{"id":13562042,"url":"https://github.com/rancher/rke2","last_synced_at":"2026-04-08T21:03:34.987Z","repository":{"id":37074604,"uuid":"253887459","full_name":"rancher/rke2","owner":"rancher","description":null,"archived":false,"fork":false,"pushed_at":"2026-04-01T20:12:39.000Z","size":36052,"stargazers_count":2153,"open_issues_count":132,"forks_count":329,"subscribers_count":74,"default_branch":"master","last_synced_at":"2026-04-02T02:43:15.595Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":"https://docs.rke2.io/","language":"Go","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/rancher.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":"CODEOWNERS","security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":"MAINTAINERS","copyright":null,"agents":null,"dco":null,"cla":null}},"created_at":"2020-04-07T19:05:55.000Z","updated_at":"2026-04-01T20:12:12.000Z","dependencies_parsed_at":"2026-01-13T07:10:30.884Z","dependency_job_id":null,"html_url":"https://github.com/rancher/rke2","commit_stats":{"total_commits":1517,"total_committers":134,"mean_commits":11.32089552238806,"dds":0.8015820698747528,"last_synced_commit":"83bf9843559b3a31a6c5e95a96507448a8fd177b"},"previous_names":[],"tags_count":1039,"template":false,"template_full_name":null,"purl":"pkg:github/rancher/rke2","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rancher%2Frke2","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rancher%2Frke2/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rancher%2Frke2/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rancher%2Frke2/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/rancher","download_url":"https://codeload.github.com/rancher/rke2/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rancher%2Frke2/sbom","scorecard":{"id":610670,"data":{"date":"2025-08-11","repo":{"name":"github.com/rancher/rke2","commit":"548021824bd227e7e6d844619b1673b9458f79ae"},"scorecard":{"version":"v5.2.1-40-gf6ed084d","commit":"f6ed084d17c9236477efd66e5b258b9d4cc7b389"},"score":4.6,"checks":[{"name":"Code-Review","score":10,"reason":"all changesets reviewed","details":null,"documentation":{"short":"Determines if the project requires human code review before pull requests (aka merge requests) are merged.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#code-review"}},{"name":"Maintained","score":10,"reason":"30 commit(s) and 13 issue activity found in the last 90 days -- score normalized to 10","details":null,"documentation":{"short":"Determines if the project is \"actively maintained\".","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#maintained"}},{"name":"Binary-Artifacts","score":10,"reason":"no binaries found in the repo","details":null,"documentation":{"short":"Determines if the project has generated executable (binary) artifacts in the source repository.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#binary-artifacts"}},{"name":"Packaging","score":-1,"reason":"packaging workflow not detected","details":["Warn: no GitHub/GitLab publishing workflow detected."],"documentation":{"short":"Determines if the project is published as a package that others can easily download, install, easily update, and uninstall.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#packaging"}},{"name":"Dangerous-Workflow","score":10,"reason":"no dangerous workflow patterns detected","details":null,"documentation":{"short":"Determines if the project's GitHub Action workflows avoid dangerous patterns.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#dangerous-workflow"}},{"name":"CII-Best-Practices","score":0,"reason":"no effort to earn an OpenSSF best practices badge detected","details":null,"documentation":{"short":"Determines if the project has an OpenSSF (formerly CII) Best Practices Badge.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#cii-best-practices"}},{"name":"Token-Permissions","score":0,"reason":"detected GitHub workflow tokens with excessive permissions","details":["Info: jobLevel 'contents' permission set to 'read': .github/workflows/release.yml:283","Info: jobLevel 'contents' permission set to 'read': .github/workflows/release.yml:317","Info: jobLevel 'contents' permission set to 'read': .github/workflows/release.yml:238","Info: jobLevel 'pull-requests' permission set to 'read': .github/workflows/trivy.yaml:12","Warn: topLevel 'contents' permission set to 'write': .github/workflows/build.yml:14","Info: topLevel 'contents' permission set to 'read': .github/workflows/fossa.yml:9","Warn: no topLevel permission defined: .github/workflows/nightly-install.yaml:1","Info: topLevel 'contents' permission set to 'read': .github/workflows/pr.yml:11","Warn: topLevel 'contents' permission set to 'write': .github/workflows/release.yml:17","Warn: no topLevel permission defined: .github/workflows/spellcheck.yaml:1","Warn: topLevel 'contents' permission set to 'write': .github/workflows/stale.yml:7","Info: topLevel 'contents' permission set to 'read': .github/workflows/test-suite.yaml:22","Warn: no topLevel permission defined: .github/workflows/trivy.yaml:1","Info: topLevel 'contents' permission set to 'read': .github/workflows/unittest.yaml:21","Warn: topLevel 'contents' permission set to 'write': .github/workflows/updatecli.yml:11","Info: no jobLevel write permissions found"],"documentation":{"short":"Determines if the project's workflows follow the principle of least privilege.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#token-permissions"}},{"name":"Fuzzing","score":0,"reason":"project is not fuzzed","details":["Warn: no fuzzer integrations found"],"documentation":{"short":"Determines if the project uses fuzzing.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#fuzzing"}},{"name":"License","score":10,"reason":"license file detected","details":["Info: project has a license file: LICENSE:0","Info: FSF or OSI recognized license: Apache License 2.0: LICENSE:0"],"documentation":{"short":"Determines if the project has defined a license.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#license"}},{"name":"Security-Policy","score":10,"reason":"security policy file detected","details":["Info: security policy file detected: github.com/rancher/.github/SECURITY.md:1","Info: Found linked content: github.com/rancher/.github/SECURITY.md:1","Info: Found disclosure, vulnerability, and/or timelines in security policy: github.com/rancher/.github/SECURITY.md:1","Info: Found text in security policy: github.com/rancher/.github/SECURITY.md:1"],"documentation":{"short":"Determines if the project has published a security policy.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#security-policy"}},{"name":"Signed-Releases","score":0,"reason":"Project has not signed or included provenance with any releases.","details":["Warn: release artifact v1.33.4-rc3+rke2r1 not signed: https://api.github.com/repos/rancher/rke2/releases/240309714","Warn: release artifact v1.33.4-rc2+rke2r1 not signed: https://api.github.com/repos/rancher/rke2/releases/240255682","Warn: release artifact v1.32.8-rc3+rke2r1 not signed: https://api.github.com/repos/rancher/rke2/releases/240309702","Warn: release artifact v1.32.8-rc2+rke2r1 not signed: https://api.github.com/repos/rancher/rke2/releases/240255669","Warn: release artifact v1.33.4-rc3+rke2r1 does not have provenance: https://api.github.com/repos/rancher/rke2/releases/240309714","Warn: release artifact v1.33.4-rc2+rke2r1 does not have provenance: https://api.github.com/repos/rancher/rke2/releases/240255682","Warn: release artifact v1.32.8-rc3+rke2r1 does not have provenance: https://api.github.com/repos/rancher/rke2/releases/240309702","Warn: release artifact v1.32.8-rc2+rke2r1 does not have provenance: https://api.github.com/repos/rancher/rke2/releases/240255669"],"documentation":{"short":"Determines if the project cryptographically signs release artifacts.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#signed-releases"}},{"name":"Branch-Protection","score":0,"reason":"branch protection not enabled on development/release branches","details":["Warn: branch protection not enabled for branch 'release-1.30'","Warn: branch protection not enabled for branch 'release-1.33'","Warn: branch protection not enabled for branch 'release-1.32'","Warn: branch protection not enabled for branch 'release-1.31'","Info: 'allow deletion' disabled on branch 'master'","Info: 'force pushes' disabled on branch 'master'","Warn: 'branch protection settings apply to administrators' is disabled on branch 'master'","Warn: 'stale review dismissal' is disabled on branch 'master'","Warn: required approving review count is 1 on branch 'master'","Warn: codeowners review is not required on branch 'master'","Warn: 'last push approval' is disabled on branch 'master'","Warn: no status checks found to merge onto branch 'master'","Info: PRs are required in order to make changes on branch 'master'"],"documentation":{"short":"Determines if the default and release branches are protected with GitHub's branch protection settings.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#branch-protection"}},{"name":"SAST","score":0,"reason":"SAST tool is not run on all commits -- score normalized to 0","details":["Warn: 0 commits out of 30 are checked with a SAST tool"],"documentation":{"short":"Determines if the project uses static code analysis.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#sast"}},{"name":"Pinned-Dependencies","score":0,"reason":"dependency not pinned by hash detected -- score normalized to 0","details":["Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build.yml:21: update your workflow using https://app.stepsecurity.io/secureworkflow/rancher/rke2/build.yml/master?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/build.yml:27: update your workflow using https://app.stepsecurity.io/secureworkflow/rancher/rke2/build.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build.yml:49: update your workflow using https://app.stepsecurity.io/secureworkflow/rancher/rke2/build.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build.yml:57: update your workflow using https://app.stepsecurity.io/secureworkflow/rancher/rke2/build.yml/master?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/build.yml:63: update your workflow using https://app.stepsecurity.io/secureworkflow/rancher/rke2/build.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/fossa.yml:17: update your workflow using https://app.stepsecurity.io/secureworkflow/rancher/rke2/fossa.yml/master?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/fossa.yml:20: update your workflow using https://app.stepsecurity.io/secureworkflow/rancher/rke2/fossa.yml/master?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/fossa.yml:26: update your workflow using https://app.stepsecurity.io/secureworkflow/rancher/rke2/fossa.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/nightly-install.yaml:27: update your workflow using https://app.stepsecurity.io/secureworkflow/rancher/rke2/nightly-install.yaml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/nightly-install.yaml:32: update your workflow using https://app.stepsecurity.io/secureworkflow/rancher/rke2/nightly-install.yaml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/pr.yml:17: update your workflow using https://app.stepsecurity.io/secureworkflow/rancher/rke2/pr.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/pr.yml:37: update your workflow using https://app.stepsecurity.io/secureworkflow/rancher/rke2/pr.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/pr.yml:45: update your workflow using https://app.stepsecurity.io/secureworkflow/rancher/rke2/pr.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release.yml:24: update your workflow using https://app.stepsecurity.io/secureworkflow/rancher/rke2/release.yml/master?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/release.yml:40: update your workflow using https://app.stepsecurity.io/secureworkflow/rancher/rke2/release.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release.yml:62: update your workflow using https://app.stepsecurity.io/secureworkflow/rancher/rke2/release.yml/master?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/release.yml:76: update your workflow using https://app.stepsecurity.io/secureworkflow/rancher/rke2/release.yml/master?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/release.yml:95: update your workflow using https://app.stepsecurity.io/secureworkflow/rancher/rke2/release.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release.yml:130: update your workflow using https://app.stepsecurity.io/secureworkflow/rancher/rke2/release.yml/master?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/release.yml:146: update your workflow using https://app.stepsecurity.io/secureworkflow/rancher/rke2/release.yml/master?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/release.yml:165: update your workflow using https://app.stepsecurity.io/secureworkflow/rancher/rke2/release.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release.yml:197: update your workflow using https://app.stepsecurity.io/secureworkflow/rancher/rke2/release.yml/master?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/release.yml:205: update your workflow using https://app.stepsecurity.io/secureworkflow/rancher/rke2/release.yml/master?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/release.yml:215: update your workflow using https://app.stepsecurity.io/secureworkflow/rancher/rke2/release.yml/master?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/release.yml:242: update your workflow using https://app.stepsecurity.io/secureworkflow/rancher/rke2/release.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release.yml:250: update your workflow using https://app.stepsecurity.io/secureworkflow/rancher/rke2/release.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release.yml:287: update your workflow using https://app.stepsecurity.io/secureworkflow/rancher/rke2/release.yml/master?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/release.yml:291: update your workflow using https://app.stepsecurity.io/secureworkflow/rancher/rke2/release.yml/master?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/release.yml:298: update your workflow using https://app.stepsecurity.io/secureworkflow/rancher/rke2/release.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release.yml:337: update your workflow using https://app.stepsecurity.io/secureworkflow/rancher/rke2/release.yml/master?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/release.yml:348: update your workflow using https://app.stepsecurity.io/secureworkflow/rancher/rke2/release.yml/master?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/release.yml:359: update your workflow using https://app.stepsecurity.io/secureworkflow/rancher/rke2/release.yml/master?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/release.yml:387: update your workflow using https://app.stepsecurity.io/secureworkflow/rancher/rke2/release.yml/master?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/release.yml:407: update your workflow using https://app.stepsecurity.io/secureworkflow/rancher/rke2/release.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/spellcheck.yaml:14: update your workflow using https://app.stepsecurity.io/secureworkflow/rancher/rke2/spellcheck.yaml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/spellcheck.yaml:18: update your workflow using https://app.stepsecurity.io/secureworkflow/rancher/rke2/spellcheck.yaml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/stale.yml:14: update your workflow using https://app.stepsecurity.io/secureworkflow/rancher/rke2/stale.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test-suite.yaml:30: update your workflow using https://app.stepsecurity.io/secureworkflow/rancher/rke2/test-suite.yaml/master?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/test-suite.yaml:45: update your workflow using https://app.stepsecurity.io/secureworkflow/rancher/rke2/test-suite.yaml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test-suite.yaml:59: update your workflow using https://app.stepsecurity.io/secureworkflow/rancher/rke2/test-suite.yaml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test-suite.yaml:77: update your workflow using https://app.stepsecurity.io/secureworkflow/rancher/rke2/test-suite.yaml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test-suite.yaml:86: update your workflow using https://app.stepsecurity.io/secureworkflow/rancher/rke2/test-suite.yaml/master?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/test-suite.yaml:101: update your workflow using https://app.stepsecurity.io/secureworkflow/rancher/rke2/test-suite.yaml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test-suite.yaml:121: update your workflow using https://app.stepsecurity.io/secureworkflow/rancher/rke2/test-suite.yaml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test-suite.yaml:126: update your workflow using https://app.stepsecurity.io/secureworkflow/rancher/rke2/test-suite.yaml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test-suite.yaml:156: update your workflow using https://app.stepsecurity.io/secureworkflow/rancher/rke2/test-suite.yaml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test-suite.yaml:163: update your workflow using https://app.stepsecurity.io/secureworkflow/rancher/rke2/test-suite.yaml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test-suite.yaml:193: update your workflow using https://app.stepsecurity.io/secureworkflow/rancher/rke2/test-suite.yaml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test-suite.yaml:200: update your workflow using https://app.stepsecurity.io/secureworkflow/rancher/rke2/test-suite.yaml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test-suite.yaml:207: update your workflow using https://app.stepsecurity.io/secureworkflow/rancher/rke2/test-suite.yaml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test-suite.yaml:222: update your workflow using https://app.stepsecurity.io/secureworkflow/rancher/rke2/test-suite.yaml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/trivy.yaml:97: update your workflow using https://app.stepsecurity.io/secureworkflow/rancher/rke2/trivy.yaml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/trivy.yaml:15: update your workflow using https://app.stepsecurity.io/secureworkflow/rancher/rke2/trivy.yaml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/trivy.yaml:34: update your workflow using https://app.stepsecurity.io/secureworkflow/rancher/rke2/trivy.yaml/master?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/trivy.yaml:43: update your workflow using https://app.stepsecurity.io/secureworkflow/rancher/rke2/trivy.yaml/master?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/trivy.yaml:56: update your workflow using https://app.stepsecurity.io/secureworkflow/rancher/rke2/trivy.yaml/master?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/trivy.yaml:67: update your workflow using https://app.stepsecurity.io/secureworkflow/rancher/rke2/trivy.yaml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/trivy.yaml:78: update your workflow using https://app.stepsecurity.io/secureworkflow/rancher/rke2/trivy.yaml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/unittest.yaml:30: update your workflow using https://app.stepsecurity.io/secureworkflow/rancher/rke2/unittest.yaml/master?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/unittest.yaml:40: update your workflow using https://app.stepsecurity.io/secureworkflow/rancher/rke2/unittest.yaml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/unittest.yaml:52: update your workflow using https://app.stepsecurity.io/secureworkflow/rancher/rke2/unittest.yaml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/unittest.yaml:56: update your workflow using https://app.stepsecurity.io/secureworkflow/rancher/rke2/unittest.yaml/master?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/unittest.yaml:64: update your workflow using https://app.stepsecurity.io/secureworkflow/rancher/rke2/unittest.yaml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/updatecli.yml:21: update your workflow using https://app.stepsecurity.io/secureworkflow/rancher/rke2/updatecli.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/updatecli.yml:24: update your workflow using https://app.stepsecurity.io/secureworkflow/rancher/rke2/updatecli.yml/master?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/updatecli.yml:30: update your workflow using https://app.stepsecurity.io/secureworkflow/rancher/rke2/updatecli.yml/master?enable=pin","Warn: containerImage not pinned by hash: Dockerfile:4","Warn: containerImage not pinned by hash: Dockerfile:28","Warn: containerImage not pinned by hash: Dockerfile:32","Warn: containerImage not pinned by hash: Dockerfile:85","Warn: containerImage not pinned by hash: Dockerfile:106","Warn: containerImage not pinned by hash: Dockerfile:119","Warn: containerImage not pinned by hash: Dockerfile:120","Warn: containerImage not pinned by hash: Dockerfile:121","Warn: containerImage not pinned by hash: Dockerfile:122","Warn: containerImage not pinned by hash: Dockerfile:149","Warn: containerImage not pinned by hash: Dockerfile.docs:1: pin your Docker image by updating squidfunk/mkdocs-material to squidfunk/mkdocs-material@sha256:405aeb6dbf1fcddd1082993eacf288a46648ea56b846323f001aee619015a23b","Warn: containerImage not pinned by hash: Dockerfile.windows:1","Warn: containerImage not pinned by hash: Dockerfile.windows:8","Warn: containerImage not pinned by hash: Dockerfile.windows:40","Warn: containerImage not pinned by hash: Dockerfile.windows:41","Warn: pipCommand not pinned by hash: Dockerfile:54","Warn: downloadThenRun not pinned by hash: Dockerfile:55","Warn: goCommand not pinned by hash: Dockerfile:97","Warn: goCommand not pinned by hash: Dockerfile:98","Warn: pipCommand not pinned by hash: Dockerfile.docs:2","Warn: downloadThenRun not pinned by hash: Dockerfile.windows:36","Warn: pipCommand not pinned by hash: .github/workflows/spellcheck.yaml:21","Warn: pipCommand not pinned by hash: .github/workflows/spellcheck.yaml:22","Info:   0 out of  40 GitHub-owned GitHubAction dependencies pinned","Info:   1 out of  27 third-party GitHubAction dependencies pinned","Info:   0 out of  15 containerImage dependencies pinned","Info:   0 out of   4 pipCommand dependencies pinned","Info:   0 out of   2 downloadThenRun dependencies pinned","Info:   0 out of   2 goCommand dependencies pinned"],"documentation":{"short":"Determines if the project has declared and pinned the dependencies of its build process.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#pinned-dependencies"}},{"name":"Vulnerabilities","score":0,"reason":"12 existing vulnerabilities detected","details":["Warn: Project is vulnerable to: PYSEC-2021-142 / GHSA-8q59-q68h-6hv4","Warn: Project is vulnerable to: PYSEC-2018-49 / GHSA-rprw-h62v-c2w7","Warn: Project is vulnerable to: PYSEC-2014-14 / GHSA-652x-xj99-gmcc","Warn: Project is vulnerable to: GHSA-9hjg-9r4m-mvj7","Warn: Project is vulnerable to: GHSA-9wx4-h78v-vm56","Warn: Project is vulnerable to: PYSEC-2014-13 / GHSA-cfj3-7x9c-4p3h","Warn: Project is vulnerable to: PYSEC-2018-28 / GHSA-x84v-xcm2-53pg","Warn: Project is vulnerable to: GO-2022-0635","Warn: Project is vulnerable to: GO-2022-0646","Warn: Project is vulnerable to: GO-2025-3829 / GHSA-4vq8-7jfc-9cvp","Warn: Project is vulnerable to: GO-2025-3646","Warn: Project is vulnerable to: GO-2024-3218"],"documentation":{"short":"Determines if the project has open, known unfixed vulnerabilities.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#vulnerabilities"}}]},"last_synced_at":"2025-08-21T02:34:41.786Z","repository_id":37074604,"created_at":"2025-08-21T02:34:41.786Z","updated_at":"2025-08-21T02:34:41.786Z"},"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":31479006,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-04-06T14:34:32.243Z","status":"ssl_error","status_checked_at":"2026-04-06T14:34:31.723Z","response_time":112,"last_error":"SSL_read: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2024-08-01T13:01:03.919Z","updated_at":"2026-04-06T16:01:31.742Z","avatar_url":"https://github.com/rancher.png","language":"Go","funding_links":[],"categories":["Go"],"sub_categories":[],"readme":"# RKE2\n![RKE2](https://docs.rke2.io/img/logo-horizontal-rke2.svg)\n\nRKE2, also known as RKE Government, is Rancher's next-generation Kubernetes distribution.\n\nIt is a fully [conformant Kubernetes distribution](https://landscape.cncf.io/?selected=rke-government) that focuses on security and compliance within the U.S. Federal Government sector.\n\nTo meet these goals, RKE2 does the following:\n\n- Provides [defaults and configuration options](https://docs.rke2.io/security/hardening_guide/) that allow clusters to pass the [CIS Kubernetes Benchmark](https://docs.rke2.io/security/cis_self_assessment123/) with minimal operator intervention\n- Enables [FIPS 140-2 compliance](https://docs.rke2.io/security/fips_support/)\n- Supports SELinux policy and [Multi-Category Security (MCS)](https://selinuxproject.org/page/NB_MLS) label enforcement\n- Regularly scans components for CVEs using [trivy](https://github.com/aquasecurity/trivy) in our build pipeline\n\nFor more information and detailed installation and operation instructions, [please visit our docs](https://docs.rke2.io/).\n\n## Quick Start\nHere's the ***extremely*** quick start:\n```sh\ncurl -sfL https://get.rke2.io | sh -\nsystemctl enable rke2-server.service\nsystemctl start rke2-server.service\n# Wait a bit\nexport KUBECONFIG=/etc/rancher/rke2/rke2.yaml PATH=$PATH:/var/lib/rancher/rke2/bin\nkubectl get nodes\n```\nFor a bit more, [check out our full quick start guide](https://docs.rke2.io/install/quickstart/).\n\n## Installation\n\nA full breakdown of installation methods and information can be found [here](https://docs.rke2.io/install/methods/).\n\n## Configuration File\n\nThe primary way to configure RKE2 is through its [config file](https://docs.rke2.io/install/configuration#configuration-file). Command line arguments and environment variables are also available, but RKE2 is installed as a systemd service and thus these are not as easy to leverage.\n\nBy default, RKE2 will launch with the values present in the YAML file located at `/etc/rancher/rke2/config.yaml`.\n\nAn example of a basic `server` config file is below:\n\n```yaml\n# /etc/rancher/rke2/config.yaml\nwrite-kubeconfig-mode: \"0644\"\ntls-san:\n  - \"foo.local\"\nnode-label:\n  - \"foo=bar\"\n  - \"something=amazing\"\n```\n\nIn general, cli arguments map to their respective yaml key, with repeatable cli args being represented as yaml lists. So, an identical configuration using solely cli arguments is shown below to demonstrate this:\n\n```bash\nrke2 server \\\n  --write-kubeconfig-mode \"0644\"    \\\n  --tls-san \"foo.local\"             \\\n  --node-label \"foo=bar\"            \\\n  --node-label \"something=amazing\"\n```\n\nIt is also possible to use both a configuration file and cli arguments.  In these situations, values will be loaded from both sources, but cli arguments will take precedence.  For repeatable arguments such as `--node-label`, the cli arguments will overwrite all values in the list.\n\nFinally, the location of the config file can be changed either through the cli argument `--config FILE, -c FILE`, or the environment variable `$RKE2_CONFIG_FILE`.\n\n## FAQ\n\n- [How is this different from RKE1 or K3s?](https://docs.rke2.io/#how-is-this-different-from-rke-or-k3s)\n- [Why two names?](https://docs.rke2.io/#why-two-names)\n\n## Security\n\nSecurity issues in RKE2 can be reported by sending an email to [security@rancher.com](mailto:security@rancher.com). Please do not open security issues here.\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Francher%2Frke2","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Francher%2Frke2","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Francher%2Frke2/lists"}