| # | Job Name | Repo | Runs | Failures | Failure Rate | Flakiness Index | Last Failure | Top Failing Step |
|---|---|---|---|---|---|---|---|---|
| 1 | build / arm64-prebuild | cli | 48 | 28 | 5833.3% | yesterday | Run build | |
| 2 | test / empty-files-build | cli | 48 | 31 | 6458.3% | yesterday | Run Build | |
| 3 | build / amd64-prebuild | cli | 48 | 29 | 6041.7% | yesterday | Run build | |
| 4 | test / podman-build | cli | 48 | 33 | 6875.0% | yesterday | Run extractions/setup-just@5316โฆ | |
| 5 | test / iso-from-image | cli | 48 | 32 | 6666.7% | yesterday | Run extractions/setup-just@5316โฆ | |
| 6 | test / container-podman-build | cli | 48 | 32 | 6666.7% | yesterday | Run Build | |
| 7 | test / multi-platform-podman | cli | 48 | 32 | 6666.7% | yesterday | Run Build | |
| 8 | test / docker-build | cli | 48 | 32 | 6666.7% | yesterday | Run Build | |
| 9 | test / multi-platform-docker | cli | 48 | 32 | 6666.7% | yesterday | Maximize build space | |
| 10 | test / docker-build-external-login | cli | 48 | 32 | 6666.7% | yesterday | Run Build |
| Repo | Success Rate 7d | Success Rate 30d | Avg Duration | Total Runs (7d) | Last Stream Status |
|---|---|---|---|---|---|
| base-images | 50.0% | 42.4% | 282m | 8 | ๐ข success |
| cli | 0.0% | 0.0% | 16m | 1 | ๐ด failure |
| modules | 100.0% | 100.0% | 27m | 4 | ๐ข success |
| Repo | Stream | 7d Rate | 30d Rate | Runs (7d) | Avg Duration | Last Run | Status |
|---|---|---|---|---|---|---|---|
| base-images | build | 50.0% | 42.4% | 8 | 282m | 21h ago | ๐ข |
| cli | main | 0.0% | 0.0% | 1 | 16m | 1d ago | ๐ด |
| modules | build | 100.0% | 100.0% | 4 | 27m | 13h ago | ๐ข |
Publish step tracking requires live build data โ shown after first successful CI run.
Rates computed from workflow step names over last 30 days. Steps not detected in pipeline are shown as โ.
Collecting Scorecard data โ check back after the next sync.
Scores from OpenSSF Scorecard. Click a card to view the full report.
| Repo | Workflow | Branch | Trigger | Duration | Started | Jobs | ||
|---|---|---|---|---|---|---|---|---|
| ๐ข | modules | build | no-gpgpchecks | PR | 13m | 2026-05-25T17:40:34Z | 2/2 โ | โ |
| ๐ข | modules | build | brewpull | PR | 14m | 2026-05-25T16:18:39Z | 2/2 โ | โ |
| ๐ข | base-images | bluebuild | main | sched | 261m | 2026-05-25T10:22:13Z | 24/24 โ | โ |
| ๐ด | cli | Main branch build | main | push | 41m | 2026-05-24T18:01:34Z | 24/41 โ | โ |
| ๐ก | cli | Main branch build | main | push | <1m | 2026-05-24T18:00:43Z | 0/0 โ | โ |
| ๐ก | cli | Main branch build | main | push | <1m | 2026-05-24T17:59:53Z | 0/0 โ | โ |
| ๐ก | cli | Main branch build | main | push | <1m | 2026-05-24T17:59:24Z | 0/0 โ | โ |
| ๐ก | cli | Main branch build | main | push | <1m | 2026-05-24T17:58:58Z | 0/0 โ | โ |
| ๐ก | cli | Main branch build | main | push | <1m | 2026-05-24T17:58:32Z | 0/0 โ | โ |
| ๐ก | cli | Main branch build | main | push | 5m | 2026-05-24T17:58:14Z | 27/27 โ | โ |
| ๐ก | cli | Main branch build | main | push | 1m | 2026-05-24T17:57:20Z | 27/27 โ | โ |
| ๐ก | cli | Main branch build | main | push | 1m | 2026-05-24T17:56:10Z | 27/27 โ | โ |
| ๐ด | base-images | bluebuild | main | push | 266m | 2026-05-24T11:42:28Z | 12/24 โ | โ |
| ๐ข | modules | build | main | push | 21m | 2026-05-24T11:41:10Z | 2/2 โ | โ |
| ๐ก | base-images | bluebuild | main | sched | 184m | 2026-05-24T08:39:02Z | 15/24 โ | โ |
| ๐ข | modules | build | fix-license | PR | 70m | 2026-05-23T20:56:14Z | 2/2 โ | โ |
| ๐ข | base-images | bluebuild | fix-license | PR | 271m | 2026-05-23T20:55:42Z | 24/24 โ | โ |
| ๐ด | base-images | bluebuild | main | sched | 256m | 2026-05-23T08:27:09Z | 13/24 โ | โ |
| ๐ด | base-images | bluebuild | main | sched | 255m | 2026-05-22T09:40:04Z | 19/24 โ | โ |
| ๐ด | base-images | bluebuild | main | sched | 254m | 2026-05-21T09:54:41Z | 12/24 โ | โ |
The metrics on this page are grounded in peer-reviewed research and open standards. These resources explain what each metric means, why it predicts software delivery performance, and how to improve it.
The canonical framework for measuring software delivery: Deployment Frequency, Lead Time for Changes, Change Failure Rate, and Time to Restore Service. Published by Google Cloud's DevOps Research and Assessment team and validated across thousands of organizations since 2014.
Automated security health checks for open source projects, scoring 0โ10 across checks including signed releases, SBOM presence, branch protection, pinned dependencies, and CI test coverage. Produced by the Open Source Security Foundation (OpenSSF), a Linux Foundation project.
A graduated framework (L0โL3) for verifiable software build integrity. Each level adds stronger guarantees: L1 means provenance exists, L2 means it is signed by a hosted build platform, L3 means the build environment itself is hardened and isolated. Developed by Google and adopted as an OpenSSF standard.
Keyless, identity-based artifact signing backed by a public transparency log (Rekor). Cosign signs and verifies container images and release artifacts using short-lived OIDC certificates โ no long-lived private keys to manage or rotate. A CNCF project used by Kubernetes, Tekton, and the Bluefin image pipeline.
A machine-readable inventory of every component and dependency in a software artifact. SBOMs make vulnerability response faster โ when a new CVE is published, you can immediately know which of your images are affected. The OpenSSF SBOM Everywhere SIG maintains tooling guidance and naming conventions.
The CNCF Technical Advisory Group for Security publishes authoritative whitepapers on cloud-native supply chain security. The Software Supply Chain Best Practices paper (v2, 2025) and the Secure Software Factory reference architecture define the practices that the Scorecard and SLSA checks encode.
The authoritative CNCF definition of what internal developer platforms are, what they should measure (user satisfaction, self-service rate, onboarding time), and how platform teams should operate. Published by the TAG App Delivery Platforms Working Group. Recommends DORA metrics as the delivery measurement standard for platform teams.
A 4-level model (Provisional โ Operational โ Scalable โ Optimizing) across five aspects: Investment, Adoption, Interfaces, Operations, and Measurement. Helps platform teams understand where they are and what practices characterize the next level. Published by the CNCF TAG App Delivery Platforms Working Group.
A 5-level model (Build โ Operate โ Scale โ Improve โ Adapt) across Business Outcomes, People, Process, Policy, and Technology. Maintained by the CNCF Cartografos Working Group. Version 4 (2025) adds AI and FinOps dimensions. Useful for understanding where cloud-native adoption fits in the broader organizational journey.
The peer-reviewed research behind DORA metrics. Nicole Forsgren, Jez Humble, and Gene Kim identified 24 technical, process, and cultural capabilities that predict software delivery performance and organizational outcomes. Required reading for understanding why deployment frequency and lead time matter.
Google's Site Reliability Engineering book defines four signals sufficient to monitor any user-facing service: Latency, Traffic, Errors, and Saturation. These are the production observability complement to DORA โ they define what a "failure" actually is (without them, Change Failure Rate cannot be accurately measured) and predict when MTTR will spike before incidents occur.
DORA measures what the pipeline does; SPACE measures how developers experience it. Developed by Nicole Forsgren (GitHub), Margaret-Anne Storey, and colleagues at Microsoft Research. Five dimensions: Satisfaction, Performance, Activity, Communication/Collaboration, and Efficiency. Never measure activity in isolation.