard/blob/43d5832d25ccc597a9b94926b6ad43da25204085/docs/checks.md#signed-releases", "short": "Determines if the project cryptographically signs release artifacts." } }, @@ -245,17 +245,17 @@ "reason": "detected GitHub workflow tokens with excessive permissions", "name": "Token-Permissions", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/975ee2304ef7097c94a377fe95976604b4adcf22/docs/checks.md#token-permissions", + "url": "https://github.com/ossf/scorecard/blob/43d5832d25ccc597a9b94926b6ad43da25204085/docs/checks.md#token-permissions", "short": "Determines if the project's workflows follow the principle of least privilege." } }, { "details": null, "score": 0, - "reason": "17 existing vulnerabilities detected", + "reason": "32 existing vulnerabilities detected", "name": "Vulnerabilities", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/975ee2304ef7097c94a377fe95976604b4adcf22/docs/checks.md#vulnerabilities", + "url": "https://github.com/ossf/scorecard/blob/43d5832d25ccc597a9b94926b6ad43da25204085/docs/checks.md#vulnerabilities", "short": "Determines if the project has open, known unfixed vulnerabilities." } } diff --git a/app/site/_data/Enterprise-CMCS/eAPD/eAPD_data.json b/app/site/_data/Enterprise-CMCS/eAPD/eAPD_data.json index 70d57ce42d..6219233836 100644 --- a/app/site/_data/Enterprise-CMCS/eAPD/eAPD_data.json +++ b/app/site/_data/Enterprise-CMCS/eAPD/eAPD_data.json @@ -33,14 +33,14 @@ "nadia_badge_name": "club", "created_at": "2017-12-05T21:20:35Z", "ossf_scorecard": { - "date": "2025-01-05T09:01:36Z", + "date": "2025-01-11T00:24:02Z", "repo": { "name": "github.com/Enterprise-CMCS/eAPD", "commit": "e3eb85c03858858cbeefbc09862d502ee3ca60d0" }, "scorecard": { - "version": "v5.0.0-125-g975ee230", - "commit": "975ee2304ef7097c94a377fe95976604b4adcf22" + "version": "v5.0.0-132-g43d5832d", + "commit": "43d5832d25ccc597a9b94926b6ad43da25204085" }, "score": 4.7, "checks": [ @@ -50,7 +50,7 @@ "reason": "no binaries found in the repo", "name": "Binary-Artifacts", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/975ee2304ef7097c94a377fe95976604b4adcf22/docs/checks.md#binary-artifacts", + "url": "https://github.com/ossf/scorecard/blob/43d5832d25ccc597a9b94926b6ad43da25204085/docs/checks.md#binary-artifacts", "short": "Determines if the project has generated executable (binary) artifacts in the source repository." } }, @@ -60,7 +60,7 @@ "reason": "branch protection is not maximal on development and all release branches", "name": "Branch-Protection", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/975ee2304ef7097c94a377fe95976604b4adcf22/docs/checks.md#branch-protection", + "url": "https://github.com/ossf/scorecard/blob/43d5832d25ccc597a9b94926b6ad43da25204085/docs/checks.md#branch-protection", "short": "Determines if the default and release branches are protected with GitHub's branch protection settings." } }, @@ -70,7 +70,7 @@ "reason": "0 out of 30 merged PRs checked by a CI test -- score normalized to 0", "name": "CI-Tests", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/975ee2304ef7097c94a377fe95976604b4adcf22/docs/checks.md#ci-tests", + "url": "https://github.com/ossf/scorecard/blob/43d5832d25ccc597a9b94926b6ad43da25204085/docs/checks.md#ci-tests", "short": "Determines if the project runs tests before pull requests are merged." } }, @@ -80,7 +80,7 @@ "reason": "no effort to earn an OpenSSF best practices badge detected", "name": "CII-Best-Practices", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/975ee2304ef7097c94a377fe95976604b4adcf22/docs/checks.md#cii-best-practices", + "url": "https://github.com/ossf/scorecard/blob/43d5832d25ccc597a9b94926b6ad43da25204085/docs/checks.md#cii-best-practices", "short": "Determines if the project has an OpenSSF (formerly CII) Best Practices Badge." } }, @@ -90,7 +90,7 @@ "reason": "all changesets reviewed", "name": "Code-Review", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/975ee2304ef7097c94a377fe95976604b4adcf22/docs/checks.md#code-review", + "url": "https://github.com/ossf/scorecard/blob/43d5832d25ccc597a9b94926b6ad43da25204085/docs/checks.md#code-review", "short": "Determines if the project requires human code review before pull requests (aka merge requests) are merged." } }, @@ -100,7 +100,7 @@ "reason": "project has 10 contributing companies or organizations", "name": "Contributors", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/975ee2304ef7097c94a377fe95976604b4adcf22/docs/checks.md#contributors", + "url": "https://github.com/ossf/scorecard/blob/43d5832d25ccc597a9b94926b6ad43da25204085/docs/checks.md#contributors", "short": "Determines if the project has a set of contributors from multiple organizations (e.g., companies)." } }, @@ -110,7 +110,7 @@ "reason": "no dangerous workflow patterns detected", "name": "Dangerous-Workflow", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/975ee2304ef7097c94a377fe95976604b4adcf22/docs/checks.md#dangerous-workflow", + "url": "https://github.com/ossf/scorecard/blob/43d5832d25ccc597a9b94926b6ad43da25204085/docs/checks.md#dangerous-workflow", "short": "Determines if the project's GitHub Action workflows avoid dangerous patterns." } }, @@ -120,7 +120,7 @@ "reason": "update tool detected", "name": "Dependency-Update-Tool", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/975ee2304ef7097c94a377fe95976604b4adcf22/docs/checks.md#dependency-update-tool", + "url": "https://github.com/ossf/scorecard/blob/43d5832d25ccc597a9b94926b6ad43da25204085/docs/checks.md#dependency-update-tool", "short": "Determines if the project uses a dependency update tool." } }, @@ -130,7 +130,7 @@ "reason": "project is not fuzzed", "name": "Fuzzing", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/975ee2304ef7097c94a377fe95976604b4adcf22/docs/checks.md#fuzzing", + "url": "https://github.com/ossf/scorecard/blob/43d5832d25ccc597a9b94926b6ad43da25204085/docs/checks.md#fuzzing", "short": "Determines if the project uses fuzzing." } }, @@ -140,7 +140,7 @@ "reason": "license file detected", "name": "License", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/975ee2304ef7097c94a377fe95976604b4adcf22/docs/checks.md#license", + "url": "https://github.com/ossf/scorecard/blob/43d5832d25ccc597a9b94926b6ad43da25204085/docs/checks.md#license", "short": "Determines if the project has defined a license." } }, @@ -150,7 +150,7 @@ "reason": "0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0", "name": "Maintained", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/975ee2304ef7097c94a377fe95976604b4adcf22/docs/checks.md#maintained", + "url": "https://github.com/ossf/scorecard/blob/43d5832d25ccc597a9b94926b6ad43da25204085/docs/checks.md#maintained", "short": "Determines if the project is \"actively maintained\"." } }, @@ -160,7 +160,7 @@ "reason": "packaging workflow not detected", "name": "Packaging", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/975ee2304ef7097c94a377fe95976604b4adcf22/docs/checks.md#packaging", + "url": "https://github.com/ossf/scorecard/blob/43d5832d25ccc597a9b94926b6ad43da25204085/docs/checks.md#packaging", "short": "Determines if the project is published as a package that others can easily download, install, easily update, and uninstall." } }, @@ -170,7 +170,7 @@ "reason": "dependency not pinned by hash detected -- score normalized to 0", "name": "Pinned-Dependencies", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/975ee2304ef7097c94a377fe95976604b4adcf22/docs/checks.md#pinned-dependencies", + "url": "https://github.com/ossf/scorecard/blob/43d5832d25ccc597a9b94926b6ad43da25204085/docs/checks.md#pinned-dependencies", "short": "Determines if the project has declared and pinned the dependencies of its build process." } }, @@ -180,7 +180,7 @@ "reason": "SAST tool is not run on all commits -- score normalized to 0", "name": "SAST", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/975ee2304ef7097c94a377fe95976604b4adcf22/docs/checks.md#sast", + "url": "https://github.com/ossf/scorecard/blob/43d5832d25ccc597a9b94926b6ad43da25204085/docs/checks.md#sast", "short": "Determines if the project uses static code analysis." } }, @@ -190,7 +190,7 @@ "reason": "security policy file not detected", "name": "Security-Policy", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/975ee2304ef7097c94a377fe95976604b4adcf22/docs/checks.md#security-policy", + "url": "https://github.com/ossf/scorecard/blob/43d5832d25ccc597a9b94926b6ad43da25204085/docs/checks.md#security-policy", "short": "Determines if the project has published a security policy." } }, @@ -200,7 +200,7 @@ "reason": "no releases found", "name": "Signed-Releases", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/975ee2304ef7097c94a377fe95976604b4adcf22/docs/checks.md#signed-releases", + "url": "https://github.com/ossf/scorecard/blob/43d5832d25ccc597a9b94926b6ad43da25204085/docs/checks.md#signed-releases", "short": "Determines if the project cryptographically signs release artifacts." } }, @@ -210,7 +210,7 @@ "reason": "detected GitHub workflow tokens with excessive permissions", "name": "Token-Permissions", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/975ee2304ef7097c94a377fe95976604b4adcf22/docs/checks.md#token-permissions", + "url": "https://github.com/ossf/scorecard/blob/43d5832d25ccc597a9b94926b6ad43da25204085/docs/checks.md#token-permissions", "short": "Determines if the project's workflows follow the principle of least privilege." } }, @@ -220,7 +220,7 @@ "reason": "58 existing vulnerabilities detected", "name": "Vulnerabilities", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/975ee2304ef7097c94a377fe95976604b4adcf22/docs/checks.md#vulnerabilities", + "url": "https://github.com/ossf/scorecard/blob/43d5832d25ccc597a9b94926b6ad43da25204085/docs/checks.md#vulnerabilities", "short": "Determines if the project has open, known unfixed vulnerabilities." } } diff --git a/app/site/_data/Enterprise-CMCS/mac-fc-amazon-ecs-run-task/mac-fc-amazon-ecs-run-task_data.json b/app/site/_data/Enterprise-CMCS/mac-fc-amazon-ecs-run-task/mac-fc-amazon-ecs-run-task_data.json index 5bdf6513df..7adbd3cd7a 100644 --- a/app/site/_data/Enterprise-CMCS/mac-fc-amazon-ecs-run-task/mac-fc-amazon-ecs-run-task_data.json +++ b/app/site/_data/Enterprise-CMCS/mac-fc-amazon-ecs-run-task/mac-fc-amazon-ecs-run-task_data.json @@ -37,14 +37,14 @@ "nadia_badge_name": "midsize", "created_at": "2023-02-23T18:13:54Z", "ossf_scorecard": { - "date": "2025-01-05T09:00:39Z", + "date": "2025-01-11T00:23:07Z", "repo": { "name": "github.com/Enterprise-CMCS/mac-fc-amazon-ecs-run-task", "commit": "d0e41e15a6833b6aec7a31cf2e90adbfb61b9998" }, "scorecard": { - "version": "v5.0.0-125-g975ee230", - "commit": "975ee2304ef7097c94a377fe95976604b4adcf22" + "version": "v5.0.0-132-g43d5832d", + "commit": "43d5832d25ccc597a9b94926b6ad43da25204085" }, "score": 3.9, "checks": [ @@ -54,7 +54,7 @@ "reason": "no binaries found in the repo", "name": "Binary-Artifacts", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/975ee2304ef7097c94a377fe95976604b4adcf22/docs/checks.md#binary-artifacts", + "url": "https://github.com/ossf/scorecard/blob/43d5832d25ccc597a9b94926b6ad43da25204085/docs/checks.md#binary-artifacts", "short": "Determines if the project has generated executable (binary) artifacts in the source repository." } }, @@ -64,7 +64,7 @@ "reason": "branch protection is not maximal on development and all release branches", "name": "Branch-Protection", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/975ee2304ef7097c94a377fe95976604b4adcf22/docs/checks.md#branch-protection", + "url": "https://github.com/ossf/scorecard/blob/43d5832d25ccc597a9b94926b6ad43da25204085/docs/checks.md#branch-protection", "short": "Determines if the default and release branches are protected with GitHub's branch protection settings." } }, @@ -74,7 +74,7 @@ "reason": "0 out of 2 merged PRs checked by a CI test -- score normalized to 0", "name": "CI-Tests", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/975ee2304ef7097c94a377fe95976604b4adcf22/docs/checks.md#ci-tests", + "url": "https://github.com/ossf/scorecard/blob/43d5832d25ccc597a9b94926b6ad43da25204085/docs/checks.md#ci-tests", "short": "Determines if the project runs tests before pull requests are merged." } }, @@ -84,7 +84,7 @@ "reason": "no effort to earn an OpenSSF best practices badge detected", "name": "CII-Best-Practices", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/975ee2304ef7097c94a377fe95976604b4adcf22/docs/checks.md#cii-best-practices", + "url": "https://github.com/ossf/scorecard/blob/43d5832d25ccc597a9b94926b6ad43da25204085/docs/checks.md#cii-best-practices", "short": "Determines if the project has an OpenSSF (formerly CII) Best Practices Badge." } }, @@ -94,7 +94,7 @@ "reason": "Found 2/22 approved changesets -- score normalized to 0", "name": "Code-Review", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/975ee2304ef7097c94a377fe95976604b4adcf22/docs/checks.md#code-review", + "url": "https://github.com/ossf/scorecard/blob/43d5832d25ccc597a9b94926b6ad43da25204085/docs/checks.md#code-review", "short": "Determines if the project requires human code review before pull requests (aka merge requests) are merged." } }, @@ -104,7 +104,7 @@ "reason": "project has 7 contributing companies or organizations", "name": "Contributors", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/975ee2304ef7097c94a377fe95976604b4adcf22/docs/checks.md#contributors", + "url": "https://github.com/ossf/scorecard/blob/43d5832d25ccc597a9b94926b6ad43da25204085/docs/checks.md#contributors", "short": "Determines if the project has a set of contributors from multiple organizations (e.g., companies)." } }, @@ -114,7 +114,7 @@ "reason": "no dangerous workflow patterns detected", "name": "Dangerous-Workflow", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/975ee2304ef7097c94a377fe95976604b4adcf22/docs/checks.md#dangerous-workflow", + "url": "https://github.com/ossf/scorecard/blob/43d5832d25ccc597a9b94926b6ad43da25204085/docs/checks.md#dangerous-workflow", "short": "Determines if the project's GitHub Action workflows avoid dangerous patterns." } }, @@ -124,7 +124,7 @@ "reason": "update tool detected", "name": "Dependency-Update-Tool", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/975ee2304ef7097c94a377fe95976604b4adcf22/docs/checks.md#dependency-update-tool", + "url": "https://github.com/ossf/scorecard/blob/43d5832d25ccc597a9b94926b6ad43da25204085/docs/checks.md#dependency-update-tool", "short": "Determines if the project uses a dependency update tool." } }, @@ -134,7 +134,7 @@ "reason": "project is not fuzzed", "name": "Fuzzing", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/975ee2304ef7097c94a377fe95976604b4adcf22/docs/checks.md#fuzzing", + "url": "https://github.com/ossf/scorecard/blob/43d5832d25ccc597a9b94926b6ad43da25204085/docs/checks.md#fuzzing", "short": "Determines if the project uses fuzzing." } }, @@ -144,7 +144,7 @@ "reason": "license file detected", "name": "License", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/975ee2304ef7097c94a377fe95976604b4adcf22/docs/checks.md#license", + "url": "https://github.com/ossf/scorecard/blob/43d5832d25ccc597a9b94926b6ad43da25204085/docs/checks.md#license", "short": "Determines if the project has defined a license." } }, @@ -154,7 +154,7 @@ "reason": "0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0", "name": "Maintained", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/975ee2304ef7097c94a377fe95976604b4adcf22/docs/checks.md#maintained", + "url": "https://github.com/ossf/scorecard/blob/43d5832d25ccc597a9b94926b6ad43da25204085/docs/checks.md#maintained", "short": "Determines if the project is \"actively maintained\"." } }, @@ -164,7 +164,7 @@ "reason": "packaging workflow not detected", "name": "Packaging", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/975ee2304ef7097c94a377fe95976604b4adcf22/docs/checks.md#packaging", + "url": "https://github.com/ossf/scorecard/blob/43d5832d25ccc597a9b94926b6ad43da25204085/docs/checks.md#packaging", "short": "Determines if the project is published as a package that others can easily download, install, easily update, and uninstall." } }, @@ -174,7 +174,7 @@ "reason": "dependency not pinned by hash detected -- score normalized to 3", "name": "Pinned-Dependencies", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/975ee2304ef7097c94a377fe95976604b4adcf22/docs/checks.md#pinned-dependencies", + "url": "https://github.com/ossf/scorecard/blob/43d5832d25ccc597a9b94926b6ad43da25204085/docs/checks.md#pinned-dependencies", "short": "Determines if the project has declared and pinned the dependencies of its build process." } }, @@ -184,7 +184,7 @@ "reason": "SAST tool is not run on all commits -- score normalized to 0", "name": "SAST", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/975ee2304ef7097c94a377fe95976604b4adcf22/docs/checks.md#sast", + "url": "https://github.com/ossf/scorecard/blob/43d5832d25ccc597a9b94926b6ad43da25204085/docs/checks.md#sast", "short": "Determines if the project uses static code analysis." } }, @@ -194,7 +194,7 @@ "reason": "security policy file not detected", "name": "Security-Policy", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/975ee2304ef7097c94a377fe95976604b4adcf22/docs/checks.md#security-policy", + "url": "https://github.com/ossf/scorecard/blob/43d5832d25ccc597a9b94926b6ad43da25204085/docs/checks.md#security-policy", "short": "Determines if the project has published a security policy." } }, @@ -204,7 +204,7 @@ "reason": "no releases found", "name": "Signed-Releases", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/975ee2304ef7097c94a377fe95976604b4adcf22/docs/checks.md#signed-releases", + "url": "https://github.com/ossf/scorecard/blob/43d5832d25ccc597a9b94926b6ad43da25204085/docs/checks.md#signed-releases", "short": "Determines if the project cryptographically signs release artifacts." } }, @@ -214,7 +214,7 @@ "reason": "detected GitHub workflow tokens with excessive permissions", "name": "Token-Permissions", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/975ee2304ef7097c94a377fe95976604b4adcf22/docs/checks.md#token-permissions", + "url": "https://github.com/ossf/scorecard/blob/43d5832d25ccc597a9b94926b6ad43da25204085/docs/checks.md#token-permissions", "short": "Determines if the project's workflows follow the principle of least privilege." } }, @@ -224,7 +224,7 @@ "reason": "29 existing vulnerabilities detected", "name": "Vulnerabilities", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/975ee2304ef7097c94a377fe95976604b4adcf22/docs/checks.md#vulnerabilities", + "url": "https://github.com/ossf/scorecard/blob/43d5832d25ccc597a9b94926b6ad43da25204085/docs/checks.md#vulnerabilities", "short": "Determines if the project has open, known unfixed vulnerabilities." } } diff --git a/app/site/_data/Enterprise-CMCS/mac-fc-github-actions-runner-aws/mac-fc-github-actions-runner-aws_data.json b/app/site/_data/Enterprise-CMCS/mac-fc-github-actions-runner-aws/mac-fc-github-actions-runner-aws_data.json index dccdf55e32..ab16638994 100644 --- a/app/site/_data/Enterprise-CMCS/mac-fc-github-actions-runner-aws/mac-fc-github-actions-runner-aws_data.json +++ b/app/site/_data/Enterprise-CMCS/mac-fc-github-actions-runner-aws/mac-fc-github-actions-runner-aws_data.json @@ -50,16 +50,16 @@ "nadia_badge_name": "midsize", "created_at": "2021-06-11T18:35:45Z", "ossf_scorecard": { - "date": "2025-01-05T08:56:48Z", + "date": "2025-01-11T00:19:00Z", "repo": { "name": "github.com/Enterprise-CMCS/mac-fc-github-actions-runner-aws", "commit": "26432e2adb8f395eabfffc79a02025115f27e7d6" }, "scorecard": { - "version": "v5.0.0-125-g975ee230", - "commit": "975ee2304ef7097c94a377fe95976604b4adcf22" + "version": "v5.0.0-132-g43d5832d", + "commit": "43d5832d25ccc597a9b94926b6ad43da25204085" }, - "score": 5.9, + "score": 5.8, "checks": [ { "details": null, @@ -67,7 +67,7 @@ "reason": "no binaries found in the repo", "name": "Binary-Artifacts", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/975ee2304ef7097c94a377fe95976604b4adcf22/docs/checks.md#binary-artifacts", + "url": "https://github.com/ossf/scorecard/blob/43d5832d25ccc597a9b94926b6ad43da25204085/docs/checks.md#binary-artifacts", "short": "Determines if the project has generated executable (binary) artifacts in the source repository." } }, @@ -77,7 +77,7 @@ "reason": "branch protection is not maximal on development and all release branches", "name": "Branch-Protection", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/975ee2304ef7097c94a377fe95976604b4adcf22/docs/checks.md#branch-protection", + "url": "https://github.com/ossf/scorecard/blob/43d5832d25ccc597a9b94926b6ad43da25204085/docs/checks.md#branch-protection", "short": "Determines if the default and release branches are protected with GitHub's branch protection settings." } }, @@ -87,7 +87,7 @@ "reason": "30 out of 30 merged PRs checked by a CI test -- score normalized to 10", "name": "CI-Tests", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/975ee2304ef7097c94a377fe95976604b4adcf22/docs/checks.md#ci-tests", + "url": "https://github.com/ossf/scorecard/blob/43d5832d25ccc597a9b94926b6ad43da25204085/docs/checks.md#ci-tests", "short": "Determines if the project runs tests before pull requests are merged." } }, @@ -97,7 +97,7 @@ "reason": "no effort to earn an OpenSSF best practices badge detected", "name": "CII-Best-Practices", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/975ee2304ef7097c94a377fe95976604b4adcf22/docs/checks.md#cii-best-practices", + "url": "https://github.com/ossf/scorecard/blob/43d5832d25ccc597a9b94926b6ad43da25204085/docs/checks.md#cii-best-practices", "short": "Determines if the project has an OpenSSF (formerly CII) Best Practices Badge." } }, @@ -107,7 +107,7 @@ "reason": "Found 19/20 approved changesets -- score normalized to 9", "name": "Code-Review", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/975ee2304ef7097c94a377fe95976604b4adcf22/docs/checks.md#code-review", + "url": "https://github.com/ossf/scorecard/blob/43d5832d25ccc597a9b94926b6ad43da25204085/docs/checks.md#code-review", "short": "Determines if the project requires human code review before pull requests (aka merge requests) are merged." } }, @@ -117,7 +117,7 @@ "reason": "project has 5 contributing companies or organizations", "name": "Contributors", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/975ee2304ef7097c94a377fe95976604b4adcf22/docs/checks.md#contributors", + "url": "https://github.com/ossf/scorecard/blob/43d5832d25ccc597a9b94926b6ad43da25204085/docs/checks.md#contributors", "short": "Determines if the project has a set of contributors from multiple organizations (e.g., companies)." } }, @@ -127,7 +127,7 @@ "reason": "no dangerous workflow patterns detected", "name": "Dangerous-Workflow", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/975ee2304ef7097c94a377fe95976604b4adcf22/docs/checks.md#dangerous-workflow", + "url": "https://github.com/ossf/scorecard/blob/43d5832d25ccc597a9b94926b6ad43da25204085/docs/checks.md#dangerous-workflow", "short": "Determines if the project's GitHub Action workflows avoid dangerous patterns." } }, @@ -137,7 +137,7 @@ "reason": "update tool detected", "name": "Dependency-Update-Tool", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/975ee2304ef7097c94a377fe95976604b4adcf22/docs/checks.md#dependency-update-tool", + "url": "https://github.com/ossf/scorecard/blob/43d5832d25ccc597a9b94926b6ad43da25204085/docs/checks.md#dependency-update-tool", "short": "Determines if the project uses a dependency update tool." } }, @@ -147,7 +147,7 @@ "reason": "project is not fuzzed", "name": "Fuzzing", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/975ee2304ef7097c94a377fe95976604b4adcf22/docs/checks.md#fuzzing", + "url": "https://github.com/ossf/scorecard/blob/43d5832d25ccc597a9b94926b6ad43da25204085/docs/checks.md#fuzzing", "short": "Determines if the project uses fuzzing." } }, @@ -157,17 +157,17 @@ "reason": "license file not detected", "name": "License", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/975ee2304ef7097c94a377fe95976604b4adcf22/docs/checks.md#license", + "url": "https://github.com/ossf/scorecard/blob/43d5832d25ccc597a9b94926b6ad43da25204085/docs/checks.md#license", "short": "Determines if the project has defined a license." } }, { "details": null, - "score": 6, - "reason": "8 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 6", + "score": 5, + "reason": "7 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 5", "name": "Maintained", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/975ee2304ef7097c94a377fe95976604b4adcf22/docs/checks.md#maintained", + "url": "https://github.com/ossf/scorecard/blob/43d5832d25ccc597a9b94926b6ad43da25204085/docs/checks.md#maintained", "short": "Determines if the project is \"actively maintained\"." } }, @@ -177,7 +177,7 @@ "reason": "packaging workflow not detected", "name": "Packaging", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/975ee2304ef7097c94a377fe95976604b4adcf22/docs/checks.md#packaging", + "url": "https://github.com/ossf/scorecard/blob/43d5832d25ccc597a9b94926b6ad43da25204085/docs/checks.md#packaging", "short": "Determines if the project is published as a package that others can easily download, install, easily update, and uninstall." } }, @@ -187,7 +187,7 @@ "reason": "dependency not pinned by hash detected -- score normalized to 0", "name": "Pinned-Dependencies", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/975ee2304ef7097c94a377fe95976604b4adcf22/docs/checks.md#pinned-dependencies", + "url": "https://github.com/ossf/scorecard/blob/43d5832d25ccc597a9b94926b6ad43da25204085/docs/checks.md#pinned-dependencies", "short": "Determines if the project has declared and pinned the dependencies of its build process." } }, @@ -197,7 +197,7 @@ "reason": "SAST tool is not run on all commits -- score normalized to 0", "name": "SAST", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/975ee2304ef7097c94a377fe95976604b4adcf22/docs/checks.md#sast", + "url": "https://github.com/ossf/scorecard/blob/43d5832d25ccc597a9b94926b6ad43da25204085/docs/checks.md#sast", "short": "Determines if the project uses static code analysis." } }, @@ -207,7 +207,7 @@ "reason": "security policy file not detected", "name": "Security-Policy", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/975ee2304ef7097c94a377fe95976604b4adcf22/docs/checks.md#security-policy", + "url": "https://github.com/ossf/scorecard/blob/43d5832d25ccc597a9b94926b6ad43da25204085/docs/checks.md#security-policy", "short": "Determines if the project has published a security policy." } }, @@ -217,7 +217,7 @@ "reason": "no releases found", "name": "Signed-Releases", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/975ee2304ef7097c94a377fe95976604b4adcf22/docs/checks.md#signed-releases", + "url": "https://github.com/ossf/scorecard/blob/43d5832d25ccc597a9b94926b6ad43da25204085/docs/checks.md#signed-releases", "short": "Determines if the project cryptographically signs release artifacts." } }, @@ -227,7 +227,7 @@ "reason": "detected GitHub workflow tokens with excessive permissions", "name": "Token-Permissions", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/975ee2304ef7097c94a377fe95976604b4adcf22/docs/checks.md#token-permissions", + "url": "https://github.com/ossf/scorecard/blob/43d5832d25ccc597a9b94926b6ad43da25204085/docs/checks.md#token-permissions", "short": "Determines if the project's workflows follow the principle of least privilege." } }, @@ -237,7 +237,7 @@ "reason": "0 existing vulnerabilities detected", "name": "Vulnerabilities", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/975ee2304ef7097c94a377fe95976604b4adcf22/docs/checks.md#vulnerabilities", + "url": "https://github.com/ossf/scorecard/blob/43d5832d25ccc597a9b94926b6ad43da25204085/docs/checks.md#vulnerabilities", "short": "Determines if the project has open, known unfixed vulnerabilities." } } diff --git a/app/site/_data/Enterprise-CMCS/mac-fc-security-hub-collector/mac-fc-security-hub-collector_data.json b/app/site/_data/Enterprise-CMCS/mac-fc-security-hub-collector/mac-fc-security-hub-collector_data.json index 5ef5c19ee5..653a826919 100644 --- a/app/site/_data/Enterprise-CMCS/mac-fc-security-hub-collector/mac-fc-security-hub-collector_data.json +++ b/app/site/_data/Enterprise-CMCS/mac-fc-security-hub-collector/mac-fc-security-hub-collector_data.json @@ -40,14 +40,14 @@ "nadia_badge_name": "midsize", "created_at": "2021-04-05T13:31:36Z", "ossf_scorecard": { - "date": "2025-01-05T08:57:50Z", + "date": "2025-01-11T00:19:55Z", "repo": { "name": "github.com/Enterprise-CMCS/mac-fc-security-hub-collector", - "commit": "57ace6f0f26348b0972ea026bd3a12eb5e5788fa" + "commit": "82b2a56d3784236b7add0e8cdac9091f07e837cb" }, "scorecard": { - "version": "v5.0.0-125-g975ee230", - "commit": "975ee2304ef7097c94a377fe95976604b4adcf22" + "version": "v5.0.0-132-g43d5832d", + "commit": "43d5832d25ccc597a9b94926b6ad43da25204085" }, "score": 5.5, "checks": [ @@ -57,7 +57,7 @@ "reason": "no binaries found in the repo", "name": "Binary-Artifacts", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/975ee2304ef7097c94a377fe95976604b4adcf22/docs/checks.md#binary-artifacts", + "url": "https://github.com/ossf/scorecard/blob/43d5832d25ccc597a9b94926b6ad43da25204085/docs/checks.md#binary-artifacts", "short": "Determines if the project has generated executable (binary) artifacts in the source repository." } }, @@ -67,17 +67,17 @@ "reason": "branch protection is not maximal on development and all release branches", "name": "Branch-Protection", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/975ee2304ef7097c94a377fe95976604b4adcf22/docs/checks.md#branch-protection", + "url": "https://github.com/ossf/scorecard/blob/43d5832d25ccc597a9b94926b6ad43da25204085/docs/checks.md#branch-protection", "short": "Determines if the default and release branches are protected with GitHub's branch protection settings." } }, { "details": null, "score": 2, - "reason": "3 out of 14 merged PRs checked by a CI test -- score normalized to 2", + "reason": "4 out of 15 merged PRs checked by a CI test -- score normalized to 2", "name": "CI-Tests", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/975ee2304ef7097c94a377fe95976604b4adcf22/docs/checks.md#ci-tests", + "url": "https://github.com/ossf/scorecard/blob/43d5832d25ccc597a9b94926b6ad43da25204085/docs/checks.md#ci-tests", "short": "Determines if the project runs tests before pull requests are merged." } }, @@ -87,17 +87,17 @@ "reason": "no effort to earn an OpenSSF best practices badge detected", "name": "CII-Best-Practices", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/975ee2304ef7097c94a377fe95976604b4adcf22/docs/checks.md#cii-best-practices", + "url": "https://github.com/ossf/scorecard/blob/43d5832d25ccc597a9b94926b6ad43da25204085/docs/checks.md#cii-best-practices", "short": "Determines if the project has an OpenSSF (formerly CII) Best Practices Badge." } }, { "details": null, "score": 8, - "reason": "Found 13/16 approved changesets -- score normalized to 8", + "reason": "Found 14/17 approved changesets -- score normalized to 8", "name": "Code-Review", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/975ee2304ef7097c94a377fe95976604b4adcf22/docs/checks.md#code-review", + "url": "https://github.com/ossf/scorecard/blob/43d5832d25ccc597a9b94926b6ad43da25204085/docs/checks.md#code-review", "short": "Determines if the project requires human code review before pull requests (aka merge requests) are merged." } }, @@ -107,7 +107,7 @@ "reason": "project has 6 contributing companies or organizations", "name": "Contributors", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/975ee2304ef7097c94a377fe95976604b4adcf22/docs/checks.md#contributors", + "url": "https://github.com/ossf/scorecard/blob/43d5832d25ccc597a9b94926b6ad43da25204085/docs/checks.md#contributors", "short": "Determines if the project has a set of contributors from multiple organizations (e.g., companies)." } }, @@ -117,7 +117,7 @@ "reason": "no dangerous workflow patterns detected", "name": "Dangerous-Workflow", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/975ee2304ef7097c94a377fe95976604b4adcf22/docs/checks.md#dangerous-workflow", + "url": "https://github.com/ossf/scorecard/blob/43d5832d25ccc597a9b94926b6ad43da25204085/docs/checks.md#dangerous-workflow", "short": "Determines if the project's GitHub Action workflows avoid dangerous patterns." } }, @@ -127,7 +127,7 @@ "reason": "update tool detected", "name": "Dependency-Update-Tool", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/975ee2304ef7097c94a377fe95976604b4adcf22/docs/checks.md#dependency-update-tool", + "url": "https://github.com/ossf/scorecard/blob/43d5832d25ccc597a9b94926b6ad43da25204085/docs/checks.md#dependency-update-tool", "short": "Determines if the project uses a dependency update tool." } }, @@ -137,7 +137,7 @@ "reason": "project is not fuzzed", "name": "Fuzzing", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/975ee2304ef7097c94a377fe95976604b4adcf22/docs/checks.md#fuzzing", + "url": "https://github.com/ossf/scorecard/blob/43d5832d25ccc597a9b94926b6ad43da25204085/docs/checks.md#fuzzing", "short": "Determines if the project uses fuzzing." } }, @@ -147,17 +147,17 @@ "reason": "license file detected", "name": "License", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/975ee2304ef7097c94a377fe95976604b4adcf22/docs/checks.md#license", + "url": "https://github.com/ossf/scorecard/blob/43d5832d25ccc597a9b94926b6ad43da25204085/docs/checks.md#license", "short": "Determines if the project has defined a license." } }, { "details": null, "score": 0, - "reason": "0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0", + "reason": "1 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0", "name": "Maintained", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/975ee2304ef7097c94a377fe95976604b4adcf22/docs/checks.md#maintained", + "url": "https://github.com/ossf/scorecard/blob/43d5832d25ccc597a9b94926b6ad43da25204085/docs/checks.md#maintained", "short": "Determines if the project is \"actively maintained\"." } }, @@ -167,7 +167,7 @@ "reason": "packaging workflow detected", "name": "Packaging", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/975ee2304ef7097c94a377fe95976604b4adcf22/docs/checks.md#packaging", + "url": "https://github.com/ossf/scorecard/blob/43d5832d25ccc597a9b94926b6ad43da25204085/docs/checks.md#packaging", "short": "Determines if the project is published as a package that others can easily download, install, easily update, and uninstall." } }, @@ -177,7 +177,7 @@ "reason": "dependency not pinned by hash detected -- score normalized to 1", "name": "Pinned-Dependencies", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/975ee2304ef7097c94a377fe95976604b4adcf22/docs/checks.md#pinned-dependencies", + "url": "https://github.com/ossf/scorecard/blob/43d5832d25ccc597a9b94926b6ad43da25204085/docs/checks.md#pinned-dependencies", "short": "Determines if the project has declared and pinned the dependencies of its build process." } }, @@ -187,7 +187,7 @@ "reason": "SAST tool is not run on all commits -- score normalized to 0", "name": "SAST", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/975ee2304ef7097c94a377fe95976604b4adcf22/docs/checks.md#sast", + "url": "https://github.com/ossf/scorecard/blob/43d5832d25ccc597a9b94926b6ad43da25204085/docs/checks.md#sast", "short": "Determines if the project uses static code analysis." } }, @@ -197,7 +197,7 @@ "reason": "security policy file not detected", "name": "Security-Policy", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/975ee2304ef7097c94a377fe95976604b4adcf22/docs/checks.md#security-policy", + "url": "https://github.com/ossf/scorecard/blob/43d5832d25ccc597a9b94926b6ad43da25204085/docs/checks.md#security-policy", "short": "Determines if the project has published a security policy." } }, @@ -207,7 +207,7 @@ "reason": "no releases found", "name": "Signed-Releases", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/975ee2304ef7097c94a377fe95976604b4adcf22/docs/checks.md#signed-releases", + "url": "https://github.com/ossf/scorecard/blob/43d5832d25ccc597a9b94926b6ad43da25204085/docs/checks.md#signed-releases", "short": "Determines if the project cryptographically signs release artifacts." } }, @@ -217,7 +217,7 @@ "reason": "detected GitHub workflow tokens with excessive permissions", "name": "Token-Permissions", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/975ee2304ef7097c94a377fe95976604b4adcf22/docs/checks.md#token-permissions", + "url": "https://github.com/ossf/scorecard/blob/43d5832d25ccc597a9b94926b6ad43da25204085/docs/checks.md#token-permissions", "short": "Determines if the project's workflows follow the principle of least privilege." } }, @@ -227,7 +227,7 @@ "reason": "2 existing vulnerabilities detected", "name": "Vulnerabilities", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/975ee2304ef7097c94a377fe95976604b4adcf22/docs/checks.md#vulnerabilities", + "url": "https://github.com/ossf/scorecard/blob/43d5832d25ccc597a9b94926b6ad43da25204085/docs/checks.md#vulnerabilities", "short": "Determines if the project has open, known unfixed vulnerabilities." } } diff --git a/app/site/_data/Enterprise-CMCS/mac-fc-security-hub-visibility/mac-fc-security-hub-visibility_data.json b/app/site/_data/Enterprise-CMCS/mac-fc-security-hub-visibility/mac-fc-security-hub-visibility_data.json index 7e52b28e5b..b1122153a1 100644 --- a/app/site/_data/Enterprise-CMCS/mac-fc-security-hub-visibility/mac-fc-security-hub-visibility_data.json +++ b/app/site/_data/Enterprise-CMCS/mac-fc-security-hub-visibility/mac-fc-security-hub-visibility_data.json @@ -51,14 +51,14 @@ "nadia_badge_name": "midsize", "created_at": "2024-01-10T16:11:19Z", "ossf_scorecard": { - "date": "2025-01-05T08:57:34Z", + "date": "2025-01-11T00:19:40Z", "repo": { "name": "github.com/Enterprise-CMCS/mac-fc-security-hub-visibility", "commit": "2d848daf353c7ff77378ec2bda1ee90b7bd791a5" }, "scorecard": { - "version": "v5.0.0-125-g975ee230", - "commit": "975ee2304ef7097c94a377fe95976604b4adcf22" + "version": "v5.0.0-132-g43d5832d", + "commit": "43d5832d25ccc597a9b94926b6ad43da25204085" }, "score": 5.6, "checks": [ @@ -68,7 +68,7 @@ "reason": "no binaries found in the repo", "name": "Binary-Artifacts", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/975ee2304ef7097c94a377fe95976604b4adcf22/docs/checks.md#binary-artifacts", + "url": "https://github.com/ossf/scorecard/blob/43d5832d25ccc597a9b94926b6ad43da25204085/docs/checks.md#binary-artifacts", "short": "Determines if the project has generated executable (binary) artifacts in the source repository." } }, @@ -78,7 +78,7 @@ "reason": "branch protection not enabled on development/release branches", "name": "Branch-Protection", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/975ee2304ef7097c94a377fe95976604b4adcf22/docs/checks.md#branch-protection", + "url": "https://github.com/ossf/scorecard/blob/43d5832d25ccc597a9b94926b6ad43da25204085/docs/checks.md#branch-protection", "short": "Determines if the default and release branches are protected with GitHub's branch protection settings." } }, @@ -88,7 +88,7 @@ "reason": "25 out of 25 merged PRs checked by a CI test -- score normalized to 10", "name": "CI-Tests", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/975ee2304ef7097c94a377fe95976604b4adcf22/docs/checks.md#ci-tests", + "url": "https://github.com/ossf/scorecard/blob/43d5832d25ccc597a9b94926b6ad43da25204085/docs/checks.md#ci-tests", "short": "Determines if the project runs tests before pull requests are merged." } }, @@ -98,7 +98,7 @@ "reason": "no effort to earn an OpenSSF best practices badge detected", "name": "CII-Best-Practices", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/975ee2304ef7097c94a377fe95976604b4adcf22/docs/checks.md#cii-best-practices", + "url": "https://github.com/ossf/scorecard/blob/43d5832d25ccc597a9b94926b6ad43da25204085/docs/checks.md#cii-best-practices", "short": "Determines if the project has an OpenSSF (formerly CII) Best Practices Badge." } }, @@ -108,7 +108,7 @@ "reason": "Found 13/20 approved changesets -- score normalized to 6", "name": "Code-Review", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/975ee2304ef7097c94a377fe95976604b4adcf22/docs/checks.md#code-review", + "url": "https://github.com/ossf/scorecard/blob/43d5832d25ccc597a9b94926b6ad43da25204085/docs/checks.md#code-review", "short": "Determines if the project requires human code review before pull requests (aka merge requests) are merged." } }, @@ -118,7 +118,7 @@ "reason": "project has 0 contributing companies or organizations -- score normalized to 0", "name": "Contributors", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/975ee2304ef7097c94a377fe95976604b4adcf22/docs/checks.md#contributors", + "url": "https://github.com/ossf/scorecard/blob/43d5832d25ccc597a9b94926b6ad43da25204085/docs/checks.md#contributors", "short": "Determines if the project has a set of contributors from multiple organizations (e.g., companies)." } }, @@ -128,7 +128,7 @@ "reason": "no dangerous workflow patterns detected", "name": "Dangerous-Workflow", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/975ee2304ef7097c94a377fe95976604b4adcf22/docs/checks.md#dangerous-workflow", + "url": "https://github.com/ossf/scorecard/blob/43d5832d25ccc597a9b94926b6ad43da25204085/docs/checks.md#dangerous-workflow", "short": "Determines if the project's GitHub Action workflows avoid dangerous patterns." } }, @@ -138,7 +138,7 @@ "reason": "update tool detected", "name": "Dependency-Update-Tool", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/975ee2304ef7097c94a377fe95976604b4adcf22/docs/checks.md#dependency-update-tool", + "url": "https://github.com/ossf/scorecard/blob/43d5832d25ccc597a9b94926b6ad43da25204085/docs/checks.md#dependency-update-tool", "short": "Determines if the project uses a dependency update tool." } }, @@ -148,7 +148,7 @@ "reason": "project is not fuzzed", "name": "Fuzzing", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/975ee2304ef7097c94a377fe95976604b4adcf22/docs/checks.md#fuzzing", + "url": "https://github.com/ossf/scorecard/blob/43d5832d25ccc597a9b94926b6ad43da25204085/docs/checks.md#fuzzing", "short": "Determines if the project uses fuzzing." } }, @@ -158,7 +158,7 @@ "reason": "license file detected", "name": "License", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/975ee2304ef7097c94a377fe95976604b4adcf22/docs/checks.md#license", + "url": "https://github.com/ossf/scorecard/blob/43d5832d25ccc597a9b94926b6ad43da25204085/docs/checks.md#license", "short": "Determines if the project has defined a license." } }, @@ -168,7 +168,7 @@ "reason": "8 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 6", "name": "Maintained", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/975ee2304ef7097c94a377fe95976604b4adcf22/docs/checks.md#maintained", + "url": "https://github.com/ossf/scorecard/blob/43d5832d25ccc597a9b94926b6ad43da25204085/docs/checks.md#maintained", "short": "Determines if the project is \"actively maintained\"." } }, @@ -178,7 +178,7 @@ "reason": "packaging workflow not detected", "name": "Packaging", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/975ee2304ef7097c94a377fe95976604b4adcf22/docs/checks.md#packaging", + "url": "https://github.com/ossf/scorecard/blob/43d5832d25ccc597a9b94926b6ad43da25204085/docs/checks.md#packaging", "short": "Determines if the project is published as a package that others can easily download, install, easily update, and uninstall." } }, @@ -188,7 +188,7 @@ "reason": "dependency not pinned by hash detected -- score normalized to 3", "name": "Pinned-Dependencies", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/975ee2304ef7097c94a377fe95976604b4adcf22/docs/checks.md#pinned-dependencies", + "url": "https://github.com/ossf/scorecard/blob/43d5832d25ccc597a9b94926b6ad43da25204085/docs/checks.md#pinned-dependencies", "short": "Determines if the project has declared and pinned the dependencies of its build process." } }, @@ -198,7 +198,7 @@ "reason": "SAST tool detected but not run on all commits", "name": "SAST", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/975ee2304ef7097c94a377fe95976604b4adcf22/docs/checks.md#sast", + "url": "https://github.com/ossf/scorecard/blob/43d5832d25ccc597a9b94926b6ad43da25204085/docs/checks.md#sast", "short": "Determines if the project uses static code analysis." } }, @@ -208,7 +208,7 @@ "reason": "security policy file not detected", "name": "Security-Policy", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/975ee2304ef7097c94a377fe95976604b4adcf22/docs/checks.md#security-policy", + "url": "https://github.com/ossf/scorecard/blob/43d5832d25ccc597a9b94926b6ad43da25204085/docs/checks.md#security-policy", "short": "Determines if the project has published a security policy." } }, @@ -218,7 +218,7 @@ "reason": "no releases found", "name": "Signed-Releases", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/975ee2304ef7097c94a377fe95976604b4adcf22/docs/checks.md#signed-releases", + "url": "https://github.com/ossf/scorecard/blob/43d5832d25ccc597a9b94926b6ad43da25204085/docs/checks.md#signed-releases", "short": "Determines if the project cryptographically signs release artifacts." } }, @@ -228,7 +228,7 @@ "reason": "detected GitHub workflow tokens with excessive permissions", "name": "Token-Permissions", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/975ee2304ef7097c94a377fe95976604b4adcf22/docs/checks.md#token-permissions", + "url": "https://github.com/ossf/scorecard/blob/43d5832d25ccc597a9b94926b6ad43da25204085/docs/checks.md#token-permissions", "short": "Determines if the project's workflows follow the principle of least privilege." } }, @@ -238,7 +238,7 @@ "reason": "1 existing vulnerabilities detected", "name": "Vulnerabilities", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/975ee2304ef7097c94a377fe95976604b4adcf22/docs/checks.md#vulnerabilities", + "url": "https://github.com/ossf/scorecard/blob/43d5832d25ccc597a9b94926b6ad43da25204085/docs/checks.md#vulnerabilities", "short": "Determines if the project has open, known unfixed vulnerabilities." } } diff --git a/app/site/_data/Enterprise-CMCS/macfc-security-scan-report/macfc-security-scan-report_data.json b/app/site/_data/Enterprise-CMCS/macfc-security-scan-report/macfc-security-scan-report_data.json index 236b946c1a..0c8ac987f7 100644 --- a/app/site/_data/Enterprise-CMCS/macfc-security-scan-report/macfc-security-scan-report_data.json +++ b/app/site/_data/Enterprise-CMCS/macfc-security-scan-report/macfc-security-scan-report_data.json @@ -44,14 +44,14 @@ "nadia_badge_name": "midsize", "created_at": "2023-06-06T16:15:58Z", "ossf_scorecard": { - "date": "2025-01-05T08:57:05Z", + "date": "2025-01-11T00:19:15Z", "repo": { "name": "github.com/Enterprise-CMCS/macfc-security-scan-report", "commit": "ba67c243db85dcea5186098258841735a44fe34e" }, "scorecard": { - "version": "v5.0.0-125-g975ee230", - "commit": "975ee2304ef7097c94a377fe95976604b4adcf22" + "version": "v5.0.0-132-g43d5832d", + "commit": "43d5832d25ccc597a9b94926b6ad43da25204085" }, "score": 4.9, "checks": [ @@ -61,7 +61,7 @@ "reason": "no binaries found in the repo", "name": "Binary-Artifacts", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/975ee2304ef7097c94a377fe95976604b4adcf22/docs/checks.md#binary-artifacts", + "url": "https://github.com/ossf/scorecard/blob/43d5832d25ccc597a9b94926b6ad43da25204085/docs/checks.md#binary-artifacts", "short": "Determines if the project has generated executable (binary) artifacts in the source repository." } }, @@ -71,7 +71,7 @@ "reason": "branch protection not enabled on development/release branches", "name": "Branch-Protection", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/975ee2304ef7097c94a377fe95976604b4adcf22/docs/checks.md#branch-protection", + "url": "https://github.com/ossf/scorecard/blob/43d5832d25ccc597a9b94926b6ad43da25204085/docs/checks.md#branch-protection", "short": "Determines if the default and release branches are protected with GitHub's branch protection settings." } }, @@ -81,7 +81,7 @@ "reason": "6 out of 6 merged PRs checked by a CI test -- score normalized to 10", "name": "CI-Tests", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/975ee2304ef7097c94a377fe95976604b4adcf22/docs/checks.md#ci-tests", + "url": "https://github.com/ossf/scorecard/blob/43d5832d25ccc597a9b94926b6ad43da25204085/docs/checks.md#ci-tests", "short": "Determines if the project runs tests before pull requests are merged." } }, @@ -91,7 +91,7 @@ "reason": "no effort to earn an OpenSSF best practices badge detected", "name": "CII-Best-Practices", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/975ee2304ef7097c94a377fe95976604b4adcf22/docs/checks.md#cii-best-practices", + "url": "https://github.com/ossf/scorecard/blob/43d5832d25ccc597a9b94926b6ad43da25204085/docs/checks.md#cii-best-practices", "short": "Determines if the project has an OpenSSF (formerly CII) Best Practices Badge." } }, @@ -101,7 +101,7 @@ "reason": "all changesets reviewed", "name": "Code-Review", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/975ee2304ef7097c94a377fe95976604b4adcf22/docs/checks.md#code-review", + "url": "https://github.com/ossf/scorecard/blob/43d5832d25ccc597a9b94926b6ad43da25204085/docs/checks.md#code-review", "short": "Determines if the project requires human code review before pull requests (aka merge requests) are merged." } }, @@ -111,7 +111,7 @@ "reason": "project has 0 contributing companies or organizations -- score normalized to 0", "name": "Contributors", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/975ee2304ef7097c94a377fe95976604b4adcf22/docs/checks.md#contributors", + "url": "https://github.com/ossf/scorecard/blob/43d5832d25ccc597a9b94926b6ad43da25204085/docs/checks.md#contributors", "short": "Determines if the project has a set of contributors from multiple organizations (e.g., companies)." } }, @@ -121,7 +121,7 @@ "reason": "no dangerous workflow patterns detected", "name": "Dangerous-Workflow", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/975ee2304ef7097c94a377fe95976604b4adcf22/docs/checks.md#dangerous-workflow", + "url": "https://github.com/ossf/scorecard/blob/43d5832d25ccc597a9b94926b6ad43da25204085/docs/checks.md#dangerous-workflow", "short": "Determines if the project's GitHub Action workflows avoid dangerous patterns." } }, @@ -131,7 +131,7 @@ "reason": "update tool detected", "name": "Dependency-Update-Tool", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/975ee2304ef7097c94a377fe95976604b4adcf22/docs/checks.md#dependency-update-tool", + "url": "https://github.com/ossf/scorecard/blob/43d5832d25ccc597a9b94926b6ad43da25204085/docs/checks.md#dependency-update-tool", "short": "Determines if the project uses a dependency update tool." } }, @@ -141,7 +141,7 @@ "reason": "project is not fuzzed", "name": "Fuzzing", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/975ee2304ef7097c94a377fe95976604b4adcf22/docs/checks.md#fuzzing", + "url": "https://github.com/ossf/scorecard/blob/43d5832d25ccc597a9b94926b6ad43da25204085/docs/checks.md#fuzzing", "short": "Determines if the project uses fuzzing." } }, @@ -151,7 +151,7 @@ "reason": "license file not detected", "name": "License", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/975ee2304ef7097c94a377fe95976604b4adcf22/docs/checks.md#license", + "url": "https://github.com/ossf/scorecard/blob/43d5832d25ccc597a9b94926b6ad43da25204085/docs/checks.md#license", "short": "Determines if the project has defined a license." } }, @@ -161,7 +161,7 @@ "reason": "0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0", "name": "Maintained", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/975ee2304ef7097c94a377fe95976604b4adcf22/docs/checks.md#maintained", + "url": "https://github.com/ossf/scorecard/blob/43d5832d25ccc597a9b94926b6ad43da25204085/docs/checks.md#maintained", "short": "Determines if the project is \"actively maintained\"." } }, @@ -171,7 +171,7 @@ "reason": "packaging workflow not detected", "name": "Packaging", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/975ee2304ef7097c94a377fe95976604b4adcf22/docs/checks.md#packaging", + "url": "https://github.com/ossf/scorecard/blob/43d5832d25ccc597a9b94926b6ad43da25204085/docs/checks.md#packaging", "short": "Determines if the project is published as a package that others can easily download, install, easily update, and uninstall." } }, @@ -181,7 +181,7 @@ "reason": "dependency not pinned by hash detected -- score normalized to 0", "name": "Pinned-Dependencies", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/975ee2304ef7097c94a377fe95976604b4adcf22/docs/checks.md#pinned-dependencies", + "url": "https://github.com/ossf/scorecard/blob/43d5832d25ccc597a9b94926b6ad43da25204085/docs/checks.md#pinned-dependencies", "short": "Determines if the project has declared and pinned the dependencies of its build process." } }, @@ -191,7 +191,7 @@ "reason": "SAST tool detected but not run on all commits", "name": "SAST", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/975ee2304ef7097c94a377fe95976604b4adcf22/docs/checks.md#sast", + "url": "https://github.com/ossf/scorecard/blob/43d5832d25ccc597a9b94926b6ad43da25204085/docs/checks.md#sast", "short": "Determines if the project uses static code analysis." } }, @@ -201,7 +201,7 @@ "reason": "security policy file not detected", "name": "Security-Policy", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/975ee2304ef7097c94a377fe95976604b4adcf22/docs/checks.md#security-policy", + "url": "https://github.com/ossf/scorecard/blob/43d5832d25ccc597a9b94926b6ad43da25204085/docs/checks.md#security-policy", "short": "Determines if the project has published a security policy." } }, @@ -211,7 +211,7 @@ "reason": "no releases found", "name": "Signed-Releases", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/975ee2304ef7097c94a377fe95976604b4adcf22/docs/checks.md#signed-releases", + "url": "https://github.com/ossf/scorecard/blob/43d5832d25ccc597a9b94926b6ad43da25204085/docs/checks.md#signed-releases", "short": "Determines if the project cryptographically signs release artifacts." } }, @@ -221,7 +221,7 @@ "reason": "detected GitHub workflow tokens with excessive permissions", "name": "Token-Permissions", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/975ee2304ef7097c94a377fe95976604b4adcf22/docs/checks.md#token-permissions", + "url": "https://github.com/ossf/scorecard/blob/43d5832d25ccc597a9b94926b6ad43da25204085/docs/checks.md#token-permissions", "short": "Determines if the project's workflows follow the principle of least privilege." } }, @@ -231,7 +231,7 @@ "reason": "2 existing vulnerabilities detected", "name": "Vulnerabilities", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/975ee2304ef7097c94a377fe95976604b4adcf22/docs/checks.md#vulnerabilities", + "url": "https://github.com/ossf/scorecard/blob/43d5832d25ccc597a9b94926b6ad43da25204085/docs/checks.md#vulnerabilities", "short": "Determines if the project has open, known unfixed vulnerabilities." } } diff --git a/app/site/_data/Enterprise-CMCS/macpro-appian-connector/macpro-appian-connector_data.json b/app/site/_data/Enterprise-CMCS/macpro-appian-connector/macpro-appian-connector_data.json index 89895afd56..9d5a7a9287 100644 --- a/app/site/_data/Enterprise-CMCS/macpro-appian-connector/macpro-appian-connector_data.json +++ b/app/site/_data/Enterprise-CMCS/macpro-appian-connector/macpro-appian-connector_data.json @@ -37,16 +37,16 @@ "nadia_badge_name": "midsize", "created_at": "2022-12-12T21:16:45Z", "ossf_scorecard": { - "date": "2025-01-05T08:59:01Z", + "date": "2025-01-11T00:21:14Z", "repo": { "name": "github.com/Enterprise-CMCS/macpro-appian-connector", "commit": "c294d5670e6cab4d5c155710228797cd3da7e670" }, "scorecard": { - "version": "v5.0.0-125-g975ee230", - "commit": "975ee2304ef7097c94a377fe95976604b4adcf22" + "version": "v5.0.0-132-g43d5832d", + "commit": "43d5832d25ccc597a9b94926b6ad43da25204085" }, - "score": 4.9, + "score": 4.8, "checks": [ { "details": null, @@ -54,17 +54,17 @@ "reason": "no binaries found in the repo", "name": "Binary-Artifacts", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/975ee2304ef7097c94a377fe95976604b4adcf22/docs/checks.md#binary-artifacts", + "url": "https://github.com/ossf/scorecard/blob/43d5832d25ccc597a9b94926b6ad43da25204085/docs/checks.md#binary-artifacts", "short": "Determines if the project has generated executable (binary) artifacts in the source repository." } }, { "details": null, - "score": 5, + "score": 4, "reason": "branch protection is not maximal on development and all release branches", "name": "Branch-Protection", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/975ee2304ef7097c94a377fe95976604b4adcf22/docs/checks.md#branch-protection", + "url": "https://github.com/ossf/scorecard/blob/43d5832d25ccc597a9b94926b6ad43da25204085/docs/checks.md#branch-protection", "short": "Determines if the default and release branches are protected with GitHub's branch protection settings." } }, @@ -74,7 +74,7 @@ "reason": "1 out of 14 merged PRs checked by a CI test -- score normalized to 0", "name": "CI-Tests", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/975ee2304ef7097c94a377fe95976604b4adcf22/docs/checks.md#ci-tests", + "url": "https://github.com/ossf/scorecard/blob/43d5832d25ccc597a9b94926b6ad43da25204085/docs/checks.md#ci-tests", "short": "Determines if the project runs tests before pull requests are merged." } }, @@ -84,7 +84,7 @@ "reason": "no effort to earn an OpenSSF best practices badge detected", "name": "CII-Best-Practices", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/975ee2304ef7097c94a377fe95976604b4adcf22/docs/checks.md#cii-best-practices", + "url": "https://github.com/ossf/scorecard/blob/43d5832d25ccc597a9b94926b6ad43da25204085/docs/checks.md#cii-best-practices", "short": "Determines if the project has an OpenSSF (formerly CII) Best Practices Badge." } }, @@ -94,7 +94,7 @@ "reason": "Found 9/11 approved changesets -- score normalized to 8", "name": "Code-Review", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/975ee2304ef7097c94a377fe95976604b4adcf22/docs/checks.md#code-review", + "url": "https://github.com/ossf/scorecard/blob/43d5832d25ccc597a9b94926b6ad43da25204085/docs/checks.md#code-review", "short": "Determines if the project requires human code review before pull requests (aka merge requests) are merged." } }, @@ -104,7 +104,7 @@ "reason": "project has 3 contributing companies or organizations -- score normalized to 10", "name": "Contributors", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/975ee2304ef7097c94a377fe95976604b4adcf22/docs/checks.md#contributors", + "url": "https://github.com/ossf/scorecard/blob/43d5832d25ccc597a9b94926b6ad43da25204085/docs/checks.md#contributors", "short": "Determines if the project has a set of contributors from multiple organizations (e.g., companies)." } }, @@ -114,7 +114,7 @@ "reason": "no dangerous workflow patterns detected", "name": "Dangerous-Workflow", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/975ee2304ef7097c94a377fe95976604b4adcf22/docs/checks.md#dangerous-workflow", + "url": "https://github.com/ossf/scorecard/blob/43d5832d25ccc597a9b94926b6ad43da25204085/docs/checks.md#dangerous-workflow", "short": "Determines if the project's GitHub Action workflows avoid dangerous patterns." } }, @@ -124,7 +124,7 @@ "reason": "update tool detected", "name": "Dependency-Update-Tool", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/975ee2304ef7097c94a377fe95976604b4adcf22/docs/checks.md#dependency-update-tool", + "url": "https://github.com/ossf/scorecard/blob/43d5832d25ccc597a9b94926b6ad43da25204085/docs/checks.md#dependency-update-tool", "short": "Determines if the project uses a dependency update tool." } }, @@ -134,7 +134,7 @@ "reason": "project is not fuzzed", "name": "Fuzzing", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/975ee2304ef7097c94a377fe95976604b4adcf22/docs/checks.md#fuzzing", + "url": "https://github.com/ossf/scorecard/blob/43d5832d25ccc597a9b94926b6ad43da25204085/docs/checks.md#fuzzing", "short": "Determines if the project uses fuzzing." } }, @@ -144,7 +144,7 @@ "reason": "license file detected", "name": "License", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/975ee2304ef7097c94a377fe95976604b4adcf22/docs/checks.md#license", + "url": "https://github.com/ossf/scorecard/blob/43d5832d25ccc597a9b94926b6ad43da25204085/docs/checks.md#license", "short": "Determines if the project has defined a license." } }, @@ -154,7 +154,7 @@ "reason": "0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0", "name": "Maintained", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/975ee2304ef7097c94a377fe95976604b4adcf22/docs/checks.md#maintained", + "url": "https://github.com/ossf/scorecard/blob/43d5832d25ccc597a9b94926b6ad43da25204085/docs/checks.md#maintained", "short": "Determines if the project is \"actively maintained\"." } }, @@ -164,7 +164,7 @@ "reason": "packaging workflow detected", "name": "Packaging", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/975ee2304ef7097c94a377fe95976604b4adcf22/docs/checks.md#packaging", + "url": "https://github.com/ossf/scorecard/blob/43d5832d25ccc597a9b94926b6ad43da25204085/docs/checks.md#packaging", "short": "Determines if the project is published as a package that others can easily download, install, easily update, and uninstall." } }, @@ -174,7 +174,7 @@ "reason": "dependency not pinned by hash detected -- score normalized to 0", "name": "Pinned-Dependencies", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/975ee2304ef7097c94a377fe95976604b4adcf22/docs/checks.md#pinned-dependencies", + "url": "https://github.com/ossf/scorecard/blob/43d5832d25ccc597a9b94926b6ad43da25204085/docs/checks.md#pinned-dependencies", "short": "Determines if the project has declared and pinned the dependencies of its build process." } }, @@ -184,7 +184,7 @@ "reason": "SAST tool detected but not run on all commits", "name": "SAST", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/975ee2304ef7097c94a377fe95976604b4adcf22/docs/checks.md#sast", + "url": "https://github.com/ossf/scorecard/blob/43d5832d25ccc597a9b94926b6ad43da25204085/docs/checks.md#sast", "short": "Determines if the project uses static code analysis." } }, @@ -194,7 +194,7 @@ "reason": "security policy file not detected", "name": "Security-Policy", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/975ee2304ef7097c94a377fe95976604b4adcf22/docs/checks.md#security-policy", + "url": "https://github.com/ossf/scorecard/blob/43d5832d25ccc597a9b94926b6ad43da25204085/docs/checks.md#security-policy", "short": "Determines if the project has published a security policy." } }, @@ -204,7 +204,7 @@ "reason": "no releases found", "name": "Signed-Releases", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/975ee2304ef7097c94a377fe95976604b4adcf22/docs/checks.md#signed-releases", + "url": "https://github.com/ossf/scorecard/blob/43d5832d25ccc597a9b94926b6ad43da25204085/docs/checks.md#signed-releases", "short": "Determines if the project cryptographically signs release artifacts." } }, @@ -214,7 +214,7 @@ "reason": "detected GitHub workflow tokens with excessive permissions", "name": "Token-Permissions", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/975ee2304ef7097c94a377fe95976604b4adcf22/docs/checks.md#token-permissions", + "url": "https://github.com/ossf/scorecard/blob/43d5832d25ccc597a9b94926b6ad43da25204085/docs/checks.md#token-permissions", "short": "Determines if the project's workflows follow the principle of least privilege." } }, @@ -224,7 +224,7 @@ "reason": "27 existing vulnerabilities detected", "name": "Vulnerabilities", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/975ee2304ef7097c94a377fe95976604b4adcf22/docs/checks.md#vulnerabilities", + "url": "https://github.com/ossf/scorecard/blob/43d5832d25ccc597a9b94926b6ad43da25204085/docs/checks.md#vulnerabilities", "short": "Determines if the project has open, known unfixed vulnerabilities." } } diff --git a/app/site/_data/Enterprise-CMCS/macpro-auth/macpro-auth_data.json b/app/site/_data/Enterprise-CMCS/macpro-auth/macpro-auth_data.json index 86863b4286..4edfdb57b7 100644 --- a/app/site/_data/Enterprise-CMCS/macpro-auth/macpro-auth_data.json +++ b/app/site/_data/Enterprise-CMCS/macpro-auth/macpro-auth_data.json @@ -33,14 +33,14 @@ "nadia_badge_name": "toy", "created_at": "2022-12-22T20:07:38Z", "ossf_scorecard": { - "date": "2025-01-05T09:01:22Z", + "date": "2025-01-11T00:23:48Z", "repo": { "name": "github.com/Enterprise-CMCS/macpro-auth", "commit": "b85736a39ee9be4525ed7728be3224f9be809fb1" }, "scorecard": { - "version": "v5.0.0-125-g975ee230", - "commit": "975ee2304ef7097c94a377fe95976604b4adcf22" + "version": "v5.0.0-132-g43d5832d", + "commit": "43d5832d25ccc597a9b94926b6ad43da25204085" }, "score": 3.4, "checks": [ @@ -50,7 +50,7 @@ "reason": "no binaries found in the repo", "name": "Binary-Artifacts", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/975ee2304ef7097c94a377fe95976604b4adcf22/docs/checks.md#binary-artifacts", + "url": "https://github.com/ossf/scorecard/blob/43d5832d25ccc597a9b94926b6ad43da25204085/docs/checks.md#binary-artifacts", "short": "Determines if the project has generated executable (binary) artifacts in the source repository." } }, @@ -60,7 +60,7 @@ "reason": "branch protection is not maximal on development and all release branches", "name": "Branch-Protection", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/975ee2304ef7097c94a377fe95976604b4adcf22/docs/checks.md#branch-protection", + "url": "https://github.com/ossf/scorecard/blob/43d5832d25ccc597a9b94926b6ad43da25204085/docs/checks.md#branch-protection", "short": "Determines if the default and release branches are protected with GitHub's branch protection settings." } }, @@ -70,7 +70,7 @@ "reason": "0 out of 2 merged PRs checked by a CI test -- score normalized to 0", "name": "CI-Tests", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/975ee2304ef7097c94a377fe95976604b4adcf22/docs/checks.md#ci-tests", + "url": "https://github.com/ossf/scorecard/blob/43d5832d25ccc597a9b94926b6ad43da25204085/docs/checks.md#ci-tests", "short": "Determines if the project runs tests before pull requests are merged." } }, @@ -80,7 +80,7 @@ "reason": "no effort to earn an OpenSSF best practices badge detected", "name": "CII-Best-Practices", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/975ee2304ef7097c94a377fe95976604b4adcf22/docs/checks.md#cii-best-practices", + "url": "https://github.com/ossf/scorecard/blob/43d5832d25ccc597a9b94926b6ad43da25204085/docs/checks.md#cii-best-practices", "short": "Determines if the project has an OpenSSF (formerly CII) Best Practices Badge." } }, @@ -90,7 +90,7 @@ "reason": "Found 2/4 approved changesets -- score normalized to 5", "name": "Code-Review", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/975ee2304ef7097c94a377fe95976604b4adcf22/docs/checks.md#code-review", + "url": "https://github.com/ossf/scorecard/blob/43d5832d25ccc597a9b94926b6ad43da25204085/docs/checks.md#code-review", "short": "Determines if the project requires human code review before pull requests (aka merge requests) are merged." } }, @@ -100,7 +100,7 @@ "reason": "project has 1 contributing companies or organizations -- score normalized to 3", "name": "Contributors", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/975ee2304ef7097c94a377fe95976604b4adcf22/docs/checks.md#contributors", + "url": "https://github.com/ossf/scorecard/blob/43d5832d25ccc597a9b94926b6ad43da25204085/docs/checks.md#contributors", "short": "Determines if the project has a set of contributors from multiple organizations (e.g., companies)." } }, @@ -110,7 +110,7 @@ "reason": "no workflows found", "name": "Dangerous-Workflow", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/975ee2304ef7097c94a377fe95976604b4adcf22/docs/checks.md#dangerous-workflow", + "url": "https://github.com/ossf/scorecard/blob/43d5832d25ccc597a9b94926b6ad43da25204085/docs/checks.md#dangerous-workflow", "short": "Determines if the project's GitHub Action workflows avoid dangerous patterns." } }, @@ -120,7 +120,7 @@ "reason": "update tool detected", "name": "Dependency-Update-Tool", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/975ee2304ef7097c94a377fe95976604b4adcf22/docs/checks.md#dependency-update-tool", + "url": "https://github.com/ossf/scorecard/blob/43d5832d25ccc597a9b94926b6ad43da25204085/docs/checks.md#dependency-update-tool", "short": "Determines if the project uses a dependency update tool." } }, @@ -130,7 +130,7 @@ "reason": "project is not fuzzed", "name": "Fuzzing", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/975ee2304ef7097c94a377fe95976604b4adcf22/docs/checks.md#fuzzing", + "url": "https://github.com/ossf/scorecard/blob/43d5832d25ccc597a9b94926b6ad43da25204085/docs/checks.md#fuzzing", "short": "Determines if the project uses fuzzing." } }, @@ -140,7 +140,7 @@ "reason": "license file detected", "name": "License", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/975ee2304ef7097c94a377fe95976604b4adcf22/docs/checks.md#license", + "url": "https://github.com/ossf/scorecard/blob/43d5832d25ccc597a9b94926b6ad43da25204085/docs/checks.md#license", "short": "Determines if the project has defined a license." } }, @@ -150,7 +150,7 @@ "reason": "0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0", "name": "Maintained", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/975ee2304ef7097c94a377fe95976604b4adcf22/docs/checks.md#maintained", + "url": "https://github.com/ossf/scorecard/blob/43d5832d25ccc597a9b94926b6ad43da25204085/docs/checks.md#maintained", "short": "Determines if the project is \"actively maintained\"." } }, @@ -160,7 +160,7 @@ "reason": "packaging workflow not detected", "name": "Packaging", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/975ee2304ef7097c94a377fe95976604b4adcf22/docs/checks.md#packaging", + "url": "https://github.com/ossf/scorecard/blob/43d5832d25ccc597a9b94926b6ad43da25204085/docs/checks.md#packaging", "short": "Determines if the project is published as a package that others can easily download, install, easily update, and uninstall." } }, @@ -170,7 +170,7 @@ "reason": "no dependencies found", "name": "Pinned-Dependencies", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/975ee2304ef7097c94a377fe95976604b4adcf22/docs/checks.md#pinned-dependencies", + "url": "https://github.com/ossf/scorecard/blob/43d5832d25ccc597a9b94926b6ad43da25204085/docs/checks.md#pinned-dependencies", "short": "Determines if the project has declared and pinned the dependencies of its build process." } }, @@ -180,7 +180,7 @@ "reason": "SAST tool is not run on all commits -- score normalized to 0", "name": "SAST", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/975ee2304ef7097c94a377fe95976604b4adcf22/docs/checks.md#sast", + "url": "https://github.com/ossf/scorecard/blob/43d5832d25ccc597a9b94926b6ad43da25204085/docs/checks.md#sast", "short": "Determines if the project uses static code analysis." } }, @@ -190,7 +190,7 @@ "reason": "security policy file not detected", "name": "Security-Policy", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/975ee2304ef7097c94a377fe95976604b4adcf22/docs/checks.md#security-policy", + "url": "https://github.com/ossf/scorecard/blob/43d5832d25ccc597a9b94926b6ad43da25204085/docs/checks.md#security-policy", "short": "Determines if the project has published a security policy." } }, @@ -200,7 +200,7 @@ "reason": "no releases found", "name": "Signed-Releases", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/975ee2304ef7097c94a377fe95976604b4adcf22/docs/checks.md#signed-releases", + "url": "https://github.com/ossf/scorecard/blob/43d5832d25ccc597a9b94926b6ad43da25204085/docs/checks.md#signed-releases", "short": "Determines if the project cryptographically signs release artifacts." } }, @@ -210,7 +210,7 @@ "reason": "No tokens found", "name": "Token-Permissions", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/975ee2304ef7097c94a377fe95976604b4adcf22/docs/checks.md#token-permissions", + "url": "https://github.com/ossf/scorecard/blob/43d5832d25ccc597a9b94926b6ad43da25204085/docs/checks.md#token-permissions", "short": "Determines if the project's workflows follow the principle of least privilege." } }, @@ -220,7 +220,7 @@ "reason": "11 existing vulnerabilities detected", "name": "Vulnerabilities", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/975ee2304ef7097c94a377fe95976604b4adcf22/docs/checks.md#vulnerabilities", + "url": "https://github.com/ossf/scorecard/blob/43d5832d25ccc597a9b94926b6ad43da25204085/docs/checks.md#vulnerabilities", "short": "Determines if the project has open, known unfixed vulnerabilities." } } diff --git a/app/site/_data/Enterprise-CMCS/macpro-mako/macpro-mako_data.json b/app/site/_data/Enterprise-CMCS/macpro-mako/macpro-mako_data.json index 605176106f..4eff478549 100644 --- a/app/site/_data/Enterprise-CMCS/macpro-mako/macpro-mako_data.json +++ b/app/site/_data/Enterprise-CMCS/macpro-mako/macpro-mako_data.json @@ -119,14 +119,14 @@ "nadia_badge_name": "midsize", "created_at": "2023-01-23T21:43:54Z", "ossf_scorecard": { - "date": "2025-01-05T08:53:06Z", + "date": "2025-01-11T00:15:09Z", "repo": { "name": "github.com/Enterprise-CMCS/macpro-mako", - "commit": "062511260d11995bd65021ae659433f6741d665a" + "commit": "b3f52d179b117f49f05ec8fc67c81bd89f37155b" }, "scorecard": { - "version": "v5.0.0-125-g975ee230", - "commit": "975ee2304ef7097c94a377fe95976604b4adcf22" + "version": "v5.0.0-132-g43d5832d", + "commit": "43d5832d25ccc597a9b94926b6ad43da25204085" }, "score": 6.4, "checks": [ @@ -136,7 +136,7 @@ "reason": "no binaries found in the repo", "name": "Binary-Artifacts", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/975ee2304ef7097c94a377fe95976604b4adcf22/docs/checks.md#binary-artifacts", + "url": "https://github.com/ossf/scorecard/blob/43d5832d25ccc597a9b94926b6ad43da25204085/docs/checks.md#binary-artifacts", "short": "Determines if the project has generated executable (binary) artifacts in the source repository." } }, @@ -146,7 +146,7 @@ "reason": "branch protection is not maximal on development and all release branches", "name": "Branch-Protection", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/975ee2304ef7097c94a377fe95976604b4adcf22/docs/checks.md#branch-protection", + "url": "https://github.com/ossf/scorecard/blob/43d5832d25ccc597a9b94926b6ad43da25204085/docs/checks.md#branch-protection", "short": "Determines if the default and release branches are protected with GitHub's branch protection settings." } }, @@ -156,7 +156,7 @@ "reason": "30 out of 30 merged PRs checked by a CI test -- score normalized to 10", "name": "CI-Tests", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/975ee2304ef7097c94a377fe95976604b4adcf22/docs/checks.md#ci-tests", + "url": "https://github.com/ossf/scorecard/blob/43d5832d25ccc597a9b94926b6ad43da25204085/docs/checks.md#ci-tests", "short": "Determines if the project runs tests before pull requests are merged." } }, @@ -166,7 +166,7 @@ "reason": "no effort to earn an OpenSSF best practices badge detected", "name": "CII-Best-Practices", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/975ee2304ef7097c94a377fe95976604b4adcf22/docs/checks.md#cii-best-practices", + "url": "https://github.com/ossf/scorecard/blob/43d5832d25ccc597a9b94926b6ad43da25204085/docs/checks.md#cii-best-practices", "short": "Determines if the project has an OpenSSF (formerly CII) Best Practices Badge." } }, @@ -176,17 +176,17 @@ "reason": "all changesets reviewed", "name": "Code-Review", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/975ee2304ef7097c94a377fe95976604b4adcf22/docs/checks.md#code-review", + "url": "https://github.com/ossf/scorecard/blob/43d5832d25ccc597a9b94926b6ad43da25204085/docs/checks.md#code-review", "short": "Determines if the project requires human code review before pull requests (aka merge requests) are merged." } }, { "details": null, "score": 10, - "reason": "project has 4 contributing companies or organizations", + "reason": "project has 5 contributing companies or organizations", "name": "Contributors", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/975ee2304ef7097c94a377fe95976604b4adcf22/docs/checks.md#contributors", + "url": "https://github.com/ossf/scorecard/blob/43d5832d25ccc597a9b94926b6ad43da25204085/docs/checks.md#contributors", "short": "Determines if the project has a set of contributors from multiple organizations (e.g., companies)." } }, @@ -196,7 +196,7 @@ "reason": "no dangerous workflow patterns detected", "name": "Dangerous-Workflow", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/975ee2304ef7097c94a377fe95976604b4adcf22/docs/checks.md#dangerous-workflow", + "url": "https://github.com/ossf/scorecard/blob/43d5832d25ccc597a9b94926b6ad43da25204085/docs/checks.md#dangerous-workflow", "short": "Determines if the project's GitHub Action workflows avoid dangerous patterns." } }, @@ -206,7 +206,7 @@ "reason": "update tool detected", "name": "Dependency-Update-Tool", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/975ee2304ef7097c94a377fe95976604b4adcf22/docs/checks.md#dependency-update-tool", + "url": "https://github.com/ossf/scorecard/blob/43d5832d25ccc597a9b94926b6ad43da25204085/docs/checks.md#dependency-update-tool", "short": "Determines if the project uses a dependency update tool." } }, @@ -216,7 +216,7 @@ "reason": "project is not fuzzed", "name": "Fuzzing", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/975ee2304ef7097c94a377fe95976604b4adcf22/docs/checks.md#fuzzing", + "url": "https://github.com/ossf/scorecard/blob/43d5832d25ccc597a9b94926b6ad43da25204085/docs/checks.md#fuzzing", "short": "Determines if the project uses fuzzing." } }, @@ -226,7 +226,7 @@ "reason": "license file detected", "name": "License", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/975ee2304ef7097c94a377fe95976604b4adcf22/docs/checks.md#license", + "url": "https://github.com/ossf/scorecard/blob/43d5832d25ccc597a9b94926b6ad43da25204085/docs/checks.md#license", "short": "Determines if the project has defined a license." } }, @@ -236,7 +236,7 @@ "reason": "30 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 10", "name": "Maintained", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/975ee2304ef7097c94a377fe95976604b4adcf22/docs/checks.md#maintained", + "url": "https://github.com/ossf/scorecard/blob/43d5832d25ccc597a9b94926b6ad43da25204085/docs/checks.md#maintained", "short": "Determines if the project is \"actively maintained\"." } }, @@ -246,7 +246,7 @@ "reason": "packaging workflow not detected", "name": "Packaging", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/975ee2304ef7097c94a377fe95976604b4adcf22/docs/checks.md#packaging", + "url": "https://github.com/ossf/scorecard/blob/43d5832d25ccc597a9b94926b6ad43da25204085/docs/checks.md#packaging", "short": "Determines if the project is published as a package that others can easily download, install, easily update, and uninstall." } }, @@ -256,7 +256,7 @@ "reason": "dependency not pinned by hash detected -- score normalized to 0", "name": "Pinned-Dependencies", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/975ee2304ef7097c94a377fe95976604b4adcf22/docs/checks.md#pinned-dependencies", + "url": "https://github.com/ossf/scorecard/blob/43d5832d25ccc597a9b94926b6ad43da25204085/docs/checks.md#pinned-dependencies", "short": "Determines if the project has declared and pinned the dependencies of its build process." } }, @@ -266,7 +266,7 @@ "reason": "SAST tool is not run on all commits -- score normalized to 0", "name": "SAST", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/975ee2304ef7097c94a377fe95976604b4adcf22/docs/checks.md#sast", + "url": "https://github.com/ossf/scorecard/blob/43d5832d25ccc597a9b94926b6ad43da25204085/docs/checks.md#sast", "short": "Determines if the project uses static code analysis." } }, @@ -276,7 +276,7 @@ "reason": "security policy file not detected", "name": "Security-Policy", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/975ee2304ef7097c94a377fe95976604b4adcf22/docs/checks.md#security-policy", + "url": "https://github.com/ossf/scorecard/blob/43d5832d25ccc597a9b94926b6ad43da25204085/docs/checks.md#security-policy", "short": "Determines if the project has published a security policy." } }, @@ -286,7 +286,7 @@ "reason": "no releases found", "name": "Signed-Releases", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/975ee2304ef7097c94a377fe95976604b4adcf22/docs/checks.md#signed-releases", + "url": "https://github.com/ossf/scorecard/blob/43d5832d25ccc597a9b94926b6ad43da25204085/docs/checks.md#signed-releases", "short": "Determines if the project cryptographically signs release artifacts." } }, @@ -296,7 +296,7 @@ "reason": "detected GitHub workflow tokens with excessive permissions", "name": "Token-Permissions", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/975ee2304ef7097c94a377fe95976604b4adcf22/docs/checks.md#token-permissions", + "url": "https://github.com/ossf/scorecard/blob/43d5832d25ccc597a9b94926b6ad43da25204085/docs/checks.md#token-permissions", "short": "Determines if the project's workflows follow the principle of least privilege." } }, @@ -306,7 +306,7 @@ "reason": "0 existing vulnerabilities detected", "name": "Vulnerabilities", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/975ee2304ef7097c94a377fe95976604b4adcf22/docs/checks.md#vulnerabilities", + "url": "https://github.com/ossf/scorecard/blob/43d5832d25ccc597a9b94926b6ad43da25204085/docs/checks.md#vulnerabilities", "short": "Determines if the project has open, known unfixed vulnerabilities." } } diff --git a/app/site/_data/Enterprise-CMCS/macpro-mdct-carts/macpro-mdct-carts_data.json b/app/site/_data/Enterprise-CMCS/macpro-mdct-carts/macpro-mdct-carts_data.json index b814c1acde..db6da8c07a 100644 --- a/app/site/_data/Enterprise-CMCS/macpro-mdct-carts/macpro-mdct-carts_data.json +++ b/app/site/_data/Enterprise-CMCS/macpro-mdct-carts/macpro-mdct-carts_data.json @@ -84,14 +84,14 @@ "nadia_badge_name": "club", "created_at": "2019-12-06T19:56:57Z", "ossf_scorecard": { - "date": "2025-01-05T08:55:48Z", + "date": "2025-01-11T00:17:59Z", "repo": { "name": "github.com/Enterprise-CMCS/macpro-mdct-carts", "commit": "ab739a36a7b4d2c97cb06110626cf95955e3a46c" }, "scorecard": { - "version": "v5.0.0-125-g975ee230", - "commit": "975ee2304ef7097c94a377fe95976604b4adcf22" + "version": "v5.0.0-132-g43d5832d", + "commit": "43d5832d25ccc597a9b94926b6ad43da25204085" }, "score": 5.1, "checks": [ @@ -101,7 +101,7 @@ "reason": "no binaries found in the repo", "name": "Binary-Artifacts", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/975ee2304ef7097c94a377fe95976604b4adcf22/docs/checks.md#binary-artifacts", + "url": "https://github.com/ossf/scorecard/blob/43d5832d25ccc597a9b94926b6ad43da25204085/docs/checks.md#binary-artifacts", "short": "Determines if the project has generated executable (binary) artifacts in the source repository." } }, @@ -111,7 +111,7 @@ "reason": "branch protection is not maximal on development and all release branches", "name": "Branch-Protection", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/975ee2304ef7097c94a377fe95976604b4adcf22/docs/checks.md#branch-protection", + "url": "https://github.com/ossf/scorecard/blob/43d5832d25ccc597a9b94926b6ad43da25204085/docs/checks.md#branch-protection", "short": "Determines if the default and release branches are protected with GitHub's branch protection settings." } }, @@ -121,7 +121,7 @@ "reason": "30 out of 30 merged PRs checked by a CI test -- score normalized to 10", "name": "CI-Tests", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/975ee2304ef7097c94a377fe95976604b4adcf22/docs/checks.md#ci-tests", + "url": "https://github.com/ossf/scorecard/blob/43d5832d25ccc597a9b94926b6ad43da25204085/docs/checks.md#ci-tests", "short": "Determines if the project runs tests before pull requests are merged." } }, @@ -131,7 +131,7 @@ "reason": "no effort to earn an OpenSSF best practices badge detected", "name": "CII-Best-Practices", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/975ee2304ef7097c94a377fe95976604b4adcf22/docs/checks.md#cii-best-practices", + "url": "https://github.com/ossf/scorecard/blob/43d5832d25ccc597a9b94926b6ad43da25204085/docs/checks.md#cii-best-practices", "short": "Determines if the project has an OpenSSF (formerly CII) Best Practices Badge." } }, @@ -141,7 +141,7 @@ "reason": "Found 25/30 approved changesets -- score normalized to 8", "name": "Code-Review", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/975ee2304ef7097c94a377fe95976604b4adcf22/docs/checks.md#code-review", + "url": "https://github.com/ossf/scorecard/blob/43d5832d25ccc597a9b94926b6ad43da25204085/docs/checks.md#code-review", "short": "Determines if the project requires human code review before pull requests (aka merge requests) are merged." } }, @@ -151,7 +151,7 @@ "reason": "project has 13 contributing companies or organizations", "name": "Contributors", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/975ee2304ef7097c94a377fe95976604b4adcf22/docs/checks.md#contributors", + "url": "https://github.com/ossf/scorecard/blob/43d5832d25ccc597a9b94926b6ad43da25204085/docs/checks.md#contributors", "short": "Determines if the project has a set of contributors from multiple organizations (e.g., companies)." } }, @@ -161,7 +161,7 @@ "reason": "dangerous workflow patterns detected", "name": "Dangerous-Workflow", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/975ee2304ef7097c94a377fe95976604b4adcf22/docs/checks.md#dangerous-workflow", + "url": "https://github.com/ossf/scorecard/blob/43d5832d25ccc597a9b94926b6ad43da25204085/docs/checks.md#dangerous-workflow", "short": "Determines if the project's GitHub Action workflows avoid dangerous patterns." } }, @@ -171,7 +171,7 @@ "reason": "update tool detected", "name": "Dependency-Update-Tool", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/975ee2304ef7097c94a377fe95976604b4adcf22/docs/checks.md#dependency-update-tool", + "url": "https://github.com/ossf/scorecard/blob/43d5832d25ccc597a9b94926b6ad43da25204085/docs/checks.md#dependency-update-tool", "short": "Determines if the project uses a dependency update tool." } }, @@ -181,7 +181,7 @@ "reason": "project is not fuzzed", "name": "Fuzzing", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/975ee2304ef7097c94a377fe95976604b4adcf22/docs/checks.md#fuzzing", + "url": "https://github.com/ossf/scorecard/blob/43d5832d25ccc597a9b94926b6ad43da25204085/docs/checks.md#fuzzing", "short": "Determines if the project uses fuzzing." } }, @@ -191,7 +191,7 @@ "reason": "license file detected", "name": "License", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/975ee2304ef7097c94a377fe95976604b4adcf22/docs/checks.md#license", + "url": "https://github.com/ossf/scorecard/blob/43d5832d25ccc597a9b94926b6ad43da25204085/docs/checks.md#license", "short": "Determines if the project has defined a license." } }, @@ -201,7 +201,7 @@ "reason": "30 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 10", "name": "Maintained", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/975ee2304ef7097c94a377fe95976604b4adcf22/docs/checks.md#maintained", + "url": "https://github.com/ossf/scorecard/blob/43d5832d25ccc597a9b94926b6ad43da25204085/docs/checks.md#maintained", "short": "Determines if the project is \"actively maintained\"." } }, @@ -211,7 +211,7 @@ "reason": "packaging workflow not detected", "name": "Packaging", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/975ee2304ef7097c94a377fe95976604b4adcf22/docs/checks.md#packaging", + "url": "https://github.com/ossf/scorecard/blob/43d5832d25ccc597a9b94926b6ad43da25204085/docs/checks.md#packaging", "short": "Determines if the project is published as a package that others can easily download, install, easily update, and uninstall." } }, @@ -221,7 +221,7 @@ "reason": "dependency not pinned by hash detected -- score normalized to 0", "name": "Pinned-Dependencies", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/975ee2304ef7097c94a377fe95976604b4adcf22/docs/checks.md#pinned-dependencies", + "url": "https://github.com/ossf/scorecard/blob/43d5832d25ccc597a9b94926b6ad43da25204085/docs/checks.md#pinned-dependencies", "short": "Determines if the project has declared and pinned the dependencies of its build process." } }, @@ -231,7 +231,7 @@ "reason": "SAST tool is run on all commits", "name": "SAST", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/975ee2304ef7097c94a377fe95976604b4adcf22/docs/checks.md#sast", + "url": "https://github.com/ossf/scorecard/blob/43d5832d25ccc597a9b94926b6ad43da25204085/docs/checks.md#sast", "short": "Determines if the project uses static code analysis." } }, @@ -241,7 +241,7 @@ "reason": "security policy file not detected", "name": "Security-Policy", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/975ee2304ef7097c94a377fe95976604b4adcf22/docs/checks.md#security-policy", + "url": "https://github.com/ossf/scorecard/blob/43d5832d25ccc597a9b94926b6ad43da25204085/docs/checks.md#security-policy", "short": "Determines if the project has published a security policy." } }, @@ -251,7 +251,7 @@ "reason": "no releases found", "name": "Signed-Releases", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/975ee2304ef7097c94a377fe95976604b4adcf22/docs/checks.md#signed-releases", + "url": "https://github.com/ossf/scorecard/blob/43d5832d25ccc597a9b94926b6ad43da25204085/docs/checks.md#signed-releases", "short": "Determines if the project cryptographically signs release artifacts." } }, @@ -261,7 +261,7 @@ "reason": "detected GitHub workflow tokens with excessive permissions", "name": "Token-Permissions", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/975ee2304ef7097c94a377fe95976604b4adcf22/docs/checks.md#token-permissions", + "url": "https://github.com/ossf/scorecard/blob/43d5832d25ccc597a9b94926b6ad43da25204085/docs/checks.md#token-permissions", "short": "Determines if the project's workflows follow the principle of least privilege." } }, @@ -271,7 +271,7 @@ "reason": "22 existing vulnerabilities detected", "name": "Vulnerabilities", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/975ee2304ef7097c94a377fe95976604b4adcf22/docs/checks.md#vulnerabilities", + "url": "https://github.com/ossf/scorecard/blob/43d5832d25ccc597a9b94926b6ad43da25204085/docs/checks.md#vulnerabilities", "short": "Determines if the project has open, known unfixed vulnerabilities." } } diff --git a/app/site/_data/Enterprise-CMCS/macpro-mdct-core/macpro-mdct-core_data.json b/app/site/_data/Enterprise-CMCS/macpro-mdct-core/macpro-mdct-core_data.json index 2c38817b4b..bf9c264037 100644 --- a/app/site/_data/Enterprise-CMCS/macpro-mdct-core/macpro-mdct-core_data.json +++ b/app/site/_data/Enterprise-CMCS/macpro-mdct-core/macpro-mdct-core_data.json @@ -40,14 +40,14 @@ "nadia_badge_name": "midsize", "created_at": "2023-07-24T14:47:20Z", "ossf_scorecard": { - "date": "2025-01-05T08:57:21Z", + "date": "2025-01-11T00:19:29Z", "repo": { "name": "github.com/Enterprise-CMCS/macpro-mdct-core", "commit": "d324e425febaafbf32a9d8af448b99b04d2ef828" }, "scorecard": { - "version": "v5.0.0-125-g975ee230", - "commit": "975ee2304ef7097c94a377fe95976604b4adcf22" + "version": "v5.0.0-132-g43d5832d", + "commit": "43d5832d25ccc597a9b94926b6ad43da25204085" }, "score": 5.5, "checks": [ @@ -57,7 +57,7 @@ "reason": "no binaries found in the repo", "name": "Binary-Artifacts", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/975ee2304ef7097c94a377fe95976604b4adcf22/docs/checks.md#binary-artifacts", + "url": "https://github.com/ossf/scorecard/blob/43d5832d25ccc597a9b94926b6ad43da25204085/docs/checks.md#binary-artifacts", "short": "Determines if the project has generated executable (binary) artifacts in the source repository." } }, @@ -67,7 +67,7 @@ "reason": "branch protection is not maximal on development and all release branches", "name": "Branch-Protection", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/975ee2304ef7097c94a377fe95976604b4adcf22/docs/checks.md#branch-protection", + "url": "https://github.com/ossf/scorecard/blob/43d5832d25ccc597a9b94926b6ad43da25204085/docs/checks.md#branch-protection", "short": "Determines if the default and release branches are protected with GitHub's branch protection settings." } }, @@ -77,7 +77,7 @@ "reason": "9 out of 9 merged PRs checked by a CI test -- score normalized to 10", "name": "CI-Tests", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/975ee2304ef7097c94a377fe95976604b4adcf22/docs/checks.md#ci-tests", + "url": "https://github.com/ossf/scorecard/blob/43d5832d25ccc597a9b94926b6ad43da25204085/docs/checks.md#ci-tests", "short": "Determines if the project runs tests before pull requests are merged." } }, @@ -87,7 +87,7 @@ "reason": "no effort to earn an OpenSSF best practices badge detected", "name": "CII-Best-Practices", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/975ee2304ef7097c94a377fe95976604b4adcf22/docs/checks.md#cii-best-practices", + "url": "https://github.com/ossf/scorecard/blob/43d5832d25ccc597a9b94926b6ad43da25204085/docs/checks.md#cii-best-practices", "short": "Determines if the project has an OpenSSF (formerly CII) Best Practices Badge." } }, @@ -97,7 +97,7 @@ "reason": "Found 7/30 approved changesets -- score normalized to 2", "name": "Code-Review", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/975ee2304ef7097c94a377fe95976604b4adcf22/docs/checks.md#code-review", + "url": "https://github.com/ossf/scorecard/blob/43d5832d25ccc597a9b94926b6ad43da25204085/docs/checks.md#code-review", "short": "Determines if the project requires human code review before pull requests (aka merge requests) are merged." } }, @@ -107,7 +107,7 @@ "reason": "project has 1 contributing companies or organizations -- score normalized to 3", "name": "Contributors", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/975ee2304ef7097c94a377fe95976604b4adcf22/docs/checks.md#contributors", + "url": "https://github.com/ossf/scorecard/blob/43d5832d25ccc597a9b94926b6ad43da25204085/docs/checks.md#contributors", "short": "Determines if the project has a set of contributors from multiple organizations (e.g., companies)." } }, @@ -117,7 +117,7 @@ "reason": "no dangerous workflow patterns detected", "name": "Dangerous-Workflow", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/975ee2304ef7097c94a377fe95976604b4adcf22/docs/checks.md#dangerous-workflow", + "url": "https://github.com/ossf/scorecard/blob/43d5832d25ccc597a9b94926b6ad43da25204085/docs/checks.md#dangerous-workflow", "short": "Determines if the project's GitHub Action workflows avoid dangerous patterns." } }, @@ -127,7 +127,7 @@ "reason": "update tool detected", "name": "Dependency-Update-Tool", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/975ee2304ef7097c94a377fe95976604b4adcf22/docs/checks.md#dependency-update-tool", + "url": "https://github.com/ossf/scorecard/blob/43d5832d25ccc597a9b94926b6ad43da25204085/docs/checks.md#dependency-update-tool", "short": "Determines if the project uses a dependency update tool." } }, @@ -137,7 +137,7 @@ "reason": "project is not fuzzed", "name": "Fuzzing", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/975ee2304ef7097c94a377fe95976604b4adcf22/docs/checks.md#fuzzing", + "url": "https://github.com/ossf/scorecard/blob/43d5832d25ccc597a9b94926b6ad43da25204085/docs/checks.md#fuzzing", "short": "Determines if the project uses fuzzing." } }, @@ -147,7 +147,7 @@ "reason": "license file detected", "name": "License", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/975ee2304ef7097c94a377fe95976604b4adcf22/docs/checks.md#license", + "url": "https://github.com/ossf/scorecard/blob/43d5832d25ccc597a9b94926b6ad43da25204085/docs/checks.md#license", "short": "Determines if the project has defined a license." } }, @@ -157,7 +157,7 @@ "reason": "0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0", "name": "Maintained", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/975ee2304ef7097c94a377fe95976604b4adcf22/docs/checks.md#maintained", + "url": "https://github.com/ossf/scorecard/blob/43d5832d25ccc597a9b94926b6ad43da25204085/docs/checks.md#maintained", "short": "Determines if the project is \"actively maintained\"." } }, @@ -167,7 +167,7 @@ "reason": "packaging workflow not detected", "name": "Packaging", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/975ee2304ef7097c94a377fe95976604b4adcf22/docs/checks.md#packaging", + "url": "https://github.com/ossf/scorecard/blob/43d5832d25ccc597a9b94926b6ad43da25204085/docs/checks.md#packaging", "short": "Determines if the project is published as a package that others can easily download, install, easily update, and uninstall." } }, @@ -177,7 +177,7 @@ "reason": "dependency not pinned by hash detected -- score normalized to 0", "name": "Pinned-Dependencies", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/975ee2304ef7097c94a377fe95976604b4adcf22/docs/checks.md#pinned-dependencies", + "url": "https://github.com/ossf/scorecard/blob/43d5832d25ccc597a9b94926b6ad43da25204085/docs/checks.md#pinned-dependencies", "short": "Determines if the project has declared and pinned the dependencies of its build process." } }, @@ -187,7 +187,7 @@ "reason": "SAST tool is run on all commits", "name": "SAST", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/975ee2304ef7097c94a377fe95976604b4adcf22/docs/checks.md#sast", + "url": "https://github.com/ossf/scorecard/blob/43d5832d25ccc597a9b94926b6ad43da25204085/docs/checks.md#sast", "short": "Determines if the project uses static code analysis." } }, @@ -197,7 +197,7 @@ "reason": "security policy file not detected", "name": "Security-Policy", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/975ee2304ef7097c94a377fe95976604b4adcf22/docs/checks.md#security-policy", + "url": "https://github.com/ossf/scorecard/blob/43d5832d25ccc597a9b94926b6ad43da25204085/docs/checks.md#security-policy", "short": "Determines if the project has published a security policy." } }, @@ -207,7 +207,7 @@ "reason": "no releases found", "name": "Signed-Releases", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/975ee2304ef7097c94a377fe95976604b4adcf22/docs/checks.md#signed-releases", + "url": "https://github.com/ossf/scorecard/blob/43d5832d25ccc597a9b94926b6ad43da25204085/docs/checks.md#signed-releases", "short": "Determines if the project cryptographically signs release artifacts." } }, @@ -217,7 +217,7 @@ "reason": "detected GitHub workflow tokens with excessive permissions", "name": "Token-Permissions", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/975ee2304ef7097c94a377fe95976604b4adcf22/docs/checks.md#token-permissions", + "url": "https://github.com/ossf/scorecard/blob/43d5832d25ccc597a9b94926b6ad43da25204085/docs/checks.md#token-permissions", "short": "Determines if the project's workflows follow the principle of least privilege." } }, @@ -227,7 +227,7 @@ "reason": "0 existing vulnerabilities detected", "name": "Vulnerabilities", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/975ee2304ef7097c94a377fe95976604b4adcf22/docs/checks.md#vulnerabilities", + "url": "https://github.com/ossf/scorecard/blob/43d5832d25ccc597a9b94926b6ad43da25204085/docs/checks.md#vulnerabilities", "short": "Determines if the project has open, known unfixed vulnerabilities." } } diff --git a/app/site/_data/Enterprise-CMCS/macpro-mdct-mcr/macpro-mdct-mcr_data.json b/app/site/_data/Enterprise-CMCS/macpro-mdct-mcr/macpro-mdct-mcr_data.json index c5458887da..e668d8c901 100644 --- a/app/site/_data/Enterprise-CMCS/macpro-mdct-mcr/macpro-mdct-mcr_data.json +++ b/app/site/_data/Enterprise-CMCS/macpro-mdct-mcr/macpro-mdct-mcr_data.json @@ -95,16 +95,16 @@ "nadia_badge_name": "midsize", "created_at": "2022-03-04T14:51:19Z", "ossf_scorecard": { - "date": "2025-01-05T08:55:04Z", + "date": "2025-01-11T00:17:10Z", "repo": { "name": "github.com/Enterprise-CMCS/macpro-mdct-mcr", - "commit": "5c30f2958069f6e751eb0fa8e558a58eff561169" + "commit": "a882c626a361b976479f2a4d77c5326c22b5eb5f" }, "scorecard": { - "version": "v5.0.0-125-g975ee230", - "commit": "975ee2304ef7097c94a377fe95976604b4adcf22" + "version": "v5.0.0-132-g43d5832d", + "commit": "43d5832d25ccc597a9b94926b6ad43da25204085" }, - "score": 5.1, + "score": 5.2, "checks": [ { "details": null, @@ -112,7 +112,7 @@ "reason": "no binaries found in the repo", "name": "Binary-Artifacts", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/975ee2304ef7097c94a377fe95976604b4adcf22/docs/checks.md#binary-artifacts", + "url": "https://github.com/ossf/scorecard/blob/43d5832d25ccc597a9b94926b6ad43da25204085/docs/checks.md#binary-artifacts", "short": "Determines if the project has generated executable (binary) artifacts in the source repository." } }, @@ -122,17 +122,17 @@ "reason": "branch protection is not maximal on development and all release branches", "name": "Branch-Protection", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/975ee2304ef7097c94a377fe95976604b4adcf22/docs/checks.md#branch-protection", + "url": "https://github.com/ossf/scorecard/blob/43d5832d25ccc597a9b94926b6ad43da25204085/docs/checks.md#branch-protection", "short": "Determines if the default and release branches are protected with GitHub's branch protection settings." } }, { "details": null, "score": 10, - "reason": "29 out of 29 merged PRs checked by a CI test -- score normalized to 10", + "reason": "30 out of 30 merged PRs checked by a CI test -- score normalized to 10", "name": "CI-Tests", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/975ee2304ef7097c94a377fe95976604b4adcf22/docs/checks.md#ci-tests", + "url": "https://github.com/ossf/scorecard/blob/43d5832d25ccc597a9b94926b6ad43da25204085/docs/checks.md#ci-tests", "short": "Determines if the project runs tests before pull requests are merged." } }, @@ -142,17 +142,17 @@ "reason": "no effort to earn an OpenSSF best practices badge detected", "name": "CII-Best-Practices", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/975ee2304ef7097c94a377fe95976604b4adcf22/docs/checks.md#cii-best-practices", + "url": "https://github.com/ossf/scorecard/blob/43d5832d25ccc597a9b94926b6ad43da25204085/docs/checks.md#cii-best-practices", "short": "Determines if the project has an OpenSSF (formerly CII) Best Practices Badge." } }, { "details": null, - "score": 9, - "reason": "Found 29/30 approved changesets -- score normalized to 9", + "score": 10, + "reason": "all changesets reviewed", "name": "Code-Review", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/975ee2304ef7097c94a377fe95976604b4adcf22/docs/checks.md#code-review", + "url": "https://github.com/ossf/scorecard/blob/43d5832d25ccc597a9b94926b6ad43da25204085/docs/checks.md#code-review", "short": "Determines if the project requires human code review before pull requests (aka merge requests) are merged." } }, @@ -162,7 +162,7 @@ "reason": "project has 4 contributing companies or organizations", "name": "Contributors", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/975ee2304ef7097c94a377fe95976604b4adcf22/docs/checks.md#contributors", + "url": "https://github.com/ossf/scorecard/blob/43d5832d25ccc597a9b94926b6ad43da25204085/docs/checks.md#contributors", "short": "Determines if the project has a set of contributors from multiple organizations (e.g., companies)." } }, @@ -172,7 +172,7 @@ "reason": "dangerous workflow patterns detected", "name": "Dangerous-Workflow", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/975ee2304ef7097c94a377fe95976604b4adcf22/docs/checks.md#dangerous-workflow", + "url": "https://github.com/ossf/scorecard/blob/43d5832d25ccc597a9b94926b6ad43da25204085/docs/checks.md#dangerous-workflow", "short": "Determines if the project's GitHub Action workflows avoid dangerous patterns." } }, @@ -182,7 +182,7 @@ "reason": "update tool detected", "name": "Dependency-Update-Tool", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/975ee2304ef7097c94a377fe95976604b4adcf22/docs/checks.md#dependency-update-tool", + "url": "https://github.com/ossf/scorecard/blob/43d5832d25ccc597a9b94926b6ad43da25204085/docs/checks.md#dependency-update-tool", "short": "Determines if the project uses a dependency update tool." } }, @@ -192,7 +192,7 @@ "reason": "project is not fuzzed", "name": "Fuzzing", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/975ee2304ef7097c94a377fe95976604b4adcf22/docs/checks.md#fuzzing", + "url": "https://github.com/ossf/scorecard/blob/43d5832d25ccc597a9b94926b6ad43da25204085/docs/checks.md#fuzzing", "short": "Determines if the project uses fuzzing." } }, @@ -202,7 +202,7 @@ "reason": "license file detected", "name": "License", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/975ee2304ef7097c94a377fe95976604b4adcf22/docs/checks.md#license", + "url": "https://github.com/ossf/scorecard/blob/43d5832d25ccc597a9b94926b6ad43da25204085/docs/checks.md#license", "short": "Determines if the project has defined a license." } }, @@ -212,7 +212,7 @@ "reason": "30 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 10", "name": "Maintained", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/975ee2304ef7097c94a377fe95976604b4adcf22/docs/checks.md#maintained", + "url": "https://github.com/ossf/scorecard/blob/43d5832d25ccc597a9b94926b6ad43da25204085/docs/checks.md#maintained", "short": "Determines if the project is \"actively maintained\"." } }, @@ -222,7 +222,7 @@ "reason": "packaging workflow not detected", "name": "Packaging", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/975ee2304ef7097c94a377fe95976604b4adcf22/docs/checks.md#packaging", + "url": "https://github.com/ossf/scorecard/blob/43d5832d25ccc597a9b94926b6ad43da25204085/docs/checks.md#packaging", "short": "Determines if the project is published as a package that others can easily download, install, easily update, and uninstall." } }, @@ -232,7 +232,7 @@ "reason": "dependency not pinned by hash detected -- score normalized to 0", "name": "Pinned-Dependencies", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/975ee2304ef7097c94a377fe95976604b4adcf22/docs/checks.md#pinned-dependencies", + "url": "https://github.com/ossf/scorecard/blob/43d5832d25ccc597a9b94926b6ad43da25204085/docs/checks.md#pinned-dependencies", "short": "Determines if the project has declared and pinned the dependencies of its build process." } }, @@ -242,7 +242,7 @@ "reason": "SAST tool is run on all commits", "name": "SAST", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/975ee2304ef7097c94a377fe95976604b4adcf22/docs/checks.md#sast", + "url": "https://github.com/ossf/scorecard/blob/43d5832d25ccc597a9b94926b6ad43da25204085/docs/checks.md#sast", "short": "Determines if the project uses static code analysis." } }, @@ -252,7 +252,7 @@ "reason": "security policy file not detected", "name": "Security-Policy", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/975ee2304ef7097c94a377fe95976604b4adcf22/docs/checks.md#security-policy", + "url": "https://github.com/ossf/scorecard/blob/43d5832d25ccc597a9b94926b6ad43da25204085/docs/checks.md#security-policy", "short": "Determines if the project has published a security policy." } }, @@ -262,7 +262,7 @@ "reason": "no releases found", "name": "Signed-Releases", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/975ee2304ef7097c94a377fe95976604b4adcf22/docs/checks.md#signed-releases", + "url": "https://github.com/ossf/scorecard/blob/43d5832d25ccc597a9b94926b6ad43da25204085/docs/checks.md#signed-releases", "short": "Determines if the project cryptographically signs release artifacts." } }, @@ -272,7 +272,7 @@ "reason": "detected GitHub workflow tokens with excessive permissions", "name": "Token-Permissions", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/975ee2304ef7097c94a377fe95976604b4adcf22/docs/checks.md#token-permissions", + "url": "https://github.com/ossf/scorecard/blob/43d5832d25ccc597a9b94926b6ad43da25204085/docs/checks.md#token-permissions", "short": "Determines if the project's workflows follow the principle of least privilege." } }, @@ -282,7 +282,7 @@ "reason": "19 existing vulnerabilities detected", "name": "Vulnerabilities", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/975ee2304ef7097c94a377fe95976604b4adcf22/docs/checks.md#vulnerabilities", + "url": "https://github.com/ossf/scorecard/blob/43d5832d25ccc597a9b94926b6ad43da25204085/docs/checks.md#vulnerabilities", "short": "Determines if the project has open, known unfixed vulnerabilities." } } diff --git a/app/site/_data/Enterprise-CMCS/macpro-mdct-mfp/macpro-mdct-mfp_data.json b/app/site/_data/Enterprise-CMCS/macpro-mdct-mfp/macpro-mdct-mfp_data.json index e56b5d800f..d61d18d2cb 100644 --- a/app/site/_data/Enterprise-CMCS/macpro-mdct-mfp/macpro-mdct-mfp_data.json +++ b/app/site/_data/Enterprise-CMCS/macpro-mdct-mfp/macpro-mdct-mfp_data.json @@ -85,14 +85,14 @@ "nadia_badge_name": "midsize", "created_at": "2023-02-02T15:07:39Z", "ossf_scorecard": { - "date": "2025-01-05T08:50:03Z", + "date": "2025-01-11T00:11:44Z", "repo": { "name": "github.com/Enterprise-CMCS/macpro-mdct-mfp", - "commit": "9aff705dc5d6f781d396721db4a6a50e9a088129" + "commit": "524bd5a65042017f1a00f9dfe61783dea2d587ae" }, "scorecard": { - "version": "v5.0.0-125-g975ee230", - "commit": "975ee2304ef7097c94a377fe95976604b4adcf22" + "version": "v5.0.0-132-g43d5832d", + "commit": "43d5832d25ccc597a9b94926b6ad43da25204085" }, "score": 5.1, "checks": [ @@ -102,7 +102,7 @@ "reason": "no binaries found in the repo", "name": "Binary-Artifacts", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/975ee2304ef7097c94a377fe95976604b4adcf22/docs/checks.md#binary-artifacts", + "url": "https://github.com/ossf/scorecard/blob/43d5832d25ccc597a9b94926b6ad43da25204085/docs/checks.md#binary-artifacts", "short": "Determines if the project has generated executable (binary) artifacts in the source repository." } }, @@ -112,7 +112,7 @@ "reason": "branch protection is not maximal on development and all release branches", "name": "Branch-Protection", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/975ee2304ef7097c94a377fe95976604b4adcf22/docs/checks.md#branch-protection", + "url": "https://github.com/ossf/scorecard/blob/43d5832d25ccc597a9b94926b6ad43da25204085/docs/checks.md#branch-protection", "short": "Determines if the default and release branches are protected with GitHub's branch protection settings." } }, @@ -122,7 +122,7 @@ "reason": "30 out of 30 merged PRs checked by a CI test -- score normalized to 10", "name": "CI-Tests", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/975ee2304ef7097c94a377fe95976604b4adcf22/docs/checks.md#ci-tests", + "url": "https://github.com/ossf/scorecard/blob/43d5832d25ccc597a9b94926b6ad43da25204085/docs/checks.md#ci-tests", "short": "Determines if the project runs tests before pull requests are merged." } }, @@ -132,17 +132,17 @@ "reason": "no effort to earn an OpenSSF best practices badge detected", "name": "CII-Best-Practices", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/975ee2304ef7097c94a377fe95976604b4adcf22/docs/checks.md#cii-best-practices", + "url": "https://github.com/ossf/scorecard/blob/43d5832d25ccc597a9b94926b6ad43da25204085/docs/checks.md#cii-best-practices", "short": "Determines if the project has an OpenSSF (formerly CII) Best Practices Badge." } }, { "details": null, - "score": 9, - "reason": "Found 29/30 approved changesets -- score normalized to 9", + "score": 10, + "reason": "all changesets reviewed", "name": "Code-Review", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/975ee2304ef7097c94a377fe95976604b4adcf22/docs/checks.md#code-review", + "url": "https://github.com/ossf/scorecard/blob/43d5832d25ccc597a9b94926b6ad43da25204085/docs/checks.md#code-review", "short": "Determines if the project requires human code review before pull requests (aka merge requests) are merged." } }, @@ -152,7 +152,7 @@ "reason": "project has 2 contributing companies or organizations -- score normalized to 6", "name": "Contributors", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/975ee2304ef7097c94a377fe95976604b4adcf22/docs/checks.md#contributors", + "url": "https://github.com/ossf/scorecard/blob/43d5832d25ccc597a9b94926b6ad43da25204085/docs/checks.md#contributors", "short": "Determines if the project has a set of contributors from multiple organizations (e.g., companies)." } }, @@ -162,7 +162,7 @@ "reason": "dangerous workflow patterns detected", "name": "Dangerous-Workflow", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/975ee2304ef7097c94a377fe95976604b4adcf22/docs/checks.md#dangerous-workflow", + "url": "https://github.com/ossf/scorecard/blob/43d5832d25ccc597a9b94926b6ad43da25204085/docs/checks.md#dangerous-workflow", "short": "Determines if the project's GitHub Action workflows avoid dangerous patterns." } }, @@ -172,7 +172,7 @@ "reason": "update tool detected", "name": "Dependency-Update-Tool", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/975ee2304ef7097c94a377fe95976604b4adcf22/docs/checks.md#dependency-update-tool", + "url": "https://github.com/ossf/scorecard/blob/43d5832d25ccc597a9b94926b6ad43da25204085/docs/checks.md#dependency-update-tool", "short": "Determines if the project uses a dependency update tool." } }, @@ -182,7 +182,7 @@ "reason": "project is not fuzzed", "name": "Fuzzing", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/975ee2304ef7097c94a377fe95976604b4adcf22/docs/checks.md#fuzzing", + "url": "https://github.com/ossf/scorecard/blob/43d5832d25ccc597a9b94926b6ad43da25204085/docs/checks.md#fuzzing", "short": "Determines if the project uses fuzzing." } }, @@ -192,7 +192,7 @@ "reason": "license file detected", "name": "License", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/975ee2304ef7097c94a377fe95976604b4adcf22/docs/checks.md#license", + "url": "https://github.com/ossf/scorecard/blob/43d5832d25ccc597a9b94926b6ad43da25204085/docs/checks.md#license", "short": "Determines if the project has defined a license." } }, @@ -202,7 +202,7 @@ "reason": "30 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 10", "name": "Maintained", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/975ee2304ef7097c94a377fe95976604b4adcf22/docs/checks.md#maintained", + "url": "https://github.com/ossf/scorecard/blob/43d5832d25ccc597a9b94926b6ad43da25204085/docs/checks.md#maintained", "short": "Determines if the project is \"actively maintained\"." } }, @@ -212,7 +212,7 @@ "reason": "packaging workflow not detected", "name": "Packaging", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/975ee2304ef7097c94a377fe95976604b4adcf22/docs/checks.md#packaging", + "url": "https://github.com/ossf/scorecard/blob/43d5832d25ccc597a9b94926b6ad43da25204085/docs/checks.md#packaging", "short": "Determines if the project is published as a package that others can easily download, install, easily update, and uninstall." } }, @@ -222,7 +222,7 @@ "reason": "dependency not pinned by hash detected -- score normalized to 0", "name": "Pinned-Dependencies", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/975ee2304ef7097c94a377fe95976604b4adcf22/docs/checks.md#pinned-dependencies", + "url": "https://github.com/ossf/scorecard/blob/43d5832d25ccc597a9b94926b6ad43da25204085/docs/checks.md#pinned-dependencies", "short": "Determines if the project has declared and pinned the dependencies of its build process." } }, @@ -232,7 +232,7 @@ "reason": "SAST tool is run on all commits", "name": "SAST", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/975ee2304ef7097c94a377fe95976604b4adcf22/docs/checks.md#sast", + "url": "https://github.com/ossf/scorecard/blob/43d5832d25ccc597a9b94926b6ad43da25204085/docs/checks.md#sast", "short": "Determines if the project uses static code analysis." } }, @@ -242,7 +242,7 @@ "reason": "security policy file not detected", "name": "Security-Policy", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/975ee2304ef7097c94a377fe95976604b4adcf22/docs/checks.md#security-policy", + "url": "https://github.com/ossf/scorecard/blob/43d5832d25ccc597a9b94926b6ad43da25204085/docs/checks.md#security-policy", "short": "Determines if the project has published a security policy." } }, @@ -252,7 +252,7 @@ "reason": "no releases found", "name": "Signed-Releases", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/975ee2304ef7097c94a377fe95976604b4adcf22/docs/checks.md#signed-releases", + "url": "https://github.com/ossf/scorecard/blob/43d5832d25ccc597a9b94926b6ad43da25204085/docs/checks.md#signed-releases", "short": "Determines if the project cryptographically signs release artifacts." } }, @@ -262,7 +262,7 @@ "reason": "detected GitHub workflow tokens with excessive permissions", "name": "Token-Permissions", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/975ee2304ef7097c94a377fe95976604b4adcf22/docs/checks.md#token-permissions", + "url": "https://github.com/ossf/scorecard/blob/43d5832d25ccc597a9b94926b6ad43da25204085/docs/checks.md#token-permissions", "short": "Determines if the project's workflows follow the principle of least privilege." } }, @@ -272,7 +272,7 @@ "reason": "16 existing vulnerabilities detected", "name": "Vulnerabilities", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/975ee2304ef7097c94a377fe95976604b4adcf22/docs/checks.md#vulnerabilities", + "url": "https://github.com/ossf/scorecard/blob/43d5832d25ccc597a9b94926b6ad43da25204085/docs/checks.md#vulnerabilities", "short": "Determines if the project has open, known unfixed vulnerabilities." } } diff --git a/app/site/_data/Enterprise-CMCS/macpro-mdct-qmr/macpro-mdct-qmr_data.json b/app/site/_data/Enterprise-CMCS/macpro-mdct-qmr/macpro-mdct-qmr_data.json index b138223a3c..55e1965331 100644 --- a/app/site/_data/Enterprise-CMCS/macpro-mdct-qmr/macpro-mdct-qmr_data.json +++ b/app/site/_data/Enterprise-CMCS/macpro-mdct-qmr/macpro-mdct-qmr_data.json @@ -104,14 +104,14 @@ "nadia_badge_name": "midsize", "created_at": "2021-02-25T16:57:16Z", "ossf_scorecard": { - "date": "2025-01-05T08:53:31Z", + "date": "2025-01-11T00:15:31Z", "repo": { "name": "github.com/Enterprise-CMCS/macpro-mdct-qmr", - "commit": "3b43b50580bb041ade1ec6ea8163a77010233c49" + "commit": "f2a1304f6556b687378aacf7ce44770828efdce5" }, "scorecard": { - "version": "v5.0.0-125-g975ee230", - "commit": "975ee2304ef7097c94a377fe95976604b4adcf22" + "version": "v5.0.0-132-g43d5832d", + "commit": "43d5832d25ccc597a9b94926b6ad43da25204085" }, "score": 5.2, "checks": [ @@ -121,7 +121,7 @@ "reason": "no binaries found in the repo", "name": "Binary-Artifacts", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/975ee2304ef7097c94a377fe95976604b4adcf22/docs/checks.md#binary-artifacts", + "url": "https://github.com/ossf/scorecard/blob/43d5832d25ccc597a9b94926b6ad43da25204085/docs/checks.md#binary-artifacts", "short": "Determines if the project has generated executable (binary) artifacts in the source repository." } }, @@ -131,17 +131,17 @@ "reason": "branch protection is not maximal on development and all release branches", "name": "Branch-Protection", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/975ee2304ef7097c94a377fe95976604b4adcf22/docs/checks.md#branch-protection", + "url": "https://github.com/ossf/scorecard/blob/43d5832d25ccc597a9b94926b6ad43da25204085/docs/checks.md#branch-protection", "short": "Determines if the default and release branches are protected with GitHub's branch protection settings." } }, { "details": null, "score": 10, - "reason": "28 out of 28 merged PRs checked by a CI test -- score normalized to 10", + "reason": "29 out of 29 merged PRs checked by a CI test -- score normalized to 10", "name": "CI-Tests", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/975ee2304ef7097c94a377fe95976604b4adcf22/docs/checks.md#ci-tests", + "url": "https://github.com/ossf/scorecard/blob/43d5832d25ccc597a9b94926b6ad43da25204085/docs/checks.md#ci-tests", "short": "Determines if the project runs tests before pull requests are merged." } }, @@ -151,7 +151,7 @@ "reason": "no effort to earn an OpenSSF best practices badge detected", "name": "CII-Best-Practices", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/975ee2304ef7097c94a377fe95976604b4adcf22/docs/checks.md#cii-best-practices", + "url": "https://github.com/ossf/scorecard/blob/43d5832d25ccc597a9b94926b6ad43da25204085/docs/checks.md#cii-best-practices", "short": "Determines if the project has an OpenSSF (formerly CII) Best Practices Badge." } }, @@ -161,7 +161,7 @@ "reason": "all changesets reviewed", "name": "Code-Review", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/975ee2304ef7097c94a377fe95976604b4adcf22/docs/checks.md#code-review", + "url": "https://github.com/ossf/scorecard/blob/43d5832d25ccc597a9b94926b6ad43da25204085/docs/checks.md#code-review", "short": "Determines if the project requires human code review before pull requests (aka merge requests) are merged." } }, @@ -171,7 +171,7 @@ "reason": "project has 6 contributing companies or organizations", "name": "Contributors", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/975ee2304ef7097c94a377fe95976604b4adcf22/docs/checks.md#contributors", + "url": "https://github.com/ossf/scorecard/blob/43d5832d25ccc597a9b94926b6ad43da25204085/docs/checks.md#contributors", "short": "Determines if the project has a set of contributors from multiple organizations (e.g., companies)." } }, @@ -181,7 +181,7 @@ "reason": "dangerous workflow patterns detected", "name": "Dangerous-Workflow", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/975ee2304ef7097c94a377fe95976604b4adcf22/docs/checks.md#dangerous-workflow", + "url": "https://github.com/ossf/scorecard/blob/43d5832d25ccc597a9b94926b6ad43da25204085/docs/checks.md#dangerous-workflow", "short": "Determines if the project's GitHub Action workflows avoid dangerous patterns." } }, @@ -191,7 +191,7 @@ "reason": "update tool detected", "name": "Dependency-Update-Tool", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/975ee2304ef7097c94a377fe95976604b4adcf22/docs/checks.md#dependency-update-tool", + "url": "https://github.com/ossf/scorecard/blob/43d5832d25ccc597a9b94926b6ad43da25204085/docs/checks.md#dependency-update-tool", "short": "Determines if the project uses a dependency update tool." } }, @@ -201,7 +201,7 @@ "reason": "project is not fuzzed", "name": "Fuzzing", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/975ee2304ef7097c94a377fe95976604b4adcf22/docs/checks.md#fuzzing", + "url": "https://github.com/ossf/scorecard/blob/43d5832d25ccc597a9b94926b6ad43da25204085/docs/checks.md#fuzzing", "short": "Determines if the project uses fuzzing." } }, @@ -211,7 +211,7 @@ "reason": "license file detected", "name": "License", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/975ee2304ef7097c94a377fe95976604b4adcf22/docs/checks.md#license", + "url": "https://github.com/ossf/scorecard/blob/43d5832d25ccc597a9b94926b6ad43da25204085/docs/checks.md#license", "short": "Determines if the project has defined a license." } }, @@ -221,7 +221,7 @@ "reason": "30 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 10", "name": "Maintained", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/975ee2304ef7097c94a377fe95976604b4adcf22/docs/checks.md#maintained", + "url": "https://github.com/ossf/scorecard/blob/43d5832d25ccc597a9b94926b6ad43da25204085/docs/checks.md#maintained", "short": "Determines if the project is \"actively maintained\"." } }, @@ -231,7 +231,7 @@ "reason": "packaging workflow not detected", "name": "Packaging", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/975ee2304ef7097c94a377fe95976604b4adcf22/docs/checks.md#packaging", + "url": "https://github.com/ossf/scorecard/blob/43d5832d25ccc597a9b94926b6ad43da25204085/docs/checks.md#packaging", "short": "Determines if the project is published as a package that others can easily download, install, easily update, and uninstall." } }, @@ -241,7 +241,7 @@ "reason": "dependency not pinned by hash detected -- score normalized to 0", "name": "Pinned-Dependencies", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/975ee2304ef7097c94a377fe95976604b4adcf22/docs/checks.md#pinned-dependencies", + "url": "https://github.com/ossf/scorecard/blob/43d5832d25ccc597a9b94926b6ad43da25204085/docs/checks.md#pinned-dependencies", "short": "Determines if the project has declared and pinned the dependencies of its build process." } }, @@ -251,7 +251,7 @@ "reason": "SAST tool is run on all commits", "name": "SAST", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/975ee2304ef7097c94a377fe95976604b4adcf22/docs/checks.md#sast", + "url": "https://github.com/ossf/scorecard/blob/43d5832d25ccc597a9b94926b6ad43da25204085/docs/checks.md#sast", "short": "Determines if the project uses static code analysis." } }, @@ -261,7 +261,7 @@ "reason": "security policy file not detected", "name": "Security-Policy", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/975ee2304ef7097c94a377fe95976604b4adcf22/docs/checks.md#security-policy", + "url": "https://github.com/ossf/scorecard/blob/43d5832d25ccc597a9b94926b6ad43da25204085/docs/checks.md#security-policy", "short": "Determines if the project has published a security policy." } }, @@ -271,7 +271,7 @@ "reason": "no releases found", "name": "Signed-Releases", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/975ee2304ef7097c94a377fe95976604b4adcf22/docs/checks.md#signed-releases", + "url": "https://github.com/ossf/scorecard/blob/43d5832d25ccc597a9b94926b6ad43da25204085/docs/checks.md#signed-releases", "short": "Determines if the project cryptographically signs release artifacts." } }, @@ -281,7 +281,7 @@ "reason": "detected GitHub workflow tokens with excessive permissions", "name": "Token-Permissions", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/975ee2304ef7097c94a377fe95976604b4adcf22/docs/checks.md#token-permissions", + "url": "https://github.com/ossf/scorecard/blob/43d5832d25ccc597a9b94926b6ad43da25204085/docs/checks.md#token-permissions", "short": "Determines if the project's workflows follow the principle of least privilege." } }, @@ -291,7 +291,7 @@ "reason": "21 existing vulnerabilities detected", "name": "Vulnerabilities", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/975ee2304ef7097c94a377fe95976604b4adcf22/docs/checks.md#vulnerabilities", + "url": "https://github.com/ossf/scorecard/blob/43d5832d25ccc597a9b94926b6ad43da25204085/docs/checks.md#vulnerabilities", "short": "Determines if the project has open, known unfixed vulnerabilities." } } diff --git a/app/site/_data/Enterprise-CMCS/macpro-mdct-seds/macpro-mdct-seds_data.json b/app/site/_data/Enterprise-CMCS/macpro-mdct-seds/macpro-mdct-seds_data.json index 02ea5ee870..b16a38084b 100644 --- a/app/site/_data/Enterprise-CMCS/macpro-mdct-seds/macpro-mdct-seds_data.json +++ b/app/site/_data/Enterprise-CMCS/macpro-mdct-seds/macpro-mdct-seds_data.json @@ -105,16 +105,16 @@ "nadia_badge_name": "midsize", "created_at": "2020-12-04T19:41:29Z", "ossf_scorecard": { - "date": "2025-01-05T08:54:12Z", + "date": "2025-01-11T00:16:16Z", "repo": { "name": "github.com/Enterprise-CMCS/macpro-mdct-seds", "commit": "9366a9ad4c15a7f3e0f10992c356af65bebc91dc" }, "scorecard": { - "version": "v5.0.0-125-g975ee230", - "commit": "975ee2304ef7097c94a377fe95976604b4adcf22" + "version": "v5.0.0-132-g43d5832d", + "commit": "43d5832d25ccc597a9b94926b6ad43da25204085" }, - "score": 5.1, + "score": 5, "checks": [ { "details": null, @@ -122,7 +122,7 @@ "reason": "binaries present in source code", "name": "Binary-Artifacts", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/975ee2304ef7097c94a377fe95976604b4adcf22/docs/checks.md#binary-artifacts", + "url": "https://github.com/ossf/scorecard/blob/43d5832d25ccc597a9b94926b6ad43da25204085/docs/checks.md#binary-artifacts", "short": "Determines if the project has generated executable (binary) artifacts in the source repository." } }, @@ -132,7 +132,7 @@ "reason": "branch protection is not maximal on development and all release branches", "name": "Branch-Protection", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/975ee2304ef7097c94a377fe95976604b4adcf22/docs/checks.md#branch-protection", + "url": "https://github.com/ossf/scorecard/blob/43d5832d25ccc597a9b94926b6ad43da25204085/docs/checks.md#branch-protection", "short": "Determines if the default and release branches are protected with GitHub's branch protection settings." } }, @@ -142,7 +142,7 @@ "reason": "27 out of 27 merged PRs checked by a CI test -- score normalized to 10", "name": "CI-Tests", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/975ee2304ef7097c94a377fe95976604b4adcf22/docs/checks.md#ci-tests", + "url": "https://github.com/ossf/scorecard/blob/43d5832d25ccc597a9b94926b6ad43da25204085/docs/checks.md#ci-tests", "short": "Determines if the project runs tests before pull requests are merged." } }, @@ -152,7 +152,7 @@ "reason": "no effort to earn an OpenSSF best practices badge detected", "name": "CII-Best-Practices", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/975ee2304ef7097c94a377fe95976604b4adcf22/docs/checks.md#cii-best-practices", + "url": "https://github.com/ossf/scorecard/blob/43d5832d25ccc597a9b94926b6ad43da25204085/docs/checks.md#cii-best-practices", "short": "Determines if the project has an OpenSSF (formerly CII) Best Practices Badge." } }, @@ -162,7 +162,7 @@ "reason": "Found 24/26 approved changesets -- score normalized to 9", "name": "Code-Review", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/975ee2304ef7097c94a377fe95976604b4adcf22/docs/checks.md#code-review", + "url": "https://github.com/ossf/scorecard/blob/43d5832d25ccc597a9b94926b6ad43da25204085/docs/checks.md#code-review", "short": "Determines if the project requires human code review before pull requests (aka merge requests) are merged." } }, @@ -172,7 +172,7 @@ "reason": "project has 7 contributing companies or organizations", "name": "Contributors", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/975ee2304ef7097c94a377fe95976604b4adcf22/docs/checks.md#contributors", + "url": "https://github.com/ossf/scorecard/blob/43d5832d25ccc597a9b94926b6ad43da25204085/docs/checks.md#contributors", "short": "Determines if the project has a set of contributors from multiple organizations (e.g., companies)." } }, @@ -182,7 +182,7 @@ "reason": "dangerous workflow patterns detected", "name": "Dangerous-Workflow", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/975ee2304ef7097c94a377fe95976604b4adcf22/docs/checks.md#dangerous-workflow", + "url": "https://github.com/ossf/scorecard/blob/43d5832d25ccc597a9b94926b6ad43da25204085/docs/checks.md#dangerous-workflow", "short": "Determines if the project's GitHub Action workflows avoid dangerous patterns." } }, @@ -192,7 +192,7 @@ "reason": "update tool detected", "name": "Dependency-Update-Tool", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/975ee2304ef7097c94a377fe95976604b4adcf22/docs/checks.md#dependency-update-tool", + "url": "https://github.com/ossf/scorecard/blob/43d5832d25ccc597a9b94926b6ad43da25204085/docs/checks.md#dependency-update-tool", "short": "Determines if the project uses a dependency update tool." } }, @@ -202,7 +202,7 @@ "reason": "project is not fuzzed", "name": "Fuzzing", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/975ee2304ef7097c94a377fe95976604b4adcf22/docs/checks.md#fuzzing", + "url": "https://github.com/ossf/scorecard/blob/43d5832d25ccc597a9b94926b6ad43da25204085/docs/checks.md#fuzzing", "short": "Determines if the project uses fuzzing." } }, @@ -212,17 +212,17 @@ "reason": "license file detected", "name": "License", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/975ee2304ef7097c94a377fe95976604b4adcf22/docs/checks.md#license", + "url": "https://github.com/ossf/scorecard/blob/43d5832d25ccc597a9b94926b6ad43da25204085/docs/checks.md#license", "short": "Determines if the project has defined a license." } }, { "details": null, - "score": 10, - "reason": "12 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 10", + "score": 9, + "reason": "11 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 9", "name": "Maintained", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/975ee2304ef7097c94a377fe95976604b4adcf22/docs/checks.md#maintained", + "url": "https://github.com/ossf/scorecard/blob/43d5832d25ccc597a9b94926b6ad43da25204085/docs/checks.md#maintained", "short": "Determines if the project is \"actively maintained\"." } }, @@ -232,7 +232,7 @@ "reason": "packaging workflow not detected", "name": "Packaging", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/975ee2304ef7097c94a377fe95976604b4adcf22/docs/checks.md#packaging", + "url": "https://github.com/ossf/scorecard/blob/43d5832d25ccc597a9b94926b6ad43da25204085/docs/checks.md#packaging", "short": "Determines if the project is published as a package that others can easily download, install, easily update, and uninstall." } }, @@ -242,7 +242,7 @@ "reason": "dependency not pinned by hash detected -- score normalized to 0", "name": "Pinned-Dependencies", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/975ee2304ef7097c94a377fe95976604b4adcf22/docs/checks.md#pinned-dependencies", + "url": "https://github.com/ossf/scorecard/blob/43d5832d25ccc597a9b94926b6ad43da25204085/docs/checks.md#pinned-dependencies", "short": "Determines if the project has declared and pinned the dependencies of its build process." } }, @@ -252,7 +252,7 @@ "reason": "SAST tool is run on all commits", "name": "SAST", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/975ee2304ef7097c94a377fe95976604b4adcf22/docs/checks.md#sast", + "url": "https://github.com/ossf/scorecard/blob/43d5832d25ccc597a9b94926b6ad43da25204085/docs/checks.md#sast", "short": "Determines if the project uses static code analysis." } }, @@ -262,7 +262,7 @@ "reason": "security policy file not detected", "name": "Security-Policy", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/975ee2304ef7097c94a377fe95976604b4adcf22/docs/checks.md#security-policy", + "url": "https://github.com/ossf/scorecard/blob/43d5832d25ccc597a9b94926b6ad43da25204085/docs/checks.md#security-policy", "short": "Determines if the project has published a security policy." } }, @@ -272,7 +272,7 @@ "reason": "no releases found", "name": "Signed-Releases", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/975ee2304ef7097c94a377fe95976604b4adcf22/docs/checks.md#signed-releases", + "url": "https://github.com/ossf/scorecard/blob/43d5832d25ccc597a9b94926b6ad43da25204085/docs/checks.md#signed-releases", "short": "Determines if the project cryptographically signs release artifacts." } }, @@ -282,7 +282,7 @@ "reason": "detected GitHub workflow tokens with excessive permissions", "name": "Token-Permissions", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/975ee2304ef7097c94a377fe95976604b4adcf22/docs/checks.md#token-permissions", + "url": "https://github.com/ossf/scorecard/blob/43d5832d25ccc597a9b94926b6ad43da25204085/docs/checks.md#token-permissions", "short": "Determines if the project's workflows follow the principle of least privilege." } }, @@ -292,7 +292,7 @@ "reason": "19 existing vulnerabilities detected", "name": "Vulnerabilities", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/975ee2304ef7097c94a377fe95976604b4adcf22/docs/checks.md#vulnerabilities", + "url": "https://github.com/ossf/scorecard/blob/43d5832d25ccc597a9b94926b6ad43da25204085/docs/checks.md#vulnerabilities", "short": "Determines if the project has open, known unfixed vulnerabilities." } } diff --git a/app/site/_data/Enterprise-CMCS/macpro-onemac/macpro-onemac_data.json b/app/site/_data/Enterprise-CMCS/macpro-onemac/macpro-onemac_data.json index 32c21c90c9..b0e1867cc7 100644 --- a/app/site/_data/Enterprise-CMCS/macpro-onemac/macpro-onemac_data.json +++ b/app/site/_data/Enterprise-CMCS/macpro-onemac/macpro-onemac_data.json @@ -67,14 +67,14 @@ "nadia_badge_name": "midsize", "created_at": "2020-08-03T13:54:40Z", "ossf_scorecard": { - "date": "2025-01-05T08:51:14Z", + "date": "2025-01-11T00:13:03Z", "repo": { "name": "github.com/Enterprise-CMCS/macpro-onemac", - "commit": "cb8171c225929d7573d2802a2bec4900a9b5e929" + "commit": "69e5bd9fb959b86976e92faa5f1983cedbfb5ac9" }, "scorecard": { - "version": "v5.0.0-125-g975ee230", - "commit": "975ee2304ef7097c94a377fe95976604b4adcf22" + "version": "v5.0.0-132-g43d5832d", + "commit": "43d5832d25ccc597a9b94926b6ad43da25204085" }, "score": 6.4, "checks": [ @@ -84,7 +84,7 @@ "reason": "no binaries found in the repo", "name": "Binary-Artifacts", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/975ee2304ef7097c94a377fe95976604b4adcf22/docs/checks.md#binary-artifacts", + "url": "https://github.com/ossf/scorecard/blob/43d5832d25ccc597a9b94926b6ad43da25204085/docs/checks.md#binary-artifacts", "short": "Determines if the project has generated executable (binary) artifacts in the source repository." } }, @@ -94,17 +94,17 @@ "reason": "branch protection is not maximal on development and all release branches", "name": "Branch-Protection", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/975ee2304ef7097c94a377fe95976604b4adcf22/docs/checks.md#branch-protection", + "url": "https://github.com/ossf/scorecard/blob/43d5832d25ccc597a9b94926b6ad43da25204085/docs/checks.md#branch-protection", "short": "Determines if the default and release branches are protected with GitHub's branch protection settings." } }, { "details": null, "score": 10, - "reason": "8 out of 8 merged PRs checked by a CI test -- score normalized to 10", + "reason": "11 out of 11 merged PRs checked by a CI test -- score normalized to 10", "name": "CI-Tests", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/975ee2304ef7097c94a377fe95976604b4adcf22/docs/checks.md#ci-tests", + "url": "https://github.com/ossf/scorecard/blob/43d5832d25ccc597a9b94926b6ad43da25204085/docs/checks.md#ci-tests", "short": "Determines if the project runs tests before pull requests are merged." } }, @@ -114,7 +114,7 @@ "reason": "no effort to earn an OpenSSF best practices badge detected", "name": "CII-Best-Practices", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/975ee2304ef7097c94a377fe95976604b4adcf22/docs/checks.md#cii-best-practices", + "url": "https://github.com/ossf/scorecard/blob/43d5832d25ccc597a9b94926b6ad43da25204085/docs/checks.md#cii-best-practices", "short": "Determines if the project has an OpenSSF (formerly CII) Best Practices Badge." } }, @@ -124,7 +124,7 @@ "reason": "all changesets reviewed", "name": "Code-Review", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/975ee2304ef7097c94a377fe95976604b4adcf22/docs/checks.md#code-review", + "url": "https://github.com/ossf/scorecard/blob/43d5832d25ccc597a9b94926b6ad43da25204085/docs/checks.md#code-review", "short": "Determines if the project requires human code review before pull requests (aka merge requests) are merged." } }, @@ -134,7 +134,7 @@ "reason": "project has 3 contributing companies or organizations -- score normalized to 10", "name": "Contributors", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/975ee2304ef7097c94a377fe95976604b4adcf22/docs/checks.md#contributors", + "url": "https://github.com/ossf/scorecard/blob/43d5832d25ccc597a9b94926b6ad43da25204085/docs/checks.md#contributors", "short": "Determines if the project has a set of contributors from multiple organizations (e.g., companies)." } }, @@ -144,7 +144,7 @@ "reason": "no dangerous workflow patterns detected", "name": "Dangerous-Workflow", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/975ee2304ef7097c94a377fe95976604b4adcf22/docs/checks.md#dangerous-workflow", + "url": "https://github.com/ossf/scorecard/blob/43d5832d25ccc597a9b94926b6ad43da25204085/docs/checks.md#dangerous-workflow", "short": "Determines if the project's GitHub Action workflows avoid dangerous patterns." } }, @@ -154,7 +154,7 @@ "reason": "update tool detected", "name": "Dependency-Update-Tool", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/975ee2304ef7097c94a377fe95976604b4adcf22/docs/checks.md#dependency-update-tool", + "url": "https://github.com/ossf/scorecard/blob/43d5832d25ccc597a9b94926b6ad43da25204085/docs/checks.md#dependency-update-tool", "short": "Determines if the project uses a dependency update tool." } }, @@ -164,7 +164,7 @@ "reason": "project is not fuzzed", "name": "Fuzzing", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/975ee2304ef7097c94a377fe95976604b4adcf22/docs/checks.md#fuzzing", + "url": "https://github.com/ossf/scorecard/blob/43d5832d25ccc597a9b94926b6ad43da25204085/docs/checks.md#fuzzing", "short": "Determines if the project uses fuzzing." } }, @@ -174,7 +174,7 @@ "reason": "license file detected", "name": "License", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/975ee2304ef7097c94a377fe95976604b4adcf22/docs/checks.md#license", + "url": "https://github.com/ossf/scorecard/blob/43d5832d25ccc597a9b94926b6ad43da25204085/docs/checks.md#license", "short": "Determines if the project has defined a license." } }, @@ -184,7 +184,7 @@ "reason": "30 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 10", "name": "Maintained", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/975ee2304ef7097c94a377fe95976604b4adcf22/docs/checks.md#maintained", + "url": "https://github.com/ossf/scorecard/blob/43d5832d25ccc597a9b94926b6ad43da25204085/docs/checks.md#maintained", "short": "Determines if the project is \"actively maintained\"." } }, @@ -194,7 +194,7 @@ "reason": "packaging workflow not detected", "name": "Packaging", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/975ee2304ef7097c94a377fe95976604b4adcf22/docs/checks.md#packaging", + "url": "https://github.com/ossf/scorecard/blob/43d5832d25ccc597a9b94926b6ad43da25204085/docs/checks.md#packaging", "short": "Determines if the project is published as a package that others can easily download, install, easily update, and uninstall." } }, @@ -204,7 +204,7 @@ "reason": "dependency not pinned by hash detected -- score normalized to 1", "name": "Pinned-Dependencies", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/975ee2304ef7097c94a377fe95976604b4adcf22/docs/checks.md#pinned-dependencies", + "url": "https://github.com/ossf/scorecard/blob/43d5832d25ccc597a9b94926b6ad43da25204085/docs/checks.md#pinned-dependencies", "short": "Determines if the project has declared and pinned the dependencies of its build process." } }, @@ -214,7 +214,7 @@ "reason": "SAST tool is run on all commits", "name": "SAST", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/975ee2304ef7097c94a377fe95976604b4adcf22/docs/checks.md#sast", + "url": "https://github.com/ossf/scorecard/blob/43d5832d25ccc597a9b94926b6ad43da25204085/docs/checks.md#sast", "short": "Determines if the project uses static code analysis." } }, @@ -224,7 +224,7 @@ "reason": "security policy file not detected", "name": "Security-Policy", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/975ee2304ef7097c94a377fe95976604b4adcf22/docs/checks.md#security-policy", + "url": "https://github.com/ossf/scorecard/blob/43d5832d25ccc597a9b94926b6ad43da25204085/docs/checks.md#security-policy", "short": "Determines if the project has published a security policy." } }, @@ -234,7 +234,7 @@ "reason": "no releases found", "name": "Signed-Releases", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/975ee2304ef7097c94a377fe95976604b4adcf22/docs/checks.md#signed-releases", + "url": "https://github.com/ossf/scorecard/blob/43d5832d25ccc597a9b94926b6ad43da25204085/docs/checks.md#signed-releases", "short": "Determines if the project cryptographically signs release artifacts." } }, @@ -244,7 +244,7 @@ "reason": "detected GitHub workflow tokens with excessive permissions", "name": "Token-Permissions", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/975ee2304ef7097c94a377fe95976604b4adcf22/docs/checks.md#token-permissions", + "url": "https://github.com/ossf/scorecard/blob/43d5832d25ccc597a9b94926b6ad43da25204085/docs/checks.md#token-permissions", "short": "Determines if the project's workflows follow the principle of least privilege." } }, @@ -254,7 +254,7 @@ "reason": "37 existing vulnerabilities detected", "name": "Vulnerabilities", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/975ee2304ef7097c94a377fe95976604b4adcf22/docs/checks.md#vulnerabilities", + "url": "https://github.com/ossf/scorecard/blob/43d5832d25ccc597a9b94926b6ad43da25204085/docs/checks.md#vulnerabilities", "short": "Determines if the project has open, known unfixed vulnerabilities." } } diff --git a/app/site/_data/Enterprise-CMCS/macpro-platform-doc-conversion/macpro-platform-doc-conversion_data.json b/app/site/_data/Enterprise-CMCS/macpro-platform-doc-conversion/macpro-platform-doc-conversion_data.json index ea8841edfb..178406960c 100644 --- a/app/site/_data/Enterprise-CMCS/macpro-platform-doc-conversion/macpro-platform-doc-conversion_data.json +++ b/app/site/_data/Enterprise-CMCS/macpro-platform-doc-conversion/macpro-platform-doc-conversion_data.json @@ -37,14 +37,14 @@ "nadia_badge_name": "midsize", "created_at": "2022-01-14T15:00:20Z", "ossf_scorecard": { - "date": "2025-01-05T09:01:00Z", + "date": "2025-01-11T00:23:26Z", "repo": { "name": "github.com/Enterprise-CMCS/macpro-platform-doc-conversion", "commit": "3c47af732c4c17181a7ba183dd20a40e6fb938bf" }, "scorecard": { - "version": "v5.0.0-125-g975ee230", - "commit": "975ee2304ef7097c94a377fe95976604b4adcf22" + "version": "v5.0.0-132-g43d5832d", + "commit": "43d5832d25ccc597a9b94926b6ad43da25204085" }, "score": 4.3, "checks": [ @@ -54,7 +54,7 @@ "reason": "no binaries found in the repo", "name": "Binary-Artifacts", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/975ee2304ef7097c94a377fe95976604b4adcf22/docs/checks.md#binary-artifacts", + "url": "https://github.com/ossf/scorecard/blob/43d5832d25ccc597a9b94926b6ad43da25204085/docs/checks.md#binary-artifacts", "short": "Determines if the project has generated executable (binary) artifacts in the source repository." } }, @@ -64,7 +64,7 @@ "reason": "branch protection is not maximal on development and all release branches", "name": "Branch-Protection", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/975ee2304ef7097c94a377fe95976604b4adcf22/docs/checks.md#branch-protection", + "url": "https://github.com/ossf/scorecard/blob/43d5832d25ccc597a9b94926b6ad43da25204085/docs/checks.md#branch-protection", "short": "Determines if the default and release branches are protected with GitHub's branch protection settings." } }, @@ -74,7 +74,7 @@ "reason": "0 out of 19 merged PRs checked by a CI test -- score normalized to 0", "name": "CI-Tests", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/975ee2304ef7097c94a377fe95976604b4adcf22/docs/checks.md#ci-tests", + "url": "https://github.com/ossf/scorecard/blob/43d5832d25ccc597a9b94926b6ad43da25204085/docs/checks.md#ci-tests", "short": "Determines if the project runs tests before pull requests are merged." } }, @@ -84,7 +84,7 @@ "reason": "no effort to earn an OpenSSF best practices badge detected", "name": "CII-Best-Practices", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/975ee2304ef7097c94a377fe95976604b4adcf22/docs/checks.md#cii-best-practices", + "url": "https://github.com/ossf/scorecard/blob/43d5832d25ccc597a9b94926b6ad43da25204085/docs/checks.md#cii-best-practices", "short": "Determines if the project has an OpenSSF (formerly CII) Best Practices Badge." } }, @@ -94,7 +94,7 @@ "reason": "Found 15/16 approved changesets -- score normalized to 9", "name": "Code-Review", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/975ee2304ef7097c94a377fe95976604b4adcf22/docs/checks.md#code-review", + "url": "https://github.com/ossf/scorecard/blob/43d5832d25ccc597a9b94926b6ad43da25204085/docs/checks.md#code-review", "short": "Determines if the project requires human code review before pull requests (aka merge requests) are merged." } }, @@ -104,7 +104,7 @@ "reason": "project has 0 contributing companies or organizations -- score normalized to 0", "name": "Contributors", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/975ee2304ef7097c94a377fe95976604b4adcf22/docs/checks.md#contributors", + "url": "https://github.com/ossf/scorecard/blob/43d5832d25ccc597a9b94926b6ad43da25204085/docs/checks.md#contributors", "short": "Determines if the project has a set of contributors from multiple organizations (e.g., companies)." } }, @@ -114,7 +114,7 @@ "reason": "no dangerous workflow patterns detected", "name": "Dangerous-Workflow", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/975ee2304ef7097c94a377fe95976604b4adcf22/docs/checks.md#dangerous-workflow", + "url": "https://github.com/ossf/scorecard/blob/43d5832d25ccc597a9b94926b6ad43da25204085/docs/checks.md#dangerous-workflow", "short": "Determines if the project's GitHub Action workflows avoid dangerous patterns." } }, @@ -124,7 +124,7 @@ "reason": "update tool detected", "name": "Dependency-Update-Tool", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/975ee2304ef7097c94a377fe95976604b4adcf22/docs/checks.md#dependency-update-tool", + "url": "https://github.com/ossf/scorecard/blob/43d5832d25ccc597a9b94926b6ad43da25204085/docs/checks.md#dependency-update-tool", "short": "Determines if the project uses a dependency update tool." } }, @@ -134,7 +134,7 @@ "reason": "project is not fuzzed", "name": "Fuzzing", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/975ee2304ef7097c94a377fe95976604b4adcf22/docs/checks.md#fuzzing", + "url": "https://github.com/ossf/scorecard/blob/43d5832d25ccc597a9b94926b6ad43da25204085/docs/checks.md#fuzzing", "short": "Determines if the project uses fuzzing." } }, @@ -144,7 +144,7 @@ "reason": "license file detected", "name": "License", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/975ee2304ef7097c94a377fe95976604b4adcf22/docs/checks.md#license", + "url": "https://github.com/ossf/scorecard/blob/43d5832d25ccc597a9b94926b6ad43da25204085/docs/checks.md#license", "short": "Determines if the project has defined a license." } }, @@ -154,7 +154,7 @@ "reason": "0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0", "name": "Maintained", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/975ee2304ef7097c94a377fe95976604b4adcf22/docs/checks.md#maintained", + "url": "https://github.com/ossf/scorecard/blob/43d5832d25ccc597a9b94926b6ad43da25204085/docs/checks.md#maintained", "short": "Determines if the project is \"actively maintained\"." } }, @@ -164,7 +164,7 @@ "reason": "packaging workflow not detected", "name": "Packaging", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/975ee2304ef7097c94a377fe95976604b4adcf22/docs/checks.md#packaging", + "url": "https://github.com/ossf/scorecard/blob/43d5832d25ccc597a9b94926b6ad43da25204085/docs/checks.md#packaging", "short": "Determines if the project is published as a package that others can easily download, install, easily update, and uninstall." } }, @@ -174,7 +174,7 @@ "reason": "dependency not pinned by hash detected -- score normalized to 0", "name": "Pinned-Dependencies", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/975ee2304ef7097c94a377fe95976604b4adcf22/docs/checks.md#pinned-dependencies", + "url": "https://github.com/ossf/scorecard/blob/43d5832d25ccc597a9b94926b6ad43da25204085/docs/checks.md#pinned-dependencies", "short": "Determines if the project has declared and pinned the dependencies of its build process." } }, @@ -184,7 +184,7 @@ "reason": "SAST tool detected but not run on all commits", "name": "SAST", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/975ee2304ef7097c94a377fe95976604b4adcf22/docs/checks.md#sast", + "url": "https://github.com/ossf/scorecard/blob/43d5832d25ccc597a9b94926b6ad43da25204085/docs/checks.md#sast", "short": "Determines if the project uses static code analysis." } }, @@ -194,7 +194,7 @@ "reason": "security policy file not detected", "name": "Security-Policy", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/975ee2304ef7097c94a377fe95976604b4adcf22/docs/checks.md#security-policy", + "url": "https://github.com/ossf/scorecard/blob/43d5832d25ccc597a9b94926b6ad43da25204085/docs/checks.md#security-policy", "short": "Determines if the project has published a security policy." } }, @@ -204,7 +204,7 @@ "reason": "no releases found", "name": "Signed-Releases", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/975ee2304ef7097c94a377fe95976604b4adcf22/docs/checks.md#signed-releases", + "url": "https://github.com/ossf/scorecard/blob/43d5832d25ccc597a9b94926b6ad43da25204085/docs/checks.md#signed-releases", "short": "Determines if the project cryptographically signs release artifacts." } }, @@ -214,17 +214,17 @@ "reason": "detected GitHub workflow tokens with excessive permissions", "name": "Token-Permissions", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/975ee2304ef7097c94a377fe95976604b4adcf22/docs/checks.md#token-permissions", + "url": "https://github.com/ossf/scorecard/blob/43d5832d25ccc597a9b94926b6ad43da25204085/docs/checks.md#token-permissions", "short": "Determines if the project's workflows follow the principle of least privilege." } }, { "details": null, "score": 0, - "reason": "22 existing vulnerabilities detected", + "reason": "26 existing vulnerabilities detected", "name": "Vulnerabilities", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/975ee2304ef7097c94a377fe95976604b4adcf22/docs/checks.md#vulnerabilities", + "url": "https://github.com/ossf/scorecard/blob/43d5832d25ccc597a9b94926b6ad43da25204085/docs/checks.md#vulnerabilities", "short": "Determines if the project has open, known unfixed vulnerabilities." } } diff --git a/app/site/_data/Enterprise-CMCS/macpro-quickstart-serverless/macpro-quickstart-serverless_data.json b/app/site/_data/Enterprise-CMCS/macpro-quickstart-serverless/macpro-quickstart-serverless_data.json index 3463592410..7b44935d81 100644 --- a/app/site/_data/Enterprise-CMCS/macpro-quickstart-serverless/macpro-quickstart-serverless_data.json +++ b/app/site/_data/Enterprise-CMCS/macpro-quickstart-serverless/macpro-quickstart-serverless_data.json @@ -36,14 +36,14 @@ "nadia_badge_name": "midsize", "created_at": "2020-08-27T12:30:25Z", "ossf_scorecard": { - "date": "2025-01-05T09:00:02Z", + "date": "2025-01-11T00:22:25Z", "repo": { "name": "github.com/Enterprise-CMCS/macpro-quickstart-serverless", "commit": "ebfcf4622237dabd872df171ddb9896970ec3bee" }, "scorecard": { - "version": "v5.0.0-125-g975ee230", - "commit": "975ee2304ef7097c94a377fe95976604b4adcf22" + "version": "v5.0.0-132-g43d5832d", + "commit": "43d5832d25ccc597a9b94926b6ad43da25204085" }, "score": 4.8, "checks": [ @@ -53,7 +53,7 @@ "reason": "no binaries found in the repo", "name": "Binary-Artifacts", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/975ee2304ef7097c94a377fe95976604b4adcf22/docs/checks.md#binary-artifacts", + "url": "https://github.com/ossf/scorecard/blob/43d5832d25ccc597a9b94926b6ad43da25204085/docs/checks.md#binary-artifacts", "short": "Determines if the project has generated executable (binary) artifacts in the source repository." } }, @@ -63,7 +63,7 @@ "reason": "branch protection is not maximal on development and all release branches", "name": "Branch-Protection", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/975ee2304ef7097c94a377fe95976604b4adcf22/docs/checks.md#branch-protection", + "url": "https://github.com/ossf/scorecard/blob/43d5832d25ccc597a9b94926b6ad43da25204085/docs/checks.md#branch-protection", "short": "Determines if the default and release branches are protected with GitHub's branch protection settings." } }, @@ -73,7 +73,7 @@ "reason": "0 out of 17 merged PRs checked by a CI test -- score normalized to 0", "name": "CI-Tests", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/975ee2304ef7097c94a377fe95976604b4adcf22/docs/checks.md#ci-tests", + "url": "https://github.com/ossf/scorecard/blob/43d5832d25ccc597a9b94926b6ad43da25204085/docs/checks.md#ci-tests", "short": "Determines if the project runs tests before pull requests are merged." } }, @@ -83,7 +83,7 @@ "reason": "no effort to earn an OpenSSF best practices badge detected", "name": "CII-Best-Practices", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/975ee2304ef7097c94a377fe95976604b4adcf22/docs/checks.md#cii-best-practices", + "url": "https://github.com/ossf/scorecard/blob/43d5832d25ccc597a9b94926b6ad43da25204085/docs/checks.md#cii-best-practices", "short": "Determines if the project has an OpenSSF (formerly CII) Best Practices Badge." } }, @@ -93,7 +93,7 @@ "reason": "all changesets reviewed", "name": "Code-Review", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/975ee2304ef7097c94a377fe95976604b4adcf22/docs/checks.md#code-review", + "url": "https://github.com/ossf/scorecard/blob/43d5832d25ccc597a9b94926b6ad43da25204085/docs/checks.md#code-review", "short": "Determines if the project requires human code review before pull requests (aka merge requests) are merged." } }, @@ -103,7 +103,7 @@ "reason": "project has 0 contributing companies or organizations -- score normalized to 0", "name": "Contributors", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/975ee2304ef7097c94a377fe95976604b4adcf22/docs/checks.md#contributors", + "url": "https://github.com/ossf/scorecard/blob/43d5832d25ccc597a9b94926b6ad43da25204085/docs/checks.md#contributors", "short": "Determines if the project has a set of contributors from multiple organizations (e.g., companies)." } }, @@ -113,7 +113,7 @@ "reason": "no dangerous workflow patterns detected", "name": "Dangerous-Workflow", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/975ee2304ef7097c94a377fe95976604b4adcf22/docs/checks.md#dangerous-workflow", + "url": "https://github.com/ossf/scorecard/blob/43d5832d25ccc597a9b94926b6ad43da25204085/docs/checks.md#dangerous-workflow", "short": "Determines if the project's GitHub Action workflows avoid dangerous patterns." } }, @@ -123,7 +123,7 @@ "reason": "update tool detected", "name": "Dependency-Update-Tool", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/975ee2304ef7097c94a377fe95976604b4adcf22/docs/checks.md#dependency-update-tool", + "url": "https://github.com/ossf/scorecard/blob/43d5832d25ccc597a9b94926b6ad43da25204085/docs/checks.md#dependency-update-tool", "short": "Determines if the project uses a dependency update tool." } }, @@ -133,7 +133,7 @@ "reason": "project is not fuzzed", "name": "Fuzzing", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/975ee2304ef7097c94a377fe95976604b4adcf22/docs/checks.md#fuzzing", + "url": "https://github.com/ossf/scorecard/blob/43d5832d25ccc597a9b94926b6ad43da25204085/docs/checks.md#fuzzing", "short": "Determines if the project uses fuzzing." } }, @@ -143,7 +143,7 @@ "reason": "license file detected", "name": "License", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/975ee2304ef7097c94a377fe95976604b4adcf22/docs/checks.md#license", + "url": "https://github.com/ossf/scorecard/blob/43d5832d25ccc597a9b94926b6ad43da25204085/docs/checks.md#license", "short": "Determines if the project has defined a license." } }, @@ -153,7 +153,7 @@ "reason": "0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0", "name": "Maintained", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/975ee2304ef7097c94a377fe95976604b4adcf22/docs/checks.md#maintained", + "url": "https://github.com/ossf/scorecard/blob/43d5832d25ccc597a9b94926b6ad43da25204085/docs/checks.md#maintained", "short": "Determines if the project is \"actively maintained\"." } }, @@ -163,7 +163,7 @@ "reason": "packaging workflow not detected", "name": "Packaging", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/975ee2304ef7097c94a377fe95976604b4adcf22/docs/checks.md#packaging", + "url": "https://github.com/ossf/scorecard/blob/43d5832d25ccc597a9b94926b6ad43da25204085/docs/checks.md#packaging", "short": "Determines if the project is published as a package that others can easily download, install, easily update, and uninstall." } }, @@ -173,7 +173,7 @@ "reason": "dependency not pinned by hash detected -- score normalized to 0", "name": "Pinned-Dependencies", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/975ee2304ef7097c94a377fe95976604b4adcf22/docs/checks.md#pinned-dependencies", + "url": "https://github.com/ossf/scorecard/blob/43d5832d25ccc597a9b94926b6ad43da25204085/docs/checks.md#pinned-dependencies", "short": "Determines if the project has declared and pinned the dependencies of its build process." } }, @@ -183,7 +183,7 @@ "reason": "SAST tool detected but not run on all commits", "name": "SAST", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/975ee2304ef7097c94a377fe95976604b4adcf22/docs/checks.md#sast", + "url": "https://github.com/ossf/scorecard/blob/43d5832d25ccc597a9b94926b6ad43da25204085/docs/checks.md#sast", "short": "Determines if the project uses static code analysis." } }, @@ -193,7 +193,7 @@ "reason": "security policy file not detected", "name": "Security-Policy", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/975ee2304ef7097c94a377fe95976604b4adcf22/docs/checks.md#security-policy", + "url": "https://github.com/ossf/scorecard/blob/43d5832d25ccc597a9b94926b6ad43da25204085/docs/checks.md#security-policy", "short": "Determines if the project has published a security policy." } }, @@ -203,7 +203,7 @@ "reason": "no releases found", "name": "Signed-Releases", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/975ee2304ef7097c94a377fe95976604b4adcf22/docs/checks.md#signed-releases", + "url": "https://github.com/ossf/scorecard/blob/43d5832d25ccc597a9b94926b6ad43da25204085/docs/checks.md#signed-releases", "short": "Determines if the project cryptographically signs release artifacts." } }, @@ -213,7 +213,7 @@ "reason": "detected GitHub workflow tokens with excessive permissions", "name": "Token-Permissions", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/975ee2304ef7097c94a377fe95976604b4adcf22/docs/checks.md#token-permissions", + "url": "https://github.com/ossf/scorecard/blob/43d5832d25ccc597a9b94926b6ad43da25204085/docs/checks.md#token-permissions", "short": "Determines if the project's workflows follow the principle of least privilege." } }, @@ -223,7 +223,7 @@ "reason": "74 existing vulnerabilities detected", "name": "Vulnerabilities", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/975ee2304ef7097c94a377fe95976604b4adcf22/docs/checks.md#vulnerabilities", + "url": "https://github.com/ossf/scorecard/blob/43d5832d25ccc597a9b94926b6ad43da25204085/docs/checks.md#vulnerabilities", "short": "Determines if the project has open, known unfixed vulnerabilities." } } diff --git a/app/site/_data/Enterprise-CMCS/macpro-security-hub-sync/macpro-security-hub-sync_data.json b/app/site/_data/Enterprise-CMCS/macpro-security-hub-sync/macpro-security-hub-sync_data.json index 70bec4e3e4..7ba815cf11 100644 --- a/app/site/_data/Enterprise-CMCS/macpro-security-hub-sync/macpro-security-hub-sync_data.json +++ b/app/site/_data/Enterprise-CMCS/macpro-security-hub-sync/macpro-security-hub-sync_data.json @@ -42,14 +42,14 @@ "nadia_badge_name": "midsize", "created_at": "2023-01-23T21:47:31Z", "ossf_scorecard": { - "date": "2025-01-05T08:54:49Z", + "date": "2025-01-11T00:16:57Z", "repo": { "name": "github.com/Enterprise-CMCS/macpro-security-hub-sync", "commit": "4da170b9cc489f5da1dc40b54cc07d2edd64b4f9" }, "scorecard": { - "version": "v5.0.0-125-g975ee230", - "commit": "975ee2304ef7097c94a377fe95976604b4adcf22" + "version": "v5.0.0-132-g43d5832d", + "commit": "43d5832d25ccc597a9b94926b6ad43da25204085" }, "score": 4.8, "checks": [ @@ -59,7 +59,7 @@ "reason": "no binaries found in the repo", "name": "Binary-Artifacts", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/975ee2304ef7097c94a377fe95976604b4adcf22/docs/checks.md#binary-artifacts", + "url": "https://github.com/ossf/scorecard/blob/43d5832d25ccc597a9b94926b6ad43da25204085/docs/checks.md#binary-artifacts", "short": "Determines if the project has generated executable (binary) artifacts in the source repository." } }, @@ -69,7 +69,7 @@ "reason": "branch protection is not maximal on development and all release branches", "name": "Branch-Protection", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/975ee2304ef7097c94a377fe95976604b4adcf22/docs/checks.md#branch-protection", + "url": "https://github.com/ossf/scorecard/blob/43d5832d25ccc597a9b94926b6ad43da25204085/docs/checks.md#branch-protection", "short": "Determines if the default and release branches are protected with GitHub's branch protection settings." } }, @@ -79,7 +79,7 @@ "reason": "24 out of 24 merged PRs checked by a CI test -- score normalized to 10", "name": "CI-Tests", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/975ee2304ef7097c94a377fe95976604b4adcf22/docs/checks.md#ci-tests", + "url": "https://github.com/ossf/scorecard/blob/43d5832d25ccc597a9b94926b6ad43da25204085/docs/checks.md#ci-tests", "short": "Determines if the project runs tests before pull requests are merged." } }, @@ -89,7 +89,7 @@ "reason": "no effort to earn an OpenSSF best practices badge detected", "name": "CII-Best-Practices", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/975ee2304ef7097c94a377fe95976604b4adcf22/docs/checks.md#cii-best-practices", + "url": "https://github.com/ossf/scorecard/blob/43d5832d25ccc597a9b94926b6ad43da25204085/docs/checks.md#cii-best-practices", "short": "Determines if the project has an OpenSSF (formerly CII) Best Practices Badge." } }, @@ -99,7 +99,7 @@ "reason": "Found 14/30 approved changesets -- score normalized to 4", "name": "Code-Review", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/975ee2304ef7097c94a377fe95976604b4adcf22/docs/checks.md#code-review", + "url": "https://github.com/ossf/scorecard/blob/43d5832d25ccc597a9b94926b6ad43da25204085/docs/checks.md#code-review", "short": "Determines if the project requires human code review before pull requests (aka merge requests) are merged." } }, @@ -109,7 +109,7 @@ "reason": "project has 0 contributing companies or organizations -- score normalized to 0", "name": "Contributors", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/975ee2304ef7097c94a377fe95976604b4adcf22/docs/checks.md#contributors", + "url": "https://github.com/ossf/scorecard/blob/43d5832d25ccc597a9b94926b6ad43da25204085/docs/checks.md#contributors", "short": "Determines if the project has a set of contributors from multiple organizations (e.g., companies)." } }, @@ -119,7 +119,7 @@ "reason": "no dangerous workflow patterns detected", "name": "Dangerous-Workflow", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/975ee2304ef7097c94a377fe95976604b4adcf22/docs/checks.md#dangerous-workflow", + "url": "https://github.com/ossf/scorecard/blob/43d5832d25ccc597a9b94926b6ad43da25204085/docs/checks.md#dangerous-workflow", "short": "Determines if the project's GitHub Action workflows avoid dangerous patterns." } }, @@ -129,7 +129,7 @@ "reason": "update tool detected", "name": "Dependency-Update-Tool", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/975ee2304ef7097c94a377fe95976604b4adcf22/docs/checks.md#dependency-update-tool", + "url": "https://github.com/ossf/scorecard/blob/43d5832d25ccc597a9b94926b6ad43da25204085/docs/checks.md#dependency-update-tool", "short": "Determines if the project uses a dependency update tool." } }, @@ -139,7 +139,7 @@ "reason": "project is not fuzzed", "name": "Fuzzing", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/975ee2304ef7097c94a377fe95976604b4adcf22/docs/checks.md#fuzzing", + "url": "https://github.com/ossf/scorecard/blob/43d5832d25ccc597a9b94926b6ad43da25204085/docs/checks.md#fuzzing", "short": "Determines if the project uses fuzzing." } }, @@ -149,7 +149,7 @@ "reason": "license file detected", "name": "License", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/975ee2304ef7097c94a377fe95976604b4adcf22/docs/checks.md#license", + "url": "https://github.com/ossf/scorecard/blob/43d5832d25ccc597a9b94926b6ad43da25204085/docs/checks.md#license", "short": "Determines if the project has defined a license." } }, @@ -159,7 +159,7 @@ "reason": "0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0", "name": "Maintained", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/975ee2304ef7097c94a377fe95976604b4adcf22/docs/checks.md#maintained", + "url": "https://github.com/ossf/scorecard/blob/43d5832d25ccc597a9b94926b6ad43da25204085/docs/checks.md#maintained", "short": "Determines if the project is \"actively maintained\"." } }, @@ -169,7 +169,7 @@ "reason": "packaging workflow detected", "name": "Packaging", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/975ee2304ef7097c94a377fe95976604b4adcf22/docs/checks.md#packaging", + "url": "https://github.com/ossf/scorecard/blob/43d5832d25ccc597a9b94926b6ad43da25204085/docs/checks.md#packaging", "short": "Determines if the project is published as a package that others can easily download, install, easily update, and uninstall." } }, @@ -179,7 +179,7 @@ "reason": "dependency not pinned by hash detected -- score normalized to 2", "name": "Pinned-Dependencies", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/975ee2304ef7097c94a377fe95976604b4adcf22/docs/checks.md#pinned-dependencies", + "url": "https://github.com/ossf/scorecard/blob/43d5832d25ccc597a9b94926b6ad43da25204085/docs/checks.md#pinned-dependencies", "short": "Determines if the project has declared and pinned the dependencies of its build process." } }, @@ -189,7 +189,7 @@ "reason": "SAST tool detected but not run on all commits", "name": "SAST", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/975ee2304ef7097c94a377fe95976604b4adcf22/docs/checks.md#sast", + "url": "https://github.com/ossf/scorecard/blob/43d5832d25ccc597a9b94926b6ad43da25204085/docs/checks.md#sast", "short": "Determines if the project uses static code analysis." } }, @@ -199,7 +199,7 @@ "reason": "security policy file not detected", "name": "Security-Policy", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/975ee2304ef7097c94a377fe95976604b4adcf22/docs/checks.md#security-policy", + "url": "https://github.com/ossf/scorecard/blob/43d5832d25ccc597a9b94926b6ad43da25204085/docs/checks.md#security-policy", "short": "Determines if the project has published a security policy." } }, @@ -209,7 +209,7 @@ "reason": "no releases found", "name": "Signed-Releases", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/975ee2304ef7097c94a377fe95976604b4adcf22/docs/checks.md#signed-releases", + "url": "https://github.com/ossf/scorecard/blob/43d5832d25ccc597a9b94926b6ad43da25204085/docs/checks.md#signed-releases", "short": "Determines if the project cryptographically signs release artifacts." } }, @@ -219,7 +219,7 @@ "reason": "detected GitHub workflow tokens with excessive permissions", "name": "Token-Permissions", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/975ee2304ef7097c94a377fe95976604b4adcf22/docs/checks.md#token-permissions", + "url": "https://github.com/ossf/scorecard/blob/43d5832d25ccc597a9b94926b6ad43da25204085/docs/checks.md#token-permissions", "short": "Determines if the project's workflows follow the principle of least privilege." } }, @@ -229,7 +229,7 @@ "reason": "19 existing vulnerabilities detected", "name": "Vulnerabilities", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/975ee2304ef7097c94a377fe95976604b4adcf22/docs/checks.md#vulnerabilities", + "url": "https://github.com/ossf/scorecard/blob/43d5832d25ccc597a9b94926b6ad43da25204085/docs/checks.md#vulnerabilities", "short": "Determines if the project has open, known unfixed vulnerabilities." } } diff --git a/app/site/_data/Enterprise-CMCS/macpro-serverless-running-stages/macpro-serverless-running-stages_data.json b/app/site/_data/Enterprise-CMCS/macpro-serverless-running-stages/macpro-serverless-running-stages_data.json index a2382fc517..a0ecb3f1cd 100644 --- a/app/site/_data/Enterprise-CMCS/macpro-serverless-running-stages/macpro-serverless-running-stages_data.json +++ b/app/site/_data/Enterprise-CMCS/macpro-serverless-running-stages/macpro-serverless-running-stages_data.json @@ -37,14 +37,14 @@ "nadia_badge_name": "midsize", "created_at": "2023-01-09T20:47:58Z", "ossf_scorecard": { - "date": "2025-01-05T09:00:49Z", + "date": "2025-01-11T00:23:16Z", "repo": { "name": "github.com/Enterprise-CMCS/macpro-serverless-running-stages", "commit": "83d291683b6102eeebbda7e9e47cf7772dc0f7c3" }, "scorecard": { - "version": "v5.0.0-125-g975ee230", - "commit": "975ee2304ef7097c94a377fe95976604b4adcf22" + "version": "v5.0.0-132-g43d5832d", + "commit": "43d5832d25ccc597a9b94926b6ad43da25204085" }, "score": 4.5, "checks": [ @@ -54,7 +54,7 @@ "reason": "no binaries found in the repo", "name": "Binary-Artifacts", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/975ee2304ef7097c94a377fe95976604b4adcf22/docs/checks.md#binary-artifacts", + "url": "https://github.com/ossf/scorecard/blob/43d5832d25ccc597a9b94926b6ad43da25204085/docs/checks.md#binary-artifacts", "short": "Determines if the project has generated executable (binary) artifacts in the source repository." } }, @@ -64,7 +64,7 @@ "reason": "branch protection is not maximal on development and all release branches", "name": "Branch-Protection", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/975ee2304ef7097c94a377fe95976604b4adcf22/docs/checks.md#branch-protection", + "url": "https://github.com/ossf/scorecard/blob/43d5832d25ccc597a9b94926b6ad43da25204085/docs/checks.md#branch-protection", "short": "Determines if the default and release branches are protected with GitHub's branch protection settings." } }, @@ -74,7 +74,7 @@ "reason": "4 out of 13 merged PRs checked by a CI test -- score normalized to 3", "name": "CI-Tests", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/975ee2304ef7097c94a377fe95976604b4adcf22/docs/checks.md#ci-tests", + "url": "https://github.com/ossf/scorecard/blob/43d5832d25ccc597a9b94926b6ad43da25204085/docs/checks.md#ci-tests", "short": "Determines if the project runs tests before pull requests are merged." } }, @@ -84,7 +84,7 @@ "reason": "no effort to earn an OpenSSF best practices badge detected", "name": "CII-Best-Practices", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/975ee2304ef7097c94a377fe95976604b4adcf22/docs/checks.md#cii-best-practices", + "url": "https://github.com/ossf/scorecard/blob/43d5832d25ccc597a9b94926b6ad43da25204085/docs/checks.md#cii-best-practices", "short": "Determines if the project has an OpenSSF (formerly CII) Best Practices Badge." } }, @@ -94,7 +94,7 @@ "reason": "Found 2/17 approved changesets -- score normalized to 1", "name": "Code-Review", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/975ee2304ef7097c94a377fe95976604b4adcf22/docs/checks.md#code-review", + "url": "https://github.com/ossf/scorecard/blob/43d5832d25ccc597a9b94926b6ad43da25204085/docs/checks.md#code-review", "short": "Determines if the project requires human code review before pull requests (aka merge requests) are merged." } }, @@ -104,7 +104,7 @@ "reason": "project has 1 contributing companies or organizations -- score normalized to 3", "name": "Contributors", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/975ee2304ef7097c94a377fe95976604b4adcf22/docs/checks.md#contributors", + "url": "https://github.com/ossf/scorecard/blob/43d5832d25ccc597a9b94926b6ad43da25204085/docs/checks.md#contributors", "short": "Determines if the project has a set of contributors from multiple organizations (e.g., companies)." } }, @@ -114,7 +114,7 @@ "reason": "no dangerous workflow patterns detected", "name": "Dangerous-Workflow", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/975ee2304ef7097c94a377fe95976604b4adcf22/docs/checks.md#dangerous-workflow", + "url": "https://github.com/ossf/scorecard/blob/43d5832d25ccc597a9b94926b6ad43da25204085/docs/checks.md#dangerous-workflow", "short": "Determines if the project's GitHub Action workflows avoid dangerous patterns." } }, @@ -124,7 +124,7 @@ "reason": "update tool detected", "name": "Dependency-Update-Tool", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/975ee2304ef7097c94a377fe95976604b4adcf22/docs/checks.md#dependency-update-tool", + "url": "https://github.com/ossf/scorecard/blob/43d5832d25ccc597a9b94926b6ad43da25204085/docs/checks.md#dependency-update-tool", "short": "Determines if the project uses a dependency update tool." } }, @@ -134,7 +134,7 @@ "reason": "project is not fuzzed", "name": "Fuzzing", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/975ee2304ef7097c94a377fe95976604b4adcf22/docs/checks.md#fuzzing", + "url": "https://github.com/ossf/scorecard/blob/43d5832d25ccc597a9b94926b6ad43da25204085/docs/checks.md#fuzzing", "short": "Determines if the project uses fuzzing." } }, @@ -144,7 +144,7 @@ "reason": "license file detected", "name": "License", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/975ee2304ef7097c94a377fe95976604b4adcf22/docs/checks.md#license", + "url": "https://github.com/ossf/scorecard/blob/43d5832d25ccc597a9b94926b6ad43da25204085/docs/checks.md#license", "short": "Determines if the project has defined a license." } }, @@ -154,7 +154,7 @@ "reason": "0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0", "name": "Maintained", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/975ee2304ef7097c94a377fe95976604b4adcf22/docs/checks.md#maintained", + "url": "https://github.com/ossf/scorecard/blob/43d5832d25ccc597a9b94926b6ad43da25204085/docs/checks.md#maintained", "short": "Determines if the project is \"actively maintained\"." } }, @@ -164,7 +164,7 @@ "reason": "packaging workflow detected", "name": "Packaging", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/975ee2304ef7097c94a377fe95976604b4adcf22/docs/checks.md#packaging", + "url": "https://github.com/ossf/scorecard/blob/43d5832d25ccc597a9b94926b6ad43da25204085/docs/checks.md#packaging", "short": "Determines if the project is published as a package that others can easily download, install, easily update, and uninstall." } }, @@ -174,7 +174,7 @@ "reason": "dependency not pinned by hash detected -- score normalized to 3", "name": "Pinned-Dependencies", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/975ee2304ef7097c94a377fe95976604b4adcf22/docs/checks.md#pinned-dependencies", + "url": "https://github.com/ossf/scorecard/blob/43d5832d25ccc597a9b94926b6ad43da25204085/docs/checks.md#pinned-dependencies", "short": "Determines if the project has declared and pinned the dependencies of its build process." } }, @@ -184,7 +184,7 @@ "reason": "SAST tool detected but not run on all commits", "name": "SAST", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/975ee2304ef7097c94a377fe95976604b4adcf22/docs/checks.md#sast", + "url": "https://github.com/ossf/scorecard/blob/43d5832d25ccc597a9b94926b6ad43da25204085/docs/checks.md#sast", "short": "Determines if the project uses static code analysis." } }, @@ -194,7 +194,7 @@ "reason": "security policy file not detected", "name": "Security-Policy", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/975ee2304ef7097c94a377fe95976604b4adcf22/docs/checks.md#security-policy", + "url": "https://github.com/ossf/scorecard/blob/43d5832d25ccc597a9b94926b6ad43da25204085/docs/checks.md#security-policy", "short": "Determines if the project has published a security policy." } }, @@ -204,7 +204,7 @@ "reason": "no releases found", "name": "Signed-Releases", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/975ee2304ef7097c94a377fe95976604b4adcf22/docs/checks.md#signed-releases", + "url": "https://github.com/ossf/scorecard/blob/43d5832d25ccc597a9b94926b6ad43da25204085/docs/checks.md#signed-releases", "short": "Determines if the project cryptographically signs release artifacts." } }, @@ -214,7 +214,7 @@ "reason": "detected GitHub workflow tokens with excessive permissions", "name": "Token-Permissions", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/975ee2304ef7097c94a377fe95976604b4adcf22/docs/checks.md#token-permissions", + "url": "https://github.com/ossf/scorecard/blob/43d5832d25ccc597a9b94926b6ad43da25204085/docs/checks.md#token-permissions", "short": "Determines if the project's workflows follow the principle of least privilege." } }, @@ -224,7 +224,7 @@ "reason": "13 existing vulnerabilities detected", "name": "Vulnerabilities", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/975ee2304ef7097c94a377fe95976604b4adcf22/docs/checks.md#vulnerabilities", + "url": "https://github.com/ossf/scorecard/blob/43d5832d25ccc597a9b94926b6ad43da25204085/docs/checks.md#vulnerabilities", "short": "Determines if the project has open, known unfixed vulnerabilities." } } diff --git a/app/site/_data/Enterprise-CMCS/macpro-ux-lib/macpro-ux-lib_data.json b/app/site/_data/Enterprise-CMCS/macpro-ux-lib/macpro-ux-lib_data.json index 1cbfe09c38..53157bd41c 100644 --- a/app/site/_data/Enterprise-CMCS/macpro-ux-lib/macpro-ux-lib_data.json +++ b/app/site/_data/Enterprise-CMCS/macpro-ux-lib/macpro-ux-lib_data.json @@ -33,14 +33,14 @@ "nadia_badge_name": "midsize", "created_at": "2022-06-28T16:26:54Z", "ossf_scorecard": { - "date": "2025-01-05T08:59:25Z", + "date": "2025-01-11T00:21:39Z", "repo": { "name": "github.com/Enterprise-CMCS/macpro-ux-lib", "commit": "6a9a4142e9a78452840ce684d1497c9530cf477c" }, "scorecard": { - "version": "v5.0.0-125-g975ee230", - "commit": "975ee2304ef7097c94a377fe95976604b4adcf22" + "version": "v5.0.0-132-g43d5832d", + "commit": "43d5832d25ccc597a9b94926b6ad43da25204085" }, "score": 4.5, "checks": [ @@ -50,7 +50,7 @@ "reason": "no binaries found in the repo", "name": "Binary-Artifacts", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/975ee2304ef7097c94a377fe95976604b4adcf22/docs/checks.md#binary-artifacts", + "url": "https://github.com/ossf/scorecard/blob/43d5832d25ccc597a9b94926b6ad43da25204085/docs/checks.md#binary-artifacts", "short": "Determines if the project has generated executable (binary) artifacts in the source repository." } }, @@ -60,7 +60,7 @@ "reason": "branch protection is not maximal on development and all release branches", "name": "Branch-Protection", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/975ee2304ef7097c94a377fe95976604b4adcf22/docs/checks.md#branch-protection", + "url": "https://github.com/ossf/scorecard/blob/43d5832d25ccc597a9b94926b6ad43da25204085/docs/checks.md#branch-protection", "short": "Determines if the default and release branches are protected with GitHub's branch protection settings." } }, @@ -70,7 +70,7 @@ "reason": "0 out of 28 merged PRs checked by a CI test -- score normalized to 0", "name": "CI-Tests", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/975ee2304ef7097c94a377fe95976604b4adcf22/docs/checks.md#ci-tests", + "url": "https://github.com/ossf/scorecard/blob/43d5832d25ccc597a9b94926b6ad43da25204085/docs/checks.md#ci-tests", "short": "Determines if the project runs tests before pull requests are merged." } }, @@ -80,7 +80,7 @@ "reason": "no effort to earn an OpenSSF best practices badge detected", "name": "CII-Best-Practices", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/975ee2304ef7097c94a377fe95976604b4adcf22/docs/checks.md#cii-best-practices", + "url": "https://github.com/ossf/scorecard/blob/43d5832d25ccc597a9b94926b6ad43da25204085/docs/checks.md#cii-best-practices", "short": "Determines if the project has an OpenSSF (formerly CII) Best Practices Badge." } }, @@ -90,7 +90,7 @@ "reason": "Found 3/5 approved changesets -- score normalized to 6", "name": "Code-Review", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/975ee2304ef7097c94a377fe95976604b4adcf22/docs/checks.md#code-review", + "url": "https://github.com/ossf/scorecard/blob/43d5832d25ccc597a9b94926b6ad43da25204085/docs/checks.md#code-review", "short": "Determines if the project requires human code review before pull requests (aka merge requests) are merged." } }, @@ -100,7 +100,7 @@ "reason": "project has 5 contributing companies or organizations", "name": "Contributors", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/975ee2304ef7097c94a377fe95976604b4adcf22/docs/checks.md#contributors", + "url": "https://github.com/ossf/scorecard/blob/43d5832d25ccc597a9b94926b6ad43da25204085/docs/checks.md#contributors", "short": "Determines if the project has a set of contributors from multiple organizations (e.g., companies)." } }, @@ -110,7 +110,7 @@ "reason": "no dangerous workflow patterns detected", "name": "Dangerous-Workflow", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/975ee2304ef7097c94a377fe95976604b4adcf22/docs/checks.md#dangerous-workflow", + "url": "https://github.com/ossf/scorecard/blob/43d5832d25ccc597a9b94926b6ad43da25204085/docs/checks.md#dangerous-workflow", "short": "Determines if the project's GitHub Action workflows avoid dangerous patterns." } }, @@ -120,7 +120,7 @@ "reason": "update tool detected", "name": "Dependency-Update-Tool", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/975ee2304ef7097c94a377fe95976604b4adcf22/docs/checks.md#dependency-update-tool", + "url": "https://github.com/ossf/scorecard/blob/43d5832d25ccc597a9b94926b6ad43da25204085/docs/checks.md#dependency-update-tool", "short": "Determines if the project uses a dependency update tool." } }, @@ -130,7 +130,7 @@ "reason": "project is not fuzzed", "name": "Fuzzing", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/975ee2304ef7097c94a377fe95976604b4adcf22/docs/checks.md#fuzzing", + "url": "https://github.com/ossf/scorecard/blob/43d5832d25ccc597a9b94926b6ad43da25204085/docs/checks.md#fuzzing", "short": "Determines if the project uses fuzzing." } }, @@ -140,7 +140,7 @@ "reason": "license file detected", "name": "License", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/975ee2304ef7097c94a377fe95976604b4adcf22/docs/checks.md#license", + "url": "https://github.com/ossf/scorecard/blob/43d5832d25ccc597a9b94926b6ad43da25204085/docs/checks.md#license", "short": "Determines if the project has defined a license." } }, @@ -150,7 +150,7 @@ "reason": "0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0", "name": "Maintained", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/975ee2304ef7097c94a377fe95976604b4adcf22/docs/checks.md#maintained", + "url": "https://github.com/ossf/scorecard/blob/43d5832d25ccc597a9b94926b6ad43da25204085/docs/checks.md#maintained", "short": "Determines if the project is \"actively maintained\"." } }, @@ -160,7 +160,7 @@ "reason": "packaging workflow not detected", "name": "Packaging", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/975ee2304ef7097c94a377fe95976604b4adcf22/docs/checks.md#packaging", + "url": "https://github.com/ossf/scorecard/blob/43d5832d25ccc597a9b94926b6ad43da25204085/docs/checks.md#packaging", "short": "Determines if the project is published as a package that others can easily download, install, easily update, and uninstall." } }, @@ -170,7 +170,7 @@ "reason": "dependency not pinned by hash detected -- score normalized to 3", "name": "Pinned-Dependencies", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/975ee2304ef7097c94a377fe95976604b4adcf22/docs/checks.md#pinned-dependencies", + "url": "https://github.com/ossf/scorecard/blob/43d5832d25ccc597a9b94926b6ad43da25204085/docs/checks.md#pinned-dependencies", "short": "Determines if the project has declared and pinned the dependencies of its build process." } }, @@ -180,7 +180,7 @@ "reason": "SAST tool detected but not run on all commits", "name": "SAST", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/975ee2304ef7097c94a377fe95976604b4adcf22/docs/checks.md#sast", + "url": "https://github.com/ossf/scorecard/blob/43d5832d25ccc597a9b94926b6ad43da25204085/docs/checks.md#sast", "short": "Determines if the project uses static code analysis." } }, @@ -190,7 +190,7 @@ "reason": "security policy file not detected", "name": "Security-Policy", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/975ee2304ef7097c94a377fe95976604b4adcf22/docs/checks.md#security-policy", + "url": "https://github.com/ossf/scorecard/blob/43d5832d25ccc597a9b94926b6ad43da25204085/docs/checks.md#security-policy", "short": "Determines if the project has published a security policy." } }, @@ -200,7 +200,7 @@ "reason": "no releases found", "name": "Signed-Releases", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/975ee2304ef7097c94a377fe95976604b4adcf22/docs/checks.md#signed-releases", + "url": "https://github.com/ossf/scorecard/blob/43d5832d25ccc597a9b94926b6ad43da25204085/docs/checks.md#signed-releases", "short": "Determines if the project cryptographically signs release artifacts." } }, @@ -210,7 +210,7 @@ "reason": "detected GitHub workflow tokens with excessive permissions", "name": "Token-Permissions", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/975ee2304ef7097c94a377fe95976604b4adcf22/docs/checks.md#token-permissions", + "url": "https://github.com/ossf/scorecard/blob/43d5832d25ccc597a9b94926b6ad43da25204085/docs/checks.md#token-permissions", "short": "Determines if the project's workflows follow the principle of least privilege." } }, @@ -220,7 +220,7 @@ "reason": "31 existing vulnerabilities detected", "name": "Vulnerabilities", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/975ee2304ef7097c94a377fe95976604b4adcf22/docs/checks.md#vulnerabilities", + "url": "https://github.com/ossf/scorecard/blob/43d5832d25ccc597a9b94926b6ad43da25204085/docs/checks.md#vulnerabilities", "short": "Determines if the project has open, known unfixed vulnerabilities." } } diff --git a/app/site/_data/Enterprise-CMCS/managed-care-review/managed-care-review_data.json b/app/site/_data/Enterprise-CMCS/managed-care-review/managed-care-review_data.json index 69853d8060..095d58bcf7 100644 --- a/app/site/_data/Enterprise-CMCS/managed-care-review/managed-care-review_data.json +++ b/app/site/_data/Enterprise-CMCS/managed-care-review/managed-care-review_data.json @@ -55,16 +55,16 @@ "nadia_badge_name": "midsize", "created_at": "2020-07-27T19:02:24Z", "ossf_scorecard": { - "date": "2025-01-05T08:50:44Z", + "date": "2025-01-11T00:12:30Z", "repo": { "name": "github.com/Enterprise-CMCS/managed-care-review", - "commit": "0bbd592b0c93c95c021c60cbce5f2d742cf03e9e" + "commit": "a5367ec898fbee0ab0f1bbb08a0ea46fb89b2a02" }, "scorecard": { - "version": "v5.0.0-125-g975ee230", - "commit": "975ee2304ef7097c94a377fe95976604b4adcf22" + "version": "v5.0.0-132-g43d5832d", + "commit": "43d5832d25ccc597a9b94926b6ad43da25204085" }, - "score": 6.1, + "score": 6.2, "checks": [ { "details": null, @@ -72,7 +72,7 @@ "reason": "no binaries found in the repo", "name": "Binary-Artifacts", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/975ee2304ef7097c94a377fe95976604b4adcf22/docs/checks.md#binary-artifacts", + "url": "https://github.com/ossf/scorecard/blob/43d5832d25ccc597a9b94926b6ad43da25204085/docs/checks.md#binary-artifacts", "short": "Determines if the project has generated executable (binary) artifacts in the source repository." } }, @@ -82,7 +82,7 @@ "reason": "branch protection is not maximal on development and all release branches", "name": "Branch-Protection", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/975ee2304ef7097c94a377fe95976604b4adcf22/docs/checks.md#branch-protection", + "url": "https://github.com/ossf/scorecard/blob/43d5832d25ccc597a9b94926b6ad43da25204085/docs/checks.md#branch-protection", "short": "Determines if the default and release branches are protected with GitHub's branch protection settings." } }, @@ -92,7 +92,7 @@ "reason": "28 out of 28 merged PRs checked by a CI test -- score normalized to 10", "name": "CI-Tests", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/975ee2304ef7097c94a377fe95976604b4adcf22/docs/checks.md#ci-tests", + "url": "https://github.com/ossf/scorecard/blob/43d5832d25ccc597a9b94926b6ad43da25204085/docs/checks.md#ci-tests", "short": "Determines if the project runs tests before pull requests are merged." } }, @@ -102,17 +102,17 @@ "reason": "no effort to earn an OpenSSF best practices badge detected", "name": "CII-Best-Practices", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/975ee2304ef7097c94a377fe95976604b4adcf22/docs/checks.md#cii-best-practices", + "url": "https://github.com/ossf/scorecard/blob/43d5832d25ccc597a9b94926b6ad43da25204085/docs/checks.md#cii-best-practices", "short": "Determines if the project has an OpenSSF (formerly CII) Best Practices Badge." } }, { "details": null, - "score": 8, - "reason": "Found 17/19 approved changesets -- score normalized to 8", + "score": 9, + "reason": "Found 19/21 approved changesets -- score normalized to 9", "name": "Code-Review", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/975ee2304ef7097c94a377fe95976604b4adcf22/docs/checks.md#code-review", + "url": "https://github.com/ossf/scorecard/blob/43d5832d25ccc597a9b94926b6ad43da25204085/docs/checks.md#code-review", "short": "Determines if the project requires human code review before pull requests (aka merge requests) are merged." } }, @@ -122,7 +122,7 @@ "reason": "project has 6 contributing companies or organizations", "name": "Contributors", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/975ee2304ef7097c94a377fe95976604b4adcf22/docs/checks.md#contributors", + "url": "https://github.com/ossf/scorecard/blob/43d5832d25ccc597a9b94926b6ad43da25204085/docs/checks.md#contributors", "short": "Determines if the project has a set of contributors from multiple organizations (e.g., companies)." } }, @@ -132,7 +132,7 @@ "reason": "no dangerous workflow patterns detected", "name": "Dangerous-Workflow", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/975ee2304ef7097c94a377fe95976604b4adcf22/docs/checks.md#dangerous-workflow", + "url": "https://github.com/ossf/scorecard/blob/43d5832d25ccc597a9b94926b6ad43da25204085/docs/checks.md#dangerous-workflow", "short": "Determines if the project's GitHub Action workflows avoid dangerous patterns." } }, @@ -142,7 +142,7 @@ "reason": "update tool detected", "name": "Dependency-Update-Tool", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/975ee2304ef7097c94a377fe95976604b4adcf22/docs/checks.md#dependency-update-tool", + "url": "https://github.com/ossf/scorecard/blob/43d5832d25ccc597a9b94926b6ad43da25204085/docs/checks.md#dependency-update-tool", "short": "Determines if the project uses a dependency update tool." } }, @@ -152,7 +152,7 @@ "reason": "project is not fuzzed", "name": "Fuzzing", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/975ee2304ef7097c94a377fe95976604b4adcf22/docs/checks.md#fuzzing", + "url": "https://github.com/ossf/scorecard/blob/43d5832d25ccc597a9b94926b6ad43da25204085/docs/checks.md#fuzzing", "short": "Determines if the project uses fuzzing." } }, @@ -162,7 +162,7 @@ "reason": "license file detected", "name": "License", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/975ee2304ef7097c94a377fe95976604b4adcf22/docs/checks.md#license", + "url": "https://github.com/ossf/scorecard/blob/43d5832d25ccc597a9b94926b6ad43da25204085/docs/checks.md#license", "short": "Determines if the project has defined a license." } }, @@ -172,7 +172,7 @@ "reason": "30 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 10", "name": "Maintained", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/975ee2304ef7097c94a377fe95976604b4adcf22/docs/checks.md#maintained", + "url": "https://github.com/ossf/scorecard/blob/43d5832d25ccc597a9b94926b6ad43da25204085/docs/checks.md#maintained", "short": "Determines if the project is \"actively maintained\"." } }, @@ -182,7 +182,7 @@ "reason": "packaging workflow not detected", "name": "Packaging", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/975ee2304ef7097c94a377fe95976604b4adcf22/docs/checks.md#packaging", + "url": "https://github.com/ossf/scorecard/blob/43d5832d25ccc597a9b94926b6ad43da25204085/docs/checks.md#packaging", "short": "Determines if the project is published as a package that others can easily download, install, easily update, and uninstall." } }, @@ -192,7 +192,7 @@ "reason": "dependency not pinned by hash detected -- score normalized to 0", "name": "Pinned-Dependencies", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/975ee2304ef7097c94a377fe95976604b4adcf22/docs/checks.md#pinned-dependencies", + "url": "https://github.com/ossf/scorecard/blob/43d5832d25ccc597a9b94926b6ad43da25204085/docs/checks.md#pinned-dependencies", "short": "Determines if the project has declared and pinned the dependencies of its build process." } }, @@ -202,7 +202,7 @@ "reason": "SAST tool is run on all commits", "name": "SAST", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/975ee2304ef7097c94a377fe95976604b4adcf22/docs/checks.md#sast", + "url": "https://github.com/ossf/scorecard/blob/43d5832d25ccc597a9b94926b6ad43da25204085/docs/checks.md#sast", "short": "Determines if the project uses static code analysis." } }, @@ -212,7 +212,7 @@ "reason": "security policy file not detected", "name": "Security-Policy", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/975ee2304ef7097c94a377fe95976604b4adcf22/docs/checks.md#security-policy", + "url": "https://github.com/ossf/scorecard/blob/43d5832d25ccc597a9b94926b6ad43da25204085/docs/checks.md#security-policy", "short": "Determines if the project has published a security policy." } }, @@ -222,7 +222,7 @@ "reason": "no releases found", "name": "Signed-Releases", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/975ee2304ef7097c94a377fe95976604b4adcf22/docs/checks.md#signed-releases", + "url": "https://github.com/ossf/scorecard/blob/43d5832d25ccc597a9b94926b6ad43da25204085/docs/checks.md#signed-releases", "short": "Determines if the project cryptographically signs release artifacts." } }, @@ -232,7 +232,7 @@ "reason": "detected GitHub workflow tokens with excessive permissions", "name": "Token-Permissions", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/975ee2304ef7097c94a377fe95976604b4adcf22/docs/checks.md#token-permissions", + "url": "https://github.com/ossf/scorecard/blob/43d5832d25ccc597a9b94926b6ad43da25204085/docs/checks.md#token-permissions", "short": "Determines if the project's workflows follow the principle of least privilege." } }, @@ -242,7 +242,7 @@ "reason": "27 existing vulnerabilities detected", "name": "Vulnerabilities", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/975ee2304ef7097c94a377fe95976604b4adcf22/docs/checks.md#vulnerabilities", + "url": "https://github.com/ossf/scorecard/blob/43d5832d25ccc597a9b94926b6ad43da25204085/docs/checks.md#vulnerabilities", "short": "Determines if the project has open, known unfixed vulnerabilities." } } diff --git a/app/site/_data/Enterprise-CMCS/seatool-compare/seatool-compare_data.json b/app/site/_data/Enterprise-CMCS/seatool-compare/seatool-compare_data.json index 0be1e93b77..df288c4e6a 100644 --- a/app/site/_data/Enterprise-CMCS/seatool-compare/seatool-compare_data.json +++ b/app/site/_data/Enterprise-CMCS/seatool-compare/seatool-compare_data.json @@ -36,14 +36,14 @@ "nadia_badge_name": "midsize", "created_at": "2022-09-16T18:46:05Z", "ossf_scorecard": { - "date": "2025-01-05T08:58:30Z", + "date": "2025-01-11T00:20:38Z", "repo": { "name": "github.com/Enterprise-CMCS/seatool-compare", "commit": "9ee31e2c2f8c5defba29f1cbf4cb501438c94a5d" }, "scorecard": { - "version": "v5.0.0-125-g975ee230", - "commit": "975ee2304ef7097c94a377fe95976604b4adcf22" + "version": "v5.0.0-132-g43d5832d", + "commit": "43d5832d25ccc597a9b94926b6ad43da25204085" }, "score": 4.7, "checks": [ @@ -53,7 +53,7 @@ "reason": "no binaries found in the repo", "name": "Binary-Artifacts", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/975ee2304ef7097c94a377fe95976604b4adcf22/docs/checks.md#binary-artifacts", + "url": "https://github.com/ossf/scorecard/blob/43d5832d25ccc597a9b94926b6ad43da25204085/docs/checks.md#binary-artifacts", "short": "Determines if the project has generated executable (binary) artifacts in the source repository." } }, @@ -63,7 +63,7 @@ "reason": "branch protection is not maximal on development and all release branches", "name": "Branch-Protection", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/975ee2304ef7097c94a377fe95976604b4adcf22/docs/checks.md#branch-protection", + "url": "https://github.com/ossf/scorecard/blob/43d5832d25ccc597a9b94926b6ad43da25204085/docs/checks.md#branch-protection", "short": "Determines if the default and release branches are protected with GitHub's branch protection settings." } }, @@ -73,7 +73,7 @@ "reason": "1 out of 21 merged PRs checked by a CI test -- score normalized to 0", "name": "CI-Tests", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/975ee2304ef7097c94a377fe95976604b4adcf22/docs/checks.md#ci-tests", + "url": "https://github.com/ossf/scorecard/blob/43d5832d25ccc597a9b94926b6ad43da25204085/docs/checks.md#ci-tests", "short": "Determines if the project runs tests before pull requests are merged." } }, @@ -83,7 +83,7 @@ "reason": "no effort to earn an OpenSSF best practices badge detected", "name": "CII-Best-Practices", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/975ee2304ef7097c94a377fe95976604b4adcf22/docs/checks.md#cii-best-practices", + "url": "https://github.com/ossf/scorecard/blob/43d5832d25ccc597a9b94926b6ad43da25204085/docs/checks.md#cii-best-practices", "short": "Determines if the project has an OpenSSF (formerly CII) Best Practices Badge." } }, @@ -93,7 +93,7 @@ "reason": "Found 17/18 approved changesets -- score normalized to 9", "name": "Code-Review", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/975ee2304ef7097c94a377fe95976604b4adcf22/docs/checks.md#code-review", + "url": "https://github.com/ossf/scorecard/blob/43d5832d25ccc597a9b94926b6ad43da25204085/docs/checks.md#code-review", "short": "Determines if the project requires human code review before pull requests (aka merge requests) are merged." } }, @@ -103,7 +103,7 @@ "reason": "project has 2 contributing companies or organizations -- score normalized to 6", "name": "Contributors", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/975ee2304ef7097c94a377fe95976604b4adcf22/docs/checks.md#contributors", + "url": "https://github.com/ossf/scorecard/blob/43d5832d25ccc597a9b94926b6ad43da25204085/docs/checks.md#contributors", "short": "Determines if the project has a set of contributors from multiple organizations (e.g., companies)." } }, @@ -113,7 +113,7 @@ "reason": "no dangerous workflow patterns detected", "name": "Dangerous-Workflow", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/975ee2304ef7097c94a377fe95976604b4adcf22/docs/checks.md#dangerous-workflow", + "url": "https://github.com/ossf/scorecard/blob/43d5832d25ccc597a9b94926b6ad43da25204085/docs/checks.md#dangerous-workflow", "short": "Determines if the project's GitHub Action workflows avoid dangerous patterns." } }, @@ -123,7 +123,7 @@ "reason": "update tool detected", "name": "Dependency-Update-Tool", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/975ee2304ef7097c94a377fe95976604b4adcf22/docs/checks.md#dependency-update-tool", + "url": "https://github.com/ossf/scorecard/blob/43d5832d25ccc597a9b94926b6ad43da25204085/docs/checks.md#dependency-update-tool", "short": "Determines if the project uses a dependency update tool." } }, @@ -133,7 +133,7 @@ "reason": "project is not fuzzed", "name": "Fuzzing", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/975ee2304ef7097c94a377fe95976604b4adcf22/docs/checks.md#fuzzing", + "url": "https://github.com/ossf/scorecard/blob/43d5832d25ccc597a9b94926b6ad43da25204085/docs/checks.md#fuzzing", "short": "Determines if the project uses fuzzing." } }, @@ -143,7 +143,7 @@ "reason": "license file detected", "name": "License", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/975ee2304ef7097c94a377fe95976604b4adcf22/docs/checks.md#license", + "url": "https://github.com/ossf/scorecard/blob/43d5832d25ccc597a9b94926b6ad43da25204085/docs/checks.md#license", "short": "Determines if the project has defined a license." } }, @@ -153,7 +153,7 @@ "reason": "0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0", "name": "Maintained", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/975ee2304ef7097c94a377fe95976604b4adcf22/docs/checks.md#maintained", + "url": "https://github.com/ossf/scorecard/blob/43d5832d25ccc597a9b94926b6ad43da25204085/docs/checks.md#maintained", "short": "Determines if the project is \"actively maintained\"." } }, @@ -163,7 +163,7 @@ "reason": "packaging workflow detected", "name": "Packaging", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/975ee2304ef7097c94a377fe95976604b4adcf22/docs/checks.md#packaging", + "url": "https://github.com/ossf/scorecard/blob/43d5832d25ccc597a9b94926b6ad43da25204085/docs/checks.md#packaging", "short": "Determines if the project is published as a package that others can easily download, install, easily update, and uninstall." } }, @@ -173,7 +173,7 @@ "reason": "dependency not pinned by hash detected -- score normalized to 0", "name": "Pinned-Dependencies", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/975ee2304ef7097c94a377fe95976604b4adcf22/docs/checks.md#pinned-dependencies", + "url": "https://github.com/ossf/scorecard/blob/43d5832d25ccc597a9b94926b6ad43da25204085/docs/checks.md#pinned-dependencies", "short": "Determines if the project has declared and pinned the dependencies of its build process." } }, @@ -183,7 +183,7 @@ "reason": "SAST tool detected but not run on all commits", "name": "SAST", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/975ee2304ef7097c94a377fe95976604b4adcf22/docs/checks.md#sast", + "url": "https://github.com/ossf/scorecard/blob/43d5832d25ccc597a9b94926b6ad43da25204085/docs/checks.md#sast", "short": "Determines if the project uses static code analysis." } }, @@ -193,7 +193,7 @@ "reason": "security policy file not detected", "name": "Security-Policy", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/975ee2304ef7097c94a377fe95976604b4adcf22/docs/checks.md#security-policy", + "url": "https://github.com/ossf/scorecard/blob/43d5832d25ccc597a9b94926b6ad43da25204085/docs/checks.md#security-policy", "short": "Determines if the project has published a security policy." } }, @@ -203,7 +203,7 @@ "reason": "no releases found", "name": "Signed-Releases", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/975ee2304ef7097c94a377fe95976604b4adcf22/docs/checks.md#signed-releases", + "url": "https://github.com/ossf/scorecard/blob/43d5832d25ccc597a9b94926b6ad43da25204085/docs/checks.md#signed-releases", "short": "Determines if the project cryptographically signs release artifacts." } }, @@ -213,7 +213,7 @@ "reason": "detected GitHub workflow tokens with excessive permissions", "name": "Token-Permissions", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/975ee2304ef7097c94a377fe95976604b4adcf22/docs/checks.md#token-permissions", + "url": "https://github.com/ossf/scorecard/blob/43d5832d25ccc597a9b94926b6ad43da25204085/docs/checks.md#token-permissions", "short": "Determines if the project's workflows follow the principle of least privilege." } }, @@ -223,7 +223,7 @@ "reason": "32 existing vulnerabilities detected", "name": "Vulnerabilities", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/975ee2304ef7097c94a377fe95976604b4adcf22/docs/checks.md#vulnerabilities", + "url": "https://github.com/ossf/scorecard/blob/43d5832d25ccc597a9b94926b6ad43da25204085/docs/checks.md#vulnerabilities", "short": "Determines if the project has open, known unfixed vulnerabilities." } } diff --git a/app/site/_data/Enterprise-CMCS/seatool-connectors/seatool-connectors_data.json b/app/site/_data/Enterprise-CMCS/seatool-connectors/seatool-connectors_data.json index dfd245c92b..83a697c868 100644 --- a/app/site/_data/Enterprise-CMCS/seatool-connectors/seatool-connectors_data.json +++ b/app/site/_data/Enterprise-CMCS/seatool-connectors/seatool-connectors_data.json @@ -52,14 +52,14 @@ "nadia_badge_name": "midsize", "created_at": "2022-09-16T18:48:38Z", "ossf_scorecard": { - "date": "2025-01-05T08:58:04Z", + "date": "2025-01-11T00:20:08Z", "repo": { "name": "github.com/Enterprise-CMCS/seatool-connectors", "commit": "5a4394b6b66eac5b32c1222b1927877eedb085e1" }, "scorecard": { - "version": "v5.0.0-125-g975ee230", - "commit": "975ee2304ef7097c94a377fe95976604b4adcf22" + "version": "v5.0.0-132-g43d5832d", + "commit": "43d5832d25ccc597a9b94926b6ad43da25204085" }, "score": 4.8, "checks": [ @@ -69,7 +69,7 @@ "reason": "no binaries found in the repo", "name": "Binary-Artifacts", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/975ee2304ef7097c94a377fe95976604b4adcf22/docs/checks.md#binary-artifacts", + "url": "https://github.com/ossf/scorecard/blob/43d5832d25ccc597a9b94926b6ad43da25204085/docs/checks.md#binary-artifacts", "short": "Determines if the project has generated executable (binary) artifacts in the source repository." } }, @@ -79,7 +79,7 @@ "reason": "branch protection is not maximal on development and all release branches", "name": "Branch-Protection", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/975ee2304ef7097c94a377fe95976604b4adcf22/docs/checks.md#branch-protection", + "url": "https://github.com/ossf/scorecard/blob/43d5832d25ccc597a9b94926b6ad43da25204085/docs/checks.md#branch-protection", "short": "Determines if the default and release branches are protected with GitHub's branch protection settings." } }, @@ -89,7 +89,7 @@ "reason": "11 out of 20 merged PRs checked by a CI test -- score normalized to 5", "name": "CI-Tests", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/975ee2304ef7097c94a377fe95976604b4adcf22/docs/checks.md#ci-tests", + "url": "https://github.com/ossf/scorecard/blob/43d5832d25ccc597a9b94926b6ad43da25204085/docs/checks.md#ci-tests", "short": "Determines if the project runs tests before pull requests are merged." } }, @@ -99,7 +99,7 @@ "reason": "no effort to earn an OpenSSF best practices badge detected", "name": "CII-Best-Practices", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/975ee2304ef7097c94a377fe95976604b4adcf22/docs/checks.md#cii-best-practices", + "url": "https://github.com/ossf/scorecard/blob/43d5832d25ccc597a9b94926b6ad43da25204085/docs/checks.md#cii-best-practices", "short": "Determines if the project has an OpenSSF (formerly CII) Best Practices Badge." } }, @@ -109,7 +109,7 @@ "reason": "all changesets reviewed", "name": "Code-Review", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/975ee2304ef7097c94a377fe95976604b4adcf22/docs/checks.md#code-review", + "url": "https://github.com/ossf/scorecard/blob/43d5832d25ccc597a9b94926b6ad43da25204085/docs/checks.md#code-review", "short": "Determines if the project requires human code review before pull requests (aka merge requests) are merged." } }, @@ -119,7 +119,7 @@ "reason": "project has 0 contributing companies or organizations -- score normalized to 0", "name": "Contributors", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/975ee2304ef7097c94a377fe95976604b4adcf22/docs/checks.md#contributors", + "url": "https://github.com/ossf/scorecard/blob/43d5832d25ccc597a9b94926b6ad43da25204085/docs/checks.md#contributors", "short": "Determines if the project has a set of contributors from multiple organizations (e.g., companies)." } }, @@ -129,7 +129,7 @@ "reason": "no dangerous workflow patterns detected", "name": "Dangerous-Workflow", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/975ee2304ef7097c94a377fe95976604b4adcf22/docs/checks.md#dangerous-workflow", + "url": "https://github.com/ossf/scorecard/blob/43d5832d25ccc597a9b94926b6ad43da25204085/docs/checks.md#dangerous-workflow", "short": "Determines if the project's GitHub Action workflows avoid dangerous patterns." } }, @@ -139,7 +139,7 @@ "reason": "update tool detected", "name": "Dependency-Update-Tool", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/975ee2304ef7097c94a377fe95976604b4adcf22/docs/checks.md#dependency-update-tool", + "url": "https://github.com/ossf/scorecard/blob/43d5832d25ccc597a9b94926b6ad43da25204085/docs/checks.md#dependency-update-tool", "short": "Determines if the project uses a dependency update tool." } }, @@ -149,7 +149,7 @@ "reason": "project is not fuzzed", "name": "Fuzzing", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/975ee2304ef7097c94a377fe95976604b4adcf22/docs/checks.md#fuzzing", + "url": "https://github.com/ossf/scorecard/blob/43d5832d25ccc597a9b94926b6ad43da25204085/docs/checks.md#fuzzing", "short": "Determines if the project uses fuzzing." } }, @@ -159,17 +159,17 @@ "reason": "license file detected", "name": "License", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/975ee2304ef7097c94a377fe95976604b4adcf22/docs/checks.md#license", + "url": "https://github.com/ossf/scorecard/blob/43d5832d25ccc597a9b94926b6ad43da25204085/docs/checks.md#license", "short": "Determines if the project has defined a license." } }, { "details": null, "score": 0, - "reason": "1 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0", + "reason": "0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0", "name": "Maintained", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/975ee2304ef7097c94a377fe95976604b4adcf22/docs/checks.md#maintained", + "url": "https://github.com/ossf/scorecard/blob/43d5832d25ccc597a9b94926b6ad43da25204085/docs/checks.md#maintained", "short": "Determines if the project is \"actively maintained\"." } }, @@ -179,7 +179,7 @@ "reason": "packaging workflow detected", "name": "Packaging", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/975ee2304ef7097c94a377fe95976604b4adcf22/docs/checks.md#packaging", + "url": "https://github.com/ossf/scorecard/blob/43d5832d25ccc597a9b94926b6ad43da25204085/docs/checks.md#packaging", "short": "Determines if the project is published as a package that others can easily download, install, easily update, and uninstall." } }, @@ -189,7 +189,7 @@ "reason": "dependency not pinned by hash detected -- score normalized to 0", "name": "Pinned-Dependencies", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/975ee2304ef7097c94a377fe95976604b4adcf22/docs/checks.md#pinned-dependencies", + "url": "https://github.com/ossf/scorecard/blob/43d5832d25ccc597a9b94926b6ad43da25204085/docs/checks.md#pinned-dependencies", "short": "Determines if the project has declared and pinned the dependencies of its build process." } }, @@ -199,7 +199,7 @@ "reason": "SAST tool is not run on all commits -- score normalized to 0", "name": "SAST", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/975ee2304ef7097c94a377fe95976604b4adcf22/docs/checks.md#sast", + "url": "https://github.com/ossf/scorecard/blob/43d5832d25ccc597a9b94926b6ad43da25204085/docs/checks.md#sast", "short": "Determines if the project uses static code analysis." } }, @@ -209,7 +209,7 @@ "reason": "security policy file not detected", "name": "Security-Policy", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/975ee2304ef7097c94a377fe95976604b4adcf22/docs/checks.md#security-policy", + "url": "https://github.com/ossf/scorecard/blob/43d5832d25ccc597a9b94926b6ad43da25204085/docs/checks.md#security-policy", "short": "Determines if the project has published a security policy." } }, @@ -219,7 +219,7 @@ "reason": "no releases found", "name": "Signed-Releases", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/975ee2304ef7097c94a377fe95976604b4adcf22/docs/checks.md#signed-releases", + "url": "https://github.com/ossf/scorecard/blob/43d5832d25ccc597a9b94926b6ad43da25204085/docs/checks.md#signed-releases", "short": "Determines if the project cryptographically signs release artifacts." } }, @@ -229,7 +229,7 @@ "reason": "detected GitHub workflow tokens with excessive permissions", "name": "Token-Permissions", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/975ee2304ef7097c94a377fe95976604b4adcf22/docs/checks.md#token-permissions", + "url": "https://github.com/ossf/scorecard/blob/43d5832d25ccc597a9b94926b6ad43da25204085/docs/checks.md#token-permissions", "short": "Determines if the project's workflows follow the principle of least privilege." } }, @@ -239,7 +239,7 @@ "reason": "30 existing vulnerabilities detected", "name": "Vulnerabilities", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/975ee2304ef7097c94a377fe95976604b4adcf22/docs/checks.md#vulnerabilities", + "url": "https://github.com/ossf/scorecard/blob/43d5832d25ccc597a9b94926b6ad43da25204085/docs/checks.md#vulnerabilities", "short": "Determines if the project has open, known unfixed vulnerabilities." } } diff --git a/app/site/_data/Enterprise-CMCS/serverless-s3-bucket-helper/serverless-s3-bucket-helper_data.json b/app/site/_data/Enterprise-CMCS/serverless-s3-bucket-helper/serverless-s3-bucket-helper_data.json index 2a35522ba9..4ebd4b1fd3 100644 --- a/app/site/_data/Enterprise-CMCS/serverless-s3-bucket-helper/serverless-s3-bucket-helper_data.json +++ b/app/site/_data/Enterprise-CMCS/serverless-s3-bucket-helper/serverless-s3-bucket-helper_data.json @@ -34,14 +34,14 @@ "nadia_badge_name": "toy", "created_at": "2021-08-26T16:41:01Z", "ossf_scorecard": { - "date": "2025-01-05T09:01:30Z", + "date": "2025-01-11T00:23:56Z", "repo": { "name": "github.com/Enterprise-CMCS/serverless-s3-bucket-helper", "commit": "3e519d15676de237ec8ede3ff9ae26abf3f3ef0a" }, "scorecard": { - "version": "v5.0.0-125-g975ee230", - "commit": "975ee2304ef7097c94a377fe95976604b4adcf22" + "version": "v5.0.0-132-g43d5832d", + "commit": "43d5832d25ccc597a9b94926b6ad43da25204085" }, "score": 3.7, "checks": [ @@ -51,7 +51,7 @@ "reason": "no binaries found in the repo", "name": "Binary-Artifacts", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/975ee2304ef7097c94a377fe95976604b4adcf22/docs/checks.md#binary-artifacts", + "url": "https://github.com/ossf/scorecard/blob/43d5832d25ccc597a9b94926b6ad43da25204085/docs/checks.md#binary-artifacts", "short": "Determines if the project has generated executable (binary) artifacts in the source repository." } }, @@ -61,7 +61,7 @@ "reason": "branch protection is not maximal on development and all release branches", "name": "Branch-Protection", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/975ee2304ef7097c94a377fe95976604b4adcf22/docs/checks.md#branch-protection", + "url": "https://github.com/ossf/scorecard/blob/43d5832d25ccc597a9b94926b6ad43da25204085/docs/checks.md#branch-protection", "short": "Determines if the default and release branches are protected with GitHub's branch protection settings." } }, @@ -71,7 +71,7 @@ "reason": "0 out of 6 merged PRs checked by a CI test -- score normalized to 0", "name": "CI-Tests", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/975ee2304ef7097c94a377fe95976604b4adcf22/docs/checks.md#ci-tests", + "url": "https://github.com/ossf/scorecard/blob/43d5832d25ccc597a9b94926b6ad43da25204085/docs/checks.md#ci-tests", "short": "Determines if the project runs tests before pull requests are merged." } }, @@ -81,7 +81,7 @@ "reason": "no effort to earn an OpenSSF best practices badge detected", "name": "CII-Best-Practices", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/975ee2304ef7097c94a377fe95976604b4adcf22/docs/checks.md#cii-best-practices", + "url": "https://github.com/ossf/scorecard/blob/43d5832d25ccc597a9b94926b6ad43da25204085/docs/checks.md#cii-best-practices", "short": "Determines if the project has an OpenSSF (formerly CII) Best Practices Badge." } }, @@ -91,7 +91,7 @@ "reason": "Found 2/7 approved changesets -- score normalized to 2", "name": "Code-Review", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/975ee2304ef7097c94a377fe95976604b4adcf22/docs/checks.md#code-review", + "url": "https://github.com/ossf/scorecard/blob/43d5832d25ccc597a9b94926b6ad43da25204085/docs/checks.md#code-review", "short": "Determines if the project requires human code review before pull requests (aka merge requests) are merged." } }, @@ -101,7 +101,7 @@ "reason": "project has 0 contributing companies or organizations -- score normalized to 0", "name": "Contributors", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/975ee2304ef7097c94a377fe95976604b4adcf22/docs/checks.md#contributors", + "url": "https://github.com/ossf/scorecard/blob/43d5832d25ccc597a9b94926b6ad43da25204085/docs/checks.md#contributors", "short": "Determines if the project has a set of contributors from multiple organizations (e.g., companies)." } }, @@ -111,7 +111,7 @@ "reason": "no dangerous workflow patterns detected", "name": "Dangerous-Workflow", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/975ee2304ef7097c94a377fe95976604b4adcf22/docs/checks.md#dangerous-workflow", + "url": "https://github.com/ossf/scorecard/blob/43d5832d25ccc597a9b94926b6ad43da25204085/docs/checks.md#dangerous-workflow", "short": "Determines if the project's GitHub Action workflows avoid dangerous patterns." } }, @@ -121,7 +121,7 @@ "reason": "no update tool detected", "name": "Dependency-Update-Tool", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/975ee2304ef7097c94a377fe95976604b4adcf22/docs/checks.md#dependency-update-tool", + "url": "https://github.com/ossf/scorecard/blob/43d5832d25ccc597a9b94926b6ad43da25204085/docs/checks.md#dependency-update-tool", "short": "Determines if the project uses a dependency update tool." } }, @@ -131,7 +131,7 @@ "reason": "project is not fuzzed", "name": "Fuzzing", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/975ee2304ef7097c94a377fe95976604b4adcf22/docs/checks.md#fuzzing", + "url": "https://github.com/ossf/scorecard/blob/43d5832d25ccc597a9b94926b6ad43da25204085/docs/checks.md#fuzzing", "short": "Determines if the project uses fuzzing." } }, @@ -141,7 +141,7 @@ "reason": "license file not detected", "name": "License", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/975ee2304ef7097c94a377fe95976604b4adcf22/docs/checks.md#license", + "url": "https://github.com/ossf/scorecard/blob/43d5832d25ccc597a9b94926b6ad43da25204085/docs/checks.md#license", "short": "Determines if the project has defined a license." } }, @@ -151,7 +151,7 @@ "reason": "0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0", "name": "Maintained", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/975ee2304ef7097c94a377fe95976604b4adcf22/docs/checks.md#maintained", + "url": "https://github.com/ossf/scorecard/blob/43d5832d25ccc597a9b94926b6ad43da25204085/docs/checks.md#maintained", "short": "Determines if the project is \"actively maintained\"." } }, @@ -161,7 +161,7 @@ "reason": "packaging workflow not detected", "name": "Packaging", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/975ee2304ef7097c94a377fe95976604b4adcf22/docs/checks.md#packaging", + "url": "https://github.com/ossf/scorecard/blob/43d5832d25ccc597a9b94926b6ad43da25204085/docs/checks.md#packaging", "short": "Determines if the project is published as a package that others can easily download, install, easily update, and uninstall." } }, @@ -171,7 +171,7 @@ "reason": "dependency not pinned by hash detected -- score normalized to 0", "name": "Pinned-Dependencies", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/975ee2304ef7097c94a377fe95976604b4adcf22/docs/checks.md#pinned-dependencies", + "url": "https://github.com/ossf/scorecard/blob/43d5832d25ccc597a9b94926b6ad43da25204085/docs/checks.md#pinned-dependencies", "short": "Determines if the project has declared and pinned the dependencies of its build process." } }, @@ -181,7 +181,7 @@ "reason": "SAST tool detected but not run on all commits", "name": "SAST", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/975ee2304ef7097c94a377fe95976604b4adcf22/docs/checks.md#sast", + "url": "https://github.com/ossf/scorecard/blob/43d5832d25ccc597a9b94926b6ad43da25204085/docs/checks.md#sast", "short": "Determines if the project uses static code analysis." } }, @@ -191,7 +191,7 @@ "reason": "security policy file not detected", "name": "Security-Policy", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/975ee2304ef7097c94a377fe95976604b4adcf22/docs/checks.md#security-policy", + "url": "https://github.com/ossf/scorecard/blob/43d5832d25ccc597a9b94926b6ad43da25204085/docs/checks.md#security-policy", "short": "Determines if the project has published a security policy." } }, @@ -201,7 +201,7 @@ "reason": "no releases found", "name": "Signed-Releases", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/975ee2304ef7097c94a377fe95976604b4adcf22/docs/checks.md#signed-releases", + "url": "https://github.com/ossf/scorecard/blob/43d5832d25ccc597a9b94926b6ad43da25204085/docs/checks.md#signed-releases", "short": "Determines if the project cryptographically signs release artifacts." } }, @@ -211,7 +211,7 @@ "reason": "detected GitHub workflow tokens with excessive permissions", "name": "Token-Permissions", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/975ee2304ef7097c94a377fe95976604b4adcf22/docs/checks.md#token-permissions", + "url": "https://github.com/ossf/scorecard/blob/43d5832d25ccc597a9b94926b6ad43da25204085/docs/checks.md#token-permissions", "short": "Determines if the project's workflows follow the principle of least privilege." } }, @@ -221,7 +221,7 @@ "reason": "0 existing vulnerabilities detected", "name": "Vulnerabilities", "documentation": { - "url": "https://github.com/ossf/scorecard/blob/975ee2304ef7097c94a377fe95976604b4adcf22/docs/checks.md#vulnerabilities", + "url": "https://github.com/ossf/scorecard/blob/43d5832d25ccc597a9b94926b6ad43da25204085/docs/checks.md#vulnerabilities", "short": "Determines if the project has open, known unfixed vulnerabilities." } }