This issue was automatically created by Allstar.
Security Policy Violation
Project is out of compliance with OpenSSF Scorecard policy.
Rule Description
This is a generic passthrough policy that runs the configured checks from OpenSSF Scorecard. Please see the OpenSSF Scorecard documentation for more information on each check.
The score was 3, and the passing threshold is 10.
Results from policy: Branch-Protection : branch protection is not maximal on development and all release branches
- [0]:'allow deletion' disabled on branch 'main'
- [0]:'force pushes' disabled on branch 'main'
- [0]:'branch protection settings apply to administrators' is disabled on branch 'main'
- [0]:unable to retrieve whether 'stale review dismissal' is required to merge on branch 'main'
- [0]:could not determine whether codeowners review is allowed
- [0]:unable to retrieve whether 'last push approval' is required to merge on branch 'main'
- [0]:unable to retrieve whether 'up-to-date branches' is required to merge on branch 'main'
- [0]:no status checks found to merge onto branch 'main'
- [0]:PRs are not required to make changes on branch 'main'; or we don't have data to detect it.If you think it might be the latter, make sure to run Scorecard with a PAT or use Repo Rules (that are always public) instead of Branch Protection settings
First 10 Results from policy: CI-Tests : 0 out of 30 merged PRs checked by a CI test -- score normalized to 0
- [0]:merged PR 55 without CI test at HEAD: a871af3
- [0]:merged PR 50 without CI test at HEAD: ef64464
- [0]:merged PR 40 without CI test at HEAD: 7e4a95d
- [0]:merged PR 38 without CI test at HEAD: 2cfa38c
- [0]:merged PR 35 without CI test at HEAD: 7e471b3
- [0]:merged PR 36 without CI test at HEAD: 0c9f643
- [0]:merged PR 47 without CI test at HEAD: df79d9e
- [0]:merged PR 64 without CI test at HEAD: 933e629
- [0]:merged PR 63 without CI test at HEAD: 9e10c49
- [0]:merged PR 62 without CI test at HEAD: f931ab5
- Run a Scorecard scan to see full list.
Results from policy: CII-Best-Practices : no effort to earn an OpenSSF best practices badge detected
Results from policy: Code-Review : Found 0/4 approved changesets -- score normalized to 0
Results from policy: Fuzzing : project is not fuzzed
- no fuzzer integrations found
Results from policy: Maintained : 2 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 1
Results from policy: SAST : SAST tool is not run on all commits -- score normalized to 0
- [0]:0 commits out of 30 are checked with a SAST tool
⚠️ There is an updated version of this policy result! Click here to see the latest update
This issue will auto resolve when the policy is in compliance.
Issue created by Allstar. See https://github.com/ossf/allstar/ for more information. For questions specific to the repository, please contact the owner or maintainer.
This issue was automatically created by Allstar.
Security Policy Violation
Project is out of compliance with OpenSSF Scorecard policy.
Rule Description
This is a generic passthrough policy that runs the configured checks from OpenSSF Scorecard. Please see the OpenSSF Scorecard documentation for more information on each check.
The score was 3, and the passing threshold is 10.
Results from policy: Branch-Protection : branch protection is not maximal on development and all release branches
First 10 Results from policy: CI-Tests : 0 out of 30 merged PRs checked by a CI test -- score normalized to 0
Results from policy: CII-Best-Practices : no effort to earn an OpenSSF best practices badge detected
Results from policy: Code-Review : Found 0/4 approved changesets -- score normalized to 0
Results from policy: Fuzzing : project is not fuzzed
Results from policy: Maintained : 2 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 1
Results from policy: SAST : SAST tool is not run on all commits -- score normalized to 0
This issue will auto resolve when the policy is in compliance.
Issue created by Allstar. See https://github.com/ossf/allstar/ for more information. For questions specific to the repository, please contact the owner or maintainer.