Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Resolve issues on workflows #1038

Open
wants to merge 34 commits into
base: main
Choose a base branch
from
Open

Resolve issues on workflows #1038

wants to merge 34 commits into from

Conversation

jmuelbert
Copy link
Owner

Description

Many workflows doesn't run.

Related Issues / Pull Requests

#1006 #1007 #1008 #1009 #1010 #1011 #1012

Motivation and Context

Make the code better and less the errors

Additional text

Copy link

trunk-io bot commented Oct 29, 2024

Merging to main in this repository is managed by Trunk.

  • To merge this pull request, check the box to the left or comment /trunk merge below.

Copy link
Contributor

github-actions bot commented Oct 29, 2024

Dependency Review

The following issues were found:
  • ✅ 0 vulnerable package(s)
  • ✅ 0 package(s) with incompatible licenses
  • ✅ 0 package(s) with invalid SPDX license definitions
  • ⚠️ 2 package(s) with unknown licenses.
  • ⚠️ 2 packages with OpenSSF Scorecard issues.
See the Details below.

License Issues

.github/workflows/cmake-requirements.txt

PackageVersionLicenseIssue Type
cmakelang~> 0.6.13NullUnknown License

pages/package.json

PackageVersionLicenseIssue Type
astro^4.15.3NullUnknown License

OpenSSF Scorecard

Scorecard details
PackageVersionScoreDetails
actions/DoozyX/clang-format-lint-action c71d0bf4e21876ebec3e5647491186f8797fde31 🟢 3.3
Details
CheckScoreReason
Code-Review🟢 4Found 7/16 approved changesets -- score normalized to 4
Maintained🟢 1012 commit(s) and 3 issue activity found in the last 90 days -- score normalized to 10
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
License🟢 10license file detected
Signed-Releases⚠️ -1no releases found
Dangerous-Workflow⚠️ -1no workflows found
Packaging⚠️ -1packaging workflow not detected
Token-Permissions⚠️ -1No tokens found
SAST⚠️ 0SAST tool is not run on all commits -- score normalized to 0
Branch-Protection⚠️ 0branch protection not enabled on development/release branches
Binary-Artifacts⚠️ 0binaries present in source code
Security-Policy⚠️ 0security policy file not detected
Fuzzing⚠️ 0project is not fuzzed
Vulnerabilities🟢 100 existing vulnerabilities detected
Pinned-Dependencies⚠️ 0dependency not pinned by hash detected -- score normalized to 0
actions/EndBug/add-and-commit a94899bca583c204427a224a7af87c02f9b325d5 🟢 5.4
Details
CheckScoreReason
Code-Review⚠️ 2Found 1/5 approved changesets -- score normalized to 2
Maintained🟢 68 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 6
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
License🟢 10license file detected
Signed-Releases⚠️ -1no releases found
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Packaging⚠️ -1packaging workflow not detected
Binary-Artifacts🟢 10no binaries found in the repo
Pinned-Dependencies🟢 3dependency not pinned by hash detected -- score normalized to 3
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
Security-Policy⚠️ 0security policy file not detected
Fuzzing⚠️ 0project is not fuzzed
Branch-Protection⚠️ -1internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration
SAST🟢 9SAST tool detected but not run on all commits
Vulnerabilities🟢 100 existing vulnerabilities detected
actions/actions/checkout 44c2b7a8a4ea60a981eaca3cf939b5f4305c123b 🟢 7.4
Details
CheckScoreReason
Code-Review🟢 10all changesets reviewed
Maintained🟢 1011 commit(s) and 3 issue activity found in the last 90 days -- score normalized to 10
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
License🟢 10license file detected
Signed-Releases⚠️ -1no releases found
Branch-Protection⚠️ -1internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Binary-Artifacts🟢 10no binaries found in the repo
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
Fuzzing⚠️ 0project is not fuzzed
Pinned-Dependencies🟢 3dependency not pinned by hash detected -- score normalized to 3
Security-Policy🟢 9security policy file detected
Packaging🟢 10packaging workflow detected
SAST🟢 9SAST tool detected but not run on all commits
Vulnerabilities🟢 91 existing vulnerabilities detected
actions/actions/download-artifact fa0a91b85d4f404e444e00e005971372dc801d16 🟢 6
Details
CheckScoreReason
Code-Review🟢 10all changesets reviewed
Maintained⚠️ 12 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 1
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
License🟢 10license file detected
Signed-Releases⚠️ -1no releases found
Branch-Protection⚠️ -1internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Binary-Artifacts🟢 10no binaries found in the repo
Packaging⚠️ -1packaging workflow not detected
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
Fuzzing⚠️ 0project is not fuzzed
Pinned-Dependencies⚠️ 1dependency not pinned by hash detected -- score normalized to 1
Security-Policy🟢 9security policy file detected
SAST🟢 10SAST tool is run on all commits
Vulnerabilities🟢 73 existing vulnerabilities detected
actions/actions/setup-python 0b93645e9fea7318ecaed2b359559ac225c90a2b 🟢 6
Details
CheckScoreReason
Code-Review🟢 10all changesets reviewed
Maintained🟢 1013 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 10
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
License🟢 10license file detected
Signed-Releases⚠️ -1no releases found
Branch-Protection⚠️ -1internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Binary-Artifacts🟢 10no binaries found in the repo
Packaging⚠️ -1packaging workflow not detected
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
Fuzzing⚠️ 0project is not fuzzed
Pinned-Dependencies⚠️ 0dependency not pinned by hash detected -- score normalized to 0
Security-Policy🟢 9security policy file detected
SAST🟢 8SAST tool is not run on all commits -- score normalized to 8
Vulnerabilities⚠️ 013 existing vulnerabilities detected
actions/actions/upload-artifact b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 🟢 7.2
Details
CheckScoreReason
Code-Review🟢 10all changesets reviewed
Maintained🟢 1030 commit(s) and 4 issue activity found in the last 90 days -- score normalized to 10
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
License🟢 10license file detected
Signed-Releases⚠️ -1no releases found
Branch-Protection⚠️ -1internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration
Packaging⚠️ -1packaging workflow not detected
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
Binary-Artifacts🟢 10no binaries found in the repo
Fuzzing⚠️ 0project is not fuzzed
Pinned-Dependencies⚠️ 1dependency not pinned by hash detected -- score normalized to 1
Security-Policy🟢 9security policy file detected
SAST🟢 10SAST tool is run on all commits
Vulnerabilities🟢 100 existing vulnerabilities detected
actions/ammaraskar/gcc-problem-matcher 0f9c86f9e693db67dacf53986e1674de5f2e5f28 🟢 3.2
Details
CheckScoreReason
Code-Review⚠️ 1Found 1/7 approved changesets -- score normalized to 1
Maintained⚠️ 00 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
License🟢 10license file detected
Signed-Releases⚠️ -1no releases found
Packaging⚠️ -1packaging workflow not detected
Binary-Artifacts🟢 10no binaries found in the repo
Token-Permissions⚠️ -1No tokens found
Dangerous-Workflow⚠️ -1no workflows found
Pinned-Dependencies⚠️ -1no dependencies found
Security-Policy⚠️ 0security policy file not detected
Fuzzing⚠️ 0project is not fuzzed
Branch-Protection⚠️ 0branch protection not enabled on development/release branches
Vulnerabilities🟢 100 existing vulnerabilities detected
SAST⚠️ 0SAST tool is not run on all commits -- score normalized to 0
actions/codecov/codecov-action b9fd7d16f6d7d1b5d2bec1a2887e65ceed900238 🟢 7.4
Details
CheckScoreReason
Binary-Artifacts🟢 10no binaries found in the repo
Branch-Protection⚠️ -1internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration
CI-Tests🟢 1030 out of 30 merged PRs checked by a CI test -- score normalized to 10
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
Code-Review🟢 7Found 3/4 approved changesets -- score normalized to 7
Contributors🟢 10project has 10 contributing companies or organizations
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Dependency-Update-Tool🟢 10update tool detected
Fuzzing⚠️ 0project is not fuzzed
License🟢 10license file detected
Maintained🟢 1030 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 10
Packaging⚠️ -1packaging workflow not detected
Pinned-Dependencies⚠️ 2dependency not pinned by hash detected -- score normalized to 2
SAST🟢 9SAST tool detected but not run on all commits
Security-Policy🟢 10security policy file detected
Signed-Releases⚠️ -1no releases found
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
Vulnerabilities🟢 100 existing vulnerabilities detected
actions/hendrikmuhs/ccache-action ed74d11c0b343532753ecead8a951bb09bb34bc9 🟢 4.7
Details
CheckScoreReason
Code-Review🟢 6Found 4/6 approved changesets -- score normalized to 6
Maintained🟢 78 commit(s) and 1 issue activity found in the last 90 days -- score normalized to 7
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
License🟢 10license file detected
Signed-Releases⚠️ -1no releases found
Binary-Artifacts🟢 10no binaries found in the repo
Packaging⚠️ -1packaging workflow not detected
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
Branch-Protection⚠️ 0branch protection not enabled on development/release branches
Pinned-Dependencies⚠️ 0dependency not pinned by hash detected -- score normalized to 0
Security-Policy⚠️ 0security policy file not detected
Fuzzing⚠️ 0project is not fuzzed
Vulnerabilities🟢 100 existing vulnerabilities detected
SAST⚠️ 0SAST tool is not run on all commits -- score normalized to 0
actions/ilammy/msvc-dev-cmd 0b201ec74fa43914dc39ae48a89fd1d8cb592756 🟢 3.9
Details
CheckScoreReason
Code-Review🟢 5Found 16/30 approved changesets -- score normalized to 5
Maintained⚠️ 00 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
License🟢 10license file detected
Signed-Releases⚠️ -1no releases found
Binary-Artifacts🟢 10no binaries found in the repo
Packaging⚠️ -1packaging workflow not detected
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
Pinned-Dependencies⚠️ 0dependency not pinned by hash detected -- score normalized to 0
Security-Policy⚠️ 0security policy file not detected
Fuzzing⚠️ 0project is not fuzzed
Branch-Protection⚠️ 0branch protection not enabled on development/release branches
Vulnerabilities🟢 100 existing vulnerabilities detected
SAST⚠️ 0SAST tool is not run on all commits -- score normalized to 0
actions/jurplel/install-qt-action f03f05556819ceb3781ee2f455ec44c339d683c0 UnknownUnknown
actions/mikepenz/action-gh-release 9a604afa5167a745eab07256a54e2f578a1a0c5e UnknownUnknown
actions/mikepenz/release-changelog-builder-action 69817ffbda9792da9756c52efd06b5a6103f39dc 🟢 6.4
Details
CheckScoreReason
Code-Review🟢 3Found 4/11 approved changesets -- score normalized to 3
Maintained🟢 1015 commit(s) and 7 issue activity found in the last 90 days -- score normalized to 10
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
License🟢 10license file detected
Signed-Releases⚠️ -1no releases found
Branch-Protection⚠️ -1internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration
Security-Policy🟢 10security policy file detected
Binary-Artifacts🟢 10no binaries found in the repo
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Packaging⚠️ -1packaging workflow not detected
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
Pinned-Dependencies⚠️ 1dependency not pinned by hash detected -- score normalized to 1
Fuzzing⚠️ 0project is not fuzzed
SAST🟢 9SAST tool detected but not run on all commits
Vulnerabilities🟢 91 existing vulnerabilities detected
actions/pat-s/always-upload-cache 9a0d1c3e1a8260b05500f9b67a5be8f2a1299819 🟢 3.3
Details
CheckScoreReason
Code-Review⚠️ 0Found 0/30 approved changesets -- score normalized to 0
Maintained⚠️ 00 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
License🟢 10license file detected
Signed-Releases⚠️ -1no releases found
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Packaging⚠️ -1packaging workflow not detected
Binary-Artifacts🟢 10no binaries found in the repo
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
SAST🟢 10SAST tool detected: CodeQL
Branch-Protection⚠️ 0branch protection not enabled on development/release branches
Pinned-Dependencies🟢 3dependency not pinned by hash detected -- score normalized to 3
Fuzzing⚠️ 0project is not fuzzed
Security-Policy⚠️ 0security policy file not detected
Vulnerabilities⚠️ 010 existing vulnerabilities detected
actions/re-actors/alls-green 223e4bb7a751b91f43eda76992bcfbf23b8b0302 🟢 3.8
Details
CheckScoreReason
Code-Review⚠️ 0Found 1/29 approved changesets -- score normalized to 0
Maintained⚠️ 00 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
License🟢 10license file detected
Signed-Releases⚠️ -1no releases found
Binary-Artifacts🟢 10no binaries found in the repo
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Packaging⚠️ -1packaging workflow not detected
Pinned-Dependencies⚠️ 0dependency not pinned by hash detected -- score normalized to 0
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
Branch-Protection⚠️ -1internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration
Vulnerabilities🟢 100 existing vulnerabilities detected
Fuzzing⚠️ 0project is not fuzzed
Security-Policy⚠️ 0security policy file not detected
SAST⚠️ 0SAST tool is not run on all commits -- score normalized to 0
actions/snapcore/action-build 3bdaa03e1ba6bf59a65f84a751d943d549a54e79 UnknownUnknown
actions/svenstaro/upload-release-action 04733e069f2d7f7f0b4aebc4fbdbce8613b03ccd 🟢 3.6
Details
CheckScoreReason
Code-Review🟢 3Found 3/10 approved changesets -- score normalized to 3
Maintained⚠️ 00 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
License🟢 10license file detected
Signed-Releases⚠️ -1no releases found
Packaging⚠️ -1packaging workflow not detected
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
Binary-Artifacts🟢 10no binaries found in the repo
Pinned-Dependencies⚠️ 0dependency not pinned by hash detected -- score normalized to 0
Security-Policy⚠️ 0security policy file not detected
Fuzzing⚠️ 0project is not fuzzed
Branch-Protection⚠️ 0branch protection not enabled on development/release branches
SAST⚠️ 0SAST tool is not run on all commits -- score normalized to 0
Vulnerabilities🟢 91 existing vulnerabilities detected
actions/BSFishy/pip-action 1.*.* ⚠️ 2.5
Details
CheckScoreReason
Code-Review⚠️ 0Found 1/27 approved changesets -- score normalized to 0
Maintained⚠️ 00 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
License🟢 10license file detected
Signed-Releases⚠️ -1no releases found
Binary-Artifacts🟢 10no binaries found in the repo
Packaging⚠️ -1packaging workflow not detected
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
Pinned-Dependencies⚠️ 0dependency not pinned by hash detected -- score normalized to 0
Branch-Protection⚠️ 0branch protection not enabled on development/release branches
Security-Policy⚠️ 0security policy file not detected
Fuzzing⚠️ 0project is not fuzzed
SAST⚠️ 0SAST tool is not run on all commits -- score normalized to 0
Vulnerabilities⚠️ 036 existing vulnerabilities detected
actions/DoozyX/clang-format-lint-action 0.17.* 🟢 3.3
Details
CheckScoreReason
Code-Review🟢 4Found 7/16 approved changesets -- score normalized to 4
Maintained🟢 1012 commit(s) and 3 issue activity found in the last 90 days -- score normalized to 10
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
License🟢 10license file detected
Signed-Releases⚠️ -1no releases found
Dangerous-Workflow⚠️ -1no workflows found
Packaging⚠️ -1packaging workflow not detected
Token-Permissions⚠️ -1No tokens found
SAST⚠️ 0SAST tool is not run on all commits -- score normalized to 0
Branch-Protection⚠️ 0branch protection not enabled on development/release branches
Binary-Artifacts⚠️ 0binaries present in source code
Security-Policy⚠️ 0security policy file not detected
Fuzzing⚠️ 0project is not fuzzed
Vulnerabilities🟢 100 existing vulnerabilities detected
Pinned-Dependencies⚠️ 0dependency not pinned by hash detected -- score normalized to 0
actions/EndBug/add-and-commit 9.*.* 🟢 5.4
Details
CheckScoreReason
Code-Review⚠️ 2Found 1/5 approved changesets -- score normalized to 2
Maintained🟢 68 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 6
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
License🟢 10license file detected
Signed-Releases⚠️ -1no releases found
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Packaging⚠️ -1packaging workflow not detected
Binary-Artifacts🟢 10no binaries found in the repo
Pinned-Dependencies🟢 3dependency not pinned by hash detected -- score normalized to 3
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
Security-Policy⚠️ 0security policy file not detected
Fuzzing⚠️ 0project is not fuzzed
Branch-Protection⚠️ -1internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration
SAST🟢 9SAST tool detected but not run on all commits
Vulnerabilities🟢 100 existing vulnerabilities detected
actions/actions/checkout 4.*.* 🟢 7.4
Details
CheckScoreReason
Code-Review🟢 10all changesets reviewed
Maintained🟢 1011 commit(s) and 3 issue activity found in the last 90 days -- score normalized to 10
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
License🟢 10license file detected
Signed-Releases⚠️ -1no releases found
Branch-Protection⚠️ -1internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Binary-Artifacts🟢 10no binaries found in the repo
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
Fuzzing⚠️ 0project is not fuzzed
Pinned-Dependencies🟢 3dependency not pinned by hash detected -- score normalized to 3
Security-Policy🟢 9security policy file detected
Packaging🟢 10packaging workflow detected
SAST🟢 9SAST tool detected but not run on all commits
Vulnerabilities🟢 91 existing vulnerabilities detected
actions/actions/checkout master 🟢 7.4
Details
CheckScoreReason
Code-Review🟢 10all changesets reviewed
Maintained🟢 1011 commit(s) and 3 issue activity found in the last 90 days -- score normalized to 10
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
License🟢 10license file detected
Signed-Releases⚠️ -1no releases found
Branch-Protection⚠️ -1internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Binary-Artifacts🟢 10no binaries found in the repo
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
Fuzzing⚠️ 0project is not fuzzed
Pinned-Dependencies🟢 3dependency not pinned by hash detected -- score normalized to 3
Security-Policy🟢 9security policy file detected
Packaging🟢 10packaging workflow detected
SAST🟢 9SAST tool detected but not run on all commits
Vulnerabilities🟢 91 existing vulnerabilities detected
actions/actions/download-artifact 4.*.* 🟢 6
Details
CheckScoreReason
Code-Review🟢 10all changesets reviewed
Maintained⚠️ 12 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 1
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
License🟢 10license file detected
Signed-Releases⚠️ -1no releases found
Branch-Protection⚠️ -1internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Binary-Artifacts🟢 10no binaries found in the repo
Packaging⚠️ -1packaging workflow not detected
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
Fuzzing⚠️ 0project is not fuzzed
Pinned-Dependencies⚠️ 1dependency not pinned by hash detected -- score normalized to 1
Security-Policy🟢 9security policy file detected
SAST🟢 10SAST tool is run on all commits
Vulnerabilities🟢 73 existing vulnerabilities detected
actions/actions/setup-python 5.*.* 🟢 6
Details
CheckScoreReason
Code-Review🟢 10all changesets reviewed
Maintained🟢 1013 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 10
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
License🟢 10license file detected
Signed-Releases⚠️ -1no releases found
Branch-Protection⚠️ -1internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Binary-Artifacts🟢 10no binaries found in the repo
Packaging⚠️ -1packaging workflow not detected
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
Fuzzing⚠️ 0project is not fuzzed
Pinned-Dependencies⚠️ 0dependency not pinned by hash detected -- score normalized to 0
Security-Policy🟢 9security policy file detected
SAST🟢 8SAST tool is not run on all commits -- score normalized to 8
Vulnerabilities⚠️ 013 existing vulnerabilities detected
actions/ammaraskar/gcc-problem-matcher master 🟢 3.2
Details
CheckScoreReason
Code-Review⚠️ 1Found 1/7 approved changesets -- score normalized to 1
Maintained⚠️ 00 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
License🟢 10license file detected
Signed-Releases⚠️ -1no releases found
Packaging⚠️ -1packaging workflow not detected
Binary-Artifacts🟢 10no binaries found in the repo
Token-Permissions⚠️ -1No tokens found
Dangerous-Workflow⚠️ -1no workflows found
Pinned-Dependencies⚠️ -1no dependencies found
Security-Policy⚠️ 0security policy file not detected
Fuzzing⚠️ 0project is not fuzzed
Branch-Protection⚠️ 0branch protection not enabled on development/release branches
Vulnerabilities🟢 100 existing vulnerabilities detected
SAST⚠️ 0SAST tool is not run on all commits -- score normalized to 0
actions/codecov/codecov-action 3.*.* 🟢 7.4
Details
CheckScoreReason
Binary-Artifacts🟢 10no binaries found in the repo
Branch-Protection⚠️ -1internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration
CI-Tests🟢 1030 out of 30 merged PRs checked by a CI test -- score normalized to 10
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
Code-Review🟢 7Found 3/4 approved changesets -- score normalized to 7
Contributors🟢 10project has 10 contributing companies or organizations
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Dependency-Update-Tool🟢 10update tool detected
Fuzzing⚠️ 0project is not fuzzed
License🟢 10license file detected
Maintained🟢 1030 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 10
Packaging⚠️ -1packaging workflow not detected
Pinned-Dependencies⚠️ 2dependency not pinned by hash detected -- score normalized to 2
SAST🟢 9SAST tool detected but not run on all commits
Security-Policy🟢 10security policy file detected
Signed-Releases⚠️ -1no releases found
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
Vulnerabilities🟢 100 existing vulnerabilities detected
actions/githubocto/repo-visualizer 0.9.1 ⚠️ 2.9
Details
CheckScoreReason
Code-Review🟢 4Found 6/13 approved changesets -- score normalized to 4
Maintained⚠️ 00 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
License🟢 10license file detected
Signed-Releases⚠️ -1no releases found
Binary-Artifacts🟢 10no binaries found in the repo
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
Packaging⚠️ -1packaging workflow not detected
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Branch-Protection⚠️ 0branch protection not enabled on development/release branches
Pinned-Dependencies⚠️ 0dependency not pinned by hash detected -- score normalized to 0
Security-Policy⚠️ 0security policy file not detected
Fuzzing⚠️ 0project is not fuzzed
SAST⚠️ 0SAST tool is not run on all commits -- score normalized to 0
Vulnerabilities⚠️ 014 existing vulnerabilities detected
actions/hendrikmuhs/ccache-action 1.*.* 🟢 4.7
Details
CheckScoreReason
Code-Review🟢 6Found 4/6 approved changesets -- score normalized to 6
Maintained🟢 78 commit(s) and 1 issue activity found in the last 90 days -- score normalized to 7
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
License🟢 10license file detected
Signed-Releases⚠️ -1no releases found
Binary-Artifacts🟢 10no binaries found in the repo
Packaging⚠️ -1packaging workflow not detected
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
Branch-Protection⚠️ 0branch protection not enabled on development/release branches
Pinned-Dependencies⚠️ 0dependency not pinned by hash detected -- score normalized to 0
Security-Policy⚠️ 0security policy file not detected
Fuzzing⚠️ 0project is not fuzzed
Vulnerabilities🟢 100 existing vulnerabilities detected
SAST⚠️ 0SAST tool is not run on all commits -- score normalized to 0
actions/ilammy/msvc-dev-cmd 1.13.0 🟢 3.9
Details
CheckScoreReason
Code-Review🟢 5Found 16/30 approved changesets -- score normalized to 5
Maintained⚠️ 00 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
License🟢 10license file detected
Signed-Releases⚠️ -1no releases found
Binary-Artifacts🟢 10no binaries found in the repo
Packaging⚠️ -1packaging workflow not detected
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
Pinned-Dependencies⚠️ 0dependency not pinned by hash detected -- score normalized to 0
Security-Policy⚠️ 0security policy file not detected
Fuzzing⚠️ 0project is not fuzzed
Branch-Protection⚠️ 0branch protection not enabled on development/release branches
Vulnerabilities🟢 100 existing vulnerabilities detected
SAST⚠️ 0SAST tool is not run on all commits -- score normalized to 0
actions/jurplel/install-qt-action 4.*.* UnknownUnknown
actions/mikepenz/action-gh-release 0.2.0-a03 UnknownUnknown
actions/mikepenz/release-changelog-builder-action 4.*.* 🟢 6.4
Details
CheckScoreReason
Code-Review🟢 3Found 4/11 approved changesets -- score normalized to 3
Maintained🟢 1015 commit(s) and 7 issue activity found in the last 90 days -- score normalized to 10
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
License🟢 10license file detected
Signed-Releases⚠️ -1no releases found
Branch-Protection⚠️ -1internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration
Security-Policy🟢 10security policy file detected
Binary-Artifacts🟢 10no binaries found in the repo
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Packaging⚠️ -1packaging workflow not detected
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
Pinned-Dependencies⚠️ 1dependency not pinned by hash detected -- score normalized to 1
Fuzzing⚠️ 0project is not fuzzed
SAST🟢 9SAST tool detected but not run on all commits
Vulnerabilities🟢 91 existing vulnerabilities detected
actions/release-drafter/release-drafter 5.25.0 🟢 3.4
Details
CheckScoreReason
Code-Review🟢 5Found 13/26 approved changesets -- score normalized to 5
Maintained🟢 32 commit(s) and 2 issue activity found in the last 90 days -- score normalized to 3
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
License🟢 10license file detected
Signed-Releases⚠️ -1no releases found
Packaging⚠️ -1packaging workflow not detected
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
Binary-Artifacts🟢 10no binaries found in the repo
Security-Policy⚠️ 0security policy file not detected
Pinned-Dependencies⚠️ 2dependency not pinned by hash detected -- score normalized to 2
Fuzzing⚠️ 0project is not fuzzed
Branch-Protection⚠️ 0branch protection not enabled on development/release branches
SAST⚠️ 0SAST tool is not run on all commits -- score normalized to 0
Vulnerabilities⚠️ 021 existing vulnerabilities detected
actions/snapcore/action-build 1.*.* UnknownUnknown
actions/styfle/cancel-workflow-action 0.12.1 🟢 4.7
Details
CheckScoreReason
Code-Review⚠️ 2Found 3/14 approved changesets -- score normalized to 2
Maintained⚠️ 00 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0
License🟢 10license file detected
Signed-Releases⚠️ -1no releases found
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
Branch-Protection⚠️ -1internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Binary-Artifacts🟢 10no binaries found in the repo
Packaging⚠️ -1packaging workflow not detected
Pinned-Dependencies⚠️ 0dependency not pinned by hash detected -- score normalized to 0
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
Fuzzing⚠️ 0project is not fuzzed
Security-Policy🟢 10security policy file detected
Vulnerabilities🟢 100 existing vulnerabilities detected
SAST⚠️ 0SAST tool is not run on all commits -- score normalized to 0
actions/svenstaro/upload-release-action 2.*.* 🟢 3.6
Details
CheckScoreReason
Code-Review🟢 3Found 3/10 approved changesets -- score normalized to 3
Maintained⚠️ 00 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
License🟢 10license file detected
Signed-Releases⚠️ -1no releases found
Packaging⚠️ -1packaging workflow not detected
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
Binary-Artifacts🟢 10no binaries found in the repo
Pinned-Dependencies⚠️ 0dependency not pinned by hash detected -- score normalized to 0
Security-Policy⚠️ 0security policy file not detected
Fuzzing⚠️ 0project is not fuzzed
Branch-Protection⚠️ 0branch protection not enabled on development/release branches
SAST⚠️ 0SAST tool is not run on all commits -- score normalized to 0
Vulnerabilities🟢 91 existing vulnerabilities detected
pip/Jinja2 ~> 3.1.4 🟢 6.8
Details
CheckScoreReason
Code-Review⚠️ 1Found 2/17 approved changesets -- score normalized to 1
Maintained🟢 1019 commit(s) and 7 issue activity found in the last 90 days -- score normalized to 10
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
License🟢 10license file detected
Signed-Releases🟢 102 out of the last 2 releases have a total of 2 signed artifacts.
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Binary-Artifacts🟢 10no binaries found in the repo
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
Pinned-Dependencies🟢 5dependency not pinned by hash detected -- score normalized to 5
Branch-Protection🟢 3branch protection is not maximal on development and all release branches
Vulnerabilities🟢 100 existing vulnerabilities detected
Fuzzing🟢 10project is fuzzed
Packaging🟢 10packaging workflow detected
Security-Policy🟢 9security policy file detected
SAST⚠️ 0SAST tool is not run on all commits -- score normalized to 0
pip/PyYaml ~> 6.0.2 🟢 6.4
Details
CheckScoreReason
Code-Review⚠️ 2Found 7/30 approved changesets -- score normalized to 2
Maintained🟢 102 commit(s) and 11 issue activity found in the last 90 days -- score normalized to 10
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
License🟢 10license file detected
Signed-Releases⚠️ -1no releases found
Branch-Protection⚠️ -1internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration
Security-Policy🟢 10security policy file detected
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Packaging⚠️ -1packaging workflow not detected
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
Pinned-Dependencies⚠️ 0dependency not pinned by hash detected -- score normalized to 0
Binary-Artifacts🟢 10no binaries found in the repo
Vulnerabilities🟢 100 existing vulnerabilities detected
Fuzzing🟢 10project is fuzzed
SAST⚠️ 0SAST tool is not run on all commits -- score normalized to 0
pip/cmakelang ~> 0.6.13 UnknownUnknown
pip/conan ~> 2.9.0 🟢 5.9
Details
CheckScoreReason
Code-Review🟢 8Found 24/30 approved changesets -- score normalized to 8
Maintained🟢 1030 commit(s) and 27 issue activity found in the last 90 days -- score normalized to 10
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
License🟢 10license file detected
Branch-Protection⚠️ -1internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration
Signed-Releases🟢 85 out of the last 5 releases have a total of 5 signed artifacts.
Dangerous-Workflow⚠️ -1no workflows found
Token-Permissions⚠️ -1No tokens found
Packaging⚠️ -1packaging workflow not detected
Binary-Artifacts🟢 10no binaries found in the repo
Fuzzing⚠️ 0project is not fuzzed
Security-Policy⚠️ 0security policy file not detected
Vulnerabilities🟢 100 existing vulnerabilities detected
SAST⚠️ 0SAST tool is not run on all commits -- score normalized to 0
Pinned-Dependencies⚠️ 0dependency not pinned by hash detected -- score normalized to 0
actions/actions/checkout 44c2b7a8a4ea60a981eaca3cf939b5f4305c123b 🟢 7.4
Details
CheckScoreReason
Code-Review🟢 10all changesets reviewed
Maintained🟢 1011 commit(s) and 3 issue activity found in the last 90 days -- score normalized to 10
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
License🟢 10license file detected
Signed-Releases⚠️ -1no releases found
Branch-Protection⚠️ -1internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Binary-Artifacts🟢 10no binaries found in the repo
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
Fuzzing⚠️ 0project is not fuzzed
Pinned-Dependencies🟢 3dependency not pinned by hash detected -- score normalized to 3
Security-Policy🟢 9security policy file detected
Packaging🟢 10packaging workflow detected
SAST🟢 9SAST tool detected but not run on all commits
Vulnerabilities🟢 91 existing vulnerabilities detected
actions/actions/checkout 3.*.* 🟢 7.4
Details
CheckScoreReason
Code-Review🟢 10all changesets reviewed
Maintained🟢 1011 commit(s) and 3 issue activity found in the last 90 days -- score normalized to 10
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
License🟢 10license file detected
Signed-Releases⚠️ -1no releases found
Branch-Protection⚠️ -1internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Binary-Artifacts🟢 10no binaries found in the repo
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
Fuzzing⚠️ 0project is not fuzzed
Pinned-Dependencies🟢 3dependency not pinned by hash detected -- score normalized to 3
Security-Policy🟢 9security policy file detected
Packaging🟢 10packaging workflow detected
SAST🟢 9SAST tool detected but not run on all commits
Vulnerabilities🟢 91 existing vulnerabilities detected
npm/@astrojs/check ^0.9.3 UnknownUnknown
npm/@astrojs/starlight ^0.28.2 UnknownUnknown
npm/astro ^4.15.3 UnknownUnknown
npm/sharp ^0.32.5 🟢 6.8
Details
CheckScoreReason
Maintained🟢 1019 commit(s) and 24 issue activity found in the last 90 days -- score normalized to 10
Code-Review⚠️ 2Found 6/30 approved changesets -- score normalized to 2
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
License🟢 10license file detected
Branch-Protection⚠️ -1internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration
Signed-Releases⚠️ 0Project has not signed or included provenance with any releases.
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Security-Policy🟢 10security policy file detected
Packaging⚠️ -1packaging workflow not detected
Token-Permissions🟢 10GitHub workflow tokens follow principle of least privilege
SAST⚠️ 0SAST tool is not run on all commits -- score normalized to 0
Binary-Artifacts🟢 10no binaries found in the repo
Vulnerabilities🟢 100 existing vulnerabilities detected
Fuzzing🟢 10project is fuzzed
Pinned-Dependencies⚠️ 0dependency not pinned by hash detected -- score normalized to 0
npm/typescript ^5.6.2 🟢 8.7
Details
CheckScoreReason
Binary-Artifacts🟢 10no binaries found in the repo
Branch-Protection⚠️ -1internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration
CI-Tests🟢 1030 out of 30 merged PRs checked by a CI test -- score normalized to 10
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
Code-Review🟢 10all changesets reviewed
Contributors🟢 10project has 35 contributing companies or organizations
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Dependency-Update-Tool🟢 10update tool detected
Fuzzing🟢 10project is fuzzed
License🟢 10license file detected
Maintained🟢 1030 commit(s) and 10 issue activity found in the last 90 days -- score normalized to 10
Packaging⚠️ -1packaging workflow not detected
Pinned-Dependencies🟢 6dependency not pinned by hash detected -- score normalized to 6
SAST🟢 10SAST tool is run on all commits
Security-Policy🟢 10security policy file detected
Signed-Releases⚠️ 0Project has not signed or included provenance with any releases.
Token-Permissions🟢 10GitHub workflow tokens follow principle of least privilege
Vulnerabilities🟢 100 existing vulnerabilities detected
actions/actions/checkout 4.*.* 🟢 7.4
Details
CheckScoreReason
Code-Review🟢 10all changesets reviewed
Maintained🟢 1011 commit(s) and 3 issue activity found in the last 90 days -- score normalized to 10
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
License🟢 10license file detected
Signed-Releases⚠️ -1no releases found
Branch-Protection⚠️ -1internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Binary-Artifacts🟢 10no binaries found in the repo
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
Fuzzing⚠️ 0project is not fuzzed
Pinned-Dependencies🟢 3dependency not pinned by hash detected -- score normalized to 3
Security-Policy🟢 9security policy file detected
Packaging🟢 10packaging workflow detected
SAST🟢 9SAST tool detected but not run on all commits
Vulnerabilities🟢 91 existing vulnerabilities detected
actions/actions/configure-pages 4.0.0 🟢 6.9
Details
CheckScoreReason
Code-Review🟢 10all changesets reviewed
Maintained🟢 57 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 5
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
License🟢 10license file detected
Signed-Releases⚠️ -1no releases found
Branch-Protection⚠️ -1internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Packaging⚠️ -1packaging workflow not detected
Binary-Artifacts🟢 10no binaries found in the repo
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
Pinned-Dependencies🟢 6dependency not pinned by hash detected -- score normalized to 6
Fuzzing⚠️ 0project is not fuzzed
Security-Policy🟢 9security policy file detected
SAST🟢 10SAST tool is run on all commits
Vulnerabilities🟢 82 existing vulnerabilities detected
actions/actions/deploy-pages 4.*.* 🟢 6.2
Details
CheckScoreReason
Code-Review🟢 10all changesets reviewed
Maintained🟢 42 commit(s) and 3 issue activity found in the last 90 days -- score normalized to 4
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
License🟢 10license file detected
Signed-Releases⚠️ -1no releases found
Branch-Protection⚠️ -1internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration
Binary-Artifacts🟢 10no binaries found in the repo
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Packaging⚠️ -1packaging workflow not detected
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
Pinned-Dependencies🟢 6dependency not pinned by hash detected -- score normalized to 6
Security-Policy🟢 9security policy file detected
Fuzzing⚠️ 0project is not fuzzed
SAST🟢 9SAST tool detected but not run on all commits
Vulnerabilities🟢 37 existing vulnerabilities detected
actions/actions/jekyll-build-pages 1.*.* 🟢 6.5
Details
CheckScoreReason
Code-Review🟢 10all changesets reviewed
Maintained🟢 1013 commit(s) and 4 issue activity found in the last 90 days -- score normalized to 10
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
License🟢 10license file detected
Signed-Releases⚠️ -1no releases found
Branch-Protection⚠️ -1internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
Binary-Artifacts🟢 10no binaries found in the repo
Pinned-Dependencies⚠️ 0dependency not pinned by hash detected -- score normalized to 0
Fuzzing⚠️ 0project is not fuzzed
Security-Policy🟢 9security policy file detected
Packaging🟢 10packaging workflow detected
SAST🟢 9SAST tool is not run on all commits -- score normalized to 9
Vulnerabilities⚠️ 28 existing vulnerabilities detected
actions/actions/upload-pages-artifact 3.*.* 🟢 6.6
Details
CheckScoreReason
Code-Review🟢 8Found 8/9 approved changesets -- score normalized to 8
Maintained🟢 1020 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 10
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
License🟢 10license file detected
Signed-Releases⚠️ -1no releases found
Packaging⚠️ -1packaging workflow not detected
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Binary-Artifacts🟢 10no binaries found in the repo
Pinned-Dependencies🟢 4dependency not pinned by hash detected -- score normalized to 4
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
Branch-Protection⚠️ -1internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration
Fuzzing⚠️ 0project is not fuzzed
Vulnerabilities🟢 100 existing vulnerabilities detected
Security-Policy🟢 9security policy file detected
SAST⚠️ 0SAST tool is not run on all commits -- score normalized to 0

Scanned Manifest Files

.github/workflows/ci.yml
.github/workflows/cmake-requirements.txt
  • Jinja2@~> 3.1.4
  • PyYaml@~> 6.0.2
  • cmakelang@~> 0.6.13
.github/workflows/conan-requirements.txt
  • conan@~> 2.9.0
.github/workflows/styles.yml
pages/package.json
  • @astrojs/check@^0.9.3
  • @astrojs/starlight@^0.28.2
  • astro@^4.15.3
  • sharp@^0.32.5
  • typescript@^5.6.2
.github/workflows/pages.yml
  • actions/checkout@4.*.*
  • actions/[email protected]
  • actions/deploy-pages@4.*.*
  • actions/jekyll-build-pages@1.*.*
  • actions/upload-pages-artifact@3.*.*
package-lock.json

.github/workflows/ci.yml Fixed Show fixed Hide fixed
.github/workflows/ci.yml Fixed Show fixed Hide fixed
.github/workflows/ci.yml Fixed Show fixed Hide fixed
Copy link

@github-advanced-security github-advanced-security bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Scorecard found more than 20 potential problems in the proposed changes. Check the Files changed tab for more details.

Copy link
Contributor

🦙 MegaLinter status: ❌ ERROR

Descriptor Linter Files Fixed Errors Elapsed time
❌ ACTION actionlint 25 62 0.26s
⚠️ BASH bash-exec 4 2 0.02s
❌ BASH shellcheck 4 3 0.03s
✅ BASH shfmt 4 0 0 0.34s
✅ C clang-format 82 73 0 0.88s
❌ C cpplint 82 1423 5.27s
❌ COPYPASTE jscpd yes 364 4.82s
✅ CPP clang-format 163 149 0 1.39s
❌ CPP cpplint 163 2912 9.37s
✅ CSS stylelint 1 1 0 1.48s
❌ DOCKERFILE hadolint 3 1 0.65s
❌ HTML djlint 1 1 0.84s
❌ HTML htmlhint 1 11 0.25s
❌ JAVASCRIPT eslint 2 0 1 0.95s
❌ JAVASCRIPT standard 2 0 1 2.17s
❌ JSON jsonlint 23 1 0.22s
❌ JSON npm-package-json-lint yes 1 0.52s
✅ JSON prettier 29 0 0 0.73s
❌ JSON v8r 23 1 36.23s
⚠️ MARKDOWN markdownlint 23 16 64 3.24s
❌ MARKDOWN markdown-link-check 25 22 61.15s
✅ MARKDOWN markdown-table-formatter 25 17 0 0.83s
❌ POWERSHELL powershell 3 23 4.48s
✅ POWERSHELL powershell_formatter 3 0 4.23s
❌ PYTHON bandit 10 5 1.06s
⚠️ PYTHON black 10 0 1 1.35s
❌ PYTHON flake8 10 14 0.6s
✅ PYTHON isort 10 0 0 0.71s
❌ PYTHON mypy 10 1 0.25s
❌ PYTHON pylint 10 20 2.65s
❌ PYTHON pyright 10 46 8.48s
❌ PYTHON ruff 10 0 2 0.39s
❌ REPOSITORY checkov yes 44 17.95s
❌ REPOSITORY devskim yes 23 2.66s
❌ REPOSITORY dustilock yes 1 0.38s
❌ REPOSITORY gitleaks yes 7 17.81s
✅ REPOSITORY git_diff yes no 0.08s
✅ REPOSITORY grype yes no 13.78s
❌ REPOSITORY kics yes 122 32.89s
✅ REPOSITORY secretlint yes no 4.89s
❌ REPOSITORY trivy yes 1 8.55s
✅ REPOSITORY trivy-sbom yes no 1.71s
✅ REPOSITORY trufflehog yes no 5.53s
❌ RST rstcheck 18 4 20.14s
⚠️ RST rstfmt 18 0 7 15.83s
❌ RST rst-lint 18 12 5.71s
❌ SPELL cspell 519 1 1.26s
❌ SPELL lychee 255 41 5.85s
✅ SPELL vale 8 0 0.88s
❌ TYPESCRIPT eslint 3 0 1 0.8s
❌ TYPESCRIPT ts-standard 3 0 1 5.61s
✅ XML xmllint 9 0 0 0.4s
✅ YAML prettier 157 4 0 1.66s
❌ YAML v8r 157 1 101.17s
❌ YAML yamllint 157 187 1.15s

See detailed report in MegaLinter reports

You could have same capabilities but better runtime performances if you request a new MegaLinter flavor.

MegaLinter is graciously provided by OX Security

name: 💎 CLang-Format
runs-on: ubuntu-latest
permissions:
contents: write

Check failure

Code scanning / Scorecard

Token-Permissions High

score is 0: jobLevel 'contents' permission set to 'write'
Remediation tip: Visit https://app.stepsecurity.io/secureworkflow.
Tick the 'Restrict permissions for GITHUB_TOKEN'
Untick other options
NOTE: If you want to resolve multiple issues at once, you can visit https://app.stepsecurity.io/securerepo instead.
Click Remediation section below for further remediation help
name: 💎 CMake-Format
runs-on: ubuntu-latest
permissions:
contents: write

Check failure

Code scanning / Scorecard

Token-Permissions High

score is 0: jobLevel 'contents' permission set to 'write'
Remediation tip: Visit https://app.stepsecurity.io/secureworkflow.
Tick the 'Restrict permissions for GITHUB_TOKEN'
Untick other options
NOTE: If you want to resolve multiple issues at once, you can visit https://app.stepsecurity.io/securerepo instead.
Click Remediation section below for further remediation help
.github/workflows/ci.yml Fixed Show fixed Hide fixed
.github/workflows/ci.yml Fixed Show fixed Hide fixed
permissions:
actions: read
contents: read
security-events: write

Check failure

Code scanning / Scorecard

Token-Permissions High

score is 0: jobLevel 'security-events' permission set to 'write'
Remediation tip: Visit https://app.stepsecurity.io/secureworkflow.
Tick the 'Restrict permissions for GITHUB_TOKEN'
Untick other options
NOTE: If you want to resolve multiple issues at once, you can visit https://app.stepsecurity.io/securerepo instead.
Click Remediation section below for further remediation help
.github/workflows/ci.yml Fixed Show fixed Hide fixed
cinst ninja ccache
- name: 🧊 ⚙️ Configure MSVC
if: runner.os == 'Windows'
uses: ilammy/msvc-dev-cmd@ 0b201ec74fa43914dc39ae48a89fd1d8cb592756 # v1.13.0

Check warning

Code scanning / Scorecard

Pinned-Dependencies Medium

score is 3: third-party GitHubAction not pinned by hash
Click Remediation section below to solve this issue
conan profile show default
- name: (Linux/macOS) restore ccache
if: runner.os == 'Linux' || runner.os == 'macOS'
uses: pat-s/[email protected]

Check warning

Code scanning / Scorecard

Pinned-Dependencies Medium

score is 3: third-party GitHubAction not pinned by hash
Click Remediation section below to solve this issue
"$GITHUB_WORKSPACE/appimaged-*.AppImage" "${APPIMAGE_DST_PATH}"
- name: 🐧 📤 Upload Linux artifacts
if: runner.os == 'Linux'
uses: actions/upload-artifact@v4

Check warning

Code scanning / Scorecard

Pinned-Dependencies Medium

score is 3: GitHub-owned GitHubAction not pinned by hash
Click Remediation section below to solve this issue
permissions:
actions: read
contents: read
security-events: write

Check failure

Code scanning / Scorecard

Token-Permissions High

score is 0: jobLevel 'security-events' permission set to 'write'
Remediation tip: Visit https://app.stepsecurity.io/secureworkflow.
Tick the 'Restrict permissions for GITHUB_TOKEN'
Untick other options
NOTE: If you want to resolve multiple issues at once, you can visit https://app.stepsecurity.io/securerepo instead.
Click Remediation section below for further remediation help
-DBUILD_SHARED_LIBS:BOOL="TRUE" \
-DENABLE_CACHE="ON"
- name: 📦 🍎 Build and package application (macdeployqt and zipfile)
# TODO: Stored in install. Build DMG with CPack

Check notice

Code scanning / devskim

A "TODO" or similar was left in source code, possibly indicating incomplete functionality Note

Suspicious comment
cmake --build . --config ${{matrix.build_type}}
cpack -C "${{matrix.build_type}}" -G "DragNDrop;ZIP"
- name: ⚙️ 🧊 Build
# TODO: Stored in install. Build installer with CPack

Check notice

Code scanning / devskim

A "TODO" or similar was left in source code, possibly indicating incomplete functionality Note

Suspicious comment
env:
APPIMAGETOOL_ARCH: x86_64
- name: 🐧 📦 Create AppImage
# TODO: Stored in build directory

Check notice

Code scanning / devskim

A "TODO" or similar was left in source code, possibly indicating incomplete functionality Note

Suspicious comment
@@ -1,4 +1,4 @@
---
# TODO: Update to use Qt6.x

Check notice

Code scanning / devskim

A "TODO" or similar was left in source code, possibly indicating incomplete functionality Note

Suspicious comment

\brief Destructor for DataContext()
\details Close the connection to the database.
// TODO: Add Constructor: DataContext(const QString &name, + init for mySQL

Check notice

Code scanning / devskim

A "TODO" or similar was left in source code, possibly indicating incomplete functionality Note

Suspicious comment
\details Close the connection to the database.
// TODO: Add Constructor: DataContext(const QString &name, + init for mySQL
// etc.)
// TODO: Remove access of settings

Check notice

Code scanning / devskim

A "TODO" or similar was left in source code, possibly indicating incomplete functionality Note

Suspicious comment
cache: pip
- name: 🟨 Install cmakelang
run: |
python -m pip install --upgrade pip

Check warning

Code scanning / Scorecard

Pinned-Dependencies Medium

score is 3: pipCommand not pinned by hash
Click Remediation section below to solve this issue
- name: 🟨 Install cmakelang
run: |
python -m pip install --upgrade pip
pip3 install -r .github/workflows/cmake-requirements.txt

Check warning

Code scanning / Scorecard

Pinned-Dependencies Medium

score is 3: pipCommand not pinned by hash
Click Remediation section below to solve this issue
.github/workflows/ci.yml Fixed Show fixed Hide fixed
.github/workflows/ci.yml Fixed Show fixed Hide fixed
@@ -0,0 +1,3 @@
<?xml version="1.0" encoding="utf-8"?>
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Parsing error: Unexpected token <

@@ -0,0 +1,3 @@
<?xml version="1.0" encoding="utf-8"?>
<!DOCTYPE TS>
<TS/>
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Missing semicolon
Type assertion using the '<>' syntax is forbidden. Use the 'as' syntax instead.
missing whitespace

@@ -0,0 +1,3 @@
<?xml version="1.0" encoding="utf-8"?>
<!DOCTYPE TS>
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Type assertion using the '<>' syntax is forbidden. Use the 'as' syntax instead.
missing whitespace

@@ -0,0 +1,3 @@
<?xml version="1.0" encoding="utf-8"?>
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Missing semicolon
Type assertion using the '<>' syntax is forbidden. Use the 'as' syntax instead.
missing whitespace
unused expression, expected an assignment or function call

Copy link

@github-advanced-security github-advanced-security bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

check-spelling found more than 20 potential problems in the proposed changes. Check the Files changed tab for more details.

Copy link
Contributor

github-actions bot commented Nov 3, 2024

@check-spelling-bot Report

🔴 Please review

See the 📂 files view, the 📜action log, or 📝 job summary for details.

Unrecognized words (2141)
aarch
ABBD
abbo
ABCF
Aber
abfb
Abh
abi
abid
ablebodied
abled
Ablist
aboutdialog
absint
abspath
Abteilung
Abteilungsnamen
ACA
acai
Accessname
accountinputarea
accusee
acfe
aci
AClass
activ
activeoff
activeon
adbe
addaction
Addresse
addstore
adf
adhd
Adresse
aebc
AECBA
aed
aee
aef
afa
AFCBA
affordability
affrontery
Afrikaaner
afxres
agendize
AGPL
ahmadnassri
airlinese
Aissue
Akeem
Aktiv
Aktueller
aktuellste
Albuquerquean
Albuquerquian
Alertmanager
alex
alexshev
alla
allem
Alles
ALLEXTERNALS
alrightlist
alrightlisting
altera
Alternativ
amazonaws
amd
aminya
ammaraskar
amperser
AMPM
ams
amsmath
analsex
ANamespace
Anchorageite
Anchoragite
anchore
andere
anderem
Anforderungen
angeben
Angelean
angie
Anmeldename
antialiasing
antimalware
antispyware
Anwendung
Anwendungsordner
Aopen
apdisk
apk
appdata
APPDIR
appimage
appimaged
APPIMAGETOOL
applicatie
applicazione
appquick
apps
appstore
appveyer
appveyor
APPY
aqt
aqtinall
aqtinstall
aquasecurityofficial
Arbeit
Archivos
Arcu
Areaa
Areaclass
Areeas
Arelease
argn
argparse
armhf
armv
ARPHELPLINK
ARPINSTALLOCATION
ARPNOREPAIR
ARPPRODUCTICON
ARPURLINFOABOUT
arrowsize
arrowtail
asciify
ASingle
astro
astrodoc
Asuper
Atest
athletesfoot
atx
auch
audiobook
aufbauen
aufgerufen
Aufruf
auot
aus
ausf
Ausr
ausw
AUTOBRIEF
autobuild
autoclean
autodesktop
Autodetected
autodoc
autogen
autolabeler
Autolayout
automerge
AUTOMOC
autoprograms
AUTORCC
autoremove
autosectionlabel
autosort
autotests
autotoc
AUTOUIC
aws
awscli
awscliv
azienda
aziendale
BACA
bacb
backlight
backticks
badgen
bak
banlist
banlisting
BATCHMODE
batshit
bbb
bbf
bca
bcbf
bcfbf
bdaa
bdd
BDDD
Bearbeite
Bearbeiten
beastality
beastial
becf
bedeutet
bedrijf
Bedrijfscollector
beenden
Befehl
befindet
bei
beiden
beim
Belarusan
Belarusian
Benutzer
Benutzername
Benutzernamen
bereinstimmen
bergreifende
berpr
bersetzungen
betriebssystem
Betriebssystemen
Beyonc
Beyonce
Bezeichnung
bezier
bfb
bfd
Bibliothek
Bibliotheken
bibtex
bicurious
billyan
bincrafters
bindir
binutils
biomejs
bitbucket
bitmaps
Bitstream
blocklist
blocklisting
blogs
bme
Bmind
bmine
bmy
bocd
bomd
bountybar
boutonni
brac
brazilianportuguese
bre
bric
bridgecrewio
btford
BUGLIST
bugreport
bugtracker
Bugzilla
builddep
BUILDDIR
buildinfo
buildsystem
BUILDVERSION
buildx
butante
buttplug
byteorder
CAAA
caap
callergraph
callgraph
Camerino
carta
casualities
Caymanian
cbf
ccache
ccd
ccdcd
cci
ccmake
ccompiler
CCritical
CDAF
cdea
CDebug
cdfc
cdn
ceasefire
ceb
cec
CECB
CECC
CEDA
CEEA
ceed
cellphone
cellspacing
certifi
certs
certutil
cfeb
cfgv
cflags
cgi
chardet
charliermarsh
chatbot
checkboxes
checkconnect
checkov
cheshirekow
childrens
chipcard
chipcarddoor
chipcarddoorinputarea
chipcardinputarea
chipcardprofile
chipcardprofiledoor
chipcardprofiledoorinputarea
chipcardprofileinputarea
chocolateyinstall
chris
chrysalids
chstes
chten
chtml
Ciara
cigs
cinst
CInventory
Citian
Citro
Cityan
cityinputarea
cityname
ckgabe
CKV
clangd
clangformat
clangpath
clangtidy
classpath
clazy
cleftlipped
Clickedlist
Clockrate
clpath
cmakedefine
cmakelang
CMakelists
cmdline
cmds
cmp
coafile
cobertura
cocksucker
codacy
codecov
codecvt
CODEFILE
Codeium
codelytv
codeofconduct
CODEOWNERS
Codepage
codeql
codesandbox
codespaces
codespell
codespellrc
Codet
cohabitor
cois
colada
Colchane
collaborationgraph
collecter
Collecteur
COLORSTYLE
colortbl
colspan
Commandline
commitizen
commitlint
commondata
commondesktop
compamy
companyinputarea
Companyl
compat
Complementos
complicit
computerinputarea
Computernamen
computersoftware
computersoftwareinputarea
conan
conanbuildinfo
conanfile
conanrun
concrt
CONFIGDIR
Configjmbde
configversion
confirmands
confirmant
Connecticuter
conspiratorialist
Constructur
containerd
contard
conventionalcommits
conversate
cookiecutter
COPYONLY
Corroy
corsican
cout
cpack
cpes
cplusplus
cpmaddpackage
cpmgetpackageversion
cpmregisterpackage
cppcheck
cppcoreguidelines
cppdbg
CPPFLAGS
cppm
cpprc
cppreference
cppstd
cpptools
cppvsdbg
cpr
cra
crackpipe
craftctl
crained
createrepo
crosscompile
CROSSCOMPILING
crt
crudit
Crue
cschlosser
cssvar
cstring
csvimportdialog
ctest
ctxt
cullmann
cunilingus
cunillingus
CUxl
CVJp
CVS
CXA
cxxflags
cxxm
cybersex
cyclonedx
Cygwin
CZip
dacf
Daher
damit
dann
dans
daringfireball
dass
databaseversion
datacare
datacontext
DATADIR
datafieldnames
Datafields
Datainput
Datakonsult
Datei
Dateien
Daten
Datenbank
Datenbankabfrage
Datenbankdatei
Datensammler
Datensatz
datenschutz
DATETIME
dati
davidanson
dawbarton
dbaeumer
DBB
DBUILD
DBus
dcef
dch
dcl
DCMAKE
dcompiler
dconf
DDDC
dde
DDEFAULT
ddl
deafmute
dearmor
debian
DEBUGLIBS
debugpy
debuild
DED
defamative
defraudulent
degeneratory
DEMANGLE
dena
DENABLE
deparment
departmentinputarea
departmet
deplan
DEPRECATEDLIST
derjenigen
desktopicon
dessant
destinationlabel
deth
devcontainer
developerapi
devguide
devicename
devicenameinputarea
devicetype
devicetypeinputarea
devilworshipper
devskim
dfa
DFAE
dfdfdf
DFF
dffc
DHTML
diafile
DIAPLAY
diesem
diesen
Dieser
diffability
directorygraph
dirvars
disabledoff
disabledon
discomforture
disfluency
disincentivize
disroop
distlib
distro
djlint
DKDE
dlg
DLGTM
dmg
dnd
dnf
docbook
dockerfiles
docoument
docset
docstrings
doctoc
doctrees
Docu
documentaton
Documente
documentinputarea
docutils
Dokument
Dokumente
Dokumenten
Dominguez
donjayamanne
donn
donotpresent
dontinclude
doppelg
DOPT
dotfile
DOTFONTPATH
dotnet
downlo
dox
doxdocgen
doxyfile
doxygen
doxygenfile
doxyindexer
doxyrules
doxysearch
Doxywizard
dpi
dput
DQAPPLICATION
DQT
dri
drirc
Drucke
Drucker
Druckernamen
dsc
DTDs
dummyobject
dummyvalue
dummyvariable
duplicatory
durch
DVI
DVT
DWORD
dylib
eab
eabi
eaca
EAF
eafdc
eamodio
ebec
eca
ecaed
ecead
ECLIPSEHELP
ecm
ecstacy
eda
edabf
eea
eeaaad
EEECBCDF
efb
efd
EGL
ehthumbs
eigentlichen
ein
eine
einem
einen
einer
eingeben
einige
Einstellungen
Einstellungsdatun
eklady
Elasticsearch
elems
elfutils
Elysees
emacs
ement
emoji
employeeaccount
employeeaccountinputarea
employeedocument
employeedocumentinputarea
employeeinputarea
employeemodel
employeetable
emscripten
emsdk
endcond
enddate
Enddatum
endforeach
endfunction
endl
endmacro
enigmatas
enlargen
enplan
Entenhausen
Entenstra
enthalten
Entpacken
Entwickler
Entwicklungssystem
Equick
equinusocio
erfasst
erfolgreich
errorlevel
errorstop
ersetzen
erstellen
Erzeuge
erzeugen
erzeugt
Erzeugung
esbenp
esbonio
esktop
EULA
EUPL
exceuted
exelinkflags
Exportieren
EXPORTNAME
factorypath
faf
Fairbanksan
Fairbanksian
famfamfam
Farbe
fastlane
fatfs
faxinputarea
Faxnumber
fbdbce
fcf
fcoroutines
fde
fdec
fea
featuredarticles
Featuri
feb
febac
febcab
FEBD
Februar
FEEDNAME
FEEDURL
Fehler
Fehlerberichte
Fehlermeldung
felatio
Fertig
fetchcontent
ffbda
ffcb
ffde
FFFA
ffne
ffnen
ffnet
fianc
fieldindexes
fieldname
fild
FILEFLAGS
FILEFLAGSMASK
filelock
FILEOS
FILESUBTYPE
filesystems
filetowrite
FILEVERSION
filipina
filmj
filmjolk
fina
finalise
finden
Findjmbdemodels
Findjmbdequick
Findjmbdewidgets
fingerfood
FINISHPAGE
Firefox
Firmen
Firstname
flathub
flatkpak
flatpak
flatpakimage
flatpakrepo
flawfinder
Flesch
Flickable
fltk
folgenden
fontcolor
fontello
fontname
FONTPATH
fontsize
fonttbl
footaction
forebearance
fortsetzen
Foto
fourtwenty
fpr
Fragen
fraice
fram
freedesktop
freedesktopsdk
fseventsd
fsfe
fswiss
fucktard
fuktion
fulcio
functioninputarea
Funktion
funktioniert
fwlink
gammaray
gasque
gbar
gbps
gcc
gcovr
gdiplus
GDK
geben
gebhard
Geburtstag
gedit
gefunden
gegevens
geht
genindex
Gernot
gerry
geschlossen
gesichert
gestellt
Gettext
Gew
Gewurztraminer
gha
ghaction
GHE
Ghz
gibt
githu
githubt
gitlab
gitleaks
gitlint
GLESV
glicherweise
glig
glx
gmail
gmx
gnueabi
gnueabihf
gnupg
gnuwin
goatherder
gonzagas
goodcheck
google
googleapis
googletest
goyum
gpg
GPLv
Grafana
grandfathered
grandfathering
graphviz
Grenadan
groe
grostulation
groupgraph
grudev
Grunds
gsettings
gtags
gtest
gtk
gtkmm
gub
gui
guisupport
guizi
guyutongxue
gyppo
hadolint
Halifaxer
hamas
Hampshireite
handicapable
handlet
handover
Harddisk
Hartlepoolian
Hartlepudlian
hashruler
hbenl
HCenter
HEADERFILE
hebephila
hebephile
hebephilia
hebephilic
heinrichreimer
hendrikmuhs
Hersteller
herunterladen
heshe
hhc
hhk
hhp
hicolor
hidecallergraph
hidecallgraph
hidecollaborationgraph
hidedirectorygraph
hidegroupgraph
hideincludedbygraph
hideincludegraph
hideinheritancegraph
hideinitializer
hier
Hilfe
hilfreiche
Hinweise
hinzf
hinzu
hinzuf
hiv
HKLM
HKMU
hlen
hlp
homeworkers
horney
horstretch
Hostx
hrbaren
hren
hrer
hsizetype
HSTS
htags
htmlhelp
htmlhint
htmlraw
hwrap
hykin
hymie
hyperlink
IBTo
icccm
icns
ICONDIR
iconengines
iconset
iconutil
Idcombo
IDEDM
Idform
idl
idna
idx
ieeetr
IExl
ifdef
ifndef
ifw
ignorecase
ignoreversion
IHELP
ihre
Ihrem
Ihren
Ihrer
IHRv
ikes
ilammy
imageformats
img
imgui
implementiert
Importieren
importlib
improprietous
inclimate
includedbygraph
includedir
includegraph
includehidden
incluye
Indexx
inexpense
Inferrable
inheritancegraph
inhouse
Initiaisiere
Initialisiere
initialisieren
Initialisierung
Initiallize
inkscape
innen
innnen
inno
innosetup
inout
inplace
inputarea
inputfields
insistment
Installationsanleitung
Installationspakete
Installationsprogramm
INSTALLDIR
installieren
installiert
installierten
Instantiator
INSTDIR
instructios
insuror
intelli
internalpointers
intersphinx
INTGER
intlimits
ints
Inuits
Inventar
Inventarnummer
inventoryinputarea
INVOKABLE
IOPTIONS
iostream
iot
Iowegian
ipp
IQUIT
ISCC
isdir
isfile
islamist
islu
ismap
israels
iss
issuecomment
italiano
itay
IVERSION
iwyu
ixx
jalape
japs
javadoc
Jax
jdkato
jeder
Jef
jesuschrist
jmbd
jmbde
jmbdemodels
jmbdepch
jmbdeqt
jmbdequick
jmbdetest
jmbdewidget
jmdbde
jmdbe
jmde
jmuelbert
jmuelbet
jquery
jsdelivr
JSONLINT
jstemmer
judgmentally
juergen
jurplel
Kandeler
kangeroos
kann
Karten
kate
kateconfig
kbd
kdab
kde
KDEC
keine
kevinkyang
keyserver
keysyms
kitware
Klar
KLocalized
kock
Kommandozeile
Kommentare
Kommunikation
kompilieren
kompiliert
Kompilierungs
komplette
Konger
Kongian
Kongite
konnte
konnten
kotex
krause
krazy
krb
Kritischer
kubernetes
kwarg
KWrite
labelfontname
labelfontsize
lala
lapdance
lastname
latina
Latinx
layoutdefault
Layouter
lbert
LDFLAGS
learngitbranching
Leedsian
leeren
Leitf
Leodenisian
Lesen
Letze
Letzte
lexicographicall
Lezte
lfs
LGBT
LGBTQ
Liau
libc
libclang
libcrypto
libdbus
libdir
libdrm
libegl
libexec
libgl
libglib
libglu
libgssapi
libharfbuzz
libiconv
libicu
LIBINFIX
libintl
libjmbde
libnewlib
libpcre
libqt
libsdl
libstdc
libstdcpp
libtard
libxcb
libxcursor
libxkbcommon
linewidth
linkid
linuxdeployqt
liri
Liste
listfile
Liverpoolian
lix
Lizenz
Lizenzen
LJO
lld
lnk
localtime
localvars
LOGFILE
logicalcpu
logrus
Lokal
lolita
lon
longpaths
Lowenbrau
lproj
lsd
lstrip
lvdalens
lzma
lzo
macdeployqt
MACROFILE
madduci
Mailaddress
maincontroller
MAINPAGE
mainwindow
makedirs
Makefiles
makeindex
makeinfo
MAKEVAR
malware
Manchesterian
manfacturer
manhour
mansized
manufacturerinputarea
Manufacurer
markdownguide
markdownlint
masterplan
matepek
materialdesignicons
mathjax
Mattermost
matthiashermsen
maxdepth
mchen
MDFILE
mdlrc
mega
megalinter
mehreren
meisten
meldet
MEMB
menuselection
metafile
metainfo
METAINFODIR
metavar
microsoft
migr
mikepenz
mildy
milli
minimalize
minimalized
minimalizing
miniperl
minmax
Minneapolisian
MINSIZEREL
Missouran
Mitarbeiter
Mitarbeiternamen
mkpath
MML
mmt
mobileinputarea
Mobilelabel
Mobilenputarea
Mobiletelefon
Mobilnummer
moblienumber
moderncmakedomain
modindex
Modul
molestor
monetarize
monosans
mozilla
mployee
msc
mscfile
mscgen
msdo
msiexec
msix
mssql
msvc
msvcp
mudlet
muelbert
multiline
mutantdino
mvn
mycompany
myfile
myproj
myproject
mypy
mysql
Nachname
nage
nahmen
nalong
NAMELINK
nanapro
nand
Nassri
nativen
natvis
nauwelaerts
nbproject
nbut
ndere
nderung
nderungen
nderuung
ndex
ndig
ndigen
NDrop
Neargye
neologizer
Neopolitan
neovim
Nescaf
Nescafe
Netzwerk
neue
neuen
Neuer
neuere
neueste
Newcastleite
Newcastlite
newcommand
nez
nflatpak
nge
nger
ngigkeiten
ngstr
nicolas
niger
nipplering
njmbdequick
njmuelbert
nls
nmv
nnen
noch
noenv
nojekyll
NOLOGO
NONINFRINGEMENT
nooner
NOPASSWD
norestart
normaloff
normalon
noscroll
nosubgrouping
NOSYSTEM
Notizen
notwendig
notwendigen
nouement
Novocastrian
npmpackagejsonlintrc
nproc
nset
nsis
NSOn
NSPACES
nsswitch
NSv
NSWT
nthe
nullptr
Nummer
nupkg
nur
Nutmegger
Nutzung
nvd
NVDA
nvidia
OAuth
ober
objdump
ocornut
odbc
oder
Odio
odl
officiis
oftware
Oklahomian
ombuds
OMG
opengl
opensource
openssh
optimalize
Orci
oreo
orita
Orleanian
Orleansian
Ortsnamen
Orvault
osama
OSId
osinputarea
ossf
OSX
OSXX
outfile
outputdir
outputfile
oxsecurity
Oxymorons
packagecloud
packging
pacman
paederasts
pak
pandoc
paperh
papersize
paperw
Papiergr
PARAMDOC
paret
parg
passlist
passlisting
Passwort
Patchveriosn
paydirt
PBitte
Pboard
pch
PDB
pdflatex
pearlnecklace
pedophiles
pendy
Peralillo
PERLMOD
Pfad
PFiles
pgsql
phoenisx
phoneinputarea
Phonelabel
Phonenumber
phonesex
pinays
pincode
pinoys
pipefail
pipx
placeinputarea
plainnat
plantuml
platforminputcontexts
platisd
plattform
Plattformen
Platz
PLZ
pmd
PNGs
pocahontas
podman
pointsize
policyowner
pooper
popd
popen
pornflick
postfacto
Postgre
POSTGRESQL
preclusory
precolumbian
PREDEF
preferencesdialog
preformat
prerequistes
primetime
printerinputarea
Printerr
printsupport
Priorit
privatedirectory
probieren
probonopd
processorinputarea
procreational
PRODUCTVERSION
Profil
programa
PROGRAMFILES
PROGRAMLISTING
programm
Programmdateien
programu
propget
propput
proptags
proselint
prot
protobuf
Providencer
Providencian
Providentian
Prozessor
PTRACE
pube
pushd
pwsh
pyc
pygmaen
pygments
pylance
pylint
pylintrc
pyproject
pyright
pytest
pytz
pyyaml
QAbstract
qapplication
QBENCHMARK
qbs
QByte
QCbor
qch
QChar
QCheck
QClose
QCombo
QCommand
QCOMPARE
QCore
QData
QDate
QDebug
QDialog
QDir
qdocconf
QDouble
qenums
QFETCH
QFile
QForm
Qgd
qgenericbearer
qgetenv
qgif
QGraphics
QGrid
QGroup
QGui
qguiapplication
QHash
qhcp
qhelpgenerator
QHG
qhp
qicns
qico
QIcon
QIO
QItem
qjpeg
QJson
QLabel
QLatin
QLibrary
QLine
QList
QLocale
QLogging
qlonglong
QMain
qmake
QMenu
QMessage
QMeta
qml
qmldir
qmllint
qmlprofile
qmlprofiler
qmlproject
qmodel
qnatural
QObject
QODBC
qpa
QPage
QPoint
QPointer
QPrint
QPrinter
QPSQL
QPush
QQml
qrc
QRegular
QResize
qresource
QScroll
QSettings
qsf
QSize
qsizetype
QSlider
QSpin
QSplitter
QSql
qsqlite
qsqlmysql
qsqlodbc
qsqlpsql
QStandard
QStatus
QString
qsvg
qsvgicon
QTable
qtcharts
qtcreator
qtdeclarative
qtds
qtest
QText
qtga
QTHELP
qthelpproject
qtiff
Qtjmbde
QTool
qtqml
qtquick
qtquickcontrols
QTranslator
QTree
qtscript
qtshadertools
qtsingleapplication
qttools
qtversion
qtvsctools
qtwebengine
Queensr
Queensryche
Quellcode
Quellen
quickinspector
quicklaunchicon
quickstart
quicktest
Quickversion
QUrl
QUuid
QVariant
QVERIFY
qvlog
qwbmp
qwebp
QWidget
qwindows
qwindowsvistastyle
raccogliere
Raccolta
Rahim
randr
rankdir
rapidjson
rarr
Raum
rdpart
rdparty
reapeating
recived
recusement
redhat
redist
redistributable
redlight
Redmine
refact
refreshenv
Rekor
Relationmodel
RELEASELIBS
releation
Releted
relpath
RELWITHDEBINFO
renewcommand
resdirs
resourcemonitor
Ressourcen
retifrav
retributional
retributionary
revokeable
rgb
rgba
riverbankcomputing
rmrf
robmensching
rofiles
Romani
rou
rpi
rpmbuild
rpmlint
rsource
rster
rstext
rtd
ruary
rubocop
runit
runtimes
Rxxx
rztraminer
safelist
safelisting
Salesforce
SAML
Sammeln
sanitizers
SAST
sbom
sbord
sche
schen
Schl
schlie
Schreiben
scht
Schwerer
scm
scottishgaelic
scpt
screenshot
scrollbars
SCXML
searchdata
SEARCHENGINE
Seattleite
Seattlite
seccomp
secretlint
secretlintrc
sectionauthor
selectedoff
selectedon
Selectio
serbiancyrillic
serbianlatin
Serialnumber
Seriennummer
servercore
servor
setuptools
setzen
sexample
sexchange
sexhouse
sextoy
sfml
sharedlinkflags
shehe
shellcheck
shemale
shinola
SHLIBDEPS
shlomo
showinitializer
showtime
shs
sideeffect
sidepane
signalsandslots
Signup
sigstore
singleapplication
singlehtml
sirupsen
sitemap
sizepolicy
Skoda
slanderize
sloc
Smath
SMPROGRAMS
snapcore
snapcraft
snapimage
snf
soci
socio
softwareinputarea
solicitate
sollte
solrsearch
sonarqube
sondern
Soubory
SOURCEDIR
sourceforge
sourcelabel
SOVERSION
spdlog
spdx
spercent
SPHINXBUILD
sphinxcontrib
SPHINXOPTS
sphinxsidebarwrapper
splitext
spyware
sqlcheck
sqldrivers
sqlite
sqlx
srcdirs
ssel
sselchip
ssen
Ssymbols
stackblitz
stackoverflow
stagg
standalone
startdate
starten
startmenu
startswith
startuml
statutorial
STDINT
stdset
stefanzweifel
steht
STGZ
stiffy
strangequark
strapon
STREQUAL
structs
styleguide
stylelint
stylelintrc
stylesheet
subbuild
subdir
subgrouping
SUBLANG
submergeable
Submodul
Subview
Suchow
suopprts
Surinamer
Surinamese
suspendable
svenstaro
svgz
svn
swiftlint
swyddfa
SYFT
SYSREQUIRES
systemdata
systemdatainputarea
Systemdatem
Systemdaten
tabchars
Tabelle
Tabellen
Tabellename
Tablename
tagfile
tagname
Taktrate
Tallahassean
Tallahasseean
tamasfe
TARGETDIR
taskbar
taskfile
taskkill
tbl
TBZ
technet
Tehe
Telefon
Telefone
Telefonnr
Telefonnummer
tember
tename
tenamen
TESTLIST
testname
tetyp
texi
texinfo
textureextension
tgz
thea
thead
thlorenz
tigen
tigt
tigten
timezone
Tisch
Titel
titleinputarea
tituswormer
TLDR
tley
Toc
toctree
TODOLIST
tokei
TOLOWER
tomwhross
toolbar
toolset
TOPLEVEL
tourettes
tradesmans
Traduzioni
tranny
transexual
transgender
transgenderism
tre
treeview
Trentian
Trifluvian
trisexual
Tristique
trivy
Tsch
tsconfigs
tseslint
twxs
TXZ
typedef
typedef'ed
tzip
tzlich
TZST
tzt
tzte
uary
ucf
UDBZ
uft
UML
Umlna
unbekannte
Unbekannter
Uncomparables
uncrustify
und
undoc
une
unequivocable
UNIICON
uninstallexe
Uninstallprogram
Unistallprogram
unixlike
unmercilessly
Unported
unrelentlessly
unscript
unstall
unstalling
unter
Unternehmen
unterst
unversioned
Upate
UPDATA
Updateline
urllib
usd
usepackage
userappdata
Utahn
vadimcn
Valladolidian
Vallisoletano
valuelist
valuemap
varchar
Variante
vartags
VCenter
vcpkg
vcredist
vcruntime
vcvarsall
vcvarsallpath
venv
Verbindung
Verbrauchsmaterial
vercel
verf
verlieren
Verschiedenes
versionadded
versionchanged
VERSIONCODE
versioninfo
VERSIONSUFFIX
verstretch
verwendet
verzamelen
Verzeichnis
VFT
vhd
vhdl
viele
viewcode
virtualenv
virtuals
visualstudioexptteam
voil
volker
vollst
vom
Vorgang
vorhanden
Vorname
Vorschau
VOS
vre
vsc
vscodeintellicodes
vsizetype
vswhere
vuillamy
wagoid
Warsawer
Warsawian
webfont
Webrequest
Webseite
Website
weiter
wel
wenbr
werden
Werkzeuge
wheight
Widgetversion
wie
wifebeater
wifi
wikipedia
wil
wildcards
windeployqt
windowsprintersupport
WINDOWSSTATE
windowsvistastyle
winqt
winres
winresrc
winver
Winzig
wip
withastro
wix
wixtoolset
wixui
wmj
Wno
Wolverhamptonian
Wolverhamptonite
wom
womens
wordlist
Workaround
WORKDIR
workerscript
workflows
workspaces
Worther
Worthian
wpa
wronglist
wronglisting
Wulfrunian
wurde
wwwroot
xapian
xcode
xctoolchain
XCURSOR
xdg
XError
xfixes
xinerama
xkb
XShm
XSS
xtc
xterm
XWayland
xzf
yocto
yokawasa
yuv
yzhang
zainchen
Zeile
zentral
zestily
Ziehen
zipcitiyinputarea
zipcity
zipcityinputarea
zipcode
zipcodeinputarea
zipfile
zipp
zoneinfo
zricethezav
zufuliu
Zugang
zum
zur
zwingend
Some files were automatically ignored 🙈

These sample patterns would exclude them:

(?:^|/)config\.cmake\.in$
/icons/[^/]+$
^\.github/styles/config/vocabularies/cspell/
^\Q.cspellcache\E$
^\Q.github/CODE_OF_CONDUCT_de-DE.md\E$
^\Q.github/CONTRIBUTING_de-DE.md\E$
^\Q.github/styles/vale/alex/ProfanityLikely.yml\E$
^\Q.github/workflows/conan-requirements.txt\E$
^\Q.mailmap\E$
^\Qapps/libs/models/autotests/data/test.diff\E$
^\Qapps/libs/widgets/CMakeLists_files.cmake\E$
^\Qdocs/api/index.rst\E$
^\Qpackaging/ifw/README.md\E$
^\Qpackaging/win/chocolatey/jmbde.nuspec\E$
^\Qpackaging/win/CMakeLists.txt\E$
^\Qpackaging/win/installer_Qt5_x64.wxs\E$
^\Qpnpm-lock.yaml\E$
^\Qresources/text/database.qmodel\E$
^apps/libs/quick/src/qml/models/qmldir$
^apps/libs/quick/src/qml/ui/qmldir$
^config/
^packaging/linux/VERSIONSUFFIX$

You should consider excluding directory paths (e.g. (?:^|/)vendor/), filenames (e.g. (?:^|/)yarn\.lock$), or file extensions (e.g. \.gz$)

You should consider adding them to:

.github/actions/spelling/excludes.txt

File matching is via Perl regular expressions.

To check these files, more of their words need to be in the dictionary than not. You can use patterns.txt to exclude portions, add items to the dictionary (e.g. by adding them to allow.txt), or fix typos.

To accept these unrecognized words as correct and update file exclusions, you could run the following commands

... in a clone of the [email protected]:jmuelbert/jmbde-QT.git repository
on the workflow-issues branch (ℹ️ how do I use this?):

curl -s -S -L 'https://raw.githubusercontent.com/check-spelling/check-spelling/00c989c97749eb0cb2d256bdc55ac61b0096c6d3/apply.pl' |
perl - 'https://github.com/jmuelbert/jmbde-QT/actions/runs/11651012004/attempts/1'

OR

To have the bot accept them for you, reply quoting the following line:
@check-spelling-bot apply updates.

Available 📚 dictionaries could cover words not in the 📘 dictionary
Dictionary Entries Covers Uniquely
cspell:python/src/python/python-lib.txt 2417 51 15
cspell:python/src/python/python.txt 392 31 10
cspell:python/src/common/extra.txt 741 18 10
cspell:cpp/src/ecosystem.txt 51 14 10
cspell:php/dict/php.txt 1689 25 7

Consider adding them (in .github/workflows/spelling.yml) for uses: check-spelling/check-spelling@00c989c97749eb0cb2d256bdc55ac61b0096c6d3 in its with:

      with:
        extra_dictionaries:
          cspell:python/src/python/python-lib.txt
          cspell:python/src/python/python.txt
          cspell:python/src/common/extra.txt
          cspell:cpp/src/ecosystem.txt
          cspell:php/dict/php.txt

To stop checking additional dictionaries, add (in .github/workflows/spelling.yml) for uses: check-spelling/check-spelling@00c989c97749eb0cb2d256bdc55ac61b0096c6d3 in its with:

check_extra_dictionaries: ''
Pattern suggestions ✂️ (37)

You could add these patterns to .github/actions/spelling/patterns.txt:

# Automatically suggested patterns
# hit-count: 996 file-count: 258
# Non-English
[a-zA-Z]*[ÀÁÂÃÄÅÆČÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖØÙÚÛÜÝßàáâãäåæčçèéêëìíîïðñòóôõöøùúûüýÿĀāŁłŃńŅņŒœŚśŠšŜŝŸŽžź][a-zA-Z]{3}[a-zA-ZÀÁÂÃÄÅÆČÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖØÙÚÛÜÝßàáâãäåæčçèéêëìíîïðñòóôõöøùúûüýÿĀāŁłŃńŅņŒœŚśŠšŜŝŸŽžź]*|[a-zA-Z]{3,}[ÀÁÂÃÄÅÆČÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖØÙÚÛÜÝßàáâãäåæčçèéêëìíîïðñòóôõöøùúûüýÿĀāŁłŃńŅņŒœŚśŠšŜŝŸŽžź]|[ÀÁÂÃÄÅÆČÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖØÙÚÛÜÝßàáâãäåæčçèéêëìíîïðñòóôõöøùúûüýÿĀāŁłŃńŅņŒœŚśŠšŜŝŸŽžź][a-zA-Z]{3,}

# hit-count: 577 file-count: 152
# https/http/file urls
(?:\b(?:https?|ftp|file)://)[-A-Za-z0-9+&@#/%?=~_|!:,.;]+[-A-Za-z0-9+&@#/%=~_|]

# hit-count: 530 file-count: 42
# in [email protected]+, printf markers aren't automatically consumed
# printf markers
(?<!\\)\\[nrt](?=[a-z]{2,})

# hit-count: 365 file-count: 8
# alternate markers if you run into latex and friends
(?<!\\)\\[nrt](?=[a-z]{2,})(?=.*['"`])

# hit-count: 352 file-count: 8
# uuid:
\b[0-9a-fA-F]{8}-(?:[0-9a-fA-F]{4}-){3}[0-9a-fA-F]{12}\b

# hit-count: 223 file-count: 39
# GitHub SHAs (markdown)
(?:\[`?[0-9a-f]+`?\]\(https:/|)/(?:www\.|)github\.com(?:/[^/\s"]+){2,}(?:/[^/\s")]+)(?:[0-9a-f]+(?:[-0-9a-zA-Z/#.]*|)\b|)

# hit-count: 101 file-count: 25
# Compiler flags (Unix, Java/Scala)
# Use if you have things like `-Pdocker` and want to treat them as `docker`
(?:^|[\t ,>"'`=(])-(?:(?:J-|)[DPWXY]|[Llf])(?=[A-Z]{2,}|[A-Z][a-z]|[a-z]{2,})

# hit-count: 96 file-count: 22
# Compiler flags (Windows / PowerShell)
# This is a subset of the more general compiler flags pattern.
# It avoids matching `-Path` to prevent it from being treated as `ath`
(?:^|[\t ,"'`=(])-(?:[DPL](?=[A-Z]{2,})|[WXYlf](?=[A-Z]{2,}|[A-Z][a-z]|[a-z]{2,}))

# hit-count: 80 file-count: 25
# hex runs
\b[0-9a-fA-F]{16,}\b

# hit-count: 61 file-count: 10
# regex choice
\(\?:[^)]+\|[^)]+\)

# hit-count: 34 file-count: 34
# microsoft
\b(?:https?://|)(?:(?:download\.visualstudio|docs|msdn2?|research)\.microsoft|blogs\.msdn)\.com/[-_a-zA-Z0-9()=./%]*

# hit-count: 19 file-count: 3
# shields.io
\bshields\.io/[-\w/%?=&.:+;,]*

# hit-count: 16 file-count: 2
# .desktop localized entries
^[A-Z][a-z]+\[[a-z]+\]=.*$

# hit-count: 16 file-count: 2
# Localized .desktop content
Name\[[^\]]+\]=.*

# hit-count: 14 file-count: 2
# base64 encoded content, possibly wrapped in mime
(?:^|[\s=;:?])[-a-zA-Z=;:/0-9+]{50,}(?:[\s=;:?]|$)

# hit-count: 12 file-count: 6
# githubusercontent
/[-a-z0-9]+\.githubusercontent\.com/[-a-zA-Z0-9?&=_\/.]*

# hit-count: 10 file-count: 8
# Wikipedia
\ben\.wikipedia\.org/wiki/[-\w%.#]+

# hit-count: 10 file-count: 6
# version suffix <word>v#
(?:(?<=[A-Z]{2})V|(?<=[a-z]{2}|[A-Z]{2})v)\d+(?:\b|(?=[a-zA-Z_]))

# hit-count: 10 file-count: 4
# URL escaped characters
\%[0-9A-F][A-F]

# hit-count: 6 file-count: 1
# https://www.gnu.org/software/groff/manual/groff.html
# man troff content
\\f[BCIPR]

# hit-count: 4 file-count: 4
# hex digits including css/html color classes:
(?:[\\0][xX]|\\u|[uU]\+|#x?|\%23)[0-9_a-fA-FgGrR]*?[a-fA-FgGrR]{2,}[0-9_a-fA-FgGrR]*(?:[uUlL]{0,3}|[iu]\d+)\b

# hit-count: 3 file-count: 3
# This does not cover multiline strings, if your repository has them,
# you'll want to remove the `(?=.*?")` suffix.
# The `(?=.*?")` suffix should limit the false positives rate
# printf
%(?:(?:(?:hh?|ll?|[jzt])?[diuoxn]|l?[cs]|L?[fega]|p)(?=[a-z]{2,})|(?:X|L?[FEGA]|p)(?=[a-zA-Z]{2,}))(?=[_a-zA-Z]+\b)(?!%)(?=.*?['"])

# hit-count: 3 file-count: 1
# latex (check-spelling <= 0.0.21)
\\(?:n(?:ew|ormal|osub)|r(?:enew)|t(?:able(?:of|)|he|itle))(?=[a-z]+)

# hit-count: 2 file-count: 2
# node packages
(["'])\@[^/'" ]+/[^/'" ]+\g{-1}

# hit-count: 2 file-count: 2
# curl arguments
\b(?:\\n|)curl(?:\s+-[a-zA-Z]{1,2}\b)*(?:\s+-[a-zA-Z]{3,})(?:\s+-[a-zA-Z]+)*

# hit-count: 2 file-count: 2
# tar arguments
\b(?:\\n|)g?tar(?:\.exe|)(?:(?:\s+--[-a-zA-Z]+|\s+-[a-zA-Z]+|\s[ABGJMOPRSUWZacdfh-pr-xz]+\b)(?:=[^ ]*|))+

# hit-count: 2 file-count: 1
# apple
\bdeveloper\.apple\.com/[-\w?=/]+

# hit-count: 1 file-count: 1
# Google Storage
\b[-a-zA-Z0-9.]*\bstorage\d*\.googleapis\.com(?:/\S*|)

# hit-count: 1 file-count: 1
# git.io
\bgit\.io/[0-9a-zA-Z]+

# hit-count: 1 file-count: 1
# Internet Archive
\barchive\.org/web/\d+/(?:[-\w.?,'/\\+&%$#_:]*)

# hit-count: 1 file-count: 1
# vs devops
\bvisualstudio.com(?::443|)/[-\w/?=%&.]*

# hit-count: 1 file-count: 1
# Twitter markdown
\[\@[^[/\]:]*?\]\(https://twitter.com/[^/\s"')]*(?:/status/\d+(?:\?[-_0-9a-zA-Z&=]*|)|)\)

# hit-count: 1 file-count: 1
# Twitter status
\btwitter\.com/[^/\s"')]*(?:/status/\d+(?:\?[-_0-9a-zA-Z&=]*|)|)

# hit-count: 1 file-count: 1
# badgen.net
\bbadgen\.net/badge/[^")\]'\s]+

# hit-count: 1 file-count: 1
# sha-... -- uses a fancy capture
(\\?['"]|&quot;)[0-9a-f]{40,}\g{-1}

# hit-count: 1 file-count: 1
# Update Lorem based on your content (requires `ge` and `w` from https://github.com/jsoref/spelling; and `review` from https://github.com/check-spelling/check-spelling/wiki/Looking-for-items-locally )
# grep '^[^#].*lorem' .github/actions/spelling/patterns.txt|perl -pne 's/.*i..\?://;s/\).*//' |tr '|' "\n"|sort -f |xargs -n1 ge|perl -pne 's/^[^:]*://'|sort -u|w|sed -e 's/ .*//'|w|review -
# Warning, while `(?i)` is very neat and fancy, if you have some binary files that aren't proper unicode, you might run into:
## Operation "substitution (s///)" returns its argument for non-Unicode code point 0x1C19AE (the code point will vary).
## You could manually change `(?i)X...` to use `[Xx]...`
## or you could add the files to your `excludes` file (a version after 0.0.19 should identify the file path)
# Lorem
(?:\w|\s|[,.])*\b(?i)(?:amet|consectetur|cursus|dolor|eros|ipsum|lacus|libero|ligula|lorem|magna|neque|nulla|suscipit|tempus)\b(?:\w|\s|[,.])*

# hit-count: 1 file-count: 1
# latex (check-spelling >= 0.0.22)
\\\w{2,}\{

Errors (7)

See the 📂 files view, the 📜action log, or 📝 job summary for details.

❌ Errors Count
ℹ️ binary-file 14
ℹ️ candidate-pattern 79
❌ check-file-path 847
❌ dictionary-not-found 6
❌ forbidden-pattern 23
ℹ️ large-file 5
ℹ️ noisy-file 24

See ❌ Event descriptions for more information.

If the flagged items are 🤯 false positives

If items relate to a ...

  • binary file (or some other file you wouldn't want to check at all).

    Please add a file path to the excludes.txt file matching the containing file.

    File paths are Perl 5 Regular Expressions - you can
    test yours before committing to verify it will match
    your files.

    ^ refers to the file's path from the root of the repository, so ^README\.md$ would exclude
    README.md (on whichever branch you're using).

  • well-formed pattern.

    If you can write a
    pattern
    that would match it, try adding it to the patterns.txt file.

    Patterns are Perl 5 Regular Expressions - you can
    test yours before committing to verify it will match
    your lines.

    Note that patterns can't match multiline strings.

🚂 If you're seeing this message and your PR is from a branch that doesn't have
check-spelling, please merge to your PR's base branch to get the version configured for your
repository.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

1 participant