Hi all,
We're writing to let you know about an issue discovered in the Scorecard cron job. The cron uses a pool of tokens to scale the number of repositories scanned. Out of an abundance of caution, these tokens are now suspended from use due to potential security implications. We're temporarily suspending Scorecard's cron runs while we re-evaluate how we should scale this in the long term.
What does this mean for users?
Projects can expect to see stale results on https://api.securityscorecards.dev and https://deps.dev. Projects that have scorecard-action installed will continue to see their latest result runs on https://api.securityscorecards.dev.
The public BigQuery table will not be updated in the coming weeks, but users can continue using data from previous weeks.
We apologize for any inconvenience this may cause. If you have any questions, please contact the OpenSSF Scorecard Maintainer team.
Thanks & Regards,
OpenSSF Scorecard Maintainers