docker/metadata-action
GitHub Action to extract metadata (tags, labels) from Git reference and GitHub events for Docker
GitHub Actions security score
| docker/metadata-action | |
|---|---|
Score | 8/10 |
License | Apache License 2.0 |
Maintained | 30 commit(s) and 1 issue activity found in the last 90 days -- score normalized to 10 |
Vulnerabilities | 16 existing vulnerabilities detected |
Branch protection | branch protection is not maximal on development and all release branches |
Manual code review | - |
Secure publishing | - |
Signed commits | - |
Automated security tools | - |
Popular | Used by 29568 open-source projects |
Security Policy | security policy file detected |
Networking Behavior of docker/metadata-action
This GitHub Action often makes outbound network calls to these destinations, as gathered from public workflows using the Harden-Runner GitHub Action. Harden-Runner offers network egress filtering and runtime security for both GitHub-hosted and self-hosted runners.
Popular DestinationUnknown Destination
| Network Destination | Owner |
|---|---|
| api.github.com |  GitHub |
| registry-1.docker.io | |
| auth.docker.io | |
| production.cloudflare.docker.com | |
| registry.uffizzi.com | Unknown |
| mirror1.hs-esslingen.de | Unknown |
| dl-cdn.alpinelinux.org | |
| centos-stream-distro.1gservers.com | Unknown |
| keyserver.ubuntu.com | |
| github.com | GitHub |
| security.ubuntu.com | |
| archive.ubuntu.com | |
| pypi.org | |
| files.pythonhosted.org | |
| developer.arm.com | Unknown |
| armkeil.blob.core.windows.net | Unknown |
| x.cp.wd.microsoft.com | |
| global.endpoint.security.microsoft.com | |
| wdcp.microsoft.com | |
| go.microsoft.com | |
| definitionupdates.microsoft.com | |
| winatp-gw-cus.microsoft.com | |
| westus2.data.mcr.microsoft.com | |
| westus.data.mcr.microsoft.com | |
| mcr.microsoft.com | |
| ghcr.io | GitHub |
| pkg-containers.githubusercontent.com | GitHub |
| release-assets.githubusercontent.com | GitHub |
| download.pytorch.org | Unknown |
| settings-win.data.microsoft.com | |
| docker-images-prod.6aa30f8b08e16409b46e0173d6de2f56.r2.cloudflarestorage.com | |
| prod.app-api.stepsecurity.io | Unknown |
| www.openssl.org | Unknown |
| mirror.gcr.io | Unknown |
| check.trivy.dev | Unknown |
| deb.debian.org | Unknown |
| index.crates.io | Unknown |
| static.crates.io | Unknown |
| tuf-repo-cdn.sigstore.dev | |
| fulcio.sigstore.dev | |
| timestamp.sigstore.dev | |
| rekor.sigstore.dev | |
| cafe.github.com | GitHub |
| production.cloudfront.docker.com | Unknown |
| ports.ubuntu.com | |
| dc.services.visualstudio.com | Unknown |
| api.nuget.org | Unknown |
| crl3.digicert.com | Unknown |
| www.microsoft.com | |
| crl.sectigo.com | Unknown |
| eastus.data.mcr.microsoft.com | |
| ts-crl.ws.symantec.com | Unknown |
| s.symcb.com | Unknown |
| crl4.digicert.com | Unknown |
| crl.usertrust.com | Unknown |
| dns.msftncsi.com | Unknown |
| get.trivy.dev | Unknown |