{"id":42307972,"url":"https://github.com/SecObserve/SecObserve","last_synced_at":"2026-02-06T20:00:28.579Z","repository":{"id":150308118,"uuid":"614506035","full_name":"SecObserve/SecObserve","owner":"SecObserve","description":"SecObserve is an open source vulnerability and license management system for software development teams and cloud environments. It supports a variety of open source vulnerability scanners and integrates easily into CI/CD pipelines.","archived":false,"fork":false,"pushed_at":"2026-02-04T00:30:23.000Z","size":37658,"stargazers_count":216,"open_issues_count":15,"forks_count":24,"subscribers_count":2,"default_branch":"dev","last_synced_at":"2026-02-04T03:42:23.581Z","etag":null,"topics":["devsecops","license-management","security-automation","security-tools","shiftleft","vulnerability-management"],"latest_commit_sha":null,"homepage":"https://secobserve.github.io/SecObserve/","language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"other","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/SecObserve.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":"CONTRIBUTING.md","funding":null,"license":"LICENSE.txt","code_of_conduct":"CODE_OF_CONDUCT.md","threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":"SECURITY.md","support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":null,"dco":null,"cla":null}},"created_at":"2023-03-15T18:11:23.000Z","updated_at":"2026-02-04T01:56:27.000Z","dependencies_parsed_at":"2024-02-07T08:25:16.129Z","dependency_job_id":"9b2d8750-d66d-4d9c-98db-1f096686a8e6","html_url":"https://github.com/SecObserve/SecObserve","commit_stats":null,"previous_names":["secobserve/secobserve","maibornwolff/secobserve"],"tags_count":90,"template":false,"template_full_name":null,"purl":"pkg:github/SecObserve/SecObserve","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/SecObserve%2FSecObserve","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/SecObserve%2FSecObserve/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/SecObserve%2FSecObserve/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/SecObserve%2FSecObserve/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/SecObserve","download_url":"https://codeload.github.com/SecObserve/SecObserve/tar.gz/refs/heads/dev","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/SecObserve%2FSecObserve/sbom","scorecard":{"id":113400,"data":{"date":"2025-08-15T16:01:26Z","repo":{"name":"github.com/MaibornWolff/SecObserve","commit":"3d0e3afa440c0dac2350d59a14faf6e228a92985"},"scorecard":{"version":"v5.2.1","commit":"ab2f6e92482462fe66246d9e32f642855a691dc1"},"score":7.7,"checks":[{"name":"Dependency-Update-Tool","score":10,"reason":"update tool detected","details":["Info: detected update tool: RenovateBot: renovate.json:1"],"documentation":{"short":"Determines if the project uses a dependency update tool.","url":"https://github.com/ossf/scorecard/blob/ab2f6e92482462fe66246d9e32f642855a691dc1/docs/checks.md#dependency-update-tool"}},{"name":"Code-Review","score":3,"reason":"Found 1/3 approved changesets -- score normalized to 3","details":null,"documentation":{"short":"Determines if the project requires human code review before pull requests (aka merge requests) are merged.","url":"https://github.com/ossf/scorecard/blob/ab2f6e92482462fe66246d9e32f642855a691dc1/docs/checks.md#code-review"}},{"name":"Security-Policy","score":10,"reason":"security policy file detected","details":["Info: security policy file detected: SECURITY.md:1","Info: Found linked content: SECURITY.md:1","Info: Found disclosure, vulnerability, and/or timelines in security policy: SECURITY.md:1","Info: Found text in security policy: SECURITY.md:1"],"documentation":{"short":"Determines if the project has published a security policy.","url":"https://github.com/ossf/scorecard/blob/ab2f6e92482462fe66246d9e32f642855a691dc1/docs/checks.md#security-policy"}},{"name":"Maintained","score":10,"reason":"30 commit(s) and 8 issue activity found in the last 90 days -- score normalized to 10","details":null,"documentation":{"short":"Determines if the project is \"actively maintained\".","url":"https://github.com/ossf/scorecard/blob/ab2f6e92482462fe66246d9e32f642855a691dc1/docs/checks.md#maintained"}},{"name":"Dangerous-Workflow","score":10,"reason":"no dangerous workflow patterns detected","details":null,"documentation":{"short":"Determines if the project's GitHub Action workflows avoid dangerous patterns.","url":"https://github.com/ossf/scorecard/blob/ab2f6e92482462fe66246d9e32f642855a691dc1/docs/checks.md#dangerous-workflow"}},{"name":"Binary-Artifacts","score":10,"reason":"no binaries found in the repo","details":null,"documentation":{"short":"Determines if the project has generated executable (binary) artifacts in the source repository.","url":"https://github.com/ossf/scorecard/blob/ab2f6e92482462fe66246d9e32f642855a691dc1/docs/checks.md#binary-artifacts"}},{"name":"Token-Permissions","score":10,"reason":"GitHub workflow tokens follow principle of least privilege","details":["Warn: jobLevel 'contents' permission set to 'write': .github/workflows/build_push_release.yml:116","Warn: jobLevel 'contents' permission set to 'write': .github/workflows/generate_sboms.yml:17","Warn: jobLevel 'contents' permission set to 'write': .github/workflows/publish_docs.yml:15","Info: topLevel permissions set to 'read-all': .github/workflows/build_push_dev.yml:5","Info: topLevel permissions set to 'read-all': .github/workflows/build_push_release.yml:11","Info: topLevel permissions set to 'read-all': .github/workflows/check_backend.yml:5","Info: topLevel permissions set to 'read-all': .github/workflows/check_frontend.yml:5","Info: topLevel permissions set to 'read-all': .github/workflows/check_licenses_dev.yml:8","Info: topLevel permissions set to 'read-all': .github/workflows/check_vulnerabilities.yml:5","Info: topLevel permissions set to 'read-all': .github/workflows/generate_sboms.yml:11","Info: topLevel permissions set to 'read-all': .github/workflows/publish_docs.yml:9","Info: topLevel permissions set to 'read-all': .github/workflows/scan_sca_current.yml:8","Info: topLevel permissions set to 'read-all': .github/workflows/scorecard.yml:18"],"documentation":{"short":"Determines if the project's workflows follow the principle of least privilege.","url":"https://github.com/ossf/scorecard/blob/ab2f6e92482462fe66246d9e32f642855a691dc1/docs/checks.md#token-permissions"}},{"name":"License","score":10,"reason":"license file detected","details":["Info: project has a license file: LICENSE.txt:0","Info: FSF or OSI recognized license: BSD 3-Clause \"New\" or \"Revised\" License: LICENSE.txt:0"],"documentation":{"short":"Determines if the project has defined a license.","url":"https://github.com/ossf/scorecard/blob/ab2f6e92482462fe66246d9e32f642855a691dc1/docs/checks.md#license"}},{"name":"Pinned-Dependencies","score":7,"reason":"dependency not pinned by hash detected -- score normalized to 7","details":["Warn: pipCommand not pinned by hash: docker/backend/dev/django/Dockerfile:16","Warn: pipCommand not pinned by hash: docker/backend/prod/django/Dockerfile:16","Warn: pipCommand not pinned by hash: docker/backend/unittests/django/Dockerfile:16","Warn: npmCommand not pinned by hash: docker/frontend/prod/Dockerfile:33-34","Warn: npmCommand not pinned by hash: bin/dev.sh:4","Warn: npmCommand not pinned by hash: .github/workflows/build_push_release.yml:134","Warn: downloadThenRun not pinned by hash: .github/workflows/build_push_release.yml:140","Warn: pipCommand not pinned by hash: .github/workflows/check_backend.yml:24","Warn: pipCommand not pinned by hash: .github/workflows/check_backend.yml:25","Warn: npmCommand not pinned by hash: .github/workflows/check_frontend.yml:39","Warn: npmCommand not pinned by hash: .github/workflows/check_licenses_dev.yml:25","Warn: npmCommand not pinned by hash: .github/workflows/generate_sboms.yml:35","Warn: downloadThenRun not pinned by hash: .github/workflows/generate_sboms.yml:41","Warn: pipCommand not pinned by hash: .github/workflows/publish_docs.yml:26","Info:  31 out of  31 GitHub-owned GitHubAction dependencies pinned","Info:  31 out of  31 third-party GitHubAction dependencies pinned","Info:  12 out of  12 containerImage dependencies pinned","Info:   0 out of   6 pipCommand dependencies pinned","Info:   3 out of   9 npmCommand dependencies pinned","Info:   0 out of   2 downloadThenRun dependencies pinned"],"documentation":{"short":"Determines if the project has declared and pinned the dependencies of its build process.","url":"https://github.com/ossf/scorecard/blob/ab2f6e92482462fe66246d9e32f642855a691dc1/docs/checks.md#pinned-dependencies"}},{"name":"CII-Best-Practices","score":5,"reason":"badge detected: Passing","details":null,"documentation":{"short":"Determines if the project has an OpenSSF (formerly CII) Best Practices Badge.","url":"https://github.com/ossf/scorecard/blob/ab2f6e92482462fe66246d9e32f642855a691dc1/docs/checks.md#cii-best-practices"}},{"name":"Packaging","score":10,"reason":"packaging workflow detected","details":["Info: Project packages its releases by way of GitHub Actions.: .github/workflows/build_push_dev.yml:8"],"documentation":{"short":"Determines if the project is published as a package that others can easily download, install, easily update, and uninstall.","url":"https://github.com/ossf/scorecard/blob/ab2f6e92482462fe66246d9e32f642855a691dc1/docs/checks.md#packaging"}},{"name":"SAST","score":9,"reason":"SAST tool is not run on all commits -- score normalized to 9","details":["Warn: 29 commits out of 30 are checked with a SAST tool"],"documentation":{"short":"Determines if the project uses static code analysis.","url":"https://github.com/ossf/scorecard/blob/ab2f6e92482462fe66246d9e32f642855a691dc1/docs/checks.md#sast"}},{"name":"Branch-Protection","score":-1,"reason":"internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration","details":null,"documentation":{"short":"Determines if the default and release branches are protected with GitHub's branch protection settings.","url":"https://github.com/ossf/scorecard/blob/ab2f6e92482462fe66246d9e32f642855a691dc1/docs/checks.md#branch-protection"}},{"name":"Signed-Releases","score":0,"reason":"Project has not signed or included provenance with any releases.","details":["Warn: release artifact v1.36.0 not signed: https://api.github.com/repos/MaibornWolff/SecObserve/releases/237748040","Warn: release artifact v1.35.0 not signed: https://api.github.com/repos/MaibornWolff/SecObserve/releases/235433480","Warn: release artifact v1.34.1 not signed: https://api.github.com/repos/MaibornWolff/SecObserve/releases/231996649","Warn: release artifact v1.34.0 not signed: https://api.github.com/repos/MaibornWolff/SecObserve/releases/231974828","Warn: release artifact v1.33.1 not signed: https://api.github.com/repos/MaibornWolff/SecObserve/releases/228413211","Warn: release artifact v1.36.0 does not have provenance: https://api.github.com/repos/MaibornWolff/SecObserve/releases/237748040","Warn: release artifact v1.35.0 does not have provenance: https://api.github.com/repos/MaibornWolff/SecObserve/releases/235433480","Warn: release artifact v1.34.1 does not have provenance: https://api.github.com/repos/MaibornWolff/SecObserve/releases/231996649","Warn: release artifact v1.34.0 does not have provenance: https://api.github.com/repos/MaibornWolff/SecObserve/releases/231974828","Warn: release artifact v1.33.1 does not have provenance: https://api.github.com/repos/MaibornWolff/SecObserve/releases/228413211"],"documentation":{"short":"Determines if the project cryptographically signs release artifacts.","url":"https://github.com/ossf/scorecard/blob/ab2f6e92482462fe66246d9e32f642855a691dc1/docs/checks.md#signed-releases"}},{"name":"Fuzzing","score":0,"reason":"project is not fuzzed","details":["Warn: no fuzzer integrations found"],"documentation":{"short":"Determines if the project uses fuzzing.","url":"https://github.com/ossf/scorecard/blob/ab2f6e92482462fe66246d9e32f642855a691dc1/docs/checks.md#fuzzing"}},{"name":"Contributors","score":6,"reason":"project has 2 contributing companies or organizations -- score normalized to 6","details":["Info: found contributions from: maibornwolff gmbh, stackabletech"],"documentation":{"short":"Determines if the project has a set of contributors from multiple organizations (e.g., companies).","url":"https://github.com/ossf/scorecard/blob/ab2f6e92482462fe66246d9e32f642855a691dc1/docs/checks.md#contributors"}},{"name":"CI-Tests","score":9,"reason":"29 out of 30 merged PRs checked by a CI test -- score normalized to 9","details":null,"documentation":{"short":"Determines if the project runs tests before pull requests are merged.","url":"https://github.com/ossf/scorecard/blob/ab2f6e92482462fe66246d9e32f642855a691dc1/docs/checks.md#ci-tests"}},{"name":"Vulnerabilities","score":10,"reason":"0 existing vulnerabilities detected","details":null,"documentation":{"short":"Determines if the project has open, known unfixed vulnerabilities.","url":"https://github.com/ossf/scorecard/blob/ab2f6e92482462fe66246d9e32f642855a691dc1/docs/checks.md#vulnerabilities"}}]},"last_synced_at":"2025-08-15T18:30:21.919Z","repository_id":150308118,"created_at":"2025-08-15T18:30:21.919Z","updated_at":"2025-08-15T18:30:21.919Z"},"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":29174319,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-02-06T19:56:27.068Z","status":"ssl_error","status_checked_at":"2026-02-06T19:56:18.934Z","response_time":59,"last_error":"SSL_connect returned=1 errno=0 peeraddr=140.82.121.6:443 state=error: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["devsecops","license-management","security-automation","security-tools","shiftleft","vulnerability-management"],"created_at":"2026-01-27T11:12:46.287Z","updated_at":"2026-02-06T20:00:28.517Z","avatar_url":"https://github.com/SecObserve.png","language":"Python","funding_links":[],"categories":["Python"],"sub_categories":[],"readme":"\u003e [!IMPORTANT]\n\u003e The SecObserve repositories have been moved from the MaibornWolff organization to their own SecObserve organization. Even though all links to the previous repository location are automatically redirected to the new location, we strongly recommend updating any existing links to the new repository URL.\n\u003e\n\u003e The location of the Docker images has been changed with release 1.42.0, they are now stored in a GitHub container registry:\n\u003e\n\u003e * **ghcr.io/secobserve/secobserve-backend** (see https://github.com/SecObserve/SecObserve/pkgs/container/secobserve-backend)\n\u003e * **ghcr.io/secobserve/secobserve-frontend** (see https://github.com/SecObserve/SecObserve/pkgs/container/secobserve-frontend)\n\u003e\n\u003e Please adjust your pull statements accordingly.\n\n![SecObserve](frontend/public/secobserve.svg)\n\n# SecObserve\n\n[![OpenSSF Best Practices](https://www.bestpractices.dev/projects/8388/badge)](https://www.bestpractices.dev/projects/8388) [![OpenSSF Scorecard](https://api.securityscorecards.dev/projects/github.com/SecObserve/SecObserve/badge)](https://securityscorecards.dev/viewer/?uri=github.com/SecObserve/SecObserve)\n\n\nSecObserve is an open source vulnerability and license management system for software development teams and cloud environments. It supports a variety of open source vulnerability scanners and integrates easily into CI/CD pipelines. Results about potential security flaws from various vulnerability scanning tools are made available for assessment and reporting.\n\n![Dashboard](docs/assets/images/screenshot_dashboard.png)\n\n## Overview\n\nThe aim of SecObserve is to make vulnerability scanning and vulnerability management as easy as possible for software development projects using open source tools. It consists of 2 major components:\n\n* **Vulnerability and license management system SecObserve:** SecObserve provides the development team with an overview of the results of all vulnerability and license scans for their project, which can be easily filtered and sorted. In the detailed view, the results are displayed uniformly with a wealth of information, regardless of which vulnerability scanner generated them.\n\n    With the help of automatically executed rules and manual assessments, the vulnerability results can be efficiently evaluated to eliminate irrelevant results and accept risks. This allows the development team to concentrate on fixing the relevant vulnerabilities.\n\n* **GitLab CI templates and GitHub actions:** Integrating vulnerability scanners into a CI/CD pipeline can be tedious. Each tool has to be installed differently and is called with different parameters. To avoid having to solve this task all over again, there are repositories with GitLab CI Templates and GitHub Actions. These make the process of integrating vulnerability scanners very simple by providing uniform methods for launching the tools and uniform parameters. The tools are regularly updated in the repositories so that the latest features and bug fixes are always available.\n\n    All templates run the scanner, upload the results into SecObserve and make the results of the scans available for download as artefacts in JSON format.\n\n    The sources of the GitHub actions and GitLab CI templates can be found in [https://github.com/SecObserve/secobserve_actions_templates](https://github.com/SecObserve/secobserve_actions_templates).\n\n![Overview](docs/assets/images/secobserve_process.svg)\n\n## Integrations\n\n![Overview](docs/assets/images/secobserve_integrations.svg)\n\n## Documentation\n\nThe full documentation how to install and use SecObserve can be found here: [https://secobserve.github.io/SecObserve/](https://secobserve.github.io/SecObserve/)\n\n## Code of Conduct\n\nPlease note that this project is released with a [Code of Conduct](CODE_OF_CONDUCT.md). By participating in this project you agree to abide by its terms.\n\n## Contributing\n\nPlease see the [Contributing Guidelines](CONTRIBUTING.md) for more information on how to get involved in the project.\n\n## License\n\nSecObserve is licensed under the [3-Clause BSD License](LICENSE.txt)\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2FSecObserve%2FSecObserve","html_url":"https://awesome.ecosyste.ms/projects/github.com%2FSecObserve%2FSecObserve","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2FSecObserve%2FSecObserve/lists"}