{"id":19299934,"url":"https://github.com/cloudogu/nexus-carp","last_synced_at":"2026-02-16T09:18:07.674Z","repository":{"id":43294630,"uuid":"129858340","full_name":"cloudogu/nexus-carp","owner":"cloudogu","description":"CAS Authentication Reverse Proxy for Sonatype Nexus","archived":false,"fork":false,"pushed_at":"2025-08-19T13:45:07.000Z","size":179,"stargazers_count":2,"open_issues_count":1,"forks_count":2,"subscribers_count":12,"default_branch":"develop","last_synced_at":"2025-08-19T15:31:55.846Z","etag":null,"topics":["authentication","carp","cas","nexus","reverse-proxy","sonatype","sso"],"latest_commit_sha":null,"homepage":null,"language":"Makefile","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"agpl-3.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/cloudogu.png","metadata":{"files":{"readme":"README.md","changelog":"CHANGELOG.md","contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2018-04-17T06:40:50.000Z","updated_at":"2025-08-19T13:45:10.000Z","dependencies_parsed_at":"2025-01-05T22:40:56.442Z","dependency_job_id":null,"html_url":"https://github.com/cloudogu/nexus-carp","commit_stats":{"total_commits":88,"total_committers":15,"mean_commits":5.866666666666666,"dds":0.6704545454545454,"last_synced_commit":"d010b432da36150ee33c8c0f5e6fd573a4bd7b10"},"previous_names":[],"tags_count":16,"template":false,"template_full_name":null,"purl":"pkg:github/cloudogu/nexus-carp","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/cloudogu%2Fnexus-carp","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/cloudogu%2Fnexus-carp/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/cloudogu%2Fnexus-carp/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/cloudogu%2Fnexus-carp/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/cloudogu","download_url":"https://codeload.github.com/cloudogu/nexus-carp/tar.gz/refs/heads/develop","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/cloudogu%2Fnexus-carp/sbom","scorecard":{"id":293143,"data":{"date":"2025-08-11","repo":{"name":"github.com/cloudogu/nexus-carp","commit":"86461edffdf779d681a82de07fe1c2201d10ef0a"},"scorecard":{"version":"v5.2.1-40-gf6ed084d","commit":"f6ed084d17c9236477efd66e5b258b9d4cc7b389"},"score":3.2,"checks":[{"name":"Code-Review","score":1,"reason":"Found 4/22 approved changesets -- score normalized to 1","details":null,"documentation":{"short":"Determines if the project requires human code review before pull requests (aka merge requests) are merged.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#code-review"}},{"name":"Token-Permissions","score":-1,"reason":"No tokens found","details":null,"documentation":{"short":"Determines if the project's workflows follow the principle of least privilege.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#token-permissions"}},{"name":"Packaging","score":-1,"reason":"packaging workflow not detected","details":["Warn: no GitHub/GitLab publishing workflow detected."],"documentation":{"short":"Determines if the project is published as a package that others can easily download, install, easily update, and uninstall.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#packaging"}},{"name":"Maintained","score":0,"reason":"0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0","details":null,"documentation":{"short":"Determines if the project is \"actively maintained\".","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#maintained"}},{"name":"Dangerous-Workflow","score":-1,"reason":"no workflows found","details":null,"documentation":{"short":"Determines if the project's GitHub Action workflows avoid dangerous patterns.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#dangerous-workflow"}},{"name":"Binary-Artifacts","score":10,"reason":"no binaries found in the repo","details":null,"documentation":{"short":"Determines if the project has generated executable (binary) artifacts in the source repository.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#binary-artifacts"}},{"name":"CII-Best-Practices","score":0,"reason":"no effort to earn an OpenSSF best practices badge detected","details":null,"documentation":{"short":"Determines if the project has an OpenSSF (formerly CII) Best Practices Badge.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#cii-best-practices"}},{"name":"Pinned-Dependencies","score":0,"reason":"dependency not pinned by hash detected -- score normalized to 0","details":["Warn: containerImage not pinned by hash: build/make/bats/Dockerfile:4","Info:   0 out of   1 containerImage dependencies pinned"],"documentation":{"short":"Determines if the project has declared and pinned the dependencies of its build process.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#pinned-dependencies"}},{"name":"Security-Policy","score":0,"reason":"security policy file not detected","details":["Warn: no security policy file detected","Warn: no security file to analyze","Warn: no security file to analyze","Warn: no security file to analyze"],"documentation":{"short":"Determines if the project has published a security policy.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#security-policy"}},{"name":"Fuzzing","score":0,"reason":"project is not fuzzed","details":["Warn: no fuzzer integrations found"],"documentation":{"short":"Determines if the project uses fuzzing.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#fuzzing"}},{"name":"License","score":10,"reason":"license file detected","details":["Info: project has a license file: LICENSE:0","Info: FSF or OSI recognized license: GNU Affero General Public License v3.0: LICENSE:0"],"documentation":{"short":"Determines if the project has defined a license.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#license"}},{"name":"Signed-Releases","score":8,"reason":"5 out of the last 5 releases have a total of 5 signed artifacts.","details":["Info: signed release artifact: nexus-carp.sha256sum.asc: https://github.com/cloudogu/nexus-carp/releases/tag/v1.5.0","Info: signed release artifact: nexus-carp.sha256sum.asc: https://github.com/cloudogu/nexus-carp/releases/tag/v1.4.1","Info: signed release artifact: nexus-carp.sha256sum.asc: https://github.com/cloudogu/nexus-carp/releases/tag/v1.4.0","Info: signed release artifact: nexus-carp.sha256sum.asc: https://github.com/cloudogu/nexus-carp/releases/tag/v1.3.1","Info: signed release artifact: nexus-carp.sha256sum.asc: https://github.com/cloudogu/nexus-carp/releases/tag/v1.3.0","Warn: release artifact v1.5.0 does not have provenance: https://api.github.com/repos/cloudogu/nexus-carp/releases/175654319","Warn: release artifact v1.4.1 does not have provenance: https://api.github.com/repos/cloudogu/nexus-carp/releases/175188871","Warn: release artifact v1.4.0 does not have provenance: https://api.github.com/repos/cloudogu/nexus-carp/releases/173409994","Warn: release artifact v1.3.1 does not have provenance: https://api.github.com/repos/cloudogu/nexus-carp/releases/61370355","Warn: release artifact v1.3.0 does not have provenance: https://api.github.com/repos/cloudogu/nexus-carp/releases/49130243"],"documentation":{"short":"Determines if the project cryptographically signs release artifacts.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#signed-releases"}},{"name":"Branch-Protection","score":0,"reason":"branch protection not enabled on development/release branches","details":["Warn: branch protection not enabled for branch 'develop'","Warn: branch protection not enabled for branch 'master'"],"documentation":{"short":"Determines if the default and release branches are protected with GitHub's branch protection settings.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#branch-protection"}},{"name":"Vulnerabilities","score":8,"reason":"2 existing vulnerabilities detected","details":["Warn: Project is vulnerable to: GO-2025-3372 / GHSA-6wxm-mpqj-6jpf","Warn: Project is vulnerable to: GO-2022-0493 / GHSA-p782-xgp4-8hr8"],"documentation":{"short":"Determines if the project has open, known unfixed vulnerabilities.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#vulnerabilities"}},{"name":"SAST","score":0,"reason":"SAST tool is not run on all commits -- score normalized to 0","details":["Warn: 0 commits out of 12 are checked with a SAST tool"],"documentation":{"short":"Determines if the project uses static code analysis.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#sast"}}]},"last_synced_at":"2025-08-17T18:48:31.954Z","repository_id":43294630,"created_at":"2025-08-17T18:48:31.955Z","updated_at":"2025-08-17T18:48:31.955Z"},"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":284868720,"owners_count":27076421,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","status":"online","status_checked_at":"2025-11-17T02:00:06.431Z","response_time":55,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["authentication","carp","cas","nexus","reverse-proxy","sonatype","sso"],"created_at":"2024-11-09T23:13:11.755Z","updated_at":"2025-11-17T11:02:46.377Z","avatar_url":"https://github.com/cloudogu.png","language":"Makefile","funding_links":[],"categories":[],"sub_categories":[],"readme":"# nexus-carp\n\nCAS Authentication Reverse Proxy (CARP) for Sonatype Nexus.\n\n## Requirements\n\n* [Go](https://golang.org/) \u003e= 1.12.x\n\n## Testing and Development\n\n* start Cloudogu EcoSystem\n* install at least CAS-Dogu\n* enable development mode and restart CAS in your Cloudogu EcoSystem\n```bash\netcdctl set /config/_global/stage development\ncesapp stop cas\ncesapp start cas\n```\n\n* Checkout nexus-carp\n```bash\ngit clone git@github.com:cloudogu/nexus-carp.git\ncd nexus-carp\n```\n\n* start nexus on your host system\n```bash\ndocker-compose up -d\n```\n* open Nexus at http://localhost:8081\n* sign in with following credentials:\n  * Username: admin\n  * Password: read out from Docker container via\n\n    ```docker exec -it nexus-carp_nexus_1 cat /nexus-data/admin.password```\n* finish the initialization wizard (remember the password)  \n* enable \"Rut Auth Realm\" (settings at Security -\u003e Realms)\n* Add \"Rut Auth\" Capability with `X-CARP-Authentication` as Header (settings at System -\u003e Capabilities -\u003e Create Capability)\n* Add property that allows to add scripts to Nexus and restart container\n```\ndocker exec -it nexus-carp_nexus_1 bash\necho \"nexus.scripts.allowCreation=true\" \u003e\u003e /nexus-data/etc/nexus.properties\nexit\ndocker-compose restart\n```\n\n* Build\n```bash\nexport GO111MODULE=on\nmake\n```\n\n* Set required environment variables (use the password you set in the wizard at the first start)\n```bash\nexport NEXUS_URL=\"http://localhost:8081\"\nexport NEXUS_USER=\"admin\"\nexport NEXUS_PASSWORD=\"admin123\" \nexport CES_ADMIN_GROUP=\"cesAdmins\"\n```\n\n* Run\n```bash\n./target/nexus-carp\n```\n\n* Test Nexus with Browser and Maven at http://192.168.56.1:9090\n\n## What is the Cloudogu EcoSystem?\nThe Cloudogu EcoSystem is an open platform, which lets you choose how and where your team creates great software. Each service or tool is delivered as a Dogu, a Docker container. Each Dogu can easily be integrated in your environment just by pulling it from our registry.\n\nWe have a growing number of ready-to-use Dogus, e.g. SCM-Manager, Jenkins, Nexus Repository, SonarQube, Redmine and many more. Every Dogu can be tailored to your specific needs. Take advantage of a central authentication service, a dynamic navigation, that lets you easily switch between the web UIs and a smart configuration magic, which automatically detects and responds to dependencies between Dogus.\n\nThe Cloudogu EcoSystem is open source and it runs either on-premises or in the cloud. The Cloudogu EcoSystem is developed by Cloudogu GmbH under [AGPL-3.0-only](https://spdx.org/licenses/AGPL-3.0-only.html).\n\n## License\nCopyright © 2020 - present Cloudogu GmbH\nThis program is free software: you can redistribute it and/or modify it under the terms of the GNU Affero General Public License as published by the Free Software Foundation, version 3.\nThis program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Affero General Public License for more details.\nYou should have received a copy of the GNU Affero General Public License along with this program. If not, see https://www.gnu.org/licenses/.\nSee [LICENSE](LICENSE) for details.\n\n\n---\nMADE WITH :heart:\u0026nbsp;FOR DEV ADDICTS. [Legal notice / Imprint](https://cloudogu.com/en/imprint/?mtm_campaign=ecosystem\u0026mtm_kwd=imprint\u0026mtm_source=github\u0026mtm_medium=link)\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fcloudogu%2Fnexus-carp","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fcloudogu%2Fnexus-carp","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fcloudogu%2Fnexus-carp/lists"}