Bump the go group across 1 directory with 9 updates #5448

dependabot · 2024-04-25T16:32:41Z

Bumps the go group with 8 updates in the / directory:

Package	From	To
github.com/cert-manager/cert-manager	`1.14.4`	`1.14.5`
go.opentelemetry.io/otel	`1.25.0`	`1.26.0`
go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc	`1.25.0`	`1.26.0`
k8s.io/api	`0.29.3`	`0.30.0`
k8s.io/client-go	`0.29.3`	`0.30.0`
k8s.io/code-generator	`0.29.3`	`0.30.0`
sigs.k8s.io/controller-tools	`0.14.0`	`0.15.0`

Updates github.com/cert-manager/cert-manager from 1.14.4 to 1.14.5

Release notes

Sourced from github.com/cert-manager/cert-manager's releases.

v1.14.5

cert-manager is the easiest way to automatically manage certificates in Kubernetes and OpenShift clusters.

v1.14.5 fixes a bug in the DigitalOcean DNS-01 provider which could cause incorrect DNS records to be deleted when using a domain with a CNAME. Special thanks to @BobyMCbobs for reporting this issue and testing the fix!

It also patches CVE-2023-45288.

Known Issues

ACME Issuer (Let's Encrypt): wrong certificate chain may be used if preferredChain is configured: see 1.14 release notes for more information.

Changes

Bug or Regression

DigitalOcean: Ensure that only TXT records are considered for deletion when cleaning up after an ACME challenge (#6893 , @SgtCoDFish)

Bump golang.org/x/net to address CVE-2023-45288 (#6931 , @SgtCoDFish)

Commits

6a09152 Merge pull request #6955 from SgtCoDFish/release-1.14-ignore-CVE-2020-8559
b774723 [release-1.14] ignore trivy false positive CVE-2020-8559
c1bc830 Merge pull request #6942 from inteon/release-1.14_acl
fb5b0ac Merge pull request #6940 from cert-manager-bot/cherry-pick-6938-to-release-1.14
a298c14 disable rclone gcs bucket ACL
53656b4 remove docker custom network hack, since the test environment itself has been...
04b2a8c Merge pull request #6931 from SgtCoDFish/release-1.14-CVE-2023-45288
ca8832b Merge pull request #6936 from cert-manager-bot/cherry-pick-6923-to-release-1.14
c35059a fix flaky dns test, make sure dns server has started before sending requests
8294b60 [release-1.14] fix CVE-2023-45288, bump base images, bump go
Additional commits viewable in compare view

Updates go.opentelemetry.io/otel from 1.25.0 to 1.26.0

Changelog

Sourced from go.opentelemetry.io/otel's changelog.

[1.26.0/0.48.0/0.2.0-alpha] 2024-04-24

Added

Add Recorder in go.opentelemetry.io/otel/log/logtest to facilitate testing the log bridge implementations. (#5134)

Add span flags to OTLP spans and links exported by go.opentelemetry.io/otel/exporters/otlp/otlptrace. (#5194)

Make the initial alpha release of go.opentelemetry.io/otel/sdk/log. This new module contains the Go implementation of the OpenTelemetry Logs SDK. This module is unstable and breaking changes may be introduced. See our versioning policy for more information about these stability guarantees. (#5240)

Make the initial alpha release of go.opentelemetry.io/otel/exporters/otlp/otlplog/otlploghttp. This new module contains an OTLP exporter that transmits log telemetry using HTTP. This module is unstable and breaking changes may be introduced. See our versioning policy for more information about these stability guarantees. (#5240)

Make the initial alpha release of go.opentelemetry.io/otel/exporters/stdout/stdoutlog. This new module contains an exporter prints log records to STDOUT. This module is unstable and breaking changes may be introduced. See our versioning policy for more information about these stability guarantees. (#5240)

The go.opentelemetry.io/otel/semconv/v1.25.0 package. The package contains semantic conventions from the v1.25.0 version of the OpenTelemetry Semantic Conventions. (#5254)

Changed

Update go.opentelemetry.io/proto/otlp from v1.1.0 to v1.2.0. (#5177)

Improve performance of baggage member character validation in go.opentelemetry.io/otel/baggage. (#5214)

Commits

9656d0a Release 1.26.0/0.48.0/0.2.0-alpha (#5260)
29e1c7e Add custom ring implementation to the BatchProcessor (#5237)
baeb560 sdk/log: Fix doc for LoggerProvider.ForceFlush and LoggerProvider.Shutdown (#...
ae55e29 Remove left-over TODO in otlploghttp (#5256)
fe8e3a1 Semconv v1.25.0 (#5254)
bf37c5a Revert the usage of go.opentelemetry.io/proto/slim (#5253)
b34cfc4 Default implementation for empty BatchProcessor (#5239)
9370c5a Implement resource serialization for stdoutlog (#5213)
6e92163 otlpmetrichttp: Use go.opentelemetry.io/proto/slim/otlp (#5222)
f885333 build(deps): bump golang.org/x/vuln in /internal/tools (#5245)
Additional commits viewable in compare view

Updates go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc from 1.25.0 to 1.26.0

Changelog

Sourced from go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc's changelog.

[1.26.0/0.48.0/0.2.0-alpha] 2024-04-24

Added

Add Recorder in go.opentelemetry.io/otel/log/logtest to facilitate testing the log bridge implementations. (#5134)

Add span flags to OTLP spans and links exported by go.opentelemetry.io/otel/exporters/otlp/otlptrace. (#5194)

Make the initial alpha release of go.opentelemetry.io/otel/sdk/log. This new module contains the Go implementation of the OpenTelemetry Logs SDK. This module is unstable and breaking changes may be introduced. See our versioning policy for more information about these stability guarantees. (#5240)

Make the initial alpha release of go.opentelemetry.io/otel/exporters/otlp/otlplog/otlploghttp. This new module contains an OTLP exporter that transmits log telemetry using HTTP. This module is unstable and breaking changes may be introduced. See our versioning policy for more information about these stability guarantees. (#5240)

Make the initial alpha release of go.opentelemetry.io/otel/exporters/stdout/stdoutlog. This new module contains an exporter prints log records to STDOUT. This module is unstable and breaking changes may be introduced. See our versioning policy for more information about these stability guarantees. (#5240)

The go.opentelemetry.io/otel/semconv/v1.25.0 package. The package contains semantic conventions from the v1.25.0 version of the OpenTelemetry Semantic Conventions. (#5254)

Changed

Update go.opentelemetry.io/proto/otlp from v1.1.0 to v1.2.0. (#5177)

Improve performance of baggage member character validation in go.opentelemetry.io/otel/baggage. (#5214)

Commits

9656d0a Release 1.26.0/0.48.0/0.2.0-alpha (#5260)
29e1c7e Add custom ring implementation to the BatchProcessor (#5237)
baeb560 sdk/log: Fix doc for LoggerProvider.ForceFlush and LoggerProvider.Shutdown (#...
ae55e29 Remove left-over TODO in otlploghttp (#5256)
fe8e3a1 Semconv v1.25.0 (#5254)
bf37c5a Revert the usage of go.opentelemetry.io/proto/slim (#5253)
b34cfc4 Default implementation for empty BatchProcessor (#5239)
9370c5a Implement resource serialization for stdoutlog (#5213)
6e92163 otlpmetrichttp: Use go.opentelemetry.io/proto/slim/otlp (#5222)
f885333 build(deps): bump golang.org/x/vuln in /internal/tools (#5245)
Additional commits viewable in compare view

Updates k8s.io/api from 0.29.3 to 0.30.0

Commits

fb932d2 Update dependencies to v0.30.0 tag
d014286 Merge remote-tracking branch 'origin/master' into release-1.30
581c1b8 Update x/net for CVE-2023-45288
35ca1f4 Merge pull request #123932 from pohly/dra-api-resource-model-rename
b048bd8 Merge pull request #123909 from AkihiroSuda/fix-123906
f06d24a dra api: NodeResourceModel -> ResourceModel
30e3187 api: NodeStatus: rename RuntimeClasses to RuntimeHandlers
96558b9 Merge pull request #123792 from mimowo/propose-api-comments-fix
089c7ca Merge pull request #123180 from AkihiroSuda/rro
b50824d api: KEP-3857: Recursive Read-only (RRO) mounts
Additional commits viewable in compare view

Updates k8s.io/apimachinery from 0.29.3 to 0.30.0

Commits

37988e5 Merge remote-tracking branch 'origin/master' into release-1.30
c857a38 Update x/net for CVE-2023-45288
0407311 followup to allow special characters
25164f7 Merge pull request #123435 from tallclair/apparmor-ga
cbfe0a1 Merge pull request #123758 from liggitt/protobump
21d26b6 Bump github.com/golang/protobuf v1.5.4, google.golang.org/protobuf v1.33.0
0c29f84 Merge pull request #123385 from HirazawaUi/allow-special-characters
60d24f2 Merge pull request #123708 from p0lyn0mial/upstream-const-watchlist-bookmark-...
513d23a apimachinery/meta/types.go: define InitialEventsAnnotationKey const
67cb3a8 Merge pull request #123413 from seans3/tunneling-spdy-websockets
Additional commits viewable in compare view

Updates k8s.io/client-go from 0.29.3 to 0.30.0

Commits

3aa4577 Update dependencies to v0.30.0 tag
2df4de1 Merge remote-tracking branch 'origin/master' into release-1.30
ade2ae2 Update x/net for CVE-2023-45288
b4632b7 Merge pull request #123932 from pohly/dra-api-resource-model-rename
4467b1e Merge pull request #123909 from AkihiroSuda/fix-123906
650f392 dra api: NodeResourceModel -> ResourceModel
00e4609 api: NodeStatus: rename RuntimeClasses to RuntimeHandlers
7ebe0ea Merge pull request #123180 from AkihiroSuda/rro
3be09aa api: KEP-3857: Recursive Read-only (RRO) mounts
110b75b Merge pull request #123344 from nilekhc/svm-controller
Additional commits viewable in compare view

Updates k8s.io/code-generator from 0.29.3 to 0.30.0

Commits

fee00da Update dependencies to v0.30.0 tag
e1372fd Merge remote-tracking branch 'origin/master' into release-1.30
b8aa536 Update x/net for CVE-2023-45288
7142117 Merge pull request #123735 from thockin/master
c9df80e Merge pull request #123758 from liggitt/protobump
5b26ad6 Bump github.com/golang/protobuf v1.5.4, google.golang.org/protobuf v1.33.0
bfe3706 Don't embed plural exceptions in tools
f8417df Merge pull request #123529 from thockin/go-workspaces
2aea5f5 Fix up go.mod files after reviews
3081084 Use path instead of filepath for pkg-paths
Additional commits viewable in compare view

Updates sigs.k8s.io/controller-tools from 0.14.0 to 0.15.0

Release notes

Sourced from sigs.k8s.io/controller-tools's releases.

v0.15.0

What's Changed

✨ Markers can now indicate their priority when applying by @dprotaso in kubernetes-sigs/controller-tools#706

✨ crd: support validating internal list items on list types by @AlexanderYastrebov in kubernetes-sigs/controller-tools#898

✨ crd: allow specifying spec.preserveUnknownFields by @AlexanderYastrebov in kubernetes-sigs/controller-tools#912

✨ crd: add messageExpression support to XValidation marker by @pmalek in kubernetes-sigs/controller-tools#927

✨ Fix deprecations by @zchee in kubernetes-sigs/controller-tools#882

🌱 Update golangci-lint, Makefile, Actions by @vincepri in kubernetes-sigs/controller-tools#902

envtest

✨ Build and publish Kubernetes envtest tools as packages by @vincepri in kubernetes-sigs/controller-tools#906

✨ Add github action to package envtest binaries in releases by @vincepri in kubernetes-sigs/controller-tools#908

🌱 Adjust branches for github actions by @vincepri in kubernetes-sigs/controller-tools#918

🌱 Automatically release, fixup selfLink in camelCase by @vincepri in kubernetes-sigs/controller-tools#921

✨ Release envtest v1.28.0 by @sbueringer in kubernetes-sigs/controller-tools#919

🌱 Promotion of envtest release for Kubernetes v1.28.0 by @github-actions in kubernetes-sigs/controller-tools#920

✨ Release envtest-v1.29.4 by @vincepri in kubernetes-sigs/controller-tools#922

🌱 Promotion of envtest release for Kubernetes v1.29.4 by @github-actions in kubernetes-sigs/controller-tools#923

✨ Release envtest v1.30.0 by @sbueringer in kubernetes-sigs/controller-tools#924

🌱 Promotion of envtest release for Kubernetes v1.30.0 by @github-actions in kubernetes-sigs/controller-tools#925

Dependency bumps

🌱 Bump go version from 1.20 to 1.21 by @SuperSandro2000 in kubernetes-sigs/controller-tools#881

⚠️Bump k/k to v1.30.0-rc.1 & Go to 1.22 by @sbueringer in kubernetes-sigs/controller-tools#901

⚠ Bump to k8s.io/* v1.30 by @sbueringer in kubernetes-sigs/controller-tools#926

🌱 Bump golang.org/x/tools from 0.16.1 to 0.17.0 by @dependabot in kubernetes-sigs/controller-tools#874

🌱 Bump github.com/onsi/gomega from 1.30.0 to 1.31.1 by @dependabot in kubernetes-sigs/controller-tools#876

🌱 Bump golang.org/x/tools from 0.17.0 to 0.18.0 by @dependabot in kubernetes-sigs/controller-tools#885

🌱 Bump golang.org/x/tools from 0.18.0 to 0.19.0 by @dependabot in kubernetes-sigs/controller-tools#891

🌱 Bump github.com/onsi/gomega from 1.31.1 to 1.32.0 by @dependabot in kubernetes-sigs/controller-tools#895

🌱 Bump golang.org/x/tools from 0.19.0 to 0.20.0 by @dependabot in kubernetes-sigs/controller-tools#904

🌱 Bump docker/setup-buildx-action from 3.2.0 to 3.3.0 by @dependabot in kubernetes-sigs/controller-tools#915

🌱 Bump tj-actions/changed-files from 44.0.0 to 44.0.1 by @dependabot in kubernetes-sigs/controller-tools#916

🌱 Bump tj-actions/changed-files from 44.0.1 to 44.3.0 by @dependabot in kubernetes-sigs/controller-tools#929

🌱 Bump github.com/onsi/gomega from 1.32.0 to 1.33.0 by @dependabot in kubernetes-sigs/controller-tools#931

🌱 Bump actions/checkout from 4.1.2 to 4.1.3 by @dependabot in kubernetes-sigs/controller-tools#930

New Contributors

@dprotaso made their first contribution in kubernetes-sigs/controller-tools#706

@SuperSandro2000 made their first contribution in kubernetes-sigs/controller-tools#881

@zchee made their first contribution in kubernetes-sigs/controller-tools#882

@AlexanderYastrebov made their first contribution in kubernetes-sigs/controller-tools#898

@github-actions made their first contribution in kubernetes-sigs/controller-tools#920

@pmalek made their first contribution in kubernetes-sigs/controller-tools#927

Full Changelog: kubernetes-sigs/controller-tools@v0.14.0...v0.15.0

Commits

473c028 Merge pull request #927 from pmalek/crd-xvalidation-add-messageExpression
8dd0634 Merge pull request #930 from kubernetes-sigs/dependabot/github_actions/action...
5464a63 Merge pull request #931 from kubernetes-sigs/dependabot/go_modules/github.com...
1381be7 🌱 Bump actions/checkout from 4.1.2 to 4.1.3
a40abf6 Merge pull request #929 from kubernetes-sigs/dependabot/github_actions/tj-act...
9571d3c 🌱 Bump github.com/onsi/gomega from 1.32.0 to 1.33.0
434b090 🌱 Bump tj-actions/changed-files from 44.0.1 to 44.3.0
04e6d44 feat(crdvalidation): add messageExpression support to XValidation marker
e159968 ✨ crd: allow specifying spec.preserveUnknownFields (#912)
8cc57e3 Merge pull request #926 from sbueringer/pr-1.30
Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR
@dependabot recreate will recreate this PR, overwriting any edits that have been made to it
@dependabot merge will merge this PR after your CI passes on it
@dependabot squash and merge will squash and merge this PR after your CI passes on it
@dependabot cancel merge will cancel a previously requested merge and block automerging
@dependabot reopen will reopen this PR if it is closed
@dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
@dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
@dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
@dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
@dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
@dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
@dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

Bumps the go group with 8 updates in the / directory: | Package | From | To | | --- | --- | --- | | [github.com/cert-manager/cert-manager](https://github.com/cert-manager/cert-manager) | `1.14.4` | `1.14.5` | | [github.com/prometheus/client_golang](https://github.com/prometheus/client_golang) | `1.18.0` | `1.19.0` | | [go.opentelemetry.io/otel](https://github.com/open-telemetry/opentelemetry-go) | `1.25.0` | `1.26.0` | | [go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc](https://github.com/open-telemetry/opentelemetry-go) | `1.25.0` | `1.26.0` | | [k8s.io/api](https://github.com/kubernetes/api) | `0.29.3` | `0.30.0` | | [k8s.io/client-go](https://github.com/kubernetes/client-go) | `0.29.3` | `0.30.0` | | [k8s.io/code-generator](https://github.com/kubernetes/code-generator) | `0.29.3` | `0.30.0` | | [sigs.k8s.io/controller-tools](https://github.com/kubernetes-sigs/controller-tools) | `0.14.0` | `0.15.0` | Updates `github.com/cert-manager/cert-manager` from 1.14.4 to 1.14.5 - [Release notes](https://github.com/cert-manager/cert-manager/releases) - [Commits](cert-manager/cert-manager@v1.14.4...v1.14.5) Updates `github.com/prometheus/client_golang` from 1.18.0 to 1.19.0 - [Release notes](https://github.com/prometheus/client_golang/releases) - [Changelog](https://github.com/prometheus/client_golang/blob/main/CHANGELOG.md) - [Commits](prometheus/client_golang@v1.18.0...v1.19.0) Updates `github.com/prometheus/common` from 0.47.0 to 0.48.0 - [Release notes](https://github.com/prometheus/common/releases) - [Commits](prometheus/common@v0.47.0...v0.48.0) Updates `go.opentelemetry.io/otel` from 1.25.0 to 1.26.0 - [Release notes](https://github.com/open-telemetry/opentelemetry-go/releases) - [Changelog](https://github.com/open-telemetry/opentelemetry-go/blob/main/CHANGELOG.md) - [Commits](open-telemetry/opentelemetry-go@v1.25.0...v1.26.0) Updates `go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc` from 1.25.0 to 1.26.0 - [Release notes](https://github.com/open-telemetry/opentelemetry-go/releases) - [Changelog](https://github.com/open-telemetry/opentelemetry-go/blob/main/CHANGELOG.md) - [Commits](open-telemetry/opentelemetry-go@v1.25.0...v1.26.0) Updates `k8s.io/api` from 0.29.3 to 0.30.0 - [Commits](kubernetes/api@v0.29.3...v0.30.0) Updates `k8s.io/apimachinery` from 0.29.3 to 0.30.0 - [Commits](kubernetes/apimachinery@v0.29.3...v0.30.0) Updates `k8s.io/client-go` from 0.29.3 to 0.30.0 - [Changelog](https://github.com/kubernetes/client-go/blob/master/CHANGELOG.md) - [Commits](kubernetes/client-go@v0.29.3...v0.30.0) Updates `k8s.io/code-generator` from 0.29.3 to 0.30.0 - [Commits](kubernetes/code-generator@v0.29.3...v0.30.0) Updates `sigs.k8s.io/controller-tools` from 0.14.0 to 0.15.0 - [Release notes](https://github.com/kubernetes-sigs/controller-tools/releases) - [Changelog](https://github.com/kubernetes-sigs/controller-tools/blob/master/envtest-releases.yaml) - [Commits](kubernetes-sigs/controller-tools@v0.14.0...v0.15.0) --- updated-dependencies: - dependency-name: github.com/cert-manager/cert-manager dependency-type: direct:production update-type: version-update:semver-patch dependency-group: go - dependency-name: github.com/prometheus/client_golang dependency-type: direct:production update-type: version-update:semver-minor dependency-group: go - dependency-name: github.com/prometheus/common dependency-type: direct:production update-type: version-update:semver-minor dependency-group: go - dependency-name: go.opentelemetry.io/otel dependency-type: direct:production update-type: version-update:semver-minor dependency-group: go - dependency-name: go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc dependency-type: direct:production update-type: version-update:semver-minor dependency-group: go - dependency-name: k8s.io/api dependency-type: direct:production update-type: version-update:semver-minor dependency-group: go - dependency-name: k8s.io/apimachinery dependency-type: direct:production update-type: version-update:semver-minor dependency-group: go - dependency-name: k8s.io/client-go dependency-type: direct:production update-type: version-update:semver-minor dependency-group: go - dependency-name: k8s.io/code-generator dependency-type: direct:production update-type: version-update:semver-minor dependency-group: go - dependency-name: sigs.k8s.io/controller-tools dependency-type: direct:production update-type: version-update:semver-minor dependency-group: go ... Signed-off-by: dependabot[bot] <support@github.com>

github-actions · 2024-04-25T16:33:03Z

Dependency Review

The following issues were found:

❌ 1 vulnerable package(s)
✅ 0 package(s) with incompatible licenses
✅ 0 package(s) with invalid SPDX license definitions
⚠️ 7 package(s) with unknown licenses.

See the Details below.

Vulnerabilities

go.mod

Name	Version	Vulnerability	Severity
k8s.io/apimachinery	0.30.0	Privilege Escalation in Kubernetes	moderate

License Issues

go.mod

Package	Version	License	Issue Type
golang.org/x/crypto	0.22.0	Null	Unknown License
golang.org/x/mod	0.17.0	Null	Unknown License
golang.org/x/net	0.24.0	Null	Unknown License
golang.org/x/sync	0.7.0	Null	Unknown License
golang.org/x/sys	0.19.0	Null	Unknown License
golang.org/x/term	0.19.0	Null	Unknown License
golang.org/x/tools	0.20.0	Null	Unknown License

Allowed Licenses: Apache-1.1, Apache-2.0, BSD-2-Clause, BSD-3-Clause, BSL-1.0, ISC, MIT, NCSA, OpenSSL, Python-2.0, X11, BSD-2-Clause AND BSD-3-Clause

Excluded from license check: pkg:githubactions/fossas/fossa-action, pkg:golang/github.com/shoenig/go-m1cpu, pkg:pypi/pytest-metadata

OpenSSF Scorecard

Scorecard details

Package

Version

Score

Details

gomod/k8s.io/apimachinery

0.30.0

🟢 6

Details

Check	Score	Reason
Maintained	🟢 10	30 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 10
Code-Review	⚠️ 0	Found 0/30 approved changesets -- score normalized to 0
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
License	🟢 10	license file detected
Signed-Releases	⚠️ -1	no releases found
Branch-Protection	⚠️ -1	internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration
Packaging	⚠️ -1	packaging workflow not detected
Token-Permissions	⚠️ -1	No tokens found
Dangerous-Workflow	⚠️ -1	no workflows found
SAST	⚠️ 0	no SAST tool detected
Binary-Artifacts	🟢 10	no binaries found in the repo
Pinned-Dependencies	⚠️ -1	no dependencies found
Fuzzing	⚠️ 0	project is not fuzzed
Security-Policy	🟢 10	security policy file detected
Vulnerabilities	🟢 10	0 existing vulnerabilities detected

gomod/k8s.io/apimachinery

0.29.3

🟢 6

Details

Check	Score	Reason
Maintained	🟢 10	30 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 10
Code-Review	⚠️ 0	Found 0/30 approved changesets -- score normalized to 0
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
License	🟢 10	license file detected
Signed-Releases	⚠️ -1	no releases found
Branch-Protection	⚠️ -1	internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration
Packaging	⚠️ -1	packaging workflow not detected
Token-Permissions	⚠️ -1	No tokens found
Dangerous-Workflow	⚠️ -1	no workflows found
SAST	⚠️ 0	no SAST tool detected
Binary-Artifacts	🟢 10	no binaries found in the repo
Pinned-Dependencies	⚠️ -1	no dependencies found
Fuzzing	⚠️ 0	project is not fuzzed
Security-Policy	🟢 10	security policy file detected
Vulnerabilities	🟢 10	0 existing vulnerabilities detected

gomod/github.com/cert-manager/cert-manager

1.14.5

🟢 7.3

Details

Check	Score	Reason
Binary-Artifacts	🟢 10	no binaries found in the repo
Branch-Protection	⚠️ -1	internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration
CI-Tests	🟢 10	16 out of 16 merged PRs checked by a CI test -- score normalized to 10
CII-Best-Practices	🟢 5	badge detected: passing
Code-Review	🟢 10	all changesets reviewed
Contributors	🟢 10	59 different organizations found -- score normalized to 10
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
Dependency-Update-Tool	🟢 10	update tool detected
Fuzzing	🟢 10	project is fuzzed
License	🟢 10	license file detected
Maintained	🟢 10	30 commit(s) out of 30 and 13 issue activity out of 30 found in the last 90 days -- score normalized to 10
Packaging	⚠️ -1	no published package detected
Pinned-Dependencies	🟢 5	dependency not pinned by hash detected -- score normalized to 5
SAST	⚠️ 0	SAST tool is not run on all commits -- score normalized to 0
Security-Policy	🟢 9	security policy file detected
Signed-Releases	⚠️ 0	0 out of 5 artifacts are signed or have provenance
Token-Permissions	⚠️ 0	detected GitHub workflow tokens with excessive permissions
Vulnerabilities	🟢 9	1 existing vulnerabilities detected

gomod/github.com/grpc-ecosystem/grpc-gateway/v2

2.19.1

🟢 6.4

Details

Check	Score	Reason
Maintained	🟢 10	30 commit(s) and 19 issue activity found in the last 90 days -- score normalized to 10
Code-Review	⚠️ 0	Found 1/30 approved changesets -- score normalized to 0
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
License	🟢 10	license file detected
Branch-Protection	⚠️ -1	internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
Token-Permissions	🟢 10	GitHub workflow tokens follow principle of least privilege
Binary-Artifacts	🟢 10	no binaries found in the repo
Fuzzing	🟢 10	project is fuzzed
Security-Policy	⚠️ 0	security policy file not detected
Signed-Releases	🟢 10	5 out of the last 5 releases have a total of 5 signed artifacts.
Packaging	🟢 10	packaging workflow detected
Pinned-Dependencies	🟢 4	dependency not pinned by hash detected -- score normalized to 4
SAST	⚠️ 0	SAST tool is not run on all commits -- score normalized to 0
Vulnerabilities	⚠️ 0	49 existing vulnerabilities detected

gomod/github.com/prometheus/client_golang

1.19.0

🟢 7.4

Details

Check	Score	Reason
Maintained	🟢 10	30 commit(s) and 19 issue activity found in the last 90 days -- score normalized to 10
Code-Review	🟢 10	all changesets reviewed
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
License	🟢 10	license file detected
Branch-Protection	⚠️ -1	internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration
Signed-Releases	⚠️ -1	no releases found
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
Packaging	⚠️ -1	packaging workflow not detected
Security-Policy	🟢 9	security policy file detected
Token-Permissions	⚠️ 0	detected GitHub workflow tokens with excessive permissions
Binary-Artifacts	🟢 10	no binaries found in the repo
Fuzzing	⚠️ 0	project is not fuzzed
SAST	🟢 10	SAST tool is run on all commits
Vulnerabilities	🟢 9	1 existing vulnerabilities detected
Pinned-Dependencies	🟢 5	dependency not pinned by hash detected -- score normalized to 5

gomod/github.com/prometheus/common

0.48.0

🟢 8

Details

Check	Score	Reason
Code-Review	🟢 10	all changesets reviewed
Maintained	🟢 10	30 commit(s) and 5 issue activity found in the last 90 days -- score normalized to 10
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
License	🟢 10	license file detected
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
Token-Permissions	🟢 10	GitHub workflow tokens follow principle of least privilege
Security-Policy	🟢 9	security policy file detected
Packaging	⚠️ -1	packaging workflow not detected
Binary-Artifacts	🟢 10	no binaries found in the repo
Pinned-Dependencies	🟢 10	all dependencies are pinned
Signed-Releases	⚠️ -1	no releases found
Branch-Protection	⚠️ -1	internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration
Fuzzing	⚠️ 0	project is not fuzzed
SAST	⚠️ 0	SAST tool is not run on all commits -- score normalized to 0
Vulnerabilities	🟢 8	2 existing vulnerabilities detected

gomod/go.opentelemetry.io/otel

1.26.0

🟢 7.9

Details

Check	Score	Reason
Code-Review	🟢 10	all changesets reviewed
Maintained	🟢 10	30 commit(s) and 20 issue activity found in the last 90 days -- score normalized to 10
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
License	🟢 10	license file detected
Signed-Releases	⚠️ -1	no releases found
Branch-Protection	⚠️ -1	internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration
Packaging	⚠️ -1	packaging workflow not detected
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
Token-Permissions	⚠️ 0	detected GitHub workflow tokens with excessive permissions
Binary-Artifacts	🟢 10	no binaries found in the repo
Fuzzing	🟢 10	project is fuzzed
Security-Policy	🟢 10	security policy file detected
SAST	🟢 10	SAST tool is run on all commits
Vulnerabilities	🟢 10	0 existing vulnerabilities detected
Pinned-Dependencies	⚠️ 0	dependency not pinned by hash detected -- score normalized to 0

gomod/go.opentelemetry.io/otel/exporters/otlp/otlptrace

1.26.0

🟢 7.9

Details

Check	Score	Reason
Code-Review	🟢 10	all changesets reviewed
Maintained	🟢 10	30 commit(s) and 20 issue activity found in the last 90 days -- score normalized to 10
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
License	🟢 10	license file detected
Signed-Releases	⚠️ -1	no releases found
Branch-Protection	⚠️ -1	internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration
Packaging	⚠️ -1	packaging workflow not detected
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
Token-Permissions	⚠️ 0	detected GitHub workflow tokens with excessive permissions
Binary-Artifacts	🟢 10	no binaries found in the repo
Fuzzing	🟢 10	project is fuzzed
Security-Policy	🟢 10	security policy file detected
SAST	🟢 10	SAST tool is run on all commits
Vulnerabilities	🟢 10	0 existing vulnerabilities detected
Pinned-Dependencies	⚠️ 0	dependency not pinned by hash detected -- score normalized to 0

gomod/go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc

1.26.0

🟢 7.9

Details

Check	Score	Reason
Code-Review	🟢 10	all changesets reviewed
Maintained	🟢 10	30 commit(s) and 20 issue activity found in the last 90 days -- score normalized to 10
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
License	🟢 10	license file detected
Signed-Releases	⚠️ -1	no releases found
Branch-Protection	⚠️ -1	internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration
Packaging	⚠️ -1	packaging workflow not detected
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
Token-Permissions	⚠️ 0	detected GitHub workflow tokens with excessive permissions
Binary-Artifacts	🟢 10	no binaries found in the repo
Fuzzing	🟢 10	project is fuzzed
Security-Policy	🟢 10	security policy file detected
SAST	🟢 10	SAST tool is run on all commits
Vulnerabilities	🟢 10	0 existing vulnerabilities detected
Pinned-Dependencies	⚠️ 0	dependency not pinned by hash detected -- score normalized to 0

gomod/go.opentelemetry.io/otel/metric

1.26.0

🟢 7.9

Details

Check	Score	Reason
Code-Review	🟢 10	all changesets reviewed
Maintained	🟢 10	30 commit(s) and 20 issue activity found in the last 90 days -- score normalized to 10
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
License	🟢 10	license file detected
Signed-Releases	⚠️ -1	no releases found
Branch-Protection	⚠️ -1	internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration
Packaging	⚠️ -1	packaging workflow not detected
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
Token-Permissions	⚠️ 0	detected GitHub workflow tokens with excessive permissions
Binary-Artifacts	🟢 10	no binaries found in the repo
Fuzzing	🟢 10	project is fuzzed
Security-Policy	🟢 10	security policy file detected
SAST	🟢 10	SAST tool is run on all commits
Vulnerabilities	🟢 10	0 existing vulnerabilities detected
Pinned-Dependencies	⚠️ 0	dependency not pinned by hash detected -- score normalized to 0

gomod/go.opentelemetry.io/otel/sdk

1.26.0

🟢 7.9

Details

Check	Score	Reason
Code-Review	🟢 10	all changesets reviewed
Maintained	🟢 10	30 commit(s) and 20 issue activity found in the last 90 days -- score normalized to 10
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
License	🟢 10	license file detected
Signed-Releases	⚠️ -1	no releases found
Branch-Protection	⚠️ -1	internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration
Packaging	⚠️ -1	packaging workflow not detected
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
Token-Permissions	⚠️ 0	detected GitHub workflow tokens with excessive permissions
Binary-Artifacts	🟢 10	no binaries found in the repo
Fuzzing	🟢 10	project is fuzzed
Security-Policy	🟢 10	security policy file detected
SAST	🟢 10	SAST tool is run on all commits
Vulnerabilities	🟢 10	0 existing vulnerabilities detected
Pinned-Dependencies	⚠️ 0	dependency not pinned by hash detected -- score normalized to 0

gomod/go.opentelemetry.io/otel/trace

1.26.0

🟢 7.9

Details

Check	Score	Reason
Code-Review	🟢 10	all changesets reviewed
Maintained	🟢 10	30 commit(s) and 20 issue activity found in the last 90 days -- score normalized to 10
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
License	🟢 10	license file detected
Signed-Releases	⚠️ -1	no releases found
Branch-Protection	⚠️ -1	internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration
Packaging	⚠️ -1	packaging workflow not detected
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
Token-Permissions	⚠️ 0	detected GitHub workflow tokens with excessive permissions
Binary-Artifacts	🟢 10	no binaries found in the repo
Fuzzing	🟢 10	project is fuzzed
Security-Policy	🟢 10	security policy file detected
SAST	🟢 10	SAST tool is run on all commits
Vulnerabilities	🟢 10	0 existing vulnerabilities detected
Pinned-Dependencies	⚠️ 0	dependency not pinned by hash detected -- score normalized to 0

gomod/go.opentelemetry.io/proto/otlp

1.2.0

🟢 6.4

Details

Check	Score	Reason
Code-Review	🟢 10	all changesets reviewed
Maintained	🟢 10	13 commit(s) and 1 issue activity found in the last 90 days -- score normalized to 10
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
License	🟢 10	license file detected
Token-Permissions	⚠️ 0	detected GitHub workflow tokens with excessive permissions
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
Packaging	⚠️ -1	packaging workflow not detected
Binary-Artifacts	🟢 10	no binaries found in the repo
Branch-Protection	⚠️ -1	internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration
Fuzzing	⚠️ 0	project is not fuzzed
Signed-Releases	⚠️ -1	no releases found
Security-Policy	🟢 10	security policy file detected
Pinned-Dependencies	⚠️ 0	dependency not pinned by hash detected -- score normalized to 0
SAST	⚠️ 0	SAST tool is not run on all commits -- score normalized to 0
Vulnerabilities	🟢 9	1 existing vulnerabilities detected

gomod/golang.org/x/crypto

0.22.0

Unknown

gomod/golang.org/x/mod

0.17.0

Unknown

gomod/golang.org/x/net

0.24.0

Unknown

gomod/golang.org/x/sync

0.7.0

Unknown

gomod/golang.org/x/sys

0.19.0

Unknown

gomod/golang.org/x/term

0.19.0

Unknown

gomod/golang.org/x/tools

0.20.0

Unknown

gomod/google.golang.org/grpc

1.63.2

🟢 8.8

Details

Check	Score	Reason
Code-Review	🟢 10	all changesets reviewed
Maintained	🟢 10	30 commit(s) and 16 issue activity found in the last 90 days -- score normalized to 10
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
License	🟢 10	license file detected
Branch-Protection	⚠️ -1	internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration
Signed-Releases	⚠️ -1	no releases found
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
Packaging	⚠️ -1	packaging workflow not detected
Security-Policy	🟢 9	security policy file detected
Token-Permissions	🟢 10	GitHub workflow tokens follow principle of least privilege
Binary-Artifacts	🟢 10	no binaries found in the repo
Fuzzing	🟢 10	project is fuzzed
SAST	🟢 7	SAST tool detected but not run on all commits
Pinned-Dependencies	🟢 3	dependency not pinned by hash detected -- score normalized to 3
Vulnerabilities	🟢 9	1 existing vulnerabilities detected

gomod/k8s.io/api

0.30.0

🟢 6

Details

Check	Score	Reason
Code-Review	⚠️ 0	Found 0/30 approved changesets -- score normalized to 0
Maintained	🟢 10	29 commit(s) and 1 issue activity found in the last 90 days -- score normalized to 10
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
Signed-Releases	⚠️ -1	no releases found
License	🟢 10	license file detected
Branch-Protection	⚠️ -1	internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration
Packaging	⚠️ -1	packaging workflow not detected
Dangerous-Workflow	⚠️ -1	no workflows found
Token-Permissions	⚠️ -1	No tokens found
Fuzzing	⚠️ 0	project is not fuzzed
SAST	⚠️ 0	no SAST tool detected
Binary-Artifacts	🟢 10	no binaries found in the repo
Security-Policy	🟢 10	security policy file detected
Vulnerabilities	🟢 10	0 existing vulnerabilities detected
Pinned-Dependencies	⚠️ -1	no dependencies found

gomod/k8s.io/apiextensions-apiserver

0.30.0

🟢 4.9

Details

Check	Score	Reason
Code-Review	⚠️ 0	Found 0/30 approved changesets -- score normalized to 0
Maintained	🟢 10	22 commit(s) and 1 issue activity found in the last 90 days -- score normalized to 10
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
License	🟢 10	license file detected
Signed-Releases	⚠️ -1	no releases found
Branch-Protection	⚠️ -1	internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration
Token-Permissions	⚠️ -1	No tokens found
Dangerous-Workflow	⚠️ -1	no workflows found
Packaging	⚠️ -1	packaging workflow not detected
Binary-Artifacts	🟢 10	no binaries found in the repo
SAST	⚠️ 0	no SAST tool detected
Fuzzing	⚠️ 0	project is not fuzzed
Security-Policy	🟢 10	security policy file detected
Pinned-Dependencies	⚠️ 0	dependency not pinned by hash detected -- score normalized to 0
Vulnerabilities	🟢 6	4 existing vulnerabilities detected

gomod/k8s.io/apiserver

0.30.0

🟢 5.4

Details

Check	Score	Reason
Code-Review	⚠️ 0	Found 0/30 approved changesets -- score normalized to 0
Maintained	🟢 10	30 commit(s) and 2 issue activity found in the last 90 days -- score normalized to 10
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
License	🟢 10	license file detected
Signed-Releases	⚠️ -1	no releases found
Branch-Protection	⚠️ -1	internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration
Dangerous-Workflow	⚠️ -1	no workflows found
Packaging	⚠️ -1	packaging workflow not detected
Token-Permissions	⚠️ -1	No tokens found
SAST	⚠️ 0	no SAST tool detected
Binary-Artifacts	🟢 10	no binaries found in the repo
Pinned-Dependencies	⚠️ -1	no dependencies found
Fuzzing	⚠️ 0	project is not fuzzed
Security-Policy	🟢 10	security policy file detected
Vulnerabilities	🟢 6	4 existing vulnerabilities detected

gomod/k8s.io/client-go

0.30.0

🟢 5.5

Details

Check	Score	Reason
Code-Review	⚠️ 0	Found 0/30 approved changesets -- score normalized to 0
Maintained	🟢 10	28 commit(s) and 1 issue activity found in the last 90 days -- score normalized to 10
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
License	🟢 10	license file detected
Signed-Releases	⚠️ -1	no releases found
Branch-Protection	⚠️ -1	internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration
Dangerous-Workflow	⚠️ -1	no workflows found
Packaging	⚠️ -1	packaging workflow not detected
Token-Permissions	⚠️ -1	No tokens found
SAST	⚠️ 0	no SAST tool detected
Fuzzing	⚠️ 0	project is not fuzzed
Binary-Artifacts	🟢 10	no binaries found in the repo
Security-Policy	🟢 10	security policy file detected
Pinned-Dependencies	⚠️ 0	dependency not pinned by hash detected -- score normalized to 0
Vulnerabilities	🟢 10	0 existing vulnerabilities detected

gomod/k8s.io/code-generator

0.30.0

🟢 6

Details

Check	Score	Reason
Code-Review	⚠️ 0	Found 0/30 approved changesets -- score normalized to 0
Maintained	🟢 10	20 commit(s) and 13 issue activity found in the last 90 days -- score normalized to 10
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
License	🟢 10	license file detected
Signed-Releases	⚠️ -1	no releases found
Branch-Protection	⚠️ -1	internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration
Dangerous-Workflow	⚠️ -1	no workflows found
Packaging	⚠️ -1	packaging workflow not detected
SAST	⚠️ 0	no SAST tool detected
Token-Permissions	⚠️ -1	No tokens found
Binary-Artifacts	🟢 10	no binaries found in the repo
Pinned-Dependencies	⚠️ -1	no dependencies found
Fuzzing	⚠️ 0	project is not fuzzed
Security-Policy	🟢 10	security policy file detected
Vulnerabilities	🟢 10	0 existing vulnerabilities detected

gomod/k8s.io/component-base

0.30.0

🟢 5.7

Details

Check	Score	Reason
Code-Review	⚠️ 0	Found 0/30 approved changesets -- score normalized to 0
Maintained	🟢 10	22 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 10
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
License	🟢 10	license file detected
Signed-Releases	⚠️ -1	no releases found
Branch-Protection	⚠️ -1	internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration
Token-Permissions	⚠️ -1	No tokens found
SAST	⚠️ 0	no SAST tool detected
Packaging	⚠️ -1	packaging workflow not detected
Dangerous-Workflow	⚠️ -1	no workflows found
Pinned-Dependencies	⚠️ -1	no dependencies found
Fuzzing	⚠️ 0	project is not fuzzed
Binary-Artifacts	🟢 10	no binaries found in the repo
Security-Policy	🟢 10	security policy file detected
Vulnerabilities	🟢 8	2 existing vulnerabilities detected

gomod/k8s.io/gengo/v2

2.0.0-20240228010128-51d4e06bde70

🟢 7.5

Details

Check	Score	Reason
Maintained	🟢 10	30 commit(s) and 13 issue activity found in the last 90 days -- score normalized to 10
Code-Review	🟢 10	all changesets reviewed
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
License	🟢 10	license file detected
Signed-Releases	⚠️ -1	no releases found
Dangerous-Workflow	⚠️ -1	no workflows found
Packaging	⚠️ -1	packaging workflow not detected
Token-Permissions	⚠️ -1	No tokens found
Security-Policy	🟢 10	security policy file detected
Branch-Protection	⚠️ -1	internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration
Pinned-Dependencies	⚠️ -1	no dependencies found
Binary-Artifacts	🟢 10	no binaries found in the repo
Fuzzing	⚠️ 0	project is not fuzzed
SAST	⚠️ 0	SAST tool is not run on all commits -- score normalized to 0
Vulnerabilities	🟢 10	0 existing vulnerabilities detected

gomod/k8s.io/klog/v2

2.120.1

🟢 6.2

Details

Check	Score	Reason
Code-Review	🟢 10	all changesets reviewed
Maintained	🟢 5	4 commit(s) and 2 issue activity found in the last 90 days -- score normalized to 5
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
License	🟢 10	license file detected
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
Packaging	⚠️ -1	packaging workflow not detected
Branch-Protection	⚠️ -1	internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration
Token-Permissions	⚠️ 0	detected GitHub workflow tokens with excessive permissions
Binary-Artifacts	🟢 10	no binaries found in the repo
Security-Policy	🟢 10	security policy file detected
Signed-Releases	⚠️ -1	no releases found
Fuzzing	⚠️ 0	project is not fuzzed
SAST	⚠️ 0	SAST tool is not run on all commits -- score normalized to 0
Pinned-Dependencies	⚠️ 2	dependency not pinned by hash detected -- score normalized to 2
Vulnerabilities	🟢 10	0 existing vulnerabilities detected

gomod/k8s.io/kube-openapi

0.0.0-20240228011516-70dd3763d340

🟢 7

Details

Check	Score	Reason
Maintained	🟢 10	30 commit(s) and 2 issue activity found in the last 90 days -- score normalized to 10
Code-Review	🟢 10	all changesets reviewed
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
License	🟢 10	license file detected
Signed-Releases	⚠️ -1	no releases found
Branch-Protection	⚠️ -1	internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration
Packaging	⚠️ -1	packaging workflow not detected
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
Security-Policy	🟢 10	security policy file detected
Token-Permissions	⚠️ 0	detected GitHub workflow tokens with excessive permissions
Binary-Artifacts	🟢 10	no binaries found in the repo
Fuzzing	🟢 10	project is fuzzed
SAST	⚠️ 0	SAST tool is not run on all commits -- score normalized to 0
Pinned-Dependencies	⚠️ 0	dependency not pinned by hash detected -- score normalized to 0
Vulnerabilities	🟢 8	2 existing vulnerabilities detected

gomod/sigs.k8s.io/controller-tools

0.15.0

🟢 6.1

Details

Check	Score	Reason
Maintained	🟢 10	30 commit(s) and 24 issue activity found in the last 90 days -- score normalized to 10
Code-Review	🟢 8	Found 14/16 approved changesets -- score normalized to 8
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
License	🟢 10	license file detected
Branch-Protection	⚠️ -1	internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
Packaging	⚠️ -1	packaging workflow not detected
Token-Permissions	⚠️ 0	detected GitHub workflow tokens with excessive permissions
Binary-Artifacts	🟢 10	no binaries found in the repo
Pinned-Dependencies	🟢 6	dependency not pinned by hash detected -- score normalized to 6
Signed-Releases	⚠️ 0	Project has not signed or included provenance with any releases.
Fuzzing	⚠️ 0	project is not fuzzed
Security-Policy	🟢 10	security policy file detected
SAST	⚠️ 0	SAST tool is not run on all commits -- score normalized to 0
Vulnerabilities	🟢 10	0 existing vulnerabilities detected

gomod/github.com/cert-manager/cert-manager

1.14.4

🟢 7.3

Details

Check	Score	Reason
Binary-Artifacts	🟢 10	no binaries found in the repo
Branch-Protection	⚠️ -1	internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration
CI-Tests	🟢 10	16 out of 16 merged PRs checked by a CI test -- score normalized to 10
CII-Best-Practices	🟢 5	badge detected: passing
Code-Review	🟢 10	all changesets reviewed
Contributors	🟢 10	59 different organizations found -- score normalized to 10
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
Dependency-Update-Tool	🟢 10	update tool detected
Fuzzing	🟢 10	project is fuzzed
License	🟢 10	license file detected
Maintained	🟢 10	30 commit(s) out of 30 and 13 issue activity out of 30 found in the last 90 days -- score normalized to 10
Packaging	⚠️ -1	no published package detected
Pinned-Dependencies	🟢 5	dependency not pinned by hash detected -- score normalized to 5
SAST	⚠️ 0	SAST tool is not run on all commits -- score normalized to 0
Security-Policy	🟢 9	security policy file detected
Signed-Releases	⚠️ 0	0 out of 5 artifacts are signed or have provenance
Token-Permissions	⚠️ 0	detected GitHub workflow tokens with excessive permissions
Vulnerabilities	🟢 9	1 existing vulnerabilities detected

gomod/github.com/grpc-ecosystem/grpc-gateway/v2

2.19.0

🟢 6.4

Details

Check	Score	Reason
Maintained	🟢 10	30 commit(s) and 19 issue activity found in the last 90 days -- score normalized to 10
Code-Review	⚠️ 0	Found 1/30 approved changesets -- score normalized to 0
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
License	🟢 10	license file detected
Branch-Protection	⚠️ -1	internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
Token-Permissions	🟢 10	GitHub workflow tokens follow principle of least privilege
Binary-Artifacts	🟢 10	no binaries found in the repo
Fuzzing	🟢 10	project is fuzzed
Security-Policy	⚠️ 0	security policy file not detected
Signed-Releases	🟢 10	5 out of the last 5 releases have a total of 5 signed artifacts.
Packaging	🟢 10	packaging workflow detected
Pinned-Dependencies	🟢 4	dependency not pinned by hash detected -- score normalized to 4
SAST	⚠️ 0	SAST tool is not run on all commits -- score normalized to 0
Vulnerabilities	⚠️ 0	49 existing vulnerabilities detected

gomod/github.com/prometheus/client_golang

1.18.0

🟢 7.4

Details

Check	Score	Reason
Maintained	🟢 10	30 commit(s) and 19 issue activity found in the last 90 days -- score normalized to 10
Code-Review	🟢 10	all changesets reviewed
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
License	🟢 10	license file detected
Branch-Protection	⚠️ -1	internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration
Signed-Releases	⚠️ -1	no releases found
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
Packaging	⚠️ -1	packaging workflow not detected
Security-Policy	🟢 9	security policy file detected
Token-Permissions	⚠️ 0	detected GitHub workflow tokens with excessive permissions
Binary-Artifacts	🟢 10	no binaries found in the repo
Fuzzing	⚠️ 0	project is not fuzzed
SAST	🟢 10	SAST tool is run on all commits
Vulnerabilities	🟢 9	1 existing vulnerabilities detected
Pinned-Dependencies	🟢 5	dependency not pinned by hash detected -- score normalized to 5

gomod/github.com/prometheus/common

0.47.0

🟢 8

Details

Check	Score	Reason
Code-Review	🟢 10	all changesets reviewed
Maintained	🟢 10	30 commit(s) and 5 issue activity found in the last 90 days -- score normalized to 10
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
License	🟢 10	license file detected
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
Token-Permissions	🟢 10	GitHub workflow tokens follow principle of least privilege
Security-Policy	🟢 9	security policy file detected
Packaging	⚠️ -1	packaging workflow not detected
Binary-Artifacts	🟢 10	no binaries found in the repo
Pinned-Dependencies	🟢 10	all dependencies are pinned
Signed-Releases	⚠️ -1	no releases found
Branch-Protection	⚠️ -1	internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration
Fuzzing	⚠️ 0	project is not fuzzed
SAST	⚠️ 0	SAST tool is not run on all commits -- score normalized to 0
Vulnerabilities	🟢 8	2 existing vulnerabilities detected

gomod/go.opentelemetry.io/otel

1.25.0

🟢 7.9

Details

Check	Score	Reason
Code-Review	🟢 10	all changesets reviewed
Maintained	🟢 10	30 commit(s) and 20 issue activity found in the last 90 days -- score normalized to 10
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
License	🟢 10	license file detected
Signed-Releases	⚠️ -1	no releases found
Branch-Protection	⚠️ -1	internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration
Packaging	⚠️ -1	packaging workflow not detected
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
Token-Permissions	⚠️ 0	detected GitHub workflow tokens with excessive permissions
Binary-Artifacts	🟢 10	no binaries found in the repo
Fuzzing	🟢 10	project is fuzzed
Security-Policy	🟢 10	security policy file detected
SAST	🟢 10	SAST tool is run on all commits
Vulnerabilities	🟢 10	0 existing vulnerabilities detected
Pinned-Dependencies	⚠️ 0	dependency not pinned by hash detected -- score normalized to 0

gomod/go.opentelemetry.io/otel/exporters/otlp/otlptrace

1.25.0

🟢 7.9

Details

Check	Score	Reason
Code-Review	🟢 10	all changesets reviewed
Maintained	🟢 10	30 commit(s) and 20 issue activity found in the last 90 days -- score normalized to 10
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
License	🟢 10	license file detected
Signed-Releases	⚠️ -1	no releases found
Branch-Protection	⚠️ -1	internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration
Packaging	⚠️ -1	packaging workflow not detected
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
Token-Permissions	⚠️ 0	detected GitHub workflow tokens with excessive permissions
Binary-Artifacts	🟢 10	no binaries found in the repo
Fuzzing	🟢 10	project is fuzzed
Security-Policy	🟢 10	security policy file detected
SAST	🟢 10	SAST tool is run on all commits
Vulnerabilities	🟢 10	0 existing vulnerabilities detected
Pinned-Dependencies	⚠️ 0	dependency not pinned by hash detected -- score normalized to 0

gomod/go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc

1.25.0

🟢 7.9

Details

Check	Score	Reason
Code-Review	🟢 10	all changesets reviewed
Maintained	🟢 10	30 commit(s) and 20 issue activity found in the last 90 days -- score normalized to 10
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
License	🟢 10	license file detected
Signed-Releases	⚠️ -1	no releases found
Branch-Protection	⚠️ -1	internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration
Packaging	⚠️ -1	packaging workflow not detected
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
Token-Permissions	⚠️ 0	detected GitHub workflow tokens with excessive permissions
Binary-Artifacts	🟢 10	no binaries found in the repo
Fuzzing	🟢 10	project is fuzzed
Security-Policy	🟢 10	security policy file detected
SAST	🟢 10	SAST tool is run on all commits
Vulnerabilities	🟢 10	0 existing vulnerabilities detected
Pinned-Dependencies	⚠️ 0	dependency not pinned by hash detected -- score normalized to 0

gomod/go.opentelemetry.io/otel/metric

1.25.0

🟢 7.9

Details

Check	Score	Reason
Code-Review	🟢 10	all changesets reviewed
Maintained	🟢 10	30 commit(s) and 20 issue activity found in the last 90 days -- score normalized to 10
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
License	🟢 10	license file detected
Signed-Releases	⚠️ -1	no releases found
Branch-Protection	⚠️ -1	internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration
Packaging	⚠️ -1	packaging workflow not detected
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
Token-Permissions	⚠️ 0	detected GitHub workflow tokens with excessive permissions
Binary-Artifacts	🟢 10	no binaries found in the repo
Fuzzing	🟢 10	project is fuzzed
Security-Policy	🟢 10	security policy file detected
SAST	🟢 10	SAST tool is run on all commits
Vulnerabilities	🟢 10	0 existing vulnerabilities detected
Pinned-Dependencies	⚠️ 0	dependency not pinned by hash detected -- score normalized to 0

gomod/go.opentelemetry.io/otel/sdk

1.25.0

🟢 7.9

Details

Check	Score	Reason
Code-Review	🟢 10	all changesets reviewed
Maintained	🟢 10	30 commit(s) and 20 issue activity found in the last 90 days -- score normalized to 10
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
License	🟢 10	license file detected
Signed-Releases	⚠️ -1	no releases found
Branch-Protection	⚠️ -1	internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration
Packaging	⚠️ -1	packaging workflow not detected
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
Token-Permissions	⚠️ 0	detected GitHub workflow tokens with excessive permissions
Binary-Artifacts	🟢 10	no binaries found in the repo
Fuzzing	🟢 10	project is fuzzed
Security-Policy	🟢 10	security policy file detected
SAST	🟢 10	SAST tool is run on all commits
Vulnerabilities	🟢 10	0 existing vulnerabilities detected
Pinned-Dependencies	⚠️ 0	dependency not pinned by hash detected -- score normalized to 0

gomod/go.opentelemetry.io/otel/trace

1.25.0

🟢 7.9

Details

Check	Score	Reason
Code-Review	🟢 10	all changesets reviewed
Maintained	🟢 10	30 commit(s) and 20 issue activity found in the last 90 days -- score normalized to 10
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
License	🟢 10	license file detected
Signed-Releases	⚠️ -1	no releases found
Branch-Protection	⚠️ -1	internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration
Packaging	⚠️ -1	packaging workflow not detected
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
Token-Permissions	⚠️ 0	detected GitHub workflow tokens with excessive permissions
Binary-Artifacts	🟢 10	no binaries found in the repo
Fuzzing	🟢 10	project is fuzzed
Security-Policy	🟢 10	security policy file detected
SAST	🟢 10	SAST tool is run on all commits
Vulnerabilities	🟢 10	0 existing vulnerabilities detected
Pinned-Dependencies	⚠️ 0	dependency not pinned by hash detected -- score normalized to 0

gomod/go.opentelemetry.io/proto/otlp

1.1.0

🟢 6.4

Details

Check	Score	Reason
Code-Review	🟢 10	all changesets reviewed
Maintained	🟢 10	13 commit(s) and 1 issue activity found in the last 90 days -- score normalized to 10
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
License	🟢 10	license file detected
Token-Permissions	⚠️ 0	detected GitHub workflow tokens with excessive permissions
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
Packaging	⚠️ -1	packaging workflow not detected
Binary-Artifacts	🟢 10	no binaries found in the repo
Branch-Protection	⚠️ -1	internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration
Fuzzing	⚠️ 0	project is not fuzzed
Signed-Releases	⚠️ -1	no releases found
Security-Policy	🟢 10	security policy file detected
Pinned-Dependencies	⚠️ 0	dependency not pinned by hash detected -- score normalized to 0
SAST	⚠️ 0	SAST tool is not run on all commits -- score normalized to 0
Vulnerabilities	🟢 9	1 existing vulnerabilities detected

gomod/golang.org/x/crypto

0.21.0

Unknown

gomod/golang.org/x/mod

0.16.0

Unknown

gomod/golang.org/x/net

0.23.0

Unknown

gomod/golang.org/x/sys

0.18.0

Unknown

gomod/golang.org/x/term

0.18.0

Unknown

gomod/golang.org/x/tools

0.19.0

Unknown

gomod/google.golang.org/grpc

1.63.0

🟢 8.8

Details

Check	Score	Reason
Code-Review	🟢 10	all changesets reviewed
Maintained	🟢 10	30 commit(s) and 16 issue activity found in the last 90 days -- score normalized to 10
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
License	🟢 10	license file detected
Branch-Protection	⚠️ -1	internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration
Signed-Releases	⚠️ -1	no releases found
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
Packaging	⚠️ -1	packaging workflow not detected
Security-Policy	🟢 9	security policy file detected
Token-Permissions	🟢 10	GitHub workflow tokens follow principle of least privilege
Binary-Artifacts	🟢 10	no binaries found in the repo
Fuzzing	🟢 10	project is fuzzed
SAST	🟢 7	SAST tool detected but not run on all commits
Pinned-Dependencies	🟢 3	dependency not pinned by hash detected -- score normalized to 3
Vulnerabilities	🟢 9	1 existing vulnerabilities detected

gomod/k8s.io/api

0.29.3

🟢 6

Details

Check	Score	Reason
Code-Review	⚠️ 0	Found 0/30 approved changesets -- score normalized to 0
Maintained	🟢 10	29 commit(s) and 1 issue activity found in the last 90 days -- score normalized to 10
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
Signed-Releases	⚠️ -1	no releases found
License	🟢 10	license file detected
Branch-Protection	⚠️ -1	internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration
Packaging	⚠️ -1	packaging workflow not detected
Dangerous-Workflow	⚠️ -1	no workflows found
Token-Permissions	⚠️ -1	No tokens found
Fuzzing	⚠️ 0	project is not fuzzed
SAST	⚠️ 0	no SAST tool detected
Binary-Artifacts	🟢 10	no binaries found in the repo
Security-Policy	🟢 10	security policy file detected
Vulnerabilities	🟢 10	0 existing vulnerabilities detected
Pinned-Dependencies	⚠️ -1	no dependencies found

gomod/k8s.io/apiextensions-apiserver

0.29.0

🟢 4.9

Details

Check	Score	Reason
Code-Review	⚠️ 0	Found 0/30 approved changesets -- score normalized to 0
Maintained	🟢 10	22 commit(s) and 1 issue activity found in the last 90 days -- score normalized to 10
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
License	🟢 10	license file detected
Signed-Releases	⚠️ -1	no releases found
Branch-Protection	⚠️ -1	internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration
Token-Permissions	⚠️ -1	No tokens found
Dangerous-Workflow	⚠️ -1	no workflows found
Packaging	⚠️ -1	packaging workflow not detected
Binary-Artifacts	🟢 10	no binaries found in the repo
SAST	⚠️ 0	no SAST tool detected
Fuzzing	⚠️ 0	project is not fuzzed
Security-Policy	🟢 10	security policy file detected
Pinned-Dependencies	⚠️ 0	dependency not pinned by hash detected -- score normalized to 0
Vulnerabilities	🟢 6	4 existing vulnerabilities detected

gomod/k8s.io/apiserver

0.29.0

🟢 5.4

Details

Check	Score	Reason
Code-Review	⚠️ 0	Found 0/30 approved changesets -- score normalized to 0
Maintained	🟢 10	30 commit(s) and 2 issue activity found in the last 90 days -- score normalized to 10
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
License	🟢 10	license file detected
Signed-Releases	⚠️ -1	no releases found
Branch-Protection	⚠️ -1	internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration
Dangerous-Workflow	⚠️ -1	no workflows found
Packaging	⚠️ -1	packaging workflow not detected
Token-Permissions	⚠️ -1	No tokens found
SAST	⚠️ 0	no SAST tool detected
Binary-Artifacts	🟢 10	no binaries found in the repo
Pinned-Dependencies	⚠️ -1	no dependencies found
Fuzzing	⚠️ 0	project is not fuzzed
Security-Policy	🟢 10	security policy file detected
Vulnerabilities	🟢 6	4 existing vulnerabilities detected

gomod/k8s.io/client-go

0.29.3

🟢 5.5

Details

Check	Score	Reason
Code-Review	⚠️ 0	Found 0/30 approved changesets -- score normalized to 0
Maintained	🟢 10	28 commit(s) and 1 issue activity found in the last 90 days -- score normalized to 10
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
License	🟢 10	license file detected
Signed-Releases	⚠️ -1	no releases found
Branch-Protection	⚠️ -1	internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration
Dangerous-Workflow	⚠️ -1	no workflows found
Packaging	⚠️ -1	packaging workflow not detected
Token-Permissions	⚠️ -1	No tokens found
SAST	⚠️ 0	no SAST tool detected
Fuzzing	⚠️ 0	project is not fuzzed
Binary-Artifacts	🟢 10	no binaries found in the repo
Security-Policy	🟢 10	security policy file detected
Pinned-Dependencies	⚠️ 0	dependency not pinned by hash detected -- score normalized to 0
Vulnerabilities	🟢 10	0 existing vulnerabilities detected

gomod/k8s.io/code-generator

0.29.3

🟢 6

Details

Check	Score	Reason
Code-Review	⚠️ 0	Found 0/30 approved changesets -- score normalized to 0
Maintained	🟢 10	20 commit(s) and 13 issue activity found in the last 90 days -- score normalized to 10
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
License	🟢 10	license file detected
Signed-Releases	⚠️ -1	no releases found
Branch-Protection	⚠️ -1	internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration
Dangerous-Workflow	⚠️ -1	no workflows found
Packaging	⚠️ -1	packaging workflow not detected
SAST	⚠️ 0	no SAST tool detected
Token-Permissions	⚠️ -1	No tokens found
Binary-Artifacts	🟢 10	no binaries found in the repo
Pinned-Dependencies	⚠️ -1	no dependencies found
Fuzzing	⚠️ 0	project is not fuzzed
Security-Policy	🟢 10	security policy file detected
Vulnerabilities	🟢 10	0 existing vulnerabilities detected

gomod/k8s.io/component-base

0.29.0

🟢 5.7

Details

Check	Score	Reason
Code-Review	⚠️ 0	Found 0/30 approved changesets -- score normalized to 0
Maintained	🟢 10	22 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 10
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
License	🟢 10	license file detected
Signed-Releases	⚠️ -1	no releases found
Branch-Protection	⚠️ -1	internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration
Token-Permissions	⚠️ -1	No tokens found
SAST	⚠️ 0	no SAST tool detected
Packaging	⚠️ -1	packaging workflow not detected
Dangerous-Workflow	⚠️ -1	no workflows found
Pinned-Dependencies	⚠️ -1	no dependencies found
Fuzzing	⚠️ 0	project is not fuzzed
Binary-Artifacts	🟢 10	no binaries found in the repo
Security-Policy	🟢 10	security policy file detected
Vulnerabilities	🟢 8	2 existing vulnerabilities detected

gomod/k8s.io/gengo

0.0.0-20230829151522-9cce18d56c01

🟢 7.5

Details

Check	Score	Reason
Maintained	🟢 10	30 commit(s) and 13 issue activity found in the last 90 days -- score normalized to 10
Code-Review	🟢 10	all changesets reviewed
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
License	🟢 10	license file detected
Signed-Releases	⚠️ -1	no releases found
Dangerous-Workflow	⚠️ -1	no workflows found
Packaging	⚠️ -1	packaging workflow not detected
Token-Permissions	⚠️ -1	No tokens found
Security-Policy	🟢 10	security policy file detected
Branch-Protection	⚠️ -1	internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration
Pinned-Dependencies	⚠️ -1	no dependencies found
Binary-Artifacts	🟢 10	no binaries found in the repo
Fuzzing	⚠️ 0	project is not fuzzed
SAST	⚠️ 0	SAST tool is not run on all commits -- score normalized to 0
Vulnerabilities	🟢 10	0 existing vulnerabilities detected

gomod/k8s.io/klog/v2

2.110.1

🟢 6.2

Details

Check	Score	Reason
Code-Review	🟢 10	all changesets reviewed
Maintained	🟢 5	4 commit(s) and 2 issue activity found in the last 90 days -- score normalized to 5
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
License	🟢 10	license file detected
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
Packaging	⚠️ -1	packaging workflow not detected
Branch-Protection	⚠️ -1	internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration
Token-Permissions	⚠️ 0	detected GitHub workflow tokens with excessive permissions
Binary-Artifacts	🟢 10	no binaries found in the repo
Security-Policy	🟢 10	security policy file detected
Signed-Releases	⚠️ -1	no releases found
Fuzzing	⚠️ 0	project is not fuzzed
SAST	⚠️ 0	SAST tool is not run on all commits -- score normalized to 0
Pinned-Dependencies	⚠️ 2	dependency not pinned by hash detected -- score normalized to 2
Vulnerabilities	🟢 10	0 existing vulnerabilities detected

gomod/k8s.io/kube-openapi

0.0.0-20240103051144-eec4567ac022

🟢 7

Details

Check	Score	Reason
Maintained	🟢 10	30 commit(s) and 2 issue activity found in the last 90 days -- score normalized to 10
Code-Review	🟢 10	all changesets reviewed
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
License	🟢 10	license file detected
Signed-Releases	⚠️ -1	no releases found
Branch-Protection	⚠️ -1	internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration
Packaging	⚠️ -1	packaging workflow not detected
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
Security-Policy	🟢 10	security policy file detected
Token-Permissions	⚠️ 0	detected GitHub workflow tokens with excessive permissions
Binary-Artifacts	🟢 10	no binaries found in the repo
Fuzzing	🟢 10	project is fuzzed
SAST	⚠️ 0	SAST tool is not run on all commits -- score normalized to 0
Pinned-Dependencies	⚠️ 0	dependency not pinned by hash detected -- score normalized to 0
Vulnerabilities	🟢 8	2 existing vulnerabilities detected

gomod/sigs.k8s.io/controller-tools

0.14.0

🟢 6.1

Details

Check	Score	Reason
Maintained	🟢 10	30 commit(s) and 24 issue activity found in the last 90 days -- score normalized to 10
Code-Review	🟢 8	Found 14/16 approved changesets -- score normalized to 8
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
License	🟢 10	license file detected
Branch-Protection	⚠️ -1	internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
Packaging	⚠️ -1	packaging workflow not detected
Token-Permissions	⚠️ 0	detected GitHub workflow tokens with excessive permissions
Binary-Artifacts	🟢 10	no binaries found in the repo
Pinned-Dependencies	🟢 6	dependency not pinned by hash detected -- score normalized to 6
Signed-Releases	⚠️ 0	Project has not signed or included provenance with any releases.
Fuzzing	⚠️ 0	project is not fuzzed
Security-Policy	🟢 10	security policy file detected
SAST	⚠️ 0	SAST tool is not run on all commits -- score normalized to 0
Vulnerabilities	🟢 10	0 existing vulnerabilities detected

Scanned Manifest Files

go.mod

k8s.io/apimachinery@0.30.0
k8s.io/apimachinery@0.29.3
github.com/cert-manager/cert-manager@1.14.5
github.com/grpc-ecosystem/grpc-gateway/v2@2.19.1
github.com/prometheus/client_golang@1.19.0
github.com/prometheus/common@0.48.0
go.opentelemetry.io/otel@1.26.0
go.opentelemetry.io/otel/exporters/otlp/otlptrace@1.26.0
go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc@1.26.0
go.opentelemetry.io/otel/metric@1.26.0
go.opentelemetry.io/otel/sdk@1.26.0
go.opentelemetry.io/otel/trace@1.26.0
go.opentelemetry.io/proto/otlp@1.2.0
golang.org/x/crypto@0.22.0
golang.org/x/mod@0.17.0
golang.org/x/net@0.24.0
golang.org/x/sync@0.7.0
golang.org/x/sys@0.19.0
golang.org/x/term@0.19.0
golang.org/x/tools@0.20.0
google.golang.org/grpc@1.63.2
k8s.io/api@0.30.0
k8s.io/apiextensions-apiserver@0.30.0
k8s.io/apiserver@0.30.0
k8s.io/client-go@0.30.0
k8s.io/code-generator@0.30.0
k8s.io/component-base@0.30.0
k8s.io/gengo/v2@2.0.0-20240228010128-51d4e06bde70
k8s.io/klog/v2@2.120.1
k8s.io/kube-openapi@0.0.0-20240228011516-70dd3763d340
sigs.k8s.io/controller-tools@0.15.0
github.com/cert-manager/cert-manager@1.14.4
github.com/grpc-ecosystem/grpc-gateway/v2@2.19.0
github.com/prometheus/client_golang@1.18.0
github.com/prometheus/common@0.47.0
go.opentelemetry.io/otel@1.25.0
go.opentelemetry.io/otel/exporters/otlp/otlptrace@1.25.0
go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc@1.25.0
go.opentelemetry.io/otel/metric@1.25.0
go.opentelemetry.io/otel/sdk@1.25.0
go.opentelemetry.io/otel/trace@1.25.0
go.opentelemetry.io/proto/otlp@1.1.0
golang.org/x/crypto@0.21.0
golang.org/x/mod@0.16.0
golang.org/x/net@0.23.0
golang.org/x/sys@0.18.0
golang.org/x/term@0.18.0
golang.org/x/tools@0.19.0
google.golang.org/grpc@1.63.0
k8s.io/api@0.29.3
k8s.io/apiextensions-apiserver@0.29.0
k8s.io/apiserver@0.29.0
k8s.io/client-go@0.29.3
k8s.io/code-generator@0.29.3
k8s.io/component-base@0.29.0
k8s.io/gengo@0.0.0-20230829151522-9cce18d56c01
k8s.io/klog/v2@2.110.1
k8s.io/kube-openapi@0.0.0-20240103051144-eec4567ac022
sigs.k8s.io/controller-tools@0.14.0

dependabot · 2024-05-02T17:43:31Z

Looks like these dependencies are updatable in another way, so this is no longer needed.

dependabot bot requested a review from a team as a code owner April 25, 2024 16:32

dependabot bot added dependencies Pull requests that update a dependency file go Pull requests that update Go code labels Apr 25, 2024

jjngx approved these changes Apr 26, 2024

View reviewed changes

jjngx and others added 3 commits April 29, 2024 11:38

Merge branch 'main' into dependabot/go_modules/go-b35985de25

9ce8b9f

add missing parameter to IsValidIp

dc3d95b

update kubebuilder version

9b5a4e5

pdabelf5 force-pushed the dependabot/go_modules/go-b35985de25 branch from 4b77649 to 9b5a4e5 Compare April 29, 2024 10:39

pdabelf5 changed the title ~~Bump the go group across 1 directory with 10 updates~~ Bump the go group across 1 directory with 9 updates Apr 29, 2024

dependabot bot closed this May 2, 2024

dependabot bot deleted the dependabot/go_modules/go-b35985de25 branch May 2, 2024 17:43

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Bump the go group across 1 directory with 9 updates #5448

Bump the go group across 1 directory with 9 updates #5448

dependabot bot commented on behalf of github Apr 25, 2024 •

edited

github-actions bot commented Apr 25, 2024

dependabot bot commented on behalf of github May 2, 2024

Bump the go group across 1 directory with 9 updates #5448

Bump the go group across 1 directory with 9 updates #5448

Conversation

dependabot bot commented on behalf of github Apr 25, 2024 • edited

v1.14.5

Known Issues

Changes

Bug or Regression

[1.26.0/0.48.0/0.2.0-alpha] 2024-04-24

Added

Changed

[1.26.0/0.48.0/0.2.0-alpha] 2024-04-24

Added

Changed

v0.15.0

What's Changed

envtest

Dependency bumps

New Contributors

github-actions bot commented Apr 25, 2024

Dependency Review

Vulnerabilities

go.mod

License Issues

go.mod

OpenSSF Scorecard

Scanned Manifest Files

dependabot bot commented on behalf of github May 2, 2024

dependabot bot commented on behalf of github Apr 25, 2024 •

edited