{"id":13604744,"url":"https://github.com/apache/tomcat","last_synced_at":"2025-11-12T21:44:23.281Z","repository":{"id":37405770,"uuid":"2493904","full_name":"apache/tomcat","owner":"apache","description":"Apache Tomcat","archived":false,"fork":false,"pushed_at":"2025-11-12T16:01:14.000Z","size":189039,"stargazers_count":8004,"open_issues_count":23,"forks_count":5293,"subscribers_count":475,"default_branch":"main","last_synced_at":"2025-11-12T21:44:16.526Z","etag":null,"topics":["http","java","javaee","network-server","tomcat"],"latest_commit_sha":null,"homepage":"https://tomcat.apache.org","language":"Java","has_issues":false,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/apache.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":"CONTRIBUTING.md","funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2011-10-01T07:00:19.000Z","updated_at":"2025-11-12T15:54:34.000Z","dependencies_parsed_at":"2023-09-22T19:23:38.258Z","dependency_job_id":"f5696f47-cbb0-444b-a06f-30691c1dafea","html_url":"https://github.com/apache/tomcat","commit_stats":{"total_commits":25928,"total_committers":159,"mean_commits":163.0691823899371,"dds":"0.30823819808701014","last_synced_commit":"543e2b56bc8ccbde973366975b211b61408caf8a"},"previous_names":[],"tags_count":463,"template":false,"template_full_name":null,"purl":"pkg:github/apache/tomcat","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/apache%2Ftomcat","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/apache%2Ftomcat/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/apache%2Ftomcat/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/apache%2Ftomcat/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/apache","download_url":"https://codeload.github.com/apache/tomcat/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/apache%2Ftomcat/sbom","scorecard":{"id":201696,"data":{"date":"2025-08-11","repo":{"name":"github.com/apache/tomcat","commit":"cb6d461098a46924035fc4c00a25ce40cc46b544"},"scorecard":{"version":"v5.2.1-40-gf6ed084d","commit":"f6ed084d17c9236477efd66e5b258b9d4cc7b389"},"score":5.2,"checks":[{"name":"Code-Review","score":0,"reason":"Found 2/30 approved changesets -- score normalized to 0","details":null,"documentation":{"short":"Determines if the project requires human code review before pull requests (aka merge requests) are merged.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#code-review"}},{"name":"Maintained","score":10,"reason":"30 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 10","details":null,"documentation":{"short":"Determines if the project is \"actively maintained\".","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#maintained"}},{"name":"Packaging","score":-1,"reason":"packaging workflow not detected","details":["Warn: no GitHub/GitLab publishing workflow detected."],"documentation":{"short":"Determines if the project is published as a package that others can easily download, install, easily update, and uninstall.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#packaging"}},{"name":"Dangerous-Workflow","score":10,"reason":"no dangerous workflow patterns detected","details":null,"documentation":{"short":"Determines if the project's GitHub Action workflows avoid dangerous patterns.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#dangerous-workflow"}},{"name":"CII-Best-Practices","score":0,"reason":"no effort to earn an OpenSSF best practices badge detected","details":null,"documentation":{"short":"Determines if the project has an OpenSSF (formerly CII) Best Practices Badge.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#cii-best-practices"}},{"name":"Token-Permissions","score":0,"reason":"detected GitHub workflow tokens with excessive permissions","details":["Warn: no topLevel permission defined: .github/workflows/ci.yml:1","Warn: no topLevel permission defined: .github/workflows/validate.yml:1","Info: no jobLevel write permissions found"],"documentation":{"short":"Determines if the project's workflows follow the principle of least privilege.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#token-permissions"}},{"name":"License","score":10,"reason":"license file detected","details":["Info: project has a license file: LICENSE:0","Info: FSF or OSI recognized license: Apache License 2.0: LICENSE:0"],"documentation":{"short":"Determines if the project has defined a license.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#license"}},{"name":"Signed-Releases","score":-1,"reason":"no releases found","details":null,"documentation":{"short":"Determines if the project cryptographically signs release artifacts.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#signed-releases"}},{"name":"Branch-Protection","score":-1,"reason":"internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration","details":null,"documentation":{"short":"Determines if the default and release branches are protected with GitHub's branch protection settings.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#branch-protection"}},{"name":"Security-Policy","score":10,"reason":"security policy file detected","details":["Info: security policy file detected: github.com/apache/.github/.github/SECURITY.md:1","Info: Found linked content: github.com/apache/.github/.github/SECURITY.md:1","Info: Found disclosure, vulnerability, and/or timelines in security policy: github.com/apache/.github/.github/SECURITY.md:1","Info: Found text in security policy: github.com/apache/.github/.github/SECURITY.md:1"],"documentation":{"short":"Determines if the project has published a security policy.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#security-policy"}},{"name":"Binary-Artifacts","score":0,"reason":"binaries present in source code","details":["Warn: binary detected: test/deployment/context.jar:1","Warn: binary detected: test/deployment/dir with spaces/context.jar:1","Warn: binary detected: test/webapp-fragments-empty-absolute-ordering/WEB-INF/lib/resources.jar:1","Warn: binary detected: test/webapp-fragments/WEB-INF/lib/resources.jar:1","Warn: binary detected: test/webapp-fragments/WEB-INF/lib/resources2.jar:1","Warn: binary detected: test/webapp-virtual-webapp/src/main/webapp-a/WEB-INF/lib/rsrc.jar:1","Warn: binary detected: test/webapp/WEB-INF/classes/org/apache/tomcat/Bug58096.class:1","Warn: binary detected: test/webapp/WEB-INF/lib/bug69135-lib.jar:1","Warn: binary detected: test/webapp/WEB-INF/lib/test-lib.jar:1","Warn: binary detected: test/webresources/dir1-internal.jar:1","Warn: binary detected: test/webresources/dir1.jar:1","Warn: binary detected: test/webresources/non-static-resources.jar:1","Warn: binary detected: test/webresources/static-resources.jar:1","Warn: binary detected: webapps/examples/WEB-INF/lib/taglibs-standard-impl-1.2.5-migrated-0.0.1.jar:1","Warn: binary detected: webapps/examples/WEB-INF/lib/taglibs-standard-spec-1.2.5-migrated-0.0.1.jar:1"],"documentation":{"short":"Determines if the project has generated executable (binary) artifacts in the source repository.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#binary-artifacts"}},{"name":"SAST","score":0,"reason":"SAST tool is not run on all commits -- score normalized to 0","details":["Warn: 0 commits out of 2 are checked with a SAST tool"],"documentation":{"short":"Determines if the project uses static code analysis.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#sast"}},{"name":"Fuzzing","score":10,"reason":"project is fuzzed","details":["Info: OSSFuzz integration found"],"documentation":{"short":"Determines if the project uses fuzzing.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#fuzzing"}},{"name":"Pinned-Dependencies","score":0,"reason":"dependency not pinned by hash detected -- score normalized to 0","details":["Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:51: update your workflow using https://app.stepsecurity.io/secureworkflow/apache/tomcat/ci.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:53: update your workflow using https://app.stepsecurity.io/secureworkflow/apache/tomcat/ci.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:65: update your workflow using https://app.stepsecurity.io/secureworkflow/apache/tomcat/ci.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/validate.yml:37: update your workflow using https://app.stepsecurity.io/secureworkflow/apache/tomcat/validate.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/validate.yml:39: update your workflow using https://app.stepsecurity.io/secureworkflow/apache/tomcat/validate.yml/main?enable=pin","Warn: containerImage not pinned by hash: modules/stuffed/Dockerfile:17: pin your Docker image by updating eclipse-temurin:22-jre to eclipse-temurin:22-jre@sha256:a94532aaca0997d728c6f88927f2209d383a185fbbf7398c8dc41bf4ffd21118","Warn: containerImage not pinned by hash: modules/stuffed/DockerfileGraal:17: pin your Docker image by updating busybox:glibc to busybox:glibc@sha256:facb103d02c3e0fcf34e272264b7d7deea98e1b2861075d2c9c4dd329d4c1c0d","Info:   0 out of   5 GitHub-owned GitHubAction dependencies pinned","Info:   0 out of   2 containerImage dependencies pinned"],"documentation":{"short":"Determines if the project has declared and pinned the dependencies of its build process.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#pinned-dependencies"}},{"name":"Vulnerabilities","score":10,"reason":"0 existing vulnerabilities detected","details":null,"documentation":{"short":"Determines if the project has open, known unfixed vulnerabilities.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#vulnerabilities"}}]},"last_synced_at":"2025-08-16T22:56:30.940Z","repository_id":37405770,"created_at":"2025-08-16T22:56:30.941Z","updated_at":"2025-08-16T22:56:30.941Z"},"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":284115869,"owners_count":26949957,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","status":"online","status_checked_at":"2025-11-12T02:00:06.336Z","response_time":59,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["http","java","javaee","network-server","tomcat"],"created_at":"2024-08-01T19:00:50.762Z","updated_at":"2025-11-12T21:44:23.261Z","avatar_url":"https://github.com/apache.png","language":"Java","readme":"## Welcome to Apache Tomcat!\n\n### What Is It?\n\nThe Apache Tomcat® software is an open source implementation of the Jakarta\nServlet, Jakarta Pages, Jakarta Expression Language and Jakarta WebSocket\ntechnologies. The Jakarta Servlet, Jakarta Pages, Jakarta Expression Language and\nJakarta WebSocket specifications are developed as part of the\n[Jakarta EE Platform](https://jakarta.ee/specifications/).\n\nThe Apache Tomcat software is developed in an open and participatory\nenvironment and released under the\n[Apache License version 2](https://www.apache.org/licenses/). The Apache Tomcat\nproject is intended to be a collaboration of the best-of-breed developers from\naround the world. We invite you to participate in this open development\nproject. To learn more about getting involved,\n[click here](https://tomcat.apache.org/getinvolved.html) or keep reading.\n\nApache Tomcat software powers numerous large-scale, mission-critical web\napplications across a diverse range of industries and organizations. Some of\nthese users and their stories are listed on the\n[PoweredBy wiki page](https://cwiki.apache.org/confluence/display/TOMCAT/PoweredBy).\n\nApache Tomcat, Tomcat, Apache, the Apache feather, and the Apache Tomcat\nproject logo are trademarks of the Apache Software Foundation.\n\n### Get It\n\nFor every major Tomcat version there is one download page containing\nlinks to the latest binary and source code downloads, but also\nlinks for browsing the download directories and archives:\n- [Tomcat 11](https://tomcat.apache.org/download-11.cgi)\n- [Tomcat 10](https://tomcat.apache.org/download-10.cgi)\n- [Tomcat 9](https://tomcat.apache.org/download-90.cgi)\n\nTo facilitate choosing the right major Tomcat version one, we have provided a\n[version overview page](https://tomcat.apache.org/whichversion.html).\n\n### Documentation\n\nThe documentation available as of the date of this release is\nincluded in the docs webapp which ships with tomcat. You can access that webapp\nby starting tomcat and visiting \u003chttp://localhost:8080/docs/\u003e in your browser.\nThe most up-to-date documentation for each version can be found at:\n- [Tomcat 11](https://tomcat.apache.org/tomcat-11.0-doc/)\n- [Tomcat 10](https://tomcat.apache.org/tomcat-10.1-doc/)\n- [Tomcat 9](https://tomcat.apache.org/tomcat-9.0-doc/)\n\n### Installation\n\nPlease see [RUNNING.txt](RUNNING.txt) for more info.\n\n### Licensing\n\nPlease see [LICENSE](LICENSE) for more info.\n\n### Support and Mailing List Information\n\n* Free community support is available through the\n[tomcat-users](https://tomcat.apache.org/lists.html#tomcat-users) email list and\na dedicated [IRC channel](https://tomcat.apache.org/irc.html) (#tomcat on\nFreenode).\n\n* If you want freely available support for running Apache Tomcat, please see the\nresources page [here](https://tomcat.apache.org/findhelp.html).\n\n* If you want to be informed about new code releases, bug fixes,\nsecurity fixes, general news and information about Apache Tomcat, please\nsubscribe to the\n[tomcat-announce](https://tomcat.apache.org/lists.html#tomcat-announce) email\nlist.\n\n* If you have a concrete bug report for Apache Tomcat, please see the\ninstructions for reporting a bug\n[here](https://tomcat.apache.org/bugreport.html).\n\n### Contributing\n\nPlease see [CONTRIBUTING](CONTRIBUTING.md) for more info.\n","funding_links":[],"categories":["Java","III. Network and Integration","网络编程"],"sub_categories":["1. Servers (Web Server and Application Server)"],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fapache%2Ftomcat","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fapache%2Ftomcat","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fapache%2Ftomcat/lists"}