Data

Tools

Indexes

Applications

Experiments

Repos

An open API service providing repository metadata for many open source software ecosystems.

GitHub / postgrespro / pg_probackup

Backup and recovery manager for PostgreSQL

JSON API: http://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/postgrespro%2Fpg_probackup
PURL: pkg:github/postgrespro/pg_probackup

Stars: 756
Forks: 89
Open issues: 190

License: other
Language: Python
Size: 9.92 MB
Dependencies parsed at: Pending

Created at: over 9 years ago
Updated at: 28 days ago
Pushed at: about 2 months ago
Last synced at: 24 days ago

Commit Stats

Commits: 3181
Authors: 60
Mean commits per author: 53.02
Development Distribution Score: 0.54
More commit stats: https://commits.ecosyste.ms/hosts/GitHub/repositories/postgrespro/pg_probackup

Topics: archiving, backup, incremental-backups, postgresql, recovery, restore, wall

OpenSSF Scorecard report

3.4

Overall Score

10/10 Critical Risk
20/60 High Risk
0/40 Medium Risk
9/20 Low Risk
Generated on August 11, 2025 | Scorecard vv5.2.1-40-gf6ed084d
Security Checks
10/10
Binary-Artifacts
High Risk

no binaries found in the repo

Determines if the project has generated executable (binary) artifacts in the source repository.

10/10
Dangerous-Workflow
Critical Risk

no dangerous workflow patterns detected

Determines if the project's GitHub Action workflows avoid dangerous patterns.

10/10
Vulnerabilities
High Risk

0 existing vulnerabilities detected

Determines if the project has open, known unfixed vulnerabilities.

9/10
License
Low Risk

license file detected

Determines if the project has defined a license.

Show details
ℹ️ Info: project has a license file: LICENSE:0
⚠️ Warn: project license file does not contain an FSF or OSI license.
0/10
CII-Best-Practices
Low Risk

no effort to earn an OpenSSF best practices badge detected

Determines if the project has an OpenSSF (formerly CII) Best Practices Badge.

0/10
Code-Review
High Risk

Found 0/30 approved changesets -- score normalized to 0

Determines if the project requires human code review before pull requests (aka merge requests) are merged.

0/10
Fuzzing
Medium Risk

project is not fuzzed

Determines if the project uses fuzzing.

Show details
⚠️ Warn: no fuzzer integrations found
0/10
Maintained
High Risk

0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0

Determines if the project is "actively maintained".

0/10
Pinned-Dependencies
Medium Risk

dependency not pinned by hash detected -- score normalized to 0

Determines if the project has declared and pinned the dependencies of its build process.

Show details
⚠️ Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build.yml:27: update your workflow using https://app.stepsecurity.io/secureworkflow/postgrespro/pg_probackup/build.yml/master?enable=pin
⚠️ Warn: containerImage not pinned by hash: packaging/Dockerfiles/Dockerfile-altlinux_8:1: pin your Docker image by updating alt:p8 to alt:p8@sha256:481e2ba41c9b5f106ad933a04ee84f719a096ca6873cd1709af39b9321623f12
⚠️ Warn: containerImage not pinned by hash: packaging/Dockerfiles/Dockerfile-altlinux_9:1: pin your Docker image by updating alt:p9 to alt:p9@sha256:6e22e9d79d1e1329e9d4817a4f03fbf9bc651a0a3f1691c751031379722c29bf
⚠️ Warn: containerImage not pinned by hash: packaging/Dockerfiles/Dockerfile-astra_1.11:1: pin your Docker image by updating pgpro/astra:1.11 to pgpro/astra:1.11@sha256:29636fd3190fe8a44e1fa2a2ed9da0c10e88a187661cc373453623e239f9258a
⚠️ Warn: containerImage not pinned by hash: packaging/Dockerfiles/Dockerfile-centos_7:1: pin your Docker image by updating centos:7 to centos:7@sha256:be65f488b7764ad3638f236b7b515b3678369a5124c47b8d32916d6487418ea4
⚠️ Warn: containerImage not pinned by hash: packaging/Dockerfiles/Dockerfile-centos_8:1: pin your Docker image by updating centos:8 to centos:8@sha256:a27fd8080b517143cbbbab9dfb7c8571c40d67d534bbdee55bd6c473f432b177
⚠️ Warn: containerImage not pinned by hash: packaging/Dockerfiles/Dockerfile-createrepo1C:1: pin your Docker image by updating ubuntu:17.10 to ubuntu:17.10@sha256:3b811ac794645dfaa47408f4333ac6e433858ff16908965c68f63d5d315acf94
⚠️ Warn: containerImage not pinned by hash: packaging/Dockerfiles/Dockerfile-debian_10:1: pin your Docker image by updating debian:10 to debian:10@sha256:58ce6f1271ae1c8a2006ff7d3e54e9874d839f573d8009c20154ad0f2fb0a225
⚠️ Warn: containerImage not pinned by hash: packaging/Dockerfiles/Dockerfile-debian_11:1: pin your Docker image by updating debian:11 to debian:11@sha256:8ec25a9073e8cc89a184a6256e219828196d75203375a8ad4f0977f3011f2115
⚠️ Warn: containerImage not pinned by hash: packaging/Dockerfiles/Dockerfile-debian_8:1: pin your Docker image by updating debian:8 to debian:8@sha256:32ad5050caffb2c7e969dac873bce2c370015c2256ff984b70c1c08b3a2816a0
⚠️ Warn: containerImage not pinned by hash: packaging/Dockerfiles/Dockerfile-debian_9:1: pin your Docker image by updating debian:9 to debian:9@sha256:c5c5200ff1e9c73ffbf188b4a67eb1c91531b644856b4aefe86a58d2f0cb05be
⚠️ Warn: containerImage not pinned by hash: packaging/Dockerfiles/Dockerfile-oraclelinux_6:1: pin your Docker image by updating oraclelinux:6 to oraclelinux:6@sha256:f4f7375d3a220de1158f57719eb1df7a7438cad9e33c3a8b8ce88907684b656b
⚠️ Warn: containerImage not pinned by hash: packaging/Dockerfiles/Dockerfile-oraclelinux_7:1: pin your Docker image by updating oraclelinux:7 to oraclelinux:7@sha256:767c93c07b1fa621ae56d1f5f090e8c0dce7eb452e7dda1e74bbe7546504d63f
⚠️ Warn: containerImage not pinned by hash: packaging/Dockerfiles/Dockerfile-oraclelinux_8:1: pin your Docker image by updating oraclelinux:8 to oraclelinux:8@sha256:a3b7b0a3eb9dc7c7819716b254991d9cc179d19bebf770da4482ad6a25199790
⚠️ Warn: containerImage not pinned by hash: packaging/Dockerfiles/Dockerfile-rhel_7:1: pin your Docker image by updating registry.access.redhat.com/ubi7 to registry.access.redhat.com/ubi7@sha256:046e525722f14702c360dc6092324af7c21656e76b0c254b067871f1d4d3df68
⚠️ Warn: containerImage not pinned by hash: packaging/Dockerfiles/Dockerfile-rhel_8:1: pin your Docker image by updating registry.access.redhat.com/ubi8 to registry.access.redhat.com/ubi8@sha256:4f0a4e4deb450583408a06165e92a4dcd4f0740a23815f3326fc5c97ee9ca768
⚠️ Warn: containerImage not pinned by hash: packaging/Dockerfiles/Dockerfile-rosa_6:1: pin your Docker image by updating pgpro/rosa-6 to pgpro/rosa-6@sha256:5e3c84f6cddb9be7816e088adf3774389adf7935ed6928641e7bb5189a45a469
⚠️ Warn: containerImage not pinned by hash: packaging/Dockerfiles/Dockerfile-suse_15.1:1: pin your Docker image by updating opensuse/leap:15.1 to opensuse/leap:15.1@sha256:66075abcd272f619a86aa115b3040735c42dd18fcab784754e0eb798b56de6f5
⚠️ Warn: containerImage not pinned by hash: packaging/Dockerfiles/Dockerfile-suse_15.2:1: pin your Docker image by updating opensuse/leap:15.2 to opensuse/leap:15.2@sha256:dfa464ed7bc25fb77ad652d4e722cb0e78fc230425846be10e51dda1f43aa5c9
⚠️ Warn: containerImage not pinned by hash: packaging/Dockerfiles/Dockerfile-ubuntu_14.04:1: pin your Docker image by updating ubuntu:14.04 to ubuntu:14.04@sha256:64483f3496c1373bfd55348e88694d1c4d0c9b660dee6bfef5e12f43b9933b30
⚠️ Warn: containerImage not pinned by hash: packaging/Dockerfiles/Dockerfile-ubuntu_16.04:1: pin your Docker image by updating ubuntu:16.04 to ubuntu:16.04@sha256:1f1a2d56de1d604801a9671f301190704c25d604a416f59e03c04f5c6ffee0d6
⚠️ Warn: containerImage not pinned by hash: packaging/Dockerfiles/Dockerfile-ubuntu_18.04:1: pin your Docker image by updating ubuntu:18.04 to ubuntu:18.04@sha256:152dc042452c496007f07ca9127571cb9c29697f42acbfad72324b2bb2e43c98
⚠️ Warn: containerImage not pinned by hash: packaging/Dockerfiles/Dockerfile-ubuntu_18.10:1: pin your Docker image by updating ubuntu:18.10 to ubuntu:18.10@sha256:7d657275047118bb77b052c4c0ae43e8a289ca2879ebfa78a703c93aa8fd686c
⚠️ Warn: containerImage not pinned by hash: packaging/Dockerfiles/Dockerfile-ubuntu_20.04:1: pin your Docker image by updating ubuntu:20.04 to ubuntu:20.04@sha256:8feb4d8ca5354def3d8fce243717141ce31e2c428701f6682bd2fafe15388214
⚠️ Warn: pipCommand not pinned by hash: travis/install.sh:66
ℹ️ Info: 0 out of 1 GitHub-owned GitHubAction dependencies pinned
ℹ️ Info: 0 out of 23 containerImage dependencies pinned
ℹ️ Info: 0 out of 1 pipCommand dependencies pinned
0/10
SAST
Medium Risk

no SAST tool detected

Determines if the project uses static code analysis.

Show details
⚠️ Warn: no pull requests merged into dev branch
0/10
Security-Policy
Medium Risk

security policy file not detected

Determines if the project has published a security policy.

Show details
⚠️ Warn: no security policy file detected
⚠️ Warn: no security file to analyze
⚠️ Warn: no security file to analyze
⚠️ Warn: no security file to analyze
0/10
Signed-Releases
High Risk

Project has not signed or included provenance with any releases.

Determines if the project cryptographically signs release artifacts.

Show details
⚠️ Warn: release artifact 2.5.13 not signed: https://api.github.com/repos/postgrespro/pg_probackup/releases/127682589
⚠️ Warn: release artifact 2.5.12 not signed: https://api.github.com/repos/postgrespro/pg_probackup/releases/100101987
⚠️ Warn: release artifact 2.5.11 not signed: https://api.github.com/repos/postgrespro/pg_probackup/releases/84692769
⚠️ Warn: release artifact 2.5.13 does not have provenance: https://api.github.com/repos/postgrespro/pg_probackup/releases/127682589
⚠️ Warn: release artifact 2.5.12 does not have provenance: https://api.github.com/repos/postgrespro/pg_probackup/releases/100101987
⚠️ Warn: release artifact 2.5.11 does not have provenance: https://api.github.com/repos/postgrespro/pg_probackup/releases/84692769
0/10
Token-Permissions
High Risk

detected GitHub workflow tokens with excessive permissions

Determines if the project's workflows follow the principle of least privilege.

Show details
⚠️ Warn: no topLevel permission defined: .github/workflows/build.yml:1
ℹ️ Info: no jobLevel write permissions found
N/A
Branch-Protection
Not Applicable

internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration

Determines if the default and release branches are protected with GitHub's branch protection settings.

N/A
Packaging
Not Applicable

packaging workflow not detected

Determines if the project is published as a package that others can easily download, install, easily update, and uninstall.

Show details
⚠️ Warn: no GitHub/GitLab publishing workflow detected.