{"id":40431386,"url":"https://github.com/monoscope-tech/oteldemo","last_synced_at":"2026-01-20T16:06:28.308Z","repository":{"id":320682119,"uuid":"1082693190","full_name":"monoscope-tech/oteldemo","owner":"monoscope-tech","description":null,"archived":false,"fork":false,"pushed_at":"2025-10-25T07:07:07.000Z","size":49441,"stargazers_count":0,"open_issues_count":5,"forks_count":0,"subscribers_count":0,"default_branch":"main","last_synced_at":"2025-10-25T08:31:29.585Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":null,"language":"TypeScript","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/monoscope-tech.png","metadata":{"files":{"readme":"README.md","changelog":"CHANGELOG.md","contributing":"CONTRIBUTING.md","funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":".github/CODEOWNERS","security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":null,"dco":null,"cla":null}},"created_at":"2025-10-24T16:09:51.000Z","updated_at":"2025-10-25T06:56:32.000Z","dependencies_parsed_at":"2025-10-25T08:34:54.569Z","dependency_job_id":"43d12824-646e-481f-bb4a-0649f91462f3","html_url":"https://github.com/monoscope-tech/oteldemo","commit_stats":null,"previous_names":["monoscope-tech/oteldemo"],"tags_count":null,"template":false,"template_full_name":null,"purl":"pkg:github/monoscope-tech/oteldemo","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/monoscope-tech%2Foteldemo","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/monoscope-tech%2Foteldemo/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/monoscope-tech%2Foteldemo/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/monoscope-tech%2Foteldemo/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/monoscope-tech","download_url":"https://codeload.github.com/monoscope-tech/oteldemo/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/monoscope-tech%2Foteldemo/sbom","scorecard":{"id":1239195,"data":{"date":"2025-10-25T06:56:47Z","repo":{"name":"github.com/monoscope-tech/oteldemo","commit":"0a84166567362e1d5c80bed800cea7c416b28b56"},"scorecard":{"version":"v5.3.0","commit":"c22063e786c11f9dd714d777a687ff7c4599b600"},"score":4.5,"checks":[{"name":"Maintained","score":0,"reason":"project was created within the last 90 days. Please review its contents carefully","details":["Warn: Repository was created within the last 90 days."],"documentation":{"short":"Determines if the project is \"actively maintained\".","url":"https://github.com/ossf/scorecard/blob/c22063e786c11f9dd714d777a687ff7c4599b600/docs/checks.md#maintained"}},{"name":"Dependency-Update-Tool","score":10,"reason":"update tool detected","details":["Info: detected update tool: Dependabot: .github/dependabot.yml:1"],"documentation":{"short":"Determines if the project uses a dependency update tool.","url":"https://github.com/ossf/scorecard/blob/c22063e786c11f9dd714d777a687ff7c4599b600/docs/checks.md#dependency-update-tool"}},{"name":"CI-Tests","score":-1,"reason":"no pull request found","details":null,"documentation":{"short":"Determines if the project runs tests before pull requests are merged.","url":"https://github.com/ossf/scorecard/blob/c22063e786c11f9dd714d777a687ff7c4599b600/docs/checks.md#ci-tests"}},{"name":"Dangerous-Workflow","score":10,"reason":"no dangerous workflow patterns detected","details":null,"documentation":{"short":"Determines if the project's GitHub Action workflows avoid dangerous patterns.","url":"https://github.com/ossf/scorecard/blob/c22063e786c11f9dd714d777a687ff7c4599b600/docs/checks.md#dangerous-workflow"}},{"name":"Code-Review","score":0,"reason":"Found 0/30 approved changesets -- score normalized to 0","details":null,"documentation":{"short":"Determines if the project requires human code review before pull requests (aka merge requests) are merged.","url":"https://github.com/ossf/scorecard/blob/c22063e786c11f9dd714d777a687ff7c4599b600/docs/checks.md#code-review"}},{"name":"Token-Permissions","score":10,"reason":"GitHub workflow tokens follow principle of least privilege","details":["Info: jobLevel 'contents' permission set to 'read': .github/workflows/build-images.yml:17","Warn: jobLevel 'packages' permission set to 'write': .github/workflows/build-images.yml:18","Info: jobLevel 'contents' permission set to 'read': .github/workflows/checks.yml:18","Warn: jobLevel 'packages' permission set to 'write': .github/workflows/checks.yml:19","Info: jobLevel 'contents' permission set to 'read': .github/workflows/component-build-images.yml:47","Warn: jobLevel 'contents' permission set to 'write': .github/workflows/dependabot-auto-update-protobuf-diff.yml:14","Info: jobLevel 'contents' permission set to 'read': .github/workflows/label-pr.yml:18","Info: jobLevel 'contents' permission set to 'read': .github/workflows/nightly-release.yml:16","Warn: jobLevel 'packages' permission set to 'write': .github/workflows/nightly-release.yml:17","Info: jobLevel 'contents' permission set to 'read': .github/workflows/release.yml:15","Warn: jobLevel 'packages' permission set to 'write': .github/workflows/release.yml:16","Info: topLevel 'contents' permission set to 'read': .github/workflows/assign-reviewers.yml:14","Info: topLevel 'contents' permission set to 'read': .github/workflows/build-images.yml:12","Info: topLevel 'contents' permission set to 'read': .github/workflows/checks.yml:13","Info: topLevel 'contents' permission set to 'read': .github/workflows/component-build-images.yml:29","Info: topLevel 'contents' permission set to 'read': .github/workflows/dependabot-auto-update-protobuf-diff.yml:9","Info: topLevel 'contents' permission set to 'read': .github/workflows/fossa.yml:12","Info: topLevel 'contents' permission set to 'read': .github/workflows/gradle-wrapper-validation.yml:13","Info: topLevel 'contents' permission set to 'read': .github/workflows/label-pr.yml:11","Info: topLevel 'contents' permission set to 'read': .github/workflows/nightly-release.yml:11","Info: topLevel permissions set to 'read-all': .github/workflows/ossf-scorecard.yml:14","Info: topLevel 'contents' permission set to 'read': .github/workflows/release.yml:10","Info: topLevel 'contents' permission set to 'read': .github/workflows/run-integration-tests.yml:11","Info: topLevel 'contents' permission set to 'read': .github/workflows/stale.yml:12"],"documentation":{"short":"Determines if the project's workflows follow the principle of least privilege.","url":"https://github.com/ossf/scorecard/blob/c22063e786c11f9dd714d777a687ff7c4599b600/docs/checks.md#token-permissions"}},{"name":"SAST","score":0,"reason":"no SAST tool detected","details":["Warn: no pull requests merged into dev branch"],"documentation":{"short":"Determines if the project uses static code analysis.","url":"https://github.com/ossf/scorecard/blob/c22063e786c11f9dd714d777a687ff7c4599b600/docs/checks.md#sast"}},{"name":"CII-Best-Practices","score":0,"reason":"no effort to earn an OpenSSF best practices badge detected","details":null,"documentation":{"short":"Determines if the project has an OpenSSF (formerly CII) Best Practices Badge.","url":"https://github.com/ossf/scorecard/blob/c22063e786c11f9dd714d777a687ff7c4599b600/docs/checks.md#cii-best-practices"}},{"name":"Binary-Artifacts","score":7,"reason":"binaries present in source code","details":["Warn: binary detected: src/ad/gradle/wrapper/gradle-wrapper.jar:1","Warn: binary detected: src/fraud-detection/gradle/wrapper/gradle-wrapper.jar:1","Warn: binary detected: src/react-native-app/android/gradle/wrapper/gradle-wrapper.jar:1"],"documentation":{"short":"Determines if the project has generated executable (binary) artifacts in the source repository.","url":"https://github.com/ossf/scorecard/blob/c22063e786c11f9dd714d777a687ff7c4599b600/docs/checks.md#binary-artifacts"}},{"name":"Signed-Releases","score":-1,"reason":"no releases found","details":null,"documentation":{"short":"Determines if the project cryptographically signs release artifacts.","url":"https://github.com/ossf/scorecard/blob/c22063e786c11f9dd714d777a687ff7c4599b600/docs/checks.md#signed-releases"}},{"name":"Packaging","score":-1,"reason":"packaging workflow not detected","details":["Warn: no GitHub/GitLab publishing workflow detected."],"documentation":{"short":"Determines if the project is published as a package that others can easily download, install, easily update, and uninstall.","url":"https://github.com/ossf/scorecard/blob/c22063e786c11f9dd714d777a687ff7c4599b600/docs/checks.md#packaging"}},{"name":"License","score":10,"reason":"license file detected","details":["Info: project has a license file: LICENSE:0","Info: FSF or OSI recognized license: Apache License 2.0: LICENSE:0"],"documentation":{"short":"Determines if the project has defined a license.","url":"https://github.com/ossf/scorecard/blob/c22063e786c11f9dd714d777a687ff7c4599b600/docs/checks.md#license"}},{"name":"Branch-Protection","score":0,"reason":"branch protection not enabled on development/release branches","details":["Warn: branch protection not enabled for branch 'main'"],"documentation":{"short":"Determines if the default and release branches are protected with GitHub's branch protection settings.","url":"https://github.com/ossf/scorecard/blob/c22063e786c11f9dd714d777a687ff7c4599b600/docs/checks.md#branch-protection"}},{"name":"Security-Policy","score":10,"reason":"security policy file detected","details":["Info: security policy file detected: github.com/monoscope-tech/.github/SECURITY.md:1","Info: Found linked content: github.com/monoscope-tech/.github/SECURITY.md:1","Info: Found disclosure, vulnerability, and/or timelines in security policy: github.com/monoscope-tech/.github/SECURITY.md:1","Info: Found text in security policy: github.com/monoscope-tech/.github/SECURITY.md:1"],"documentation":{"short":"Determines if the project has published a security policy.","url":"https://github.com/ossf/scorecard/blob/c22063e786c11f9dd714d777a687ff7c4599b600/docs/checks.md#security-policy"}},{"name":"Fuzzing","score":0,"reason":"project is not fuzzed","details":["Warn: no fuzzer integrations found"],"documentation":{"short":"Determines if the project uses fuzzing.","url":"https://github.com/ossf/scorecard/blob/c22063e786c11f9dd714d777a687ff7c4599b600/docs/checks.md#fuzzing"}},{"name":"Vulnerabilities","score":0,"reason":"31 existing vulnerabilities detected","details":["Warn: Project is vulnerable to: GHSA-35jh-r3h4-6jhm","Warn: Project is vulnerable to: GHSA-vj76-c3g6-qr5v","Warn: Project is vulnerable to: GHSA-3787-6prv-h9w3","Warn: Project is vulnerable to: GHSA-3cvr-822r-rqcc","Warn: Project is vulnerable to: GHSA-5r9g-qh6m-jxff","Warn: Project is vulnerable to: GHSA-8qr4-xgw6-wmr3","Warn: Project is vulnerable to: GHSA-9qxr-qj54-h672","Warn: Project is vulnerable to: GHSA-c76h-2ccp-4975","Warn: Project is vulnerable to: GHSA-cxrh-j4jr-qwg3","Warn: Project is vulnerable to: GHSA-f772-66g8-q5h3","Warn: Project is vulnerable to: GHSA-m4v8-wqvr-p9f7","Warn: Project is vulnerable to: GHSA-pgw7-wx7w-2w33","Warn: Project is vulnerable to: GHSA-q768-x9m6-m9qp","Warn: Project is vulnerable to: GHSA-r6ch-mqf9-qc9w","Warn: Project is vulnerable to: GHSA-wqq4-5wpv-mx2g","Warn: Project is vulnerable to: GHSA-47m2-26rw-j2jw","Warn: Project is vulnerable to: GHSA-6xw4-3v39-52mm","Warn: Project is vulnerable to: GHSA-p543-xpfm-54cp","Warn: Project is vulnerable to: GHSA-r657-rxjc-j557","Warn: Project is vulnerable to: GHSA-w9pc-fmgc-vxvw","Warn: Project is vulnerable to: GHSA-wpv5-97wm-hp9c","Warn: Project is vulnerable to: GHSA-mr3q-g2mv-mr4q","Warn: Project is vulnerable to: GHSA-v6h2-p8h4-qcjw","Warn: Project is vulnerable to: GHSA-c2f4-jgmc-q2r5","Warn: Project is vulnerable to: GHSA-968p-4wvh-cqc8","Warn: Project is vulnerable to: GHSA-pxg6-pf52-xh8x","Warn: Project is vulnerable to: GHSA-fjxv-7rqg-78g4","Warn: Project is vulnerable to: GHSA-m5qc-5hw7-8vg7","Warn: Project is vulnerable to: GHSA-76c9-3jph-rj3q","Warn: Project is vulnerable to: GHSA-m6fv-jmcg-4jfg","Warn: Project is vulnerable to: GHSA-52f5-9888-hmc6"],"documentation":{"short":"Determines if the project has open, known unfixed vulnerabilities.","url":"https://github.com/ossf/scorecard/blob/c22063e786c11f9dd714d777a687ff7c4599b600/docs/checks.md#vulnerabilities"}},{"name":"Contributors","score":10,"reason":"project has 44 contributing companies or organizations","details":["Info: found contributions from: Azure, CloudNativeLinz, Deakin, FluidTYPO3, Kyorai, WebarchClub, adoptingerlang, alpaca-lang, altinity, appdynamics @cisco @splunk, aws @opensearch-project, causely-oss, census-instrumentation, cisco, cisco / @appdynamics / @dashbase, cisco-open, datadog, dbt-labs, deakin university, dynatrace, dynatrace-oss, elastic, elli-lib, erlware, grab, grafana, grafana labs, honeycombio, howistart, ibm, jmxtrans, lightstep, luci systems, magento, microsoft, mydecisiveai, open-telemetry, opencensus-beam, opensearch-project, opentracing, opentracing-contrib, rebar, splunk, websightgmbh"],"documentation":{"short":"Determines if the project has a set of contributors from multiple organizations (e.g., companies).","url":"https://github.com/ossf/scorecard/blob/c22063e786c11f9dd714d777a687ff7c4599b600/docs/checks.md#contributors"}},{"name":"Pinned-Dependencies","score":1,"reason":"dependency not pinned by hash detected -- score normalized to 1","details":["Warn: third-party GitHubAction not pinned by hash: .github/workflows/assign-reviewers.yml:23: update your workflow using https://app.stepsecurity.io/secureworkflow/monoscope-tech/oteldemo/assign-reviewers.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/checks.yml:71: update your workflow using https://app.stepsecurity.io/secureworkflow/monoscope-tech/oteldemo/checks.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/checks.yml:79: update your workflow using https://app.stepsecurity.io/secureworkflow/monoscope-tech/oteldemo/checks.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/checks.yml:29: update your workflow using https://app.stepsecurity.io/secureworkflow/monoscope-tech/oteldemo/checks.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/checks.yml:39: update your workflow using https://app.stepsecurity.io/secureworkflow/monoscope-tech/oteldemo/checks.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/checks.yml:40: update your workflow using https://app.stepsecurity.io/secureworkflow/monoscope-tech/oteldemo/checks.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/checks.yml:52: update your workflow using https://app.stepsecurity.io/secureworkflow/monoscope-tech/oteldemo/checks.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/checks.yml:60: update your workflow using https://app.stepsecurity.io/secureworkflow/monoscope-tech/oteldemo/checks.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/checks.yml:62: update your workflow using https://app.stepsecurity.io/secureworkflow/monoscope-tech/oteldemo/checks.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/component-build-images.yml:36: update your workflow using https://app.stepsecurity.io/secureworkflow/monoscope-tech/oteldemo/component-build-images.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/component-build-images.yml:147: update your workflow using https://app.stepsecurity.io/secureworkflow/monoscope-tech/oteldemo/component-build-images.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/component-build-images.yml:178: update your workflow using https://app.stepsecurity.io/secureworkflow/monoscope-tech/oteldemo/component-build-images.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/component-build-images.yml:185: update your workflow using https://app.stepsecurity.io/secureworkflow/monoscope-tech/oteldemo/component-build-images.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/component-build-images.yml:192: update your workflow using https://app.stepsecurity.io/secureworkflow/monoscope-tech/oteldemo/component-build-images.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/component-build-images.yml:196: update your workflow using https://app.stepsecurity.io/secureworkflow/monoscope-tech/oteldemo/component-build-images.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/component-build-images.yml:203: update your workflow using https://app.stepsecurity.io/secureworkflow/monoscope-tech/oteldemo/component-build-images.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/dependabot-auto-update-protobuf-diff.yml:21: update your workflow using https://app.stepsecurity.io/secureworkflow/monoscope-tech/oteldemo/dependabot-auto-update-protobuf-diff.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/gradle-wrapper-validation.yml:19: update your workflow using https://app.stepsecurity.io/secureworkflow/monoscope-tech/oteldemo/gradle-wrapper-validation.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/gradle-wrapper-validation.yml:21: update your workflow using https://app.stepsecurity.io/secureworkflow/monoscope-tech/oteldemo/gradle-wrapper-validation.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/label-pr.yml:21: update your workflow using https://app.stepsecurity.io/secureworkflow/monoscope-tech/oteldemo/label-pr.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/label-pr.yml:25: update your workflow using https://app.stepsecurity.io/secureworkflow/monoscope-tech/oteldemo/label-pr.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/label-pr.yml:41: update your workflow using https://app.stepsecurity.io/secureworkflow/monoscope-tech/oteldemo/label-pr.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/label-pr.yml:54: update your workflow using https://app.stepsecurity.io/secureworkflow/monoscope-tech/oteldemo/label-pr.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/run-integration-tests.yml:20: update your workflow using https://app.stepsecurity.io/secureworkflow/monoscope-tech/oteldemo/run-integration-tests.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/stale.yml:21: update your workflow using https://app.stepsecurity.io/secureworkflow/monoscope-tech/oteldemo/stale.yml/main?enable=pin","Warn: containerImage not pinned by hash: src/accounting/Dockerfile:4: pin your Docker image by updating mcr.microsoft.com/dotnet/sdk:8.0 to mcr.microsoft.com/dotnet/sdk:8.0@sha256:f2f0cb3af991eb6959c8a20551b0152f10cce61354c089dd863a7b72c0f00fea","Warn: containerImage not pinned by hash: src/accounting/Dockerfile:17","Warn: containerImage not pinned by hash: src/accounting/Dockerfile:24: pin your Docker image by updating mcr.microsoft.com/dotnet/aspnet:8.0 to mcr.microsoft.com/dotnet/aspnet:8.0@sha256:590a934508c35c2ef61203ded76f088f5ec6263b863b55d3deaea8fc2d6b55a6","Warn: containerImage not pinned by hash: src/ad/Dockerfile:5: pin your Docker image by updating eclipse-temurin:21-jdk to eclipse-temurin:21-jdk@sha256:7d1d666ddafac14da0ded6b4b076becf76cf88b31f9d7953a76555cc82f86511","Warn: containerImage not pinned by hash: src/ad/Dockerfile:23: pin your Docker image by updating eclipse-temurin:21-jre to eclipse-temurin:21-jre@sha256:66bb900643426ad01996d25bada7d56751913f9cec3b827fcb715d2ec9a0fbfc","Warn: containerImage not pinned by hash: src/cart/src/Dockerfile:18: pin your Docker image by updating mcr.microsoft.com/dotnet/sdk:8.0 to mcr.microsoft.com/dotnet/sdk:8.0@sha256:f2f0cb3af991eb6959c8a20551b0152f10cce61354c089dd863a7b72c0f00fea","Warn: containerImage not pinned by hash: src/cart/src/Dockerfile:33: pin your Docker image by updating mcr.microsoft.com/dotnet/runtime-deps:8.0-alpine3.20 to mcr.microsoft.com/dotnet/runtime-deps:8.0-alpine3.20@sha256:584044431ade72d7af4fd7305462305a24b1bc6ae1bf3c2d96a41151ed39e9af","Warn: containerImage not pinned by hash: src/checkout/Dockerfile:5: pin your Docker image by updating golang:1.24-bookworm to golang:1.24-bookworm@sha256:e400aebe4e96e1d52b510fb7a82c417d9377f595f0160eb1bd979d441711d20c","Warn: containerImage not pinned by hash: src/checkout/Dockerfile:21: pin your Docker image by updating gcr.io/distroless/static-debian12:nonroot to gcr.io/distroless/static-debian12:nonroot@sha256:e8a4044e0b4ae4257efa45fc026c0bc30ad320d43bd4c1a7d5271bd241e386d0","Warn: containerImage not pinned by hash: src/checkout/genproto/Dockerfile:4: pin your Docker image by updating golang:1.24-alpine to golang:1.24-alpine@sha256:8f8959f38530d159bf71d0b3eb0c547dc61e7959d8225d1599cf762477384923","Warn: containerImage not pinned by hash: src/currency/Dockerfile:17: pin your Docker image by updating docker.io/library/alpine:3.21 to docker.io/library/alpine:3.21@sha256:5405e8f36ce1878720f71217d664aa3dea32e5e5df11acbf07fc78ef5661465b","Warn: containerImage not pinned by hash: src/currency/Dockerfile:22","Warn: containerImage not pinned by hash: src/currency/Dockerfile:52","Warn: containerImage not pinned by hash: src/currency/genproto/Dockerfile:17: pin your Docker image by updating docker.io/library/alpine:3.21 to docker.io/library/alpine:3.21@sha256:5405e8f36ce1878720f71217d664aa3dea32e5e5df11acbf07fc78ef5661465b","Warn: containerImage not pinned by hash: src/email/Dockerfile:5: pin your Docker image by updating docker.io/library/ruby:3.4.4-alpine3.22 to docker.io/library/ruby:3.4.4-alpine3.22@sha256:81096866ac15f906adc79867da3ed97a2aa271d6149363e216a174701345c53b","Warn: containerImage not pinned by hash: src/email/Dockerfile:14: pin your Docker image by updating docker.io/library/ruby:3.4.4-alpine3.22 to docker.io/library/ruby:3.4.4-alpine3.22@sha256:81096866ac15f906adc79867da3ed97a2aa271d6149363e216a174701345c53b","Warn: containerImage not pinned by hash: src/flagd-ui/Dockerfile:24","Warn: containerImage not pinned by hash: src/flagd-ui/Dockerfile:71","Warn: containerImage not pinned by hash: src/fraud-detection/Dockerfile:5: pin your Docker image by updating gradle:8-jdk17 to gradle:8-jdk17@sha256:809c5f212631307505cafb8200a2dc6d42d3833fac11866eb947376fd2ec1fe8","Warn: containerImage not pinned by hash: src/fraud-detection/Dockerfile:16: pin your Docker image by updating gcr.io/distroless/java17-debian12:nonroot to gcr.io/distroless/java17-debian12:nonroot@sha256:14c2d21c547fadc7bf84daa67a59cb8882a1f522d6c7ae445a98064a9a069b04","Warn: containerImage not pinned by hash: src/frontend-proxy/Dockerfile:4: pin your Docker image by updating envoyproxy/envoy:v1.34-latest to envoyproxy/envoy:v1.34-latest@sha256:3343a698c1bdfdbb174f1bd907dea789d728692f4f99a943e3e6f0bc5ef6513f","Warn: containerImage not pinned by hash: src/frontend/Dockerfile:4: pin your Docker image by updating docker.io/library/node:22-slim to docker.io/library/node:22-slim@sha256:f9f7f95dcf1f007b007c4dcd44ea8f7773f931b71dc79d57c216e731c87a090b","Warn: containerImage not pinned by hash: src/frontend/Dockerfile:34: pin your Docker image by updating docker.io/library/node:22-slim to docker.io/library/node:22-slim@sha256:f9f7f95dcf1f007b007c4dcd44ea8f7773f931b71dc79d57c216e731c87a090b","Warn: containerImage not pinned by hash: src/frontend/Dockerfile:45: pin your Docker image by updating gcr.io/distroless/nodejs22-debian12:nonroot to gcr.io/distroless/nodejs22-debian12:nonroot@sha256:13cb824ba0b153e180d7a14959dc4a39f5b62fa860b24bbf51c43ee32341bd1e","Warn: containerImage not pinned by hash: src/frontend/Dockerfile.cypress:1: pin your Docker image by updating cypress/included:14.5.0 to cypress/included:14.5.0@sha256:a807b075fab789a06d3b4618052bb59574c777093d9537e5587c853294f028b4","Warn: containerImage not pinned by hash: src/frontend/genproto/Dockerfile:4: pin your Docker image by updating node:22-alpine to node:22-alpine@sha256:bd26af08779f746650d95a2e4d653b0fd3c8030c44284b6b98d701c9b5eb66b9","Warn: containerImage not pinned by hash: src/image-provider/Dockerfile:4: pin your Docker image by updating nginxinc/nginx-unprivileged:1.29.0-alpine3.22-otel to nginxinc/nginx-unprivileged:1.29.0-alpine3.22-otel@sha256:5a41b6424e817a6c97c057e4be7fb8fdc19ec95845c784487dee1fa795ef4d03","Warn: containerImage not pinned by hash: src/kafka/Dockerfile:5: pin your Docker image by updating apache/kafka:3.9.1 to apache/kafka:3.9.1@sha256:4ceccc577f03f51f6af8dbfda55194d0d892f4fa7913ffbded567ce3895622ed","Warn: containerImage not pinned by hash: src/load-generator/Dockerfile:5: pin your Docker image by updating python:3.12-slim-bookworm to python:3.12-slim-bookworm@sha256:3291ae895c4a3af495196e48292a19fad4ea7ce82528b91cca64961a4d04f538","Warn: containerImage not pinned by hash: src/load-generator/Dockerfile:7","Warn: containerImage not pinned by hash: src/load-generator/Dockerfile:15","Warn: containerImage not pinned by hash: src/opensearch/Dockerfile:4: pin your Docker image by updating opensearchproject/opensearch:3.2.0 to opensearchproject/opensearch:3.2.0@sha256:23297b8d8545e129dd58c254ed08d786dc552410ba772983ad2af31048d2f04b","Warn: containerImage not pinned by hash: src/payment/Dockerfile:5: pin your Docker image by updating docker.io/library/node:22-slim to docker.io/library/node:22-slim@sha256:f9f7f95dcf1f007b007c4dcd44ea8f7773f931b71dc79d57c216e731c87a090b","Warn: containerImage not pinned by hash: src/payment/Dockerfile:16: pin your Docker image by updating gcr.io/distroless/nodejs22-debian12:nonroot to gcr.io/distroless/nodejs22-debian12:nonroot@sha256:13cb824ba0b153e180d7a14959dc4a39f5b62fa860b24bbf51c43ee32341bd1e","Warn: containerImage not pinned by hash: src/postgres/Dockerfile:4: pin your Docker image by updating postgres:17.6 to postgres:17.6@sha256:b480430782a9bd1c8a6835fb5b70f89f34a70132c2f6182e534f65688bce063b","Warn: containerImage not pinned by hash: src/product-catalog/Dockerfile:5: pin your Docker image by updating golang:1.24-bookworm to golang:1.24-bookworm@sha256:e400aebe4e96e1d52b510fb7a82c417d9377f595f0160eb1bd979d441711d20c","Warn: containerImage not pinned by hash: src/product-catalog/Dockerfile:20: pin your Docker image by updating gcr.io/distroless/static-debian12:nonroot to gcr.io/distroless/static-debian12:nonroot@sha256:e8a4044e0b4ae4257efa45fc026c0bc30ad320d43bd4c1a7d5271bd241e386d0","Warn: containerImage not pinned by hash: src/product-catalog/genproto/Dockerfile:4: pin your Docker image by updating golang:1.24-alpine to golang:1.24-alpine@sha256:8f8959f38530d159bf71d0b3eb0c547dc61e7959d8225d1599cf762477384923","Warn: containerImage not pinned by hash: src/quote/Dockerfile:5: pin your Docker image by updating ghcr.io/mlocati/php-extension-installer:2.9.11 to ghcr.io/mlocati/php-extension-installer:2.9.11@sha256:693f97d7f4c9ea8022bbddeb45abdbd1599714ff1f187fe5d13c12b2e95eb5f9","Warn: containerImage not pinned by hash: src/quote/Dockerfile:7: pin your Docker image by updating docker.io/library/composer:2.8.12 to docker.io/library/composer:2.8.12@sha256:23b68157c13e1bcc91908f5119da5537cf908983bb35bb2424f461ca5440d3e6","Warn: containerImage not pinned by hash: src/quote/Dockerfile:21: pin your Docker image by updating docker.io/library/php:8.4-cli-alpine3.22 to docker.io/library/php:8.4-cli-alpine3.22@sha256:99fd4ff2531035e737e6c7ddfbf033b2b63f2810f1a4f4318e3f57b7ff227a51","Warn: containerImage not pinned by hash: src/react-native-app/android.Dockerfile:9: pin your Docker image by updating reactnativecommunity/react-native-android:v13.2.1 to reactnativecommunity/react-native-android:v13.2.1@sha256:3fabecd4a5a4d5e0d2de1518a86d3bfbc3bab0397b1a81734331fa92c225a1e0","Warn: containerImage not pinned by hash: src/recommendation/Dockerfile:5: pin your Docker image by updating docker.io/library/python:3.12-alpine3.22 to docker.io/library/python:3.12-alpine3.22@sha256:d82291d418d5c47f267708393e40599ae836f2260b0519dd38670e9d281657f5","Warn: containerImage not pinned by hash: src/recommendation/Dockerfile:17: pin your Docker image by updating docker.io/library/python:3.12-alpine3.22 to docker.io/library/python:3.12-alpine3.22@sha256:d82291d418d5c47f267708393e40599ae836f2260b0519dd38670e9d281657f5","Warn: containerImage not pinned by hash: src/recommendation/genproto/Dockerfile:4: pin your Docker image by updating python:3.12-slim-bookworm to python:3.12-slim-bookworm@sha256:3291ae895c4a3af495196e48292a19fad4ea7ce82528b91cca64961a4d04f538","Warn: containerImage not pinned by hash: src/shipping/Dockerfile:5: pin your Docker image by updating docker.io/library/rust:1.88 to docker.io/library/rust:1.88@sha256:af306cfa71d987911a781c37b59d7d67d934f49684058f96cf72079c3626bfe0","Warn: containerImage not pinned by hash: src/shipping/Dockerfile:37: pin your Docker image by updating gcr.io/distroless/cc-debian12:nonroot to gcr.io/distroless/cc-debian12:nonroot@sha256:189bd2ce1f7750193c2c10220d9201ba38c11e30fbb75b036606829fadbc81b1","Warn: containerImage not pinned by hash: test/tracetesting/Dockerfile:5: pin your Docker image by updating alpine to alpine@sha256:4b7ce07002c69e8f3d704a9c5d6fd3053be500b7f1c69fc0d80990c2ad8dd412","Warn: nugetCommand not pinned by hash: src/accounting/Dockerfile:10: pin your dependecies by either enabling central package management (https://learn.microsoft.com/nuget/consume-packages/Central-Package-Management) or using a lockfile (https://learn.microsoft.com/nuget/consume-packages/package-references-in-project-files#locking-dependencies)","Warn: nugetCommand not pinned by hash: src/cart/src/Dockerfile:26: pin your dependecies by either enabling central package management (https://learn.microsoft.com/nuget/consume-packages/Central-Package-Management) or using a lockfile (https://learn.microsoft.com/nuget/consume-packages/package-references-in-project-files#locking-dependencies)","Warn: pipCommand not pinned by hash: src/load-generator/Dockerfile:13","Warn: npmCommand not pinned by hash: src/react-native-app/android.Dockerfile:14","Warn: pipCommand not pinned by hash: src/recommendation/Dockerfile:12-13","Warn: pipCommand not pinned by hash: src/recommendation/genproto/Dockerfile:8","Warn: downloadThenRun not pinned by hash: test/tracetesting/Dockerfile:13","Warn: npmCommand not pinned by hash: .github/workflows/checks.yml:32","Info:   4 out of  20 GitHub-owned GitHubAction dependencies pinned","Info:   2 out of  11 third-party GitHubAction dependencies pinned","Info:   0 out of   1 downloadThenRun dependencies pinned","Info:   0 out of  48 containerImage dependencies pinned","Info:   0 out of   2 nugetCommand dependencies pinned","Info:   2 out of   2 goCommand dependencies pinned","Info:   4 out of   6 npmCommand dependencies pinned","Info:   0 out of   3 pipCommand dependencies pinned"],"documentation":{"short":"Determines if the project has declared and pinned the dependencies of its build process.","url":"https://github.com/ossf/scorecard/blob/c22063e786c11f9dd714d777a687ff7c4599b600/docs/checks.md#pinned-dependencies"}}]},"last_synced_at":"2025-10-25T08:40:42.801Z","repository_id":320682119,"created_at":"2025-10-25T08:40:42.801Z","updated_at":"2025-10-25T08:40:42.801Z"},"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":28606385,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-01-20T14:45:23.139Z","status":"ssl_error","status_checked_at":"2026-01-20T14:44:16.929Z","response_time":117,"last_error":"SSL_connect returned=1 errno=0 peeraddr=140.82.121.5:443 state=error: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2026-01-20T16:06:27.090Z","updated_at":"2026-01-20T16:06:28.295Z","avatar_url":"https://github.com/monoscope-tech.png","language":"TypeScript","funding_links":[],"categories":[],"sub_categories":[],"readme":"\u003c!-- markdownlint-disable-next-line --\u003e\n# \u003cimg src=\"https://opentelemetry.io/img/logos/opentelemetry-logo-nav.png\" alt=\"OTel logo\" width=\"45\"\u003e OpenTelemetry Demo\n\n[![Slack](https://img.shields.io/badge/slack-@cncf/otel/demo-brightgreen.svg?logo=slack)](https://cloud-native.slack.com/archives/C03B4CWV4DA)\n[![Version](https://img.shields.io/github/v/release/open-telemetry/opentelemetry-demo?color=blueviolet)](https://github.com/open-telemetry/opentelemetry-demo/releases)\n[![Commits](https://img.shields.io/github/commits-since/open-telemetry/opentelemetry-demo/latest?color=ff69b4\u0026include_prereleases)](https://github.com/open-telemetry/opentelemetry-demo/graphs/commit-activity)\n[![Downloads](https://img.shields.io/docker/pulls/otel/demo)](https://hub.docker.com/r/otel/demo)\n[![License](https://img.shields.io/badge/License-Apache_2.0-blue.svg?color=red)](https://github.com/open-telemetry/opentelemetry-demo/blob/main/LICENSE)\n[![Integration Tests](https://github.com/open-telemetry/opentelemetry-demo/actions/workflows/run-integration-tests.yml/badge.svg)](https://github.com/open-telemetry/opentelemetry-demo/actions/workflows/run-integration-tests.yml)\n[![Artifact Hub](https://img.shields.io/endpoint?url=https://artifacthub.io/badge/repository/opentelemetry-demo)](https://artifacthub.io/packages/helm/opentelemetry-helm/opentelemetry-demo)\n[![OpenSSF Best Practices](https://www.bestpractices.dev/projects/9247/badge)](https://www.bestpractices.dev/en/projects/9247)\n\n## Welcome to the OpenTelemetry Astronomy Shop Demo\n\nThis repository contains the OpenTelemetry Astronomy Shop, a microservice-based\ndistributed system intended to illustrate the implementation of OpenTelemetry in\na near real-world environment.\n\nOur goals are threefold:\n\n- Provide a realistic example of a distributed system that can be used to\n  demonstrate OpenTelemetry instrumentation and observability.\n- Build a base for vendors, tooling authors, and others to extend and\n  demonstrate their OpenTelemetry integrations.\n- Create a living example for OpenTelemetry contributors to use for testing new\n  versions of the API, SDK, and other components or enhancements.\n\nWe've already made [huge\nprogress](https://github.com/open-telemetry/opentelemetry-demo/blob/main/CHANGELOG.md),\nand development is ongoing. We hope to represent the full feature set of\nOpenTelemetry across its languages in the future.\n\nIf you'd like to help (**which we would love**), check out our [contributing\nguidance](./CONTRIBUTING.md).\n\nIf you'd like to extend this demo or maintain a fork of it, read our\n[fork guidance](https://opentelemetry.io/docs/demo/forking/).\n\n## Quick start\n\nYou can be up and running with the demo in a few minutes. Check out the docs for\nyour preferred deployment method:\n\n- [Docker](https://opentelemetry.io/docs/demo/docker_deployment/)\n- [Kubernetes](https://opentelemetry.io/docs/demo/kubernetes_deployment/)\n\n## Documentation\n\nFor detailed documentation, see [Demo Documentation][docs]. If you're curious\nabout a specific feature, the [docs landing page][docs] can point you in the\nright direction.\n\n## Demos featuring the Astronomy Shop\n\nWe welcome any vendor to fork the project to demonstrate their services and\nadding a link below. The community is committed to maintaining the project and\nkeeping it up to date for you.\n\n|                           |                |                                  |\n|---------------------------|----------------|----------------------------------|\n| [AlibabaCloud LogService] | [Elastic]      | [Oracle]                         |\n| [Apache Doris]            | [Google Cloud] | [Parseable]                      |\n| [AppDynamics]             | [Grafana Labs] | [Sentry]                         |\n| [Aspecto]                 | [Guance]       | [ServiceNow Cloud Observability] |\n| [Axiom]                   | [Honeycomb.io] | [SigNoz]                         |\n| [Axoflow]                 | [Instana]      | [Splunk]                         |\n| [Azure Data Explorer]     | [Kloudfuse]    | [Sumo Logic]                     |\n| [Causely]                 | [Last9]        | [TelemetryHub]                   |\n| [ClickStack]              | [Liatrio]      | [Teletrace]                      |\n| [Coralogix]               | [Logz.io]      | [Tinybird]                       |\n| [Dash0]                   | [New Relic]    | [Tracetest]                      |\n| [Datadog]                 | [OpenObserve]  | [Uptrace]                        |\n| [Dynatrace]               | [OpenSearch]   | [VictoriaMetrics]                |\n\n## Contributing\n\nTo get involved with the project see our [CONTRIBUTING](CONTRIBUTING.md)\ndocumentation. Our [SIG Calls](CONTRIBUTING.md#join-a-sig-call) are every other\nWednesday at 8:30 AM PST and anyone is welcome.\n\n### Maintainers\n\n- [Juliano Costa](https://github.com/julianocosta89), Datadog\n- [Mikko Viitanen](https://github.com/mviitane), Dynatrace\n- [Pierre Tessier](https://github.com/puckpuck), Honeycomb\n- [Roger Coll](https://github.com/rogercoll), Elastic\n\nFor more information about the maintainer role, see the [community repository](https://github.com/open-telemetry/community/blob/main/guides/contributor/membership.md#maintainer).\n\n### Approvers\n\n- [Cedric Ziel](https://github.com/cedricziel), Grafana Labs\n- [Shenoy Pratik](https://github.com/ps48), AWS OpenSearch\n\nFor more information about the approver role, see the [community repository](https://github.com/open-telemetry/community/blob/main/guides/contributor/membership.md#approver).\n\n### Emeritus\n\n- [Austin Parker](https://github.com/austinlparker)\n- [Carter Socha](https://github.com/cartersocha)\n- [Michael Maxwell](https://github.com/mic-max)\n- [Morgan McLean](https://github.com/mtwo)\n- [Penghan Wang](https://github.com/wph95)\n- [Reiley Yang](https://github.com/reyang)\n- [Ziqi Zhao](https://github.com/fatsheep9146)\n\nFor more information about the emeritus role, see the [community repository](https://github.com/open-telemetry/community/blob/main/guides/contributor/membership.md#emeritus-maintainerapprovertriager).\n\n### Thanks to all the people who have contributed\n\n[![contributors](https://contributors-img.web.app/image?repo=open-telemetry/opentelemetry-demo)](https://github.com/open-telemetry/opentelemetry-demo/graphs/contributors)\n\n[docs]: https://opentelemetry.io/docs/demo/\n\n\u003c!-- Links for Demos featuring the Astronomy Shop section --\u003e\n\n[AlibabaCloud LogService]: https://github.com/aliyun-sls/opentelemetry-demo\n[AppDynamics]: https://community.splunk.com/t5/AppDynamics-Knowledge-Base/How-to-observe-Kubernetes-deployment-of-OpenTelemetry-demo-app/ta-p/741454\n[Apache Doris]: https://github.com/apache/doris-opentelemetry-demo\n[Aspecto]: https://github.com/aspecto-io/opentelemetry-demo\n[Axiom]: https://play.axiom.co/axiom-play-qf1k/dashboards/otel.traces.otel-demo-traces\n[Axoflow]: https://axoflow.com/opentelemetry-support-in-more-detail-in-axosyslog-and-syslog-ng/\n[Azure Data Explorer]: https://github.com/Azure/Azure-kusto-opentelemetry-demo\n[Causely]: https://github.com/causely-oss/otel-demo\n[ClickStack]: https://github.com/ClickHouse/opentelemetry-demo\n[Coralogix]: https://coralogix.com/blog/configure-otel-demo-send-telemetry-data-coralogix\n[Dash0]: https://github.com/dash0hq/opentelemetry-demo\n[Datadog]: https://docs.datadoghq.com/opentelemetry/guide/otel_demo_to_datadog\n[Dynatrace]: https://www.dynatrace.com/news/blog/opentelemetry-demo-application-with-dynatrace/\n[Elastic]: https://github.com/elastic/opentelemetry-demo\n[Google Cloud]: https://github.com/GoogleCloudPlatform/opentelemetry-demo\n[Grafana Labs]: https://github.com/grafana/opentelemetry-demo\n[Guance]: https://github.com/GuanceCloud/opentelemetry-demo\n[Honeycomb.io]: https://github.com/honeycombio/opentelemetry-demo\n[Instana]: https://github.com/instana/opentelemetry-demo\n[Kloudfuse]: https://github.com/kloudfuse/opentelemetry-demo\n[Last9]: https://last9.io/docs/integrations-opentelemetry-demo/\n[Liatrio]: https://github.com/liatrio/opentelemetry-demo\n[Logz.io]: https://logz.io/learn/how-to-run-opentelemetry-demo-with-logz-io/\n[New Relic]: https://github.com/newrelic/opentelemetry-demo\n[OpenSearch]: https://github.com/opensearch-project/opentelemetry-demo\n[OpenObserve]: https://openobserve.ai/blog/opentelemetry-astronomy-shop-demo/\n[Oracle]: https://github.com/oracle-quickstart/oci-o11y-solutions/blob/main/knowledge-content/opentelemetry-demo\n[Parseable]: https://www.parseable.com/blog/open-telemetry-demo-with-parseable-a-complete-observability-setup\n[Sentry]: https://github.com/getsentry/opentelemetry-demo\n[ServiceNow Cloud Observability]: https://docs.lightstep.com/otel/quick-start-operator#send-data-from-the-opentelemetry-demo\n[SigNoz]: https://signoz.io/blog/opentelemetry-demo/\n[Splunk]: https://github.com/signalfx/opentelemetry-demo\n[Sumo Logic]: https://www.sumologic.com/blog/common-opentelemetry-demo-application/\n[TelemetryHub]: https://github.com/TelemetryHub/opentelemetry-demo/tree/telemetryhub-backend\n[Teletrace]: https://github.com/teletrace/opentelemetry-demo\n[Tinybird]: https://github.com/tinybirdco/opentelemetry-demo\n[Tracetest]: https://github.com/kubeshop/opentelemetry-demo\n[Uptrace]: https://github.com/uptrace/uptrace/tree/master/example/opentelemetry-demo\n[VictoriaMetrics]: https://github.com/VictoriaMetrics-Community/opentelemetry-demo\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fmonoscope-tech%2Foteldemo","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fmonoscope-tech%2Foteldemo","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fmonoscope-tech%2Foteldemo/lists"}