⚠️ Experimental — automated first-pass review from the OSPO readiness scanner.
8 items to address before release. 13 pass · 5 partial · 3 need attention
🔴 Needs attention
- TEMPLATES: No issue or PR templates found in .github/
- BRANCH_PROTECTION: Default branch 'main' has no branch protection rules
- REPO_METADATA: No description or topics set — add both for discoverability
🟡 Should improve
- CONTRIBUTING: Found CONTRIBUTING.md (repo) but limited content — consider adding PR process, issue reporting guidelines (template)
- DEPENDENCIES: No supported package manifest found — skipped deep dependency scan
- SECRET_SCANNING: Security settings not available — requires write/admin access to the repo
- CODE_SCANNING: Unable to check code scanning — requires security admin access
💡 Optional
- SPDX_HEADERS: No source files found to check for SPDX headers (optional)
📊 4 dependencies
📋 Policy compliance (github/licensecheck-data)
✅ 0 allowed · ❓ 4 unknown
⚠️ 4 dependencies with undetected licenses
These licenses couldn't be automatically detected. They likely have valid licenses — verify on their repository pages.
| Package |
Version |
| maven-jar-plugin |
3.5.0 |
| maven-compiler-plugin |
3.15.0 |
| actions/setup-java |
5.. |
| actions/checkout |
6.. |
📥 View dependency graph · View SBOM
✅ 13/21 checks pass
LICENSE, README, SECURITY, CODE_OF_CONDUCT, CI_CD, CODEOWNERS, SUPPORT, SENSITIVE_CONTENT, NOTICE, DEPENDABOT, INCLUSIVE_LANGUAGE, TRADEMARKS, LICENSE_POLICY
📌 Once all items above are addressed, add the ospo-review label to request a final review from the OSPO team.
🤖 Auto-scanned by ospo-readiness. Re-run by adding the rescan label.
Originally posted by @ashleywolf in #665
Originally posted by @ashleywolf in #665