nginx-prometheus-exporter (original) (raw)

Dependency Review

The following issues were found:

✅ 0 vulnerable package(s)
❌ 1 package(s) with incompatible licenses
✅ 0 package(s) with invalid SPDX license definitions
✅ 0 package(s) with unknown licenses. See the Details below.

License Issues

.github/workflows/dependency-review.yml

Package	Version	License	Issue Type
actions/dependency-review-action	5a2ce3f5b92ee19cbb1541a4984c76d921601d7c	MIT	Incompatible License

Allowed Licenses: Apache-1.1, Apache-2.0, BSD-2-Clause, BSD-3-Clause, BSL-1.0, ISC, MIT, NCSA, OpenSSL, Python-2.0, X11, BSD-2-Clause AND BSD-3-Clause, BSD-2-Clause AND ISC

Excluded from license check: pkg:githubactions/fossas/fossa-action, pkg:golang/github.com/shoenig/go-m1cpu, pkg:pypi/pytest-metadata

OpenSSF Scorecard

Package	Version	Score	Details
actions/actions/dependency-review-action	5a2ce3f5b92ee19cbb1541a4984c76d921601d7c	🟢 7.2	DetailsCheckScoreReasonCode-Review🟢 10all changesets reviewedMaintained🟢 1030 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 10CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detectedLicense🟢 10license file detectedBranch-Protection⚠️ -1internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integrationSigned-Releases⚠️ -1no releases foundBinary-Artifacts🟢 10no binaries found in the repoSecurity-Policy🟢 9security policy file detectedPackaging⚠️ -1packaging workflow not detectedDangerous-Workflow🟢 10no dangerous workflow patterns detectedToken-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissionsFuzzing⚠️ 0project is not fuzzedPinned-Dependencies⚠️ 1dependency not pinned by hash detected -- score normalized to 1SAST🟢 10SAST tool is run on all commitsVulnerabilities🟢 100 existing vulnerabilities detected

Scanned Manifest Files

.github/workflows/dependency-review.yml