{"id":19040599,"url":"https://github.com/cloudfoundry/buildpacks-ci","last_synced_at":"2026-01-25T09:34:12.066Z","repository":{"id":30984895,"uuid":"34543204","full_name":"cloudfoundry/buildpacks-ci","owner":"cloudfoundry","description":"Concourse CI pipelines for the buildpacks team","archived":false,"fork":false,"pushed_at":"2026-01-22T15:44:17.000Z","size":16244,"stargazers_count":41,"open_issues_count":15,"forks_count":41,"subscribers_count":36,"default_branch":"master","last_synced_at":"2026-01-23T07:27:50.099Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":"https://buildpacks.ci.cf-app.com","language":"HTML","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/cloudfoundry.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":"NOTICE","maintainers":null,"copyright":null,"agents":null,"dco":null,"cla":null}},"created_at":"2015-04-24T21:39:10.000Z","updated_at":"2026-01-21T11:23:09.000Z","dependencies_parsed_at":"2023-10-03T02:12:07.362Z","dependency_job_id":"73cfaa42-794a-43c1-ad31-465df9eec117","html_url":"https://github.com/cloudfoundry/buildpacks-ci","commit_stats":{"total_commits":5541,"total_committers":104,"mean_commits":53.27884615384615,"dds":0.8900920411478073,"last_synced_commit":"a730fae0756c90f45b8e8352eedda5d6cf8a51ae"},"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"purl":"pkg:github/cloudfoundry/buildpacks-ci","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/cloudfoundry%2Fbuildpacks-ci","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/cloudfoundry%2Fbuildpacks-ci/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/cloudfoundry%2Fbuildpacks-ci/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/cloudfoundry%2Fbuildpacks-ci/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/cloudfoundry","download_url":"https://codeload.github.com/cloudfoundry/buildpacks-ci/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/cloudfoundry%2Fbuildpacks-ci/sbom","scorecard":{"id":292730,"data":{"date":"2025-08-11","repo":{"name":"github.com/cloudfoundry/buildpacks-ci","commit":"8d2fbbd8386f254bce6b1f0f17a48651595f9cb5"},"scorecard":{"version":"v5.2.1-40-gf6ed084d","commit":"f6ed084d17c9236477efd66e5b258b9d4cc7b389"},"score":4.9,"checks":[{"name":"Code-Review","score":4,"reason":"Found 12/30 approved changesets -- score normalized to 4","details":null,"documentation":{"short":"Determines if the project requires human code review before pull requests (aka merge requests) are merged.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#code-review"}},{"name":"Maintained","score":7,"reason":"9 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 7","details":null,"documentation":{"short":"Determines if the project is \"actively maintained\".","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#maintained"}},{"name":"Dangerous-Workflow","score":10,"reason":"no dangerous workflow patterns detected","details":null,"documentation":{"short":"Determines if the project's GitHub Action workflows avoid dangerous patterns.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#dangerous-workflow"}},{"name":"Token-Permissions","score":0,"reason":"detected GitHub workflow tokens with excessive permissions","details":["Warn: no topLevel permission defined: .github/workflows/build-buildpacks-ci-image.yml:1","Warn: no topLevel permission defined: .github/workflows/build-cflinuxfs3-dev-image.yml:1","Warn: no topLevel permission defined: .github/workflows/build-test-on-jammy-image.yml:1","Warn: no topLevel permission defined: .github/workflows/get-all-php-releases.yml:1","Warn: no topLevel permission defined: .github/workflows/get-specific-php-version-releases.yml:1","Info: no jobLevel write permissions found"],"documentation":{"short":"Determines if the project's workflows follow the principle of least privilege.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#token-permissions"}},{"name":"CII-Best-Practices","score":0,"reason":"no effort to earn an OpenSSF best practices badge detected","details":null,"documentation":{"short":"Determines if the project has an OpenSSF (formerly CII) Best Practices Badge.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#cii-best-practices"}},{"name":"Fuzzing","score":0,"reason":"project is not fuzzed","details":["Warn: no fuzzer integrations found"],"documentation":{"short":"Determines if the project uses fuzzing.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#fuzzing"}},{"name":"Binary-Artifacts","score":10,"reason":"no binaries found in the repo","details":null,"documentation":{"short":"Determines if the project has generated executable (binary) artifacts in the source repository.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#binary-artifacts"}},{"name":"License","score":10,"reason":"license file detected","details":["Info: project has a license file: LICENSE:0","Info: FSF or OSI recognized license: Apache License 2.0: LICENSE:0"],"documentation":{"short":"Determines if the project has defined a license.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#license"}},{"name":"Signed-Releases","score":-1,"reason":"no releases found","details":null,"documentation":{"short":"Determines if the project cryptographically signs release artifacts.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#signed-releases"}},{"name":"Branch-Protection","score":-1,"reason":"internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration","details":null,"documentation":{"short":"Determines if the default and release branches are protected with GitHub's branch protection settings.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#branch-protection"}},{"name":"Security-Policy","score":10,"reason":"security policy file detected","details":["Info: security policy file detected: github.com/cloudfoundry/.github/SECURITY.md:1","Info: Found linked content: github.com/cloudfoundry/.github/SECURITY.md:1","Info: Found disclosure, vulnerability, and/or timelines in security policy: github.com/cloudfoundry/.github/SECURITY.md:1","Info: Found text in security policy: github.com/cloudfoundry/.github/SECURITY.md:1"],"documentation":{"short":"Determines if the project has published a security policy.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#security-policy"}},{"name":"Packaging","score":10,"reason":"packaging workflow detected","details":["Info: Project packages its releases by way of GitHub Actions.: .github/workflows/build-buildpacks-ci-image.yml:12"],"documentation":{"short":"Determines if the project is published as a package that others can easily download, install, easily update, and uninstall.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#packaging"}},{"name":"SAST","score":0,"reason":"SAST tool is not run on all commits -- score normalized to 0","details":["Warn: 0 commits out of 30 are checked with a SAST tool"],"documentation":{"short":"Determines if the project uses static code analysis.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#sast"}},{"name":"Pinned-Dependencies","score":0,"reason":"dependency not pinned by hash detected -- score normalized to 0","details":["Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build-buildpacks-ci-image.yml:15: update your workflow using https://app.stepsecurity.io/secureworkflow/cloudfoundry/buildpacks-ci/build-buildpacks-ci-image.yml/master?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/build-buildpacks-ci-image.yml:18: update your workflow using https://app.stepsecurity.io/secureworkflow/cloudfoundry/buildpacks-ci/build-buildpacks-ci-image.yml/master?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/build-buildpacks-ci-image.yml:21: update your workflow using https://app.stepsecurity.io/secureworkflow/cloudfoundry/buildpacks-ci/build-buildpacks-ci-image.yml/master?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/build-buildpacks-ci-image.yml:24: update your workflow using https://app.stepsecurity.io/secureworkflow/cloudfoundry/buildpacks-ci/build-buildpacks-ci-image.yml/master?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/build-buildpacks-ci-image.yml:34: update your workflow using https://app.stepsecurity.io/secureworkflow/cloudfoundry/buildpacks-ci/build-buildpacks-ci-image.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build-cflinuxfs3-dev-image.yml:15: update your workflow using https://app.stepsecurity.io/secureworkflow/cloudfoundry/buildpacks-ci/build-cflinuxfs3-dev-image.yml/master?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/build-cflinuxfs3-dev-image.yml:18: update your workflow using https://app.stepsecurity.io/secureworkflow/cloudfoundry/buildpacks-ci/build-cflinuxfs3-dev-image.yml/master?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/build-cflinuxfs3-dev-image.yml:21: update your workflow using https://app.stepsecurity.io/secureworkflow/cloudfoundry/buildpacks-ci/build-cflinuxfs3-dev-image.yml/master?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/build-cflinuxfs3-dev-image.yml:24: update your workflow using https://app.stepsecurity.io/secureworkflow/cloudfoundry/buildpacks-ci/build-cflinuxfs3-dev-image.yml/master?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/build-cflinuxfs3-dev-image.yml:30: update your workflow using https://app.stepsecurity.io/secureworkflow/cloudfoundry/buildpacks-ci/build-cflinuxfs3-dev-image.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build-test-on-jammy-image.yml:15: update your workflow using https://app.stepsecurity.io/secureworkflow/cloudfoundry/buildpacks-ci/build-test-on-jammy-image.yml/master?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/build-test-on-jammy-image.yml:18: update your workflow using https://app.stepsecurity.io/secureworkflow/cloudfoundry/buildpacks-ci/build-test-on-jammy-image.yml/master?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/build-test-on-jammy-image.yml:21: update your workflow using https://app.stepsecurity.io/secureworkflow/cloudfoundry/buildpacks-ci/build-test-on-jammy-image.yml/master?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/build-test-on-jammy-image.yml:24: update your workflow using https://app.stepsecurity.io/secureworkflow/cloudfoundry/buildpacks-ci/build-test-on-jammy-image.yml/master?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/build-test-on-jammy-image.yml:34: update your workflow using https://app.stepsecurity.io/secureworkflow/cloudfoundry/buildpacks-ci/build-test-on-jammy-image.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/get-all-php-releases.yml:12: update your workflow using https://app.stepsecurity.io/secureworkflow/cloudfoundry/buildpacks-ci/get-all-php-releases.yml/master?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/get-all-php-releases.yml:20: update your workflow using https://app.stepsecurity.io/secureworkflow/cloudfoundry/buildpacks-ci/get-all-php-releases.yml/master?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/get-all-php-releases.yml:29: update your workflow using https://app.stepsecurity.io/secureworkflow/cloudfoundry/buildpacks-ci/get-all-php-releases.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/get-specific-php-version-releases.yml:17: update your workflow using https://app.stepsecurity.io/secureworkflow/cloudfoundry/buildpacks-ci/get-specific-php-version-releases.yml/master?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/get-specific-php-version-releases.yml:30: update your workflow using https://app.stepsecurity.io/secureworkflow/cloudfoundry/buildpacks-ci/get-specific-php-version-releases.yml/master?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/get-specific-php-version-releases.yml:39: update your workflow using https://app.stepsecurity.io/secureworkflow/cloudfoundry/buildpacks-ci/get-specific-php-version-releases.yml/master?enable=pin","Warn: containerImage not pinned by hash: Dockerfile:1: pin your Docker image by updating ubuntu:bionic to ubuntu:bionic@sha256:152dc042452c496007f07ca9127571cb9c29697f42acbfad72324b2bb2e43c98","Warn: containerImage not pinned by hash: dockerfiles/cflinuxfs3-dev.Dockerfile:1: pin your Docker image by updating cloudfoundry/cflinuxfs3 to cloudfoundry/cflinuxfs3@sha256:124177f58d4ff638f11be9487ad095efa06a78c4edae61da2559af4eb5b69c29","Warn: containerImage not pinned by hash: dockerfiles/core-deps-ci.Dockerfile:1: pin your Docker image by updating ubuntu:bionic to ubuntu:bionic@sha256:152dc042452c496007f07ca9127571cb9c29697f42acbfad72324b2bb2e43c98","Warn: containerImage not pinned by hash: dockerfiles/cron-resource/Dockerfile:1: pin your Docker image by updating ruby:slim to ruby:slim@sha256:33bd0860330f35f28fc561004fc9f57550f84065a7e052626912534cb641991d","Warn: containerImage not pinned by hash: dockerfiles/depwatcher/Dockerfile:1: pin your Docker image by updating crystallang/crystal:0.32.1 to crystallang/crystal:0.32.1@sha256:c7a946d3f3f66f8cb10d66950b2b641cc12b113d9815eec389fb99888821da68","Warn: containerImage not pinned by hash: dockerfiles/depwatcher/Dockerfile:8: pin your Docker image by updating ubuntu:bionic to ubuntu:bionic@sha256:152dc042452c496007f07ca9127571cb9c29697f42acbfad72324b2bb2e43c98","Warn: containerImage not pinned by hash: dockerfiles/docker.Dockerfile:1: pin your Docker image by updating cfbuildpacks/feature-eng-ci:minimal to cfbuildpacks/feature-eng-ci:minimal@sha256:319bcf5e475cf50eac5a86dbfcb66c7d011ed0d4f405533bb2bf58836d50e049","Warn: containerImage not pinned by hash: dockerfiles/gcloud.Dockerfile:1: pin your Docker image by updating cfbuildpacks/feature-eng-ci:minimal to cfbuildpacks/feature-eng-ci:minimal@sha256:319bcf5e475cf50eac5a86dbfcb66c7d011ed0d4f405533bb2bf58836d50e049","Warn: containerImage not pinned by hash: dockerfiles/go.Dockerfile:1: pin your Docker image by updating cfbuildpacks/feature-eng-ci:minimal to cfbuildpacks/feature-eng-ci:minimal@sha256:319bcf5e475cf50eac5a86dbfcb66c7d011ed0d4f405533bb2bf58836d50e049","Warn: containerImage not pinned by hash: dockerfiles/minimal.Dockerfile:1: pin your Docker image by updating ubuntu:bionic to ubuntu:bionic@sha256:152dc042452c496007f07ca9127571cb9c29697f42acbfad72324b2bb2e43c98","Warn: containerImage not pinned by hash: dockerfiles/test-on-jammy.Dockerfile:1: pin your Docker image by updating ubuntu:jammy to ubuntu:jammy@sha256:1aa979d85661c488ce030ac292876cf6ed04535d3a237e49f61542d8e5de5ae0","Warn: downloadThenRun not pinned by hash: Dockerfile:64","Warn: downloadThenRun not pinned by hash: Dockerfile:76","Warn: pipCommand not pinned by hash: Dockerfile:110","Warn: downloadThenRun not pinned by hash: dockerfiles/core-deps-ci.Dockerfile:64","Warn: downloadThenRun not pinned by hash: dockerfiles/test-on-jammy.Dockerfile:33","Warn: downloadThenRun not pinned by hash: dockerfiles/test-on-jammy.Dockerfile:36","Warn: goCommand not pinned by hash: tasks/update-libbuildpack/run.sh:18","Warn: goCommand not pinned by hash: tasks/update-libbuildpack/run.sh:19","Warn: goCommand not pinned by hash: tasks/update-libbuildpack/run.sh:20","Warn: goCommand not pinned by hash: tasks/update-libbuildpack/run.sh:22","Warn: pipCommand not pinned by hash: tasks/update-libbuildpack/run.sh:33","Info:   0 out of   5 GitHub-owned GitHubAction dependencies pinned","Info:   0 out of  16 third-party GitHubAction dependencies pinned","Info:   0 out of   4 goCommand dependencies pinned","Info:   0 out of  11 containerImage dependencies pinned","Info:   0 out of   5 downloadThenRun dependencies pinned","Info:   0 out of   2 pipCommand dependencies pinned"],"documentation":{"short":"Determines if the project has declared and pinned the dependencies of its build process.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#pinned-dependencies"}},{"name":"Vulnerabilities","score":0,"reason":"65 existing vulnerabilities detected","details":["Warn: Project is vulnerable to: GHSA-jxhc-q857-3j6g","Warn: Project is vulnerable to: GHSA-5ww9-9qp2-x524","Warn: Project is vulnerable to: GHSA-69p6-wvmq-27gg","Warn: Project is vulnerable to: GHSA-pfpr-3463-c6jh","Warn: Project is vulnerable to: GHSA-pphf-gfrm-v32r","Warn: Project is vulnerable to: GHSA-242x-7cm6-4w8j","Warn: Project is vulnerable to: GHSA-286v-pcf5-25rc","Warn: Project is vulnerable to: GHSA-2qc6-mcvw-92cw","Warn: Project is vulnerable to: GHSA-2rr5-8q37-2w7h","Warn: Project is vulnerable to: GHSA-353f-x4gh-cqq8","Warn: Project is vulnerable to: GHSA-4hm9-844j-jmxp","Warn: Project is vulnerable to: GHSA-59gp-qqm7-cw4j","Warn: Project is vulnerable to: GHSA-5w6v-399v-w3cc","Warn: Project is vulnerable to: GHSA-7553-jr98-vx47","Warn: Project is vulnerable to: GHSA-7rrm-v45f-jp64","Warn: Project is vulnerable to: GHSA-cf46-6xxh-pc75","Warn: Project is vulnerable to: GHSA-cgx6-hpwq-fhv5","Warn: Project is vulnerable to: GHSA-crjr-9rc5-ghw8","Warn: Project is vulnerable to: GHSA-fq42-c5rg-92c2","Warn: Project is vulnerable to: GHSA-gx8x-g87m-h5q6","Warn: Project is vulnerable to: GHSA-jc36-42cf-vqwj","Warn: Project is vulnerable to: GHSA-jw9f-hh49-cvp9","Warn: Project is vulnerable to: GHSA-mrxw-mxhj-p664","Warn: Project is vulnerable to: GHSA-pxvg-2qj5-37jq","Warn: Project is vulnerable to: GHSA-r95h-9x8f-r3f7","Warn: Project is vulnerable to: GHSA-v4f8-2847-rwm7","Warn: Project is vulnerable to: GHSA-v6gp-9mmm-c6p5","Warn: Project is vulnerable to: GHSA-vmfx-gcfq-wvm2","Warn: Project is vulnerable to: GHSA-vr8q-g5c7-m54m","Warn: Project is vulnerable to: GHSA-vvfq-8hwr-qm4m","Warn: Project is vulnerable to: GHSA-xc9x-jj77-9p9j","Warn: Project is vulnerable to: GHSA-xh29-r2w5-wx8m","Warn: Project is vulnerable to: GHSA-xxx9-3xcr-gjj3","Warn: Project is vulnerable to: GHSA-jppv-gw3r-w3q8","Warn: Project is vulnerable to: GO-2022-0229 / GHSA-cjjc-xp8v-855w","Warn: Project is vulnerable to: GO-2020-0012 / GHSA-ffhg-7mh4-33c4","Warn: Project is vulnerable to: GO-2021-0227 / GHSA-3vm4-22fp-5rfm","Warn: Project is vulnerable to: GO-2022-0968 / GHSA-gwc9-m7rh-j2ww","Warn: Project is vulnerable to: GO-2021-0356 / GHSA-8c26-wmh5-6g9v","Warn: Project is vulnerable to: GO-2024-2961","Warn: Project is vulnerable to: GO-2023-2402 / GHSA-45x7-px36-x8w8","Warn: Project is vulnerable to: GO-2024-3321 / GHSA-v778-237x-gjrc","Warn: Project is vulnerable to: GO-2025-3487 / GHSA-hcg3-q754-cr77","Warn: Project is vulnerable to: GO-2023-1572 / GHSA-qgc7-mgm3-q253","Warn: Project is vulnerable to: GO-2023-1990 / GHSA-j3p8-6mrq-6g7h","Warn: Project is vulnerable to: GO-2023-1989 / GHSA-x92r-3vfx-4cv3","Warn: Project is vulnerable to: GO-2024-2937 / GHSA-9phm-fm57-rhg8","Warn: Project is vulnerable to: GO-2023-2153 / GHSA-m425-mq94-257g / GHSA-qppj-fm5r-hxr3","Warn: Project is vulnerable to: GO-2020-0036 / GHSA-wxc4-f4m6-wwqv","Warn: Project is vulnerable to: GO-2025-3488 / GHSA-6v2p-p543-phr9","Warn: Project is vulnerable to: GO-2022-0197 / GHSA-4r78-hx75-jjj2 / GHSA-mv93-wvcp-7m7r","Warn: Project is vulnerable to: GO-2020-0014 / GHSA-vfw5-hrgq-h5wf","Warn: Project is vulnerable to: GO-2022-0536 / GHSA-39qc-96h7-956f / GHSA-hgr8-6h9x-f7q9","Warn: Project is vulnerable to: GO-2022-0236 / GHSA-h86h-8ppg-mxmh","Warn: Project is vulnerable to: GO-2021-0238 / GHSA-83g2-8m93-v3w7","Warn: Project is vulnerable to: GO-2022-0288","Warn: Project is vulnerable to: GO-2022-0969 / GHSA-69cg-p879-7622","Warn: Project is vulnerable to: GO-2022-1144 / GHSA-xrjj-mj9h-534m","Warn: Project is vulnerable to: GO-2023-1571 / GHSA-vvpx-j8f3-3w6h","Warn: Project is vulnerable to: GO-2023-1988 / GHSA-2wrh-6pvc-2jm9","Warn: Project is vulnerable to: GO-2023-2102 / GHSA-4374-p667-p6c8","Warn: Project is vulnerable to: GO-2024-2687 / GHSA-4v7x-pqxf-cx7m","Warn: Project is vulnerable to: GO-2024-3333","Warn: Project is vulnerable to: GO-2025-3503 / GHSA-qxp5-gwg8-xv66","Warn: Project is vulnerable to: GO-2025-3595 / GHSA-vvgc-356p-c3xw"],"documentation":{"short":"Determines if the project has open, known unfixed vulnerabilities.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#vulnerabilities"}}]},"last_synced_at":"2025-08-17T18:42:41.596Z","repository_id":30984895,"created_at":"2025-08-17T18:42:41.597Z","updated_at":"2025-08-17T18:42:41.597Z"},"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":28750875,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-01-25T09:00:19.176Z","status":"ssl_error","status_checked_at":"2026-01-25T09:00:04.131Z","response_time":113,"last_error":"SSL_read: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2024-11-08T22:23:37.075Z","updated_at":"2026-01-25T09:34:12.061Z","avatar_url":"https://github.com/cloudfoundry.png","language":"HTML","funding_links":[],"categories":[],"sub_categories":[],"readme":"# Introduction\n\nThis contains the configuration for the Cloud Foundry Buildpacks team [Concourse deployment](https://buildpacks.ci.cf-app.com/).\n\n# Pipelines\n\nAll pipelines are now generated using [ytt](https://carvel.dev/ytt/) templating.\n\n* [dependency-builds](pipelines/dependency-builds): build binaries for Cloud Foundry buildpacks\n* [buildpacks](pipelines/buildpack): test and release all of the buildpacks\n* [brats](pipelines/brats): run [BRATS](https://github.com/cloudfoundry/brats) against the master branch of buildpacks\n* [buildpack-verification](pipelines/buildpack-verification): generate static site for buildpack verification\n* [cflinuxfs4](pipelines/cflinuxfs4.yml): cflinuxfs4 rootfs pipeline\n\n# Concourse State\n\nJobs and tasks in the `buildpacks-ci` repository store state in [public-buildpacks-ci-robots](https://github.com/cloudfoundry/public-buildpacks-ci-robots). See repository README for details.\n\n# Commands and recipes\n\n## Updating all the Pipelines\n\n```sh\n./bin/update-pipelines\n```\n\n## Debugging the build\n\n```sh\nfly intercept -j $JOB_NAME -t task -n $TASK_NAME\n```\n\n## Clearing the git resources\n\n```sh\nfly intercept -c $RESOURCE_NAME rm -rf /tmp/git-resource-repo-cache\n```\n\n## To build a new version of a binary\n\n1. Check out the `binary-builds` branch\n2. Edit the YAML file appropriate for the build (e.g. `ruby-builds.yml`)\n3. Find the version number and package SHA256 of the new binary. For many binaries, the project website provides the SHA256 along with the release (for example, jruby.org/download provides the SHA256 along with each JRuby release). For others (such as Godep), you download the .tar.gz file and run `shasum -a 256 \u003ctar_file\u003e` to obtain the SHA256.\n4. Add any number of versions and their checksums to the array, e.g.\n\n\t```yaml\n\truby:\n\t- version: 2.2.2\n\t  sha256: 5ffc0f317e429e6b29d4a98ac521c3ce65481bfd22a8cf845fa02a7b113d9b44\n\t```\n\n5. `git commit -am 'Build ruby 2.2.2' \u0026\u0026 git push`\n\nBuild should automatically kick off at\nhttps://buildpacks.ci.cf-app.com/pipelines/binary-builder and silently\nupload a binary to the `buildpacks.cloudfoundry.org` bucket under\n`dependencies/`,\ne.g. https://buildpacks.cloudfoundry.org.s3.amazonaws.com/dependencies/ruby/ruby-2.2.2-linux-x64.tgz\n\nNote that the array is a stack, which will be emptied as the build\nsucceeds in packaging successive versions.\n\n## Making Changes to Build Scripts\n\nWhen you want to change how a binary gets built, there are two places you may need to make changes. All binaries are built by the `dependency-builds` pipeline, and you may need to change the task that builds them. For many binaries, the `dependency-builds` pipeline runs recipes from the `binary-builder` repo; for those binaries, you will usually need to change the recipe rather than the concourse task.\n\nFor the list of currently supported binaries, check out our `dependency-builds` [pipeline](https://buildpacks.ci.cf-app.com/teams/main/pipelines/dependency-builds).\n\nThe concourse task that orchestrates the building is `buildpacks-ci/tasks/build-binary-new/builder.rb`; many of the recipes are in [binary-builder](https://github.com/cloudfoundry/binary-builder). \n\nTo test these changes locally, you can execute the concourse task for it, but point to local changes. For instance:\n\n```\n$ cd buildpacks-ci\n$ STACK=cflinuxfs2 fly -t buildpacks e -c tasks/build-binary-new/build.yml -j dependency-builds/build-r-3.4.X -i buildpacks-ci=.\n```\n\nFor binaries that use recipes in `binary-builder`, you can also test in Docker. For instance:\n\n```\n$ docker run -w /binary-builder -v `pwd`:/binary-builder -it cloudfoundry/cflinuxfs2:ruby-2.2.4 ./bin/binary-builder --name=ruby --version=2.2.3 --md5=150a5efc5f5d8a8011f30aa2594a7654\n$ ls\nruby-2.2.3-linux-x64.tgz\n```\n\n\n\n# Buildpack Repositories Guide\n\n`buildpacks-ci` pipelines and tasks refer to many other repositories. These repos are where the buildpack team and others develop buildpacks and related artifacts.\n\n## Officially-supported Buildpacks\n\nEach officially-supported buildpack has a `develop` and a `master` branch.\n\nActive development happens on `develop`. Despite our best efforts, `develop` will sometimes be unstable and is not production-ready.\n\nOur release branch is `master`. This is stable and only updated with new buildpack releases.\n\n* [binary-buildpack](https://github.com/cloudfoundry/binary-buildpack)\n* [go-buildpack](https://github.com/cloudfoundry/go-buildpack)\n* [nodejs-buildpack](https://github.com/cloudfoundry/nodejs-buildpack)\n* [php-buildpack](https://github.com/cloudfoundry/php-buildpack)\n* [python-buildpack](https://github.com/cloudfoundry/python-buildpack)\n* [ruby-buildpack](https://github.com/cloudfoundry/ruby-buildpack)\n* [dotnet-core-buildpack](https://github.com/cloudfoundry/dotnet-core-buildpack)\n* [staticfile-buildpack](https://github.com/cloudfoundry/static-buildpack)\n\n## Tooling for Development and Runtime\n\n* [buildpack-packager](https://github.com/cloudfoundry/buildpack-packager)   Builds cached and uncached buildpacks\n* [machete](https://github.com/cloudfoundry/machete)           Buildpack integration testing framework.\n* [compile-extensions](https://github.com/cloudfoundry/compile-extensions) Suite of utility scripts used in buildpacks at runtime\n* [libbuildpack](https://github.com/cloudfoundry/libbuildpack) Library used for writing buildpacks in Golang\n* [binary-builder](https://github.com/cloudfoundry/binary-builder)           Builds binaries against specified rootfs\n* [brats](https://github.com/cloudfoundry/brats) Buildpack Runtime Acceptance Test Suite, a collection of smoke tests\n\n## BOSH Releases\n\nBOSH releases are used in the assembly of [`cf-release`](https://github.com/cloudfoundry/cf-release).\n\n* [go-buildpack-release](https://github.com/cloudfoundry/go-buildpack-release)\n* [ruby-buildpack-release](https://github.com/cloudfoundry/ruby-buildpack-release)\n* [python-buildpack-release](https://github.com/cloudfoundry/python-buildpack-release)\n* [php-buildpack-release](https://github.com/cloudfoundry/php-buildpack-release)\n* [nodejs-buildpack-release](https://github.com/cloudfoundry/nodejs-buildpack-release)\n* [staticfile-buildpack-release](https://github.com/cloudfoundry/staticfile-buildpack-release)\n* [binary-buildpack-release](https://github.com/cloudfoundry/binary-buildpack-release)\n* [java-offline-buildpack-release](https://github.com/cloudfoundry/java-offline-buildpack-release)\n* [java-buildpack-release](https://github.com/cloudfoundry/java-buildpack-release)\n* [dotnet-core-buildpack-release](https://github.com/cloudfoundry/dotnet-core-buildpack-release)\n\n## Experimental or unsupported\n\n### Buildpacks\n\nThese buildpacks are possible candidates for promotion, or experimental architecture explorations.\n\n* [hwc-buildpack](https://github.com/cloudfoundry/hwc-buildpack)\n* [hwc-buildpack-release](https://github.com/cloudfoundry/hwc-buildpack-release)\n\n### Tools\n\n* [concourse-filter](https://github.com/pivotal-cf-experimental/concourse-filter) Redacts credentials from Concourse logs\n* [new_version_resource](https://github.com/pivotal-cf-experimental/new_version_resource) Concourse resource to track dependency versions by scraping webpages\n\n## Private Repos\n\nSome repositories are private for historical or security reasons. We list them for completeness.\n\n* [deployments-buildpacks](https://github.com/pivotal-cf/deployments-buildpacks) See repository README.\n* [buildpacks-ci-robots](https://github.com/pivotal-cf/buildpacks-ci-robots) See repository README.\n\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fcloudfoundry%2Fbuildpacks-ci","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fcloudfoundry%2Fbuildpacks-ci","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fcloudfoundry%2Fbuildpacks-ci/lists"}