{"date":"2024-08-12","repo":{"name":"github.com\/sourcegraph\/sourcegraph","commit":"d083ea7559a49c326dd1246a493aef67dea44e39"},"scorecard":{"version":"v5.0.0-30-g07ff61e6","commit":"07ff61e6a0a6221599810109e045f96566f1cc3f"},"score":7.2,"checks":[{"name":"Code-Review","score":10,"reason":"all changesets reviewed","details":null,"documentation":{"short":"Determines if the project requires human code review before pull requests (aka merge requests) are merged.","url":"https:\/\/github.com\/ossf\/scorecard\/blob\/07ff61e6a0a6221599810109e045f96566f1cc3f\/docs\/checks.md#code-review"}},{"name":"Maintained","score":10,"reason":"30 commit(s) and 5 issue activity found in the last 90 days -- score normalized to 10","details":null,"documentation":{"short":"Determines if the project is \"actively maintained\".","url":"https:\/\/github.com\/ossf\/scorecard\/blob\/07ff61e6a0a6221599810109e045f96566f1cc3f\/docs\/checks.md#maintained"}},{"name":"CII-Best-Practices","score":0,"reason":"no effort to earn an OpenSSF best practices badge detected","details":null,"documentation":{"short":"Determines if the project has an OpenSSF (formerly CII) Best Practices Badge.","url":"https:\/\/github.com\/ossf\/scorecard\/blob\/07ff61e6a0a6221599810109e045f96566f1cc3f\/docs\/checks.md#cii-best-practices"}},{"name":"License","score":9,"reason":"license file detected","details":["Info: project has a license file: LICENSE:0","Warn: project license file does not contain an FSF or OSI license."],"documentation":{"short":"Determines if the project has defined a license.","url":"https:\/\/github.com\/ossf\/scorecard\/blob\/07ff61e6a0a6221599810109e045f96566f1cc3f\/docs\/checks.md#license"}},{"name":"Signed-Releases","score":-1,"reason":"no releases found","details":null,"documentation":{"short":"Determines if the project cryptographically signs release artifacts.","url":"https:\/\/github.com\/ossf\/scorecard\/blob\/07ff61e6a0a6221599810109e045f96566f1cc3f\/docs\/checks.md#signed-releases"}},{"name":"Branch-Protection","score":8,"reason":"branch protection is not maximal on development and all release branches","details":["Info: 'allow deletion' disabled on branch 'main'","Info: 'force pushes' disabled on branch 'main'","Warn: required approving review count is 1 on branch 'main'","Warn: codeowners review is not required on branch 'main'","Info: status check found to merge onto on branch 'main'","Info: PRs are required in order to make changes on branch 'main'"],"documentation":{"short":"Determines if the default and release branches are protected with GitHub's branch protection settings.","url":"https:\/\/github.com\/ossf\/scorecard\/blob\/07ff61e6a0a6221599810109e045f96566f1cc3f\/docs\/checks.md#branch-protection"}},{"name":"Packaging","score":-1,"reason":"packaging workflow not detected","details":["Warn: no GitHub\/GitLab publishing workflow detected."],"documentation":{"short":"Determines if the project is published as a package that others can easily download, install, easily update, and uninstall.","url":"https:\/\/github.com\/ossf\/scorecard\/blob\/07ff61e6a0a6221599810109e045f96566f1cc3f\/docs\/checks.md#packaging"}},{"name":"Security-Policy","score":9,"reason":"security policy file detected","details":["Info: security policy file detected: SECURITY.md:1","Info: Found linked content: SECURITY.md:1","Warn: One or no descriptive hints of disclosure, vulnerability, and\/or timelines in security policy","Info: Found text in security policy: SECURITY.md:1"],"documentation":{"short":"Determines if the project has published a security policy.","url":"https:\/\/github.com\/ossf\/scorecard\/blob\/07ff61e6a0a6221599810109e045f96566f1cc3f\/docs\/checks.md#security-policy"}},{"name":"Dangerous-Workflow","score":10,"reason":"no dangerous workflow patterns detected","details":null,"documentation":{"short":"Determines if the project's GitHub Action workflows avoid dangerous patterns.","url":"https:\/\/github.com\/ossf\/scorecard\/blob\/07ff61e6a0a6221599810109e045f96566f1cc3f\/docs\/checks.md#dangerous-workflow"}},{"name":"Token-Permissions","score":0,"reason":"detected GitHub workflow tokens with excessive permissions","details":["Warn: no topLevel permission defined: .github\/workflows\/backport.yml:1","Warn: no topLevel permission defined: .github\/workflows\/bazel-test-ownership-check.yml:1","Warn: no topLevel permission defined: .github\/workflows\/buf-breaking-check.yml:1","Warn: no topLevel permission defined: .github\/workflows\/buildchecker.yml:1","Warn: no topLevel permission defined: .github\/workflows\/cloud-gql-compat.yml:1","Warn: no topLevel permission defined: .github\/workflows\/codenotify.yml:1","Warn: no topLevel permission defined: .github\/workflows\/label-move.yml:1","Warn: no topLevel permission defined: .github\/workflows\/label-notify.yml:1","Warn: no topLevel permission defined: .github\/workflows\/licenses-check.yml:1","Warn: no topLevel permission defined: .github\/workflows\/licenses-update.yml:1","Warn: topLevel permissions set to 'write-all': .github\/workflows\/merge-pr.yml:9"],"documentation":{"short":"Determines if the project's workflows follow the principle of least privilege.","url":"https:\/\/github.com\/ossf\/scorecard\/blob\/07ff61e6a0a6221599810109e045f96566f1cc3f\/docs\/checks.md#token-permissions"}},{"name":"SAST","score":10,"reason":"SAST tool is run on all commits","details":["Info: all commits (30) are checked with a SAST tool"],"documentation":{"short":"Determines if the project uses static code analysis.","url":"https:\/\/github.com\/ossf\/scorecard\/blob\/07ff61e6a0a6221599810109e045f96566f1cc3f\/docs\/checks.md#sast"}},{"name":"Binary-Artifacts","score":10,"reason":"no binaries found in the repo","details":null,"documentation":{"short":"Determines if the project has generated executable (binary) artifacts in the source repository.","url":"https:\/\/github.com\/ossf\/scorecard\/blob\/07ff61e6a0a6221599810109e045f96566f1cc3f\/docs\/checks.md#binary-artifacts"}},{"name":"Fuzzing","score":10,"reason":"project is fuzzed","details":["Info: GoBuiltInFuzzer integration found: internal\/batches\/types\/scheduler\/window\/config_test.go:102","Info: GoBuiltInFuzzer integration found: internal\/byteutils\/lineindex_test.go:102"],"documentation":{"short":"Determines if the project uses fuzzing.","url":"https:\/\/github.com\/ossf\/scorecard\/blob\/07ff61e6a0a6221599810109e045f96566f1cc3f\/docs\/checks.md#fuzzing"}},{"name":"Pinned-Dependencies","score":5,"reason":"dependency not pinned by hash detected -- score normalized to 5","details":["Warn: third-party GitHubAction not pinned by hash: .github\/workflows\/backport.yml:24: update your workflow using https:\/\/app.stepsecurity.io\/secureworkflow\/sourcegraph\/sourcegraph\/backport.yml\/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github\/workflows\/bazel-test-ownership-check.yml:14: update your workflow using https:\/\/app.stepsecurity.io\/secureworkflow\/sourcegraph\/sourcegraph\/bazel-test-ownership-check.yml\/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github\/workflows\/bazel-test-ownership-check.yml:25: update your workflow using https:\/\/app.stepsecurity.io\/secureworkflow\/sourcegraph\/sourcegraph\/bazel-test-ownership-check.yml\/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github\/workflows\/buf-breaking-check.yml:12: update your workflow using https:\/\/app.stepsecurity.io\/secureworkflow\/sourcegraph\/sourcegraph\/buf-breaking-check.yml\/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github\/workflows\/buildchecker.yml:19: update your workflow using https:\/\/app.stepsecurity.io\/secureworkflow\/sourcegraph\/sourcegraph\/buildchecker.yml\/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github\/workflows\/buildchecker.yml:20: update your workflow using https:\/\/app.stepsecurity.io\/secureworkflow\/sourcegraph\/sourcegraph\/buildchecker.yml\/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github\/workflows\/cloud-gql-compat.yml:19: update your workflow using https:\/\/app.stepsecurity.io\/secureworkflow\/sourcegraph\/sourcegraph\/cloud-gql-compat.yml\/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github\/workflows\/cloud-gql-compat.yml:55: update your workflow using https:\/\/app.stepsecurity.io\/secureworkflow\/sourcegraph\/sourcegraph\/cloud-gql-compat.yml\/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github\/workflows\/codenotify.yml:12: update your workflow using https:\/\/app.stepsecurity.io\/secureworkflow\/sourcegraph\/sourcegraph\/codenotify.yml\/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github\/workflows\/codenotify.yml:15: update your workflow using https:\/\/app.stepsecurity.io\/secureworkflow\/sourcegraph\/sourcegraph\/codenotify.yml\/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github\/workflows\/codenotify.yml:21: update your workflow using https:\/\/app.stepsecurity.io\/secureworkflow\/sourcegraph\/sourcegraph\/codenotify.yml\/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github\/workflows\/licenses-check.yml:12: update your workflow using https:\/\/app.stepsecurity.io\/secureworkflow\/sourcegraph\/sourcegraph\/licenses-check.yml\/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github\/workflows\/licenses-check.yml:14: update your workflow using https:\/\/app.stepsecurity.io\/secureworkflow\/sourcegraph\/sourcegraph\/licenses-check.yml\/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github\/workflows\/licenses-check.yml:25: update your workflow using https:\/\/app.stepsecurity.io\/secureworkflow\/sourcegraph\/sourcegraph\/licenses-check.yml\/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github\/workflows\/licenses-check.yml:35: update your workflow using https:\/\/app.stepsecurity.io\/secureworkflow\/sourcegraph\/sourcegraph\/licenses-check.yml\/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github\/workflows\/licenses-check.yml:48: update your workflow using https:\/\/app.stepsecurity.io\/secureworkflow\/sourcegraph\/sourcegraph\/licenses-check.yml\/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github\/workflows\/licenses-update.yml:12: update your workflow using https:\/\/app.stepsecurity.io\/secureworkflow\/sourcegraph\/sourcegraph\/licenses-update.yml\/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github\/workflows\/licenses-update.yml:17: update your workflow using https:\/\/app.stepsecurity.io\/secureworkflow\/sourcegraph\/sourcegraph\/licenses-update.yml\/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github\/workflows\/merge-pr.yml:17: update your workflow using https:\/\/app.stepsecurity.io\/secureworkflow\/sourcegraph\/sourcegraph\/merge-pr.yml\/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github\/workflows\/move-labled-issues-to-project.yml:16: update your workflow using https:\/\/app.stepsecurity.io\/secureworkflow\/sourcegraph\/sourcegraph\/move-labled-issues-to-project.yml\/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github\/workflows\/move-labled-issues-to-project.yml:24: update your workflow using https:\/\/app.stepsecurity.io\/secureworkflow\/sourcegraph\/sourcegraph\/move-labled-issues-to-project.yml\/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github\/workflows\/move-labled-issues-to-project.yml:32: update your workflow using https:\/\/app.stepsecurity.io\/secureworkflow\/sourcegraph\/sourcegraph\/move-labled-issues-to-project.yml\/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github\/workflows\/move-labled-issues-to-project.yml:40: update your workflow using https:\/\/app.stepsecurity.io\/secureworkflow\/sourcegraph\/sourcegraph\/move-labled-issues-to-project.yml\/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github\/workflows\/move-labled-issues-to-project.yml:48: update your workflow using https:\/\/app.stepsecurity.io\/secureworkflow\/sourcegraph\/sourcegraph\/move-labled-issues-to-project.yml\/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github\/workflows\/pg-utils.yml:56: update your workflow using https:\/\/app.stepsecurity.io\/secureworkflow\/sourcegraph\/sourcegraph\/pg-utils.yml\/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github\/workflows\/pg-utils.yml:90: update your workflow using https:\/\/app.stepsecurity.io\/secureworkflow\/sourcegraph\/sourcegraph\/pg-utils.yml\/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github\/workflows\/pg-utils.yml:22: update your workflow using https:\/\/app.stepsecurity.io\/secureworkflow\/sourcegraph\/sourcegraph\/pg-utils.yml\/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github\/workflows\/pr-auditor.yml:11: update your workflow using https:\/\/app.stepsecurity.io\/secureworkflow\/sourcegraph\/sourcegraph\/pr-auditor.yml\/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github\/workflows\/pr-auditor.yml:15: update your workflow using https:\/\/app.stepsecurity.io\/secureworkflow\/sourcegraph\/sourcegraph\/pr-auditor.yml\/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github\/workflows\/progress.yml:25: update your workflow using https:\/\/app.stepsecurity.io\/secureworkflow\/sourcegraph\/sourcegraph\/progress.yml\/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github\/workflows\/progress.yml:30: update your workflow using https:\/\/app.stepsecurity.io\/secureworkflow\/sourcegraph\/sourcegraph\/progress.yml\/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github\/workflows\/report-job-failure.yml:27: update your workflow using https:\/\/app.stepsecurity.io\/secureworkflow\/sourcegraph\/sourcegraph\/report-job-failure.yml\/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github\/workflows\/restrict-image-size.yml:11: update your workflow using https:\/\/app.stepsecurity.io\/secureworkflow\/sourcegraph\/sourcegraph\/restrict-image-size.yml\/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github\/workflows\/scip-go.yml:26: update your workflow using https:\/\/app.stepsecurity.io\/secureworkflow\/sourcegraph\/sourcegraph\/scip-go.yml\/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github\/workflows\/scip-go.yml:37: update your workflow using https:\/\/app.stepsecurity.io\/secureworkflow\/sourcegraph\/sourcegraph\/scip-go.yml\/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github\/workflows\/scip-typescript.yml:14: update your workflow using https:\/\/app.stepsecurity.io\/secureworkflow\/sourcegraph\/sourcegraph\/scip-typescript.yml\/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github\/workflows\/scip-typescript.yml:25: update your workflow using https:\/\/app.stepsecurity.io\/secureworkflow\/sourcegraph\/sourcegraph\/scip-typescript.yml\/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github\/workflows\/sg-binary-release.yml:98: update your workflow using https:\/\/app.stepsecurity.io\/secureworkflow\/sourcegraph\/sourcegraph\/sg-binary-release.yml\/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github\/workflows\/sg-binary-release.yml:101: update your workflow using https:\/\/app.stepsecurity.io\/secureworkflow\/sourcegraph\/sourcegraph\/sg-binary-release.yml\/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github\/workflows\/sg-binary-release.yml:34: update your workflow using https:\/\/app.stepsecurity.io\/secureworkflow\/sourcegraph\/sourcegraph\/sg-binary-release.yml\/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github\/workflows\/sg-setup.yml:22: update your workflow using https:\/\/app.stepsecurity.io\/secureworkflow\/sourcegraph\/sourcegraph\/sg-setup.yml\/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github\/workflows\/sg-setup.yml:25: update your workflow using https:\/\/app.stepsecurity.io\/secureworkflow\/sourcegraph\/sourcegraph\/sg-setup.yml\/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github\/workflows\/sg-setup.yml:29: update your workflow using https:\/\/app.stepsecurity.io\/secureworkflow\/sourcegraph\/sourcegraph\/sg-setup.yml\/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github\/workflows\/tracking-issue.yml:10: update your workflow using https:\/\/app.stepsecurity.io\/secureworkflow\/sourcegraph\/sourcegraph\/tracking-issue.yml\/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github\/workflows\/universal-ctags.yml:22: update your workflow using https:\/\/app.stepsecurity.io\/secureworkflow\/sourcegraph\/sourcegraph\/universal-ctags.yml\/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github\/workflows\/universal-ctags.yml:24: update your workflow using https:\/\/app.stepsecurity.io\/secureworkflow\/sourcegraph\/sourcegraph\/universal-ctags.yml\/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github\/workflows\/universal-ctags.yml:26: update your workflow using https:\/\/app.stepsecurity.io\/secureworkflow\/sourcegraph\/sourcegraph\/universal-ctags.yml\/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github\/workflows\/universal-ctags.yml:44: update your workflow using https:\/\/app.stepsecurity.io\/secureworkflow\/sourcegraph\/sourcegraph\/universal-ctags.yml\/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github\/workflows\/universal-ctags.yml:56: update your workflow using https:\/\/app.stepsecurity.io\/secureworkflow\/sourcegraph\/sourcegraph\/universal-ctags.yml\/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github\/workflows\/universal-ctags.yml:58: update your workflow using https:\/\/app.stepsecurity.io\/secureworkflow\/sourcegraph\/sourcegraph\/universal-ctags.yml\/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github\/workflows\/universal-ctags.yml:60: update your workflow using https:\/\/app.stepsecurity.io\/secureworkflow\/sourcegraph\/sourcegraph\/universal-ctags.yml\/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github\/workflows\/universal-ctags.yml:78: update your workflow using https:\/\/app.stepsecurity.io\/secureworkflow\/sourcegraph\/sourcegraph\/universal-ctags.yml\/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github\/workflows\/universal-ctags.yml:90: update your workflow using https:\/\/app.stepsecurity.io\/secureworkflow\/sourcegraph\/sourcegraph\/universal-ctags.yml\/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github\/workflows\/universal-ctags.yml:92: update your workflow using https:\/\/app.stepsecurity.io\/secureworkflow\/sourcegraph\/sourcegraph\/universal-ctags.yml\/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github\/workflows\/universal-ctags.yml:94: update your workflow using https:\/\/app.stepsecurity.io\/secureworkflow\/sourcegraph\/sourcegraph\/universal-ctags.yml\/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github\/workflows\/universal-ctags.yml:108: update your workflow using https:\/\/app.stepsecurity.io\/secureworkflow\/sourcegraph\/sourcegraph\/universal-ctags.yml\/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github\/workflows\/wolfictl-update.yml:28: update your workflow using https:\/\/app.stepsecurity.io\/secureworkflow\/sourcegraph\/sourcegraph\/wolfictl-update.yml\/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github\/workflows\/wolfictl-update.yml:36: update your workflow using https:\/\/app.stepsecurity.io\/secureworkflow\/sourcegraph\/sourcegraph\/wolfictl-update.yml\/main?enable=pin","Warn: containerImage not pinned by hash: client\/web-sveltekit\/Dockerfile:2: pin your Docker image by updating node:16 to node:16@sha256:f77a1aef2da8d83e45ec990f45df50f1a286c5fe8bbfb8c6e4246c6389705c0b","Warn: containerImage not pinned by hash: internal\/cmd\/git-combine\/Dockerfile:25","Warn: containerImage not pinned by hash: internal\/cmd\/tracking-issue\/Dockerfile:1","Warn: npmCommand not pinned by hash: client\/web-sveltekit\/Dockerfile:8","Warn: goCommand not pinned by hash: internal\/cmd\/git-combine\/Dockerfile:9-11","Warn: goCommand not pinned by hash: internal\/cmd\/git-combine\/Dockerfile:9-11","Warn: downloadThenRun not pinned by hash: client\/browser\/scripts\/build-ff.sh:9","Warn: npmCommand not pinned by hash: client\/browser\/scripts\/build-ff.sh:24","Warn: npmCommand not pinned by hash: .github\/workflows\/report-job-failure.yml:30","Info:   0 out of  41 GitHub-owned GitHubAction dependencies pinned","Info:  30 out of  47 third-party GitHubAction dependencies pinned","Info:   0 out of   3 npmCommand dependencies pinned","Info:   5 out of   7 goCommand dependencies pinned","Info:   0 out of   1 downloadThenRun dependencies pinned","Info:   9 out of  12 containerImage dependencies pinned"],"documentation":{"short":"Determines if the project has declared and pinned the dependencies of its build process.","url":"https:\/\/github.com\/ossf\/scorecard\/blob\/07ff61e6a0a6221599810109e045f96566f1cc3f\/docs\/checks.md#pinned-dependencies"}},{"name":"Vulnerabilities","score":0,"reason":"80 existing vulnerabilities detected","details":["Warn: Project is vulnerable to: GHSA-jw8x-6495-233v","Warn: Project is vulnerable to: GHSA-g98v-hv3f-hcfr \/ RUSTSEC-2021-0145","Warn: Project is vulnerable to: GHSA-8r5v-vm4m-4g25 \/ RUSTSEC-2024-0003","Warn: Project is vulnerable to: GHSA-q6cp-qfwq-4gcv \/ RUSTSEC-2024-0332","Warn: Project is vulnerable to: GHSA-r8w9-5wcg-vfj7 \/ RUSTSEC-2024-0019","Warn: Project is vulnerable to: RUSTSEC-2023-0081","Warn: Project is vulnerable to: RUSTSEC-2024-0320","Warn: Project is vulnerable to: GHSA-v6mg-7f7p-qmqp \/ GO-2024-2899","Warn: Project is vulnerable to: GHSA-m5vv-6r4h-3vj9 \/ GO-2024-2918","Warn: Project is vulnerable to: GO-2022-0646","Warn: Project is vulnerable to: GHSA-v23v-6jw2-98fq \/ GO-2024-3005","Warn: Project is vulnerable to: GHSA-v6v8-xj6m-xwqh \/ GO-2024-2947","Warn: Project is vulnerable to: GHSA-2hmf-46v7-v6fx \/ GO-2024-2920","Warn: Project is vulnerable to: GHSA-9phm-fm57-rhg8 \/ GO-2024-2937","Warn: Project is vulnerable to: GHSA-c5q2-7r4c-mv6g \/ GO-2024-2631","Warn: Project is vulnerable to: GHSA-67hx-6x53-jw92","Warn: Project is vulnerable to: GHSA-pwfr-8pq7-x9qv","Warn: Project is vulnerable to: GHSA-93q8-gq69-wqmw","Warn: Project is vulnerable to: GHSA-wf5p-g6vw-rhxx","Warn: Project is vulnerable to: GHSA-grv7-fg5c-xmjg","Warn: Project is vulnerable to: GHSA-h452-7996-h45h","Warn: Project is vulnerable to: GHSA-36jr-mh4h-2g58","Warn: Project is vulnerable to: GHSA-ghr5-ch3p-vcr6","Warn: Project is vulnerable to: GHSA-4gmj-3p3h-gm8h","Warn: Project is vulnerable to: GHSA-rv95-896h-c2vc","Warn: Project is vulnerable to: GHSA-mpg4-rc92-vx8v","Warn: Project is vulnerable to: GHSA-jchw-25xp-jwwc","Warn: Project is vulnerable to: GHSA-cxjh-pqwp-8mfp","Warn: Project is vulnerable to: GHSA-pfrx-2q88-qq97","Warn: Project is vulnerable to: GHSA-rc47-6667-2j5j","Warn: Project is vulnerable to: GHSA-78xj-cgh5-2h22","Warn: Project is vulnerable to: GHSA-2p57-rm9w-gvfp","Warn: Project is vulnerable to: GHSA-rmxg-73gg-4p98","Warn: Project is vulnerable to: GHSA-6c3j-c64m-qhgq","Warn: Project is vulnerable to: GHSA-gxr4-xjj5-5px2","Warn: Project is vulnerable to: GHSA-jpcq-cgw6-v4j6","Warn: Project is vulnerable to: GHSA-wgfq-7857-4jcc","Warn: Project is vulnerable to: GHSA-9c47-m6qq-7p4h","Warn: Project is vulnerable to: GHSA-8cf7-32gw-wr33","Warn: Project is vulnerable to: GHSA-hjrf-2m68-5959","Warn: Project is vulnerable to: GHSA-qwph-4952-7xr6","Warn: Project is vulnerable to: GHSA-p6mc-m468-83gw","Warn: Project is vulnerable to: GHSA-5v2h-r2cx-5xgj","Warn: Project is vulnerable to: GHSA-rrrm-qjm4-v8hf","Warn: Project is vulnerable to: GHSA-f8q6-p94x-37v3","Warn: Project is vulnerable to: GHSA-qrpm-p2h7-hrv2","Warn: Project is vulnerable to: GHSA-92xj-mqp7-vmcj","Warn: Project is vulnerable to: GHSA-wxgw-qj99-44c2","Warn: Project is vulnerable to: GHSA-5rrq-pxf6-6jx5","Warn: Project is vulnerable to: GHSA-8fr3-hfg3-gpgp","Warn: Project is vulnerable to: GHSA-gf8q-jrpm-jvxq","Warn: Project is vulnerable to: GHSA-2r2c-g63r-vccr","Warn: Project is vulnerable to: GHSA-cfm4-qjh2-4765","Warn: Project is vulnerable to: GHSA-x4jg-mjrx-434g","Warn: Project is vulnerable to: GHSA-px4h-xg32-q955","Warn: Project is vulnerable to: GHSA-566m-qj78-rww5","Warn: Project is vulnerable to: GHSA-7fh5-64p2-3v2j","Warn: Project is vulnerable to: GHSA-hrpp-h998-j3pp","Warn: Project is vulnerable to: GHSA-x3m3-4wpv-5vgc","Warn: Project is vulnerable to: GHSA-c2qf-rxjj-qqgw","Warn: Project is vulnerable to: GHSA-f5x3-32g6-xq36","Warn: Project is vulnerable to: GHSA-w5p7-h5w8-2hfq","Warn: Project is vulnerable to: GHSA-7p7h-4mm5-852v","Warn: Project is vulnerable to: GHSA-fhg7-m89q-25r3","Warn: Project is vulnerable to: GHSA-wqq4-5wpv-mx2g","Warn: Project is vulnerable to: GHSA-3787-6prv-h9w3","Warn: Project is vulnerable to: GHSA-9qxr-qj54-h672","Warn: Project is vulnerable to: GHSA-m4v8-wqvr-p9f7","Warn: Project is vulnerable to: GHSA-mrgp-mrhc-5jrq","Warn: Project is vulnerable to: GHSA-7jxr-cg7f-gpgv","Warn: Project is vulnerable to: GHSA-xj72-wvfv-8985","Warn: Project is vulnerable to: GHSA-ch3r-j5x3-6q2m","Warn: Project is vulnerable to: GHSA-p5gc-c584-jj6v","Warn: Project is vulnerable to: GHSA-whpj-8f3w-67p5","Warn: Project is vulnerable to: GHSA-cchq-frgv-rjh5","Warn: Project is vulnerable to: GHSA-g644-9gfx-q4q4","Warn: Project is vulnerable to: GHSA-j8xg-fqg3-53r7","Warn: Project is vulnerable to: GHSA-3h5v-q93c-6h6q","Warn: Project is vulnerable to: GHSA-776f-qx25-q3cc","Warn: Project is vulnerable to: GHSA-p9pc-299p-vxgp"],"documentation":{"short":"Determines if the project has open, known unfixed vulnerabilities.","url":"https:\/\/github.com\/ossf\/scorecard\/blob\/07ff61e6a0a6221599810109e045f96566f1cc3f\/docs\/checks.md#vulnerabilities"}}]}