Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

feat: rework the operator for wasmCloud 1.0 compatibility #18

Merged
merged 1 commit into from
Apr 10, 2024

Conversation

protochron
Copy link
Contributor

Feature or Problem

wasmCloud 1.0 fully converts over to using components among other large changes, so we need to rework the operator to account for it. 1.0 is still in the works, so this updates the operator to depend on wasmCloud 1.0 libraries along with refactoring the service creation code to use the updated application manifest format.

Once this is in we will likely cut a 0.2.0 pre-release and wait for an actual release until wasmCloud 1.0.0 and wadm 0.11 are out.

This also adds a new field to the CRD so that you can specify the full image reference instead of just the version. The image parameter takes precedence.

Related Issues

Release Information

0.2.0

Consumer Impact

Testing

Unit Test(s)

Acceptance or Integration

Manual Verification

Copy link

github-actions bot commented Apr 10, 2024

Dependency Review

✅ No vulnerabilities or license issues or OpenSSF Scorecard issues found.

OpenSSF Scorecard

Scorecard details
PackageVersionScoreDetails
cargo/base64 0.22.0 🟢 6.3
Details
CheckScoreReason
Code-Review⚠️ 2found 10 unreviewed changesets out of 13 -- score normalized to 2
Maintained🟢 1020 commit(s) and 4 issue activity found in the last 90 days -- score normalized to 10
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
Signed-Releases⚠️ -1no releases found
License🟢 10license file detected
Packaging⚠️ -1packaging workflow not detected
Dangerous-Workflow⚠️ -1no workflows found
Token-Permissions⚠️ -1No tokens found
Binary-Artifacts🟢 10no binaries found in the repo
Pinned-Dependencies⚠️ -1no dependencies found
Branch-Protection⚠️ -1internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration
Fuzzing🟢 10project is fuzzed
Vulnerabilities🟢 100 existing vulnerabilities detected
Security-Policy⚠️ 0security policy file not detected
SAST⚠️ 0SAST tool is not run on all commits -- score normalized to 0
cargo/command-group 5.0.1 🟢 3.8
Details
CheckScoreReason
Code-Review⚠️ 0found 28 unreviewed changesets out of 30 -- score normalized to 0
Maintained⚠️ 01 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
License🟢 9license file detected
Signed-Releases⚠️ -1no releases found
Packaging⚠️ -1packaging workflow not detected
Binary-Artifacts🟢 10no binaries found in the repo
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Branch-Protection⚠️ -1internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration
Fuzzing⚠️ 0project is not fuzzed
Vulnerabilities🟢 100 existing vulnerabilities detected
Security-Policy⚠️ 0security policy file not detected
SAST⚠️ 0SAST tool is not run on all commits -- score normalized to 0
Pinned-Dependencies⚠️ 0dependency not pinned by hash detected -- score normalized to 0
cargo/normpath 1.2.0 🟢 4.8
Details
CheckScoreReason
Code-Review⚠️ 0found 26 unreviewed changesets out of 26 -- score normalized to 0
Maintained🟢 1011 commit(s) and 1 issue activity found in the last 90 days -- score normalized to 10
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
License🟢 9license file detected
Signed-Releases⚠️ -1no releases found
Packaging⚠️ -1packaging workflow not detected
Binary-Artifacts🟢 10no binaries found in the repo
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
Branch-Protection⚠️ -1internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration
Fuzzing⚠️ 0project is not fuzzed
Vulnerabilities🟢 100 existing vulnerabilities detected
Security-Policy⚠️ 0security policy file not detected
SAST⚠️ 0SAST tool is not run on all commits -- score normalized to 0
Pinned-Dependencies⚠️ 0dependency not pinned by hash detected -- score normalized to 0
cargo/opentelemetry 0.21.0 🟢 6.6
Details
CheckScoreReason
Maintained🟢 1030 commit(s) and 20 issue activity found in the last 90 days -- score normalized to 10
Code-Review🟢 10all changesets reviewed
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
License🟢 10license file detected
Branch-Protection⚠️ -1internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration
Signed-Releases⚠️ -1no releases found
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Packaging⚠️ -1packaging workflow not detected
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
Binary-Artifacts🟢 10no binaries found in the repo
Fuzzing⚠️ 0project is not fuzzed
Vulnerabilities🟢 100 existing vulnerabilities detected
Security-Policy🟢 10security policy file detected
SAST⚠️ 0SAST tool is not run on all commits -- score normalized to 0
Pinned-Dependencies⚠️ 0dependency not pinned by hash detected -- score normalized to 0
cargo/opentelemetry_sdk 0.21.2 🟢 6.6
Details
CheckScoreReason
Maintained🟢 1030 commit(s) and 20 issue activity found in the last 90 days -- score normalized to 10
Code-Review🟢 10all changesets reviewed
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
License🟢 10license file detected
Branch-Protection⚠️ -1internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration
Signed-Releases⚠️ -1no releases found
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Packaging⚠️ -1packaging workflow not detected
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
Binary-Artifacts🟢 10no binaries found in the repo
Fuzzing⚠️ 0project is not fuzzed
Vulnerabilities🟢 100 existing vulnerabilities detected
Security-Policy🟢 10security policy file detected
SAST⚠️ 0SAST tool is not run on all commits -- score normalized to 0
Pinned-Dependencies⚠️ 0dependency not pinned by hash detected -- score normalized to 0
cargo/ordered-float 4.2.0 🟢 3.6
Details
CheckScoreReason
Code-Review⚠️ 2found 15 unreviewed changesets out of 20 -- score normalized to 2
Maintained⚠️ 00 commit(s) and 1 issue activity found in the last 90 days -- score normalized to 0
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
License🟢 10license file detected
Packaging⚠️ -1packaging workflow not detected
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Binary-Artifacts🟢 10no binaries found in the repo
Fuzzing⚠️ 0project is not fuzzed
Signed-Releases⚠️ -1no releases found
Branch-Protection⚠️ 0branch protection not enabled on development/release branches
Security-Policy⚠️ 0security policy file not detected
SAST⚠️ 0SAST tool is not run on all commits -- score normalized to 0
Vulnerabilities🟢 100 existing vulnerabilities detected
Pinned-Dependencies⚠️ 0dependency not pinned by hash detected -- score normalized to 0
cargo/provider-archive 0.9.0 🟢 5.5
Details
CheckScoreReason
Binary-Artifacts🟢 4binaries present in source code
Branch-Protection🟢 4branch protection is not maximal on development and all release branches
CI-Tests🟢 1018 out of 18 merged PRs checked by a CI test -- score normalized to 10
CII-Best-Practices🟢 5badge detected: passing
Code-Review🟢 10all changesets reviewed
Contributors🟢 1042 different organizations found -- score normalized to 10
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Dependency-Update-Tool🟢 10update tool detected
Fuzzing⚠️ 0project is not fuzzed
License🟢 10license file detected
Maintained🟢 1030 commit(s) out of 30 and 15 issue activity out of 30 found in the last 90 days -- score normalized to 10
Packaging🟢 10publishing workflow detected
Pinned-Dependencies⚠️ 0dependency not pinned by hash detected -- score normalized to 0
SAST⚠️ 0SAST tool is not run on all commits -- score normalized to 0
Security-Policy🟢 10security policy file detected
Signed-Releases⚠️ 00 out of 5 artifacts are signed or have provenance
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
Vulnerabilities⚠️ 019 existing vulnerabilities detected
cargo/rustls 0.23.4 UnknownUnknown
cargo/rustls-native-certs 0.7.0 UnknownUnknown
cargo/rustls-pemfile 2.1.2 🟢 5.8
Details
CheckScoreReason
Code-Review🟢 10all changesets reviewed
Maintained🟢 107 commit(s) and 5 issue activity found in the last 90 days -- score normalized to 10
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
License🟢 9license file detected
Signed-Releases⚠️ -1no releases found
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Packaging⚠️ -1packaging workflow not detected
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
Binary-Artifacts🟢 10no binaries found in the repo
Fuzzing⚠️ 0project is not fuzzed
Branch-Protection⚠️ -1internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration
Security-Policy⚠️ 0security policy file not detected
Vulnerabilities🟢 100 existing vulnerabilities detected
SAST⚠️ 0SAST tool is not run on all commits -- score normalized to 0
Pinned-Dependencies⚠️ 0dependency not pinned by hash detected -- score normalized to 0
cargo/rustls-pki-types 1.4.1 UnknownUnknown
cargo/rustls-webpki 0.102.2 UnknownUnknown
cargo/toml 0.8.8 🟢 6.2
Details
CheckScoreReason
Code-Review⚠️ 0found 12 unreviewed changesets out of 13 -- score normalized to 0
Maintained🟢 1030 commit(s) and 22 issue activity found in the last 90 days -- score normalized to 10
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
Signed-Releases⚠️ -1no releases found
License⚠️ 0license file not detected
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Branch-Protection⚠️ 0branch protection not enabled on development/release branches
Packaging⚠️ -1packaging workflow not detected
Token-Permissions🟢 10GitHub workflow tokens follow principle of least privilege
Binary-Artifacts🟢 10no binaries found in the repo
Fuzzing🟢 10project is fuzzed
Security-Policy⚠️ 0security policy file not detected
SAST🟢 10SAST tool is run on all commits
Vulnerabilities🟢 91 existing vulnerabilities detected
Pinned-Dependencies⚠️ 0dependency not pinned by hash detected -- score normalized to 0
cargo/toml_edit 0.21.0 🟢 6.2
Details
CheckScoreReason
Code-Review⚠️ 0found 12 unreviewed changesets out of 13 -- score normalized to 0
Maintained🟢 1030 commit(s) and 22 issue activity found in the last 90 days -- score normalized to 10
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
Signed-Releases⚠️ -1no releases found
License⚠️ 0license file not detected
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Branch-Protection⚠️ 0branch protection not enabled on development/release branches
Packaging⚠️ -1packaging workflow not detected
Token-Permissions🟢 10GitHub workflow tokens follow principle of least privilege
Binary-Artifacts🟢 10no binaries found in the repo
Fuzzing🟢 10project is fuzzed
Security-Policy⚠️ 0security policy file not detected
SAST🟢 10SAST tool is run on all commits
Vulnerabilities🟢 91 existing vulnerabilities detected
Pinned-Dependencies⚠️ 0dependency not pinned by hash detected -- score normalized to 0
cargo/tracing-opentelemetry 0.22.0 UnknownUnknown
cargo/wadm 0.11.0-alpha.2 UnknownUnknown
cargo/wascap 0.13.0 🟢 5.5
Details
CheckScoreReason
Binary-Artifacts🟢 4binaries present in source code
Branch-Protection🟢 4branch protection is not maximal on development and all release branches
CI-Tests🟢 1018 out of 18 merged PRs checked by a CI test -- score normalized to 10
CII-Best-Practices🟢 5badge detected: passing
Code-Review🟢 10all changesets reviewed
Contributors🟢 1042 different organizations found -- score normalized to 10
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Dependency-Update-Tool🟢 10update tool detected
Fuzzing⚠️ 0project is not fuzzed
License🟢 10license file detected
Maintained🟢 1030 commit(s) out of 30 and 15 issue activity out of 30 found in the last 90 days -- score normalized to 10
Packaging🟢 10publishing workflow detected
Pinned-Dependencies⚠️ 0dependency not pinned by hash detected -- score normalized to 0
SAST⚠️ 0SAST tool is not run on all commits -- score normalized to 0
Security-Policy🟢 10security policy file detected
Signed-Releases⚠️ 00 out of 5 artifacts are signed or have provenance
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
Vulnerabilities⚠️ 019 existing vulnerabilities detected
cargo/wash-lib 0.20.0-alpha.1 🟢 5.5
Details
CheckScoreReason
Binary-Artifacts🟢 4binaries present in source code
Branch-Protection🟢 4branch protection is not maximal on development and all release branches
CI-Tests🟢 1018 out of 18 merged PRs checked by a CI test -- score normalized to 10
CII-Best-Practices🟢 5badge detected: passing
Code-Review🟢 10all changesets reviewed
Contributors🟢 1042 different organizations found -- score normalized to 10
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Dependency-Update-Tool🟢 10update tool detected
Fuzzing⚠️ 0project is not fuzzed
License🟢 10license file detected
Maintained🟢 1030 commit(s) out of 30 and 15 issue activity out of 30 found in the last 90 days -- score normalized to 10
Packaging🟢 10publishing workflow detected
Pinned-Dependencies⚠️ 0dependency not pinned by hash detected -- score normalized to 0
SAST⚠️ 0SAST tool is not run on all commits -- score normalized to 0
Security-Policy🟢 10security policy file detected
Signed-Releases⚠️ 00 out of 5 artifacts are signed or have provenance
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
Vulnerabilities⚠️ 019 existing vulnerabilities detected
cargo/wasm-encoder 0.202.0 🟢 5.1
Details
CheckScoreReason
Code-Review🟢 10all changesets reviewed
Maintained🟢 1030 commit(s) and 24 issue activity found in the last 90 days -- score normalized to 10
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
License🟢 10license file detected
Branch-Protection⚠️ -1internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration
Signed-Releases⚠️ 0Project has not signed or included provenance with any releases.
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Packaging⚠️ -1packaging workflow not detected
Security-Policy🟢 10security policy file detected
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
Fuzzing🟢 10project is fuzzed
SAST⚠️ 0SAST tool is not run on all commits -- score normalized to 0
Binary-Artifacts⚠️ 2binaries present in source code
Pinned-Dependencies⚠️ 0dependency not pinned by hash detected -- score normalized to 0
Vulnerabilities⚠️ 28 existing vulnerabilities detected
cargo/wasm-metadata 0.202.0 🟢 5.1
Details
CheckScoreReason
Code-Review🟢 10all changesets reviewed
Maintained🟢 1030 commit(s) and 24 issue activity found in the last 90 days -- score normalized to 10
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
License🟢 10license file detected
Branch-Protection⚠️ -1internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration
Signed-Releases⚠️ 0Project has not signed or included provenance with any releases.
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Packaging⚠️ -1packaging workflow not detected
Security-Policy🟢 10security policy file detected
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
Fuzzing🟢 10project is fuzzed
SAST⚠️ 0SAST tool is not run on all commits -- score normalized to 0
Binary-Artifacts⚠️ 2binaries present in source code
Pinned-Dependencies⚠️ 0dependency not pinned by hash detected -- score normalized to 0
Vulnerabilities⚠️ 28 existing vulnerabilities detected
cargo/wasmcloud-component-adapters 0.9.0 UnknownUnknown
cargo/wasmcloud-control-interface 1.0.0-alpha.3 🟢 5.5
Details
CheckScoreReason
Binary-Artifacts🟢 4binaries present in source code
Branch-Protection🟢 4branch protection is not maximal on development and all release branches
CI-Tests🟢 1018 out of 18 merged PRs checked by a CI test -- score normalized to 10
CII-Best-Practices🟢 5badge detected: passing
Code-Review🟢 10all changesets reviewed
Contributors🟢 1042 different organizations found -- score normalized to 10
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Dependency-Update-Tool🟢 10update tool detected
Fuzzing⚠️ 0project is not fuzzed
License🟢 10license file detected
Maintained🟢 1030 commit(s) out of 30 and 15 issue activity out of 30 found in the last 90 days -- score normalized to 10
Packaging🟢 10publishing workflow detected
Pinned-Dependencies⚠️ 0dependency not pinned by hash detected -- score normalized to 0
SAST⚠️ 0SAST tool is not run on all commits -- score normalized to 0
Security-Policy🟢 10security policy file detected
Signed-Releases⚠️ 00 out of 5 artifacts are signed or have provenance
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
Vulnerabilities⚠️ 019 existing vulnerabilities detected
cargo/wasmcloud-core 0.4.0 🟢 5.5
Details
CheckScoreReason
Binary-Artifacts🟢 4binaries present in source code
Branch-Protection🟢 4branch protection is not maximal on development and all release branches
CI-Tests🟢 1018 out of 18 merged PRs checked by a CI test -- score normalized to 10
CII-Best-Practices🟢 5badge detected: passing
Code-Review🟢 10all changesets reviewed
Contributors🟢 1042 different organizations found -- score normalized to 10
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Dependency-Update-Tool🟢 10update tool detected
Fuzzing⚠️ 0project is not fuzzed
License🟢 10license file detected
Maintained🟢 1030 commit(s) out of 30 and 15 issue activity out of 30 found in the last 90 days -- score normalized to 10
Packaging🟢 10publishing workflow detected
Pinned-Dependencies⚠️ 0dependency not pinned by hash detected -- score normalized to 0
SAST⚠️ 0SAST tool is not run on all commits -- score normalized to 0
Security-Policy🟢 10security policy file detected
Signed-Releases⚠️ 00 out of 5 artifacts are signed or have provenance
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
Vulnerabilities⚠️ 019 existing vulnerabilities detected
cargo/wasmcloud-core 0.5.0 🟢 5.5
Details
CheckScoreReason
Binary-Artifacts🟢 4binaries present in source code
Branch-Protection🟢 4branch protection is not maximal on development and all release branches
CI-Tests🟢 1018 out of 18 merged PRs checked by a CI test -- score normalized to 10
CII-Best-Practices🟢 5badge detected: passing
Code-Review🟢 10all changesets reviewed
Contributors🟢 1042 different organizations found -- score normalized to 10
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Dependency-Update-Tool🟢 10update tool detected
Fuzzing⚠️ 0project is not fuzzed
License🟢 10license file detected
Maintained🟢 1030 commit(s) out of 30 and 15 issue activity out of 30 found in the last 90 days -- score normalized to 10
Packaging🟢 10publishing workflow detected
Pinned-Dependencies⚠️ 0dependency not pinned by hash detected -- score normalized to 0
SAST⚠️ 0SAST tool is not run on all commits -- score normalized to 0
Security-Policy🟢 10security policy file detected
Signed-Releases⚠️ 00 out of 5 artifacts are signed or have provenance
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
Vulnerabilities⚠️ 019 existing vulnerabilities detected
cargo/wasmparser 0.202.0 🟢 5.1
Details
CheckScoreReason
Code-Review🟢 10all changesets reviewed
Maintained🟢 1030 commit(s) and 24 issue activity found in the last 90 days -- score normalized to 10
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
License🟢 10license file detected
Branch-Protection⚠️ -1internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration
Signed-Releases⚠️ 0Project has not signed or included provenance with any releases.
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Packaging⚠️ -1packaging workflow not detected
Security-Policy🟢 10security policy file detected
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
Fuzzing🟢 10project is fuzzed
SAST⚠️ 0SAST tool is not run on all commits -- score normalized to 0
Binary-Artifacts⚠️ 2binaries present in source code
Pinned-Dependencies⚠️ 0dependency not pinned by hash detected -- score normalized to 0
Vulnerabilities⚠️ 28 existing vulnerabilities detected
cargo/web-time 0.2.4 UnknownUnknown
cargo/wit-bindgen-c 0.24.0 UnknownUnknown
cargo/wit-bindgen-core 0.24.0 UnknownUnknown
cargo/wit-bindgen-go 0.24.0 UnknownUnknown
cargo/wit-component 0.202.0 🟢 5.1
Details
CheckScoreReason
Code-Review🟢 10all changesets reviewed
Maintained🟢 1030 commit(s) and 24 issue activity found in the last 90 days -- score normalized to 10
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
License🟢 10license file detected
Branch-Protection⚠️ -1internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration
Signed-Releases⚠️ 0Project has not signed or included provenance with any releases.
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Packaging⚠️ -1packaging workflow not detected
Security-Policy🟢 10security policy file detected
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
Fuzzing🟢 10project is fuzzed
SAST⚠️ 0SAST tool is not run on all commits -- score normalized to 0
Binary-Artifacts⚠️ 2binaries present in source code
Pinned-Dependencies⚠️ 0dependency not pinned by hash detected -- score normalized to 0
Vulnerabilities⚠️ 28 existing vulnerabilities detected
cargo/wit-parser 0.201.0 🟢 5.1
Details
CheckScoreReason
Code-Review🟢 10all changesets reviewed
Maintained🟢 1030 commit(s) and 24 issue activity found in the last 90 days -- score normalized to 10
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
License🟢 10license file detected
Branch-Protection⚠️ -1internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration
Signed-Releases⚠️ 0Project has not signed or included provenance with any releases.
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Packaging⚠️ -1packaging workflow not detected
Security-Policy🟢 10security policy file detected
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
Fuzzing🟢 10project is fuzzed
SAST⚠️ 0SAST tool is not run on all commits -- score normalized to 0
Binary-Artifacts⚠️ 2binaries present in source code
Pinned-Dependencies⚠️ 0dependency not pinned by hash detected -- score normalized to 0
Vulnerabilities⚠️ 28 existing vulnerabilities detected
cargo/wit-parser 0.202.0 🟢 5.1
Details
CheckScoreReason
Code-Review🟢 10all changesets reviewed
Maintained🟢 1030 commit(s) and 24 issue activity found in the last 90 days -- score normalized to 10
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
License🟢 10license file detected
Branch-Protection⚠️ -1internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration
Signed-Releases⚠️ 0Project has not signed or included provenance with any releases.
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Packaging⚠️ -1packaging workflow not detected
Security-Policy🟢 10security policy file detected
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
Fuzzing🟢 10project is fuzzed
SAST⚠️ 0SAST tool is not run on all commits -- score normalized to 0
Binary-Artifacts⚠️ 2binaries present in source code
Pinned-Dependencies⚠️ 0dependency not pinned by hash detected -- score normalized to 0
Vulnerabilities⚠️ 28 existing vulnerabilities detected
cargo/wrpc-transport 0.22.0 UnknownUnknown
cargo/wrpc-transport 0.24.2 UnknownUnknown
cargo/wrpc-transport-nats 0.19.0 UnknownUnknown
cargo/wrpc-transport-nats 0.21.0 UnknownUnknown
cargo/wrpc-types 0.5.0 UnknownUnknown
cargo/wrpc-types 0.6.0 UnknownUnknown
cargo/zeroize 1.7.0 🟢 5.9
Details
CheckScoreReason
Code-Review🟢 3found 14 unreviewed changesets out of 23 -- score normalized to 3
Maintained🟢 1020 commit(s) and 7 issue activity found in the last 90 days -- score normalized to 10
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
Signed-Releases⚠️ -1no releases found
Security-Policy🟢 10security policy file detected
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
License⚠️ 0license file not detected
Branch-Protection⚠️ 0branch protection not enabled on development/release branches
Binary-Artifacts🟢 10no binaries found in the repo
Packaging⚠️ -1packaging workflow not detected
Fuzzing⚠️ 0project is not fuzzed
Token-Permissions🟢 10GitHub workflow tokens follow principle of least privilege
Vulnerabilities🟢 100 existing vulnerabilities detected
SAST⚠️ 0SAST tool is not run on all commits -- score normalized to 0
Pinned-Dependencies⚠️ 0dependency not pinned by hash detected -- score normalized to 0
cargo/command-group 1.0.8 🟢 3.8
Details
CheckScoreReason
Code-Review⚠️ 0found 28 unreviewed changesets out of 30 -- score normalized to 0
Maintained⚠️ 01 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
License🟢 9license file detected
Signed-Releases⚠️ -1no releases found
Packaging⚠️ -1packaging workflow not detected
Binary-Artifacts🟢 10no binaries found in the repo
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Branch-Protection⚠️ -1internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration
Fuzzing⚠️ 0project is not fuzzed
Vulnerabilities🟢 100 existing vulnerabilities detected
Security-Policy⚠️ 0security policy file not detected
SAST⚠️ 0SAST tool is not run on all commits -- score normalized to 0
Pinned-Dependencies⚠️ 0dependency not pinned by hash detected -- score normalized to 0
cargo/env_logger 0.10.2 🟢 6.8
Details
CheckScoreReason
Maintained🟢 1030 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 10
Code-Review⚠️ 2found 12 unreviewed changesets out of 15 -- score normalized to 2
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
License🟢 10license file detected
Packaging⚠️ -1packaging workflow not detected
Signed-Releases⚠️ -1no releases found
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Binary-Artifacts🟢 10no binaries found in the repo
Branch-Protection⚠️ -1internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration
Token-Permissions🟢 10GitHub workflow tokens follow principle of least privilege
Fuzzing⚠️ 0project is not fuzzed
Security-Policy⚠️ 0security policy file not detected
Vulnerabilities🟢 100 existing vulnerabilities detected
SAST🟢 10SAST tool is run on all commits
Pinned-Dependencies⚠️ 0dependency not pinned by hash detected -- score normalized to 0
cargo/is-terminal 0.4.12 🟢 4.3
Details
CheckScoreReason
Code-Review🟢 3found 20 unreviewed changesets out of 30 -- score normalized to 3
Maintained🟢 67 commit(s) and 1 issue activity found in the last 90 days -- score normalized to 6
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
Signed-Releases⚠️ -1no releases found
License🟢 10license file detected
Binary-Artifacts🟢 10no binaries found in the repo
Packaging⚠️ -1packaging workflow not detected
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
Branch-Protection⚠️ 0branch protection not enabled on development/release branches
Fuzzing⚠️ 0project is not fuzzed
Vulnerabilities🟢 100 existing vulnerabilities detected
Security-Policy⚠️ 0security policy file not detected
SAST⚠️ 0SAST tool is not run on all commits -- score normalized to 0
Pinned-Dependencies⚠️ 0dependency not pinned by hash detected -- score normalized to 0
cargo/memoffset 0.6.5 🟢 4.9
Details
CheckScoreReason
Code-Review🟢 7found 3 unreviewed changesets out of 13 -- score normalized to 7
Maintained🟢 910 commit(s) and 1 issue activity found in the last 90 days -- score normalized to 9
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
License🟢 10license file detected
Signed-Releases⚠️ -1no releases found
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Binary-Artifacts🟢 10no binaries found in the repo
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
Packaging⚠️ -1packaging workflow not detected
Branch-Protection⚠️ 0branch protection not enabled on development/release branches
Fuzzing⚠️ 0project is not fuzzed
Vulnerabilities🟢 100 existing vulnerabilities detected
Security-Policy⚠️ 0security policy file not detected
SAST⚠️ 0SAST tool is not run on all commits -- score normalized to 0
Pinned-Dependencies⚠️ 0dependency not pinned by hash detected -- score normalized to 0
cargo/nix 0.22.3 🟢 6.5
Details
CheckScoreReason
Code-Review🟢 6found 12 unreviewed changesets out of 30 -- score normalized to 6
Maintained🟢 1030 commit(s) and 23 issue activity found in the last 90 days -- score normalized to 10
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
License🟢 10license file detected
Signed-Releases⚠️ -1no releases found
Branch-Protection⚠️ -1internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Packaging⚠️ -1packaging workflow not detected
Token-Permissions🟢 10GitHub workflow tokens follow principle of least privilege
Binary-Artifacts🟢 10no binaries found in the repo
Vulnerabilities🟢 100 existing vulnerabilities detected
Fuzzing⚠️ 0project is not fuzzed
Security-Policy⚠️ 0security policy file not detected
SAST⚠️ 0SAST tool is not run on all commits -- score normalized to 0
Pinned-Dependencies⚠️ 0dependency not pinned by hash detected -- score normalized to 0
cargo/provider-archive 0.8.0 UnknownUnknown
cargo/termcolor 1.4.1 🟢 3.8
Details
CheckScoreReason
Code-Review🟢 3found 17 unreviewed changesets out of 25 -- score normalized to 3
Maintained⚠️ 12 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 1
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
License🟢 9license file detected
Signed-Releases⚠️ -1no releases found
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
Packaging⚠️ -1packaging workflow not detected
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Binary-Artifacts🟢 10no binaries found in the repo
Branch-Protection⚠️ 0branch protection not enabled on development/release branches
Fuzzing⚠️ 0project is not fuzzed
Vulnerabilities🟢 100 existing vulnerabilities detected
Security-Policy⚠️ 0security policy file not detected
SAST⚠️ 0SAST tool is not run on all commits -- score normalized to 0
Pinned-Dependencies⚠️ 0dependency not pinned by hash detected -- score normalized to 0
cargo/wadm 0.10.0 UnknownUnknown
cargo/wascap 0.11.2 🟢 5.5
Details
CheckScoreReason
Binary-Artifacts🟢 4binaries present in source code
Branch-Protection🟢 4branch protection is not maximal on development and all release branches
CI-Tests🟢 1018 out of 18 merged PRs checked by a CI test -- score normalized to 10
CII-Best-Practices🟢 5badge detected: passing
Code-Review🟢 10all changesets reviewed
Contributors🟢 1042 different organizations found -- score normalized to 10
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Dependency-Update-Tool🟢 10update tool detected
Fuzzing⚠️ 0project is not fuzzed
License🟢 10license file detected
Maintained🟢 1030 commit(s) out of 30 and 15 issue activity out of 30 found in the last 90 days -- score normalized to 10
Packaging🟢 10publishing workflow detected
Pinned-Dependencies⚠️ 0dependency not pinned by hash detected -- score normalized to 0
SAST⚠️ 0SAST tool is not run on all commits -- score normalized to 0
Security-Policy🟢 10security policy file detected
Signed-Releases⚠️ 00 out of 5 artifacts are signed or have provenance
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
Vulnerabilities⚠️ 019 existing vulnerabilities detected
cargo/wascap 0.12.0 🟢 5.5
Details
CheckScoreReason
Binary-Artifacts🟢 4binaries present in source code
Branch-Protection🟢 4branch protection is not maximal on development and all release branches
CI-Tests🟢 1018 out of 18 merged PRs checked by a CI test -- score normalized to 10
CII-Best-Practices🟢 5badge detected: passing
Code-Review🟢 10all changesets reviewed
Contributors🟢 1042 different organizations found -- score normalized to 10
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Dependency-Update-Tool🟢 10update tool detected
Fuzzing⚠️ 0project is not fuzzed
License🟢 10license file detected
Maintained🟢 1030 commit(s) out of 30 and 15 issue activity out of 30 found in the last 90 days -- score normalized to 10
Packaging🟢 10publishing workflow detected
Pinned-Dependencies⚠️ 0dependency not pinned by hash detected -- score normalized to 0
SAST⚠️ 0SAST tool is not run on all commits -- score normalized to 0
Security-Policy🟢 10security policy file detected
Signed-Releases⚠️ 00 out of 5 artifacts are signed or have provenance
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
Vulnerabilities⚠️ 019 existing vulnerabilities detected
cargo/wash-lib 0.17.0 🟢 5.5
Details
CheckScoreReason
Binary-Artifacts🟢 4binaries present in source code
Branch-Protection🟢 4branch protection is not maximal on development and all release branches
CI-Tests🟢 1018 out of 18 merged PRs checked by a CI test -- score normalized to 10
CII-Best-Practices🟢 5badge detected: passing
Code-Review🟢 10all changesets reviewed
Contributors🟢 1042 different organizations found -- score normalized to 10
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Dependency-Update-Tool🟢 10update tool detected
Fuzzing⚠️ 0project is not fuzzed
License🟢 10license file detected
Maintained🟢 1030 commit(s) out of 30 and 15 issue activity out of 30 found in the last 90 days -- score normalized to 10
Packaging🟢 10publishing workflow detected
Pinned-Dependencies⚠️ 0dependency not pinned by hash detected -- score normalized to 0
SAST⚠️ 0SAST tool is not run on all commits -- score normalized to 0
Security-Policy🟢 10security policy file detected
Signed-Releases⚠️ 00 out of 5 artifacts are signed or have provenance
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
Vulnerabilities⚠️ 019 existing vulnerabilities detected
cargo/wasm-encoder 0.29.0 🟢 5.1
Details
CheckScoreReason
Code-Review🟢 10all changesets reviewed
Maintained🟢 1030 commit(s) and 24 issue activity found in the last 90 days -- score normalized to 10
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
License🟢 10license file detected
Branch-Protection⚠️ -1internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration
Signed-Releases⚠️ 0Project has not signed or included provenance with any releases.
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Packaging⚠️ -1packaging workflow not detected
Security-Policy🟢 10security policy file detected
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
Fuzzing🟢 10project is fuzzed
SAST⚠️ 0SAST tool is not run on all commits -- score normalized to 0
Binary-Artifacts⚠️ 2binaries present in source code
Pinned-Dependencies⚠️ 0dependency not pinned by hash detected -- score normalized to 0
Vulnerabilities⚠️ 28 existing vulnerabilities detected
cargo/wasm-encoder 0.36.2 🟢 5.1
Details
CheckScoreReason
Code-Review🟢 10all changesets reviewed
Maintained🟢 1030 commit(s) and 24 issue activity found in the last 90 days -- score normalized to 10
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
License🟢 10license file detected
Branch-Protection⚠️ -1internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration
Signed-Releases⚠️ 0Project has not signed or included provenance with any releases.
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Packaging⚠️ -1packaging workflow not detected
Security-Policy🟢 10security policy file detected
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
Fuzzing🟢 10project is fuzzed
SAST⚠️ 0SAST tool is not run on all commits -- score normalized to 0
Binary-Artifacts⚠️ 2binaries present in source code
Pinned-Dependencies⚠️ 0dependency not pinned by hash detected -- score normalized to 0
Vulnerabilities⚠️ 28 existing vulnerabilities detected
cargo/wasm-encoder 0.39.0 🟢 5.1
Details
CheckScoreReason
Code-Review🟢 10all changesets reviewed
Maintained🟢 1030 commit(s) and 24 issue activity found in the last 90 days -- score normalized to 10
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
License🟢 10license file detected
Branch-Protection⚠️ -1internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration
Signed-Releases⚠️ 0Project has not signed or included provenance with any releases.
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Packaging⚠️ -1packaging workflow not detected
Security-Policy🟢 10security policy file detected
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
Fuzzing🟢 10project is fuzzed
SAST⚠️ 0SAST tool is not run on all commits -- score normalized to 0
Binary-Artifacts⚠️ 2binaries present in source code
Pinned-Dependencies⚠️ 0dependency not pinned by hash detected -- score normalized to 0
Vulnerabilities⚠️ 28 existing vulnerabilities detected
cargo/wasm-metadata 0.10.20 🟢 5.1
Details
CheckScoreReason
Code-Review🟢 10all changesets reviewed
Maintained🟢 1030 commit(s) and 24 issue activity found in the last 90 days -- score normalized to 10
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
License🟢 10license file detected
Branch-Protection⚠️ -1internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration
Signed-Releases⚠️ 0Project has not signed or included provenance with any releases.
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Packaging⚠️ -1packaging workflow not detected
Security-Policy🟢 10security policy file detected
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
Fuzzing🟢 10project is fuzzed
SAST⚠️ 0SAST tool is not run on all commits -- score normalized to 0
Binary-Artifacts⚠️ 2binaries present in source code
Pinned-Dependencies⚠️ 0dependency not pinned by hash detected -- score normalized to 0
Vulnerabilities⚠️ 28 existing vulnerabilities detected
cargo/wasmcloud-component-adapters 0.6.0 UnknownUnknown
cargo/wasmcloud-control-interface 0.32.0 🟢 5.5
Details
CheckScoreReason
Binary-Artifacts🟢 4binaries present in source code
Branch-Protection🟢 4branch protection is not maximal on development and all release branches
CI-Tests🟢 1018 out of 18 merged PRs checked by a CI test -- score normalized to 10
CII-Best-Practices🟢 5badge detected: passing
Code-Review🟢 10all changesets reviewed
Contributors🟢 1042 different organizations found -- score normalized to 10
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Dependency-Update-Tool🟢 10update tool detected
Fuzzing⚠️ 0project is not fuzzed
License🟢 10license file detected
Maintained🟢 1030 commit(s) out of 30 and 15 issue activity out of 30 found in the last 90 days -- score normalized to 10
Packaging🟢 10publishing workflow detected
Pinned-Dependencies⚠️ 0dependency not pinned by hash detected -- score normalized to 0
SAST⚠️ 0SAST tool is not run on all commits -- score normalized to 0
Security-Policy🟢 10security policy file detected
Signed-Releases⚠️ 00 out of 5 artifacts are signed or have provenance
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
Vulnerabilities⚠️ 019 existing vulnerabilities detected
cargo/wasmcloud-control-interface 0.33.0 🟢 5.5
Details
CheckScoreReason
Binary-Artifacts🟢 4binaries present in source code
Branch-Protection🟢 4branch protection is not maximal on development and all release branches
CI-Tests🟢 1018 out of 18 merged PRs checked by a CI test -- score normalized to 10
CII-Best-Practices🟢 5badge detected: passing
Code-Review🟢 10all changesets reviewed
Contributors🟢 1042 different organizations found -- score normalized to 10
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Dependency-Update-Tool🟢 10update tool detected
Fuzzing⚠️ 0project is not fuzzed
License🟢 10license file detected
Maintained🟢 1030 commit(s) out of 30 and 15 issue activity out of 30 found in the last 90 days -- score normalized to 10
Packaging🟢 10publishing workflow detected
Pinned-Dependencies⚠️ 0dependency not pinned by hash detected -- score normalized to 0
SAST⚠️ 0SAST tool is not run on all commits -- score normalized to 0
Security-Policy🟢 10security policy file detected
Signed-Releases⚠️ 00 out of 5 artifacts are signed or have provenance
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
Vulnerabilities⚠️ 019 existing vulnerabilities detected
cargo/wasmcloud-core 0.2.0 🟢 5.5
Details
CheckScoreReason
Binary-Artifacts🟢 4binaries present in source code
Branch-Protection🟢 4branch protection is not maximal on development and all release branches
CI-Tests🟢 1018 out of 18 merged PRs checked by a CI test -- score normalized to 10
CII-Best-Practices🟢 5badge detected: passing
Code-Review🟢 10all changesets reviewed
Contributors🟢 1042 different organizations found -- score normalized to 10
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Dependency-Update-Tool🟢 10update tool detected
Fuzzing⚠️ 0project is not fuzzed
License🟢 10license file detected
Maintained🟢 1030 commit(s) out of 30 and 15 issue activity out of 30 found in the last 90 days -- score normalized to 10
Packaging🟢 10publishing workflow detected
Pinned-Dependencies⚠️ 0dependency not pinned by hash detected -- score normalized to 0
SAST⚠️ 0SAST tool is not run on all commits -- score normalized to 0
Security-Policy🟢 10security policy file detected
Signed-Releases⚠️ 00 out of 5 artifacts are signed or have provenance
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
Vulnerabilities⚠️ 019 existing vulnerabilities detected
cargo/wasmparser 0.107.0 🟢 5.1
Details
CheckScoreReason
Code-Review🟢 10all changesets reviewed
Maintained🟢 1030 commit(s) and 24 issue activity found in the last 90 days -- score normalized to 10
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
License🟢 10license file detected
Branch-Protection⚠️ -1internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration
Signed-Releases⚠️ 0Project has not signed or included provenance with any releases.
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Packaging⚠️ -1packaging workflow not detected
Security-Policy🟢 10security policy file detected
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
Fuzzing🟢 10project is fuzzed
SAST⚠️ 0SAST tool is not run on all commits -- score normalized to 0
Binary-Artifacts⚠️ 2binaries present in source code
Pinned-Dependencies⚠️ 0dependency not pinned by hash detected -- score normalized to 0
Vulnerabilities⚠️ 28 existing vulnerabilities detected
cargo/wasmparser 0.116.1 🟢 5.1
Details
CheckScoreReason
Code-Review🟢 10all changesets reviewed
Maintained🟢 1030 commit(s) and 24 issue activity found in the last 90 days -- score normalized to 10
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
License🟢 10license file detected
Branch-Protection⚠️ -1internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration
Signed-Releases⚠️ 0Project has not signed or included provenance with any releases.
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Packaging⚠️ -1packaging workflow not detected
Security-Policy🟢 10security policy file detected
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
Fuzzing🟢 10project is fuzzed
SAST⚠️ 0SAST tool is not run on all commits -- score normalized to 0
Binary-Artifacts⚠️ 2binaries present in source code
Pinned-Dependencies⚠️ 0dependency not pinned by hash detected -- score normalized to 0
Vulnerabilities⚠️ 28 existing vulnerabilities detected
cargo/wasmparser 0.118.2 🟢 5.1
Details
CheckScoreReason
Code-Review🟢 10all changesets reviewed
Maintained🟢 1030 commit(s) and 24 issue activity found in the last 90 days -- score normalized to 10
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
License🟢 10license file detected
Branch-Protection⚠️ -1internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration
Signed-Releases⚠️ 0Project has not signed or included provenance with any releases.
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Packaging⚠️ -1packaging workflow not detected
Security-Policy🟢 10security policy file detected
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
Fuzzing🟢 10project is fuzzed
SAST⚠️ 0SAST tool is not run on all commits -- score normalized to 0
Binary-Artifacts⚠️ 2binaries present in source code
Pinned-Dependencies⚠️ 0dependency not pinned by hash detected -- score normalized to 0
Vulnerabilities⚠️ 28 existing vulnerabilities detected
cargo/wit-bindgen-c 0.16.0 UnknownUnknown
cargo/wit-bindgen-core 0.16.0 UnknownUnknown
cargo/wit-bindgen-go 0.16.0 UnknownUnknown
cargo/wit-component 0.18.2 🟢 5.1
Details
CheckScoreReason
Code-Review🟢 10all changesets reviewed
Maintained🟢 1030 commit(s) and 24 issue activity found in the last 90 days -- score normalized to 10
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
License🟢 10license file detected
Branch-Protection⚠️ -1internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration
Signed-Releases⚠️ 0Project has not signed or included provenance with any releases.
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Packaging⚠️ -1packaging workflow not detected
Security-Policy🟢 10security policy file detected
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
Fuzzing🟢 10project is fuzzed
SAST⚠️ 0SAST tool is not run on all commits -- score normalized to 0
Binary-Artifacts⚠️ 2binaries present in source code
Pinned-Dependencies⚠️ 0dependency not pinned by hash detected -- score normalized to 0
Vulnerabilities⚠️ 28 existing vulnerabilities detected
cargo/wit-parser 0.13.1 🟢 5.1
Details
CheckScoreReason
Code-Review🟢 10all changesets reviewed
Maintained🟢 1030 commit(s) and 24 issue activity found in the last 90 days -- score normalized to 10
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
License🟢 10license file detected
Branch-Protection⚠️ -1internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration
Signed-Releases⚠️ 0Project has not signed or included provenance with any releases.
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Packaging⚠️ -1packaging workflow not detected
Security-Policy🟢 10security policy file detected
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
Fuzzing🟢 10project is fuzzed
SAST⚠️ 0SAST tool is not run on all commits -- score normalized to 0
Binary-Artifacts⚠️ 2binaries present in source code
Pinned-Dependencies⚠️ 0dependency not pinned by hash detected -- score normalized to 0
Vulnerabilities⚠️ 28 existing vulnerabilities detected
cargo/xattr 1.3.1 🟢 4.4
Details
CheckScoreReason
Code-Review🟢 3found 18 unreviewed changesets out of 26 -- score normalized to 3
Maintained🟢 34 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 3
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
License🟢 10license file detected
Binary-Artifacts🟢 10no binaries found in the repo
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Packaging⚠️ -1packaging workflow not detected
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
Branch-Protection⚠️ -1internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration
Signed-Releases⚠️ -1no releases found
Vulnerabilities🟢 100 existing vulnerabilities detected
Fuzzing⚠️ 0project is not fuzzed
Security-Policy⚠️ 0security policy file not detected
SAST⚠️ 0SAST tool is not run on all commits -- score normalized to 0
Pinned-Dependencies⚠️ 0dependency not pinned by hash detected -- score normalized to 0
cargo/zeroize 1.6.0 🟢 5.9
Details
CheckScoreReason
Code-Review🟢 3found 14 unreviewed changesets out of 23 -- score normalized to 3
Maintained🟢 1020 commit(s) and 7 issue activity found in the last 90 days -- score normalized to 10
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
Signed-Releases⚠️ -1no releases found
Security-Policy🟢 10security policy file detected
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
License⚠️ 0license file not detected
Branch-Protection⚠️ 0branch protection not enabled on development/release branches
Binary-Artifacts🟢 10no binaries found in the repo
Packaging⚠️ -1packaging workflow not detected
Fuzzing⚠️ 0project is not fuzzed
Token-Permissions🟢 10GitHub workflow tokens follow principle of least privilege
Vulnerabilities🟢 100 existing vulnerabilities detected
SAST⚠️ 0SAST tool is not run on all commits -- score normalized to 0
Pinned-Dependencies⚠️ 0dependency not pinned by hash detected -- score normalized to 0

Scanned Manifest Files

Cargo.lock
  • base64@0.22.0
  • command-group@5.0.1
  • normpath@1.2.0
  • opentelemetry@0.21.0
  • opentelemetry_sdk@0.21.2
  • ordered-float@4.2.0
  • provider-archive@0.9.0
  • rustls@0.23.4
  • rustls-native-certs@0.7.0
  • rustls-pemfile@2.1.2
  • rustls-pki-types@1.4.1
  • rustls-webpki@0.102.2
  • toml@0.8.8
  • toml_edit@0.21.0
  • tracing-opentelemetry@0.22.0
  • wadm@0.11.0-alpha.2
  • wascap@0.13.0
  • wash-lib@0.20.0-alpha.1
  • wasm-encoder@0.202.0
  • wasm-metadata@0.202.0
  • wasmcloud-component-adapters@0.9.0
  • wasmcloud-control-interface@1.0.0-alpha.3
  • wasmcloud-core@0.4.0
  • wasmcloud-core@0.5.0
  • wasmparser@0.202.0
  • web-time@0.2.4
  • wit-bindgen-c@0.24.0
  • wit-bindgen-core@0.24.0
  • wit-bindgen-go@0.24.0
  • wit-component@0.202.0
  • wit-parser@0.201.0
  • wit-parser@0.202.0
  • wrpc-transport@0.22.0
  • wrpc-transport@0.24.2
  • wrpc-transport-nats@0.19.0
  • wrpc-transport-nats@0.21.0
  • wrpc-types@0.5.0
  • wrpc-types@0.6.0
  • zeroize@1.7.0
  • command-group@1.0.8
  • env_logger@0.10.2
  • is-terminal@0.4.12
  • memoffset@0.6.5
  • nix@0.22.3
  • provider-archive@0.8.0
  • termcolor@1.4.1
  • wadm@0.10.0
  • wascap@0.11.2
  • wascap@0.12.0
  • wash-lib@0.17.0
  • wasm-encoder@0.29.0
  • wasm-encoder@0.36.2
  • wasm-encoder@0.39.0
  • wasm-metadata@0.10.20
  • wasmcloud-component-adapters@0.6.0
  • wasmcloud-control-interface@0.32.0
  • wasmcloud-control-interface@0.33.0
  • wasmcloud-core@0.2.0
  • wasmparser@0.107.0
  • wasmparser@0.116.1
  • wasmparser@0.118.2
  • wit-bindgen-c@0.16.0
  • wit-bindgen-core@0.16.0
  • wit-bindgen-go@0.16.0
  • wit-component@0.18.2
  • wit-parser@0.13.1
  • xattr@1.3.1
  • zeroize@1.6.0

@protochron protochron force-pushed the 1.0_compat branch 3 times, most recently from 71347df to 790334d Compare April 10, 2024 01:01
src/services.rs Outdated Show resolved Hide resolved
src/services.rs Outdated Show resolved Hide resolved
src/services.rs Outdated Show resolved Hide resolved
src/services.rs Outdated
should_create_service = true;
for p in props.source_config.iter() {
if let Some(config_props) = &p.properties {
if let Some(addr) = config_props.get("ADDRESS") {
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I'm curious why is the ADDRESS capitalized here? Looking at the provider code it didn't seem like that defines it as capitalized, but all lowercase, am I missing some conversion logic that happens in between?

Copy link
Contributor Author

@protochron protochron Apr 10, 2024

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

For whatever reason the wadm file I was working off of was in all caps and I wasn't sure why. I'll fix it so that is uses the correct case as outlined in the provider docs.

@protochron protochron force-pushed the 1.0_compat branch 2 times, most recently from 764e881 to d23227f Compare April 10, 2024 17:52
wasmCloud 1.0 fully converts over to using components among other large
changes, so we need to rework the operator to account for it. 1.0 is
still in the works, so this updates the operator to depend on wasmCloud
1.0 libraries along with refactoring the service creation code to use
the updated application manifest format.

Once this is in we will likely cut a 0.2.0 pre-release and wait for an
actual release until wasmCloud 1.0.0 and wadm 0.11 are out.

This also adds a new field to the CRD so that you can specify the full
image reference instead of just the version. The `image` parameter takes
precedence.

Signed-off-by: Dan Norris <protochron@users.noreply.github.com>
@protochron protochron merged commit 9a9a4a8 into main Apr 10, 2024
5 checks passed
@protochron protochron deleted the 1.0_compat branch April 10, 2024 21:24
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants