Security Policy violation Security Scorecards

[allstar-app]

This issue was automatically created by Allstar.

Security Policy Violation
Project is out of compliance with Security Scorecards policy

Rule Description
This is a generic passthrough policy that runs the configured checks from Security Scorecards. Please see the Security Scorecards Documentation for more information on each check.
The score was 3, and the passing threshold is 10.
Results from policy: Branch-Protection : branch protection is not maximal on development and all release branches

• [0]:'allow deletion' disabled on branch 'main'
• [0]:'force pushes' disabled on branch 'main'
• [0]:'branch protection settings apply to administrators' is disable on branch 'main'
• [0]:'stale review dismissal' is disable on branch 'main'
• [0]:codeowners review is not required on branch 'main'
• [0]:'last push approval' is disable on branch 'main'
• [0]:'up-to-date branches' is disable on branch 'main'
• [0]:status check found to merge onto on branch 'main'
• [0]:PRs are not required to make changes on branch 'main'; or we don't have data to detect it.If you think it might be the latter, make sure to run Scorecard with a PAT or use Repo Rules (that are always public) instead of Branch Protection settings

---

⚠️ There is an updated version of this policy result! Click here to see the latest update

---

This issue will auto resolve when the policy is in compliance.

Issue created by Allstar. See https://github.com/ossf/allstar/ for more information. For questions specific to the repository, please contact the owner or maintainer.

[allstar-app]

Updating issue after ping interval. See its status below.

---

Project is out of compliance with Security Scorecards policy

Rule Description
This is a generic passthrough policy that runs the configured checks from Security Scorecards. Please see the Security Scorecards Documentation for more information on each check.
The score was 3, and the passing threshold is 10.
Results from policy: Branch-Protection : branch protection is not maximal on development and all release branches

• [0]:'allow deletion' disabled on branch 'main'
• [0]:'force pushes' disabled on branch 'main'
• [0]:'branch protection settings apply to administrators' is disable on branch 'main'
• [0]:'stale review dismissal' is disable on branch 'main'
• [0]:codeowners review is not required on branch 'main'
• [0]:'last push approval' is disable on branch 'main'
• [0]:'up-to-date branches' is disable on branch 'main'
• [0]:status check found to merge onto on branch 'main'
• [0]:PRs are not required to make changes on branch 'main'; or we don't have data to detect it.If you think it might be the latter, make sure to run Scorecard with a PAT or use Repo Rules (that are always public) instead of Branch Protection settings

[allstar-app]

Updating issue after ping interval. See its status below.

---

Project is out of compliance with Security Scorecards policy

Rule Description
This is a generic passthrough policy that runs the configured checks from Security Scorecards. Please see the Security Scorecards Documentation for more information on each check.
The score was 3, and the passing threshold is 10.
Results from policy: Branch-Protection : branch protection is not maximal on development and all release branches

• [0]:'allow deletion' disabled on branch 'main'
• [0]:'force pushes' disabled on branch 'main'
• [0]:'branch protection settings apply to administrators' is disable on branch 'main'
• [0]:'stale review dismissal' is disable on branch 'main'
• [0]:codeowners review is not required on branch 'main'
• [0]:'last push approval' is disable on branch 'main'
• [0]:'up-to-date branches' is disable on branch 'main'
• [0]:status check found to merge onto on branch 'main'
• [0]:PRs are not required to make changes on branch 'main'; or we don't have data to detect it.If you think it might be the latter, make sure to run Scorecard with a PAT or use Repo Rules (that are always public) instead of Branch Protection settings

[allstar-app]

Updating issue after ping interval. See its status below.

---

Project is out of compliance with Security Scorecards policy

Rule Description
This is a generic passthrough policy that runs the configured checks from Security Scorecards. Please see the Security Scorecards Documentation for more information on each check.
The score was 3, and the passing threshold is 10.
Results from policy: Branch-Protection : branch protection is not maximal on development and all release branches

• [0]:'allow deletion' disabled on branch 'main'
• [0]:'force pushes' disabled on branch 'main'
• [0]:'branch protection settings apply to administrators' is disable on branch 'main'
• [0]:'stale review dismissal' is disable on branch 'main'
• [0]:codeowners review is not required on branch 'main'
• [0]:'last push approval' is disable on branch 'main'
• [0]:'up-to-date branches' is disable on branch 'main'
• [0]:status check found to merge onto on branch 'main'
• [0]:PRs are not required to make changes on branch 'main'; or we don't have data to detect it.If you think it might be the latter, make sure to run Scorecard with a PAT or use Repo Rules (that are always public) instead of Branch Protection settings

[allstar-app]

Updating issue after ping interval. See its status below.

---

Project is out of compliance with Security Scorecards policy

Rule Description
This is a generic passthrough policy that runs the configured checks from Security Scorecards. Please see the Security Scorecards Documentation for more information on each check.
The score was 3, and the passing threshold is 10.
Results from policy: Branch-Protection : branch protection is not maximal on development and all release branches

• [0]:'allow deletion' disabled on branch 'main'
• [0]:'force pushes' disabled on branch 'main'
• [0]:'branch protection settings apply to administrators' is disable on branch 'main'
• [0]:'stale review dismissal' is disable on branch 'main'
• [0]:codeowners review is not required on branch 'main'
• [0]:'last push approval' is disable on branch 'main'
• [0]:'up-to-date branches' is disable on branch 'main'
• [0]:status check found to merge onto on branch 'main'
• [0]:PRs are not required to make changes on branch 'main'; or we don't have data to detect it.If you think it might be the latter, make sure to run Scorecard with a PAT or use Repo Rules (that are always public) instead of Branch Protection settings

[allstar-app]

Updating issue after ping interval. See its status below.

---

Project is out of compliance with Security Scorecards policy

Rule Description
This is a generic passthrough policy that runs the configured checks from Security Scorecards. Please see the Security Scorecards Documentation for more information on each check.
The score was 3, and the passing threshold is 10.
Results from policy: Branch-Protection : branch protection is not maximal on development and all release branches

• [0]:'allow deletion' disabled on branch 'main'
• [0]:'force pushes' disabled on branch 'main'
• [0]:'branch protection settings apply to administrators' is disable on branch 'main'
• [0]:'stale review dismissal' is disable on branch 'main'
• [0]:codeowners review is not required on branch 'main'
• [0]:'last push approval' is disable on branch 'main'
• [0]:'up-to-date branches' is disable on branch 'main'
• [0]:status check found to merge onto on branch 'main'
• [0]:PRs are not required to make changes on branch 'main'; or we don't have data to detect it.If you think it might be the latter, make sure to run Scorecard with a PAT or use Repo Rules (that are always public) instead of Branch Protection settings

[allstar-app]

Updating issue after ping interval. See its status below.

---

Project is out of compliance with Security Scorecards policy

Rule Description
This is a generic passthrough policy that runs the configured checks from Security Scorecards. Please see the Security Scorecards Documentation for more information on each check.
The score was 3, and the passing threshold is 10.
Results from policy: Branch-Protection : branch protection is not maximal on development and all release branches

• [0]:'allow deletion' disabled on branch 'main'
• [0]:'force pushes' disabled on branch 'main'
• [0]:'branch protection settings apply to administrators' is disable on branch 'main'
• [0]:'stale review dismissal' is disable on branch 'main'
• [0]:codeowners review is not required on branch 'main'
• [0]:'last push approval' is disable on branch 'main'
• [0]:'up-to-date branches' is disable on branch 'main'
• [0]:status check found to merge onto on branch 'main'
• [0]:PRs are not required to make changes on branch 'main'; or we don't have data to detect it.If you think it might be the latter, make sure to run Scorecard with a PAT or use Repo Rules (that are always public) instead of Branch Protection settings

[allstar-app]

Updating issue after ping interval. See its status below.

---

Project is out of compliance with Security Scorecards policy

Rule Description
This is a generic passthrough policy that runs the configured checks from Security Scorecards. Please see the Security Scorecards Documentation for more information on each check.
The score was 3, and the passing threshold is 10.
Results from policy: Branch-Protection : branch protection is not maximal on development and all release branches

• [0]:'allow deletion' disabled on branch 'main'
• [0]:'force pushes' disabled on branch 'main'
• [0]:'branch protection settings apply to administrators' is disable on branch 'main'
• [0]:'stale review dismissal' is disable on branch 'main'
• [0]:codeowners review is not required on branch 'main'
• [0]:'last push approval' is disable on branch 'main'
• [0]:'up-to-date branches' is disable on branch 'main'
• [0]:status check found to merge onto on branch 'main'
• [0]:PRs are not required to make changes on branch 'main'; or we don't have data to detect it.If you think it might be the latter, make sure to run Scorecard with a PAT or use Repo Rules (that are always public) instead of Branch Protection settings

[allstar-app]

The policy result has been updated.

---

Project is out of compliance with Security Scorecards policy

Rule Description
This is a generic passthrough policy that runs the configured checks from Security Scorecards. Please see the Security Scorecards Documentation for more information on each check.
The score was 5, and the passing threshold is 10.
Results from policy: Branch-Protection : branch protection is not maximal on development and all release branches

• [0]:'allow deletion' disabled on branch 'main'
• [0]:'force pushes' disabled on branch 'main'
• [0]:'branch protection settings apply to administrators' is required to merge on branch 'main'
• [0]:'stale review dismissal' is required to merge on branch 'main'
• [0]:required approving review count is 1 on branch 'main'
• [0]:codeowners review is not required on branch 'main'
• [0]:'last push approval' is disable on branch 'main'
• [0]:'up-to-date branches' is required to merge on branch 'main'
• [0]:status check found to merge onto on branch 'main'
• [0]:PRs are required in order to make changes on branch 'main'

[allstar-app]

Updating issue after ping interval. See its status below.

---

Project is out of compliance with Security Scorecards policy

Rule Description
This is a generic passthrough policy that runs the configured checks from Security Scorecards. Please see the Security Scorecards Documentation for more information on each check.
The score was 5, and the passing threshold is 10.
Results from policy: Branch-Protection : branch protection is not maximal on development and all release branches

• [0]:'allow deletion' disabled on branch 'main'
• [0]:'force pushes' disabled on branch 'main'
• [0]:'branch protection settings apply to administrators' is required to merge on branch 'main'
• [0]:'stale review dismissal' is required to merge on branch 'main'
• [0]:required approving review count is 1 on branch 'main'
• [0]:codeowners review is not required on branch 'main'
• [0]:'last push approval' is disable on branch 'main'
• [0]:'up-to-date branches' is required to merge on branch 'main'
• [0]:status check found to merge onto on branch 'main'
• [0]:PRs are required in order to make changes on branch 'main'

[allstar-app]

Updating issue after ping interval. See its status below.

---

Project is out of compliance with Security Scorecards policy

Rule Description
This is a generic passthrough policy that runs the configured checks from Security Scorecards. Please see the Security Scorecards Documentation for more information on each check.
The score was 5, and the passing threshold is 10.
Results from policy: Branch-Protection : branch protection is not maximal on development and all release branches

• [0]:'allow deletion' disabled on branch 'main'
• [0]:'force pushes' disabled on branch 'main'
• [0]:'branch protection settings apply to administrators' is required to merge on branch 'main'
• [0]:'stale review dismissal' is required to merge on branch 'main'
• [0]:required approving review count is 1 on branch 'main'
• [0]:codeowners review is not required on branch 'main'
• [0]:'last push approval' is disable on branch 'main'
• [0]:'up-to-date branches' is required to merge on branch 'main'
• [0]:status check found to merge onto on branch 'main'
• [0]:PRs are required in order to make changes on branch 'main'

[allstar-app]

Updating issue after ping interval. See its status below.

---

Project is out of compliance with Security Scorecards policy

Rule Description
This is a generic passthrough policy that runs the configured checks from Security Scorecards. Please see the Security Scorecards Documentation for more information on each check.
The score was 5, and the passing threshold is 10.
Results from policy: Branch-Protection : branch protection is not maximal on development and all release branches

• [0]:'allow deletion' disabled on branch 'main'
• [0]:'force pushes' disabled on branch 'main'
• [0]:'branch protection settings apply to administrators' is required to merge on branch 'main'
• [0]:'stale review dismissal' is required to merge on branch 'main'
• [0]:required approving review count is 1 on branch 'main'
• [0]:codeowners review is not required on branch 'main'
• [0]:'last push approval' is disable on branch 'main'
• [0]:'up-to-date branches' is required to merge on branch 'main'
• [0]:status check found to merge onto on branch 'main'
• [0]:PRs are required in order to make changes on branch 'main'

[allstar-app]

Updating issue after ping interval. See its status below.

---

Project is out of compliance with Security Scorecards policy

Rule Description
This is a generic passthrough policy that runs the configured checks from Security Scorecards. Please see the Security Scorecards Documentation for more information on each check.
The score was 5, and the passing threshold is 10.
Results from policy: Branch-Protection : branch protection is not maximal on development and all release branches

• [0]:'allow deletion' disabled on branch 'main'
• [0]:'force pushes' disabled on branch 'main'
• [0]:'branch protection settings apply to administrators' is required to merge on branch 'main'
• [0]:'stale review dismissal' is required to merge on branch 'main'
• [0]:required approving review count is 1 on branch 'main'
• [0]:codeowners review is not required on branch 'main'
• [0]:'last push approval' is disable on branch 'main'
• [0]:'up-to-date branches' is required to merge on branch 'main'
• [0]:status check found to merge onto on branch 'main'
• [0]:PRs are required in order to make changes on branch 'main'

[allstar-app]

The policy result has been updated.

---

Project is out of compliance with Security Scorecards policy

Rule Description
This is a generic passthrough policy that runs the configured checks from Security Scorecards. Please see the Security Scorecards Documentation for more information on each check.
The score was 5, and the passing threshold is 10.
Results from policy: Branch-Protection : branch protection is not maximal on development and all release branches

• [0]:'force pushes' disabled on branch 'main'
• [0]:'allow deletion' disabled on branch 'main'
• [0]:status checks require up-to-date branches for 'main'
• [0]:'last push approval' disabled on branch 'main'
• [0]:status check found to merge onto on branch 'main'
• [0]:number of required reviewers is only 1 on branch 'main'
• [0]:stale review dismissal enabled on branch 'main'
• [0]:settings apply to administrators on branch 'main'
• [0]:codeowner review is not required on branch 'main'

[allstar-app]

Updating issue after ping interval. See its status below.

---

Project is out of compliance with Security Scorecards policy

Rule Description
This is a generic passthrough policy that runs the configured checks from Security Scorecards. Please see the Security Scorecards Documentation for more information on each check.
The score was 5, and the passing threshold is 10.
Results from policy: Branch-Protection : branch protection is not maximal on development and all release branches

• [0]:'force pushes' disabled on branch 'main'
• [0]:'allow deletion' disabled on branch 'main'
• [0]:status checks require up-to-date branches for 'main'
• [0]:'last push approval' disabled on branch 'main'
• [0]:status check found to merge onto on branch 'main'
• [0]:number of required reviewers is only 1 on branch 'main'
• [0]:stale review dismissal enabled on branch 'main'
• [0]:settings apply to administrators on branch 'main'
• [0]:codeowner review is not required on branch 'main'