{"id":19040683,"url":"https://github.com/cloudfoundry/app-autoscaler-release","last_synced_at":"2026-01-28T09:19:34.554Z","repository":{"id":37405578,"uuid":"71506214","full_name":"cloudfoundry/app-autoscaler-release","owner":"cloudfoundry","description":"Automated scaling for apps running on Cloud Foundry","archived":false,"fork":false,"pushed_at":"2026-01-26T12:38:45.000Z","size":117205,"stargazers_count":29,"open_issues_count":27,"forks_count":53,"subscribers_count":14,"default_branch":"main","last_synced_at":"2026-01-27T01:55:23.867Z","etag":null,"topics":["cff-wg-app-runtime-interfaces","cloud-foundry"],"latest_commit_sha":null,"homepage":"","language":"Shell","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/cloudfoundry.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":"NOTICE","maintainers":null,"copyright":null,"agents":null,"dco":null,"cla":null}},"created_at":"2016-10-20T21:34:05.000Z","updated_at":"2026-01-26T12:38:49.000Z","dependencies_parsed_at":"2023-02-16T21:30:53.802Z","dependency_job_id":"54ecf516-fe3a-4247-a18b-e77b7a952fbd","html_url":"https://github.com/cloudfoundry/app-autoscaler-release","commit_stats":{"total_commits":5817,"total_committers":72,"mean_commits":80.79166666666667,"dds":0.8095238095238095,"last_synced_commit":"69903805f09ed812b9ffc3c4344534539ea23c7f"},"previous_names":[],"tags_count":133,"template":false,"template_full_name":null,"purl":"pkg:github/cloudfoundry/app-autoscaler-release","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/cloudfoundry%2Fapp-autoscaler-release","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/cloudfoundry%2Fapp-autoscaler-release/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/cloudfoundry%2Fapp-autoscaler-release/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/cloudfoundry%2Fapp-autoscaler-release/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/cloudfoundry","download_url":"https://codeload.github.com/cloudfoundry/app-autoscaler-release/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/cloudfoundry%2Fapp-autoscaler-release/sbom","scorecard":{"id":97490,"data":{"date":"2025-02-27T06:49:37Z","repo":{"name":"github.com/cloudfoundry/app-autoscaler-release","commit":"e40c42c12d5948d030b89f332d748de29b8b4fab"},"scorecard":{"version":"v5.1.1","commit":"cd152cb6742c5b8f2f3d2b5193b41d9c50905198"},"score":6.3,"checks":[{"name":"Code-Review","score":10,"reason":"all changesets reviewed","details":null,"documentation":{"short":"Determines if the project requires human code review before pull requests (aka merge requests) are merged.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#code-review"}},{"name":"Maintained","score":10,"reason":"30 commit(s) and 3 issue activity found in the last 90 days -- score normalized to 10","details":null,"documentation":{"short":"Determines if the project is \"actively maintained\".","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#maintained"}},{"name":"Dangerous-Workflow","score":0,"reason":"dangerous workflow patterns detected","details":["Warn: script injection with untrusted input ' github.head_ref ': .github/workflows/dependency-updates-post-processing.yaml:33","Warn: script injection with untrusted input ' github.head_ref ': .github/workflows/dependency-updates-post-processing.yaml:62"],"documentation":{"short":"Determines if the project's GitHub Action workflows avoid dangerous patterns.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#dangerous-workflow"}},{"name":"Binary-Artifacts","score":10,"reason":"no binaries found in the repo","details":null,"documentation":{"short":"Determines if the project has generated executable (binary) artifacts in the source repository.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#binary-artifacts"}},{"name":"Token-Permissions","score":0,"reason":"detected GitHub workflow tokens with excessive permissions","details":["Info: jobLevel 'actions' permission set to 'read': .github/workflows/codeql-analysis.yml:35","Info: jobLevel 'contents' permission set to 'read': .github/workflows/codeql-analysis.yml:36","Warn: jobLevel 'contents' permission set to 'write': .github/workflows/dependency-updates-post-processing.yaml:16","Info: jobLevel 'contents' permission set to 'read': .github/workflows/image.yaml:23","Warn: jobLevel 'contents' permission set to 'write': .github/workflows/update-all-golang-dependencies.yaml:15","Warn: no topLevel permission defined: .github/workflows/acceptance_tests_broker.yaml:1","Warn: no topLevel permission defined: .github/workflows/acceptance_tests_broker_close.yaml:1","Warn: no topLevel permission defined: .github/workflows/acceptance_tests_mta.yaml:1","Warn: no topLevel permission defined: .github/workflows/acceptance_tests_mta_close.yaml:1","Warn: no topLevel permission defined: .github/workflows/acceptance_tests_reusable.yaml:1","Warn: no topLevel permission defined: .github/workflows/bosh-release-checks.yaml:1","Warn: no topLevel permission defined: .github/workflows/bosh-templates.yaml:1","Warn: no topLevel permission defined: .github/workflows/codeql-analysis.yml:1","Warn: no topLevel permission defined: .github/workflows/dependency-updates-post-processing.yaml:1","Warn: no topLevel permission defined: .github/workflows/image.yaml:1","Warn: no topLevel permission defined: .github/workflows/java-ci-lint.yaml:1","Warn: no topLevel permission defined: .github/workflows/linters.yaml:1","Warn: no topLevel permission defined: .github/workflows/manifest.yaml:1","Warn: no topLevel permission defined: .github/workflows/mysql.yaml:1","Warn: no topLevel permission defined: .github/workflows/openapi-specs-check.yaml:1","Warn: no topLevel permission defined: .github/workflows/postgres.yaml:1","Info: topLevel 'contents' permission set to 'read': .github/workflows/renovate_config_validation.yaml:3","Info: topLevel permissions set to 'read-all': .github/workflows/scorecard.yml:16","Warn: no topLevel permission defined: .github/workflows/tidy-go-mod.yaml:1","Warn: no topLevel permission defined: .github/workflows/update-all-golang-dependencies.yaml:1"],"documentation":{"short":"Determines if the project's workflows follow the principle of least privilege.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#token-permissions"}},{"name":"Dependency-Update-Tool","score":10,"reason":"update tool detected","details":["Info: detected update tool: RenovateBot: renovate.json:1"],"documentation":{"short":"Determines if the project uses a dependency update tool.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#dependency-update-tool"}},{"name":"Pinned-Dependencies","score":8,"reason":"dependency not pinned by hash detected -- score normalized to 8","details":["Info: Possibly incomplete results: error parsing shell code: a command can only contain words and redirects; encountered (: jobs/eventgenerator/templates/bpm-pre-start.erb:0","Info: Possibly incomplete results: error parsing shell code: a command can only contain words and redirects; encountered (: jobs/eventgenerator/templates/eventgenerator_ctl:0","Info: Possibly incomplete results: error parsing shell code: a command can only contain words and redirects; encountered (: jobs/golangapiserver/templates/bpm-pre-start.erb:0","Info: Possibly incomplete results: error parsing shell code: a command can only contain words and redirects; encountered (: jobs/operator/templates/bpm-pre-start.erb:0","Info: Possibly incomplete results: error parsing shell code: a command can only contain words and redirects; encountered (: jobs/scalingengine/templates/bpm-pre-start.erb:0","Info: Possibly incomplete results: error parsing shell code: a command can only contain words and redirects; encountered (: jobs/scheduler/templates/bpm-pre-start.erb:0","Warn: third-party GitHubAction not pinned by hash: .github/workflows/bosh-release-checks.yaml:65: update your workflow using https://app.stepsecurity.io/secureworkflow/cloudfoundry/app-autoscaler-release/bosh-release-checks.yaml/main?enable=pin","Warn: downloadThenRun not pinned by hash: ci/dockerfiles/autoscaler-tools/Dockerfile:138-143","Warn: downloadThenRun not pinned by hash: ci/dockerfiles/autoscaler-tools/Dockerfile:138-143","Warn: npmCommand not pinned by hash: ci/dockerfiles/autoscaler-tools/Dockerfile:146","Info:  24 out of  24 GitHub-owned GitHubAction dependencies pinned","Info:  17 out of  18 third-party GitHubAction dependencies pinned","Info:   0 out of   2 downloadThenRun dependencies pinned","Info:   0 out of   1 npmCommand dependencies pinned","Info:   2 out of   2 containerImage dependencies pinned"],"documentation":{"short":"Determines if the project has declared and pinned the dependencies of its build process.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#pinned-dependencies"}},{"name":"License","score":10,"reason":"license file detected","details":["Info: project has a license file: LICENSE:0","Info: FSF or OSI recognized license: Apache License 2.0: LICENSE:0"],"documentation":{"short":"Determines if the project has defined a license.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#license"}},{"name":"CII-Best-Practices","score":0,"reason":"no effort to earn an OpenSSF best practices badge detected","details":null,"documentation":{"short":"Determines if the project has an OpenSSF (formerly CII) Best Practices Badge.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#cii-best-practices"}},{"name":"Signed-Releases","score":0,"reason":"Project has not signed or included provenance with any releases.","details":["Warn: release artifact v15.0.3 not signed: https://api.github.com/repos/cloudfoundry/app-autoscaler-release/releases/200729525","Warn: release artifact v15.0.2 not signed: https://api.github.com/repos/cloudfoundry/app-autoscaler-release/releases/199063457","Warn: release artifact v15.0.1 not signed: https://api.github.com/repos/cloudfoundry/app-autoscaler-release/releases/197732107","Warn: release artifact v15.0.0 not signed: https://api.github.com/repos/cloudfoundry/app-autoscaler-release/releases/195096379","Warn: release artifact v14.7.0 not signed: https://api.github.com/repos/cloudfoundry/app-autoscaler-release/releases/192660479","Warn: release artifact v15.0.3 does not have provenance: https://api.github.com/repos/cloudfoundry/app-autoscaler-release/releases/200729525","Warn: release artifact v15.0.2 does not have provenance: https://api.github.com/repos/cloudfoundry/app-autoscaler-release/releases/199063457","Warn: release artifact v15.0.1 does not have provenance: https://api.github.com/repos/cloudfoundry/app-autoscaler-release/releases/197732107","Warn: release artifact v15.0.0 does not have provenance: https://api.github.com/repos/cloudfoundry/app-autoscaler-release/releases/195096379","Warn: release artifact v14.7.0 does not have provenance: https://api.github.com/repos/cloudfoundry/app-autoscaler-release/releases/192660479"],"documentation":{"short":"Determines if the project cryptographically signs release artifacts.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#signed-releases"}},{"name":"Packaging","score":10,"reason":"packaging workflow detected","details":["Info: Project packages its releases by way of GitHub Actions.: .github/workflows/image.yaml:19"],"documentation":{"short":"Determines if the project is published as a package that others can easily download, install, easily update, and uninstall.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#packaging"}},{"name":"Fuzzing","score":0,"reason":"project is not fuzzed","details":["Warn: no fuzzer integrations found"],"documentation":{"short":"Determines if the project uses fuzzing.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#fuzzing"}},{"name":"SAST","score":10,"reason":"SAST tool detected","details":["Info: SAST configuration detected: CodeQL","Info: SAST configuration detected: Sonar","Info: all commits (30) are checked with a SAST tool"],"documentation":{"short":"Determines if the project uses static code analysis.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#sast"}},{"name":"Security-Policy","score":10,"reason":"security policy file detected","details":["Info: security policy file detected: github.com/cloudfoundry/.github/SECURITY.md:1","Info: Found linked content: github.com/cloudfoundry/.github/SECURITY.md:1","Info: Found disclosure, vulnerability, and/or timelines in security policy: github.com/cloudfoundry/.github/SECURITY.md:1","Info: Found text in security policy: github.com/cloudfoundry/.github/SECURITY.md:1"],"documentation":{"short":"Determines if the project has published a security policy.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#security-policy"}},{"name":"Branch-Protection","score":-1,"reason":"internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by personal access token","details":null,"documentation":{"short":"Determines if the default and release branches are protected with GitHub's branch protection settings.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#branch-protection"}},{"name":"Vulnerabilities","score":6,"reason":"4 existing vulnerabilities detected","details":["Warn: Project is vulnerable to: GHSA-2rxp-v6pw-ch6m","Warn: Project is vulnerable to: GHSA-7g2v-jj9q-g3rg","Warn: Project is vulnerable to: GO-2025-3487","Warn: Project is vulnerable to: GO-2025-3488"],"documentation":{"short":"Determines if the project has open, known unfixed vulnerabilities.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#vulnerabilities"}},{"name":"CI-Tests","score":10,"reason":"30 out of 30 merged PRs checked by a CI test -- score normalized to 10","details":null,"documentation":{"short":"Determines if the project runs tests before pull requests are merged.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#ci-tests"}},{"name":"Contributors","score":10,"reason":"project has 13 contributing companies or organizations","details":["Info: found contributions from: SAP, cfibmers, cloudfoundry, cloudfoundry-community, fujitsu-cf, ibm, jenkins-x, kware ltd, microsoft china, oracle cloud, sap, sap-cloudfoundry, vmware-tanzu"],"documentation":{"short":"Determines if the project has a set of contributors from multiple organizations (e.g., companies).","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#contributors"}}]},"last_synced_at":"2025-08-15T09:22:44.018Z","repository_id":37405578,"created_at":"2025-08-15T09:22:44.018Z","updated_at":"2025-08-15T09:22:44.018Z"},"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":28843519,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-01-28T07:39:25.367Z","status":"ssl_error","status_checked_at":"2026-01-28T07:39:24.487Z","response_time":57,"last_error":"SSL_connect returned=1 errno=0 peeraddr=140.82.121.5:443 state=error: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["cff-wg-app-runtime-interfaces","cloud-foundry"],"created_at":"2024-11-08T22:24:29.765Z","updated_at":"2026-01-28T09:19:34.531Z","avatar_url":"https://github.com/cloudfoundry.png","language":"Shell","funding_links":[],"categories":[],"sub_categories":[],"readme":"# Application Autoscaler\n\nThe Application Autoscaler provides the capability to adjust the computation resources for Cloud Foundry applications\nthrough\n\n* dynamic scaling based on application performance metrics\n* dynamic scaling based on custom metrics\n* scheduled scaling based on time\n\n## Local Development\n\n### Prerequisites\n\n* [Docker](https://www.docker.com/products/docker-desktop/) to spin up the required databases\n* [devbox](https://github.com/jetify-com/devbox) to start a shell with all required tools (see [devbox.json](/devbox.json))\n* A clone of [cloudfoundry/app-autoscaler-env-bbl-state](https://github.com/cloudfoundry/app-autoscaler-env-bbl-state) next to the clone of this repo in order to access dev-systems\n* [direnv](https://direnv.net/) to automatically spin up the devbox shell before running the make targets (see [.envrc](/.envrc))\n\n### Make Targets\n\n| Target                                                                   | Description                                                                            |\n|--------------------------------------------------------------------------|----------------------------------------------------------------------------------------|\n| `make generate-fakes`                                                    | generate mocks                                                                         |\n| `make test`                                                              | run unit-tests against PostgreSQL                                                      |\n| `make clean \u0026\u0026 make test POSTGRES_TAG=x.y`                   | run unit-tests against specific PostgreSQL version                                     |\n| `make test db_type=mysql`                                                | run unit-tests against MySQL                                                           |\n| `make clean \u0026\u0026 make test db_type=mysql MYSQL_TAG=x.y`        | run unit-tests against specific MySQL version                                          |\n| `make integration`                                                       | run integration-tests against PostgreSQL                                               |\n| `make clean \u0026\u0026 make integration POSTGRES_TAG=x.y`            | run integration-tests against specific PostgreSQL version                              |\n| `make integration db_type=mysql`                                         | run integration-tests against MySQL                                                    |\n| `make clean \u0026\u0026 make integration db_type=mysql MYSQL_TAG=x.y` | run integration-tests against specific MySQL version                                   |\n| `make acceptance-tests`                                                  | run acceptance-tests, see [AutoScaler UAT guide](src/acceptance/README.md) for details |\n| `make lint`                                                              | check code style                                                                       |\n| `OPTS=--fix RUBOCOP_OPTS=-A make lint`                                   | check code style and apply auto-fixes                                                  |\n| `make build`                                                             | compile project                                                                        |\n| `make deploy-autoscaler`                                                 | deploy Application Autoscaler and register the service broker in CF                    |\n| `make clean`                                                             | remove build artifacts                                                                 |\n\n## Use Application Autoscaler Service\n\nRefer to [user guide](docs/Readme.md) for the details of how to use the Auto-Scaler service, including policy\ndefinition, supported metrics, public API specification and command line tool.\n\n## Monitor Microservices\n\nThe app-autoscaler provides a number of health endpoints that are available externally that can be used to check the\nstate of each component. Each health endpoint is protected with basic auth (apart from the api server), the usernames\nare listed in the table below, but the passwords are available in credhub.\n\n| Component        | Health URL                                                   | Username         | Password Key                                 |\n|------------------|--------------------------------------------------------------|------------------|----------------------------------------------|\n| eventgenerator   | https://autoscaler-eventgenerator.((system_domain))/health   | eventgenerator   | /autoscaler_eventgenerator_health_password   |\n| metricsforwarder | https://autoscaler-metricsforwarder.((system_domain))/health | metricsforwarder | /autoscaler_metricsforwarder_health_password |\n| scalingengine    | https://autoscaler-scalingengine.((system_domain))/health    | scalingengine    | /autoscaler_scalingengine_health_password    |\n| operator         | https://autoscaler-operator.((system_domain))/health         | operator         | /autoscaler_operator_health_password         |\n| scheduler        | https://autoscaler-scheduler.((system_domain))/health        | scheduler        | /autoscaler_scheduler_health_password        |\n\nThese endpoints can be disabled by using the ops\nfile [`example/operations/disable-basicauth-on-health-endpoints.yml`](operations/disable-basicauth-on-health-endpoints.yml)\n\n## License\n\nThis project is released under version 2.0 of the [Apache License](LICENSE).\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fcloudfoundry%2Fapp-autoscaler-release","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fcloudfoundry%2Fapp-autoscaler-release","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fcloudfoundry%2Fapp-autoscaler-release/lists"}