Data

Tools

Indexes

Applications

Experiments

Repos

An open API service providing repository metadata for many open source software ecosystems.

GitHub / tlsfuzzer / python-ecdsa

pure-python ECDSA signature/verification and ECDH key agreement

JSON API: http://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tlsfuzzer%2Fpython-ecdsa
PURL: pkg:github/tlsfuzzer/python-ecdsa

Stars: 956
Forks: 330
Open issues: 17

License: other
Language: Python
Size: 1020 KB
Dependencies parsed at: Pending

Created at: over 15 years ago
Updated at: 9 days ago
Pushed at: 2 months ago
Last synced at: 8 days ago

Commit Stats

Commits: 517
Authors: 50
Mean commits per author: 10.34
Development Distribution Score: 0.557
More commit stats: https://commits.ecosyste.ms/hosts/GitHub/repositories/tlsfuzzer/python-ecdsa

Topics: cryptography, digital-signatures, ecdh, ecdsa, elliptic-curves, python

OpenSSF Scorecard report

5.6

Overall Score

10/10 Critical Risk
24/60 High Risk
29/40 Medium Risk
9/20 Low Risk
Generated on August 11, 2025 | Scorecard vv5.2.1-40-gf6ed084d
Security Checks
10/10
Binary-Artifacts
High Risk

no binaries found in the repo

Determines if the project has generated executable (binary) artifacts in the source repository.

10/10
Dangerous-Workflow
Critical Risk

no dangerous workflow patterns detected

Determines if the project's GitHub Action workflows avoid dangerous patterns.

10/10
Fuzzing
Medium Risk

project is fuzzed

Determines if the project uses fuzzing.

Show details
ℹ️ Info: OSSFuzz integration found
10/10
Security-Policy
Medium Risk

security policy file detected

Determines if the project has published a security policy.

Show details
ℹ️ Info: security policy file detected: SECURITY.md:1
ℹ️ Info: Found linked content: SECURITY.md:1
ℹ️ Info: Found disclosure, vulnerability, and/or timelines in security policy: SECURITY.md:1
ℹ️ Info: Found text in security policy: SECURITY.md:1
10/10
Vulnerabilities
High Risk

0 existing vulnerabilities detected

Determines if the project has open, known unfixed vulnerabilities.

9/10
License
Low Risk

license file detected

Determines if the project has defined a license.

Show details
ℹ️ Info: project has a license file: LICENSE:0
⚠️ Warn: project license file does not contain an FSF or OSI license.
9/10
SAST
Medium Risk

SAST tool detected but not run on all commits

Determines if the project uses static code analysis.

Show details
ℹ️ Info: SAST configuration detected: CodeQL
⚠️ Warn: 26 commits out of 30 are checked with a SAST tool
4/10
Code-Review
High Risk

Found 5/11 approved changesets -- score normalized to 4

Determines if the project requires human code review before pull requests (aka merge requests) are merged.

0/10
Branch-Protection
High Risk

branch protection not enabled on development/release branches

Determines if the default and release branches are protected with GitHub's branch protection settings.

Show details
⚠️ Warn: branch protection not enabled for branch 'master'
0/10
CII-Best-Practices
Low Risk

no effort to earn an OpenSSF best practices badge detected

Determines if the project has an OpenSSF (formerly CII) Best Practices Badge.

0/10
Maintained
High Risk

0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0

Determines if the project is "actively maintained".

0/10
Pinned-Dependencies
Medium Risk

dependency not pinned by hash detected -- score normalized to 0

Determines if the project has declared and pinned the dependencies of its build process.

Show details
⚠️ Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:112: update your workflow using https://app.stepsecurity.io/secureworkflow/tlsfuzzer/python-ecdsa/ci.yml/master?enable=pin
⚠️ Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:116: update your workflow using https://app.stepsecurity.io/secureworkflow/tlsfuzzer/python-ecdsa/ci.yml/master?enable=pin
⚠️ Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:173: update your workflow using https://app.stepsecurity.io/secureworkflow/tlsfuzzer/python-ecdsa/ci.yml/master?enable=pin
⚠️ Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:327: update your workflow using https://app.stepsecurity.io/secureworkflow/tlsfuzzer/python-ecdsa/ci.yml/master?enable=pin
⚠️ Warn: third-party GitHubAction not pinned by hash: .github/workflows/ci.yml:361: update your workflow using https://app.stepsecurity.io/secureworkflow/tlsfuzzer/python-ecdsa/ci.yml/master?enable=pin
⚠️ Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:410: update your workflow using https://app.stepsecurity.io/secureworkflow/tlsfuzzer/python-ecdsa/ci.yml/master?enable=pin
⚠️ Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:415: update your workflow using https://app.stepsecurity.io/secureworkflow/tlsfuzzer/python-ecdsa/ci.yml/master?enable=pin
⚠️ Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:475: update your workflow using https://app.stepsecurity.io/secureworkflow/tlsfuzzer/python-ecdsa/ci.yml/master?enable=pin
⚠️ Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:480: update your workflow using https://app.stepsecurity.io/secureworkflow/tlsfuzzer/python-ecdsa/ci.yml/master?enable=pin
⚠️ Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:486: update your workflow using https://app.stepsecurity.io/secureworkflow/tlsfuzzer/python-ecdsa/ci.yml/master?enable=pin
⚠️ Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:524: update your workflow using https://app.stepsecurity.io/secureworkflow/tlsfuzzer/python-ecdsa/ci.yml/master?enable=pin
⚠️ Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:529: update your workflow using https://app.stepsecurity.io/secureworkflow/tlsfuzzer/python-ecdsa/ci.yml/master?enable=pin
⚠️ Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:535: update your workflow using https://app.stepsecurity.io/secureworkflow/tlsfuzzer/python-ecdsa/ci.yml/master?enable=pin
⚠️ Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:541: update your workflow using https://app.stepsecurity.io/secureworkflow/tlsfuzzer/python-ecdsa/ci.yml/master?enable=pin
⚠️ Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:547: update your workflow using https://app.stepsecurity.io/secureworkflow/tlsfuzzer/python-ecdsa/ci.yml/master?enable=pin
⚠️ Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:553: update your workflow using https://app.stepsecurity.io/secureworkflow/tlsfuzzer/python-ecdsa/ci.yml/master?enable=pin
⚠️ Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:559: update your workflow using https://app.stepsecurity.io/secureworkflow/tlsfuzzer/python-ecdsa/ci.yml/master?enable=pin
⚠️ Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:565: update your workflow using https://app.stepsecurity.io/secureworkflow/tlsfuzzer/python-ecdsa/ci.yml/master?enable=pin
⚠️ Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:571: update your workflow using https://app.stepsecurity.io/secureworkflow/tlsfuzzer/python-ecdsa/ci.yml/master?enable=pin
⚠️ Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:577: update your workflow using https://app.stepsecurity.io/secureworkflow/tlsfuzzer/python-ecdsa/ci.yml/master?enable=pin
⚠️ Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:583: update your workflow using https://app.stepsecurity.io/secureworkflow/tlsfuzzer/python-ecdsa/ci.yml/master?enable=pin
⚠️ Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:589: update your workflow using https://app.stepsecurity.io/secureworkflow/tlsfuzzer/python-ecdsa/ci.yml/master?enable=pin
⚠️ Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:595: update your workflow using https://app.stepsecurity.io/secureworkflow/tlsfuzzer/python-ecdsa/ci.yml/master?enable=pin
⚠️ Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:601: update your workflow using https://app.stepsecurity.io/secureworkflow/tlsfuzzer/python-ecdsa/ci.yml/master?enable=pin
⚠️ Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:607: update your workflow using https://app.stepsecurity.io/secureworkflow/tlsfuzzer/python-ecdsa/ci.yml/master?enable=pin
⚠️ Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:613: update your workflow using https://app.stepsecurity.io/secureworkflow/tlsfuzzer/python-ecdsa/ci.yml/master?enable=pin
⚠️ Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:619: update your workflow using https://app.stepsecurity.io/secureworkflow/tlsfuzzer/python-ecdsa/ci.yml/master?enable=pin
⚠️ Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:625: update your workflow using https://app.stepsecurity.io/secureworkflow/tlsfuzzer/python-ecdsa/ci.yml/master?enable=pin
⚠️ Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:631: update your workflow using https://app.stepsecurity.io/secureworkflow/tlsfuzzer/python-ecdsa/ci.yml/master?enable=pin
⚠️ Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:637: update your workflow using https://app.stepsecurity.io/secureworkflow/tlsfuzzer/python-ecdsa/ci.yml/master?enable=pin
⚠️ Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:643: update your workflow using https://app.stepsecurity.io/secureworkflow/tlsfuzzer/python-ecdsa/ci.yml/master?enable=pin
⚠️ Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:668: update your workflow using https://app.stepsecurity.io/secureworkflow/tlsfuzzer/python-ecdsa/ci.yml/master?enable=pin
⚠️ Warn: third-party GitHubAction not pinned by hash: .github/workflows/ci.yml:678: update your workflow using https://app.stepsecurity.io/secureworkflow/tlsfuzzer/python-ecdsa/ci.yml/master?enable=pin
⚠️ Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/codeql.yml:27: update your workflow using https://app.stepsecurity.io/secureworkflow/tlsfuzzer/python-ecdsa/codeql.yml/master?enable=pin
⚠️ Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/codeql.yml:30: update your workflow using https://app.stepsecurity.io/secureworkflow/tlsfuzzer/python-ecdsa/codeql.yml/master?enable=pin
⚠️ Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/codeql.yml:36: update your workflow using https://app.stepsecurity.io/secureworkflow/tlsfuzzer/python-ecdsa/codeql.yml/master?enable=pin
⚠️ Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/codeql.yml:39: update your workflow using https://app.stepsecurity.io/secureworkflow/tlsfuzzer/python-ecdsa/codeql.yml/master?enable=pin
⚠️ Warn: downloadThenRun not pinned by hash: .github/workflows/ci.yml:206
⚠️ Warn: downloadThenRun not pinned by hash: .github/workflows/ci.yml:206
⚠️ Warn: downloadThenRun not pinned by hash: .github/workflows/ci.yml:206
⚠️ Warn: downloadThenRun not pinned by hash: .github/workflows/ci.yml:206
⚠️ Warn: pipCommand not pinned by hash: .github/workflows/ci.yml:214
⚠️ Warn: pipCommand not pinned by hash: .github/workflows/ci.yml:217
⚠️ Warn: pipCommand not pinned by hash: .github/workflows/ci.yml:223
⚠️ Warn: pipCommand not pinned by hash: .github/workflows/ci.yml:257
⚠️ Warn: pipCommand not pinned by hash: .github/workflows/ci.yml:264
⚠️ Warn: pipCommand not pinned by hash: .github/workflows/ci.yml:266
⚠️ Warn: pipCommand not pinned by hash: .github/workflows/ci.yml:271
⚠️ Warn: pipCommand not pinned by hash: .github/workflows/ci.yml:272
⚠️ Warn: pipCommand not pinned by hash: .github/workflows/ci.yml:395
⚠️ Warn: pipCommand not pinned by hash: .github/workflows/ci.yml:422
⚠️ Warn: pipCommand not pinned by hash: .github/workflows/ci.yml:423
⚠️ Warn: pipCommand not pinned by hash: .github/workflows/ci.yml:495
⚠️ Warn: pipCommand not pinned by hash: .github/workflows/ci.yml:497
⚠️ Warn: pipCommand not pinned by hash: .github/workflows/ci.yml:498
⚠️ Warn: pipCommand not pinned by hash: .github/workflows/ci.yml:499
⚠️ Warn: pipCommand not pinned by hash: .github/workflows/ci.yml:650
⚠️ Warn: pipCommand not pinned by hash: .github/workflows/ci.yml:651
ℹ️ Info: 0 out of 35 GitHub-owned GitHubAction dependencies pinned
ℹ️ Info: 0 out of 2 third-party GitHubAction dependencies pinned
ℹ️ Info: 0 out of 4 downloadThenRun dependencies pinned
ℹ️ Info: 1 out of 18 pipCommand dependencies pinned
0/10
Token-Permissions
High Risk

detected GitHub workflow tokens with excessive permissions

Determines if the project's workflows follow the principle of least privilege.

Show details
ℹ️ Info: jobLevel 'actions' permission set to 'read': .github/workflows/codeql.yml:16
ℹ️ Info: jobLevel 'contents' permission set to 'read': .github/workflows/codeql.yml:17
⚠️ Warn: no topLevel permission defined: .github/workflows/ci.yml:1
⚠️ Warn: no topLevel permission defined: .github/workflows/codeql.yml:1
ℹ️ Info: no jobLevel write permissions found
N/A
Packaging
Not Applicable

packaging workflow not detected

Determines if the project is published as a package that others can easily download, install, easily update, and uninstall.

Show details
⚠️ Warn: no GitHub/GitLab publishing workflow detected.
N/A
Signed-Releases
Not Applicable

no releases found

Determines if the project cryptographically signs release artifacts.