Data

Tools

Indexes

Applications

Experiments

Repos

An open API service providing repository metadata for many open source software ecosystems.

GitHub / javadev / LeetCode-in-Java

Java-based LeetCode algorithm problem solutions, regularly updated.

JSON API: http://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/javadev%2FLeetCode-in-Java
PURL: pkg:github/javadev/LeetCode-in-Java

Stars: 200
Forks: 95
Open issues: 1

License: mit
Language: Java
Size: 10.9 MB
Dependencies parsed at: Pending

Created at: almost 4 years ago
Updated at: 12 days ago
Pushed at: 7 days ago
Last synced at: 7 days ago

Topics: algorithm, algorithm-competitions, algorithms-and-data-structures, dynamic-programming, interview-questions, java, leetcode, leetcode-java, leetcode-solutions, math

OpenSSF Scorecard report

7.4

Overall Score

10/10 Critical Risk
56/70 High Risk
17/40 Medium Risk
32/40 Low Risk
Generated on February 05, 2025 | Scorecard vv4.13.1
Security Checks
10/10
CI-Tests
Low Risk

30 out of 30 merged PRs checked by a CI test -- score normalized to 10

Determines if the project runs tests before pull requests are merged.

10/10
Contributors
Low Risk

6 different organizations found -- score normalized to 10

Determines if the project has a set of contributors from multiple organizations (e.g., companies).

Show details
ℹ️ Info: contributors work for it,jscrdev,php4dev,pytdev,sgsits indore,xmltojson
10/10
Dangerous-Workflow
Critical Risk

no dangerous workflow patterns detected

Determines if the project's GitHub Action workflows avoid dangerous patterns.

10/10
Dependency-Update-Tool
High Risk

update tool detected

Determines if the project uses a dependency update tool.

Show details
ℹ️ Info: tool 'Dependabot' is used: .github/dependabot.yml:1
10/10
License
Low Risk

license file detected

Determines if the project has defined a license.

Show details
ℹ️ Info: License file found in expected location: LICENSE:1
ℹ️ Info: FSF or OSI recognized license: LICENSE:1
10/10
Maintained
High Risk

30 commit(s) out of 30 and 0 issue activity out of 2 found in the last 90 days -- score normalized to 10

Determines if the project is "actively maintained".

10/10
SAST
Medium Risk

SAST tool is run on all commits

Determines if the project uses static code analysis.

Show details
ℹ️ Info: all commits (30) are checked with a SAST tool
ℹ️ Info: SAST tool detected: CodeQL
10/10
Vulnerabilities
High Risk

no vulnerabilities detected

Determines if the project has open, known unfixed vulnerabilities.

9/10
Binary-Artifacts
High Risk

binaries present in source code

Determines if the project has generated executable (binary) artifacts in the source repository.

Show details
⚠️ Warn: binary detected: gradle/wrapper/gradle-wrapper.jar:1
9/10
Token-Permissions
High Risk

detected GitHub workflow tokens with excessive permissions

Determines if the project's workflows follow the principle of least privilege.

Show details
⚠️ Warn: no topLevel permission defined: .github/workflows/codeql.yml:1: Visit https://app.stepsecurity.io/secureworkflow/javadev/LeetCode-in-Java/codeql.yml/main?enable=permissions Tick the 'Restrict permissions for GITHUB_TOKEN' Untick other options NOTE: If you want to resolve multiple issues at once, you can visit https://app.stepsecurity.io/securerepo instead. (Low effort)
ℹ️ Info: jobLevel 'packages' permission set to 'read': .github/workflows/codeql.yml:36
ℹ️ Info: jobLevel 'actions' permission set to 'read': .github/workflows/codeql.yml:39
ℹ️ Info: jobLevel 'contents' permission set to 'read': .github/workflows/codeql.yml:40
ℹ️ Info: topLevel permissions set to 'read-all': .github/workflows/maven.yml:12
ℹ️ Info: topLevel permissions set to 'read-all': .github/workflows/scorecard.yml:18
ℹ️ Info: no jobLevel write permissions found
8/10
Signed-Releases
High Risk

5 out of 5 artifacts are signed or have provenance

Determines if the project cryptographically signs release artifacts.

Show details
⚠️ Warn: release artifact v1.40 does not have provenance: https://api.github.com/repos/javadev/LeetCode-in-Java/releases/197904428
ℹ️ Info: signed release artifact: leetcode-in-java-1.40.jar.asc: https://api.github.com/repos/javadev/LeetCode-in-Java/releases/assets/225358290
⚠️ Warn: release artifact v1.39 does not have provenance: https://api.github.com/repos/javadev/LeetCode-in-Java/releases/192837919
ℹ️ Info: signed release artifact: leetcode-in-java-1.39.jar.asc: https://api.github.com/repos/javadev/LeetCode-in-Java/releases/assets/217121127
⚠️ Warn: release artifact v1.38 does not have provenance: https://api.github.com/repos/javadev/LeetCode-in-Java/releases/188327069
ℹ️ Info: signed release artifact: leetcode-in-java-1.38.jar.asc: https://api.github.com/repos/javadev/LeetCode-in-Java/releases/assets/210170177
⚠️ Warn: release artifact v1.37 does not have provenance: https://api.github.com/repos/javadev/LeetCode-in-Java/releases/183052949
ℹ️ Info: signed release artifact: leetcode-in-java-1.37.jar.asc: https://api.github.com/repos/javadev/LeetCode-in-Java/releases/assets/203310997
⚠️ Warn: release artifact v1.36 does not have provenance: https://api.github.com/repos/javadev/LeetCode-in-Java/releases/177719183
ℹ️ Info: signed release artifact: leetcode-in-java-1.36.jar.asc: https://api.github.com/repos/javadev/LeetCode-in-Java/releases/assets/196042821
4/10
Security-Policy
Medium Risk

security policy file detected

Determines if the project has published a security policy.

Show details
ℹ️ Info: security policy file detected: SECURITY.md:1
⚠️ Warn: no linked content found: On GitHub: Enable private vulnerability disclosure in your repository settings https://docs.github.com/en/code-security/security-advisories/repository-security-advisories/configuring-private-vulnerability-reporting-for-a-repository Add a section in your SECURITY.md indicating you have enabled private reporting, and tell them to follow the steps in https://docs.github.com/en/code-security/security-advisories/guidance-on-reporting-and-writing/privately-reporting-a-security-vulnerability to report vulnerabilities. On GitLab: Provide a point of contact in your SECURITY.md. Examples: https://github.com/ossf/scorecard/blob/main/SECURITY.md, https://github.com/slsa-framework/slsa-github-generator/blob/main/SECURITY.md, https://github.com/sigstore/.github/blob/main/SECURITY.md. (Low effort)
ℹ️ Info: Found disclosure, vulnerability, and/or timelines in security policy: SECURITY.md:1
ℹ️ Info: Found text in security policy: SECURITY.md:1
3/10
Pinned-Dependencies
Medium Risk

dependency not pinned by hash detected -- score normalized to 3

Determines if the project has declared and pinned the dependencies of its build process.

Show details
⚠️ Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/codeql.yml:62: update your workflow using https://app.stepsecurity.io/secureworkflow/javadev/LeetCode-in-Java/codeql.yml/main?enable=pin
⚠️ Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/codeql.yml:66: update your workflow using https://app.stepsecurity.io/secureworkflow/javadev/LeetCode-in-Java/codeql.yml/main?enable=pin
⚠️ Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/codeql.yml:94: update your workflow using https://app.stepsecurity.io/secureworkflow/javadev/LeetCode-in-Java/codeql.yml/main?enable=pin
⚠️ Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/maven.yml:65: update your workflow using https://app.stepsecurity.io/secureworkflow/javadev/LeetCode-in-Java/maven.yml/main?enable=pin
⚠️ Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/maven.yml:69: update your workflow using https://app.stepsecurity.io/secureworkflow/javadev/LeetCode-in-Java/maven.yml/main?enable=pin
⚠️ Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/maven.yml:81: update your workflow using https://app.stepsecurity.io/secureworkflow/javadev/LeetCode-in-Java/maven.yml/main?enable=pin
⚠️ Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/maven.yml:85: update your workflow using https://app.stepsecurity.io/secureworkflow/javadev/LeetCode-in-Java/maven.yml/main?enable=pin
⚠️ Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/maven.yml:20: update your workflow using https://app.stepsecurity.io/secureworkflow/javadev/LeetCode-in-Java/maven.yml/main?enable=pin
⚠️ Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/maven.yml:24: update your workflow using https://app.stepsecurity.io/secureworkflow/javadev/LeetCode-in-Java/maven.yml/main?enable=pin
⚠️ Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/maven.yml:30: update your workflow using https://app.stepsecurity.io/secureworkflow/javadev/LeetCode-in-Java/maven.yml/main?enable=pin
⚠️ Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/maven.yml:47: update your workflow using https://app.stepsecurity.io/secureworkflow/javadev/LeetCode-in-Java/maven.yml/main?enable=pin
⚠️ Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/maven.yml:51: update your workflow using https://app.stepsecurity.io/secureworkflow/javadev/LeetCode-in-Java/maven.yml/main?enable=pin
ℹ️ Info: 3 out of 15 GitHub-owned GitHubAction dependencies pinned
ℹ️ Info: 1 out of 1 third-party GitHubAction dependencies pinned
2/10
CII-Best-Practices
Low Risk

badge detected: in_progress

Determines if the project has an OpenSSF (formerly CII) Best Practices Badge.

0/10
Code-Review
High Risk

found 28 unreviewed changesets out of 29 -- score normalized to 0

Determines if the project requires human code review before pull requests (aka merge requests) are merged.

0/10
Fuzzing
Medium Risk

project is not fuzzed

Determines if the project uses fuzzing.

Show details
⚠️ Warn: no OSSFuzz integration found: Follow the steps in https://github.com/google/oss-fuzz to integrate fuzzing for your project. Over time, try to add fuzzing for more functionalities of your project. (High effort)
⚠️ Warn: no OneFuzz integration found: Follow the steps in https://github.com/microsoft/onefuzz to start fuzzing for your project. Over time, try to add fuzzing for more functionalities of your project. (High effort)
⚠️ Warn: no GoBuiltInFuzzer integration found: Follow the steps in https://go.dev/doc/fuzz/ to enable fuzzing on your project. Over time, try to add fuzzing for more functionalities of your project. (Medium effort)
⚠️ Warn: no PythonAtherisFuzzer integration found: Follow the steps in https://github.com/google/atheris to enable fuzzing on your project. Over time, try to add fuzzing for more functionalities of your project. (Medium effort)
⚠️ Warn: no CLibFuzzer integration found: Follow the steps in https://llvm.org/docs/LibFuzzer.html to enable fuzzing on your project. Over time, try to add fuzzing for more functionalities of your project. (Medium effort)
⚠️ Warn: no CppLibFuzzer integration found: Follow the steps in https://llvm.org/docs/LibFuzzer.html to enable fuzzing on your project. Over time, try to add fuzzing for more functionalities of your project. (Medium effort)
⚠️ Warn: no SwiftLibFuzzer integration found: Follow the steps in https://google.github.io/oss-fuzz/getting-started/new-project-guide/swift-lang/ to enable fuzzing on your project. Over time, try to add fuzzing for more functionalities of your project. (Medium effort)
⚠️ Warn: no RustCargoFuzzer integration found: Follow the steps in https://rust-fuzz.github.io/book/cargo-fuzz.html to enable fuzzing on your project. Over time, try to add fuzzing for more functionalities of your project. (Medium effort)
⚠️ Warn: no JavaJazzerFuzzer integration found: Follow the steps in https://github.com/CodeIntelligenceTesting/jazzer to enable fuzzing on your project. Over time, try to add fuzzing for more functionalities of your project. (Medium effort)
⚠️ Warn: no ClusterFuzzLite integration found: Follow the steps in https://github.com/google/clusterfuzzlite to integrate fuzzing as part of CI. Over time, try to add fuzzing for more functionalities of your project. (High effort)
⚠️ Warn: no HaskellPropertyBasedTesting integration found: Use one of the following frameworks to fuzz your project: QuickCheck: https://hackage.haskell.org/package/QuickCheck hedgehog: https://hedgehog.qa/ validity: https://github.com/NorfairKing/validity smallcheck: https://hackage.haskell.org/package/smallcheck hspec: https://hspec.github.io/ tasty: https://hackage.haskell.org/package/tasty (High effort)
⚠️ Warn: no TypeScriptPropertyBasedTesting integration found: Use fast-check: https://github.com/dubzzz/fast-check (High effort)
⚠️ Warn: no JavaScriptPropertyBasedTesting integration found: Use fast-check: https://github.com/dubzzz/fast-check (High effort)
N/A
Branch-Protection
Not Applicable

internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration

Determines if the default and release branches are protected with GitHub's branch protection settings.

N/A
Packaging
Not Applicable

no published package detected

Determines if the project is published as a package that others can easily download, install, easily update, and uninstall.

Show details
⚠️ Warn: no GitHub/GitLab publishing workflow detected