{"id":28394604,"url":"https://github.com/f5/f5-cla","last_synced_at":"2026-02-08T10:33:20.955Z","repository":{"id":276201280,"uuid":"928555478","full_name":"f5/f5-cla","owner":"f5","description":"F5 CLA Documentation","archived":false,"fork":false,"pushed_at":"2026-02-02T05:34:28.000Z","size":223,"stargazers_count":1,"open_issues_count":4,"forks_count":1,"subscribers_count":1,"default_branch":"main","last_synced_at":"2026-02-02T17:12:38.095Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":null,"language":null,"has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/f5.png","metadata":{"files":{"readme":"README.md","changelog":"CHANGELOG.md","contributing":"CONTRIBUTING.md","funding":null,"license":"LICENSE","code_of_conduct":"CODE_OF_CONDUCT.md","threat_model":null,"audit":null,"citation":null,"codeowners":".github/CODEOWNERS","security":"SECURITY.md","support":"SUPPORT.md","governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":null,"dco":null,"cla":null}},"created_at":"2025-02-06T20:29:57.000Z","updated_at":"2026-02-02T05:34:31.000Z","dependencies_parsed_at":"2026-01-20T01:02:53.531Z","dependency_job_id":null,"html_url":"https://github.com/f5/f5-cla","commit_stats":null,"previous_names":["f5/f5-cla"],"tags_count":0,"template":false,"template_full_name":"nginx/template-repository","purl":"pkg:github/f5/f5-cla","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/f5%2Ff5-cla","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/f5%2Ff5-cla/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/f5%2Ff5-cla/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/f5%2Ff5-cla/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/f5","download_url":"https://codeload.github.com/f5/f5-cla/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/f5%2Ff5-cla/sbom","scorecard":{"id":1214565,"data":{"date":"2025-08-28T21:13:40Z","repo":{"name":"github.com/f5/f5-cla","commit":"1430eec739f69f7cce2852759d695b0f34e0d43b"},"scorecard":{"version":"v5.2.1","commit":"ab2f6e92482462fe66246d9e32f642855a691dc1"},"score":7.2,"checks":[{"name":"Code-Review","score":4,"reason":"Found 4/9 approved changesets -- score normalized to 4","details":null,"documentation":{"short":"Determines if the project requires human code review before pull requests (aka merge requests) are merged.","url":"https://github.com/ossf/scorecard/blob/ab2f6e92482462fe66246d9e32f642855a691dc1/docs/checks.md#code-review"}},{"name":"Packaging","score":-1,"reason":"packaging workflow not detected","details":["Warn: no GitHub/GitLab publishing workflow detected."],"documentation":{"short":"Determines if the project is published as a package that others can easily download, install, easily update, and uninstall.","url":"https://github.com/ossf/scorecard/blob/ab2f6e92482462fe66246d9e32f642855a691dc1/docs/checks.md#packaging"}},{"name":"Security-Policy","score":10,"reason":"security policy file detected","details":["Info: security policy file detected: SECURITY.md:1","Info: Found linked content: SECURITY.md:1","Info: Found disclosure, vulnerability, and/or timelines in security policy: SECURITY.md:1","Info: Found text in security policy: SECURITY.md:1"],"documentation":{"short":"Determines if the project has published a security policy.","url":"https://github.com/ossf/scorecard/blob/ab2f6e92482462fe66246d9e32f642855a691dc1/docs/checks.md#security-policy"}},{"name":"Binary-Artifacts","score":10,"reason":"no binaries found in the repo","details":null,"documentation":{"short":"Determines if the project has generated executable (binary) artifacts in the source repository.","url":"https://github.com/ossf/scorecard/blob/ab2f6e92482462fe66246d9e32f642855a691dc1/docs/checks.md#binary-artifacts"}},{"name":"Dependency-Update-Tool","score":10,"reason":"update tool detected","details":["Info: detected update tool: RenovateBot: .github/renovate.json:1"],"documentation":{"short":"Determines if the project uses a dependency update tool.","url":"https://github.com/ossf/scorecard/blob/ab2f6e92482462fe66246d9e32f642855a691dc1/docs/checks.md#dependency-update-tool"}},{"name":"Pinned-Dependencies","score":10,"reason":"all dependencies are pinned","details":["Info:   3 out of   3 GitHub-owned GitHubAction dependencies pinned","Info:   2 out of   2 third-party GitHubAction dependencies pinned"],"documentation":{"short":"Determines if the project has declared and pinned the dependencies of its build process.","url":"https://github.com/ossf/scorecard/blob/ab2f6e92482462fe66246d9e32f642855a691dc1/docs/checks.md#pinned-dependencies"}},{"name":"Dangerous-Workflow","score":10,"reason":"no dangerous workflow patterns detected","details":null,"documentation":{"short":"Determines if the project's GitHub Action workflows avoid dangerous patterns.","url":"https://github.com/ossf/scorecard/blob/ab2f6e92482462fe66246d9e32f642855a691dc1/docs/checks.md#dangerous-workflow"}},{"name":"Maintained","score":10,"reason":"13 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 10","details":null,"documentation":{"short":"Determines if the project is \"actively maintained\".","url":"https://github.com/ossf/scorecard/blob/ab2f6e92482462fe66246d9e32f642855a691dc1/docs/checks.md#maintained"}},{"name":"Token-Permissions","score":10,"reason":"GitHub workflow tokens follow principle of least privilege","details":["Warn: jobLevel 'actions' permission set to 'write': .github/workflows/f5_cla.yml:14","Warn: jobLevel 'statuses' permission set to 'write': .github/workflows/f5_cla.yml:16","Info: topLevel permissions set to 'read-all': .github/workflows/f5_cla.yml:8","Info: topLevel permissions set to 'read-all': .github/workflows/ossf_scorecard.yml:14"],"documentation":{"short":"Determines if the project's workflows follow the principle of least privilege.","url":"https://github.com/ossf/scorecard/blob/ab2f6e92482462fe66246d9e32f642855a691dc1/docs/checks.md#token-permissions"}},{"name":"CII-Best-Practices","score":0,"reason":"no effort to earn an OpenSSF best practices badge detected","details":null,"documentation":{"short":"Determines if the project has an OpenSSF (formerly CII) Best Practices Badge.","url":"https://github.com/ossf/scorecard/blob/ab2f6e92482462fe66246d9e32f642855a691dc1/docs/checks.md#cii-best-practices"}},{"name":"Vulnerabilities","score":10,"reason":"0 existing vulnerabilities detected","details":null,"documentation":{"short":"Determines if the project has open, known unfixed vulnerabilities.","url":"https://github.com/ossf/scorecard/blob/ab2f6e92482462fe66246d9e32f642855a691dc1/docs/checks.md#vulnerabilities"}},{"name":"Signed-Releases","score":-1,"reason":"no releases found","details":null,"documentation":{"short":"Determines if the project cryptographically signs release artifacts.","url":"https://github.com/ossf/scorecard/blob/ab2f6e92482462fe66246d9e32f642855a691dc1/docs/checks.md#signed-releases"}},{"name":"License","score":10,"reason":"license file detected","details":["Info: project has a license file: LICENSE:0","Info: FSF or OSI recognized license: Apache License 2.0: LICENSE:0"],"documentation":{"short":"Determines if the project has defined a license.","url":"https://github.com/ossf/scorecard/blob/ab2f6e92482462fe66246d9e32f642855a691dc1/docs/checks.md#license"}},{"name":"SAST","score":0,"reason":"SAST tool is not run on all commits -- score normalized to 0","details":["Warn: 0 commits out of 23 are checked with a SAST tool"],"documentation":{"short":"Determines if the project uses static code analysis.","url":"https://github.com/ossf/scorecard/blob/ab2f6e92482462fe66246d9e32f642855a691dc1/docs/checks.md#sast"}},{"name":"Fuzzing","score":0,"reason":"project is not fuzzed","details":["Warn: no fuzzer integrations found"],"documentation":{"short":"Determines if the project uses fuzzing.","url":"https://github.com/ossf/scorecard/blob/ab2f6e92482462fe66246d9e32f642855a691dc1/docs/checks.md#fuzzing"}},{"name":"Branch-Protection","score":0,"reason":"branch protection not enabled on development/release branches","details":["Warn: branch protection not enabled for branch 'main'"],"documentation":{"short":"Determines if the default and release branches are protected with GitHub's branch protection settings.","url":"https://github.com/ossf/scorecard/blob/ab2f6e92482462fe66246d9e32f642855a691dc1/docs/checks.md#branch-protection"}},{"name":"Contributors","score":6,"reason":"project has 2 contributing companies or organizations -- score normalized to 6","details":["Info: found contributions from: nginx, nginxinc"],"documentation":{"short":"Determines if the project has a set of contributors from multiple organizations (e.g., companies).","url":"https://github.com/ossf/scorecard/blob/ab2f6e92482462fe66246d9e32f642855a691dc1/docs/checks.md#contributors"}},{"name":"CI-Tests","score":10,"reason":"23 out of 23 merged PRs checked by a CI test -- score normalized to 10","details":null,"documentation":{"short":"Determines if the project runs tests before pull requests are merged.","url":"https://github.com/ossf/scorecard/blob/ab2f6e92482462fe66246d9e32f642855a691dc1/docs/checks.md#ci-tests"}}]},"last_synced_at":"2025-08-29T02:46:32.012Z","repository_id":276201280,"created_at":"2025-08-29T02:46:32.012Z","updated_at":"2025-08-29T02:46:32.012Z"},"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":29227747,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-02-08T09:43:19.170Z","status":"ssl_error","status_checked_at":"2026-02-08T09:42:55.556Z","response_time":57,"last_error":"SSL_read: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2025-05-31T18:37:52.482Z","updated_at":"2026-02-08T10:33:20.939Z","avatar_url":"https://github.com/f5.png","language":null,"funding_links":[],"categories":[],"sub_categories":[],"readme":"[![Project Status: Active – The project has reached a stable, usable state and is being actively developed.](https://www.repostatus.org/badges/latest/active.svg)](https://www.repostatus.org/#active)\n[![OpenSSF Scorecard](https://api.securityscorecards.dev/projects/github.com/f5/f5-cla/badge)](https://securityscorecards.dev/viewer/?uri=github.com/f5/f5-cla)\n[![Community Support](https://badgen.net/badge/support/community/cyan?icon=awesome)](/SUPPORT.md)\n[![License](https://img.shields.io/badge/License-Apache%202.0-blue.svg)](https://opensource.org/licenses/Apache-2.0)\n[![Contributor Covenant](https://img.shields.io/badge/Contributor%20Covenant-2.1-4baaaa.svg)](/CODE_OF_CONDUCT.md)\n\n# F5 Contributor License Agreement (CLA) Documentation \u0026 Workflow\n\nThis repository is intended to serve as the consolidated documentation and GitHub Actions workflow for automating the F5 Contributor License Agreement (CLA) process. The respective signatures from contributors towards F5 affiliated Open Source Software (OSS) projects are stored separately.\n\n## Documentation\n\nThe F5 CLA agreement can be found in the [/docs/f5_cla.md](/docs/f5_cla.md) subdirectory.\n\n## Sample GitHub Actions Workflow\n\nYou can find a fully functional CLA GitHub Action workflow in [`.github/workflows/f5_cla.yml`](/.github/workflows/f5_cla.yml). This workflow uses the [CLA Assistant GitHub Action](https://github.com/contributor-assistant/github-action) to write and read data to/from F5's data storage. We encourage you use this workflow in any F5 OSS project you maintain. (**Note:** You might need/want to edit both the `branch` and `allowlist` parameters in the workflow.)\n\n### GitHub Actions Workflow Overview\n\nUpon a pull request (PR) submission, the F5 CLA GitHub Action workflow is triggered and a signature check for the author is done against F5's data storage.\n\nIf a previous signature from the authors of the PR is not found within this F5's data storage, the [CLA Assistant GitHub Action](https://github.com/contributor-assistant/github-action) prompts the PR author to read the [F5 CLA](/docs/f5_cla.md), and agree to the [F5 CLA](/docs/f5_cla.md) terms by leaving a phrase with the comment: \"I have hereby read the F5 CLA and agree to its terms\".\n\nUpon detection of the specified phrase by the author in a PR comment, the action is retriggered and the authors information is collected and committed to F5's data storage.\n\n### Status Check Integrations\n\nThis action integrates directly with GitHub's Status Check feature. If the action determines that signatures are still required from the pull request's author(s), it will show a failing status and vice-versa.\n\n![status-checks](/media/status-checks.png)\n\n# License\n\n[Apache License, Version 2.0](/LICENSE)\n\n\u0026copy; [F5, Inc.](https://www.f5.com/) 2025\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Ff5%2Ff5-cla","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Ff5%2Ff5-cla","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Ff5%2Ff5-cla/lists"}