Security report: lfreleng-actions

84 repositories analysed ยท generated 2026-06-19 10:31 UTC
Excluded from analysis (1): project-reporting-artifacts

CodeQL

RepositoryCriticalHighMediumLowTotal
gerrit-clone-action 0110011
gerrit-action 02002
tailscale-openstack-bastion-action 0011011
packer-build-action 00909
hw-bom-javascript 00202

74 repositories clean

Not enabled โ€” enable to appear in future reports:

OpenSSF Scorecard

RepositoryScoreCriticalHighMediumLow
tailscale-openstack-bastion-action 6.4011111
openstack-cron-action 6.50731
packer-build-action 6.60951
central-publish-action 6.70321
maven-stage-prep-action 6.80321
nexus-staging-action 6.80321
github-security-report-action 6.90321
harden-runner-block-action 7.10241
zizmor-scan-action 7.10321
python-workflows 7.20221
python-nss-ng 7.70121
sigul-sign-docker 7.90000
dependamerge 8.20121
project-reporting-tool 8.20121
gha-workflow-linter 8.30121
http-api-tool-docker 8.40121
.github 8.50121
lftools-uv 8.50141
gerrit-change-info 8.60121

Not enabled โ€” enable to appear in future reports:

Zizmor Static Analysis

RepositoryCriticalHighMediumLowTotal
packer-build-action 04631077
central-publish-action 0150015
tailscale-openstack-bastion-action 01132043
openstack-cron-action 0103013
maven-stage-prep-action 01001
nexus-staging-action 01001

78 repositories clean

Dependabot: Security Alerts

RepositoryCriticalHighMediumLowTotal
hw-bom-javascript 21414030
lftools-uv 01001

82 repositories clean

Alerts Not Enabled

No in-scope repository has Dependabot alerts confirmed disabled.

Dependabot: Security Updates

No in-scope repository has Dependabot security updates confirmed disabled.

Dependabot: Cooldown Settings

RepositoryEcosystems without cooldown
docker-save-images-action github-actions
gerrit-action github-actions, pip
gerrit-clone-action github-actions, uv

A cooldown is mandatory; any cooldown value passes. Repositories with no Dependabot configuration are not listed here.

Secret scanning

84 repositories clean

Releases / Tagging

RepositoryLast releaseLast tag
python-project-tag-push-verify-action 421 days ago211 days ago
docker-save-images-action 246 days ago246 days ago
hw-bom-javascript 212 days ago212 days ago
release-assets-action 183 days ago183 days ago
gerrit-action 78 days ago78 days ago
gerrit-clone-action 72 days ago72 days ago
maven-stage-prep-action nevernever
nexus-staging-action nevernever
nexus-docker-login-action 57 days ago57 days ago
verify-release-schema-action 57 days ago57 days ago
pinned-versions-action 49 days ago49 days ago
sonarqube-cloud-scan-action 38 days ago38 days ago
url-download-action 29 days ago30 days ago
python-dynamic-version-action 29 days ago29 days ago
python-project-version-action 29 days ago29 days ago
python-supported-versions-action 27 days ago27 days ago
build-metadata-action 28 days ago22 days ago
sonatype-lifecycle-scan-action 22 days ago23 days ago
python-project-version-patch-action 22 days ago22 days ago
gerrit-review-action 16 days ago16 days ago
nexus-publish-action 15 days ago15 days ago
lftools-uv 9 days ago9 days ago
version-extract-action 7 days ago7 days ago
openstack-cron-action 6 days ago6 days ago
packer-build-action 6 days ago6 days ago
python-nss-ng 6 days ago6 days ago
tailscale-openstack-bastion-action 6 days ago6 days ago
http-api-tool-docker 3 days ago3 days ago
dependamerge 2 days ago2 days ago
github-network-audit 2 days ago2 days ago
make-action 2 days ago2 days ago
pypi-publish-action 2 days ago2 days ago
python-audit-action 2 days ago2 days ago
python-dependencies-update-action 2 days ago2 days ago
python-project-metadata-action 2 days ago2 days ago
python-project-name-action 2 days ago2 days ago
1password-secrets-action today3 days ago
checkout-gerrit-change-action today3 days ago
credential-load-action today3 days ago
draft-release-promote-action 1 day ago2 days ago
git-commit-message-action today3 days ago
git-configure-action today3 days ago
inject-issue-id-action today3 days ago
json-key-value-lookup-action today3 days ago
maven-build-action today3 days ago
maven-make-build-action today3 days ago
node-build-action today3 days ago
openssf-scorecard-summary-action today3 days ago
path-check-action today3 days ago
pypi-version-check-action today3 days ago
python-twine-check-action today3 days ago
repository-metadata-action today3 days ago
repository-tags today3 days ago
sigul-sign-docker today3 days ago
tag-push-verify-action today3 days ago
tag-validate-calver-action today3 days ago
tag-validate-semantic-action today3 days ago
tox-run-action today3 days ago
url-validity-action today3 days ago
gerrit-change-info today2 days ago
github-list-releases-action 1 day ago1 day ago
semantic-tag-increment today2 days ago
.github todaytoday
chartmuseum-action todaytoday
file-grep-regex-action todaytoday
file-sed-regex-action todaytoday
gha-workflow-linter todaytoday
github2gerrit-action todaytoday
go-httpbin-action todaytoday
gradle-build-action todaytoday
helm-chart-publish-action todaytoday
markdown-table-fixer todaytoday
project-reporting-tool todaytoday
pull-request-fixer todaytoday
python-build-action todaytoday
python-sbom-action todaytoday
repository-content-action todaytoday
standalone-linting-action todaytoday
tag-validate-action todaytoday

Repositories created within 60 day(s) are excluded. Ranked by combined release and tag staleness (oldest first). A repository with neither a release nor a tag ranks highest.