{"id":13438750,"url":"https://github.com/cfengine/core","last_synced_at":"2026-03-13T02:31:05.660Z","repository":{"id":2564137,"uuid":"3543548","full_name":"cfengine/core","owner":"cfengine","description":"CFEngine Community","archived":false,"fork":false,"pushed_at":"2026-03-11T00:52:55.000Z","size":70859,"stargazers_count":522,"open_issues_count":5,"forks_count":197,"subscribers_count":52,"default_branch":"master","last_synced_at":"2026-03-11T03:07:09.475Z","etag":null,"topics":["automation","c","cfengine","configuration-management","infrastructure-as-code"],"latest_commit_sha":null,"homepage":"https://cfengine.com","language":"C","has_issues":false,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"other","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/cfengine.png","metadata":{"files":{"readme":"README.md","changelog":"CHANGELOG.md","contributing":"CONTRIBUTING.md","funding":null,"license":"LICENSE","code_of_conduct":"CODE_OF_CONDUCT.md","threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":"SECURITY.md","support":null,"governance":null,"roadmap":null,"authors":"AUTHORS","dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":null,"dco":null,"cla":null}},"created_at":"2012-02-25T09:19:05.000Z","updated_at":"2026-03-10T21:35:07.000Z","dependencies_parsed_at":"2023-02-18T11:48:36.770Z","dependency_job_id":"f15be609-f929-4edb-92f3-939a172d61c3","html_url":"https://github.com/cfengine/core","commit_stats":{"total_commits":14304,"total_committers":154,"mean_commits":92.88311688311688,"dds":0.8193512304250559,"last_synced_commit":"3376eac81445b8a341b559533a2df6a26649e0c0"},"previous_names":[],"tags_count":645,"template":false,"template_full_name":null,"purl":"pkg:github/cfengine/core","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/cfengine%2Fcore","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/cfengine%2Fcore/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/cfengine%2Fcore/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/cfengine%2Fcore/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/cfengine","download_url":"https://codeload.github.com/cfengine/core/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/cfengine%2Fcore/sbom","scorecard":{"id":271886,"data":{"date":"2025-08-11","repo":{"name":"github.com/cfengine/core","commit":"5376ae9fb1ce3d195e3fe33f97b009a69dbf7404"},"scorecard":{"version":"v5.2.1-40-gf6ed084d","commit":"f6ed084d17c9236477efd66e5b258b9d4cc7b389"},"score":7.5,"checks":[{"name":"Code-Review","score":10,"reason":"all changesets reviewed","details":null,"documentation":{"short":"Determines if the project requires human code review before pull requests (aka merge requests) are merged.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#code-review"}},{"name":"Dangerous-Workflow","score":10,"reason":"no dangerous workflow patterns detected","details":null,"documentation":{"short":"Determines if the project's GitHub Action workflows avoid dangerous patterns.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#dangerous-workflow"}},{"name":"Maintained","score":10,"reason":"30 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 10","details":null,"documentation":{"short":"Determines if the project is \"actively maintained\".","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#maintained"}},{"name":"Packaging","score":-1,"reason":"packaging workflow not detected","details":["Warn: no GitHub/GitLab publishing workflow detected."],"documentation":{"short":"Determines if the project is published as a package that others can easily download, install, easily update, and uninstall.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#packaging"}},{"name":"Security-Policy","score":9,"reason":"security policy file detected","details":["Info: security policy file detected: SECURITY.md:1","Info: Found linked content: SECURITY.md:1","Warn: One or no descriptive hints of disclosure, vulnerability, and/or timelines in security policy","Info: Found text in security policy: SECURITY.md:1"],"documentation":{"short":"Determines if the project has published a security policy.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#security-policy"}},{"name":"CII-Best-Practices","score":0,"reason":"no effort to earn an OpenSSF best practices badge detected","details":null,"documentation":{"short":"Determines if the project has an OpenSSF (formerly CII) Best Practices Badge.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#cii-best-practices"}},{"name":"Token-Permissions","score":0,"reason":"detected GitHub workflow tokens with excessive permissions","details":["Info: jobLevel 'actions' permission set to 'read': .github/workflows/codeql.yml:16","Info: jobLevel 'contents' permission set to 'read': .github/workflows/codeql.yml:17","Warn: no topLevel permission defined: .github/workflows/acceptance_tests.yml:1","Warn: no topLevel permission defined: .github/workflows/asan_unit_tests.yml:1","Warn: no topLevel permission defined: .github/workflows/ci.yml:1","Warn: no topLevel permission defined: .github/workflows/codeql.yml:1","Warn: no topLevel permission defined: .github/workflows/job-static-check.yml:1","Warn: no topLevel permission defined: .github/workflows/job-valgrind-check.yml:1","Warn: no topLevel permission defined: .github/workflows/macos_unit_tests.yml:1","Warn: no topLevel permission defined: .github/workflows/shellcheck.yml:1","Warn: no topLevel permission defined: .github/workflows/stale.yml:1","Warn: no topLevel permission defined: .github/workflows/unit_tests.yml:1","Warn: no topLevel permission defined: .github/workflows/valgrind.yml:1","Info: no jobLevel write permissions found"],"documentation":{"short":"Determines if the project's workflows follow the principle of least privilege.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#token-permissions"}},{"name":"License","score":9,"reason":"license file detected","details":["Info: project has a license file: LICENSE:0","Warn: project license file does not contain an FSF or OSI license."],"documentation":{"short":"Determines if the project has defined a license.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#license"}},{"name":"Signed-Releases","score":-1,"reason":"no releases found","details":null,"documentation":{"short":"Determines if the project cryptographically signs release artifacts.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#signed-releases"}},{"name":"Branch-Protection","score":-1,"reason":"internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration","details":null,"documentation":{"short":"Determines if the default and release branches are protected with GitHub's branch protection settings.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#branch-protection"}},{"name":"Fuzzing","score":10,"reason":"project is fuzzed","details":["Info: OSSFuzz integration found"],"documentation":{"short":"Determines if the project uses fuzzing.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#fuzzing"}},{"name":"Binary-Artifacts","score":8,"reason":"binaries present in source code","details":["Warn: binary detected: 3rdparty/peg-0.1.15/leg:1","Warn: binary detected: 3rdparty/peg-0.1.15/peg:1"],"documentation":{"short":"Determines if the project has generated executable (binary) artifacts in the source repository.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#binary-artifacts"}},{"name":"Vulnerabilities","score":9,"reason":"1 existing vulnerabilities detected","details":["Warn: Project is vulnerable to: CVE-2020-25821"],"documentation":{"short":"Determines if the project has open, known unfixed vulnerabilities.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#vulnerabilities"}},{"name":"Pinned-Dependencies","score":0,"reason":"dependency not pinned by hash detected -- score normalized to 0","details":["Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/acceptance_tests.yml:10: update your workflow using https://app.stepsecurity.io/secureworkflow/cfengine/core/acceptance_tests.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/asan_unit_tests.yml:10: update your workflow using https://app.stepsecurity.io/secureworkflow/cfengine/core/asan_unit_tests.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/codeql.yml:27: update your workflow using https://app.stepsecurity.io/secureworkflow/cfengine/core/codeql.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/codeql.yml:32: update your workflow using https://app.stepsecurity.io/secureworkflow/cfengine/core/codeql.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/codeql.yml:40: update your workflow using https://app.stepsecurity.io/secureworkflow/cfengine/core/codeql.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/codeql.yml:51: update your workflow using https://app.stepsecurity.io/secureworkflow/cfengine/core/codeql.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/job-static-check.yml:10: update your workflow using https://app.stepsecurity.io/secureworkflow/cfengine/core/job-static-check.yml/master?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/job-static-check.yml:16: update your workflow using https://app.stepsecurity.io/secureworkflow/cfengine/core/job-static-check.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/job-valgrind-check.yml:11: update your workflow using https://app.stepsecurity.io/secureworkflow/cfengine/core/job-valgrind-check.yml/master?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/job-valgrind-check.yml:17: update your workflow using https://app.stepsecurity.io/secureworkflow/cfengine/core/job-valgrind-check.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/job-valgrind-check.yml:23: update your workflow using https://app.stepsecurity.io/secureworkflow/cfengine/core/job-valgrind-check.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/macos_unit_tests.yml:10: update your workflow using https://app.stepsecurity.io/secureworkflow/cfengine/core/macos_unit_tests.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/shellcheck.yml:11: update your workflow using https://app.stepsecurity.io/secureworkflow/cfengine/core/shellcheck.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/stale.yml:18: update your workflow using https://app.stepsecurity.io/secureworkflow/cfengine/core/stale.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/unit_tests.yml:11: update your workflow using https://app.stepsecurity.io/secureworkflow/cfengine/core/unit_tests.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/valgrind.yml:13: update your workflow using https://app.stepsecurity.io/secureworkflow/cfengine/core/valgrind.yml/master?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/valgrind.yml:18: update your workflow using https://app.stepsecurity.io/secureworkflow/cfengine/core/valgrind.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/valgrind.yml:23: update your workflow using https://app.stepsecurity.io/secureworkflow/cfengine/core/valgrind.yml/master?enable=pin","Warn: containerImage not pinned by hash: contrib/container-chroot-agent/Dockerfile-cfengine-chroot-agent:1: pin your Docker image by updating debian:11 to debian:11@sha256:8ec25a9073e8cc89a184a6256e219828196d75203375a8ad4f0977f3011f2115","Info:   0 out of  15 GitHub-owned GitHubAction dependencies pinned","Info:   0 out of   3 third-party GitHubAction dependencies pinned","Info:   0 out of   1 containerImage dependencies pinned"],"documentation":{"short":"Determines if the project has declared and pinned the dependencies of its build process.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#pinned-dependencies"}},{"name":"SAST","score":10,"reason":"SAST tool is run on all commits","details":["Info: SAST configuration detected: CodeQL","Info: all commits (30) are checked with a SAST tool"],"documentation":{"short":"Determines if the project uses static code analysis.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#sast"}}]},"last_synced_at":"2025-08-17T13:36:22.479Z","repository_id":2564137,"created_at":"2025-08-17T13:36:22.479Z","updated_at":"2025-08-17T13:36:22.479Z"},"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":30455771,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-03-13T02:22:12.178Z","status":"ssl_error","status_checked_at":"2026-03-13T02:06:49.475Z","response_time":60,"last_error":"SSL_connect returned=1 errno=0 peeraddr=140.82.121.5:443 state=error: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["automation","c","cfengine","configuration-management","infrastructure-as-code"],"created_at":"2024-07-31T03:01:08.115Z","updated_at":"2026-03-13T02:31:05.640Z","avatar_url":"https://github.com/cfengine.png","language":"C","readme":"[![Gitter chat](https://badges.gitter.im/cfengine/core.png)](https://gitter.im/cfengine/core)\n\n# CFEngine 3\n\nCFEngine 3 is a popular open source configuration management system. Its primary\nfunction is to provide automated configuration and maintenance of large-scale\ncomputer systems.\n\n## Source code repositories\n\nCFEngine is comprised of several source code repositories.\nAs you might be looking for another part of the open source code base, here is a list to ease navigation:\n\n* [core](https://github.com/cfengine/core) (This repo) - The C source code for core components, like cf-agent and cf-serverd.\n  * [libntech](https://github.com/NorthernTechHQ/libntech) (submodule in core) - Library of reusable C code, such as data structures, string manipulation, JSON parsing, file handling, etc.\n  * [core/contrib](https://github.com/cfengine/core/tree/master/contrib) (subdirectory in core) - User-contributed tools and scripts\n* [masterfiles](https://github.com/cfengine/masterfiles) - The Masterfiles Policy Framework (MPF) contains the default policy (.cf) files\n* [documentation](https://github.com/cfengine/documentation) - Documentation on how CFEngine components work, the policy language, the enterprise features, etc.\n* [cf-remote](https://github.com/cfengine/cf-remote) - Tooling to make deploying / testing CFEngine across many remote instances easy\n* [buildscripts](https://github.com/cfengine/buildscripts) - Scripts and files needed to build installer packages across a wide variety of supported platforms\n\n(Each repo also contains some supporting code/files, such as tests, scripts, documentation, etc.).\n\n## Installation\n\nPre-built installers are available from our website:\n\n* [Download CFEngine Enterprise Installers](https://cfengine.com/product/cfengine-enterprise-free-25/)\n* [Download CFEngine Community Installers](https://cfengine.com/product/community/)\n\nTo install from source please see\nthe [INSTALL](https://github.com/cfengine/core/blob/master/INSTALL) file for\nprerequisites and build instructions.\n\n## License\n\nAs per the [LICENSE](https://github.com/cfengine/core/blob/master/LICENSE) file,\nCFEngine Community is licensed under the GNU General Public License, version 3.\n\nAll the files in this repository are licensed under GNU GPL version 3, unless\nstated otherwise in the copyright notice inside the particular file.\n\n## Example Usage\n\nIn order to use the built cf-agent in the source tree you must add a `$HOME/.cfagent/bin/cf-promises` file:\n\n```bash\n$ pwd\n\u003csomething\u003e/core\n$ echo \"cd $(pwd); cf-promises/cf-promises \\\"\\$@\\\"\" \u003e ~/.cfagent/bin/cf-promises\n```\n\n### Hello World\n\nThe following code demonstrates simple CFEngine output through a reports promise.\n\n```cfengine3\nbundle agent main\n{\n  reports:\n    \"Hello, world\";\n}\n```\n\nThe following policy code may be executed with cf-agent (the main CFEngine binary) as follows.\n\n```bash\n$ cf-agent/cf-agent ./hello.cf\nR: Hello, world\n```\n\n## Debugging\n\nAs this project uses autotools you must use libtool to run gdb/lldb/debuggers:\n\n```bash\n./libtool --mode=execute \u003cgdb|lldb|yourdebugger\u003e ./cf-agent/cf-agent\n```\n\n## Contributing\n\nPlease see the [CONTRIBUTING.md](https://github.com/cfengine/core/blob/master/CONTRIBUTING.md) file.\n\n## Relationship to CFEngine 2\n\nCFEngine 3 is *not* a drop-in upgrade for CFEngine 2 installations.  It is a\nsignificantly more powerful version, but it is incompatible with the CFEngine 2\npolicy language.\n\nThe server part of CFEngine 3 supports the network protocol of CFEngine 2, so you may\nupgrade your installation gradually.\n\n# Authors\n\nCFEngine was originally created by Mark Burgess with many contributions from\naround the world. Thanks [everyone](https://github.com/cfengine/core/blob/master/AUTHORS)!\n\n[CFEngine](https://cfengine.com) is sponsored by [Northern.tech AS](https://northern.tech)\n","funding_links":[],"categories":["C"],"sub_categories":[],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fcfengine%2Fcore","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fcfengine%2Fcore","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fcfengine%2Fcore/lists"}