Wait, if you want to check the actionable reports of Scorecard, looking at the prints of my local fork is not ideal. I've run the Scorecards CLI in my local, evaluating the actual rust-lang/rust repository. Those were the results:
Starting [Code-Review]
Starting [CI-Tests]
Starting [Dependency-Update-Tool]
Starting [SAST]
Starting [Contributors]
Starting [Pinned-Dependencies]
Starting [Dangerous-Workflow]
Starting [License]
Starting [Maintained]
Starting [Branch-Protection]
Starting [Fuzzing]
Starting [CII-Best-Practices]
Starting [Vulnerabilities]
Starting [Token-Permissions]
Starting [Security-Policy]
Starting [Binary-Artifacts]
Starting [Signed-Releases]
Starting [Packaging]
Finished [Dangerous-Workflow]
Finished [Contributors]
Finished [Pinned-Dependencies]
Finished [Branch-Protection]
Finished [Fuzzing]
Finished [CII-Best-Practices]
Finished [License]
Finished [Maintained]
Finished [Security-Policy]
Finished [Binary-Artifacts]
Finished [Signed-Releases]
Finished [Packaging]
Finished [Vulnerabilities]
Finished [Token-Permissions]
Finished [Dependency-Update-Tool]
Finished [SAST]
Finished [Code-Review]
Finished [CI-Tests]
RESULTS
-------
Aggregate score: 7.4 / 10
Check scores:
|---------|------------------------|--------------------------------|------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|-----------------------------------------------------------------------------------------------------------------------|
| SCORE | NAME | REASON | DETAILS | DOCUMENTATION/REMEDIATION |
|---------|------------------------|--------------------------------|------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|-----------------------------------------------------------------------------------------------------------------------|
| 10 / 10 | Binary-Artifacts | no binaries found in the repo | | https://github.com/ossf/scorecard/blob/2cbf5afd5460b51fd40939f8c44b32543b1a0bcb/docs/checks.md#binary-artifacts |
|---------|------------------------|--------------------------------|------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|-----------------------------------------------------------------------------------------------------------------------|
| 3 / 10 | Branch-Protection | branch protection is not | Info: 'force pushes' disabled | https://github.com/ossf/scorecard/blob/2cbf5afd5460b51fd40939f8c44b32543b1a0bcb/docs/checks.md#branch-protection |
| | | maximal on development and all | on branch 'master' Info: | |
| | | release branches | 'allow deletion' disabled | |
| | | | on branch 'master' Warn: no | |
| | | | status checks found to merge | |
| | | | onto branch 'master' Warn: | |
| | | | number of required reviewers | |
| | | | is only 0 on branch 'master' | |
|---------|------------------------|--------------------------------|------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|-----------------------------------------------------------------------------------------------------------------------|
| 10 / 10 | CI-Tests | 30 out of 30 merged PRs | | https://github.com/ossf/scorecard/blob/2cbf5afd5460b51fd40939f8c44b32543b1a0bcb/docs/checks.md#ci-tests |
| | | checked by a CI test -- score | | |
| | | normalized to 10 | | |
|---------|------------------------|--------------------------------|------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|-----------------------------------------------------------------------------------------------------------------------|
| 0 / 10 | CII-Best-Practices | no badge detected | | https://github.com/ossf/scorecard/blob/2cbf5afd5460b51fd40939f8c44b32543b1a0bcb/docs/checks.md#cii-best-practices |
|---------|------------------------|--------------------------------|------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|-----------------------------------------------------------------------------------------------------------------------|
| 8 / 10 | Code-Review | GitHub code reviews found for | Warn: no reviews found for commit: | https://github.com/ossf/scorecard/blob/2cbf5afd5460b51fd40939f8c44b32543b1a0bcb/docs/checks.md#code-review |
| | | 26 commits out of the last 30 | 4ff5a3655f1e7bed94d847f6888a2c0659aba276 | |
| | | -- score normalized to 8 | Warn: no reviews found for commit: | |
| | | | 3c53781800e50b2abc72c5b1542400eff48a8126 | |
| | | | Warn: no reviews found for commit: | |
| | | | 2b05f841155c06b61fceb390c3cc3c2c974306a0 | |
| | | | Warn: no reviews found for commit: | |
| | | | cbdc00f6e61132cbb74397cbb91171756e5d5834 | |
|---------|------------------------|--------------------------------|------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|-----------------------------------------------------------------------------------------------------------------------|
| 10 / 10 | Contributors | 100 different organizations | Info: contributors work for 2k36,AeroRust,EmbarkStudios,FLIF-hub,FTP-rs,Farmhouse,FerrisLand,JumpstartLab,LykenSol,LykenSol-abandoned,NixOS,NuxiNL,OsnaCS,Rust-GCC,RustFestEU,Ultramarine-Linux,actix,alumxi22,amazon web | https://github.com/ossf/scorecard/blob/2cbf5afd5460b51fd40939f8c44b32543b1a0bcb/docs/checks.md#contributors |
| | | found -- score normalized to | services,arcturo,async-rs,bastion-rs,bytecodealliance,dada-lang,dena,diesel-rs,documenting-ruby,drapergem,eddyb-abandoned,embecosm,feminism-chat,ferrous-systems,freifunk-saar,fusion-engineering,fusion-engineering-forks,georust,google,gtk-rs,hacketyhack,huawei,igalia,image-rs,intellij-rust,intermezzOS,knurling-rs,kubernetes,kubernetes-sigs,kuchiki-rs,lalrpop,lambda-llama,larcenists,llvm,lykensol,maintainers,messloc,nodejs,notify-rs,nrf-rs,nuprl,opencollective,openhwgroup,openvalidation,osgcc,osm-without-borders,oxidecomputer,pingcap,pkgjs,psoc-rs,rails,rayon-rs,recogni,resque,rubinius,rust-analyzer,rust-bus,rust-cli,rust-community,rust-dev-tools,rust-docs,rust-fuzz,rust-lang,rust-lang-deprecated,rust-lang-nursery,rust-osdev,rust-phf,salsa-rs,semver,servo,shoes,sinatra,stm32-rs,stylelint,tigerbeetledb,unicode-org,unicode-rs,w3c,wg21link,whatwg,wlanslovenija,xomboverlord | |
| | | 10 | | |
|---------|------------------------|--------------------------------|------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|-----------------------------------------------------------------------------------------------------------------------|
| 10 / 10 | Dangerous-Workflow | no dangerous workflow patterns | | https://github.com/ossf/scorecard/blob/2cbf5afd5460b51fd40939f8c44b32543b1a0bcb/docs/checks.md#dangerous-workflow |
| | | detected | | |
|---------|------------------------|--------------------------------|------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|-----------------------------------------------------------------------------------------------------------------------|
| 10 / 10 | Dependency-Update-Tool | update tool detected | Info: Dependabot detected | https://github.com/ossf/scorecard/blob/2cbf5afd5460b51fd40939f8c44b32543b1a0bcb/docs/checks.md#dependency-update-tool |
|---------|------------------------|--------------------------------|------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|-----------------------------------------------------------------------------------------------------------------------|
| 10 / 10 | Fuzzing | project is fuzzed with | | https://github.com/ossf/scorecard/blob/2cbf5afd5460b51fd40939f8c44b32543b1a0bcb/docs/checks.md#fuzzing |
| | | [OSSFuzz] | | |
|---------|------------------------|--------------------------------|------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|-----------------------------------------------------------------------------------------------------------------------|
| 10 / 10 | License | license file detected | Info: : COPYRIGHT:1 | https://github.com/ossf/scorecard/blob/2cbf5afd5460b51fd40939f8c44b32543b1a0bcb/docs/checks.md#license |
|---------|------------------------|--------------------------------|------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|-----------------------------------------------------------------------------------------------------------------------|
| 10 / 10 | Maintained | 30 commit(s) out of 30 and 10 | | https://github.com/ossf/scorecard/blob/2cbf5afd5460b51fd40939f8c44b32543b1a0bcb/docs/checks.md#maintained |
| | | issue activity out of 30 found | | |
| | | in the last 90 days -- score | | |
| | | normalized to 10 | | |
|---------|------------------------|--------------------------------|------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|-----------------------------------------------------------------------------------------------------------------------|
| ? | Packaging | no published package detected | Warn: no GitHub publishing | https://github.com/ossf/scorecard/blob/2cbf5afd5460b51fd40939f8c44b32543b1a0bcb/docs/checks.md#packaging |
| | | | workflow detected | |
|---------|------------------------|--------------------------------|------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|-----------------------------------------------------------------------------------------------------------------------|
| 5 / 10 | Pinned-Dependencies | dependency not pinned by hash | Warn: GitHub-owned GitHubAction not pinned by hash: | https://github.com/ossf/scorecard/blob/2cbf5afd5460b51fd40939f8c44b32543b1a0bcb/docs/checks.md#pinned-dependencies |
| | | detected -- score normalized | .github/workflows/ci.yml:592: update your workflow using | |
| | | to 5 | https://app.stepsecurity.io/secureworkflow/rust-lang/rust/ci.yml/master?enable=pin | |
| | | | Warn: third-party GitHubAction not pinned by hash: | |
| | | | .github/workflows/ci.yml:612: update your workflow using | |
| | | | https://app.stepsecurity.io/secureworkflow/rust-lang/rust/ci.yml/master?enable=pin | |
| | | | Warn: GitHub-owned GitHubAction not pinned by hash: | |
| | | | .github/workflows/ci.yml:695: update your workflow using | |
| | | | https://app.stepsecurity.io/secureworkflow/rust-lang/rust/ci.yml/master?enable=pin | |
|---------|------------------------|--------------------------------|------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|-----------------------------------------------------------------------------------------------------------------------|
| 0 / 10 | SAST | SAST tool is not run on all | Warn: 0 commits out of 30 are | https://github.com/ossf/scorecard/blob/2cbf5afd5460b51fd40939f8c44b32543b1a0bcb/docs/checks.md#sast |
| | | commits -- score normalized to | checked with a SAST tool Warn: | |
| | | 0 | CodeQL tool not detected | |
|---------|------------------------|--------------------------------|------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|-----------------------------------------------------------------------------------------------------------------------|
| 10 / 10 | Security-Policy | security policy file detected | Info: security policy | https://github.com/ossf/scorecard/blob/2cbf5afd5460b51fd40939f8c44b32543b1a0bcb/docs/checks.md#security-policy |
| | | | detected in org repo: | |
| | | | github.com/rust-lang/.github/SECURITY.md:1 | |
|---------|------------------------|--------------------------------|------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|-----------------------------------------------------------------------------------------------------------------------|
| ? | Signed-Releases | no releases found | Warn: no GitHub releases found | https://github.com/ossf/scorecard/blob/2cbf5afd5460b51fd40939f8c44b32543b1a0bcb/docs/checks.md#signed-releases |
|---------|------------------------|--------------------------------|------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|-----------------------------------------------------------------------------------------------------------------------|
| 0 / 10 | Token-Permissions | non read-only tokens detected | Info: topLevel 'contents' permission set to 'read': | https://github.com/ossf/scorecard/blob/2cbf5afd5460b51fd40939f8c44b32543b1a0bcb/docs/checks.md#token-permissions |
| | | in GitHub workflows | .github/workflows/ci.yml:29: update your workflow using | |
| | | | https://app.stepsecurity.io/secureworkflow/rust-lang/rust/ci.yml/master?enable=permissions | |
| | | | Warn: jobLevel 'actions' permission set to 'write': | |
| | | | .github/workflows/ci.yml:153: update your workflow using | |
| | | | https://app.stepsecurity.io/secureworkflow/rust-lang/rust/ci.yml/master?enable=permissions | |
| | | | Warn: jobLevel 'actions' permission set to 'write': | |
| | | | .github/workflows/ci.yml:567: update your workflow using | |
| | | | https://app.stepsecurity.io/secureworkflow/rust-lang/rust/ci.yml/master?enable=permissions | |
| | | | Warn: jobLevel 'actions' permission set to 'write': | |
| | | | .github/workflows/ci.yml:36: update your workflow using | |
| | | | https://app.stepsecurity.io/secureworkflow/rust-lang/rust/ci.yml/master?enable=permissions | |
|---------|------------------------|--------------------------------|------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|-----------------------------------------------------------------------------------------------------------------------|
| 10 / 10 | Vulnerabilities | no vulnerabilities detected | | https://github.com/ossf/scorecard/blob/2cbf5afd5460b51fd40939f8c44b32543b1a0bcb/docs/checks.md#vulnerabilities |
|---------|------------------------|--------------------------------|------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|-----------------------------------------------------------------------------------------------------------------------|