{"date":"2026-03-16","repo":{"name":"github.com/google/flatbuffers","commit":"2e07f269b955675517f89c13631638840c5e3c9a"},"scorecard":{"version":"v5.4.1-0.20260302234127-4dbf14294ff1","commit":"4dbf14294ff1c660e93a2c6b70159f8f9b7e1051"},"score":6.3,"checks":[{"name":"Maintained","score":10,"reason":"30 commit(s) and 23 issue activity found in the last 90 days -- score normalized to 10","details":null,"documentation":{"short":"Determines if the project is \"actively maintained\".","url":"https://github.com/ossf/scorecard/blob/4dbf14294ff1c660e93a2c6b70159f8f9b7e1051/docs/checks.md#maintained"}},{"name":"Code-Review","score":9,"reason":"Found 25/26 approved changesets -- score normalized to 9","details":null,"documentation":{"short":"Determines if the project requires human code review before pull requests (aka merge requests) are merged.","url":"https://github.com/ossf/scorecard/blob/4dbf14294ff1c660e93a2c6b70159f8f9b7e1051/docs/checks.md#code-review"}},{"name":"Security-Policy","score":10,"reason":"security policy file detected","details":["Info: security policy file detected: SECURITY.md:1","Info: Found linked content: SECURITY.md:1","Info: Found disclosure, vulnerability, and/or timelines in security policy: SECURITY.md:1","Info: Found text in security policy: SECURITY.md:1"],"documentation":{"short":"Determines if the project has published a security policy.","url":"https://github.com/ossf/scorecard/blob/4dbf14294ff1c660e93a2c6b70159f8f9b7e1051/docs/checks.md#security-policy"}},{"name":"Dangerous-Workflow","score":10,"reason":"no dangerous workflow patterns detected","details":null,"documentation":{"short":"Determines if the project's GitHub Action workflows avoid dangerous patterns.","url":"https://github.com/ossf/scorecard/blob/4dbf14294ff1c660e93a2c6b70159f8f9b7e1051/docs/checks.md#dangerous-workflow"}},{"name":"CII-Best-Practices","score":0,"reason":"no effort to earn an OpenSSF best practices badge detected","details":null,"documentation":{"short":"Determines if the project has an OpenSSF (formerly CII) Best Practices Badge.","url":"https://github.com/ossf/scorecard/blob/4dbf14294ff1c660e93a2c6b70159f8f9b7e1051/docs/checks.md#cii-best-practices"}},{"name":"Token-Permissions","score":0,"reason":"detected GitHub workflow tokens with excessive permissions","details":["Info: jobLevel 'actions' permission set to 'read': .github/workflows/build.yml:637","Info: jobLevel 'contents' permission set to 'read': .github/workflows/label.yml:16","Info: topLevel permissions set to 'read-all': .github/workflows/build.yml:2","Warn: topLevel 'contents' permission set to 'write': .github/workflows/docs.yml:14","Info: topLevel permissions set to 'read-all': .github/workflows/label.yml:9","Info: topLevel permissions set to 'read-all': .github/workflows/main.yml:2","Info: topLevel permissions set to 'read-all': .github/workflows/release.yml:2","Info: no jobLevel write permissions found"],"documentation":{"short":"Determines if the project's workflows follow the principle of least privilege.","url":"https://github.com/ossf/scorecard/blob/4dbf14294ff1c660e93a2c6b70159f8f9b7e1051/docs/checks.md#token-permissions"}},{"name":"License","score":10,"reason":"license file detected","details":["Info: project has a license file: LICENSE:0","Info: FSF or OSI recognized license: Apache License 2.0: LICENSE:0"],"documentation":{"short":"Determines if the project has defined a license.","url":"https://github.com/ossf/scorecard/blob/4dbf14294ff1c660e93a2c6b70159f8f9b7e1051/docs/checks.md#license"}},{"name":"Packaging","score":-1,"reason":"packaging workflow not detected","details":["Warn: no GitHub/GitLab publishing workflow detected."],"documentation":{"short":"Determines if the project is published as a package that others can easily download, install, easily update, and uninstall.","url":"https://github.com/ossf/scorecard/blob/4dbf14294ff1c660e93a2c6b70159f8f9b7e1051/docs/checks.md#packaging"}},{"name":"Binary-Artifacts","score":8,"reason":"binaries present in source code","details":["Warn: binary detected: android/gradle/wrapper/gradle-wrapper.jar:1","Warn: binary detected: kotlin/gradle/wrapper/gradle-wrapper.jar:1"],"documentation":{"short":"Determines if the project has generated executable (binary) artifacts in the source repository.","url":"https://github.com/ossf/scorecard/blob/4dbf14294ff1c660e93a2c6b70159f8f9b7e1051/docs/checks.md#binary-artifacts"}},{"name":"Fuzzing","score":10,"reason":"project is fuzzed","details":["Info: OSSFuzz integration found","Info: SwiftLibFuzzer integration found: tests/swift/fuzzer/Sources/fuzzer/main.swift:19","Info: CppLibFuzzer integration found: tests/fuzzer/flatbuffers_64bit_fuzzer.cc:113","Info: CppLibFuzzer integration found: tests/fuzzer/flatbuffers_annotator_fuzzer.cc:47","Info: CppLibFuzzer integration found: tests/fuzzer/flatbuffers_codegen_fuzzer.cc:74","Info: CppLibFuzzer integration found: tests/fuzzer/flatbuffers_monster_fuzzer.cc:108","Info: CppLibFuzzer integration found: tests/fuzzer/flatbuffers_parser_fuzzer.cc:23","Info: CppLibFuzzer integration found: tests/fuzzer/flatbuffers_scalar_fuzzer.cc:243","Info: CppLibFuzzer integration found: tests/fuzzer/flatbuffers_verifier_fuzzer.cc:11","Info: CppLibFuzzer integration found: tests/fuzzer/flexbuffers_verifier_fuzzer.cc:11","Info: CppLibFuzzer integration found: tests/fuzzer/flatbuffers_64bit_fuzzer.cc:113","Info: CppLibFuzzer integration found: tests/fuzzer/flatbuffers_annotator_fuzzer.cc:47","Info: CppLibFuzzer integration found: tests/fuzzer/flatbuffers_codegen_fuzzer.cc:74","Info: CppLibFuzzer integration found: tests/fuzzer/flatbuffers_monster_fuzzer.cc:108","Info: CppLibFuzzer integration found: tests/fuzzer/flatbuffers_parser_fuzzer.cc:23","Info: CppLibFuzzer integration found: tests/fuzzer/flatbuffers_scalar_fuzzer.cc:243","Info: CppLibFuzzer integration found: tests/fuzzer/flatbuffers_verifier_fuzzer.cc:11","Info: CppLibFuzzer integration found: tests/fuzzer/flexbuffers_verifier_fuzzer.cc:11","Info: CppLibFuzzer integration found: tests/fuzzer/monster_debug.cpp:7","Info: CppLibFuzzer integration found: tests/fuzzer/monster_debug.cpp:26","Info: CppLibFuzzer integration found: tests/fuzzer/monster_debug.cpp:29","Info: CppLibFuzzer integration found: tests/fuzzer/scalar_debug.cpp:5","Info: CppLibFuzzer integration found: tests/fuzzer/scalar_debug.cpp:24","Info: CppLibFuzzer integration found: tests/fuzzer/scalar_debug.cpp:27"],"documentation":{"short":"Determines if the project uses fuzzing.","url":"https://github.com/ossf/scorecard/blob/4dbf14294ff1c660e93a2c6b70159f8f9b7e1051/docs/checks.md#fuzzing"}},{"name":"Signed-Releases","score":2,"reason":"1 out of the last 5 releases have a total of 1 signed artifacts.","details":["Warn: release artifact v25.12.19 not signed: https://api.github.com/repos/google/flatbuffers/releases/271895254","Warn: release artifact v25.9.23 not signed: https://api.github.com/repos/google/flatbuffers/releases/249553307","Warn: release artifact v25.2.10 not signed: https://api.github.com/repos/google/flatbuffers/releases/199521103","Warn: release artifact v25.1.24 not signed: https://api.github.com/repos/google/flatbuffers/releases/196739924","Info: provenance for release artifact: multiple.intoto.jsonl: https://github.com/google/flatbuffers/releases/tag/v25.12.19-2026-02-06-03fffb2","Warn: release artifact v25.12.19 does not have provenance: https://api.github.com/repos/google/flatbuffers/releases/271895254","Warn: release artifact v25.9.23 does not have provenance: https://api.github.com/repos/google/flatbuffers/releases/249553307","Warn: release artifact v25.2.10 does not have provenance: https://api.github.com/repos/google/flatbuffers/releases/199521103","Warn: release artifact v25.1.24 does not have provenance: https://api.github.com/repos/google/flatbuffers/releases/196739924"],"documentation":{"short":"Determines if the project cryptographically signs release artifacts.","url":"https://github.com/ossf/scorecard/blob/4dbf14294ff1c660e93a2c6b70159f8f9b7e1051/docs/checks.md#signed-releases"}},{"name":"Branch-Protection","score":8,"reason":"branch protection is not maximal on development and all release branches","details":["Info: 'allow deletion' disabled on branch 'master'","Info: 'force pushes' disabled on branch 'master'","Warn: required approving review count is 1 on branch 'master'","Warn: codeowners review is not required on branch 'master'","Info: status check found to merge onto on branch 'master'","Info: PRs are required in order to make changes on branch 'master'"],"documentation":{"short":"Determines if the default and release branches are protected with GitHub's branch protection settings.","url":"https://github.com/ossf/scorecard/blob/4dbf14294ff1c660e93a2c6b70159f8f9b7e1051/docs/checks.md#branch-protection"}},{"name":"SAST","score":0,"reason":"SAST tool is not run on all commits -- score normalized to 0","details":["Warn: 0 commits out of 29 are checked with a SAST tool"],"documentation":{"short":"Determines if the project uses static code analysis.","url":"https://github.com/ossf/scorecard/blob/4dbf14294ff1c660e93a2c6b70159f8f9b7e1051/docs/checks.md#sast"}},{"name":"Pinned-Dependencies","score":0,"reason":"dependency not pinned by hash detected -- score normalized to 0","details":["Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build.yml:138: update your workflow using https://app.stepsecurity.io/secureworkflow/google/flatbuffers/build.yml/master?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/build.yml:140: update your workflow using https://app.stepsecurity.io/secureworkflow/google/flatbuffers/build.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build.yml:418: update your workflow using https://app.stepsecurity.io/secureworkflow/google/flatbuffers/build.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build.yml:420: update your workflow using https://app.stepsecurity.io/secureworkflow/google/flatbuffers/build.yml/master?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/build.yml:425: update your workflow using https://app.stepsecurity.io/secureworkflow/google/flatbuffers/build.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build.yml:514: update your workflow using https://app.stepsecurity.io/secureworkflow/google/flatbuffers/build.yml/master?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/build.yml:515: update your workflow using https://app.stepsecurity.io/secureworkflow/google/flatbuffers/build.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build.yml:71: update your workflow using https://app.stepsecurity.io/secureworkflow/google/flatbuffers/build.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build.yml:115: update your workflow using https://app.stepsecurity.io/secureworkflow/google/flatbuffers/build.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build.yml:203: update your workflow using https://app.stepsecurity.io/secureworkflow/google/flatbuffers/build.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build.yml:205: update your workflow using https://app.stepsecurity.io/secureworkflow/google/flatbuffers/build.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build.yml:232: update your workflow using https://app.stepsecurity.io/secureworkflow/google/flatbuffers/build.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build.yml:249: update your workflow using https://app.stepsecurity.io/secureworkflow/google/flatbuffers/build.yml/master?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/build.yml:258: update your workflow using https://app.stepsecurity.io/secureworkflow/google/flatbuffers/build.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build.yml:315: update your workflow using https://app.stepsecurity.io/secureworkflow/google/flatbuffers/build.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build.yml:317: update your workflow using https://app.stepsecurity.io/secureworkflow/google/flatbuffers/build.yml/master?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/build.yml:322: update your workflow using https://app.stepsecurity.io/secureworkflow/google/flatbuffers/build.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build.yml:385: update your workflow using https://app.stepsecurity.io/secureworkflow/google/flatbuffers/build.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build.yml:33: update your workflow using https://app.stepsecurity.io/secureworkflow/google/flatbuffers/build.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build.yml:45: update your workflow using https://app.stepsecurity.io/secureworkflow/google/flatbuffers/build.yml/master?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/build.yml:54: update your workflow using https://app.stepsecurity.io/secureworkflow/google/flatbuffers/build.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build.yml:163: update your workflow using https://app.stepsecurity.io/secureworkflow/google/flatbuffers/build.yml/master?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/build.yml:165: update your workflow using https://app.stepsecurity.io/secureworkflow/google/flatbuffers/build.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build.yml:173: update your workflow using https://app.stepsecurity.io/secureworkflow/google/flatbuffers/build.yml/master?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/build.yml:182: update your workflow using https://app.stepsecurity.io/secureworkflow/google/flatbuffers/build.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build.yml:593: update your workflow using https://app.stepsecurity.io/secureworkflow/google/flatbuffers/build.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build.yml:525: update your workflow using https://app.stepsecurity.io/secureworkflow/google/flatbuffers/build.yml/master?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/build.yml:526: update your workflow using https://app.stepsecurity.io/secureworkflow/google/flatbuffers/build.yml/master?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/build.yml:529: update your workflow using https://app.stepsecurity.io/secureworkflow/google/flatbuffers/build.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build.yml:451: update your workflow using https://app.stepsecurity.io/secureworkflow/google/flatbuffers/build.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build.yml:472: update your workflow using https://app.stepsecurity.io/secureworkflow/google/flatbuffers/build.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build.yml:543: update your workflow using https://app.stepsecurity.io/secureworkflow/google/flatbuffers/build.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build.yml:562: update your workflow using https://app.stepsecurity.io/secureworkflow/google/flatbuffers/build.yml/master?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/build.yml:563: update your workflow using https://app.stepsecurity.io/secureworkflow/google/flatbuffers/build.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build.yml:83: update your workflow using https://app.stepsecurity.io/secureworkflow/google/flatbuffers/build.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build.yml:370: update your workflow using https://app.stepsecurity.io/secureworkflow/google/flatbuffers/build.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build.yml:376: update your workflow using https://app.stepsecurity.io/secureworkflow/google/flatbuffers/build.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build.yml:442: update your workflow using https://app.stepsecurity.io/secureworkflow/google/flatbuffers/build.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build.yml:460: update your workflow using https://app.stepsecurity.io/secureworkflow/google/flatbuffers/build.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build.yml:484: update your workflow using https://app.stepsecurity.io/secureworkflow/google/flatbuffers/build.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build.yml:577: update your workflow using https://app.stepsecurity.io/secureworkflow/google/flatbuffers/build.yml/master?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/build.yml:581: update your workflow using https://app.stepsecurity.io/secureworkflow/google/flatbuffers/build.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build.yml:339: update your workflow using https://app.stepsecurity.io/secureworkflow/google/flatbuffers/build.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build.yml:395: update your workflow using https://app.stepsecurity.io/secureworkflow/google/flatbuffers/build.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build.yml:397: update your workflow using https://app.stepsecurity.io/secureworkflow/google/flatbuffers/build.yml/master?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/build.yml:402: update your workflow using https://app.stepsecurity.io/secureworkflow/google/flatbuffers/build.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build.yml:501: update your workflow using https://app.stepsecurity.io/secureworkflow/google/flatbuffers/build.yml/master?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/build.yml:502: update your workflow using https://app.stepsecurity.io/secureworkflow/google/flatbuffers/build.yml/master?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/build.yml:640: update your workflow using https://app.stepsecurity.io/secureworkflow/google/flatbuffers/build.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build.yml:275: update your workflow using https://app.stepsecurity.io/secureworkflow/google/flatbuffers/build.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build.yml:292: update your workflow using https://app.stepsecurity.io/secureworkflow/google/flatbuffers/build.yml/master?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/build.yml:301: update your workflow using https://app.stepsecurity.io/secureworkflow/google/flatbuffers/build.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build.yml:351: update your workflow using https://app.stepsecurity.io/secureworkflow/google/flatbuffers/build.yml/master?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/build.yml:353: update your workflow using https://app.stepsecurity.io/secureworkflow/google/flatbuffers/build.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/docs.yml:19: update your workflow using https://app.stepsecurity.io/secureworkflow/google/flatbuffers/docs.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/docs.yml:24: update your workflow using https://app.stepsecurity.io/secureworkflow/google/flatbuffers/docs.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/docs.yml:28: update your workflow using https://app.stepsecurity.io/secureworkflow/google/flatbuffers/docs.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/label.yml:22: update your workflow using https://app.stepsecurity.io/secureworkflow/google/flatbuffers/label.yml/master?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/main.yml:19: update your workflow using https://app.stepsecurity.io/secureworkflow/google/flatbuffers/main.yml/master?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/main.yml:24: update your workflow using https://app.stepsecurity.io/secureworkflow/google/flatbuffers/main.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/main.yml:30: update your workflow using https://app.stepsecurity.io/secureworkflow/google/flatbuffers/main.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release.yml:15: update your workflow using https://app.stepsecurity.io/secureworkflow/google/flatbuffers/release.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release.yml:16: update your workflow using https://app.stepsecurity.io/secureworkflow/google/flatbuffers/release.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release.yml:32: update your workflow using https://app.stepsecurity.io/secureworkflow/google/flatbuffers/release.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release.yml:33: update your workflow using https://app.stepsecurity.io/secureworkflow/google/flatbuffers/release.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release.yml:60: update your workflow using https://app.stepsecurity.io/secureworkflow/google/flatbuffers/release.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release.yml:61: update your workflow using https://app.stepsecurity.io/secureworkflow/google/flatbuffers/release.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release.yml:83: update your workflow using https://app.stepsecurity.io/secureworkflow/google/flatbuffers/release.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release.yml:86: update your workflow using https://app.stepsecurity.io/secureworkflow/google/flatbuffers/release.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release.yml:111: update your workflow using https://app.stepsecurity.io/secureworkflow/google/flatbuffers/release.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release.yml:113: update your workflow using https://app.stepsecurity.io/secureworkflow/google/flatbuffers/release.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release.yml:136: update your workflow using https://app.stepsecurity.io/secureworkflow/google/flatbuffers/release.yml/master?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/release.yml:137: update your workflow using https://app.stepsecurity.io/secureworkflow/google/flatbuffers/release.yml/master?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/release.yml:143: update your workflow using https://app.stepsecurity.io/secureworkflow/google/flatbuffers/release.yml/master?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/release.yml:149: update your workflow using https://app.stepsecurity.io/secureworkflow/google/flatbuffers/release.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/stale.yml:18: update your workflow using https://app.stepsecurity.io/secureworkflow/google/flatbuffers/stale.yml/master?enable=pin","Warn: containerImage not pinned by hash: tests/docker/Dockerfile.testing.build_flatc_debian_stretch:1: pin your Docker image by updating debian:9.6-slim to debian:9.6-slim@sha256:15ff3a968745e30585ddd28bb9707139d91a215ba3d2730e9036dba513c5dc77","Warn: containerImage not pinned by hash: tests/docker/Dockerfile.testing.build_flatc_debian_stretch:4","Warn: containerImage not pinned by hash: tests/docker/Dockerfile.testing.cpp.debian_buster:1: pin your Docker image by updating debian:10.1-slim to debian:10.1-slim@sha256:11253793361a12861562d1d7b15b8b7e25ac30dd631e3d206ed1ca969bf97b7d","Warn: containerImage not pinned by hash: tests/docker/Dockerfile.testing.cpp.debian_buster:6","Warn: containerImage not pinned by hash: tests/docker/TODO.Dockerfile.testing.php.hhvm_2019_01_16:10: pin your Docker image by updating hhvm/hhvm:2019.01.16 to hhvm/hhvm:2019.01.16@sha256:78e47935462437d4c42e3c69e705afab59b6d89999ffd55bcece68312104e4a8","Warn: containerImage not pinned by hash: tests/docker/TODO.Dockerfile.testing.python.pypy_6_0_0_py2:1: pin your Docker image by updating pypy:2-6.0.0-slim to pypy:2-6.0.0-slim@sha256:c0e238620476cb15370b0534b4abefc8954b6ca9e03b05c96d921b5b6a235894","Warn: containerImage not pinned by hash: tests/docker/TODO.Dockerfile.testing.python.pypy_6_0_0_py3:1: pin your Docker image by updating pypy:3-6.0.0-slim to pypy:3-6.0.0-slim@sha256:3544f82e15a466aee4699580370ff7a1ad401d762ba0c0ff4ff6bc93fb9eaa91","Warn: containerImage not pinned by hash: tests/docker/languages/Dockerfile.testing.csharp.mono_5_18:1: pin your Docker image by updating mono:5.18 to mono:5.18@sha256:488b82eb8345a1c6fb78eff6378a614235698a8d8033686da1f6c9e785a176ca","Warn: containerImage not pinned by hash: tests/docker/languages/Dockerfile.testing.golang.1_11:1: pin your Docker image by updating golang:1.11-stretch to golang:1.11-stretch@sha256:f6b90217127a64afbc2380f06fd0d0193f254be0975bc69ba664cbf06a1892e4","Warn: containerImage not pinned by hash: tests/docker/languages/Dockerfile.testing.java.openjdk_10_0_2:1: pin your Docker image by updating openjdk:10.0.2-jdk-slim-sid to openjdk:10.0.2-jdk-slim-sid@sha256:89d455cca112540fd4e24f6aade47f1914a5072e024c9870aa4fbb963552681a","Warn: containerImage not pinned by hash: tests/docker/languages/Dockerfile.testing.java.openjdk_11_0_1:1: pin your Docker image by updating openjdk:11.0.1-jdk-slim-sid to openjdk:11.0.1-jdk-slim-sid@sha256:6f03f4922867679dd2ab0fe2ba903ee00cd9e4361ef79f7f25c2d4f929488930","Warn: containerImage not pinned by hash: tests/docker/languages/Dockerfile.testing.node.12_20_1:1: pin your Docker image by updating node:12.20.1-stretch to node:12.20.1-stretch@sha256:13a74c2a4838da95ab8ea56bc3bbb47f3f0dbf6492b3e4fb372ba3bac8dc8694","Warn: containerImage not pinned by hash: tests/docker/languages/Dockerfile.testing.node.14_15_4:1: pin your Docker image by updating node:14.15.4-stretch to node:14.15.4-stretch@sha256:cb01e9d98a50cab46bf75357fe4843cbfd3acca5d99c5f72794acf16c5db4f5f","Warn: containerImage not pinned by hash: tests/docker/languages/Dockerfile.testing.php.zend_7_3:1: pin your Docker image by updating php:7.3-cli-stretch to php:7.3-cli-stretch@sha256:d444f63eae7b4f3c0e6b54fcc9a2db43ff528a28f058e26f581a352c3c469802","Warn: containerImage not pinned by hash: tests/docker/languages/Dockerfile.testing.python.cpython_2_7_15:1: pin your Docker image by updating python:2.7.15-slim-stretch to python:2.7.15-slim-stretch@sha256:f222681beee592084ccdf0b4bfb6855a179f4337a37a131cfa738e74e8a3cfaf","Warn: containerImage not pinned by hash: tests/docker/languages/Dockerfile.testing.python.cpython_3_7_1:1: pin your Docker image by updating python:3.7.1-slim-stretch to python:3.7.1-slim-stretch@sha256:a12ff381e851ef3a0d9e03d9c31c0fa638bde3ec3b072589e549e472f43db867","Warn: containerImage not pinned by hash: tests/docker/languages/Dockerfile.testing.python.numpy.cpython_2_7_15:1: pin your Docker image by updating python:2.7.15-slim-stretch to python:2.7.15-slim-stretch@sha256:f222681beee592084ccdf0b4bfb6855a179f4337a37a131cfa738e74e8a3cfaf","Warn: containerImage not pinned by hash: tests/docker/languages/Dockerfile.testing.python.numpy.cpython_3_7_1:1: pin your Docker image by updating python:3.7.1-slim-stretch to python:3.7.1-slim-stretch@sha256:a12ff381e851ef3a0d9e03d9c31c0fa638bde3ec3b072589e549e472f43db867","Warn: containerImage not pinned by hash: tests/docker/languages/Dockerfile.testing.rust.1_51_0:1: pin your Docker image by updating rust:1.51.0-slim to rust:1.51.0-slim@sha256:eb35fd0f970f3a32d21f5b39b6320cdc0baf0c0603cd15df16d4d364c78faf19","Warn: containerImage not pinned by hash: tests/docker/languages/Dockerfile.testing.rust.big_endian.1_51_0:1: pin your Docker image by updating rust:1.51.0-slim to rust:1.51.0-slim@sha256:eb35fd0f970f3a32d21f5b39b6320cdc0baf0c0603cd15df16d4d364c78faf19","Warn: containerImage not pinned by hash: tests/docker/languages/Dockerfile.testing.rust.nightly:1: pin your Docker image by updating rustlang/rust:nightly-stretch-slim to rustlang/rust:nightly-stretch-slim@sha256:2b9b204d2414b79ab6ce0ddf9f05257fcb1ce75b7c1a484912a0aa61dbcab6a6","Warn: containerImage not pinned by hash: tests/docker/languages/Dockerfile.testing.swift_5_2:1: pin your Docker image by updating swift:5.2 to swift:5.2@sha256:eed194e951dea8d4e4925e1fc905c9b4a52f86f239af99aff699615618ca00b0","Warn: npmCommand not pinned by hash: tests/docker/languages/Dockerfile.testing.node.12_20_1:5","Warn: npmCommand not pinned by hash: tests/docker/languages/Dockerfile.testing.node.14_15_4:5","Warn: pipCommand not pinned by hash: tests/docker/languages/Dockerfile.testing.python.cpython_2_7_15:7","Warn: pipCommand not pinned by hash: tests/docker/languages/Dockerfile.testing.python.cpython_3_7_1:7","Warn: pipCommand not pinned by hash: tests/docker/languages/Dockerfile.testing.python.numpy.cpython_2_7_15:7","Warn: pipCommand not pinned by hash: tests/docker/languages/Dockerfile.testing.python.numpy.cpython_2_7_15:8","Warn: pipCommand not pinned by hash: tests/docker/languages/Dockerfile.testing.python.numpy.cpython_3_7_1:7","Warn: pipCommand not pinned by hash: tests/docker/languages/Dockerfile.testing.python.numpy.cpython_3_7_1:8","Warn: npmCommand not pinned by hash: .github/workflows/build.yml:549","Warn: pipCommand not pinned by hash: .github/workflows/docs.yml:35","Warn: pipCommand not pinned by hash: .github/workflows/docs.yml:36","Warn: pipCommand not pinned by hash: .github/workflows/release.yml:39","Warn: pipCommand not pinned by hash: .github/workflows/release.yml:40","Info:   0 out of  54 GitHub-owned GitHubAction dependencies pinned","Info:   0 out of  22 third-party GitHubAction dependencies pinned","Info:   0 out of  22 containerImage dependencies pinned","Info:   0 out of   3 npmCommand dependencies pinned","Info:   0 out of  10 pipCommand dependencies pinned"],"documentation":{"short":"Determines if the project has declared and pinned the dependencies of its build process.","url":"https://github.com/ossf/scorecard/blob/4dbf14294ff1c660e93a2c6b70159f8f9b7e1051/docs/checks.md#pinned-dependencies"}}]}