prometheus/prometheus

application Go 63.4k stars

/ 100

Last analyzed: April 3, 2026

Dimension Scores

Individual health dimension scores for this repository

Security

Testing

Documentation

100

Architecture

100

DevOps

100

Maintenance

Detailed Findings

Security 65/100

✗ Security policy (SECURITY.md) SECURITY.md exists but appears to be a placeholder (< 200 chars) — add contact info and disclosure process

✓ Pinned dependencies (Actions SHA) 10/10 action refs pinned to SHA (100%)

✓ Token permissions At least one workflow uses explicit restrictive permissions

✓ Dependency update automation Using Renovate

✓ Code ownership CODEOWNERS file found

✗ No committed .env files Found .env files in repo — these may contain secrets

✓ .gitignore present .gitignore found

✓ CI workflows (branch protection proxy) GitHub Actions found (likely branch protection in place)

Testing 94/100

✓ CI workflows GitHub Actions detected

✓ Test files 56 test-related file(s) found

✓ Coverage configuration Coverage/test runner config found

✓ Test runner configured Test runner configuration detected

✗ Pre-commit hooks No pre-commit hooks found

Documentation 100/100

✓ README quality README.md is 9572 chars

✓ LICENSE file License: Apache-2.0

✓ CONTRIBUTING guide Contributing guide found

✓ CHANGELOG Changelog or release notes found

✓ Documentation directory or API docs Documentation directory or API docs found

✓ Repository description Description: "The Prometheus monitoring system and time series database."

Architecture 100/100

✓ Type safety (built-in + go.mod) go.mod found — Go has built-in type safety

✓ Linter (golangci-lint) golangci-lint config found

✓ Code formatter (gofmt — built-in) gofmt is built into Go toolchain

✓ Package structure (cmd/, pkg/, internal/) Standard Go layout found

✓ Build runner (Makefile / Taskfile) Build runner found

✓ Go version pinning (.go-version / go.work) go.work found — Go workspace monorepo

DevOps 100/100

✓ CI/CD pipeline GitHub Actions

✓ Container support (Docker) Docker config found (Dockerfile)

✓ Release automation Release automation configured

✓ Issue/PR templates Issue/PR templates found

✓ Deployment/Infrastructure config Deployment or build config found

Maintenance 83/100

✓ Last commit recency Last commit 0 day(s) ago — actively maintained

✗ Open issue freshness Median open issue age: 1654 day(s) — stale issues accumulating (oldest sampled: 3828 days)

✓ Recent releases Latest release 0 day(s) ago (5 recent releases)

✓ Bus factor Bus factor 5 — healthy contributor distribution (fabxc, juliusv, beorn7, bboreham, dependabot[bot])

✓ Community adoption (stars) 63,363 stars — strong community adoption

✗ Maintainer funding No FUNDING.yml found (not penalized)

View on GitHub OpenSSF Scorecard Back to Leaderboard