| Package | Version | Score | Details |
|---|
| gomod/github.com/hashicorp/go-version | 1.8.0 |
๐ข 6.6 | Details| Check | Score | Reason |
|---|
| Code-Review | ๐ข 7 | Found 8/11 approved changesets -- score normalized to 7 | | Packaging | โ ๏ธ -1 | packaging workflow not detected | | Binary-Artifacts | ๐ข 10 | no binaries found in the repo | | Dangerous-Workflow | ๐ข 10 | no dangerous workflow patterns detected | | Maintained | ๐ข 7 | 9 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 7 | | Pinned-Dependencies | ๐ข 10 | all dependencies are pinned | | Token-Permissions | โ ๏ธ 0 | detected GitHub workflow tokens with excessive permissions | | CII-Best-Practices | โ ๏ธ 0 | no effort to earn an OpenSSF best practices badge detected | | Vulnerabilities | ๐ข 10 | 0 existing vulnerabilities detected | | Fuzzing | โ ๏ธ 0 | project is not fuzzed | | License | ๐ข 10 | license file detected | | Signed-Releases | โ ๏ธ -1 | no releases found | | Security-Policy | ๐ข 10 | security policy file detected | | Branch-Protection | ๐ข 6 | branch protection is not maximal on development and all release branches | | SAST | โ ๏ธ 0 | SAST tool is not run on all commits -- score normalized to 0 |
|
| gomod/go.opentelemetry.io/collector/component | 1.49.0 |
๐ข 7.6 | Details| Check | Score | Reason |
|---|
| Maintained | ๐ข 10 | 30 commit(s) and 7 issue activity found in the last 90 days -- score normalized to 10 | | Dangerous-Workflow | โ ๏ธ 0 | dangerous workflow patterns detected | | Dependency-Update-Tool | ๐ข 10 | update tool detected | | Code-Review | ๐ข 10 | all changesets reviewed | | Binary-Artifacts | ๐ข 10 | no binaries found in the repo | | Token-Permissions | โ ๏ธ 0 | detected GitHub workflow tokens with excessive permissions | | Pinned-Dependencies | ๐ข 10 | all dependencies are pinned | | CII-Best-Practices | ๐ข 5 | badge detected: Passing | | SAST | ๐ข 9 | SAST tool detected but not run on all commits | | License | ๐ข 10 | license file detected | | Signed-Releases | โ ๏ธ -1 | no releases found | | Packaging | ๐ข 10 | packaging workflow detected | | Security-Policy | ๐ข 10 | security policy file detected | | Branch-Protection | ๐ข 4 | branch protection is not maximal on development and all release branches | | Fuzzing | ๐ข 10 | project is fuzzed | | Vulnerabilities | ๐ข 10 | 0 existing vulnerabilities detected | | CI-Tests | ๐ข 10 | 30 out of 30 merged PRs checked by a CI test -- score normalized to 10 | | Contributors | ๐ข 10 | project has 45 contributing companies or organizations |
|
| gomod/go.opentelemetry.io/collector/extension | 1.49.0 |
๐ข 7.6 | Details| Check | Score | Reason |
|---|
| Maintained | ๐ข 10 | 30 commit(s) and 7 issue activity found in the last 90 days -- score normalized to 10 | | Dangerous-Workflow | โ ๏ธ 0 | dangerous workflow patterns detected | | Dependency-Update-Tool | ๐ข 10 | update tool detected | | Code-Review | ๐ข 10 | all changesets reviewed | | Binary-Artifacts | ๐ข 10 | no binaries found in the repo | | Token-Permissions | โ ๏ธ 0 | detected GitHub workflow tokens with excessive permissions | | Pinned-Dependencies | ๐ข 10 | all dependencies are pinned | | CII-Best-Practices | ๐ข 5 | badge detected: Passing | | SAST | ๐ข 9 | SAST tool detected but not run on all commits | | License | ๐ข 10 | license file detected | | Signed-Releases | โ ๏ธ -1 | no releases found | | Packaging | ๐ข 10 | packaging workflow detected | | Security-Policy | ๐ข 10 | security policy file detected | | Branch-Protection | ๐ข 4 | branch protection is not maximal on development and all release branches | | Fuzzing | ๐ข 10 | project is fuzzed | | Vulnerabilities | ๐ข 10 | 0 existing vulnerabilities detected | | CI-Tests | ๐ข 10 | 30 out of 30 merged PRs checked by a CI test -- score normalized to 10 | | Contributors | ๐ข 10 | project has 45 contributing companies or organizations |
|
| gomod/go.opentelemetry.io/collector/extension/xextension | 0.143.0 |
๐ข 7.6 | Details| Check | Score | Reason |
|---|
| Maintained | ๐ข 10 | 30 commit(s) and 7 issue activity found in the last 90 days -- score normalized to 10 | | Dangerous-Workflow | โ ๏ธ 0 | dangerous workflow patterns detected | | Dependency-Update-Tool | ๐ข 10 | update tool detected | | Code-Review | ๐ข 10 | all changesets reviewed | | Binary-Artifacts | ๐ข 10 | no binaries found in the repo | | Token-Permissions | โ ๏ธ 0 | detected GitHub workflow tokens with excessive permissions | | Pinned-Dependencies | ๐ข 10 | all dependencies are pinned | | CII-Best-Practices | ๐ข 5 | badge detected: Passing | | SAST | ๐ข 9 | SAST tool detected but not run on all commits | | License | ๐ข 10 | license file detected | | Signed-Releases | โ ๏ธ -1 | no releases found | | Packaging | ๐ข 10 | packaging workflow detected | | Security-Policy | ๐ข 10 | security policy file detected | | Branch-Protection | ๐ข 4 | branch protection is not maximal on development and all release branches | | Fuzzing | ๐ข 10 | project is fuzzed | | Vulnerabilities | ๐ข 10 | 0 existing vulnerabilities detected | | CI-Tests | ๐ข 10 | 30 out of 30 merged PRs checked by a CI test -- score normalized to 10 | | Contributors | ๐ข 10 | project has 45 contributing companies or organizations |
|
| gomod/go.opentelemetry.io/collector/featuregate | 1.49.0 |
๐ข 7.6 | Details| Check | Score | Reason |
|---|
| Maintained | ๐ข 10 | 30 commit(s) and 7 issue activity found in the last 90 days -- score normalized to 10 | | Dangerous-Workflow | โ ๏ธ 0 | dangerous workflow patterns detected | | Dependency-Update-Tool | ๐ข 10 | update tool detected | | Code-Review | ๐ข 10 | all changesets reviewed | | Binary-Artifacts | ๐ข 10 | no binaries found in the repo | | Token-Permissions | โ ๏ธ 0 | detected GitHub workflow tokens with excessive permissions | | Pinned-Dependencies | ๐ข 10 | all dependencies are pinned | | CII-Best-Practices | ๐ข 5 | badge detected: Passing | | SAST | ๐ข 9 | SAST tool detected but not run on all commits | | License | ๐ข 10 | license file detected | | Signed-Releases | โ ๏ธ -1 | no releases found | | Packaging | ๐ข 10 | packaging workflow detected | | Security-Policy | ๐ข 10 | security policy file detected | | Branch-Protection | ๐ข 4 | branch protection is not maximal on development and all release branches | | Fuzzing | ๐ข 10 | project is fuzzed | | Vulnerabilities | ๐ข 10 | 0 existing vulnerabilities detected | | CI-Tests | ๐ข 10 | 30 out of 30 merged PRs checked by a CI test -- score normalized to 10 | | Contributors | ๐ข 10 | project has 45 contributing companies or organizations |
|
| gomod/go.opentelemetry.io/collector/pdata | 1.49.0 |
๐ข 7.6 | Details| Check | Score | Reason |
|---|
| Maintained | ๐ข 10 | 30 commit(s) and 7 issue activity found in the last 90 days -- score normalized to 10 | | Dangerous-Workflow | โ ๏ธ 0 | dangerous workflow patterns detected | | Dependency-Update-Tool | ๐ข 10 | update tool detected | | Code-Review | ๐ข 10 | all changesets reviewed | | Binary-Artifacts | ๐ข 10 | no binaries found in the repo | | Token-Permissions | โ ๏ธ 0 | detected GitHub workflow tokens with excessive permissions | | Pinned-Dependencies | ๐ข 10 | all dependencies are pinned | | CII-Best-Practices | ๐ข 5 | badge detected: Passing | | SAST | ๐ข 9 | SAST tool detected but not run on all commits | | License | ๐ข 10 | license file detected | | Signed-Releases | โ ๏ธ -1 | no releases found | | Packaging | ๐ข 10 | packaging workflow detected | | Security-Policy | ๐ข 10 | security policy file detected | | Branch-Protection | ๐ข 4 | branch protection is not maximal on development and all release branches | | Fuzzing | ๐ข 10 | project is fuzzed | | Vulnerabilities | ๐ข 10 | 0 existing vulnerabilities detected | | CI-Tests | ๐ข 10 | 30 out of 30 merged PRs checked by a CI test -- score normalized to 10 | | Contributors | ๐ข 10 | project has 45 contributing companies or organizations |
|
| gomod/google.golang.org/genproto/googleapis/api | 0.0.0-20251029180050-ab9386a59fda |
๐ข 6.6 | Details| Check | Score | Reason |
|---|
| Packaging | โ ๏ธ -1 | packaging workflow not detected | | Maintained | ๐ข 10 | 11 commit(s) and 1 issue activity found in the last 90 days -- score normalized to 10 | | Dangerous-Workflow | ๐ข 10 | no dangerous workflow patterns detected | | Code-Review | ๐ข 10 | all changesets reviewed | | Security-Policy | ๐ข 10 | security policy file detected | | CII-Best-Practices | โ ๏ธ 0 | no effort to earn an OpenSSF best practices badge detected | | Token-Permissions | โ ๏ธ 0 | detected GitHub workflow tokens with excessive permissions | | Fuzzing | โ ๏ธ 0 | project is not fuzzed | | License | ๐ข 10 | license file detected | | Binary-Artifacts | ๐ข 10 | no binaries found in the repo | | Signed-Releases | โ ๏ธ -1 | no releases found | | Branch-Protection | โ ๏ธ -1 | internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md | | Pinned-Dependencies | โ ๏ธ 0 | dependency not pinned by hash detected -- score normalized to 0 | | Vulnerabilities | ๐ข 10 | 0 existing vulnerabilities detected | | SAST | โ ๏ธ 1 | SAST tool is not run on all commits -- score normalized to 1 |
|
| gomod/google.golang.org/genproto/googleapis/rpc | 0.0.0-20251029180050-ab9386a59fda |
๐ข 6.6 | Details| Check | Score | Reason |
|---|
| Packaging | โ ๏ธ -1 | packaging workflow not detected | | Maintained | ๐ข 10 | 11 commit(s) and 1 issue activity found in the last 90 days -- score normalized to 10 | | Dangerous-Workflow | ๐ข 10 | no dangerous workflow patterns detected | | Code-Review | ๐ข 10 | all changesets reviewed | | Security-Policy | ๐ข 10 | security policy file detected | | CII-Best-Practices | โ ๏ธ 0 | no effort to earn an OpenSSF best practices badge detected | | Token-Permissions | โ ๏ธ 0 | detected GitHub workflow tokens with excessive permissions | | Fuzzing | โ ๏ธ 0 | project is not fuzzed | | License | ๐ข 10 | license file detected | | Binary-Artifacts | ๐ข 10 | no binaries found in the repo | | Signed-Releases | โ ๏ธ -1 | no releases found | | Branch-Protection | โ ๏ธ -1 | internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md | | Pinned-Dependencies | โ ๏ธ 0 | dependency not pinned by hash detected -- score normalized to 0 | | Vulnerabilities | ๐ข 10 | 0 existing vulnerabilities detected | | SAST | โ ๏ธ 1 | SAST tool is not run on all commits -- score normalized to 1 |
|
| gomod/google.golang.org/grpc | 1.78.0 |
๐ข 7.9 | Details| Check | Score | Reason |
|---|
| Maintained | ๐ข 10 | 30 commit(s) and 2 issue activity found in the last 90 days -- score normalized to 10 | | Dangerous-Workflow | ๐ข 10 | no dangerous workflow patterns detected | | Packaging | โ ๏ธ -1 | packaging workflow not detected | | Code-Review | ๐ข 10 | all changesets reviewed | | Security-Policy | ๐ข 9 | security policy file detected | | CII-Best-Practices | โ ๏ธ 0 | no effort to earn an OpenSSF best practices badge detected | | Token-Permissions | ๐ข 10 | GitHub workflow tokens follow principle of least privilege | | Binary-Artifacts | ๐ข 10 | no binaries found in the repo | | License | ๐ข 10 | license file detected | | Fuzzing | ๐ข 10 | project is fuzzed | | Signed-Releases | โ ๏ธ 0 | Project has not signed or included provenance with any releases. | | Branch-Protection | โ ๏ธ -1 | internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md | | Pinned-Dependencies | โ ๏ธ 0 | dependency not pinned by hash detected -- score normalized to 0 | | Vulnerabilities | ๐ข 10 | 0 existing vulnerabilities detected | | SAST | ๐ข 7 | SAST tool detected but not run on all commits |
|
| gomod/google.golang.org/protobuf | 1.36.11 |
Unknown | Unknown |