+ which scorecard
+ SCORECARD=/usr/local/bin/scorecard
+ '[' '!' -f /usr/local/bin/scorecard ']'
+ sudo sh -c 'export GOPATH=/usr/local/; go install github.com/ossf/scorecard/v4@latest; chmod 755 /usr/local/bin/scorecard'
go: downloading github.com/ossf/scorecard v1.2.0
go: downloading github.com/ossf/scorecard/v4 v4.13.1
go: downloading github.com/caarlos0/env/v6 v6.10.0
go: downloading github.com/spf13/cobra v1.7.0
go: downloading sigs.k8s.io/release-utils v0.6.0
go: downloading github.com/rhysd/actionlint v1.6.26
go: downloading github.com/google/osv-scanner v1.4.1
go: downloading gocloud.dev v0.34.0
go: downloading github.com/bombsimon/logrusr/v2 v2.0.1
go: downloading github.com/go-logr/logr v1.2.4
go: downloading github.com/sirupsen/logrus v1.9.3
go: downloading go.opencensus.io v0.24.0
go: downloading github.com/golang/mock v1.6.0
go: downloading golang.org/x/exp v0.0.0-20230905200255-921286631fa9
go: downloading github.com/google/go-github/v53 v53.2.0
go: downloading github.com/shurcooL/githubv4 v0.0.0-20201206200315-234843c633fa
go: downloading google.golang.org/protobuf v1.31.0
go: downloading gopkg.in/yaml.v3 v3.0.1
go: downloading github.com/olekukonko/tablewriter v0.0.5
go: downloading golang.org/x/text v0.13.0
go: downloading github.com/Masterminds/semver/v3 v3.2.1
go: downloading github.com/h2non/filetype v1.1.3
go: downloading github.com/moby/buildkit v0.12.2
go: downloading mvdan.cc/sh/v3 v3.7.0
go: downloading github.com/shurcooL/graphql v0.0.0-20200928012149-18c5c3165e3a
go: downloading github.com/xanzy/go-gitlab v0.93.1
go: downloading golang.org/x/oauth2 v0.13.0
go: downloading github.com/common-nighthawk/go-figure v0.0.0-20210622060536-734e95fb86be
go: downloading github.com/spf13/pflag v1.0.5
go: downloading github.com/fatih/color v1.15.0
go: downloading github.com/mattn/go-colorable v0.1.13
go: downloading github.com/mattn/go-runewidth v0.0.15
go: downloading github.com/robfig/cron/v3 v3.0.1
go: downloading golang.org/x/sync v0.3.0
go: downloading golang.org/x/sys v0.13.0
go: downloading github.com/go-git/go-billy/v5 v5.5.0
go: downloading github.com/go-git/go-git/v5 v5.9.0
go: downloading gopkg.in/yaml.v2 v2.4.0
go: downloading github.com/bradleyfalzon/ghinstallation/v2 v2.8.0
go: downloading cloud.google.com/go/compute/metadata v0.2.3
go: downloading cloud.google.com/go/iam v1.1.1
go: downloading cloud.google.com/go/storage v1.31.0
go: downloading github.com/google/wire v0.5.0
go: downloading cloud.google.com/go/compute v1.23.0
go: downloading github.com/googleapis/gax-go/v2 v2.12.0
go: downloading google.golang.org/api v0.139.0
go: downloading cloud.google.com/go v0.110.7
go: downloading github.com/ProtonMail/go-crypto v0.0.0-20230923063757-afb1ddc0824c
go: downloading github.com/google/go-querystring v1.1.0
go: downloading github.com/google/go-containerregistry v0.16.1
go: downloading golang.org/x/net v0.17.0
go: downloading github.com/hashicorp/go-cleanhttp v0.5.2
go: downloading github.com/hashicorp/go-retryablehttp v0.7.4
go: downloading golang.org/x/time v0.3.0
go: downloading github.com/mattn/go-isatty v0.0.19
go: downloading github.com/pkg/errors v0.9.1
go: downloading github.com/rivo/uniseg v0.4.4
go: downloading github.com/goark/go-cvss v1.6.6
go: downloading github.com/jedib0t/go-pretty/v6 v6.4.7
go: downloading github.com/owenrumney/go-sarif/v2 v2.2.2
go: downloading github.com/CycloneDX/cyclonedx-go v0.7.2
go: downloading github.com/spdx/tools-golang v0.5.3
go: downloading github.com/ianlancetaylor/demangle v0.0.0-20230524184225-eabc099b10ab
go: downloading golang.org/x/vuln v1.0.1
go: downloading github.com/BurntSushi/toml v1.3.2
go: downloading golang.org/x/mod v0.12.0
go: downloading github.com/package-url/packageurl-go v0.1.1
go: downloading github.com/cyphar/filepath-securejoin v0.2.4
go: downloading golang.org/x/xerrors v0.0.0-20220907171357-04be3eba64a2
go: downloading google.golang.org/grpc v1.57.0
go: downloading github.com/golang-jwt/jwt/v4 v4.5.0
go: downloading github.com/google/go-github/v56 v56.0.0
go: downloading dario.cat/mergo v1.0.0
go: downloading github.com/sergi/go-diff v1.3.1
go: downloading google.golang.org/genproto/googleapis/api v0.0.0-20230803162519-f966b187b2e5
go: downloading github.com/google/uuid v1.3.0
go: downloading google.golang.org/genproto v0.0.0-20230803162519-f966b187b2e5
go: downloading golang.org/x/crypto v0.14.0
go: downloading github.com/containerd/typeurl/v2 v2.1.1
go: downloading github.com/goark/errs v1.3.2
go: downloading github.com/spdx/gordf v0.0.0-20221230105357-b735bd5aac89
go: downloading github.com/anchore/go-struct-converter v0.0.0-20230627203149-c72ef8859ca9
go: downloading github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da
go: downloading github.com/go-git/gcfg v1.5.1-0.20230307220236-3a3c6141e376
go: downloading github.com/jbenet/go-context v0.0.0-20150711004518-d14ea06fba99
go: downloading github.com/pjbgf/sha1cd v0.3.0
go: downloading github.com/emirpasic/gods v1.18.1
go: downloading google.golang.org/genproto/googleapis/rpc v0.0.0-20230822172742-b8732ec3820d
go: downloading github.com/cloudflare/circl v1.3.3
go: downloading github.com/docker/cli v24.0.4+incompatible
go: downloading github.com/mitchellh/go-homedir v1.1.0
go: downloading github.com/opencontainers/go-digest v1.0.0
go: downloading github.com/docker/distribution v2.8.2+incompatible
go: downloading github.com/containerd/stargz-snapshotter/estargz v0.14.3
go: downloading golang.org/x/tools v0.13.0
go: downloading github.com/gogo/protobuf v1.3.2
go: downloading github.com/kevinburke/ssh_config v1.2.0
go: downloading github.com/skeema/knownhosts v1.2.1
go: downloading github.com/xanzy/ssh-agent v0.3.3
go: downloading github.com/golang/protobuf v1.5.3
go: downloading gopkg.in/warnings.v0 v0.1.2
go: downloading github.com/google/s2a-go v0.1.7
go: downloading github.com/google/go-cmp v0.6.0
go: downloading github.com/googleapis/enterprise-certificate-proxy v0.2.5
go: downloading github.com/opencontainers/image-spec v1.1.0-rc3
go: downloading github.com/klauspost/compress v1.16.7
go: downloading github.com/vbatts/tar-split v0.11.3
go: downloading github.com/docker/docker v24.0.4+incompatible
go: downloading github.com/docker/docker-credential-helpers v0.7.0
+ '[' '!' -f hello-2.12.tar.gz ']'
+ '[' '!' -d hello-2.12 ']'
+ /usr/local/bin/scorecard --local hello-2.12
Starting [Dangerous-Workflow]
Starting [Binary-Artifacts]
Starting [Token-Permissions]
Starting [Dependency-Update-Tool]
Starting [Pinned-Dependencies]
Starting [Vulnerabilities]
Finished [Binary-Artifacts]
Finished [Token-Permissions]
Finished [Dependency-Update-Tool]
Finished [Pinned-Dependencies]
Finished [Vulnerabilities]
Finished [Dangerous-Workflow]

RESULTS
-------
Aggregate score: 10.0 / 10

Check scores:
|---------|------------------------|---------------------------------------------------|-----------------------------------------------------------------------------------|
|  SCORE  |          NAME          |                      REASON                       |                             DOCUMENTATION/REMEDIATION                             |
|---------|------------------------|---------------------------------------------------|-----------------------------------------------------------------------------------|
| 10 / 10 | Binary-Artifacts       | no binaries found in the repo                     | https://github.com/ossf/scorecard/blob/main/docs/checks.md#binary-artifacts       |
|---------|------------------------|---------------------------------------------------|-----------------------------------------------------------------------------------|
| ?       | Dangerous-Workflow     | no workflows found                                | https://github.com/ossf/scorecard/blob/main/docs/checks.md#dangerous-workflow     |
|---------|------------------------|---------------------------------------------------|-----------------------------------------------------------------------------------|
| ?       | Dependency-Update-Tool | internal error: Search:                           | https://github.com/ossf/scorecard/blob/main/docs/checks.md#dependency-update-tool |
|         |                        | unsupported feature                               |                                                                                   |
|---------|------------------------|---------------------------------------------------|-----------------------------------------------------------------------------------|
| ?       | Pinned-Dependencies    | no dependencies found                             | https://github.com/ossf/scorecard/blob/main/docs/checks.md#pinned-dependencies    |
|---------|------------------------|---------------------------------------------------|-----------------------------------------------------------------------------------|
| ?       | Token-Permissions      | no github tokens found                            | https://github.com/ossf/scorecard/blob/main/docs/checks.md#token-permissions      |
|---------|------------------------|---------------------------------------------------|-----------------------------------------------------------------------------------|
| ?       | Vulnerabilities        | internal error:                                   | https://github.com/ossf/scorecard/blob/main/docs/checks.md#vulnerabilities        |
|         |                        | vulnerabilitiesClient.ListUnfixedVulnerabilities: |                                                                                   |
|         |                        | osvscanner.DoScan: no packages found in scan      |                                                                                   |
|---------|------------------------|---------------------------------------------------|-----------------------------------------------------------------------------------|
Error: check runtime error: Dependency-Update-Tool: internal error: Search: unsupported feature
2024/01/17 18:50:05 error during command execution: check runtime error: Dependency-Update-Tool: internal error: Search: unsupported feature
+ rm -rf /tmp/scorecardeN7b