GitHub / secureCodeBox / secureCodeBox
secureCodeBox (SCB) - continuous secure delivery out of the box
JSON API: http://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/secureCodeBox%2FsecureCodeBox
PURL: pkg:github/secureCodeBox/secureCodeBox
Stars: 921
Forks: 172
Open issues: 80
License: other
Language: JavaScript
Size: 83.7 MB
Dependencies parsed at: Pending
Created at: almost 9 years ago
Updated at: 7 days ago
Pushed at: 7 days ago
Last synced at: 5 days ago
Commit Stats
Commits: 6166
Authors: 98
Mean commits per author: 62.92
Development Distribution Score: 0.891
More commit stats: https://commits.ecosyste.ms/hosts/GitHub/repositories/secureCodeBox/secureCodeBox
Topics: devsecops, hacktoberfest, kubernetes, kubernetes-operator, owasp, securecodebox, security, security-automation, security-testing, security-tools, zaproxy
OpenSSF Scorecard report
6.6
Overall Score
10/10 Critical Risk
38/60 High Risk
30/50 Medium Risk
9/20 Low Risk
Generated on August 04, 2025
| Scorecard vv5.2.1-28-gc1d103a9
Security Checks
no dangerous workflow patterns detected
Determines if the project's GitHub Action workflows avoid dangerous patterns.
30 commit(s) and 21 issue activity found in the last 90 days -- score normalized to 10
Determines if the project is "actively maintained".
packaging workflow detected
Determines if the project is published as a package that others can easily download, install, easily update, and uninstall.
Show details
ℹ️
Info: Project packages its releases by way of GitHub Actions.: .github/workflows/release-build.yaml:317
SAST tool is run on all commits
Determines if the project uses static code analysis.
Show details
ℹ️
Info: all commits (29) are checked with a SAST tool
security policy file detected
Determines if the project has published a security policy.
Show details
ℹ️
Info: security policy file detected: SECURITY.md:1
ℹ️
Info: Found linked content: SECURITY.md:1
ℹ️
Info: Found disclosure, vulnerability, and/or timelines in security policy: SECURITY.md:1
ℹ️
Info: Found text in security policy: SECURITY.md:1
binaries present in source code
Determines if the project has generated executable (binary) artifacts in the source repository.
Show details
⚠️
Warn: binary detected: hooks/persistence-defectdojo/hook/gradle/wrapper/gradle-wrapper.jar:1
Found 9/10 approved changesets -- score normalized to 9
Determines if the project requires human code review before pull requests (aka merge requests) are merged.
license file detected
Determines if the project has defined a license.
Show details
ℹ️
Info: project has a license file: LICENSE:0
⚠️
Warn: project license file does not contain an FSF or OSI license.
4 existing vulnerabilities detected
Determines if the project has open, known unfixed vulnerabilities.
Show details
⚠️
Warn: Project is vulnerable to: GO-2022-0635
⚠️
Warn: Project is vulnerable to: GO-2022-0646
⚠️
Warn: Project is vulnerable to: GHSA-4v9v-hfq4-rm2v
⚠️
Warn: Project is vulnerable to: GHSA-9jgg-88mc-972h
branch protection is not maximal on development and all release branches
Determines if the default and release branches are protected with GitHub's branch protection settings.
Show details
ℹ️
Info: 'allow deletion' disabled on branch 'main'
ℹ️
Info: 'force pushes' disabled on branch 'main'
⚠️
Warn: 'branch protection settings apply to administrators' is disabled on branch 'main'
⚠️
Warn: 'stale review dismissal' is disabled on branch 'main'
⚠️
Warn: required approving review count is 1 on branch 'main'
⚠️
Warn: codeowners review is not required on branch 'main'
⚠️
Warn: 'last push approval' is disabled on branch 'main'
⚠️
Warn: 'up-to-date branches' is disabled on branch 'main'
ℹ️
Info: status check found to merge onto on branch 'main'
ℹ️
Info: PRs are required in order to make changes on branch 'main'
no effort to earn an OpenSSF best practices badge detected
Determines if the project has an OpenSSF (formerly CII) Best Practices Badge.
project is not fuzzed
Determines if the project uses fuzzing.
Show details
⚠️
Warn: no fuzzer integrations found
dependency not pinned by hash detected -- score normalized to 0
Determines if the project has declared and pinned the dependencies of its build process.
Show details
⚠️
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yaml:589: update your workflow using https://app.stepsecurity.io/secureworkflow/secureCodeBox/secureCodeBox/ci.yaml/main?enable=pin
⚠️
Warn: third-party GitHubAction not pinned by hash: .github/workflows/ci.yaml:592: update your workflow using https://app.stepsecurity.io/secureworkflow/secureCodeBox/secureCodeBox/ci.yaml/main?enable=pin
⚠️
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yaml:595: update your workflow using https://app.stepsecurity.io/secureworkflow/secureCodeBox/secureCodeBox/ci.yaml/main?enable=pin
⚠️
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yaml:605: update your workflow using https://app.stepsecurity.io/secureworkflow/secureCodeBox/secureCodeBox/ci.yaml/main?enable=pin
⚠️
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yaml:611: update your workflow using https://app.stepsecurity.io/secureworkflow/secureCodeBox/secureCodeBox/ci.yaml/main?enable=pin
⚠️
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yaml:617: update your workflow using https://app.stepsecurity.io/secureworkflow/secureCodeBox/secureCodeBox/ci.yaml/main?enable=pin
⚠️
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yaml:639: update your workflow using https://app.stepsecurity.io/secureworkflow/secureCodeBox/secureCodeBox/ci.yaml/main?enable=pin
⚠️
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yaml:650: update your workflow using https://app.stepsecurity.io/secureworkflow/secureCodeBox/secureCodeBox/ci.yaml/main?enable=pin
⚠️
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yaml:661: update your workflow using https://app.stepsecurity.io/secureworkflow/secureCodeBox/secureCodeBox/ci.yaml/main?enable=pin
⚠️
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yaml:48: update your workflow using https://app.stepsecurity.io/secureworkflow/secureCodeBox/secureCodeBox/ci.yaml/main?enable=pin
⚠️
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yaml:73: update your workflow using https://app.stepsecurity.io/secureworkflow/secureCodeBox/secureCodeBox/ci.yaml/main?enable=pin
⚠️
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yaml:79: update your workflow using https://app.stepsecurity.io/secureworkflow/secureCodeBox/secureCodeBox/ci.yaml/main?enable=pin
⚠️
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yaml:85: update your workflow using https://app.stepsecurity.io/secureworkflow/secureCodeBox/secureCodeBox/ci.yaml/main?enable=pin
⚠️
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yaml:91: update your workflow using https://app.stepsecurity.io/secureworkflow/secureCodeBox/secureCodeBox/ci.yaml/main?enable=pin
⚠️
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yaml:225: update your workflow using https://app.stepsecurity.io/secureworkflow/secureCodeBox/secureCodeBox/ci.yaml/main?enable=pin
⚠️
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yaml:228: update your workflow using https://app.stepsecurity.io/secureworkflow/secureCodeBox/secureCodeBox/ci.yaml/main?enable=pin
⚠️
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yaml:251: update your workflow using https://app.stepsecurity.io/secureworkflow/secureCodeBox/secureCodeBox/ci.yaml/main?enable=pin
⚠️
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yaml:265: update your workflow using https://app.stepsecurity.io/secureworkflow/secureCodeBox/secureCodeBox/ci.yaml/main?enable=pin
⚠️
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yaml:268: update your workflow using https://app.stepsecurity.io/secureworkflow/secureCodeBox/secureCodeBox/ci.yaml/main?enable=pin
⚠️
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yaml:273: update your workflow using https://app.stepsecurity.io/secureworkflow/secureCodeBox/secureCodeBox/ci.yaml/main?enable=pin
⚠️
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yaml:279: update your workflow using https://app.stepsecurity.io/secureworkflow/secureCodeBox/secureCodeBox/ci.yaml/main?enable=pin
⚠️
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yaml:285: update your workflow using https://app.stepsecurity.io/secureworkflow/secureCodeBox/secureCodeBox/ci.yaml/main?enable=pin
⚠️
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yaml:315: update your workflow using https://app.stepsecurity.io/secureworkflow/secureCodeBox/secureCodeBox/ci.yaml/main?enable=pin
⚠️
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yaml:436: update your workflow using https://app.stepsecurity.io/secureworkflow/secureCodeBox/secureCodeBox/ci.yaml/main?enable=pin
⚠️
Warn: third-party GitHubAction not pinned by hash: .github/workflows/ci.yaml:439: update your workflow using https://app.stepsecurity.io/secureworkflow/secureCodeBox/secureCodeBox/ci.yaml/main?enable=pin
⚠️
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yaml:442: update your workflow using https://app.stepsecurity.io/secureworkflow/secureCodeBox/secureCodeBox/ci.yaml/main?enable=pin
⚠️
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yaml:452: update your workflow using https://app.stepsecurity.io/secureworkflow/secureCodeBox/secureCodeBox/ci.yaml/main?enable=pin
⚠️
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yaml:458: update your workflow using https://app.stepsecurity.io/secureworkflow/secureCodeBox/secureCodeBox/ci.yaml/main?enable=pin
⚠️
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yaml:464: update your workflow using https://app.stepsecurity.io/secureworkflow/secureCodeBox/secureCodeBox/ci.yaml/main?enable=pin
⚠️
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yaml:486: update your workflow using https://app.stepsecurity.io/secureworkflow/secureCodeBox/secureCodeBox/ci.yaml/main?enable=pin
⚠️
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yaml:497: update your workflow using https://app.stepsecurity.io/secureworkflow/secureCodeBox/secureCodeBox/ci.yaml/main?enable=pin
⚠️
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yaml:508: update your workflow using https://app.stepsecurity.io/secureworkflow/secureCodeBox/secureCodeBox/ci.yaml/main?enable=pin
⚠️
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yaml:723: update your workflow using https://app.stepsecurity.io/secureworkflow/secureCodeBox/secureCodeBox/ci.yaml/main?enable=pin
⚠️
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yaml:726: update your workflow using https://app.stepsecurity.io/secureworkflow/secureCodeBox/secureCodeBox/ci.yaml/main?enable=pin
⚠️
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yaml:32: update your workflow using https://app.stepsecurity.io/secureworkflow/secureCodeBox/secureCodeBox/ci.yaml/main?enable=pin
⚠️
Warn: third-party GitHubAction not pinned by hash: .github/workflows/ci.yaml:35: update your workflow using https://app.stepsecurity.io/secureworkflow/secureCodeBox/secureCodeBox/ci.yaml/main?enable=pin
⚠️
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yaml:106: update your workflow using https://app.stepsecurity.io/secureworkflow/secureCodeBox/secureCodeBox/ci.yaml/main?enable=pin
⚠️
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yaml:108: update your workflow using https://app.stepsecurity.io/secureworkflow/secureCodeBox/secureCodeBox/ci.yaml/main?enable=pin
⚠️
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yaml:126: update your workflow using https://app.stepsecurity.io/secureworkflow/secureCodeBox/secureCodeBox/ci.yaml/main?enable=pin
⚠️
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yaml:145: update your workflow using https://app.stepsecurity.io/secureworkflow/secureCodeBox/secureCodeBox/ci.yaml/main?enable=pin
⚠️
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yaml:149: update your workflow using https://app.stepsecurity.io/secureworkflow/secureCodeBox/secureCodeBox/ci.yaml/main?enable=pin
⚠️
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yaml:156: update your workflow using https://app.stepsecurity.io/secureworkflow/secureCodeBox/secureCodeBox/ci.yaml/main?enable=pin
⚠️
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yaml:162: update your workflow using https://app.stepsecurity.io/secureworkflow/secureCodeBox/secureCodeBox/ci.yaml/main?enable=pin
⚠️
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yaml:186: update your workflow using https://app.stepsecurity.io/secureworkflow/secureCodeBox/secureCodeBox/ci.yaml/main?enable=pin
⚠️
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yaml:189: update your workflow using https://app.stepsecurity.io/secureworkflow/secureCodeBox/secureCodeBox/ci.yaml/main?enable=pin
⚠️
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yaml:212: update your workflow using https://app.stepsecurity.io/secureworkflow/secureCodeBox/secureCodeBox/ci.yaml/main?enable=pin
⚠️
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yaml:342: update your workflow using https://app.stepsecurity.io/secureworkflow/secureCodeBox/secureCodeBox/ci.yaml/main?enable=pin
⚠️
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yaml:345: update your workflow using https://app.stepsecurity.io/secureworkflow/secureCodeBox/secureCodeBox/ci.yaml/main?enable=pin
⚠️
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yaml:368: update your workflow using https://app.stepsecurity.io/secureworkflow/secureCodeBox/secureCodeBox/ci.yaml/main?enable=pin
⚠️
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yaml:386: update your workflow using https://app.stepsecurity.io/secureworkflow/secureCodeBox/secureCodeBox/ci.yaml/main?enable=pin
⚠️
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yaml:397: update your workflow using https://app.stepsecurity.io/secureworkflow/secureCodeBox/secureCodeBox/ci.yaml/main?enable=pin
⚠️
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/documentation-roulette.yaml:20: update your workflow using https://app.stepsecurity.io/secureworkflow/secureCodeBox/secureCodeBox/documentation-roulette.yaml/main?enable=pin
⚠️
Warn: third-party GitHubAction not pinned by hash: .github/workflows/documentation-roulette.yaml:41: update your workflow using https://app.stepsecurity.io/secureworkflow/secureCodeBox/secureCodeBox/documentation-roulette.yaml/main?enable=pin
⚠️
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/helm-charts-release-ghcr.yaml:21: update your workflow using https://app.stepsecurity.io/secureworkflow/secureCodeBox/secureCodeBox/helm-charts-release-ghcr.yaml/main?enable=pin
⚠️
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/helm-charts-release.yaml:17: update your workflow using https://app.stepsecurity.io/secureworkflow/secureCodeBox/secureCodeBox/helm-charts-release.yaml/main?enable=pin
⚠️
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/helm-docs.yaml:19: update your workflow using https://app.stepsecurity.io/secureworkflow/secureCodeBox/secureCodeBox/helm-docs.yaml/main?enable=pin
⚠️
Warn: third-party GitHubAction not pinned by hash: .github/workflows/helm-docs.yaml:25: update your workflow using https://app.stepsecurity.io/secureworkflow/secureCodeBox/secureCodeBox/helm-docs.yaml/main?enable=pin
⚠️
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/label-commenter.yml:22: update your workflow using https://app.stepsecurity.io/secureworkflow/secureCodeBox/secureCodeBox/label-commenter.yml/main?enable=pin
⚠️
Warn: third-party GitHubAction not pinned by hash: .github/workflows/label-commenter.yml:24: update your workflow using https://app.stepsecurity.io/secureworkflow/secureCodeBox/secureCodeBox/label-commenter.yml/main?enable=pin
⚠️
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/license-check.yaml:19: update your workflow using https://app.stepsecurity.io/secureworkflow/secureCodeBox/secureCodeBox/license-check.yaml/main?enable=pin
⚠️
Warn: third-party GitHubAction not pinned by hash: .github/workflows/license-check.yaml:22: update your workflow using https://app.stepsecurity.io/secureworkflow/secureCodeBox/secureCodeBox/license-check.yaml/main?enable=pin
⚠️
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/mega-linter.yml:36: update your workflow using https://app.stepsecurity.io/secureworkflow/secureCodeBox/secureCodeBox/mega-linter.yml/main?enable=pin
⚠️
Warn: third-party GitHubAction not pinned by hash: .github/workflows/mega-linter.yml:46: update your workflow using https://app.stepsecurity.io/secureworkflow/secureCodeBox/secureCodeBox/mega-linter.yml/main?enable=pin
⚠️
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/mega-linter.yml:57: update your workflow using https://app.stepsecurity.io/secureworkflow/secureCodeBox/secureCodeBox/mega-linter.yml/main?enable=pin
⚠️
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/move-bot-pr-to-review.yaml:18: update your workflow using https://app.stepsecurity.io/secureworkflow/secureCodeBox/secureCodeBox/move-bot-pr-to-review.yaml/main?enable=pin
⚠️
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release-build.yaml:347: update your workflow using https://app.stepsecurity.io/secureworkflow/secureCodeBox/secureCodeBox/release-build.yaml/main?enable=pin
⚠️
Warn: third-party GitHubAction not pinned by hash: .github/workflows/release-build.yaml:351: update your workflow using https://app.stepsecurity.io/secureworkflow/secureCodeBox/secureCodeBox/release-build.yaml/main?enable=pin
⚠️
Warn: third-party GitHubAction not pinned by hash: .github/workflows/release-build.yaml:359: update your workflow using https://app.stepsecurity.io/secureworkflow/secureCodeBox/secureCodeBox/release-build.yaml/main?enable=pin
⚠️
Warn: third-party GitHubAction not pinned by hash: .github/workflows/release-build.yaml:361: update your workflow using https://app.stepsecurity.io/secureworkflow/secureCodeBox/secureCodeBox/release-build.yaml/main?enable=pin
⚠️
Warn: third-party GitHubAction not pinned by hash: .github/workflows/release-build.yaml:364: update your workflow using https://app.stepsecurity.io/secureworkflow/secureCodeBox/secureCodeBox/release-build.yaml/main?enable=pin
⚠️
Warn: third-party GitHubAction not pinned by hash: .github/workflows/release-build.yaml:374: update your workflow using https://app.stepsecurity.io/secureworkflow/secureCodeBox/secureCodeBox/release-build.yaml/main?enable=pin
⚠️
Warn: third-party GitHubAction not pinned by hash: .github/workflows/release-build.yaml:387: update your workflow using https://app.stepsecurity.io/secureworkflow/secureCodeBox/secureCodeBox/release-build.yaml/main?enable=pin
⚠️
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release-build.yaml:492: update your workflow using https://app.stepsecurity.io/secureworkflow/secureCodeBox/secureCodeBox/release-build.yaml/main?enable=pin
⚠️
Warn: third-party GitHubAction not pinned by hash: .github/workflows/release-build.yaml:496: update your workflow using https://app.stepsecurity.io/secureworkflow/secureCodeBox/secureCodeBox/release-build.yaml/main?enable=pin
⚠️
Warn: third-party GitHubAction not pinned by hash: .github/workflows/release-build.yaml:504: update your workflow using https://app.stepsecurity.io/secureworkflow/secureCodeBox/secureCodeBox/release-build.yaml/main?enable=pin
⚠️
Warn: third-party GitHubAction not pinned by hash: .github/workflows/release-build.yaml:507: update your workflow using https://app.stepsecurity.io/secureworkflow/secureCodeBox/secureCodeBox/release-build.yaml/main?enable=pin
⚠️
Warn: third-party GitHubAction not pinned by hash: .github/workflows/release-build.yaml:517: update your workflow using https://app.stepsecurity.io/secureworkflow/secureCodeBox/secureCodeBox/release-build.yaml/main?enable=pin
⚠️
Warn: third-party GitHubAction not pinned by hash: .github/workflows/release-build.yaml:529: update your workflow using https://app.stepsecurity.io/secureworkflow/secureCodeBox/secureCodeBox/release-build.yaml/main?enable=pin
⚠️
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release-build.yaml:552: update your workflow using https://app.stepsecurity.io/secureworkflow/secureCodeBox/secureCodeBox/release-build.yaml/main?enable=pin
⚠️
Warn: third-party GitHubAction not pinned by hash: .github/workflows/release-build.yaml:555: update your workflow using https://app.stepsecurity.io/secureworkflow/secureCodeBox/secureCodeBox/release-build.yaml/main?enable=pin
⚠️
Warn: third-party GitHubAction not pinned by hash: .github/workflows/release-build.yaml:563: update your workflow using https://app.stepsecurity.io/secureworkflow/secureCodeBox/secureCodeBox/release-build.yaml/main?enable=pin
⚠️
Warn: third-party GitHubAction not pinned by hash: .github/workflows/release-build.yaml:572: update your workflow using https://app.stepsecurity.io/secureworkflow/secureCodeBox/secureCodeBox/release-build.yaml/main?enable=pin
⚠️
Warn: third-party GitHubAction not pinned by hash: .github/workflows/release-build.yaml:575: update your workflow using https://app.stepsecurity.io/secureworkflow/secureCodeBox/secureCodeBox/release-build.yaml/main?enable=pin
⚠️
Warn: third-party GitHubAction not pinned by hash: .github/workflows/release-build.yaml:581: update your workflow using https://app.stepsecurity.io/secureworkflow/secureCodeBox/secureCodeBox/release-build.yaml/main?enable=pin
⚠️
Warn: third-party GitHubAction not pinned by hash: .github/workflows/release-build.yaml:591: update your workflow using https://app.stepsecurity.io/secureworkflow/secureCodeBox/secureCodeBox/release-build.yaml/main?enable=pin
⚠️
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release-build.yaml:31: update your workflow using https://app.stepsecurity.io/secureworkflow/secureCodeBox/secureCodeBox/release-build.yaml/main?enable=pin
⚠️
Warn: third-party GitHubAction not pinned by hash: .github/workflows/release-build.yaml:35: update your workflow using https://app.stepsecurity.io/secureworkflow/secureCodeBox/secureCodeBox/release-build.yaml/main?enable=pin
⚠️
Warn: third-party GitHubAction not pinned by hash: .github/workflows/release-build.yaml:43: update your workflow using https://app.stepsecurity.io/secureworkflow/secureCodeBox/secureCodeBox/release-build.yaml/main?enable=pin
⚠️
Warn: third-party GitHubAction not pinned by hash: .github/workflows/release-build.yaml:45: update your workflow using https://app.stepsecurity.io/secureworkflow/secureCodeBox/secureCodeBox/release-build.yaml/main?enable=pin
⚠️
Warn: third-party GitHubAction not pinned by hash: .github/workflows/release-build.yaml:48: update your workflow using https://app.stepsecurity.io/secureworkflow/secureCodeBox/secureCodeBox/release-build.yaml/main?enable=pin
⚠️
Warn: third-party GitHubAction not pinned by hash: .github/workflows/release-build.yaml:54: update your workflow using https://app.stepsecurity.io/secureworkflow/secureCodeBox/secureCodeBox/release-build.yaml/main?enable=pin
⚠️
Warn: third-party GitHubAction not pinned by hash: .github/workflows/release-build.yaml:64: update your workflow using https://app.stepsecurity.io/secureworkflow/secureCodeBox/secureCodeBox/release-build.yaml/main?enable=pin
⚠️
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release-build.yaml:178: update your workflow using https://app.stepsecurity.io/secureworkflow/secureCodeBox/secureCodeBox/release-build.yaml/main?enable=pin
⚠️
Warn: third-party GitHubAction not pinned by hash: .github/workflows/release-build.yaml:182: update your workflow using https://app.stepsecurity.io/secureworkflow/secureCodeBox/secureCodeBox/release-build.yaml/main?enable=pin
⚠️
Warn: third-party GitHubAction not pinned by hash: .github/workflows/release-build.yaml:190: update your workflow using https://app.stepsecurity.io/secureworkflow/secureCodeBox/secureCodeBox/release-build.yaml/main?enable=pin
⚠️
Warn: third-party GitHubAction not pinned by hash: .github/workflows/release-build.yaml:192: update your workflow using https://app.stepsecurity.io/secureworkflow/secureCodeBox/secureCodeBox/release-build.yaml/main?enable=pin
⚠️
Warn: third-party GitHubAction not pinned by hash: .github/workflows/release-build.yaml:195: update your workflow using https://app.stepsecurity.io/secureworkflow/secureCodeBox/secureCodeBox/release-build.yaml/main?enable=pin
⚠️
Warn: third-party GitHubAction not pinned by hash: .github/workflows/release-build.yaml:201: update your workflow using https://app.stepsecurity.io/secureworkflow/secureCodeBox/secureCodeBox/release-build.yaml/main?enable=pin
⚠️
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release-build.yaml:231: update your workflow using https://app.stepsecurity.io/secureworkflow/secureCodeBox/secureCodeBox/release-build.yaml/main?enable=pin
⚠️
Warn: third-party GitHubAction not pinned by hash: .github/workflows/release-build.yaml:235: update your workflow using https://app.stepsecurity.io/secureworkflow/secureCodeBox/secureCodeBox/release-build.yaml/main?enable=pin
⚠️
Warn: third-party GitHubAction not pinned by hash: .github/workflows/release-build.yaml:243: update your workflow using https://app.stepsecurity.io/secureworkflow/secureCodeBox/secureCodeBox/release-build.yaml/main?enable=pin
⚠️
Warn: third-party GitHubAction not pinned by hash: .github/workflows/release-build.yaml:245: update your workflow using https://app.stepsecurity.io/secureworkflow/secureCodeBox/secureCodeBox/release-build.yaml/main?enable=pin
⚠️
Warn: third-party GitHubAction not pinned by hash: .github/workflows/release-build.yaml:248: update your workflow using https://app.stepsecurity.io/secureworkflow/secureCodeBox/secureCodeBox/release-build.yaml/main?enable=pin
⚠️
Warn: third-party GitHubAction not pinned by hash: .github/workflows/release-build.yaml:258: update your workflow using https://app.stepsecurity.io/secureworkflow/secureCodeBox/secureCodeBox/release-build.yaml/main?enable=pin
⚠️
Warn: third-party GitHubAction not pinned by hash: .github/workflows/release-build.yaml:271: update your workflow using https://app.stepsecurity.io/secureworkflow/secureCodeBox/secureCodeBox/release-build.yaml/main?enable=pin
⚠️
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release-build.yaml:285: update your workflow using https://app.stepsecurity.io/secureworkflow/secureCodeBox/secureCodeBox/release-build.yaml/main?enable=pin
⚠️
Warn: third-party GitHubAction not pinned by hash: .github/workflows/release-build.yaml:289: update your workflow using https://app.stepsecurity.io/secureworkflow/secureCodeBox/secureCodeBox/release-build.yaml/main?enable=pin
⚠️
Warn: third-party GitHubAction not pinned by hash: .github/workflows/release-build.yaml:297: update your workflow using https://app.stepsecurity.io/secureworkflow/secureCodeBox/secureCodeBox/release-build.yaml/main?enable=pin
⚠️
Warn: third-party GitHubAction not pinned by hash: .github/workflows/release-build.yaml:300: update your workflow using https://app.stepsecurity.io/secureworkflow/secureCodeBox/secureCodeBox/release-build.yaml/main?enable=pin
⚠️
Warn: third-party GitHubAction not pinned by hash: .github/workflows/release-build.yaml:306: update your workflow using https://app.stepsecurity.io/secureworkflow/secureCodeBox/secureCodeBox/release-build.yaml/main?enable=pin
⚠️
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release-build.yaml:422: update your workflow using https://app.stepsecurity.io/secureworkflow/secureCodeBox/secureCodeBox/release-build.yaml/main?enable=pin
⚠️
Warn: third-party GitHubAction not pinned by hash: .github/workflows/release-build.yaml:425: update your workflow using https://app.stepsecurity.io/secureworkflow/secureCodeBox/secureCodeBox/release-build.yaml/main?enable=pin
⚠️
Warn: third-party GitHubAction not pinned by hash: .github/workflows/release-build.yaml:433: update your workflow using https://app.stepsecurity.io/secureworkflow/secureCodeBox/secureCodeBox/release-build.yaml/main?enable=pin
⚠️
Warn: third-party GitHubAction not pinned by hash: .github/workflows/release-build.yaml:439: update your workflow using https://app.stepsecurity.io/secureworkflow/secureCodeBox/secureCodeBox/release-build.yaml/main?enable=pin
⚠️
Warn: third-party GitHubAction not pinned by hash: .github/workflows/release-build.yaml:447: update your workflow using https://app.stepsecurity.io/secureworkflow/secureCodeBox/secureCodeBox/release-build.yaml/main?enable=pin
⚠️
Warn: third-party GitHubAction not pinned by hash: .github/workflows/release-build.yaml:450: update your workflow using https://app.stepsecurity.io/secureworkflow/secureCodeBox/secureCodeBox/release-build.yaml/main?enable=pin
⚠️
Warn: third-party GitHubAction not pinned by hash: .github/workflows/release-build.yaml:456: update your workflow using https://app.stepsecurity.io/secureworkflow/secureCodeBox/secureCodeBox/release-build.yaml/main?enable=pin
⚠️
Warn: third-party GitHubAction not pinned by hash: .github/workflows/release-build.yaml:468: update your workflow using https://app.stepsecurity.io/secureworkflow/secureCodeBox/secureCodeBox/release-build.yaml/main?enable=pin
⚠️
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release-build.yaml:78: update your workflow using https://app.stepsecurity.io/secureworkflow/secureCodeBox/secureCodeBox/release-build.yaml/main?enable=pin
⚠️
Warn: third-party GitHubAction not pinned by hash: .github/workflows/release-build.yaml:82: update your workflow using https://app.stepsecurity.io/secureworkflow/secureCodeBox/secureCodeBox/release-build.yaml/main?enable=pin
⚠️
Warn: third-party GitHubAction not pinned by hash: .github/workflows/release-build.yaml:90: update your workflow using https://app.stepsecurity.io/secureworkflow/secureCodeBox/secureCodeBox/release-build.yaml/main?enable=pin
⚠️
Warn: third-party GitHubAction not pinned by hash: .github/workflows/release-build.yaml:92: update your workflow using https://app.stepsecurity.io/secureworkflow/secureCodeBox/secureCodeBox/release-build.yaml/main?enable=pin
⚠️
Warn: third-party GitHubAction not pinned by hash: .github/workflows/release-build.yaml:95: update your workflow using https://app.stepsecurity.io/secureworkflow/secureCodeBox/secureCodeBox/release-build.yaml/main?enable=pin
⚠️
Warn: third-party GitHubAction not pinned by hash: .github/workflows/release-build.yaml:101: update your workflow using https://app.stepsecurity.io/secureworkflow/secureCodeBox/secureCodeBox/release-build.yaml/main?enable=pin
⚠️
Warn: third-party GitHubAction not pinned by hash: .github/workflows/release-build.yaml:111: update your workflow using https://app.stepsecurity.io/secureworkflow/secureCodeBox/secureCodeBox/release-build.yaml/main?enable=pin
⚠️
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release-build.yaml:125: update your workflow using https://app.stepsecurity.io/secureworkflow/secureCodeBox/secureCodeBox/release-build.yaml/main?enable=pin
⚠️
Warn: third-party GitHubAction not pinned by hash: .github/workflows/release-build.yaml:129: update your workflow using https://app.stepsecurity.io/secureworkflow/secureCodeBox/secureCodeBox/release-build.yaml/main?enable=pin
⚠️
Warn: third-party GitHubAction not pinned by hash: .github/workflows/release-build.yaml:137: update your workflow using https://app.stepsecurity.io/secureworkflow/secureCodeBox/secureCodeBox/release-build.yaml/main?enable=pin
⚠️
Warn: third-party GitHubAction not pinned by hash: .github/workflows/release-build.yaml:139: update your workflow using https://app.stepsecurity.io/secureworkflow/secureCodeBox/secureCodeBox/release-build.yaml/main?enable=pin
⚠️
Warn: third-party GitHubAction not pinned by hash: .github/workflows/release-build.yaml:142: update your workflow using https://app.stepsecurity.io/secureworkflow/secureCodeBox/secureCodeBox/release-build.yaml/main?enable=pin
⚠️
Warn: third-party GitHubAction not pinned by hash: .github/workflows/release-build.yaml:148: update your workflow using https://app.stepsecurity.io/secureworkflow/secureCodeBox/secureCodeBox/release-build.yaml/main?enable=pin
⚠️
Warn: third-party GitHubAction not pinned by hash: .github/workflows/release-build.yaml:158: update your workflow using https://app.stepsecurity.io/secureworkflow/secureCodeBox/secureCodeBox/release-build.yaml/main?enable=pin
⚠️
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/scb-bot.yaml:46: update your workflow using https://app.stepsecurity.io/secureworkflow/secureCodeBox/secureCodeBox/scb-bot.yaml/main?enable=pin
⚠️
Warn: third-party GitHubAction not pinned by hash: .github/workflows/scb-bot.yaml:49: update your workflow using https://app.stepsecurity.io/secureworkflow/secureCodeBox/secureCodeBox/scb-bot.yaml/main?enable=pin
⚠️
Warn: third-party GitHubAction not pinned by hash: .github/workflows/scb-bot.yaml:59: update your workflow using https://app.stepsecurity.io/secureworkflow/secureCodeBox/secureCodeBox/scb-bot.yaml/main?enable=pin
⚠️
Warn: third-party GitHubAction not pinned by hash: .github/workflows/scb-bot.yaml:66: update your workflow using https://app.stepsecurity.io/secureworkflow/secureCodeBox/secureCodeBox/scb-bot.yaml/main?enable=pin
⚠️
Warn: third-party GitHubAction not pinned by hash: .github/workflows/scb-bot.yaml:141: update your workflow using https://app.stepsecurity.io/secureworkflow/secureCodeBox/secureCodeBox/scb-bot.yaml/main?enable=pin
⚠️
Warn: third-party GitHubAction not pinned by hash: .github/workflows/scb-bot.yaml:187: update your workflow using https://app.stepsecurity.io/secureworkflow/secureCodeBox/secureCodeBox/scb-bot.yaml/main?enable=pin
⚠️
Warn: containerImage not pinned by hash: .templates/new-scanner/parser/Dockerfile:8
⚠️
Warn: containerImage not pinned by hash: auto-discovery/cloud-aws/Dockerfile:6
⚠️
Warn: containerImage not pinned by hash: auto-discovery/cloud-aws/Dockerfile:25: pin your Docker image by updating gcr.io/distroless/static:nonroot to gcr.io/distroless/static:nonroot@sha256:cdf4daaf154e3e27cfffc799c16f343a384228f38646928a1513d925f473cb46
⚠️
Warn: containerImage not pinned by hash: auto-discovery/kubernetes/Dockerfile:6
⚠️
Warn: containerImage not pinned by hash: auto-discovery/kubernetes/Dockerfile:26: pin your Docker image by updating gcr.io/distroless/static:nonroot to gcr.io/distroless/static:nonroot@sha256:cdf4daaf154e3e27cfffc799c16f343a384228f38646928a1513d925f473cb46
⚠️
Warn: containerImage not pinned by hash: auto-discovery/kubernetes/pull-secret-extractor/Dockerfile:5: pin your Docker image by updating python:3.13-alpine to python:3.13-alpine@sha256:f196fd275fdad7287ccb4b0a85c2e402bb8c794d205cf6158909041c1ee9f38d
⚠️
Warn: containerImage not pinned by hash: demo-targets/dummy-ssh/container/Dockerfile:7: pin your Docker image by updating ubuntu:24.04 to ubuntu:24.04@sha256:a08e551cb33850e4740772b38217fc1796a66da2506d312abe51acda354ff061
⚠️
Warn: containerImage not pinned by hash: demo-targets/old-joomla/container/Dockerfile:5
⚠️
Warn: containerImage not pinned by hash: demo-targets/old-joomla/container/Dockerfile:13: pin your Docker image by updating php:7.2-apache to php:7.2-apache@sha256:4dc0f0115acf8c2f0df69295ae822e49f5ad5fe849725847f15aa0e5802b55f8
⚠️
Warn: containerImage not pinned by hash: demo-targets/old-typo3/container/Dockerfile:5: pin your Docker image by updating martinhelmich/typo3:9.5 to martinhelmich/typo3:9.5@sha256:ea9a2cf7e81114475dafd5c3971c903ecc7746a89788e611342fef35559d70f1
⚠️
Warn: containerImage not pinned by hash: demo-targets/old-wordpress/container/Dockerfile:5
⚠️
Warn: containerImage not pinned by hash: demo-targets/old-wordpress/container/Dockerfile:14: pin your Docker image by updating wordpress:4 to wordpress:4@sha256:7e476394586459bb622d3f37448cd07e703ec6906257d232542f2f51ff073da7
⚠️
Warn: containerImage not pinned by hash: demo-targets/unsafe-https/container/Dockerfile:5: pin your Docker image by updating nginx:1.29-alpine to nginx:1.29-alpine@sha256:d67ea0d64d518b1bb04acde3b00f722ac3e9764b3209a9b0a98924ba35e4b779
⚠️
Warn: containerImage not pinned by hash: documentation/docs/contributing/integrating-a-hook/dockerfile.md:15
⚠️
Warn: containerImage not pinned by hash: documentation/docs/contributing/integrating-a-hook/dockerfile.md:21
⚠️
Warn: containerImage not pinned by hash: hook-sdk/nodejs/Dockerfile:5
⚠️
Warn: containerImage not pinned by hash: hook-sdk/nodejs/Dockerfile:12: pin your Docker image by updating node:22-alpine to node:22-alpine@sha256:1b2479dd35a99687d6638f5976fd235e26c5b37e8122f786fcd5fe231d63de5b
⚠️
Warn: containerImage not pinned by hash: hooks/cascading-scans/hook/Dockerfile:7
⚠️
Warn: containerImage not pinned by hash: hooks/cascading-scans/hook/Dockerfile:13
⚠️
Warn: containerImage not pinned by hash: hooks/cascading-scans/hook/Dockerfile:21
⚠️
Warn: containerImage not pinned by hash: hooks/finding-post-processing/hook/Dockerfile:7
⚠️
Warn: containerImage not pinned by hash: hooks/finding-post-processing/hook/Dockerfile:13
⚠️
Warn: containerImage not pinned by hash: hooks/generic-webhook/hook/Dockerfile:7
⚠️
Warn: containerImage not pinned by hash: hooks/notification/hook/Dockerfile:7
⚠️
Warn: containerImage not pinned by hash: hooks/notification/hook/Dockerfile:13
⚠️
Warn: containerImage not pinned by hash: hooks/notification/hook/Dockerfile:21
⚠️
Warn: containerImage not pinned by hash: hooks/persistence-azure-monitor/hook/Dockerfile:8
⚠️
Warn: containerImage not pinned by hash: hooks/persistence-defectdojo/hook/Dockerfile:5
⚠️
Warn: containerImage not pinned by hash: hooks/persistence-defectdojo/hook/Dockerfile:10: pin your Docker image by updating gcr.io/distroless/java17-debian12:nonroot to gcr.io/distroless/java17-debian12:nonroot@sha256:58719c599e1ee7af8d1bdd3ee7dbdddda7870637c357efb67f9a32a0e652b6f7
⚠️
Warn: containerImage not pinned by hash: hooks/persistence-dependencytrack/hook/Dockerfile:8
⚠️
Warn: containerImage not pinned by hash: hooks/persistence-elastic/dashboard-importer/Dockerfile:5: pin your Docker image by updating alpine:3.22 to alpine:3.22@sha256:4bcff63911fcb4448bd4fdacec207030997caf25e9bea4045fa6c8c44de311d1
⚠️
Warn: containerImage not pinned by hash: hooks/persistence-elastic/hook/Dockerfile:7
⚠️
Warn: containerImage not pinned by hash: hooks/persistence-elastic/hook/Dockerfile:13
⚠️
Warn: containerImage not pinned by hash: hooks/update-field-hook/hook/Dockerfile:7
⚠️
Warn: containerImage not pinned by hash: hooks/update-field-hook/hook/Dockerfile:13
⚠️
Warn: containerImage not pinned by hash: lurker/Dockerfile:6
⚠️
Warn: containerImage not pinned by hash: lurker/Dockerfile:24: pin your Docker image by updating gcr.io/distroless/static:nonroot to gcr.io/distroless/static:nonroot@sha256:cdf4daaf154e3e27cfffc799c16f343a384228f38646928a1513d925f473cb46
⚠️
Warn: containerImage not pinned by hash: operator/Dockerfile:6
⚠️
Warn: containerImage not pinned by hash: operator/Dockerfile:28: pin your Docker image by updating gcr.io/distroless/static:nonroot to gcr.io/distroless/static:nonroot@sha256:cdf4daaf154e3e27cfffc799c16f343a384228f38646928a1513d925f473cb46
⚠️
Warn: containerImage not pinned by hash: parser-sdk/nodejs/Dockerfile:5
⚠️
Warn: containerImage not pinned by hash: parser-sdk/nodejs/Dockerfile:12: pin your Docker image by updating node:22-alpine to node:22-alpine@sha256:1b2479dd35a99687d6638f5976fd235e26c5b37e8122f786fcd5fe231d63de5b
⚠️
Warn: containerImage not pinned by hash: scanners/ffuf/parser/Dockerfile:7
⚠️
Warn: containerImage not pinned by hash: scanners/ffuf/scanner/Dockerfile:5
⚠️
Warn: containerImage not pinned by hash: scanners/ffuf/scanner/Dockerfile:12: pin your Docker image by updating gcr.io/distroless/static-debian12:nonroot to gcr.io/distroless/static-debian12:nonroot@sha256:cdf4daaf154e3e27cfffc799c16f343a384228f38646928a1513d925f473cb46
⚠️
Warn: containerImage not pinned by hash: scanners/git-repo-scanner/parser/Dockerfile:7
⚠️
Warn: containerImage not pinned by hash: scanners/git-repo-scanner/scanner/Dockerfile:5: pin your Docker image by updating docker.io/python:3-alpine to docker.io/python:3-alpine@sha256:f196fd275fdad7287ccb4b0a85c2e402bb8c794d205cf6158909041c1ee9f38d
⚠️
Warn: containerImage not pinned by hash: scanners/gitleaks/parser/Dockerfile:8
⚠️
Warn: containerImage not pinned by hash: scanners/kube-hunter/parser/Dockerfile:7
⚠️
Warn: containerImage not pinned by hash: scanners/kube-hunter/scanner/Dockerfile:6
⚠️
Warn: containerImage not pinned by hash: scanners/ncrack/parser/Dockerfile:7
⚠️
Warn: containerImage not pinned by hash: scanners/ncrack/parser/Dockerfile:13
⚠️
Warn: containerImage not pinned by hash: scanners/ncrack/scanner/Dockerfile:5: pin your Docker image by updating ubuntu:24.04 to ubuntu:24.04@sha256:a08e551cb33850e4740772b38217fc1796a66da2506d312abe51acda354ff061
⚠️
Warn: containerImage not pinned by hash: scanners/nikto/parser/Dockerfile:7
⚠️
Warn: containerImage not pinned by hash: scanners/nikto/scanner/Dockerfile:5
⚠️
Warn: containerImage not pinned by hash: scanners/nikto/scanner/Dockerfile:10: pin your Docker image by updating alpine:3.22 to alpine:3.22@sha256:4bcff63911fcb4448bd4fdacec207030997caf25e9bea4045fa6c8c44de311d1
⚠️
Warn: containerImage not pinned by hash: scanners/nmap/parser/Dockerfile:7
⚠️
Warn: containerImage not pinned by hash: scanners/nmap/parser/Dockerfile:13
⚠️
Warn: containerImage not pinned by hash: scanners/nmap/scanner/Dockerfile:5: pin your Docker image by updating alpine:3.22 to alpine:3.22@sha256:4bcff63911fcb4448bd4fdacec207030997caf25e9bea4045fa6c8c44de311d1
⚠️
Warn: containerImage not pinned by hash: scanners/nuclei/parser/Dockerfile:7
⚠️
Warn: containerImage not pinned by hash: scanners/screenshooter/parser/Dockerfile:7
⚠️
Warn: containerImage not pinned by hash: scanners/screenshooter/scanner/Dockerfile:7: pin your Docker image by updating debian:12.11 to debian:12.11@sha256:b6507e340c43553136f5078284c8c68d86ec8262b1724dde73c325e8d3dcdeba
⚠️
Warn: containerImage not pinned by hash: scanners/semgrep/parser/Dockerfile:7
⚠️
Warn: containerImage not pinned by hash: scanners/ssh-audit/parser/Dockerfile:8
⚠️
Warn: containerImage not pinned by hash: scanners/ssh-audit/scanner/Dockerfile:7
⚠️
Warn: containerImage not pinned by hash: scanners/sslyze/parser/Dockerfile:8
⚠️
Warn: containerImage not pinned by hash: scanners/sslyze/scanner/Dockerfile:6
⚠️
Warn: containerImage not pinned by hash: scanners/subfinder/parser/Dockerfile:8
⚠️
Warn: containerImage not pinned by hash: scanners/test-scan/parser/Dockerfile:7
⚠️
Warn: containerImage not pinned by hash: scanners/test-scan/scanner/Dockerfile:5: pin your Docker image by updating alpine:3.22 to alpine:3.22@sha256:4bcff63911fcb4448bd4fdacec207030997caf25e9bea4045fa6c8c44de311d1
⚠️
Warn: containerImage not pinned by hash: scanners/trivy-sbom/parser/Dockerfile:7
⚠️
Warn: containerImage not pinned by hash: scanners/trivy/parser/Dockerfile:7
⚠️
Warn: containerImage not pinned by hash: scanners/whatweb/parser/Dockerfile:7
⚠️
Warn: containerImage not pinned by hash: scanners/whatweb/scanner/Dockerfile:5: pin your Docker image by updating ruby:latest to ruby:latest@sha256:04121e637d449ec6a93b4f4d05eef7bd55be4ffb04391127cab0999676c2de47
⚠️
Warn: containerImage not pinned by hash: scanners/wpscan/parser/Dockerfile:7
⚠️
Warn: containerImage not pinned by hash: scanners/wpscan/scanner/Dockerfile:8
⚠️
Warn: containerImage not pinned by hash: scanners/zap-automation-framework/parser/Dockerfile:7
⚠️
Warn: containerImage not pinned by hash: scanners/zap-automation-framework/parser/Dockerfile:13
⚠️
Warn: pipCommand not pinned by hash: auto-discovery/kubernetes/pull-secret-extractor/Dockerfile:10
⚠️
Warn: pipCommand not pinned by hash: scanners/git-repo-scanner/scanner/Dockerfile:7
⚠️
Warn: npmCommand not pinned by hash: bin/npm-check-updates.sh:16
ℹ️
Info: 0 out of 68 GitHub-owned GitHubAction dependencies pinned
ℹ️
Info: 2 out of 72 third-party GitHubAction dependencies pinned
ℹ️
Info: 0 out of 2 pipCommand dependencies pinned
ℹ️
Info: 12 out of 13 npmCommand dependencies pinned
ℹ️
Info: 0 out of 77 containerImage dependencies pinned
detected GitHub workflow tokens with excessive permissions
Determines if the project's workflows follow the principle of least privilege.
Show details
ℹ️
Info: jobLevel 'contents' permission set to 'read': .github/workflows/helm-charts-release-ghcr.yaml:18
⚠️
Warn: jobLevel 'packages' permission set to 'write': .github/workflows/helm-charts-release-ghcr.yaml:19
⚠️
Warn: no topLevel permission defined: .github/workflows/ci.yaml:1
⚠️
Warn: no topLevel permission defined: .github/workflows/documentation-roulette.yaml:1
⚠️
Warn: no topLevel permission defined: .github/workflows/helm-charts-release-ghcr.yaml:1
⚠️
Warn: no topLevel permission defined: .github/workflows/helm-charts-release.yaml:1
⚠️
Warn: no topLevel permission defined: .github/workflows/helm-docs.yaml:1
ℹ️
Info: topLevel 'contents' permission set to 'read': .github/workflows/label-commenter.yml:14
⚠️
Warn: no topLevel permission defined: .github/workflows/license-check.yaml:1
⚠️
Warn: no topLevel permission defined: .github/workflows/mega-linter.yml:1
⚠️
Warn: no topLevel permission defined: .github/workflows/move-bot-pr-to-review.yaml:1
⚠️
Warn: no topLevel permission defined: .github/workflows/release-build.yaml:1
⚠️
Warn: no topLevel permission defined: .github/workflows/scb-bot.yaml:1