Data

Tools

Indexes

Applications

Experiments

Repos

An open API service providing repository metadata for many open source software ecosystems.

Profiling_Guide

OpenSSF Scorecard report

4.7

Overall Score

26/50 High Risk
10/30 Medium Risk
10/20 Low Risk
Generated on August 11, 2025 | Scorecard vv5.2.1-40-gf6ed084d
Security Checks
10/10
Binary-Artifacts
High Risk

no binaries found in the repo

Determines if the project has generated executable (binary) artifacts in the source repository.

10/10
License
Low Risk

license file detected

Determines if the project has defined a license.

Show details
ℹ️ Info: project has a license file: LICENSE:0
ℹ️ Info: FSF or OSI recognized license: Apache License 2.0: LICENSE:0
10/10
Security-Policy
Medium Risk

security policy file detected

Determines if the project has published a security policy.

Show details
ℹ️ Info: security policy file detected: github.com/IntelPython/.github/SECURITY.md:1
ℹ️ Info: Found linked content: github.com/IntelPython/.github/SECURITY.md:1
ℹ️ Info: Found disclosure, vulnerability, and/or timelines in security policy: github.com/IntelPython/.github/SECURITY.md:1
ℹ️ Info: Found text in security policy: github.com/IntelPython/.github/SECURITY.md:1
10/10
Vulnerabilities
High Risk

0 existing vulnerabilities detected

Determines if the project has open, known unfixed vulnerabilities.

6/10
Branch-Protection
High Risk

branch protection is not maximal on development and all release branches

Determines if the default and release branches are protected with GitHub's branch protection settings.

Show details
ℹ️ Info: 'allow deletion' disabled on branch 'main'
ℹ️ Info: 'force pushes' disabled on branch 'main'
⚠️ Warn: 'branch protection settings apply to administrators' is disabled on branch 'main'
⚠️ Warn: required approving review count is 1 on branch 'main'
⚠️ Warn: codeowners review is not required on branch 'main'
⚠️ Warn: no status checks found to merge onto branch 'main'
ℹ️ Info: PRs are required in order to make changes on branch 'main'
0/10
CII-Best-Practices
Low Risk

no effort to earn an OpenSSF best practices badge detected

Determines if the project has an OpenSSF (formerly CII) Best Practices Badge.

0/10
Code-Review
High Risk

Found 1/30 approved changesets -- score normalized to 0

Determines if the project requires human code review before pull requests (aka merge requests) are merged.

0/10
Fuzzing
Medium Risk

project is not fuzzed

Determines if the project uses fuzzing.

Show details
⚠️ Warn: no fuzzer integrations found
0/10
Maintained
High Risk

0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0

Determines if the project is "actively maintained".

0/10
SAST
Medium Risk

SAST tool is not run on all commits -- score normalized to 0

Determines if the project uses static code analysis.

Show details
⚠️ Warn: 0 commits out of 2 are checked with a SAST tool
N/A
Dangerous-Workflow
Not Applicable

no workflows found

Determines if the project's GitHub Action workflows avoid dangerous patterns.

N/A
Packaging
Not Applicable

packaging workflow not detected

Determines if the project is published as a package that others can easily download, install, easily update, and uninstall.

Show details
⚠️ Warn: no GitHub/GitLab publishing workflow detected.
N/A
Pinned-Dependencies
Not Applicable

no dependencies found

Determines if the project has declared and pinned the dependencies of its build process.

N/A
Signed-Releases
Not Applicable

no releases found

Determines if the project cryptographically signs release artifacts.

N/A
Token-Permissions
Not Applicable

No tokens found

Determines if the project's workflows follow the principle of least privilege.

Links
Repository Details
  • Stars 0
  • Forks 0
  • Open issues 1
  • License apache-2.0
  • Language Jupyter Notebook
  • Size 28.6 MB
  • Created at almost 3 years ago
  • Updated at over 1 year ago
  • Pushed at over 1 year ago
  • Last synced at about 1 year ago
  • Dependencies parsed at Pending