{"data":{"slug":"boundaryml-baml","name":"baml","trust":{"provenance":{"is_fork":false,"github_id":701494311,"owner_type":"Organization","methodology":"github_public_v1","parent_repo":null,"near_duplicate_slugs":[]},"computed_at":"2026-07-15T10:42:07.297Z","maintenance":{"label":"Very active","score":96,"methodology":"github_public_v1","releases_90d":30,"days_since_push":0,"last_release_at":"2026-07-15T01:23:35Z"},"security_summary":{"status":"findings","scanner":"osv@v1","low_count":6,"high_count":0,"last_scan_at":"2026-07-15T10:42:07.747Z","medium_count":0,"scan_profile":"deps","critical_count":0}},"findings":[{"id":"GHSA-6q6q-88xp-6f2r","severity":"low","title":"GHSA-6q6q-88xp-6f2r","package":"gopkg.in/yaml.v2@v2.2.2","location":"go.sum","sources":["osv@v1"]},{"id":"GHSA-r88r-gmrh-7j83","severity":"low","title":"GHSA-r88r-gmrh-7j83","package":"gopkg.in/yaml.v2@v2.2.2","location":"go.sum","sources":["osv@v1"]},{"id":"GHSA-wxc4-f4m6-wwqv","severity":"low","title":"GHSA-wxc4-f4m6-wwqv","package":"gopkg.in/yaml.v2@v2.2.2","location":"go.sum","sources":["osv@v1"]},{"id":"GO-2020-0036","severity":"low","title":"GO-2020-0036","package":"gopkg.in/yaml.v2@v2.2.2","location":"go.sum","sources":["osv@v1"]},{"id":"GO-2021-0061","severity":"low","title":"GO-2021-0061","package":"gopkg.in/yaml.v2@v2.2.2","location":"go.sum","sources":["osv@v1"]},{"id":"GO-2022-0956","severity":"low","title":"GO-2022-0956","package":"gopkg.in/yaml.v2@v2.2.2","location":"go.sum","sources":["osv@v1"]}],"security_intelligence":{"sources":[{"profile":"deps","scanner":"osv@v1","label":"OSV dependency advisories","status":"findings","status_label":"Published findings","scanned_at":"2026-07-15T10:42:09.366871+00:00","findings_count":6,"evidence_url":"https://osv.dev/","error":null,"caveat":null},{"profile":"deps_dev","scanner":"deps.dev@v1","label":"deps.dev advisories","status":"not_scanned","status_label":"Not queried","scanned_at":null,"findings_count":0,"evidence_url":"https://deps.dev/","error":null,"caveat":null},{"profile":"openssf_scorecard","scanner":"openssf-scorecard@v1","label":"OpenSSF Scorecard","status":"not_scanned","status_label":"Not queried","scanned_at":null,"findings_count":0,"evidence_url":"https://api.securityscorecards.dev/projects/github.com/BoundaryML/baml","error":null,"caveat":"Weekly public scans omit some checks at scale."}],"dependency_findings":[{"id":"GHSA-6q6q-88xp-6f2r","severity":"low","title":"GHSA-6q6q-88xp-6f2r","package":"gopkg.in/yaml.v2@v2.2.2","location":"go.sum","sources":["osv@v1"]},{"id":"GHSA-r88r-gmrh-7j83","severity":"low","title":"GHSA-r88r-gmrh-7j83","package":"gopkg.in/yaml.v2@v2.2.2","location":"go.sum","sources":["osv@v1"]},{"id":"GHSA-wxc4-f4m6-wwqv","severity":"low","title":"GHSA-wxc4-f4m6-wwqv","package":"gopkg.in/yaml.v2@v2.2.2","location":"go.sum","sources":["osv@v1"]},{"id":"GO-2020-0036","severity":"low","title":"GO-2020-0036","package":"gopkg.in/yaml.v2@v2.2.2","location":"go.sum","sources":["osv@v1"]},{"id":"GO-2021-0061","severity":"low","title":"GO-2021-0061","package":"gopkg.in/yaml.v2@v2.2.2","location":"go.sum","sources":["osv@v1"]},{"id":"GO-2022-0956","severity":"low","title":"GO-2022-0956","package":"gopkg.in/yaml.v2@v2.2.2","location":"go.sum","sources":["osv@v1"]}],"scorecard_findings":[]},"methodology":"github_public_v1"}}