GitHub / arduino / arduino-fwuploader
A Command Line Tool made to update the firmware and/or add SSL certificates for any Arduino board equipped with WINC or NINA Wi-Fi module.
JSON API: http://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/arduino%2Farduino-fwuploader
PURL: pkg:github/arduino/arduino-fwuploader
Stars: 62
Forks: 20
Open issues: 13
License: agpl-3.0
Language: Go
Size: 17.6 MB
Dependencies parsed at: Pending
Created at: almost 10 years ago
Updated at: 3 days ago
Pushed at: 3 days ago
Last synced at: 3 days ago
Commit Stats
Commits: 324
Authors: 21
Mean commits per author: 15.43
Development Distribution Score: 0.769
More commit stats: https://commits.ecosyste.ms/hosts/GitHub/repositories/arduino/arduino-fwuploader
Topics: arduino, command-line, firmware, go, golang, nina, tooling-team, winc1510
Funding Links https://github.com/sponsors/arduino, https://www.arduino.cc/en/Main/Donate
OpenSSF Scorecard report
3.6
Overall Score
10/10 Critical Risk
15/60 High Risk
10/40 Medium Risk
10/20 Low Risk
Generated on August 11, 2025
| Scorecard vv5.2.1-40-gf6ed084d
Security Checks
no binaries found in the repo
Determines if the project has generated executable (binary) artifacts in the source repository.
no dangerous workflow patterns detected
Determines if the project's GitHub Action workflows avoid dangerous patterns.
license file detected
Determines if the project has defined a license.
Show details
ℹ️
Info: project has a license file: LICENSE.txt:0
ℹ️
Info: FSF or OSI recognized license: GNU Affero General Public License v3.0: LICENSE.txt:0
security policy file detected
Determines if the project has published a security policy.
Show details
ℹ️
Info: security policy file detected: github.com/arduino/.github/SECURITY.md:1
ℹ️
Info: Found linked content: github.com/arduino/.github/SECURITY.md:1
ℹ️
Info: Found disclosure, vulnerability, and/or timelines in security policy: github.com/arduino/.github/SECURITY.md:1
ℹ️
Info: Found text in security policy: github.com/arduino/.github/SECURITY.md:1
Found 10/17 approved changesets -- score normalized to 5
Determines if the project requires human code review before pull requests (aka merge requests) are merged.
no effort to earn an OpenSSF best practices badge detected
Determines if the project has an OpenSSF (formerly CII) Best Practices Badge.
project is not fuzzed
Determines if the project uses fuzzing.
Show details
⚠️
Warn: no fuzzer integrations found
1 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0
Determines if the project is "actively maintained".
dependency not pinned by hash detected -- score normalized to 0
Determines if the project has declared and pinned the dependencies of its build process.
Show details
⚠️
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/check-general-formatting-task.yml:54: update your workflow using https://app.stepsecurity.io/secureworkflow/arduino/arduino-fwuploader/check-general-formatting-task.yml/main?enable=pin
⚠️
Warn: third-party GitHubAction not pinned by hash: .github/workflows/check-general-formatting-task.yml:57: update your workflow using https://app.stepsecurity.io/secureworkflow/arduino/arduino-fwuploader/check-general-formatting-task.yml/main?enable=pin
⚠️
Warn: third-party GitHubAction not pinned by hash: .github/workflows/check-general-formatting-task.yml:64: update your workflow using https://app.stepsecurity.io/secureworkflow/arduino/arduino-fwuploader/check-general-formatting-task.yml/main?enable=pin
⚠️
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/check-go-dependencies-task.yml:71: update your workflow using https://app.stepsecurity.io/secureworkflow/arduino/arduino-fwuploader/check-go-dependencies-task.yml/main?enable=pin
⚠️
Warn: third-party GitHubAction not pinned by hash: .github/workflows/check-go-dependencies-task.yml:77: update your workflow using https://app.stepsecurity.io/secureworkflow/arduino/arduino-fwuploader/check-go-dependencies-task.yml/main?enable=pin
⚠️
Warn: third-party GitHubAction not pinned by hash: .github/workflows/check-go-dependencies-task.yml:82: update your workflow using https://app.stepsecurity.io/secureworkflow/arduino/arduino-fwuploader/check-go-dependencies-task.yml/main?enable=pin
⚠️
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/check-go-dependencies-task.yml:88: update your workflow using https://app.stepsecurity.io/secureworkflow/arduino/arduino-fwuploader/check-go-dependencies-task.yml/main?enable=pin
⚠️
Warn: third-party GitHubAction not pinned by hash: .github/workflows/check-go-dependencies-task.yml:93: update your workflow using https://app.stepsecurity.io/secureworkflow/arduino/arduino-fwuploader/check-go-dependencies-task.yml/main?enable=pin
⚠️
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/check-go-dependencies-task.yml:114: update your workflow using https://app.stepsecurity.io/secureworkflow/arduino/arduino-fwuploader/check-go-dependencies-task.yml/main?enable=pin
⚠️
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/check-go-dependencies-task.yml:130: update your workflow using https://app.stepsecurity.io/secureworkflow/arduino/arduino-fwuploader/check-go-dependencies-task.yml/main?enable=pin
⚠️
Warn: third-party GitHubAction not pinned by hash: .github/workflows/check-go-dependencies-task.yml:136: update your workflow using https://app.stepsecurity.io/secureworkflow/arduino/arduino-fwuploader/check-go-dependencies-task.yml/main?enable=pin
⚠️
Warn: third-party GitHubAction not pinned by hash: .github/workflows/check-go-dependencies-task.yml:141: update your workflow using https://app.stepsecurity.io/secureworkflow/arduino/arduino-fwuploader/check-go-dependencies-task.yml/main?enable=pin
⚠️
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/check-go-dependencies-task.yml:147: update your workflow using https://app.stepsecurity.io/secureworkflow/arduino/arduino-fwuploader/check-go-dependencies-task.yml/main?enable=pin
⚠️
Warn: third-party GitHubAction not pinned by hash: .github/workflows/check-go-dependencies-task.yml:152: update your workflow using https://app.stepsecurity.io/secureworkflow/arduino/arduino-fwuploader/check-go-dependencies-task.yml/main?enable=pin
⚠️
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/check-markdown-task.yml:77: update your workflow using https://app.stepsecurity.io/secureworkflow/arduino/arduino-fwuploader/check-markdown-task.yml/main?enable=pin
⚠️
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/check-markdown-task.yml:80: update your workflow using https://app.stepsecurity.io/secureworkflow/arduino/arduino-fwuploader/check-markdown-task.yml/main?enable=pin
⚠️
Warn: third-party GitHubAction not pinned by hash: .github/workflows/check-markdown-task.yml:85: update your workflow using https://app.stepsecurity.io/secureworkflow/arduino/arduino-fwuploader/check-markdown-task.yml/main?enable=pin
⚠️
Warn: third-party GitHubAction not pinned by hash: .github/workflows/check-markdown-task.yml:88: update your workflow using https://app.stepsecurity.io/secureworkflow/arduino/arduino-fwuploader/check-markdown-task.yml/main?enable=pin
⚠️
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/check-markdown-task.yml:105: update your workflow using https://app.stepsecurity.io/secureworkflow/arduino/arduino-fwuploader/check-markdown-task.yml/main?enable=pin
⚠️
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/check-markdown-task.yml:108: update your workflow using https://app.stepsecurity.io/secureworkflow/arduino/arduino-fwuploader/check-markdown-task.yml/main?enable=pin
⚠️
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/check-markdown-task.yml:113: update your workflow using https://app.stepsecurity.io/secureworkflow/arduino/arduino-fwuploader/check-markdown-task.yml/main?enable=pin
⚠️
Warn: third-party GitHubAction not pinned by hash: .github/workflows/check-markdown-task.yml:118: update your workflow using https://app.stepsecurity.io/secureworkflow/arduino/arduino-fwuploader/check-markdown-task.yml/main?enable=pin
⚠️
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/check-mkdocs-task.yml:77: update your workflow using https://app.stepsecurity.io/secureworkflow/arduino/arduino-fwuploader/check-mkdocs-task.yml/main?enable=pin
⚠️
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/check-mkdocs-task.yml:80: update your workflow using https://app.stepsecurity.io/secureworkflow/arduino/arduino-fwuploader/check-mkdocs-task.yml/main?enable=pin
⚠️
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/check-mkdocs-task.yml:85: update your workflow using https://app.stepsecurity.io/secureworkflow/arduino/arduino-fwuploader/check-mkdocs-task.yml/main?enable=pin
⚠️
Warn: third-party GitHubAction not pinned by hash: .github/workflows/check-mkdocs-task.yml:93: update your workflow using https://app.stepsecurity.io/secureworkflow/arduino/arduino-fwuploader/check-mkdocs-task.yml/main?enable=pin
⚠️
Warn: third-party GitHubAction not pinned by hash: .github/workflows/check-notarization-certificates.yml:77: update your workflow using https://app.stepsecurity.io/secureworkflow/arduino/arduino-fwuploader/check-notarization-certificates.yml/main?enable=pin
⚠️
Warn: third-party GitHubAction not pinned by hash: .github/workflows/check-notarization-certificates.yml:132: update your workflow using https://app.stepsecurity.io/secureworkflow/arduino/arduino-fwuploader/check-notarization-certificates.yml/main?enable=pin
⚠️
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/check-prettier-formatting-task.yml:243: update your workflow using https://app.stepsecurity.io/secureworkflow/arduino/arduino-fwuploader/check-prettier-formatting-task.yml/main?enable=pin
⚠️
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/check-prettier-formatting-task.yml:246: update your workflow using https://app.stepsecurity.io/secureworkflow/arduino/arduino-fwuploader/check-prettier-formatting-task.yml/main?enable=pin
⚠️
Warn: third-party GitHubAction not pinned by hash: .github/workflows/check-prettier-formatting-task.yml:251: update your workflow using https://app.stepsecurity.io/secureworkflow/arduino/arduino-fwuploader/check-prettier-formatting-task.yml/main?enable=pin
⚠️
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/check-python-task.yml:71: update your workflow using https://app.stepsecurity.io/secureworkflow/arduino/arduino-fwuploader/check-python-task.yml/main?enable=pin
⚠️
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/check-python-task.yml:74: update your workflow using https://app.stepsecurity.io/secureworkflow/arduino/arduino-fwuploader/check-python-task.yml/main?enable=pin
⚠️
Warn: third-party GitHubAction not pinned by hash: .github/workflows/check-python-task.yml:82: update your workflow using https://app.stepsecurity.io/secureworkflow/arduino/arduino-fwuploader/check-python-task.yml/main?enable=pin
⚠️
Warn: third-party GitHubAction not pinned by hash: .github/workflows/check-python-task.yml:88: update your workflow using https://app.stepsecurity.io/secureworkflow/arduino/arduino-fwuploader/check-python-task.yml/main?enable=pin
⚠️
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/check-python-task.yml:102: update your workflow using https://app.stepsecurity.io/secureworkflow/arduino/arduino-fwuploader/check-python-task.yml/main?enable=pin
⚠️
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/check-python-task.yml:105: update your workflow using https://app.stepsecurity.io/secureworkflow/arduino/arduino-fwuploader/check-python-task.yml/main?enable=pin
⚠️
Warn: third-party GitHubAction not pinned by hash: .github/workflows/check-python-task.yml:113: update your workflow using https://app.stepsecurity.io/secureworkflow/arduino/arduino-fwuploader/check-python-task.yml/main?enable=pin
⚠️
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/deploy-cobra-mkdocs-versioned-poetry.yml:65: update your workflow using https://app.stepsecurity.io/secureworkflow/arduino/arduino-fwuploader/deploy-cobra-mkdocs-versioned-poetry.yml/main?enable=pin
⚠️
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/deploy-cobra-mkdocs-versioned-poetry.yml:68: update your workflow using https://app.stepsecurity.io/secureworkflow/arduino/arduino-fwuploader/deploy-cobra-mkdocs-versioned-poetry.yml/main?enable=pin
⚠️
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/deploy-cobra-mkdocs-versioned-poetry.yml:73: update your workflow using https://app.stepsecurity.io/secureworkflow/arduino/arduino-fwuploader/deploy-cobra-mkdocs-versioned-poetry.yml/main?enable=pin
⚠️
Warn: third-party GitHubAction not pinned by hash: .github/workflows/deploy-cobra-mkdocs-versioned-poetry.yml:83: update your workflow using https://app.stepsecurity.io/secureworkflow/arduino/arduino-fwuploader/deploy-cobra-mkdocs-versioned-poetry.yml/main?enable=pin
⚠️
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/generate-index.yml:34: update your workflow using https://app.stepsecurity.io/secureworkflow/arduino/arduino-fwuploader/generate-index.yml/main?enable=pin
⚠️
Warn: third-party GitHubAction not pinned by hash: .github/workflows/generate-index.yml:37: update your workflow using https://app.stepsecurity.io/secureworkflow/arduino/arduino-fwuploader/generate-index.yml/main?enable=pin
⚠️
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/generate-index.yml:40: update your workflow using https://app.stepsecurity.io/secureworkflow/arduino/arduino-fwuploader/generate-index.yml/main?enable=pin
⚠️
Warn: third-party GitHubAction not pinned by hash: .github/workflows/generate-index.yml:78: update your workflow using https://app.stepsecurity.io/secureworkflow/arduino/arduino-fwuploader/generate-index.yml/main?enable=pin
⚠️
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/publish-go-tester-task.yml:120: update your workflow using https://app.stepsecurity.io/secureworkflow/arduino/arduino-fwuploader/publish-go-tester-task.yml/main?enable=pin
⚠️
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/publish-go-tester-task.yml:123: update your workflow using https://app.stepsecurity.io/secureworkflow/arduino/arduino-fwuploader/publish-go-tester-task.yml/main?enable=pin
⚠️
Warn: third-party GitHubAction not pinned by hash: .github/workflows/publish-go-tester-task.yml:128: update your workflow using https://app.stepsecurity.io/secureworkflow/arduino/arduino-fwuploader/publish-go-tester-task.yml/main?enable=pin
⚠️
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/publish-go-tester-task.yml:141: update your workflow using https://app.stepsecurity.io/secureworkflow/arduino/arduino-fwuploader/publish-go-tester-task.yml/main?enable=pin
⚠️
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/publish-go-tester-task.yml:156: update your workflow using https://app.stepsecurity.io/secureworkflow/arduino/arduino-fwuploader/publish-go-tester-task.yml/main?enable=pin
⚠️
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/publish-go-tester-task.yml:171: update your workflow using https://app.stepsecurity.io/secureworkflow/arduino/arduino-fwuploader/publish-go-tester-task.yml/main?enable=pin
⚠️
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release-go-crosscompile-task.yml:51: update your workflow using https://app.stepsecurity.io/secureworkflow/arduino/arduino-fwuploader/release-go-crosscompile-task.yml/main?enable=pin
⚠️
Warn: third-party GitHubAction not pinned by hash: .github/workflows/release-go-crosscompile-task.yml:58: update your workflow using https://app.stepsecurity.io/secureworkflow/arduino/arduino-fwuploader/release-go-crosscompile-task.yml/main?enable=pin
⚠️
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release-go-crosscompile-task.yml:66: update your workflow using https://app.stepsecurity.io/secureworkflow/arduino/arduino-fwuploader/release-go-crosscompile-task.yml/main?enable=pin
⚠️
Warn: third-party GitHubAction not pinned by hash: .github/workflows/release-go-crosscompile-task.yml:71: update your workflow using https://app.stepsecurity.io/secureworkflow/arduino/arduino-fwuploader/release-go-crosscompile-task.yml/main?enable=pin
⚠️
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release-go-crosscompile-task.yml:80: update your workflow using https://app.stepsecurity.io/secureworkflow/arduino/arduino-fwuploader/release-go-crosscompile-task.yml/main?enable=pin
⚠️
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release-go-crosscompile-task.yml:115: update your workflow using https://app.stepsecurity.io/secureworkflow/arduino/arduino-fwuploader/release-go-crosscompile-task.yml/main?enable=pin
⚠️
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release-go-crosscompile-task.yml:118: update your workflow using https://app.stepsecurity.io/secureworkflow/arduino/arduino-fwuploader/release-go-crosscompile-task.yml/main?enable=pin
⚠️
Warn: third-party GitHubAction not pinned by hash: .github/workflows/release-go-crosscompile-task.yml:124: update your workflow using https://app.stepsecurity.io/secureworkflow/arduino/arduino-fwuploader/release-go-crosscompile-task.yml/main?enable=pin
⚠️
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release-go-crosscompile-task.yml:197: update your workflow using https://app.stepsecurity.io/secureworkflow/arduino/arduino-fwuploader/release-go-crosscompile-task.yml/main?enable=pin
⚠️
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release-go-crosscompile-task.yml:213: update your workflow using https://app.stepsecurity.io/secureworkflow/arduino/arduino-fwuploader/release-go-crosscompile-task.yml/main?enable=pin
⚠️
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release-go-crosscompile-task.yml:216: update your workflow using https://app.stepsecurity.io/secureworkflow/arduino/arduino-fwuploader/release-go-crosscompile-task.yml/main?enable=pin
⚠️
Warn: third-party GitHubAction not pinned by hash: .github/workflows/release-go-crosscompile-task.yml:223: update your workflow using https://app.stepsecurity.io/secureworkflow/arduino/arduino-fwuploader/release-go-crosscompile-task.yml/main?enable=pin
⚠️
Warn: third-party GitHubAction not pinned by hash: .github/workflows/release-go-crosscompile-task.yml:249: update your workflow using https://app.stepsecurity.io/secureworkflow/arduino/arduino-fwuploader/release-go-crosscompile-task.yml/main?enable=pin
⚠️
Warn: third-party GitHubAction not pinned by hash: .github/workflows/release-go-crosscompile-task.yml:260: update your workflow using https://app.stepsecurity.io/secureworkflow/arduino/arduino-fwuploader/release-go-crosscompile-task.yml/main?enable=pin
⚠️
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/sync-labels.yml:32: update your workflow using https://app.stepsecurity.io/secureworkflow/arduino/arduino-fwuploader/sync-labels.yml/main?enable=pin
⚠️
Warn: third-party GitHubAction not pinned by hash: .github/workflows/sync-labels.yml:36: update your workflow using https://app.stepsecurity.io/secureworkflow/arduino/arduino-fwuploader/sync-labels.yml/main?enable=pin
⚠️
Warn: third-party GitHubAction not pinned by hash: .github/workflows/sync-labels.yml:72: update your workflow using https://app.stepsecurity.io/secureworkflow/arduino/arduino-fwuploader/sync-labels.yml/main?enable=pin
⚠️
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/sync-labels.yml:77: update your workflow using https://app.stepsecurity.io/secureworkflow/arduino/arduino-fwuploader/sync-labels.yml/main?enable=pin
⚠️
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/sync-labels.yml:115: update your workflow using https://app.stepsecurity.io/secureworkflow/arduino/arduino-fwuploader/sync-labels.yml/main?enable=pin
⚠️
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/sync-labels.yml:118: update your workflow using https://app.stepsecurity.io/secureworkflow/arduino/arduino-fwuploader/sync-labels.yml/main?enable=pin
⚠️
Warn: third-party GitHubAction not pinned by hash: .github/workflows/sync-labels.yml:125: update your workflow using https://app.stepsecurity.io/secureworkflow/arduino/arduino-fwuploader/sync-labels.yml/main?enable=pin
⚠️
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test-go-integration-task.yml:85: update your workflow using https://app.stepsecurity.io/secureworkflow/arduino/arduino-fwuploader/test-go-integration-task.yml/main?enable=pin
⚠️
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test-go-integration-task.yml:88: update your workflow using https://app.stepsecurity.io/secureworkflow/arduino/arduino-fwuploader/test-go-integration-task.yml/main?enable=pin
⚠️
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test-go-integration-task.yml:93: update your workflow using https://app.stepsecurity.io/secureworkflow/arduino/arduino-fwuploader/test-go-integration-task.yml/main?enable=pin
⚠️
Warn: third-party GitHubAction not pinned by hash: .github/workflows/test-go-integration-task.yml:101: update your workflow using https://app.stepsecurity.io/secureworkflow/arduino/arduino-fwuploader/test-go-integration-task.yml/main?enable=pin
⚠️
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test-go-task.yml:91: update your workflow using https://app.stepsecurity.io/secureworkflow/arduino/arduino-fwuploader/test-go-task.yml/main?enable=pin
⚠️
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test-go-task.yml:94: update your workflow using https://app.stepsecurity.io/secureworkflow/arduino/arduino-fwuploader/test-go-task.yml/main?enable=pin
⚠️
Warn: third-party GitHubAction not pinned by hash: .github/workflows/test-go-task.yml:99: update your workflow using https://app.stepsecurity.io/secureworkflow/arduino/arduino-fwuploader/test-go-task.yml/main?enable=pin
⚠️
Warn: third-party GitHubAction not pinned by hash: .github/workflows/test-go-task.yml:111: update your workflow using https://app.stepsecurity.io/secureworkflow/arduino/arduino-fwuploader/test-go-task.yml/main?enable=pin
⚠️
Warn: pipCommand not pinned by hash: .github/workflows/check-mkdocs-task.yml:91
⚠️
Warn: pipCommand not pinned by hash: .github/workflows/check-python-task.yml:80
⚠️
Warn: pipCommand not pinned by hash: .github/workflows/check-python-task.yml:111
⚠️
Warn: pipCommand not pinned by hash: .github/workflows/deploy-cobra-mkdocs-versioned-poetry.yml:79
⚠️
Warn: pipCommand not pinned by hash: .github/workflows/deploy-cobra-mkdocs-versioned-poetry.yml:80
⚠️
Warn: pipCommand not pinned by hash: .github/workflows/generate-index.yml:46
⚠️
Warn: npmCommand not pinned by hash: .github/workflows/sync-labels.yml:43
⚠️
Warn: npmCommand not pinned by hash: .github/workflows/sync-labels.yml:137
⚠️
Warn: pipCommand not pinned by hash: .github/workflows/test-go-integration-task.yml:99
ℹ️
Info: 0 out of 47 GitHub-owned GitHubAction dependencies pinned
ℹ️
Info: 0 out of 34 third-party GitHubAction dependencies pinned
ℹ️
Info: 0 out of 7 pipCommand dependencies pinned
ℹ️
Info: 0 out of 2 npmCommand dependencies pinned
SAST tool is not run on all commits -- score normalized to 0
Determines if the project uses static code analysis.
Show details
⚠️
Warn: 0 commits out of 30 are checked with a SAST tool
Project has not signed or included provenance with any releases.
Determines if the project cryptographically signs release artifacts.
Show details
⚠️
Warn: release artifact 2.4.1 not signed: https://api.github.com/repos/arduino/arduino-fwuploader/releases/119393296
⚠️
Warn: release artifact 2.4.0 not signed: https://api.github.com/repos/arduino/arduino-fwuploader/releases/118169475
⚠️
Warn: release artifact 2.3.0 not signed: https://api.github.com/repos/arduino/arduino-fwuploader/releases/112947884
⚠️
Warn: release artifact 2.2.2 not signed: https://api.github.com/repos/arduino/arduino-fwuploader/releases/80098778
⚠️
Warn: release artifact 2.2.1 not signed: https://api.github.com/repos/arduino/arduino-fwuploader/releases/79443077
⚠️
Warn: release artifact 2.4.1 does not have provenance: https://api.github.com/repos/arduino/arduino-fwuploader/releases/119393296
⚠️
Warn: release artifact 2.4.0 does not have provenance: https://api.github.com/repos/arduino/arduino-fwuploader/releases/118169475
⚠️
Warn: release artifact 2.3.0 does not have provenance: https://api.github.com/repos/arduino/arduino-fwuploader/releases/112947884
⚠️
Warn: release artifact 2.2.2 does not have provenance: https://api.github.com/repos/arduino/arduino-fwuploader/releases/80098778
⚠️
Warn: release artifact 2.2.1 does not have provenance: https://api.github.com/repos/arduino/arduino-fwuploader/releases/79443077
detected GitHub workflow tokens with excessive permissions
Determines if the project's workflows follow the principle of least privilege.
Show details
ℹ️
Info: found token with 'none' permissions: .github/workflows/check-general-formatting-task.yml:1
ℹ️
Info: jobLevel 'contents' permission set to 'read': .github/workflows/check-general-formatting-task.yml:45
ℹ️
Info: found token with 'none' permissions: .github/workflows/check-go-dependencies-task.yml:1
ℹ️
Info: jobLevel 'contents' permission set to 'read': .github/workflows/check-go-dependencies-task.yml:67
ℹ️
Info: jobLevel 'contents' permission set to 'read': .github/workflows/check-go-dependencies-task.yml:126
ℹ️
Info: jobLevel 'contents' permission set to 'read': .github/workflows/check-markdown-task.yml:101
ℹ️
Info: found token with 'none' permissions: .github/workflows/check-markdown-task.yml:1
ℹ️
Info: jobLevel 'contents' permission set to 'read': .github/workflows/check-markdown-task.yml:73
ℹ️
Info: found token with 'none' permissions: .github/workflows/check-mkdocs-task.yml:1
ℹ️
Info: jobLevel 'contents' permission set to 'read': .github/workflows/check-mkdocs-task.yml:73
ℹ️
Info: found token with 'none' permissions: .github/workflows/check-prettier-formatting-task.yml:1
ℹ️
Info: jobLevel 'contents' permission set to 'read': .github/workflows/check-prettier-formatting-task.yml:239
ℹ️
Info: jobLevel 'contents' permission set to 'read': .github/workflows/check-python-task.yml:67
ℹ️
Info: jobLevel 'contents' permission set to 'read': .github/workflows/check-python-task.yml:98
ℹ️
Info: found token with 'none' permissions: .github/workflows/check-python-task.yml:1
ℹ️
Info: found token with 'none' permissions: .github/workflows/deploy-cobra-mkdocs-versioned-poetry.yml:1
⚠️
Warn: jobLevel 'contents' permission set to 'write': .github/workflows/deploy-cobra-mkdocs-versioned-poetry.yml:61
⚠️
Warn: jobLevel 'contents' permission set to 'write': .github/workflows/generate-index.yml:26
ℹ️
Info: jobLevel 'contents' permission set to 'read': .github/workflows/publish-go-tester-task.yml:85
ℹ️
Info: jobLevel 'contents' permission set to 'read': .github/workflows/publish-go-tester-task.yml:152
ℹ️
Info: found token with 'none' permissions: .github/workflows/publish-go-tester-task.yml:1
ℹ️
Info: found token with 'none' permissions: .github/workflows/publish-go-tester-task.yml:1
ℹ️
Info: jobLevel 'contents' permission set to 'read': .github/workflows/release-go-crosscompile-task.yml:25
ℹ️
Info: jobLevel 'contents' permission set to 'read': .github/workflows/release-go-crosscompile-task.yml:91
⚠️
Warn: jobLevel 'contents' permission set to 'write': .github/workflows/release-go-crosscompile-task.yml:208
ℹ️
Info: jobLevel 'contents' permission set to 'read': .github/workflows/sync-labels.yml:28
ℹ️
Info: found token with 'none' permissions: .github/workflows/sync-labels.yml:1
ℹ️
Info: jobLevel 'contents' permission set to 'read': .github/workflows/sync-labels.yml:89
ℹ️
Info: found token with 'none' permissions: .github/workflows/test-go-integration-task.yml:1
ℹ️
Info: jobLevel 'contents' permission set to 'read': .github/workflows/test-go-integration-task.yml:68
ℹ️
Info: found token with 'none' permissions: .github/workflows/test-go-task.yml:1
ℹ️
Info: jobLevel 'contents' permission set to 'read': .github/workflows/test-go-task.yml:69
⚠️
Warn: no topLevel permission defined: .github/workflows/check-general-formatting-task.yml:1
⚠️
Warn: no topLevel permission defined: .github/workflows/check-go-dependencies-task.yml:1
⚠️
Warn: no topLevel permission defined: .github/workflows/check-markdown-task.yml:1
⚠️
Warn: no topLevel permission defined: .github/workflows/check-mkdocs-task.yml:1
⚠️
Warn: no topLevel permission defined: .github/workflows/check-notarization-certificates.yml:1
⚠️
Warn: no topLevel permission defined: .github/workflows/check-prettier-formatting-task.yml:1
⚠️
Warn: no topLevel permission defined: .github/workflows/check-python-task.yml:1
⚠️
Warn: no topLevel permission defined: .github/workflows/deploy-cobra-mkdocs-versioned-poetry.yml:1
⚠️
Warn: no topLevel permission defined: .github/workflows/generate-index.yml:1
⚠️
Warn: no topLevel permission defined: .github/workflows/publish-go-tester-task.yml:1
⚠️
Warn: no topLevel permission defined: .github/workflows/release-go-crosscompile-task.yml:1
⚠️
Warn: no topLevel permission defined: .github/workflows/sync-labels.yml:1
⚠️
Warn: no topLevel permission defined: .github/workflows/test-go-integration-task.yml:1
⚠️
Warn: no topLevel permission defined: .github/workflows/test-go-task.yml:1
12 existing vulnerabilities detected
Determines if the project has open, known unfixed vulnerabilities.
Show details
⚠️
Warn: Project is vulnerable to: GO-2024-3196 / GHSA-8rm2-93mq-jqhc
⚠️
Warn: Project is vulnerable to: GO-2023-2402 / GHSA-45x7-px36-x8w8
⚠️
Warn: Project is vulnerable to: GO-2024-3321 / GHSA-v778-237x-gjrc
⚠️
Warn: Project is vulnerable to: GO-2025-3487 / GHSA-hcg3-q754-cr77
⚠️
Warn: Project is vulnerable to: GO-2024-2687 / GHSA-4v7x-pqxf-cx7m
⚠️
Warn: Project is vulnerable to: GO-2024-3333
⚠️
Warn: Project is vulnerable to: GO-2025-3503 / GHSA-qxp5-gwg8-xv66
⚠️
Warn: Project is vulnerable to: GO-2025-3595 / GHSA-vvgc-356p-c3xw
⚠️
Warn: Project is vulnerable to: GHSA-v6h2-p8h4-qcjw
⚠️
Warn: Project is vulnerable to: GHSA-3xgq-45jj-v275
⚠️
Warn: Project is vulnerable to: GHSA-cpwx-vrp4-4pq7
⚠️
Warn: Project is vulnerable to: PYSEC-2022-42969
internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration
Determines if the default and release branches are protected with GitHub's branch protection settings.