{"id":14984626,"url":"https://github.com/sap/jenkins-library","last_synced_at":"2026-03-02T09:12:42.388Z","repository":{"id":37265291,"uuid":"107318996","full_name":"SAP/jenkins-library","owner":"SAP","description":"Jenkins shared library for Continuous Delivery pipelines.","archived":false,"fork":false,"pushed_at":"2026-02-07T04:32:20.000Z","size":30441,"stargazers_count":811,"open_issues_count":46,"forks_count":622,"subscribers_count":36,"default_branch":"master","last_synced_at":"2026-02-07T13:08:46.659Z","etag":null,"topics":["ci-cd","cli","golang","jenkins","open-source"],"latest_commit_sha":null,"homepage":"https://www.project-piper.io","language":"Go","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/SAP.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":"CONTRIBUTING.md","funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":".github/CODEOWNERS","security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":null,"dco":null,"cla":null}},"created_at":"2017-10-17T20:14:48.000Z","updated_at":"2026-02-06T09:16:08.000Z","dependencies_parsed_at":"2023-09-26T00:43:30.792Z","dependency_job_id":"cc49e2f9-c8c9-4245-949e-d6cd669f8aef","html_url":"https://github.com/SAP/jenkins-library","commit_stats":{"total_commits":4292,"total_committers":195,"mean_commits":22.01025641025641,"dds":0.8122087604846225,"last_synced_commit":"04e5df1277a31212c4c0312cb19e97f70cf95d03"},"previous_names":[],"tags_count":539,"template":false,"template_full_name":null,"purl":"pkg:github/SAP/jenkins-library","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/SAP%2Fjenkins-library","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/SAP%2Fjenkins-library/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/SAP%2Fjenkins-library/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/SAP%2Fjenkins-library/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/SAP","download_url":"https://codeload.github.com/SAP/jenkins-library/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/SAP%2Fjenkins-library/sbom","scorecard":{"id":123741,"data":{"date":"2025-08-11","repo":{"name":"github.com/SAP/jenkins-library","commit":"48180028e972360ba677ecc4d80a98e0f37d05d1"},"scorecard":{"version":"v5.2.1-40-gf6ed084d","commit":"f6ed084d17c9236477efd66e5b258b9d4cc7b389"},"score":5.5,"checks":[{"name":"Code-Review","score":10,"reason":"all changesets reviewed","details":null,"documentation":{"short":"Determines if the project requires human code review before pull requests (aka merge requests) are merged.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#code-review"}},{"name":"CII-Best-Practices","score":0,"reason":"no effort to earn an OpenSSF best practices badge detected","details":null,"documentation":{"short":"Determines if the project has an OpenSSF (formerly CII) Best Practices Badge.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#cii-best-practices"}},{"name":"Maintained","score":10,"reason":"30 commit(s) and 1 issue activity found in the last 90 days -- score normalized to 10","details":null,"documentation":{"short":"Determines if the project is \"actively maintained\".","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#maintained"}},{"name":"License","score":10,"reason":"license file detected","details":["Info: project has a license file: LICENSE:0","Info: FSF or OSI recognized license: Apache License 2.0: LICENSE:0"],"documentation":{"short":"Determines if the project has defined a license.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#license"}},{"name":"Packaging","score":-1,"reason":"packaging workflow not detected","details":["Warn: no GitHub/GitLab publishing workflow detected."],"documentation":{"short":"Determines if the project is published as a package that others can easily download, install, easily update, and uninstall.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#packaging"}},{"name":"Token-Permissions","score":0,"reason":"detected GitHub workflow tokens with excessive permissions","details":["Info: jobLevel 'contents' permission set to 'read': .github/workflows/release-go.yml:21","Info: jobLevel 'actions' permission set to 'read': .github/workflows/release-go.yml:22","Warn: no topLevel permission defined: .github/workflows/build-adr.yml:1","Warn: no topLevel permission defined: .github/workflows/documentation.yml:1","Warn: no topLevel permission defined: .github/workflows/integration-tests-pr.yml:1","Warn: no topLevel permission defined: .github/workflows/integration-tests.yml:1","Warn: no topLevel permission defined: .github/workflows/markdown.yml:1","Warn: no topLevel permission defined: .github/workflows/release-go.yml:1","Warn: no topLevel permission defined: .github/workflows/renovate-integration-tests.yml:1","Warn: no topLevel permission defined: .github/workflows/stale.yml:1","Warn: no topLevel permission defined: .github/workflows/update-go-dependencies.yml:1","Warn: no topLevel permission defined: .github/workflows/upload-go-master.yml:1","Warn: no topLevel permission defined: .github/workflows/verify-go.yml:1","Warn: no topLevel permission defined: .github/workflows/verify-groovy.yml:1","Warn: no topLevel permission defined: .github/workflows/verify-yaml.yml:1","Info: no jobLevel write permissions found"],"documentation":{"short":"Determines if the project's workflows follow the principle of least privilege.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#token-permissions"}},{"name":"Dangerous-Workflow","score":10,"reason":"no dangerous workflow patterns detected","details":null,"documentation":{"short":"Determines if the project's GitHub Action workflows avoid dangerous patterns.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#dangerous-workflow"}},{"name":"Branch-Protection","score":4,"reason":"branch protection is not maximal on development and all release branches","details":["Info: 'allow deletion' disabled on branch 'master'","Info: 'force pushes' disabled on branch 'master'","Warn: 'branch protection settings apply to administrators' is disabled on branch 'master'","Warn: 'stale review dismissal' is disabled on branch 'master'","Warn: required approving review count is 1 on branch 'master'","Warn: codeowners review is not required on branch 'master'","Warn: 'last push approval' is disabled on branch 'master'","Warn: 'up-to-date branches' is disabled on branch 'master'","Info: status check found to merge onto on branch 'master'","Info: PRs are required in order to make changes on branch 'master'"],"documentation":{"short":"Determines if the default and release branches are protected with GitHub's branch protection settings.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#branch-protection"}},{"name":"Security-Policy","score":10,"reason":"security policy file detected","details":["Info: security policy file detected: github.com/SAP/.github/SECURITY.md:1","Info: Found linked content: github.com/SAP/.github/SECURITY.md:1","Info: Found disclosure, vulnerability, and/or timelines in security policy: github.com/SAP/.github/SECURITY.md:1","Info: Found text in security policy: github.com/SAP/.github/SECURITY.md:1"],"documentation":{"short":"Determines if the project has published a security policy.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#security-policy"}},{"name":"Signed-Releases","score":0,"reason":"Project has not signed or included provenance with any releases.","details":["Warn: release artifact v1.456.0 not signed: https://api.github.com/repos/SAP/jenkins-library/releases/238946846","Warn: release artifact v1.455.0 not signed: https://api.github.com/repos/SAP/jenkins-library/releases/237667148","Warn: release artifact v1.454.0 not signed: https://api.github.com/repos/SAP/jenkins-library/releases/237382059","Warn: release artifact v1.453.0 not signed: https://api.github.com/repos/SAP/jenkins-library/releases/237281017","Warn: release artifact v1.452.0 not signed: https://api.github.com/repos/SAP/jenkins-library/releases/236167579","Warn: release artifact v1.456.0 does not have provenance: https://api.github.com/repos/SAP/jenkins-library/releases/238946846","Warn: release artifact v1.455.0 does not have provenance: https://api.github.com/repos/SAP/jenkins-library/releases/237667148","Warn: release artifact v1.454.0 does not have provenance: https://api.github.com/repos/SAP/jenkins-library/releases/237382059","Warn: release artifact v1.453.0 does not have provenance: https://api.github.com/repos/SAP/jenkins-library/releases/237281017","Warn: release artifact v1.452.0 does not have provenance: https://api.github.com/repos/SAP/jenkins-library/releases/236167579"],"documentation":{"short":"Determines if the project cryptographically signs release artifacts.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#signed-releases"}},{"name":"Fuzzing","score":0,"reason":"project is not fuzzed","details":["Warn: no fuzzer integrations found"],"documentation":{"short":"Determines if the project uses fuzzing.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#fuzzing"}},{"name":"Binary-Artifacts","score":10,"reason":"no binaries found in the repo","details":null,"documentation":{"short":"Determines if the project has generated executable (binary) artifacts in the source repository.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#binary-artifacts"}},{"name":"Pinned-Dependencies","score":0,"reason":"dependency not pinned by hash detected -- score normalized to 0","details":["Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build-adr.yml:13: update your workflow using https://app.stepsecurity.io/secureworkflow/SAP/jenkins-library/build-adr.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build-adr.yml:18: update your workflow using https://app.stepsecurity.io/secureworkflow/SAP/jenkins-library/build-adr.yml/master?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/build-adr.yml:26: update your workflow using https://app.stepsecurity.io/secureworkflow/SAP/jenkins-library/build-adr.yml/master?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/documentation.yml:15: update your workflow using https://app.stepsecurity.io/secureworkflow/SAP/jenkins-library/documentation.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/documentation.yml:17: update your workflow using https://app.stepsecurity.io/secureworkflow/SAP/jenkins-library/documentation.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/documentation.yml:19: update your workflow using https://app.stepsecurity.io/secureworkflow/SAP/jenkins-library/documentation.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/documentation.yml:24: update your workflow using https://app.stepsecurity.io/secureworkflow/SAP/jenkins-library/documentation.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/documentation.yml:32: update your workflow using https://app.stepsecurity.io/secureworkflow/SAP/jenkins-library/documentation.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/documentation.yml:40: update your workflow using https://app.stepsecurity.io/secureworkflow/SAP/jenkins-library/documentation.yml/master?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/documentation.yml:71: update your workflow using https://app.stepsecurity.io/secureworkflow/SAP/jenkins-library/documentation.yml/master?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/integration-tests-pr.yml:26: update your workflow using https://app.stepsecurity.io/secureworkflow/SAP/jenkins-library/integration-tests-pr.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/integration-tests-pr.yml:45: update your workflow using https://app.stepsecurity.io/secureworkflow/SAP/jenkins-library/integration-tests-pr.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/integration-tests-pr.yml:74: update your workflow using https://app.stepsecurity.io/secureworkflow/SAP/jenkins-library/integration-tests-pr.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/integration-tests-pr.yml:77: update your workflow using https://app.stepsecurity.io/secureworkflow/SAP/jenkins-library/integration-tests-pr.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/integration-tests-pr.yml:85: update your workflow using https://app.stepsecurity.io/secureworkflow/SAP/jenkins-library/integration-tests-pr.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/integration-tests-pr.yml:98: update your workflow using https://app.stepsecurity.io/secureworkflow/SAP/jenkins-library/integration-tests-pr.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/integration-tests-pr.yml:101: update your workflow using https://app.stepsecurity.io/secureworkflow/SAP/jenkins-library/integration-tests-pr.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/integration-tests-pr.yml:113: update your workflow using https://app.stepsecurity.io/secureworkflow/SAP/jenkins-library/integration-tests-pr.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/integration-tests-pr.yml:130: update your workflow using https://app.stepsecurity.io/secureworkflow/SAP/jenkins-library/integration-tests-pr.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/integration-tests-pr.yml:133: update your workflow using https://app.stepsecurity.io/secureworkflow/SAP/jenkins-library/integration-tests-pr.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/integration-tests-pr.yml:137: update your workflow using https://app.stepsecurity.io/secureworkflow/SAP/jenkins-library/integration-tests-pr.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/integration-tests-pr.yml:141: update your workflow using https://app.stepsecurity.io/secureworkflow/SAP/jenkins-library/integration-tests-pr.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/integration-tests.yml:116: update your workflow using https://app.stepsecurity.io/secureworkflow/SAP/jenkins-library/integration-tests.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/integration-tests.yml:119: update your workflow using https://app.stepsecurity.io/secureworkflow/SAP/jenkins-library/integration-tests.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/integration-tests.yml:123: update your workflow using https://app.stepsecurity.io/secureworkflow/SAP/jenkins-library/integration-tests.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/integration-tests.yml:127: update your workflow using https://app.stepsecurity.io/secureworkflow/SAP/jenkins-library/integration-tests.yml/master?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/integration-tests.yml:31: update your workflow using https://app.stepsecurity.io/secureworkflow/SAP/jenkins-library/integration-tests.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/integration-tests.yml:32: update your workflow using https://app.stepsecurity.io/secureworkflow/SAP/jenkins-library/integration-tests.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/integration-tests.yml:59: update your workflow using https://app.stepsecurity.io/secureworkflow/SAP/jenkins-library/integration-tests.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/integration-tests.yml:62: update your workflow using https://app.stepsecurity.io/secureworkflow/SAP/jenkins-library/integration-tests.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/integration-tests.yml:70: update your workflow using https://app.stepsecurity.io/secureworkflow/SAP/jenkins-library/integration-tests.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/integration-tests.yml:84: update your workflow using https://app.stepsecurity.io/secureworkflow/SAP/jenkins-library/integration-tests.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/integration-tests.yml:87: update your workflow using https://app.stepsecurity.io/secureworkflow/SAP/jenkins-library/integration-tests.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/integration-tests.yml:99: update your workflow using https://app.stepsecurity.io/secureworkflow/SAP/jenkins-library/integration-tests.yml/master?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/markdown.yml:18: update your workflow using https://app.stepsecurity.io/secureworkflow/SAP/jenkins-library/markdown.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/markdown.yml:19: update your workflow using https://app.stepsecurity.io/secureworkflow/SAP/jenkins-library/markdown.yml/master?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/markdown.yml:21: update your workflow using https://app.stepsecurity.io/secureworkflow/SAP/jenkins-library/markdown.yml/master?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/release-go.yml:38: update your workflow using https://app.stepsecurity.io/secureworkflow/SAP/jenkins-library/release-go.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release-go.yml:39: update your workflow using https://app.stepsecurity.io/secureworkflow/SAP/jenkins-library/release-go.yml/master?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/release-go.yml:54: update your workflow using https://app.stepsecurity.io/secureworkflow/SAP/jenkins-library/release-go.yml/master?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/release-go.yml:67: update your workflow using https://app.stepsecurity.io/secureworkflow/SAP/jenkins-library/release-go.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release-go.yml:102: update your workflow using https://app.stepsecurity.io/secureworkflow/SAP/jenkins-library/release-go.yml/master?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/release-go.yml:108: update your workflow using https://app.stepsecurity.io/secureworkflow/SAP/jenkins-library/release-go.yml/master?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/release-go.yml:122: update your workflow using https://app.stepsecurity.io/secureworkflow/SAP/jenkins-library/release-go.yml/master?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/release-go.yml:143: update your workflow using https://app.stepsecurity.io/secureworkflow/SAP/jenkins-library/release-go.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/renovate-integration-tests.yml:13: update your workflow using https://app.stepsecurity.io/secureworkflow/SAP/jenkins-library/renovate-integration-tests.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/renovate-integration-tests.yml:16: update your workflow using https://app.stepsecurity.io/secureworkflow/SAP/jenkins-library/renovate-integration-tests.yml/master?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/stale.yml:10: update your workflow using https://app.stepsecurity.io/secureworkflow/SAP/jenkins-library/stale.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/stale.yml:11: update your workflow using https://app.stepsecurity.io/secureworkflow/SAP/jenkins-library/stale.yml/master?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/update-go-dependencies.yml:12: update your workflow using https://app.stepsecurity.io/secureworkflow/SAP/jenkins-library/update-go-dependencies.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/update-go-dependencies.yml:13: update your workflow using https://app.stepsecurity.io/secureworkflow/SAP/jenkins-library/update-go-dependencies.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/update-go-dependencies.yml:14: update your workflow using https://app.stepsecurity.io/secureworkflow/SAP/jenkins-library/update-go-dependencies.yml/master?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/update-go-dependencies.yml:27: update your workflow using https://app.stepsecurity.io/secureworkflow/SAP/jenkins-library/update-go-dependencies.yml/master?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/upload-go-master.yml:12: update your workflow using https://app.stepsecurity.io/secureworkflow/SAP/jenkins-library/upload-go-master.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/upload-go-master.yml:13: update your workflow using https://app.stepsecurity.io/secureworkflow/SAP/jenkins-library/upload-go-master.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/upload-go-master.yml:14: update your workflow using https://app.stepsecurity.io/secureworkflow/SAP/jenkins-library/upload-go-master.yml/master?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/upload-go-master.yml:27: update your workflow using https://app.stepsecurity.io/secureworkflow/SAP/jenkins-library/upload-go-master.yml/master?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/upload-go-master.yml:43: update your workflow using https://app.stepsecurity.io/secureworkflow/SAP/jenkins-library/upload-go-master.yml/master?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/upload-go-master.yml:59: update your workflow using https://app.stepsecurity.io/secureworkflow/SAP/jenkins-library/upload-go-master.yml/master?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/verify-go.yml:15: update your workflow using https://app.stepsecurity.io/secureworkflow/SAP/jenkins-library/verify-go.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/verify-go.yml:16: update your workflow using https://app.stepsecurity.io/secureworkflow/SAP/jenkins-library/verify-go.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/verify-go.yml:20: update your workflow using https://app.stepsecurity.io/secureworkflow/SAP/jenkins-library/verify-go.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/verify-go.yml:27: update your workflow using https://app.stepsecurity.io/secureworkflow/SAP/jenkins-library/verify-go.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/verify-go.yml:35: update your workflow using https://app.stepsecurity.io/secureworkflow/SAP/jenkins-library/verify-go.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/verify-go.yml:39: update your workflow using https://app.stepsecurity.io/secureworkflow/SAP/jenkins-library/verify-go.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/verify-go.yml:47: update your workflow using https://app.stepsecurity.io/secureworkflow/SAP/jenkins-library/verify-go.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/verify-go.yml:55: update your workflow using https://app.stepsecurity.io/secureworkflow/SAP/jenkins-library/verify-go.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/verify-go.yml:59: update your workflow using https://app.stepsecurity.io/secureworkflow/SAP/jenkins-library/verify-go.yml/master?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/verify-go.yml:63: update your workflow using https://app.stepsecurity.io/secureworkflow/SAP/jenkins-library/verify-go.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/verify-go.yml:70: update your workflow using https://app.stepsecurity.io/secureworkflow/SAP/jenkins-library/verify-go.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/verify-go.yml:74: update your workflow using https://app.stepsecurity.io/secureworkflow/SAP/jenkins-library/verify-go.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/verify-go.yml:82: update your workflow using https://app.stepsecurity.io/secureworkflow/SAP/jenkins-library/verify-go.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/verify-go.yml:90: update your workflow using https://app.stepsecurity.io/secureworkflow/SAP/jenkins-library/verify-go.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/verify-go.yml:94: update your workflow using https://app.stepsecurity.io/secureworkflow/SAP/jenkins-library/verify-go.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/verify-go.yml:102: update your workflow using https://app.stepsecurity.io/secureworkflow/SAP/jenkins-library/verify-go.yml/master?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/verify-groovy.yml:15: update your workflow using https://app.stepsecurity.io/secureworkflow/SAP/jenkins-library/verify-groovy.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/verify-groovy.yml:17: update your workflow using https://app.stepsecurity.io/secureworkflow/SAP/jenkins-library/verify-groovy.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/verify-groovy.yml:19: update your workflow using https://app.stepsecurity.io/secureworkflow/SAP/jenkins-library/verify-groovy.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/verify-groovy.yml:25: update your workflow using https://app.stepsecurity.io/secureworkflow/SAP/jenkins-library/verify-groovy.yml/master?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/verify-yaml.yml:15: update your workflow using https://app.stepsecurity.io/secureworkflow/SAP/jenkins-library/verify-yaml.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/verify-yaml.yml:16: update your workflow using https://app.stepsecurity.io/secureworkflow/SAP/jenkins-library/verify-yaml.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/verify-yaml.yml:18: update your workflow using https://app.stepsecurity.io/secureworkflow/SAP/jenkins-library/verify-yaml.yml/master?enable=pin","Warn: containerImage not pinned by hash: Dockerfile:1","Warn: containerImage not pinned by hash: test/resources/versioning/DockerArtifactVersioning/Dockerfile:1","Warn: containerImage not pinned by hash: test/resources/versioning/DockerArtifactVersioning/Dockerfile_registryPort:1","Warn: containerImage not pinned by hash: test/resources/versioning/DockerArtifactVersioning/Dockerfile_registryPortNoTag:1","Warn: npmCommand not pinned by hash: .github/workflows/build-adr.yml:23","Warn: npmCommand not pinned by hash: .github/workflows/release-go.yml:49","Warn: pipCommand not pinned by hash: .github/workflows/verify-yaml.yml:24","Info:   0 out of  58 GitHub-owned GitHubAction dependencies pinned","Info:   0 out of  24 third-party GitHubAction dependencies pinned","Info:   0 out of   1 pipCommand dependencies pinned","Info:   0 out of   4 containerImage dependencies pinned","Info:   0 out of   2 npmCommand dependencies pinned","Info:   1 out of   1 goCommand dependencies pinned"],"documentation":{"short":"Determines if the project has declared and pinned the dependencies of its build process.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#pinned-dependencies"}},{"name":"SAST","score":10,"reason":"SAST tool is run on all commits","details":["Info: all commits (30) are checked with a SAST tool"],"documentation":{"short":"Determines if the project uses static code analysis.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#sast"}},{"name":"Vulnerabilities","score":0,"reason":"82 existing vulnerabilities detected","details":["Warn: Project is vulnerable to: GO-2024-2918 / GHSA-m5vv-6r4h-3vj9","Warn: Project is vulnerable to: GO-2025-3754 / GHSA-2x5j-vhc8-9cwm","Warn: Project is vulnerable to: GO-2025-3528 / GHSA-265r-hfxg-fhmg","Warn: Project is vulnerable to: GO-2025-3829","Warn: Project is vulnerable to: GO-2025-3802 / GHSA-557j-xg8c-q2mm","Warn: Project is vulnerable to: GHSA-vmq6-5m68-f53m","Warn: Project is vulnerable to: GHSA-668q-qrv7-99fm","Warn: Project is vulnerable to: GHSA-6v67-2wr5-gvf4","Warn: Project is vulnerable to: GHSA-pr98-23f8-jwxv","Warn: Project is vulnerable to: GHSA-h46c-h94j-95f3","Warn: Project is vulnerable to: GHSA-wf8f-6423-gfxg","Warn: Project is vulnerable to: GHSA-3x8x-79m2-3w2w","Warn: Project is vulnerable to: GHSA-57j2-w4cx-62h2","Warn: Project is vulnerable to: GHSA-jjjh-jjxp-wpff","Warn: Project is vulnerable to: GHSA-rgv9-q543-rqg4","Warn: Project is vulnerable to: GHSA-4jrv-ppp4-jm57","Warn: Project is vulnerable to: GHSA-5mg8-w23w-74h3","Warn: Project is vulnerable to: GHSA-7g45-4rm6-3mm3","Warn: Project is vulnerable to: GHSA-8rf5-92jh-3vc9","Warn: Project is vulnerable to: GHSA-g8jj-899q-8x3j","Warn: Project is vulnerable to: GHSA-mm8j-9x84-m9cv","Warn: Project is vulnerable to: GHSA-59c9-pxq8-9c73","Warn: Project is vulnerable to: GHSA-wxr5-93ph-8wr9","Warn: Project is vulnerable to: GHSA-hfrx-6qgj-fp6c","Warn: Project is vulnerable to: GHSA-vv7r-c36w-3prj","Warn: Project is vulnerable to: GHSA-78wr-2p64-hpwj","Warn: Project is vulnerable to: GHSA-gwrp-pvrq-jmwv","Warn: Project is vulnerable to: GHSA-j288-q9x7-2f5v","Warn: Project is vulnerable to: GHSA-599f-7c49-w659","Warn: Project is vulnerable to: GHSA-7r82-7xv7-xcpj","Warn: Project is vulnerable to: GHSA-jw7r-rxff-gv24","Warn: Project is vulnerable to: GHSA-27hp-xhwr-wr2m","Warn: Project is vulnerable to: GHSA-2rvv-w9r2-rg7m","Warn: Project is vulnerable to: GHSA-5j33-cvvr-w245","Warn: Project is vulnerable to: GHSA-7w75-32cg-r6g2","Warn: Project is vulnerable to: GHSA-83qj-6fr2-vhqg","Warn: Project is vulnerable to: GHSA-fccv-jmmp-qg76","Warn: Project is vulnerable to: GHSA-g8pj-r55q-5c2v","Warn: Project is vulnerable to: GHSA-h2fw-rfh5-95r3","Warn: Project is vulnerable to: GHSA-h3gc-qfqq-6h8f","Warn: Project is vulnerable to: GHSA-j39c-c8hj-x4j3","Warn: Project is vulnerable to: GHSA-jgwr-3qm3-26f3","Warn: Project is vulnerable to: GHSA-p22x-g9px-3945","Warn: Project is vulnerable to: GHSA-q3mw-pvr8-9ggc","Warn: Project is vulnerable to: GHSA-qppj-fm5r-hxr3","Warn: Project is vulnerable to: GHSA-r6j3-px5g-cq3x","Warn: Project is vulnerable to: GHSA-wc4r-xq3c-5cf3","Warn: Project is vulnerable to: GHSA-wm9w-rjj3-j356","Warn: Project is vulnerable to: GHSA-v682-8vv8-vpwr","Warn: Project is vulnerable to: GHSA-v6w3-2prq-h95f","Warn: Project is vulnerable to: GHSA-3vqj-43w4-2q58","Warn: Project is vulnerable to: GHSA-4jq9-2xhw-jpx7","Warn: Project is vulnerable to: GHSA-gp7f-rwcx-9369","Warn: Project is vulnerable to: GHSA-m72m-mhq2-9p6c","Warn: Project is vulnerable to: GHSA-rc42-6c7j-7h5r","Warn: Project is vulnerable to: GHSA-jjfh-589g-3hjx","Warn: Project is vulnerable to: GHSA-xf96-w227-r7c4","Warn: Project is vulnerable to: GHSA-36p3-wjmg-h94x","Warn: Project is vulnerable to: GHSA-hh26-6xwr-ggv7","Warn: Project is vulnerable to: GHSA-4gc7-5j7h-4qph","Warn: Project is vulnerable to: GHSA-4wp7-92pw-q264","Warn: Project is vulnerable to: GHSA-g5mm-vmx4-3rg7","Warn: Project is vulnerable to: GHSA-6gf2-pvqw-37ph","Warn: Project is vulnerable to: GHSA-rfmp-97jj-h8m6","Warn: Project is vulnerable to: GHSA-558x-2xjg-6232","Warn: Project is vulnerable to: GHSA-564r-hj7v-mcr5","Warn: Project is vulnerable to: GHSA-9cmq-m9j5-mvww","Warn: Project is vulnerable to: GHSA-wxqc-pxw9-g2p8","Warn: Project is vulnerable to: GHSA-2rmj-mq67-h97g","Warn: Project is vulnerable to: GHSA-2wrp-6fg6-hmc5","Warn: Project is vulnerable to: GHSA-4wrc-f8pq-fpqp","Warn: Project is vulnerable to: GHSA-ccgv-vj62-xf9h","Warn: Project is vulnerable to: GHSA-gfwj-fwqj-fp3v","Warn: Project is vulnerable to: GHSA-hgjh-9rj2-g67j","Warn: Project is vulnerable to: GHSA-g5vr-rgqm-vf78","Warn: Project is vulnerable to: GHSA-3mc7-4q67-w48m","Warn: Project is vulnerable to: GHSA-98wm-3w3q-mw94","Warn: Project is vulnerable to: GHSA-9w3m-gqgf-c4p9","Warn: Project is vulnerable to: GHSA-c4r9-r8fh-9vj2","Warn: Project is vulnerable to: GHSA-hhhw-99gj-p3c3","Warn: Project is vulnerable to: GHSA-mjmj-j48q-9wg2","Warn: Project is vulnerable to: GHSA-w37g-rhq8-7m4j"],"documentation":{"short":"Determines if the project has open, known unfixed vulnerabilities.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#vulnerabilities"}}]},"last_synced_at":"2025-08-16T03:11:14.517Z","repository_id":37265291,"created_at":"2025-08-16T03:11:14.517Z","updated_at":"2025-08-16T03:11:14.517Z"},"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":29298522,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-02-10T10:40:02.018Z","status":"ssl_error","status_checked_at":"2026-02-10T10:38:28.459Z","response_time":65,"last_error":"SSL_connect returned=1 errno=0 peeraddr=140.82.121.6:443 state=error: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["ci-cd","cli","golang","jenkins","open-source"],"created_at":"2024-09-24T14:09:23.604Z","updated_at":"2026-02-10T12:00:51.420Z","avatar_url":"https://github.com/SAP.png","language":"Go","funding_links":[],"categories":[],"sub_categories":[],"readme":"[![Maintainability](https://api.codeclimate.com/v1/badges/0e6a23344616e29b4ed0/maintainability)](https://codeclimate.com/github/SAP/jenkins-library/maintainability)\n[![Test Coverage](https://api.codeclimate.com/v1/badges/0e6a23344616e29b4ed0/test_coverage)](https://codeclimate.com/github/SAP/jenkins-library/test_coverage)\n[![Go Report Card](https://goreportcard.com/badge/github.com/SAP/jenkins-library)](https://goreportcard.com/report/github.com/SAP/jenkins-library)\n[![REUSE status](https://api.reuse.software/badge/github.com/SAP/jenkins-library)](https://api.reuse.software/info/github.com/SAP/jenkins-library)\n\n# Project Piper Repository\n\nThe Project \"Piper\" offers default pipelines to easily implement CI/CD processes integrating SAP systems. The corresponding \"Shared Library\" provides a set of \"steps\" to build your own scenarios beyond defaults.\n\n# User Documentation\n\nIf you want to view the User Documentation of Project Piper please follow this [Piper Pages Link][piper-library-user-doc].\n\n# Known Issues\n\nA list of known issues is available on the [GitHub issues page of this project][piper-library-issues].\n\n# How to obtain support\n\nFeel free to open new issues for feature requests, bugs or general feedback on\nthe [GitHub issues page of this project][piper-library-issues].\n\nRegister to our [google group][google-group] in order to get updates or for asking questions.\n\n# Contributing\n\nRead and understand our [contribution guidelines][piper-library-contribution]\nbefore opening a pull request.\n\n[piper-library-user-doc]: https://sap.github.io/jenkins-library/\n[piper-library-issues]: https://github.com/SAP/jenkins-library/issues\n[piper-library-contribution]: CONTRIBUTING.md\n[google-group]: https://groups.google.com/forum/#!forum/project-piper\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fsap%2Fjenkins-library","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fsap%2Fjenkins-library","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fsap%2Fjenkins-library/lists"}