{"id":42254635,"url":"https://github.com/bandprotocol/go-owasm","last_synced_at":"2026-01-27T05:18:37.539Z","repository":{"id":38334557,"uuid":"268273968","full_name":"bandprotocol/go-owasm","owner":"bandprotocol","description":"Go-binding for Oracle WebAssembly (Owasm) execution with Wasmer","archived":false,"fork":false,"pushed_at":"2024-11-18T07:01:49.000Z","size":114270,"stargazers_count":2,"open_issues_count":2,"forks_count":6,"subscribers_count":7,"default_branch":"master","last_synced_at":"2024-11-18T08:19:38.312Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":"","language":"Go","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/bandprotocol.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2020-05-31T12:20:04.000Z","updated_at":"2024-04-30T08:19:26.000Z","dependencies_parsed_at":"2023-02-12T21:00:37.648Z","dependency_job_id":"cc84c442-de5c-40dd-98e4-acc5eeec60fc","html_url":"https://github.com/bandprotocol/go-owasm","commit_stats":null,"previous_names":[],"tags_count":9,"template":false,"template_full_name":null,"purl":"pkg:github/bandprotocol/go-owasm","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/bandprotocol%2Fgo-owasm","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/bandprotocol%2Fgo-owasm/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/bandprotocol%2Fgo-owasm/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/bandprotocol%2Fgo-owasm/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/bandprotocol","download_url":"https://codeload.github.com/bandprotocol/go-owasm/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/bandprotocol%2Fgo-owasm/sbom","scorecard":{"id":225064,"data":{"date":"2025-08-11","repo":{"name":"github.com/bandprotocol/go-owasm","commit":"039ae798c0bf357c687387e584bf6f5a9b64e56e"},"scorecard":{"version":"v5.2.1-40-gf6ed084d","commit":"f6ed084d17c9236477efd66e5b258b9d4cc7b389"},"score":2.7,"checks":[{"name":"Binary-Artifacts","score":7,"reason":"binaries present in source code","details":["Warn: binary detected: api/libgo_owasm.dylib:1","Warn: binary detected: api/libgo_owasm.so:1","Warn: binary detected: wasm/test.wasm:1"],"documentation":{"short":"Determines if the project has generated executable (binary) artifacts in the source repository.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#binary-artifacts"}},{"name":"Maintained","score":0,"reason":"0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0","details":null,"documentation":{"short":"Determines if the project is \"actively maintained\".","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#maintained"}},{"name":"Code-Review","score":8,"reason":"Found 5/6 approved changesets -- score normalized to 8","details":null,"documentation":{"short":"Determines if the project requires human code review before pull requests (aka merge requests) are merged.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#code-review"}},{"name":"Dangerous-Workflow","score":10,"reason":"no dangerous workflow patterns detected","details":null,"documentation":{"short":"Determines if the project's GitHub Action workflows avoid dangerous patterns.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#dangerous-workflow"}},{"name":"Packaging","score":-1,"reason":"packaging workflow not detected","details":["Warn: no GitHub/GitLab publishing workflow detected."],"documentation":{"short":"Determines if the project is published as a package that others can easily download, install, easily update, and uninstall.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#packaging"}},{"name":"Token-Permissions","score":0,"reason":"detected GitHub workflow tokens with excessive permissions","details":["Warn: no topLevel permission defined: .github/workflows/build.yaml:1","Warn: no topLevel permission defined: .github/workflows/ci.yaml:1","Warn: no topLevel permission defined: .github/workflows/release.yaml:1","Info: no jobLevel write permissions found"],"documentation":{"short":"Determines if the project's workflows follow the principle of least privilege.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#token-permissions"}},{"name":"CII-Best-Practices","score":0,"reason":"no effort to earn an OpenSSF best practices badge detected","details":null,"documentation":{"short":"Determines if the project has an OpenSSF (formerly CII) Best Practices Badge.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#cii-best-practices"}},{"name":"Security-Policy","score":0,"reason":"security policy file not detected","details":["Warn: no security policy file detected","Warn: no security file to analyze","Warn: no security file to analyze","Warn: no security file to analyze"],"documentation":{"short":"Determines if the project has published a security policy.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#security-policy"}},{"name":"Fuzzing","score":0,"reason":"project is not fuzzed","details":["Warn: no fuzzer integrations found"],"documentation":{"short":"Determines if the project uses fuzzing.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#fuzzing"}},{"name":"License","score":0,"reason":"license file not detected","details":["Warn: project does not have a license file"],"documentation":{"short":"Determines if the project has defined a license.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#license"}},{"name":"Signed-Releases","score":0,"reason":"Project has not signed or included provenance with any releases.","details":["Warn: release artifact v0.3.1 not signed: https://api.github.com/repos/bandprotocol/go-owasm/releases/153443118","Warn: release artifact v0.2.3 not signed: https://api.github.com/repos/bandprotocol/go-owasm/releases/89870526","Warn: release artifact v0.3.1 does not have provenance: https://api.github.com/repos/bandprotocol/go-owasm/releases/153443118","Warn: release artifact v0.2.3 does not have provenance: https://api.github.com/repos/bandprotocol/go-owasm/releases/89870526"],"documentation":{"short":"Determines if the project cryptographically signs release artifacts.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#signed-releases"}},{"name":"Branch-Protection","score":-1,"reason":"internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration","details":null,"documentation":{"short":"Determines if the default and release branches are protected with GitHub's branch protection settings.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#branch-protection"}},{"name":"Pinned-Dependencies","score":0,"reason":"dependency not pinned by hash detected -- score normalized to 0","details":["Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build.yaml:23: update your workflow using https://app.stepsecurity.io/secureworkflow/bandprotocol/go-owasm/build.yaml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build.yaml:30: update your workflow using https://app.stepsecurity.io/secureworkflow/bandprotocol/go-owasm/build.yaml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build.yaml:40: update your workflow using https://app.stepsecurity.io/secureworkflow/bandprotocol/go-owasm/build.yaml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build.yaml:47: update your workflow using https://app.stepsecurity.io/secureworkflow/bandprotocol/go-owasm/build.yaml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build.yaml:60: update your workflow using https://app.stepsecurity.io/secureworkflow/bandprotocol/go-owasm/build.yaml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build.yaml:63: update your workflow using https://app.stepsecurity.io/secureworkflow/bandprotocol/go-owasm/build.yaml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build.yaml:69: update your workflow using https://app.stepsecurity.io/secureworkflow/bandprotocol/go-owasm/build.yaml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yaml:9: update your workflow using https://app.stepsecurity.io/secureworkflow/bandprotocol/go-owasm/ci.yaml/master?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/ci.yaml:12: update your workflow using https://app.stepsecurity.io/secureworkflow/bandprotocol/go-owasm/ci.yaml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yaml:18: update your workflow using https://app.stepsecurity.io/secureworkflow/bandprotocol/go-owasm/ci.yaml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yaml:29: update your workflow using https://app.stepsecurity.io/secureworkflow/bandprotocol/go-owasm/ci.yaml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yaml:37: update your workflow using https://app.stepsecurity.io/secureworkflow/bandprotocol/go-owasm/ci.yaml/master?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/ci.yaml:51: update your workflow using https://app.stepsecurity.io/secureworkflow/bandprotocol/go-owasm/ci.yaml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release.yaml:13: update your workflow using https://app.stepsecurity.io/secureworkflow/bandprotocol/go-owasm/release.yaml/master?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/release.yaml:29: update your workflow using https://app.stepsecurity.io/secureworkflow/bandprotocol/go-owasm/release.yaml/master?enable=pin","Warn: containerImage not pinned by hash: build/Dockerfile.alpine:1: pin your Docker image by updating golang:1.20.10-alpine to golang:1.20.10-alpine@sha256:cd83dbc874245451226392246bc3f08fbae9138e9fa387dab8e9404788c4a5a2","Warn: containerImage not pinned by hash: build/Dockerfile.linux:1: pin your Docker image by updating centos:centos7 to centos:centos7@sha256:be65f488b7764ad3638f236b7b515b3678369a5124c47b8d32916d6487418ea4","Warn: containerImage not pinned by hash: build/Dockerfile.osx:1: pin your Docker image by updating rust:1.73.0-bullseye to rust:1.73.0-bullseye@sha256:fbc99ade5c476a8d602192a1bf8d50ae3361469c160d55a34379905ad4f82ae5","Info:   0 out of  12 GitHub-owned GitHubAction dependencies pinned","Info:   0 out of   3 third-party GitHubAction dependencies pinned","Info:   0 out of   3 containerImage dependencies pinned"],"documentation":{"short":"Determines if the project has declared and pinned the dependencies of its build process.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#pinned-dependencies"}},{"name":"SAST","score":0,"reason":"SAST tool is not run on all commits -- score normalized to 0","details":["Warn: 0 commits out of 30 are checked with a SAST tool"],"documentation":{"short":"Determines if the project uses static code analysis.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#sast"}},{"name":"Vulnerabilities","score":0,"reason":"12 existing vulnerabilities detected","details":["Warn: Project is vulnerable to: GO-2022-0603 / GHSA-hp87-p4gw-j4gq","Warn: Project is vulnerable to: RUSTSEC-2021-0139","Warn: Project is vulnerable to: RUSTSEC-2021-0145 / GHSA-g98v-hv3f-hcfr","Warn: Project is vulnerable to: RUSTSEC-2024-0375","Warn: Project is vulnerable to: RUSTSEC-2022-0078 / GHSA-f85w-wvc7-crwc","Warn: Project is vulnerable to: RUSTSEC-2019-0036 / RUSTSEC-2020-0036 / GHSA-jq66-xh47-j9f3 / GHSA-r98r-j25q-rmpr","Warn: Project is vulnerable to: RUSTSEC-2024-0384","Warn: Project is vulnerable to: RUSTSEC-2020-0168","Warn: Project is vulnerable to: RUSTSEC-2022-0061","Warn: Project is vulnerable to: RUSTSEC-2024-0370","Warn: Project is vulnerable to: RUSTSEC-2023-0018 / GHSA-mc8h-8q98-g5hr","Warn: Project is vulnerable to: GHSA-55f3-3qvg-8pv5"],"documentation":{"short":"Determines if the project has open, known unfixed vulnerabilities.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#vulnerabilities"}}]},"last_synced_at":"2025-08-17T03:35:51.977Z","repository_id":38334557,"created_at":"2025-08-17T03:35:51.977Z","updated_at":"2025-08-17T03:35:51.977Z"},"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":28803650,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-01-27T03:44:14.111Z","status":"ssl_error","status_checked_at":"2026-01-27T03:43:33.507Z","response_time":168,"last_error":"SSL_read: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2026-01-27T05:18:37.479Z","updated_at":"2026-01-27T05:18:37.531Z","avatar_url":"https://github.com/bandprotocol.png","language":"Go","funding_links":[],"categories":[],"sub_categories":[],"readme":"# Go-owasm\n\nGo-owasm, is a repository designed as a Go wrapper for the [owasm-vm](https://github.com/bandprotocol/owasm/tree/master/packages/vm), enabling seamless compilation and execution of Oracle scripts within Go. This project primarily caters to the [x/oracle](https://github.com/bandprotocol/chain/tree/master/x/oracle) module in BandChain.\n\n## Project structure\n\nThis repository contains code written in both Rust and Go. The Rust code is compiled to produce a library (`.dylib`, `.so`, `.a`). This library is then linked via cgo and encapsulated within Go. The build process involves compiling the Rust code into a C library and subsequently linking that library with the Go code. Additionally, pre-compiled libraries are included, facilitating users to import the package and directly utilize the library.\n\n### libgo_owasm\n\nThe `./libgo_owasm` directory contains Rust code, which is compiled into a library compatible with cgo, thereby enabling its usage within Golang. Please refer to the instructions for compiling it [here](#compile-shared-and-static-libraries).\n\n### api\n\nThe `./api` directory, section comprises Go code that interfaces with the library from [libgo_owasm](#libgo_owasm). It also incorporates the pre-compiled libraries within the folder.\n\n### build\n\nThe `./build` directory contains scripts and docker files for building the library from Rust code.\n\n### .github\n\nThe `./github` directory, section contains GitHub Action code that aids in testing, building libraries, and releasing packages.\n\n## Development\n\nIf you make updates to owasm-vm or the Rust code, it's essential to [generate bindings.sh](#generate-bindingsh-for-go) and [compile libraries](#compile-shared-and-static-libraries) to update the compiled library within the project, thereby ensuring the go-owasm package incorporates the latest version of the Owasm-vm library.\n\n### Generate bindings.h for go\n\n```sh\ncd libgo_owasm \u0026\u0026 cargo build --release\n```\n\n### Compile shared and static libraries\n\nCurrently, the libraries can only be built on Linux and OS X using x86_64 architecture. If you are operating on an unsupported platform, you can push the code to GitHub to trigger a suite of GitHub Actions which will test and compile the library for you.\n\nYou can use the commands below to build the libraries on Linux (x86_64) and OS X (x86_64).\n\n```sh\n# Run test\ncd libgo_owasm \u0026\u0026 cargo test\n\n# Build docker images used to compile the Rust code\nmake docker-images\n\n# Run the docker images to build the libraries\nmake releases\n```\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fbandprotocol%2Fgo-owasm","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fbandprotocol%2Fgo-owasm","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fbandprotocol%2Fgo-owasm/lists"}