Page MenuHomePhabricator
Files F34824397

vue3-2021-scorecards.txt
sbassett (Scott Bassett)
Actions

Authored By
sbassett
Dec 3 2021, 9:53 PM
Size
55 KB
Referenced Files
None
Subscribers
None

vue3-2021-scorecards.txt
View Options

RESULTS
-------
Aggregate score: 6.3 / 10
Check scores:
|---------|------------------------|--------------------------------|--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|-----------------------------------------------------------------------------------------------------------------------|
| SCORE | NAME | REASON | DETAILS | DOCUMENTATION/REMEDIATION |
|---------|------------------------|--------------------------------|--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|-----------------------------------------------------------------------------------------------------------------------|
| 10 / 10 | Binary-Artifacts | no binaries found in the repo | | https://github.com/ossf/scorecard/blob/4d6f2b606b56352092a21de5edf049e5325cb9f4/docs/checks.md#binary-artifacts |
|---------|------------------------|--------------------------------|--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|-----------------------------------------------------------------------------------------------------------------------|
| 10 / 10 | Branch-Protection | branch protection is fully | Warn: branch protection not | https://github.com/ossf/scorecard/blob/4d6f2b606b56352092a21de5edf049e5325cb9f4/docs/checks.md#branch-protection |
| | | enabled on development and all | enabled for branch 'master' | |
| | | release branches | | |
|---------|------------------------|--------------------------------|--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|-----------------------------------------------------------------------------------------------------------------------|
| ? | CI-Tests | internal error: cannot list | | https://github.com/ossf/scorecard/blob/4d6f2b606b56352092a21de5edf049e5325cb9f4/docs/checks.md#ci-tests |
| | | check runs by ref | | |
|---------|------------------------|--------------------------------|--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|-----------------------------------------------------------------------------------------------------------------------|
| 0 / 10 | CII-Best-Practices | no badge detected | | https://github.com/ossf/scorecard/blob/4d6f2b606b56352092a21de5edf049e5325cb9f4/docs/checks.md#cii-best-practices |
|---------|------------------------|--------------------------------|--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|-----------------------------------------------------------------------------------------------------------------------|
| 1 / 10 | Code-Review | GitHub code reviews found for | Info: Gerrit code reviews | https://github.com/ossf/scorecard/blob/4d6f2b606b56352092a21de5edf049e5325cb9f4/docs/checks.md#code-review |
| | | 5 commits out of the last 30 | found for 0 commits out of | |
| | | -- score normalized to 1 | the last 30 Info: Prow code | |
| | | | reviews found for 0 commits | |
| | | | out of the last 30 | |
|---------|------------------------|--------------------------------|--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|-----------------------------------------------------------------------------------------------------------------------|
| 10 / 10 | Contributors | 57 different companies found | Info: contributors work for: vuese,vue-mini,neucn,Hedgehog-Computing,University-of-Bread,znckco,HcySunYang-bot,GitCodeTree,ninja-squad,x2y2dotcom,LemonVM,bread-os,AimonaStudio,hypermob,onyxjs,hexojs,actions-cool,octopus-network,undefined,vuejs-fr,pingcap,libevent,originjs,grammarly,home,project-incubator,prettier,cnAbp,ProgramLeague,viteland,HMUniversity,simple-uploader,vuepress,bytedance,freelance,nodejs,china | https://github.com/ossf/scorecard/blob/4d6f2b606b56352092a21de5edf049e5325cb9f4/docs/checks.md#contributors |
| | | -- score normalized to 10 | electric vehicle association,codeIt-today,antvis,hopejs,tencent,DimensionDev,rainbow alliance,tenbot,tc39,xjtuana,hcwg,vuejs,BejDev,darukjs,JSCIG,LGBT-CN,trend-fed-sharing,Ninja-Squad,poc-playground,picpay,line fukuoka | |
|---------|------------------------|--------------------------------|--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|-----------------------------------------------------------------------------------------------------------------------|
| 10 / 10 | Dependency-Update-Tool | update tool detected | Info: dependabot detected: | https://github.com/ossf/scorecard/blob/4d6f2b606b56352092a21de5edf049e5325cb9f4/docs/checks.md#dependency-update-tool |
| | | | .github/dependabot.yml:1 | |
|---------|------------------------|--------------------------------|--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|-----------------------------------------------------------------------------------------------------------------------|
| 0 / 10 | Fuzzing | project is not fuzzed | | https://github.com/ossf/scorecard/blob/4d6f2b606b56352092a21de5edf049e5325cb9f4/docs/checks.md#fuzzing |
|---------|------------------------|--------------------------------|--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|-----------------------------------------------------------------------------------------------------------------------|
| 10 / 10 | Maintained | 30 commit(s) out of 30 and 30 | | https://github.com/ossf/scorecard/blob/4d6f2b606b56352092a21de5edf049e5325cb9f4/docs/checks.md#maintained |
| | | issue activity out of 30 found | | |
| | | in the last 90 days -- score | | |
| | | normalized to 10 | | |
|---------|------------------------|--------------------------------|--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|-----------------------------------------------------------------------------------------------------------------------|
| ? | Packaging | no published package detected | Warn: no GitHub publishing | https://github.com/ossf/scorecard/blob/4d6f2b606b56352092a21de5edf049e5325cb9f4/docs/checks.md#packaging |
| | | | workflow detected | |
|---------|------------------------|--------------------------------|--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|-----------------------------------------------------------------------------------------------------------------------|
| 6 / 10 | Pinned-Dependencies | dependency not pinned by hash | Warn: no lock files detected for | https://github.com/ossf/scorecard/blob/4d6f2b606b56352092a21de5edf049e5325cb9f4/docs/checks.md#pinned-dependencies |
| | | detected -- score normalized | a package manager Warn: dependency | |
| | | to 6 | not pinned by hash (job 'test'): | |
| | | | .github/workflows/ci.yml:13 | |
| | | | Warn: dependency not pinned | |
| | | | by hash (job 'test'): | |
| | | | .github/workflows/ci.yml:16 Warn: | |
| | | | dependency not pinned by hash (job | |
| | | | 'test'): .github/workflows/ci.yml:21 | |
| | | | Warn: dependency not pinned | |
| | | | by hash (job 'test-dts'): | |
| | | | .github/workflows/ci.yml:34 | |
| | | | Warn: dependency not pinned | |
| | | | by hash (job 'test-dts'): | |
| | | | .github/workflows/ci.yml:37 | |
| | | | Warn: dependency not pinned | |
| | | | by hash (job 'test-dts'): | |
| | | | .github/workflows/ci.yml:42 Warn: | |
| | | | dependency not pinned by hash (job | |
| | | | 'size'): .github/workflows/ci.yml:57 | |
| | | | Warn: dependency not pinned | |
| | | | by hash (job 'size'): | |
| | | | .github/workflows/ci.yml:60 Warn: | |
| | | | dependency not pinned by hash (job | |
| | | | 'size'): .github/workflows/ci.yml:65 | |
| | | | Warn: dependency not pinned by | |
| | | | hash (job 'Create Release'): | |
| | | | .github/workflows/release-tag.yml:14 | |
| | | | Warn: dependency not pinned by | |
| | | | hash (job 'Create Release'): | |
| | | | .github/workflows/release-tag.yml:17 | |
| | | | Info: Dockerfile dependencies are | |
| | | | pinned Info: no insecure (not pinned | |
| | | | by hash) dependency downloads found | |
| | | | in Dockerfiles Info: no insecure | |
| | | | (not pinned by hash) dependency | |
| | | | downloads found in shell scripts | |
| | | | Info: no insecure (not pinned by | |
| | | | hash) dependency downloads found in | |
| | | | GitHub workflows | |
|---------|------------------------|--------------------------------|--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|-----------------------------------------------------------------------------------------------------------------------|
| 0 / 10 | SAST | no SAST tool detected | Warn: no pull requests merged | https://github.com/ossf/scorecard/blob/4d6f2b606b56352092a21de5edf049e5325cb9f4/docs/checks.md#sast |
| | | | into dev branch Warn: CodeQL | |
| | | | tool not detected | |
|---------|------------------------|--------------------------------|--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|-----------------------------------------------------------------------------------------------------------------------|
| 10 / 10 | Security-Policy | security policy file detected | Info: security policy | https://github.com/ossf/scorecard/blob/4d6f2b606b56352092a21de5edf049e5325cb9f4/docs/checks.md#security-policy |
| | | | detected: SECURITY.md:1 | |
|---------|------------------------|--------------------------------|--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|-----------------------------------------------------------------------------------------------------------------------|
| ? | Signed-Releases | no releases found | Warn: no GitHub releases found | https://github.com/ossf/scorecard/blob/4d6f2b606b56352092a21de5edf049e5325cb9f4/docs/checks.md#signed-releases |
|---------|------------------------|--------------------------------|--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|-----------------------------------------------------------------------------------------------------------------------|
| 0 / 10 | Token-Permissions | non read-only tokens detected | Warn: no permission defined: | https://github.com/ossf/scorecard/blob/4d6f2b606b56352092a21de5edf049e5325cb9f4/docs/checks.md#token-permissions |
| | | in GitHub workflows | .github/workflows/ci.yml:1 | |
| | | | Warn: no permission defined: | |
| | | | .github/workflows/release-tag.yml:1 | |
|---------|------------------------|--------------------------------|--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|-----------------------------------------------------------------------------------------------------------------------|
| 10 / 10 | Vulnerabilities | no vulnerabilities detected | | https://github.com/ossf/scorecard/blob/4d6f2b606b56352092a21de5edf049e5325cb9f4/docs/checks.md#vulnerabilities |
|---------|------------------------|--------------------------------|--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|-----------------------------------------------------------------------------------------------------------------------|

File Metadata

Mime Type
text/plain
Storage Engine
blob
Storage Format
Raw Data
Storage Handle
9278118
Default Alt Text
vue3-2021-scorecards.txt (55 KB)

Event Timeline

Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL