Data

Tools

Indexes

Applications

Experiments

Repos

An open API service providing repository metadata for many open source software ecosystems.

100daysofweb-with-python-course

Demo code and resources for our 100 Days of Web in Python Course

OpenSSF Scorecard report

2.2

Overall Score

18/50 High Risk
0/40 Medium Risk
0/20 Low Risk
Generated on August 11, 2025 | Scorecard vv5.2.1-40-gf6ed084d
Security Checks
10/10
Binary-Artifacts
High Risk

no binaries found in the repo

Determines if the project has generated executable (binary) artifacts in the source repository.

7/10
Maintained
High Risk

8 commit(s) and 1 issue activity found in the last 90 days -- score normalized to 7

Determines if the project is "actively maintained".

1/10
Code-Review
High Risk

Found 2/15 approved changesets -- score normalized to 1

Determines if the project requires human code review before pull requests (aka merge requests) are merged.

0/10
Branch-Protection
High Risk

branch protection not enabled on development/release branches

Determines if the default and release branches are protected with GitHub's branch protection settings.

Show details
⚠️ Warn: branch protection not enabled for branch 'master'
0/10
CII-Best-Practices
Low Risk

no effort to earn an OpenSSF best practices badge detected

Determines if the project has an OpenSSF (formerly CII) Best Practices Badge.

0/10
Fuzzing
Medium Risk

project is not fuzzed

Determines if the project uses fuzzing.

Show details
⚠️ Warn: no fuzzer integrations found
0/10
License
Low Risk

license file not detected

Determines if the project has defined a license.

Show details
⚠️ Warn: project does not have a license file
0/10
Pinned-Dependencies
Medium Risk

dependency not pinned by hash detected -- score normalized to 0

Determines if the project has declared and pinned the dependencies of its build process.

Show details
⚠️ Warn: containerImage not pinned by hash: days/097-100-docker/demo/base_server/dockerfile:1: pin your Docker image by updating ubuntu:latest to ubuntu:latest@sha256:7c06e91f61fa88c08cc74f7e1b7c69ae24910d745357e0dfe1d2c0322aaf20f9
⚠️ Warn: containerImage not pinned by hash: days/097-100-docker/demo/frontend/dockerfile:1
⚠️ Warn: containerImage not pinned by hash: days/097-100-docker/demo/services/dockerfile:1
⚠️ Warn: pipCommand not pinned by hash: days/097-100-docker/demo/services/dockerfile:5
⚠️ Warn: pipCommand not pinned by hash: days/097-100-docker/demo/services/dockerfile:6
⚠️ Warn: pipCommand not pinned by hash: days/097-100-docker/demo/services/dockerfile:10
⚠️ Warn: pipCommand not pinned by hash: days/089-092-deployment/demo/billtracker/server/server_setup.sh:43
⚠️ Warn: pipCommand not pinned by hash: days/089-092-deployment/demo/billtracker/server/server_setup.sh:44
⚠️ Warn: pipCommand not pinned by hash: days/089-092-deployment/demo/billtracker/server/server_setup.sh:45
⚠️ Warn: pipCommand not pinned by hash: days/089-092-deployment/demo/billtracker/server/server_setup.sh:54
ℹ️ Info: 0 out of 3 containerImage dependencies pinned
ℹ️ Info: 0 out of 7 pipCommand dependencies pinned
0/10
SAST
Medium Risk

SAST tool is not run on all commits -- score normalized to 0

Determines if the project uses static code analysis.

Show details
⚠️ Warn: 0 commits out of 17 are checked with a SAST tool
0/10
Security-Policy
Medium Risk

security policy file not detected

Determines if the project has published a security policy.

Show details
⚠️ Warn: no security policy file detected
⚠️ Warn: no security file to analyze
⚠️ Warn: no security file to analyze
⚠️ Warn: no security file to analyze
0/10
Vulnerabilities
High Risk

155 existing vulnerabilities detected

Determines if the project has open, known unfixed vulnerabilities.

Show details
⚠️ Warn: Project is vulnerable to: GHSA-cpwx-vrp4-4pq7
⚠️ Warn: Project is vulnerable to: GHSA-gmj6-6f8f-6699
⚠️ Warn: Project is vulnerable to: GHSA-h5c8-rqwp-cp95
⚠️ Warn: Project is vulnerable to: GHSA-h75v-3vvj-5mfj
⚠️ Warn: Project is vulnerable to: GHSA-q2x7-8rv6-6q7h
⚠️ Warn: Project is vulnerable to: GHSA-2g68-c3qc-8985
⚠️ Warn: Project is vulnerable to: GHSA-f9vj-2wh5-fj8j
⚠️ Warn: Project is vulnerable to: GHSA-q34m-jh98-gwm2
⚠️ Warn: Project is vulnerable to: GHSA-vqfr-h8mv-ghfj
⚠️ Warn: Project is vulnerable to: PYSEC-2024-60 / GHSA-jjg7-2v4v-x38h
⚠️ Warn: Project is vulnerable to: GHSA-2c2j-9gv5-cj73
⚠️ Warn: Project is vulnerable to: GHSA-f96h-pmfr-66vw
⚠️ Warn: Project is vulnerable to: PYSEC-2021-100 / GHSA-8h2j-cgx8-6xv7
⚠️ Warn: Project is vulnerable to: PYSEC-2024-38
⚠️ Warn: Project is vulnerable to: PYSEC-2020-150 / GHSA-33c7-2mpw-hg34
⚠️ Warn: Project is vulnerable to: PYSEC-2020-151 / GHSA-f97h-2pfx-f59f
⚠️ Warn: Project is vulnerable to: PYSEC-2022-42986 / GHSA-43fp-rhv2-5gv8
⚠️ Warn: Project is vulnerable to: PYSEC-2023-135 / GHSA-xqr8-7jwr-rhp7
⚠️ Warn: Project is vulnerable to: PYSEC-2023-62 / GHSA-m2qf-hxjv-5gpq
⚠️ Warn: Project is vulnerable to: PYSEC-2021-66 / GHSA-g3rq-g295-4j3m
⚠️ Warn: Project is vulnerable to: GHSA-9hjg-9r4m-mvj7
⚠️ Warn: Project is vulnerable to: GHSA-9wx4-h78v-vm56
⚠️ Warn: Project is vulnerable to: PYSEC-2023-74 / GHSA-j8r2-6x86-q33q
⚠️ Warn: Project is vulnerable to: GHSA-34jh-p97f-mpxf
⚠️ Warn: Project is vulnerable to: PYSEC-2023-212 / GHSA-g4mx-q9vg-27p4
⚠️ Warn: Project is vulnerable to: GHSA-pq67-6m6q-mj2v
⚠️ Warn: Project is vulnerable to: PYSEC-2023-192 / GHSA-v845-jxx5-vc9f
⚠️ Warn: Project is vulnerable to: PYSEC-2023-221 / GHSA-hrfv-mqp8-q5rw
⚠️ Warn: Project is vulnerable to: GHSA-j544-7q9p-6xp8
⚠️ Warn: Project is vulnerable to: PYSEC-2023-57 / GHSA-px8h-6qxv-m22q
⚠️ Warn: Project is vulnerable to: PYSEC-2023-58 / GHSA-xg9f-g7g7-2323
⚠️ Warn: Project is vulnerable to: PYSEC-2022-203
⚠️ Warn: Project is vulnerable to: PYSEC-2023-120 / GHSA-45c4-8wx5-qw6w
⚠️ Warn: Project is vulnerable to: GHSA-5m98-qgg9-wh84
⚠️ Warn: Project is vulnerable to: GHSA-7gpw-8wmc-pm8g
⚠️ Warn: Project is vulnerable to: GHSA-8495-4g3g-x7pr
⚠️ Warn: Project is vulnerable to: PYSEC-2024-26 / GHSA-8qpw-xqxj-h4r2
⚠️ Warn: Project is vulnerable to: GHSA-9548-qrrj-x5pj
⚠️ Warn: Project is vulnerable to: PYSEC-2023-246 / GHSA-gfw2-4jvh-wgfg
⚠️ Warn: Project is vulnerable to: GHSA-pjjw-qhg8-p2p9
⚠️ Warn: Project is vulnerable to: PYSEC-2023-250 / GHSA-q3qx-c6g2-7pw2
⚠️ Warn: Project is vulnerable to: PYSEC-2023-251 / GHSA-qvrw-v9rv-5rjx
⚠️ Warn: Project is vulnerable to: PYSEC-2021-76 / GHSA-v6wp-4m6f-gcjg
⚠️ Warn: Project is vulnerable to: PYSEC-2023-247 / GHSA-xx9p-xxvh-7g8j
⚠️ Warn: Project is vulnerable to: PYSEC-2018-66 / GHSA-562c-5r94-xh97
⚠️ Warn: Project is vulnerable to: PYSEC-2019-179 / GHSA-5wv5-4vpf-pj6m
⚠️ Warn: Project is vulnerable to: PYSEC-2014-14 / GHSA-652x-xj99-gmcc
⚠️ Warn: Project is vulnerable to: PYSEC-2014-13 / GHSA-cfj3-7x9c-4p3h
⚠️ Warn: Project is vulnerable to: PYSEC-2018-28 / GHSA-x84v-xcm2-53pg
⚠️ Warn: Project is vulnerable to: PYSEC-2023-117 / GHSA-mrwq-x4v8-fh7p
⚠️ Warn: Project is vulnerable to: GHSA-968p-4wvh-cqc8
⚠️ Warn: Project is vulnerable to: GHSA-67hx-6x53-jw92
⚠️ Warn: Project is vulnerable to: GHSA-qwcr-r2fm-qrc7
⚠️ Warn: Project is vulnerable to: GHSA-v6h2-p8h4-qcjw
⚠️ Warn: Project is vulnerable to: GHSA-grv7-fg5c-xmjg
⚠️ Warn: Project is vulnerable to: GHSA-pxg6-pf52-xh8x
⚠️ Warn: Project is vulnerable to: GHSA-3xgq-45jj-v275
⚠️ Warn: Project is vulnerable to: GHSA-ghr5-ch3p-vcr6
⚠️ Warn: Project is vulnerable to: GHSA-rv95-896h-c2vc
⚠️ Warn: Project is vulnerable to: GHSA-qw6h-vgh9-j6wx
⚠️ Warn: Project is vulnerable to: GHSA-jchw-25xp-jwwc
⚠️ Warn: Project is vulnerable to: GHSA-cxjh-pqwp-8mfp
⚠️ Warn: Project is vulnerable to: GHSA-fjxv-7rqg-78g4
⚠️ Warn: Project is vulnerable to: GHSA-c7qv-q95q-8v27
⚠️ Warn: Project is vulnerable to: GHSA-4www-5p9h-95mh
⚠️ Warn: Project is vulnerable to: GHSA-9gqv-wp59-fq42
⚠️ Warn: Project is vulnerable to: GHSA-9c47-m6qq-7p4h
⚠️ Warn: Project is vulnerable to: GHSA-952p-6rrq-rcjv
⚠️ Warn: Project is vulnerable to: GHSA-mwcw-c2x4-8c55
⚠️ Warn: Project is vulnerable to: GHSA-rp65-9cf3-cjxr
⚠️ Warn: Project is vulnerable to: GHSA-76c9-3jph-rj3q
⚠️ Warn: Project is vulnerable to: GHSA-9wv6-86v2-598j
⚠️ Warn: Project is vulnerable to: GHSA-rhx6-c78j-4q9w
⚠️ Warn: Project is vulnerable to: GHSA-7fh5-64p2-3v2j
⚠️ Warn: Project is vulnerable to: GHSA-gcx4-mw62-g8wm
⚠️ Warn: Project is vulnerable to: GHSA-c2qf-rxjj-qqgw
⚠️ Warn: Project is vulnerable to: GHSA-m6fv-jmcg-4jfg
⚠️ Warn: Project is vulnerable to: GHSA-76p7-773f-r4q5
⚠️ Warn: Project is vulnerable to: GHSA-cm22-4g7w-348p
⚠️ Warn: Project is vulnerable to: GHSA-72xf-g2v4-qvf3
⚠️ Warn: Project is vulnerable to: GHSA-hc6q-2mpp-qw7j
⚠️ Warn: Project is vulnerable to: GHSA-4vvj-4cpr-p986
⚠️ Warn: Project is vulnerable to: GHSA-wr3j-pwj9-hqq6
⚠️ Warn: Project is vulnerable to: GHSA-4v9v-hfq4-rm2v
⚠️ Warn: Project is vulnerable to: GHSA-9jgg-88mc-972h
⚠️ Warn: Project is vulnerable to: GHSA-j8xg-fqg3-53r7
⚠️ Warn: Project is vulnerable to: GHSA-3h5v-q93c-6h6q
⚠️ Warn: Project is vulnerable to: GHSA-wf5p-g6vw-rhxx
⚠️ Warn: Project is vulnerable to: GHSA-jr5f-v2jv-69x6
⚠️ Warn: Project is vulnerable to: PYSEC-2014-5 / GHSA-296w-6qhq-gf92
⚠️ Warn: Project is vulnerable to: PYSEC-2011-2 / GHSA-3jqw-crqj-w8qw
⚠️ Warn: Project is vulnerable to: PYSEC-2012-3 / GHSA-59w8-4wm2-4xw8
⚠️ Warn: Project is vulnerable to: PYSEC-2012-4 / GHSA-5h2q-4hrp-v9rr
⚠️ Warn: Project is vulnerable to: PYSEC-2014-6 / GHSA-625g-gx8c-xcmg
⚠️ Warn: Project is vulnerable to: PYSEC-2015-8 / GHSA-6565-fg86-6jcx
⚠️ Warn: Project is vulnerable to: PYSEC-2021-98 / GHSA-68w8-qjq3-2gfm
⚠️ Warn: Project is vulnerable to: PYSEC-2012-2 / GHSA-78vx-ggch-wghm
⚠️ Warn: Project is vulnerable to: PYSEC-2015-9 / GHSA-7fq8-4pv5-5w5c
⚠️ Warn: Project is vulnerable to: PYSEC-2015-4 / GHSA-7qfw-j7hp-v45g
⚠️ Warn: Project is vulnerable to: PYSEC-2011-9 / GHSA-7wph-fc4w-wqp2
⚠️ Warn: Project is vulnerable to: GHSA-7xr5-9hcq-chf9
⚠️ Warn: Project is vulnerable to: PYSEC-2014-2 / GHSA-89hj-xfx5-7q66
⚠️ Warn: Project is vulnerable to: GHSA-8x94-hmjh-97hq
⚠️ Warn: Project is vulnerable to: PYSEC-2016-2 / GHSA-c8c8-9472-w52h
⚠️ Warn: Project is vulnerable to: PYSEC-2016-3 / GHSA-crhm-qpjc-cm64
⚠️ Warn: Project is vulnerable to: PYSEC-2014-4 / GHSA-f7cm-ccfp-3q4r
⚠️ Warn: Project is vulnerable to: PYSEC-2016-16 / GHSA-fp6p-5xvw-m74f
⚠️ Warn: Project is vulnerable to: PYSEC-2011-8 / GHSA-fwr5-q9rx-294f
⚠️ Warn: Project is vulnerable to: PYSEC-2015-5 / GHSA-gv98-g628-m9x5
⚠️ Warn: Project is vulnerable to: PYSEC-2015-20 / GHSA-h582-2pch-3xv3
⚠️ Warn: Project is vulnerable to: PYSEC-2011-5 / GHSA-h95j-h2rv-qrg4
⚠️ Warn: Project is vulnerable to: GHSA-hmr4-m2h5-33qx
⚠️ Warn: Project is vulnerable to: PYSEC-2015-6 / GHSA-jhjg-w2cp-5j44
⚠️ Warn: Project is vulnerable to: PYSEC-2016-15 / GHSA-pw27-w7w4-9qc7
⚠️ Warn: Project is vulnerable to: PYSEC-2015-10 / GHSA-q5qw-4364-5hhm
⚠️ Warn: Project is vulnerable to: PYSEC-2011-4 / GHSA-rm2j-x595-q9cj
⚠️ Warn: Project is vulnerable to: GHSA-rrqc-c2jx-6jgv
⚠️ Warn: Project is vulnerable to: PYSEC-2014-1 / GHSA-rvq6-mrpv-m6rm
⚠️ Warn: Project is vulnerable to: PYSEC-2014-7 / GHSA-rw75-m7gp-92m3
⚠️ Warn: Project is vulnerable to: PYSEC-2019-16 / GHSA-vfq6-hq5r-27r6
⚠️ Warn: Project is vulnerable to: PYSEC-2014-3 / GHSA-wqjj-hx84-v449
⚠️ Warn: Project is vulnerable to: PYSEC-2011-3 / GHSA-wxg3-mfph-qg9w
⚠️ Warn: Project is vulnerable to: PYSEC-2011-1 / GHSA-x88j-93vc-wpmp
⚠️ Warn: Project is vulnerable to: PYSEC-2007-1
⚠️ Warn: Project is vulnerable to: PYSEC-2008-1
⚠️ Warn: Project is vulnerable to: PYSEC-2008-2
⚠️ Warn: Project is vulnerable to: PYSEC-2009-3
⚠️ Warn: Project is vulnerable to: PYSEC-2015-11
⚠️ Warn: Project is vulnerable to: PYSEC-2015-7
⚠️ Warn: Project is vulnerable to: PYSEC-2016-18
⚠️ Warn: Project is vulnerable to: PYSEC-2022-43167
⚠️ Warn: Project is vulnerable to: PYSEC-2023-206
⚠️ Warn: Project is vulnerable to: PYSEC-2023-48 / GHSA-74m5-2c7w-9w3x
⚠️ Warn: Project is vulnerable to: PYSEC-2010-1 / GHSA-7q8x-38mc-p84f
⚠️ Warn: Project is vulnerable to: PYSEC-2022-260 / GHSA-v973-fxgf-6xhp
⚠️ Warn: Project is vulnerable to: PYSEC-2019-124 / GHSA-38fc-9xqv-7f7q
⚠️ Warn: Project is vulnerable to: PYSEC-2019-123 / GHSA-887w-45rq-vxgf
⚠️ Warn: Project is vulnerable to: PYSEC-2012-9 / GHSA-hfg2-wf6j-x53p
⚠️ Warn: Project is vulnerable to: PYSEC-2024-211 / GHSA-3f84-rpwh-47g6
⚠️ Warn: Project is vulnerable to: PYSEC-2022-169 / GHSA-4f7p-27jc-3c36
⚠️ Warn: Project is vulnerable to: PYSEC-2020-178 / GHSA-4ppp-gpcr-7qf6 / GHSA-j7j6-7hfx-5522
⚠️ Warn: Project is vulnerable to: PYSEC-2019-138 / GHSA-968f-66r5-5v74
⚠️ Warn: Project is vulnerable to: PYSEC-2019-137 / GHSA-g2xc-35jw-c63p
⚠️ Warn: Project is vulnerable to: GHSA-m5ff-3wj3-8ph4
⚠️ Warn: Project is vulnerable to: PYSEC-2019-136 / GHSA-pg36-wpm5-g57p
⚠️ Warn: Project is vulnerable to: PYSEC-2020-155
⚠️ Warn: Project is vulnerable to: PYSEC-2024-188 / GHSA-mg3v-6m49-jhp3
⚠️ Warn: Project is vulnerable to: GHSA-hc5x-x2vx-497g
⚠️ Warn: Project is vulnerable to: GHSA-w3h3-4rj7-4ph4
⚠️ Warn: Project is vulnerable to: PYSEC-2020-263 / GHSA-fx83-3ph3-9j2q
⚠️ Warn: Project is vulnerable to: GHSA-gw84-84pc-xp82
⚠️ Warn: Project is vulnerable to: PYSEC-2021-129 / GHSA-qhx9-7hx7-cp4r
⚠️ Warn: Project is vulnerable to: PYSEC-2022-227 / GHSA-xhp9-4947-rq78
⚠️ Warn: Project is vulnerable to: GHSA-5j4c-8p2g-v4jx
⚠️ Warn: Project is vulnerable to: GHSA-vc8w-jr9v-vj7f
N/A
Dangerous-Workflow
Not Applicable

no workflows found

Determines if the project's GitHub Action workflows avoid dangerous patterns.

N/A
Packaging
Not Applicable

packaging workflow not detected

Determines if the project is published as a package that others can easily download, install, easily update, and uninstall.

Show details
⚠️ Warn: no GitHub/GitLab publishing workflow detected.
N/A
Signed-Releases
Not Applicable

no releases found

Determines if the project cryptographically signs release artifacts.

N/A
Token-Permissions
Not Applicable

No tokens found

Determines if the project's workflows follow the principle of least privilege.

Links
Repository Details
  • Stars 635
  • Forks 389
  • Open issues 2
  • License None
  • Language JavaScript
  • Size 7.51 MB
  • Created at almost 8 years ago
  • Updated at 10 months ago
  • Pushed at almost 2 years ago
  • Last synced at 10 months ago
  • Dependencies parsed at Pending
Topics
100daysofcode, python, web