{"id":47130370,"url":"https://github.com/go-dataspace/run-dsp","last_synced_at":"2026-03-12T20:04:27.625Z","repository":{"id":244827784,"uuid":"804366439","full_name":"go-dataspace/run-dsp","owner":"go-dataspace","description":"run-dsp is an open source Go implementation of the IDSA dataspaces protocol.","archived":false,"fork":false,"pushed_at":"2026-02-04T15:21:16.000Z","size":1091,"stargazers_count":13,"open_issues_count":10,"forks_count":1,"subscribers_count":0,"default_branch":"main","last_synced_at":"2026-02-05T02:41:41.681Z","etag":null,"topics":["dataspace","dataspaces","go","golang"],"latest_commit_sha":null,"homepage":"","language":"Go","has_issues":false,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/go-dataspace.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":null,"dco":null,"cla":null}},"created_at":"2024-05-22T13:09:38.000Z","updated_at":"2026-02-04T15:22:41.000Z","dependencies_parsed_at":null,"dependency_job_id":"1a19be09-08c2-4b0b-82e1-7ac34efca7f8","html_url":"https://github.com/go-dataspace/run-dsp","commit_stats":null,"previous_names":["go-dataspace/run-dsp"],"tags_count":26,"template":false,"template_full_name":null,"purl":"pkg:github/go-dataspace/run-dsp","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/go-dataspace%2Frun-dsp","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/go-dataspace%2Frun-dsp/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/go-dataspace%2Frun-dsp/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/go-dataspace%2Frun-dsp/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/go-dataspace","download_url":"https://codeload.github.com/go-dataspace/run-dsp/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/go-dataspace%2Frun-dsp/sbom","scorecard":{"id":1236682,"data":{"date":"2025-03-08T05:35:03Z","repo":{"name":"github.com/go-dataspace/run-dsp","commit":"e84b0cc65bf193de4875a78be4011537ef822ffe"},"scorecard":{"version":"v4.13.1","commit":"49c0eed3a423f00c872b5c3c9f1bbca9e8aae799"},"score":6,"checks":[{"name":"Binary-Artifacts","score":10,"reason":"no binaries found in the repo","details":null,"documentation":{"short":"Determines if the project has generated executable (binary) artifacts in the source repository.","url":"https://github.com/ossf/scorecard/blob/49c0eed3a423f00c872b5c3c9f1bbca9e8aae799/docs/checks.md#binary-artifacts"}},{"name":"Branch-Protection","score":-1,"reason":"internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration","details":null,"documentation":{"short":"Determines if the default and release branches are protected with GitHub's branch protection settings.","url":"https://github.com/ossf/scorecard/blob/49c0eed3a423f00c872b5c3c9f1bbca9e8aae799/docs/checks.md#branch-protection"}},{"name":"CI-Tests","score":10,"reason":"30 out of 30 merged PRs checked by a CI test -- score normalized to 10","details":null,"documentation":{"short":"Determines if the project runs tests before pull requests are merged.","url":"https://github.com/ossf/scorecard/blob/49c0eed3a423f00c872b5c3c9f1bbca9e8aae799/docs/checks.md#ci-tests"}},{"name":"CII-Best-Practices","score":0,"reason":"no effort to earn an OpenSSF best practices badge detected","details":null,"documentation":{"short":"Determines if the project has an OpenSSF (formerly CII) Best Practices Badge.","url":"https://github.com/ossf/scorecard/blob/49c0eed3a423f00c872b5c3c9f1bbca9e8aae799/docs/checks.md#cii-best-practices"}},{"name":"Code-Review","score":10,"reason":"all changesets reviewed","details":null,"documentation":{"short":"Determines if the project requires human code review before pull requests (aka merge requests) are merged.","url":"https://github.com/ossf/scorecard/blob/49c0eed3a423f00c872b5c3c9f1bbca9e8aae799/docs/checks.md#code-review"}},{"name":"Contributors","score":3,"reason":"1 different organizations found -- score normalized to 3","details":["Info: contributors work for ponctech"],"documentation":{"short":"Determines if the project has a set of contributors from multiple organizations (e.g., companies).","url":"https://github.com/ossf/scorecard/blob/49c0eed3a423f00c872b5c3c9f1bbca9e8aae799/docs/checks.md#contributors"}},{"name":"Dangerous-Workflow","score":10,"reason":"no dangerous workflow patterns detected","details":null,"documentation":{"short":"Determines if the project's GitHub Action workflows avoid dangerous patterns.","url":"https://github.com/ossf/scorecard/blob/49c0eed3a423f00c872b5c3c9f1bbca9e8aae799/docs/checks.md#dangerous-workflow"}},{"name":"Dependency-Update-Tool","score":10,"reason":"update tool detected","details":["Info: tool 'Dependabot' is used: :0"],"documentation":{"short":"Determines if the project uses a dependency update tool.","url":"https://github.com/ossf/scorecard/blob/49c0eed3a423f00c872b5c3c9f1bbca9e8aae799/docs/checks.md#dependency-update-tool"}},{"name":"Fuzzing","score":0,"reason":"project is not fuzzed","details":["Warn: no OSSFuzz integration found: Follow the steps in https://github.com/google/oss-fuzz to integrate fuzzing for your project.\nOver time, try to add fuzzing for more functionalities of your project. (High effort)","Warn: no OneFuzz integration found: Follow the steps in https://github.com/microsoft/onefuzz to start fuzzing for your project.\nOver time, try to add fuzzing for more functionalities of your project. (High effort)","Warn: no GoBuiltInFuzzer integration found: Follow the steps in https://go.dev/doc/fuzz/ to enable fuzzing on your project.\nOver time, try to add fuzzing for more functionalities of your project. (Medium effort)","Warn: no PythonAtherisFuzzer integration found: Follow the steps in https://github.com/google/atheris to enable fuzzing on your project.\nOver time, try to add fuzzing for more functionalities of your project. (Medium effort)","Warn: no CLibFuzzer integration found: Follow the steps in https://llvm.org/docs/LibFuzzer.html to enable fuzzing on your project.\nOver time, try to add fuzzing for more functionalities of your project. (Medium effort)","Warn: no CppLibFuzzer integration found: Follow the steps in https://llvm.org/docs/LibFuzzer.html to enable fuzzing on your project.\nOver time, try to add fuzzing for more functionalities of your project. (Medium effort)","Warn: no SwiftLibFuzzer integration found: Follow the steps in https://google.github.io/oss-fuzz/getting-started/new-project-guide/swift-lang/ to enable fuzzing on your project.\nOver time, try to add fuzzing for more functionalities of your project. (Medium effort)","Warn: no RustCargoFuzzer integration found: Follow the steps in https://rust-fuzz.github.io/book/cargo-fuzz.html to enable fuzzing on your project.\nOver time, try to add fuzzing for more functionalities of your project. (Medium effort)","Warn: no JavaJazzerFuzzer integration found: Follow the steps in https://github.com/CodeIntelligenceTesting/jazzer to enable fuzzing on your project.\nOver time, try to add fuzzing for more functionalities of your project. (Medium effort)","Warn: no ClusterFuzzLite integration found: Follow the steps in https://github.com/google/clusterfuzzlite to integrate fuzzing as part of CI.\nOver time, try to add fuzzing for more functionalities of your project. (High effort)","Warn: no HaskellPropertyBasedTesting integration found: Use one of the following frameworks to fuzz your project:\nQuickCheck: https://hackage.haskell.org/package/QuickCheck\nhedgehog: https://hedgehog.qa/\nvalidity: https://github.com/NorfairKing/validity\nsmallcheck: https://hackage.haskell.org/package/smallcheck\nhspec: https://hspec.github.io/\ntasty: https://hackage.haskell.org/package/tasty (High effort)","Warn: no TypeScriptPropertyBasedTesting integration found: Use fast-check: https://github.com/dubzzz/fast-check (High effort)","Warn: no JavaScriptPropertyBasedTesting integration found: Use fast-check: https://github.com/dubzzz/fast-check (High effort)"],"documentation":{"short":"Determines if the project uses fuzzing.","url":"https://github.com/ossf/scorecard/blob/49c0eed3a423f00c872b5c3c9f1bbca9e8aae799/docs/checks.md#fuzzing"}},{"name":"License","score":10,"reason":"license file detected","details":["Info: License file found in expected location: LICENSE:1","Info: FSF or OSI recognized license: LICENSE:1"],"documentation":{"short":"Determines if the project has defined a license.","url":"https://github.com/ossf/scorecard/blob/49c0eed3a423f00c872b5c3c9f1bbca9e8aae799/docs/checks.md#license"}},{"name":"Maintained","score":5,"reason":"6 commit(s) out of 30 and 0 issue activity out of 25 found in the last 90 days -- score normalized to 5","details":null,"documentation":{"short":"Determines if the project is \"actively maintained\".","url":"https://github.com/ossf/scorecard/blob/49c0eed3a423f00c872b5c3c9f1bbca9e8aae799/docs/checks.md#maintained"}},{"name":"Packaging","score":10,"reason":"publishing workflow detected","details":["Info: GitHub/GitLab publishing workflow used in run https://api.github.com/repos/go-dataspace/run-dsp/actions/runs/13199053470: .github/workflows/build-and-push-debug-image.yaml:34"],"documentation":{"short":"Determines if the project is published as a package that others can easily download, install, easily update, and uninstall.","url":"https://github.com/ossf/scorecard/blob/49c0eed3a423f00c872b5c3c9f1bbca9e8aae799/docs/checks.md#packaging"}},{"name":"Pinned-Dependencies","score":0,"reason":"dependency not pinned by hash detected -- score normalized to 0","details":["Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build-and-push-debug-image.yaml:45: update your workflow using https://app.stepsecurity.io/secureworkflow/go-dataspace/run-dsp/build-and-push-debug-image.yaml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/build-and-push-debug-image.yaml:48: update your workflow using https://app.stepsecurity.io/secureworkflow/go-dataspace/run-dsp/build-and-push-debug-image.yaml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/build-and-push-debug-image.yaml:56: update your workflow using https://app.stepsecurity.io/secureworkflow/go-dataspace/run-dsp/build-and-push-debug-image.yaml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/build-and-push-debug-image.yaml:68: update your workflow using https://app.stepsecurity.io/secureworkflow/go-dataspace/run-dsp/build-and-push-debug-image.yaml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build-and-push-debug-image.yaml:78: update your workflow using https://app.stepsecurity.io/secureworkflow/go-dataspace/run-dsp/build-and-push-debug-image.yaml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build-and-push-image.yaml:45: update your workflow using https://app.stepsecurity.io/secureworkflow/go-dataspace/run-dsp/build-and-push-image.yaml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/build-and-push-image.yaml:48: update your workflow using https://app.stepsecurity.io/secureworkflow/go-dataspace/run-dsp/build-and-push-image.yaml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/build-and-push-image.yaml:56: update your workflow using https://app.stepsecurity.io/secureworkflow/go-dataspace/run-dsp/build-and-push-image.yaml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/build-and-push-image.yaml:64: update your workflow using https://app.stepsecurity.io/secureworkflow/go-dataspace/run-dsp/build-and-push-image.yaml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build-and-push-image.yaml:73: update your workflow using https://app.stepsecurity.io/secureworkflow/go-dataspace/run-dsp/build-and-push-image.yaml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/codeql.yml:58: update your workflow using https://app.stepsecurity.io/secureworkflow/go-dataspace/run-dsp/codeql.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/codeql.yml:62: update your workflow using https://app.stepsecurity.io/secureworkflow/go-dataspace/run-dsp/codeql.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/codeql.yml:90: update your workflow using https://app.stepsecurity.io/secureworkflow/go-dataspace/run-dsp/codeql.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release.yaml:34: update your workflow using https://app.stepsecurity.io/secureworkflow/go-dataspace/run-dsp/release.yaml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release.yaml:38: update your workflow using https://app.stepsecurity.io/secureworkflow/go-dataspace/run-dsp/release.yaml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/release.yaml:44: update your workflow using https://app.stepsecurity.io/secureworkflow/go-dataspace/run-dsp/release.yaml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/scorecard.yml:71: update your workflow using https://app.stepsecurity.io/secureworkflow/go-dataspace/run-dsp/scorecard.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test-and-lint.yaml:29: update your workflow using https://app.stepsecurity.io/secureworkflow/go-dataspace/run-dsp/test-and-lint.yaml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test-and-lint.yaml:30: update your workflow using https://app.stepsecurity.io/secureworkflow/go-dataspace/run-dsp/test-and-lint.yaml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test-and-lint.yaml:44: update your workflow using https://app.stepsecurity.io/secureworkflow/go-dataspace/run-dsp/test-and-lint.yaml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test-and-lint.yaml:45: update your workflow using https://app.stepsecurity.io/secureworkflow/go-dataspace/run-dsp/test-and-lint.yaml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/test-and-lint.yaml:50: update your workflow using https://app.stepsecurity.io/secureworkflow/go-dataspace/run-dsp/test-and-lint.yaml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test-and-lint.yaml:61: update your workflow using https://app.stepsecurity.io/secureworkflow/go-dataspace/run-dsp/test-and-lint.yaml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test-and-lint.yaml:62: update your workflow using https://app.stepsecurity.io/secureworkflow/go-dataspace/run-dsp/test-and-lint.yaml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test-and-lint.yaml:82: update your workflow using https://app.stepsecurity.io/secureworkflow/go-dataspace/run-dsp/test-and-lint.yaml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test-and-lint.yaml:83: update your workflow using https://app.stepsecurity.io/secureworkflow/go-dataspace/run-dsp/test-and-lint.yaml/main?enable=pin","Warn: containerImage not pinned by hash: .devcontainer/Dockerfile:1: pin your Docker image by updating docker.io/library/golang:1.23.5 to docker.io/library/golang:1.23.5@sha256:e213430692e5c31aba27473cdc84cfff2896d0c097e984bef67b6a44c75a8181","Warn: containerImage not pinned by hash: Dockerfile:15","Warn: containerImage not pinned by hash: Dockerfile.debug:19","Warn: goCommand not pinned by hash: .devcontainer/Dockerfile:3-20","Warn: goCommand not pinned by hash: .devcontainer/Dockerfile:3-20","Warn: goCommand not pinned by hash: .devcontainer/Dockerfile:3-20","Warn: goCommand not pinned by hash: .devcontainer/Dockerfile:3-20","Warn: goCommand not pinned by hash: .devcontainer/Dockerfile:3-20","Warn: goCommand not pinned by hash: .devcontainer/Dockerfile:3-20","Warn: goCommand not pinned by hash: .devcontainer/Dockerfile:3-20","Warn: goCommand not pinned by hash: .devcontainer/Dockerfile:3-20","Warn: goCommand not pinned by hash: .devcontainer/Dockerfile:3-20","Warn: goCommand not pinned by hash: .devcontainer/Dockerfile:3-20","Warn: goCommand not pinned by hash: Dockerfile.debug:23","Warn: goCommand not pinned by hash: .github/workflows/test-and-lint.yaml:68","Info:   2 out of  20 GitHub-owned GitHubAction dependencies pinned","Info:   1 out of   9 third-party GitHubAction dependencies pinned","Info:   0 out of   3 containerImage dependencies pinned","Info:   0 out of  12 goCommand dependencies pinned"],"documentation":{"short":"Determines if the project has declared and pinned the dependencies of its build process.","url":"https://github.com/ossf/scorecard/blob/49c0eed3a423f00c872b5c3c9f1bbca9e8aae799/docs/checks.md#pinned-dependencies"}},{"name":"SAST","score":10,"reason":"SAST tool is run on all commits","details":["Info: all commits (30) are checked with a SAST tool","Info: SAST tool detected: CodeQL"],"documentation":{"short":"Determines if the project uses static code analysis.","url":"https://github.com/ossf/scorecard/blob/49c0eed3a423f00c872b5c3c9f1bbca9e8aae799/docs/checks.md#sast"}},{"name":"Security-Policy","score":0,"reason":"security policy file not detected","details":["Warn: no security policy file detected: On GitHub:\nEnable private vulnerability disclosure in your repository settings https://docs.github.com/en/code-security/security-advisories/repository-security-advisories/configuring-private-vulnerability-reporting-for-a-repository\nAdd a section in your SECURITY.md indicating you have enabled private reporting, and tell them to follow the steps in https://docs.github.com/en/code-security/security-advisories/guidance-on-reporting-and-writing/privately-reporting-a-security-vulnerability to report vulnerabilities.\nOn GitLab:\nAdd a section in your SECURITY.md indicating the process to disclose vulnerabilities for your project.\nExamples: https://github.com/ossf/scorecard/blob/main/SECURITY.md, https://github.com/slsa-framework/slsa-github-generator/blob/main/SECURITY.md, https://github.com/sigstore/.github/blob/main/SECURITY.md.\nFor additional information on vulnerability disclosure, see https://github.com/ossf/oss-vulnerability-guide/blob/main/maintainer-guide.md. (Medium effort)","Warn: no security file to analyze: On GitHub:\nEnable private vulnerability disclosure in your repository settings https://docs.github.com/en/code-security/security-advisories/repository-security-advisories/configuring-private-vulnerability-reporting-for-a-repository\nAdd a section in your SECURITY.md indicating you have enabled private reporting, and tell them to follow the steps in https://docs.github.com/en/code-security/security-advisories/guidance-on-reporting-and-writing/privately-reporting-a-security-vulnerability to report vulnerabilities.\nOn GitLab:\nProvide a point of contact in your SECURITY.md.\nExamples: https://github.com/ossf/scorecard/blob/main/SECURITY.md, https://github.com/slsa-framework/slsa-github-generator/blob/main/SECURITY.md, https://github.com/sigstore/.github/blob/main/SECURITY.md. (Low effort)","Warn: no security file to analyze: On GitHub:\nEnable private vulnerability disclosure in your repository settings https://docs.github.com/en/code-security/security-advisories/repository-security-advisories/configuring-private-vulnerability-reporting-for-a-repository\nAdd a section in your SECURITY.md indicating you have enabled private reporting, and tell them to follow the steps in https://docs.github.com/en/code-security/security-advisories/guidance-on-reporting-and-writing/privately-reporting-a-security-vulnerability to report vulnerabilities.\nOn GitLab:\nAdd a section in your SECURITY.md indicating the process to disclose vulnerabilities for your project.\nExamples: https://github.com/ossf/scorecard/blob/main/SECURITY.md, https://github.com/slsa-framework/slsa-github-generator/blob/main/SECURITY.md, https://github.com/sigstore/.github/blob/main/SECURITY.md. (Low effort)","Warn: no security file to analyze: On GitHub:\nEnable private vulnerability disclosure in your repository settings https://docs.github.com/en/code-security/security-advisories/repository-security-advisories/configuring-private-vulnerability-reporting-for-a-repository\nAdd a section in your SECURITY.md indicating you have enabled private reporting, and tell them to follow the steps in https://docs.github.com/en/code-security/security-advisories/guidance-on-reporting-and-writing/privately-reporting-a-security-vulnerability to report vulnerabilities.\nOn GitLab:\nAdd a section in your SECURITY.md indicating the process to disclose vulnerabilities for your project.\nExamples: https://github.com/ossf/scorecard/blob/main/SECURITY.md, https://github.com/slsa-framework/slsa-github-generator/blob/main/SECURITY.md, https://github.com/sigstore/.github/blob/main/SECURITY.md. (Low effort)"],"documentation":{"short":"Determines if the project has published a security policy.","url":"https://github.com/ossf/scorecard/blob/49c0eed3a423f00c872b5c3c9f1bbca9e8aae799/docs/checks.md#security-policy"}},{"name":"Signed-Releases","score":0,"reason":"0 out of 3 artifacts are signed or have provenance","details":["Warn: release artifact v0.0.4 does not have provenance: https://api.github.com/repos/go-dataspace/run-dsp/releases/196925855","Warn: release artifact v0.0.4 not signed: https://api.github.com/repos/go-dataspace/run-dsp/releases/196925855","Warn: release artifact v0.0.3 does not have provenance: https://api.github.com/repos/go-dataspace/run-dsp/releases/180210964","Warn: release artifact v0.0.3 not signed: https://api.github.com/repos/go-dataspace/run-dsp/releases/180210964","Warn: release artifact v0.0.2 does not have provenance: https://api.github.com/repos/go-dataspace/run-dsp/releases/179299854","Warn: release artifact v0.0.2 not signed: https://api.github.com/repos/go-dataspace/run-dsp/releases/179299854"],"documentation":{"short":"Determines if the project cryptographically signs release artifacts.","url":"https://github.com/ossf/scorecard/blob/49c0eed3a423f00c872b5c3c9f1bbca9e8aae799/docs/checks.md#signed-releases"}},{"name":"Token-Permissions","score":0,"reason":"detected GitHub workflow tokens with excessive permissions","details":["Warn: no topLevel permission defined: .github/workflows/build-and-push-debug-image.yaml:1: Visit https://app.stepsecurity.io/secureworkflow/go-dataspace/run-dsp/build-and-push-debug-image.yaml/main?enable=permissions\nTick the 'Restrict permissions for GITHUB_TOKEN'\nUntick other options\nNOTE: If you want to resolve multiple issues at once, you can visit https://app.stepsecurity.io/securerepo instead. (Low effort)","Info: jobLevel 'contents' permission set to 'read': .github/workflows/build-and-push-debug-image.yaml:38","Warn: no topLevel permission defined: .github/workflows/build-and-push-image.yaml:1: Visit https://app.stepsecurity.io/secureworkflow/go-dataspace/run-dsp/build-and-push-image.yaml/main?enable=permissions\nTick the 'Restrict permissions for GITHUB_TOKEN'\nUntick other options\nNOTE: If you want to resolve multiple issues at once, you can visit https://app.stepsecurity.io/securerepo instead. (Low effort)","Info: jobLevel 'contents' permission set to 'read': .github/workflows/build-and-push-image.yaml:38","Warn: no topLevel permission defined: .github/workflows/codeql.yml:1: Visit https://app.stepsecurity.io/secureworkflow/go-dataspace/run-dsp/codeql.yml/main?enable=permissions\nTick the 'Restrict permissions for GITHUB_TOKEN'\nUntick other options\nNOTE: If you want to resolve multiple issues at once, you can visit https://app.stepsecurity.io/securerepo instead. (Low effort)","Info: jobLevel 'packages' permission set to 'read': .github/workflows/codeql.yml:36","Info: jobLevel 'actions' permission set to 'read': .github/workflows/codeql.yml:39","Info: jobLevel 'contents' permission set to 'read': .github/workflows/codeql.yml:40","Warn: topLevel 'contents' permission set to 'write': .github/workflows/release.yaml:24: Visit https://app.stepsecurity.io/secureworkflow/go-dataspace/run-dsp/release.yaml/main?enable=permissions\nTick the 'Restrict permissions for GITHUB_TOKEN'\nUntick other options\nNOTE: If you want to resolve multiple issues at once, you can visit https://app.stepsecurity.io/securerepo instead. (Low effort)","Info: topLevel permissions set to 'read-all': .github/workflows/scorecard.yml:18","Warn: no topLevel permission defined: .github/workflows/test-and-lint.yaml:1: Visit https://app.stepsecurity.io/secureworkflow/go-dataspace/run-dsp/test-and-lint.yaml/main?enable=permissions\nTick the 'Restrict permissions for GITHUB_TOKEN'\nUntick other options\nNOTE: If you want to resolve multiple issues at once, you can visit https://app.stepsecurity.io/securerepo instead. (Low effort)","Info: no jobLevel write permissions found"],"documentation":{"short":"Determines if the project's workflows follow the principle of least privilege.","url":"https://github.com/ossf/scorecard/blob/49c0eed3a423f00c872b5c3c9f1bbca9e8aae799/docs/checks.md#token-permissions"}},{"name":"Vulnerabilities","score":9,"reason":"1 existing vulnerabilities detected","details":["Warn: Project is vulnerable to: GO-2025-3487"],"documentation":{"short":"Determines if the project has open, known unfixed vulnerabilities.","url":"https://github.com/ossf/scorecard/blob/49c0eed3a423f00c872b5c3c9f1bbca9e8aae799/docs/checks.md#vulnerabilities"}}]},"last_synced_at":"2025-09-01T14:26:38.661Z","repository_id":244827784,"created_at":"2025-09-01T14:26:38.661Z","updated_at":"2025-09-01T14:26:38.661Z"},"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":30441855,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-03-12T14:34:45.044Z","status":"ssl_error","status_checked_at":"2026-03-12T14:09:33.793Z","response_time":114,"last_error":"SSL_read: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["dataspace","dataspaces","go","golang"],"created_at":"2026-03-12T20:04:27.165Z","updated_at":"2026-03-12T20:04:27.617Z","avatar_url":"https://github.com/go-dataspace.png","language":"Go","funding_links":[],"categories":[],"sub_categories":[],"readme":"\u003cp align=\"center\"\u003e\n    \u003cimg src=\"./RUN-DSP.jpg\" width=\"256\" height=\"256\"\u003e\n\u003c/p\u003e\n\n\u003cp align=\"center\"\u003e\n    \u003cimg alt=\"Test and build status\" src=\"https://ci.ponc.tech/api/badges/1/status.svg\"\u003e\n    \u003cimg alt=\"Latest Release\" src=\"https://codeberg.org/go-dataspace/run-dsp/badges/release.svg?sort=semver\"\u003e\n    \u003cimg alt=\"Go Report Card\" src=\"https://goreportcard.com/badge/codeberg.org/go-dataspace/run-dsp\"\u003e\n    \u003cimg alt=\"Project status\" src=\"https://badgen.net/badge/Warning/Pre-Alpha/red\"\u003e\n    \u003ca href=\"https://codeberg.org/go-dataspace/run-dsp\"\u003e\n        \u003cimg alt=\"Canonical Repository\" src=\"https://badgen.net/badge/Canonical%20Repository/Codeberg/purple\"\u003e\n    \u003c/a\u003e\n\u003c/p\u003e\n\n# RUN-DSP\n\n\u003e [!IMPORTANT]\n\u003e The canonical repository for RUN-DSP is now on [codeberg](https://codeberg.org/go-dataspace/run-dsp).\n\u003e Please submit issues and pull requests there.\n\n\u003e [!IMPORTANT]\n\u003e RUN-DSP and the gRPC bindings are considered in \"pre-alpha\" state, this means that things can\n\u003e change heavily in between versions. We will document these changes in the release notes.\n\nRUN-DSP is a lightweight, high-performant, and easy to manage connector for the\n[IDSA Dataspace protocol](https://docs.internationaldataspaces.org/ids-knowledgebase/dataspace-protocol)\nimplemented in the [Go programming language](https://go.dev/). What distinguishes RUN-DSP from other\ndataspace connectors is that RUN-DSP tried to stay simple to maintain and manage, while allowing\nnon-dataspace-aware applications to interface with a dataspace by means of [gRPC](https://grpc.io/).\n\n\n## Overview\n\n![](./docs/architecture/overview.png)\n\nRUN-DSP listens for dataspace requests, and queries a provider backend for the relevant\ninformation via gRPC calls. This information can be catalog listings, information about\na single dataset, and information on how to download the dataset. In dataspace parlance, this would\nmean RUN-DSP fulfils the provider role.\n\nRUN-DSP can also listen on a port for gRPC control commands, that another application can use\nto request dataspace operations to be executed by gRPC. The consumer role in dataspace terms.\nThis functionality still requires that the dataspace port is reachable publicly.\n\nAs per the dataspace specification, it is possible for RUN-DSP to fulfil the consumer, and provider\nside from a single installation if properly configured.\n\n## Getting started\n\n### Demo\n\nYou can find how to setup a simple demo dataspace in the  [dev-dataspace](./docs/development/dev-dataspace/README.md)\ndirectory.\n\n### Development\n\n#### Local\n\nTo start developing on RUN-DSP itself, you can set up a basic setup like this:\n\nFirst start up the \"dataspace\" with `docker-compose`:\n\n```sh\n$ docker-compose up\n```\n\nThen start RUN-DSP connecting to the reference provider:\n\n```sh\n$ go run ./cmd/ -c ./conf/localdev.toml server\n```\n\nYou can now start hacking and testing RUN-DSP.\n\n#### In the demo dataspace\n\nThe [dev-dataspace](./docs/development/dev-dataspace/README.md) demo setup can also be used to test\nand debug RUN-DSP.\n\n### Integration\n\n#### Offering data to a dataspace\n\nTo start integrating your own application, and/or data into a dataspace using RUN-DSP, you will have\nto offer the [RUN-DSP provider service gRPC calls](https://go-dataspace.eu/run-dsrpc). This can either be\nintegrated into your already existing software, or you can build a translation service that\ntranslates the gRPC calls into calls that your application already accepts.\n\nOnce your provider service supports all the endpoints, all you need to do is set the right\nconfiguration, all provider configuration settings are documented in the `[server.provider]` section\nof the [reference configuration file](./conf/reference.toml).\n\nWe offer a [reference provider](https://go-dataspace.eu/reference-provider) that can be used\nas an example of how to implement the provider service.\n\n\n#### Interacting with dataspace participants.\n\nRUN-DSP offers gRPC calls to allow an application to easily interact with other dataspace\nparticipants. The [dspace-cli](https://codeberg.org/go-dataspace/dspace-cli) tool\nuses these to implement a dataspace client. The control service can be configured using the\n`[server.control]` section of the configuration file.\n\n## Contributing\n\nWe welcome code contributions, but as RUN-DSP is being rapidly developed, it might be wise to\nopen an issue first to discuss any proposed issues.\n\n\u003c!--\nSections to add once we have policies for it:\n\n- Security\n- Code guidelines\n- Community\n- Flesh out contributing more.\n--\u003e\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fgo-dataspace%2Frun-dsp","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fgo-dataspace%2Frun-dsp","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fgo-dataspace%2Frun-dsp/lists"}