{"id":13895019,"url":"https://github.com/arduino/serial-discovery","last_synced_at":"2025-09-13T16:10:01.027Z","repository":{"id":38192491,"uuid":"159694162","full_name":"arduino/serial-discovery","owner":"arduino","description":"An Arduino IDE pluggable-discovery for Serial ports","archived":false,"fork":false,"pushed_at":"2025-09-05T06:03:22.000Z","size":360,"stargazers_count":23,"open_issues_count":2,"forks_count":4,"subscribers_count":16,"default_branch":"main","last_synced_at":"2025-09-05T08:10:21.192Z","etag":null,"topics":["arduino","go","golang","tooling-team"],"latest_commit_sha":null,"homepage":"","language":"Go","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"gpl-3.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/arduino.png","metadata":{"funding":{"github":["arduino"],"custom":"https://www.arduino.cc/en/Main/Donate"},"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE.txt","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null}},"created_at":"2018-11-29T16:16:08.000Z","updated_at":"2025-09-05T06:03:24.000Z","dependencies_parsed_at":"2023-02-02T09:00:32.018Z","dependency_job_id":"37a65b84-7dd8-472a-bd49-5208833a8d55","html_url":"https://github.com/arduino/serial-discovery","commit_stats":{"total_commits":140,"total_committers":9,"mean_commits":"15.555555555555555","dds":0.5142857142857142,"last_synced_commit":"39ec59c2ca2ef5e882083575baaed10d4e147314"},"previous_names":[],"tags_count":13,"template":false,"template_full_name":null,"purl":"pkg:github/arduino/serial-discovery","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/arduino%2Fserial-discovery","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/arduino%2Fserial-discovery/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/arduino%2Fserial-discovery/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/arduino%2Fserial-discovery/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/arduino","download_url":"https://codeload.github.com/arduino/serial-discovery/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/arduino%2Fserial-discovery/sbom","scorecard":{"id":205961,"data":{"date":"2025-08-11","repo":{"name":"github.com/arduino/serial-discovery","commit":"88ee730182dc8cba961e818293cacdf794e37db6"},"scorecard":{"version":"v5.2.1-40-gf6ed084d","commit":"f6ed084d17c9236477efd66e5b258b9d4cc7b389"},"score":5.2,"checks":[{"name":"Binary-Artifacts","score":10,"reason":"no binaries found in the repo","details":null,"documentation":{"short":"Determines if the project has generated executable (binary) artifacts in the source repository.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#binary-artifacts"}},{"name":"Packaging","score":-1,"reason":"packaging workflow not detected","details":["Warn: no GitHub/GitLab publishing workflow detected."],"documentation":{"short":"Determines if the project is published as a package that others can easily download, install, easily update, and uninstall.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#packaging"}},{"name":"Code-Review","score":8,"reason":"Found 4/5 approved changesets -- score normalized to 8","details":null,"documentation":{"short":"Determines if the project requires human code review before pull requests (aka merge requests) are merged.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#code-review"}},{"name":"Maintained","score":3,"reason":"4 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 3","details":null,"documentation":{"short":"Determines if the project is \"actively maintained\".","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#maintained"}},{"name":"Dangerous-Workflow","score":10,"reason":"no dangerous workflow patterns detected","details":null,"documentation":{"short":"Determines if the project's GitHub Action workflows avoid dangerous patterns.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#dangerous-workflow"}},{"name":"CII-Best-Practices","score":0,"reason":"no effort to earn an OpenSSF best practices badge detected","details":null,"documentation":{"short":"Determines if the project has an OpenSSF (formerly CII) Best Practices Badge.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#cii-best-practices"}},{"name":"Token-Permissions","score":4,"reason":"detected GitHub workflow tokens with excessive permissions","details":["Info: found token with 'none' permissions: .github/workflows/check-go-dependencies-task.yml:1","Info: jobLevel 'contents' permission set to 'read': .github/workflows/check-go-dependencies-task.yml:67","Info: jobLevel 'contents' permission set to 'read': .github/workflows/check-go-dependencies-task.yml:126","Info: found token with 'none' permissions: .github/workflows/check-go-task.yml:1","Info: jobLevel 'contents' permission set to 'read': .github/workflows/check-go-task.yml:61","Info: jobLevel 'contents' permission set to 'read': .github/workflows/check-go-task.yml:99","Info: jobLevel 'contents' permission set to 'read': .github/workflows/check-go-task.yml:139","Info: jobLevel 'contents' permission set to 'read': .github/workflows/check-go-task.yml:177","Info: found token with 'none' permissions: .github/workflows/check-license.yml:1","Info: jobLevel 'contents' permission set to 'read': .github/workflows/check-license.yml:58","Info: found token with 'none' permissions: .github/workflows/check-markdown-task.yml:1","Info: jobLevel 'contents' permission set to 'read': .github/workflows/check-markdown-task.yml:71","Info: jobLevel 'contents' permission set to 'read': .github/workflows/check-markdown-task.yml:99","Info: found token with 'none' permissions: .github/workflows/check-prettier-formatting-task.yml:1","Info: jobLevel 'contents' permission set to 'read': .github/workflows/check-prettier-formatting-task.yml:236","Info: found token with 'none' permissions: .github/workflows/check-taskfiles.yml:1","Info: jobLevel 'contents' permission set to 'read': .github/workflows/check-taskfiles.yml:62","Info: jobLevel 'contents' permission set to 'read': .github/workflows/check-workflows-task.yml:32","Info: found token with 'none' permissions: .github/workflows/check-yaml-task.yml:1","Info: jobLevel 'contents' permission set to 'read': .github/workflows/check-yaml-task.yml:77","Info: found token with 'none' permissions: .github/workflows/publish-go-tester-task.yml:1","Info: found token with 'none' permissions: .github/workflows/publish-go-tester-task.yml:1","Info: jobLevel 'contents' permission set to 'read': .github/workflows/publish-go-tester-task.yml:83","Info: jobLevel 'contents' permission set to 'read': .github/workflows/publish-go-tester-task.yml:145","Info: jobLevel 'contents' permission set to 'read': .github/workflows/release-go-task.yml:23","Warn: jobLevel 'contents' permission set to 'write': .github/workflows/release-go-task.yml:84","Info: found token with 'none' permissions: .github/workflows/spell-check-task.yml:1","Info: jobLevel 'contents' permission set to 'read': .github/workflows/spell-check-task.yml:49","Info: jobLevel 'contents' permission set to 'read': .github/workflows/sync-labels.yml:28","Info: found token with 'none' permissions: .github/workflows/sync-labels.yml:1","Info: jobLevel 'contents' permission set to 'read': .github/workflows/sync-labels.yml:88","Warn: no topLevel permission defined: .github/workflows/check-go-dependencies-task.yml:1","Warn: no topLevel permission defined: .github/workflows/check-go-task.yml:1","Warn: no topLevel permission defined: .github/workflows/check-license.yml:1","Warn: no topLevel permission defined: .github/workflows/check-markdown-task.yml:1","Warn: no topLevel permission defined: .github/workflows/check-prettier-formatting-task.yml:1","Warn: no topLevel permission defined: .github/workflows/check-taskfiles.yml:1","Warn: no topLevel permission defined: .github/workflows/check-workflows-task.yml:1","Warn: no topLevel permission defined: .github/workflows/check-yaml-task.yml:1","Warn: no topLevel permission defined: .github/workflows/publish-go-tester-task.yml:1","Warn: no topLevel permission defined: .github/workflows/release-go-task.yml:1","Warn: no topLevel permission defined: .github/workflows/spell-check-task.yml:1","Warn: no topLevel permission defined: .github/workflows/sync-labels.yml:1"],"documentation":{"short":"Determines if the project's workflows follow the principle of least privilege.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#token-permissions"}},{"name":"Pinned-Dependencies","score":0,"reason":"dependency not pinned by hash detected -- score normalized to 0","details":["Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/check-go-dependencies-task.yml:71: update your workflow using https://app.stepsecurity.io/secureworkflow/arduino/serial-discovery/check-go-dependencies-task.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/check-go-dependencies-task.yml:77: update your workflow using https://app.stepsecurity.io/secureworkflow/arduino/serial-discovery/check-go-dependencies-task.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/check-go-dependencies-task.yml:82: update your workflow using https://app.stepsecurity.io/secureworkflow/arduino/serial-discovery/check-go-dependencies-task.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/check-go-dependencies-task.yml:88: update your workflow using https://app.stepsecurity.io/secureworkflow/arduino/serial-discovery/check-go-dependencies-task.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/check-go-dependencies-task.yml:93: update your workflow using https://app.stepsecurity.io/secureworkflow/arduino/serial-discovery/check-go-dependencies-task.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/check-go-dependencies-task.yml:114: update your workflow using https://app.stepsecurity.io/secureworkflow/arduino/serial-discovery/check-go-dependencies-task.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/check-go-dependencies-task.yml:130: update your workflow using https://app.stepsecurity.io/secureworkflow/arduino/serial-discovery/check-go-dependencies-task.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/check-go-dependencies-task.yml:136: update your workflow using https://app.stepsecurity.io/secureworkflow/arduino/serial-discovery/check-go-dependencies-task.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/check-go-dependencies-task.yml:141: update your workflow using https://app.stepsecurity.io/secureworkflow/arduino/serial-discovery/check-go-dependencies-task.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/check-go-dependencies-task.yml:147: update your workflow using https://app.stepsecurity.io/secureworkflow/arduino/serial-discovery/check-go-dependencies-task.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/check-go-dependencies-task.yml:152: update your workflow using https://app.stepsecurity.io/secureworkflow/arduino/serial-discovery/check-go-dependencies-task.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/check-go-task.yml:72: update your workflow using https://app.stepsecurity.io/secureworkflow/arduino/serial-discovery/check-go-task.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/check-go-task.yml:75: update your workflow using https://app.stepsecurity.io/secureworkflow/arduino/serial-discovery/check-go-task.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/check-go-task.yml:80: update your workflow using https://app.stepsecurity.io/secureworkflow/arduino/serial-discovery/check-go-task.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/check-go-task.yml:110: update your workflow using https://app.stepsecurity.io/secureworkflow/arduino/serial-discovery/check-go-task.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/check-go-task.yml:113: update your workflow using https://app.stepsecurity.io/secureworkflow/arduino/serial-discovery/check-go-task.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/check-go-task.yml:118: update your workflow using https://app.stepsecurity.io/secureworkflow/arduino/serial-discovery/check-go-task.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/check-go-task.yml:124: update your workflow using https://app.stepsecurity.io/secureworkflow/arduino/serial-discovery/check-go-task.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/check-go-task.yml:150: update your workflow using https://app.stepsecurity.io/secureworkflow/arduino/serial-discovery/check-go-task.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/check-go-task.yml:153: update your workflow using https://app.stepsecurity.io/secureworkflow/arduino/serial-discovery/check-go-task.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/check-go-task.yml:158: update your workflow using https://app.stepsecurity.io/secureworkflow/arduino/serial-discovery/check-go-task.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/check-go-task.yml:189: update your workflow using https://app.stepsecurity.io/secureworkflow/arduino/serial-discovery/check-go-task.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/check-go-task.yml:192: update your workflow using https://app.stepsecurity.io/secureworkflow/arduino/serial-discovery/check-go-task.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/check-license.yml:75: update your workflow using https://app.stepsecurity.io/secureworkflow/arduino/serial-discovery/check-license.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/check-license.yml:78: update your workflow using https://app.stepsecurity.io/secureworkflow/arduino/serial-discovery/check-license.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/check-markdown-task.yml:75: update your workflow using https://app.stepsecurity.io/secureworkflow/arduino/serial-discovery/check-markdown-task.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/check-markdown-task.yml:78: update your workflow using https://app.stepsecurity.io/secureworkflow/arduino/serial-discovery/check-markdown-task.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/check-markdown-task.yml:83: update your workflow using https://app.stepsecurity.io/secureworkflow/arduino/serial-discovery/check-markdown-task.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/check-markdown-task.yml:86: update your workflow using https://app.stepsecurity.io/secureworkflow/arduino/serial-discovery/check-markdown-task.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/check-markdown-task.yml:103: update your workflow using https://app.stepsecurity.io/secureworkflow/arduino/serial-discovery/check-markdown-task.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/check-markdown-task.yml:106: update your workflow using https://app.stepsecurity.io/secureworkflow/arduino/serial-discovery/check-markdown-task.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/check-markdown-task.yml:111: update your workflow using https://app.stepsecurity.io/secureworkflow/arduino/serial-discovery/check-markdown-task.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/check-prettier-formatting-task.yml:240: update your workflow using https://app.stepsecurity.io/secureworkflow/arduino/serial-discovery/check-prettier-formatting-task.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/check-prettier-formatting-task.yml:243: update your workflow using https://app.stepsecurity.io/secureworkflow/arduino/serial-discovery/check-prettier-formatting-task.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/check-prettier-formatting-task.yml:248: update your workflow using https://app.stepsecurity.io/secureworkflow/arduino/serial-discovery/check-prettier-formatting-task.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/check-taskfiles.yml:74: update your workflow using https://app.stepsecurity.io/secureworkflow/arduino/serial-discovery/check-taskfiles.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/check-taskfiles.yml:77: update your workflow using https://app.stepsecurity.io/secureworkflow/arduino/serial-discovery/check-taskfiles.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/check-taskfiles.yml:83: update your workflow using https://app.stepsecurity.io/secureworkflow/arduino/serial-discovery/check-taskfiles.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/check-workflows-task.yml:36: update your workflow using https://app.stepsecurity.io/secureworkflow/arduino/serial-discovery/check-workflows-task.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/check-workflows-task.yml:39: update your workflow using https://app.stepsecurity.io/secureworkflow/arduino/serial-discovery/check-workflows-task.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/check-workflows-task.yml:44: update your workflow using https://app.stepsecurity.io/secureworkflow/arduino/serial-discovery/check-workflows-task.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/check-yaml-task.yml:96: update your workflow using https://app.stepsecurity.io/secureworkflow/arduino/serial-discovery/check-yaml-task.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/check-yaml-task.yml:99: update your workflow using https://app.stepsecurity.io/secureworkflow/arduino/serial-discovery/check-yaml-task.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/check-yaml-task.yml:107: update your workflow using https://app.stepsecurity.io/secureworkflow/arduino/serial-discovery/check-yaml-task.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/publish-go-tester-task.yml:149: update your workflow using https://app.stepsecurity.io/secureworkflow/arduino/serial-discovery/publish-go-tester-task.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/publish-go-tester-task.yml:164: update your workflow using https://app.stepsecurity.io/secureworkflow/arduino/serial-discovery/publish-go-tester-task.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/publish-go-tester-task.yml:118: update your workflow using https://app.stepsecurity.io/secureworkflow/arduino/serial-discovery/publish-go-tester-task.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/publish-go-tester-task.yml:121: update your workflow using https://app.stepsecurity.io/secureworkflow/arduino/serial-discovery/publish-go-tester-task.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/publish-go-tester-task.yml:134: update your workflow using https://app.stepsecurity.io/secureworkflow/arduino/serial-discovery/publish-go-tester-task.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release-go-task.yml:49: update your workflow using https://app.stepsecurity.io/secureworkflow/arduino/serial-discovery/release-go-task.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/release-go-task.yml:56: update your workflow using https://app.stepsecurity.io/secureworkflow/arduino/serial-discovery/release-go-task.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/release-go-task.yml:64: update your workflow using https://app.stepsecurity.io/secureworkflow/arduino/serial-discovery/release-go-task.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release-go-task.yml:73: update your workflow using https://app.stepsecurity.io/secureworkflow/arduino/serial-discovery/release-go-task.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release-go-task.yml:89: update your workflow using https://app.stepsecurity.io/secureworkflow/arduino/serial-discovery/release-go-task.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/release-go-task.yml:119: update your workflow using https://app.stepsecurity.io/secureworkflow/arduino/serial-discovery/release-go-task.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/release-go-task.yml:130: update your workflow using https://app.stepsecurity.io/secureworkflow/arduino/serial-discovery/release-go-task.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/spell-check-task.yml:53: update your workflow using https://app.stepsecurity.io/secureworkflow/arduino/serial-discovery/spell-check-task.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/spell-check-task.yml:56: update your workflow using https://app.stepsecurity.io/secureworkflow/arduino/serial-discovery/spell-check-task.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/spell-check-task.yml:64: update your workflow using https://app.stepsecurity.io/secureworkflow/arduino/serial-discovery/spell-check-task.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/sync-labels.yml:32: update your workflow using https://app.stepsecurity.io/secureworkflow/arduino/serial-discovery/sync-labels.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/sync-labels.yml:36: update your workflow using https://app.stepsecurity.io/secureworkflow/arduino/serial-discovery/sync-labels.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/sync-labels.yml:71: update your workflow using https://app.stepsecurity.io/secureworkflow/arduino/serial-discovery/sync-labels.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/sync-labels.yml:76: update your workflow using https://app.stepsecurity.io/secureworkflow/arduino/serial-discovery/sync-labels.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/sync-labels.yml:114: update your workflow using https://app.stepsecurity.io/secureworkflow/arduino/serial-discovery/sync-labels.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/sync-labels.yml:117: update your workflow using https://app.stepsecurity.io/secureworkflow/arduino/serial-discovery/sync-labels.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/sync-labels.yml:124: update your workflow using https://app.stepsecurity.io/secureworkflow/arduino/serial-discovery/sync-labels.yml/main?enable=pin","Warn: npmCommand not pinned by hash: .github/workflows/check-taskfiles.yml:91","Warn: pipCommand not pinned by hash: .github/workflows/check-yaml-task.yml:105","Warn: pipCommand not pinned by hash: .github/workflows/spell-check-task.yml:62","Warn: npmCommand not pinned by hash: .github/workflows/sync-labels.yml:43","Warn: npmCommand not pinned by hash: .github/workflows/sync-labels.yml:136","Info:   0 out of  39 GitHub-owned GitHubAction dependencies pinned","Info:   0 out of  27 third-party GitHubAction dependencies pinned","Info:   0 out of   3 npmCommand dependencies pinned","Info:   0 out of   2 pipCommand dependencies pinned"],"documentation":{"short":"Determines if the project has declared and pinned the dependencies of its build process.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#pinned-dependencies"}},{"name":"Fuzzing","score":0,"reason":"project is not fuzzed","details":["Warn: no fuzzer integrations found"],"documentation":{"short":"Determines if the project uses fuzzing.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#fuzzing"}},{"name":"License","score":10,"reason":"license file detected","details":["Info: project has a license file: LICENSE.txt:0","Info: FSF or OSI recognized license: GNU General Public License v3.0: LICENSE.txt:0"],"documentation":{"short":"Determines if the project has defined a license.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#license"}},{"name":"Signed-Releases","score":0,"reason":"Project has not signed or included provenance with any releases.","details":["Warn: release artifact v1.4.1 not signed: https://api.github.com/repos/arduino/serial-discovery/releases/156684688","Warn: release artifact v1.4.0 not signed: https://api.github.com/repos/arduino/serial-discovery/releases/92234440","Warn: release artifact v1.3.5 not signed: https://api.github.com/repos/arduino/serial-discovery/releases/91435630","Warn: release artifact v1.3.4 not signed: https://api.github.com/repos/arduino/serial-discovery/releases/90798326","Warn: release artifact v1.3.3 not signed: https://api.github.com/repos/arduino/serial-discovery/releases/87873761","Warn: release artifact v1.4.1 does not have provenance: https://api.github.com/repos/arduino/serial-discovery/releases/156684688","Warn: release artifact v1.4.0 does not have provenance: https://api.github.com/repos/arduino/serial-discovery/releases/92234440","Warn: release artifact v1.3.5 does not have provenance: https://api.github.com/repos/arduino/serial-discovery/releases/91435630","Warn: release artifact v1.3.4 does not have provenance: https://api.github.com/repos/arduino/serial-discovery/releases/90798326","Warn: release artifact v1.3.3 does not have provenance: https://api.github.com/repos/arduino/serial-discovery/releases/87873761"],"documentation":{"short":"Determines if the project cryptographically signs release artifacts.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#signed-releases"}},{"name":"Branch-Protection","score":-1,"reason":"internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration","details":null,"documentation":{"short":"Determines if the default and release branches are protected with GitHub's branch protection settings.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#branch-protection"}},{"name":"Security-Policy","score":10,"reason":"security policy file detected","details":["Info: security policy file detected: github.com/arduino/.github/SECURITY.md:1","Info: Found linked content: github.com/arduino/.github/SECURITY.md:1","Info: Found disclosure, vulnerability, and/or timelines in security policy: github.com/arduino/.github/SECURITY.md:1","Info: Found text in security policy: github.com/arduino/.github/SECURITY.md:1"],"documentation":{"short":"Determines if the project has published a security policy.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#security-policy"}},{"name":"SAST","score":0,"reason":"SAST tool is not run on all commits -- score normalized to 0","details":["Warn: 0 commits out of 30 are checked with a SAST tool"],"documentation":{"short":"Determines if the project uses static code analysis.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#sast"}},{"name":"Vulnerabilities","score":7,"reason":"3 existing vulnerabilities detected","details":["Warn: Project is vulnerable to: GHSA-v6h2-p8h4-qcjw","Warn: Project is vulnerable to: GHSA-3xgq-45jj-v275","Warn: Project is vulnerable to: GHSA-8gh8-hqwg-xf34"],"documentation":{"short":"Determines if the project has open, known unfixed vulnerabilities.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#vulnerabilities"}}]},"last_synced_at":"2025-08-16T23:45:49.100Z","repository_id":38192491,"created_at":"2025-08-16T23:45:49.100Z","updated_at":"2025-08-16T23:45:49.100Z"},"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":274989929,"owners_count":25386552,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","status":"online","status_checked_at":"2025-09-13T02:00:10.085Z","response_time":70,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["arduino","go","golang","tooling-team"],"created_at":"2024-08-06T18:01:56.284Z","updated_at":"2025-09-13T16:10:00.994Z","avatar_url":"https://github.com/arduino.png","language":"Go","funding_links":["https://github.com/sponsors/arduino","https://www.arduino.cc/en/Main/Donate"],"categories":["Go"],"sub_categories":[],"readme":"# Arduino pluggable discovery for serial ports\n\nThe `serial-discovery` tool is a command line program that interacts via stdio. It accepts commands as plain ASCII strings terminated with LF `\\n` and sends response as JSON.\n\n## How to build\n\nInstall a recent golang environment and run `go build`. The executable `serial-discovery` will be produced in your working directory.\n\n## Usage\n\nAfter startup, the tool waits for commands. The available commands are: `HELLO`, `START`, `STOP`, `QUIT`, `LIST` and `START_SYNC`.\n\n#### HELLO command\n\nThe `HELLO` command is used to establish the pluggable discovery protocol between client and discovery.\nThe format of the command is:\n\n`HELLO \u003cPROTOCOL_VERSION\u003e \"\u003cUSER_AGENT\u003e\"`\n\nfor example:\n\n`HELLO 1 \"Arduino IDE\"`\n\nor:\n\n`HELLO 1 \"arduino-cli\"`\n\nin this case the protocol version requested by the client is `1` (at the moment of writing there were no other revisions of the protocol).\nThe response to the command is:\n\n```json\n{\n  \"eventType\": \"hello\",\n  \"protocolVersion\": 1,\n  \"message\": \"OK\"\n}\n```\n\n`protocolVersion` is the protocol version that the discovery is going to use in the remainder of the communication.\n\n#### START command\n\nThe `START` starts the internal subroutines of the discovery that looks for ports. This command must be called before `LIST` or `START_SYNC`. The response to the start command is:\n\n```json\n{\n  \"eventType\": \"start\",\n  \"message\": \"OK\"\n}\n```\n\n#### STOP command\n\nThe `STOP` command stops the discovery internal subroutines and free some resources. This command should be called if the client wants to pause the discovery for a while. The response to the stop command is:\n\n```json\n{\n  \"eventType\": \"stop\",\n  \"message\": \"OK\"\n}\n```\n\n#### QUIT command\n\nThe `QUIT` command terminates the discovery. The response to quit is:\n\n```json\n{\n  \"eventType\": \"quit\",\n  \"message\": \"OK\"\n}\n```\n\nafter this output the tool quits.\n\n#### LIST command\n\nThe `LIST` command returns a list of the currently available serial ports. The format of the response is the following:\n\n```json\n{\n  \"eventType\": \"list\",\n  \"ports\": [\n    {\n      \"address\": \"/dev/ttyACM0\",\n      \"label\": \"/dev/ttyACM0\",\n      \"properties\": {\n        \"pid\": \"0x804e\",\n        \"vid\": \"0x2341\",\n        \"serialNumber\": \"EBEABFD6514D32364E202020FF10181E\"\n      },\n      \"hardwareId\": \"EBEABFD6514D32364E202020FF10181E\",\n      \"protocol\": \"serial\",\n      \"protocolLabel\": \"Serial Port (USB)\"\n    }\n  ]\n}\n```\n\nThe `ports` field contains a list of the available serial ports. If the serial port comes from an USB serial converter the USB VID/PID and USB SERIAL NUMBER properties are also reported inside `properties`.\n\nThe list command is a one-shot command, if you need continuous monitoring of ports you should use `START_SYNC` command.\n\n#### START_SYNC command\n\nThe `START_SYNC` command puts the tool in \"events\" mode: the discovery will send `add` and `remove` events each time a new port is detected or removed respectively.\nThe immediate response to the command is:\n\n```json\n{\n  \"eventType\": \"start_sync\",\n  \"message\": \"OK\"\n}\n```\n\nafter that the discovery enters the \"events\" mode.\n\nThe `add` events looks like the following:\n\n```json\n{\n  \"eventType\": \"add\",\n  \"port\": {\n    \"address\": \"/dev/ttyACM0\",\n    \"label\": \"/dev/ttyACM0\",\n    \"properties\": {\n      \"pid\": \"0x804e\",\n      \"vid\": \"0x2341\",\n      \"serialNumber\": \"EBEABFD6514D32364E202020FF10181E\"\n    },\n    \"hardwareId\": \"EBEABFD6514D32364E202020FF10181E\",\n    \"protocol\": \"serial\",\n    \"protocolLabel\": \"Serial Port (USB)\"\n  }\n}\n```\n\nit basically gather the same information as the `list` event but for a single port. After calling `START_SYNC` a bunch of `add` events may be generated in sequence to report all the ports available at the moment of the start.\n\nThe `remove` event looks like this:\n\n```json\n{\n  \"eventType\": \"remove\",\n  \"port\": {\n    \"address\": \"/dev/ttyACM0\",\n    \"protocol\": \"serial\"\n  }\n}\n```\n\nin this case only the `address` and `protocol` fields are reported.\n\n### Example of usage\n\nA possible transcript of the discovery usage:\n\n```\n$ ./serial-discovery\nSTART\n{\n  \"eventType\": \"start\",\n  \"message\": \"OK\"\n}\nLIST\n{\n  \"eventType\": \"list\",\n  \"ports\": [\n    {\n      \"address\": \"/dev/ttyACM0\",\n      \"label\": \"/dev/ttyACM0\",\n      \"protocol\": \"serial\",\n      \"protocolLabel\": \"Serial Port (USB)\",\n      \"properties\": {\n        \"pid\": \"0x004e\",\n        \"serialNumber\": \"EBEABFD6514D32364E202020FF10181E\",\n        \"vid\": \"0x2341\"\n      },\n      \"hardwareId\": \"EBEABFD6514D32364E202020FF10181E\"\n    }\n  ]\n}\nSTART_SYNC\n{\n  \"eventType\": \"start_sync\",\n  \"message\": \"OK\"\n}\n{                                  \u003c--- this event has been immediately sent\n  \"eventType\": \"add\",\n  \"port\": {\n    \"address\": \"/dev/ttyACM0\",\n    \"label\": \"/dev/ttyACM0\",\n    \"protocol\": \"serial\",\n    \"protocolLabel\": \"Serial Port (USB)\",\n    \"properties\": {\n      \"pid\": \"0x004e\",\n      \"serialNumber\": \"EBEABFD6514D32364E202020FF10181E\",\n      \"vid\": \"0x2341\"\n    },\n    \"hardwareId\": \"EBEABFD6514D32364E202020FF10181E\"\n  }\n}\n{                                  \u003c--- the board has been disconnected here\n  \"eventType\": \"remove\",\n  \"port\": {\n    \"address\": \"/dev/ttyACM0\",\n    \"protocol\": \"serial\"\n  }\n}\n{                                  \u003c--- the board has been connected again\n  \"eventType\": \"add\",\n  \"port\": {\n    \"address\": \"/dev/ttyACM0\",\n    \"label\": \"/dev/ttyACM0\",\n    \"protocol\": \"serial\",\n    \"protocolLabel\": \"Serial Port (USB)\",\n    \"properties\": {\n      \"pid\": \"0x004e\",\n      \"serialNumber\": \"EBEABFD6514D32364E202020FF10181E\",\n      \"vid\": \"0x2341\"\n    },\n    \"hardwareId\": \"EBEABFD6514D32364E202020FF10181E\"\n  }\n}\nQUIT\n{\n  \"eventType\": \"quit\",\n  \"message\": \"OK\"\n}\n$\n```\n\n## Security\n\nIf you think you found a vulnerability or other security-related bug in this project, please read our\n[security policy](https://github.com/arduino/serial-discovery/security/policy) and report the bug to our Security Team 🛡️\nThank you!\n\ne-mail contact: security@arduino.cc\n\n## License\n\nCopyright (c) 2018 ARDUINO SA (www\u003c!----\u003e.arduino\u003c!----\u003e.cc)\n\nThe software is released under the GNU General Public License, which covers the main body\nof the serial-discovery code. The terms of this license can be found at:\nhttps://www.gnu.org/licenses/gpl-3.0.en.html\n\nSee [LICENSE.txt](https://github.com/arduino/serial-discovery/blob/master/LICENSE.txt) for details.\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Farduino%2Fserial-discovery","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Farduino%2Fserial-discovery","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Farduino%2Fserial-discovery/lists"}