{"id":13399525,"url":"https://github.com/envoyproxy/envoy","last_synced_at":"2026-06-04T14:00:49.005Z","repository":{"id":37243674,"uuid":"65214191","full_name":"envoyproxy/envoy","owner":"envoyproxy","description":"Cloud-native high-performance edge/middle/service proxy","archived":false,"fork":false,"pushed_at":"2026-06-04T04:22:03.000Z","size":305430,"stargazers_count":28314,"open_issues_count":1886,"forks_count":5410,"subscribers_count":562,"default_branch":"main","last_synced_at":"2026-06-04T06:13:03.025Z","etag":null,"topics":["cars","cats","cats-over-dogs","cncf","corgis","more-cats","nanoservices","rocket-ships"],"latest_commit_sha":null,"homepage":"https://www.envoyproxy.io","language":"C++","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/envoyproxy.png","metadata":{"files":{"readme":"README.md","changelog":"changelogs/1.0.0.yaml","contributing":"CONTRIBUTING.md","funding":null,"license":"LICENSE","code_of_conduct":"CODE_OF_CONDUCT.md","threat_model":null,"audit":null,"citation":null,"codeowners":"CODEOWNERS","security":"SECURITY-INSIGHTS.yml","support":"support/README.md","governance":"GOVERNANCE.md","roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":"NOTICE","maintainers":null,"copyright":null,"agents":null,"dco":"DCO","cla":null}},"created_at":"2016-08-08T15:07:24.000Z","updated_at":"2026-06-04T04:51:41.000Z","dependencies_parsed_at":"2023-09-22T03:15:22.898Z","dependency_job_id":"dcccde1c-8bec-431f-b0d2-0275d4efda92","html_url":"https://github.com/envoyproxy/envoy","commit_stats":{"total_commits":21887,"total_committers":1361,"mean_commits":16.08155767817781,"dds":0.9240645131813405,"last_synced_commit":"cbde3a5ba006a71d1871ffcdfdd97471dc9eb7ad"},"previous_names":["lyft/envoy"],"tags_count":263,"template":false,"template_full_name":null,"purl":"pkg:github/envoyproxy/envoy","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/envoyproxy%2Fenvoy","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/envoyproxy%2Fenvoy/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/envoyproxy%2Fenvoy/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/envoyproxy%2Fenvoy/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/envoyproxy","download_url":"https://codeload.github.com/envoyproxy/envoy/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/envoyproxy%2Fenvoy/sbom","scorecard":{"id":113907,"data":{"date":"2025-08-15T19:03:32Z","repo":{"name":"github.com/envoyproxy/envoy","commit":"644cd97b89bf21ff30fce3e30c0e9675f4f7af1b"},"scorecard":{"version":"v5.2.1","commit":"ab2f6e92482462fe66246d9e32f642855a691dc1"},"score":8.7,"checks":[{"name":"Code-Review","score":10,"reason":"all changesets reviewed","details":null,"documentation":{"short":"Determines if the project requires human code review before pull requests (aka merge requests) are merged.","url":"https://github.com/ossf/scorecard/blob/ab2f6e92482462fe66246d9e32f642855a691dc1/docs/checks.md#code-review"}},{"name":"Dependency-Update-Tool","score":10,"reason":"update tool detected","details":["Info: detected update tool: Dependabot: .github/dependabot.yml:1"],"documentation":{"short":"Determines if the project uses a dependency update tool.","url":"https://github.com/ossf/scorecard/blob/ab2f6e92482462fe66246d9e32f642855a691dc1/docs/checks.md#dependency-update-tool"}},{"name":"Security-Policy","score":10,"reason":"security policy file detected","details":["Info: security policy file detected: SECURITY.md:1","Info: Found linked content: SECURITY.md:1","Info: Found disclosure, vulnerability, and/or timelines in security policy: SECURITY.md:1","Info: Found text in security policy: SECURITY.md:1"],"documentation":{"short":"Determines if the project has published a security policy.","url":"https://github.com/ossf/scorecard/blob/ab2f6e92482462fe66246d9e32f642855a691dc1/docs/checks.md#security-policy"}},{"name":"Maintained","score":10,"reason":"30 commit(s) and 18 issue activity found in the last 90 days -- score normalized to 10","details":null,"documentation":{"short":"Determines if the project is \"actively maintained\".","url":"https://github.com/ossf/scorecard/blob/ab2f6e92482462fe66246d9e32f642855a691dc1/docs/checks.md#maintained"}},{"name":"Token-Permissions","score":10,"reason":"GitHub workflow tokens follow principle of least privilege","details":["Info: jobLevel 'contents' permission set to 'read': .github/workflows/_check_build.yml:33","Info: jobLevel 'packages' permission set to 'read': .github/workflows/_check_build.yml:34","Info: jobLevel 'contents' permission set to 'read': .github/workflows/_check_coverage.yml:36","Info: jobLevel 'packages' permission set to 'read': .github/workflows/_check_coverage.yml:37","Info: jobLevel 'contents' permission set to 'read': .github/workflows/_check_san.yml:33","Info: jobLevel 'packages' permission set to 'read': .github/workflows/_check_san.yml:34","Info: jobLevel 'actions' permission set to 'read': .github/workflows/_finish.yml:36","Info: jobLevel 'contents' permission set to 'read': .github/workflows/_finish.yml:37","Info: jobLevel 'actions' permission set to 'read': .github/workflows/_load.yml:75","Info: jobLevel 'contents' permission set to 'read': .github/workflows/_load.yml:76","Info: jobLevel 'pull-requests' permission set to 'read': .github/workflows/_load.yml:77","Info: jobLevel 'contents' permission set to 'read': .github/workflows/_mobile_container_ci.yml:129","Info: jobLevel 'packages' permission set to 'read': .github/workflows/_mobile_container_ci.yml:130","Info: jobLevel 'contents' permission set to 'read': .github/workflows/_precheck_deps.yml:35","Info: jobLevel 'packages' permission set to 'read': .github/workflows/_precheck_deps.yml:36","Info: jobLevel 'contents' permission set to 'read': .github/workflows/_precheck_format.yml:33","Info: jobLevel 'packages' permission set to 'read': .github/workflows/_precheck_format.yml:34","Info: jobLevel 'contents' permission set to 'read': .github/workflows/_precheck_publish.yml:35","Info: jobLevel 'packages' permission set to 'read': .github/workflows/_precheck_publish.yml:36","Info: jobLevel 'contents' permission set to 'read': .github/workflows/_publish_build.yml:44","Info: jobLevel 'packages' permission set to 'read': .github/workflows/_publish_build.yml:45","Info: jobLevel 'contents' permission set to 'read': .github/workflows/_publish_build.yml:68","Info: jobLevel 'packages' permission set to 'read': .github/workflows/_publish_build.yml:69","Info: jobLevel 'contents' permission set to 'read': .github/workflows/_publish_build.yml:100","Info: jobLevel 'packages' permission set to 'read': .github/workflows/_publish_build.yml:101","Info: jobLevel 'contents' permission set to 'read': .github/workflows/_publish_release.yml:44","Info: jobLevel 'packages' permission set to 'read': .github/workflows/_publish_release.yml:45","Info: jobLevel 'contents' permission set to 'read': .github/workflows/_publish_release.yml:86","Info: jobLevel 'packages' permission set to 'read': .github/workflows/_publish_release.yml:87","Info: jobLevel 'contents' permission set to 'read': .github/workflows/_publish_release.yml:106","Info: jobLevel 'packages' permission set to 'read': .github/workflows/_publish_release.yml:107","Info: jobLevel 'packages' permission set to 'read': .github/workflows/_publish_release_container.yml:54","Info: jobLevel 'contents' permission set to 'read': .github/workflows/_publish_release_container.yml:53","Info: jobLevel 'contents' permission set to 'read': .github/workflows/_publish_verify.yml:137","Info: jobLevel 'packages' permission set to 'read': .github/workflows/_publish_verify.yml:138","Info: jobLevel 'contents' permission set to 'read': .github/workflows/_publish_verify.yml:34","Info: jobLevel 'packages' permission set to 'read': .github/workflows/_publish_verify.yml:35","Info: jobLevel 'contents' permission set to 'read': .github/workflows/_publish_verify.yml:89","Info: jobLevel 'packages' permission set to 'read': .github/workflows/_publish_verify.yml:90","Info: jobLevel 'contents' permission set to 'read': .github/workflows/_request.yml:52","Info: jobLevel 'pull-requests' permission set to 'read': .github/workflows/_request.yml:53","Info: jobLevel 'contents' permission set to 'read': .github/workflows/_request.yml:200","Info: jobLevel 'packages' permission set to 'read': .github/workflows/_request.yml:201","Info: jobLevel 'contents' permission set to 'read': .github/workflows/_request_cache.yml:54","Info: jobLevel 'packages' permission set to 'read': .github/workflows/_request_cache.yml:55","Info: jobLevel 'contents' permission set to 'read': .github/workflows/_request_cache_bazel.yml:48","Info: jobLevel 'packages' permission set to 'read': .github/workflows/_request_cache_bazel.yml:49","Info: jobLevel 'contents' permission set to 'read': .github/workflows/_run.yml:213","Info: jobLevel 'packages' permission set to 'read': .github/workflows/_run.yml:214","Info: jobLevel 'pull-requests' permission set to 'read': .github/workflows/codeql-daily.yml:20","Info: jobLevel 'contents' permission set to 'read': .github/workflows/codeql-push.yml:29","Info: jobLevel 'pull-requests' permission set to 'read': .github/workflows/codeql-push.yml:32","Info: jobLevel 'actions' permission set to 'read': .github/workflows/codeql-push.yml:28","Info: jobLevel 'actions' permission set to 'read': .github/workflows/envoy-checks.yml:71","Info: jobLevel 'contents' permission set to 'read': .github/workflows/envoy-checks.yml:72","Info: jobLevel 'packages' permission set to 'read': .github/workflows/envoy-checks.yml:73","Info: jobLevel 'pull-requests' permission set to 'read': .github/workflows/envoy-checks.yml:74","Info: jobLevel 'actions' permission set to 'read': .github/workflows/envoy-checks.yml:89","Info: jobLevel 'contents' permission set to 'read': .github/workflows/envoy-checks.yml:90","Info: jobLevel 'packages' permission set to 'read': .github/workflows/envoy-checks.yml:91","Info: jobLevel 'pull-requests' permission set to 'read': .github/workflows/envoy-checks.yml:92","Info: jobLevel 'actions' permission set to 'read': .github/workflows/envoy-checks.yml:108","Info: jobLevel 'contents' permission set to 'read': .github/workflows/envoy-checks.yml:109","Info: jobLevel 'pull-requests' permission set to 'read': .github/workflows/envoy-checks.yml:110","Info: jobLevel 'actions' permission set to 'read': .github/workflows/envoy-checks.yml:34","Info: jobLevel 'contents' permission set to 'read': .github/workflows/envoy-checks.yml:35","Info: jobLevel 'packages' permission set to 'read': .github/workflows/envoy-checks.yml:36","Info: jobLevel 'pull-requests' permission set to 'read': .github/workflows/envoy-checks.yml:37","Info: jobLevel 'actions' permission set to 'read': .github/workflows/envoy-checks.yml:52","Info: jobLevel 'contents' permission set to 'read': .github/workflows/envoy-checks.yml:53","Info: jobLevel 'packages' permission set to 'read': .github/workflows/envoy-checks.yml:54","Info: jobLevel 'pull-requests' permission set to 'read': .github/workflows/envoy-checks.yml:55","Info: jobLevel 'contents' permission set to 'read': .github/workflows/envoy-dependency.yml:237","Info: jobLevel 'pull-requests' permission set to 'read': .github/workflows/envoy-macos.yml:90","Info: jobLevel 'actions' permission set to 'read': .github/workflows/envoy-macos.yml:88","Info: jobLevel 'contents' permission set to 'read': .github/workflows/envoy-macos.yml:89","Info: jobLevel 'actions' permission set to 'read': .github/workflows/envoy-macos.yml:29","Info: jobLevel 'contents' permission set to 'read': .github/workflows/envoy-macos.yml:30","Info: jobLevel 'packages' permission set to 'read': .github/workflows/envoy-macos.yml:31","Info: jobLevel 'pull-requests' permission set to 'read': .github/workflows/envoy-macos.yml:32","Info: jobLevel 'contents' permission set to 'read': .github/workflows/envoy-macos.yml:43","Info: jobLevel 'packages' permission set to 'read': .github/workflows/envoy-macos.yml:44","Info: jobLevel 'pull-requests' permission set to 'read': .github/workflows/envoy-prechecks.yml:35","Info: jobLevel 'actions' permission set to 'read': .github/workflows/envoy-prechecks.yml:32","Info: jobLevel 'contents' permission set to 'read': .github/workflows/envoy-prechecks.yml:33","Info: jobLevel 'packages' permission set to 'read': .github/workflows/envoy-prechecks.yml:34","Info: jobLevel 'pull-requests' permission set to 'read': .github/workflows/envoy-prechecks.yml:51","Info: jobLevel 'actions' permission set to 'read': .github/workflows/envoy-prechecks.yml:48","Info: jobLevel 'contents' permission set to 'read': .github/workflows/envoy-prechecks.yml:49","Info: jobLevel 'packages' permission set to 'read': .github/workflows/envoy-prechecks.yml:50","Info: jobLevel 'actions' permission set to 'read': .github/workflows/envoy-prechecks.yml:66","Info: jobLevel 'contents' permission set to 'read': .github/workflows/envoy-prechecks.yml:67","Info: jobLevel 'packages' permission set to 'read': .github/workflows/envoy-prechecks.yml:68","Info: jobLevel 'pull-requests' permission set to 'read': .github/workflows/envoy-prechecks.yml:69","Info: jobLevel 'actions' permission set to 'read': .github/workflows/envoy-prechecks.yml:90","Info: jobLevel 'contents' permission set to 'read': .github/workflows/envoy-prechecks.yml:91","Info: jobLevel 'packages' permission set to 'read': .github/workflows/envoy-prechecks.yml:92","Info: jobLevel 'pull-requests' permission set to 'read': .github/workflows/envoy-prechecks.yml:93","Info: jobLevel 'actions' permission set to 'read': .github/workflows/envoy-prechecks.yml:109","Info: jobLevel 'contents' permission set to 'read': .github/workflows/envoy-prechecks.yml:110","Info: jobLevel 'pull-requests' permission set to 'read': .github/workflows/envoy-prechecks.yml:111","Info: jobLevel 'actions' permission set to 'read': .github/workflows/envoy-publish.yml:37","Info: jobLevel 'contents' permission set to 'read': .github/workflows/envoy-publish.yml:38","Info: jobLevel 'packages' permission set to 'read': .github/workflows/envoy-publish.yml:39","Info: jobLevel 'pull-requests' permission set to 'read': .github/workflows/envoy-publish.yml:40","Info: jobLevel 'contents' permission set to 'read': .github/workflows/envoy-publish.yml:53","Info: jobLevel 'packages' permission set to 'read': .github/workflows/envoy-publish.yml:54","Info: jobLevel 'contents' permission set to 'read': .github/workflows/envoy-publish.yml:120","Info: jobLevel 'packages' permission set to 'read': .github/workflows/envoy-publish.yml:121","Info: jobLevel 'packages' permission set to 'read': .github/workflows/envoy-publish.yml:138","Info: jobLevel 'contents' permission set to 'read': .github/workflows/envoy-publish.yml:137","Info: jobLevel 'pull-requests' permission set to 'read': .github/workflows/envoy-publish.yml:158","Info: jobLevel 'actions' permission set to 'read': .github/workflows/envoy-publish.yml:156","Info: jobLevel 'contents' permission set to 'read': .github/workflows/envoy-publish.yml:157","Info: jobLevel 'contents' permission set to 'read': .github/workflows/envoy-security-check.yml:20","Info: jobLevel 'actions' permission set to 'read': .github/workflows/mobile-android_build.yml:29","Info: jobLevel 'contents' permission set to 'read': .github/workflows/mobile-android_build.yml:30","Info: jobLevel 'packages' permission set to 'read': .github/workflows/mobile-android_build.yml:31","Info: jobLevel 'pull-requests' permission set to 'read': .github/workflows/mobile-android_build.yml:32","Info: jobLevel 'contents' permission set to 'read': .github/workflows/mobile-android_build.yml:43","Info: jobLevel 'packages' permission set to 'read': .github/workflows/mobile-android_build.yml:44","Info: jobLevel 'contents' permission set to 'read': .github/workflows/mobile-android_build.yml:62","Info: jobLevel 'packages' permission set to 'read': .github/workflows/mobile-android_build.yml:63","Info: jobLevel 'packages' permission set to 'read': .github/workflows/mobile-android_build.yml:99","Info: jobLevel 'contents' permission set to 'read': .github/workflows/mobile-android_build.yml:98","Info: jobLevel 'actions' permission set to 'read': .github/workflows/mobile-android_build.yml:171","Info: jobLevel 'contents' permission set to 'read': .github/workflows/mobile-android_build.yml:172","Info: jobLevel 'pull-requests' permission set to 'read': .github/workflows/mobile-android_build.yml:173","Info: jobLevel 'packages' permission set to 'read': .github/workflows/mobile-android_tests.yml:31","Info: jobLevel 'pull-requests' permission set to 'read': .github/workflows/mobile-android_tests.yml:32","Info: jobLevel 'actions' permission set to 'read': .github/workflows/mobile-android_tests.yml:29","Info: jobLevel 'contents' permission set to 'read': .github/workflows/mobile-android_tests.yml:30","Info: jobLevel 'contents' permission set to 'read': .github/workflows/mobile-android_tests.yml:43","Info: jobLevel 'packages' permission set to 'read': .github/workflows/mobile-android_tests.yml:44","Info: jobLevel 'actions' permission set to 'read': .github/workflows/mobile-android_tests.yml:78","Info: jobLevel 'contents' permission set to 'read': .github/workflows/mobile-android_tests.yml:79","Info: jobLevel 'pull-requests' permission set to 'read': .github/workflows/mobile-android_tests.yml:80","Info: jobLevel 'contents' permission set to 'read': .github/workflows/mobile-asan.yml:43","Info: jobLevel 'packages' permission set to 'read': .github/workflows/mobile-asan.yml:44","Info: jobLevel 'actions' permission set to 'read': .github/workflows/mobile-asan.yml:63","Info: jobLevel 'contents' permission set to 'read': .github/workflows/mobile-asan.yml:64","Info: jobLevel 'actions' permission set to 'read': .github/workflows/mobile-asan.yml:29","Info: jobLevel 'contents' permission set to 'read': .github/workflows/mobile-asan.yml:30","Info: jobLevel 'packages' permission set to 'read': .github/workflows/mobile-asan.yml:31","Info: jobLevel 'pull-requests' permission set to 'read': .github/workflows/mobile-asan.yml:32","Info: jobLevel 'pull-requests' permission set to 'read': .github/workflows/mobile-cc_tests.yml:32","Info: jobLevel 'actions' permission set to 'read': .github/workflows/mobile-cc_tests.yml:29","Info: jobLevel 'contents' permission set to 'read': .github/workflows/mobile-cc_tests.yml:30","Info: jobLevel 'packages' permission set to 'read': .github/workflows/mobile-cc_tests.yml:31","Info: jobLevel 'packages' permission set to 'read': .github/workflows/mobile-cc_tests.yml:44","Info: jobLevel 'contents' permission set to 'read': .github/workflows/mobile-cc_tests.yml:43","Info: jobLevel 'actions' permission set to 'read': .github/workflows/mobile-cc_tests.yml:63","Info: jobLevel 'contents' permission set to 'read': .github/workflows/mobile-cc_tests.yml:64","Info: jobLevel 'actions' permission set to 'read': .github/workflows/mobile-coverage.yml:29","Info: jobLevel 'contents' permission set to 'read': .github/workflows/mobile-coverage.yml:30","Info: jobLevel 'packages' permission set to 'read': .github/workflows/mobile-coverage.yml:31","Info: jobLevel 'pull-requests' permission set to 'read': .github/workflows/mobile-coverage.yml:32","Info: jobLevel 'contents' permission set to 'read': .github/workflows/mobile-coverage.yml:43","Info: jobLevel 'packages' permission set to 'read': .github/workflows/mobile-coverage.yml:44","Info: jobLevel 'actions' permission set to 'read': .github/workflows/mobile-coverage.yml:80","Info: jobLevel 'contents' permission set to 'read': .github/workflows/mobile-coverage.yml:81","Info: jobLevel 'contents' permission set to 'read': .github/workflows/mobile-docs.yml:45","Info: jobLevel 'packages' permission set to 'read': .github/workflows/mobile-docs.yml:46","Info: jobLevel 'actions' permission set to 'read': .github/workflows/mobile-docs.yml:91","Info: jobLevel 'contents' permission set to 'read': .github/workflows/mobile-docs.yml:92","Info: jobLevel 'pull-requests' permission set to 'read': .github/workflows/mobile-docs.yml:93","Info: jobLevel 'actions' permission set to 'read': .github/workflows/mobile-docs.yml:29","Info: jobLevel 'contents' permission set to 'read': .github/workflows/mobile-docs.yml:30","Info: jobLevel 'packages' permission set to 'read': .github/workflows/mobile-docs.yml:31","Info: jobLevel 'pull-requests' permission set to 'read': .github/workflows/mobile-docs.yml:32","Info: jobLevel 'actions' permission set to 'read': .github/workflows/mobile-format.yml:29","Info: jobLevel 'contents' permission set to 'read': .github/workflows/mobile-format.yml:30","Info: jobLevel 'packages' permission set to 'read': .github/workflows/mobile-format.yml:31","Info: jobLevel 'pull-requests' permission set to 'read': .github/workflows/mobile-format.yml:32","Info: jobLevel 'contents' permission set to 'read': .github/workflows/mobile-format.yml:43","Info: jobLevel 'packages' permission set to 'read': .github/workflows/mobile-format.yml:44","Info: jobLevel 'actions' permission set to 'read': .github/workflows/mobile-format.yml:79","Info: jobLevel 'contents' permission set to 'read': .github/workflows/mobile-format.yml:80","Info: jobLevel 'pull-requests' permission set to 'read': .github/workflows/mobile-format.yml:81","Info: jobLevel 'actions' permission set to 'read': .github/workflows/mobile-ios_build.yml:29","Info: jobLevel 'contents' permission set to 'read': .github/workflows/mobile-ios_build.yml:30","Info: jobLevel 'packages' permission set to 'read': .github/workflows/mobile-ios_build.yml:31","Info: jobLevel 'pull-requests' permission set to 'read': .github/workflows/mobile-ios_build.yml:32","Info: jobLevel 'packages' permission set to 'read': .github/workflows/mobile-ios_build.yml:44","Info: jobLevel 'contents' permission set to 'read': .github/workflows/mobile-ios_build.yml:43","Info: jobLevel 'actions' permission set to 'read': .github/workflows/mobile-ios_build.yml:176","Info: jobLevel 'contents' permission set to 'read': .github/workflows/mobile-ios_build.yml:177","Info: jobLevel 'pull-requests' permission set to 'read': .github/workflows/mobile-ios_build.yml:178","Info: jobLevel 'contents' permission set to 'read': .github/workflows/mobile-ios_tests.yml:30","Info: jobLevel 'packages' permission set to 'read': .github/workflows/mobile-ios_tests.yml:31","Info: jobLevel 'pull-requests' permission set to 'read': .github/workflows/mobile-ios_tests.yml:32","Info: jobLevel 'actions' permission set to 'read': .github/workflows/mobile-ios_tests.yml:29","Info: jobLevel 'packages' permission set to 'read': .github/workflows/mobile-ios_tests.yml:44","Info: jobLevel 'contents' permission set to 'read': .github/workflows/mobile-ios_tests.yml:43","Info: jobLevel 'actions' permission set to 'read': .github/workflows/mobile-ios_tests.yml:89","Info: jobLevel 'contents' permission set to 'read': .github/workflows/mobile-ios_tests.yml:90","Info: jobLevel 'pull-requests' permission set to 'read': .github/workflows/mobile-ios_tests.yml:91","Info: jobLevel 'actions' permission set to 'read': .github/workflows/mobile-perf.yml:29","Info: jobLevel 'contents' permission set to 'read': .github/workflows/mobile-perf.yml:30","Info: jobLevel 'packages' permission set to 'read': .github/workflows/mobile-perf.yml:31","Info: jobLevel 'pull-requests' permission set to 'read': .github/workflows/mobile-perf.yml:32","Info: jobLevel 'contents' permission set to 'read': .github/workflows/mobile-perf.yml:43","Info: jobLevel 'packages' permission set to 'read': .github/workflows/mobile-perf.yml:44","Info: jobLevel 'contents' permission set to 'read': .github/workflows/mobile-perf.yml:84","Info: jobLevel 'packages' permission set to 'read': .github/workflows/mobile-perf.yml:85","Info: jobLevel 'pull-requests' permission set to 'read': .github/workflows/mobile-perf.yml:118","Info: jobLevel 'actions' permission set to 'read': .github/workflows/mobile-perf.yml:116","Info: jobLevel 'contents' permission set to 'read': .github/workflows/mobile-perf.yml:117","Info: jobLevel 'contents' permission set to 'read': .github/workflows/mobile-release.yml:18","Info: jobLevel 'contents' permission set to 'read': .github/workflows/mobile-release.yml:23","Info: jobLevel 'packages' permission set to 'read': .github/workflows/mobile-release.yml:24","Info: jobLevel 'contents' permission set to 'read': .github/workflows/mobile-release.yml:79","Info: jobLevel 'packages' permission set to 'read': .github/workflows/mobile-release.yml:80","Info: jobLevel 'packages' permission set to 'read': .github/workflows/mobile-release_validation.yml:31","Info: jobLevel 'pull-requests' permission set to 'read': .github/workflows/mobile-release_validation.yml:32","Info: jobLevel 'actions' permission set to 'read': .github/workflows/mobile-release_validation.yml:29","Info: jobLevel 'contents' permission set to 'read': .github/workflows/mobile-release_validation.yml:30","Info: jobLevel 'pull-requests' permission set to 'read': .github/workflows/mobile-release_validation.yml:90","Info: jobLevel 'actions' permission set to 'read': .github/workflows/mobile-release_validation.yml:88","Info: jobLevel 'contents' permission set to 'read': .github/workflows/mobile-release_validation.yml:89","Info: jobLevel 'contents' permission set to 'read': .github/workflows/mobile-tsan.yml:44","Info: jobLevel 'packages' permission set to 'read': .github/workflows/mobile-tsan.yml:45","Info: jobLevel 'contents' permission set to 'read': .github/workflows/mobile-tsan.yml:66","Info: jobLevel 'actions' permission set to 'read': .github/workflows/mobile-tsan.yml:65","Info: jobLevel 'actions' permission set to 'read': .github/workflows/mobile-tsan.yml:29","Info: jobLevel 'contents' permission set to 'read': .github/workflows/mobile-tsan.yml:30","Info: jobLevel 'packages' permission set to 'read': .github/workflows/mobile-tsan.yml:31","Info: jobLevel 'pull-requests' permission set to 'read': .github/workflows/mobile-tsan.yml:32","Info: jobLevel 'contents' permission set to 'read': .github/workflows/pr_notifier.yml:15","Info: jobLevel 'statuses' permission set to 'read': .github/workflows/pr_notifier.yml:16","Info: jobLevel 'pull-requests' permission set to 'read': .github/workflows/pr_notifier.yml:17","Info: jobLevel 'actions' permission set to 'read': .github/workflows/request.yml:28","Info: jobLevel 'contents' permission set to 'read': .github/workflows/request.yml:29","Info: jobLevel 'packages' permission set to 'read': .github/workflows/request.yml:30","Info: jobLevel 'pull-requests' permission set to 'read': .github/workflows/request.yml:32","Info: topLevel 'contents' permission set to 'read': .github/workflows/_check_build.yml:4","Info: topLevel 'contents' permission set to 'read': .github/workflows/_check_coverage.yml:4","Info: topLevel 'contents' permission set to 'read': .github/workflows/_check_san.yml:4","Info: topLevel 'contents' permission set to 'read': .github/workflows/_finish.yml:4","Info: topLevel 'contents' permission set to 'read': .github/workflows/_load.yml:4","Info: topLevel 'contents' permission set to 'read': .github/workflows/_load_env.yml:4","Info: topLevel 'contents' permission set to 'read': .github/workflows/_mobile_container_ci.yml:4","Info: topLevel 'contents' permission set to 'read': .github/workflows/_precheck_deps.yml:4","Info: topLevel 'contents' permission set to 'read': .github/workflows/_precheck_format.yml:4","Info: topLevel 'contents' permission set to 'read': .github/workflows/_precheck_publish.yml:4","Info: topLevel 'contents' permission set to 'read': .github/workflows/_publish_build.yml:4","Info: topLevel 'contents' permission set to 'read': .github/workflows/_publish_release.yml:4","Info: topLevel 'contents' permission set to 'read': .github/workflows/_publish_release_container.yml:4","Info: topLevel 'contents' permission set to 'read': .github/workflows/_publish_verify.yml:4","Info: topLevel 'contents' permission set to 'read': .github/workflows/_request.yml:4","Info: topLevel 'contents' permission set to 'read': .github/workflows/_request_cache.yml:4","Info: topLevel 'contents' permission set to 'read': .github/workflows/_request_cache_bazel.yml:4","Info: topLevel 'contents' permission set to 'read': .github/workflows/_request_cache_docker.yml:4","Info: topLevel 'contents' permission set to 'read': .github/workflows/_request_checks.yml:6","Info: topLevel 'contents' permission set to 'read': .github/workflows/_run.yml:4","Info: topLevel 'contents' permission set to 'read': .github/workflows/codeql-daily.yml:4","Info: topLevel 'contents' permission set to 'read': .github/workflows/codeql-push.yml:4","Info: topLevel 'contents' permission set to 'read': .github/workflows/command.yml:6","Info: topLevel 'contents' permission set to 'read': .github/workflows/envoy-checks.yml:4","Info: topLevel 'contents' permission set to 'read': .github/workflows/envoy-dependency.yml:4","Info: topLevel 'contents' permission set to 'read': .github/workflows/envoy-macos.yml:4","Info: topLevel 'contents' permission set to 'read': .github/workflows/envoy-prechecks.yml:4","Info: topLevel 'contents' permission set to 'read': .github/workflows/envoy-publish.yml:7","Info: topLevel 'contents' permission set to 'read': .github/workflows/envoy-release.yml:4","Info: topLevel 'contents' permission set to 'read': .github/workflows/envoy-security-check.yml:14","Info: topLevel 'contents' permission set to 'read': .github/workflows/envoy-sync.yml:4","Info: topLevel 'contents' permission set to 'read': .github/workflows/mobile-android_build.yml:4","Info: topLevel 'contents' permission set to 'read': .github/workflows/mobile-android_tests.yml:4","Info: topLevel 'contents' permission set to 'read': .github/workflows/mobile-asan.yml:4","Info: topLevel 'contents' permission set to 'read': .github/workflows/mobile-cc_tests.yml:4","Info: topLevel 'contents' permission set to 'read': .github/workflows/mobile-coverage.yml:4","Info: topLevel 'contents' permission set to 'read': .github/workflows/mobile-docs.yml:4","Info: topLevel 'contents' permission set to 'read': .github/workflows/mobile-format.yml:4","Info: topLevel 'contents' permission set to 'read': .github/workflows/mobile-ios_build.yml:4","Info: topLevel 'contents' permission set to 'read': .github/workflows/mobile-ios_tests.yml:4","Info: topLevel 'contents' permission set to 'read': .github/workflows/mobile-perf.yml:4","Info: topLevel 'contents' permission set to 'read': .github/workflows/mobile-release.yml:4","Info: topLevel 'contents' permission set to 'read': .github/workflows/mobile-release_validation.yml:4","Info: topLevel 'contents' permission set to 'read': .github/workflows/mobile-tsan.yml:4","Info: topLevel 'contents' permission set to 'read': .github/workflows/pr_notifier.yml:10","Info: topLevel 'contents' permission set to 'read': .github/workflows/request.yml:6","Info: topLevel 'contents' permission set to 'read': .github/workflows/scorecard.yml:11","Info: topLevel 'contents' permission set to 'read': .github/workflows/stale.yml:4","Info: topLevel 'contents' permission set to 'read': .github/workflows/toolchain-test.yml:4","Info: no jobLevel write permissions found"],"documentation":{"short":"Determines if the project's workflows follow the principle of least privilege.","url":"https://github.com/ossf/scorecard/blob/ab2f6e92482462fe66246d9e32f642855a691dc1/docs/checks.md#token-permissions"}},{"name":"Packaging","score":-1,"reason":"packaging workflow not detected","details":["Warn: no GitHub/GitLab publishing workflow detected."],"documentation":{"short":"Determines if the project is published as a package that others can easily download, install, easily update, and uninstall.","url":"https://github.com/ossf/scorecard/blob/ab2f6e92482462fe66246d9e32f642855a691dc1/docs/checks.md#packaging"}},{"name":"Dangerous-Workflow","score":10,"reason":"no dangerous workflow patterns detected","details":null,"documentation":{"short":"Determines if the project's GitHub Action workflows avoid dangerous patterns.","url":"https://github.com/ossf/scorecard/blob/ab2f6e92482462fe66246d9e32f642855a691dc1/docs/checks.md#dangerous-workflow"}},{"name":"CII-Best-Practices","score":5,"reason":"badge detected: Passing","details":null,"documentation":{"short":"Determines if the project has an OpenSSF (formerly CII) Best Practices Badge.","url":"https://github.com/ossf/scorecard/blob/ab2f6e92482462fe66246d9e32f642855a691dc1/docs/checks.md#cii-best-practices"}},{"name":"Binary-Artifacts","score":9,"reason":"binaries present in source code","details":["Warn: binary detected: test/common/json/json_sanitizer_corpus/binary_file:1"],"documentation":{"short":"Determines if the project has generated executable (binary) artifacts in the source repository.","url":"https://github.com/ossf/scorecard/blob/ab2f6e92482462fe66246d9e32f642855a691dc1/docs/checks.md#binary-artifacts"}},{"name":"Pinned-Dependencies","score":1,"reason":"dependency not pinned by hash detected -- score normalized to 1","details":["Info: Possibly incomplete results: error parsing shell code: invalid parameter name: .github/workflows/envoy-release.yml:204","Warn: third-party GitHubAction not pinned by hash: .github/workflows/_finish.yml:39: update your workflow using https://app.stepsecurity.io/secureworkflow/envoyproxy/envoy/_finish.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/_finish.yml:90: update your workflow using https://app.stepsecurity.io/secureworkflow/envoyproxy/envoy/_finish.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/_finish.yml:98: update your workflow using https://app.stepsecurity.io/secureworkflow/envoyproxy/envoy/_finish.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/_finish.yml:104: update your workflow using https://app.stepsecurity.io/secureworkflow/envoyproxy/envoy/_finish.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/_load.yml:103: update your workflow using https://app.stepsecurity.io/secureworkflow/envoyproxy/envoy/_load.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/_load.yml:114: update your workflow using https://app.stepsecurity.io/secureworkflow/envoyproxy/envoy/_load.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/_load.yml:120: update your workflow using https://app.stepsecurity.io/secureworkflow/envoyproxy/envoy/_load.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/_load.yml:128: update your workflow using https://app.stepsecurity.io/secureworkflow/envoyproxy/envoy/_load.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/_load.yml:148: update your workflow using https://app.stepsecurity.io/secureworkflow/envoyproxy/envoy/_load.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/_load_env.yml:66: update your workflow using https://app.stepsecurity.io/secureworkflow/envoyproxy/envoy/_load_env.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/_load_env.yml:73: update your workflow using https://app.stepsecurity.io/secureworkflow/envoyproxy/envoy/_load_env.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/_load_env.yml:77: update your workflow using https://app.stepsecurity.io/secureworkflow/envoyproxy/envoy/_load_env.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/_load_env.yml:89: update your workflow using https://app.stepsecurity.io/secureworkflow/envoyproxy/envoy/_load_env.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/_publish_release.yml:148: update your workflow using https://app.stepsecurity.io/secureworkflow/envoyproxy/envoy/_publish_release.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/_publish_release.yml:153: update your workflow using https://app.stepsecurity.io/secureworkflow/envoyproxy/envoy/_publish_release.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/_publish_release_container.yml:59: update your workflow using https://app.stepsecurity.io/secureworkflow/envoyproxy/envoy/_publish_release_container.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/_publish_release_container.yml:120: update your workflow using https://app.stepsecurity.io/secureworkflow/envoyproxy/envoy/_publish_release_container.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/_request.yml:59: update your workflow using https://app.stepsecurity.io/secureworkflow/envoyproxy/envoy/_request.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/_request.yml:66: update your workflow using https://app.stepsecurity.io/secureworkflow/envoyproxy/envoy/_request.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/_request.yml:80: update your workflow using https://app.stepsecurity.io/secureworkflow/envoyproxy/envoy/_request.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/_request.yml:91: update your workflow using https://app.stepsecurity.io/secureworkflow/envoyproxy/envoy/_request.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/_request.yml:99: update your workflow using https://app.stepsecurity.io/secureworkflow/envoyproxy/envoy/_request.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/_request.yml:108: update your workflow using https://app.stepsecurity.io/secureworkflow/envoyproxy/envoy/_request.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/_request.yml:124: update your workflow using https://app.stepsecurity.io/secureworkflow/envoyproxy/envoy/_request.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/_request.yml:167: update your workflow using https://app.stepsecurity.io/secureworkflow/envoyproxy/envoy/_request.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/_request.yml:172: update your workflow using https://app.stepsecurity.io/secureworkflow/envoyproxy/envoy/_request.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/_request.yml:178: update your workflow using https://app.stepsecurity.io/secureworkflow/envoyproxy/envoy/_request.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/_request.yml:186: update your workflow using https://app.stepsecurity.io/secureworkflow/envoyproxy/envoy/_request.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/_request_cache_bazel.yml:54: update your workflow using https://app.stepsecurity.io/secureworkflow/envoyproxy/envoy/_request_cache_bazel.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/_request_cache_bazel.yml:62: update your workflow using https://app.stepsecurity.io/secureworkflow/envoyproxy/envoy/_request_cache_bazel.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/_request_cache_bazel.yml:69: update your workflow using https://app.stepsecurity.io/secureworkflow/envoyproxy/envoy/_request_cache_bazel.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/_request_cache_bazel.yml:79: update your workflow using https://app.stepsecurity.io/secureworkflow/envoyproxy/envoy/_request_cache_bazel.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/_request_cache_docker.yml:54: update your workflow using https://app.stepsecurity.io/secureworkflow/envoyproxy/envoy/_request_cache_docker.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/_request_cache_docker.yml:60: update your workflow using https://app.stepsecurity.io/secureworkflow/envoyproxy/envoy/_request_cache_docker.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/_request_cache_docker.yml:68: update your workflow using https://app.stepsecurity.io/secureworkflow/envoyproxy/envoy/_request_cache_docker.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/_request_cache_docker.yml:76: update your workflow using https://app.stepsecurity.io/secureworkflow/envoyproxy/envoy/_request_cache_docker.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/_request_checks.yml:58: update your workflow using https://app.stepsecurity.io/secureworkflow/envoyproxy/envoy/_request_checks.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/_request_checks.yml:81: update your workflow using https://app.stepsecurity.io/secureworkflow/envoyproxy/envoy/_request_checks.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/_request_checks.yml:87: update your workflow using https://app.stepsecurity.io/secureworkflow/envoyproxy/envoy/_request_checks.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/_request_checks.yml:98: update your workflow using https://app.stepsecurity.io/secureworkflow/envoyproxy/envoy/_request_checks.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/_request_checks.yml:122: update your workflow using https://app.stepsecurity.io/secureworkflow/envoyproxy/envoy/_request_checks.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/_run.yml:220: update your workflow using https://app.stepsecurity.io/secureworkflow/envoyproxy/envoy/_run.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/_run.yml:228: update your workflow using https://app.stepsecurity.io/secureworkflow/envoyproxy/envoy/_run.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/_run.yml:260: update your workflow using https://app.stepsecurity.io/secureworkflow/envoyproxy/envoy/_run.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/_run.yml:266: update your workflow using https://app.stepsecurity.io/secureworkflow/envoyproxy/envoy/_run.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/_run.yml:286: update your workflow using https://app.stepsecurity.io/secureworkflow/envoyproxy/envoy/_run.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/_run.yml:291: update your workflow using https://app.stepsecurity.io/secureworkflow/envoyproxy/envoy/_run.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/_run.yml:302: update your workflow using https://app.stepsecurity.io/secureworkflow/envoyproxy/envoy/_run.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/_run.yml:319: update your workflow using https://app.stepsecurity.io/secureworkflow/envoyproxy/envoy/_run.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/_run.yml:328: update your workflow using https://app.stepsecurity.io/secureworkflow/envoyproxy/envoy/_run.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/_run.yml:341: update your workflow using https://app.stepsecurity.io/secureworkflow/envoyproxy/envoy/_run.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/_run.yml:359: update your workflow using https://app.stepsecurity.io/secureworkflow/envoyproxy/envoy/_run.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/codeql-daily.yml:33: update your workflow using https://app.stepsecurity.io/secureworkflow/envoyproxy/envoy/codeql-daily.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/codeql-push.yml:66: update your workflow using https://app.stepsecurity.io/secureworkflow/envoyproxy/envoy/codeql-push.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/command.yml:31: update your workflow using https://app.stepsecurity.io/secureworkflow/envoyproxy/envoy/command.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/command.yml:40: update your workflow using https://app.stepsecurity.io/secureworkflow/envoyproxy/envoy/command.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/command.yml:47: update your workflow using https://app.stepsecurity.io/secureworkflow/envoyproxy/envoy/command.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/envoy-dependency.yml:56: update your workflow using https://app.stepsecurity.io/secureworkflow/envoyproxy/envoy/envoy-dependency.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/envoy-dependency.yml:62: update your workflow using https://app.stepsecurity.io/secureworkflow/envoyproxy/envoy/envoy-dependency.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/envoy-dependency.yml:65: update your workflow using https://app.stepsecurity.io/secureworkflow/envoyproxy/envoy/envoy-dependency.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/envoy-dependency.yml:100: update your workflow using https://app.stepsecurity.io/secureworkflow/envoyproxy/envoy/envoy-dependency.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/envoy-dependency.yml:106: update your workflow using https://app.stepsecurity.io/secureworkflow/envoyproxy/envoy/envoy-dependency.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/envoy-dependency.yml:137: update your workflow using https://app.stepsecurity.io/secureworkflow/envoyproxy/envoy/envoy-dependency.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/envoy-dependency.yml:141: update your workflow using https://app.stepsecurity.io/secureworkflow/envoyproxy/envoy/envoy-dependency.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/envoy-dependency.yml:183: update your workflow using https://app.stepsecurity.io/secureworkflow/envoyproxy/envoy/envoy-dependency.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/envoy-dependency.yml:212: update your workflow using https://app.stepsecurity.io/secureworkflow/envoyproxy/envoy/envoy-dependency.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/envoy-release.yml:62: update your workflow using https://app.stepsecurity.io/secureworkflow/envoyproxy/envoy/envoy-release.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/envoy-release.yml:69: update your workflow using https://app.stepsecurity.io/secureworkflow/envoyproxy/envoy/envoy-release.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/envoy-release.yml:90: update your workflow using https://app.stepsecurity.io/secureworkflow/envoyproxy/envoy/envoy-release.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/envoy-release.yml:93: update your workflow using https://app.stepsecurity.io/secureworkflow/envoyproxy/envoy/envoy-release.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/envoy-release.yml:118: update your workflow using https://app.stepsecurity.io/secureworkflow/envoyproxy/envoy/envoy-release.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/envoy-release.yml:143: update your workflow using https://app.stepsecurity.io/secureworkflow/envoyproxy/envoy/envoy-release.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/envoy-release.yml:150: update your workflow using https://app.stepsecurity.io/secureworkflow/envoyproxy/envoy/envoy-release.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/envoy-release.yml:156: update your workflow using https://app.stepsecurity.io/secureworkflow/envoyproxy/envoy/envoy-release.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/envoy-release.yml:166: update your workflow using https://app.stepsecurity.io/secureworkflow/envoyproxy/envoy/envoy-release.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/envoy-release.yml:193: update your workflow using https://app.stepsecurity.io/secureworkflow/envoyproxy/envoy/envoy-release.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/envoy-release.yml:199: update your workflow using https://app.stepsecurity.io/secureworkflow/envoyproxy/envoy/envoy-release.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/envoy-release.yml:229: update your workflow using https://app.stepsecurity.io/secureworkflow/envoyproxy/envoy/envoy-release.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/envoy-release.yml:235: update your workflow using https://app.stepsecurity.io/secureworkflow/envoyproxy/envoy/envoy-release.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/envoy-security-check.yml:71: update your workflow using https://app.stepsecurity.io/secureworkflow/envoyproxy/envoy/envoy-security-check.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/envoy-security-check.yml:104: update your workflow using https://app.stepsecurity.io/secureworkflow/envoyproxy/envoy/envoy-security-check.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/envoy-sync.yml:37: update your workflow using https://app.stepsecurity.io/secureworkflow/envoyproxy/envoy/envoy-sync.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/envoy-sync.yml:42: update your workflow using https://app.stepsecurity.io/secureworkflow/envoyproxy/envoy/envoy-sync.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/envoy-sync.yml:64: update your workflow using https://app.stepsecurity.io/secureworkflow/envoyproxy/envoy/envoy-sync.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/envoy-sync.yml:69: update your workflow using https://app.stepsecurity.io/secureworkflow/envoyproxy/envoy/envoy-sync.yml/main?enable=pin","Warn: containerImage not pinned by hash: ci/Dockerfile-buildkit:3: pin your Docker image by updating moby/buildkit:v0.23.2 to moby/buildkit:v0.23.2@sha256:ddd1ca44b21eda906e81ab14a3d467fa6c39cd73b9a39df1196210edcb8db59e","Warn: containerImage not pinned by hash: ci/Dockerfile-distroless-testing:1: pin your Docker image by updating debian:bullseye-slim to debian:bullseye-slim@sha256:849d9d34d5fe0bf88b5fb3d09eb9684909ac4210488b52f4f7bbe683eedcb851","Warn: containerImage not pinned by hash: ci/matrix/Dockerfile:1: pin your Docker image by updating ubuntu:22.04 to ubuntu:22.04@sha256:1aa979d85661c488ce030ac292876cf6ed04535d3a237e49f61542d8e5de5ae0","Warn: containerImage not pinned by hash: distribution/docker/Dockerfile-envoy:75","Warn: containerImage not pinned by hash: distribution/docker/Dockerfile-envoy:99","Warn: containerImage not pinned by hash: distribution/docker/Dockerfile-envoy:105","Info:  21 out of  23 GitHub-owned GitHubAction dependencies pinned","Info:   2 out of  85 third-party GitHubAction dependencies pinned","Info:   6 out of  12 containerImage dependencies pinned"],"documentation":{"short":"Determines if the project has declared and pinned the dependencies of its build process.","url":"https://github.com/ossf/scorecard/blob/ab2f6e92482462fe66246d9e32f642855a691dc1/docs/checks.md#pinned-dependencies"}},{"name":"Fuzzing","score":10,"reason":"project is fuzzed","details":["Info: OSSFuzz integration found","Info: CppLibFuzzer integration found: test/fuzz/main.cc:50","Info: CppLibFuzzer integration found: test/fuzz/main.cc:50"],"documentation":{"short":"Determines if the project uses fuzzing.","url":"https://github.com/ossf/scorecard/blob/ab2f6e92482462fe66246d9e32f642855a691dc1/docs/checks.md#fuzzing"}},{"name":"Vulnerabilities","score":10,"reason":"0 existing vulnerabilities detected","details":null,"documentation":{"short":"Determines if the project has open, known unfixed vulnerabilities.","url":"https://github.com/ossf/scorecard/blob/ab2f6e92482462fe66246d9e32f642855a691dc1/docs/checks.md#vulnerabilities"}},{"name":"License","score":10,"reason":"license file detected","details":["Info: project has a license file: LICENSE:0","Info: FSF or OSI recognized license: Apache License 2.0: LICENSE:0"],"documentation":{"short":"Determines if the project has defined a license.","url":"https://github.com/ossf/scorecard/blob/ab2f6e92482462fe66246d9e32f642855a691dc1/docs/checks.md#license"}},{"name":"Signed-Releases","score":8,"reason":"5 out of the last 5 releases have a total of 5 signed artifacts.","details":["Info: signed release artifact: checksums.txt.asc: https://github.com/envoyproxy/envoy/releases/tag/v1.34.4","Info: signed release artifact: checksums.txt.asc: https://github.com/envoyproxy/envoy/releases/tag/v1.33.6","Info: signed release artifact: checksums.txt.asc: https://github.com/envoyproxy/envoy/releases/tag/v1.32.9","Info: signed release artifact: checksums.txt.asc: https://github.com/envoyproxy/envoy/releases/tag/v1.35.0","Info: signed release artifact: checksums.txt.asc: https://github.com/envoyproxy/envoy/releases/tag/v1.34.3","Warn: release artifact v1.34.4 does not have provenance: https://api.github.com/repos/envoyproxy/envoy/releases/234878662","Warn: release artifact v1.33.6 does not have provenance: https://api.github.com/repos/envoyproxy/envoy/releases/234862994","Warn: release artifact v1.32.9 does not have provenance: https://api.github.com/repos/envoyproxy/envoy/releases/234842139","Warn: release artifact v1.35.0 does not have provenance: https://api.github.com/repos/envoyproxy/envoy/releases/234665535","Warn: release artifact v1.34.3 does not have provenance: https://api.github.com/repos/envoyproxy/envoy/releases/233631474"],"documentation":{"short":"Determines if the project cryptographically signs release artifacts.","url":"https://github.com/ossf/scorecard/blob/ab2f6e92482462fe66246d9e32f642855a691dc1/docs/checks.md#signed-releases"}},{"name":"Branch-Protection","score":4,"reason":"branch protection is not maximal on development and all release branches","details":["Info: 'allow deletion' disabled on branch 'main'","Info: 'force pushes' disabled on branch 'main'","Warn: 'branch protection settings apply to administrators' is disabled on branch 'main'","Info: 'stale review dismissal' is required to merge on branch 'main'","Warn: required approving review count is 1 on branch 'main'","Warn: codeowners review is not required on branch 'main'","Warn: 'last push approval' is disabled on branch 'main'","Warn: 'up-to-date branches' is disabled on branch 'main'","Info: status check found to merge onto on branch 'main'","Info: PRs are required in order to make changes on branch 'main'"],"documentation":{"short":"Determines if the default and release branches are protected with GitHub's branch protection settings.","url":"https://github.com/ossf/scorecard/blob/ab2f6e92482462fe66246d9e32f642855a691dc1/docs/checks.md#branch-protection"}},{"name":"CI-Tests","score":10,"reason":"30 out of 30 merged PRs checked by a CI test -- score normalized to 10","details":null,"documentation":{"short":"Determines if the project runs tests before pull requests are merged.","url":"https://github.com/ossf/scorecard/blob/ab2f6e92482462fe66246d9e32f642855a691dc1/docs/checks.md#ci-tests"}},{"name":"SAST","score":8,"reason":"SAST tool detected but not run on all commits","details":["Info: SAST configuration detected: CodeQL","Info: SAST configuration detected: CodeQL","Warn: 12 commits out of 30 are checked with a SAST tool"],"documentation":{"short":"Determines if the project uses static code analysis.","url":"https://github.com/ossf/scorecard/blob/ab2f6e92482462fe66246d9e32f642855a691dc1/docs/checks.md#sast"}},{"name":"Contributors","score":10,"reason":"project has 30 contributing companies or organizations","details":["Info: found contributions from: CocoaPods, MobileNativeFoundation, PlugForMac, airbnb, apache, apple, argoproj, bazel-contrib, bazelbuild, bitdrift, br1sk, cncf, collective, cornell university, danger, databricks, envoyproxy, google, googlers, hango-io, ios-bazel-users, llvm, lyft, magneticbear, mobile @ ramp, modularml, proxy-wasm, swiftlang, tetrate, translate"],"documentation":{"short":"Determines if the project has a set of contributors from multiple organizations (e.g., companies).","url":"https://github.com/ossf/scorecard/blob/ab2f6e92482462fe66246d9e32f642855a691dc1/docs/checks.md#contributors"}}]},"last_synced_at":"2025-08-15T21:41:30.189Z","repository_id":37243674,"created_at":"2025-08-15T21:41:30.190Z","updated_at":"2025-08-15T21:41:30.190Z"},"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":33907694,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-05-26T15:22:16.424Z","status":"online","status_checked_at":"2026-06-04T02:00:06.755Z","response_time":64,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["cars","cats","cats-over-dogs","cncf","corgis","more-cats","nanoservices","rocket-ships"],"created_at":"2024-07-30T19:00:38.972Z","updated_at":"2026-06-04T14:00:48.984Z","avatar_url":"https://github.com/envoyproxy.png","language":"C++","funding_links":[],"categories":["C++","others","Observability","C/C++","C++ (70)","Cpp","cncf","HarmonyOS","蓝队工具","Load Balancing \u0026 Ingress","Application Recommendation","\u003ca name=\"cpp\"\u003e\u003c/a\u003eC++","Repos","Reverse Proxies \u0026 Load Balancers"],"sub_categories":["Proxy","Windows Manager","流量代理","📡 Web Tools"],"readme":"![Envoy Logo](https://github.com/envoyproxy/artwork/blob/main/PNG/Envoy_Logo_Final_PANTONE.png)\n\n[Cloud-native high-performance edge/middle/service proxy](https://www.envoyproxy.io/)\n\nEnvoy is hosted by the [Cloud Native Computing Foundation](https://cncf.io) (CNCF). If you are a\ncompany that wants to help shape the evolution of technologies that are container-packaged,\ndynamically-scheduled and microservices-oriented, consider joining the CNCF. For details about who's\ninvolved and how Envoy plays a role, read the CNCF\n[announcement](https://www.cncf.io/blog/2017/09/13/cncf-hosts-envoy/).\n\n[![CII Best Practices](https://bestpractices.coreinfrastructure.org/projects/1266/badge)](https://bestpractices.coreinfrastructure.org/projects/1266)\n[![OpenSSF Scorecard](https://api.securityscorecards.dev/projects/github.com/envoyproxy/envoy/badge)](https://securityscorecards.dev/viewer/?uri=github.com/envoyproxy/envoy)\n[![CLOMonitor](https://img.shields.io/endpoint?url=https://clomonitor.io/api/projects/cncf/envoy/badge)](https://clomonitor.io/projects/cncf/envoy)\n[![Azure Pipelines](https://dev.azure.com/cncf/envoy/_apis/build/status/11?branchName=main)](https://dev.azure.com/cncf/envoy/_build/latest?definitionId=11\u0026branchName=main)\n[![Fuzzing Status](https://oss-fuzz-build-logs.storage.googleapis.com/badges/envoy.svg)](https://bugs.chromium.org/p/oss-fuzz/issues/list?sort=-opened\u0026can=1\u0026q=proj:envoy)\n[![Jenkins](https://powerci.osuosl.org/buildStatus/icon?job=build-envoy-static-master\u0026subject=ppc64le%20build)](https://powerci.osuosl.org/job/build-envoy-static-master/)\n[![Jenkins](https://ibmz-ci.osuosl.org/buildStatus/icon?job=Envoy_IBMZ_CI\u0026subject=s390x%20build)](https://ibmz-ci.osuosl.org/job/Envoy_IBMZ_CI/)\n\n## Documentation\n\n* [Official documentation](https://www.envoyproxy.io/)\n* [FAQ](https://www.envoyproxy.io/docs/envoy/latest/faq/overview)\n* [Unofficial Chinese documentation](https://cloudnative.to/envoy/)\n* [Example documentation](https://github.com/envoyproxy/examples/)\n* [Blog](https://medium.com/@mattklein123/envoy-threading-model-a8d44b922310) about the threading model\n* [Blog](https://medium.com/@mattklein123/envoy-hot-restart-1d16b14555b5) about hot restart\n* [Blog](https://medium.com/@mattklein123/envoy-stats-b65c7f363342) about stats architecture\n* [Blog](https://medium.com/@mattklein123/the-universal-data-plane-api-d15cec7a) about universal data plane API\n* [Blog](https://medium.com/@mattklein123/lyfts-envoy-dashboards-5c91738816b1) on Lyft's Envoy dashboards\n\n## Related\n\n* [data-plane-api](https://github.com/envoyproxy/data-plane-api): v2 API definitions as a standalone\n  repository. This is a read-only mirror of [api](api/).\n* [envoy-perf](https://github.com/envoyproxy/envoy-perf): Performance testing framework.\n* [envoy-filter-example](https://github.com/envoyproxy/envoy-filter-example): Example of how to add new filters\n  and link to the main repository.\n\n## Contact\n\n* [envoy-announce](https://groups.google.com/forum/#!forum/envoy-announce): Low frequency mailing\n  list where we will email announcements only.\n* [envoy-security-announce](https://groups.google.com/forum/#!forum/envoy-security-announce): Low frequency mailing\n  list where we will email security related announcements only.\n* [envoy-users](https://groups.google.com/forum/#!forum/envoy-users): General user discussion.\n* [envoy-dev](https://groups.google.com/forum/#!forum/envoy-dev): Envoy developer discussion (APIs,\n  feature design, etc.).\n* [envoy-maintainers](https://groups.google.com/forum/#!forum/envoy-maintainers): Use this list\n  to reach all core Envoy maintainers.\n* [Twitter](https://twitter.com/EnvoyProxy/): Follow along on Twitter!\n* [Slack](https://envoyproxy.slack.com/): Slack, to get invited go [here](https://communityinviter.com/apps/envoyproxy/envoy).\n  * NOTE: Response to user questions is best effort on Slack. For a \"guaranteed\" response please email\n    envoy-users@ per the guidance in the following linked thread.\n\nPlease see [this](https://groups.google.com/forum/#!topic/envoy-announce/l9zjYsnS3TY) email thread\nfor information on email list usage.\n\n## Contributing\n\nContributing to Envoy is fun and modern C++ is a lot less scary than you might think if you don't\nhave prior experience. To get started:\n\n* [Contributing guide](CONTRIBUTING.md)\n* [Beginner issues](https://github.com/envoyproxy/envoy/issues?q=is%3Aopen+is%3Aissue+label%3Abeginner)\n* [Build/test quick start using docker](ci#building-and-running-tests-as-a-developer)\n* [Developer guide](DEVELOPER.md)\n* Consider installing the Envoy [development support toolchain](https://github.com/envoyproxy/envoy/blob/main/support/README.md), which helps automate parts of the development process, particularly those involving code review.\n* Please make sure that you let us know if you are working on an issue so we don't duplicate work!\n\n## Community Meeting\n\nThe Envoy team has a scheduled meeting time twice per month on Tuesday at 9am PT. The public\nGoogle calendar is [here](https://goo.gl/PkDijT).  The meeting will only be held\nif there are agenda items listed in the [meeting\nminutes](https://goo.gl/5Cergb).  Any member of the community should be able to\npropose agenda items by adding to the minutes.  The maintainers will either confirm\nthe additions to the agenda, or will cancel the meeting within 24 hours of the scheduled\ndate if there is no confirmed agenda.\n\n## Security\n\n### Security Audit\n\nThere has been several third party engagements focused on Envoy security:\n* In 2018 Cure53 performed a security audit, [full report](docs/security/audit_cure53_2018.pdf).\n* In 2021 Ada Logics performed an audit on our fuzzing infrastructure with recommendations for improvements, [full report](docs/security/audit_fuzzer_adalogics_2021.pdf).\n\n### Reporting security vulnerabilities\n\nIf you've found a vulnerability or a potential vulnerability in Envoy please let us know at\n[envoy-security](mailto:envoy-security@googlegroups.com). We'll send a confirmation\nemail to acknowledge your report, and we'll send an additional email when we've identified the issue\npositively or negatively.\n\nFor further details please see our complete [security release process](SECURITY.md).\n\n### ppc64le builds\n\nBuilds for the ppc64le architecture or using aws-lc are not covered by the envoy security policy. The ppc64le architecture is currently best-effort and not maintained by the Envoy maintainers.\n\n## Releases\n\nFor further details please see our [release process](https://github.com/envoyproxy/envoy/blob/main/RELEASES.md).\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fenvoyproxy%2Fenvoy","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fenvoyproxy%2Fenvoy","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fenvoyproxy%2Fenvoy/lists"}