GraalVM 24.0.1 #368

sgammon · 2024-04-18T19:53:18Z

Summary

Adds GraalVM 24.0.1 to the bindist map.

github-actions · 2024-04-18T19:57:06Z

Dependency Review

The following issues were found:

✅ 0 vulnerable package(s)
✅ 0 package(s) with incompatible licenses
✅ 0 package(s) with invalid SPDX license definitions
⚠️ 16 package(s) with unknown licenses.

See the Details below.

Snapshot Warnings

⚠️: The number of snapshots compared for the base SHA (0) and the head SHA (1) do not match. You may see unexpected additions in the diff.

Re-running this action after a short time may resolve the issue. See the documentation for more information and troubleshooting advice.

License Issues

pom.xml

Package	Version	License	Issue Type
org.graalvm.compiler:compiler	24.0.1	Null	Unknown License
org.graalvm.compiler:compiler	24.0.1	Null	Unknown License
org.graalvm.nativeimage:native-image-base	24.0.1	Null	Unknown License
org.graalvm.nativeimage:native-image-base	24.0.1	Null	Unknown License
org.graalvm.nativeimage:objectfile	24.0.1	Null	Unknown License
org.graalvm.nativeimage:pointsto	24.0.1	Null	Unknown License
org.graalvm.nativeimage:svm	24.0.1	Null	Unknown License
org.graalvm.nativeimage:svm	24.0.1	Null	Unknown License
org.graalvm.polyglot:polyglot	24.0.1	Null	Unknown License
org.graalvm.polyglot:polyglot	24.0.1	Null	Unknown License
org.graalvm.sdk:collections	24.0.1	Null	Unknown License
org.graalvm.sdk:graal-sdk	24.0.1	Null	Unknown License
org.graalvm.sdk:graal-sdk	24.0.1	Null	Unknown License
org.graalvm.sdk:nativeimage	24.0.1	Null	Unknown License
org.graalvm.sdk:word	24.0.1	Null	Unknown License
org.graalvm.truffle:truffle-compiler	24.0.1	Null	Unknown License

OpenSSF Scorecard

Scorecard details

Package

Version

Score

Details

maven/org.graalvm.compiler:compiler

24.0.1

🟢 4

Details

Check	Score	Reason
Code-Review	⚠️ 0	found 7 unreviewed changesets out of 7 -- score normalized to 0
Maintained	🟢 10	30 commit(s) and 18 issue activity found in the last 90 days -- score normalized to 10
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
License	🟢 9	license file detected
Signed-Releases	⚠️ 0	Project has not signed or included provenance with any releases.
Branch-Protection	⚠️ -1	internal error: error during GetBranch(release/graal-vm/19.1): error during branchesHandler.query: internal error: githubv4.Query: Resource not accessible by integration
Packaging	⚠️ -1	packaging workflow not detected
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
Security-Policy	🟢 10	security policy file detected
Token-Permissions	⚠️ 0	detected GitHub workflow tokens with excessive permissions
SAST	⚠️ 0	SAST tool is not run on all commits -- score normalized to 0
Vulnerabilities	🟢 10	0 existing vulnerabilities detected
Binary-Artifacts	⚠️ 0	binaries present in source code
Fuzzing	⚠️ 0	project is not fuzzed
Pinned-Dependencies	⚠️ 0	dependency not pinned by hash detected -- score normalized to 0

maven/org.graalvm.compiler:compiler

24.0.1

🟢 4

Details

Check	Score	Reason
Code-Review	⚠️ 0	found 7 unreviewed changesets out of 7 -- score normalized to 0
Maintained	🟢 10	30 commit(s) and 18 issue activity found in the last 90 days -- score normalized to 10
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
License	🟢 9	license file detected
Signed-Releases	⚠️ 0	Project has not signed or included provenance with any releases.
Branch-Protection	⚠️ -1	internal error: error during GetBranch(release/graal-vm/19.1): error during branchesHandler.query: internal error: githubv4.Query: Resource not accessible by integration
Packaging	⚠️ -1	packaging workflow not detected
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
Security-Policy	🟢 10	security policy file detected
Token-Permissions	⚠️ 0	detected GitHub workflow tokens with excessive permissions
SAST	⚠️ 0	SAST tool is not run on all commits -- score normalized to 0
Vulnerabilities	🟢 10	0 existing vulnerabilities detected
Binary-Artifacts	⚠️ 0	binaries present in source code
Fuzzing	⚠️ 0	project is not fuzzed
Pinned-Dependencies	⚠️ 0	dependency not pinned by hash detected -- score normalized to 0

maven/org.graalvm.nativeimage:native-image-base

24.0.1

🟢 4

Details

Check	Score	Reason
Code-Review	⚠️ 0	found 7 unreviewed changesets out of 7 -- score normalized to 0
Maintained	🟢 10	30 commit(s) and 18 issue activity found in the last 90 days -- score normalized to 10
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
License	🟢 9	license file detected
Signed-Releases	⚠️ 0	Project has not signed or included provenance with any releases.
Branch-Protection	⚠️ -1	internal error: error during GetBranch(release/graal-vm/19.1): error during branchesHandler.query: internal error: githubv4.Query: Resource not accessible by integration
Packaging	⚠️ -1	packaging workflow not detected
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
Security-Policy	🟢 10	security policy file detected
Token-Permissions	⚠️ 0	detected GitHub workflow tokens with excessive permissions
SAST	⚠️ 0	SAST tool is not run on all commits -- score normalized to 0
Vulnerabilities	🟢 10	0 existing vulnerabilities detected
Binary-Artifacts	⚠️ 0	binaries present in source code
Fuzzing	⚠️ 0	project is not fuzzed
Pinned-Dependencies	⚠️ 0	dependency not pinned by hash detected -- score normalized to 0

maven/org.graalvm.nativeimage:native-image-base

24.0.1

🟢 4

Details

Check	Score	Reason
Code-Review	⚠️ 0	found 7 unreviewed changesets out of 7 -- score normalized to 0
Maintained	🟢 10	30 commit(s) and 18 issue activity found in the last 90 days -- score normalized to 10
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
License	🟢 9	license file detected
Signed-Releases	⚠️ 0	Project has not signed or included provenance with any releases.
Branch-Protection	⚠️ -1	internal error: error during GetBranch(release/graal-vm/19.1): error during branchesHandler.query: internal error: githubv4.Query: Resource not accessible by integration
Packaging	⚠️ -1	packaging workflow not detected
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
Security-Policy	🟢 10	security policy file detected
Token-Permissions	⚠️ 0	detected GitHub workflow tokens with excessive permissions
SAST	⚠️ 0	SAST tool is not run on all commits -- score normalized to 0
Vulnerabilities	🟢 10	0 existing vulnerabilities detected
Binary-Artifacts	⚠️ 0	binaries present in source code
Fuzzing	⚠️ 0	project is not fuzzed
Pinned-Dependencies	⚠️ 0	dependency not pinned by hash detected -- score normalized to 0

maven/org.graalvm.nativeimage:objectfile

24.0.1

🟢 4

Details

Check	Score	Reason
Code-Review	⚠️ 0	found 7 unreviewed changesets out of 7 -- score normalized to 0
Maintained	🟢 10	30 commit(s) and 18 issue activity found in the last 90 days -- score normalized to 10
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
License	🟢 9	license file detected
Signed-Releases	⚠️ 0	Project has not signed or included provenance with any releases.
Branch-Protection	⚠️ -1	internal error: error during GetBranch(release/graal-vm/19.1): error during branchesHandler.query: internal error: githubv4.Query: Resource not accessible by integration
Packaging	⚠️ -1	packaging workflow not detected
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
Security-Policy	🟢 10	security policy file detected
Token-Permissions	⚠️ 0	detected GitHub workflow tokens with excessive permissions
SAST	⚠️ 0	SAST tool is not run on all commits -- score normalized to 0
Vulnerabilities	🟢 10	0 existing vulnerabilities detected
Binary-Artifacts	⚠️ 0	binaries present in source code
Fuzzing	⚠️ 0	project is not fuzzed
Pinned-Dependencies	⚠️ 0	dependency not pinned by hash detected -- score normalized to 0

maven/org.graalvm.nativeimage:pointsto

24.0.1

🟢 4

Details

Check	Score	Reason
Code-Review	⚠️ 0	found 7 unreviewed changesets out of 7 -- score normalized to 0
Maintained	🟢 10	30 commit(s) and 18 issue activity found in the last 90 days -- score normalized to 10
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
License	🟢 9	license file detected
Signed-Releases	⚠️ 0	Project has not signed or included provenance with any releases.
Branch-Protection	⚠️ -1	internal error: error during GetBranch(release/graal-vm/19.1): error during branchesHandler.query: internal error: githubv4.Query: Resource not accessible by integration
Packaging	⚠️ -1	packaging workflow not detected
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
Security-Policy	🟢 10	security policy file detected
Token-Permissions	⚠️ 0	detected GitHub workflow tokens with excessive permissions
SAST	⚠️ 0	SAST tool is not run on all commits -- score normalized to 0
Vulnerabilities	🟢 10	0 existing vulnerabilities detected
Binary-Artifacts	⚠️ 0	binaries present in source code
Fuzzing	⚠️ 0	project is not fuzzed
Pinned-Dependencies	⚠️ 0	dependency not pinned by hash detected -- score normalized to 0

maven/org.graalvm.nativeimage:svm

24.0.1

🟢 4

Details

Check	Score	Reason
Code-Review	⚠️ 0	found 7 unreviewed changesets out of 7 -- score normalized to 0
Maintained	🟢 10	30 commit(s) and 18 issue activity found in the last 90 days -- score normalized to 10
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
License	🟢 9	license file detected
Signed-Releases	⚠️ 0	Project has not signed or included provenance with any releases.
Branch-Protection	⚠️ -1	internal error: error during GetBranch(release/graal-vm/19.1): error during branchesHandler.query: internal error: githubv4.Query: Resource not accessible by integration
Packaging	⚠️ -1	packaging workflow not detected
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
Security-Policy	🟢 10	security policy file detected
Token-Permissions	⚠️ 0	detected GitHub workflow tokens with excessive permissions
SAST	⚠️ 0	SAST tool is not run on all commits -- score normalized to 0
Vulnerabilities	🟢 10	0 existing vulnerabilities detected
Binary-Artifacts	⚠️ 0	binaries present in source code
Fuzzing	⚠️ 0	project is not fuzzed
Pinned-Dependencies	⚠️ 0	dependency not pinned by hash detected -- score normalized to 0

maven/org.graalvm.nativeimage:svm

24.0.1

🟢 4

Details

Check	Score	Reason
Code-Review	⚠️ 0	found 7 unreviewed changesets out of 7 -- score normalized to 0
Maintained	🟢 10	30 commit(s) and 18 issue activity found in the last 90 days -- score normalized to 10
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
License	🟢 9	license file detected
Signed-Releases	⚠️ 0	Project has not signed or included provenance with any releases.
Branch-Protection	⚠️ -1	internal error: error during GetBranch(release/graal-vm/19.1): error during branchesHandler.query: internal error: githubv4.Query: Resource not accessible by integration
Packaging	⚠️ -1	packaging workflow not detected
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
Security-Policy	🟢 10	security policy file detected
Token-Permissions	⚠️ 0	detected GitHub workflow tokens with excessive permissions
SAST	⚠️ 0	SAST tool is not run on all commits -- score normalized to 0
Vulnerabilities	🟢 10	0 existing vulnerabilities detected
Binary-Artifacts	⚠️ 0	binaries present in source code
Fuzzing	⚠️ 0	project is not fuzzed
Pinned-Dependencies	⚠️ 0	dependency not pinned by hash detected -- score normalized to 0

maven/org.graalvm.polyglot:polyglot

24.0.1

🟢 4

Details

Check	Score	Reason
Code-Review	⚠️ 0	found 7 unreviewed changesets out of 7 -- score normalized to 0
Maintained	🟢 10	30 commit(s) and 18 issue activity found in the last 90 days -- score normalized to 10
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
License	🟢 9	license file detected
Signed-Releases	⚠️ 0	Project has not signed or included provenance with any releases.
Branch-Protection	⚠️ -1	internal error: error during GetBranch(release/graal-vm/19.1): error during branchesHandler.query: internal error: githubv4.Query: Resource not accessible by integration
Packaging	⚠️ -1	packaging workflow not detected
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
Security-Policy	🟢 10	security policy file detected
Token-Permissions	⚠️ 0	detected GitHub workflow tokens with excessive permissions
SAST	⚠️ 0	SAST tool is not run on all commits -- score normalized to 0
Vulnerabilities	🟢 10	0 existing vulnerabilities detected
Binary-Artifacts	⚠️ 0	binaries present in source code
Fuzzing	⚠️ 0	project is not fuzzed
Pinned-Dependencies	⚠️ 0	dependency not pinned by hash detected -- score normalized to 0

maven/org.graalvm.polyglot:polyglot

24.0.1

🟢 4

Details

Check	Score	Reason
Code-Review	⚠️ 0	found 7 unreviewed changesets out of 7 -- score normalized to 0
Maintained	🟢 10	30 commit(s) and 18 issue activity found in the last 90 days -- score normalized to 10
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
License	🟢 9	license file detected
Signed-Releases	⚠️ 0	Project has not signed or included provenance with any releases.
Branch-Protection	⚠️ -1	internal error: error during GetBranch(release/graal-vm/19.1): error during branchesHandler.query: internal error: githubv4.Query: Resource not accessible by integration
Packaging	⚠️ -1	packaging workflow not detected
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
Security-Policy	🟢 10	security policy file detected
Token-Permissions	⚠️ 0	detected GitHub workflow tokens with excessive permissions
SAST	⚠️ 0	SAST tool is not run on all commits -- score normalized to 0
Vulnerabilities	🟢 10	0 existing vulnerabilities detected
Binary-Artifacts	⚠️ 0	binaries present in source code
Fuzzing	⚠️ 0	project is not fuzzed
Pinned-Dependencies	⚠️ 0	dependency not pinned by hash detected -- score normalized to 0

maven/org.graalvm.sdk:collections

24.0.1

🟢 4

Details

Check	Score	Reason
Code-Review	⚠️ 0	found 7 unreviewed changesets out of 7 -- score normalized to 0
Maintained	🟢 10	30 commit(s) and 18 issue activity found in the last 90 days -- score normalized to 10
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
License	🟢 9	license file detected
Signed-Releases	⚠️ 0	Project has not signed or included provenance with any releases.
Branch-Protection	⚠️ -1	internal error: error during GetBranch(release/graal-vm/19.1): error during branchesHandler.query: internal error: githubv4.Query: Resource not accessible by integration
Packaging	⚠️ -1	packaging workflow not detected
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
Security-Policy	🟢 10	security policy file detected
Token-Permissions	⚠️ 0	detected GitHub workflow tokens with excessive permissions
SAST	⚠️ 0	SAST tool is not run on all commits -- score normalized to 0
Vulnerabilities	🟢 10	0 existing vulnerabilities detected
Binary-Artifacts	⚠️ 0	binaries present in source code
Fuzzing	⚠️ 0	project is not fuzzed
Pinned-Dependencies	⚠️ 0	dependency not pinned by hash detected -- score normalized to 0

maven/org.graalvm.sdk:graal-sdk

24.0.1

🟢 4

Details

Check	Score	Reason
Code-Review	⚠️ 0	found 7 unreviewed changesets out of 7 -- score normalized to 0
Maintained	🟢 10	30 commit(s) and 18 issue activity found in the last 90 days -- score normalized to 10
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
License	🟢 9	license file detected
Signed-Releases	⚠️ 0	Project has not signed or included provenance with any releases.
Branch-Protection	⚠️ -1	internal error: error during GetBranch(release/graal-vm/19.1): error during branchesHandler.query: internal error: githubv4.Query: Resource not accessible by integration
Packaging	⚠️ -1	packaging workflow not detected
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
Security-Policy	🟢 10	security policy file detected
Token-Permissions	⚠️ 0	detected GitHub workflow tokens with excessive permissions
SAST	⚠️ 0	SAST tool is not run on all commits -- score normalized to 0
Vulnerabilities	🟢 10	0 existing vulnerabilities detected
Binary-Artifacts	⚠️ 0	binaries present in source code
Fuzzing	⚠️ 0	project is not fuzzed
Pinned-Dependencies	⚠️ 0	dependency not pinned by hash detected -- score normalized to 0

maven/org.graalvm.sdk:graal-sdk

24.0.1

🟢 4

Details

Check	Score	Reason
Code-Review	⚠️ 0	found 7 unreviewed changesets out of 7 -- score normalized to 0
Maintained	🟢 10	30 commit(s) and 18 issue activity found in the last 90 days -- score normalized to 10
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
License	🟢 9	license file detected
Signed-Releases	⚠️ 0	Project has not signed or included provenance with any releases.
Branch-Protection	⚠️ -1	internal error: error during GetBranch(release/graal-vm/19.1): error during branchesHandler.query: internal error: githubv4.Query: Resource not accessible by integration
Packaging	⚠️ -1	packaging workflow not detected
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
Security-Policy	🟢 10	security policy file detected
Token-Permissions	⚠️ 0	detected GitHub workflow tokens with excessive permissions
SAST	⚠️ 0	SAST tool is not run on all commits -- score normalized to 0
Vulnerabilities	🟢 10	0 existing vulnerabilities detected
Binary-Artifacts	⚠️ 0	binaries present in source code
Fuzzing	⚠️ 0	project is not fuzzed
Pinned-Dependencies	⚠️ 0	dependency not pinned by hash detected -- score normalized to 0

maven/org.graalvm.sdk:nativeimage

24.0.1

🟢 4

Details

Check	Score	Reason
Code-Review	⚠️ 0	found 7 unreviewed changesets out of 7 -- score normalized to 0
Maintained	🟢 10	30 commit(s) and 18 issue activity found in the last 90 days -- score normalized to 10
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
License	🟢 9	license file detected
Signed-Releases	⚠️ 0	Project has not signed or included provenance with any releases.
Branch-Protection	⚠️ -1	internal error: error during GetBranch(release/graal-vm/19.1): error during branchesHandler.query: internal error: githubv4.Query: Resource not accessible by integration
Packaging	⚠️ -1	packaging workflow not detected
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
Security-Policy	🟢 10	security policy file detected
Token-Permissions	⚠️ 0	detected GitHub workflow tokens with excessive permissions
SAST	⚠️ 0	SAST tool is not run on all commits -- score normalized to 0
Vulnerabilities	🟢 10	0 existing vulnerabilities detected
Binary-Artifacts	⚠️ 0	binaries present in source code
Fuzzing	⚠️ 0	project is not fuzzed
Pinned-Dependencies	⚠️ 0	dependency not pinned by hash detected -- score normalized to 0

maven/org.graalvm.sdk:word

24.0.1

🟢 4

Details

Check	Score	Reason
Code-Review	⚠️ 0	found 7 unreviewed changesets out of 7 -- score normalized to 0
Maintained	🟢 10	30 commit(s) and 18 issue activity found in the last 90 days -- score normalized to 10
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
License	🟢 9	license file detected
Signed-Releases	⚠️ 0	Project has not signed or included provenance with any releases.
Branch-Protection	⚠️ -1	internal error: error during GetBranch(release/graal-vm/19.1): error during branchesHandler.query: internal error: githubv4.Query: Resource not accessible by integration
Packaging	⚠️ -1	packaging workflow not detected
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
Security-Policy	🟢 10	security policy file detected
Token-Permissions	⚠️ 0	detected GitHub workflow tokens with excessive permissions
SAST	⚠️ 0	SAST tool is not run on all commits -- score normalized to 0
Vulnerabilities	🟢 10	0 existing vulnerabilities detected
Binary-Artifacts	⚠️ 0	binaries present in source code
Fuzzing	⚠️ 0	project is not fuzzed
Pinned-Dependencies	⚠️ 0	dependency not pinned by hash detected -- score normalized to 0

maven/org.graalvm.truffle:truffle-compiler

24.0.1

🟢 4

Details

Check	Score	Reason
Code-Review	⚠️ 0	found 7 unreviewed changesets out of 7 -- score normalized to 0
Maintained	🟢 10	30 commit(s) and 18 issue activity found in the last 90 days -- score normalized to 10
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
License	🟢 9	license file detected
Signed-Releases	⚠️ 0	Project has not signed or included provenance with any releases.
Branch-Protection	⚠️ -1	internal error: error during GetBranch(release/graal-vm/19.1): error during branchesHandler.query: internal error: githubv4.Query: Resource not accessible by integration
Packaging	⚠️ -1	packaging workflow not detected
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
Security-Policy	🟢 10	security policy file detected
Token-Permissions	⚠️ 0	detected GitHub workflow tokens with excessive permissions
SAST	⚠️ 0	SAST tool is not run on all commits -- score normalized to 0
Vulnerabilities	🟢 10	0 existing vulnerabilities detected
Binary-Artifacts	⚠️ 0	binaries present in source code
Fuzzing	⚠️ 0	project is not fuzzed
Pinned-Dependencies	⚠️ 0	dependency not pinned by hash detected -- score normalized to 0

maven/org.graalvm.compiler:compiler

24.0.0

🟢 4

Details

Check	Score	Reason
Code-Review	⚠️ 0	found 7 unreviewed changesets out of 7 -- score normalized to 0
Maintained	🟢 10	30 commit(s) and 18 issue activity found in the last 90 days -- score normalized to 10
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
License	🟢 9	license file detected
Signed-Releases	⚠️ 0	Project has not signed or included provenance with any releases.
Branch-Protection	⚠️ -1	internal error: error during GetBranch(release/graal-vm/19.1): error during branchesHandler.query: internal error: githubv4.Query: Resource not accessible by integration
Packaging	⚠️ -1	packaging workflow not detected
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
Security-Policy	🟢 10	security policy file detected
Token-Permissions	⚠️ 0	detected GitHub workflow tokens with excessive permissions
SAST	⚠️ 0	SAST tool is not run on all commits -- score normalized to 0
Vulnerabilities	🟢 10	0 existing vulnerabilities detected
Binary-Artifacts	⚠️ 0	binaries present in source code
Fuzzing	⚠️ 0	project is not fuzzed
Pinned-Dependencies	⚠️ 0	dependency not pinned by hash detected -- score normalized to 0

maven/org.graalvm.nativeimage:native-image-base

24.0.0

🟢 4

Details

Check	Score	Reason
Code-Review	⚠️ 0	found 7 unreviewed changesets out of 7 -- score normalized to 0
Maintained	🟢 10	30 commit(s) and 18 issue activity found in the last 90 days -- score normalized to 10
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
License	🟢 9	license file detected
Signed-Releases	⚠️ 0	Project has not signed or included provenance with any releases.
Branch-Protection	⚠️ -1	internal error: error during GetBranch(release/graal-vm/19.1): error during branchesHandler.query: internal error: githubv4.Query: Resource not accessible by integration
Packaging	⚠️ -1	packaging workflow not detected
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
Security-Policy	🟢 10	security policy file detected
Token-Permissions	⚠️ 0	detected GitHub workflow tokens with excessive permissions
SAST	⚠️ 0	SAST tool is not run on all commits -- score normalized to 0
Vulnerabilities	🟢 10	0 existing vulnerabilities detected
Binary-Artifacts	⚠️ 0	binaries present in source code
Fuzzing	⚠️ 0	project is not fuzzed
Pinned-Dependencies	⚠️ 0	dependency not pinned by hash detected -- score normalized to 0

maven/org.graalvm.nativeimage:svm

24.0.0

🟢 4

Details

Check	Score	Reason
Code-Review	⚠️ 0	found 7 unreviewed changesets out of 7 -- score normalized to 0
Maintained	🟢 10	30 commit(s) and 18 issue activity found in the last 90 days -- score normalized to 10
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
License	🟢 9	license file detected
Signed-Releases	⚠️ 0	Project has not signed or included provenance with any releases.
Branch-Protection	⚠️ -1	internal error: error during GetBranch(release/graal-vm/19.1): error during branchesHandler.query: internal error: githubv4.Query: Resource not accessible by integration
Packaging	⚠️ -1	packaging workflow not detected
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
Security-Policy	🟢 10	security policy file detected
Token-Permissions	⚠️ 0	detected GitHub workflow tokens with excessive permissions
SAST	⚠️ 0	SAST tool is not run on all commits -- score normalized to 0
Vulnerabilities	🟢 10	0 existing vulnerabilities detected
Binary-Artifacts	⚠️ 0	binaries present in source code
Fuzzing	⚠️ 0	project is not fuzzed
Pinned-Dependencies	⚠️ 0	dependency not pinned by hash detected -- score normalized to 0

maven/org.graalvm.polyglot:polyglot

24.0.0

🟢 4

Details

Check	Score	Reason
Code-Review	⚠️ 0	found 7 unreviewed changesets out of 7 -- score normalized to 0
Maintained	🟢 10	30 commit(s) and 18 issue activity found in the last 90 days -- score normalized to 10
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
License	🟢 9	license file detected
Signed-Releases	⚠️ 0	Project has not signed or included provenance with any releases.
Branch-Protection	⚠️ -1	internal error: error during GetBranch(release/graal-vm/19.1): error during branchesHandler.query: internal error: githubv4.Query: Resource not accessible by integration
Packaging	⚠️ -1	packaging workflow not detected
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
Security-Policy	🟢 10	security policy file detected
Token-Permissions	⚠️ 0	detected GitHub workflow tokens with excessive permissions
SAST	⚠️ 0	SAST tool is not run on all commits -- score normalized to 0
Vulnerabilities	🟢 10	0 existing vulnerabilities detected
Binary-Artifacts	⚠️ 0	binaries present in source code
Fuzzing	⚠️ 0	project is not fuzzed
Pinned-Dependencies	⚠️ 0	dependency not pinned by hash detected -- score normalized to 0

maven/org.graalvm.sdk:graal-sdk

24.0.0

🟢 4

Details

Check	Score	Reason
Code-Review	⚠️ 0	found 7 unreviewed changesets out of 7 -- score normalized to 0
Maintained	🟢 10	30 commit(s) and 18 issue activity found in the last 90 days -- score normalized to 10
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
License	🟢 9	license file detected
Signed-Releases	⚠️ 0	Project has not signed or included provenance with any releases.
Branch-Protection	⚠️ -1	internal error: error during GetBranch(release/graal-vm/19.1): error during branchesHandler.query: internal error: githubv4.Query: Resource not accessible by integration
Packaging	⚠️ -1	packaging workflow not detected
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
Security-Policy	🟢 10	security policy file detected
Token-Permissions	⚠️ 0	detected GitHub workflow tokens with excessive permissions
SAST	⚠️ 0	SAST tool is not run on all commits -- score normalized to 0
Vulnerabilities	🟢 10	0 existing vulnerabilities detected
Binary-Artifacts	⚠️ 0	binaries present in source code
Fuzzing	⚠️ 0	project is not fuzzed
Pinned-Dependencies	⚠️ 0	dependency not pinned by hash detected -- score normalized to 0

Scanned Manifest Files

package.json

@commitlint/cli@19.2.2
@commitlint/cli@19.2.1

pnpm-lock.yaml

@commitlint/cli@19.2.2
@commitlint/is-ignored@19.2.2
@commitlint/lint@19.2.2
@commitlint/cli@19.2.1
@commitlint/is-ignored@19.0.3
@commitlint/lint@19.1.0

pom.xml

org.graalvm.compiler:compiler@24.0.1
org.graalvm.compiler:compiler@24.0.1
org.graalvm.nativeimage:native-image-base@24.0.1
org.graalvm.nativeimage:native-image-base@24.0.1
org.graalvm.nativeimage:objectfile@24.0.1
org.graalvm.nativeimage:pointsto@24.0.1
org.graalvm.nativeimage:svm@24.0.1
org.graalvm.nativeimage:svm@24.0.1
org.graalvm.polyglot:polyglot@24.0.1
org.graalvm.polyglot:polyglot@24.0.1
org.graalvm.sdk:collections@24.0.1
org.graalvm.sdk:graal-sdk@24.0.1
org.graalvm.sdk:graal-sdk@24.0.1
org.graalvm.sdk:nativeimage@24.0.1
org.graalvm.sdk:word@24.0.1
org.graalvm.truffle:truffle-compiler@24.0.1
org.graalvm.compiler:compiler@24.0.0
org.graalvm.nativeimage:native-image-base@24.0.0
org.graalvm.nativeimage:svm@24.0.0
org.graalvm.polyglot:polyglot@24.0.0
org.graalvm.sdk:graal-sdk@24.0.0

Signed-off-by: Sam Gammon <sam@elide.ventures>

Bumps [org.graalvm.nativeimage:native-image-base](https://github.com/oracle/graal) from 24.0.0 to 24.0.1. - [Release notes](https://github.com/oracle/graal/releases) - [Commits](oracle/graal@vm-24.0.0...vm-24.0.1) --- updated-dependencies: - dependency-name: org.graalvm.nativeimage:native-image-base dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Signed-off-by: Sam Gammon <sam@elide.ventures>

Bumps [org.graalvm.nativeimage:svm](https://github.com/oracle/graal) from 24.0.0 to 24.0.1. - [Release notes](https://github.com/oracle/graal/releases) - [Commits](oracle/graal@vm-24.0.0...vm-24.0.1) --- updated-dependencies: - dependency-name: org.graalvm.nativeimage:svm dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Signed-off-by: Sam Gammon <sam@elide.ventures>

Bumps [org.graalvm.polyglot:polyglot](https://github.com/oracle/graal) from 24.0.0 to 24.0.1. - [Release notes](https://github.com/oracle/graal/releases) - [Commits](oracle/graal@vm-24.0.0...vm-24.0.1) --- updated-dependencies: - dependency-name: org.graalvm.polyglot:polyglot dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Signed-off-by: Sam Gammon <sam@elide.ventures>

Bumps [org.graalvm.compiler:compiler](https://github.com/oracle/graal) from 24.0.0 to 24.0.1. - [Release notes](https://github.com/oracle/graal/releases) - [Commits](oracle/graal@vm-24.0.0...vm-24.0.1) --- updated-dependencies: - dependency-name: org.graalvm.compiler:compiler dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Signed-off-by: Sam Gammon <sam@elide.ventures>

Bumps [org.graalvm.sdk:graal-sdk](https://github.com/oracle/graal) from 24.0.0 to 24.0.1. - [Release notes](https://github.com/oracle/graal/releases) - [Commits](oracle/graal@vm-24.0.0...vm-24.0.1) --- updated-dependencies: - dependency-name: org.graalvm.sdk:graal-sdk dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Signed-off-by: Sam Gammon <sam@elide.ventures>

Bumps [@commitlint/cli](https://github.com/conventional-changelog/commitlint/tree/HEAD/@commitlint/cli) from 19.2.1 to 19.2.2. - [Release notes](https://github.com/conventional-changelog/commitlint/releases) - [Changelog](https://github.com/conventional-changelog/commitlint/blob/master/@commitlint/cli/CHANGELOG.md) - [Commits](https://github.com/conventional-changelog/commitlint/commits/v19.2.2/@commitlint/cli) --- updated-dependencies: - dependency-name: "@commitlint/cli" dependency-type: direct:development update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Signed-off-by: Sam Gammon <sam@elide.ventures>

sonarcloud · 2024-04-18T20:02:46Z

Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
No data about Coverage
0.0% Duplication on New Code

See analysis details on SonarCloud

darvld

lgtm 👍

sgammon added the enhancement New feature or request label Apr 18, 2024

sgammon added this to the 1.0.0 milestone Apr 18, 2024

sgammon self-assigned this Apr 18, 2024

sgammon and others added 6 commits April 18, 2024 12:59

chore: update gvm → JDK 22.0.1 / GVM 24.0.1

c864862

Signed-off-by: Sam Gammon <sam@elide.ventures>

sgammon force-pushed the release/gvm-24.0.1 branch 2 times, most recently from 8e7fdef to 15d7c76 Compare April 18, 2024 20:01

sgammon force-pushed the release/gvm-24.0.1 branch from 15d7c76 to 8730ae1 Compare April 18, 2024 20:02

sgammon requested a review from darvld April 18, 2024 20:02

darvld approved these changes Apr 18, 2024

View reviewed changes

sgammon merged commit d4ef558 into main Apr 18, 2024
81 checks passed

sgammon mentioned this pull request Apr 18, 2024

Release: 0.11.2 #369

Merged

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

GraalVM 24.0.1 #368

GraalVM 24.0.1 #368

sgammon commented Apr 18, 2024

github-actions bot commented Apr 18, 2024 •

edited

Loading

sonarcloud bot commented Apr 18, 2024

darvld left a comment

GraalVM 24.0.1 #368

GraalVM 24.0.1 #368

Conversation

sgammon commented Apr 18, 2024

Summary

github-actions bot commented Apr 18, 2024 • edited Loading

Dependency Review

Snapshot Warnings

License Issues

pom.xml

OpenSSF Scorecard

Scanned Manifest Files

sonarcloud bot commented Apr 18, 2024

Quality Gate passed

darvld left a comment

Choose a reason for hiding this comment

github-actions bot commented Apr 18, 2024 •

edited

Loading