docker/metadata-action
GitHub Action to extract metadata (tags, labels) from Git reference and GitHub events for Docker
GitHub Actions security score
| docker/metadata-action | |
|---|---|
Score | 8/10 |
License | Apache License 2.0 |
Maintained | 30 commit(s) and 5 issue activity found in the last 90 days -- score normalized to 10 |
Vulnerabilities | 10 existing vulnerabilities detected |
Branch protection | branch protection is not maximal on development and all release branches |
Manual code review | - |
Secure publishing | - |
Signed commits | - |
Automated security tools | - |
Popular | Used by 2204 open-source projects |
Security Policy | security policy file detected |
Networking Behavior of docker/metadata-action
This GitHub Action often makes outbound network calls to these destinations, as gathered from public workflows using the Harden-Runner GitHub Action. Harden-Runner offers network egress filtering and runtime security for both GitHub-hosted and self-hosted runners.
Popular DestinationUnknown Destination
| Network Destination | Owner |
|---|---|
| api.github.com |  GitHub |
| registry-1.docker.io | |
| auth.docker.io | |
| production.cloudflare.docker.com | |
| registry.uffizzi.com | Unknown |
| mirror1.hs-esslingen.de | Unknown |
| dl-cdn.alpinelinux.org | |
| centos-stream-distro.1gservers.com | Unknown |
| keyserver.ubuntu.com | |
| github.com | GitHub |
| security.ubuntu.com | |
| archive.ubuntu.com | |
| pypi.org | |
| files.pythonhosted.org | |
| developer.arm.com | Unknown |
| armkeil.blob.core.windows.net | Unknown |
| x.cp.wd.microsoft.com | |
| global.endpoint.security.microsoft.com | |
| wdcp.microsoft.com | |
| go.microsoft.com | |
| definitionupdates.microsoft.com | |
| winatp-gw-cus.microsoft.com | |
| westus2.data.mcr.microsoft.com | |
| westus.data.mcr.microsoft.com | |
| mcr.microsoft.com | |
| ghcr.io | GitHub |
| pkg-containers.githubusercontent.com | GitHub |
| release-assets.githubusercontent.com | GitHub |
| download.pytorch.org | Unknown |