Skip to content

feat: dial-unified-config — dial-cli (Picocli + Quarkus CLI)#1531

Open
siarhei-fedziukovich wants to merge 253 commits into
developmentfrom
feature/unified-config-cli
Open

feat: dial-unified-config — dial-cli (Picocli + Quarkus CLI)#1531
siarhei-fedziukovich wants to merge 253 commits into
developmentfrom
feature/unified-config-cli

Conversation

@siarhei-fedziukovich

Copy link
Copy Markdown
Contributor
  • feat: 1C.0: bootstrap :cli module with Picocli + Quarkus skeleton
  • docs(dial-unified-config): mark slice 1C.0 merged with B1 keystore deferral
  • feat: 1C.1: dial-cli env list / current / use / check
  • docs(dial-unified-config): mark slice 1C.1 merged with config-only env-check note
  • feat: 1C.2: dial-cli model get / list + get-models alias + HTTP client
  • docs(dial-unified-config): mark slice 1C.2 merged with HTTP-pattern decisions
  • feat: 1C.3: extend dial-cli read to 8 admin-config types
  • docs(dial-unified-config): mark slice 1C.3 merged with Reading A scope narrowing
  • feat: 1C.4: dial-cli export streams /v1/admin/export to stdout / file
  • docs(dial-unified-config): mark slice 1C.4 merged with format-negotiation note
  • feat: 1C.5: dial-cli diff --source --target structural diff
  • docs(dial-unified-config): mark slice 1C.5 merged with structural-diff note
  • feat: 1C.6: dial-cli completion bash | zsh | fish
  • docs(dial-unified-config): mark slice 1C.6 merged with fish caveat
  • feat: 2C.0: dial-cli model add (POST) with --dry-run
  • docs(dial-unified-config): mark slice 2C.0 merged with design-call notes
  • feat: 2C.1: dial-cli model update (PUT) with --set + --if-match
  • docs(dial-unified-config): mark slice 2C.1 merged with design-call notes
  • feat: 2C.2: dial-cli model delete with --if-match
  • docs(dial-unified-config): mark slice 2C.2 merged with design-call notes
  • feat: 2C.3: dial-cli model validate against POST /v1/admin/validate
  • docs(dial-unified-config): mark slice 2C.3 merged with design-call notes
  • feat: 2C.4: dial-cli model promote --from --to (as-is mode)
  • docs(dial-unified-config): mark slice 2C.4 merged with Option A narrowing
  • feat: 2C.5: dial-cli model diff --source --target (single-type)
  • docs(dial-unified-config): mark slice 2C.5 merged with design-call notes
  • feat: 3C.0: dial-cli write commands for all admin-config entity types
  • docs(dial-unified-config): mark slice 3C.0 merged
  • fix: declare cli lombok task ordering vs Quarkus generated-sources compile
  • feat: 4C.0: dial-cli apply -f for fully-resolved manifests
  • docs(dial-unified-config): mark slice 4C.0 merged
  • chore: Dist.1: bundle dial-cli uber-jar into ai-dial-core image
  • docs(dial-unified-config): file Cli.1 + Cli.2 follow-ons surfaced by Dist.1
  • fix: Cli.1: honor DIAL_CLI_CONFIG env var in ProfileLoader
  • fix: Cli.2: wire dial-cli --version via @command version attribute
  • chore: Dist.2: sample/dial-cli/ newcomer playground
  • docs: Dist.2: fix docker-alias profile path, expand README with verb cookbook
  • feat: Cli.3: -o INHERIT scope + friendly HTTP errors + strip-projection-on-PUT
  • docs(dial-unified-config): backfill Cli.3 commit SHA
  • feat: Cli.4: --from-file accepts manifest envelopes on add/validate
  • docs(dial-unified-config): backfill Cli.4 commit SHA
  • docs(dial-unified-config): promote 4C.1–4C.5 + 4C.7 into MVP scope
  • feat: 4C.1: template DSL (extends/includes/!if/!for + functions + placeholders)
  • docs(dial-unified-config): mark slice 4C.1 merged with retrospective
  • feat: 4C.7: dial-cli apply -f accepts a directory
  • docs(dial-unified-config): mark slice 4C.7 merged with retrospective
  • feat: 4C.4: ${SECRET:*} resolver via System.getenv + ${ENV_VAR} fallback
  • docs(dial-unified-config): mark slice 4C.4 merged with retrospective
  • feat: 4C.2: dial-cli apply --overlay env-overlay support
  • docs(dial-unified-config): mark slice 4C.2 merged with retrospective

Applicable issues

  • fixes #

Description of changes

Checklist

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.

@siarhei-fedziukovich

siarhei-fedziukovich commented May 11, 2026

Copy link
Copy Markdown
Contributor Author

/deploy-review

GitHub actions run: 25695681701

Stage Status
deploy-review Success ✅
chat Success ✅

Comment thread cli/src/main/java/com/epam/aidial/cli/config/Auth.java Outdated
Comment thread cli/src/main/java/com/epam/aidial/cli/config/Defaults.java Outdated
@siarhei-fedziukovich

siarhei-fedziukovich commented May 14, 2026

Copy link
Copy Markdown
Contributor Author

/deploy-review

GitHub actions run: 25872894570

Stage Status
deploy-review Success ✅
chat Success ✅

@siarhei-fedziukovich

siarhei-fedziukovich commented May 15, 2026

Copy link
Copy Markdown
Contributor Author

/deploy-review

GitHub actions run: 25920268735

Stage Status
deploy-review Success ✅
chat Failed ❌

Comment thread cli/src/main/java/com/epam/aidial/cli/EnvCommand.java Outdated
Comment thread cli/src/main/java/com/epam/aidial/cli/DiffCommand.java Outdated
Comment thread cli/src/main/java/com/epam/aidial/cli/ExportCommand.java Outdated
@KirylKurnosenka
KirylKurnosenka force-pushed the feature/unified-config-cli branch 2 times, most recently from ee00e6c to a2400d6 Compare May 25, 2026 15:21
@KirylKurnosenka

KirylKurnosenka commented May 26, 2026

Copy link
Copy Markdown
Contributor

/deploy-review

GitHub actions run: 26446894825

Stage Status
deploy-review Success ✅
chat Queued ⏳

@KirylKurnosenka
KirylKurnosenka force-pushed the feature/unified-config-cli branch from d1b1754 to a4fa152 Compare June 1, 2026 19:06
@KirylKurnosenka

KirylKurnosenka commented Jun 2, 2026

Copy link
Copy Markdown
Contributor

/deploy-review

GitHub actions run: 26817130712

Stage Status
deploy-review Success ✅
chat Failed ❌

@KirylKurnosenka

KirylKurnosenka commented Jun 2, 2026

Copy link
Copy Markdown
Contributor

/deploy-review

GitHub actions run: 26851620705

Stage Status
deploy-review Success ✅
chat Success ✅

@KirylKurnosenka

KirylKurnosenka commented Jun 3, 2026

Copy link
Copy Markdown
Contributor

/deploy-review

GitHub actions run: 26873338963

Stage Status
deploy-review Success ✅
chat Failed ❌

@KirylKurnosenka

KirylKurnosenka commented Jun 3, 2026

Copy link
Copy Markdown
Contributor

/deploy-review

GitHub actions run: 26883450725

Stage Status
deploy-review Success ✅
chat Failed ❌

@KirylKurnosenka
KirylKurnosenka force-pushed the feature/unified-config-cli branch from 38e00fe to 29beb1a Compare June 3, 2026 16:54
@KirylKurnosenka

KirylKurnosenka commented Jun 4, 2026

Copy link
Copy Markdown
Contributor

/deploy-review

GitHub actions run: 26946883796

Stage Status
deploy-review Success ✅
chat Success ✅

@KirylKurnosenka

KirylKurnosenka commented Jun 8, 2026

Copy link
Copy Markdown
Contributor

/deploy-review

GitHub actions run: 27125947372

Stage Status
deploy-review Success ✅
chat Success ✅

@KirylKurnosenka
KirylKurnosenka force-pushed the feature/unified-config-cli branch from 6e1774e to 56c2752 Compare June 8, 2026 10:16
@KirylKurnosenka

KirylKurnosenka commented Jun 8, 2026

Copy link
Copy Markdown
Contributor

/deploy-review

GitHub actions run: 27131017142

Stage Status
deploy-review Success ✅
chat Success ✅

@KirylKurnosenka

KirylKurnosenka commented Jun 8, 2026

Copy link
Copy Markdown
Contributor

/deploy-review

GitHub actions run: 27152040044

Stage Status
deploy-review Success ✅
chat Success ✅

@KirylKurnosenka
KirylKurnosenka force-pushed the feature/unified-config-cli branch from f76793b to d8628cc Compare June 8, 2026 20:29
@KirylKurnosenka

KirylKurnosenka commented Jun 8, 2026

Copy link
Copy Markdown
Contributor

/deploy-review

GitHub actions run: 27167613968

Stage Status
deploy-review Success ✅
chat Success ✅

Base automatically changed from feature/unified-config-server to development June 9, 2026 09:13
SiarheiFedziukovich and others added 3 commits June 9, 2026 13:05
Add .classpath, .factorypath, .project, .settings/ to .gitignore. These are generated by Eclipse and the JDTLS language server (used by Claude Code's LSP integration), should not be tracked. Existing entries cover IntelliJ (.idea/) and VS Code (.vscode/).

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
The .claude/commands/review-unified-config.md file is a personal/local slash command, not part of the shared MVP tooling. Gitignored to avoid accidental inclusion in commits.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
Refine the branch-hygiene policy in IMPLEMENTATION.md §3.2 / §9. Default remains rebase (linear history; force-push; sub-branches rebase onto new tip). Per-sync merge override is now allowed when situational — early in MVP with few slices in flight, or when conflicts resolve more cleanly with a merge commit. Late in MVP, prefer rebase to keep history readable for the final big-PR review.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
KirylKurnosenka and others added 3 commits June 9, 2026 13:10
Update expected outputs throughout dial-cli-devops-presentation.md to
match what the implementation actually produces: plain-text Created/Updated/Deleted
messages, `applied: N, failed: N` for apply, raw JSON envelope for dry-run
promote, correct error message strings, exit code 2 scoped to HTTP 400/422,
file-sourced key list behaviour, settings delete idempotency note, env use
confirmation message, and validate subcommand in Quick Reference.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
…ADME

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
@KirylKurnosenka
KirylKurnosenka force-pushed the feature/unified-config-cli branch from 1524d34 to 95eb970 Compare June 9, 2026 10:13
@KirylKurnosenka

KirylKurnosenka commented Jun 9, 2026

Copy link
Copy Markdown
Contributor

/deploy-review

GitHub actions run: 27199991424

Stage Status
deploy-review Success ✅
chat Success ✅

Two bugs caused inconsistent placeholder resolution in `dial-cli apply`:

1. Entity names containing `${params.*}` (e.g. `models/public/${params.model_name}`)
   were stored as raw strings in the entity context, so `${entity.name}` in template
   fields resolved to the literal placeholder string rather than the actual value.
   Fields inside `!for` loops coincidentally got a second substitution pass and
   appeared resolved, while non-loop fields did not — producing inconsistent output.
   Fix: resolve the manifest name against params+vars before building entity context
   and writing the apply envelope (`TemplateResolver.resolveString`,
   `ApplyCommand`, `ManifestLoader.canonicalIdOf` overload for `fetchCurrentForPatch`).

2. `ControlFlowExpander.substitutePlaceholders` substituted `${...}` in object values
   but silently passed keys through unchanged, leaving map keys such as
   `"models/public/${params.model_name}"` unresolved in the output spec.
   Fix: apply `sub.substitute()` to each key as well as its value.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
@KirylKurnosenka

KirylKurnosenka commented Jun 9, 2026

Copy link
Copy Markdown
Contributor

/deploy-review

GitHub actions run: 27210618844

Stage Status
deploy-review Success ✅
chat Failed ❌

KirylKurnosenka and others added 2 commits June 9, 2026 19:04
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
@ai-dial-actions

This comment has been minimized.

ApplyCommand.fetchCurrentForPatch now removes name/status/validationWarnings
from the server GET response before JsonMergePatch.apply, preventing a 400
from the server when the merged spec is sent back via /v1/admin/apply.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
@ai-dial-actions

This comment has been minimized.

@KirylKurnosenka

KirylKurnosenka commented Jun 9, 2026

Copy link
Copy Markdown
Contributor

/deploy-review

GitHub actions run: 27223151817

Stage Status
deploy-review Cancelled 🚫
matrix.application Cancelled 🚫

@KirylKurnosenka

KirylKurnosenka commented Jun 9, 2026

Copy link
Copy Markdown
Contributor

/deploy-review

GitHub actions run: 27223503192

Stage Status
deploy-review Success ✅
chat Success ✅

@ai-dial-actions

This comment has been minimized.

Reorganise the cli module from a flat root package into a clean layered
structure (command → service → client/data/exception) so responsibilities
are explicit and dependency direction is one-way:

  command/          – picocli commands + converters + output renderers
  command/output/   – EntityRenderer, Json/Yaml/TableEntityRenderer
  service/          – EntityReader, EntityWriter, EntityDiff, EnvResolver
  service/auth/     – ApiKeyResolver, PasswordPrompter  (was auth/)
  service/json/     – JsonMergePatch, JsonPatcher, JsonDiff
  service/manifest/ – Manifest, ManifestLoader, OverlayResolver
  service/template/ – template DSL pipeline  (was template/)
  client/           – CliHttpClient  (was http/)
  data/             – CliProfile, Environment, Defaults, Auth, ProfileLoader, YamlPatcher, OutputFormat
  exception/        – CliException, CliConfigException, ManifestParseException, NetworkException, TemplateException
  config/           – DialCliFactory, CliConfiguration  (wiring only)

No logic changes — pure package moves, package-declaration updates, and
import fixes. New types introduced solely as extraction vehicles:
  • Manifest – extracted from ManifestLoader inner record
  • CliOptionsDto – DTO replacing direct DialCli dependency in service layer
  • OutputFormatDto / OutputFormatResolver – service-layer output-format handling

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
@KirylKurnosenka

KirylKurnosenka commented Jun 10, 2026

Copy link
Copy Markdown
Contributor

/deploy-review

GitHub actions run: 27305840411

Stage Status
deploy-review Cancelled 🚫
matrix.application Cancelled 🚫

@ai-dial-actions

This comment has been minimized.

@KirylKurnosenka

KirylKurnosenka commented Jun 10, 2026

Copy link
Copy Markdown
Contributor

/deploy-review

GitHub actions run: 27306494865

Stage Status
deploy-review Success ✅
chat Success ✅

@ai-dial-actions

This comment has been minimized.

@KirylKurnosenka

KirylKurnosenka commented Jun 11, 2026

Copy link
Copy Markdown
Contributor

/deploy-review

GitHub actions run: 27337301577

Stage Status
deploy-review Success ✅
chat Success ✅

KirylKurnosenka and others added 2 commits June 11, 2026 14:59
…n fields

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
@ai-dial-actions

Copy link
Copy Markdown
Contributor

Dependency Review

The following issues were found:
  • ❌ 4 vulnerable package(s)
  • ✅ 0 package(s) with incompatible licenses
  • ✅ 0 package(s) with invalid SPDX license definitions
  • ⚠️ 12 package(s) with unknown licenses.
  • ⚠️ 4 packages with OpenSSF Scorecard issues.
See the Details below.

Vulnerabilities

settings.gradle

NameVersionVulnerabilitySeverityPatched Version
org.assertj:assertj-core3.27.3AssertJ has XML External Entity (XXE) vulnerability when parsing untrusted XML via isXmlEqualTo assertionhigh3.27.7
org.codehaus.plexus:plexus-utils4.0.1Plexus-Utils has a Directory Traversal vulnerability in its extractFile method high4.0.3
com.fasterxml.jackson.core:jackson-core2.18.1jackson-core: Number Length Constraint Bypass in Async Parser Leads to Potential DoS Conditionmoderate2.18.6
org.apache.commons:commons-lang33.17.0Apache Commons Lang is vulnerable to Uncontrolled Recursion when processing long inputsmoderate3.18.0

License Issues

settings.gradle

PackageVersionLicenseIssue Type
com.fasterxml.jackson:jackson-bom2.18.1NullUnknown License
io.quarkus.platform:quarkus-bom3.16.4NullUnknown License
io.quarkus.platform:quarkus-bom-quarkus-platform-properties3.16.4NullUnknown License
io.quarkus:gradle-application-plugin3.16.4NullUnknown License
io.quarkus:quarkus-arc-test-supplement3.16.4NullUnknown License
io.quarkus:quarkus-bom3.16.4NullUnknown License
io.quarkus:quarkus-classloader-commons3.16.4NullUnknown License
io.quarkus:quarkus-devtools-base-codestarts3.16.4NullUnknown License
io.quarkus:quarkus-devtools-codestarts3.16.4NullUnknown License
io.quarkus:quarkus-devtools-message-writer3.16.4NullUnknown License
io.quarkus:quarkus-picocli3.16.4NullUnknown License
org.junit:junit-bom5.10.5NullUnknown License

OpenSSF Scorecard

Scorecard details
PackageVersionScoreDetails
maven/org.assertj:assertj-core 3.27.3 UnknownUnknown
maven/org.codehaus.plexus:plexus-utils 4.0.1 🟢 4.7
Details
CheckScoreReason
Code-Review⚠️ 1Found 3/18 approved changesets -- score normalized to 1
Packaging⚠️ -1packaging workflow not detected
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Maintained🟢 1012 commit(s) and 1 issue activity found in the last 90 days -- score normalized to 10
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
Binary-Artifacts🟢 10no binaries found in the repo
Pinned-Dependencies⚠️ 0dependency not pinned by hash detected -- score normalized to 0
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
Fuzzing🟢 10project is fuzzed
License🟢 10license file detected
Signed-Releases⚠️ -1no releases found
Security-Policy⚠️ 0security policy file not detected
SAST⚠️ 0SAST tool is not run on all commits -- score normalized to 0
Branch-Protection⚠️ 1branch protection is not maximal on development and all release branches
maven/com.fasterxml.jackson.core:jackson-core 2.18.1 UnknownUnknown
maven/org.apache.commons:commons-lang3 3.17.0 UnknownUnknown
maven/aopalliance:aopalliance 1.0 UnknownUnknown
maven/com.fasterxml.jackson.core:jackson-annotations 2.18.1 UnknownUnknown
maven/com.fasterxml.jackson.core:jackson-databind 2.18.1 UnknownUnknown
maven/com.fasterxml.jackson.dataformat:jackson-dataformat-yaml 2.18.1 UnknownUnknown
maven/com.fasterxml.jackson.datatype:jackson-datatype-jdk8 2.18.1 UnknownUnknown
maven/com.fasterxml.jackson.datatype:jackson-datatype-jsr310 2.18.1 UnknownUnknown
maven/com.fasterxml.jackson:jackson-bom 2.18.1 UnknownUnknown
maven/com.google.guava:failureaccess 1.0.2 🟢 8.7
Details
CheckScoreReason
Code-Review⚠️ 0Found 1/30 approved changesets -- score normalized to 0
Maintained🟢 1030 commit(s) and 19 issue activity found in the last 90 days -- score normalized to 10
Dependency-Update-Tool🟢 10update tool detected
Packaging⚠️ -1packaging workflow not detected
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Token-Permissions🟢 10GitHub workflow tokens follow principle of least privilege
Binary-Artifacts🟢 9binaries present in source code
Pinned-Dependencies🟢 10all dependencies are pinned
CII-Best-Practices⚠️ 2badge detected: InProgress
Branch-Protection⚠️ -1internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md
Signed-Releases⚠️ -1no releases found
SAST🟢 9SAST tool is not run on all commits -- score normalized to 9
Fuzzing🟢 10project is fuzzed
License🟢 10license file detected
Security-Policy🟢 10security policy file detected
Vulnerabilities🟢 100 existing vulnerabilities detected
CI-Tests🟢 928 out of 29 merged PRs checked by a CI test -- score normalized to 9
Contributors🟢 10project has 11 contributing companies or organizations
maven/com.google.guava:guava 33.3.1-jre 🟢 8.7
Details
CheckScoreReason
Code-Review⚠️ 0Found 1/30 approved changesets -- score normalized to 0
Maintained🟢 1030 commit(s) and 19 issue activity found in the last 90 days -- score normalized to 10
Dependency-Update-Tool🟢 10update tool detected
Packaging⚠️ -1packaging workflow not detected
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Token-Permissions🟢 10GitHub workflow tokens follow principle of least privilege
Binary-Artifacts🟢 9binaries present in source code
Pinned-Dependencies🟢 10all dependencies are pinned
CII-Best-Practices⚠️ 2badge detected: InProgress
Branch-Protection⚠️ -1internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md
Signed-Releases⚠️ -1no releases found
SAST🟢 9SAST tool is not run on all commits -- score normalized to 9
Fuzzing🟢 10project is fuzzed
License🟢 10license file detected
Security-Policy🟢 10security policy file detected
Vulnerabilities🟢 100 existing vulnerabilities detected
CI-Tests🟢 928 out of 29 merged PRs checked by a CI test -- score normalized to 9
Contributors🟢 10project has 11 contributing companies or organizations
maven/com.google.inject:guice 5.1.0 🟢 5.5
Details
CheckScoreReason
Packaging⚠️ -1packaging workflow not detected
Maintained⚠️ 01 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0
Code-Review⚠️ 1Found 4/29 approved changesets -- score normalized to 1
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
Binary-Artifacts🟢 10no binaries found in the repo
Pinned-Dependencies🟢 10all dependencies are pinned
License🟢 10license file detected
Fuzzing🟢 10project is fuzzed
Branch-Protection⚠️ -1internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md
Signed-Releases⚠️ -1no releases found
Security-Policy🟢 10security policy file detected
SAST⚠️ 0SAST tool is not run on all commits -- score normalized to 0
maven/commons-cli:commons-cli 1.8.0 UnknownUnknown
maven/commons-codec:commons-codec 1.17.1 🟢 8.2
Details
CheckScoreReason
Maintained🟢 1030 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 10
Dependency-Update-Tool🟢 10update tool detected
Security-Policy🟢 10security policy file detected
Code-Review⚠️ 0Found 0/30 approved changesets -- score normalized to 0
Packaging⚠️ -1packaging workflow not detected
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Token-Permissions🟢 10GitHub workflow tokens follow principle of least privilege
Binary-Artifacts🟢 10no binaries found in the repo
Pinned-Dependencies🟢 10all dependencies are pinned
License🟢 10license file detected
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
Signed-Releases⚠️ -1no releases found
SAST🟢 10SAST tool is run on all commits
Fuzzing⚠️ 0project is not fuzzed
Vulnerabilities🟢 100 existing vulnerabilities detected
CI-Tests🟢 101 out of 1 merged PRs checked by a CI test -- score normalized to 10
Branch-Protection⚠️ -1internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md
Contributors🟢 10project has 81 contributing companies or organizations
maven/commons-io:commons-io 2.17.0 UnknownUnknown
maven/info.picocli:picocli 4.7.6 🟢 6.7
Details
CheckScoreReason
Packaging⚠️ -1packaging workflow not detected
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Security-Policy🟢 4security policy file detected
Maintained🟢 1026 commit(s) and 7 issue activity found in the last 90 days -- score normalized to 10
Code-Review🟢 4Found 9/21 approved changesets -- score normalized to 4
Token-Permissions🟢 9detected GitHub workflow tokens with excessive permissions
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
Fuzzing⚠️ 0project is not fuzzed
License🟢 10license file detected
Pinned-Dependencies🟢 8dependency not pinned by hash detected -- score normalized to 8
Branch-Protection⚠️ -1internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md
Signed-Releases🟢 85 out of the last 5 releases have a total of 5 signed artifacts.
SAST🟢 7SAST tool detected but not run on all commits
Binary-Artifacts🟢 4binaries present in source code
maven/io.fabric8:maven-model-helper 37 UnknownUnknown
maven/io.github.crac:org-crac 0.1.3 UnknownUnknown
maven/io.quarkus.arc:arc 3.16.4 🟢 6.1
Details
CheckScoreReason
Code-Review🟢 10all changesets reviewed
Maintained🟢 1030 commit(s) and 11 issue activity found in the last 90 days -- score normalized to 10
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
Security-Policy🟢 10security policy file detected
Packaging⚠️ -1packaging workflow not detected
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Pinned-Dependencies⚠️ -1internal error: internal error: invalid Dockerfile
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
License🟢 10license file detected
Signed-Releases⚠️ 0Project has not signed or included provenance with any releases.
Branch-Protection🟢 5branch protection is not maximal on development and all release branches
Binary-Artifacts🟢 7binaries present in source code
Fuzzing⚠️ 0project is not fuzzed
SAST🟢 9SAST tool detected but not run on all commits
maven/io.quarkus.arc:arc-processor 3.16.4 🟢 6.1
Details
CheckScoreReason
Code-Review🟢 10all changesets reviewed
Maintained🟢 1030 commit(s) and 11 issue activity found in the last 90 days -- score normalized to 10
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
Security-Policy🟢 10security policy file detected
Packaging⚠️ -1packaging workflow not detected
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Pinned-Dependencies⚠️ -1internal error: internal error: invalid Dockerfile
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
License🟢 10license file detected
Signed-Releases⚠️ 0Project has not signed or included provenance with any releases.
Branch-Protection🟢 5branch protection is not maximal on development and all release branches
Binary-Artifacts🟢 7binaries present in source code
Fuzzing⚠️ 0project is not fuzzed
SAST🟢 9SAST tool detected but not run on all commits
maven/io.quarkus.gizmo:gizmo 1.8.0 🟢 4.5
Details
CheckScoreReason
Code-Review🟢 3Found 3/10 approved changesets -- score normalized to 3
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Maintained🟢 1030 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 10
Packaging⚠️ -1packaging workflow not detected
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
Binary-Artifacts🟢 10no binaries found in the repo
Pinned-Dependencies⚠️ 1dependency not pinned by hash detected -- score normalized to 1
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
Fuzzing⚠️ 0project is not fuzzed
License🟢 10license file detected
Signed-Releases⚠️ -1no releases found
Branch-Protection🟢 3branch protection is not maximal on development and all release branches
Security-Policy⚠️ 0security policy file not detected
SAST⚠️ 0SAST tool is not run on all commits -- score normalized to 0
maven/io.quarkus.platform:quarkus-bom 3.16.4 🟢 6.6
Details
CheckScoreReason
Code-Review🟢 8Found 4/5 approved changesets -- score normalized to 8
Maintained🟢 1030 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 10
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
Token-Permissions🟢 9detected GitHub workflow tokens with excessive permissions
Binary-Artifacts🟢 10no binaries found in the repo
Fuzzing⚠️ 0project is not fuzzed
License🟢 10license file detected
Pinned-Dependencies🟢 5dependency not pinned by hash detected -- score normalized to 5
Signed-Releases⚠️ -1no releases found
Branch-Protection🟢 5branch protection is not maximal on development and all release branches
Security-Policy⚠️ 0security policy file not detected
Packaging🟢 10packaging workflow detected
SAST⚠️ 0SAST tool is not run on all commits -- score normalized to 0
maven/io.quarkus.platform:quarkus-bom-quarkus-platform-properties 3.16.4 🟢 6.6
Details
CheckScoreReason
Code-Review🟢 8Found 4/5 approved changesets -- score normalized to 8
Maintained🟢 1030 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 10
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
Token-Permissions🟢 9detected GitHub workflow tokens with excessive permissions
Binary-Artifacts🟢 10no binaries found in the repo
Fuzzing⚠️ 0project is not fuzzed
License🟢 10license file detected
Pinned-Dependencies🟢 5dependency not pinned by hash detected -- score normalized to 5
Signed-Releases⚠️ -1no releases found
Branch-Protection🟢 5branch protection is not maximal on development and all release branches
Security-Policy⚠️ 0security policy file not detected
Packaging🟢 10packaging workflow detected
SAST⚠️ 0SAST tool is not run on all commits -- score normalized to 0
maven/io.quarkus.qute:qute-core 3.16.4 🟢 6.1
Details
CheckScoreReason
Code-Review🟢 10all changesets reviewed
Maintained🟢 1030 commit(s) and 11 issue activity found in the last 90 days -- score normalized to 10
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
Security-Policy🟢 10security policy file detected
Packaging⚠️ -1packaging workflow not detected
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Pinned-Dependencies⚠️ -1internal error: internal error: invalid Dockerfile
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
License🟢 10license file detected
Signed-Releases⚠️ 0Project has not signed or included provenance with any releases.
Branch-Protection🟢 5branch protection is not maximal on development and all release branches
Binary-Artifacts🟢 7binaries present in source code
Fuzzing⚠️ 0project is not fuzzed
SAST🟢 9SAST tool detected but not run on all commits
maven/io.quarkus:gradle-application-plugin 3.16.4 UnknownUnknown
maven/io.quarkus:quarkus-analytics-common 3.16.4 🟢 6.1
Details
CheckScoreReason
Code-Review🟢 10all changesets reviewed
Maintained🟢 1030 commit(s) and 11 issue activity found in the last 90 days -- score normalized to 10
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
Security-Policy🟢 10security policy file detected
Packaging⚠️ -1packaging workflow not detected
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Pinned-Dependencies⚠️ -1internal error: internal error: invalid Dockerfile
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
License🟢 10license file detected
Signed-Releases⚠️ 0Project has not signed or included provenance with any releases.
Branch-Protection🟢 5branch protection is not maximal on development and all release branches
Binary-Artifacts🟢 7binaries present in source code
Fuzzing⚠️ 0project is not fuzzed
SAST🟢 9SAST tool detected but not run on all commits
maven/io.quarkus:quarkus-arc 3.16.4 🟢 6.1
Details
CheckScoreReason
Code-Review🟢 10all changesets reviewed
Maintained🟢 1030 commit(s) and 11 issue activity found in the last 90 days -- score normalized to 10
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
Security-Policy🟢 10security policy file detected
Packaging⚠️ -1packaging workflow not detected
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Pinned-Dependencies⚠️ -1internal error: internal error: invalid Dockerfile
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
License🟢 10license file detected
Signed-Releases⚠️ 0Project has not signed or included provenance with any releases.
Branch-Protection🟢 5branch protection is not maximal on development and all release branches
Binary-Artifacts🟢 7binaries present in source code
Fuzzing⚠️ 0project is not fuzzed
SAST🟢 9SAST tool detected but not run on all commits
maven/io.quarkus:quarkus-arc-deployment 3.16.4 🟢 6.1
Details
CheckScoreReason
Code-Review🟢 10all changesets reviewed
Maintained🟢 1030 commit(s) and 11 issue activity found in the last 90 days -- score normalized to 10
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
Security-Policy🟢 10security policy file detected
Packaging⚠️ -1packaging workflow not detected
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Pinned-Dependencies⚠️ -1internal error: internal error: invalid Dockerfile
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
License🟢 10license file detected
Signed-Releases⚠️ 0Project has not signed or included provenance with any releases.
Branch-Protection🟢 5branch protection is not maximal on development and all release branches
Binary-Artifacts🟢 7binaries present in source code
Fuzzing⚠️ 0project is not fuzzed
SAST🟢 9SAST tool detected but not run on all commits
maven/io.quarkus:quarkus-arc-test-supplement 3.16.4 🟢 6.1
Details
CheckScoreReason
Code-Review🟢 10all changesets reviewed
Maintained🟢 1030 commit(s) and 11 issue activity found in the last 90 days -- score normalized to 10
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
Security-Policy🟢 10security policy file detected
Packaging⚠️ -1packaging workflow not detected
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Pinned-Dependencies⚠️ -1internal error: internal error: invalid Dockerfile
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
License🟢 10license file detected
Signed-Releases⚠️ 0Project has not signed or included provenance with any releases.
Branch-Protection🟢 5branch protection is not maximal on development and all release branches
Binary-Artifacts🟢 7binaries present in source code
Fuzzing⚠️ 0project is not fuzzed
SAST🟢 9SAST tool detected but not run on all commits
maven/io.quarkus:quarkus-bom 3.16.4 🟢 6.1
Details
CheckScoreReason
Code-Review🟢 10all changesets reviewed
Maintained🟢 1030 commit(s) and 11 issue activity found in the last 90 days -- score normalized to 10
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
Security-Policy🟢 10security policy file detected
Packaging⚠️ -1packaging workflow not detected
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Pinned-Dependencies⚠️ -1internal error: internal error: invalid Dockerfile
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
License🟢 10license file detected
Signed-Releases⚠️ 0Project has not signed or included provenance with any releases.
Branch-Protection🟢 5branch protection is not maximal on development and all release branches
Binary-Artifacts🟢 7binaries present in source code
Fuzzing⚠️ 0project is not fuzzed
SAST🟢 9SAST tool detected but not run on all commits
maven/io.quarkus:quarkus-bootstrap-app-model 3.16.4 🟢 6.1
Details
CheckScoreReason
Code-Review🟢 10all changesets reviewed
Maintained🟢 1030 commit(s) and 11 issue activity found in the last 90 days -- score normalized to 10
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
Security-Policy🟢 10security policy file detected
Packaging⚠️ -1packaging workflow not detected
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Pinned-Dependencies⚠️ -1internal error: internal error: invalid Dockerfile
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
License🟢 10license file detected
Signed-Releases⚠️ 0Project has not signed or included provenance with any releases.
Branch-Protection🟢 5branch protection is not maximal on development and all release branches
Binary-Artifacts🟢 7binaries present in source code
Fuzzing⚠️ 0project is not fuzzed
SAST🟢 9SAST tool detected but not run on all commits
maven/io.quarkus:quarkus-bootstrap-core 3.16.4 🟢 6.1
Details
CheckScoreReason
Code-Review🟢 10all changesets reviewed
Maintained🟢 1030 commit(s) and 11 issue activity found in the last 90 days -- score normalized to 10
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
Security-Policy🟢 10security policy file detected
Packaging⚠️ -1packaging workflow not detected
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Pinned-Dependencies⚠️ -1internal error: internal error: invalid Dockerfile
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
License🟢 10license file detected
Signed-Releases⚠️ 0Project has not signed or included provenance with any releases.
Branch-Protection🟢 5branch protection is not maximal on development and all release branches
Binary-Artifacts🟢 7binaries present in source code
Fuzzing⚠️ 0project is not fuzzed
SAST🟢 9SAST tool detected but not run on all commits
maven/io.quarkus:quarkus-bootstrap-gradle-resolver 3.16.4 🟢 6.1
Details
CheckScoreReason
Code-Review🟢 10all changesets reviewed
Maintained🟢 1030 commit(s) and 11 issue activity found in the last 90 days -- score normalized to 10
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
Security-Policy🟢 10security policy file detected
Packaging⚠️ -1packaging workflow not detected
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Pinned-Dependencies⚠️ -1internal error: internal error: invalid Dockerfile
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
License🟢 10license file detected
Signed-Releases⚠️ 0Project has not signed or included provenance with any releases.
Branch-Protection🟢 5branch protection is not maximal on development and all release branches
Binary-Artifacts🟢 7binaries present in source code
Fuzzing⚠️ 0project is not fuzzed
SAST🟢 9SAST tool detected but not run on all commits
maven/io.quarkus:quarkus-bootstrap-maven-resolver 3.16.4 🟢 6.1
Details
CheckScoreReason
Code-Review🟢 10all changesets reviewed
Maintained🟢 1030 commit(s) and 11 issue activity found in the last 90 days -- score normalized to 10
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
Security-Policy🟢 10security policy file detected
Packaging⚠️ -1packaging workflow not detected
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Pinned-Dependencies⚠️ -1internal error: internal error: invalid Dockerfile
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
License🟢 10license file detected
Signed-Releases⚠️ 0Project has not signed or included provenance with any releases.
Branch-Protection🟢 5branch protection is not maximal on development and all release branches
Binary-Artifacts🟢 7binaries present in source code
Fuzzing⚠️ 0project is not fuzzed
SAST🟢 9SAST tool detected but not run on all commits
maven/io.quarkus:quarkus-bootstrap-runner 3.16.4 🟢 6.1
Details
CheckScoreReason
Code-Review🟢 10all changesets reviewed
Maintained🟢 1030 commit(s) and 11 issue activity found in the last 90 days -- score normalized to 10
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
Security-Policy🟢 10security policy file detected
Packaging⚠️ -1packaging workflow not detected
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Pinned-Dependencies⚠️ -1internal error: internal error: invalid Dockerfile
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
License🟢 10license file detected
Signed-Releases⚠️ 0Project has not signed or included provenance with any releases.
Branch-Protection🟢 5branch protection is not maximal on development and all release branches
Binary-Artifacts🟢 7binaries present in source code
Fuzzing⚠️ 0project is not fuzzed
SAST🟢 9SAST tool detected but not run on all commits
maven/io.quarkus:quarkus-builder 3.16.4 🟢 6.1
Details
CheckScoreReason
Code-Review🟢 10all changesets reviewed
Maintained🟢 1030 commit(s) and 11 issue activity found in the last 90 days -- score normalized to 10
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
Security-Policy🟢 10security policy file detected
Packaging⚠️ -1packaging workflow not detected
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Pinned-Dependencies⚠️ -1internal error: internal error: invalid Dockerfile
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
License🟢 10license file detected
Signed-Releases⚠️ 0Project has not signed or included provenance with any releases.
Branch-Protection🟢 5branch protection is not maximal on development and all release branches
Binary-Artifacts🟢 7binaries present in source code
Fuzzing⚠️ 0project is not fuzzed
SAST🟢 9SAST tool detected but not run on all commits
maven/io.quarkus:quarkus-class-change-agent 3.16.4 🟢 6.1
Details
CheckScoreReason
Code-Review🟢 10all changesets reviewed
Maintained🟢 1030 commit(s) and 11 issue activity found in the last 90 days -- score normalized to 10
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
Security-Policy🟢 10security policy file detected
Packaging⚠️ -1packaging workflow not detected
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Pinned-Dependencies⚠️ -1internal error: internal error: invalid Dockerfile
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
License🟢 10license file detected
Signed-Releases⚠️ 0Project has not signed or included provenance with any releases.
Branch-Protection🟢 5branch protection is not maximal on development and all release branches
Binary-Artifacts🟢 7binaries present in source code
Fuzzing⚠️ 0project is not fuzzed
SAST🟢 9SAST tool detected but not run on all commits
maven/io.quarkus:quarkus-classloader-commons 3.16.4 🟢 6.1
Details
CheckScoreReason
Code-Review🟢 10all changesets reviewed
Maintained🟢 1030 commit(s) and 11 issue activity found in the last 90 days -- score normalized to 10
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
Security-Policy🟢 10security policy file detected
Packaging⚠️ -1packaging workflow not detected
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Pinned-Dependencies⚠️ -1internal error: internal error: invalid Dockerfile
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
License🟢 10license file detected
Signed-Releases⚠️ 0Project has not signed or included provenance with any releases.
Branch-Protection🟢 5branch protection is not maximal on development and all release branches
Binary-Artifacts🟢 7binaries present in source code
Fuzzing⚠️ 0project is not fuzzed
SAST🟢 9SAST tool detected but not run on all commits
maven/io.quarkus:quarkus-core 3.16.4 🟢 6.1
Details
CheckScoreReason
Code-Review🟢 10all changesets reviewed
Maintained🟢 1030 commit(s) and 11 issue activity found in the last 90 days -- score normalized to 10
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
Security-Policy🟢 10security policy file detected
Packaging⚠️ -1packaging workflow not detected
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Pinned-Dependencies⚠️ -1internal error: internal error: invalid Dockerfile
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
License🟢 10license file detected
Signed-Releases⚠️ 0Project has not signed or included provenance with any releases.
Branch-Protection🟢 5branch protection is not maximal on development and all release branches
Binary-Artifacts🟢 7binaries present in source code
Fuzzing⚠️ 0project is not fuzzed
SAST🟢 9SAST tool detected but not run on all commits
maven/io.quarkus:quarkus-core-deployment 3.16.4 🟢 6.1
Details
CheckScoreReason
Code-Review🟢 10all changesets reviewed
Maintained🟢 1030 commit(s) and 11 issue activity found in the last 90 days -- score normalized to 10
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
Security-Policy🟢 10security policy file detected
Packaging⚠️ -1packaging workflow not detected
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Pinned-Dependencies⚠️ -1internal error: internal error: invalid Dockerfile
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
License🟢 10license file detected
Signed-Releases⚠️ 0Project has not signed or included provenance with any releases.
Branch-Protection🟢 5branch protection is not maximal on development and all release branches
Binary-Artifacts🟢 7binaries present in source code
Fuzzing⚠️ 0project is not fuzzed
SAST🟢 9SAST tool detected but not run on all commits
maven/io.quarkus:quarkus-development-mode-spi 3.16.4 🟢 6.1
Details
CheckScoreReason
Code-Review🟢 10all changesets reviewed
Maintained🟢 1030 commit(s) and 11 issue activity found in the last 90 days -- score normalized to 10
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
Security-Policy🟢 10security policy file detected
Packaging⚠️ -1packaging workflow not detected
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Pinned-Dependencies⚠️ -1internal error: internal error: invalid Dockerfile
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
License🟢 10license file detected
Signed-Releases⚠️ 0Project has not signed or included provenance with any releases.
Branch-Protection🟢 5branch protection is not maximal on development and all release branches
Binary-Artifacts🟢 7binaries present in source code
Fuzzing⚠️ 0project is not fuzzed
SAST🟢 9SAST tool detected but not run on all commits
maven/io.quarkus:quarkus-devtools-base-codestarts 3.16.4 🟢 6.1
Details
CheckScoreReason
Code-Review🟢 10all changesets reviewed
Maintained🟢 1030 commit(s) and 11 issue activity found in the last 90 days -- score normalized to 10
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
Security-Policy🟢 10security policy file detected
Packaging⚠️ -1packaging workflow not detected
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Pinned-Dependencies⚠️ -1internal error: internal error: invalid Dockerfile
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
License🟢 10license file detected
Signed-Releases⚠️ 0Project has not signed or included provenance with any releases.
Branch-Protection🟢 5branch protection is not maximal on development and all release branches
Binary-Artifacts🟢 7binaries present in source code
Fuzzing⚠️ 0project is not fuzzed
SAST🟢 9SAST tool detected but not run on all commits
maven/io.quarkus:quarkus-devtools-codestarts 3.16.4 🟢 6.1
Details
CheckScoreReason
Code-Review🟢 10all changesets reviewed
Maintained🟢 1030 commit(s) and 11 issue activity found in the last 90 days -- score normalized to 10
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
Security-Policy🟢 10security policy file detected
Packaging⚠️ -1packaging workflow not detected
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Pinned-Dependencies⚠️ -1internal error: internal error: invalid Dockerfile
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
License🟢 10license file detected
Signed-Releases⚠️ 0Project has not signed or included provenance with any releases.
Branch-Protection🟢 5branch protection is not maximal on development and all release branches
Binary-Artifacts🟢 7binaries present in source code
Fuzzing⚠️ 0project is not fuzzed
SAST🟢 9SAST tool detected but not run on all commits
maven/io.quarkus:quarkus-devtools-common 3.16.4 🟢 6.1
Details
CheckScoreReason
Code-Review🟢 10all changesets reviewed
Maintained🟢 1030 commit(s) and 11 issue activity found in the last 90 days -- score normalized to 10
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
Security-Policy🟢 10security policy file detected
Packaging⚠️ -1packaging workflow not detected
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Pinned-Dependencies⚠️ -1internal error: internal error: invalid Dockerfile
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
License🟢 10license file detected
Signed-Releases⚠️ 0Project has not signed or included provenance with any releases.
Branch-Protection🟢 5branch protection is not maximal on development and all release branches
Binary-Artifacts🟢 7binaries present in source code
Fuzzing⚠️ 0project is not fuzzed
SAST🟢 9SAST tool detected but not run on all commits
maven/io.quarkus:quarkus-devtools-message-writer 3.16.4 🟢 6.1
Details
CheckScoreReason
Code-Review🟢 10all changesets reviewed
Maintained🟢 1030 commit(s) and 11 issue activity found in the last 90 days -- score normalized to 10
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
Security-Policy🟢 10security policy file detected
Packaging⚠️ -1packaging workflow not detected
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Pinned-Dependencies⚠️ -1internal error: internal error: invalid Dockerfile
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
License🟢 10license file detected
Signed-Releases⚠️ 0Project has not signed or included provenance with any releases.
Branch-Protection🟢 5branch protection is not maximal on development and all release branches
Binary-Artifacts🟢 7binaries present in source code
Fuzzing⚠️ 0project is not fuzzed
SAST🟢 9SAST tool detected but not run on all commits
maven/io.quarkus:quarkus-devtools-registry-client 3.16.4 🟢 6.1
Details
CheckScoreReason
Code-Review🟢 10all changesets reviewed
Maintained🟢 1030 commit(s) and 11 issue activity found in the last 90 days -- score normalized to 10
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
Security-Policy🟢 10security policy file detected
Packaging⚠️ -1packaging workflow not detected
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Pinned-Dependencies⚠️ -1internal error: internal error: invalid Dockerfile
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
License🟢 10license file detected
Signed-Releases⚠️ 0Project has not signed or included provenance with any releases.
Branch-Protection🟢 5branch protection is not maximal on development and all release branches
Binary-Artifacts🟢 7binaries present in source code
Fuzzing⚠️ 0project is not fuzzed
SAST🟢 9SAST tool detected but not run on all commits
maven/io.quarkus:quarkus-devtools-utilities 3.16.4 🟢 6.1
Details
CheckScoreReason
Code-Review🟢 10all changesets reviewed
Maintained🟢 1030 commit(s) and 11 issue activity found in the last 90 days -- score normalized to 10
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
Security-Policy🟢 10security policy file detected
Packaging⚠️ -1packaging workflow not detected
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Pinned-Dependencies⚠️ -1internal error: internal error: invalid Dockerfile
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
License🟢 10license file detected
Signed-Releases⚠️ 0Project has not signed or included provenance with any releases.
Branch-Protection🟢 5branch protection is not maximal on development and all release branches
Binary-Artifacts🟢 7binaries present in source code
Fuzzing⚠️ 0project is not fuzzed
SAST🟢 9SAST tool detected but not run on all commits
maven/io.quarkus:quarkus-fs-util 0.0.10 🟢 4.2
Details
CheckScoreReason
Code-Review⚠️ 1Found 1/9 approved changesets -- score normalized to 1
Maintained🟢 1028 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 10
Packaging⚠️ -1packaging workflow not detected
Binary-Artifacts🟢 10no binaries found in the repo
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Pinned-Dependencies⚠️ 0dependency not pinned by hash detected -- score normalized to 0
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
Fuzzing⚠️ 0project is not fuzzed
License🟢 10license file detected
Signed-Releases⚠️ -1no releases found
Branch-Protection🟢 3branch protection is not maximal on development and all release branches
Security-Policy⚠️ 0security policy file not detected
SAST⚠️ 0SAST tool is not run on all commits -- score normalized to 0
maven/io.quarkus:quarkus-gradle-model 3.16.4 🟢 6.1
Details
CheckScoreReason
Code-Review🟢 10all changesets reviewed
Maintained🟢 1030 commit(s) and 11 issue activity found in the last 90 days -- score normalized to 10
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
Security-Policy🟢 10security policy file detected
Packaging⚠️ -1packaging workflow not detected
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Pinned-Dependencies⚠️ -1internal error: internal error: invalid Dockerfile
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
License🟢 10license file detected
Signed-Releases⚠️ 0Project has not signed or included provenance with any releases.
Branch-Protection🟢 5branch protection is not maximal on development and all release branches
Binary-Artifacts🟢 7binaries present in source code
Fuzzing⚠️ 0project is not fuzzed
SAST🟢 9SAST tool detected but not run on all commits
maven/io.quarkus:quarkus-hibernate-validator-spi 3.16.4 🟢 6.1
Details
CheckScoreReason
Code-Review🟢 10all changesets reviewed
Maintained🟢 1030 commit(s) and 11 issue activity found in the last 90 days -- score normalized to 10
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
Security-Policy🟢 10security policy file detected
Packaging⚠️ -1packaging workflow not detected
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Pinned-Dependencies⚠️ -1internal error: internal error: invalid Dockerfile
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
License🟢 10license file detected
Signed-Releases⚠️ 0Project has not signed or included provenance with any releases.
Branch-Protection🟢 5branch protection is not maximal on development and all release branches
Binary-Artifacts🟢 7binaries present in source code
Fuzzing⚠️ 0project is not fuzzed
SAST🟢 9SAST tool detected but not run on all commits
maven/io.quarkus:quarkus-ide-launcher 3.16.4 🟢 6.1
Details
CheckScoreReason
Code-Review🟢 10all changesets reviewed
Maintained🟢 1030 commit(s) and 11 issue activity found in the last 90 days -- score normalized to 10
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
Security-Policy🟢 10security policy file detected
Packaging⚠️ -1packaging workflow not detected
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Pinned-Dependencies⚠️ -1internal error: internal error: invalid Dockerfile
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
License🟢 10license file detected
Signed-Releases⚠️ 0Project has not signed or included provenance with any releases.
Branch-Protection🟢 5branch protection is not maximal on development and all release branches
Binary-Artifacts🟢 7binaries present in source code
Fuzzing⚠️ 0project is not fuzzed
SAST🟢 9SAST tool detected but not run on all commits
maven/io.quarkus:quarkus-picocli 3.16.4 🟢 6.1
Details
CheckScoreReason
Code-Review🟢 10all changesets reviewed
Maintained🟢 1030 commit(s) and 11 issue activity found in the last 90 days -- score normalized to 10
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
Security-Policy🟢 10security policy file detected
Packaging⚠️ -1packaging workflow not detected
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Pinned-Dependencies⚠️ -1internal error: internal error: invalid Dockerfile
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
License🟢 10license file detected
Signed-Releases⚠️ 0Project has not signed or included provenance with any releases.
Branch-Protection🟢 5branch protection is not maximal on development and all release branches
Binary-Artifacts🟢 7binaries present in source code
Fuzzing⚠️ 0project is not fuzzed
SAST🟢 9SAST tool detected but not run on all commits
maven/io.quarkus:quarkus-picocli-deployment 3.16.4 🟢 6.1
Details
CheckScoreReason
Code-Review🟢 10all changesets reviewed
Maintained🟢 1030 commit(s) and 11 issue activity found in the last 90 days -- score normalized to 10
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
Security-Policy🟢 10security policy file detected
Packaging⚠️ -1packaging workflow not detected
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Pinned-Dependencies⚠️ -1internal error: internal error: invalid Dockerfile
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
License🟢 10license file detected
Signed-Releases⚠️ 0Project has not signed or included provenance with any releases.
Branch-Protection🟢 5branch protection is not maximal on development and all release branches
Binary-Artifacts🟢 7binaries present in source code
Fuzzing⚠️ 0project is not fuzzed
SAST🟢 9SAST tool detected but not run on all commits
maven/io.quarkus:quarkus-smallrye-context-propagation-spi 3.16.4 🟢 6.1
Details
CheckScoreReason
Code-Review🟢 10all changesets reviewed
Maintained🟢 1030 commit(s) and 11 issue activity found in the last 90 days -- score normalized to 10
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
Security-Policy🟢 10security policy file detected
Packaging⚠️ -1packaging workflow not detected
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Pinned-Dependencies⚠️ -1internal error: internal error: invalid Dockerfile
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
License🟢 10license file detected
Signed-Releases⚠️ 0Project has not signed or included provenance with any releases.
Branch-Protection🟢 5branch protection is not maximal on development and all release branches
Binary-Artifacts🟢 7binaries present in source code
Fuzzing⚠️ 0project is not fuzzed
SAST🟢 9SAST tool detected but not run on all commits
maven/io.quarkus:quarkus-vertx-http-dev-ui-spi 3.16.4 🟢 6.1
Details
CheckScoreReason
Code-Review🟢 10all changesets reviewed
Maintained🟢 1030 commit(s) and 11 issue activity found in the last 90 days -- score normalized to 10
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
Security-Policy🟢 10security policy file detected
Packaging⚠️ -1packaging workflow not detected
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Pinned-Dependencies⚠️ -1internal error: internal error: invalid Dockerfile
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
License🟢 10license file detected
Signed-Releases⚠️ 0Project has not signed or included provenance with any releases.
Branch-Protection🟢 5branch protection is not maximal on development and all release branches
Binary-Artifacts🟢 7binaries present in source code
Fuzzing⚠️ 0project is not fuzzed
SAST🟢 9SAST tool detected but not run on all commits
maven/io.smallrye.beanbag:smallrye-beanbag 1.5.2 UnknownUnknown
maven/io.smallrye.beanbag:smallrye-beanbag-maven 1.5.2 UnknownUnknown
maven/io.smallrye.beanbag:smallrye-beanbag-sisu 1.5.2 UnknownUnknown
maven/io.smallrye.common:smallrye-common-annotation 2.7.0 🟢 4.5
Details
CheckScoreReason
Maintained🟢 1030 commit(s) and 1 issue activity found in the last 90 days -- score normalized to 10
Packaging⚠️ -1packaging workflow not detected
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Code-Review⚠️ 2Found 1/5 approved changesets -- score normalized to 2
Binary-Artifacts🟢 10no binaries found in the repo
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
Pinned-Dependencies⚠️ 0dependency not pinned by hash detected -- score normalized to 0
Fuzzing⚠️ 0project is not fuzzed
License🟢 10license file detected
Security-Policy⚠️ 0security policy file not detected
Branch-Protection🟢 5branch protection is not maximal on development and all release branches
Signed-Releases⚠️ -1no releases found
SAST⚠️ 0SAST tool is not run on all commits -- score normalized to 0
maven/io.smallrye.common:smallrye-common-classloader 2.7.0 🟢 4.5
Details
CheckScoreReason
Maintained🟢 1030 commit(s) and 1 issue activity found in the last 90 days -- score normalized to 10
Packaging⚠️ -1packaging workflow not detected
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Code-Review⚠️ 2Found 1/5 approved changesets -- score normalized to 2
Binary-Artifacts🟢 10no binaries found in the repo
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
Pinned-Dependencies⚠️ 0dependency not pinned by hash detected -- score normalized to 0
Fuzzing⚠️ 0project is not fuzzed
License🟢 10license file detected
Security-Policy⚠️ 0security policy file not detected
Branch-Protection🟢 5branch protection is not maximal on development and all release branches
Signed-Releases⚠️ -1no releases found
SAST⚠️ 0SAST tool is not run on all commits -- score normalized to 0
maven/io.smallrye.common:smallrye-common-constraint 2.7.0 🟢 4.5
Details
CheckScoreReason
Maintained🟢 1030 commit(s) and 1 issue activity found in the last 90 days -- score normalized to 10
Packaging⚠️ -1packaging workflow not detected
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Code-Review⚠️ 2Found 1/5 approved changesets -- score normalized to 2
Binary-Artifacts🟢 10no binaries found in the repo
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
Pinned-Dependencies⚠️ 0dependency not pinned by hash detected -- score normalized to 0
Fuzzing⚠️ 0project is not fuzzed
License🟢 10license file detected
Security-Policy⚠️ 0security policy file not detected
Branch-Protection🟢 5branch protection is not maximal on development and all release branches
Signed-Releases⚠️ -1no releases found
SAST⚠️ 0SAST tool is not run on all commits -- score normalized to 0
maven/io.smallrye.common:smallrye-common-cpu 2.7.0 🟢 4.5
Details
CheckScoreReason
Maintained🟢 1030 commit(s) and 1 issue activity found in the last 90 days -- score normalized to 10
Packaging⚠️ -1packaging workflow not detected
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Code-Review⚠️ 2Found 1/5 approved changesets -- score normalized to 2
Binary-Artifacts🟢 10no binaries found in the repo
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
Pinned-Dependencies⚠️ 0dependency not pinned by hash detected -- score normalized to 0
Fuzzing⚠️ 0project is not fuzzed
License🟢 10license file detected
Security-Policy⚠️ 0security policy file not detected
Branch-Protection🟢 5branch protection is not maximal on development and all release branches
Signed-Releases⚠️ -1no releases found
SAST⚠️ 0SAST tool is not run on all commits -- score normalized to 0
maven/io.smallrye.common:smallrye-common-expression 2.7.0 🟢 4.5
Details
CheckScoreReason
Maintained🟢 1030 commit(s) and 1 issue activity found in the last 90 days -- score normalized to 10
Packaging⚠️ -1packaging workflow not detected
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Code-Review⚠️ 2Found 1/5 approved changesets -- score normalized to 2
Binary-Artifacts🟢 10no binaries found in the repo
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
Pinned-Dependencies⚠️ 0dependency not pinned by hash detected -- score normalized to 0
Fuzzing⚠️ 0project is not fuzzed
License🟢 10license file detected
Security-Policy⚠️ 0security policy file not detected
Branch-Protection🟢 5branch protection is not maximal on development and all release branches
Signed-Releases⚠️ -1no releases found
SAST⚠️ 0SAST tool is not run on all commits -- score normalized to 0
maven/io.smallrye.common:smallrye-common-function 2.7.0 🟢 4.5
Details
CheckScoreReason
Maintained🟢 1030 commit(s) and 1 issue activity found in the last 90 days -- score normalized to 10
Packaging⚠️ -1packaging workflow not detected
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Code-Review⚠️ 2Found 1/5 approved changesets -- score normalized to 2
Binary-Artifacts🟢 10no binaries found in the repo
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
Pinned-Dependencies⚠️ 0dependency not pinned by hash detected -- score normalized to 0
Fuzzing⚠️ 0project is not fuzzed
License🟢 10license file detected
Security-Policy⚠️ 0security policy file not detected
Branch-Protection🟢 5branch protection is not maximal on development and all release branches
Signed-Releases⚠️ -1no releases found
SAST⚠️ 0SAST tool is not run on all commits -- score normalized to 0
maven/io.smallrye.common:smallrye-common-io 2.7.0 🟢 4.5
Details
CheckScoreReason
Maintained🟢 1030 commit(s) and 1 issue activity found in the last 90 days -- score normalized to 10
Packaging⚠️ -1packaging workflow not detected
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Code-Review⚠️ 2Found 1/5 approved changesets -- score normalized to 2
Binary-Artifacts🟢 10no binaries found in the repo
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
Pinned-Dependencies⚠️ 0dependency not pinned by hash detected -- score normalized to 0
Fuzzing⚠️ 0project is not fuzzed
License🟢 10license file detected
Security-Policy⚠️ 0security policy file not detected
Branch-Protection🟢 5branch protection is not maximal on development and all release branches
Signed-Releases⚠️ -1no releases found
SAST⚠️ 0SAST tool is not run on all commits -- score normalized to 0
maven/io.smallrye.common:smallrye-common-net 2.7.0 🟢 4.5
Details
CheckScoreReason
Maintained🟢 1030 commit(s) and 1 issue activity found in the last 90 days -- score normalized to 10
Packaging⚠️ -1packaging workflow not detected
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Code-Review⚠️ 2Found 1/5 approved changesets -- score normalized to 2
Binary-Artifacts🟢 10no binaries found in the repo
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
Pinned-Dependencies⚠️ 0dependency not pinned by hash detected -- score normalized to 0
Fuzzing⚠️ 0project is not fuzzed
License🟢 10license file detected
Security-Policy⚠️ 0security policy file not detected
Branch-Protection🟢 5branch protection is not maximal on development and all release branches
Signed-Releases⚠️ -1no releases found
SAST⚠️ 0SAST tool is not run on all commits -- score normalized to 0
maven/io.smallrye.common:smallrye-common-os 2.7.0 🟢 4.5
Details
CheckScoreReason
Maintained🟢 1030 commit(s) and 1 issue activity found in the last 90 days -- score normalized to 10
Packaging⚠️ -1packaging workflow not detected
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Code-Review⚠️ 2Found 1/5 approved changesets -- score normalized to 2
Binary-Artifacts🟢 10no binaries found in the repo
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
Pinned-Dependencies⚠️ 0dependency not pinned by hash detected -- score normalized to 0
Fuzzing⚠️ 0project is not fuzzed
License🟢 10license file detected
Security-Policy⚠️ 0security policy file not detected
Branch-Protection🟢 5branch protection is not maximal on development and all release branches
Signed-Releases⚠️ -1no releases found
SAST⚠️ 0SAST tool is not run on all commits -- score normalized to 0
maven/io.smallrye.common:smallrye-common-ref 2.7.0 🟢 4.5
Details
CheckScoreReason
Maintained🟢 1030 commit(s) and 1 issue activity found in the last 90 days -- score normalized to 10
Packaging⚠️ -1packaging workflow not detected
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Code-Review⚠️ 2Found 1/5 approved changesets -- score normalized to 2
Binary-Artifacts🟢 10no binaries found in the repo
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
Pinned-Dependencies⚠️ 0dependency not pinned by hash detected -- score normalized to 0
Fuzzing⚠️ 0project is not fuzzed
License🟢 10license file detected
Security-Policy⚠️ 0security policy file not detected
Branch-Protection🟢 5branch protection is not maximal on development and all release branches
Signed-Releases⚠️ -1no releases found
SAST⚠️ 0SAST tool is not run on all commits -- score normalized to 0
maven/io.smallrye.common:smallrye-common-version 2.7.0 🟢 4.5
Details
CheckScoreReason
Maintained🟢 1030 commit(s) and 1 issue activity found in the last 90 days -- score normalized to 10
Packaging⚠️ -1packaging workflow not detected
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Code-Review⚠️ 2Found 1/5 approved changesets -- score normalized to 2
Binary-Artifacts🟢 10no binaries found in the repo
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
Pinned-Dependencies⚠️ 0dependency not pinned by hash detected -- score normalized to 0
Fuzzing⚠️ 0project is not fuzzed
License🟢 10license file detected
Security-Policy⚠️ 0security policy file not detected
Branch-Protection🟢 5branch protection is not maximal on development and all release branches
Signed-Releases⚠️ -1no releases found
SAST⚠️ 0SAST tool is not run on all commits -- score normalized to 0
maven/io.smallrye.config:smallrye-config 3.9.1 🟢 4.4
Details
CheckScoreReason
Packaging⚠️ -1packaging workflow not detected
Code-Review⚠️ 2Found 5/19 approved changesets -- score normalized to 2
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Maintained🟢 1030 commit(s) and 1 issue activity found in the last 90 days -- score normalized to 10
Binary-Artifacts🟢 10no binaries found in the repo
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
Pinned-Dependencies⚠️ 0dependency not pinned by hash detected -- score normalized to 0
Fuzzing⚠️ 0project is not fuzzed
License🟢 10license file detected
Branch-Protection🟢 8branch protection is not maximal on development and all release branches
Signed-Releases⚠️ 0Project has not signed or included provenance with any releases.
Security-Policy⚠️ 0security policy file not detected
SAST⚠️ 0SAST tool is not run on all commits -- score normalized to 0
maven/io.smallrye.config:smallrye-config-common 3.9.1 🟢 4.4
Details
CheckScoreReason
Packaging⚠️ -1packaging workflow not detected
Code-Review⚠️ 2Found 5/19 approved changesets -- score normalized to 2
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Maintained🟢 1030 commit(s) and 1 issue activity found in the last 90 days -- score normalized to 10
Binary-Artifacts🟢 10no binaries found in the repo
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
Pinned-Dependencies⚠️ 0dependency not pinned by hash detected -- score normalized to 0
Fuzzing⚠️ 0project is not fuzzed
License🟢 10license file detected
Branch-Protection🟢 8branch protection is not maximal on development and all release branches
Signed-Releases⚠️ 0Project has not signed or included provenance with any releases.
Security-Policy⚠️ 0security policy file not detected
SAST⚠️ 0SAST tool is not run on all commits -- score normalized to 0
maven/io.smallrye.config:smallrye-config-core 3.9.1 🟢 4.4
Details
CheckScoreReason
Packaging⚠️ -1packaging workflow not detected
Code-Review⚠️ 2Found 5/19 approved changesets -- score normalized to 2
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Maintained🟢 1030 commit(s) and 1 issue activity found in the last 90 days -- score normalized to 10
Binary-Artifacts🟢 10no binaries found in the repo
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
Pinned-Dependencies⚠️ 0dependency not pinned by hash detected -- score normalized to 0
Fuzzing⚠️ 0project is not fuzzed
License🟢 10license file detected
Branch-Protection🟢 8branch protection is not maximal on development and all release branches
Signed-Releases⚠️ 0Project has not signed or included provenance with any releases.
Security-Policy⚠️ 0security policy file not detected
SAST⚠️ 0SAST tool is not run on all commits -- score normalized to 0
maven/io.smallrye.config:smallrye-config-source-yaml 3.9.1 🟢 4.4
Details
CheckScoreReason
Packaging⚠️ -1packaging workflow not detected
Code-Review⚠️ 2Found 5/19 approved changesets -- score normalized to 2
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Maintained🟢 1030 commit(s) and 1 issue activity found in the last 90 days -- score normalized to 10
Binary-Artifacts🟢 10no binaries found in the repo
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
Pinned-Dependencies⚠️ 0dependency not pinned by hash detected -- score normalized to 0
Fuzzing⚠️ 0project is not fuzzed
License🟢 10license file detected
Branch-Protection🟢 8branch protection is not maximal on development and all release branches
Signed-Releases⚠️ 0Project has not signed or included provenance with any releases.
Security-Policy⚠️ 0security policy file not detected
SAST⚠️ 0SAST tool is not run on all commits -- score normalized to 0
maven/io.smallrye.reactive:mutiny 2.6.2 🟢 3.9
Details
CheckScoreReason
Code-Review⚠️ 2Found 1/5 approved changesets -- score normalized to 2
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Maintained🟢 1030 commit(s) and 3 issue activity found in the last 90 days -- score normalized to 10
Packaging⚠️ -1packaging workflow not detected
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
Binary-Artifacts🟢 9binaries present in source code
Pinned-Dependencies⚠️ 0dependency not pinned by hash detected -- score normalized to 0
License🟢 10license file detected
Fuzzing⚠️ 0project is not fuzzed
Security-Policy⚠️ 0security policy file not detected
Signed-Releases⚠️ -1no releases found
SAST⚠️ 0SAST tool is not run on all commits -- score normalized to 0
Branch-Protection⚠️ 0branch protection not enabled on development/release branches
maven/io.smallrye:jandex 3.2.3 🟢 5.2
Details
CheckScoreReason
Maintained🟢 1030 commit(s) and 3 issue activity found in the last 90 days -- score normalized to 10
Security-Policy🟢 9security policy file detected
Packaging⚠️ -1packaging workflow not detected
Code-Review⚠️ 0Found 1/12 approved changesets -- score normalized to 0
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Binary-Artifacts🟢 10no binaries found in the repo
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
Pinned-Dependencies⚠️ 0dependency not pinned by hash detected -- score normalized to 0
Fuzzing⚠️ 0project is not fuzzed
License🟢 10license file detected
Branch-Protection🟢 8branch protection is not maximal on development and all release branches
Signed-Releases⚠️ -1no releases found
SAST⚠️ 0SAST tool is not run on all commits -- score normalized to 0
maven/jakarta.annotation:jakarta.annotation-api 3.0.0 UnknownUnknown
maven/jakarta.el:jakarta.el-api 6.0.0 🟢 4.5
Details
CheckScoreReason
Code-Review⚠️ 0Found 0/7 approved changesets -- score normalized to 0
Packaging⚠️ -1packaging workflow not detected
Token-Permissions⚠️ -1No tokens found
Maintained🟢 1020 commit(s) and 1 issue activity found in the last 90 days -- score normalized to 10
Dangerous-Workflow⚠️ -1no workflows found
Binary-Artifacts🟢 10no binaries found in the repo
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
Pinned-Dependencies⚠️ -1no dependencies found
Fuzzing⚠️ 0project is not fuzzed
License🟢 9license file detected
Branch-Protection⚠️ -1internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md
Signed-Releases⚠️ 0Project has not signed or included provenance with any releases.
Security-Policy🟢 10security policy file detected
SAST⚠️ 0SAST tool is not run on all commits -- score normalized to 0
maven/jakarta.el:jakarta.el-api 5.0.1 🟢 4.5
Details
CheckScoreReason
Code-Review⚠️ 0Found 0/7 approved changesets -- score normalized to 0
Packaging⚠️ -1packaging workflow not detected
Token-Permissions⚠️ -1No tokens found
Maintained🟢 1020 commit(s) and 1 issue activity found in the last 90 days -- score normalized to 10
Dangerous-Workflow⚠️ -1no workflows found
Binary-Artifacts🟢 10no binaries found in the repo
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
Pinned-Dependencies⚠️ -1no dependencies found
Fuzzing⚠️ 0project is not fuzzed
License🟢 9license file detected
Branch-Protection⚠️ -1internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md
Signed-Releases⚠️ 0Project has not signed or included provenance with any releases.
Security-Policy🟢 10security policy file detected
SAST⚠️ 0SAST tool is not run on all commits -- score normalized to 0
maven/jakarta.enterprise:jakarta.enterprise.cdi-api 4.1.0 🟢 5.9
Details
CheckScoreReason
Maintained🟢 1030 commit(s) and 12 issue activity found in the last 90 days -- score normalized to 10
Code-Review🟢 4Found 10/23 approved changesets -- score normalized to 4
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Packaging⚠️ -1packaging workflow not detected
Token-Permissions🟢 10GitHub workflow tokens follow principle of least privilege
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
Binary-Artifacts🟢 10no binaries found in the repo
Pinned-Dependencies⚠️ 0dependency not pinned by hash detected -- score normalized to 0
Fuzzing⚠️ 0project is not fuzzed
License🟢 10license file detected
Signed-Releases⚠️ -1no releases found
Branch-Protection⚠️ 0branch protection not enabled on development/release branches
Security-Policy🟢 10security policy file detected
SAST⚠️ 0SAST tool is not run on all commits -- score normalized to 0
maven/jakarta.enterprise:jakarta.enterprise.lang-model 4.1.0 🟢 5.9
Details
CheckScoreReason
Maintained🟢 1030 commit(s) and 12 issue activity found in the last 90 days -- score normalized to 10
Code-Review🟢 4Found 10/23 approved changesets -- score normalized to 4
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Packaging⚠️ -1packaging workflow not detected
Token-Permissions🟢 10GitHub workflow tokens follow principle of least privilege
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
Binary-Artifacts🟢 10no binaries found in the repo
Pinned-Dependencies⚠️ 0dependency not pinned by hash detected -- score normalized to 0
Fuzzing⚠️ 0project is not fuzzed
License🟢 10license file detected
Signed-Releases⚠️ -1no releases found
Branch-Protection⚠️ 0branch protection not enabled on development/release branches
Security-Policy🟢 10security policy file detected
SAST⚠️ 0SAST tool is not run on all commits -- score normalized to 0
maven/jakarta.inject:jakarta.inject-api 2.0.1 UnknownUnknown
maven/jakarta.interceptor:jakarta.interceptor-api 2.2.0 UnknownUnknown
maven/jakarta.json:jakarta.json-api 2.1.3 🟢 5.8
Details
CheckScoreReason
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Code-Review🟢 10all changesets reviewed
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
Maintained⚠️ 12 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 1
Packaging⚠️ -1packaging workflow not detected
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
Binary-Artifacts🟢 10no binaries found in the repo
Pinned-Dependencies⚠️ 0dependency not pinned by hash detected -- score normalized to 0
License🟢 9license file detected
Fuzzing🟢 10project is fuzzed
Signed-Releases⚠️ -1no releases found
Branch-Protection⚠️ -1internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md
Security-Policy🟢 10security policy file detected
SAST⚠️ 0SAST tool is not run on all commits -- score normalized to 0
maven/jakarta.transaction:jakarta.transaction-api 2.0.1 🟢 5.4
Details
CheckScoreReason
Maintained⚠️ 12 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 1
Token-Permissions⚠️ -1No tokens found
Packaging⚠️ -1packaging workflow not detected
Code-Review🟢 10all changesets reviewed
Dangerous-Workflow⚠️ -1no workflows found
Binary-Artifacts🟢 10no binaries found in the repo
Pinned-Dependencies⚠️ -1no dependencies found
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
Fuzzing⚠️ 0project is not fuzzed
License🟢 9license file detected
Signed-Releases⚠️ -1no releases found
Security-Policy🟢 10security policy file detected
Branch-Protection⚠️ -1internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md
SAST⚠️ 0SAST tool is not run on all commits -- score normalized to 0
maven/javax.annotation:javax.annotation-api 1.3.2 ⚠️ 1.9
Details
CheckScoreReason
Code-Review⚠️ 0Found 2/29 approved changesets -- score normalized to 0
Token-Permissions⚠️ -1No tokens found
Dangerous-Workflow⚠️ -1no workflows found
Maintained⚠️ 0project is archived
Packaging⚠️ -1packaging workflow not detected
Binary-Artifacts🟢 10no binaries found in the repo
Pinned-Dependencies⚠️ -1no dependencies found
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
Fuzzing⚠️ 0project is not fuzzed
Signed-Releases⚠️ -1no releases found
License🟢 9license file detected
Branch-Protection⚠️ 0branch protection not enabled on development/release branches
Security-Policy⚠️ 0security policy file not detected
SAST⚠️ 0SAST tool is not run on all commits -- score normalized to 0
maven/javax.inject:javax.inject 1 UnknownUnknown
maven/net.bytebuddy:byte-buddy 1.14.18 🟢 7.2
Details
CheckScoreReason
Maintained🟢 1030 commit(s) and 16 issue activity found in the last 90 days -- score normalized to 10
Dependency-Update-Tool🟢 10update tool detected
Code-Review⚠️ 1Found 4/30 approved changesets -- score normalized to 1
Security-Policy🟢 4security policy file detected
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Binary-Artifacts🟢 8binaries present in source code
Token-Permissions🟢 10GitHub workflow tokens follow principle of least privilege
CII-Best-Practices🟢 5badge detected: Passing
Pinned-Dependencies🟢 7dependency not pinned by hash detected -- score normalized to 7
SAST🟢 7SAST tool detected but not run on all commits
Fuzzing🟢 10project is fuzzed
Packaging🟢 10packaging workflow detected
License🟢 10license file detected
Signed-Releases⚠️ -1no releases found
Branch-Protection⚠️ -1internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md
CI-Tests⚠️ 00 out of 4 merged PRs checked by a CI test -- score normalized to 0
Contributors🟢 10project has 33 contributing companies or organizations
Vulnerabilities⚠️ 082 existing vulnerabilities detected
maven/net.bytebuddy:byte-buddy-agent 1.15.3 🟢 7.2
Details
CheckScoreReason
Maintained🟢 1030 commit(s) and 16 issue activity found in the last 90 days -- score normalized to 10
Dependency-Update-Tool🟢 10update tool detected
Code-Review⚠️ 1Found 4/30 approved changesets -- score normalized to 1
Security-Policy🟢 4security policy file detected
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Binary-Artifacts🟢 8binaries present in source code
Token-Permissions🟢 10GitHub workflow tokens follow principle of least privilege
CII-Best-Practices🟢 5badge detected: Passing
Pinned-Dependencies🟢 7dependency not pinned by hash detected -- score normalized to 7
SAST🟢 7SAST tool detected but not run on all commits
Fuzzing🟢 10project is fuzzed
Packaging🟢 10packaging workflow detected
License🟢 10license file detected
Signed-Releases⚠️ -1no releases found
Branch-Protection⚠️ -1internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md
CI-Tests⚠️ 00 out of 4 merged PRs checked by a CI test -- score normalized to 0
Contributors🟢 10project has 33 contributing companies or organizations
Vulnerabilities⚠️ 082 existing vulnerabilities detected
maven/org.aesh:aesh 2.8.2 UnknownUnknown
maven/org.aesh:readline 2.6 🟢 4.1
Details
CheckScoreReason
Code-Review⚠️ 0Found 0/21 approved changesets -- score normalized to 0
Maintained🟢 1030 commit(s) and 25 issue activity found in the last 90 days -- score normalized to 10
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
Binary-Artifacts🟢 9binaries present in source code
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
Pinned-Dependencies⚠️ 0dependency not pinned by hash detected -- score normalized to 0
Security-Policy⚠️ 0security policy file not detected
License🟢 10license file detected
Fuzzing⚠️ 0project is not fuzzed
Signed-Releases⚠️ -1no releases found
Branch-Protection⚠️ 0branch protection not enabled on development/release branches
Packaging🟢 10packaging workflow detected
SAST⚠️ 0SAST tool is not run on all commits -- score normalized to 0
maven/org.apache.commons:commons-compress 1.27.1 UnknownUnknown
maven/org.apache.httpcomponents:httpclient 4.5.14 🟢 7.5
Details
CheckScoreReason
Packaging⚠️ -1packaging workflow not detected
Maintained🟢 1030 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 10
Security-Policy🟢 10security policy file detected
Code-Review🟢 6Found 17/25 approved changesets -- score normalized to 6
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Token-Permissions🟢 10GitHub workflow tokens follow principle of least privilege
Binary-Artifacts🟢 10no binaries found in the repo
License🟢 10license file detected
Signed-Releases⚠️ -1no releases found
Branch-Protection⚠️ 0branch protection not enabled on development/release branches
Pinned-Dependencies⚠️ 0dependency not pinned by hash detected -- score normalized to 0
Fuzzing🟢 10project is fuzzed
SAST🟢 10SAST tool is run on all commits
maven/org.apache.httpcomponents:httpcore 4.4.16 🟢 7.2
Details
CheckScoreReason
Packaging⚠️ -1packaging workflow not detected
Maintained🟢 1028 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 10
Code-Review🟢 3Found 11/29 approved changesets -- score normalized to 3
Security-Policy🟢 10security policy file detected
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Token-Permissions🟢 10GitHub workflow tokens follow principle of least privilege
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
Binary-Artifacts🟢 10no binaries found in the repo
Pinned-Dependencies⚠️ 0dependency not pinned by hash detected -- score normalized to 0
License🟢 10license file detected
Fuzzing🟢 10project is fuzzed
Signed-Releases⚠️ -1no releases found
Branch-Protection⚠️ 0branch protection not enabled on development/release branches
SAST🟢 10SAST tool is run on all commits
maven/org.apache.maven.resolver:maven-resolver-api 1.9.22 UnknownUnknown
maven/org.apache.maven.resolver:maven-resolver-connector-basic 1.9.22 UnknownUnknown
maven/org.apache.maven.resolver:maven-resolver-impl 1.9.22 UnknownUnknown
maven/org.apache.maven.resolver:maven-resolver-named-locks 1.9.22 UnknownUnknown
maven/org.apache.maven.resolver:maven-resolver-spi 1.9.22 UnknownUnknown
maven/org.apache.maven.resolver:maven-resolver-transport-http 1.9.20 UnknownUnknown
maven/org.apache.maven.resolver:maven-resolver-transport-wagon 1.9.22 UnknownUnknown
maven/org.apache.maven.resolver:maven-resolver-util 1.9.22 UnknownUnknown
maven/org.apache.maven.shared:maven-shared-utils 3.4.2 UnknownUnknown
maven/org.apache.maven.wagon:wagon-file 3.5.3 UnknownUnknown
maven/org.apache.maven.wagon:wagon-http 3.5.3 UnknownUnknown
maven/org.apache.maven.wagon:wagon-http-shared 3.5.3 UnknownUnknown
maven/org.apache.maven.wagon:wagon-provider-api 3.5.3 UnknownUnknown
maven/org.apache.maven:maven-api-meta 4.0.0-alpha-5 UnknownUnknown
maven/org.apache.maven:maven-api-xml 4.0.0-alpha-5 UnknownUnknown
maven/org.apache.maven:maven-artifact 3.9.9 UnknownUnknown
maven/org.apache.maven:maven-builder-support 3.9.9 UnknownUnknown
maven/org.apache.maven:maven-core 3.9.9 UnknownUnknown
maven/org.apache.maven:maven-embedder 3.9.9 UnknownUnknown
maven/org.apache.maven:maven-model 3.9.9 UnknownUnknown
maven/org.apache.maven:maven-model-builder 3.9.9 UnknownUnknown
maven/org.apache.maven:maven-plugin-api 3.9.9 UnknownUnknown
maven/org.apache.maven:maven-repository-metadata 3.9.9 UnknownUnknown
maven/org.apache.maven:maven-resolver-provider 3.9.9 UnknownUnknown
maven/org.apache.maven:maven-settings 3.9.9 UnknownUnknown
maven/org.apache.maven:maven-settings-builder 3.9.9 UnknownUnknown
maven/org.apache.maven:maven-xml-impl 4.0.0-alpha-5 UnknownUnknown
maven/org.codehaus.plexus:plexus-cipher 2.1.0 🟢 3.2
Details
CheckScoreReason
Code-Review⚠️ 0Found 2/22 approved changesets -- score normalized to 0
Binary-Artifacts🟢 10no binaries found in the repo
Packaging⚠️ -1packaging workflow not detected
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Maintained⚠️ 0project is archived
Pinned-Dependencies⚠️ 0dependency not pinned by hash detected -- score normalized to 0
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
Fuzzing⚠️ 0project is not fuzzed
License🟢 10license file detected
Signed-Releases⚠️ -1no releases found
Security-Policy⚠️ 0security policy file not detected
Branch-Protection⚠️ 0branch protection not enabled on development/release branches
SAST🟢 7SAST tool detected but not run on all commits
maven/org.codehaus.plexus:plexus-classworlds 2.8.0 🟢 4.3
Details
CheckScoreReason
Packaging⚠️ -1packaging workflow not detected
Code-Review⚠️ 2Found 4/20 approved changesets -- score normalized to 2
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Maintained🟢 1018 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 10
Binary-Artifacts🟢 10no binaries found in the repo
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
Pinned-Dependencies⚠️ 0dependency not pinned by hash detected -- score normalized to 0
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
Fuzzing⚠️ 0project is not fuzzed
License🟢 9license file detected
Signed-Releases⚠️ -1no releases found
Security-Policy⚠️ 0security policy file not detected
SAST⚠️ 0SAST tool is not run on all commits -- score normalized to 0
Branch-Protection🟢 3branch protection is not maximal on development and all release branches
maven/org.codehaus.plexus:plexus-component-annotations 2.1.0 ⚠️ 2.8
Details
CheckScoreReason
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Code-Review⚠️ 1Found 3/16 approved changesets -- score normalized to 1
Packaging⚠️ -1packaging workflow not detected
Maintained⚠️ 0project is archived
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
Binary-Artifacts🟢 10no binaries found in the repo
Pinned-Dependencies⚠️ 0dependency not pinned by hash detected -- score normalized to 0
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
License⚠️ 0license file not detected
Fuzzing⚠️ 0project is not fuzzed
Signed-Releases⚠️ -1no releases found
Branch-Protection⚠️ -1internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md
Security-Policy⚠️ 0security policy file not detected
SAST⚠️ 0SAST tool is not run on all commits -- score normalized to 0
maven/org.codehaus.plexus:plexus-interpolation 1.27 ⚠️ 2.9
Details
CheckScoreReason
Maintained⚠️ 01 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Code-Review⚠️ 2Found 4/18 approved changesets -- score normalized to 2
Pinned-Dependencies⚠️ 0dependency not pinned by hash detected -- score normalized to 0
Packaging⚠️ -1packaging workflow not detected
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
Binary-Artifacts🟢 10no binaries found in the repo
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
Fuzzing⚠️ 0project is not fuzzed
License⚠️ 0license file not detected
Signed-Releases⚠️ -1no releases found
Security-Policy⚠️ 0security policy file not detected
Branch-Protection🟢 3branch protection is not maximal on development and all release branches
SAST⚠️ 0SAST tool is not run on all commits -- score normalized to 0
maven/org.codehaus.plexus:plexus-sec-dispatcher 2.0 UnknownUnknown
maven/org.codehaus.plexus:plexus-xml 4.0.1 UnknownUnknown
maven/org.codejive:java-properties 0.0.7 UnknownUnknown
maven/org.eclipse.microprofile.config:microprofile-config-api 3.1 UnknownUnknown
maven/org.eclipse.microprofile.context-propagation:microprofile-context-propagation-api 1.3 UnknownUnknown
maven/org.eclipse.parsson:parsson 1.1.7 🟢 4.2
Details
CheckScoreReason
Maintained🟢 33 commit(s) and 1 issue activity found in the last 90 days -- score normalized to 3
Code-Review🟢 5Found 12/22 approved changesets -- score normalized to 5
Packaging⚠️ -1packaging workflow not detected
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Binary-Artifacts🟢 10no binaries found in the repo
Pinned-Dependencies⚠️ 0dependency not pinned by hash detected -- score normalized to 0
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
Fuzzing⚠️ 0project is not fuzzed
License🟢 9license file detected
Signed-Releases⚠️ -1no releases found
Branch-Protection⚠️ 0branch protection not enabled on development/release branches
Security-Policy🟢 10security policy file detected
SAST⚠️ 0SAST tool is not run on all commits -- score normalized to 0
maven/org.eclipse.sisu:org.eclipse.sisu.inject 0.9.0.M3 🟢 6
Details
CheckScoreReason
Maintained🟢 55 commit(s) and 1 issue activity found in the last 90 days -- score normalized to 5
Packaging⚠️ -1packaging workflow not detected
Code-Review🟢 7Found 19/27 approved changesets -- score normalized to 7
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
Security-Policy🟢 10security policy file detected
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
Binary-Artifacts🟢 10no binaries found in the repo
Pinned-Dependencies⚠️ 0dependency not pinned by hash detected -- score normalized to 0
Fuzzing⚠️ 0project is not fuzzed
License🟢 10license file detected
Signed-Releases⚠️ -1no releases found
Branch-Protection⚠️ -1internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md
SAST🟢 10SAST tool is run on all commits
maven/org.eclipse.sisu:org.eclipse.sisu.plexus 0.9.0.M3 🟢 6
Details
CheckScoreReason
Maintained🟢 55 commit(s) and 1 issue activity found in the last 90 days -- score normalized to 5
Packaging⚠️ -1packaging workflow not detected
Code-Review🟢 7Found 19/27 approved changesets -- score normalized to 7
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
Security-Policy🟢 10security policy file detected
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
Binary-Artifacts🟢 10no binaries found in the repo
Pinned-Dependencies⚠️ 0dependency not pinned by hash detected -- score normalized to 0
Fuzzing⚠️ 0project is not fuzzed
License🟢 10license file detected
Signed-Releases⚠️ -1no releases found
Branch-Protection⚠️ -1internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md
SAST🟢 10SAST tool is run on all commits
maven/org.fusesource.jansi:jansi 2.4.0 ⚠️ 2.9
Details
CheckScoreReason
Packaging⚠️ -1packaging workflow not detected
Maintained🟢 45 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 4
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
Code-Review⚠️ 1Found 4/29 approved changesets -- score normalized to 1
Binary-Artifacts⚠️ 0binaries present in source code
Pinned-Dependencies⚠️ 0dependency not pinned by hash detected -- score normalized to 0
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
Security-Policy⚠️ 0security policy file not detected
Fuzzing🟢 10project is fuzzed
License🟢 10license file detected
Signed-Releases⚠️ -1no releases found
Branch-Protection⚠️ 0branch protection not enabled on development/release branches
SAST⚠️ 0SAST tool is not run on all commits -- score normalized to 0
maven/org.graalvm.sdk:nativeimage 23.1.2 🟢 4
Details
CheckScoreReason
Maintained🟢 1030 commit(s) and 16 issue activity found in the last 90 days -- score normalized to 10
Code-Review⚠️ 0Found 1/22 approved changesets -- score normalized to 0
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
Packaging⚠️ -1packaging workflow not detected
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Security-Policy🟢 10security policy file detected
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
License🟢 9license file detected
Signed-Releases⚠️ 0Project has not signed or included provenance with any releases.
Branch-Protection🟢 4branch protection is not maximal on development and all release branches
SAST⚠️ 0SAST tool is not run on all commits -- score normalized to 0
Binary-Artifacts⚠️ 0binaries present in source code
Pinned-Dependencies🟢 8dependency not pinned by hash detected -- score normalized to 8
Fuzzing⚠️ 0project is not fuzzed
maven/org.graalvm.sdk:word 23.1.2 🟢 4
Details
CheckScoreReason
Maintained🟢 1030 commit(s) and 16 issue activity found in the last 90 days -- score normalized to 10
Code-Review⚠️ 0Found 1/22 approved changesets -- score normalized to 0
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
Packaging⚠️ -1packaging workflow not detected
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Security-Policy🟢 10security policy file detected
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
License🟢 9license file detected
Signed-Releases⚠️ 0Project has not signed or included provenance with any releases.
Branch-Protection🟢 4branch protection is not maximal on development and all release branches
SAST⚠️ 0SAST tool is not run on all commits -- score normalized to 0
Binary-Artifacts⚠️ 0binaries present in source code
Pinned-Dependencies🟢 8dependency not pinned by hash detected -- score normalized to 8
Fuzzing⚠️ 0project is not fuzzed
maven/org.jboss.logging:commons-logging-jboss-logging 1.0.0.Final 🟢 4
Details
CheckScoreReason
Maintained⚠️ 00 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0
Code-Review⚠️ 2Found 1/5 approved changesets -- score normalized to 2
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Binary-Artifacts🟢 10no binaries found in the repo
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
Packaging⚠️ -1packaging workflow not detected
Pinned-Dependencies⚠️ 0dependency not pinned by hash detected -- score normalized to 0
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
Fuzzing⚠️ 0project is not fuzzed
License🟢 10license file detected
Signed-Releases⚠️ -1no releases found
Branch-Protection⚠️ -1internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md
Security-Policy🟢 9security policy file detected
SAST⚠️ 0SAST tool is not run on all commits -- score normalized to 0
maven/org.jboss.logging:jboss-logging 3.6.1.Final 🟢 5.3
Details
CheckScoreReason
Maintained🟢 68 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 6
Binary-Artifacts🟢 10no binaries found in the repo
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
Code-Review⚠️ 1Found 2/11 approved changesets -- score normalized to 1
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Packaging⚠️ -1packaging workflow not detected
Pinned-Dependencies⚠️ 0dependency not pinned by hash detected -- score normalized to 0
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
Fuzzing🟢 10project is fuzzed
License🟢 10license file detected
Signed-Releases⚠️ -1no releases found
Branch-Protection⚠️ -1internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md
Security-Policy🟢 9security policy file detected
SAST⚠️ 0SAST tool is not run on all commits -- score normalized to 0
maven/org.jboss.logging:jboss-logging-annotations 3.0.2.Final 🟢 3.7
Details
CheckScoreReason
Maintained⚠️ 00 commit(s) and 1 issue activity found in the last 90 days -- score normalized to 0
Code-Review⚠️ 0Found 0/9 approved changesets -- score normalized to 0
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Packaging⚠️ -1packaging workflow not detected
Binary-Artifacts🟢 10no binaries found in the repo
Pinned-Dependencies⚠️ 0dependency not pinned by hash detected -- score normalized to 0
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
Fuzzing⚠️ 0project is not fuzzed
License🟢 10license file detected
Signed-Releases⚠️ -1no releases found
Branch-Protection🟢 3branch protection is not maximal on development and all release branches
Security-Policy🟢 9security policy file detected
SAST⚠️ 0SAST tool is not run on all commits -- score normalized to 0
maven/org.jboss.logmanager:jboss-logmanager 3.0.6.Final UnknownUnknown
maven/org.jboss.slf4j:slf4j-jboss-logmanager 2.0.0.Final UnknownUnknown
maven/org.jboss.threads:jboss-threads 3.8.0.Final UnknownUnknown
maven/org.jctools:jctools-core 4.0.5 🟢 5.3
Details
CheckScoreReason
Maintained🟢 1010 commit(s) and 2 issue activity found in the last 90 days -- score normalized to 10
Packaging⚠️ -1packaging workflow not detected
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Code-Review⚠️ 1Found 4/30 approved changesets -- score normalized to 1
Token-Permissions🟢 9detected GitHub workflow tokens with excessive permissions
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
Binary-Artifacts🟢 10no binaries found in the repo
Security-Policy⚠️ 0security policy file not detected
Pinned-Dependencies⚠️ 0dependency not pinned by hash detected -- score normalized to 0
License🟢 10license file detected
Fuzzing⚠️ 0project is not fuzzed
Signed-Releases⚠️ -1no releases found
Branch-Protection⚠️ 0branch protection not enabled on development/release branches
SAST🟢 7SAST tool detected but not run on all commits
maven/org.jdom:jdom2 2.0.6.1 UnknownUnknown
maven/org.junit.jupiter:junit-jupiter 5.10.5 🟢 8.3
Details
CheckScoreReason
Packaging⚠️ -1packaging workflow not detected
Code-Review⚠️ 0Found 0/27 approved changesets -- score normalized to 0
Maintained🟢 1030 commit(s) and 25 issue activity found in the last 90 days -- score normalized to 10
Dependency-Update-Tool🟢 10update tool detected
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Token-Permissions🟢 10GitHub workflow tokens follow principle of least privilege
Security-Policy🟢 10security policy file detected
Binary-Artifacts🟢 9binaries present in source code
Pinned-Dependencies🟢 10all dependencies are pinned
Vulnerabilities🟢 100 existing vulnerabilities detected
CII-Best-Practices🟢 5badge detected: Passing
SAST🟢 10SAST tool is run on all commits
License🟢 10license file detected
Branch-Protection⚠️ -1internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration
Signed-Releases⚠️ -1no releases found
Fuzzing⚠️ 0project is not fuzzed
CI-Tests🟢 103 out of 3 merged PRs checked by a CI test -- score normalized to 10
Contributors🟢 10project has 59 contributing companies or organizations
maven/org.junit.jupiter:junit-jupiter-api 5.10.5 🟢 8.3
Details
CheckScoreReason
Packaging⚠️ -1packaging workflow not detected
Code-Review⚠️ 0Found 0/27 approved changesets -- score normalized to 0
Maintained🟢 1030 commit(s) and 25 issue activity found in the last 90 days -- score normalized to 10
Dependency-Update-Tool🟢 10update tool detected
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Token-Permissions🟢 10GitHub workflow tokens follow principle of least privilege
Security-Policy🟢 10security policy file detected
Binary-Artifacts🟢 9binaries present in source code
Pinned-Dependencies🟢 10all dependencies are pinned
Vulnerabilities🟢 100 existing vulnerabilities detected
CII-Best-Practices🟢 5badge detected: Passing
SAST🟢 10SAST tool is run on all commits
License🟢 10license file detected
Branch-Protection⚠️ -1internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration
Signed-Releases⚠️ -1no releases found
Fuzzing⚠️ 0project is not fuzzed
CI-Tests🟢 103 out of 3 merged PRs checked by a CI test -- score normalized to 10
Contributors🟢 10project has 59 contributing companies or organizations
maven/org.junit.jupiter:junit-jupiter-engine 5.10.5 🟢 8.3
Details
CheckScoreReason
Packaging⚠️ -1packaging workflow not detected
Code-Review⚠️ 0Found 0/27 approved changesets -- score normalized to 0
Maintained🟢 1030 commit(s) and 25 issue activity found in the last 90 days -- score normalized to 10
Dependency-Update-Tool🟢 10update tool detected
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Token-Permissions🟢 10GitHub workflow tokens follow principle of least privilege
Security-Policy🟢 10security policy file detected
Binary-Artifacts🟢 9binaries present in source code
Pinned-Dependencies🟢 10all dependencies are pinned
Vulnerabilities🟢 100 existing vulnerabilities detected
CII-Best-Practices🟢 5badge detected: Passing
SAST🟢 10SAST tool is run on all commits
License🟢 10license file detected
Branch-Protection⚠️ -1internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration
Signed-Releases⚠️ -1no releases found
Fuzzing⚠️ 0project is not fuzzed
CI-Tests🟢 103 out of 3 merged PRs checked by a CI test -- score normalized to 10
Contributors🟢 10project has 59 contributing companies or organizations
maven/org.junit.jupiter:junit-jupiter-params 5.10.5 🟢 8.3
Details
CheckScoreReason
Packaging⚠️ -1packaging workflow not detected
Code-Review⚠️ 0Found 0/27 approved changesets -- score normalized to 0
Maintained🟢 1030 commit(s) and 25 issue activity found in the last 90 days -- score normalized to 10
Dependency-Update-Tool🟢 10update tool detected
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Token-Permissions🟢 10GitHub workflow tokens follow principle of least privilege
Security-Policy🟢 10security policy file detected
Binary-Artifacts🟢 9binaries present in source code
Pinned-Dependencies🟢 10all dependencies are pinned
Vulnerabilities🟢 100 existing vulnerabilities detected
CII-Best-Practices🟢 5badge detected: Passing
SAST🟢 10SAST tool is run on all commits
License🟢 10license file detected
Branch-Protection⚠️ -1internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration
Signed-Releases⚠️ -1no releases found
Fuzzing⚠️ 0project is not fuzzed
CI-Tests🟢 103 out of 3 merged PRs checked by a CI test -- score normalized to 10
Contributors🟢 10project has 59 contributing companies or organizations
maven/org.junit.platform:junit-platform-commons 1.10.5 🟢 8.3
Details
CheckScoreReason
Packaging⚠️ -1packaging workflow not detected
Code-Review⚠️ 0Found 0/27 approved changesets -- score normalized to 0
Maintained🟢 1030 commit(s) and 25 issue activity found in the last 90 days -- score normalized to 10
Dependency-Update-Tool🟢 10update tool detected
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Token-Permissions🟢 10GitHub workflow tokens follow principle of least privilege
Security-Policy🟢 10security policy file detected
Binary-Artifacts🟢 9binaries present in source code
Pinned-Dependencies🟢 10all dependencies are pinned
Vulnerabilities🟢 100 existing vulnerabilities detected
CII-Best-Practices🟢 5badge detected: Passing
SAST🟢 10SAST tool is run on all commits
License🟢 10license file detected
Branch-Protection⚠️ -1internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration
Signed-Releases⚠️ -1no releases found
Fuzzing⚠️ 0project is not fuzzed
CI-Tests🟢 103 out of 3 merged PRs checked by a CI test -- score normalized to 10
Contributors🟢 10project has 59 contributing companies or organizations
maven/org.junit.platform:junit-platform-engine 1.10.5 🟢 8.3
Details
CheckScoreReason
Packaging⚠️ -1packaging workflow not detected
Code-Review⚠️ 0Found 0/27 approved changesets -- score normalized to 0
Maintained🟢 1030 commit(s) and 25 issue activity found in the last 90 days -- score normalized to 10
Dependency-Update-Tool🟢 10update tool detected
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Token-Permissions🟢 10GitHub workflow tokens follow principle of least privilege
Security-Policy🟢 10security policy file detected
Binary-Artifacts🟢 9binaries present in source code
Pinned-Dependencies🟢 10all dependencies are pinned
Vulnerabilities🟢 100 existing vulnerabilities detected
CII-Best-Practices🟢 5badge detected: Passing
SAST🟢 10SAST tool is run on all commits
License🟢 10license file detected
Branch-Protection⚠️ -1internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration
Signed-Releases⚠️ -1no releases found
Fuzzing⚠️ 0project is not fuzzed
CI-Tests🟢 103 out of 3 merged PRs checked by a CI test -- score normalized to 10
Contributors🟢 10project has 59 contributing companies or organizations
maven/org.junit.platform:junit-platform-launcher 1.10.5 🟢 8.3
Details
CheckScoreReason
Packaging⚠️ -1packaging workflow not detected
Code-Review⚠️ 0Found 0/27 approved changesets -- score normalized to 0
Maintained🟢 1030 commit(s) and 25 issue activity found in the last 90 days -- score normalized to 10
Dependency-Update-Tool🟢 10update tool detected
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Token-Permissions🟢 10GitHub workflow tokens follow principle of least privilege
Security-Policy🟢 10security policy file detected
Binary-Artifacts🟢 9binaries present in source code
Pinned-Dependencies🟢 10all dependencies are pinned
Vulnerabilities🟢 100 existing vulnerabilities detected
CII-Best-Practices🟢 5badge detected: Passing
SAST🟢 10SAST tool is run on all commits
License🟢 10license file detected
Branch-Protection⚠️ -1internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration
Signed-Releases⚠️ -1no releases found
Fuzzing⚠️ 0project is not fuzzed
CI-Tests🟢 103 out of 3 merged PRs checked by a CI test -- score normalized to 10
Contributors🟢 10project has 59 contributing companies or organizations
maven/org.junit:junit-bom 5.10.5 🟢 8.3
Details
CheckScoreReason
Packaging⚠️ -1packaging workflow not detected
Code-Review⚠️ 0Found 0/27 approved changesets -- score normalized to 0
Maintained🟢 1030 commit(s) and 25 issue activity found in the last 90 days -- score normalized to 10
Dependency-Update-Tool🟢 10update tool detected
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Token-Permissions🟢 10GitHub workflow tokens follow principle of least privilege
Security-Policy🟢 10security policy file detected
Binary-Artifacts🟢 9binaries present in source code
Pinned-Dependencies🟢 10all dependencies are pinned
Vulnerabilities🟢 100 existing vulnerabilities detected
CII-Best-Practices🟢 5badge detected: Passing
SAST🟢 10SAST tool is run on all commits
License🟢 10license file detected
Branch-Protection⚠️ -1internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration
Signed-Releases⚠️ -1no releases found
Fuzzing⚠️ 0project is not fuzzed
CI-Tests🟢 103 out of 3 merged PRs checked by a CI test -- score normalized to 10
Contributors🟢 10project has 59 contributing companies or organizations
maven/org.mockito:mockito-core 5.14.1 🟢 7.3
Details
CheckScoreReason
Code-Review🟢 9Found 19/20 approved changesets -- score normalized to 9
Maintained🟢 1013 commit(s) and 8 issue activity found in the last 90 days -- score normalized to 10
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Security-Policy🟢 9security policy file detected
Token-Permissions🟢 10GitHub workflow tokens follow principle of least privilege
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
Pinned-Dependencies⚠️ 0dependency not pinned by hash detected -- score normalized to 0
License🟢 10license file detected
Fuzzing⚠️ 0project is not fuzzed
Branch-Protection⚠️ -1internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md
Signed-Releases⚠️ -1no releases found
Packaging🟢 10packaging workflow detected
Binary-Artifacts🟢 10no binaries found in the repo
SAST⚠️ 0SAST tool is not run on all commits -- score normalized to 0
maven/org.mockito:mockito-junit-jupiter 5.14.1 🟢 7.3
Details
CheckScoreReason
Code-Review🟢 9Found 19/20 approved changesets -- score normalized to 9
Maintained🟢 1013 commit(s) and 8 issue activity found in the last 90 days -- score normalized to 10
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Security-Policy🟢 9security policy file detected
Token-Permissions🟢 10GitHub workflow tokens follow principle of least privilege
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
Pinned-Dependencies⚠️ 0dependency not pinned by hash detected -- score normalized to 0
License🟢 10license file detected
Fuzzing⚠️ 0project is not fuzzed
Branch-Protection⚠️ -1internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md
Signed-Releases⚠️ -1no releases found
Packaging🟢 10packaging workflow detected
Binary-Artifacts🟢 10no binaries found in the repo
SAST⚠️ 0SAST tool is not run on all commits -- score normalized to 0
maven/org.opentest4j:opentest4j 1.3.0 🟢 7.2
Details
CheckScoreReason
Packaging⚠️ -1packaging workflow not detected
Binary-Artifacts🟢 9binaries present in source code
Security-Policy🟢 10security policy file detected
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Code-Review⚠️ 0Found 0/1 approved changesets -- score normalized to 0
Token-Permissions🟢 10GitHub workflow tokens follow principle of least privilege
Maintained🟢 1022 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 10
Pinned-Dependencies🟢 10all dependencies are pinned
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
Fuzzing⚠️ 0project is not fuzzed
Signed-Releases⚠️ -1no releases found
License🟢 10license file detected
Branch-Protection🟢 5branch protection is not maximal on development and all release branches
SAST🟢 9SAST tool is not run on all commits -- score normalized to 9
maven/org.ow2.asm:asm 9.7.1 UnknownUnknown
maven/org.ow2.asm:asm-analysis 9.7.1 UnknownUnknown
maven/org.ow2.asm:asm-commons 9.7.1 UnknownUnknown
maven/org.ow2.asm:asm-tree 9.7.1 UnknownUnknown
maven/org.ow2.asm:asm-util 9.7.1 UnknownUnknown
maven/org.slf4j:slf4j-api 2.0.6 🟢 5.2
Details
CheckScoreReason
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Maintained🟢 53 commit(s) and 3 issue activity found in the last 90 days -- score normalized to 5
Token-Permissions🟢 10GitHub workflow tokens follow principle of least privilege
Code-Review⚠️ 0Found 2/30 approved changesets -- score normalized to 0
Security-Policy🟢 10security policy file detected
Packaging⚠️ -1packaging workflow not detected
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
Binary-Artifacts⚠️ 0binaries present in source code
Pinned-Dependencies⚠️ 0dependency not pinned by hash detected -- score normalized to 0
Fuzzing🟢 10project is fuzzed
License🟢 10license file detected
Signed-Releases⚠️ -1no releases found
Branch-Protection⚠️ -1internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md
SAST⚠️ 0SAST tool is not run on all commits -- score normalized to 0
maven/org.wildfly.common:wildfly-common 2.0.1 🟢 5.3
Details
CheckScoreReason
Code-Review⚠️ -1Found no human activity in the last 15 changesets
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Security-Policy🟢 9security policy file detected
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
Packaging⚠️ -1packaging workflow not detected
Maintained🟢 810 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 8
Pinned-Dependencies⚠️ 0dependency not pinned by hash detected -- score normalized to 0
Binary-Artifacts🟢 10no binaries found in the repo
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
License🟢 10license file detected
Fuzzing⚠️ 0project is not fuzzed
Signed-Releases⚠️ -1no releases found
Branch-Protection⚠️ -1internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md
SAST⚠️ 0SAST tool is not run on all commits -- score normalized to 0
maven/org.wildfly.common:wildfly-common 1.7.0.Final 🟢 5.3
Details
CheckScoreReason
Code-Review⚠️ -1Found no human activity in the last 15 changesets
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Security-Policy🟢 9security policy file detected
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
Packaging⚠️ -1packaging workflow not detected
Maintained🟢 810 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 8
Pinned-Dependencies⚠️ 0dependency not pinned by hash detected -- score normalized to 0
Binary-Artifacts🟢 10no binaries found in the repo
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
License🟢 10license file detected
Fuzzing⚠️ 0project is not fuzzed
Signed-Releases⚠️ -1no releases found
Branch-Protection⚠️ -1internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md
SAST⚠️ 0SAST tool is not run on all commits -- score normalized to 0
maven/org.yaml:snakeyaml 2.3 UnknownUnknown

Scanned Files

  • settings.gradle

@KirylKurnosenka

KirylKurnosenka commented Jun 19, 2026

Copy link
Copy Markdown
Contributor

/deploy-review

GitHub actions run: 27817413316

Stage Status
deploy-review Success ✅
chat Failed ❌

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

7 participants