Open advisories
0
Critical
0
High
0
Moderate
0
Low
0 open advisories across the org as of this snapshot. Source: per-package OSV cross-check + GitHub Security Advisories API. Verify via the methodology table.
Scanner rollup
How many packages currently have a green most-recent run, per tool. Packages without that tool configured are excluded from the denominator.
gitleaks
18/18
bandit
18/18
vulture
17/17
pip-audit
0/—
cargo-audit
0/—
cargo-deny
0/—
Per-repo security workflow
| Package | Workflow | gitleaks | bandit | vulture | pip-audit | cargo-audit | cargo-deny | Advisories | Last run |
|---|---|---|---|---|---|---|---|---|---|
| kaos-agents | 0 | — | |||||||
| kaos-citations | 0 | — | |||||||
| kaos-content | 0 | — | |||||||
| kaos-core | 0 | — | |||||||
| kaos-graph | 0 | — | |||||||
| kaos-llm-client | 0 | — | |||||||
| kaos-llm-core | 0 | — | |||||||
| kaos-mcp | 0 | — | |||||||
| kaos-ml-core | 0 | — | |||||||
| kaos-names | 0 | — | |||||||
| kaos-nlp-core | 0 | — | |||||||
| kaos-nlp-transformers | 0 | — | |||||||
| kaos-office | 0 | — | |||||||
| kaos-pdf | 0 | — | |||||||
| kaos-source | 0 | — | |||||||
| kaos-tabular | 0 | — | |||||||
| kaos-ui | 0 | — | |||||||
| kaos-web | 0 | — |
Suppressions ledger
Suppressions ledger not inspected on this host. sibling clone root /home/mjbommar/projects/273v not present on this host The ledger is computed at render time by walking the on-disk clones; on a build host without those clones (e.g. a fresh GHA runner) we leave the count empty rather than zero-fill it.
How this is collected
Source & reproducibility
Advisories come from the GitHub Security Advisories API and an OSV
cross-check keyed by package PURL. Scanner conclusions are the
GitHub Actions job
conclusion field on the most recent
run of each repo’s security.yml workflow. No
self-attestation. Tools that aren’t configured for a given
ecosystem (e.g. cargo-audit on a pure-Python package)
render as No signal rather than green.
The suppressions ledger is computed at render time by
collector.suppressions.collect_for_org, which walks the
on-disk sibling clones of every public 273v/kaos-* repo;
the same module exposes a per-repo collect() for ad-hoc
reproduction.
See methodology.html#pill-semantics
for the full signal-to-source mapping.