Go module

k8c.io/kubermatic/v2

v2.27.3

Default version

Warning

The highest tagged major version of this Go module is k8c.io/kubermatic/v3.

Published

April 8, 2025

Links

Origin: https://pkg.go.dev/k8c.io/kubermatic/v2@v2.27.3
Repo: https://github.com/kubermatic/kubermatic

Projects

kubermatic/kubermatic

GitHub

Kubermatic Kubernetes Platform - the Central Kubernetes Management Platform For Any Infrastructure

172 forks

1k stars

OpenSSF scorecard

The Open Source Security Foundation is a cross-industry collaboration to improve the security of open source software (OSS). The Scorecard provides security health metrics for open source projects.

View information about checks and how to fix failures.

Score

4.4/10

Scorecard as of April 21, 2025.

Code-Review

10/10

Determines if the project requires human code review before pull requests (aka merge requests) are merged.

Reasoning

all changesets reviewed

Maintained

10/10

Determines if the project is "actively maintained".

Reasoning

30 commit(s) and 14 issue activity found in the last 90 days -- score normalized to 10

License

9/10

Determines if the project has defined a license.

Reasoning

license file detected

CII-Best-Practices

2/10

Determines if the project has an OpenSSF (formerly CII) Best Practices Badge.

Reasoning

badge detected: InProgress

Security-Policy

0/10

Determines if the project has published a security policy.

Reasoning

security policy file not detected

Signed-Releases

0/10

Determines if the project cryptographically signs release artifacts.

Reasoning

Project has not signed or included provenance with any releases.

Fuzzing

0/10

Determines if the project uses fuzzing.

Reasoning

project is not fuzzed

Binary-Artifacts

10/10

Determines if the project has generated executable (binary) artifacts in the source repository.

Reasoning

no binaries found in the repo

SAST

0/10

Determines if the project uses static code analysis.

Reasoning

SAST tool is not run on all commits -- score normalized to 0

Vulnerabilities

3/10

Determines if the project has open, known unfixed vulnerabilities.

Reasoning

7 existing vulnerabilities detected

Pinned-Dependencies

0/10

Determines if the project has declared and pinned the dependencies of its build process.

Reasoning

dependency not pinned by hash detected -- score normalized to 0

Project metadata as of May 3, 2025.

This site uses cookies from Google to deliver its services and to analyze traffic.

Pinned-Dependencies

Warn: containerImage not pinned by hash: Dockerfile:15: pin your Docker image by updating docker.io/alpine:3.19 to docker.io/alpine:3.19@sha256:e5d0aea7f7d2954678a9a6269ca2d06e06591881161961ea59e974dff3f12377

Warn: containerImage not pinned by hash: addons/Dockerfile:15: pin your Docker image by updating docker.io/alpine:3.19 to docker.io/alpine:3.19@sha256:e5d0aea7f7d2954678a9a6269ca2d06e06591881161961ea59e974dff3f12377

Warn: containerImage not pinned by hash: cmd/alertmanager-authorization-server/Dockerfile:15: pin your Docker image by updating gcr.io/distroless/static-debian12:nonroot to gcr.io/distroless/static-debian12:nonroot@sha256:c0f429e16b13e583da7e5a6ec20dd656d325d88e6819cafe0adb0828976529dc

Warn: containerImage not pinned by hash: cmd/conformance-tester/Dockerfile:15: pin your Docker image by updating docker.io/alpine:3.19 to docker.io/alpine:3.19@sha256:e5d0aea7f7d2954678a9a6269ca2d06e06591881161961ea59e974dff3f12377

Warn: containerImage not pinned by hash: cmd/etcd-launcher/Dockerfile:15: pin your Docker image by updating busybox:1.32.1 to busybox:1.32.1@sha256:ae39a6f5c07297d7ab64dbd4f82c77c874cc6a94cea29fdec309d0992574b4f7

Warn: containerImage not pinned by hash: cmd/http-prober/Dockerfile:15: pin your Docker image by updating docker.io/alpine:3.19 to docker.io/alpine:3.19@sha256:e5d0aea7f7d2954678a9a6269ca2d06e06591881161961ea59e974dff3f12377

Warn: containerImage not pinned by hash: cmd/kubeletdnat-controller/Dockerfile:15: pin your Docker image by updating docker.io/alpine:3.19 to docker.io/alpine:3.19@sha256:e5d0aea7f7d2954678a9a6269ca2d06e06591881161961ea59e974dff3f12377

Warn: containerImage not pinned by hash: cmd/kubeletdnat-controller/Dockerfile.multiarch:15

Warn: containerImage not pinned by hash: cmd/kubeletdnat-controller/Dockerfile.multiarch:31: pin your Docker image by updating docker.io/alpine:3.19 to docker.io/alpine:3.19@sha256:e5d0aea7f7d2954678a9a6269ca2d06e06591881161961ea59e974dff3f12377

Warn: containerImage not pinned by hash: cmd/network-interface-manager/Dockerfile:15: pin your Docker image by updating gcr.io/distroless/static-debian12 to gcr.io/distroless/static-debian12@sha256:3d0f463de06b7ddff27684ec3bfd0b54a425149d0f8685308b1fdf297b0265e9

Warn: containerImage not pinned by hash: cmd/network-interface-manager/Dockerfile.multiarch:15

Warn: containerImage not pinned by hash: cmd/network-interface-manager/Dockerfile.multiarch:31: pin your Docker image by updating gcr.io/distroless/static-debian12 to gcr.io/distroless/static-debian12@sha256:3d0f463de06b7ddff27684ec3bfd0b54a425149d0f8685308b1fdf297b0265e9

Warn: containerImage not pinned by hash: cmd/nodeport-proxy/Dockerfile:15: pin your Docker image by updating docker.io/alpine:3.19 to docker.io/alpine:3.19@sha256:e5d0aea7f7d2954678a9a6269ca2d06e06591881161961ea59e974dff3f12377

Warn: containerImage not pinned by hash: cmd/s3-exporter/Dockerfile:15: pin your Docker image by updating gcr.io/distroless/static-debian12:nonroot to gcr.io/distroless/static-debian12:nonroot@sha256:c0f429e16b13e583da7e5a6ec20dd656d325d88e6819cafe0adb0828976529dc

Warn: containerImage not pinned by hash: cmd/user-ssh-keys-agent/Dockerfile:15: pin your Docker image by updating gcr.io/distroless/static-debian12 to gcr.io/distroless/static-debian12@sha256:3d0f463de06b7ddff27684ec3bfd0b54a425149d0f8685308b1fdf297b0265e9

Warn: containerImage not pinned by hash: cmd/user-ssh-keys-agent/Dockerfile.multiarch:15

Warn: containerImage not pinned by hash: cmd/user-ssh-keys-agent/Dockerfile.multiarch:31: pin your Docker image by updating gcr.io/distroless/static-debian12 to gcr.io/distroless/static-debian12@sha256:3d0f463de06b7ddff27684ec3bfd0b54a425149d0f8685308b1fdf297b0265e9

Warn: containerImage not pinned by hash: hack/images/integration-tests/Dockerfile:15: pin your Docker image by updating quay.io/kubermatic/build:go-1.24-node-20-kind-0.27-3 to quay.io/kubermatic/build:go-1.24-node-20-kind-0.27-3@sha256:b000c8463161138832d8b1c2f0d1ecc55d4707fed81495966f043a226c659e40

Warn: containerImage not pinned by hash: hack/images/startup-script/Dockerfile:15: pin your Docker image by updating docker.io/alpine:3.18 to docker.io/alpine:3.18@sha256:de0eb0b3f2a47ba1eb89389859a9bd88b28e82f5826b6969ad604979713c2d4f

Warn: containerImage not pinned by hash: hack/images/util/Dockerfile:15: pin your Docker image by updating docker.io/alpine:3.19 to docker.io/alpine:3.19@sha256:e5d0aea7f7d2954678a9a6269ca2d06e06591881161961ea59e974dff3f12377

Warn: goCommand not pinned by hash: hack/changelog-gen.sh:54

Info: 0 out of 20 containerImage dependencies pinned

Info: 0 out of 1 goCommand dependencies pinned