Summary
Scorecard CodeReviewID is open because Scorecard found 0/3 approved changesets.
Scorecard evaluates recent change history, not only the current branch protection settings.
Current readback
- Alert:
#3 CodeReviewID
- Tool: Scorecard
- Current state:
open
- Latest Scorecard run:
26642733853
- Latest analyzed commit:
48853d41756f11be3a76b484ef40a50fb836a58f
- Message:
Found 0/3 approved changesets
Disposition
This is an honest solo-maintainer/bootstrap finding. The repository intentionally uses hybrid solo operation: pull requests and required checks are used, but routine changes do not require separate human approval.
Current branch protection and rules should preserve the PR/check workflow without claiming two-person review. Scorecard may keep this alert open because bot reviews and owner-only/admin-bypass history do not count as approved human changesets.
Resolution path
- Keep tracking this alert as an accepted solo/bootstrap risk.
- Do not dismiss the code scanning alert as fixed.
- Do not claim OpenSSF two-person review or full Gold while solo operation remains in place.
- If the operating model later changes, a separate human reviewer and approved recent changesets can be used as an optional path to satisfy Scorecard.
Summary
Scorecard
CodeReviewIDis open because Scorecard found0/3approved changesets.Scorecard evaluates recent change history, not only the current branch protection settings.
Current readback
#3 CodeReviewIDopen2664273385348853d41756f11be3a76b484ef40a50fb836a58fFound 0/3 approved changesetsDisposition
This is an honest solo-maintainer/bootstrap finding. The repository intentionally uses hybrid solo operation: pull requests and required checks are used, but routine changes do not require separate human approval.
Current branch protection and rules should preserve the PR/check workflow without claiming two-person review. Scorecard may keep this alert open because bot reviews and owner-only/admin-bypass history do not count as approved human changesets.
Resolution path