Repository Should Be Updated At Least Quarterly

policy name: repository_not_maintained

severity: HIGH

Description

A project which is not actively maintained may not be patched against security issues within its code and dependencies, and is therefore at higher risk of including known vulnerabilities.

Threat Example(s)

As new vulnerabilities are found over time, unmaintained repositories are more likely to point to dependencies that have known vulnerabilities, exposing these repositories to 1-day attacks.

Remediation

1. Make sure you have admin permissions
2. Either Delete or Archive the repository