← Home

@sap-ux/cf-deploy-config-writer

npm Repository

Add or amend Cloud Foundry and ABAP deployment configuration for SAP projects

3
Versions
Apache-2.0
License
No
Install Scripts
Verified
Provenance

Supply chain provenance

Status for the latest visible version.

SLSA provenance attestation npm registry signatures No source commit

Maintainers

tqueckkranthie.sapsap_extncrepossap-ospo-admindevinea

Accepted risks

Findings the reviewer chose to accept rather than block on.

SourceRuleReasonAccepted byWhen
dependencies unvetted-dep:hasbin AI (dependencies): Standard utility dep for a SAP deploy tooling package; no malicious indicators. ai
dependencies unvetted-dep:@sap-ux/yaml AI (dependencies): SAP UX ecosystem dep; expected for this package. ai
dependencies unvetted-dep:@sap/mta-lib AI (dependencies): SAP MTA tooling dep; expected for CF deploy config writer. ai
dependencies unvetted-dep:@sap/cf-tools AI (dependencies): SAP CF tooling dep; expected for CF deploy config writer. ai
dependencies unvetted-dep:mem-fs-editor AI (dependencies): Well-known Yeoman ecosystem dep; no risk. ai
dependencies unvetted-dep:@sap-ux/btp-utils AI (dependencies): SAP UX ecosystem dep; expected for this package. ai
dependencies unvetted-dep:@sap-ux/ui5-config AI (dependencies): SAP UX ecosystem dep; expected for this package. ai
dependencies unvetted-dep:@sap-ux/nodejs-utils AI (dependencies): SAP UX ecosystem dep; expected for this package. ai
provenance no-provenance AI (provenance): SAP UX packages consistently lack Sigstore provenance; stable false positive for this org. ai

Versions (showing 3 of 103)

Version Deps Published
0.2.13 14 / 11
0.2.12 14 / 11
0.2.11 14 / 11

v0.2.13

1 finding
INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v0.2.12

1 finding
INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v0.2.11

1 finding
INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.