{"id":31710129,"url":"https://github.com/emqx/emqx-operator","last_synced_at":"2026-04-27T12:00:44.770Z","repository":{"id":36950209,"uuid":"351639677","full_name":"emqx/emqx-operator","owner":"emqx","description":"A Kubernetes Operator for EMQX","archived":false,"fork":false,"pushed_at":"2026-04-23T16:54:50.000Z","size":15709,"stargazers_count":246,"open_issues_count":21,"forks_count":78,"subscribers_count":18,"default_branch":"main-2.3","last_synced_at":"2026-04-23T18:34:56.530Z","etag":null,"topics":["emqx","emqx-operator","k8s","kubernetes","operator"],"latest_commit_sha":null,"homepage":"https://www.emqx.com","language":"Go","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/emqx.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":"CONTRIBUTING.md","funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":null,"dco":null,"cla":null}},"created_at":"2021-03-26T02:35:56.000Z","updated_at":"2026-04-23T06:12:14.000Z","dependencies_parsed_at":"2023-09-23T05:01:31.041Z","dependency_job_id":"36e50b8b-2017-4bd9-9e65-b84534dad8ee","html_url":"https://github.com/emqx/emqx-operator","commit_stats":null,"previous_names":[],"tags_count":104,"template":false,"template_full_name":null,"purl":"pkg:github/emqx/emqx-operator","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/emqx%2Femqx-operator","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/emqx%2Femqx-operator/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/emqx%2Femqx-operator/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/emqx%2Femqx-operator/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/emqx","download_url":"https://codeload.github.com/emqx/emqx-operator/tar.gz/refs/heads/main-2.3","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/emqx%2Femqx-operator/sbom","scorecard":{"id":376346,"data":{"date":"2025-08-11","repo":{"name":"github.com/emqx/emqx-operator","commit":"2ca6a10d73e14bdaada8ee95603ddeddf114302d"},"scorecard":{"version":"v5.2.1-40-gf6ed084d","commit":"f6ed084d17c9236477efd66e5b258b9d4cc7b389"},"score":4.7,"checks":[{"name":"Maintained","score":8,"reason":"5 commit(s) and 5 issue activity found in the last 90 days -- score normalized to 8","details":null,"documentation":{"short":"Determines if the project is \"actively maintained\".","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#maintained"}},{"name":"CII-Best-Practices","score":0,"reason":"no effort to earn an OpenSSF best practices badge detected","details":null,"documentation":{"short":"Determines if the project has an OpenSSF (formerly CII) Best Practices Badge.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#cii-best-practices"}},{"name":"Code-Review","score":3,"reason":"Found 8/26 approved changesets -- score normalized to 3","details":null,"documentation":{"short":"Determines if the project requires human code review before pull requests (aka merge requests) are merged.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#code-review"}},{"name":"Binary-Artifacts","score":10,"reason":"no binaries found in the repo","details":null,"documentation":{"short":"Determines if the project has generated executable (binary) artifacts in the source repository.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#binary-artifacts"}},{"name":"License","score":10,"reason":"license file detected","details":["Info: project has a license file: LICENSE:0","Info: FSF or OSI recognized license: Apache License 2.0: LICENSE:0"],"documentation":{"short":"Determines if the project has defined a license.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#license"}},{"name":"Dangerous-Workflow","score":10,"reason":"no dangerous workflow patterns detected","details":null,"documentation":{"short":"Determines if the project's GitHub Action workflows avoid dangerous patterns.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#dangerous-workflow"}},{"name":"Fuzzing","score":0,"reason":"project is not fuzzed","details":["Warn: no fuzzer integrations found"],"documentation":{"short":"Determines if the project uses fuzzing.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#fuzzing"}},{"name":"Token-Permissions","score":0,"reason":"detected GitHub workflow tokens with excessive permissions","details":["Info: found token with 'none' permissions: .github/workflows/issue.yaml:13","Warn: no topLevel permission defined: .github/workflows/build-reloader-image.yaml:1","Warn: no topLevel permission defined: .github/workflows/check-docs.yaml:1","Warn: no topLevel permission defined: .github/workflows/check-helm.yaml:1","Warn: no topLevel permission defined: .github/workflows/cts.yaml:1","Warn: no topLevel permission defined: .github/workflows/deploy-docs.yaml:1","Warn: no topLevel permission defined: .github/workflows/deploy.yaml:1","Warn: no topLevel permission defined: .github/workflows/gitlint.yaml:1","Warn: no topLevel permission defined: .github/workflows/issue-translate.yaml:1","Warn: no topLevel permission defined: .github/workflows/issue.yaml:1","Warn: no topLevel permission defined: .github/workflows/push-helm.yaml:1","Warn: no topLevel permission defined: .github/workflows/release.yml:1","Warn: no topLevel permission defined: .github/workflows/test.yaml:1","Warn: no topLevel permission defined: .github/workflows/upgrade.yaml:1","Info: no jobLevel write permissions found"],"documentation":{"short":"Determines if the project's workflows follow the principle of least privilege.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#token-permissions"}},{"name":"Branch-Protection","score":-1,"reason":"internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration","details":null,"documentation":{"short":"Determines if the default and release branches are protected with GitHub's branch protection settings.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#branch-protection"}},{"name":"Security-Policy","score":0,"reason":"security policy file not detected","details":["Warn: no security policy file detected","Warn: no security file to analyze","Warn: no security file to analyze","Warn: no security file to analyze"],"documentation":{"short":"Determines if the project has published a security policy.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#security-policy"}},{"name":"Pinned-Dependencies","score":0,"reason":"dependency not pinned by hash detected -- score normalized to 0","details":["Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build-reloader-image.yaml:17: update your workflow using https://app.stepsecurity.io/secureworkflow/emqx/emqx-operator/build-reloader-image.yaml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/build-reloader-image.yaml:31: update your workflow using https://app.stepsecurity.io/secureworkflow/emqx/emqx-operator/build-reloader-image.yaml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/build-reloader-image.yaml:32: update your workflow using https://app.stepsecurity.io/secureworkflow/emqx/emqx-operator/build-reloader-image.yaml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/build-reloader-image.yaml:33: update your workflow using https://app.stepsecurity.io/secureworkflow/emqx/emqx-operator/build-reloader-image.yaml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/build-reloader-image.yaml:39: update your workflow using https://app.stepsecurity.io/secureworkflow/emqx/emqx-operator/build-reloader-image.yaml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/build-reloader-image.yaml:45: update your workflow using https://app.stepsecurity.io/secureworkflow/emqx/emqx-operator/build-reloader-image.yaml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/build-reloader-image.yaml:53: update your workflow using https://app.stepsecurity.io/secureworkflow/emqx/emqx-operator/build-reloader-image.yaml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/check-docs.yaml:10: update your workflow using https://app.stepsecurity.io/secureworkflow/emqx/emqx-operator/check-docs.yaml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/check-docs.yaml:26: update your workflow using https://app.stepsecurity.io/secureworkflow/emqx/emqx-operator/check-docs.yaml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/check-helm.yaml:16: update your workflow using https://app.stepsecurity.io/secureworkflow/emqx/emqx-operator/check-helm.yaml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/cts.yaml:60: update your workflow using https://app.stepsecurity.io/secureworkflow/emqx/emqx-operator/cts.yaml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/cts.yaml:61: update your workflow using https://app.stepsecurity.io/secureworkflow/emqx/emqx-operator/cts.yaml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/cts.yaml:62: update your workflow using https://app.stepsecurity.io/secureworkflow/emqx/emqx-operator/cts.yaml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/cts.yaml:66: update your workflow using https://app.stepsecurity.io/secureworkflow/emqx/emqx-operator/cts.yaml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/cts.yaml:71: update your workflow using https://app.stepsecurity.io/secureworkflow/emqx/emqx-operator/cts.yaml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/cts.yaml:81: update your workflow using https://app.stepsecurity.io/secureworkflow/emqx/emqx-operator/cts.yaml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/cts.yaml:129: update your workflow using https://app.stepsecurity.io/secureworkflow/emqx/emqx-operator/cts.yaml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/cts.yaml:130: update your workflow using https://app.stepsecurity.io/secureworkflow/emqx/emqx-operator/cts.yaml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/cts.yaml:36: update your workflow using https://app.stepsecurity.io/secureworkflow/emqx/emqx-operator/cts.yaml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/cts.yaml:37: update your workflow using https://app.stepsecurity.io/secureworkflow/emqx/emqx-operator/cts.yaml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/deploy-docs.yaml:22: update your workflow using https://app.stepsecurity.io/secureworkflow/emqx/emqx-operator/deploy-docs.yaml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/deploy-docs.yaml:59: update your workflow using https://app.stepsecurity.io/secureworkflow/emqx/emqx-operator/deploy-docs.yaml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/deploy-docs.yaml:65: update your workflow using https://app.stepsecurity.io/secureworkflow/emqx/emqx-operator/deploy-docs.yaml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/deploy-docs.yaml:73: update your workflow using https://app.stepsecurity.io/secureworkflow/emqx/emqx-operator/deploy-docs.yaml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/deploy-docs.yaml:78: update your workflow using https://app.stepsecurity.io/secureworkflow/emqx/emqx-operator/deploy-docs.yaml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/deploy-docs.yaml:83: update your workflow using https://app.stepsecurity.io/secureworkflow/emqx/emqx-operator/deploy-docs.yaml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/deploy-docs.yaml:118: update your workflow using https://app.stepsecurity.io/secureworkflow/emqx/emqx-operator/deploy-docs.yaml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/deploy-docs.yaml:150: update your workflow using https://app.stepsecurity.io/secureworkflow/emqx/emqx-operator/deploy-docs.yaml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/deploy.yaml:56: update your workflow using https://app.stepsecurity.io/secureworkflow/emqx/emqx-operator/deploy.yaml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/deploy.yaml:57: update your workflow using https://app.stepsecurity.io/secureworkflow/emqx/emqx-operator/deploy.yaml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/gitlint.yaml:10: update your workflow using https://app.stepsecurity.io/secureworkflow/emqx/emqx-operator/gitlint.yaml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/issue.yaml:17: update your workflow using https://app.stepsecurity.io/secureworkflow/emqx/emqx-operator/issue.yaml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/push-helm.yaml:17: update your workflow using https://app.stepsecurity.io/secureworkflow/emqx/emqx-operator/push-helm.yaml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/push-helm.yaml:29: update your workflow using https://app.stepsecurity.io/secureworkflow/emqx/emqx-operator/push-helm.yaml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release.yml:25: update your workflow using https://app.stepsecurity.io/secureworkflow/emqx/emqx-operator/release.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/release.yml:45: update your workflow using https://app.stepsecurity.io/secureworkflow/emqx/emqx-operator/release.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/release.yml:46: update your workflow using https://app.stepsecurity.io/secureworkflow/emqx/emqx-operator/release.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/release.yml:47: update your workflow using https://app.stepsecurity.io/secureworkflow/emqx/emqx-operator/release.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/release.yml:52: update your workflow using https://app.stepsecurity.io/secureworkflow/emqx/emqx-operator/release.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/release.yml:56: update your workflow using https://app.stepsecurity.io/secureworkflow/emqx/emqx-operator/release.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/release.yml:68: update your workflow using https://app.stepsecurity.io/secureworkflow/emqx/emqx-operator/release.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/release.yml:75: update your workflow using https://app.stepsecurity.io/secureworkflow/emqx/emqx-operator/release.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/release.yml:89: update your workflow using https://app.stepsecurity.io/secureworkflow/emqx/emqx-operator/release.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test.yaml:21: update your workflow using https://app.stepsecurity.io/secureworkflow/emqx/emqx-operator/test.yaml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test.yaml:22: update your workflow using https://app.stepsecurity.io/secureworkflow/emqx/emqx-operator/test.yaml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/test.yaml:25: update your workflow using https://app.stepsecurity.io/secureworkflow/emqx/emqx-operator/test.yaml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test.yaml:80: update your workflow using https://app.stepsecurity.io/secureworkflow/emqx/emqx-operator/test.yaml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test.yaml:81: update your workflow using https://app.stepsecurity.io/secureworkflow/emqx/emqx-operator/test.yaml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test.yaml:103: update your workflow using https://app.stepsecurity.io/secureworkflow/emqx/emqx-operator/test.yaml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test.yaml:112: update your workflow using https://app.stepsecurity.io/secureworkflow/emqx/emqx-operator/test.yaml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test.yaml:113: update your workflow using https://app.stepsecurity.io/secureworkflow/emqx/emqx-operator/test.yaml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test.yaml:117: update your workflow using https://app.stepsecurity.io/secureworkflow/emqx/emqx-operator/test.yaml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test.yaml:129: update your workflow using https://app.stepsecurity.io/secureworkflow/emqx/emqx-operator/test.yaml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/test.yaml:137: update your workflow using https://app.stepsecurity.io/secureworkflow/emqx/emqx-operator/test.yaml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/test.yaml:143: update your workflow using https://app.stepsecurity.io/secureworkflow/emqx/emqx-operator/test.yaml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/upgrade.yaml:35: update your workflow using https://app.stepsecurity.io/secureworkflow/emqx/emqx-operator/upgrade.yaml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/upgrade.yaml:38: update your workflow using https://app.stepsecurity.io/secureworkflow/emqx/emqx-operator/upgrade.yaml/main?enable=pin","Warn: containerImage not pinned by hash: Dockerfile:2","Warn: containerImage not pinned by hash: Dockerfile:23: pin your Docker image by updating gcr.io/distroless/static:nonroot to gcr.io/distroless/static:nonroot@sha256:cdf4daaf154e3e27cfffc799c16f343a384228f38646928a1513d925f473cb46","Warn: containerImage not pinned by hash: sidecar/reloader/Dockerfile:2","Warn: containerImage not pinned by hash: sidecar/reloader/Dockerfile:19: pin your Docker image by updating gcr.io/distroless/static:nonroot to gcr.io/distroless/static:nonroot@sha256:cdf4daaf154e3e27cfffc799c16f343a384228f38646928a1513d925f473cb46","Warn: npmCommand not pinned by hash: .github/workflows/check-docs.yaml:13","Warn: downloadThenRun not pinned by hash: .github/workflows/cts.yaml:31","Warn: downloadThenRun not pinned by hash: .github/workflows/cts.yaml:124","Warn: pipCommand not pinned by hash: .github/workflows/deploy-docs.yaml:133","Warn: pipCommand not pinned by hash: .github/workflows/deploy-docs.yaml:142","Warn: goCommand not pinned by hash: .github/workflows/test.yaml:31","Warn: goCommand not pinned by hash: .github/workflows/test.yaml:85","Info:   0 out of  31 GitHub-owned GitHubAction dependencies pinned","Info:   1 out of  27 third-party GitHubAction dependencies pinned","Info:   0 out of   2 goCommand dependencies pinned","Info:   0 out of   4 containerImage dependencies pinned","Info:   0 out of   1 npmCommand dependencies pinned","Info:   0 out of   2 downloadThenRun dependencies pinned","Info:   0 out of   2 pipCommand dependencies pinned"],"documentation":{"short":"Determines if the project has declared and pinned the dependencies of its build process.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#pinned-dependencies"}},{"name":"Signed-Releases","score":0,"reason":"Project has not signed or included provenance with any releases.","details":["Warn: release artifact 2.2.29 not signed: https://api.github.com/repos/emqx/emqx-operator/releases/216635098","Warn: release artifact 2.2.29-beta.2 not signed: https://api.github.com/repos/emqx/emqx-operator/releases/214726369","Warn: release artifact 2.2.29-beta.1 not signed: https://api.github.com/repos/emqx/emqx-operator/releases/199511526","Warn: release artifact 2.2.28 not signed: https://api.github.com/repos/emqx/emqx-operator/releases/199164779","Warn: release artifact 2.2.27 not signed: https://api.github.com/repos/emqx/emqx-operator/releases/194396309","Warn: release artifact 2.2.29 does not have provenance: https://api.github.com/repos/emqx/emqx-operator/releases/216635098","Warn: release artifact 2.2.29-beta.2 does not have provenance: https://api.github.com/repos/emqx/emqx-operator/releases/214726369","Warn: release artifact 2.2.29-beta.1 does not have provenance: https://api.github.com/repos/emqx/emqx-operator/releases/199511526","Warn: release artifact 2.2.28 does not have provenance: https://api.github.com/repos/emqx/emqx-operator/releases/199164779","Warn: release artifact 2.2.27 does not have provenance: https://api.github.com/repos/emqx/emqx-operator/releases/194396309"],"documentation":{"short":"Determines if the project cryptographically signs release artifacts.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#signed-releases"}},{"name":"Packaging","score":10,"reason":"packaging workflow detected","details":["Info: Project packages its releases by way of GitHub Actions.: .github/workflows/build-reloader-image.yaml:14"],"documentation":{"short":"Determines if the project is published as a package that others can easily download, install, easily update, and uninstall.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#packaging"}},{"name":"Vulnerabilities","score":9,"reason":"1 existing vulnerabilities detected","details":["Warn: Project is vulnerable to: GO-2025-3488 / GHSA-6v2p-p543-phr9"],"documentation":{"short":"Determines if the project has open, known unfixed vulnerabilities.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#vulnerabilities"}},{"name":"SAST","score":0,"reason":"SAST tool is not run on all commits -- score normalized to 0","details":["Warn: 0 commits out of 21 are checked with a SAST tool"],"documentation":{"short":"Determines if the project uses static code analysis.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#sast"}}]},"last_synced_at":"2025-08-18T14:20:16.303Z","repository_id":36950209,"created_at":"2025-08-18T14:20:16.303Z","updated_at":"2025-08-18T14:20:16.303Z"},"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":32335297,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-04-26T23:26:28.701Z","status":"online","status_checked_at":"2026-04-27T02:00:06.769Z","response_time":128,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["emqx","emqx-operator","k8s","kubernetes","operator"],"created_at":"2025-10-09T00:10:18.970Z","updated_at":"2026-04-27T12:00:44.764Z","avatar_url":"https://github.com/emqx.png","language":"Go","funding_links":[],"categories":[],"sub_categories":[],"readme":"# emqx-operator\n\nEMQX Operator is a [Kubernetes](https://kubernetes.io/) operator for managing [EMQX](https://emqx.com/) clusters.\n\n## Description\n\nThe operator conceptually consists of the following parts:\n- EMQX CRD: Definition for a resource that resembles the EMQX cluster in the Kubernetes API.\n- Rebalance CRD: Definition for a resource that orchestrates rebalancing of EMQX clusters.\n- Controller manager: Kubernetes controller that manages various Kubernetes resources according to EMQX CRs specifications.\n\nThis operator supports:\n* Management of EMQX clusters in both regular and core-replicant deployment modes.\n* Management of [EMQX DS](https://docs.emqx.com/en/emqx/latest/durability/durability_introduction.html#sessions-and-durable-storage) replication, including automatic rebalancing.\n* Rebalancing of MQTT sessions and connections across EMQX cluster nodes.\n\n## Compatibility\n\nThis operator is compatible with the following EMQX releases:\n- EMQX 5.9\n- EMQX 5.10\n- EMQX 6.x\n\n## Installation\n\nHere's the simplest way to install the operator.\n```sh\nkubectl apply --server-side=true -f https://github.com/emqx/emqx-operator/releases/download/v2.3.0/install.yaml\nkubectl wait --for=condition=Ready pods -l \"control-plane=controller-manager\" --namespace emqx-operator-system\n```\n\nThis will install both the CRDs, the controller manager and relevant resources into the cluster. The controller manager will be deployed in the `emqx-operator-system` namespace.\n\n## Upgrading\n\n### From 2.2.x\n\nTo upgrade from 2.2.x to 2.3.0, you need to patch the existing CRDs first to explicitly remove the conversion webhook.\n```sh\nkubectl patch crd emqxes.apps.emqx.io     --type=json -p='[{\"op\":\"replace\", \"path\":\"/spec/conversion\", \"value\":{\"strategy\":\"None\"}}]'\nkubectl patch crd rebalances.apps.emqx.io --type=json -p='[{\"op\":\"replace\", \"path\":\"/spec/conversion\", \"value\":{\"strategy\":\"None\"}}]'\n```\n\nAfter patching the CRDs, delete the existing controller manager deployment.\n```sh\nkubectl delete --ignore-not-found clusterrole emqx-operator-manager-role\nkubectl delete --ignore-not-found clusterrolebinding emqx-operator-manager-rolebinding\nkubectl delete --ignore-not-found mutatingwebhookconfiguration emqx-operator-mutating-webhook-configuration\nkubectl delete --ignore-not-found validatingwebhookconfiguration emqx-operator-validating-webhook-configuration\nkubectl delete --ignore-not-found namespace emqx-operator-system\n```\n\nOptionally, delete legacy CRDs.\n```sh\nkubectl delete --ignore-not-found crd emqxbrokers.apps.emqx.io emqxenterprises.apps.emqx.io emqxplugins.apps.emqx.io\n```\n\nAfter that, you can upgrade the operator by following usual installation steps.\n\n## Troubleshooting\n\nOperator exposes limited number of events to the Kubernetes API.\n```sh\nkubectl get events --sort-by=.lastTimestamp\n```\n\nAlternatively, if EMQX resources fail to reach `Ready` status condition, consult the controller manager logs for more details.\n```sh\nkubectl logs -l \"control-plane=controller-manager\" --tail=-1 --namespace emqx-operator-system\n```\n\n## Development\n\n### Prerequisites\n- go version v1.22.0+\n- docker version 17.03+.\n- kubectl version v1.24+.\n- Access to a Kubernetes v1.24+ cluster.\n\n### To Deploy on the cluster\n**Build and push your image to the location specified by `OPERATOR_IMAGE`:**\n\n```sh\nmake docker-build docker-push OPERATOR_IMAGE=\u003csome-registry\u003e/emqx-operator:tag\n```\n\n**NOTE:** This image ought to be published in the personal registry you specified.\nAnd it is required to have access to pull the image from the working environment.\nMake sure you have the proper permission to the registry if the above commands don’t work.\n\n**Install the CRDs into the cluster:**\n```sh\nmake install\n```\n\n**Deploy the Manager to the cluster with the image specified by `OPERATOR_IMAGE`:**\n```sh\nmake deploy OPERATOR_IMAGE=\u003csome-registry\u003e/emqx-operator:tag\n```\n\n\u003e **NOTE**: If you encounter RBAC errors, you may need to grant yourself cluster-admin\nprivileges or be logged in as admin.\n\n### To Uninstall\n**Delete the CRDs from the cluster:**\n```sh\nmake uninstall\n```\n\n**Undeploy the controller:**\n```sh\nmake undeploy\n```\n\n## Contributing\n\nContributions are welcome! Please see the [CONTRIBUTING.md](CONTRIBUTING.md) file for more information.\n\nAutomatically generated files are kept in the repository for reference. Do not forget to update them when you make changes to the project.\n```sh\nmake generate manifests\ngit add config/crd/bases/\ngit add api/**/zz_generated.deepcopy.go\n```\n\nMore information can be found in the [Kubebuilder Documentation](https://book.kubebuilder.io/introduction.html)\n\n## License\n\nCopyright 2025.\n\nLicensed under the Apache License, Version 2.0 (the \"License\");\nyou may not use this file except in compliance with the License.\nYou may obtain a copy of the License at\n\n    http://www.apache.org/licenses/LICENSE-2.0\n\nUnless required by applicable law or agreed to in writing, software\ndistributed under the License is distributed on an \"AS IS\" BASIS,\nWITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\nSee the License for the specific language governing permissions and\nlimitations under the License.\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Femqx%2Femqx-operator","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Femqx%2Femqx-operator","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Femqx%2Femqx-operator/lists"}