{"id":36951762,"uuid":"143040428","full_name":"github/codeql","owner":"github","description":"CodeQL: the libraries and queries that power security researchers around the world, as well as code scanning in GitHub Advanced Security","archived":false,"fork":false,"pushed_at":"2026-04-16T10:11:40.000Z","size":485533,"stargazers_count":9477,"open_issues_count":1377,"forks_count":1949,"subscribers_count":262,"default_branch":"main","last_synced_at":"2026-04-16T11:00:10.993Z","etag":null,"topics":["codeql","github-advanced-security","github-security-lab","semmle-ql","works-with-codespaces"],"latest_commit_sha":null,"homepage":"https://codeql.github.com","language":"CodeQL","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/github.png","metadata":{"files":{"readme":"README.md","changelog":"change-notes/1.18/analysis-cpp.md","contributing":"CONTRIBUTING.md","funding":null,"license":"LICENSE","code_of_conduct":"CODE_OF_CONDUCT.md","threat_model":null,"audit":null,"citation":null,"codeowners":"CODEOWNERS","security":null,"support":"docs/supported-queries.md","governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":null,"dco":null,"cla":null}},"created_at":"2018-07-31T16:35:51.000Z","updated_at":"2026-04-16T09:52:06.000Z","dependencies_parsed_at":"2024-11-11T11:43:06.039Z","dependency_job_id":"8da658a5-9d63-4a5a-b49a-d1c24089ff9b","html_url":"https://github.com/github/codeql","commit_stats":{"total_commits":57237,"total_committers":347,"mean_commits":"164.94812680115274","dds":0.9256949176232158,"last_synced_commit":"fa5cc901672a8fa8ca7a3754d28089f3f55d3343"},"previous_names":[],"tags_count":164,"template":false,"template_full_name":null,"purl":"pkg:github/github/codeql","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/github%2Fcodeql","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/github%2Fcodeql/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/github%2Fcodeql/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/github%2Fcodeql/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/github","download_url":"https://codeload.github.com/github/codeql/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/github%2Fcodeql/sbom","scorecard":{"id":428159,"data":{"date":"2025-08-11","repo":{"name":"github.com/github/codeql","commit":"f1bff93bc5bde98872b80a153249a04b6445385d"},"scorecard":{"version":"v5.2.1-40-gf6ed084d","commit":"f6ed084d17c9236477efd66e5b258b9d4cc7b389"},"score":5.4,"checks":[{"name":"Maintained","score":10,"reason":"30 commit(s) and 7 issue activity found in the last 90 days -- score normalized to 10","details":null,"documentation":{"short":"Determines if the project is \"actively maintained\".","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#maintained"}},{"name":"CII-Best-Practices","score":0,"reason":"no effort to earn an OpenSSF best practices badge detected","details":null,"documentation":{"short":"Determines if the project has an OpenSSF (formerly CII) Best Practices Badge.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#cii-best-practices"}},{"name":"Code-Review","score":10,"reason":"all changesets reviewed","details":null,"documentation":{"short":"Determines if the project requires human code review before pull requests (aka merge requests) are merged.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#code-review"}},{"name":"Packaging","score":-1,"reason":"packaging workflow not detected","details":["Warn: no GitHub/GitLab publishing workflow detected."],"documentation":{"short":"Determines if the project is published as a package that others can easily download, install, easily update, and uninstall.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#packaging"}},{"name":"License","score":10,"reason":"license file detected","details":["Info: project has a license file: LICENSE:0","Info: FSF or OSI recognized license: MIT License: LICENSE:0"],"documentation":{"short":"Determines if the project has defined a license.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#license"}},{"name":"Signed-Releases","score":-1,"reason":"no releases found","details":null,"documentation":{"short":"Determines if the project cryptographically signs release artifacts.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#signed-releases"}},{"name":"Dangerous-Workflow","score":10,"reason":"no dangerous workflow patterns detected","details":null,"documentation":{"short":"Determines if the project's GitHub Action workflows avoid dangerous patterns.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#dangerous-workflow"}},{"name":"Security-Policy","score":10,"reason":"security policy file detected","details":["Info: security policy file detected: github.com/github/.github/SECURITY.md:1","Info: Found linked content: github.com/github/.github/SECURITY.md:1","Info: Found disclosure, vulnerability, and/or timelines in security policy: github.com/github/.github/SECURITY.md:1","Info: Found text in security policy: github.com/github/.github/SECURITY.md:1"],"documentation":{"short":"Determines if the project has published a security policy.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#security-policy"}},{"name":"Branch-Protection","score":8,"reason":"branch protection is not maximal on development and all release branches","details":["Info: 'allow deletion' disabled on branch 'main'","Info: 'force pushes' disabled on branch 'main'","Info: 'branch protection settings apply to administrators' is required to merge on branch 'main'","Warn: required approving review count is 1 on branch 'main'","Warn: codeowners review is not required on branch 'main'","Info: status check found to merge onto on branch 'main'","Info: PRs are required in order to make changes on branch 'main'"],"documentation":{"short":"Determines if the default and release branches are protected with GitHub's branch protection settings.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#branch-protection"}},{"name":"Token-Permissions","score":0,"reason":"detected GitHub workflow tokens with excessive permissions","details":["Info: jobLevel 'contents' permission set to 'read': .github/workflows/codeql-analysis.yml:29","Info: jobLevel 'pull-requests' permission set to 'read': .github/workflows/codeql-analysis.yml:31","Info: jobLevel 'contents' permission set to 'read': .github/workflows/cpp-swift-analysis.yml:25","Info: jobLevel 'pull-requests' permission set to 'read': .github/workflows/cpp-swift-analysis.yml:27","Info: jobLevel 'contents' permission set to 'read': .github/workflows/rust-analysis.yml:32","Info: jobLevel 'pull-requests' permission set to 'read': .github/workflows/rust-analysis.yml:34","Warn: no topLevel permission defined: .github/workflows/build-ripunzip.yml:1","Info: topLevel 'contents' permission set to 'read': .github/workflows/buildifier.yml:13","Info: topLevel 'pull-requests' permission set to 'read': .github/workflows/check-change-note.yml:4","Info: topLevel 'contents' permission set to 'read': .github/workflows/check-implicit-this.yml:13","Info: topLevel 'contents' permission set to 'read': .github/workflows/check-overlay-annotations.yml:14","Info: topLevel 'contents' permission set to 'read': .github/workflows/check-qldoc.yml:14","Info: topLevel 'contents' permission set to 'read': .github/workflows/check-query-ids.yml:15","Warn: no topLevel permission defined: .github/workflows/codeql-analysis.yml:1","Info: topLevel 'contents' permission set to 'read': .github/workflows/compile-queries.yml:17","Warn: no topLevel permission defined: .github/workflows/cpp-swift-analysis.yml:1","Info: topLevel 'contents' permission set to 'read': .github/workflows/csharp-qltest.yml:33","Info: topLevel 'contents' permission set to 'read': .github/workflows/csv-coverage-metrics.yml:18","Warn: topLevel 'security-events' permission set to 'write': .github/workflows/csv-coverage-metrics.yml:19","Info: topLevel 'contents' permission set to 'read': .github/workflows/csv-coverage-pr-artifacts.yml:23","Info: topLevel 'pull-requests' permission set to 'read': .github/workflows/csv-coverage-pr-artifacts.yml:24","Info: topLevel 'contents' permission set to 'read': .github/workflows/csv-coverage-pr-comment.yml:10","Info: topLevel 'contents' permission set to 'read': .github/workflows/csv-coverage-timeseries.yml:7","Warn: topLevel 'contents' permission set to 'write': .github/workflows/csv-coverage-update.yml:9","Info: topLevel 'contents' permission set to 'read': .github/workflows/csv-coverage.yml:11","Warn: topLevel 'contents' permission set to 'write': .github/workflows/fast-forward.yml:11","Info: topLevel 'contents' permission set to 'read': .github/workflows/go-tests.yml:16","Info: topLevel 'contents' permission set to 'read': .github/workflows/kotlin-build.yml:17","Info: topLevel 'contents' permission set to 'read': .github/workflows/labeler.yml:6","Info: topLevel 'contents' permission set to 'read': .github/workflows/mad_modelDiff.yml:19","Info: topLevel 'contents' permission set to 'read': .github/workflows/mad_regenerate-models.yml:15","Info: topLevel 'actions' permission set to 'read': .github/workflows/post-pr-comment.yml:14","Info: topLevel 'contents' permission set to 'read': .github/workflows/python-tooling.yml:18","Info: topLevel 'contents' permission set to 'read': .github/workflows/qhelp-pr-preview.yml:21","Info: topLevel 'pull-requests' permission set to 'read': .github/workflows/qhelp-pr-preview.yml:22","Info: topLevel 'contents' permission set to 'read': .github/workflows/ql-for-ql-build.yml:13","Warn: topLevel 'security-events' permission set to 'write': .github/workflows/ql-for-ql-build.yml:14","Info: topLevel 'contents' permission set to 'read': .github/workflows/ql-for-ql-dataset_measure.yml:15","Info: topLevel 'security-events' permission set to 'read': .github/workflows/ql-for-ql-dataset_measure.yml:16","Info: topLevel 'contents' permission set to 'read': .github/workflows/ql-for-ql-tests.yml:21","Info: topLevel 'contents' permission set to 'read': .github/workflows/query-list.yml:17","Info: topLevel 'contents' permission set to 'read': .github/workflows/ruby-build.yml:38","Info: topLevel 'contents' permission set to 'read': .github/workflows/ruby-dataset-measure.yml:21","Info: topLevel 'contents' permission set to 'read': .github/workflows/ruby-qltest-rtjo.yml:19","Info: topLevel 'contents' permission set to 'read': .github/workflows/ruby-qltest.yml:33","Warn: no topLevel permission defined: .github/workflows/rust-analysis.yml:1","Info: topLevel 'contents' permission set to 'read': .github/workflows/rust.yml:23","Info: topLevel 'contents' permission set to 'read': .github/workflows/swift.yml:23","Info: topLevel 'contents' permission set to 'read': .github/workflows/sync-files.yml:14","Info: topLevel 'contents' permission set to 'read': .github/workflows/tree-sitter-extractor-test.yml:27","Info: topLevel 'contents' permission set to 'read': .github/workflows/validate-change-notes.yml:19","Info: topLevel 'contents' permission set to 'read': .github/workflows/zipmerge-test.yml:14","Info: no jobLevel write permissions found"],"documentation":{"short":"Determines if the project's workflows follow the principle of least privilege.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#token-permissions"}},{"name":"SAST","score":10,"reason":"SAST tool is run on all commits","details":["Info: SAST configuration detected: CodeQL","Info: SAST configuration detected: CodeQL","Info: SAST configuration detected: CodeQL","Info: all commits (30) are checked with a SAST tool"],"documentation":{"short":"Determines if the project uses static code analysis.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#sast"}},{"name":"Fuzzing","score":0,"reason":"project is not fuzzed","details":["Warn: no fuzzer integrations found"],"documentation":{"short":"Determines if the project uses fuzzing.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#fuzzing"}},{"name":"Binary-Artifacts","score":0,"reason":"binaries present in source code","details":["Warn: binary detected: csharp/ql/test/library-tests/aliases/Assembly1.dll:1","Warn: binary detected: csharp/ql/test/library-tests/aliases/Assembly2.dll:1","Warn: binary detected: csharp/ql/test/library-tests/assemblies/Assembly1.dll:1","Warn: binary detected: csharp/ql/test/library-tests/assemblies/Locations.dll:1","Warn: binary detected: csharp/ql/test/library-tests/attributes/Assembly1.dll:1","Warn: binary detected: csharp/ql/test/library-tests/dataflow/external-models/ExternalFlow.dll:1","Warn: binary detected: csharp/ql/test/library-tests/parameters/Parameters.dll:1","Warn: binary detected: csharp/ql/test/resources/assemblies/System.Net.Http.dll:1","Warn: binary detected: csharp/ql/test/resources/assemblies/System.Web.Mvc.dll:1","Warn: binary detected: csharp/ql/test/resources/assemblies/System.Web.dll:1","Warn: binary detected: go/ql/test/library-tests/semmle/go/dataflow/ExternalFlowVarArgs/semmle.go.Packages:1","Warn: binary detected: go/ql/test/library-tests/semmle/go/dataflow/VarArgsWithFunctionModels/semmle.go.Packages:1","Warn: binary detected: java/ql/integration-tests/java/buildless-dependency-different-repository/repo/releases/com/github/my/other/repo/test/otherreleasetest/1.0/otherreleasetest-1.0.jar:1","Warn: binary detected: java/ql/integration-tests/java/buildless-dependency-different-repository/repo2/releases/com/github/hosted/in/other/repo/test/inotherrepo/1.0/inotherrepo-1.0.jar:1","Warn: binary detected: java/ql/integration-tests/java/buildless-gradle-timeout/gradle/wrapper/gradle-wrapper.jar:1","Warn: binary detected: java/ql/integration-tests/java/buildless-inherit-trust-store/repo/snapshots/com/github/my/snapshot/test/snapshottest/1.0-SNAPSHOT/snapshottest-1.0-20230901.050514-100.jar:1","Warn: binary detected: java/ql/integration-tests/java/buildless-maven-timeout/.mvn/wrapper/maven-wrapper.jar:1","Warn: binary detected: java/ql/integration-tests/java/buildless-sibling-projects/gradle-sample/gradle/wrapper/gradle-wrapper.jar:1","Warn: binary detected: java/ql/integration-tests/java/buildless-sibling-projects/gradle-sample2/gradle/wrapper/gradle-wrapper.jar:1","Warn: binary detected: java/ql/integration-tests/java/buildless-snapshot-repository/repo/snapshots/com/github/my/snapshot/test/snapshottest/1.0-SNAPSHOT/snapshottest-1.0-20230901.050514-100.jar:1","Warn: binary detected: java/ql/integration-tests/java/diagnostics/maven-http-repository/.mvn/wrapper/maven-wrapper.jar:1","Warn: binary detected: java/ql/integration-tests/java/maven-wrapper/.mvn/wrapper/maven-wrapper.jar:1","Warn: binary detected: java/ql/test/query-tests/Stubs/Minimal/testlib.jar:1","Warn: binary detected: misc/bazel/internal/zipmerge/test-files/footers.jar:1","Warn: binary detected: misc/bazel/internal/zipmerge/test-files/no-footers.jar:1"],"documentation":{"short":"Determines if the project has generated executable (binary) artifacts in the source repository.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#binary-artifacts"}},{"name":"Pinned-Dependencies","score":0,"reason":"dependency not pinned by hash detected -- score normalized to 0","details":["Info: Possibly incomplete results: error parsing shell code: \"foo(\" must be followed by ): javascript/ql/test/query-tests/Expressions/UnknownDirective/dual-use.js:0","Info: Possibly incomplete results: error parsing shell code: \"foo(\" must be followed by ): python/ql/test/2/query-tests/Summary/not_python:0","Info: Possibly incomplete results: error parsing shell code: \"foo(\" must be followed by ): python/ql/test/3/query-tests/Summary/not_python:0","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build-ripunzip.yml:23: update your workflow using https://app.stepsecurity.io/secureworkflow/github/codeql/build-ripunzip.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build-ripunzip.yml:31: update your workflow using https://app.stepsecurity.io/secureworkflow/github/codeql/build-ripunzip.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build-ripunzip.yml:67: update your workflow using https://app.stepsecurity.io/secureworkflow/github/codeql/build-ripunzip.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/buildifier.yml:20: update your workflow using https://app.stepsecurity.io/secureworkflow/github/codeql/buildifier.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/check-implicit-this.yml:19: update your workflow using https://app.stepsecurity.io/secureworkflow/github/codeql/check-implicit-this.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/check-overlay-annotations.yml:20: update your workflow using https://app.stepsecurity.io/secureworkflow/github/codeql/check-overlay-annotations.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/check-qldoc.yml:21: update your workflow using https://app.stepsecurity.io/secureworkflow/github/codeql/check-qldoc.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/check-query-ids.yml:22: update your workflow using https://app.stepsecurity.io/secureworkflow/github/codeql/check-query-ids.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/close-stale.yml:18: update your workflow using https://app.stepsecurity.io/secureworkflow/github/codeql/close-stale.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/codeql-analysis.yml:35: update your workflow using https://app.stepsecurity.io/secureworkflow/github/codeql/codeql-analysis.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/codeql-analysis.yml:40: update your workflow using https://app.stepsecurity.io/secureworkflow/github/codeql/codeql-analysis.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/codeql-analysis.yml:44: update your workflow using https://app.stepsecurity.io/secureworkflow/github/codeql/codeql-analysis.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/codeql-analysis.yml:67: update your workflow using https://app.stepsecurity.io/secureworkflow/github/codeql/codeql-analysis.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/compile-queries.yml:25: update your workflow using https://app.stepsecurity.io/secureworkflow/github/codeql/compile-queries.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/cpp-swift-analysis.yml:31: update your workflow using https://app.stepsecurity.io/secureworkflow/github/codeql/cpp-swift-analysis.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/cpp-swift-analysis.yml:35: update your workflow using https://app.stepsecurity.io/secureworkflow/github/codeql/cpp-swift-analysis.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/cpp-swift-analysis.yml:53: update your workflow using https://app.stepsecurity.io/secureworkflow/github/codeql/cpp-swift-analysis.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/csharp-qltest.yml:42: update your workflow using https://app.stepsecurity.io/secureworkflow/github/codeql/csharp-qltest.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/csharp-qltest.yml:44: update your workflow using https://app.stepsecurity.io/secureworkflow/github/codeql/csharp-qltest.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/csharp-qltest.yml:58: update your workflow using https://app.stepsecurity.io/secureworkflow/github/codeql/csharp-qltest.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/csv-coverage-metrics.yml:26: update your workflow using https://app.stepsecurity.io/secureworkflow/github/codeql/csv-coverage-metrics.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/csv-coverage-metrics.yml:40: update your workflow using https://app.stepsecurity.io/secureworkflow/github/codeql/csv-coverage-metrics.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/csv-coverage-metrics.yml:46: update your workflow using https://app.stepsecurity.io/secureworkflow/github/codeql/csv-coverage-metrics.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/csv-coverage-metrics.yml:54: update your workflow using https://app.stepsecurity.io/secureworkflow/github/codeql/csv-coverage-metrics.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/csv-coverage-metrics.yml:67: update your workflow using https://app.stepsecurity.io/secureworkflow/github/codeql/csv-coverage-metrics.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/csv-coverage-metrics.yml:73: update your workflow using https://app.stepsecurity.io/secureworkflow/github/codeql/csv-coverage-metrics.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/csv-coverage-pr-artifacts.yml:38: update your workflow using https://app.stepsecurity.io/secureworkflow/github/codeql/csv-coverage-pr-artifacts.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/csv-coverage-pr-artifacts.yml:42: update your workflow using https://app.stepsecurity.io/secureworkflow/github/codeql/csv-coverage-pr-artifacts.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/csv-coverage-pr-artifacts.yml:51: update your workflow using https://app.stepsecurity.io/secureworkflow/github/codeql/csv-coverage-pr-artifacts.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/csv-coverage-pr-artifacts.yml:74: update your workflow using https://app.stepsecurity.io/secureworkflow/github/codeql/csv-coverage-pr-artifacts.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/csv-coverage-pr-artifacts.yml:81: update your workflow using https://app.stepsecurity.io/secureworkflow/github/codeql/csv-coverage-pr-artifacts.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/csv-coverage-pr-artifacts.yml:88: update your workflow using https://app.stepsecurity.io/secureworkflow/github/codeql/csv-coverage-pr-artifacts.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/csv-coverage-pr-artifacts.yml:100: update your workflow using https://app.stepsecurity.io/secureworkflow/github/codeql/csv-coverage-pr-artifacts.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/csv-coverage-pr-artifacts.yml:120: update your workflow using https://app.stepsecurity.io/secureworkflow/github/codeql/csv-coverage-pr-artifacts.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/csv-coverage-pr-comment.yml:27: update your workflow using https://app.stepsecurity.io/secureworkflow/github/codeql/csv-coverage-pr-comment.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/csv-coverage-pr-comment.yml:29: update your workflow using https://app.stepsecurity.io/secureworkflow/github/codeql/csv-coverage-pr-comment.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/csv-coverage-timeseries.yml:15: update your workflow using https://app.stepsecurity.io/secureworkflow/github/codeql/csv-coverage-timeseries.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/csv-coverage-timeseries.yml:19: update your workflow using https://app.stepsecurity.io/secureworkflow/github/codeql/csv-coverage-timeseries.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/csv-coverage-timeseries.yml:24: update your workflow using https://app.stepsecurity.io/secureworkflow/github/codeql/csv-coverage-timeseries.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/csv-coverage-timeseries.yml:33: update your workflow using https://app.stepsecurity.io/secureworkflow/github/codeql/csv-coverage-timeseries.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/csv-coverage-update.yml:24: update your workflow using https://app.stepsecurity.io/secureworkflow/github/codeql/csv-coverage-update.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/csv-coverage-update.yml:29: update your workflow using https://app.stepsecurity.io/secureworkflow/github/codeql/csv-coverage-update.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/csv-coverage.yml:19: update your workflow using https://app.stepsecurity.io/secureworkflow/github/codeql/csv-coverage.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/csv-coverage.yml:23: update your workflow using https://app.stepsecurity.io/secureworkflow/github/codeql/csv-coverage.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/csv-coverage.yml:28: update your workflow using https://app.stepsecurity.io/secureworkflow/github/codeql/csv-coverage.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/csv-coverage.yml:37: update your workflow using https://app.stepsecurity.io/secureworkflow/github/codeql/csv-coverage.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/csv-coverage.yml:42: update your workflow using https://app.stepsecurity.io/secureworkflow/github/codeql/csv-coverage.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/fast-forward.yml:29: update your workflow using https://app.stepsecurity.io/secureworkflow/github/codeql/fast-forward.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/go-tests.yml:25: update your workflow using https://app.stepsecurity.io/secureworkflow/github/codeql/go-tests.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/kotlin-build.yml:23: update your workflow using https://app.stepsecurity.io/secureworkflow/github/codeql/kotlin-build.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/labeler.yml:13: update your workflow using https://app.stepsecurity.io/secureworkflow/github/codeql/labeler.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/mad_modelDiff.yml:31: update your workflow using https://app.stepsecurity.io/secureworkflow/github/codeql/mad_modelDiff.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/mad_modelDiff.yml:36: update your workflow using https://app.stepsecurity.io/secureworkflow/github/codeql/mad_modelDiff.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/mad_modelDiff.yml:102: update your workflow using https://app.stepsecurity.io/secureworkflow/github/codeql/mad_modelDiff.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/mad_modelDiff.yml:107: update your workflow using https://app.stepsecurity.io/secureworkflow/github/codeql/mad_modelDiff.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/mad_regenerate-models.yml:33: update your workflow using https://app.stepsecurity.io/secureworkflow/github/codeql/mad_regenerate-models.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/mad_regenerate-models.yml:37: update your workflow using https://app.stepsecurity.io/secureworkflow/github/codeql/mad_regenerate-models.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/mad_regenerate-models.yml:62: update your workflow using https://app.stepsecurity.io/secureworkflow/github/codeql/mad_regenerate-models.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/python-tooling.yml:24: update your workflow using https://app.stepsecurity.io/secureworkflow/github/codeql/python-tooling.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/python-tooling.yml:25: update your workflow using https://app.stepsecurity.io/secureworkflow/github/codeql/python-tooling.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/qhelp-pr-preview.yml:39: update your workflow using https://app.stepsecurity.io/secureworkflow/github/codeql/qhelp-pr-preview.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/qhelp-pr-preview.yml:46: update your workflow using https://app.stepsecurity.io/secureworkflow/github/codeql/qhelp-pr-preview.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/qhelp-pr-preview.yml:81: update your workflow using https://app.stepsecurity.io/secureworkflow/github/codeql/qhelp-pr-preview.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/qhelp-pr-preview.yml:97: update your workflow using https://app.stepsecurity.io/secureworkflow/github/codeql/qhelp-pr-preview.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ql-for-ql-build.yml:22: update your workflow using https://app.stepsecurity.io/secureworkflow/github/codeql/ql-for-ql-build.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ql-for-ql-build.yml:27: update your workflow using https://app.stepsecurity.io/secureworkflow/github/codeql/ql-for-ql-build.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ql-for-ql-build.yml:35: update your workflow using https://app.stepsecurity.io/secureworkflow/github/codeql/ql-for-ql-build.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ql-for-ql-build.yml:43: update your workflow using https://app.stepsecurity.io/secureworkflow/github/codeql/ql-for-ql-build.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ql-for-ql-build.yml:73: update your workflow using https://app.stepsecurity.io/secureworkflow/github/codeql/ql-for-ql-build.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ql-for-ql-build.yml:78: update your workflow using https://app.stepsecurity.io/secureworkflow/github/codeql/ql-for-ql-build.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ql-for-ql-build.yml:87: update your workflow using https://app.stepsecurity.io/secureworkflow/github/codeql/ql-for-ql-build.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ql-for-ql-dataset_measure.yml:28: update your workflow using https://app.stepsecurity.io/secureworkflow/github/codeql/ql-for-ql-dataset_measure.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ql-for-ql-dataset_measure.yml:32: update your workflow using https://app.stepsecurity.io/secureworkflow/github/codeql/ql-for-ql-dataset_measure.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ql-for-ql-dataset_measure.yml:37: update your workflow using https://app.stepsecurity.io/secureworkflow/github/codeql/ql-for-ql-dataset_measure.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ql-for-ql-dataset_measure.yml:49: update your workflow using https://app.stepsecurity.io/secureworkflow/github/codeql/ql-for-ql-dataset_measure.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ql-for-ql-dataset_measure.yml:68: update your workflow using https://app.stepsecurity.io/secureworkflow/github/codeql/ql-for-ql-dataset_measure.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ql-for-ql-dataset_measure.yml:78: update your workflow using https://app.stepsecurity.io/secureworkflow/github/codeql/ql-for-ql-dataset_measure.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ql-for-ql-dataset_measure.yml:79: update your workflow using https://app.stepsecurity.io/secureworkflow/github/codeql/ql-for-ql-dataset_measure.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ql-for-ql-dataset_measure.yml:86: update your workflow using https://app.stepsecurity.io/secureworkflow/github/codeql/ql-for-ql-dataset_measure.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ql-for-ql-tests.yml:27: update your workflow using https://app.stepsecurity.io/secureworkflow/github/codeql/ql-for-ql-tests.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ql-for-ql-tests.yml:30: update your workflow using https://app.stepsecurity.io/secureworkflow/github/codeql/ql-for-ql-tests.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ql-for-ql-tests.yml:35: update your workflow using https://app.stepsecurity.io/secureworkflow/github/codeql/ql-for-ql-tests.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ql-for-ql-tests.yml:67: update your workflow using https://app.stepsecurity.io/secureworkflow/github/codeql/ql-for-ql-tests.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ql-for-ql-tests.yml:75: update your workflow using https://app.stepsecurity.io/secureworkflow/github/codeql/ql-for-ql-tests.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ql-for-ql-tests.yml:80: update your workflow using https://app.stepsecurity.io/secureworkflow/github/codeql/ql-for-ql-tests.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/query-list.yml:26: update your workflow using https://app.stepsecurity.io/secureworkflow/github/codeql/query-list.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/query-list.yml:30: update your workflow using https://app.stepsecurity.io/secureworkflow/github/codeql/query-list.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/query-list.yml:40: update your workflow using https://app.stepsecurity.io/secureworkflow/github/codeql/query-list.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ruby-build.yml:50: update your workflow using https://app.stepsecurity.io/secureworkflow/github/codeql/ruby-build.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ruby-build.yml:64: update your workflow using https://app.stepsecurity.io/secureworkflow/github/codeql/ruby-build.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ruby-build.yml:72: update your workflow using https://app.stepsecurity.io/secureworkflow/github/codeql/ruby-build.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ruby-build.yml:95: update your workflow using https://app.stepsecurity.io/secureworkflow/github/codeql/ruby-build.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ruby-build.yml:100: update your workflow using https://app.stepsecurity.io/secureworkflow/github/codeql/ruby-build.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ruby-build.yml:105: update your workflow using https://app.stepsecurity.io/secureworkflow/github/codeql/ruby-build.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ruby-build.yml:116: update your workflow using https://app.stepsecurity.io/secureworkflow/github/codeql/ruby-build.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ruby-build.yml:137: update your workflow using https://app.stepsecurity.io/secureworkflow/github/codeql/ruby-build.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ruby-build.yml:149: update your workflow using https://app.stepsecurity.io/secureworkflow/github/codeql/ruby-build.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ruby-build.yml:150: update your workflow using https://app.stepsecurity.io/secureworkflow/github/codeql/ruby-build.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ruby-build.yml:154: update your workflow using https://app.stepsecurity.io/secureworkflow/github/codeql/ruby-build.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ruby-build.yml:158: update your workflow using https://app.stepsecurity.io/secureworkflow/github/codeql/ruby-build.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ruby-build.yml:162: update your workflow using https://app.stepsecurity.io/secureworkflow/github/codeql/ruby-build.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ruby-build.yml:175: update your workflow using https://app.stepsecurity.io/secureworkflow/github/codeql/ruby-build.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ruby-build.yml:181: update your workflow using https://app.stepsecurity.io/secureworkflow/github/codeql/ruby-build.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ruby-build.yml:193: update your workflow using https://app.stepsecurity.io/secureworkflow/github/codeql/ruby-build.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ruby-build.yml:212: update your workflow using https://app.stepsecurity.io/secureworkflow/github/codeql/ruby-build.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ruby-build.yml:217: update your workflow using https://app.stepsecurity.io/secureworkflow/github/codeql/ruby-build.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ruby-dataset-measure.yml:33: update your workflow using https://app.stepsecurity.io/secureworkflow/github/codeql/ruby-dataset-measure.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ruby-dataset-measure.yml:40: update your workflow using https://app.stepsecurity.io/secureworkflow/github/codeql/ruby-dataset-measure.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ruby-dataset-measure.yml:55: update your workflow using https://app.stepsecurity.io/secureworkflow/github/codeql/ruby-dataset-measure.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ruby-dataset-measure.yml:65: update your workflow using https://app.stepsecurity.io/secureworkflow/github/codeql/ruby-dataset-measure.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ruby-dataset-measure.yml:66: update your workflow using https://app.stepsecurity.io/secureworkflow/github/codeql/ruby-dataset-measure.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ruby-dataset-measure.yml:72: update your workflow using https://app.stepsecurity.io/secureworkflow/github/codeql/ruby-dataset-measure.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ruby-qltest-rtjo.yml:28: update your workflow using https://app.stepsecurity.io/secureworkflow/github/codeql/ruby-qltest-rtjo.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ruby-qltest.yml:39: update your workflow using https://app.stepsecurity.io/secureworkflow/github/codeql/ruby-qltest.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ruby-qltest.yml:61: update your workflow using https://app.stepsecurity.io/secureworkflow/github/codeql/ruby-qltest.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/rust-analysis.yml:38: update your workflow using https://app.stepsecurity.io/secureworkflow/github/codeql/rust-analysis.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/rust-analysis.yml:54: update your workflow using https://app.stepsecurity.io/secureworkflow/github/codeql/rust-analysis.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/rust-analysis.yml:61: update your workflow using https://app.stepsecurity.io/secureworkflow/github/codeql/rust-analysis.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/rust-analysis.yml:64: update your workflow using https://app.stepsecurity.io/secureworkflow/github/codeql/rust-analysis.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/rust.yml:33: update your workflow using https://app.stepsecurity.io/secureworkflow/github/codeql/rust.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/rust.yml:56: update your workflow using https://app.stepsecurity.io/secureworkflow/github/codeql/rust.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/rust.yml:72: update your workflow using https://app.stepsecurity.io/secureworkflow/github/codeql/rust.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/swift.yml:39: update your workflow using https://app.stepsecurity.io/secureworkflow/github/codeql/swift.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/swift.yml:56: update your workflow using https://app.stepsecurity.io/secureworkflow/github/codeql/swift.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/swift.yml:64: update your workflow using https://app.stepsecurity.io/secureworkflow/github/codeql/swift.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/swift.yml:73: update your workflow using https://app.stepsecurity.io/secureworkflow/github/codeql/swift.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/swift.yml:80: update your workflow using https://app.stepsecurity.io/secureworkflow/github/codeql/swift.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/sync-files.yml:20: update your workflow using https://app.stepsecurity.io/secureworkflow/github/codeql/sync-files.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/tree-sitter-extractor-test.yml:33: update your workflow using https://app.stepsecurity.io/secureworkflow/github/codeql/tree-sitter-extractor-test.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/tree-sitter-extractor-test.yml:41: update your workflow using https://app.stepsecurity.io/secureworkflow/github/codeql/tree-sitter-extractor-test.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/tree-sitter-extractor-test.yml:47: update your workflow using https://app.stepsecurity.io/secureworkflow/github/codeql/tree-sitter-extractor-test.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/validate-change-notes.yml:26: update your workflow using https://app.stepsecurity.io/secureworkflow/github/codeql/validate-change-notes.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/zipmerge-test.yml:21: update your workflow using https://app.stepsecurity.io/secureworkflow/github/codeql/zipmerge-test.yml/main?enable=pin","Warn: containerImage not pinned by hash: .devcontainer/Dockerfile.codespaces:1: pin your Docker image by updating mcr.microsoft.com/devcontainers/base:ubuntu-24.04 to mcr.microsoft.com/devcontainers/base:ubuntu-24.04@sha256:daa08ddb48ad4e4e7367c348e0a6f250762f1f0d8348f1f9acbef5f884ce093d","Warn: pipCommand not pinned by hash: python/extractor/cli-integration-test/ignore-venv/test.sh:22","Warn: pipCommand not pinned by hash: python/extractor/cli-integration-test/pip-21.3-build-dir/test.sh:22","Warn: pipCommand not pinned by hash: python/extractor/cli-integration-test/pip-21.3-build-dir/test.sh:25","Warn: pipCommand not pinned by hash: python/tools/recorded-call-graph-metrics/helper.sh:91","Warn: npmCommand not pinned by hash: .github/workflows/mad_modelDiff.yml:89","Warn: pipCommand not pinned by hash: .github/workflows/ql-for-ql-dataset_measure.yml:84","Warn: pipCommand not pinned by hash: .github/workflows/ruby-dataset-measure.yml:70","Info:   0 out of 133 GitHub-owned GitHubAction dependencies pinned","Info:   4 out of   4 third-party GitHubAction dependencies pinned","Info:   0 out of   1 containerImage dependencies pinned","Info:   0 out of   6 pipCommand dependencies pinned","Info:   0 out of   1 npmCommand dependencies pinned"],"documentation":{"short":"Determines if the project has declared and pinned the dependencies of its build process.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#pinned-dependencies"}},{"name":"Vulnerabilities","score":0,"reason":"260 existing vulnerabilities detected","details":["Warn: Project is vulnerable to: RUSTSEC-2021-0153","Warn: Project is vulnerable to: GO-2024-3333","Warn: Project is vulnerable to: GO-2025-3503 / GHSA-qxp5-gwg8-xv66","Warn: Project is vulnerable to: GO-2025-3595 / GHSA-vvgc-356p-c3xw","Warn: Project is vulnerable to: GO-2022-0236 / GHSA-h86h-8ppg-mxmh","Warn: Project is vulnerable to: GO-2021-0238 / GHSA-83g2-8m93-v3w7","Warn: Project is vulnerable to: GO-2022-0288","Warn: Project is vulnerable to: GO-2022-0969 / GHSA-69cg-p879-7622","Warn: Project is vulnerable to: GO-2022-1144 / GHSA-xrjj-mj9h-534m","Warn: Project is vulnerable to: GO-2023-1571 / GHSA-vvpx-j8f3-3w6h","Warn: Project is vulnerable to: GO-2023-1988 / GHSA-2wrh-6pvc-2jm9","Warn: Project is vulnerable to: GO-2023-2102 / GHSA-4374-p667-p6c8","Warn: Project is vulnerable to: GO-2023-2153 / GHSA-m425-mq94-257g / GHSA-qppj-fm5r-hxr3","Warn: Project is vulnerable to: GO-2024-2687 / GHSA-4v7x-pqxf-cx7m","Warn: Project is vulnerable to: GO-2021-0052 / GHSA-h395-qcrw-5vmq","Warn: Project is vulnerable to: GHSA-3vp4-m3rf-835h","Warn: Project is vulnerable to: GO-2023-1737 / GHSA-2c4m-59x9-fr2g","Warn: Project is vulnerable to: GO-2023-2334 / GHSA-2c7c-3mj9-8fqh","Warn: Project is vulnerable to: GO-2024-2631 / GHSA-c5q2-7r4c-mv6g","Warn: Project is vulnerable to: GO-2025-3485 / GHSA-c6gw-w398-hv78","Warn: Project is vulnerable to: GO-2025-3553 / GHSA-mh63-6h87-95cp","Warn: Project is vulnerable to: GO-2023-2402 / GHSA-45x7-px36-x8w8","Warn: Project is vulnerable to: GO-2024-3321 / GHSA-v778-237x-gjrc","Warn: Project is vulnerable to: GO-2025-3487 / GHSA-hcg3-q754-cr77","Warn: Project is vulnerable to: GO-2025-3770 / GHSA-vrw8-fxc6-2r93","Warn: Project is vulnerable to: GO-2024-2574 / GHSA-fmg4-x8pw-hjhg","Warn: Project is vulnerable to: GO-2024-2959 / GHSA-98j2-3j3p-fw2v","Warn: Project is vulnerable to: GO-2025-3845 / GHSA-qx2q-88mx-vhg7","Warn: Project is vulnerable to: GO-2024-2955 / GHSA-869c-j7wc-8jqv","Warn: Project is vulnerable to: GO-2024-2883 / GHSA-mh55-gqvf-xfwm","Warn: Project is vulnerable to: GO-2024-2611 / GHSA-8r3f-844c-mc37","Warn: Project is vulnerable to: GO-2023-2052 / GHSA-3q5p-3558-364f","Warn: Project is vulnerable to: GO-2025-3706","Warn: Project is vulnerable to: GO-2025-3372 / GHSA-6wxm-mpqj-6jpf","Warn: Project is vulnerable to: GO-2022-0463","Warn: Project is vulnerable to: GO-2022-0569","Warn: Project is vulnerable to: GO-2022-0572","Warn: Project is vulnerable to: GO-2025-3585 / GHSA-2j42-h78h-q4fg","Warn: Project is vulnerable to: GO-2022-0209 / GHSA-r5c5-pr8j-pfp7","Warn: Project is vulnerable to: GO-2023-1992 / GHSA-x3jr-pf6g-c48f","Warn: Project is vulnerable to: GO-2022-0229 / GHSA-cjjc-xp8v-855w","Warn: Project is vulnerable to: GO-2022-0197 / GHSA-4r78-hx75-jjj2 / GHSA-mv93-wvcp-7m7r","Warn: Project is vulnerable to: GO-2020-0014 / GHSA-vfw5-hrgq-h5wf","Warn: Project is vulnerable to: GO-2022-0272","Warn: Project is vulnerable to: GO-2022-0762 / GHSA-3x58-xr87-2fcj","Warn: Project is vulnerable to: GO-2022-0588 / GHSA-x95h-979x-cf3j","Warn: Project is vulnerable to: GO-2024-3016 / GHSA-r6qh-j42j-pw64","Warn: Project is vulnerable to: GHSA-wr3p-r5fj-wf97","Warn: Project is vulnerable to: GO-2024-3331 / GHSA-9j3m-fr7q-jxfw","Warn: Project is vulnerable to: GO-2021-0051 / GHSA-j453-hm5x-c46w","Warn: Project is vulnerable to: GO-2022-1031 / GHSA-crxj-hrmp-4rwf","Warn: Project is vulnerable to: GO-2023-1941 / GHSA-4r8x-2p26-976p","Warn: Project is vulnerable to: GO-2024-2456 / GHSA-449p-3h89-pw88","Warn: Project is vulnerable to: GO-2024-2466 / GHSA-mw99-9chc-xw7r","Warn: Project is vulnerable to: GHSA-r9px-m959-cxf4","Warn: Project is vulnerable to: GO-2023-2115 / GHSA-94w9-97p3-p368","Warn: Project is vulnerable to: GHSA-mv73-f69x-444p","Warn: Project is vulnerable to: GO-2022-0619 / GHSA-r48q-9g5r-8q2h","Warn: Project is vulnerable to: GO-2023-2074 / GHSA-m9xq-6h2j-65r2","Warn: Project is vulnerable to: GO-2024-3205 / GHSA-xhr3-wf7j-h255","Warn: Project is vulnerable to: GO-2021-0227 / GHSA-3vm4-22fp-5rfm","Warn: Project is vulnerable to: GO-2022-0968 / GHSA-gwc9-m7rh-j2ww","Warn: Project is vulnerable to: GO-2021-0356 / GHSA-8c26-wmh5-6g9v","Warn: Project is vulnerable to: GO-2025-3488 / GHSA-6v2p-p543-phr9","Warn: Project is vulnerable to: GO-2021-0064 / GHSA-8cfg-vx93-jvxw","Warn: Project is vulnerable to: GO-2020-0039 / GHSA-733f-44f3-3frw","Warn: Project is vulnerable to: GO-2021-0112 / GHSA-f6mq-5m25-4r72","Warn: Project is vulnerable to: GO-2025-3764 / GHSA-6xp3-p59p-q4fj","Warn: Project is vulnerable to: GO-2024-2961","Warn: Project is vulnerable to: GO-2022-0493 / GHSA-p782-xgp4-8hr8","Warn: Project is vulnerable to: GO-2021-0113 / GHSA-ppp9-7jff-5vj2","Warn: Project is vulnerable to: GO-2022-1059 / GHSA-69ch-w2m2-3vjp","Warn: Project is vulnerable to: GO-2022-0603 / GHSA-hp87-p4gw-j4gq","Warn: Project is vulnerable to: GO-2024-2920 / GHSA-2hmf-46v7-v6fx","Warn: Project is vulnerable to: GO-2022-0322 / GHSA-cg3q-j54f-5p7p","Warn: Project is vulnerable to: GO-2020-0012 / GHSA-ffhg-7mh4-33c4","Warn: Project is vulnerable to: GO-2022-0536 / GHSA-39qc-96h7-956f / GHSA-hgr8-6h9x-f7q9","Warn: Project is vulnerable to: GO-2020-0015 / GHSA-5rcv-m4m3-hfh7","Warn: Project is vulnerable to: GO-2020-0048 / GHSA-93m7-c69f-5cfj","Warn: Project is vulnerable to: GO-2024-3250 / GHSA-29wx-vh33-7x7r","Warn: Project is vulnerable to: GO-2023-1631 / GHSA-hw7c-3rfg-p46j","Warn: Project is vulnerable to: GHSA-6x4w-8w53-xrvv","Warn: Project is vulnerable to: GHSA-cj7v-27pg-wf7q","Warn: Project is vulnerable to: GHSA-hmr7-m48g-48f6","Warn: Project is vulnerable to: GHSA-qh8g-58pp-2wxh","Warn: Project is vulnerable to: GHSA-26vr-8j45-3r4w","Warn: Project is vulnerable to: GHSA-6x9x-8qw9-9pp6","Warn: Project is vulnerable to: GHSA-7vx9-xjhr-rw6h","Warn: Project is vulnerable to: GHSA-84q7-p226-4x5w","Warn: Project is vulnerable to: GHSA-872g-2h8h-362q","Warn: Project is vulnerable to: GHSA-9rgv-h7x4-qw8g","Warn: Project is vulnerable to: GHSA-h2f4-v4c4-6wx4","Warn: Project is vulnerable to: GHSA-m6cp-vxjx-65j6","Warn: Project is vulnerable to: GHSA-p26g-97m4-6q7c","Warn: Project is vulnerable to: GHSA-qw69-rqj8-6qw8","Warn: Project is vulnerable to: GHSA-r28m-g6j9-r2h5","Warn: Project is vulnerable to: GHSA-vgg8-72f2-qm23","Warn: Project is vulnerable to: GHSA-wfcc-pff6-rgc5","Warn: Project is vulnerable to: GHSA-xc67-hjx6-cgg6","Warn: Project is vulnerable to: GHSA-g3wg-6mcf-8jj6","Warn: Project is vulnerable to: GHSA-58qw-p7qm-5rvh","Warn: Project is vulnerable to: GHSA-vmq6-5m68-f53m","Warn: Project is vulnerable to: GHSA-668q-qrv7-99fm","Warn: Project is vulnerable to: GHSA-6v67-2wr5-gvf4","Warn: Project is vulnerable to: GHSA-pr98-23f8-jwxv","Warn: Project is vulnerable to: GHSA-h46c-h94j-95f3","Warn: Project is vulnerable to: GHSA-wf8f-6423-gfxg","Warn: Project is vulnerable to: GHSA-3x8x-79m2-3w2w","Warn: Project is vulnerable to: GHSA-57j2-w4cx-62h2","Warn: Project is vulnerable to: GHSA-jjjh-jjxp-wpff","Warn: Project is vulnerable to: GHSA-rgv9-q543-rqg4","Warn: Project is vulnerable to: GHSA-27hp-xhwr-wr2m","Warn: Project is vulnerable to: GHSA-5j33-cvvr-w245","Warn: Project is vulnerable to: GHSA-7w75-32cg-r6g2","Warn: Project is vulnerable to: GHSA-83qj-6fr2-vhqg","Warn: Project is vulnerable to: GHSA-fccv-jmmp-qg76","Warn: Project is vulnerable to: GHSA-g8pj-r55q-5c2v","Warn: Project is vulnerable to: GHSA-h2fw-rfh5-95r3","Warn: Project is vulnerable to: GHSA-h3gc-qfqq-6h8f","Warn: Project is vulnerable to: GHSA-hfrx-6qgj-fp6c","Warn: Project is vulnerable to: GHSA-j39c-c8hj-x4j3","Warn: Project is vulnerable to: GHSA-p22x-g9px-3945","Warn: Project is vulnerable to: GHSA-q3mw-pvr8-9ggc","Warn: Project is vulnerable to: GHSA-r6j3-px5g-cq3x","Warn: Project is vulnerable to: GHSA-rq2w-37h9-vg94","Warn: Project is vulnerable to: GHSA-wc4r-xq3c-5cf3","Warn: Project is vulnerable to: GHSA-wm9w-rjj3-j356","Warn: Project is vulnerable to: GHSA-v682-8vv8-vpwr","Warn: Project is vulnerable to: GHSA-v6w3-2prq-h95f","Warn: Project is vulnerable to: GHSA-rc42-6c7j-7h5r","Warn: Project is vulnerable to: GHSA-jjfh-589g-3hjx","Warn: Project is vulnerable to: GHSA-g5h3-w546-pj7f","Warn: Project is vulnerable to: GHSA-xf96-w227-r7c4","Warn: Project is vulnerable to: GHSA-36p3-wjmg-h94x","Warn: Project is vulnerable to: GHSA-hh26-6xwr-ggv7","Warn: Project is vulnerable to: GHSA-4gc7-5j7h-4qph","Warn: Project is vulnerable to: GHSA-4wp7-92pw-q264","Warn: Project is vulnerable to: GHSA-g5mm-vmx4-3rg7","Warn: Project is vulnerable to: GHSA-6gf2-pvqw-37ph","Warn: Project is vulnerable to: GHSA-rfmp-97jj-h8m6","Warn: Project is vulnerable to: GHSA-558x-2xjg-6232","Warn: Project is vulnerable to: GHSA-564r-hj7v-mcr5","Warn: Project is vulnerable to: GHSA-9cmq-m9j5-mvww","Warn: Project is vulnerable to: GHSA-wxqc-pxw9-g2p8","Warn: Project is vulnerable to: GHSA-2rmj-mq67-h97g","Warn: Project is vulnerable to: GHSA-2wrp-6fg6-hmc5","Warn: Project is vulnerable to: GHSA-4wrc-f8pq-fpqp","Warn: Project is vulnerable to: GHSA-ccgv-vj62-xf9h","Warn: Project is vulnerable to: GHSA-gfwj-fwqj-fp3v","Warn: Project is vulnerable to: GHSA-hgjh-9rj2-g67j","Warn: Project is vulnerable to: GHSA-g5vr-rgqm-vf78","Warn: Project is vulnerable to: GHSA-3mc7-4q67-w48m","Warn: Project is vulnerable to: GHSA-98wm-3w3q-mw94","Warn: Project is vulnerable to: GHSA-9w3m-gqgf-c4p9","Warn: Project is vulnerable to: GHSA-c4r9-r8fh-9vj2","Warn: Project is vulnerable to: GHSA-hhhw-99gj-p3c3","Warn: Project is vulnerable to: GHSA-mjmj-j48q-9wg2","Warn: Project is vulnerable to: GHSA-w37g-rhq8-7m4j","Warn: Project is vulnerable to: GHSA-288c-cq4h-88gq","Warn: Project is vulnerable to: GHSA-4w82-r329-3q67","Warn: Project is vulnerable to: GHSA-5949-rw7g-wx7w","Warn: Project is vulnerable to: GHSA-5r5r-6hpj-8gg9","Warn: Project is vulnerable to: GHSA-5ww9-j83m-q7qx","Warn: Project is vulnerable to: GHSA-6fpp-rgj9-8rwc","Warn: Project is vulnerable to: GHSA-85cw-hj65-qqv9","Warn: Project is vulnerable to: GHSA-89qr-369f-5m5x","Warn: Project is vulnerable to: GHSA-8c4j-34r4-xr8g","Warn: Project is vulnerable to: GHSA-8w26-6f25-cm9x","Warn: Project is vulnerable to: GHSA-9gph-22xh-8x98","Warn: Project is vulnerable to: GHSA-9m6f-7xcq-8vf8","Warn: Project is vulnerable to: GHSA-cf6r-3wgc-h863","Warn: Project is vulnerable to: GHSA-cmfg-87vq-g5g4","Warn: Project is vulnerable to: GHSA-cvm9-fjm9-3572","Warn: Project is vulnerable to: GHSA-f3j5-rmmp-3fc5","Warn: Project is vulnerable to: GHSA-f9xh-2qgp-cq57","Warn: Project is vulnerable to: GHSA-fmmc-742q-jg75","Warn: Project is vulnerable to: GHSA-fqwf-pjwf-7vqv","Warn: Project is vulnerable to: GHSA-gjmw-vf9h-g25v","Warn: Project is vulnerable to: GHSA-gwp4-hfv6-p7hw","Warn: Project is vulnerable to: GHSA-gww7-p5w4-wrfv","Warn: Project is vulnerable to: GHSA-h3cw-g4mq-c5x2","Warn: Project is vulnerable to: GHSA-h822-r4r5-v8jg","Warn: Project is vulnerable to: GHSA-m6x4-97wx-4q27","Warn: Project is vulnerable to: GHSA-mph4-vhrx-mv67","Warn: Project is vulnerable to: GHSA-mx7p-6679-8g3q","Warn: Project is vulnerable to: GHSA-p43x-xfjf-5jhr","Warn: Project is vulnerable to: GHSA-q93h-jc49-78gg","Warn: Project is vulnerable to: GHSA-qjw2-hr98-qgfh","Warn: Project is vulnerable to: GHSA-r3gr-cxrf-hg25","Warn: Project is vulnerable to: GHSA-r695-7vr9-jgc2","Warn: Project is vulnerable to: GHSA-rpr3-cw39-3pxh","Warn: Project is vulnerable to: GHSA-v585-23hc-c647","Warn: Project is vulnerable to: GHSA-vfqx-33qm-g869","Warn: Project is vulnerable to: GHSA-wh8g-3j2c-rqj5","Warn: Project is vulnerable to: GHSA-5mg8-w23w-74h3","Warn: Project is vulnerable to: GHSA-7g45-4rm6-3mm3","Warn: Project is vulnerable to: GHSA-w33c-445m-f8w7","Warn: Project is vulnerable to: GHSA-wxr5-93ph-8wr9","Warn: Project is vulnerable to: GHSA-pvp8-3xj6-8c6x","Warn: Project is vulnerable to: GHSA-vv7r-c36w-3prj","Warn: Project is vulnerable to: GHSA-78wr-2p64-hpwj","Warn: Project is vulnerable to: GHSA-gwrp-pvrq-jmwv","Warn: Project is vulnerable to: GHSA-j288-q9x7-2f5v","Warn: Project is vulnerable to: GHSA-cgp8-4m63-fhh5","Warn: Project is vulnerable to: GHSA-p75g-cxfj-7wrx","Warn: Project is vulnerable to: GHSA-wxx5-w9jc-48wx","Warn: Project is vulnerable to: GHSA-2qrg-x229-3v8q","Warn: Project is vulnerable to: GHSA-65fg-84f6-3jq3","Warn: Project is vulnerable to: GHSA-f7vh-qwp3-x37m","Warn: Project is vulnerable to: GHSA-fp5r-v3w9-4333","Warn: Project is vulnerable to: GHSA-w9p3-5cr8-m3jj","Warn: Project is vulnerable to: GHSA-7rjr-3q55-vv33","Warn: Project is vulnerable to: GHSA-8489-44mv-ggj8","Warn: Project is vulnerable to: GHSA-jfh8-c2jp-5v3q","Warn: Project is vulnerable to: GHSA-p6xc-xr62-6r2g","Warn: Project is vulnerable to: GHSA-45x9-q6vj-cqgq","Warn: Project is vulnerable to: GHSA-4cf5-xmhp-3xj7","Warn: Project is vulnerable to: GHSA-jc7h-c423-mpjc","Warn: Project is vulnerable to: GHSA-2qp4-g3q3-f92w","Warn: Project is vulnerable to: GHSA-cqj8-47ch-rvvq","Warn: Project is vulnerable to: GHSA-gp7f-rwcx-9369","Warn: Project is vulnerable to: GHSA-2mrq-w8pv-5pvq","Warn: Project is vulnerable to: GHSA-3pqg-4rqg-pg9g","Warn: Project is vulnerable to: GHSA-9c8w-jrw3-q2c3","Warn: Project is vulnerable to: GHSA-pcf2-gh6g-h5r2","Warn: Project is vulnerable to: GHSA-vp37-2f9p-3vr3","Warn: Project is vulnerable to: GHSA-7c2q-5qmr-v76q","Warn: Project is vulnerable to: GHSA-8m5h-hrqm-pxm2","Warn: Project is vulnerable to: GHSA-q77q-vx4q-xx6q","Warn: Project is vulnerable to: GHSA-r68h-jhhj-9jvm","Warn: Project is vulnerable to: GHSA-mqvr-2rp8-j7h4","Warn: Project is vulnerable to: GHSA-4487-x383-qpph","Warn: Project is vulnerable to: GHSA-8crv-49fr-2h6j","Warn: Project is vulnerable to: GHSA-f866-m9mv-2xr3","Warn: Project is vulnerable to: GHSA-g8hw-794c-4j9g","Warn: Project is vulnerable to: GHSA-pgf9-h69p-pcgf","Warn: Project is vulnerable to: GHSA-rcpf-vj53-7h2m","Warn: Project is vulnerable to: GHSA-rhcg-rwhx-qj3j","Warn: Project is vulnerable to: GHSA-wv88-pf73-x22p","Warn: Project is vulnerable to: GHSA-cx7f-g6mp-7hqm","Warn: Project is vulnerable to: GHSA-w3c8-7r8f-9jp8","Warn: Project is vulnerable to: GHSA-rvwf-54qp-4r6v","Warn: Project is vulnerable to: GHSA-h65f-jvqw-m9fj","Warn: Project is vulnerable to: PYSEC-2021-142 / GHSA-8q59-q68h-6hv4","Warn: Project is vulnerable to: PYSEC-2018-49 / GHSA-rprw-h62v-c2w7","Warn: Project is vulnerable to: GHSA-jfmj-5v4g-7637","Warn: Project is vulnerable to: PYSEC-2018-66 / GHSA-562c-5r94-xh97","Warn: Project is vulnerable to: PYSEC-2019-179 / GHSA-5wv5-4vpf-pj6m","Warn: Project is vulnerable to: PYSEC-2023-62 / GHSA-m2qf-hxjv-5gpq","Warn: Project is vulnerable to: GHSA-m87m-mmvp-v9qm","Warn: Project is vulnerable to: PYSEC-2024-48 / GHSA-fj7x-q9j7-g6q6","Warn: Project is vulnerable to: GHSA-55x5-fj6c-h6m8","Warn: Project is vulnerable to: PYSEC-2014-9 / GHSA-57qw-cc2g-pv5p","Warn: Project is vulnerable to: PYSEC-2021-19 / GHSA-jq4v-f5q6-mjqq","Warn: Project is vulnerable to: GHSA-pgww-xf46-h92r","Warn: Project is vulnerable to: PYSEC-2022-230 / GHSA-wrxv-2j5q-m38w","Warn: Project is vulnerable to: PYSEC-2018-12 / GHSA-xp26-p53h-6h2p","Warn: Project is vulnerable to: RUSTSEC-2025-0047 / GHSA-qx2v-8332-m4fv","Warn: Project is vulnerable to: RUSTSEC-2024-0384","Warn: Project is vulnerable to: RUSTSEC-2023-0071"],"documentation":{"short":"Determines if the project has open, known unfixed vulnerabilities.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#vulnerabilities"}}]},"last_synced_at":"2025-08-19T02:42:24.889Z","repository_id":36951762,"created_at":"2025-08-19T02:42:24.889Z","updated_at":"2025-08-19T02:42:24.889Z"},"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":31917765,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-04-16T18:22:33.417Z","status":"online","status_checked_at":"2026-04-17T02:00:06.879Z","response_time":62,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}}