{"id":15175291,"url":"https://github.com/ep2p/somnia","last_synced_at":"2026-01-14T02:15:32.177Z","repository":{"id":46639061,"uuid":"356652878","full_name":"ep2p/somnia","owner":"ep2p","description":"Decentralized storage with private trust. Powered by Spring Boot, MongoDB and Kademlia algorithm.","archived":true,"fork":false,"pushed_at":"2022-11-16T02:42:37.000Z","size":192,"stargazers_count":1,"open_issues_count":1,"forks_count":2,"subscribers_count":1,"default_branch":"main","last_synced_at":"2025-10-01T12:42:16.157Z","etag":null,"topics":["decentralized","java","kademlia","mongodb","sprint-boot"],"latest_commit_sha":null,"homepage":"","language":"Java","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"gpl-3.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/ep2p.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null}},"created_at":"2021-04-10T17:37:16.000Z","updated_at":"2022-12-22T05:30:55.000Z","dependencies_parsed_at":"2023-01-23T08:01:20.363Z","dependency_job_id":null,"html_url":"https://github.com/ep2p/somnia","commit_stats":null,"previous_names":[],"tags_count":6,"template":false,"template_full_name":null,"purl":"pkg:github/ep2p/somnia","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ep2p%2Fsomnia","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ep2p%2Fsomnia/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ep2p%2Fsomnia/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ep2p%2Fsomnia/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/ep2p","download_url":"https://codeload.github.com/ep2p/somnia/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ep2p%2Fsomnia/sbom","scorecard":{"id":378758,"data":{"date":"2025-08-11","repo":{"name":"github.com/ep2p/somnia","commit":"390bb6b3b1396a705f924a33c147390f1313c51b"},"scorecard":{"version":"v5.2.1-40-gf6ed084d","commit":"f6ed084d17c9236477efd66e5b258b9d4cc7b389"},"score":4.7,"checks":[{"name":"Packaging","score":-1,"reason":"packaging workflow not detected","details":["Warn: no GitHub/GitLab publishing workflow detected."],"documentation":{"short":"Determines if the project is published as a package that others can easily download, install, easily update, and uninstall.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#packaging"}},{"name":"Token-Permissions","score":9,"reason":"detected GitHub workflow tokens with excessive permissions","details":["Info: jobLevel 'contents' permission set to 'read': .github/workflows/codeql-analysis.yml:29","Info: jobLevel 'actions' permission set to 'read': .github/workflows/codeql-analysis.yml:28","Warn: no topLevel permission defined: .github/workflows/codeql-analysis.yml:1","Info: no jobLevel write permissions found"],"documentation":{"short":"Determines if the project's workflows follow the principle of least privilege.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#token-permissions"}},{"name":"Code-Review","score":0,"reason":"Found 0/26 approved changesets -- score normalized to 0","details":null,"documentation":{"short":"Determines if the project requires human code review before pull requests (aka merge requests) are merged.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#code-review"}},{"name":"Dangerous-Workflow","score":10,"reason":"no dangerous workflow patterns detected","details":null,"documentation":{"short":"Determines if the project's GitHub Action workflows avoid dangerous patterns.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#dangerous-workflow"}},{"name":"Maintained","score":0,"reason":"project is archived","details":["Warn: Repository is archived."],"documentation":{"short":"Determines if the project is \"actively maintained\".","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#maintained"}},{"name":"Binary-Artifacts","score":10,"reason":"no binaries found in the repo","details":null,"documentation":{"short":"Determines if the project has generated executable (binary) artifacts in the source repository.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#binary-artifacts"}},{"name":"Pinned-Dependencies","score":0,"reason":"dependency not pinned by hash detected -- score normalized to 0","details":["Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/codeql-analysis.yml:42: update your workflow using https://app.stepsecurity.io/secureworkflow/ep2p/somnia/codeql-analysis.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/codeql-analysis.yml:46: update your workflow using https://app.stepsecurity.io/secureworkflow/ep2p/somnia/codeql-analysis.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/codeql-analysis.yml:57: update your workflow using https://app.stepsecurity.io/secureworkflow/ep2p/somnia/codeql-analysis.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/codeql-analysis.yml:71: update your workflow using https://app.stepsecurity.io/secureworkflow/ep2p/somnia/codeql-analysis.yml/main?enable=pin","Info:   0 out of   4 GitHub-owned GitHubAction dependencies pinned"],"documentation":{"short":"Determines if the project has declared and pinned the dependencies of its build process.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#pinned-dependencies"}},{"name":"CII-Best-Practices","score":0,"reason":"no effort to earn an OpenSSF best practices badge detected","details":null,"documentation":{"short":"Determines if the project has an OpenSSF (formerly CII) Best Practices Badge.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#cii-best-practices"}},{"name":"Fuzzing","score":0,"reason":"project is not fuzzed","details":["Warn: no fuzzer integrations found"],"documentation":{"short":"Determines if the project uses fuzzing.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#fuzzing"}},{"name":"License","score":10,"reason":"license file detected","details":["Info: project has a license file: LICENSE:0","Info: FSF or OSI recognized license: GNU General Public License v3.0: LICENSE:0"],"documentation":{"short":"Determines if the project has defined a license.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#license"}},{"name":"Signed-Releases","score":-1,"reason":"no releases found","details":null,"documentation":{"short":"Determines if the project cryptographically signs release artifacts.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#signed-releases"}},{"name":"Branch-Protection","score":0,"reason":"branch protection not enabled on development/release branches","details":["Warn: branch protection not enabled for branch 'main'"],"documentation":{"short":"Determines if the default and release branches are protected with GitHub's branch protection settings.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#branch-protection"}},{"name":"Security-Policy","score":0,"reason":"security policy file not detected","details":["Warn: no security policy file detected","Warn: no security file to analyze","Warn: no security file to analyze","Warn: no security file to analyze"],"documentation":{"short":"Determines if the project has published a security policy.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#security-policy"}},{"name":"SAST","score":7,"reason":"SAST tool detected but not run on all commits","details":["Info: SAST configuration detected: CodeQL","Warn: 0 commits out of 5 are checked with a SAST tool"],"documentation":{"short":"Determines if the project uses static code analysis.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#sast"}},{"name":"Vulnerabilities","score":10,"reason":"0 existing vulnerabilities detected","details":null,"documentation":{"short":"Determines if the project has open, known unfixed vulnerabilities.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#vulnerabilities"}}]},"last_synced_at":"2025-08-18T14:54:26.383Z","repository_id":46639061,"created_at":"2025-08-18T14:54:26.383Z","updated_at":"2025-08-18T14:54:26.383Z"},"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":28408711,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-01-14T01:52:23.358Z","status":"online","status_checked_at":"2026-01-14T02:00:06.678Z","response_time":107,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["decentralized","java","kademlia","mongodb","sprint-boot"],"created_at":"2024-09-27T12:21:34.819Z","updated_at":"2026-01-14T02:15:32.154Z","avatar_url":"https://github.com/ep2p.png","language":"Java","funding_links":[],"categories":[],"sub_categories":[],"readme":"[![Maven Central](https://maven-badges.herokuapp.com/maven-central/io.ep2p/somnia/badge.png?gav=true)](https://maven-badges.herokuapp.com/maven-central/io.ep2p/somnia)\n\n```\n-------------------------------------------------------------\n|   ______                                      _           |\n| .' ____ \\                                    (_)          |\n| | (___ \\_|   .--.    _ .--..--.    _ .--.    __    ,--.   |\n|  _.____`.  / .'`\\ \\ [ `.-. .-. |  [ `.-. |  [  |  `'_\\ :  |\n| | \\____) | | \\__. |  | | | | | |   | | | |   | |  // | |, |\n|  \\______.'  '.__.'  [___||__||__] [___||__] [___] \\'-;__/ |\n-------------------------------------------------------------\n|   Decentralized storage based on MongoDB and SpringBoot   |\n-------------------------------------------------------------\n```\n\nSomnia is a small library to handle data distribution in a trusted (private) decentralized network. Using kademlia algorithm, Somnia is able to transfer data to a certain node on network or distribute it between many nodes.\n\nSomnia is strongly depended on **Spring Boot** and by default it uses **Mongo DB** as storage. Also, it's written on top of [ep2p/kademlia-api](https://github.com/ep2p/kademlia-api) and you'd need to understand the kademlia-api before using Somnia.\n\nOn the other hand, due to the nature of kademlia-api library, Somnia is completely independed from how you want to implement connections between the nodes and the discovery system. You can use any protocols such as HTTP, WebSocket, Raw TCP, etc.\n\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fep2p%2Fsomnia","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fep2p%2Fsomnia","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fep2p%2Fsomnia/lists"}