{"id":13401527,"url":"https://github.com/apache/skywalking","last_synced_at":"2025-09-09T20:35:52.250Z","repository":{"id":37359619,"uuid":"45721011","full_name":"apache/skywalking","owner":"apache","description":"APM, Application Performance Monitoring System","archived":false,"fork":false,"pushed_at":"2025-09-01T05:56:18.000Z","size":173257,"stargazers_count":24503,"open_issues_count":65,"forks_count":6611,"subscribers_count":820,"default_branch":"master","last_synced_at":"2025-09-04T00:47:20.153Z","etag":null,"topics":["apm","dapper","distributed-tracing","ebpf","logging","metrics","observability","open-telemetry","prometheus","service-mesh","skywalking","telegraf","web-performance","zabbix"],"latest_commit_sha":null,"homepage":"https://skywalking.apache.org/","language":"Java","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/apache.png","metadata":{"files":{"readme":"README.md","changelog":"changes/README.md","contributing":"CONTRIBUTING.md","funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null}},"created_at":"2015-11-07T03:30:36.000Z","updated_at":"2025-09-03T04:38:57.000Z","dependencies_parsed_at":"2023-09-23T22:36:36.819Z","dependency_job_id":"982951bc-5c19-4e6e-8f73-37fc3e27d35f","html_url":"https://github.com/apache/skywalking","commit_stats":{"total_commits":7091,"total_committers":533,"mean_commits":"13.303939962476548","dds":0.6643632773938796,"last_synced_commit":"72886945b0fc5300e1c6404bf04acf870dc5ba19"},"previous_names":["apache/incubator-skywalking"],"tags_count":66,"template":false,"template_full_name":null,"purl":"pkg:github/apache/skywalking","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/apache%2Fskywalking","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/apache%2Fskywalking/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/apache%2Fskywalking/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/apache%2Fskywalking/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/apache","download_url":"https://codeload.github.com/apache/skywalking/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/apache%2Fskywalking/sbom","scorecard":{"id":201449,"data":{"date":"2025-08-11","repo":{"name":"github.com/apache/skywalking","commit":"bf04afdb2a841c60d5e27f5a9fc62d0879a5600c"},"scorecard":{"version":"v5.2.1-40-gf6ed084d","commit":"f6ed084d17c9236477efd66e5b258b9d4cc7b389"},"score":6.3,"checks":[{"name":"Code-Review","score":10,"reason":"all changesets reviewed","details":null,"documentation":{"short":"Determines if the project requires human code review before pull requests (aka merge requests) are merged.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#code-review"}},{"name":"Maintained","score":10,"reason":"30 commit(s) and 9 issue activity found in the last 90 days -- score normalized to 10","details":null,"documentation":{"short":"Determines if the project is \"actively maintained\".","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#maintained"}},{"name":"CII-Best-Practices","score":0,"reason":"no effort to earn an OpenSSF best practices badge detected","details":null,"documentation":{"short":"Determines if the project has an OpenSSF (formerly CII) Best Practices Badge.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#cii-best-practices"}},{"name":"License","score":10,"reason":"license file detected","details":["Info: project has a license file: LICENSE:0","Info: FSF or OSI recognized license: Apache License 2.0: LICENSE:0"],"documentation":{"short":"Determines if the project has defined a license.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#license"}},{"name":"Dangerous-Workflow","score":10,"reason":"no dangerous workflow patterns detected","details":null,"documentation":{"short":"Determines if the project's GitHub Action workflows avoid dangerous patterns.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#dangerous-workflow"}},{"name":"Token-Permissions","score":0,"reason":"detected GitHub workflow tokens with excessive permissions","details":["Info: jobLevel 'contents' permission set to 'read': .github/workflows/publish-docker-e2e-service.yaml:36","Info: jobLevel 'contents' permission set to 'read': .github/workflows/publish-docker.yaml:35","Info: topLevel 'actions' permission set to 'read': .github/workflows/codeql.yaml:34","Info: topLevel 'contents' permission set to 'read': .github/workflows/codeql.yaml:35","Warn: topLevel 'security-events' permission set to 'write': .github/workflows/codeql.yaml:36","Warn: no topLevel permission defined: .github/workflows/dead-link-checker.yaml:1","Warn: no topLevel permission defined: .github/workflows/publish-docker-e2e-service.yaml:1","Warn: no topLevel permission defined: .github/workflows/publish-docker.yaml:1","Warn: no topLevel permission defined: .github/workflows/skywalking.yaml:1","Info: no jobLevel write permissions found"],"documentation":{"short":"Determines if the project's workflows follow the principle of least privilege.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#token-permissions"}},{"name":"Security-Policy","score":10,"reason":"security policy file detected","details":["Info: security policy file detected: github.com/apache/.github/.github/SECURITY.md:1","Info: Found linked content: github.com/apache/.github/.github/SECURITY.md:1","Info: Found disclosure, vulnerability, and/or timelines in security policy: github.com/apache/.github/.github/SECURITY.md:1","Info: Found text in security policy: github.com/apache/.github/.github/SECURITY.md:1"],"documentation":{"short":"Determines if the project has published a security policy.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#security-policy"}},{"name":"Branch-Protection","score":-1,"reason":"internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration","details":null,"documentation":{"short":"Determines if the default and release branches are protected with GitHub's branch protection settings.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#branch-protection"}},{"name":"Packaging","score":10,"reason":"packaging workflow detected","details":["Info: Project packages its releases by way of GitHub Actions.: .github/workflows/publish-docker-e2e-service.yaml:32"],"documentation":{"short":"Determines if the project is published as a package that others can easily download, install, easily update, and uninstall.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#packaging"}},{"name":"Signed-Releases","score":-1,"reason":"no releases found","details":null,"documentation":{"short":"Determines if the project cryptographically signs release artifacts.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#signed-releases"}},{"name":"Binary-Artifacts","score":10,"reason":"no binaries found in the repo","details":null,"documentation":{"short":"Determines if the project has generated executable (binary) artifacts in the source repository.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#binary-artifacts"}},{"name":"Fuzzing","score":0,"reason":"project is not fuzzed","details":["Warn: no fuzzer integrations found"],"documentation":{"short":"Determines if the project uses fuzzing.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#fuzzing"}},{"name":"Pinned-Dependencies","score":1,"reason":"dependency not pinned by hash detected -- score normalized to 1","details":["Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/codeql.yaml:51: update your workflow using https://app.stepsecurity.io/secureworkflow/apache/skywalking/codeql.yaml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/codeql.yaml:57: update your workflow using https://app.stepsecurity.io/secureworkflow/apache/skywalking/codeql.yaml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/codeql.yaml:64: update your workflow using https://app.stepsecurity.io/secureworkflow/apache/skywalking/codeql.yaml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/dead-link-checker.yaml:36: update your workflow using https://app.stepsecurity.io/secureworkflow/apache/skywalking/dead-link-checker.yaml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/publish-docker-e2e-service.yaml:42: update your workflow using https://app.stepsecurity.io/secureworkflow/apache/skywalking/publish-docker-e2e-service.yaml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/publish-docker-e2e-service.yaml:47: update your workflow using https://app.stepsecurity.io/secureworkflow/apache/skywalking/publish-docker-e2e-service.yaml/master?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/publish-docker-e2e-service.yaml:54: update your workflow using https://app.stepsecurity.io/secureworkflow/apache/skywalking/publish-docker-e2e-service.yaml/master?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/publish-docker-e2e-service.yaml:60: update your workflow using https://app.stepsecurity.io/secureworkflow/apache/skywalking/publish-docker-e2e-service.yaml/master?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/publish-docker-e2e-service.yaml:62: update your workflow using https://app.stepsecurity.io/secureworkflow/apache/skywalking/publish-docker-e2e-service.yaml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/publish-docker.yaml:39: update your workflow using https://app.stepsecurity.io/secureworkflow/apache/skywalking/publish-docker.yaml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/publish-docker.yaml:44: update your workflow using https://app.stepsecurity.io/secureworkflow/apache/skywalking/publish-docker.yaml/master?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/publish-docker.yaml:69: update your workflow using https://app.stepsecurity.io/secureworkflow/apache/skywalking/publish-docker.yaml/master?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/publish-docker.yaml:75: update your workflow using https://app.stepsecurity.io/secureworkflow/apache/skywalking/publish-docker.yaml/master?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/publish-docker.yaml:77: update your workflow using https://app.stepsecurity.io/secureworkflow/apache/skywalking/publish-docker.yaml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/skywalking.yaml:312: update your workflow using https://app.stepsecurity.io/secureworkflow/apache/skywalking/skywalking.yaml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/skywalking.yaml:317: update your workflow using https://app.stepsecurity.io/secureworkflow/apache/skywalking/skywalking.yaml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/skywalking.yaml:322: update your workflow using https://app.stepsecurity.io/secureworkflow/apache/skywalking/skywalking.yaml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/skywalking.yaml:727: update your workflow using https://app.stepsecurity.io/secureworkflow/apache/skywalking/skywalking.yaml/master?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/skywalking.yaml:732: update your workflow using https://app.stepsecurity.io/secureworkflow/apache/skywalking/skywalking.yaml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/skywalking.yaml:735: update your workflow using https://app.stepsecurity.io/secureworkflow/apache/skywalking/skywalking.yaml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/skywalking.yaml:744: update your workflow using https://app.stepsecurity.io/secureworkflow/apache/skywalking/skywalking.yaml/master?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/skywalking.yaml:750: update your workflow using https://app.stepsecurity.io/secureworkflow/apache/skywalking/skywalking.yaml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/skywalking.yaml:756: update your workflow using https://app.stepsecurity.io/secureworkflow/apache/skywalking/skywalking.yaml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/skywalking.yaml:779: update your workflow using https://app.stepsecurity.io/secureworkflow/apache/skywalking/skywalking.yaml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/skywalking.yaml:872: update your workflow using https://app.stepsecurity.io/secureworkflow/apache/skywalking/skywalking.yaml/master?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/skywalking.yaml:877: update your workflow using https://app.stepsecurity.io/secureworkflow/apache/skywalking/skywalking.yaml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/skywalking.yaml:880: update your workflow using https://app.stepsecurity.io/secureworkflow/apache/skywalking/skywalking.yaml/master?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/skywalking.yaml:890: update your workflow using https://app.stepsecurity.io/secureworkflow/apache/skywalking/skywalking.yaml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/skywalking.yaml:908: update your workflow using https://app.stepsecurity.io/secureworkflow/apache/skywalking/skywalking.yaml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/skywalking.yaml:928: update your workflow using https://app.stepsecurity.io/secureworkflow/apache/skywalking/skywalking.yaml/master?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/skywalking.yaml:933: update your workflow using https://app.stepsecurity.io/secureworkflow/apache/skywalking/skywalking.yaml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/skywalking.yaml:936: update your workflow using https://app.stepsecurity.io/secureworkflow/apache/skywalking/skywalking.yaml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/skywalking.yaml:945: update your workflow using https://app.stepsecurity.io/secureworkflow/apache/skywalking/skywalking.yaml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/skywalking.yaml:950: update your workflow using https://app.stepsecurity.io/secureworkflow/apache/skywalking/skywalking.yaml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/skywalking.yaml:117: update your workflow using https://app.stepsecurity.io/secureworkflow/apache/skywalking/skywalking.yaml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/skywalking.yaml:168: update your workflow using https://app.stepsecurity.io/secureworkflow/apache/skywalking/skywalking.yaml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/skywalking.yaml:172: update your workflow using https://app.stepsecurity.io/secureworkflow/apache/skywalking/skywalking.yaml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/skywalking.yaml:185: update your workflow using https://app.stepsecurity.io/secureworkflow/apache/skywalking/skywalking.yaml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/skywalking.yaml:203: update your workflow using https://app.stepsecurity.io/secureworkflow/apache/skywalking/skywalking.yaml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/skywalking.yaml:207: update your workflow using https://app.stepsecurity.io/secureworkflow/apache/skywalking/skywalking.yaml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/skywalking.yaml:213: update your workflow using https://app.stepsecurity.io/secureworkflow/apache/skywalking/skywalking.yaml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/skywalking.yaml:225: update your workflow using https://app.stepsecurity.io/secureworkflow/apache/skywalking/skywalking.yaml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/skywalking.yaml:811: update your workflow using https://app.stepsecurity.io/secureworkflow/apache/skywalking/skywalking.yaml/master?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/skywalking.yaml:816: update your workflow using https://app.stepsecurity.io/secureworkflow/apache/skywalking/skywalking.yaml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/skywalking.yaml:819: update your workflow using https://app.stepsecurity.io/secureworkflow/apache/skywalking/skywalking.yaml/master?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/skywalking.yaml:829: update your workflow using https://app.stepsecurity.io/secureworkflow/apache/skywalking/skywalking.yaml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/skywalking.yaml:847: update your workflow using https://app.stepsecurity.io/secureworkflow/apache/skywalking/skywalking.yaml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/skywalking.yaml:40: update your workflow using https://app.stepsecurity.io/secureworkflow/apache/skywalking/skywalking.yaml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/skywalking.yaml:53: update your workflow using https://app.stepsecurity.io/secureworkflow/apache/skywalking/skywalking.yaml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/skywalking.yaml:69: update your workflow using https://app.stepsecurity.io/secureworkflow/apache/skywalking/skywalking.yaml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/skywalking.yaml:73: update your workflow using https://app.stepsecurity.io/secureworkflow/apache/skywalking/skywalking.yaml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/skywalking.yaml:79: update your workflow using https://app.stepsecurity.io/secureworkflow/apache/skywalking/skywalking.yaml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/skywalking.yaml:277: update your workflow using https://app.stepsecurity.io/secureworkflow/apache/skywalking/skywalking.yaml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/skywalking.yaml:282: update your workflow using https://app.stepsecurity.io/secureworkflow/apache/skywalking/skywalking.yaml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/skywalking.yaml:287: update your workflow using https://app.stepsecurity.io/secureworkflow/apache/skywalking/skywalking.yaml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/skywalking.yaml:982: update your workflow using https://app.stepsecurity.io/secureworkflow/apache/skywalking/skywalking.yaml/master?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/skywalking.yaml:987: update your workflow using https://app.stepsecurity.io/secureworkflow/apache/skywalking/skywalking.yaml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/skywalking.yaml:990: update your workflow using https://app.stepsecurity.io/secureworkflow/apache/skywalking/skywalking.yaml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/skywalking.yaml:999: update your workflow using https://app.stepsecurity.io/secureworkflow/apache/skywalking/skywalking.yaml/master?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/skywalking.yaml:1005: update your workflow using https://app.stepsecurity.io/secureworkflow/apache/skywalking/skywalking.yaml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/skywalking.yaml:1011: update your workflow using https://app.stepsecurity.io/secureworkflow/apache/skywalking/skywalking.yaml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/skywalking.yaml:1063: update your workflow using https://app.stepsecurity.io/secureworkflow/apache/skywalking/skywalking.yaml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/skywalking.yaml:248: update your workflow using https://app.stepsecurity.io/secureworkflow/apache/skywalking/skywalking.yaml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/skywalking.yaml:253: update your workflow using https://app.stepsecurity.io/secureworkflow/apache/skywalking/skywalking.yaml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/skywalking.yaml:258: update your workflow using https://app.stepsecurity.io/secureworkflow/apache/skywalking/skywalking.yaml/master?enable=pin","Warn: containerImage not pinned by hash: docker/data-generator/Dockerfile:19","Warn: containerImage not pinned by hash: docker/oap/Dockerfile:19","Warn: containerImage not pinned by hash: docker/ui/Dockerfile:17: pin your Docker image by updating eclipse-temurin:11-jre to eclipse-temurin:11-jre@sha256:0b8a158ee1c8625bd142e594103edd9feef85f2ecb7ee157e2e635e1fd00c610","Warn: containerImage not pinned by hash: test/e2e-v2/cases/browser/docker/Dockerfile.generate-traffic:16: pin your Docker image by updating python:3.7 to python:3.7@sha256:eedf63967cdb57d8214db38ce21f105003ed4e4d0358f02bedc057341bcf92a0","Warn: containerImage not pinned by hash: test/e2e-v2/cases/browser/docker/Dockerfile.provider:16: pin your Docker image by updating python:3.7 to python:3.7@sha256:eedf63967cdb57d8214db38ce21f105003ed4e4d0358f02bedc057341bcf92a0","Warn: containerImage not pinned by hash: test/e2e-v2/cases/browser/docker/Dockerfile.test-ui:16","Warn: containerImage not pinned by hash: test/e2e-v2/cases/browser/docker/Dockerfile.test-ui:46: pin your Docker image by updating nginx:1.19 to nginx:1.19@sha256:df13abe416e37eb3db4722840dd479b00ba193ac6606e7902331dcea50f4f1f2","Warn: containerImage not pinned by hash: test/e2e-v2/cases/go/service/Dockerfile:17","Warn: containerImage not pinned by hash: test/e2e-v2/cases/go/service/Dockerfile:27: pin your Docker image by updating alpine:3.10 to alpine:3.10@sha256:451eee8bedcb2f029756dc3e9d73bab0e7943c1ac55cff3a4861c52a0fdd3e98","Warn: containerImage not pinned by hash: test/e2e-v2/cases/kafka/Dockerfile.provider:19","Warn: containerImage not pinned by hash: test/e2e-v2/cases/kafka/kafka-monitoring/Dockerfile:17: pin your Docker image by updating bitnami/kafka:2.4.1 to bitnami/kafka:2.4.1@sha256:5828c6695930e68039d739c90e68c912a2adc8c162a556d9003e76a0b97be675","Warn: containerImage not pinned by hash: test/e2e-v2/cases/kafka/log/Dockerfile.fluentd:16: pin your Docker image by updating bitnami/fluentd:1.12.1 to bitnami/fluentd:1.12.1@sha256:762b6371e25075172d950c21194ea11a6bbdfbcbd55efcebb0a830b7c727739d","Warn: containerImage not pinned by hash: test/e2e-v2/cases/kafka/log/Dockerfile.satellite:17","Warn: containerImage not pinned by hash: test/e2e-v2/cases/kafka/log/Dockerfile.satellite:19: pin your Docker image by updating alpine:3.10 to alpine:3.10@sha256:451eee8bedcb2f029756dc3e9d73bab0e7943c1ac55cff3a4861c52a0fdd3e98","Warn: containerImage not pinned by hash: test/e2e-v2/cases/lua/Dockerfile.nginx:16: pin your Docker image by updating openresty/openresty:1.17.8.2-5-alpine-fat to openresty/openresty:1.17.8.2-5-alpine-fat@sha256:d16404a7ea1fed5cd47c6f4e8bf501518b1fa20198f4156199b689aae4e049f9","Warn: containerImage not pinned by hash: test/e2e-v2/cases/nginx/Dockerfile.nginx:16: pin your Docker image by updating openresty/openresty:1.17.8.2-5-alpine-fat to openresty/openresty:1.17.8.2-5-alpine-fat@sha256:d16404a7ea1fed5cd47c6f4e8bf501518b1fa20198f4156199b689aae4e049f9","Warn: containerImage not pinned by hash: test/e2e-v2/cases/nodejs/Dockerfile.nodejs:16: pin your Docker image by updating node:12 to node:12@sha256:01627afeb110b3054ba4a1405541ca095c8bfca1cb6f2be9479c767a2711879e","Warn: containerImage not pinned by hash: test/e2e-v2/cases/php/Dockerfile.php:16","Warn: containerImage not pinned by hash: test/e2e-v2/cases/php/Dockerfile.php:43: pin your Docker image by updating php:8.1-fpm-bullseye to php:8.1-fpm-bullseye@sha256:bf963a103241b5f9db812bacc101022d3af7584054e865c9cc13f597f3a3e252","Warn: containerImage not pinned by hash: test/e2e-v2/cases/profiling/ebpf/continuous/Dockerfile.sqrt:17: pin your Docker image by updating golang:1.17 to golang:1.17@sha256:87262e4a4c7db56158a80a18fefdc4fee5accc41b59cde821e691d05541bbb18","Warn: containerImage not pinned by hash: test/e2e-v2/cases/profiling/ebpf/network/Dockerfile.service:17: pin your Docker image by updating golang:1.17 to golang:1.17@sha256:87262e4a4c7db56158a80a18fefdc4fee5accc41b59cde821e691d05541bbb18","Warn: containerImage not pinned by hash: test/e2e-v2/cases/profiling/ebpf/offcpu/Dockerfile.file:17: pin your Docker image by updating golang:1.17 to golang:1.17@sha256:87262e4a4c7db56158a80a18fefdc4fee5accc41b59cde821e691d05541bbb18","Warn: containerImage not pinned by hash: test/e2e-v2/cases/profiling/ebpf/oncpu/Dockerfile.sqrt:17: pin your Docker image by updating golang:1.17 to golang:1.17@sha256:87262e4a4c7db56158a80a18fefdc4fee5accc41b59cde821e691d05541bbb18","Warn: containerImage not pinned by hash: test/e2e-v2/cases/python/Dockerfile.python:16: pin your Docker image by updating python:3.7 to python:3.7@sha256:eedf63967cdb57d8214db38ce21f105003ed4e4d0358f02bedc057341bcf92a0","Warn: containerImage not pinned by hash: test/e2e-v2/cases/satellite/Dockerfile.satellite:17","Warn: containerImage not pinned by hash: test/e2e-v2/cases/satellite/Dockerfile.satellite:19: pin your Docker image by updating alpine:3.10 to alpine:3.10@sha256:451eee8bedcb2f029756dc3e9d73bab0e7943c1ac55cff3a4861c52a0fdd3e98","Warn: containerImage not pinned by hash: test/e2e-v2/cases/vm/prometheus-node-exporter/Dockerfile.nodeExporter:16: pin your Docker image by updating ubuntu:latest to ubuntu:latest@sha256:7c06e91f61fa88c08cc74f7e1b7c69ae24910d745357e0dfe1d2c0322aaf20f9","Warn: containerImage not pinned by hash: test/e2e-v2/java-test-service/Dockerfile:18","Warn: pipCommand not pinned by hash: test/e2e-v2/cases/browser/docker/Dockerfile.generate-traffic:20","Warn: npmCommand not pinned by hash: test/e2e-v2/cases/browser/docker/Dockerfile.test-ui:41-44","Warn: npmCommand not pinned by hash: test/e2e-v2/cases/nodejs/Dockerfile.nodejs:28","Warn: npmCommand not pinned by hash: test/e2e-v2/cases/nodejs/Dockerfile.nodejs:30","Warn: downloadThenRun not pinned by hash: test/e2e-v2/cases/php/Dockerfile.php:26-32","Warn: pipCommand not pinned by hash: test/e2e-v2/cases/python/Dockerfile.python:26","Warn: downloadThenRun not pinned by hash: test/e2e-v2/script/prepare/setup-e2e-shell/install-istioctl.sh:27","Warn: npmCommand not pinned by hash: .github/workflows/dead-link-checker.yaml:38","Info:   0 out of  50 GitHub-owned GitHubAction dependencies pinned","Info:   7 out of  22 third-party GitHubAction dependencies pinned","Info:   0 out of  28 containerImage dependencies pinned","Info:   0 out of   2 pipCommand dependencies pinned","Info:   0 out of   4 npmCommand dependencies pinned","Info:   0 out of   2 downloadThenRun dependencies pinned","Info:   2 out of   2 goCommand dependencies pinned"],"documentation":{"short":"Determines if the project has declared and pinned the dependencies of its build process.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#pinned-dependencies"}},{"name":"SAST","score":7,"reason":"SAST tool detected but not run on all commits","details":["Info: SAST configuration detected: CodeQL","Warn: 0 commits out of 30 are checked with a SAST tool"],"documentation":{"short":"Determines if the project uses static code analysis.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#sast"}},{"name":"Vulnerabilities","score":0,"reason":"92 existing vulnerabilities detected","details":["Warn: Project is vulnerable to: GHSA-389x-839f-4rhx","Warn: Project is vulnerable to: GHSA-xq3w-v528-46rv","Warn: Project is vulnerable to: GHSA-4g8c-wm8x-jfhw","Warn: Project is vulnerable to: GO-2024-3321 / GHSA-v778-237x-gjrc","Warn: Project is vulnerable to: GO-2025-3487 / GHSA-hcg3-q754-cr77","Warn: Project is vulnerable to: GO-2024-3333","Warn: Project is vulnerable to: GO-2025-3503 / GHSA-qxp5-gwg8-xv66","Warn: Project is vulnerable to: GO-2025-3595 / GHSA-vvgc-356p-c3xw","Warn: Project is vulnerable to: GO-2023-2153 / GHSA-m425-mq94-257g / GHSA-qppj-fm5r-hxr3","Warn: Project is vulnerable to: GO-2023-1988 / GHSA-2wrh-6pvc-2jm9","Warn: Project is vulnerable to: GO-2023-2102 / GHSA-4374-p667-p6c8","Warn: Project is vulnerable to: GO-2024-2687 / GHSA-4v7x-pqxf-cx7m","Warn: Project is vulnerable to: GO-2024-2611 / GHSA-8r3f-844c-mc37","Warn: Project is vulnerable to: GHSA-vmq6-5m68-f53m","Warn: Project is vulnerable to: GHSA-668q-qrv7-99fm","Warn: Project is vulnerable to: GHSA-6v67-2wr5-gvf4","Warn: Project is vulnerable to: GHSA-pr98-23f8-jwxv","Warn: Project is vulnerable to: GHSA-h46c-h94j-95f3","Warn: Project is vulnerable to: GHSA-wf8f-6423-gfxg","Warn: Project is vulnerable to: GHSA-3x8x-79m2-3w2w","Warn: Project is vulnerable to: GHSA-57j2-w4cx-62h2","Warn: Project is vulnerable to: GHSA-jjjh-jjxp-wpff","Warn: Project is vulnerable to: GHSA-rgv9-q543-rqg4","Warn: Project is vulnerable to: GHSA-4jrv-ppp4-jm57","Warn: Project is vulnerable to: GHSA-5mg8-w23w-74h3","Warn: Project is vulnerable to: GHSA-7g45-4rm6-3mm3","Warn: Project is vulnerable to: GHSA-mvr2-9pj6-7w5j","Warn: Project is vulnerable to: GHSA-4gg5-vx3j-xwc7","Warn: Project is vulnerable to: GHSA-735f-pc8j-v9w8","Warn: Project is vulnerable to: GHSA-g5ww-5jh7-63cx","Warn: Project is vulnerable to: GHSA-h4h5-3hr4-j3g2","Warn: Project is vulnerable to: GHSA-pfh2-hfmq-phg5","Warn: Project is vulnerable to: GHSA-6628-q6j9-w8vg","Warn: Project is vulnerable to: GHSA-9hxf-ppjv-w6rq","Warn: Project is vulnerable to: GHSA-cfgp-2977-2fmm","Warn: Project is vulnerable to: GHSA-269q-hmxg-m83q","Warn: Project is vulnerable to: GHSA-5jpm-x58v-624v","Warn: Project is vulnerable to: GHSA-wx5j-54mm-rqqq","Warn: Project is vulnerable to: GHSA-xpw8-rcwv-8f8p","Warn: Project is vulnerable to: GHSA-6mjq-h674-j845","Warn: Project is vulnerable to: GHSA-493p-pfq6-5258","Warn: Project is vulnerable to: GHSA-2x2g-32r7-p4x8","Warn: Project is vulnerable to: GHSA-3j6g-hxx5-3q26","Warn: Project is vulnerable to: GHSA-27hp-xhwr-wr2m","Warn: Project is vulnerable to: GHSA-5j33-cvvr-w245","Warn: Project is vulnerable to: GHSA-7w75-32cg-r6g2","Warn: Project is vulnerable to: GHSA-83qj-6fr2-vhqg","Warn: Project is vulnerable to: GHSA-fccv-jmmp-qg76","Warn: Project is vulnerable to: GHSA-g8pj-r55q-5c2v","Warn: Project is vulnerable to: GHSA-h2fw-rfh5-95r3","Warn: Project is vulnerable to: GHSA-h3gc-qfqq-6h8f","Warn: Project is vulnerable to: GHSA-hfrx-6qgj-fp6c","Warn: Project is vulnerable to: GHSA-p22x-g9px-3945","Warn: Project is vulnerable to: GHSA-q3mw-pvr8-9ggc","Warn: Project is vulnerable to: GHSA-r6j3-px5g-cq3x","Warn: Project is vulnerable to: GHSA-rq2w-37h9-vg94","Warn: Project is vulnerable to: GHSA-wc4r-xq3c-5cf3","Warn: Project is vulnerable to: GHSA-wm9w-rjj3-j356","Warn: Project is vulnerable to: GHSA-v682-8vv8-vpwr","Warn: Project is vulnerable to: GHSA-rc42-6c7j-7h5r","Warn: Project is vulnerable to: GHSA-xf96-w227-r7c4","Warn: Project is vulnerable to: GHSA-36p3-wjmg-h94x","Warn: Project is vulnerable to: GHSA-hh26-6xwr-ggv7","Warn: Project is vulnerable to: GHSA-4gc7-5j7h-4qph","Warn: Project is vulnerable to: GHSA-4wp7-92pw-q264","Warn: Project is vulnerable to: GHSA-g5mm-vmx4-3rg7","Warn: Project is vulnerable to: GHSA-6gf2-pvqw-37ph","Warn: Project is vulnerable to: GHSA-rfmp-97jj-h8m6","Warn: Project is vulnerable to: GHSA-558x-2xjg-6232","Warn: Project is vulnerable to: GHSA-564r-hj7v-mcr5","Warn: Project is vulnerable to: GHSA-9cmq-m9j5-mvww","Warn: Project is vulnerable to: GHSA-wxqc-pxw9-g2p8","Warn: Project is vulnerable to: GHSA-2rmj-mq67-h97g","Warn: Project is vulnerable to: GHSA-2wrp-6fg6-hmc5","Warn: Project is vulnerable to: GHSA-4wrc-f8pq-fpqp","Warn: Project is vulnerable to: GHSA-ccgv-vj62-xf9h","Warn: Project is vulnerable to: GHSA-hgjh-9rj2-g67j","Warn: Project is vulnerable to: GHSA-cx7f-g6mp-7hqm","Warn: Project is vulnerable to: GHSA-g5vr-rgqm-vf78","Warn: Project is vulnerable to: GHSA-w3c8-7r8f-9jp8","Warn: Project is vulnerable to: GHSA-55g7-9cwv-5qfv","Warn: Project is vulnerable to: GHSA-fjpj-2g6w-x25r","Warn: Project is vulnerable to: GHSA-pqr6-cmr2-h8hf","Warn: Project is vulnerable to: GHSA-qcwq-55hx-v3vh","Warn: Project is vulnerable to: GHSA-chfm-68vv-pvw5","Warn: Project is vulnerable to: GHSA-3mc7-4q67-w48m","Warn: Project is vulnerable to: GHSA-98wm-3w3q-mw94","Warn: Project is vulnerable to: GHSA-9w3m-gqgf-c4p9","Warn: Project is vulnerable to: GHSA-c4r9-r8fh-9vj2","Warn: Project is vulnerable to: GHSA-hhhw-99gj-p3c3","Warn: Project is vulnerable to: GHSA-mjmj-j48q-9wg2","Warn: Project is vulnerable to: GHSA-w37g-rhq8-7m4j"],"documentation":{"short":"Determines if the project has open, known unfixed vulnerabilities.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#vulnerabilities"}}]},"last_synced_at":"2025-08-16T22:54:41.986Z","repository_id":37359619,"created_at":"2025-08-16T22:54:41.986Z","updated_at":"2025-08-16T22:54:41.986Z"},"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":274358250,"owners_count":25270678,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","status":"online","status_checked_at":"2025-09-09T02:00:10.223Z","response_time":80,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["apm","dapper","distributed-tracing","ebpf","logging","metrics","observability","open-telemetry","prometheus","service-mesh","skywalking","telegraf","web-performance","zabbix"],"created_at":"2024-07-30T19:01:03.761Z","updated_at":"2025-09-09T20:35:52.238Z","avatar_url":"https://github.com/apache.png","language":"Java","readme":"Apache SkyWalking\n==========\n\n\u003cimg src=\"http://skywalking.apache.org/assets/logo.svg\" alt=\"Sky Walking logo\" height=\"90px\" align=\"right\" /\u003e\n\n**SkyWalking**: an APM (Application Performance Monitoring) system, especially designed for\nmicroservices, cloud native and container-based architectures.\n\n[![GitHub stars](https://img.shields.io/github/stars/apache/skywalking.svg?style=for-the-badge\u0026label=Stars\u0026logo=github)](https://github.com/apache/skywalking)\n[![X Follow](https://img.shields.io/badge/2K%2B-follow?style=for-the-badge\u0026logo=X\u0026label=%40ASFSKYWALKING)](https://x.com/AsfSkyWalking)\n\n![GitHub Release](https://img.shields.io/github/v/release/apache/skywalking)\n\n# Abstract\n**SkyWalking** is an open-source APM system that provides monitoring, tracing and diagnosing capabilities for distributed systems in Cloud Native architectures.\n\n\n* Distributed Tracing\n  * End-to-end distributed tracing. Service topology analysis, service-centric observability and APIs dashboards.\n* Agents for your stack\n  * Java, .Net Core, PHP, NodeJS, Golang, LUA, Rust, C++, Client JavaScript and Python agents with active development and maintenance.\n* eBPF early adoption\n  * Rover agent works as a monitor and profiler powered by eBPF to monitor Kubernetes deployments and diagnose CPU and network performance.\n* Scaling\n  * 100+ billion telemetry data could be collected and analyzed from one SkyWalking cluster.\n* Mature Telemetry Ecosystems Supported\n  * Metrics, Traces, and Logs from mature ecosystems are supported, e.g. Zipkin, OpenTelemetry, Prometheus, Zabbix, Fluentd\n* Native APM Database\n  * BanyanDB, an observability database, created in 2022, aims to ingest, analyze and store telemetry/observability data.\n* Consistent Metrics Aggregation\n  * SkyWalking native meter format and widely known metrics format(OpenTelemetry, Telegraf, Zabbix, e.g.) are processed through the same script pipeline.\n* Log Management Pipeline\n  * Support log formatting, extract metrics, various sampling policies through script pipeline in high performance.\n* Alerting and Telemetry Pipelines\n  * Support service-centric, deployment-centric, API-centric alarm rule setting. Support forwarding alarms and all telemetry data to 3rd party.\n* AI Power Enabled\n  * Machine Learning (ML) and Artificial Intelligence (AI) analyze observability data to identify patterns and enhance capabilities, such as recognizing HTTP URI patterns and automatically calculating metric baselines for intelligent alerting, improving anomaly detection.\n\n\u003cimg src=\"https://skywalking.apache.org/images/home/architecture.svg?t=20220516\"/\u003e\n\n# Live Demo\n- Find the [SkyWalking live demo with native UI and Grafana](https://skywalking.apache.org/#demo), and [screenshots](https://skywalking.apache.org/#arch) on our website.\n- Follow the [showcase](https://skywalking.apache.org/docs/skywalking-showcase/next/readme/) to set up a preview deployment quickly.\n\n# Documentation\n- [Official documentation](https://skywalking.apache.org/docs/#SkyWalking)\n\n# Downloads\nPlease head to the [releases page](https://skywalking.apache.org/downloads/) to download a release of Apache SkyWalking.\n\n# Compiling project\nFollow this [document](docs/en/guides/How-to-build.md).\n\n# Code of conduct\nThis project adheres to the Contributor Covenant [code of conduct](https://www.apache.org/foundation/policies/conduct). By participating, you are expected to uphold this code.\nPlease follow the [REPORTING GUIDELINES](https://www.apache.org/foundation/policies/conduct#reporting-guidelines) to report unacceptable behavior.\n\n# Contact Us\n* Mail list: **dev@skywalking.apache.org**. Mail to `dev-subscribe@skywalking.apache.org`, follow the reply to subscribe the mail list.\n* Send `Request to join SkyWalking slack` mail to the mail list(`dev@skywalking.apache.org`), we will invite you in.\n* For Chinese speaker, send `[CN] Request to join SkyWalking slack` mail to the mail list(`dev@skywalking.apache.org`), we will invite you in.\n* Twitter, [ASFSkyWalking](https://twitter.com/AsfSkyWalking)\n* [bilibili B站 视频](https://space.bilibili.com/390683219)\n* [掘金](https://juejin.cn/user/13673577331607/posts)\n  \n# Our Users\nHundreds of companies and organizations use SkyWalking for research, production, and commercial purposes.\nVisit our [website](http://skywalking.apache.org/users/) to find the user page.\n\n# License\n[Apache 2.0 License.](LICENSE)\n","funding_links":[],"categories":["Java","Continuous Monitoring","微服务生态","Components","Framework","HarmonyOS","后端开发框架及项目","应用分析与监控","prometheus","Monitor","Distributed Tracing","Tooling— Observability and Cost Optimization","Tracing \u0026 Profiling"],"sub_categories":["Container Orchestration","Storage","Design pattern","Windows Manager","管理面板","SkyWalking"],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fapache%2Fskywalking","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fapache%2Fskywalking","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fapache%2Fskywalking/lists"}