Home/uncloud/Trust report

Trust and health report

uncloud - trust report

Sourced, dated trust signals - maintenance label posture, repository provenance, and security scan status. Not a composite safety grade.

GraphCanon updated today · GitHub synced today

Maintenance

Recency and activity heuristics from public GitHub metadata (maintenance label, momentum); methodology: github_public_v1.

Very active96% signal

last push 1d ago · last release 1d · 3 releases (90d)

Provenance

Repository identity and fork provenance (github_public_v1).

  • GitHub repo id: 831373509
  • Not a fork
  • Personal account
  • Computed today

Security intelligence

Source-by-source security scan results from public intelligence providers. Missing, partial, or failed queries are shown explicitly and are not treated as clean.

OSV dependency advisories

Published findings
Last query
today
Scanner
osv@v1
Stored findings
61
View source evidence

deps.dev advisories

Not queried
Scanner
deps.dev@v1
View source evidence

OpenSSF Scorecard

Not queried
Scanner
openssf-scorecard@v1

Weekly public scans omit some checks at scale.

View source evidence

Dependency advisories (deduplicated)

GHSA-fw7p-63qq-7hpr
filippo.io/edwards25519@v1.1.0 · osv@v1
go.sum
GO-2026-4503
filippo.io/edwards25519@v1.1.0 · osv@v1
go.sum
GHSA-4xrr-hq4w-6vf4
github.com/caddyserver/caddy/v2@v2.8.4 · osv@v1
go.sum
GHSA-5r3v-vc8m-m96g
github.com/caddyserver/caddy/v2@v2.8.4 · osv@v1
go.sum
GHSA-879p-475x-rqh2
github.com/caddyserver/caddy/v2@v2.8.4 · osv@v1
go.sum
GHSA-f59h-q822-g45g
github.com/caddyserver/caddy/v2@v2.8.4 · osv@v1
go.sum
GHSA-g7pc-pc7g-h8jh
github.com/caddyserver/caddy/v2@v2.8.4 · osv@v1
go.sum
GHSA-gx7w-56w6-g48x
github.com/caddyserver/caddy/v2@v2.8.4 · osv@v1
go.sum
GHSA-hffm-g8v7-wrv7
github.com/caddyserver/caddy/v2@v2.8.4 · osv@v1
go.sum
GHSA-m675-2p33-xv9g
github.com/caddyserver/caddy/v2@v2.8.4 · osv@v1
go.sum
GHSA-qrp7-cvwr-j2c6
github.com/caddyserver/caddy/v2@v2.8.4 · osv@v1
go.sum
GHSA-vcc4-2c75-vc9v
github.com/caddyserver/caddy/v2@v2.8.4 · osv@v1
go.sum
GHSA-x5w9-xh9r-mvfc
github.com/caddyserver/caddy/v2@v2.8.4 · osv@v1
go.sum
GHSA-x76f-jf84-rqj8
github.com/caddyserver/caddy/v2@v2.8.4 · osv@v1
go.sum
GO-2026-4535
github.com/caddyserver/caddy/v2@v2.8.4 · osv@v1
go.sum
GO-2026-4536
github.com/caddyserver/caddy/v2@v2.8.4 · osv@v1
go.sum
GO-2026-4537
github.com/caddyserver/caddy/v2@v2.8.4 · osv@v1
go.sum
GO-2026-4538
github.com/caddyserver/caddy/v2@v2.8.4 · osv@v1
go.sum
GO-2026-4539
github.com/caddyserver/caddy/v2@v2.8.4 · osv@v1
go.sum
GO-2026-4541
github.com/caddyserver/caddy/v2@v2.8.4 · osv@v1
go.sum
GO-2026-4644
github.com/caddyserver/caddy/v2@v2.8.4 · osv@v1
go.sum
GO-2026-5743
github.com/caddyserver/caddy/v2@v2.8.4 · osv@v1
go.sum
GHSA-33vj-92qq-66hc
github.com/containerd/containerd/v2@v2.1.4 · osv@v1
go.sum
GHSA-cvxm-645q-p574
github.com/containerd/containerd/v2@v2.1.4 · osv@v1
go.sum
GHSA-fqw6-gf59-qr4w
github.com/containerd/containerd/v2@v2.1.4 · osv@v1
go.sum
GHSA-jpcc-p29g-p8mq
github.com/containerd/containerd/v2@v2.1.4 · osv@v1
go.sum
GHSA-m6hq-p25p-ffr2
github.com/containerd/containerd/v2@v2.1.4 · osv@v1
go.sum
GHSA-pwhc-rpq9-4c8w
github.com/containerd/containerd/v2@v2.1.4 · osv@v1
go.sum
GHSA-rgh6-rfwx-v388
github.com/containerd/containerd/v2@v2.1.4 · osv@v1
go.sum
GHSA-xhf5-7wjv-pqxp
github.com/containerd/containerd/v2@v2.1.4 · osv@v1
go.sum
GO-2025-4100
github.com/containerd/containerd/v2@v2.1.4 · osv@v1
go.sum
GO-2025-4108
github.com/containerd/containerd/v2@v2.1.4 · osv@v1
go.sum
GO-2026-5064
github.com/containerd/containerd/v2@v2.1.4 · osv@v1
go.sum
GO-2026-5338
github.com/containerd/containerd/v2@v2.1.4 · osv@v1
go.sum
GO-2026-5378
github.com/containerd/containerd/v2@v2.1.4 · osv@v1
go.sum
GO-2026-5475
github.com/containerd/containerd/v2@v2.1.4 · osv@v1
go.sum
GO-2026-5622
github.com/containerd/containerd/v2@v2.1.4 · osv@v1
go.sum
GO-2026-5758
github.com/containerd/containerd/v2@v2.1.4 · osv@v1
go.sum
GHSA-3p65-76g6-3w7r
github.com/distribution/distribution/v3@v3.0.0 · osv@v1
go.sum
GHSA-6pjf-3r9x-m592
github.com/distribution/distribution/v3@v3.0.0 · osv@v1
go.sum
GHSA-f2g3-hh2r-cwgc
github.com/distribution/distribution/v3@v3.0.0 · osv@v1
go.sum
GO-2026-5094
github.com/distribution/distribution/v3@v3.0.0 · osv@v1
go.sum
GO-2026-5185
github.com/distribution/distribution/v3@v3.0.0 · osv@v1
go.sum
GHSA-p436-gjf2-799p
github.com/docker/cli@v28.5.0+incompatible · osv@v1
go.sum
GO-2026-4610
github.com/docker/cli@v28.5.0+incompatible · osv@v1
go.sum
GHSA-gv8h-7v7w-r22q
github.com/docker/compose/v2@v2.40.0 · osv@v1
go.sum
GO-2025-4077
github.com/docker/compose/v2@v2.40.0 · osv@v1
go.sum
GHSA-pxq6-2prw-chj9
github.com/docker/docker@v28.5.0+incompatible · osv@v1
go.sum
GHSA-rg2x-37c3-w2rh
github.com/docker/docker@v28.5.0+incompatible · osv@v1
go.sum
GHSA-vp62-88p7-qqf5
github.com/docker/docker@v28.5.0+incompatible · osv@v1
go.sum
GHSA-x744-4wpc-v9h2
github.com/docker/docker@v28.5.0+incompatible · osv@v1
go.sum
GHSA-x86f-5xw2-fm2r
github.com/docker/docker@v28.5.0+incompatible · osv@v1
go.sum
GO-2026-4883
github.com/docker/docker@v28.5.0+incompatible · osv@v1
go.sum
GO-2026-4887
github.com/docker/docker@v28.5.0+incompatible · osv@v1
go.sum
GO-2026-5617
github.com/docker/docker@v28.5.0+incompatible · osv@v1
go.sum
GO-2026-5668
github.com/docker/docker@v28.5.0+incompatible · osv@v1
go.sum
GO-2026-5746
github.com/docker/docker@v28.5.0+incompatible · osv@v1
go.sum
GHSA-78h2-9frx-2jm8
github.com/go-jose/go-jose/v3@v3.0.3 · osv@v1
go.sum
GHSA-c6gw-w398-hv78
github.com/go-jose/go-jose/v3@v3.0.3 · osv@v1
go.sum
GO-2025-3485
github.com/go-jose/go-jose/v3@v3.0.3 · osv@v1
go.sum
GO-2026-4945
github.com/go-jose/go-jose/v3@v3.0.3 · osv@v1
go.sum

Method and caveats: these are sourced, dated heuristics from public GitHub data and external security intelligence providers. A status like "no published findings from this source" is not a guarantee of safety. Read the full trust methodology · JSON report at /api/graphcanon/tools/psviderski-uncloud/trust.

Common questions

Is uncloud maintained?
GraphCanon rates uncloud "Very active" (96% maintenance signal from public GitHub metadata, computed today). Last push was 1 days ago. 3 GitHub releases in the last 90 days. This is a recency heuristic, not a guarantee the project will stay maintained.
Is uncloud safe to use?
Last scanned today (deps profile). Status: 61 low - 61 low finding(s) in the latest scan. GraphCanon does not claim the project is safe or vulnerability-free; review findings on the trust report. GraphCanon does not certify uncloud as safe - review maintenance, provenance, and scan findings on this page before adopting.
Is uncloud a fork?
No. uncloud is not flagged as a fork in GitHub metadata at the time of the last refresh.
Does uncloud have known security vulnerabilities?
Last scanned today (deps profile). Status: 61 low - 61 low finding(s) in the latest scan. GraphCanon does not claim the project is safe or vulnerability-free; review findings on the trust report.
How often is the uncloud trust report updated?
Trust signals refresh on GitHub ingest/refresh cycles and optional dependency/MCP scans. This report was computed today (methodology github_public_v1).
What does GraphCanon never claim about uncloud?
We never publish a composite safety grade, pen-test endorsement, or "verified secure" label for uncloud. Signals are sourced heuristics with explicit limits - see trust methodology.
How does GraphCanon assess trust for uncloud?
Signals are sourced from public GitHub metadata and optional dependency/MCP manifest scans, each tagged with methodology version and computed date. GraphCanon does not publish a composite safety grade. Read trust methodology for full scope and limits.

Was this helpful?

Anonymous feedback helps us improve pages and translations.