{"id":33999,"url":"https://github.com/sagemath/sage","last_synced_at":"2026-06-10T00:20:43.234Z","repository":{"id":65724309,"uuid":"597660615","full_name":"sagemath/sage","owner":"sagemath","description":"Main repository of SageMath","archived":false,"fork":false,"pushed_at":"2025-09-27T19:27:41.000Z","size":451196,"stargazers_count":1981,"open_issues_count":5638,"forks_count":671,"subscribers_count":13,"default_branch":"develop","last_synced_at":"2025-09-27T21:16:20.988Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":"https://www.sagemath.org","language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"other","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/sagemath.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":"CONTRIBUTING.md","funding":null,"license":"COPYING.txt","code_of_conduct":"CODE_OF_CONDUCT.md","threat_model":null,"audit":null,"citation":"CITATION.cff","codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":"AUTHORS.md","dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":null,"dco":null,"cla":null},"funding":{"github":"sagemath"}},"created_at":"2012-06-08T10:11:02.000Z","updated_at":"2025-09-27T19:26:38.000Z","dependencies_parsed_at":"2023-09-30T08:05:48.820Z","dependency_job_id":"a9f7298e-de15-442a-9aa5-842f9b65a924","html_url":"https://github.com/sagemath/sage","commit_stats":{"total_commits":97020,"total_committers":1401,"mean_commits":69.25053533190578,"dds":0.87715934858792,"last_synced_commit":"1b3f398d2a866c4c138498f31db6c27d1c566fc6"},"previous_names":[],"tags_count":1135,"template":false,"template_full_name":null,"purl":"pkg:github/sagemath/sage","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/sagemath%2Fsage","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/sagemath%2Fsage/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/sagemath%2Fsage/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/sagemath%2Fsage/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/sagemath","download_url":"https://codeload.github.com/sagemath/sage/tar.gz/refs/heads/develop","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/sagemath%2Fsage/sbom","scorecard":{"id":794997,"data":{"date":"2025-08-11","repo":{"name":"github.com/sagemath/sage","commit":"cb030433d73cb3a25d5a8c79c5e0c3b1f41893b3"},"scorecard":{"version":"v5.2.1-40-gf6ed084d","commit":"f6ed084d17c9236477efd66e5b258b9d4cc7b389"},"score":4.9,"checks":[{"name":"Code-Review","score":8,"reason":"Found 26/30 approved changesets -- score normalized to 8","details":null,"documentation":{"short":"Determines if the project requires human code review before pull requests (aka merge requests) are merged.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#code-review"}},{"name":"Maintained","score":10,"reason":"30 commit(s) and 1 issue activity found in the last 90 days -- score normalized to 10","details":null,"documentation":{"short":"Determines if the project is \"actively maintained\".","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#maintained"}},{"name":"Dangerous-Workflow","score":10,"reason":"no dangerous workflow patterns detected","details":null,"documentation":{"short":"Determines if the project's GitHub Action workflows avoid dangerous patterns.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#dangerous-workflow"}},{"name":"CII-Best-Practices","score":0,"reason":"no effort to earn an OpenSSF best practices badge detected","details":null,"documentation":{"short":"Determines if the project has an OpenSSF (formerly CII) Best Practices Badge.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#cii-best-practices"}},{"name":"Token-Permissions","score":0,"reason":"detected GitHub workflow tokens with excessive permissions","details":["Warn: jobLevel 'contents' permission set to 'write': .github/workflows/dist.yml:178","Warn: no topLevel permission defined: .github/workflows/build.yml:1","Warn: no topLevel permission defined: .github/workflows/changelog_trigger.yml:1","Warn: topLevel 'packages' permission set to 'write': .github/workflows/ci-distro.yml:41","Warn: no topLevel permission defined: .github/workflows/ci-macos.yml:1","Info: topLevel 'contents' permission set to 'read': .github/workflows/ci-meson.yml:18","Warn: no topLevel permission defined: .github/workflows/ci.yml:1","Warn: no topLevel permission defined: .github/workflows/dist.yml:1","Warn: no topLevel permission defined: .github/workflows/doc-build-pdf.yml:1","Warn: no topLevel permission defined: .github/workflows/doc-build.yml:1","Warn: topLevel 'checks' permission set to 'write': .github/workflows/doc-publish.yml:11","Warn: topLevel 'statuses' permission set to 'write': .github/workflows/doc-publish.yml:10","Warn: no topLevel permission defined: .github/workflows/docker.yml:1","Warn: no topLevel permission defined: .github/workflows/docker_hub.yml:1","Warn: no topLevel permission defined: .github/workflows/lint.yml:1","Warn: no topLevel permission defined: .github/workflows/push_to_docker_hub.yml:1","Warn: no topLevel permission defined: .github/workflows/pyright.yml:1","Warn: no topLevel permission defined: .github/workflows/sync_labels.yml:1"],"documentation":{"short":"Determines if the project's workflows follow the principle of least privilege.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#token-permissions"}},{"name":"License","score":9,"reason":"license file detected","details":["Info: project has a license file: COPYING.txt:0","Warn: project license file does not contain an FSF or OSI license."],"documentation":{"short":"Determines if the project has defined a license.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#license"}},{"name":"Security-Policy","score":0,"reason":"security policy file not detected","details":["Warn: no security policy file detected","Warn: no security file to analyze","Warn: no security file to analyze","Warn: no security file to analyze"],"documentation":{"short":"Determines if the project has published a security policy.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#security-policy"}},{"name":"Branch-Protection","score":-1,"reason":"internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration","details":null,"documentation":{"short":"Determines if the default and release branches are protected with GitHub's branch protection settings.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#branch-protection"}},{"name":"Packaging","score":10,"reason":"packaging workflow detected","details":["Info: Project packages its releases by way of GitHub Actions.: .github/workflows/build.yml:79"],"documentation":{"short":"Determines if the project is published as a package that others can easily download, install, easily update, and uninstall.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#packaging"}},{"name":"Binary-Artifacts","score":10,"reason":"no binaries found in the repo","details":null,"documentation":{"short":"Determines if the project has generated executable (binary) artifacts in the source repository.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#binary-artifacts"}},{"name":"Fuzzing","score":0,"reason":"project is not fuzzed","details":["Warn: no fuzzer integrations found"],"documentation":{"short":"Determines if the project uses fuzzing.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#fuzzing"}},{"name":"SAST","score":0,"reason":"SAST tool is not run on all commits -- score normalized to 0","details":["Warn: 0 commits out of 26 are checked with a SAST tool"],"documentation":{"short":"Determines if the project uses static code analysis.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#sast"}},{"name":"Signed-Releases","score":-1,"reason":"no releases found","details":null,"documentation":{"short":"Determines if the project cryptographically signs release artifacts.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#signed-releases"}},{"name":"Vulnerabilities","score":0,"reason":"105 existing vulnerabilities detected","details":["Warn: Project is vulnerable to: PYSEC-2022-42986 / GHSA-43fp-rhv2-5gv8","Warn: Project is vulnerable to: PYSEC-2023-135 / GHSA-xqr8-7jwr-rhp7","Warn: Project is vulnerable to: PYSEC-2021-870 / GHSA-8rh6-h94m-vj54","Warn: Project is vulnerable to: PYSEC-2024-4 / GHSA-2mqj-m65w-jghx","Warn: Project is vulnerable to: PYSEC-2023-165 / GHSA-cwvm-v4w8-q58c","Warn: Project is vulnerable to: PYSEC-2022-42992 / GHSA-hcpj-qp55-gfph","Warn: Project is vulnerable to: PYSEC-2023-137 / GHSA-pr76-5cm5-w9cj","Warn: Project is vulnerable to: PYSEC-2023-161 / GHSA-wfm5-v35h-vwf4","Warn: Project is vulnerable to: GHSA-vqfr-h8mv-ghfj","Warn: Project is vulnerable to: PYSEC-2022-183 / GHSA-h8pj-cxx2-jfg2","Warn: Project is vulnerable to: GHSA-jjg7-2v4v-x38h","Warn: Project is vulnerable to: GHSA-29gw-9793-fvw7","Warn: Project is vulnerable to: PYSEC-2022-12 / GHSA-pq7m-3gw7-gq5x","Warn: Project is vulnerable to: GHSA-cpwx-vrp4-4pq7","Warn: Project is vulnerable to: GHSA-gmj6-6f8f-6699","Warn: Project is vulnerable to: GHSA-h5c8-rqwp-cp95","Warn: Project is vulnerable to: GHSA-h75v-3vvj-5mfj","Warn: Project is vulnerable to: GHSA-q2x7-8rv6-6q7h","Warn: Project is vulnerable to: GHSA-4qhp-652w-c22x","Warn: Project is vulnerable to: PYSEC-2023-157 / GHSA-64x5-55rw-9974","Warn: Project is vulnerable to: PYSEC-2020-50 / GHSA-9f66-54xg-pc2c","Warn: Project is vulnerable to: PYSEC-2020-234 / GHSA-grfj-wjv9-4f9v","Warn: Project is vulnerable to: PYSEC-2023-272 / GHSA-h56g-gq9v-vc8r","Warn: Project is vulnerable to: PYSEC-2024-165 / GHSA-hrw6-wg82-cm62","Warn: Project is vulnerable to: PYSEC-2022-179 / GHSA-p737-p57g-4cpr","Warn: Project is vulnerable to: PYSEC-2022-211 / GHSA-q874-g24w-4q9g","Warn: Project is vulnerable to: PYSEC-2023-155 / GHSA-r726-vmfq-j9j3","Warn: Project is vulnerable to: GHSA-44cc-43rp-5947","Warn: Project is vulnerable to: PYSEC-2021-130 / GHSA-4952-p58q-6crx","Warn: Project is vulnerable to: GHSA-9q39-rmj3-p4r2","Warn: Project is vulnerable to: PYSEC-2021-427 / GHSA-f865-m6cq-j9vx","Warn: Project is vulnerable to: PYSEC-2022-249 / GHSA-9jmq-rx5f-8jwq","Warn: Project is vulnerable to: PYSEC-2020-215 / GHSA-c7vm-f5p4-8fqh","Warn: Project is vulnerable to: GHSA-hwvq-6gjx-j797","Warn: Project is vulnerable to: PYSEC-2022-180 / GHSA-m87f-39q9-6f55","Warn: Project is vulnerable to: PYSEC-2022-212 / GHSA-v7vq-3x77-87vg","Warn: Project is vulnerable to: GHSA-3f63-hfp8-52jq","Warn: Project is vulnerable to: PYSEC-2021-41 / GHSA-3wvg-mj6g-m9cv","Warn: Project is vulnerable to: GHSA-44wm-f244-xhp3","Warn: Project is vulnerable to: GHSA-4fx9-vc88-q2xc","Warn: Project is vulnerable to: PYSEC-2021-35 / GHSA-57h3-9rgr-c24m","Warn: Project is vulnerable to: PYSEC-2021-331 / GHSA-7534-mm45-c74v","Warn: Project is vulnerable to: PYSEC-2021-137 / GHSA-77gc-v2xv-rvvh","Warn: Project is vulnerable to: PYSEC-2021-92 / GHSA-7r7m-5h27-29hp","Warn: Project is vulnerable to: PYSEC-2023-227 / GHSA-8ghj-p4vj-mr35","Warn: Project is vulnerable to: PYSEC-2022-10 / GHSA-8vj2-vxx3-667w","Warn: Project is vulnerable to: PYSEC-2021-36 / GHSA-8xjq-8fcg-g5hw","Warn: Project is vulnerable to: PYSEC-2021-42 / GHSA-95q3-8gr9-gm8w","Warn: Project is vulnerable to: PYSEC-2021-317 / GHSA-98vv-pw6r-q6q4","Warn: Project is vulnerable to: PYSEC-2021-38 / GHSA-9hx2-hgq2-2g4f","Warn: Project is vulnerable to: PYSEC-2022-168 / GHSA-9j59-75qj-795w","Warn: Project is vulnerable to: PYSEC-2021-40 / GHSA-f4w8-cv6p-x6r5","Warn: Project is vulnerable to: PYSEC-2021-69 / GHSA-f5g8-5qq7-938w","Warn: Project is vulnerable to: PYSEC-2021-139 / GHSA-g6rj-rv7j-xwp4","Warn: Project is vulnerable to: PYSEC-2021-71 / GHSA-hf64-x4gq-p99h","Warn: Project is vulnerable to: PYSEC-2021-94 / GHSA-hjfx-8p6c-g7gx","Warn: Project is vulnerable to: GHSA-j7hp-h8jx-5ppr","Warn: Project is vulnerable to: GHSA-jgpv-4h4c-xhw3","Warn: Project is vulnerable to: PYSEC-2022-42979 / GHSA-m2vv-5vj5-2hm7","Warn: Project is vulnerable to: PYSEC-2021-37 / GHSA-mvg9-xffr-p774","Warn: Project is vulnerable to: PYSEC-2021-39 / GHSA-p43w-g3c5-g5mq","Warn: Project is vulnerable to: PYSEC-2022-8 / GHSA-pw3c-h7wp-cvhx","Warn: Project is vulnerable to: PYSEC-2021-93 / GHSA-q5hq-fp76-qmrc","Warn: Project is vulnerable to: PYSEC-2021-138 / GHSA-rwv7-3v45-hg29","Warn: Project is vulnerable to: PYSEC-2021-70 / GHSA-vqcj-wrf2-7v73","Warn: Project is vulnerable to: PYSEC-2022-9 / GHSA-xrcv-f9gm-v42c","Warn: Project is vulnerable to: PYSEC-2023-175","Warn: Project is vulnerable to: PYSEC-2023-228 / GHSA-mq26-g339-26xf","Warn: Project is vulnerable to: PYSEC-2019-41 / GHSA-qfc5-mcwq-26q8","Warn: Project is vulnerable to: PYSEC-2020-92 / GHSA-hj5v-574p-mj7c","Warn: Project is vulnerable to: PYSEC-2022-42969","Warn: Project is vulnerable to: PYSEC-2023-117 / GHSA-mrwq-x4v8-fh7p","Warn: Project is vulnerable to: PYSEC-2021-142 / GHSA-8q59-q68h-6hv4","Warn: Project is vulnerable to: PYSEC-2018-49 / GHSA-rprw-h62v-c2w7","Warn: Project is vulnerable to: GHSA-9hjg-9r4m-mvj7","Warn: Project is vulnerable to: GHSA-9wx4-h78v-vm56","Warn: Project is vulnerable to: PYSEC-2023-74 / GHSA-j8r2-6x86-q33q","Warn: Project is vulnerable to: PYSEC-2018-28 / GHSA-x84v-xcm2-53pg","Warn: Project is vulnerable to: PYSEC-2019-124 / GHSA-38fc-9xqv-7f7q","Warn: Project is vulnerable to: PYSEC-2019-123 / GHSA-887w-45rq-vxgf","Warn: Project is vulnerable to: PYSEC-2012-9 / GHSA-hfg2-wf6j-x53p","Warn: Project is vulnerable to: GHSA-753j-mpmx-qq6g","Warn: Project is vulnerable to: GHSA-7cx3-6m66-7c5m","Warn: Project is vulnerable to: GHSA-8w49-h785-mj3c","Warn: Project is vulnerable to: PYSEC-2023-75 / GHSA-hj3f-6gcp-jg8j","Warn: Project is vulnerable to: GHSA-qppv-j76h-2rpx","Warn: Project is vulnerable to: GHSA-w235-7p84-xx57","Warn: Project is vulnerable to: GHSA-34jh-p97f-mpxf","Warn: Project is vulnerable to: PYSEC-2023-212 / GHSA-g4mx-q9vg-27p4","Warn: Project is vulnerable to: PYSEC-2023-207 / GHSA-gwvm-45gx-3cf8","Warn: Project is vulnerable to: PYSEC-2019-133 / GHSA-mh33-7rrq-662w","Warn: Project is vulnerable to: GHSA-pq67-6m6q-mj2v","Warn: Project is vulnerable to: PYSEC-2019-132 / GHSA-r64q-w8jr-g9qp","Warn: Project is vulnerable to: PYSEC-2023-192 / GHSA-v845-jxx5-vc9f","Warn: Project is vulnerable to: PYSEC-2020-148 / GHSA-wqvq-5m8c-6g24","Warn: Project is vulnerable to: PYSEC-2018-32 / GHSA-www2-v7xj-xrc6","Warn: Project is vulnerable to: PYSEC-2021-108","Warn: Project is vulnerable to: PYSEC-2011-23 / GHSA-3jhc-wjqf-5f2c","Warn: Project is vulnerable to: PYSEC-2024-187 / GHSA-rqc4-2hc7-8c8v","Warn: Project is vulnerable to: GHSA-jfmj-5v4g-7637","Warn: Project is vulnerable to: PYSEC-2019-217 / GHSA-462w-v97r-4m45","Warn: Project is vulnerable to: PYSEC-2014-8 / GHSA-8r7q-cvjq-x353","Warn: Project is vulnerable to: PYSEC-2014-82 / GHSA-fqh9-2qgg-h84h","Warn: Project is vulnerable to: PYSEC-2021-66 / GHSA-g3rq-g295-4j3m","Warn: Project is vulnerable to: PYSEC-2019-220 / GHSA-hj2j-77xm-mc5v"],"documentation":{"short":"Determines if the project has open, known unfixed vulnerabilities.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#vulnerabilities"}},{"name":"Pinned-Dependencies","score":0,"reason":"dependency not pinned by hash detected -- score normalized to 0","details":["Info: Possibly incomplete results: error parsing shell code: if statement must end with \"fi\": .github/workflows/write-dockerfile.sh:288","Info: Possibly incomplete results: error parsing shell code: not a valid arithmetic operator: 1: build/bin/sage-logger:0","Warn: third-party GitHubAction not pinned by hash: .github/workflows/build.yml:97: update your workflow using https://app.stepsecurity.io/secureworkflow/sagemath/sage/build.yml/develop?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build.yml:109: update your workflow using https://app.stepsecurity.io/secureworkflow/sagemath/sage/build.yml/develop?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/build.yml:142: update your workflow using https://app.stepsecurity.io/secureworkflow/sagemath/sage/build.yml/develop?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/build.yml:148: update your workflow using https://app.stepsecurity.io/secureworkflow/sagemath/sage/build.yml/develop?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build.yml:197: update your workflow using https://app.stepsecurity.io/secureworkflow/sagemath/sage/build.yml/develop?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/build.yml:217: update your workflow using https://app.stepsecurity.io/secureworkflow/sagemath/sage/build.yml/develop?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build.yml:229: update your workflow using https://app.stepsecurity.io/secureworkflow/sagemath/sage/build.yml/develop?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/build.yml:260: update your workflow using https://app.stepsecurity.io/secureworkflow/sagemath/sage/build.yml/develop?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/build.yml:266: update your workflow using https://app.stepsecurity.io/secureworkflow/sagemath/sage/build.yml/develop?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build.yml:292: update your workflow using https://app.stepsecurity.io/secureworkflow/sagemath/sage/build.yml/develop?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/build.yml:313: update your workflow using https://app.stepsecurity.io/secureworkflow/sagemath/sage/build.yml/develop?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci-macos.yml:44: update your workflow using https://app.stepsecurity.io/secureworkflow/sagemath/sage/ci-macos.yml/develop?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci-macos.yml:46: update your workflow using https://app.stepsecurity.io/secureworkflow/sagemath/sage/ci-macos.yml/develop?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci-meson.yml:47: update your workflow using https://app.stepsecurity.io/secureworkflow/sagemath/sage/ci-meson.yml/develop?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci-meson.yml:67: update your workflow using https://app.stepsecurity.io/secureworkflow/sagemath/sage/ci-meson.yml/develop?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/ci-meson.yml:75: update your workflow using https://app.stepsecurity.io/secureworkflow/sagemath/sage/ci-meson.yml/develop?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/ci-meson.yml:85: update your workflow using https://app.stepsecurity.io/secureworkflow/sagemath/sage/ci-meson.yml/develop?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/ci-meson.yml:90: update your workflow using https://app.stepsecurity.io/secureworkflow/sagemath/sage/ci-meson.yml/develop?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/ci-meson.yml:108: update your workflow using https://app.stepsecurity.io/secureworkflow/sagemath/sage/ci-meson.yml/develop?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci-meson.yml:185: update your workflow using https://app.stepsecurity.io/secureworkflow/sagemath/sage/ci-meson.yml/develop?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:44: update your workflow using https://app.stepsecurity.io/secureworkflow/sagemath/sage/ci.yml/develop?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/ci.yml:47: update your workflow using https://app.stepsecurity.io/secureworkflow/sagemath/sage/ci.yml/develop?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:104: update your workflow using https://app.stepsecurity.io/secureworkflow/sagemath/sage/ci.yml/develop?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/dist.yml:36: update your workflow using https://app.stepsecurity.io/secureworkflow/sagemath/sage/dist.yml/develop?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/dist.yml:73: update your workflow using https://app.stepsecurity.io/secureworkflow/sagemath/sage/dist.yml/develop?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/dist.yml:87: update your workflow using https://app.stepsecurity.io/secureworkflow/sagemath/sage/dist.yml/develop?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/dist.yml:90: update your workflow using https://app.stepsecurity.io/secureworkflow/sagemath/sage/dist.yml/develop?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/dist.yml:116: update your workflow using https://app.stepsecurity.io/secureworkflow/sagemath/sage/dist.yml/develop?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/dist.yml:121: update your workflow using https://app.stepsecurity.io/secureworkflow/sagemath/sage/dist.yml/develop?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/dist.yml:135: update your workflow using https://app.stepsecurity.io/secureworkflow/sagemath/sage/dist.yml/develop?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/dist.yml:138: update your workflow using https://app.stepsecurity.io/secureworkflow/sagemath/sage/dist.yml/develop?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/dist.yml:172: update your workflow using https://app.stepsecurity.io/secureworkflow/sagemath/sage/dist.yml/develop?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/dist.yml:186: update your workflow using https://app.stepsecurity.io/secureworkflow/sagemath/sage/dist.yml/develop?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/dist.yml:198: update your workflow using https://app.stepsecurity.io/secureworkflow/sagemath/sage/dist.yml/develop?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/dist.yml:202: update your workflow using https://app.stepsecurity.io/secureworkflow/sagemath/sage/dist.yml/develop?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/dist.yml:245: update your workflow using https://app.stepsecurity.io/secureworkflow/sagemath/sage/dist.yml/develop?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/dist.yml:249: update your workflow using https://app.stepsecurity.io/secureworkflow/sagemath/sage/dist.yml/develop?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/dist.yml:253: update your workflow using https://app.stepsecurity.io/secureworkflow/sagemath/sage/dist.yml/develop?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/dist.yml:258: update your workflow using https://app.stepsecurity.io/secureworkflow/sagemath/sage/dist.yml/develop?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/dist.yml:317: update your workflow using https://app.stepsecurity.io/secureworkflow/sagemath/sage/dist.yml/develop?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/dist.yml:330: update your workflow using https://app.stepsecurity.io/secureworkflow/sagemath/sage/dist.yml/develop?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/dist.yml:336: update your workflow using https://app.stepsecurity.io/secureworkflow/sagemath/sage/dist.yml/develop?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/doc-build-pdf.yml:43: update your workflow using https://app.stepsecurity.io/secureworkflow/sagemath/sage/doc-build-pdf.yml/develop?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/doc-build-pdf.yml:53: update your workflow using https://app.stepsecurity.io/secureworkflow/sagemath/sage/doc-build-pdf.yml/develop?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/doc-build-pdf.yml:81: update your workflow using https://app.stepsecurity.io/secureworkflow/sagemath/sage/doc-build-pdf.yml/develop?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/doc-build-pdf.yml:87: update your workflow using https://app.stepsecurity.io/secureworkflow/sagemath/sage/doc-build-pdf.yml/develop?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/doc-build-pdf.yml:147: update your workflow using https://app.stepsecurity.io/secureworkflow/sagemath/sage/doc-build-pdf.yml/develop?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/doc-build.yml:33: update your workflow using https://app.stepsecurity.io/secureworkflow/sagemath/sage/doc-build.yml/develop?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/doc-build.yml:42: update your workflow using https://app.stepsecurity.io/secureworkflow/sagemath/sage/doc-build.yml/develop?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/doc-build.yml:49: update your workflow using https://app.stepsecurity.io/secureworkflow/sagemath/sage/doc-build.yml/develop?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/doc-build.yml:54: update your workflow using https://app.stepsecurity.io/secureworkflow/sagemath/sage/doc-build.yml/develop?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/doc-build.yml:90: update your workflow using https://app.stepsecurity.io/secureworkflow/sagemath/sage/doc-build.yml/develop?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/doc-build.yml:190: update your workflow using https://app.stepsecurity.io/secureworkflow/sagemath/sage/doc-build.yml/develop?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/doc-build.yml:202: update your workflow using https://app.stepsecurity.io/secureworkflow/sagemath/sage/doc-build.yml/develop?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/doc-publish.yml:37: update your workflow using https://app.stepsecurity.io/secureworkflow/sagemath/sage/doc-publish.yml/develop?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/doc-publish.yml:46: update your workflow using https://app.stepsecurity.io/secureworkflow/sagemath/sage/doc-publish.yml/develop?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/doc-publish.yml:60: update your workflow using https://app.stepsecurity.io/secureworkflow/sagemath/sage/doc-publish.yml/develop?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/doc-publish.yml:74: update your workflow using https://app.stepsecurity.io/secureworkflow/sagemath/sage/doc-publish.yml/develop?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/doc-publish.yml:85: update your workflow using https://app.stepsecurity.io/secureworkflow/sagemath/sage/doc-publish.yml/develop?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/docker.yml:126: update your workflow using https://app.stepsecurity.io/secureworkflow/sagemath/sage/docker.yml/develop?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/docker.yml:138: update your workflow using https://app.stepsecurity.io/secureworkflow/sagemath/sage/docker.yml/develop?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/docker.yml:144: update your workflow using https://app.stepsecurity.io/secureworkflow/sagemath/sage/docker.yml/develop?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/docker.yml:235: update your workflow using https://app.stepsecurity.io/secureworkflow/sagemath/sage/docker.yml/develop?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/docker_hub.yml:22: update your workflow using https://app.stepsecurity.io/secureworkflow/sagemath/sage/docker_hub.yml/develop?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/docker_hub.yml:34: update your workflow using https://app.stepsecurity.io/secureworkflow/sagemath/sage/docker_hub.yml/develop?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/docker_hub.yml:73: update your workflow using https://app.stepsecurity.io/secureworkflow/sagemath/sage/docker_hub.yml/develop?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/docker_hub.yml:78: update your workflow using https://app.stepsecurity.io/secureworkflow/sagemath/sage/docker_hub.yml/develop?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/docker_hub.yml:85: update your workflow using https://app.stepsecurity.io/secureworkflow/sagemath/sage/docker_hub.yml/develop?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/lint.yml:22: update your workflow using https://app.stepsecurity.io/secureworkflow/sagemath/sage/lint.yml/develop?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/pyright.yml:23: update your workflow using https://app.stepsecurity.io/secureworkflow/sagemath/sage/pyright.yml/develop?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/pyright.yml:32: update your workflow using https://app.stepsecurity.io/secureworkflow/sagemath/sage/pyright.yml/develop?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/pyright.yml:39: update your workflow using https://app.stepsecurity.io/secureworkflow/sagemath/sage/pyright.yml/develop?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/pyright.yml:52: update your workflow using https://app.stepsecurity.io/secureworkflow/sagemath/sage/pyright.yml/develop?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/sync_labels.yml:28: update your workflow using https://app.stepsecurity.io/secureworkflow/sagemath/sage/sync_labels.yml/develop?enable=pin","Warn: containerImage not pinned by hash: .devcontainer/portability-Dockerfile:8","Warn: containerImage not pinned by hash: .devcontainer/portability-void/Dockerfile:1: pin your Docker image by updating ghcr.io/void-linux/void-glibc-full to ghcr.io/void-linux/void-glibc-full@sha256:eef41e2dfa6288916521b53aaf686f56e682f36fbe269f205b3ae813cacb8768","Warn: containerImage not pinned by hash: .github/workflows/write-dockerfile.sh:65","Warn: containerImage not pinned by hash: .github/workflows/write-dockerfile.sh:206","Warn: containerImage not pinned by hash: .github/workflows/write-dockerfile.sh:275","Warn: containerImage not pinned by hash: .github/workflows/write-dockerfile.sh:308","Warn: containerImage not pinned by hash: .github/workflows/write-dockerfile.sh:324","Warn: containerImage not pinned by hash: .github/workflows/write-dockerfile.sh:334","Warn: containerImage not pinned by hash: .github/workflows/write-dockerfile.sh:344","Warn: containerImage not pinned by hash: .github/workflows/write-dockerfile.sh:365","Warn: containerImage not pinned by hash: docker/.gitpod.Dockerfile:2: pin your Docker image by updating condaforge/mambaforge to condaforge/mambaforge@sha256:050753d138b6708128c9bb45055a9d943f06363f32f63a96f7dd5f304ada52a6","Warn: containerImage not pinned by hash: docker/Dockerfile:78","Warn: containerImage not pinned by hash: docker/Dockerfile:111","Warn: containerImage not pinned by hash: docker/Dockerfile:121","Warn: containerImage not pinned by hash: docker/Dockerfile:138","Warn: containerImage not pinned by hash: docker/Dockerfile:186","Warn: containerImage not pinned by hash: docker/Dockerfile:207","Warn: containerImage not pinned by hash: docker/Dockerfile:221","Warn: containerImage not pinned by hash: docker/Dockerfile:229","Warn: containerImage not pinned by hash: docker/Dockerfile:247","Warn: containerImage not pinned by hash: docker/Dockerfile:258","Warn: containerImage not pinned by hash: docker/Dockerfile:280","Warn: pipCommand not pinned by hash: .github/workflows/ci-macos.yml:52","Warn: pipCommand not pinned by hash: .github/workflows/lint.yml:33","Info:   0 out of  39 GitHub-owned GitHubAction dependencies pinned","Info:   0 out of  35 third-party GitHubAction dependencies pinned","Info:   0 out of  22 containerImage dependencies pinned","Info:   0 out of   2 pipCommand dependencies pinned"],"documentation":{"short":"Determines if the project has declared and pinned the dependencies of its build process.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#pinned-dependencies"}}]},"last_synced_at":"2025-08-23T08:40:58.247Z","repository_id":65724309,"created_at":"2025-08-23T08:40:58.248Z","updated_at":"2025-08-23T08:40:58.248Z"},"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":278680392,"owners_count":26027296,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","status":"online","status_checked_at":"2025-10-06T02:00:05.630Z","response_time":65,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2024-01-12T17:37:28.390Z","updated_at":"2025-10-08T12:28:21.974Z","avatar_url":"https://github.com/sagemath.png","language":"Python","project_url":"https://opencollective.ecosyste.ms/api/v1/projects/33999","html_url":"https://opencollective.ecosyste.ms/projects/33999","collective":{"id":1663,"uuid":"4rxg0j35-lzkwm6vk-knrqvoe9-8n47daby","slug":"sage_math","name":"SageMath","description":"Creating a viable free open source alternative to Magma, Maple, Mathematica and Matlab","website":"https://sagemath.org","github":"sagemath","twitter":"sagemath","repository_url":null,"social_links":[{"type":"WEBSITE","url":"https://sagemath.org"},{"type":"TWITTER","url":"https://twitter.com/sagemath"},{"type":"GITHUB","url":"https://github.com/sagemath"}],"currency":"USD","projects_count":85,"last_synced_at":"2026-06-20T00:15:13.716Z","created_at":"2024-01-10T13:17:50.531Z","updated_at":"2026-06-20T00:15:13.912Z","transactions_count":193,"balance":11347.07000000001,"account_type":"COLLECTIVE","owner":{"login":"sagemath","name":"Sage Mathematical Software System","uuid":"982721","kind":"organization","description":"","email":null,"website":"https://www.sagemath.org/","location":"Earth, Solar System, Milky Way Galaxy, Local Group, Virgo Supercluster, Universe","twitter":null,"company":null,"icon_url":"https://avatars.githubusercontent.com/u/982721?v=4","repositories_count":84,"last_synced_at":"2026-05-12T17:41:34.044Z","metadata":{"has_sponsors_listing":true,"funding":{"github":"sagemath"}},"html_url":"https://github.com/sagemath","funding_links":["https://github.com/sponsors/sagemath"],"total_stars":6087,"followers":752,"following":0,"created_at":"2022-11-03T00:46:22.497Z","updated_at":"2026-05-12T17:41:34.044Z","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/sagemath","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/sagemath/repositories"},"last_project_activity_at":"2025-09-27T19:27:41.000Z","archived":false,"no_funding":false,"no_license":false,"host":"opensource","collective_created_at":"2020-08-27T16:25:55.744Z","collective_updated_at":"2023-02-07T17:17:42.762Z","html_url":"https://opencollective.com/sage_math","icon_url":"https://images.opencollective.com/sage_math/logo/40.png","total_donations":16225.529999999999,"total_expenses":-6485.959999999994,"current_balance":11347.07000000001,"api_url":"https://opencollective.ecosyste.ms/api/v1/collectives/sage_math","url":"https://opencollective.ecosyste.ms/collectives/sage_math","projects_url":"https://opencollective.ecosyste.ms/api/v1/collectives/sage_math/projects"}}