{"id":13639663,"url":"https://github.com/google/trillian-examples","last_synced_at":"2026-01-14T22:22:44.295Z","repository":{"id":37790247,"uuid":"119151672","full_name":"google/trillian-examples","owner":"google","description":"A place to store some examples which use Trillian APIs to build things.","archived":false,"fork":false,"pushed_at":"2026-01-01T04:08:50.000Z","size":16045,"stargazers_count":175,"open_issues_count":9,"forks_count":66,"subscribers_count":14,"default_branch":"master","last_synced_at":"2026-01-12T18:33:38.032Z","etag":null,"topics":["examples","transparency","trillian"],"latest_commit_sha":null,"homepage":"","language":"Go","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/google.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":"CONTRIBUTING.md","funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":"CODEOWNERS","security":null,"support":null,"governance":null,"roadmap":null,"authors":"AUTHORS","dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":null,"dco":null,"cla":null}},"created_at":"2018-01-27T09:43:35.000Z","updated_at":"2026-01-11T18:48:03.000Z","dependencies_parsed_at":"2024-04-09T10:30:51.590Z","dependency_job_id":"056a7b10-3647-407d-b5f9-cebd0e60b6e6","html_url":"https://github.com/google/trillian-examples","commit_stats":{"total_commits":1182,"total_committers":40,"mean_commits":29.55,"dds":0.6725888324873097,"last_synced_commit":"5b3d39bb6280b76feee4a4d6f56c3a98a150aaa9"},"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"purl":"pkg:github/google/trillian-examples","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/google%2Ftrillian-examples","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/google%2Ftrillian-examples/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/google%2Ftrillian-examples/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/google%2Ftrillian-examples/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/google","download_url":"https://codeload.github.com/google/trillian-examples/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/google%2Ftrillian-examples/sbom","scorecard":{"id":108824,"data":{"date":"2025-08-14T11:01:06Z","repo":{"name":"github.com/google/trillian-examples","commit":"6e1f762c521189296158934d33f4493d6ca03080"},"scorecard":{"version":"v5.2.1","commit":"ab2f6e92482462fe66246d9e32f642855a691dc1"},"score":9,"checks":[{"name":"Dependency-Update-Tool","score":10,"reason":"update tool detected","details":["Info: detected update tool: Dependabot: .github/dependabot.yml:1"],"documentation":{"short":"Determines if the project uses a dependency update tool.","url":"https://github.com/ossf/scorecard/blob/ab2f6e92482462fe66246d9e32f642855a691dc1/docs/checks.md#dependency-update-tool"}},{"name":"Packaging","score":-1,"reason":"packaging workflow not detected","details":["Warn: no GitHub/GitLab publishing workflow detected."],"documentation":{"short":"Determines if the project is published as a package that others can easily download, install, easily update, and uninstall.","url":"https://github.com/ossf/scorecard/blob/ab2f6e92482462fe66246d9e32f642855a691dc1/docs/checks.md#packaging"}},{"name":"Token-Permissions","score":10,"reason":"GitHub workflow tokens follow principle of least privilege","details":["Info: jobLevel 'actions' permission set to 'read': .github/workflows/codeql-analysis.yml:29","Info: jobLevel 'contents' permission set to 'read': .github/workflows/codeql-analysis.yml:30","Info: topLevel 'contents' permission set to 'read': .github/workflows/codeql-analysis.yml:24","Info: topLevel 'contents' permission set to 'read': .github/workflows/link_checker.yaml:6","Info: topLevel permissions set to 'read-all': .github/workflows/scorecard.yml:18","Info: no jobLevel write permissions found"],"documentation":{"short":"Determines if the project's workflows follow the principle of least privilege.","url":"https://github.com/ossf/scorecard/blob/ab2f6e92482462fe66246d9e32f642855a691dc1/docs/checks.md#token-permissions"}},{"name":"Binary-Artifacts","score":10,"reason":"no binaries found in the repo","details":null,"documentation":{"short":"Determines if the project has generated executable (binary) artifacts in the source repository.","url":"https://github.com/ossf/scorecard/blob/ab2f6e92482462fe66246d9e32f642855a691dc1/docs/checks.md#binary-artifacts"}},{"name":"Dangerous-Workflow","score":10,"reason":"no dangerous workflow patterns detected","details":null,"documentation":{"short":"Determines if the project's GitHub Action workflows avoid dangerous patterns.","url":"https://github.com/ossf/scorecard/blob/ab2f6e92482462fe66246d9e32f642855a691dc1/docs/checks.md#dangerous-workflow"}},{"name":"Code-Review","score":10,"reason":"all changesets reviewed","details":null,"documentation":{"short":"Determines if the project requires human code review before pull requests (aka merge requests) are merged.","url":"https://github.com/ossf/scorecard/blob/ab2f6e92482462fe66246d9e32f642855a691dc1/docs/checks.md#code-review"}},{"name":"Maintained","score":10,"reason":"17 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 10","details":null,"documentation":{"short":"Determines if the project is \"actively maintained\".","url":"https://github.com/ossf/scorecard/blob/ab2f6e92482462fe66246d9e32f642855a691dc1/docs/checks.md#maintained"}},{"name":"Pinned-Dependencies","score":9,"reason":"dependency not pinned by hash detected -- score normalized to 9","details":["Warn: downloadThenRun not pinned by hash: integration/Dockerfile:13","Info:   8 out of   8 GitHub-owned GitHubAction dependencies pinned","Info:   2 out of   2 third-party GitHubAction dependencies pinned","Info:   0 out of   1 downloadThenRun dependencies pinned","Info:  13 out of  13 containerImage dependencies pinned"],"documentation":{"short":"Determines if the project has declared and pinned the dependencies of its build process.","url":"https://github.com/ossf/scorecard/blob/ab2f6e92482462fe66246d9e32f642855a691dc1/docs/checks.md#pinned-dependencies"}},{"name":"CII-Best-Practices","score":0,"reason":"no effort to earn an OpenSSF best practices badge detected","details":null,"documentation":{"short":"Determines if the project has an OpenSSF (formerly CII) Best Practices Badge.","url":"https://github.com/ossf/scorecard/blob/ab2f6e92482462fe66246d9e32f642855a691dc1/docs/checks.md#cii-best-practices"}},{"name":"SAST","score":10,"reason":"SAST tool is run on all commits","details":["Info: SAST configuration detected: CodeQL","Info: all commits (30) are checked with a SAST tool"],"documentation":{"short":"Determines if the project uses static code analysis.","url":"https://github.com/ossf/scorecard/blob/ab2f6e92482462fe66246d9e32f642855a691dc1/docs/checks.md#sast"}},{"name":"Fuzzing","score":0,"reason":"project is not fuzzed","details":["Warn: no fuzzer integrations found"],"documentation":{"short":"Determines if the project uses fuzzing.","url":"https://github.com/ossf/scorecard/blob/ab2f6e92482462fe66246d9e32f642855a691dc1/docs/checks.md#fuzzing"}},{"name":"License","score":10,"reason":"license file detected","details":["Info: project has a license file: LICENSE:0","Info: FSF or OSI recognized license: Apache License 2.0: LICENSE:0"],"documentation":{"short":"Determines if the project has defined a license.","url":"https://github.com/ossf/scorecard/blob/ab2f6e92482462fe66246d9e32f642855a691dc1/docs/checks.md#license"}},{"name":"Branch-Protection","score":-1,"reason":"internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration","details":null,"documentation":{"short":"Determines if the default and release branches are protected with GitHub's branch protection settings.","url":"https://github.com/ossf/scorecard/blob/ab2f6e92482462fe66246d9e32f642855a691dc1/docs/checks.md#branch-protection"}},{"name":"Signed-Releases","score":-1,"reason":"no releases found","details":null,"documentation":{"short":"Determines if the project cryptographically signs release artifacts.","url":"https://github.com/ossf/scorecard/blob/ab2f6e92482462fe66246d9e32f642855a691dc1/docs/checks.md#signed-releases"}},{"name":"Security-Policy","score":10,"reason":"security policy file detected","details":["Info: security policy file detected: github.com/google/.github/SECURITY.md:1","Info: Found linked content: github.com/google/.github/SECURITY.md:1","Info: Found disclosure, vulnerability, and/or timelines in security policy: github.com/google/.github/SECURITY.md:1","Info: Found text in security policy: github.com/google/.github/SECURITY.md:1"],"documentation":{"short":"Determines if the project has published a security policy.","url":"https://github.com/ossf/scorecard/blob/ab2f6e92482462fe66246d9e32f642855a691dc1/docs/checks.md#security-policy"}},{"name":"Vulnerabilities","score":9,"reason":"1 existing vulnerabilities detected","details":["Warn: Project is vulnerable to: GO-2025-3829"],"documentation":{"short":"Determines if the project has open, known unfixed vulnerabilities.","url":"https://github.com/ossf/scorecard/blob/ab2f6e92482462fe66246d9e32f642855a691dc1/docs/checks.md#vulnerabilities"}},{"name":"CI-Tests","score":10,"reason":"30 out of 30 merged PRs checked by a CI test -- score normalized to 10","details":null,"documentation":{"short":"Determines if the project runs tests before pull requests are merged.","url":"https://github.com/ossf/scorecard/blob/ab2f6e92482462fe66246d9e32f642855a691dc1/docs/checks.md#ci-tests"}},{"name":"Contributors","score":10,"reason":"project has 9 contributing companies or organizations","details":["Info: found contributions from: CTSRD-SOAAP, FreeUKGen, HACS-workshop, arm, c-ares, freebsd, google, google uk, googlers"],"documentation":{"short":"Determines if the project has a set of contributors from multiple organizations (e.g., companies).","url":"https://github.com/ossf/scorecard/blob/ab2f6e92482462fe66246d9e32f642855a691dc1/docs/checks.md#contributors"}}]},"last_synced_at":"2025-08-15T11:38:33.619Z","repository_id":37790247,"created_at":"2025-08-15T11:38:33.619Z","updated_at":"2025-08-15T11:38:33.619Z"},"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":28386143,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-01-13T12:01:30.995Z","status":"ssl_error","status_checked_at":"2026-01-13T12:00:09.625Z","response_time":56,"last_error":"SSL_read: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["examples","transparency","trillian"],"created_at":"2024-08-02T01:01:03.091Z","updated_at":"2026-01-14T22:22:44.278Z","avatar_url":"https://github.com/google.png","language":"Go","funding_links":[],"categories":["Go"],"sub_categories":[],"readme":"# Trillian examples\n\n[![OpenSSF Scorecard](https://api.securityscorecards.dev/projects/github.com/google/trillian-examples/badge)](https://securityscorecards.dev/viewer/?uri=github.com/google/trillian-examples)\n[![GoDoc](https://godoc.org/github.com/google/trillian-examples?status.svg)](https://godoc.org/github.com/google/trillian-examples)\n[![Slack Status](https://img.shields.io/badge/Slack-Chat-blue.svg)](https://transparency-dev.slack.com/)\n\n\nThis repository contains example applications built on top of\n[Trillian][], showing that it's possible to apply\ntransparency concepts to problems other than\n[certificates](https://github.com/google/certificate-transparency-go).  It also\ncontains general-purpose components that can be used to strengthen the\nguarantees of a transparent ecosystem that already contains verifiable logs.\n\nCurrently the examples here are:\n\n* [binary_transparency/firmware](binary_transparency/firmware): A demo\n   showing how to apply transparency bring discoverability to device firmware\n   updates, but the principles are also more generally applicable to all kinds\n   of binaries/updates.\n* [helloworld](helloworld): A simple example demonstrating the correct\n   configuration of a Trillian log, personality, and client.\n* [sumdbverify](clone/cmd/sumdbverify): Demonstration of an auditor for the\n   [Go SumDB](https://go.googlesource.com/proposal/+/master/design/25530-sumdb.md)\n   module proxy, which clones a log and verifies the data in it.\n\nThe general-purpose components are:\n\n* [serverless](serverless): A suite of command-line tools for managing\n   transparency logs whose state is entirely composed of on-disk files, along\n   with examples of how to use GitHub/GitHub Actions to host \u0026 publicly serve\n   the log.\n\nNotable projects that have graduated from this repository to their own top-level repositories:\n\n* [witness](https://github.com/transparency-dev/witness)\n* [distributor](https://github.com/transparency-dev/distributor)\n\nThere are two experimental deployments of the witness that have been deleted but\nare signposted here for archival reasons. Both of these tools can be retrieved\nby cloning this repository at git commit `793dcf1`:\n\n* [usbarmory witness](https://github.com/google/trillian-examples/tree/793dcf1a313b1478e30f7a7e65bdf344b10f1da4/witness/golang/omniwitness/usbarmory)\n* [ethereum witness](https://github.com/google/trillian-examples/tree/793dcf1a313b1478e30f7a7e65bdf344b10f1da4/witness/ethereum)\n\nThese examples and components are not supported per-se, but the Trillian team \nwill likely try to help where possible.  You can contact them via the channels \nlisted under *Support* on the [Trillian][] repo.\n\n[Trillian]: https://github.com/google/trillian\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fgoogle%2Ftrillian-examples","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fgoogle%2Ftrillian-examples","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fgoogle%2Ftrillian-examples/lists"}