{"id":15034425,"url":"https://github.com/px4/px4-autopilot","last_synced_at":"2026-05-13T21:02:03.110Z","repository":{"id":4181911,"uuid":"5298790","full_name":"PX4/PX4-Autopilot","owner":"PX4","description":"PX4 Autopilot Software","archived":false,"fork":false,"pushed_at":"2026-05-08T21:52:31.000Z","size":546561,"stargazers_count":11672,"open_issues_count":1463,"forks_count":15409,"subscribers_count":469,"default_branch":"main","last_synced_at":"2026-05-08T22:40:26.317Z","etag":null,"topics":["autonomous","autopilot","avoidance","dds","drone","dronecode","drones","fixed-wing","mavlink","mavros","multicopter","pixhawk","px4","qgroundcontrol","ros","ros2","uas","uav","ugv"],"latest_commit_sha":null,"homepage":"https://px4.io","language":"C++","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"bsd-3-clause","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/PX4.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":"CONTRIBUTING.md","funding":null,"license":"LICENSE","code_of_conduct":"CODE_OF_CONDUCT.md","threat_model":null,"audit":null,"citation":"CITATION.cff","codeowners":null,"security":"SECURITY.md","support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":"MAINTAINERS.md","copyright":null,"agents":null,"dco":null,"cla":null}},"created_at":"2012-08-04T21:19:36.000Z","updated_at":"2026-05-08T15:15:33.000Z","dependencies_parsed_at":"2023-07-12T13:55:21.512Z","dependency_job_id":"ac0bbfbd-8ae3-40e5-94c1-d450d621ca50","html_url":"https://github.com/PX4/PX4-Autopilot","commit_stats":{"total_commits":40518,"total_committers":857,"mean_commits":47.27887981330222,"dds":0.8508070487190877,"last_synced_commit":"22a38c0c6dc10ff51f0cf51a70d7f57eee043606"},"previous_names":["px4/firmware"],"tags_count":162,"template":false,"template_full_name":null,"purl":"pkg:github/PX4/PX4-Autopilot","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/PX4%2FPX4-Autopilot","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/PX4%2FPX4-Autopilot/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/PX4%2FPX4-Autopilot/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/PX4%2FPX4-Autopilot/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/PX4","download_url":"https://codeload.github.com/PX4/PX4-Autopilot/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/PX4%2FPX4-Autopilot/sbom","scorecard":{"id":107145,"data":{"date":"2025-08-11","repo":{"name":"github.com/PX4/PX4-Autopilot","commit":"f161a32c55b5a979a02100433eb7339749dc6a77"},"scorecard":{"version":"v5.2.1-40-gf6ed084d","commit":"f6ed084d17c9236477efd66e5b258b9d4cc7b389"},"score":3.7,"checks":[{"name":"Code-Review","score":6,"reason":"Found 17/28 approved changesets -- score normalized to 6","details":null,"documentation":{"short":"Determines if the project requires human code review before pull requests (aka merge requests) are merged.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#code-review"}},{"name":"Maintained","score":10,"reason":"30 commit(s) and 5 issue activity found in the last 90 days -- score normalized to 10","details":null,"documentation":{"short":"Determines if the project is \"actively maintained\".","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#maintained"}},{"name":"Security-Policy","score":4,"reason":"security policy file detected","details":["Info: security policy file detected: SECURITY.md:1","Warn: no linked content found","Info: Found disclosure, vulnerability, and/or timelines in security policy: SECURITY.md:1","Info: Found text in security policy: SECURITY.md:1"],"documentation":{"short":"Determines if the project has published a security policy.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#security-policy"}},{"name":"License","score":10,"reason":"license file detected","details":["Info: project has a license file: LICENSE:0","Info: FSF or OSI recognized license: BSD 3-Clause \"New\" or \"Revised\" License: LICENSE:0"],"documentation":{"short":"Determines if the project has defined a license.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#license"}},{"name":"CII-Best-Practices","score":2,"reason":"badge detected: InProgress","details":null,"documentation":{"short":"Determines if the project has an OpenSSF (formerly CII) Best Practices Badge.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#cii-best-practices"}},{"name":"Dangerous-Workflow","score":0,"reason":"dangerous workflow patterns detected","details":["Warn: script injection with untrusted input '\n  github.event_name == 'pull_request' \u0026\u0026\n  format('pr-{0}', github.event.pull_request.number) ||\n  github.head_ref ||\n  github.ref_name\n': .github/workflows/build_all_targets.yml:57","Warn: untrusted code checkout '${{ github.event.pull_request.head.sha }}': .github/workflows/docs_flaw_checker.yml:16"],"documentation":{"short":"Determines if the project's GitHub Action workflows avoid dangerous patterns.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#dangerous-workflow"}},{"name":"Token-Permissions","score":0,"reason":"detected GitHub workflow tokens with excessive permissions","details":["Warn: jobLevel 'contents' permission set to 'write': .github/workflows/build_all_targets.yml:157","Info: jobLevel 'contents' permission set to 'read': .github/workflows/dev_container.yml:139","Info: jobLevel 'contents' permission set to 'read': .github/workflows/dev_container.yml:41","Info: jobLevel 'contents' permission set to 'read': .github/workflows/dev_container.yml:78","Info: jobLevel 'contents' permission set to 'read': .github/workflows/label.yml:15","Warn: no topLevel permission defined: .github/workflows/build_all_targets.yml:1","Warn: no topLevel permission defined: .github/workflows/checks.yml:1","Warn: no topLevel permission defined: .github/workflows/clang-tidy.yml:1","Warn: no topLevel permission defined: .github/workflows/compile_macos.yml:1","Warn: no topLevel permission defined: .github/workflows/compile_ubuntu.yml:1","Warn: no topLevel permission defined: .github/workflows/dev_container.yml:1","Warn: topLevel 'contents' permission set to 'write': .github/workflows/docs_crowdin_download.yml:11","Warn: no topLevel permission defined: .github/workflows/docs_crowdin_upload.yml:1","Info: topLevel 'contents' permission set to 'read': .github/workflows/docs_deploy.yml:21","Warn: no topLevel permission defined: .github/workflows/docs_flaw_checker.yml:1","Warn: no topLevel permission defined: .github/workflows/docs_pr_comment.yml:1","Warn: no topLevel permission defined: .github/workflows/ekf_functional_change_indicator.yml:1","Warn: no topLevel permission defined: .github/workflows/ekf_update_change_indicator.yml:1","Warn: no topLevel permission defined: .github/workflows/failsafe_sim.yml:1","Info: topLevel 'contents' permission set to 'read': .github/workflows/flash_analysis.yml:4","Info: topLevel 'contents' permission set to 'read': .github/workflows/fuzzing.yml:7","Info: topLevel 'contents' permission set to 'read': .github/workflows/itcm_check.yml:4","Warn: no topLevel permission defined: .github/workflows/label.yml:1","Warn: no topLevel permission defined: .github/workflows/mavros_mission_tests.yml:1","Warn: no topLevel permission defined: .github/workflows/mavros_offboard_tests.yml:1","Warn: no topLevel permission defined: .github/workflows/nuttx_env_config.yml:1","Warn: no topLevel permission defined: .github/workflows/python_checks.yml:1","Warn: no topLevel permission defined: .github/workflows/ros_integration_tests.yml:1","Warn: no topLevel permission defined: .github/workflows/ros_translation_node.yml:1","Warn: no topLevel permission defined: .github/workflows/sitl_tests.yml:1","Warn: no topLevel permission defined: .github/workflows/stale.yml:1"],"documentation":{"short":"Determines if the project's workflows follow the principle of least privilege.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#token-permissions"}},{"name":"Packaging","score":10,"reason":"packaging workflow detected","details":["Info: Project packages its releases by way of GitHub Actions.: .github/workflows/dev_container.yml:75"],"documentation":{"short":"Determines if the project is published as a package that others can easily download, install, easily update, and uninstall.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#packaging"}},{"name":"Branch-Protection","score":6,"reason":"branch protection is not maximal on development and all release branches","details":["Info: 'allow deletion' disabled on branch 'main'","Info: 'force pushes' disabled on branch 'main'","Warn: required approving review count is 1 on branch 'main'","Warn: codeowners review is not required on branch 'main'","Warn: no status checks found to merge onto branch 'main'","Info: PRs are required in order to make changes on branch 'main'"],"documentation":{"short":"Determines if the default and release branches are protected with GitHub's branch protection settings.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#branch-protection"}},{"name":"Signed-Releases","score":0,"reason":"Project has not signed or included provenance with any releases.","details":["Warn: release artifact v1.16.0 not signed: https://api.github.com/repos/PX4/PX4-Autopilot/releases/238010797","Warn: release artifact v1.16.0-rc3 not signed: https://api.github.com/repos/PX4/PX4-Autopilot/releases/232910193","Warn: release artifact v1.16.0-rc2 not signed: https://api.github.com/repos/PX4/PX4-Autopilot/releases/227161037","Warn: release artifact v1.16.0-rc1 not signed: https://api.github.com/repos/PX4/PX4-Autopilot/releases/215915742","Warn: release artifact v1.16.0-beta1 not signed: https://api.github.com/repos/PX4/PX4-Autopilot/releases/206912925","Warn: release artifact v1.16.0 does not have provenance: https://api.github.com/repos/PX4/PX4-Autopilot/releases/238010797","Warn: release artifact v1.16.0-rc3 does not have provenance: https://api.github.com/repos/PX4/PX4-Autopilot/releases/232910193","Warn: release artifact v1.16.0-rc2 does not have provenance: https://api.github.com/repos/PX4/PX4-Autopilot/releases/227161037","Warn: release artifact v1.16.0-rc1 does not have provenance: https://api.github.com/repos/PX4/PX4-Autopilot/releases/215915742","Warn: release artifact v1.16.0-beta1 does not have provenance: https://api.github.com/repos/PX4/PX4-Autopilot/releases/206912925"],"documentation":{"short":"Determines if the project cryptographically signs release artifacts.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#signed-releases"}},{"name":"Fuzzing","score":0,"reason":"project is not fuzzed","details":["Warn: no fuzzer integrations found"],"documentation":{"short":"Determines if the project uses fuzzing.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#fuzzing"}},{"name":"Binary-Artifacts","score":7,"reason":"binaries present in source code","details":["Warn: binary detected: docs/public/config/failsafe/index.wasm:1","Warn: binary detected: src/drivers/distance_sensor/broadcom/afbrs50/Lib/libafbrs50_m4_fpu.a:1","Warn: binary detected: src/drivers/distance_sensor/broadcom/afbrs50/Lib/libafbrs50_m4_fpu_os.a:1"],"documentation":{"short":"Determines if the project has generated executable (binary) artifacts in the source repository.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#binary-artifacts"}},{"name":"SAST","score":5,"reason":"SAST tool is not run on all commits -- score normalized to 5","details":["Warn: 17 commits out of 30 are checked with a SAST tool"],"documentation":{"short":"Determines if the project uses static code analysis.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#sast"}},{"name":"Pinned-Dependencies","score":0,"reason":"dependency not pinned by hash detected -- score normalized to 0","details":["Info: Possibly incomplete results: error parsing shell code: a command can only contain words and redirects; encountered (: boards/cuav/x25-evo/init/rc.board_defaults:0","Info: Possibly incomplete results: error parsing shell code: invalid parameter name: .github/workflows/build_all_targets.yml:57","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build_all_targets.yml:133: update your workflow using https://app.stepsecurity.io/secureworkflow/PX4/PX4-Autopilot/build_all_targets.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/build_all_targets.yml:143: update your workflow using https://app.stepsecurity.io/secureworkflow/PX4/PX4-Autopilot/build_all_targets.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build_all_targets.yml:164: update your workflow using https://app.stepsecurity.io/secureworkflow/PX4/PX4-Autopilot/build_all_targets.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/build_all_targets.yml:170: update your workflow using https://app.stepsecurity.io/secureworkflow/PX4/PX4-Autopilot/build_all_targets.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build_all_targets.yml:39: update your workflow using https://app.stepsecurity.io/secureworkflow/PX4/PX4-Autopilot/build_all_targets.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/build_all_targets.yml:46: update your workflow using https://app.stepsecurity.io/secureworkflow/PX4/PX4-Autopilot/build_all_targets.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build_all_targets.yml:83: update your workflow using https://app.stepsecurity.io/secureworkflow/PX4/PX4-Autopilot/build_all_targets.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build_all_targets.yml:91: update your workflow using https://app.stepsecurity.io/secureworkflow/PX4/PX4-Autopilot/build_all_targets.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build_all_targets.yml:117: update your workflow using https://app.stepsecurity.io/secureworkflow/PX4/PX4-Autopilot/build_all_targets.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/checks.yml:39: update your workflow using https://app.stepsecurity.io/secureworkflow/PX4/PX4-Autopilot/checks.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/checks.yml:44: update your workflow using https://app.stepsecurity.io/secureworkflow/PX4/PX4-Autopilot/checks.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/checks.yml:55: update your workflow using https://app.stepsecurity.io/secureworkflow/PX4/PX4-Autopilot/checks.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/clang-tidy.yml:18: update your workflow using https://app.stepsecurity.io/secureworkflow/PX4/PX4-Autopilot/clang-tidy.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/clang-tidy.yml:23: update your workflow using https://app.stepsecurity.io/secureworkflow/PX4/PX4-Autopilot/clang-tidy.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/compile_macos.yml:30: update your workflow using https://app.stepsecurity.io/secureworkflow/PX4/PX4-Autopilot/compile_macos.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/compile_macos.yml:34: update your workflow using https://app.stepsecurity.io/secureworkflow/PX4/PX4-Autopilot/compile_macos.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/compile_macos.yml:47: update your workflow using https://app.stepsecurity.io/secureworkflow/PX4/PX4-Autopilot/compile_macos.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/compile_ubuntu.yml:50: update your workflow using https://app.stepsecurity.io/secureworkflow/PX4/PX4-Autopilot/compile_ubuntu.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/dev_container.yml:48: update your workflow using https://app.stepsecurity.io/secureworkflow/PX4/PX4-Autopilot/dev_container.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/dev_container.yml:49: update your workflow using https://app.stepsecurity.io/secureworkflow/PX4/PX4-Autopilot/dev_container.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/dev_container.yml:67: update your workflow using https://app.stepsecurity.io/secureworkflow/PX4/PX4-Autopilot/dev_container.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/dev_container.yml:92: update your workflow using https://app.stepsecurity.io/secureworkflow/PX4/PX4-Autopilot/dev_container.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/dev_container.yml:93: update your workflow using https://app.stepsecurity.io/secureworkflow/PX4/PX4-Autopilot/dev_container.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/dev_container.yml:100: update your workflow using https://app.stepsecurity.io/secureworkflow/PX4/PX4-Autopilot/dev_container.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/dev_container.yml:107: update your workflow using https://app.stepsecurity.io/secureworkflow/PX4/PX4-Autopilot/dev_container.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/dev_container.yml:115: update your workflow using https://app.stepsecurity.io/secureworkflow/PX4/PX4-Autopilot/dev_container.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/dev_container.yml:121: update your workflow using https://app.stepsecurity.io/secureworkflow/PX4/PX4-Autopilot/dev_container.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/dev_container.yml:145: update your workflow using https://app.stepsecurity.io/secureworkflow/PX4/PX4-Autopilot/dev_container.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/dev_container.yml:146: update your workflow using https://app.stepsecurity.io/secureworkflow/PX4/PX4-Autopilot/dev_container.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/dev_container.yml:153: update your workflow using https://app.stepsecurity.io/secureworkflow/PX4/PX4-Autopilot/dev_container.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/dev_container.yml:159: update your workflow using https://app.stepsecurity.io/secureworkflow/PX4/PX4-Autopilot/dev_container.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/docs_crowdin_download.yml:25: update your workflow using https://app.stepsecurity.io/secureworkflow/PX4/PX4-Autopilot/docs_crowdin_download.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/docs_crowdin_download.yml:31: update your workflow using https://app.stepsecurity.io/secureworkflow/PX4/PX4-Autopilot/docs_crowdin_download.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/docs_crowdin_upload.yml:27: update your workflow using https://app.stepsecurity.io/secureworkflow/PX4/PX4-Autopilot/docs_crowdin_upload.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/docs_crowdin_upload.yml:29: update your workflow using https://app.stepsecurity.io/secureworkflow/PX4/PX4-Autopilot/docs_crowdin_upload.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/docs_deploy.yml:38: update your workflow using https://app.stepsecurity.io/secureworkflow/PX4/PX4-Autopilot/docs_deploy.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/docs_deploy.yml:40: update your workflow using https://app.stepsecurity.io/secureworkflow/PX4/PX4-Autopilot/docs_deploy.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/docs_deploy.yml:43: update your workflow using https://app.stepsecurity.io/secureworkflow/PX4/PX4-Autopilot/docs_deploy.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/docs_deploy.yml:62: update your workflow using https://app.stepsecurity.io/secureworkflow/PX4/PX4-Autopilot/docs_deploy.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/docs_deploy.yml:75: update your workflow using https://app.stepsecurity.io/secureworkflow/PX4/PX4-Autopilot/docs_deploy.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/docs_flaw_checker.yml:17: update your workflow using https://app.stepsecurity.io/secureworkflow/PX4/PX4-Autopilot/docs_flaw_checker.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/docs_flaw_checker.yml:22: update your workflow using https://app.stepsecurity.io/secureworkflow/PX4/PX4-Autopilot/docs_flaw_checker.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/docs_flaw_checker.yml:32: update your workflow using https://app.stepsecurity.io/secureworkflow/PX4/PX4-Autopilot/docs_flaw_checker.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/docs_flaw_checker.yml:58: update your workflow using https://app.stepsecurity.io/secureworkflow/PX4/PX4-Autopilot/docs_flaw_checker.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/docs_flaw_checker.yml:71: update your workflow using https://app.stepsecurity.io/secureworkflow/PX4/PX4-Autopilot/docs_flaw_checker.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/docs_pr_comment.yml:15: update your workflow using https://app.stepsecurity.io/secureworkflow/PX4/PX4-Autopilot/docs_pr_comment.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/docs_pr_comment.yml:47: update your workflow using https://app.stepsecurity.io/secureworkflow/PX4/PX4-Autopilot/docs_pr_comment.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/docs_pr_comment.yml:53: update your workflow using https://app.stepsecurity.io/secureworkflow/PX4/PX4-Autopilot/docs_pr_comment.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/docs_pr_comment.yml:64: update your workflow using https://app.stepsecurity.io/secureworkflow/PX4/PX4-Autopilot/docs_pr_comment.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ekf_functional_change_indicator.yml:19: update your workflow using https://app.stepsecurity.io/secureworkflow/PX4/PX4-Autopilot/ekf_functional_change_indicator.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/ekf_functional_change_indicator.yml:24: update your workflow using https://app.stepsecurity.io/secureworkflow/PX4/PX4-Autopilot/ekf_functional_change_indicator.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ekf_update_change_indicator.yml:15: update your workflow using https://app.stepsecurity.io/secureworkflow/PX4/PX4-Autopilot/ekf_update_change_indicator.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/ekf_update_change_indicator.yml:20: update your workflow using https://app.stepsecurity.io/secureworkflow/PX4/PX4-Autopilot/ekf_update_change_indicator.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/ekf_update_change_indicator.yml:35: update your workflow using https://app.stepsecurity.io/secureworkflow/PX4/PX4-Autopilot/ekf_update_change_indicator.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/failsafe_sim.yml:36: update your workflow using https://app.stepsecurity.io/secureworkflow/PX4/PX4-Autopilot/failsafe_sim.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/failsafe_sim.yml:40: update your workflow using https://app.stepsecurity.io/secureworkflow/PX4/PX4-Autopilot/failsafe_sim.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/flash_analysis.yml:39: update your workflow using https://app.stepsecurity.io/secureworkflow/PX4/PX4-Autopilot/flash_analysis.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/flash_analysis.yml:77: update your workflow using https://app.stepsecurity.io/secureworkflow/PX4/PX4-Autopilot/flash_analysis.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/flash_analysis.yml:110: update your workflow using https://app.stepsecurity.io/secureworkflow/PX4/PX4-Autopilot/flash_analysis.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/flash_analysis.yml:130: update your workflow using https://app.stepsecurity.io/secureworkflow/PX4/PX4-Autopilot/flash_analysis.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/fuzzing.yml:26: update your workflow using https://app.stepsecurity.io/secureworkflow/PX4/PX4-Autopilot/fuzzing.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/fuzzing.yml:43: update your workflow using https://app.stepsecurity.io/secureworkflow/PX4/PX4-Autopilot/fuzzing.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/itcm_check.yml:45: update your workflow using https://app.stepsecurity.io/secureworkflow/PX4/PX4-Autopilot/itcm_check.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/label.yml:19: update your workflow using https://app.stepsecurity.io/secureworkflow/PX4/PX4-Autopilot/label.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/mavros_mission_tests.yml:29: update your workflow using https://app.stepsecurity.io/secureworkflow/PX4/PX4-Autopilot/mavros_mission_tests.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/mavros_mission_tests.yml:34: update your workflow using https://app.stepsecurity.io/secureworkflow/PX4/PX4-Autopilot/mavros_mission_tests.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/mavros_offboard_tests.yml:31: update your workflow using https://app.stepsecurity.io/secureworkflow/PX4/PX4-Autopilot/mavros_offboard_tests.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/mavros_offboard_tests.yml:36: update your workflow using https://app.stepsecurity.io/secureworkflow/PX4/PX4-Autopilot/mavros_offboard_tests.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/nuttx_env_config.yml:29: update your workflow using https://app.stepsecurity.io/secureworkflow/PX4/PX4-Autopilot/nuttx_env_config.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/nuttx_env_config.yml:34: update your workflow using https://app.stepsecurity.io/secureworkflow/PX4/PX4-Autopilot/nuttx_env_config.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/python_checks.yml:19: update your workflow using https://app.stepsecurity.io/secureworkflow/PX4/PX4-Autopilot/python_checks.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ros_integration_tests.yml:31: update your workflow using https://app.stepsecurity.io/secureworkflow/PX4/PX4-Autopilot/ros_integration_tests.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ros_integration_tests.yml:55: update your workflow using https://app.stepsecurity.io/secureworkflow/PX4/PX4-Autopilot/ros_integration_tests.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ros_integration_tests.yml:125: update your workflow using https://app.stepsecurity.io/secureworkflow/PX4/PX4-Autopilot/ros_integration_tests.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/ros_translation_node.yml:35: update your workflow using https://app.stepsecurity.io/secureworkflow/PX4/PX4-Autopilot/ros_translation_node.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ros_translation_node.yml:39: update your workflow using https://app.stepsecurity.io/secureworkflow/PX4/PX4-Autopilot/ros_translation_node.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/sitl_tests.yml:40: update your workflow using https://app.stepsecurity.io/secureworkflow/PX4/PX4-Autopilot/sitl_tests.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/sitl_tests.yml:52: update your workflow using https://app.stepsecurity.io/secureworkflow/PX4/PX4-Autopilot/sitl_tests.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/sitl_tests.yml:126: update your workflow using https://app.stepsecurity.io/secureworkflow/PX4/PX4-Autopilot/sitl_tests.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/sitl_tests.yml:140: update your workflow using https://app.stepsecurity.io/secureworkflow/PX4/PX4-Autopilot/sitl_tests.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/sitl_tests.yml:157: update your workflow using https://app.stepsecurity.io/secureworkflow/PX4/PX4-Autopilot/sitl_tests.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/stale.yml:10: update your workflow using https://app.stepsecurity.io/secureworkflow/PX4/PX4-Autopilot/stale.yml/main?enable=pin","Warn: containerImage not pinned by hash: Tools/setup/Dockerfile:2: pin your Docker image by updating ubuntu:24.04 to ubuntu:24.04@sha256:a08e551cb33850e4740772b38217fc1796a66da2506d312abe51acda354ff061","Warn: pipCommand not pinned by hash: .github/workflows/build_all_targets.yml:43","Warn: npmCommand not pinned by hash: .github/workflows/docs_flaw_checker.yml:51","Warn: pipCommand not pinned by hash: .github/workflows/itcm_check.yml:61","Warn: pipCommand not pinned by hash: .github/workflows/python_checks.yml:28","Info:   0 out of  46 GitHub-owned GitHubAction dependencies pinned","Info:   0 out of  36 third-party GitHubAction dependencies pinned","Info:   0 out of   1 containerImage dependencies pinned","Info:   0 out of   3 pipCommand dependencies pinned","Info:   0 out of   1 npmCommand dependencies pinned"],"documentation":{"short":"Determines if the project has declared and pinned the dependencies of its build process.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#pinned-dependencies"}},{"name":"Vulnerabilities","score":0,"reason":"38 existing vulnerabilities detected","details":["Warn: Project is vulnerable to: PYSEC-2022-42991 / GHSA-v3c5-jqr6-7qm8","Warn: Project is vulnerable to: PYSEC-2019-217 / GHSA-462w-v97r-4m45","Warn: Project is vulnerable to: GHSA-cpwx-vrp4-4pq7","Warn: Project is vulnerable to: PYSEC-2021-66 / GHSA-g3rq-g295-4j3m","Warn: Project is vulnerable to: GHSA-h5c8-rqwp-cp95","Warn: Project is vulnerable to: GHSA-h75v-3vvj-5mfj","Warn: Project is vulnerable to: PYSEC-2019-220 / GHSA-hj2j-77xm-mc5v","Warn: Project is vulnerable to: GHSA-q2x7-8rv6-6q7h","Warn: Project is vulnerable to: GHSA-55x5-fj6c-h6m8","Warn: Project is vulnerable to: PYSEC-2014-9 / GHSA-57qw-cc2g-pv5p","Warn: Project is vulnerable to: PYSEC-2021-19 / GHSA-jq4v-f5q6-mjqq","Warn: Project is vulnerable to: GHSA-pgww-xf46-h92r","Warn: Project is vulnerable to: PYSEC-2022-230 / GHSA-wrxv-2j5q-m38w","Warn: Project is vulnerable to: PYSEC-2018-12 / GHSA-xp26-p53h-6h2p","Warn: Project is vulnerable to: PYSEC-2021-856 / GHSA-5545-2q6w-2gh6","Warn: Project is vulnerable to: GHSA-6p56-wp2h-9hxr","Warn: Project is vulnerable to: PYSEC-2019-108 / GHSA-9fq2-x9r6-wfmf","Warn: Project is vulnerable to: PYSEC-2021-857 / GHSA-f7c7-j99h-c22f","Warn: Project is vulnerable to: GHSA-fpfv-jqm9-f5jm","Warn: Project is vulnerable to: PYSEC-2017-1 / GHSA-frgw-fgh6-9g52","Warn: Project is vulnerable to: PYSEC-2020-73","Warn: Project is vulnerable to: PYSEC-2019-41 / GHSA-qfc5-mcwq-26q8","Warn: Project is vulnerable to: PYSEC-2018-21 / GHSA-hgg3-g7gr-66r7","Warn: Project is vulnerable to: GHSA-j225-cvw7-qrx7","Warn: Project is vulnerable to: PYSEC-2023-117 / GHSA-mrwq-x4v8-fh7p","Warn: Project is vulnerable to: PYSEC-2021-142 / GHSA-8q59-q68h-6hv4","Warn: Project is vulnerable to: PYSEC-2018-49 / GHSA-rprw-h62v-c2w7","Warn: Project is vulnerable to: PYSEC-2014-14 / GHSA-652x-xj99-gmcc","Warn: Project is vulnerable to: GHSA-9hjg-9r4m-mvj7","Warn: Project is vulnerable to: GHSA-9wx4-h78v-vm56","Warn: Project is vulnerable to: PYSEC-2014-13 / GHSA-cfj3-7x9c-4p3h","Warn: Project is vulnerable to: PYSEC-2018-28 / GHSA-x84v-xcm2-53pg","Warn: Project is vulnerable to: PYSEC-2025-49 / GHSA-5rjg-fvgr-3xxf","Warn: Project is vulnerable to: GHSA-cx63-2mw6-8hw5","Warn: Project is vulnerable to: PYSEC-2022-43012 / GHSA-r9hx-vwmv-q579","Warn: Project is vulnerable to: PYSEC-2022-43017 / GHSA-qwmp-2cf2-g9g6","Warn: Project is vulnerable to: GHSA-67mh-4wv8-2f99","Warn: Project is vulnerable to: PYSEC-2023-102"],"documentation":{"short":"Determines if the project has open, known unfixed vulnerabilities.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#vulnerabilities"}}]},"last_synced_at":"2025-08-15T11:18:39.119Z","repository_id":4181911,"created_at":"2025-08-15T11:18:39.119Z","updated_at":"2025-08-15T11:18:39.119Z"},"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":32999522,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-05-13T13:14:54.681Z","status":"ssl_error","status_checked_at":"2026-05-13T13:14:51.610Z","response_time":115,"last_error":"SSL_read: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["autonomous","autopilot","avoidance","dds","drone","dronecode","drones","fixed-wing","mavlink","mavros","multicopter","pixhawk","px4","qgroundcontrol","ros","ros2","uas","uav","ugv"],"created_at":"2024-09-24T20:25:00.502Z","updated_at":"2026-05-13T21:01:58.098Z","avatar_url":"https://github.com/PX4.png","language":"C++","funding_links":[],"categories":[],"sub_categories":[],"readme":"# PX4 Drone Autopilot\n\n[![Releases](https://img.shields.io/github/release/PX4/PX4-Autopilot.svg)](https://github.com/PX4/PX4-Autopilot/releases) [![DOI](https://zenodo.org/badge/22634/PX4/PX4-Autopilot.svg)](https://zenodo.org/badge/latestdoi/22634/PX4/PX4-Autopilot)\n\n[![Build Targets](https://github.com/PX4/PX4-Autopilot/actions/workflows/build_all_targets.yml/badge.svg?branch=main)](https://github.com/PX4/PX4-Autopilot/actions/workflows/build_all_targets.yml) [![SITL Tests](https://github.com/PX4/PX4-Autopilot/workflows/SITL%20Tests/badge.svg?branch=master)](https://github.com/PX4/PX4-Autopilot/actions?query=workflow%3A%22SITL+Tests%22)\n\n[![Discord Shield](https://discordapp.com/api/guilds/1022170275984457759/widget.png?style=shield)](https://discord.gg/dronecode)\n\nThis repository holds the [PX4](http://px4.io) flight control solution for drones, with the main applications located in the [src/modules](https://github.com/PX4/PX4-Autopilot/tree/main/src/modules) directory. It also contains the PX4 Drone Middleware Platform, which provides drivers and middleware to run drones.\n\nPX4 is highly portable, OS-independent and supports Linux, NuttX and MacOS out of the box.\n\n* Official Website: http://px4.io (License: BSD 3-clause, [LICENSE](https://github.com/PX4/PX4-Autopilot/blob/main/LICENSE))\n* [Supported airframes](https://docs.px4.io/main/en/airframes/airframe_reference.html) ([portfolio](https://px4.io/ecosystem/commercial-systems/)):\n  * [Multicopters](https://docs.px4.io/main/en/frames_multicopter/)\n  * [Fixed wing](https://docs.px4.io/main/en/frames_plane/)\n  * [VTOL](https://docs.px4.io/main/en/frames_vtol/)\n  * [Autogyro](https://docs.px4.io/main/en/frames_autogyro/)\n  * [Rover](https://docs.px4.io/main/en/frames_rover/)\n  * many more experimental types (Blimps, Boats, Submarines, High Altitude Balloons, Spacecraft, etc)\n* Releases: [Downloads](https://github.com/PX4/PX4-Autopilot/releases)\n\n## Releases\n\nRelease notes and supporting information for PX4 releases can be found on the [Developer Guide](https://docs.px4.io/main/en/releases/).\n\n## Building a PX4 based drone, rover, boat or robot\n\nThe [PX4 User Guide](https://docs.px4.io/main/en/) explains how to assemble [supported vehicles](https://docs.px4.io/main/en/airframes/airframe_reference.html) and fly drones with PX4. See the [forum and chat](https://docs.px4.io/main/en/#getting-help) if you need help!\n\n\n## Changing Code and Contributing\n\nThis [Developer Guide](https://docs.px4.io/main/en/development/development.html) is for software developers who want to modify the flight stack and middleware (e.g. to add new flight modes), hardware integrators who want to support new flight controller boards and peripherals, and anyone who wants to get PX4 working on a new (unsupported) airframe/vehicle.\n\nDevelopers should read the [Guide for Contributions](https://docs.px4.io/main/en/contribute/).\nSee the [forum and chat](https://docs.px4.io/main/en/#getting-help) if you need help!\n\n\n## Weekly Dev Call\n\nThe PX4 Dev Team syncs up on a [weekly dev call](https://docs.px4.io/main/en/contribute/).\n\n\u003e **Note** The dev call is open to all interested developers (not just the core dev team). This is a great opportunity to meet the team and contribute to the ongoing development of the platform. It includes a QA session for newcomers. All regular calls are listed in the [Dronecode calendar](https://www.dronecode.org/calendar/).\n\n\n## Maintenance Team\n\nSee the latest list of maintainers on [MAINTAINERS](MAINTAINERS.md) file at the root of the project.\n\nFor the latest stats on contributors please see the latest stats for the Dronecode ecosystem in our project dashboard under [LFX Insights](https://insights.lfx.linuxfoundation.org/foundation/dronecode). For information on how to update your profile and affiliations please see the following support link on how to [Complete Your LFX Profile](https://docs.linuxfoundation.org/lfx/my-profile/complete-your-lfx-profile). Dronecode publishes a yearly snapshot of contributions and achievements on its [website under the Reports section](https://dronecode.org).\n\n## Supported Hardware\n\nFor the most up to date information, please visit [PX4 User Guide \u003e Autopilot Hardware](https://docs.px4.io/main/en/flight_controller/).\n\n## Project Governance\n\nThe PX4 Autopilot project including all of its trademarks is hosted under [Dronecode](https://www.dronecode.org/), part of the Linux Foundation.\n\n\u003ca href=\"https://www.dronecode.org/\" style=\"padding:20px\" \u003e\u003cimg src=\"https://dronecode.org/wp-content/uploads/sites/24/2020/08/dronecode_logo_default-1.png\" alt=\"Dronecode Logo\" width=\"110px\"/\u003e\u003c/a\u003e\n\u003cdiv style=\"padding:10px\"\u003e\u0026nbsp;\u003c/div\u003e\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fpx4%2Fpx4-autopilot","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fpx4%2Fpx4-autopilot","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fpx4%2Fpx4-autopilot/lists"}