{"id":43129181,"url":"https://github.com/NatLabRockies/api-umbrella","last_synced_at":"2026-02-01T09:00:47.085Z","repository":{"id":4482200,"uuid":"5621246","full_name":"NatLabRockies/api-umbrella","owner":"NatLabRockies","description":"Open source API management platform","archived":false,"fork":false,"pushed_at":"2026-01-22T02:02:23.000Z","size":31043,"stargazers_count":2140,"open_issues_count":237,"forks_count":366,"subscribers_count":101,"default_branch":"main","last_synced_at":"2026-01-22T22:47:33.964Z","etag":null,"topics":["api-gateway","api-management","api-manager","lua","luajit","nginx","openresty"],"latest_commit_sha":null,"homepage":"","language":"Ruby","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/NatLabRockies.png","metadata":{"files":{"readme":"README.md","changelog":"CHANGELOG.md","contributing":null,"funding":null,"license":"LICENSE.txt","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":null,"dco":null,"cla":null}},"created_at":"2012-08-30T21:34:06.000Z","updated_at":"2026-01-19T17:47:19.000Z","dependencies_parsed_at":"2023-07-05T19:17:46.793Z","dependency_job_id":"251c0f85-c393-4d6c-bc0e-aa0d094d3c30","html_url":"https://github.com/NatLabRockies/api-umbrella","commit_stats":{"total_commits":4783,"total_committers":23,"mean_commits":"207.95652173913044","dds":0.2404348735103492,"last_synced_commit":"9b9c10a07707d687446ccc4ef914bc219d4ffd5b"},"previous_names":["natlabrockies/api-umbrella"],"tags_count":60,"template":false,"template_full_name":null,"purl":"pkg:github/NatLabRockies/api-umbrella","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/NatLabRockies%2Fapi-umbrella","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/NatLabRockies%2Fapi-umbrella/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/NatLabRockies%2Fapi-umbrella/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/NatLabRockies%2Fapi-umbrella/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/NatLabRockies","download_url":"https://codeload.github.com/NatLabRockies/api-umbrella/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/NatLabRockies%2Fapi-umbrella/sbom","scorecard":{"id":98293,"data":{"date":"2025-08-11","repo":{"name":"github.com/NREL/api-umbrella","commit":"598d3c986886ad0402a4df6457f9f72c82d78300"},"scorecard":{"version":"v5.2.1-40-gf6ed084d","commit":"f6ed084d17c9236477efd66e5b258b9d4cc7b389"},"score":4.2,"checks":[{"name":"Dangerous-Workflow","score":10,"reason":"no dangerous workflow patterns detected","details":null,"documentation":{"short":"Determines if the project's GitHub Action workflows avoid dangerous patterns.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#dangerous-workflow"}},{"name":"Token-Permissions","score":0,"reason":"detected GitHub workflow tokens with excessive permissions","details":["Warn: jobLevel 'checks' permission set to 'write': .github/workflows/main.yml:212","Warn: no topLevel permission defined: .github/workflows/main.yml:1","Warn: no topLevel permission defined: .github/workflows/release.yml:1"],"documentation":{"short":"Determines if the project's workflows follow the principle of least privilege.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#token-permissions"}},{"name":"Code-Review","score":0,"reason":"Found 0/22 approved changesets -- score normalized to 0","details":null,"documentation":{"short":"Determines if the project requires human code review before pull requests (aka merge requests) are merged.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#code-review"}},{"name":"Maintained","score":10,"reason":"13 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 10","details":null,"documentation":{"short":"Determines if the project is \"actively maintained\".","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#maintained"}},{"name":"CII-Best-Practices","score":0,"reason":"no effort to earn an OpenSSF best practices badge detected","details":null,"documentation":{"short":"Determines if the project has an OpenSSF (formerly CII) Best Practices Badge.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#cii-best-practices"}},{"name":"Security-Policy","score":0,"reason":"security policy file not detected","details":["Warn: no security policy file detected","Warn: no security file to analyze","Warn: no security file to analyze","Warn: no security file to analyze"],"documentation":{"short":"Determines if the project has published a security policy.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#security-policy"}},{"name":"Binary-Artifacts","score":10,"reason":"no binaries found in the repo","details":null,"documentation":{"short":"Determines if the project has generated executable (binary) artifacts in the source repository.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#binary-artifacts"}},{"name":"License","score":10,"reason":"license file detected","details":["Info: project has a license file: LICENSE.txt:0","Info: FSF or OSI recognized license: MIT License: LICENSE.txt:0"],"documentation":{"short":"Determines if the project has defined a license.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#license"}},{"name":"Fuzzing","score":0,"reason":"project is not fuzzed","details":["Warn: no fuzzer integrations found"],"documentation":{"short":"Determines if the project uses fuzzing.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#fuzzing"}},{"name":"Signed-Releases","score":-1,"reason":"no releases found","details":null,"documentation":{"short":"Determines if the project cryptographically signs release artifacts.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#signed-releases"}},{"name":"Branch-Protection","score":-1,"reason":"internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration","details":null,"documentation":{"short":"Determines if the default and release branches are protected with GitHub's branch protection settings.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#branch-protection"}},{"name":"Packaging","score":10,"reason":"packaging workflow detected","details":["Info: Project packages its releases by way of GitHub Actions.: .github/workflows/main.yml:15"],"documentation":{"short":"Determines if the project is published as a package that others can easily download, install, easily update, and uninstall.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#packaging"}},{"name":"Pinned-Dependencies","score":0,"reason":"dependency not pinned by hash detected -- score normalized to 0","details":["Info: Possibly incomplete results: error parsing shell code: \"a[b]\" must be followed by =: templates/etc/perp/envoy-control-plane/rc.main.etlua:28","Info: Possibly incomplete results: error parsing shell code: \"a[b]\" must be followed by =: templates/etc/perp/fluent-bit/rc.main.etlua:34","Info: Possibly incomplete results: error parsing shell code: \"a[b]\" must be followed by =: templates/etc/perp/nginx-web-app/rc.main.etlua:21","Info: Possibly incomplete results: error parsing shell code: \"a[b]\" must be followed by =: templates/etc/perp/nginx/rc.main.etlua:24","Info: Possibly incomplete results: error parsing shell code: \"a[b]\" must be followed by =: templates/etc/perp/test-env-glauth/rc.main.etlua:19","Info: Possibly incomplete results: error parsing shell code: \"a[b]\" must be followed by =: templates/etc/perp/test-env-nginx/rc.main.etlua:13","Info: Possibly incomplete results: error parsing shell code: \"a[b]\" must be followed by =: templates/etc/perp/test-env-unbound/rc.main.etlua:22","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/main.yml:216: update your workflow using https://app.stepsecurity.io/secureworkflow/NREL/api-umbrella/main.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/main.yml:221: update your workflow using https://app.stepsecurity.io/secureworkflow/NREL/api-umbrella/main.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/main.yml:18: update your workflow using https://app.stepsecurity.io/secureworkflow/NREL/api-umbrella/main.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/main.yml:21: update your workflow using https://app.stepsecurity.io/secureworkflow/NREL/api-umbrella/main.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/main.yml:26: update your workflow using https://app.stepsecurity.io/secureworkflow/NREL/api-umbrella/main.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/main.yml:34: update your workflow using https://app.stepsecurity.io/secureworkflow/NREL/api-umbrella/main.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/main.yml:42: update your workflow using https://app.stepsecurity.io/secureworkflow/NREL/api-umbrella/main.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/main.yml:50: update your workflow using https://app.stepsecurity.io/secureworkflow/NREL/api-umbrella/main.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/main.yml:72: update your workflow using https://app.stepsecurity.io/secureworkflow/NREL/api-umbrella/main.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/main.yml:85: update your workflow using https://app.stepsecurity.io/secureworkflow/NREL/api-umbrella/main.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/main.yml:88: update your workflow using https://app.stepsecurity.io/secureworkflow/NREL/api-umbrella/main.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/main.yml:93: update your workflow using https://app.stepsecurity.io/secureworkflow/NREL/api-umbrella/main.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/main.yml:101: update your workflow using https://app.stepsecurity.io/secureworkflow/NREL/api-umbrella/main.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/main.yml:108: update your workflow using https://app.stepsecurity.io/secureworkflow/NREL/api-umbrella/main.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/main.yml:121: update your workflow using https://app.stepsecurity.io/secureworkflow/NREL/api-umbrella/main.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/main.yml:125: update your workflow using https://app.stepsecurity.io/secureworkflow/NREL/api-umbrella/main.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/main.yml:150: update your workflow using https://app.stepsecurity.io/secureworkflow/NREL/api-umbrella/main.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/main.yml:154: update your workflow using https://app.stepsecurity.io/secureworkflow/NREL/api-umbrella/main.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/main.yml:192: update your workflow using https://app.stepsecurity.io/secureworkflow/NREL/api-umbrella/main.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/main.yml:202: update your workflow using https://app.stepsecurity.io/secureworkflow/NREL/api-umbrella/main.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release.yml:17: update your workflow using https://app.stepsecurity.io/secureworkflow/NREL/api-umbrella/release.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/release.yml:20: update your workflow using https://app.stepsecurity.io/secureworkflow/NREL/api-umbrella/release.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/release.yml:34: update your workflow using https://app.stepsecurity.io/secureworkflow/NREL/api-umbrella/release.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/release.yml:42: update your workflow using https://app.stepsecurity.io/secureworkflow/NREL/api-umbrella/release.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/release.yml:50: update your workflow using https://app.stepsecurity.io/secureworkflow/NREL/api-umbrella/release.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/release.yml:57: update your workflow using https://app.stepsecurity.io/secureworkflow/NREL/api-umbrella/release.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/release.yml:68: update your workflow using https://app.stepsecurity.io/secureworkflow/NREL/api-umbrella/release.yml/main?enable=pin","Warn: containerImage not pinned by hash: Dockerfile:4","Warn: containerImage not pinned by hash: Dockerfile:97","Warn: containerImage not pinned by hash: Dockerfile:150","Warn: containerImage not pinned by hash: Dockerfile:167","Warn: containerImage not pinned by hash: Dockerfile:186","Warn: containerImage not pinned by hash: Dockerfile:201","Warn: containerImage not pinned by hash: Dockerfile-opensearch:1: pin your Docker image by updating public.ecr.aws/opensearchproject/opensearch:2.17.1 to public.ecr.aws/opensearchproject/opensearch:2.17.1@sha256:1193b7c29c5d63028523728243cc4da047ac49f697a8f8105e5aeee2f89bcc4c","Warn: containerImage not pinned by hash: Dockerfile-postgres:1: pin your Docker image by updating public.ecr.aws/docker/library/postgres:15.10-bookworm to public.ecr.aws/docker/library/postgres:15.10-bookworm@sha256:d609c3005478af92bddad773423df829b7402ea0b356d5b72edd2fd54d1ad3ea","Warn: containerImage not pinned by hash: docker/Dockerfile:1: pin your Docker image by updating debian:stretch to debian:stretch@sha256:c5c5200ff1e9c73ffbf188b4a67eb1c91531b644856b4aefe86a58d2f0cb05be","Warn: npmCommand not pinned by hash: tasks/build-deps/pnpm:9","Info:   0 out of   7 GitHub-owned GitHubAction dependencies pinned","Info:   0 out of  20 third-party GitHubAction dependencies pinned","Info:   0 out of   9 containerImage dependencies pinned","Info:   0 out of   1 npmCommand dependencies pinned"],"documentation":{"short":"Determines if the project has declared and pinned the dependencies of its build process.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#pinned-dependencies"}},{"name":"SAST","score":0,"reason":"SAST tool is not run on all commits -- score normalized to 0","details":["Warn: 0 commits out of 8 are checked with a SAST tool"],"documentation":{"short":"Determines if the project uses static code analysis.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#sast"}},{"name":"Vulnerabilities","score":0,"reason":"18 existing vulnerabilities detected","details":["Warn: Project is vulnerable to: GHSA-353f-x4gh-cqq8","Warn: Project is vulnerable to: GHSA-mqcp-p2hv-vw6x","Warn: Project is vulnerable to: GHSA-jphg-qwrw-7w9g","Warn: Project is vulnerable to: GHSA-jppv-gw3r-w3q8","Warn: Project is vulnerable to: GHSA-968p-4wvh-cqc8","Warn: Project is vulnerable to: GHSA-whgm-jr23-g3j9","Warn: Project is vulnerable to: GHSA-9mvj-f7w8-pvh2","Warn: Project is vulnerable to: GHSA-vc8w-jr9v-vj7f","Warn: Project is vulnerable to: GHSA-grv7-fg5c-xmjg","Warn: Project is vulnerable to: GHSA-wxhq-pm8v-cw75","Warn: Project is vulnerable to: GHSA-35jh-r3h4-6jhm","Warn: Project is vulnerable to: GHSA-952p-6rrq-rcjv","Warn: Project is vulnerable to: GHSA-vh95-rmgr-6w4m","Warn: Project is vulnerable to: GHSA-xvch-5gv4-984h","Warn: Project is vulnerable to: GHSA-76c9-3jph-rj3q","Warn: Project is vulnerable to: GHSA-gcx4-mw62-g8wm","Warn: Project is vulnerable to: GHSA-52f5-9888-hmc6","Warn: Project is vulnerable to: GHSA-cf4h-3jhx-xvhq"],"documentation":{"short":"Determines if the project has open, known unfixed vulnerabilities.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#vulnerabilities"}}]},"last_synced_at":"2025-08-15T09:34:12.616Z","repository_id":4482200,"created_at":"2025-08-15T09:34:12.616Z","updated_at":"2025-08-15T09:34:12.616Z"},"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":28974246,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-02-01T08:16:14.655Z","status":"ssl_error","status_checked_at":"2026-02-01T08:06:51.373Z","response_time":56,"last_error":"SSL_connect returned=1 errno=0 peeraddr=140.82.121.6:443 state=error: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["api-gateway","api-management","api-manager","lua","luajit","nginx","openresty"],"created_at":"2026-01-31T21:00:26.606Z","updated_at":"2026-02-01T09:00:47.079Z","avatar_url":"https://github.com/NatLabRockies.png","language":"Ruby","readme":"# API Umbrella\n\n## What Is API Umbrella?\n\nAPI Umbrella is an open source API management platform for exposing web service APIs. The basic goal of API Umbrella is to make life easier for both API creators and API consumers. How?\n\n* **Make life easier for API creators:** Allow API creators to focus on building APIs.\n  * **Standardize the boring stuff:** APIs can assume the boring stuff (access control, rate limiting, analytics, etc.) is already taken care if the API is being accessed, so common functionality doesn't need to be implemented in the API code.\n  * **Easy to add:** API Umbrella acts as a layer above your APIs, so your API code doesn't need to be modified to take advantage of the features provided.\n  * **Scalability:** Make it easier to scale your APIs.\n* **Make life easier for API consumers:** Let API consumers easily explore and use your APIs.\n  * **Unify disparate APIs:** Present separate APIs as a cohesive offering to API consumers. APIs running on different servers or written in different programming languages can be exposed at a single endpoint for the API consumer.\n  * **Standardize access:** All your APIs are can be accessed using the same API key credentials.\n  * **Standardize documentation:** All your APIs are documented in a single place and in a similar fashion.\n\n## Getting Started\n\nOnce you have API Umbrella up and running, there are a variety of things you can do to start using the platform. For a quick tutorial, see [getting started](https://api-umbrella.readthedocs.org/en/latest/getting-started.html).\n\n## API Umbrella Development\n\nAre you interested in working on the code behind API Umbrella? See our [development setup guide](https://api-umbrella.readthedocs.org/en/latest/developer/dev-setup.html) to see how you can get a local development environment setup.\n\n## Who's using API Umbrella?\n\n* [api.data.gov](https://api.data.gov/)\n* [NREL Developer Network](http://developer.nrel.gov/)\n* [api.sam.gov](https://api.sam.gov)\n\nAre you using API Umbrella? [Edit this file](https://github.com/NREL/api-umbrella/blob/master/README.md) and let us know.\n\n## License\n\nAPI Umbrella is open sourced under the [MIT license](https://github.com/NREL/api-umbrella/blob/master/LICENSE.txt).\n","funding_links":[],"categories":["Ruby"],"sub_categories":[],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2FNatLabRockies%2Fapi-umbrella","html_url":"https://awesome.ecosyste.ms/projects/github.com%2FNatLabRockies%2Fapi-umbrella","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2FNatLabRockies%2Fapi-umbrella/lists"}