{"id":41304709,"url":"https://github.com/kubestellar/console","last_synced_at":"2026-05-10T10:05:59.149Z","repository":{"id":332913225,"uuid":"1135473716","full_name":"kubestellar/console","owner":"kubestellar","description":"World's first fully integrated and fully Automated Kubernetes management and orchestration solution","archived":false,"fork":false,"pushed_at":"2026-04-30T03:31:06.000Z","size":93871,"stargazers_count":79,"open_issues_count":8,"forks_count":62,"subscribers_count":1,"default_branch":"main","last_synced_at":"2026-04-30T03:35:20.221Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":"https://console.kubestellar.io","language":"TypeScript","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/kubestellar.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":"CONTRIBUTING.md","funding":null,"license":"LICENSE","code_of_conduct":"CODE_OF_CONDUCT.md","threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":"SECURITY.md","support":"docs/SUPPORT.md","governance":"GOVERNANCE.md","roadmap":"ROADMAP.md","authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":"MAINTAINERS.md","copyright":null,"agents":"AGENTS.md","dco":"DCO","cla":null}},"created_at":"2026-01-16T06:32:19.000Z","updated_at":"2026-04-30T03:31:10.000Z","dependencies_parsed_at":"2026-04-23T01:07:51.905Z","dependency_job_id":null,"html_url":"https://github.com/kubestellar/console","commit_stats":null,"previous_names":["kubestellar/console"],"tags_count":90,"template":false,"template_full_name":null,"purl":"pkg:github/kubestellar/console","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/kubestellar%2Fconsole","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/kubestellar%2Fconsole/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/kubestellar%2Fconsole/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/kubestellar%2Fconsole/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/kubestellar","download_url":"https://codeload.github.com/kubestellar/console/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/kubestellar%2Fconsole/sbom","scorecard":{"id":1245999,"data":{"date":"2026-04-13T20:10:41Z","repo":{"name":"github.com/kubestellar/console","commit":"c7c6dfeaebabab559926324cb01cd367fd789b5d"},"scorecard":{"version":"v5.0.0","commit":"ea7e27ed41b76ab879c862fa0ca4cc9c61764ee4"},"score":7.1,"checks":[{"name":"Binary-Artifacts","score":10,"reason":"no binaries found in the repo","details":null,"documentation":{"short":"Determines if the project has generated executable (binary) artifacts in the source repository.","url":"https://github.com/ossf/scorecard/blob/ea7e27ed41b76ab879c862fa0ca4cc9c61764ee4/docs/checks.md#binary-artifacts"}},{"name":"Branch-Protection","score":3,"reason":"branch protection is not maximal on development and all release branches","details":["Info: 'allow deletion' disabled on branch 'main'","Info: 'force pushes' disabled on branch 'main'","Warn: 'branch protection settings apply to administrators' is disable on branch 'main'","Warn: could not determine whether codeowners review is allowed","Warn: no status checks found to merge onto branch 'main'","Warn: PRs are not required to make changes on branch 'main'; or we don't have data to detect it.If you think it might be the latter, make sure to run Scorecard with a PAT or use Repo Rules (that are always public) instead of Branch Protection settings"],"documentation":{"short":"Determines if the default and release branches are protected with GitHub's branch protection settings.","url":"https://github.com/ossf/scorecard/blob/ea7e27ed41b76ab879c862fa0ca4cc9c61764ee4/docs/checks.md#branch-protection"}},{"name":"CI-Tests","score":10,"reason":"28 out of 28 merged PRs checked by a CI test -- score normalized to 10","details":null,"documentation":{"short":"Determines if the project runs tests before pull requests are merged.","url":"https://github.com/ossf/scorecard/blob/ea7e27ed41b76ab879c862fa0ca4cc9c61764ee4/docs/checks.md#ci-tests"}},{"name":"CII-Best-Practices","score":7,"reason":"badge detected: Silver","details":null,"documentation":{"short":"Determines if the project has an OpenSSF (formerly CII) Best Practices Badge.","url":"https://github.com/ossf/scorecard/blob/ea7e27ed41b76ab879c862fa0ca4cc9c61764ee4/docs/checks.md#cii-best-practices"}},{"name":"Code-Review","score":0,"reason":"Found 0/30 approved changesets -- score normalized to 0","details":null,"documentation":{"short":"Determines if the project requires human code review before pull requests (aka merge requests) are merged.","url":"https://github.com/ossf/scorecard/blob/ea7e27ed41b76ab879c862fa0ca4cc9c61764ee4/docs/checks.md#code-review"}},{"name":"Contributors","score":3,"reason":"project has 1 contributing companies or organizations -- score normalized to 3","details":["Info: ibm.com contributor org/company found, "],"documentation":{"short":"Determines if the project has a set of contributors from multiple organizations (e.g., companies).","url":"https://github.com/ossf/scorecard/blob/ea7e27ed41b76ab879c862fa0ca4cc9c61764ee4/docs/checks.md#contributors"}},{"name":"Dangerous-Workflow","score":10,"reason":"no dangerous workflow patterns detected","details":null,"documentation":{"short":"Determines if the project's GitHub Action workflows avoid dangerous patterns.","url":"https://github.com/ossf/scorecard/blob/ea7e27ed41b76ab879c862fa0ca4cc9c61764ee4/docs/checks.md#dangerous-workflow"}},{"name":"Dependency-Update-Tool","score":10,"reason":"update tool detected","details":["Info: detected update tool: Dependabot: .github/dependabot.yml:1"],"documentation":{"short":"Determines if the project uses a dependency update tool.","url":"https://github.com/ossf/scorecard/blob/ea7e27ed41b76ab879c862fa0ca4cc9c61764ee4/docs/checks.md#dependency-update-tool"}},{"name":"Fuzzing","score":10,"reason":"project is fuzzed","details":["Info: GoBuiltInFuzzer integration found: pkg/api/middleware/auth_fuzz_test.go:42","Info: GoBuiltInFuzzer integration found: pkg/settings/crypto_fuzz_test.go:42","Info: GoBuiltInFuzzer integration found: pkg/settings/crypto_fuzz_test.go:42"],"documentation":{"short":"Determines if the project uses fuzzing.","url":"https://github.com/ossf/scorecard/blob/ea7e27ed41b76ab879c862fa0ca4cc9c61764ee4/docs/checks.md#fuzzing"}},{"name":"License","score":10,"reason":"license file detected","details":["Info: project has a license file: LICENSE:0","Info: FSF or OSI recognized license: Apache License 2.0: LICENSE:0"],"documentation":{"short":"Determines if the project has defined a license.","url":"https://github.com/ossf/scorecard/blob/ea7e27ed41b76ab879c862fa0ca4cc9c61764ee4/docs/checks.md#license"}},{"name":"Maintained","score":0,"reason":"project was created in last 90 days. please review its contents carefully","details":["Warn: Repository was created in last 90 days."],"documentation":{"short":"Determines if the project is \"actively maintained\".","url":"https://github.com/ossf/scorecard/blob/ea7e27ed41b76ab879c862fa0ca4cc9c61764ee4/docs/checks.md#maintained"}},{"name":"Packaging","score":10,"reason":"packaging workflow detected","details":["Info: Project packages its releases by way of GitHub Actions.: .github/workflows/build-deploy.yml:64"],"documentation":{"short":"Determines if the project is published as a package that others can easily download, install, easily update, and uninstall.","url":"https://github.com/ossf/scorecard/blob/ea7e27ed41b76ab879c862fa0ca4cc9c61764ee4/docs/checks.md#packaging"}},{"name":"Pinned-Dependencies","score":5,"reason":"dependency not pinned by hash detected -- score normalized to 5","details":["Info: Possibly incomplete results: error parsing shell code: case patterns must consist of words: .github/workflows/auto-qa.yml:2447","Info: Possibly incomplete results: error parsing shell code: unclosed here-document 'EOF': .github/workflows/copilot-recovery.yml:408","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/_perf-regression-issue.yml:53: update your workflow using https://app.stepsecurity.io/secureworkflow/kubestellar/console/_perf-regression-issue.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/_perf-regression-issue.yml:59: update your workflow using https://app.stepsecurity.io/secureworkflow/kubestellar/console/_perf-regression-issue.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/_perf-regression-issue.yml:64: update your workflow using https://app.stepsecurity.io/secureworkflow/kubestellar/console/_perf-regression-issue.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/accm-history-update.yml:38: update your workflow using https://app.stepsecurity.io/secureworkflow/kubestellar/console/accm-history-update.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/accm-history-update.yml:41: update your workflow using https://app.stepsecurity.io/secureworkflow/kubestellar/console/accm-history-update.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/api-contract.yml:29: update your workflow using https://app.stepsecurity.io/secureworkflow/kubestellar/console/api-contract.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/api-contract.yml:32: update your workflow using https://app.stepsecurity.io/secureworkflow/kubestellar/console/api-contract.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/api-contract.yml:66: update your workflow using https://app.stepsecurity.io/secureworkflow/kubestellar/console/api-contract.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/auth-login-smoke.yml:46: update your workflow using https://app.stepsecurity.io/secureworkflow/kubestellar/console/auth-login-smoke.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/auth-login-smoke.yml:48: update your workflow using https://app.stepsecurity.io/secureworkflow/kubestellar/console/auth-login-smoke.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/auth-login-smoke.yml:151: update your workflow using https://app.stepsecurity.io/secureworkflow/kubestellar/console/auth-login-smoke.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/auto-qa-tuner.yml:52: update your workflow using https://app.stepsecurity.io/secureworkflow/kubestellar/console/auto-qa-tuner.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/auto-qa-tuner.yml:269: update your workflow using https://app.stepsecurity.io/secureworkflow/kubestellar/console/auto-qa-tuner.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/auto-qa-tuner.yml:520: update your workflow using https://app.stepsecurity.io/secureworkflow/kubestellar/console/auto-qa-tuner.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/auto-qa-tuner.yml:816: update your workflow using https://app.stepsecurity.io/secureworkflow/kubestellar/console/auto-qa-tuner.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/auto-qa.yml:64: update your workflow using https://app.stepsecurity.io/secureworkflow/kubestellar/console/auto-qa.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/auto-qa.yml:69: update your workflow using https://app.stepsecurity.io/secureworkflow/kubestellar/console/auto-qa.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/auto-qa.yml:76: update your workflow using https://app.stepsecurity.io/secureworkflow/kubestellar/console/auto-qa.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/auto-qa.yml:3441: update your workflow using https://app.stepsecurity.io/secureworkflow/kubestellar/console/auto-qa.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/auto-triage.yml:16: update your workflow using https://app.stepsecurity.io/secureworkflow/kubestellar/console/auto-triage.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build-deploy.yml:132: update your workflow using https://app.stepsecurity.io/secureworkflow/kubestellar/console/build-deploy.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build-deploy.yml:151: update your workflow using https://app.stepsecurity.io/secureworkflow/kubestellar/console/build-deploy.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/card-standard-nightly.yml:26: update your workflow using https://app.stepsecurity.io/secureworkflow/kubestellar/console/card-standard-nightly.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/card-standard-nightly.yml:28: update your workflow using https://app.stepsecurity.io/secureworkflow/kubestellar/console/card-standard-nightly.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/claude-code-review.yml:33: update your workflow using https://app.stepsecurity.io/secureworkflow/kubestellar/console/claude-code-review.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/claude-code-review.yml:39: update your workflow using https://app.stepsecurity.io/secureworkflow/kubestellar/console/claude-code-review.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/claude.yml:32: update your workflow using https://app.stepsecurity.io/secureworkflow/kubestellar/console/claude.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/claude.yml:38: update your workflow using https://app.stepsecurity.io/secureworkflow/kubestellar/console/claude.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/cleanup-screenshots.yml:29: update your workflow using https://app.stepsecurity.io/secureworkflow/kubestellar/console/cleanup-screenshots.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/cleanup-screenshots.yml:35: update your workflow using https://app.stepsecurity.io/secureworkflow/kubestellar/console/cleanup-screenshots.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/codeql.yml:32: update your workflow using https://app.stepsecurity.io/secureworkflow/kubestellar/console/codeql.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/codeql.yml:35: update your workflow using https://app.stepsecurity.io/secureworkflow/kubestellar/console/codeql.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/codeql.yml:40: update your workflow using https://app.stepsecurity.io/secureworkflow/kubestellar/console/codeql.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/codeql.yml:47: update your workflow using https://app.stepsecurity.io/secureworkflow/kubestellar/console/codeql.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/codeql.yml:50: update your workflow using https://app.stepsecurity.io/secureworkflow/kubestellar/console/codeql.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/codeql.yml:66: update your workflow using https://app.stepsecurity.io/secureworkflow/kubestellar/console/codeql.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/codeql.yml:69: update your workflow using https://app.stepsecurity.io/secureworkflow/kubestellar/console/codeql.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/codeql.yml:76: update your workflow using https://app.stepsecurity.io/secureworkflow/kubestellar/console/codeql.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/codeql.yml:79: update your workflow using https://app.stepsecurity.io/secureworkflow/kubestellar/console/codeql.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/console-issue-labels.yml:18: update your workflow using https://app.stepsecurity.io/secureworkflow/kubestellar/console/console-issue-labels.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/copilot-build-check.yml:24: update your workflow using https://app.stepsecurity.io/secureworkflow/kubestellar/console/copilot-build-check.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/copilot-build-check.yml:27: update your workflow using https://app.stepsecurity.io/secureworkflow/kubestellar/console/copilot-build-check.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/copilot-build-monitor.yml:20: update your workflow using https://app.stepsecurity.io/secureworkflow/kubestellar/console/copilot-build-monitor.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/copilot-comment-followup.yml:33: update your workflow using https://app.stepsecurity.io/secureworkflow/kubestellar/console/copilot-comment-followup.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/copilot-pr-monitor.yml:27: update your workflow using https://app.stepsecurity.io/secureworkflow/kubestellar/console/copilot-pr-monitor.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/copilot-retry.yml:41: update your workflow using https://app.stepsecurity.io/secureworkflow/kubestellar/console/copilot-retry.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/copilot-review-apply.yml:22: update your workflow using https://app.stepsecurity.io/secureworkflow/kubestellar/console/copilot-review-apply.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/copilot-setup-steps.yml:22: update your workflow using https://app.stepsecurity.io/secureworkflow/kubestellar/console/copilot-setup-steps.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/copilot-setup-steps.yml:42: update your workflow using https://app.stepsecurity.io/secureworkflow/kubestellar/console/copilot-setup-steps.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/coverage-gate.yml:34: update your workflow using https://app.stepsecurity.io/secureworkflow/kubestellar/console/coverage-gate.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/coverage-gate.yml:39: update your workflow using https://app.stepsecurity.io/secureworkflow/kubestellar/console/coverage-gate.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/coverage-gate.yml:129: update your workflow using https://app.stepsecurity.io/secureworkflow/kubestellar/console/coverage-gate.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/coverage-hourly.yml:42: update your workflow using https://app.stepsecurity.io/secureworkflow/kubestellar/console/coverage-hourly.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/coverage-hourly.yml:45: update your workflow using https://app.stepsecurity.io/secureworkflow/kubestellar/console/coverage-hourly.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/coverage-hourly.yml:100: update your workflow using https://app.stepsecurity.io/secureworkflow/kubestellar/console/coverage-hourly.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/coverage-hourly.yml:109: update your workflow using https://app.stepsecurity.io/secureworkflow/kubestellar/console/coverage-hourly.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/coverage-hourly.yml:134: update your workflow using https://app.stepsecurity.io/secureworkflow/kubestellar/console/coverage-hourly.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/coverage-hourly.yml:137: update your workflow using https://app.stepsecurity.io/secureworkflow/kubestellar/console/coverage-hourly.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/coverage-hourly.yml:148: update your workflow using https://app.stepsecurity.io/secureworkflow/kubestellar/console/coverage-hourly.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/coverage-hourly.yml:155: update your workflow using https://app.stepsecurity.io/secureworkflow/kubestellar/console/coverage-hourly.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/coverage-hourly.yml:251: update your workflow using https://app.stepsecurity.io/secureworkflow/kubestellar/console/coverage-hourly.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/coverage-hourly.yml:258: update your workflow using https://app.stepsecurity.io/secureworkflow/kubestellar/console/coverage-hourly.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/coverage-hourly.yml:371: update your workflow using https://app.stepsecurity.io/secureworkflow/kubestellar/console/coverage-hourly.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/coverage-weekly-review.yml:26: update your workflow using https://app.stepsecurity.io/secureworkflow/kubestellar/console/coverage-weekly-review.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/coverage-weekly-review.yml:29: update your workflow using https://app.stepsecurity.io/secureworkflow/kubestellar/console/coverage-weekly-review.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ga4-error-monitor.yml:46: update your workflow using https://app.stepsecurity.io/secureworkflow/kubestellar/console/ga4-error-monitor.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ga4-error-monitor.yml:52: update your workflow using https://app.stepsecurity.io/secureworkflow/kubestellar/console/ga4-error-monitor.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ga4-error-monitor.yml:60: update your workflow using https://app.stepsecurity.io/secureworkflow/kubestellar/console/ga4-error-monitor.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ga4-mobile-monitor.yml:53: update your workflow using https://app.stepsecurity.io/secureworkflow/kubestellar/console/ga4-mobile-monitor.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ga4-mobile-monitor.yml:59: update your workflow using https://app.stepsecurity.io/secureworkflow/kubestellar/console/ga4-mobile-monitor.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ga4-mobile-monitor.yml:67: update your workflow using https://app.stepsecurity.io/secureworkflow/kubestellar/console/ga4-mobile-monitor.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/nightly-compliance.yml:41: update your workflow using https://app.stepsecurity.io/secureworkflow/kubestellar/console/nightly-compliance.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/nightly-compliance.yml:44: update your workflow using https://app.stepsecurity.io/secureworkflow/kubestellar/console/nightly-compliance.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/nightly-compliance.yml:57: update your workflow using https://app.stepsecurity.io/secureworkflow/kubestellar/console/nightly-compliance.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/nightly-compliance.yml:115: update your workflow using https://app.stepsecurity.io/secureworkflow/kubestellar/console/nightly-compliance.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/nightly-compliance.yml:118: update your workflow using https://app.stepsecurity.io/secureworkflow/kubestellar/console/nightly-compliance.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/nightly-compliance.yml:131: update your workflow using https://app.stepsecurity.io/secureworkflow/kubestellar/console/nightly-compliance.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/nightly-compliance.yml:162: update your workflow using https://app.stepsecurity.io/secureworkflow/kubestellar/console/nightly-compliance.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/nightly-compliance.yml:186: update your workflow using https://app.stepsecurity.io/secureworkflow/kubestellar/console/nightly-compliance.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/nightly-compliance.yml:227: update your workflow using https://app.stepsecurity.io/secureworkflow/kubestellar/console/nightly-compliance.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/nightly-compliance.yml:230: update your workflow using https://app.stepsecurity.io/secureworkflow/kubestellar/console/nightly-compliance.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/nightly-compliance.yml:243: update your workflow using https://app.stepsecurity.io/secureworkflow/kubestellar/console/nightly-compliance.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/nightly-compliance.yml:278: update your workflow using https://app.stepsecurity.io/secureworkflow/kubestellar/console/nightly-compliance.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/nightly-compliance.yml:306: update your workflow using https://app.stepsecurity.io/secureworkflow/kubestellar/console/nightly-compliance.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/nightly-compliance.yml:324: update your workflow using https://app.stepsecurity.io/secureworkflow/kubestellar/console/nightly-compliance.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/nightly-compliance.yml:327: update your workflow using https://app.stepsecurity.io/secureworkflow/kubestellar/console/nightly-compliance.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/nightly-compliance.yml:392: update your workflow using https://app.stepsecurity.io/secureworkflow/kubestellar/console/nightly-compliance.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/nightly-dashboard-health.yml:45: update your workflow using https://app.stepsecurity.io/secureworkflow/kubestellar/console/nightly-dashboard-health.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/nightly-dashboard-health.yml:47: update your workflow using https://app.stepsecurity.io/secureworkflow/kubestellar/console/nightly-dashboard-health.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/nightly-dashboard-health.yml:96: update your workflow using https://app.stepsecurity.io/secureworkflow/kubestellar/console/nightly-dashboard-health.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/nightly-dashboard-health.yml:99: update your workflow using https://app.stepsecurity.io/secureworkflow/kubestellar/console/nightly-dashboard-health.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/nightly-dashboard-health.yml:141: update your workflow using https://app.stepsecurity.io/secureworkflow/kubestellar/console/nightly-dashboard-health.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/nightly-dashboard-health.yml:151: update your workflow using https://app.stepsecurity.io/secureworkflow/kubestellar/console/nightly-dashboard-health.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/nightly-dashboard-health.yml:161: update your workflow using https://app.stepsecurity.io/secureworkflow/kubestellar/console/nightly-dashboard-health.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/nightly-dast.yml:243: update your workflow using https://app.stepsecurity.io/secureworkflow/kubestellar/console/nightly-dast.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/nightly-dast.yml:246: update your workflow using https://app.stepsecurity.io/secureworkflow/kubestellar/console/nightly-dast.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/nightly-dast.yml:257: update your workflow using https://app.stepsecurity.io/secureworkflow/kubestellar/console/nightly-dast.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/nightly-dast.yml:299: update your workflow using https://app.stepsecurity.io/secureworkflow/kubestellar/console/nightly-dast.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/nightly-dast.yml:39: update your workflow using https://app.stepsecurity.io/secureworkflow/kubestellar/console/nightly-dast.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/nightly-dast.yml:42: update your workflow using https://app.stepsecurity.io/secureworkflow/kubestellar/console/nightly-dast.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/nightly-dast.yml:52: update your workflow using https://app.stepsecurity.io/secureworkflow/kubestellar/console/nightly-dast.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/nightly-dast.yml:131: update your workflow using https://app.stepsecurity.io/secureworkflow/kubestellar/console/nightly-dast.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/nightly-test-suite.yml:30: update your workflow using https://app.stepsecurity.io/secureworkflow/kubestellar/console/nightly-test-suite.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/nightly-test-suite.yml:36: update your workflow using https://app.stepsecurity.io/secureworkflow/kubestellar/console/nightly-test-suite.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/nightly-test-suite.yml:41: update your workflow using https://app.stepsecurity.io/secureworkflow/kubestellar/console/nightly-test-suite.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/nightly-test-suite.yml:285: update your workflow using https://app.stepsecurity.io/secureworkflow/kubestellar/console/nightly-test-suite.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/nightly-ux-journeys.yml:37: update your workflow using https://app.stepsecurity.io/secureworkflow/kubestellar/console/nightly-ux-journeys.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/nightly-ux-journeys.yml:40: update your workflow using https://app.stepsecurity.io/secureworkflow/kubestellar/console/nightly-ux-journeys.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/nightly-ux-journeys.yml:71: update your workflow using https://app.stepsecurity.io/secureworkflow/kubestellar/console/nightly-ux-journeys.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/nightly-ux-journeys.yml:81: update your workflow using https://app.stepsecurity.io/secureworkflow/kubestellar/console/nightly-ux-journeys.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/nightly-ux-journeys.yml:111: update your workflow using https://app.stepsecurity.io/secureworkflow/kubestellar/console/nightly-ux-journeys.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/nightly-ux-journeys.yml:114: update your workflow using https://app.stepsecurity.io/secureworkflow/kubestellar/console/nightly-ux-journeys.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/nightly-ux-journeys.yml:144: update your workflow using https://app.stepsecurity.io/secureworkflow/kubestellar/console/nightly-ux-journeys.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/nil-safety.yml:40: update your workflow using https://app.stepsecurity.io/secureworkflow/kubestellar/console/nil-safety.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/nil-safety.yml:43: update your workflow using https://app.stepsecurity.io/secureworkflow/kubestellar/console/nil-safety.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/nil-safety.yml:129: update your workflow using https://app.stepsecurity.io/secureworkflow/kubestellar/console/nil-safety.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/nil-safety.yml:132: update your workflow using https://app.stepsecurity.io/secureworkflow/kubestellar/console/nil-safety.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/nil-safety.yml:198: update your workflow using https://app.stepsecurity.io/secureworkflow/kubestellar/console/nil-safety.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/nil-safety.yml:302: update your workflow using https://app.stepsecurity.io/secureworkflow/kubestellar/console/nil-safety.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/perf-bundle-size.yml:40: update your workflow using https://app.stepsecurity.io/secureworkflow/kubestellar/console/perf-bundle-size.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/perf-bundle-size.yml:45: update your workflow using https://app.stepsecurity.io/secureworkflow/kubestellar/console/perf-bundle-size.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/perf-bundle-size.yml:109: update your workflow using https://app.stepsecurity.io/secureworkflow/kubestellar/console/perf-bundle-size.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/perf-react-commits-idle.yml:49: update your workflow using https://app.stepsecurity.io/secureworkflow/kubestellar/console/perf-react-commits-idle.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/perf-react-commits-idle.yml:54: update your workflow using https://app.stepsecurity.io/secureworkflow/kubestellar/console/perf-react-commits-idle.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/perf-react-commits-idle.yml:95: update your workflow using https://app.stepsecurity.io/secureworkflow/kubestellar/console/perf-react-commits-idle.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/perf-react-commits.yml:42: update your workflow using https://app.stepsecurity.io/secureworkflow/kubestellar/console/perf-react-commits.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/perf-react-commits.yml:47: update your workflow using https://app.stepsecurity.io/secureworkflow/kubestellar/console/perf-react-commits.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/perf-react-commits.yml:88: update your workflow using https://app.stepsecurity.io/secureworkflow/kubestellar/console/perf-react-commits.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/perf-ttfi.yml:41: update your workflow using https://app.stepsecurity.io/secureworkflow/kubestellar/console/perf-ttfi.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/perf-ttfi.yml:44: update your workflow using https://app.stepsecurity.io/secureworkflow/kubestellar/console/perf-ttfi.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/perf-ttfi.yml:124: update your workflow using https://app.stepsecurity.io/secureworkflow/kubestellar/console/perf-ttfi.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/perf-ttfi.yml:133: update your workflow using https://app.stepsecurity.io/secureworkflow/kubestellar/console/perf-ttfi.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/playwright-nightly.yml:26: update your workflow using https://app.stepsecurity.io/secureworkflow/kubestellar/console/playwright-nightly.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/playwright-nightly.yml:29: update your workflow using https://app.stepsecurity.io/secureworkflow/kubestellar/console/playwright-nightly.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/playwright-nightly.yml:42: update your workflow using https://app.stepsecurity.io/secureworkflow/kubestellar/console/playwright-nightly.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/playwright-nightly.yml:63: update your workflow using https://app.stepsecurity.io/secureworkflow/kubestellar/console/playwright-nightly.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/playwright-nightly.yml:66: update your workflow using https://app.stepsecurity.io/secureworkflow/kubestellar/console/playwright-nightly.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/playwright-nightly.yml:76: update your workflow using https://app.stepsecurity.io/secureworkflow/kubestellar/console/playwright-nightly.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/playwright-nightly.yml:110: update your workflow using https://app.stepsecurity.io/secureworkflow/kubestellar/console/playwright-nightly.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/playwright-nightly.yml:135: update your workflow using https://app.stepsecurity.io/secureworkflow/kubestellar/console/playwright-nightly.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/playwright-nightly.yml:138: update your workflow using https://app.stepsecurity.io/secureworkflow/kubestellar/console/playwright-nightly.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/playwright-nightly.yml:148: update your workflow using https://app.stepsecurity.io/secureworkflow/kubestellar/console/playwright-nightly.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/playwright-nightly.yml:174: update your workflow using https://app.stepsecurity.io/secureworkflow/kubestellar/console/playwright-nightly.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/playwright.yml:30: update your workflow using https://app.stepsecurity.io/secureworkflow/kubestellar/console/playwright.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/playwright.yml:33: update your workflow using https://app.stepsecurity.io/secureworkflow/kubestellar/console/playwright.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/playwright.yml:49: update your workflow using https://app.stepsecurity.io/secureworkflow/kubestellar/console/playwright.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/playwright.yml:70: update your workflow using https://app.stepsecurity.io/secureworkflow/kubestellar/console/playwright.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/playwright.yml:73: update your workflow using https://app.stepsecurity.io/secureworkflow/kubestellar/console/playwright.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/playwright.yml:83: update your workflow using https://app.stepsecurity.io/secureworkflow/kubestellar/console/playwright.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/playwright.yml:103: update your workflow using https://app.stepsecurity.io/secureworkflow/kubestellar/console/playwright.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/playwright.yml:119: update your workflow using https://app.stepsecurity.io/secureworkflow/kubestellar/console/playwright.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/playwright.yml:122: update your workflow using https://app.stepsecurity.io/secureworkflow/kubestellar/console/playwright.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/playwright.yml:133: update your workflow using https://app.stepsecurity.io/secureworkflow/kubestellar/console/playwright.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/playwright.yml:157: update your workflow using https://app.stepsecurity.io/secureworkflow/kubestellar/console/playwright.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/playwright.yml:185: update your workflow using https://app.stepsecurity.io/secureworkflow/kubestellar/console/playwright.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/playwright.yml:251: update your workflow using https://app.stepsecurity.io/secureworkflow/kubestellar/console/playwright.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/playwright.yml:254: update your workflow using https://app.stepsecurity.io/secureworkflow/kubestellar/console/playwright.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/playwright.yml:264: update your workflow using https://app.stepsecurity.io/secureworkflow/kubestellar/console/playwright.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/playwright.yml:287: update your workflow using https://app.stepsecurity.io/secureworkflow/kubestellar/console/playwright.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/playwright.yml:303: update your workflow using https://app.stepsecurity.io/secureworkflow/kubestellar/console/playwright.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/playwright.yml:306: update your workflow using https://app.stepsecurity.io/secureworkflow/kubestellar/console/playwright.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/playwright.yml:316: update your workflow using https://app.stepsecurity.io/secureworkflow/kubestellar/console/playwright.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/playwright.yml:348: update your workflow using https://app.stepsecurity.io/secureworkflow/kubestellar/console/playwright.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/playwright.yml:351: update your workflow using https://app.stepsecurity.io/secureworkflow/kubestellar/console/playwright.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/playwright.yml:361: update your workflow using https://app.stepsecurity.io/secureworkflow/kubestellar/console/playwright.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/playwright.yml:385: update your workflow using https://app.stepsecurity.io/secureworkflow/kubestellar/console/playwright.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/post-merge-verify.yml:81: update your workflow using https://app.stepsecurity.io/secureworkflow/kubestellar/console/post-merge-verify.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/post-merge-verify.yml:158: update your workflow using https://app.stepsecurity.io/secureworkflow/kubestellar/console/post-merge-verify.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/post-merge-verify.yml:161: update your workflow using https://app.stepsecurity.io/secureworkflow/kubestellar/console/post-merge-verify.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/post-merge-verify.yml:210: update your workflow using https://app.stepsecurity.io/secureworkflow/kubestellar/console/post-merge-verify.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/post-merge-verify.yml:218: update your workflow using https://app.stepsecurity.io/secureworkflow/kubestellar/console/post-merge-verify.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/pr-claude-notice.yml:16: update your workflow using https://app.stepsecurity.io/secureworkflow/kubestellar/console/pr-claude-notice.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/pr-closed-verification.yml:32: update your workflow using https://app.stepsecurity.io/secureworkflow/kubestellar/console/pr-closed-verification.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/pr-closed-verification.yml:37: update your workflow using https://app.stepsecurity.io/secureworkflow/kubestellar/console/pr-closed-verification.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/pr-closed-verification.yml:42: update your workflow using https://app.stepsecurity.io/secureworkflow/kubestellar/console/pr-closed-verification.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/process-screenshots.yml:31: update your workflow using https://app.stepsecurity.io/secureworkflow/kubestellar/console/process-screenshots.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/process-screenshots.yml:34: update your workflow using https://app.stepsecurity.io/secureworkflow/kubestellar/console/process-screenshots.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/route-smoke.yml:28: update your workflow using https://app.stepsecurity.io/secureworkflow/kubestellar/console/route-smoke.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/route-smoke.yml:30: update your workflow using https://app.stepsecurity.io/secureworkflow/kubestellar/console/route-smoke.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/startup-smoke-test.yml:26: update your workflow using https://app.stepsecurity.io/secureworkflow/kubestellar/console/startup-smoke-test.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/startup-smoke-test.yml:28: update your workflow using https://app.stepsecurity.io/secureworkflow/kubestellar/console/startup-smoke-test.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/startup-smoke-test.yml:32: update your workflow using https://app.stepsecurity.io/secureworkflow/kubestellar/console/startup-smoke-test.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/startup-smoke.yml:50: update your workflow using https://app.stepsecurity.io/secureworkflow/kubestellar/console/startup-smoke.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/startup-smoke.yml:53: update your workflow using https://app.stepsecurity.io/secureworkflow/kubestellar/console/startup-smoke.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/startup-smoke.yml:58: update your workflow using https://app.stepsecurity.io/secureworkflow/kubestellar/console/startup-smoke.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/startup-smoke.yml:78: update your workflow using https://app.stepsecurity.io/secureworkflow/kubestellar/console/startup-smoke.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/startup-smoke.yml:81: update your workflow using https://app.stepsecurity.io/secureworkflow/kubestellar/console/startup-smoke.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/startup-smoke.yml:86: update your workflow using https://app.stepsecurity.io/secureworkflow/kubestellar/console/startup-smoke.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/startup-smoke.yml:109: update your workflow using https://app.stepsecurity.io/secureworkflow/kubestellar/console/startup-smoke.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/startup-smoke.yml:112: update your workflow using https://app.stepsecurity.io/secureworkflow/kubestellar/console/startup-smoke.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ui-ux-standard.yml:27: update your workflow using https://app.stepsecurity.io/secureworkflow/kubestellar/console/ui-ux-standard.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ui-ux-standard.yml:29: update your workflow using https://app.stepsecurity.io/secureworkflow/kubestellar/console/ui-ux-standard.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/update-guard.yml:34: update your workflow using https://app.stepsecurity.io/secureworkflow/kubestellar/console/update-guard.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/update-guard.yml:37: update your workflow using https://app.stepsecurity.io/secureworkflow/kubestellar/console/update-guard.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/visual-regression.yml:26: update your workflow using https://app.stepsecurity.io/secureworkflow/kubestellar/console/visual-regression.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/visual-regression.yml:28: update your workflow using https://app.stepsecurity.io/secureworkflow/kubestellar/console/visual-regression.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/visual-regression.yml:61: update your workflow using https://app.stepsecurity.io/secureworkflow/kubestellar/console/visual-regression.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/visual-regression.yml:69: update your workflow using https://app.stepsecurity.io/secureworkflow/kubestellar/console/visual-regression.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/visual-regression.yml:77: update your workflow using https://app.stepsecurity.io/secureworkflow/kubestellar/console/visual-regression.yml/main?enable=pin","Warn: containerImage not pinned by hash: Dockerfile:2","Warn: containerImage not pinned by hash: Dockerfile:21","Warn: containerImage not pinned by hash: Dockerfile:42: pin your Docker image by updating alpine:3.20 to alpine:3.20@sha256:a4f4213abb84c497377b8544c81b3564f313746700372ec4fe84653e4fb03805","Warn: goCommand not pinned by hash: scripts/dependency-audit-test.sh:134","Warn: goCommand not pinned by hash: scripts/gosec-test.sh:55","Warn: goCommand not pinned by hash: scripts/secret-scan-test.sh:60","Warn: pipCommand not pinned by hash: scripts/ts-sast-test.sh:62","Warn: npmCommand not pinned by hash: start-dev.sh:79","Warn: npmCommand not pinned by hash: startup-oauth.sh:98","Warn: npmCommand not pinned by hash: startup-oauth.sh:137","Warn: npmCommand not pinned by hash: .github/workflows/ga4-error-monitor.yml:58","Warn: npmCommand not pinned by hash: .github/workflows/ga4-mobile-monitor.yml:65","Warn: goCommand not pinned by hash: .github/workflows/nil-safety.yml:49","Warn: goCommand not pinned by hash: .github/workflows/nil-safety.yml:138","Info: 144 out of 338 GitHub-owned GitHubAction dependencies pinned","Info:  22 out of  27 third-party GitHubAction dependencies pinned","Info:   0 out of   3 containerImage dependencies pinned","Info:  38 out of  43 npmCommand dependencies pinned","Info:   0 out of   5 goCommand dependencies pinned","Info:   0 out of   1 pipCommand dependencies pinned"],"documentation":{"short":"Determines if the project has declared and pinned the dependencies of its build process.","url":"https://github.com/ossf/scorecard/blob/ea7e27ed41b76ab879c862fa0ca4cc9c61764ee4/docs/checks.md#pinned-dependencies"}},{"name":"SAST","score":9,"reason":"SAST tool detected but not run on all commits","details":["Info: SAST configuration detected: CodeQL","Info: SAST configuration detected: CodeQL","Warn: 26 commits out of 28 are checked with a SAST tool"],"documentation":{"short":"Determines if the project uses static code analysis.","url":"https://github.com/ossf/scorecard/blob/ea7e27ed41b76ab879c862fa0ca4cc9c61764ee4/docs/checks.md#sast"}},{"name":"Security-Policy","score":10,"reason":"security policy file detected","details":["Info: security policy file detected: SECURITY.md:1","Info: Found linked content: SECURITY.md:1","Info: Found disclosure, vulnerability, and/or timelines in security policy: SECURITY.md:1","Info: Found text in security policy: SECURITY.md:1"],"documentation":{"short":"Determines if the project has published a security policy.","url":"https://github.com/ossf/scorecard/blob/ea7e27ed41b76ab879c862fa0ca4cc9c61764ee4/docs/checks.md#security-policy"}},{"name":"Signed-Releases","score":4,"reason":"3 out of the last 5 releases have a total of 3 signed artifacts.","details":["Warn: release artifact v0.3.20 not signed: https://api.github.com/repos/kubestellar/console/releases/307962717","Warn: release artifact v0.3.20-nightly.20260412 not signed: https://api.github.com/repos/kubestellar/console/releases/307962950","Info: signed release artifact: checksums.txt.sig: https://api.github.com/repos/kubestellar/console/releases/assets/393893394","Info: signed release artifact: checksums.txt.sig: https://api.github.com/repos/kubestellar/console/releases/assets/393054903","Info: signed release artifact: checksums.txt.sig: https://api.github.com/repos/kubestellar/console/releases/assets/392180454","Warn: release artifact v0.3.20 does not have provenance: https://api.github.com/repos/kubestellar/console/releases/307962717","Warn: release artifact v0.3.20-nightly.20260412 does not have provenance: https://api.github.com/repos/kubestellar/console/releases/307962950","Warn: release artifact v0.3.20-nightly.20260411 does not have provenance: https://api.github.com/repos/kubestellar/console/releases/307809306","Warn: release artifact v0.3.20-nightly.20260410 does not have provenance: https://api.github.com/repos/kubestellar/console/releases/307399525","Warn: release artifact v0.3.20-nightly.20260409 does not have provenance: https://api.github.com/repos/kubestellar/console/releases/306902675"],"documentation":{"short":"Determines if the project cryptographically signs release artifacts.","url":"https://github.com/ossf/scorecard/blob/ea7e27ed41b76ab879c862fa0ca4cc9c61764ee4/docs/checks.md#signed-releases"}},{"name":"Token-Permissions","score":10,"reason":"GitHub workflow tokens follow principle of least privilege","details":["Warn: jobLevel 'contents' permission set to 'write': .github/workflows/ai-fix.yml:20","Warn: jobLevel 'contents' permission set to 'write': .github/workflows/auto-qa-tuner.yml:42","Info: jobLevel 'pull-requests' permission set to 'read': .github/workflows/auto-qa-tuner.yml:44","Warn: jobLevel 'contents' permission set to 'write': .github/workflows/auto-qa-tuner.yml:257","Info: jobLevel 'pull-requests' permission set to 'read': .github/workflows/auto-qa-tuner.yml:259","Warn: jobLevel 'contents' permission set to 'write': .github/workflows/auto-qa-tuner.yml:508","Info: jobLevel 'pull-requests' permission set to 'read': .github/workflows/auto-qa-tuner.yml:510","Warn: jobLevel 'contents' permission set to 'write': .github/workflows/auto-qa-tuner.yml:802","Info: jobLevel 'pull-requests' permission set to 'read': .github/workflows/auto-qa-tuner.yml:804","Warn: jobLevel 'contents' permission set to 'write': .github/workflows/auto-qa.yml:53","Info: jobLevel 'actions' permission set to 'read': .github/workflows/auto-qa.yml:56","Info: jobLevel 'contents' permission set to 'read': .github/workflows/auto-triage.lock.yml:806","Info: jobLevel 'contents' permission set to 'read': .github/workflows/auto-triage.lock.yml:919","Info: jobLevel 'contents' permission set to 'read': .github/workflows/auto-triage.lock.yml:1096","Info: jobLevel 'actions' permission set to 'read': .github/workflows/auto-triage.lock.yml:59","Info: jobLevel 'contents' permission set to 'read': .github/workflows/auto-triage.lock.yml:60","Info: jobLevel 'contents' permission set to 'read': .github/workflows/auto-triage.lock.yml:284","Info: jobLevel 'contents' permission set to 'read': .github/workflows/build-deploy.yml:77","Info: jobLevel 'contents' permission set to 'read': .github/workflows/build-deploy.yml:147","Info: jobLevel 'contents' permission set to 'read': .github/workflows/claude-code-review.yml:26","Info: jobLevel 'pull-requests' permission set to 'read': .github/workflows/claude-code-review.yml:27","Info: jobLevel 'issues' permission set to 'read': .github/workflows/claude-code-review.yml:28","Info: jobLevel 'pull-requests' permission set to 'read': .github/workflows/claude.yml:26","Info: jobLevel 'issues' permission set to 'read': .github/workflows/claude.yml:27","Info: jobLevel 'actions' permission set to 'read': .github/workflows/claude.yml:29","Info: jobLevel 'contents' permission set to 'read': .github/workflows/claude.yml:25","Warn: jobLevel 'contents' permission set to 'write': .github/workflows/cleanup-screenshots.yml:23","Info: jobLevel 'contents' permission set to 'read': .github/workflows/codeql.yml:24","Info: jobLevel 'actions' permission set to 'read': .github/workflows/codeql.yml:25","Info: jobLevel 'packages' permission set to 'read': .github/workflows/codeql.yml:26","Info: jobLevel 'contents' permission set to 'read': .github/workflows/codeql.yml:58","Info: jobLevel 'actions' permission set to 'read': .github/workflows/codeql.yml:59","Info: jobLevel 'packages' permission set to 'read': .github/workflows/codeql.yml:60","Warn: jobLevel 'contents' permission set to 'write': .github/workflows/copilot-automation.yml:22","Warn: jobLevel 'statuses' permission set to 'write': .github/workflows/copilot-automation.yml:25","Info: jobLevel 'contents' permission set to 'read': .github/workflows/copilot-build-check.yml:15","Warn: jobLevel 'statuses' permission set to 'write': .github/workflows/copilot-build-check.yml:18","Info: jobLevel 'contents' permission set to 'read': .github/workflows/copilot-build-monitor.yml:12","Warn: jobLevel 'statuses' permission set to 'write': .github/workflows/copilot-build-monitor.yml:15","Warn: jobLevel 'statuses' permission set to 'write': .github/workflows/copilot-pr-monitor.yml:22","Info: jobLevel 'contents' permission set to 'read': .github/workflows/copilot-pr-monitor.yml:19","Warn: jobLevel 'statuses' permission set to 'write': .github/workflows/copilot-recovery.yml:213","Warn: jobLevel 'contents' permission set to 'write': .github/workflows/copilot-recovery.yml:210","Warn: jobLevel 'contents' permission set to 'write': .github/workflows/copilot-recovery.yml:398","Warn: jobLevel 'statuses' permission set to 'write': .github/workflows/copilot-recovery.yml:401","Warn: jobLevel 'statuses' permission set to 'write': .github/workflows/copilot-recovery.yml:458","Warn: jobLevel 'contents' permission set to 'write': .github/workflows/copilot-recovery.yml:455","Warn: jobLevel 'contents' permission set to 'write': .github/workflows/copilot-recovery.yml:521","Warn: jobLevel 'statuses' permission set to 'write': .github/workflows/copilot-recovery.yml:524","Warn: jobLevel 'contents' permission set to 'write': .github/workflows/copilot-recovery.yml:613","Warn: jobLevel 'statuses' permission set to 'write': .github/workflows/copilot-recovery.yml:616","Warn: jobLevel 'statuses' permission set to 'write': .github/workflows/copilot-recovery.yml:42","Warn: jobLevel 'contents' permission set to 'write': .github/workflows/copilot-recovery.yml:39","Warn: jobLevel 'contents' permission set to 'write': .github/workflows/copilot-recovery.yml:51","Warn: jobLevel 'statuses' permission set to 'write': .github/workflows/copilot-recovery.yml:54","Warn: jobLevel 'contents' permission set to 'write': .github/workflows/copilot-recovery.yml:105","Warn: jobLevel 'statuses' permission set to 'write': .github/workflows/copilot-recovery.yml:108","Warn: jobLevel 'contents' permission set to 'write': .github/workflows/copilot-review-apply.yml:15","Warn: jobLevel 'contents' permission set to 'write': .github/workflows/helm-release.yml:18","Warn: jobLevel 'packages' permission set to 'write': .github/workflows/helm-release.yml:20","Info: jobLevel 'actions' permission set to 'read': .github/workflows/implement-fix.lock.yml:70","Info: jobLevel 'contents' permission set to 'read': .github/workflows/implement-fix.lock.yml:71","Info: jobLevel 'contents' permission set to 'read': .github/workflows/implement-fix.lock.yml:295","Info: jobLevel 'contents' permission set to 'read': .github/workflows/implement-fix.lock.yml:862","Info: jobLevel 'contents' permission set to 'read': .github/workflows/implement-fix.lock.yml:978","Info: jobLevel 'contents' permission set to 'read': .github/workflows/implement-fix.lock.yml:1155","Warn: jobLevel 'contents' permission set to 'write': .github/workflows/nightly-test-suite.yml:23","Info: jobLevel 'contents' permission set to 'read': .github/workflows/perf-bundle-size.yml:127","Info: jobLevel 'actions' permission set to 'read': .github/workflows/perf-bundle-size.yml:129","Info: jobLevel 'actions' permission set to 'read': .github/workflows/perf-react-commits-idle.yml:111","Info: jobLevel 'contents' permission set to 'read': .github/workflows/perf-react-commits-idle.yml:109","Info: jobLevel 'contents' permission set to 'read': .github/workflows/perf-react-commits.yml:106","Info: jobLevel 'actions' permission set to 'read': .github/workflows/perf-react-commits.yml:108","Info: jobLevel 'contents' permission set to 'read': .github/workflows/perf-ttfi.yml:170","Info: jobLevel 'actions' permission set to 'read': .github/workflows/perf-ttfi.yml:172","Warn: jobLevel 'checks' permission set to 'write': .github/workflows/pr-verifier.yml:12","Info: jobLevel 'pull-requests' permission set to 'read': .github/workflows/pr-verifier.yml:13","Warn: jobLevel 'contents' permission set to 'write': .github/workflows/process-screenshots.yml:22","Info: jobLevel 'contents' permission set to 'read': .github/workflows/release.yml:395","Info: jobLevel 'contents' permission set to 'read': .github/workflows/scorecard.yml:20","Info: jobLevel 'actions' permission set to 'read': .github/workflows/scorecard.yml:21","Info: jobLevel 'actions' permission set to 'read': .github/workflows/stuck-detection.lock.yml:67","Info: jobLevel 'contents' permission set to 'read': .github/workflows/stuck-detection.lock.yml:68","Info: jobLevel 'contents' permission set to 'read': .github/workflows/stuck-detection.lock.yml:277","Info: jobLevel 'contents' permission set to 'read': .github/workflows/stuck-detection.lock.yml:820","Info: jobLevel 'contents' permission set to 'read': .github/workflows/stuck-detection.lock.yml:934","Info: jobLevel 'contents' permission set to 'read': .github/workflows/stuck-detection.lock.yml:1085","Info: topLevel 'contents' permission set to 'read': .github/workflows/_perf-regression-issue.yml:43","Info: topLevel 'contents' permission set to 'read': .github/workflows/accm-history-update.yml:26","Info: topLevel permissions set to 'read-all': .github/workflows/ai-fix.yml:15","Info: topLevel 'contents' permission set to 'read': .github/workflows/api-contract.yml:14","Info: topLevel 'contents' permission set to 'read': .github/workflows/auth-login-smoke.yml:28","Info: topLevel permissions set to 'read-all': .github/workflows/auto-qa-tuner.yml:24","Info: topLevel permissions set to 'read-all': .github/workflows/auto-qa.yml:48","Info: found token with 'none' permissions: .github/workflows/auto-triage.lock.yml:1","Info: topLevel permissions set to 'read-all': .github/workflows/build-deploy.yml:40","Info: topLevel permissions set to 'read-all': .github/workflows/card-standard-nightly.yml:16","Info: topLevel permissions set to 'read-all': .github/workflows/claude-code-review.yml:14","Info: topLevel permissions set to 'read-all': .github/workflows/claude.yml:14","Info: topLevel permissions set to 'read-all': .github/workflows/cleanup-screenshots.yml:18","Info: topLevel permissions set to 'read-all': .github/workflows/codeql.yml:13","Info: topLevel 'contents' permission set to 'read': .github/workflows/copilot-assigned.yml:11","Info: topLevel permissions set to 'read-all': .github/workflows/copilot-automation.yml:13","Info: topLevel permissions set to 'read-all': .github/workflows/copilot-build-check.yml:10","Info: topLevel permissions set to 'read-all': .github/workflows/copilot-build-monitor.yml:7","Info: topLevel 'contents' permission set to 'read': .github/workflows/copilot-comment-followup.yml:11","Info: topLevel 'pull-requests' permission set to 'read': .github/workflows/copilot-comment-followup.yml:13","Info: topLevel permissions set to 'read-all': .github/workflows/copilot-dco.yml:8","Info: topLevel permissions set to 'read-all': .github/workflows/copilot-pr-monitor.yml:14","Info: topLevel permissions set to 'read-all': .github/workflows/copilot-recovery.yml:27","Info: topLevel 'contents' permission set to 'read': .github/workflows/copilot-retry.yml:25","Info: topLevel 'pull-requests' permission set to 'read': .github/workflows/copilot-retry.yml:27","Info: topLevel permissions set to 'read-all': .github/workflows/copilot-review-apply.yml:10","Info: topLevel permissions set to 'read-all': .github/workflows/copilot-setup-steps.yml:9","Info: topLevel 'contents' permission set to 'read': .github/workflows/coverage-gate.yml:15","Info: topLevel 'contents' permission set to 'read': .github/workflows/coverage-hourly.yml:22","Info: topLevel 'contents' permission set to 'read': .github/workflows/coverage-weekly-review.yml:12","Info: topLevel 'contents' permission set to 'read': .github/workflows/cross-platform-build.yml:34","Info: topLevel 'contents' permission set to 'read': .github/workflows/feedback.yml:8","Info: topLevel 'contents' permission set to 'read': .github/workflows/fullstack-e2e.yml:25","Info: topLevel 'contents' permission set to 'read': .github/workflows/ga4-error-monitor.yml:36","Info: topLevel 'contents' permission set to 'read': .github/workflows/ga4-mobile-monitor.yml:42","Info: topLevel 'contents' permission set to 'read': .github/workflows/greetings.yml:10","Info: topLevel permissions set to 'read-all': .github/workflows/helm-release.yml:12","Info: topLevel permissions set to 'read-all': .github/workflows/helm-test.yml:16","Info: found token with 'none' permissions: .github/workflows/implement-fix.lock.yml:1","Info: topLevel 'contents' permission set to 'read': .github/workflows/label-helper.yml:8","Info: topLevel 'contents' permission set to 'read': .github/workflows/nightly-compliance.yml:29","Info: topLevel 'contents' permission set to 'read': .github/workflows/nightly-dashboard-health.yml:27","Info: topLevel 'contents' permission set to 'read': .github/workflows/nightly-dast.yml:30","Info: topLevel 'contents' permission set to 'read': .github/workflows/nightly-gh-aw-version-check.yml:9","Info: topLevel permissions set to 'read-all': .github/workflows/nightly-test-suite.yml:9","Info: topLevel 'contents' permission set to 'read': .github/workflows/nightly-ux-journeys.yml:16","Info: topLevel 'contents' permission set to 'read': .github/workflows/nil-safety.yml:28","Info: topLevel 'contents' permission set to 'read': .github/workflows/perf-bundle-size.yml:20","Info: topLevel 'actions' permission set to 'read': .github/workflows/perf-bundle-size.yml:21","Info: topLevel 'contents' permission set to 'read': .github/workflows/perf-react-commits-idle.yml:28","Info: topLevel 'actions' permission set to 'read': .github/workflows/perf-react-commits-idle.yml:29","Info: topLevel 'contents' permission set to 'read': .github/workflows/perf-react-commits.yml:19","Info: topLevel 'actions' permission set to 'read': .github/workflows/perf-react-commits.yml:20","Info: topLevel 'contents' permission set to 'read': .github/workflows/perf-ttfi.yml:22","Info: topLevel 'actions' permission set to 'read': .github/workflows/perf-ttfi.yml:23","Info: topLevel permissions set to 'read-all': .github/workflows/playwright-nightly.yml:9","Info: topLevel permissions set to 'read-all': .github/workflows/playwright.yml:12","Info: topLevel 'contents' permission set to 'read': .github/workflows/post-merge-verify.yml:15","Info: topLevel 'contents' permission set to 'read': .github/workflows/pr-claude-notice.yml:8","Info: topLevel 'contents' permission set to 'read': .github/workflows/pr-closed-verification.yml:8","Info: topLevel permissions set to 'read-all': .github/workflows/pr-verifier.yml:7","Info: topLevel 'contents' permission set to 'read': .github/workflows/preview-status.yml:11","Info: topLevel permissions set to 'read-all': .github/workflows/process-screenshots.yml:17","Info: topLevel permissions set to 'read-all': .github/workflows/release.yml:29","Info: topLevel permissions set to 'read-all': .github/workflows/route-smoke.yml:18","Info: topLevel permissions set to 'read-all': .github/workflows/scorecard.yml:11","Info: topLevel 'contents' permission set to 'read': .github/workflows/startup-smoke-test.yml:18","Info: topLevel 'contents' permission set to 'read': .github/workflows/startup-smoke.yml:32","Info: found token with 'none' permissions: .github/workflows/stuck-detection.lock.yml:1","Info: topLevel 'contents' permission set to 'read': .github/workflows/test-installer.yml:19","Info: topLevel 'contents' permission set to 'read': .github/workflows/triage-command.yml:14","Info: topLevel permissions set to 'read-all': .github/workflows/ui-ux-standard.yml:16","Info: topLevel 'contents' permission set to 'read': .github/workflows/update-guard.yml:24","Info: topLevel permissions set to 'read-all': .github/workflows/visual-regression.yml:15"],"documentation":{"short":"Determines if the project's workflows follow the principle of least privilege.","url":"https://github.com/ossf/scorecard/blob/ea7e27ed41b76ab879c862fa0ca4cc9c61764ee4/docs/checks.md#token-permissions"}},{"name":"Vulnerabilities","score":10,"reason":"0 existing vulnerabilities detected","details":null,"documentation":{"short":"Determines if the project has open, known unfixed vulnerabilities.","url":"https://github.com/ossf/scorecard/blob/ea7e27ed41b76ab879c862fa0ca4cc9c61764ee4/docs/checks.md#vulnerabilities"}}]},"last_synced_at":"2026-04-13T20:19:50.488Z","repository_id":332913225,"created_at":"2026-04-13T20:19:50.488Z","updated_at":"2026-04-13T20:19:50.488Z"},"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":32527138,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-05-02T01:12:54.858Z","status":"online","status_checked_at":"2026-05-02T02:00:05.923Z","response_time":132,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2026-01-23T04:59:48.216Z","updated_at":"2026-05-10T10:05:59.126Z","avatar_url":"https://github.com/kubestellar.png","language":"TypeScript","funding_links":[],"categories":["📁 Recipes","Multi-Cloud \u0026 Hybrid Tools","Applications","Productivity Tools","Cloud Platforms","FinOps","Servers","3. \u003ca name='Dev'\u003e\u003c/a\u003e💻 Dev","Features","MCP Servers","Multi-Cluster \u0026 Fleet Management","Kubernetes Security","K8S-Tools","Awesome dashboards","Kubernetes","Software Development","Generation Tools","Uncategorized","MCP Servers \u0026 Integrations","☁️ Cloud Platforms \u0026 Services","Tooling— Kubernetes, PAAS and Cloud services","Repositories / Tools","Cloud \u0026 Infrastructure","10. Capacity Planning","Open Source Projects","Components","Monitoring","Inside the browser","Dependency intelligence","Agentic Remediation \u0026 Runbooks","Tools per Language","Dashboards \u0026 Portals","DevOps Tools","AI SRE Tools \u0026 SRE Copilots","Build Management","Others","Agent Infrastructure","MCPs","Engine"],"sub_categories":["🌱 Third Party","Tools","MCP Servers \u0026 Integrations","Cloud \u0026 Infrastructure","Infrastructure productivity and maintainability","Runtime Security","Free dashboards list for you to use in your projects","Built with Wasm","Uncategorized","Other IDEs","Defending","Kubernetes","UI","Frontend Web App","SCA and SBOM","Go","Contents","Incident Communication","Commercial solutions","Configuration \u0026 Context Management","Desktop","Cloud MCPs"],"readme":"# KubeStellar Console\n\n![Coverage](https://img.shields.io/endpoint?url=https://gist.githubusercontent.com/clubanderson/b9a9ae8469f1897a22d5a40629bc1e82/raw/coverage-badge.json)\n[![ACMM](https://img.shields.io/endpoint?url=https%3A%2F%2Fconsole.kubestellar.io%2Fapi%2Facmm%2Fbadge%3Frepo%3Dkubestellar%252Fconsole%26v%3D3)](https://console.kubestellar.io/acmm?repo=kubestellar%2Fconsole)\n[![OpenSSF Scorecard](https://api.securityscorecards.dev/projects/github.com/kubestellar/console/badge)](https://securityscorecards.dev/viewer/?uri=github.com/kubestellar/console)\n[![OpenSSF Best Practices](https://www.bestpractices.dev/projects/12343/badge?v=2)](https://www.bestpractices.dev/projects/12343)\n[![MTTR](https://img.shields.io/endpoint?url=https%3A%2F%2Fgist.githubusercontent.com%2Fclubanderson%2F4ae525a9797e8f83231ac344fcb47226%2Fraw%2Fmedian-fix.json \"Mean Time to Resolution — median time from issue filed to PR merged, updated every 5 minutes\")](https://github.com/kubestellar/console/issues)\n\nAI-powered multi-cluster Kubernetes dashboard with guided install missions for 250+ CNCF projects.\n\n[Contributing](CONTRIBUTING.md)\n\n![KubeStellar Console](docs/images/console-screenshot.png)\n\n## Try it now (no install)\n\nThe fastest way to evaluate the console is the **hosted version** — no Kubernetes cluster, no install, no configuration. Demo data is built in:\n\n\u003e 👉 **[console.kubestellar.io](https://console.kubestellar.io)**\n\nThe hosted demo is a self-contained showcase: it serves canned demo data and intentionally **does not** talk to a local agent (`LOCAL_AGENT_HTTP_URL` is disabled in the Netlify build, so the browser cannot reach a kc-agent on your laptop). Use it to explore the UI, browse missions, and test cards without touching your machine. To work against your **own** clusters or use AI features with your own keys, you need to self-host the console — see the next section.\n\n## Which path do I need?\n\n| I want to… | What to do | Need a cluster? | Need to install anything? |\n|---|---|---|---|\n| Explore the UI / evaluate the product | [console.kubestellar.io](https://console.kubestellar.io) | no | no |\n| Connect the console to **my own** clusters | [**Self-host**](#local-install-self-host) the console **and** install [**kc-agent**](#kc-agent-bridge-self-hosted-console-to-your-clusters) on the same machine | yes | yes (curl + kc-agent) |\n| Self-host the console (air-gapped, custom OAuth, etc.) | [**Local install**](#local-install-self-host) | optional | yes |\n| Run the console **inside** a cluster | [`deploy.sh`](deploy.sh) | yes | Helm-style script |\n\n\u003e **Note**: `kc-agent` is **not** consumed by the hosted demo at [console.kubestellar.io](https://console.kubestellar.io). It bridges your **self-hosted** console (running at `localhost:8080`) to your kubeconfig contexts and to AI providers. If you want the convenience of the hosted UI plus your real cluster data, you currently have to run the console locally.\n\n## Local install (self-host)\n\nThe quickest path to a working console with your own data. `start.sh` downloads the pre-built console binary and a pre-built `kc-agent`, starts both, and opens [http://localhost:8080](http://localhost:8080):\n\n```bash\ncurl -sSL https://raw.githubusercontent.com/kubestellar/console/main/start.sh | bash\n```\n\nDeploy into a cluster instead with [`deploy.sh`](deploy.sh) (`--openshift`, `--ingress \u003chost\u003e`, `--github-oauth`, `--uninstall`). For Helm chart installs that should talk to an in-cluster Kagenti backend, see [Connecting Kagenti](deploy/helm/kubestellar-console/README.md#connecting-kagenti).\n\n## kc-agent (bridge self-hosted console to your clusters)\n\n`kc-agent` is a small local HTTP/WS daemon that the **self-hosted** console talks to (default `http://127.0.0.1:8585`). It forwards requests from the browser to your kubeconfig contexts and to AI providers. The hosted demo at [console.kubestellar.io](https://console.kubestellar.io) cannot reach it (#6195) — kc-agent is only useful when you self-host.\n\n**You do not need kc-agent** if you only want to browse the UI / demo data — just use the hosted demo. **`start.sh` already installs and launches a pre-built kc-agent for you**, so most users never need to install it manually. The instructions below are for development builds or platforms without a Homebrew formula:\n\n**Prerequisites for kc-agent:**\n- A kubeconfig that points at one or more reachable clusters (`kubectl get nodes` works locally)\n- macOS, Linux, or Windows with WSL2 (see [Windows section](#windows-wsl2))\n\n```bash\n# macOS — Homebrew formula (pre-built)\nbrew tap kubestellar/tap \u0026\u0026 brew install kc-agent\n\n# Linux / from source — requires Go 1.25+ (matches go.mod)\nmkdir -p bin\ngo build -o bin/kc-agent ./cmd/kc-agent \u0026\u0026 ./bin/kc-agent\n```\n\nWhen both the self-hosted console and `kc-agent` are running, open [http://localhost:8080](http://localhost:8080) and your local clusters appear in the cluster picker.\n\n## Windows (WSL2)\n\nThe console install scripts and `kc-agent` are POSIX shell + Go, so they run unchanged inside WSL2. Native Windows (PowerShell / CMD) is not supported — install [WSL2 with Ubuntu](https://learn.microsoft.com/windows/wsl/install) and run everything from the WSL shell:\n\n```powershell\n# In PowerShell — one-time setup\nwsl --install -d Ubuntu\n```\n\nThen from inside the Ubuntu/WSL shell. **`start.sh` only needs `curl`** — it downloads pre-built binaries, no Go toolchain required:\n\n```bash\n# Prerequisite: just curl\nsudo apt-get update \u0026\u0026 sudo apt-get install -y curl\n\n# Same install command as macOS / Linux\ncurl -sSL https://raw.githubusercontent.com/kubestellar/console/main/start.sh | bash\n```\n\n\u003e **⚠️ Windows PowerShell `curl` gotcha:** In PowerShell, `curl` is an alias\n\u003e for `Invoke-WebRequest`, which behaves completely differently from the real\n\u003e curl. If you need to test endpoints from PowerShell (outside WSL), always\n\u003e use **`curl.exe`** instead of `curl`, or use the native PowerShell cmdlet:\n\u003e\n\u003e ```powershell\n\u003e # Option 1 — use curl.exe (the real curl shipped with Windows 10+)\n\u003e curl.exe -s http://localhost:8080/health\n\u003e\n\u003e # Option 2 — use PowerShell native cmdlet\n\u003e Invoke-RestMethod http://localhost:8080/health\n\u003e ```\n\n**Building `kc-agent` from source is a separate path** — only needed if you want a development build of the agent rather than the prebuilt binary that `start.sh` already installs. It requires Go **1.25+** (the version pinned in `go.mod`) and `git`. Ubuntu's `golang-go` package usually lags the current release; use the [official Go install](https://go.dev/doc/install) or the `longsleep/golang-backports` PPA to get a recent version:\n\n```bash\n# add-apt-repository lives in software-properties-common — install it\n# first on minimal Ubuntu/WSL images that don't ship with it.\nsudo apt-get update \u0026\u0026 sudo apt-get install -y software-properties-common\nsudo add-apt-repository -y ppa:longsleep/golang-backports\nsudo apt-get update \u0026\u0026 sudo apt-get install -y golang-1.25 git\ngit clone https://github.com/kubestellar/console.git\ncd console\nmkdir -p bin\ngo build -o bin/kc-agent ./cmd/kc-agent \u0026\u0026 ./bin/kc-agent\n```\n\nOpen http://localhost:8080 in your **Windows** browser — WSL2 forwards `localhost` automatically. Tracked by [#6185](https://github.com/kubestellar/console/issues/6185).\n\n## GitHub authentication\n\nThe console uses **two** GitHub credentials (#6190). Most users need **neither** — the hosted demo works without any GitHub auth at all.\n\n| Credential | What it does | When you need it |\n|---|---|---|\n| **GitHub OAuth App** (`GITHUB_CLIENT_ID` + `GITHUB_CLIENT_SECRET`) | Sign-in for the **self-hosted** console at `localhost:8080` | Only if you self-host the console AND want user sign-in. Skip for the hosted demo. |\n| **Consolidated GitHub PAT** (a.k.a. `FeedbackGitHubToken`) | Same single PAT powers everything: nightly E2E status, community activity, leaderboard widgets, and the `/issue` page that opens GitHub issues | Optional. Without it, `/issue` returns `503 Issue submission is not available` and the GitHub-powered dashboard widgets fall back to demo data. |\n\n**Minimum to get started**: nothing — hit [console.kubestellar.io](https://console.kubestellar.io). Everything above is opt-in.\n\n### Setting the consolidated PAT\n\nThere are two equivalent ways to supply this PAT — pick one. Both write to the same field (`FeedbackGitHubToken` in `pkg/api/handlers/feedback.go` and `pkg/api/handlers/github_proxy.go`), so you don't need to set both:\n\n1. **`.env` file at the repo root** — set on startup, no UI step needed:\n   ```\n   FEEDBACK_GITHUB_TOKEN=ghp_…\n   ```\n\n2. **Settings UI** (self-hosted only, **admin role required**) — visit Settings → GitHub Token → paste. The UI POSTs to `/api/github/token` which is gated on the console `admin` role and returns `403 Console admin access required` for non-admin users (verified in `pkg/api/handlers/github_proxy.go:214`). Persisted to `~/.kc/settings.json` by the backend.\n\nThe hosted Netlify demo cannot persist a PAT — it has no writable local backend — so Settings UI saves don't work there. Use the env-var path for self-hosting.\n\n### Setting up GitHub OAuth (self-hosted only)\n\nIf you self-host the console and want sign-in:\n\n1. **Create a [GitHub OAuth App](https://github.com/settings/developers)**\n   - Homepage URL: `http://localhost:8080`\n   - Callback URL: `http://localhost:8080/auth/github/callback`\n\n2. **Clone the repo** (if you haven't already):\n   ```bash\n   git clone https://github.com/kubestellar/console.git\n   cd console\n   ```\n\n3. **Create a `.env` file in the repo root** (`console/.env`):\n   ```\n   GITHUB_CLIENT_ID=your-client-id\n   GITHUB_CLIENT_SECRET=your-client-secret\n   ```\n\n4. **Start the console**:\n   ```bash\n   ./startup-oauth.sh\n   ```\n\nOpen http://localhost:8080 and sign in with GitHub. For Kubernetes deployments, pass `--github-oauth` to `deploy.sh` instead.\n\n### Consolidated PAT scopes\n\nWhichever path you used above (env var or Settings UI), the [Personal Access Token](https://github.com/settings/tokens) needs **either**:\n- A **classic** PAT with the `repo` scope, **or**\n- A **fine-grained** PAT with both **Issues: Read \u0026 Write** *and* **Contents: Read \u0026 Write** (verified against `pkg/api/handlers/feedback.go:71` — Contents is required, not just Issues).\n\n## AI configuration\n\nThe console can use AI for adaptive card suggestions and mission help. AI is **optional** — the UI, missions, and dashboards all work without any AI keys configured (#6191).\n\n**Important**: AI BYOK only works on the **self-hosted** console. The hosted demo at [console.kubestellar.io](https://console.kubestellar.io) explicitly disables `LOCAL_AGENT_HTTP_URL` (verified in `web/src/lib/constants/network.ts`), so the browser cannot reach a local agent there. To use your own AI keys, self-host the console first.\n\n### Supported AI providers (CLI-based and local LLMs)\n\nThe console uses **local CLI providers** and **self-hosted LLMs** to maintain full control over cluster access and tooling capabilities. Direct API-key providers (like raw `ANTHROPIC_API_KEY`, `OPENAI_API_KEY`, or `GOOGLE_API_KEY`) are **intentionally not supported** because they bypass the local CLI tooling model required for executing cluster commands (see `pkg/agent/registry.go:378` and [`docs/security/SECURITY-MODEL.md`](docs/security/SECURITY-MODEL.md#L175)).\n\n**Recommended setup paths:**\n\n1. **CLI-based agents** (with full tool execution capabilities):\n   ```bash\n   # Install Claude Desktop or claude CLI — https://claude.ai/download\n   # Install Gemini CLI — follow official Google AI SDK instructions\n   # Install GitHub Copilot CLI — gh extension install github/gh-copilot\n   # Install other CLI agents: codex, antigravity, goose, bob\n   \n   # kc-agent will auto-detect installed CLI agents — no env vars needed\n   ./bin/kc-agent\n   ```\n\n2. **Local/self-hosted LLM servers** (OpenAI-compatible endpoints):\n   ```bash\n   # Ollama (local)\n   export OLLAMA_URL=http://127.0.0.1:11434\n   export OLLAMA_MODEL=llama3.2\n   \n   # Open WebUI (self-hosted gateway)\n   export OPEN_WEBUI_URL=https://your-openwebui.example.com\n   export OPEN_WEBUI_API_KEY=your-key\n   export OPEN_WEBUI_MODEL=gpt-4\n   \n   # Other supported: llama.cpp, LocalAI, vLLM, LM Studio, Red Hat AI Inference Server\n   # See docs/security/SECURITY-MODEL.md for the full list\n   \n   ./bin/kc-agent\n   ```\n\n\u003e **Why are direct API keys not supported?** The agent registry intentionally excludes upstream API-key providers (Anthropic API, OpenAI API, Google Gemini API) because they cannot execute cluster commands AND they route traffic to a specific vendor endpoint that the operator has no control over. The console's security model requires tool-capable agents that can run `kubectl`, `helm`, and other diagnostic commands locally. See `pkg/agent/registry.go:378-384` for the rationale.\n\n\u003e **A note on the Settings → API Keys modal**: The console UI exposes a \"Manage Keys\" button under **Settings → API Keys**. This modal is wired to the agent's `/settings/keys` endpoint, but in the current build that endpoint returns an empty providers list (`providers := []providerDef{}` in `pkg/agent/server_operations.go:288`) because API-key-driven agents are hidden. The modal is non-functional by design. **Use the CLI-based or local LLM setup paths above instead.**\n\n**If no AI provider is configured**, AI-powered features fall back to deterministic / rule-based behavior. The card suggestions, missions, and dashboards remain fully usable.\n\n**Security model, air-gapped deployments, and local / self-hosted LLMs** are covered in [`docs/security/SECURITY-MODEL.md`](docs/security/SECURITY-MODEL.md). That document explains the data flow between browser, Go backend, kc-agent, and AI providers; how to run the console with no external AI access; and the currently supported self-hosted path using kc-agent's CLI-based agents.\n\n## How It Works\n\n1. **Onboarding** — Sign in with GitHub, answer role questions, get a personalized dashboard\n2. **Adaptive AI** — Tracks card interactions and suggests swaps when your focus shifts (Claude, OpenAI, or Gemini)\n3. **MCP Bridge** — Queries cluster state (pods, deployments, events, drift, security) via `kubestellar-ops` and `kubestellar-deploy`\n4. **Missions** — Step-by-step guided installs with pre-flight checks, validation, troubleshooting, and rollback\n5. **Real-time** — WebSocket-powered live event streaming from all connected clusters\n\n## Architecture\n\nSee the full [Architecture documentation](https://kubestellar.io/docs/console/overview/architecture) on the KubeStellar website.\n\n### Related Repositories\n\n- **[console-kb](https://github.com/kubestellar/console-kb)** — Knowledge base of guided installers for 250+ CNCF projects and solutions to common Kubernetes problems\n- **[console-marketplace](https://github.com/kubestellar/console-marketplace)** — Community-contributed monitoring cards per CNCF project\n- **[kc-agent](cmd/kc-agent/)** — Local agent bridging the browser to kubeconfig, coding agents (Codex, Copilot, Claude CLI), and MCP servers (`kubestellar-ops`, `kubestellar-deploy`)\n- **[claude-plugins](https://github.com/kubestellar/claude-plugins)** — Claude Code marketplace plugins for Kubernetes\n- **[homebrew-tap](https://github.com/kubestellar/homebrew-tap)** — Homebrew formulae for KubeStellar tools\n- **[KubeStellar](https://kubestellar.io)** — Multi-cluster configuration management\n\n## Quality Assurance\n\nConsole uses AI tools (GitHub Copilot, Claude Code) to accelerate development. Quality is maintained through **layered feedback loops** — every PR triggers the same automated checks regardless of author, and continuous monitoring catches what PR checks miss.\n\n- **Before commit**: TypeScript build + Go build + 5 post-build safety checks + lint\n- **Before merge**: nil-safety, ts-null-safety, array-safety, API contract, Playwright E2E, coverage gate, TTFI performance, CodeQL, Copilot code review, UI/UX standards scanner, visual regression\n- **Visual regression**: 18 UI components documented as Storybook stories with theme support. Playwright captures screenshots and diffs against baselines on every PR that touches UI components.\n- **After merge**: Targeted Playwright tests run against production (`console.kubestellar.io`); failures reopen the original issue\n- **Continuous**: Hourly coverage (12 shards), 4x daily QA, nightly E2E, nightly security scanning, real-time GA4 error tracking, UI/UX standards nightly scan\n\nWhen a regression class is identified, a maintainer adds an automated check to the earliest possible loop. See [docs/AI-QUALITY-ASSURANCE.md](docs/AI-QUALITY-ASSURANCE.md) for the full breakdown.\n\n## License\n\nApache License 2.0 — see [LICENSE](LICENSE).\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fkubestellar%2Fconsole","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fkubestellar%2Fconsole","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fkubestellar%2Fconsole/lists"}