| Repository | Critical | High | Medium | Low | Total |
|---|---|---|---|---|---|
| gerrit-clone-action | 0 | 11 | 0 | 0 | 11 |
| gerrit-action | 0 | 2 | 0 | 0 | 2 |
| tailscale-openstack-bastion-action | 0 | 0 | 11 | 0 | 11 |
| packer-build-action | 0 | 0 | 9 | 0 | 9 |
| hw-bom-javascript | 0 | 0 | 2 | 0 | 2 |
74 repositories clean
Not enabled โ enable to appear in future reports:
| Repository | Score | Critical | High | Medium | Low |
|---|---|---|---|---|---|
| tailscale-openstack-bastion-action | 6.4 | 0 | 11 | 11 | 1 |
| openstack-cron-action | 6.5 | 0 | 7 | 3 | 1 |
| packer-build-action | 6.6 | 0 | 9 | 5 | 1 |
| central-publish-action | 6.7 | 0 | 3 | 2 | 1 |
| maven-stage-prep-action | 6.8 | 0 | 3 | 2 | 1 |
| nexus-staging-action | 6.8 | 0 | 3 | 2 | 1 |
| github-security-report-action | 6.9 | 0 | 3 | 2 | 1 |
| harden-runner-block-action | 7.1 | 0 | 2 | 4 | 1 |
| zizmor-scan-action | 7.1 | 0 | 3 | 2 | 1 |
| python-workflows | 7.2 | 0 | 2 | 2 | 1 |
| python-nss-ng | 7.7 | 0 | 1 | 2 | 1 |
| sigul-sign-docker | 7.9 | 0 | 0 | 0 | 0 |
| dependamerge | 8.2 | 0 | 1 | 2 | 1 |
| project-reporting-tool | 8.2 | 0 | 1 | 2 | 1 |
| gha-workflow-linter | 8.3 | 0 | 1 | 2 | 1 |
| http-api-tool-docker | 8.4 | 0 | 1 | 2 | 1 |
| .github | 8.5 | 0 | 1 | 2 | 1 |
| lftools-uv | 8.5 | 0 | 1 | 4 | 1 |
| gerrit-change-info | 8.6 | 0 | 1 | 2 | 1 |
Not enabled โ enable to appear in future reports:
| Repository | Critical | High | Medium | Low | Total |
|---|---|---|---|---|---|
| packer-build-action | 0 | 46 | 31 | 0 | 77 |
| central-publish-action | 0 | 15 | 0 | 0 | 15 |
| tailscale-openstack-bastion-action | 0 | 11 | 32 | 0 | 43 |
| openstack-cron-action | 0 | 10 | 3 | 0 | 13 |
| maven-stage-prep-action | 0 | 1 | 0 | 0 | 1 |
| nexus-staging-action | 0 | 1 | 0 | 0 | 1 |
78 repositories clean
| Repository | Critical | High | Medium | Low | Total |
|---|---|---|---|---|---|
| hw-bom-javascript | 2 | 14 | 14 | 0 | 30 |
| lftools-uv | 0 | 1 | 0 | 0 | 1 |
82 repositories clean
No in-scope repository has Dependabot alerts confirmed disabled.
No in-scope repository has Dependabot security updates confirmed disabled.
| Repository | Ecosystems without cooldown |
|---|---|
| docker-save-images-action | github-actions |
| gerrit-action | github-actions, pip |
| gerrit-clone-action | github-actions, uv |
A cooldown is mandatory; any cooldown value passes. Repositories with no Dependabot configuration are not listed here.
84 repositories clean
Repositories created within 60 day(s) are excluded. Ranked by combined release and tag staleness (oldest first). A repository with neither a release nor a tag ranks highest.