{"id":13461539,"url":"https://github.com/bufbuild/buf","last_synced_at":"2026-02-03T22:15:02.796Z","repository":{"id":37269784,"uuid":"212465715","full_name":"bufbuild/buf","owner":"bufbuild","description":"The best way of working with Protocol Buffers.","archived":false,"fork":false,"pushed_at":"2025-09-03T16:17:57.000Z","size":27880,"stargazers_count":10219,"open_issues_count":55,"forks_count":315,"subscribers_count":78,"default_branch":"main","last_synced_at":"2025-09-03T18:15:08.096Z","etag":null,"topics":["buf-cli","buf-schema-registry","grpc","protobuf","protoc","protocol-buffers"],"latest_commit_sha":null,"homepage":"https://buf.build","language":"Go","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/bufbuild.png","metadata":{"files":{"readme":"README.md","changelog":"CHANGELOG.md","contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":".github/CODEOWNERS","security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":null,"dco":null,"cla":null}},"created_at":"2019-10-03T00:09:57.000Z","updated_at":"2025-09-03T16:16:58.000Z","dependencies_parsed_at":"2023-12-20T07:52:20.977Z","dependency_job_id":"bd44fa2d-c524-4716-9b90-0d2dc0148627","html_url":"https://github.com/bufbuild/buf","commit_stats":{"total_commits":2243,"total_committers":78,"mean_commits":"28.756410256410255","dds":0.6781096745430227,"last_synced_commit":"9bb7b2efa8be2383dc911d90206cc349712b31bc"},"previous_names":[],"tags_count":172,"template":false,"template_full_name":null,"purl":"pkg:github/bufbuild/buf","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/bufbuild%2Fbuf","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/bufbuild%2Fbuf/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/bufbuild%2Fbuf/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/bufbuild%2Fbuf/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/bufbuild","download_url":"https://codeload.github.com/bufbuild/buf/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/bufbuild%2Fbuf/sbom","scorecard":{"id":257295,"data":{"date":"2025-08-11","repo":{"name":"github.com/bufbuild/buf","commit":"358895701fdbf5b3d7e6788debbadc5c04365a66"},"scorecard":{"version":"v5.2.1-40-gf6ed084d","commit":"f6ed084d17c9236477efd66e5b258b9d4cc7b389"},"score":5.4,"checks":[{"name":"Code-Review","score":10,"reason":"all changesets reviewed","details":null,"documentation":{"short":"Determines if the project requires human code review before pull requests (aka merge requests) are merged.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#code-review"}},{"name":"Maintained","score":10,"reason":"30 commit(s) and 17 issue activity found in the last 90 days -- score normalized to 10","details":null,"documentation":{"short":"Determines if the project is \"actively maintained\".","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#maintained"}},{"name":"CII-Best-Practices","score":0,"reason":"no effort to earn an OpenSSF best practices badge detected","details":null,"documentation":{"short":"Determines if the project has an OpenSSF (formerly CII) Best Practices Badge.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#cii-best-practices"}},{"name":"Dangerous-Workflow","score":0,"reason":"dangerous workflow patterns detected","details":["Warn: script injection with untrusted input ' github.event.inputs.version || github.head_ref': .github/workflows/build-and-draft-release.yaml:19"],"documentation":{"short":"Determines if the project's GitHub Action workflows avoid dangerous patterns.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#dangerous-workflow"}},{"name":"License","score":10,"reason":"license file detected","details":["Info: project has a license file: LICENSE:0","Info: FSF or OSI recognized license: Apache License 2.0: LICENSE:0"],"documentation":{"short":"Determines if the project has defined a license.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#license"}},{"name":"Token-Permissions","score":0,"reason":"detected GitHub workflow tokens with excessive permissions","details":["Warn: no topLevel permission defined: .github/workflows/add-to-project.yaml:1","Warn: no topLevel permission defined: .github/workflows/back-to-development.yaml:1","Info: topLevel permissions set to 'read-all': .github/workflows/buf-binary-size.yaml:10","Info: topLevel 'contents' permission set to 'read': .github/workflows/buf-ci.yaml:8","Warn: no topLevel permission defined: .github/workflows/build-and-draft-release.yaml:1","Info: topLevel permissions set to 'read-all': .github/workflows/ci.yaml:10","Info: topLevel 'actions' permission set to 'read': .github/workflows/codeql.yaml:7","Info: topLevel 'contents' permission set to 'read': .github/workflows/codeql.yaml:8","Info: topLevel 'pull-requests' permission set to 'read': .github/workflows/codeql.yaml:9","Warn: topLevel 'security-events' permission set to 'write': .github/workflows/codeql.yaml:10","Warn: no topLevel permission defined: .github/workflows/create-release-pr.yaml:1","Info: topLevel permissions set to 'read-all': .github/workflows/docker-publish.yaml:18","Warn: no topLevel permission defined: .github/workflows/make-upgrade.yaml:1","Info: topLevel 'pull-requests' permission set to 'read': .github/workflows/notify-approval-bypass.yaml:9","Info: topLevel 'pull-requests' permission set to 'read': .github/workflows/pr-title.yaml:5","Info: topLevel permissions set to 'read-all': .github/workflows/previous.yaml:10","Warn: no topLevel permission defined: .github/workflows/verify-changelog.yaml:1","Info: topLevel permissions set to 'read-all': .github/workflows/windows.yaml:10","Info: no jobLevel write permissions found"],"documentation":{"short":"Determines if the project's workflows follow the principle of least privilege.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#token-permissions"}},{"name":"Binary-Artifacts","score":10,"reason":"no binaries found in the repo","details":null,"documentation":{"short":"Determines if the project has generated executable (binary) artifacts in the source repository.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#binary-artifacts"}},{"name":"Fuzzing","score":0,"reason":"project is not fuzzed","details":["Warn: no fuzzer integrations found"],"documentation":{"short":"Determines if the project uses fuzzing.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#fuzzing"}},{"name":"Branch-Protection","score":-1,"reason":"internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration","details":null,"documentation":{"short":"Determines if the default and release branches are protected with GitHub's branch protection settings.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#branch-protection"}},{"name":"Security-Policy","score":0,"reason":"security policy file not detected","details":["Warn: no security policy file detected","Warn: no security file to analyze","Warn: no security file to analyze","Warn: no security file to analyze"],"documentation":{"short":"Determines if the project has published a security policy.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#security-policy"}},{"name":"Pinned-Dependencies","score":0,"reason":"dependency not pinned by hash detected -- score normalized to 0","details":["Warn: third-party GitHubAction not pinned by hash: .github/workflows/add-to-project.yaml:20: update your workflow using https://app.stepsecurity.io/secureworkflow/bufbuild/buf/add-to-project.yaml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/back-to-development.yaml:19: update your workflow using https://app.stepsecurity.io/secureworkflow/bufbuild/buf/back-to-development.yaml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/buf-binary-size.yaml:18: update your workflow using https://app.stepsecurity.io/secureworkflow/bufbuild/buf/buf-binary-size.yaml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/buf-binary-size.yaml:20: update your workflow using https://app.stepsecurity.io/secureworkflow/bufbuild/buf/buf-binary-size.yaml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/buf-binary-size.yaml:24: update your workflow using https://app.stepsecurity.io/secureworkflow/bufbuild/buf/buf-binary-size.yaml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/buf-ci.yaml:14: update your workflow using https://app.stepsecurity.io/secureworkflow/bufbuild/buf/buf-ci.yaml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/buf-ci.yaml:15: update your workflow using https://app.stepsecurity.io/secureworkflow/bufbuild/buf/buf-ci.yaml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build-and-draft-release.yaml:29: update your workflow using https://app.stepsecurity.io/secureworkflow/bufbuild/buf/build-and-draft-release.yaml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build-and-draft-release.yaml:33: update your workflow using https://app.stepsecurity.io/secureworkflow/bufbuild/buf/build-and-draft-release.yaml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yaml:18: update your workflow using https://app.stepsecurity.io/secureworkflow/bufbuild/buf/ci.yaml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yaml:20: update your workflow using https://app.stepsecurity.io/secureworkflow/bufbuild/buf/ci.yaml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yaml:24: update your workflow using https://app.stepsecurity.io/secureworkflow/bufbuild/buf/ci.yaml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yaml:36: update your workflow using https://app.stepsecurity.io/secureworkflow/bufbuild/buf/ci.yaml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yaml:54: update your workflow using https://app.stepsecurity.io/secureworkflow/bufbuild/buf/ci.yaml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yaml:56: update your workflow using https://app.stepsecurity.io/secureworkflow/bufbuild/buf/ci.yaml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yaml:60: update your workflow using https://app.stepsecurity.io/secureworkflow/bufbuild/buf/ci.yaml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/ci.yaml:90: update your workflow using https://app.stepsecurity.io/secureworkflow/bufbuild/buf/ci.yaml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/ci.yaml:96: update your workflow using https://app.stepsecurity.io/secureworkflow/bufbuild/buf/ci.yaml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/ci.yaml:98: update your workflow using https://app.stepsecurity.io/secureworkflow/bufbuild/buf/ci.yaml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/ci.yaml:104: update your workflow using https://app.stepsecurity.io/secureworkflow/bufbuild/buf/ci.yaml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/ci.yaml:116: update your workflow using https://app.stepsecurity.io/secureworkflow/bufbuild/buf/ci.yaml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/codeql.yaml:20: update your workflow using https://app.stepsecurity.io/secureworkflow/bufbuild/buf/codeql.yaml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/codeql.yaml:22: update your workflow using https://app.stepsecurity.io/secureworkflow/bufbuild/buf/codeql.yaml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/codeql.yaml:26: update your workflow using https://app.stepsecurity.io/secureworkflow/bufbuild/buf/codeql.yaml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/codeql.yaml:32: update your workflow using https://app.stepsecurity.io/secureworkflow/bufbuild/buf/codeql.yaml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/codeql.yaml:34: update your workflow using https://app.stepsecurity.io/secureworkflow/bufbuild/buf/codeql.yaml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/create-release-pr.yaml:21: update your workflow using https://app.stepsecurity.io/secureworkflow/bufbuild/buf/create-release-pr.yaml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/docker-publish.yaml:36: update your workflow using https://app.stepsecurity.io/secureworkflow/bufbuild/buf/docker-publish.yaml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/docker-publish.yaml:40: update your workflow using https://app.stepsecurity.io/secureworkflow/bufbuild/buf/docker-publish.yaml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/docker-publish.yaml:45: update your workflow using https://app.stepsecurity.io/secureworkflow/bufbuild/buf/docker-publish.yaml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/docker-publish.yaml:47: update your workflow using https://app.stepsecurity.io/secureworkflow/bufbuild/buf/docker-publish.yaml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/docker-publish.yaml:53: update your workflow using https://app.stepsecurity.io/secureworkflow/bufbuild/buf/docker-publish.yaml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/docker-publish.yaml:69: update your workflow using https://app.stepsecurity.io/secureworkflow/bufbuild/buf/docker-publish.yaml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/docker-publish.yaml:87: update your workflow using https://app.stepsecurity.io/secureworkflow/bufbuild/buf/docker-publish.yaml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/emergency-review-bypass.yaml:11: update your workflow using https://app.stepsecurity.io/secureworkflow/bufbuild/buf/emergency-review-bypass.yaml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/make-upgrade.yaml:19: update your workflow using https://app.stepsecurity.io/secureworkflow/bufbuild/buf/make-upgrade.yaml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/make-upgrade.yaml:23: update your workflow using https://app.stepsecurity.io/secureworkflow/bufbuild/buf/make-upgrade.yaml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/notify-approval-bypass.yaml:12: update your workflow using https://app.stepsecurity.io/secureworkflow/bufbuild/buf/notify-approval-bypass.yaml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/pr-title.yaml:18: update your workflow using https://app.stepsecurity.io/secureworkflow/bufbuild/buf/pr-title.yaml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/previous.yaml:21: update your workflow using https://app.stepsecurity.io/secureworkflow/bufbuild/buf/previous.yaml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/previous.yaml:23: update your workflow using https://app.stepsecurity.io/secureworkflow/bufbuild/buf/previous.yaml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/previous.yaml:27: update your workflow using https://app.stepsecurity.io/secureworkflow/bufbuild/buf/previous.yaml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/verify-changelog.yaml:16: update your workflow using https://app.stepsecurity.io/secureworkflow/bufbuild/buf/verify-changelog.yaml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/windows.yaml:25: update your workflow using https://app.stepsecurity.io/secureworkflow/bufbuild/buf/windows.yaml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/windows.yaml:27: update your workflow using https://app.stepsecurity.io/secureworkflow/bufbuild/buf/windows.yaml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/windows.yaml:32: update your workflow using https://app.stepsecurity.io/secureworkflow/bufbuild/buf/windows.yaml/main?enable=pin","Warn: containerImage not pinned by hash: Dockerfile.buf:1","Warn: containerImage not pinned by hash: Dockerfile.buf:16: pin your Docker image by updating alpine:3.22.1 to alpine:3.22.1@sha256:4bcff63911fcb4448bd4fdacec207030997caf25e9bea4045fa6c8c44de311d1","Warn: containerImage not pinned by hash: make/buf/docker/Dockerfile.release:1: pin your Docker image by updating golang:1.24-bookworm to golang:1.24-bookworm@sha256:bdc7cfd953b2701fcd95fd591ea3d788f41e4b74f21f1787b9f9843a28e72196","Info:   4 out of  34 GitHub-owned GitHubAction dependencies pinned","Info:   0 out of  16 third-party GitHubAction dependencies pinned","Info:   1 out of   1 goCommand dependencies pinned","Info:   0 out of   3 containerImage dependencies pinned"],"documentation":{"short":"Determines if the project has declared and pinned the dependencies of its build process.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#pinned-dependencies"}},{"name":"Signed-Releases","score":8,"reason":"5 out of the last 5 releases have a total of 5 signed artifacts.","details":["Info: signed release artifact: sha256.txt.minisig: https://github.com/bufbuild/buf/releases/tag/v1.56.0","Info: signed release artifact: sha256.txt.minisig: https://github.com/bufbuild/buf/releases/tag/v1.55.1","Info: signed release artifact: sha256.txt.minisig: https://github.com/bufbuild/buf/releases/tag/v1.55.0","Info: signed release artifact: sha256.txt.minisig: https://github.com/bufbuild/buf/releases/tag/v1.54.0","Info: signed release artifact: sha256.txt.minisig: https://github.com/bufbuild/buf/releases/tag/v1.53.0","Warn: release artifact v1.56.0 does not have provenance: https://api.github.com/repos/bufbuild/buf/releases/236673999","Warn: release artifact v1.55.1 does not have provenance: https://api.github.com/repos/bufbuild/buf/releases/226001966","Warn: release artifact v1.55.0 does not have provenance: https://api.github.com/repos/bufbuild/buf/releases/225916972","Warn: release artifact v1.54.0 does not have provenance: https://api.github.com/repos/bufbuild/buf/releases/218066113","Warn: release artifact v1.53.0 does not have provenance: https://api.github.com/repos/bufbuild/buf/releases/213713659"],"documentation":{"short":"Determines if the project cryptographically signs release artifacts.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#signed-releases"}},{"name":"Packaging","score":10,"reason":"packaging workflow detected","details":["Info: Project packages its releases by way of GitHub Actions.: .github/workflows/ci.yaml:73"],"documentation":{"short":"Determines if the project is published as a package that others can easily download, install, easily update, and uninstall.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#packaging"}},{"name":"Vulnerabilities","score":9,"reason":"1 existing vulnerabilities detected","details":["Warn: Project is vulnerable to: GO-2025-3829"],"documentation":{"short":"Determines if the project has open, known unfixed vulnerabilities.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#vulnerabilities"}},{"name":"SAST","score":7,"reason":"SAST tool detected but not run on all commits","details":["Info: SAST configuration detected: CodeQL","Warn: 0 commits out of 30 are checked with a SAST tool"],"documentation":{"short":"Determines if the project uses static code analysis.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#sast"}}]},"last_synced_at":"2025-08-17T09:58:38.874Z","repository_id":37269784,"created_at":"2025-08-17T09:58:38.874Z","updated_at":"2025-08-17T09:58:38.874Z"},"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":274357588,"owners_count":25270675,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","status":"online","status_checked_at":"2025-09-09T02:00:10.223Z","response_time":80,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["buf-cli","buf-schema-registry","grpc","protobuf","protoc","protocol-buffers"],"created_at":"2024-07-31T11:00:42.934Z","updated_at":"2025-12-29T19:21:47.836Z","avatar_url":"https://github.com/bufbuild.png","language":"Go","funding_links":[],"categories":["Go","开源类库","gRPC","Open source library","grpc"],"sub_categories":["序列化","Serialization"],"readme":"![The Buf logo](./.github/buf-logo.svg)\n\n# Buf\n\n[![License](https://img.shields.io/github/license/bufbuild/buf?color=blue)](https://github.com/bufbuild/buf/blob/main/LICENSE)\n[![Release](https://img.shields.io/github/v/release/bufbuild/buf?include_prereleases)](https://github.com/bufbuild/buf/releases)\n[![CI](https://github.com/bufbuild/buf/workflows/ci/badge.svg)](https://github.com/bufbuild/buf/actions?workflow=ci)\n[![Docker](https://img.shields.io/docker/pulls/bufbuild/buf)](https://hub.docker.com/r/bufbuild/buf)\n[![Homebrew](https://img.shields.io/homebrew/v/buf)](https://github.com/bufbuild/homebrew-buf)\n[![Slack](https://img.shields.io/badge/slack-buf-%23e01563)][badges_slack]\n\n\u003ca name=\"features\"\u003e\u003c/a\u003e\nThe [`buf`][buf] CLI is the best tool for working with [Protocol Buffers][protobuf]. It provides:\n\n- A [linter][lint_usage] that enforces good API design choices and structure.\n- A [breaking change detector][breaking_tutorial] that enforces compatibility at the source code or wire level.\n- A [generator][generate_usage] that invokes your plugins based on [configuration files][templates].\n- A [formatter][format_usage] that formats your Protobuf files in accordance with industry standards.\n- Integration with the [Buf Schema Registry][bsr], including full dependency management.\n\n## Installation\n\n### Homebrew\n\nYou can install `buf` using [Homebrew][brew] (macOS or Linux):\n\n```sh\nbrew install bufbuild/buf/buf\n```\n\nThis installs:\n\n- The `buf`, [`protoc-gen-buf-breaking`][breaking], and [`protoc-gen-buf-lint`][lint] binaries\n- Shell completion scripts for [Bash], [Fish], [Powershell], and [zsh]\n\n### Other methods\n\nFor other installation methods, see our [official documentation][install], which covers:\n\n- Installing `buf` via [npm]\n- Installing `buf` on [Windows]\n- Using `buf` as a [Docker image][docker]\n- Installing as a [binary], from a [tarball], and from [source] through [GitHub Releases][releases]\n- [Verifying] releases using a [minisign] public key\n\n\n## Usage\n\nBuf's help interface provides summaries for commands and flags:\n\n```sh\nbuf --help\n```\n\nFor more comprehensive usage information, consult Buf's [documentation][docs], especially these guides:\n\n* [`buf breaking`][breaking_tutorial]\n* [`buf build`][build_usage]\n* [`buf generate`][generate_usage]\n* [`buf lint`][lint_usage]\n* [`buf format`][format_usage]\n* [`buf registry`][bsr_quickstart] (for using the [BSR])\n\n## CLI breaking change policy\n\nWe will never make breaking changes within a given major version of the CLI. After `buf` reached v1.0, you can expect no breaking changes until v2.0. But as we have no plans to ever release a v2.0, we will likely never break the `buf` CLI.\n\n\u003e This breaking change policy does _not_ apply to commands behind the `buf beta` gate, and you should expect breaking changes to commands like `buf beta registry`. The policy does go into effect, however, when those commands or flags are elevated out of beta.\n\n## Our goals for Protobuf\n\n[Buf]'s goal is to replace the current paradigm of API development, centered around REST/JSON, with a **schema-driven** paradigm. Defining APIs using an [IDL] provides numerous benefits over REST/JSON, and [Protobuf] is by far the most stable and widely adopted IDL in the industry. We've chosen to build on this widely trusted foundation rather than creating a new IDL from scratch.\n\nBut despite its technical merits, actually _using_ Protobuf has long been more challenging than it needs to be. The Buf CLI and the [BSR](#the-buf-schema-registry) are the cornerstones of our effort to change that for good and to make Protobuf reliable and easy to use for service owners and clients alike—in other words, to create a **modern Protobuf ecosystem**.\n\nWhile we intend to incrementally improve on the `buf` CLI and the [BSR](#the-buf-schema-registry), we're confident that the basic groundwork for such an ecosystem is _already_ in place.\n\n## The Buf Schema Registry\n\nThe [Buf Schema Registry][bsr] (BSR) is a SaaS platform for managing your Protobuf APIs. It provides a centralized registry and a single source of truth for all of your Protobuf assets, including not just your `.proto` files but also [remote plugins][bsr_plugins]. Although the BSR provides an intuitive browser UI, `buf` enables you to perform most BSR-related tasks from the command line, such as [pushing] Protobuf sources to the registry and managing [users] and [repositories]. \n\n\u003e The BSR is not required to use `buf`. We've made the core [features] of the `buf` CLI available to _all_ Protobuf users.\n\n## More advanced CLI features\n\nWhile `buf`'s [core features][features] should cover most use cases, we've included some more advanced features to cover edge cases:\n\n* **Automatic file discovery**. Buf walks your file tree and builds your `.proto` files in accordance with your supplied [build configuration][build_config], which means that you no longer need to manually specify `--proto_paths`. You can still, however, specify `.proto` files manually through CLI flags in cases where file discovery needs to be disabled.\n* **Fine-grained rule configuration** for [linting][lint_rules] and [breaking changes][breaking_rules]. While we do have recommended defaults, you can always select the exact set of rules that your use case requires, with [40 lint rules][lint_rules] and [53 breaking change rules][breaking_rules] available.\n* **Configurable error formats** for CLI output. `buf` outputs information in `file:line:column:message` form by default for each lint error and breaking change it encounters, but you can also select JSON, MSVS, JUnit, and Github Actions output.\n* **Editor integration** driven by `buf`'s granular error output. We currently provide linting integrations for both [Vim and Visual Studio Code][ide] and [JetBrains IDEs][jetbrains] like IntelliJ and GoLand, but we plan to support other editors such as Emacs in the future.\n* **Universal Input targeting**. Buf enables you to perform actions like linting and breaking change detection not just against local `.proto` files but also against a broad range of other [Inputs], such as tarballs and ZIP files, remote Git repositories, and pre-built [image][images] files.\n* **Speed**. Buf's internal Protobuf [compiler] compiles your Protobuf sources using all available cores without compromising deterministic output, which is considerably faster than `protoc`. This allows for near-instantaneous feedback, which is of special importance for features like [editor integration][ide].\n\n## Next steps\n\nOnce you've installed `buf`, we recommend completing the [CLI tutorial][cli-tutorial], which provides a broad but hands-on overview of the core functionality of the CLI. The tour takes about 10 minutes to complete.\n\nAfter completing the tour, check out the remainder of the [docs] for your specific areas of interest.\n\n## Builds\n\nThe following is a breakdown of the binaries by CPU architecture and operating system available through our [releases]:\n\n|  | Linux | MacOS | Windows |\n| --- | --- | --- | --- |\n| x86 (64-bit) | ✅ | ✅ | ✅ |\n| ARM (64-bit) | ✅ | ✅ | ✅ |\n| ARMv7 (32-bit) | ✅ | ❌ | ❌ |\n| RISC-V (64-bit) | ✅ | ❌ | ❌ |\n| ppc64le | ✅ | ❌ | ❌ |\n| s390x | ✅ | ❌ | ❌ |\n\n## Community\n\nFor help and discussion around Protobuf, best practices, and more, join us on [Slack][badges_slack].\n\nFor updates on the Buf CLI, [follow this repo on GitHub][repo].\n\nFor feature requests, bugs, or technical questions, email us at [dev@buf.build][email_dev]. For general inquiries or inclusion in our upcoming feature betas, email us at [info@buf.build][email_info].\n\n[badges_slack]: https://buf.build/links/slack\n[bash]: https://www.gnu.org/software/bash\n[binary]: https://buf.build/docs/cli/installation/#source\n[breaking]: https://buf.build/docs/breaking/overview/\n[breaking_rules]: https://buf.build/docs/breaking/rules/\n[breaking_tutorial]: https://buf.build/docs/breaking/tutorial/\n[brew]: https://brew.sh\n[bsr]: https://buf.build/docs/bsr/\n[bsr_plugins]: https://buf.build/plugins\n[bsr_quickstart]: https://buf.build/docs/bsr/quickstart/\n[buf]: https://buf.build\n[build_config]: https://buf.build/docs/build/usage/#key-concepts\n[build_usage]: https://buf.build/docs/build/usage\n[cli-tutorial]: https://buf.build/docs/cli/quickstart/\n[compiler]: https://buf.build/docs/reference/internal-compiler/\n[docker]: https://buf.build/docs/cli/installation/#docker\n[docs]: https://buf.build/docs\n[email_dev]: mailto:dev@buf.build\n[email_info]: mailto:info@buf.build\n[features]: #features\n[fish]: https://fishshell.com\n[format_usage]: https://buf.build/docs/format/style/\n[generate_usage]: https://buf.build/docs/generate/tutorial/\n[ide]: https://buf.build/docs/cli/editor-integration/\n[idl]: https://en.wikipedia.org/wiki/Interface_description_language\n[images]: https://buf.build/docs/reference/images/\n[inputs]: https://buf.build/docs/reference/inputs/\n[install]: https://buf.build/docs/cli/installation/\n[jetbrains]: https://buf.build/docs/cli/editor-integration/#jetbrains-ides\n[lint]: https://buf.build/docs/lint/overview/\n[lint_rules]: https://buf.build/docs/lint/rules/\n[lint_usage]: https://buf.build/docs/lint/tutorial/\n[npm]: https://buf.build/docs/cli/installation/#npm\n[minisign]: https://github.com/jedisct1/minisign\n[powershell]: https://docs.microsoft.com/en-us/powershell\n[protobuf]: https://protobuf.dev\n[pushing]: https://buf.build/docs/bsr/module/publish/\n[releases]: https://buf.build/docs/cli/installation/#github\n[repo]: https://github.com/bufbuild/buf/\n[repositories]: https://buf.build/docs/concepts/repositories/\n[source]: https://buf.build/docs/cli/installation/#source\n[tarball]: https://buf.build/docs/cli/installation/#github\n[templates]: https://buf.build/docs/configuration/v2/buf-gen-yaml/\n[users]: https://buf.build/docs/admin/manage-members/\n[verifying]: https://buf.build/docs/cli/installation/#github\n[windows]: https://buf.build/docs/cli/installation/#windows\n[zsh]: https://zsh.org\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fbufbuild%2Fbuf","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fbufbuild%2Fbuf","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fbufbuild%2Fbuf/lists"}