GitHub / sandeepkumar1234 / kops-kuberntes
JSON API: http://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/sandeepkumar1234%2Fkops-kuberntes
PURL: pkg:github/sandeepkumar1234/kops-kuberntes
Stars: 0
Forks: 0
Open issues: 0
License: apache-2.0
Language: Go
Size: 178 MB
Dependencies parsed at: Pending
Created at: about 4 years ago
Updated at: about 1 year ago
Pushed at: about 4 years ago
Last synced at: about 1 year ago
OpenSSF Scorecard report
3.2
Overall Score
10/10 Critical Risk
10/60 High Risk
11/40 Medium Risk
10/20 Low Risk
Generated on August 11, 2025
| Scorecard vv5.2.1-40-gf6ed084d
Security Checks
no binaries found in the repo
Determines if the project has generated executable (binary) artifacts in the source repository.
no dangerous workflow patterns detected
Determines if the project's GitHub Action workflows avoid dangerous patterns.
license file detected
Determines if the project has defined a license.
Show details
ℹ️
Info: project has a license file: LICENSE:0
ℹ️
Info: FSF or OSI recognized license: Apache License 2.0: LICENSE:0
security policy file detected
Determines if the project has published a security policy.
Show details
ℹ️
Info: security policy file detected: SECURITY.md:1
ℹ️
Info: Found linked content: SECURITY.md:1
ℹ️
Info: Found disclosure, vulnerability, and/or timelines in security policy: SECURITY.md:1
ℹ️
Info: Found text in security policy: SECURITY.md:1
dependency not pinned by hash detected -- score normalized to 1
Determines if the project has declared and pinned the dependencies of its build process.
Show details
ℹ️
Info: Possibly incomplete results: error parsing shell code: invalid var name: vendor/sigs.k8s.io/controller-runtime/Makefile:0
⚠️
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/main.yml:17: update your workflow using https://app.stepsecurity.io/secureworkflow/sandeepkumar1234/kops-kuberntes/main.yml/master?enable=pin
⚠️
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/main.yml:21: update your workflow using https://app.stepsecurity.io/secureworkflow/sandeepkumar1234/kops-kuberntes/main.yml/master?enable=pin
⚠️
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/main.yml:34: update your workflow using https://app.stepsecurity.io/secureworkflow/sandeepkumar1234/kops-kuberntes/main.yml/master?enable=pin
⚠️
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/main.yml:38: update your workflow using https://app.stepsecurity.io/secureworkflow/sandeepkumar1234/kops-kuberntes/main.yml/master?enable=pin
⚠️
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/main.yml:51: update your workflow using https://app.stepsecurity.io/secureworkflow/sandeepkumar1234/kops-kuberntes/main.yml/master?enable=pin
⚠️
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/main.yml:55: update your workflow using https://app.stepsecurity.io/secureworkflow/sandeepkumar1234/kops-kuberntes/main.yml/master?enable=pin
⚠️
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/main.yml:68: update your workflow using https://app.stepsecurity.io/secureworkflow/sandeepkumar1234/kops-kuberntes/main.yml/master?enable=pin
⚠️
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/main.yml:72: update your workflow using https://app.stepsecurity.io/secureworkflow/sandeepkumar1234/kops-kuberntes/main.yml/master?enable=pin
⚠️
Warn: containerImage not pinned by hash: hack/cfn-lint.Dockerfile:1: pin your Docker image by updating python:3.9-alpine to python:3.9-alpine@sha256:372f3cfc1738ed91b64c7d36a7a02d5c3468ec1f60c906872c3fd346dda8cbbb
⚠️
Warn: containerImage not pinned by hash: hooks/nvidia-bootstrap/image/Dockerfile:15: pin your Docker image by updating debian:jessie to debian:jessie@sha256:32ad5050caffb2c7e969dac873bce2c370015c2256ff984b70c1c08b3a2816a0
⚠️
Warn: containerImage not pinned by hash: hooks/nvidia-device-plugin/image/Dockerfile:15: pin your Docker image by updating debian:stretch-slim to debian:stretch-slim@sha256:abaa313c7e1dfe16069a1a42fa254014780f165d4fd084844602edbe29915e70
⚠️
Warn: containerImage not pinned by hash: hooks/prepull-images/image/Dockerfile:15: pin your Docker image by updating alpine:3.6 to alpine:3.6@sha256:66790a2b79e1ea3e1dabac43990c54aca5d1ddf268d9a5a0285e4167c8b24475
⚠️
Warn: containerImage not pinned by hash: images/mkdocs/Dockerfile:15: pin your Docker image by updating alpine:3.12 to alpine:3.12@sha256:c75ac27b49326926b803b9ed43bf088bc220d22556de1bc5f72d742c91398f69
⚠️
Warn: pipCommand not pinned by hash: hack/cfn-lint.Dockerfile:3
⚠️
Warn: pipCommand not pinned by hash: images/mkdocs/Dockerfile:17-30
⚠️
Warn: pipCommand not pinned by hash: images/mkdocs/Dockerfile:33
⚠️
Warn: goCommand not pinned by hash: hack/install-bazelisk.sh:24
⚠️
Warn: goCommand not pinned by hash: tests/e2e/scenarios/aws-ebs-csi/run-test.sh:42
⚠️
Warn: goCommand not pinned by hash: tests/e2e/scenarios/aws-lb-controller/run-test.sh:42
⚠️
Warn: goCommand not pinned by hash: tests/e2e/scenarios/digital-ocean/run-test:30
⚠️
Warn: goCommand not pinned by hash: vendor/github.com/json-iterator/go/build.sh:10
⚠️
Warn: goCommand not pinned by hash: vendor/github.com/pelletier/go-toml/benchmark.sh:10
⚠️
Warn: downloadThenRun not pinned by hash: vendor/github.com/weaveworks/mesh/lint:9
⚠️
Warn: goCommand not pinned by hash: vendor/google.golang.org/grpc/regenerate.sh:35
⚠️
Warn: goCommand not pinned by hash: vendor/google.golang.org/grpc/vet.sh:39
⚠️
Warn: goCommand not pinned by hash: vendor/google.golang.org/grpc/vet.sh:49
ℹ️
Info: 0 out of 8 GitHub-owned GitHubAction dependencies pinned
ℹ️
Info: 0 out of 5 containerImage dependencies pinned
ℹ️
Info: 0 out of 3 pipCommand dependencies pinned
ℹ️
Info: 6 out of 15 goCommand dependencies pinned
ℹ️
Info: 0 out of 1 downloadThenRun dependencies pinned
branch protection not enabled on development/release branches
Determines if the default and release branches are protected with GitHub's branch protection settings.
Show details
⚠️
Warn: branch protection not enabled for branch 'master'
no effort to earn an OpenSSF best practices badge detected
Determines if the project has an OpenSSF (formerly CII) Best Practices Badge.
Found 0/30 approved changesets -- score normalized to 0
Determines if the project requires human code review before pull requests (aka merge requests) are merged.
project is not fuzzed
Determines if the project uses fuzzing.
Show details
⚠️
Warn: no fuzzer integrations found
0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0
Determines if the project is "actively maintained".
no SAST tool detected
Determines if the project uses static code analysis.
Show details
⚠️
Warn: no pull requests merged into dev branch
detected GitHub workflow tokens with excessive permissions
Determines if the project's workflows follow the principle of least privilege.
Show details
⚠️
Warn: no topLevel permission defined: .github/workflows/main.yml:1
ℹ️
Info: no jobLevel write permissions found
103 existing vulnerabilities detected
Determines if the project has open, known unfixed vulnerabilities.
Show details
⚠️
Warn: Project is vulnerable to: GO-2022-0635
⚠️
Warn: Project is vulnerable to: GO-2022-0646
⚠️
Warn: Project is vulnerable to: GO-2024-2500 / GHSA-3fwx-pjgw-3558
⚠️
Warn: Project is vulnerable to: GO-2024-2913 / GHSA-v994-f8vw-g7j4
⚠️
Warn: Project is vulnerable to: GO-2024-2914 / GHSA-xmmx-7jpf-fx42
⚠️
Warn: Project is vulnerable to: GO-2022-0390 / GHSA-2mm7-x5h6-5pvq
⚠️
Warn: Project is vulnerable to: GO-2022-0985 / GHSA-rc4r-wh2q-q6c4
⚠️
Warn: Project is vulnerable to: GO-2022-1107 / GHSA-vp35-85q5-9f25
⚠️
Warn: Project is vulnerable to: GO-2023-1699 / GHSA-232p-vwff-86mp
⚠️
Warn: Project is vulnerable to: GO-2023-1700 / GHSA-33pg-m6jh-5237
⚠️
Warn: Project is vulnerable to: GO-2023-1701 / GHSA-6wrf-mxfj-pf5p
⚠️
Warn: Project is vulnerable to: GHSA-jq35-85cj-fj4p
⚠️
Warn: Project is vulnerable to: GHSA-mq39-4gv4-mvpx
⚠️
Warn: Project is vulnerable to: GO-2024-3005 / GHSA-v23v-6jw2-98fq
⚠️
Warn: Project is vulnerable to: GO-2024-2512 / GHSA-xw73-rw38-6vjc
⚠️
Warn: Project is vulnerable to: GO-2025-3829 / GHSA-4vq8-7jfc-9cvp
⚠️
Warn: Project is vulnerable to: GO-2022-0322 / GHSA-cg3q-j54f-5p7p
⚠️
Warn: Project is vulnerable to: GO-2022-0968 / GHSA-gwc9-m7rh-j2ww
⚠️
Warn: Project is vulnerable to: GO-2021-0356 / GHSA-8c26-wmh5-6g9v
⚠️
Warn: Project is vulnerable to: GO-2024-2961
⚠️
Warn: Project is vulnerable to: GO-2023-2402 / GHSA-45x7-px36-x8w8
⚠️
Warn: Project is vulnerable to: GO-2024-3321 / GHSA-v778-237x-gjrc
⚠️
Warn: Project is vulnerable to: GO-2025-3487 / GHSA-hcg3-q754-cr77
⚠️
Warn: Project is vulnerable to: GO-2022-0288
⚠️
Warn: Project is vulnerable to: GO-2022-0969 / GHSA-69cg-p879-7622
⚠️
Warn: Project is vulnerable to: GO-2022-1144 / GHSA-xrjj-mj9h-534m
⚠️
Warn: Project is vulnerable to: GO-2023-1571 / GHSA-vvpx-j8f3-3w6h
⚠️
Warn: Project is vulnerable to: GO-2023-1988 / GHSA-2wrh-6pvc-2jm9
⚠️
Warn: Project is vulnerable to: GO-2023-2102 / GHSA-4374-p667-p6c8
⚠️
Warn: Project is vulnerable to: GO-2023-2153 / GHSA-m425-mq94-257g / GHSA-qppj-fm5r-hxr3
⚠️
Warn: Project is vulnerable to: GO-2024-2687 / GHSA-4v7x-pqxf-cx7m
⚠️
Warn: Project is vulnerable to: GO-2024-3333
⚠️
Warn: Project is vulnerable to: GO-2025-3503 / GHSA-qxp5-gwg8-xv66
⚠️
Warn: Project is vulnerable to: GO-2025-3595 / GHSA-vvgc-356p-c3xw
⚠️
Warn: Project is vulnerable to: GO-2025-3488 / GHSA-6v2p-p543-phr9
⚠️
Warn: Project is vulnerable to: GO-2022-0493 / GHSA-p782-xgp4-8hr8
⚠️
Warn: Project is vulnerable to: GO-2024-2631 / GHSA-c5q2-7r4c-mv6g
⚠️
Warn: Project is vulnerable to: GO-2022-1040 / GHSA-c38g-469g-cmgx
⚠️
Warn: Project is vulnerable to: GO-2022-0384 / GHSA-56hp-xqp3-w2jf
⚠️
Warn: Project is vulnerable to: GO-2022-0962 / GHSA-7hfp-qfw3-5jxh
⚠️
Warn: Project is vulnerable to: GO-2022-1165 / GHSA-53c4-hhmh-vw5q
⚠️
Warn: Project is vulnerable to: GO-2022-1166 / GHSA-67fx-wx78-jx33
⚠️
Warn: Project is vulnerable to: GO-2022-1167 / GHSA-6rx9-889q-vv2r
⚠️
Warn: Project is vulnerable to: GO-2023-1547 / GHSA-pwcw-6f5g-gxf8
⚠️
Warn: Project is vulnerable to: GO-2024-2554 / GHSA-v53g-5gjp-272r
⚠️
Warn: Project is vulnerable to: GO-2024-2575 / GHSA-r53h-jv2g-vpx6
⚠️
Warn: Project is vulnerable to: GO-2025-3601 / GHSA-4hfp-h4cw-hj8p
⚠️
Warn: Project is vulnerable to: GO-2025-3602 / GHSA-5xqw-8hwv-wg92
⚠️
Warn: Project is vulnerable to: GO-2025-3802 / GHSA-557j-xg8c-q2mm
⚠️
Warn: Project is vulnerable to: GHSA-9h84-qmv7-982p
⚠️
Warn: Project is vulnerable to: GHSA-f9f8-9pmf-xv68
⚠️
Warn: Project is vulnerable to: GO-2023-2170
⚠️
Warn: Project is vulnerable to: PYSEC-2021-140 / GHSA-9w8r-397f-prfh
⚠️
Warn: Project is vulnerable to: GHSA-mrwq-x4v8-fh7p
⚠️
Warn: Project is vulnerable to: PYSEC-2021-141 / GHSA-pq64-v7f5-gqh8
⚠️
Warn: Project is vulnerable to: GHSA-jh85-wwv9-24hv
⚠️
Warn: Project is vulnerable to: GO-2021-0227 / GHSA-3vm4-22fp-5rfm
⚠️
Warn: Project is vulnerable to: GO-2022-0784 / GHSA-36xw-fx78-c5r4
⚠️
Warn: Project is vulnerable to: GHSA-6g2q-w5j3-fwh4
⚠️
Warn: Project is vulnerable to: GO-2022-0921 / GHSA-c72p-9xmj-rx3w
⚠️
Warn: Project is vulnerable to: GO-2022-0938 / GHSA-c2h3-6mxw-7mvq
⚠️
Warn: Project is vulnerable to: GO-2022-0360 / GHSA-5j5w-g665-5m35
⚠️
Warn: Project is vulnerable to: GO-2022-0344 / GHSA-crp2-qrr5-8pq7
⚠️
Warn: Project is vulnerable to: GO-2024-2846 / GHSA-c9cp-9c75-9v8c
⚠️
Warn: Project is vulnerable to: GO-2022-0482 / GHSA-5ffw-gxpp-mxpf
⚠️
Warn: Project is vulnerable to: GO-2022-1147 / GHSA-2qjp-425j-52j9
⚠️
Warn: Project is vulnerable to: GO-2023-1573 / GHSA-259w-8hf6-59c2
⚠️
Warn: Project is vulnerable to: GO-2023-1574 / GHSA-hmfx-3pcx-653p
⚠️
Warn: Project is vulnerable to: GO-2023-2412 / GHSA-7ww5-4wqc-m92c
⚠️
Warn: Project is vulnerable to: GO-2025-3528 / GHSA-265r-hfxg-fhmg
⚠️
Warn: Project is vulnerable to: GO-2021-0053 / GHSA-c3h9-896r-86jm
⚠️
Warn: Project is vulnerable to: GO-2021-0070 / GHSA-q3j5-32m5-58c2
⚠️
Warn: Project is vulnerable to: GO-2022-0835 / GHSA-gp4j-w3vj-7299
⚠️
Warn: Project is vulnerable to: GO-2021-0085 / GHSA-fgv8-vj5c-2ppq
⚠️
Warn: Project is vulnerable to: GO-2021-0087 / GHSA-fh74-hm69-rqjw
⚠️
Warn: Project is vulnerable to: GO-2022-0396 / GHSA-g54h-m393-cpwq
⚠️
Warn: Project is vulnerable to: GO-2022-0914 / GHSA-c3xm-pvg7-gh7r
⚠️
Warn: Project is vulnerable to: GHSA-v95c-p5hm-xq8f
⚠️
Warn: Project is vulnerable to: GO-2022-0452 / GHSA-f3fp-gc8g-vw66
⚠️
Warn: Project is vulnerable to: GO-2023-1683 / GHSA-g2j6-57v7-gm8c
⚠️
Warn: Project is vulnerable to: GO-2023-1682 / GHSA-m8cg-xc2p-r3fc
⚠️
Warn: Project is vulnerable to: GO-2024-3110 / GHSA-jfvp-7x6p-h2pv
⚠️
Warn: Project is vulnerable to: GO-2022-0236 / GHSA-h86h-8ppg-mxmh
⚠️
Warn: Project is vulnerable to: GO-2021-0238 / GHSA-83g2-8m93-v3w7
⚠️
Warn: Project is vulnerable to: GO-2024-2947 / GHSA-v6v8-xj6m-xwqh
⚠️
Warn: Project is vulnerable to: GO-2020-0015 / GHSA-5rcv-m4m3-hfh7
⚠️
Warn: Project is vulnerable to: GO-2021-0113 / GHSA-ppp9-7jff-5vj2
⚠️
Warn: Project is vulnerable to: GO-2022-1059 / GHSA-69ch-w2m2-3vjp
⚠️
Warn: Project is vulnerable to: GO-2020-0036 / GHSA-wxc4-f4m6-wwqv
⚠️
Warn: Project is vulnerable to: GO-2021-0061 / GHSA-r88r-gmrh-7j83
⚠️
Warn: Project is vulnerable to: GO-2022-0956 / GHSA-6q6q-88xp-6f2r
⚠️
Warn: Project is vulnerable to: GO-2022-0229 / GHSA-cjjc-xp8v-855w
⚠️
Warn: Project is vulnerable to: GO-2020-0012 / GHSA-ffhg-7mh4-33c4
⚠️
Warn: Project is vulnerable to: GO-2020-0008 / GHSA-44r7-7p62-q3fr
⚠️
Warn: Project is vulnerable to: GO-2022-0209 / GHSA-r5c5-pr8j-pfp7
⚠️
Warn: Project is vulnerable to: GO-2023-1992 / GHSA-x3jr-pf6g-c48f
⚠️
Warn: Project is vulnerable to: GO-2022-0197 / GHSA-4r78-hx75-jjj2 / GHSA-mv93-wvcp-7m7r
⚠️
Warn: Project is vulnerable to: GO-2020-0014 / GHSA-vfw5-hrgq-h5wf
⚠️
Warn: Project is vulnerable to: GO-2020-0017 / GHSA-w73w-5m7g-f7qc
⚠️
Warn: Project is vulnerable to: GO-2022-0536 / GHSA-39qc-96h7-956f / GHSA-hgr8-6h9x-f7q9
⚠️
Warn: Project is vulnerable to: GO-2025-3372 / GHSA-6wxm-mpqj-6jpf
⚠️
Warn: Project is vulnerable to: GO-2024-2611 / GHSA-8r3f-844c-mc37
⚠️
Warn: Project is vulnerable to: CVE-2023-1943
packaging workflow not detected
Determines if the project is published as a package that others can easily download, install, easily update, and uninstall.
Show details
⚠️
Warn: no GitHub/GitLab publishing workflow detected.