{"id":40686,"url":"https://github.com/tauri-apps/tauri","last_synced_at":"2026-05-26T12:20:54.597Z","repository":{"id":37236386,"uuid":"196701619","full_name":"tauri-apps/tauri","owner":"tauri-apps","description":"Build smaller, faster, and more secure desktop and mobile applications with a web frontend.","archived":false,"fork":false,"pushed_at":"2025-09-22T09:24:25.000Z","size":99222,"stargazers_count":96722,"open_issues_count":1212,"forks_count":3068,"subscribers_count":532,"default_branch":"dev","last_synced_at":"2025-09-22T10:25:35.618Z","etag":null,"topics":["desktop-app","high-performance","mobile-app","native-app","rust","web-frontend","webview"],"latest_commit_sha":null,"homepage":"https://tauri.app","language":"Rust","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/tauri-apps.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":".github/CONTRIBUTING.md","funding":".github/FUNDING.yml","license":"LICENSE.spdx","code_of_conduct":".github/CODE_OF_CONDUCT.md","threat_model":null,"audit":"audits/Radically_Open_Security-v1-report.pdf","citation":null,"codeowners":".github/CODEOWNERS","security":"SECURITY.md","support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":null,"dco":null,"cla":null},"funding":{"github":"tauri-apps","patreon":null,"open_collective":"tauri","ko_fi":null,"tidelift":null,"custom":null}},"created_at":"2019-07-13T09:09:37.000Z","updated_at":"2025-09-22T10:10:37.000Z","dependencies_parsed_at":"2023-09-25T01:10:18.615Z","dependency_job_id":"5891249c-d28a-4f3a-8dcb-7760f73a4b3f","html_url":"https://github.com/tauri-apps/tauri","commit_stats":{"total_commits":5052,"total_committers":420,"mean_commits":"12.028571428571428","dds":0.7790973871733967,"last_synced_commit":"12ffc19ce08eeafdedc65207f312432aa2cf9c84"},"previous_names":["quasarframework/tauri"],"tags_count":1649,"template":false,"template_full_name":null,"purl":"pkg:github/tauri-apps/tauri","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tauri-apps%2Ftauri","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tauri-apps%2Ftauri/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tauri-apps%2Ftauri/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tauri-apps%2Ftauri/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/tauri-apps","download_url":"https://codeload.github.com/tauri-apps/tauri/tar.gz/refs/heads/dev","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tauri-apps%2Ftauri/sbom","scorecard":{"id":759651,"data":{"date":"2025-08-11","repo":{"name":"github.com/tauri-apps/tauri","commit":"bc4afe7dd4780f02c2d4b1f07d97185fbc5d2bba"},"scorecard":{"version":"v5.2.1-40-gf6ed084d","commit":"f6ed084d17c9236477efd66e5b258b9d4cc7b389"},"score":4.6,"checks":[{"name":"Dangerous-Workflow","score":10,"reason":"no dangerous workflow patterns detected","details":null,"documentation":{"short":"Determines if the project's GitHub Action workflows avoid dangerous patterns.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#dangerous-workflow"}},{"name":"Code-Review","score":9,"reason":"Found 26/28 approved changesets -- score normalized to 9","details":null,"documentation":{"short":"Determines if the project requires human code review before pull requests (aka merge requests) are merged.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#code-review"}},{"name":"Security-Policy","score":10,"reason":"security policy file detected","details":["Info: security policy file detected: SECURITY.md:1","Info: Found linked content: SECURITY.md:1","Info: Found disclosure, vulnerability, and/or timelines in security policy: SECURITY.md:1","Info: Found text in security policy: SECURITY.md:1"],"documentation":{"short":"Determines if the project has published a security policy.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#security-policy"}},{"name":"Maintained","score":10,"reason":"30 commit(s) and 7 issue activity found in the last 90 days -- score normalized to 10","details":null,"documentation":{"short":"Determines if the project is \"actively maintained\".","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#maintained"}},{"name":"CII-Best-Practices","score":0,"reason":"no effort to earn an OpenSSF best practices badge detected","details":null,"documentation":{"short":"Determines if the project has an OpenSSF (formerly CII) Best Practices Badge.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#cii-best-practices"}},{"name":"License","score":10,"reason":"license file detected","details":["Info: project has a license file: LICENSE_APACHE-2.0:0","Info: FSF or OSI recognized license: Apache License 2.0: LICENSE_APACHE-2.0:0"],"documentation":{"short":"Determines if the project has defined a license.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#license"}},{"name":"Token-Permissions","score":0,"reason":"detected GitHub workflow tokens with excessive permissions","details":["Warn: jobLevel 'actions' permission set to 'write': .github/workflows/covector-version-or-publish.yml:61","Warn: jobLevel 'contents' permission set to 'write': .github/workflows/covector-version-or-publish.yml:62","Warn: jobLevel 'contents' permission set to 'write': .github/workflows/publish-cli-js.yml:370","Warn: no topLevel permission defined: .github/workflows/audit.yml:1","Warn: no topLevel permission defined: .github/workflows/bench.yml:1","Warn: no topLevel permission defined: .github/workflows/check-change-tags.yml:1","Warn: no topLevel permission defined: .github/workflows/check-generated-files.yml:1","Warn: no topLevel permission defined: .github/workflows/check-license-header.yml:1","Info: topLevel 'actions' permission set to 'read': .github/workflows/covector-comment-on-fork.yml:16","Warn: no topLevel permission defined: .github/workflows/covector-status.yml:1","Warn: no topLevel permission defined: .github/workflows/covector-version-or-publish.yml:1","Warn: no topLevel permission defined: .github/workflows/deploy-schema-worker.yml:1","Warn: no topLevel permission defined: .github/workflows/docker.yml:1","Warn: no topLevel permission defined: .github/workflows/fmt.yml:1","Warn: no topLevel permission defined: .github/workflows/lint-js.yml:1","Warn: no topLevel permission defined: .github/workflows/lint-rust.yml:1","Warn: no topLevel permission defined: .github/workflows/publish-cli-js.yml:1","Warn: no topLevel permission defined: .github/workflows/publish-cli-rs.yml:1","Warn: no topLevel permission defined: .github/workflows/supply-chain.yml:1","Warn: no topLevel permission defined: .github/workflows/test-android.yml:1","Warn: no topLevel permission defined: .github/workflows/test-cli-js.yml:1","Warn: no topLevel permission defined: .github/workflows/test-cli-rs.yml:1","Warn: no topLevel permission defined: .github/workflows/test-core.yml:1","Warn: no topLevel permission defined: .github/workflows/udeps.yml:1"],"documentation":{"short":"Determines if the project's workflows follow the principle of least privilege.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#token-permissions"}},{"name":"Packaging","score":-1,"reason":"packaging workflow not detected","details":["Warn: no GitHub/GitLab publishing workflow detected."],"documentation":{"short":"Determines if the project is published as a package that others can easily download, install, easily update, and uninstall.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#packaging"}},{"name":"Binary-Artifacts","score":7,"reason":"binaries present in source code","details":["Warn: binary detected: crates/tauri-cli/scripts/vswhere.exe:1","Warn: binary detected: crates/tauri-cli/templates/mobile/android/gradle/wrapper/gradle-wrapper.jar:1","Warn: binary detected: crates/tests/app-updater/frameworks/test.framework/Versions/A/test:1"],"documentation":{"short":"Determines if the project has generated executable (binary) artifacts in the source repository.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#binary-artifacts"}},{"name":"Fuzzing","score":0,"reason":"project is not fuzzed","details":["Warn: no fuzzer integrations found"],"documentation":{"short":"Determines if the project uses fuzzing.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#fuzzing"}},{"name":"Branch-Protection","score":-1,"reason":"internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration","details":null,"documentation":{"short":"Determines if the default and release branches are protected with GitHub's branch protection settings.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#branch-protection"}},{"name":"Signed-Releases","score":0,"reason":"Project has not signed or included provenance with any releases.","details":["Warn: release artifact tauri-cli-v2.7.1 not signed: https://api.github.com/repos/tauri-apps/tauri/releases/234115067","Warn: release artifact tauri-cli-v1.6.6 not signed: https://api.github.com/repos/tauri-apps/tauri/releases/234183540","Warn: release artifact @tauri-apps/cli-v2.7.1 not signed: https://api.github.com/repos/tauri-apps/tauri/releases/234114695","Warn: release artifact tauri-cli-v2.7.1 does not have provenance: https://api.github.com/repos/tauri-apps/tauri/releases/234115067","Warn: release artifact tauri-cli-v1.6.6 does not have provenance: https://api.github.com/repos/tauri-apps/tauri/releases/234183540","Warn: release artifact @tauri-apps/cli-v2.7.1 does not have provenance: https://api.github.com/repos/tauri-apps/tauri/releases/234114695"],"documentation":{"short":"Determines if the project cryptographically signs release artifacts.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#signed-releases"}},{"name":"Pinned-Dependencies","score":0,"reason":"dependency not pinned by hash detected -- score normalized to 0","details":["Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/audit.yml:27: update your workflow using https://app.stepsecurity.io/secureworkflow/tauri-apps/tauri/audit.yml/dev?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/audit.yml:29: update your workflow using https://app.stepsecurity.io/secureworkflow/tauri-apps/tauri/audit.yml/dev?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/audit.yml:36: update your workflow using https://app.stepsecurity.io/secureworkflow/tauri-apps/tauri/audit.yml/dev?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/audit.yml:38: update your workflow using https://app.stepsecurity.io/secureworkflow/tauri-apps/tauri/audit.yml/dev?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/bench.yml:38: update your workflow using https://app.stepsecurity.io/secureworkflow/tauri-apps/tauri/bench.yml/dev?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/bench.yml:41: update your workflow using https://app.stepsecurity.io/secureworkflow/tauri-apps/tauri/bench.yml/dev?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/bench.yml:48: update your workflow using https://app.stepsecurity.io/secureworkflow/tauri-apps/tauri/bench.yml/dev?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/bench.yml:65: update your workflow using https://app.stepsecurity.io/secureworkflow/tauri-apps/tauri/bench.yml/dev?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/bench.yml:76: update your workflow using https://app.stepsecurity.io/secureworkflow/tauri-apps/tauri/bench.yml/dev?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/check-change-tags.yml:20: update your workflow using https://app.stepsecurity.io/secureworkflow/tauri-apps/tauri/check-change-tags.yml/dev?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/check-change-tags.yml:34: update your workflow using https://app.stepsecurity.io/secureworkflow/tauri-apps/tauri/check-change-tags.yml/dev?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/check-generated-files.yml:68: update your workflow using https://app.stepsecurity.io/secureworkflow/tauri-apps/tauri/check-generated-files.yml/dev?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/check-generated-files.yml:71: update your workflow using https://app.stepsecurity.io/secureworkflow/tauri-apps/tauri/check-generated-files.yml/dev?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/check-generated-files.yml:78: update your workflow using https://app.stepsecurity.io/secureworkflow/tauri-apps/tauri/check-generated-files.yml/dev?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/check-generated-files.yml:29: update your workflow using https://app.stepsecurity.io/secureworkflow/tauri-apps/tauri/check-generated-files.yml/dev?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/check-generated-files.yml:30: update your workflow using https://app.stepsecurity.io/secureworkflow/tauri-apps/tauri/check-generated-files.yml/dev?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/check-generated-files.yml:48: update your workflow using https://app.stepsecurity.io/secureworkflow/tauri-apps/tauri/check-generated-files.yml/dev?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/check-generated-files.yml:50: update your workflow using https://app.stepsecurity.io/secureworkflow/tauri-apps/tauri/check-generated-files.yml/dev?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/check-license-header.yml:18: update your workflow using https://app.stepsecurity.io/secureworkflow/tauri-apps/tauri/check-license-header.yml/dev?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/check-license-header.yml:19: update your workflow using https://app.stepsecurity.io/secureworkflow/tauri-apps/tauri/check-license-header.yml/dev?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/covector-comment-on-fork.yml:27: update your workflow using https://app.stepsecurity.io/secureworkflow/tauri-apps/tauri/covector-comment-on-fork.yml/dev?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/covector-status.yml:13: update your workflow using https://app.stepsecurity.io/secureworkflow/tauri-apps/tauri/covector-status.yml/dev?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/covector-status.yml:17: update your workflow using https://app.stepsecurity.io/secureworkflow/tauri-apps/tauri/covector-status.yml/dev?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/covector-version-or-publish.yml:22: update your workflow using https://app.stepsecurity.io/secureworkflow/tauri-apps/tauri/covector-version-or-publish.yml/dev?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/covector-version-or-publish.yml:27: update your workflow using https://app.stepsecurity.io/secureworkflow/tauri-apps/tauri/covector-version-or-publish.yml/dev?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/covector-version-or-publish.yml:33: update your workflow using https://app.stepsecurity.io/secureworkflow/tauri-apps/tauri/covector-version-or-publish.yml/dev?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/covector-version-or-publish.yml:41: update your workflow using https://app.stepsecurity.io/secureworkflow/tauri-apps/tauri/covector-version-or-publish.yml/dev?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/covector-version-or-publish.yml:73: update your workflow using https://app.stepsecurity.io/secureworkflow/tauri-apps/tauri/covector-version-or-publish.yml/dev?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/covector-version-or-publish.yml:77: update your workflow using https://app.stepsecurity.io/secureworkflow/tauri-apps/tauri/covector-version-or-publish.yml/dev?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/covector-version-or-publish.yml:96: update your workflow using https://app.stepsecurity.io/secureworkflow/tauri-apps/tauri/covector-version-or-publish.yml/dev?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/deploy-schema-worker.yml:19: update your workflow using https://app.stepsecurity.io/secureworkflow/tauri-apps/tauri/deploy-schema-worker.yml/dev?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/deploy-schema-worker.yml:20: update your workflow using https://app.stepsecurity.io/secureworkflow/tauri-apps/tauri/deploy-schema-worker.yml/dev?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/docker.yml:20: update your workflow using https://app.stepsecurity.io/secureworkflow/tauri-apps/tauri/docker.yml/dev?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/docker.yml:23: update your workflow using https://app.stepsecurity.io/secureworkflow/tauri-apps/tauri/docker.yml/dev?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/docker.yml:34: update your workflow using https://app.stepsecurity.io/secureworkflow/tauri-apps/tauri/docker.yml/dev?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/docker.yml:44: update your workflow using https://app.stepsecurity.io/secureworkflow/tauri-apps/tauri/docker.yml/dev?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/docker.yml:62: update your workflow using https://app.stepsecurity.io/secureworkflow/tauri-apps/tauri/docker.yml/dev?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/docker.yml:65: update your workflow using https://app.stepsecurity.io/secureworkflow/tauri-apps/tauri/docker.yml/dev?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/docker.yml:71: update your workflow using https://app.stepsecurity.io/secureworkflow/tauri-apps/tauri/docker.yml/dev?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/docker.yml:76: update your workflow using https://app.stepsecurity.io/secureworkflow/tauri-apps/tauri/docker.yml/dev?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/docker.yml:82: update your workflow using https://app.stepsecurity.io/secureworkflow/tauri-apps/tauri/docker.yml/dev?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/docker.yml:88: update your workflow using https://app.stepsecurity.io/secureworkflow/tauri-apps/tauri/docker.yml/dev?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/docker.yml:91: update your workflow using https://app.stepsecurity.io/secureworkflow/tauri-apps/tauri/docker.yml/dev?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/docker.yml:94: update your workflow using https://app.stepsecurity.io/secureworkflow/tauri-apps/tauri/docker.yml/dev?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/docker.yml:101: update your workflow using https://app.stepsecurity.io/secureworkflow/tauri-apps/tauri/docker.yml/dev?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/docker.yml:125: update your workflow using https://app.stepsecurity.io/secureworkflow/tauri-apps/tauri/docker.yml/dev?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/fmt.yml:15: update your workflow using https://app.stepsecurity.io/secureworkflow/tauri-apps/tauri/fmt.yml/dev?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/fmt.yml:18: update your workflow using https://app.stepsecurity.io/secureworkflow/tauri-apps/tauri/fmt.yml/dev?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/fmt.yml:28: update your workflow using https://app.stepsecurity.io/secureworkflow/tauri-apps/tauri/fmt.yml/dev?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/fmt.yml:30: update your workflow using https://app.stepsecurity.io/secureworkflow/tauri-apps/tauri/fmt.yml/dev?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/fmt.yml:41: update your workflow using https://app.stepsecurity.io/secureworkflow/tauri-apps/tauri/fmt.yml/dev?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/fmt.yml:44: update your workflow using https://app.stepsecurity.io/secureworkflow/tauri-apps/tauri/fmt.yml/dev?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/fmt.yml:47: update your workflow using https://app.stepsecurity.io/secureworkflow/tauri-apps/tauri/fmt.yml/dev?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/lint-js.yml:21: update your workflow using https://app.stepsecurity.io/secureworkflow/tauri-apps/tauri/lint-js.yml/dev?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/lint-js.yml:23: update your workflow using https://app.stepsecurity.io/secureworkflow/tauri-apps/tauri/lint-js.yml/dev?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/lint-js.yml:33: update your workflow using https://app.stepsecurity.io/secureworkflow/tauri-apps/tauri/lint-js.yml/dev?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/lint-js.yml:35: update your workflow using https://app.stepsecurity.io/secureworkflow/tauri-apps/tauri/lint-js.yml/dev?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/lint-rust.yml:29: update your workflow using https://app.stepsecurity.io/secureworkflow/tauri-apps/tauri/lint-rust.yml/dev?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/lint-rust.yml:32: update your workflow using https://app.stepsecurity.io/secureworkflow/tauri-apps/tauri/lint-rust.yml/dev?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/lint-rust.yml:41: update your workflow using https://app.stepsecurity.io/secureworkflow/tauri-apps/tauri/lint-rust.yml/dev?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/publish-cli-js.yml:105: update your workflow using https://app.stepsecurity.io/secureworkflow/tauri-apps/tauri/publish-cli-js.yml/dev?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/publish-cli-js.yml:108: update your workflow using https://app.stepsecurity.io/secureworkflow/tauri-apps/tauri/publish-cli-js.yml/dev?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/publish-cli-js.yml:115: update your workflow using https://app.stepsecurity.io/secureworkflow/tauri-apps/tauri/publish-cli-js.yml/dev?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/publish-cli-js.yml:119: update your workflow using https://app.stepsecurity.io/secureworkflow/tauri-apps/tauri/publish-cli-js.yml/dev?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/publish-cli-js.yml:131: update your workflow using https://app.stepsecurity.io/secureworkflow/tauri-apps/tauri/publish-cli-js.yml/dev?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/publish-cli-js.yml:144: update your workflow using https://app.stepsecurity.io/secureworkflow/tauri-apps/tauri/publish-cli-js.yml/dev?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/publish-cli-js.yml:215: update your workflow using https://app.stepsecurity.io/secureworkflow/tauri-apps/tauri/publish-cli-js.yml/dev?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/publish-cli-js.yml:218: update your workflow using https://app.stepsecurity.io/secureworkflow/tauri-apps/tauri/publish-cli-js.yml/dev?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/publish-cli-js.yml:225: update your workflow using https://app.stepsecurity.io/secureworkflow/tauri-apps/tauri/publish-cli-js.yml/dev?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/publish-cli-js.yml:246: update your workflow using https://app.stepsecurity.io/secureworkflow/tauri-apps/tauri/publish-cli-js.yml/dev?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/publish-cli-js.yml:249: update your workflow using https://app.stepsecurity.io/secureworkflow/tauri-apps/tauri/publish-cli-js.yml/dev?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/publish-cli-js.yml:256: update your workflow using https://app.stepsecurity.io/secureworkflow/tauri-apps/tauri/publish-cli-js.yml/dev?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/publish-cli-js.yml:283: update your workflow using https://app.stepsecurity.io/secureworkflow/tauri-apps/tauri/publish-cli-js.yml/dev?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/publish-cli-js.yml:286: update your workflow using https://app.stepsecurity.io/secureworkflow/tauri-apps/tauri/publish-cli-js.yml/dev?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/publish-cli-js.yml:293: update your workflow using https://app.stepsecurity.io/secureworkflow/tauri-apps/tauri/publish-cli-js.yml/dev?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/publish-cli-js.yml:326: update your workflow using https://app.stepsecurity.io/secureworkflow/tauri-apps/tauri/publish-cli-js.yml/dev?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/publish-cli-js.yml:331: update your workflow using https://app.stepsecurity.io/secureworkflow/tauri-apps/tauri/publish-cli-js.yml/dev?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/publish-cli-js.yml:336: update your workflow using https://app.stepsecurity.io/secureworkflow/tauri-apps/tauri/publish-cli-js.yml/dev?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/publish-cli-js.yml:341: update your workflow using https://app.stepsecurity.io/secureworkflow/tauri-apps/tauri/publish-cli-js.yml/dev?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/publish-cli-js.yml:373: update your workflow using https://app.stepsecurity.io/secureworkflow/tauri-apps/tauri/publish-cli-js.yml/dev?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/publish-cli-js.yml:376: update your workflow using https://app.stepsecurity.io/secureworkflow/tauri-apps/tauri/publish-cli-js.yml/dev?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/publish-cli-js.yml:383: update your workflow using https://app.stepsecurity.io/secureworkflow/tauri-apps/tauri/publish-cli-js.yml/dev?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/publish-cli-rs.yml:76: update your workflow using https://app.stepsecurity.io/secureworkflow/tauri-apps/tauri/publish-cli-rs.yml/dev?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/publish-cli-rs.yml:79: update your workflow using https://app.stepsecurity.io/secureworkflow/tauri-apps/tauri/publish-cli-rs.yml/dev?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/publish-cli-rs.yml:43: update your workflow using https://app.stepsecurity.io/secureworkflow/tauri-apps/tauri/publish-cli-rs.yml/dev?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/publish-cli-rs.yml:46: update your workflow using https://app.stepsecurity.io/secureworkflow/tauri-apps/tauri/publish-cli-rs.yml/dev?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/publish-cli-rs.yml:50: update your workflow using https://app.stepsecurity.io/secureworkflow/tauri-apps/tauri/publish-cli-rs.yml/dev?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/publish-cli-rs.yml:64: update your workflow using https://app.stepsecurity.io/secureworkflow/tauri-apps/tauri/publish-cli-rs.yml/dev?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/supply-chain.yml:24: update your workflow using https://app.stepsecurity.io/secureworkflow/tauri-apps/tauri/supply-chain.yml/dev?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/supply-chain.yml:28: update your workflow using https://app.stepsecurity.io/secureworkflow/tauri-apps/tauri/supply-chain.yml/dev?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test-android.yml:34: update your workflow using https://app.stepsecurity.io/secureworkflow/tauri-apps/tauri/test-android.yml/dev?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/test-android.yml:37: update your workflow using https://app.stepsecurity.io/secureworkflow/tauri-apps/tauri/test-android.yml/dev?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test-android.yml:47: update your workflow using https://app.stepsecurity.io/secureworkflow/tauri-apps/tauri/test-android.yml/dev?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test-android.yml:52: update your workflow using https://app.stepsecurity.io/secureworkflow/tauri-apps/tauri/test-android.yml/dev?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/test-android.yml:59: update your workflow using https://app.stepsecurity.io/secureworkflow/tauri-apps/tauri/test-android.yml/dev?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/test-android.yml:77: update your workflow using https://app.stepsecurity.io/secureworkflow/tauri-apps/tauri/test-android.yml/dev?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test-cli-js.yml:36: update your workflow using https://app.stepsecurity.io/secureworkflow/tauri-apps/tauri/test-cli-js.yml/dev?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/test-cli-js.yml:39: update your workflow using https://app.stepsecurity.io/secureworkflow/tauri-apps/tauri/test-cli-js.yml/dev?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test-cli-js.yml:43: update your workflow using https://app.stepsecurity.io/secureworkflow/tauri-apps/tauri/test-cli-js.yml/dev?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/test-cli-js.yml:54: update your workflow using https://app.stepsecurity.io/secureworkflow/tauri-apps/tauri/test-cli-js.yml/dev?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test-cli-rs.yml:44: update your workflow using https://app.stepsecurity.io/secureworkflow/tauri-apps/tauri/test-cli-rs.yml/dev?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/test-cli-rs.yml:47: update your workflow using https://app.stepsecurity.io/secureworkflow/tauri-apps/tauri/test-cli-rs.yml/dev?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/test-cli-rs.yml:57: update your workflow using https://app.stepsecurity.io/secureworkflow/tauri-apps/tauri/test-cli-rs.yml/dev?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test-core.yml:77: update your workflow using https://app.stepsecurity.io/secureworkflow/tauri-apps/tauri/test-core.yml/dev?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/test-core.yml:80: update your workflow using https://app.stepsecurity.io/secureworkflow/tauri-apps/tauri/test-core.yml/dev?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/test-core.yml:91: update your workflow using https://app.stepsecurity.io/secureworkflow/tauri-apps/tauri/test-core.yml/dev?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/udeps.yml:128: update your workflow using https://app.stepsecurity.io/secureworkflow/tauri-apps/tauri/udeps.yml/dev?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/udeps.yml:131: update your workflow using https://app.stepsecurity.io/secureworkflow/tauri-apps/tauri/udeps.yml/dev?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/udeps.yml:138: update your workflow using https://app.stepsecurity.io/secureworkflow/tauri-apps/tauri/udeps.yml/dev?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/udeps.yml:141: update your workflow using https://app.stepsecurity.io/secureworkflow/tauri-apps/tauri/udeps.yml/dev?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/udeps.yml:34: update your workflow using https://app.stepsecurity.io/secureworkflow/tauri-apps/tauri/udeps.yml/dev?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/udeps.yml:35: update your workflow using https://app.stepsecurity.io/secureworkflow/tauri-apps/tauri/udeps.yml/dev?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/udeps.yml:77: update your workflow using https://app.stepsecurity.io/secureworkflow/tauri-apps/tauri/udeps.yml/dev?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/udeps.yml:80: update your workflow using https://app.stepsecurity.io/secureworkflow/tauri-apps/tauri/udeps.yml/dev?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/udeps.yml:86: update your workflow using https://app.stepsecurity.io/secureworkflow/tauri-apps/tauri/udeps.yml/dev?enable=pin","Warn: containerImage not pinned by hash: .devcontainer/Dockerfile:4","Warn: containerImage not pinned by hash: .docker/cross/aarch64.Dockerfile:1: pin your Docker image by updating ubuntu:22.04 to ubuntu:22.04@sha256:1aa979d85661c488ce030ac292876cf6ed04535d3a237e49f61542d8e5de5ae0","Warn: npmCommand not pinned by hash: .github/workflows/audit.yml:38","Warn: pipCommand not pinned by hash: .github/workflows/bench.yml:55","Warn: pipCommand not pinned by hash: .github/workflows/bench.yml:63","Warn: npmCommand not pinned by hash: .github/workflows/check-generated-files.yml:50","Warn: npmCommand not pinned by hash: .github/workflows/covector-version-or-publish.yml:27","Warn: npmCommand not pinned by hash: .github/workflows/covector-version-or-publish.yml:77","Warn: npmCommand not pinned by hash: .github/workflows/docker.yml:70","Warn: npmCommand not pinned by hash: .github/workflows/fmt.yml:30","Warn: npmCommand not pinned by hash: .github/workflows/lint-js.yml:23","Warn: npmCommand not pinned by hash: .github/workflows/lint-js.yml:35","Warn: npmCommand not pinned by hash: .github/workflows/publish-cli-js.yml:285","Warn: npmCommand not pinned by hash: .github/workflows/publish-cli-js.yml:375","Warn: npmCommand not pinned by hash: .github/workflows/publish-cli-js.yml:107","Warn: npmCommand not pinned by hash: .github/workflows/publish-cli-js.yml:217","Warn: npmCommand not pinned by hash: .github/workflows/publish-cli-js.yml:248","Warn: npmCommand not pinned by hash: .github/workflows/test-android.yml:46","Warn: npmCommand not pinned by hash: .github/workflows/test-cli-js.yml:42","Info:   0 out of  70 GitHub-owned GitHubAction dependencies pinned","Info:   3 out of  48 third-party GitHubAction dependencies pinned","Info:   0 out of   2 pipCommand dependencies pinned","Info:   0 out of   2 containerImage dependencies pinned","Info:   0 out of  15 npmCommand dependencies pinned"],"documentation":{"short":"Determines if the project has declared and pinned the dependencies of its build process.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#pinned-dependencies"}},{"name":"SAST","score":0,"reason":"SAST tool is not run on all commits -- score normalized to 0","details":["Warn: 0 commits out of 30 are checked with a SAST tool"],"documentation":{"short":"Determines if the project uses static code analysis.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#sast"}},{"name":"Vulnerabilities","score":0,"reason":"17 existing vulnerabilities detected","details":["Warn: Project is vulnerable to: RUSTSEC-2024-0413","Warn: Project is vulnerable to: RUSTSEC-2024-0416","Warn: Project is vulnerable to: RUSTSEC-2020-0095","Warn: Project is vulnerable to: RUSTSEC-2024-0412","Warn: Project is vulnerable to: RUSTSEC-2024-0418","Warn: Project is vulnerable to: RUSTSEC-2024-0411","Warn: Project is vulnerable to: RUSTSEC-2024-0417","Warn: Project is vulnerable to: RUSTSEC-2024-0414","Warn: Project is vulnerable to: GHSA-wrw7-89jp-8q8g","Warn: Project is vulnerable to: RUSTSEC-2024-0429","Warn: Project is vulnerable to: RUSTSEC-2024-0415","Warn: Project is vulnerable to: RUSTSEC-2024-0420","Warn: Project is vulnerable to: RUSTSEC-2024-0419","Warn: Project is vulnerable to: RUSTSEC-2024-0436","Warn: Project is vulnerable to: RUSTSEC-2024-0370","Warn: Project is vulnerable to: RUSTSEC-2023-0071","Warn: Project is vulnerable to: GHSA-52f5-9888-hmc6"],"documentation":{"short":"Determines if the project has open, known unfixed vulnerabilities.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#vulnerabilities"}}]},"last_synced_at":"2025-08-22T22:57:10.052Z","repository_id":37236386,"created_at":"2025-08-22T22:57:10.052Z","updated_at":"2025-08-22T22:57:10.052Z"},"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":276391000,"owners_count":25633984,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","status":"online","status_checked_at":"2025-09-22T02:00:08.972Z","response_time":79,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["desktop-app","high-performance","mobile-app","native-app","rust","web-frontend","webview"],"created_at":"2024-01-16T17:31:05.492Z","updated_at":"2025-09-24T00:30:53.338Z","avatar_url":"https://github.com/tauri-apps.png","language":"Rust","project_url":"https://opencollective.ecosyste.ms/api/v1/projects/40686","html_url":"https://opencollective.ecosyste.ms/projects/40686","collective":{"id":2343,"uuid":"rmvrwng4-kj03dpbg-3glqz57o-yl9e8xba","slug":"tauri","name":"Tauri Apps","description":"Build smaller, faster, and more secure desktop applications with a web frontend.","website":"https://tauri.app","github":"tauri-apps","twitter":"TauriApps","repository_url":null,"social_links":[{"type":"WEBSITE","url":"https://tauri.app"},{"type":"TWITTER","url":"https://twitter.com/TauriApps"},{"type":"GITHUB","url":"https://github.com/tauri-apps"}],"currency":"USD","projects_count":111,"last_synced_at":"2026-06-11T06:15:13.975Z","created_at":"2024-01-10T13:17:52.218Z","updated_at":"2026-06-11T06:15:14.232Z","transactions_count":3394,"balance":106250.4200000009,"account_type":"COLLECTIVE","owner":{"login":"tauri-apps","name":"Tauri","uuid":"54536011","kind":"organization","description":"Build smaller, faster, and more secure desktop applications with a web frontend","email":null,"website":"https://tauri.app","location":null,"twitter":null,"company":null,"icon_url":"https://avatars.githubusercontent.com/u/54536011?v=4","repositories_count":108,"last_synced_at":"2024-10-29T20:08:25.976Z","metadata":{"has_sponsors_listing":true},"html_url":"https://github.com/tauri-apps","funding_links":["https://github.com/sponsors/tauri-apps"],"total_stars":96460,"followers":3171,"following":0,"created_at":"2022-11-02T16:40:21.254Z","updated_at":"2024-10-29T20:08:25.976Z","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/tauri-apps","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/tauri-apps/repositories"},"last_project_activity_at":"2026-05-12T10:44:59.000Z","archived":false,"no_funding":false,"no_license":false,"host":"opensource","collective_created_at":"2019-08-28T11:25:56.174Z","collective_updated_at":"2022-12-08T11:55:16.465Z","html_url":"https://opencollective.com/tauri","icon_url":"https://images.opencollective.com/tauri/logo/40.png","total_donations":121714.50000000057,"total_expenses":-30150.720000000478,"current_balance":106250.4200000009,"api_url":"https://opencollective.ecosyste.ms/api/v1/collectives/tauri","url":"https://opencollective.ecosyste.ms/collectives/tauri","projects_url":"https://opencollective.ecosyste.ms/api/v1/collectives/tauri/projects"}}