{"id":37179758,"url":"https://github.com/hellofresh/kandalf","last_synced_at":"2026-01-14T20:54:53.035Z","repository":{"id":13179787,"uuid":"60099647","full_name":"hellofresh/kandalf","owner":"hellofresh","description":"RabbitMQ to Kafka bridge","archived":true,"fork":false,"pushed_at":"2022-04-26T15:42:39.000Z","size":319,"stargazers_count":67,"open_issues_count":0,"forks_count":16,"subscribers_count":225,"default_branch":"master","last_synced_at":"2025-12-01T06:49:50.866Z","etag":null,"topics":["kafka","open-source","rabbitmq","wiz-platform-engineering-experience"],"latest_commit_sha":null,"homepage":"https://www.hellofresh.com","language":"Go","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/hellofresh.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":"CONTRIBUTING.md","funding":null,"license":"LICENSE","code_of_conduct":"CODE_OF_CONDUCT.md","threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null}},"created_at":"2016-05-31T15:05:48.000Z","updated_at":"2025-10-24T08:02:36.000Z","dependencies_parsed_at":"2022-08-07T07:01:06.445Z","dependency_job_id":null,"html_url":"https://github.com/hellofresh/kandalf","commit_stats":null,"previous_names":[],"tags_count":79,"template":false,"template_full_name":null,"purl":"pkg:github/hellofresh/kandalf","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hellofresh%2Fkandalf","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hellofresh%2Fkandalf/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hellofresh%2Fkandalf/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hellofresh%2Fkandalf/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/hellofresh","download_url":"https://codeload.github.com/hellofresh/kandalf/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hellofresh%2Fkandalf/sbom","scorecard":{"id":460355,"data":{"date":"2025-08-11","repo":{"name":"github.com/hellofresh/kandalf","commit":"5ed8acd7122119b51104bb5c00350e9352e8e2b5"},"scorecard":{"version":"v5.2.1-40-gf6ed084d","commit":"f6ed084d17c9236477efd66e5b258b9d4cc7b389"},"score":2.6,"checks":[{"name":"Code-Review","score":4,"reason":"Found 7/16 approved changesets -- score normalized to 4","details":null,"documentation":{"short":"Determines if the project requires human code review before pull requests (aka merge requests) are merged.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#code-review"}},{"name":"Dangerous-Workflow","score":10,"reason":"no dangerous workflow patterns detected","details":null,"documentation":{"short":"Determines if the project's GitHub Action workflows avoid dangerous patterns.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#dangerous-workflow"}},{"name":"Maintained","score":0,"reason":"project is archived","details":["Warn: Repository is archived."],"documentation":{"short":"Determines if the project is \"actively maintained\".","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#maintained"}},{"name":"Token-Permissions","score":0,"reason":"detected GitHub workflow tokens with excessive permissions","details":["Warn: no topLevel permission defined: .github/workflows/release.yml:1","Warn: no topLevel permission defined: .github/workflows/testing.yml:1","Info: no jobLevel write permissions found"],"documentation":{"short":"Determines if the project's workflows follow the principle of least privilege.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#token-permissions"}},{"name":"Binary-Artifacts","score":10,"reason":"no binaries found in the repo","details":null,"documentation":{"short":"Determines if the project has generated executable (binary) artifacts in the source repository.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#binary-artifacts"}},{"name":"CII-Best-Practices","score":0,"reason":"no effort to earn an OpenSSF best practices badge detected","details":null,"documentation":{"short":"Determines if the project has an OpenSSF (formerly CII) Best Practices Badge.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#cii-best-practices"}},{"name":"Security-Policy","score":0,"reason":"security policy file not detected","details":["Warn: no security policy file detected","Warn: no security file to analyze","Warn: no security file to analyze","Warn: no security file to analyze"],"documentation":{"short":"Determines if the project has published a security policy.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#security-policy"}},{"name":"Fuzzing","score":0,"reason":"project is not fuzzed","details":["Warn: no fuzzer integrations found"],"documentation":{"short":"Determines if the project uses fuzzing.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#fuzzing"}},{"name":"License","score":10,"reason":"license file detected","details":["Info: project has a license file: LICENSE:0","Info: FSF or OSI recognized license: MIT License: LICENSE:0"],"documentation":{"short":"Determines if the project has defined a license.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#license"}},{"name":"Pinned-Dependencies","score":0,"reason":"dependency not pinned by hash detected -- score normalized to 0","details":["Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release.yml:16: update your workflow using https://app.stepsecurity.io/secureworkflow/hellofresh/kandalf/release.yml/master?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/release.yml:27: update your workflow using https://app.stepsecurity.io/secureworkflow/hellofresh/kandalf/release.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/testing.yml:18: update your workflow using https://app.stepsecurity.io/secureworkflow/hellofresh/kandalf/testing.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/testing.yml:21: update your workflow using https://app.stepsecurity.io/secureworkflow/hellofresh/kandalf/testing.yml/master?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/testing.yml:26: update your workflow using https://app.stepsecurity.io/secureworkflow/hellofresh/kandalf/testing.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/testing.yml:36: update your workflow using https://app.stepsecurity.io/secureworkflow/hellofresh/kandalf/testing.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/testing.yml:41: update your workflow using https://app.stepsecurity.io/secureworkflow/hellofresh/kandalf/testing.yml/master?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/testing.yml:48: update your workflow using https://app.stepsecurity.io/secureworkflow/hellofresh/kandalf/testing.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/testing.yml:62: update your workflow using https://app.stepsecurity.io/secureworkflow/hellofresh/kandalf/testing.yml/master?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/testing.yml:65: update your workflow using https://app.stepsecurity.io/secureworkflow/hellofresh/kandalf/testing.yml/master?enable=pin","Warn: containerImage not pinned by hash: Dockerfile:1: pin your Docker image by updating ubuntu:20.04 to ubuntu:20.04@sha256:8feb4d8ca5354def3d8fce243717141ce31e2c428701f6682bd2fafe15388214","Info:   0 out of   6 GitHub-owned GitHubAction dependencies pinned","Info:   0 out of   4 third-party GitHubAction dependencies pinned","Info:   0 out of   1 containerImage dependencies pinned"],"documentation":{"short":"Determines if the project has declared and pinned the dependencies of its build process.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#pinned-dependencies"}},{"name":"Branch-Protection","score":0,"reason":"branch protection not enabled on development/release branches","details":["Warn: branch protection not enabled for branch 'master'"],"documentation":{"short":"Determines if the default and release branches are protected with GitHub's branch protection settings.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#branch-protection"}},{"name":"Packaging","score":-1,"reason":"packaging workflow not detected","details":["Warn: no GitHub/GitLab publishing workflow detected."],"documentation":{"short":"Determines if the project is published as a package that others can easily download, install, easily update, and uninstall.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#packaging"}},{"name":"Signed-Releases","score":0,"reason":"Project has not signed or included provenance with any releases.","details":["Warn: release artifact 0.8.0 not signed: https://api.github.com/repos/hellofresh/kandalf/releases/65369777","Warn: release artifact 0.7.1 not signed: https://api.github.com/repos/hellofresh/kandalf/releases/37295482","Warn: release artifact 0.7.0 not signed: https://api.github.com/repos/hellofresh/kandalf/releases/29690709","Warn: release artifact 0.6.6-rc.8 not signed: https://api.github.com/repos/hellofresh/kandalf/releases/29688916","Warn: release artifact 0.6.6-rc.7 not signed: https://api.github.com/repos/hellofresh/kandalf/releases/29614001","Warn: release artifact 0.8.0 does not have provenance: https://api.github.com/repos/hellofresh/kandalf/releases/65369777","Warn: release artifact 0.7.1 does not have provenance: https://api.github.com/repos/hellofresh/kandalf/releases/37295482","Warn: release artifact 0.7.0 does not have provenance: https://api.github.com/repos/hellofresh/kandalf/releases/29690709","Warn: release artifact 0.6.6-rc.8 does not have provenance: https://api.github.com/repos/hellofresh/kandalf/releases/29688916","Warn: release artifact 0.6.6-rc.7 does not have provenance: https://api.github.com/repos/hellofresh/kandalf/releases/29614001"],"documentation":{"short":"Determines if the project cryptographically signs release artifacts.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#signed-releases"}},{"name":"SAST","score":0,"reason":"SAST tool is not run on all commits -- score normalized to 0","details":["Warn: 0 commits out of 30 are checked with a SAST tool"],"documentation":{"short":"Determines if the project uses static code analysis.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#sast"}},{"name":"Vulnerabilities","score":0,"reason":"21 existing vulnerabilities detected","details":["Warn: Project is vulnerable to: GO-2022-0968 / GHSA-gwc9-m7rh-j2ww","Warn: Project is vulnerable to: GO-2021-0356 / GHSA-8c26-wmh5-6g9v","Warn: Project is vulnerable to: GO-2024-2961","Warn: Project is vulnerable to: GO-2023-2402 / GHSA-45x7-px36-x8w8","Warn: Project is vulnerable to: GO-2024-3321 / GHSA-v778-237x-gjrc","Warn: Project is vulnerable to: GO-2025-3487 / GHSA-hcg3-q754-cr77","Warn: Project is vulnerable to: GO-2022-0288","Warn: Project is vulnerable to: GO-2022-0969 / GHSA-69cg-p879-7622","Warn: Project is vulnerable to: GO-2022-1144 / GHSA-xrjj-mj9h-534m","Warn: Project is vulnerable to: GO-2023-1571 / GHSA-vvpx-j8f3-3w6h","Warn: Project is vulnerable to: GO-2023-1988 / GHSA-2wrh-6pvc-2jm9","Warn: Project is vulnerable to: GO-2023-2102 / GHSA-4374-p667-p6c8","Warn: Project is vulnerable to: GHSA-qppj-fm5r-hxr3","Warn: Project is vulnerable to: GO-2024-2687 / GHSA-4v7x-pqxf-cx7m","Warn: Project is vulnerable to: GO-2024-3333","Warn: Project is vulnerable to: GO-2025-3503 / GHSA-qxp5-gwg8-xv66","Warn: Project is vulnerable to: GO-2025-3595 / GHSA-vvgc-356p-c3xw","Warn: Project is vulnerable to: GO-2022-0493 / GHSA-p782-xgp4-8hr8","Warn: Project is vulnerable to: GO-2022-1059 / GHSA-69ch-w2m2-3vjp","Warn: Project is vulnerable to: GO-2024-2611 / GHSA-8r3f-844c-mc37","Warn: Project is vulnerable to: GO-2022-0603 / GHSA-hp87-p4gw-j4gq"],"documentation":{"short":"Determines if the project has open, known unfixed vulnerabilities.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#vulnerabilities"}}]},"last_synced_at":"2025-08-19T10:57:56.524Z","repository_id":13179787,"created_at":"2025-08-19T10:57:56.525Z","updated_at":"2025-08-19T10:57:56.525Z"},"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":28434500,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-01-14T18:57:19.464Z","status":"ssl_error","status_checked_at":"2026-01-14T18:52:48.501Z","response_time":107,"last_error":"SSL_connect returned=1 errno=0 peeraddr=140.82.121.6:443 state=error: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["kafka","open-source","rabbitmq","wiz-platform-engineering-experience"],"created_at":"2026-01-14T20:54:52.237Z","updated_at":"2026-01-14T20:54:53.030Z","avatar_url":"https://github.com/hellofresh.png","language":"Go","readme":"\u003cp align=\"center\"\u003e\n  \u003ca href=\"https://hellofresh.com\"\u003e\n    \u003cimg width=\"120\" src=\"https://www.hellofresh.de/images/hellofresh/press/HelloFresh_Logo.png\"\u003e\n  \u003c/a\u003e\n\u003c/p\u003e\n\n# Kandalf\n\n[![Build Status](https://github.com/hellofresh/kandalf/workflows/Release/badge.svg)](https://github.com/hellofresh/kandalf/actions?query=workflow%3ARelease)\n[![codecov](https://codecov.io/gh/hellofresh/kandalf/branch/master/graph/badge.svg)](https://codecov.io/gh/hellofresh/kandalf)\n[![GoDoc](https://godoc.org/github.com/hellofresh/kandalf?status.svg)](https://godoc.org/github.com/hellofresh/kandalf)\n[![Go Report Card](https://goreportcard.com/badge/github.com/hellofresh/kandalf)](https://goreportcard.com/report/github.com/hellofresh/kandalf)\n\n## Note\n\nAs of version 0.7 docker images migrated to [Docker Hub](#how-to-run-service-in-a-docker-environment)\n\n---\n\n\u003e RabbitMQ to Kafka bridge\n\nThe main idea is to read messages from provided exchanges in [RabbitMQ](https://www.rabbitmq.com/) and send them to [Kafka](http://kafka.apache.org/).\n\nApplication uses intermediate permanent storage for keeping read messages in case of Kafka unavailability.\n\nService is written in Go language and can be build with go compiler of version 1.14 and above.\n\n## Configuring\n\n### Application configuration\n\nApplication is configured with environment variables or config files of different formats - JSON, TOML, YAML, HCL, and Java properties.\n\nBy default it tries to read config file from `/etc/kandalf/conf/config.\u003cext\u003e` and `./config.\u003cext\u003e`. You can change the path using `-c \u003cfile_path\u003e` or `--config \u003cfile_path\u003e` application parameters. If file is not found config loader does fallback to reading config values from environment variables.\n\n#### Environment variables\n\n* `RABBIT_DSN` - RabbiMQ server DSN\n* `STORAGE_DSN` - Permanent storage DSN, where Scheme is storage type. The following storage types are currently supported:\n  * [Redis](https://redis.io/) - requires, `key` as DSN query parameter as redis storage key, e.g. `redis://localhost:6379/?key=kandalf`\n* `LOG_*` - Logging settings, see [hellofresh/logging-go](https://github.com/hellofresh/logging-go#configuration) for details\n* `KAFKA_BROKERS` - Kafka brokers comma-separated list, e.g. `192.168.0.1:9092,192.168.0.2:9092`\n* `KAFKA_MAX_RETRY` - Total number of times to retry sending a message to Kafka (_default_: `5`)\n* `KAFKA_PIPES_CONFIG` - Path to RabbitMQ-Kafka bridge mappings config, see details below (_default_: `/etc/kandalf/conf/pipes.yml`)\n* `STATS_DSN` - Stats host, see [hellofresh/stats-go](https://github.com/hellofresh/stats-go#usage) for usage details.\n* `STATS_PREFIX` - Stats prefix, see [hellofresh/stats-go](https://github.com/hellofresh/stats-go#usage) for usage details.\n* `STATS_PORT` - Stats port, used only for `prometheus` metrics, metrics are exposed on `localhost:\u003cport\u003e/metrics` (_default_: `8080`).\n* `WORKER_CYCLE_TIMEOUT` - Main application bridge worker cycle timeout to avoid CPU overload, must be valid [duration string](https://golang.org/pkg/time/#ParseDuration) (_default_: `2s`)\n* `WORKER_CACHE_SIZE` - Max messages number that we store in memory before trying to publish to Kafka (_default_: `10`)\n* `WORKER_CACHE_FLUSH_TIMEOUT` - Max amount of time we store messages in memory before trying to publish to Kafka, must be valid [duration string](https://golang.org/pkg/time/#ParseDuration) (_default_: `5s`)\n* `WORKER_STORAGE_READ_TIMEOUT` - Timeout between attempts of reading persisted messages from storage, to publish them to Kafka, must be at least 2x greater than `WORKER_CYCLE_TIMEOUT`, must be valid [duration string](https://golang.org/pkg/time/#ParseDuration) (_default_: `10s`)\n* `WORKER_STORAGE_MAX_ERRORS` - Max storage read errors in a row before worker stops trying reading in current read cycle. Next read cycle will be in `WORKER_STORAGE_READ_TIMEOUT` interval. (_default_: `10`)\n\n#### Config file (YAML example)\n\nConfig should have the following structure:\n\n```yaml\nlogLevel: \"info\"                                    # same as env LOG_LEVEL\nrabbitDSN: \"amqp://user:password@rmq\"               # same as env RABBIT_DSN\nstorageDSN: \"redis://redis.local/?key=storage:key\"  # same as env STORAGE_DSN\nkafka:\n  brokers:                                          # same as env KAFKA_BROKERS\n    - \"192.0.0.1:9092\"\n    - \"192.0.0.2:9092\"\n  maxRetry: 5                                       # same as env KAFKA_MAX_RETRY\n  pipesConfig: \"/etc/kandalf/conf/pipes.yml\"        # same as env KAFKA_PIPES_CONFIG\nstats:\n  dsn: \"statsd.local:8125\"                          # same as env STATS_DSN\n  prefix: \"kandalf\"                                 # same as env STATS_PREFIX\nworker:\n  cycleTimeout: \"2s\"                                # same as env WORKER_CYCLE_TIMEOUT\n  cacheSize: 10                                     # same as env WORKER_CACHE_SIZE\n  cacheFlushTimeout: \"5s\"                           # same as env WORKER_CACHE_FLUSH_TIMEOUT\n  storageReadTimeout: \"10s\"                         # same as env WORKER_STORAGE_READ_TIMEOUT\n  storageMaxErrors: 10                              # same as env WORKER_STORAGE_MAX_ERRORS\n```\n\nYou can find sample config file in [assets/config.yml](./assets/config.yml).\n\n### Pipes configuration\n\nThe rules, defining which messages should be send to which Kafka topics, are defined in Kafka Pipes Config file and are called \"pipes\". Each pipe has the following structure:\n\n```yaml\n- kafkaTopic: \"loyalty\"                                # name of the topic in Kafka where message will be sent\n  rabbitExchangeName: \"customers\"                      # name of the exchange in RabbitMQ\n  rabbitTransientExchange: false                       # determines if the exchange should be declared as durable or transient\n  rabbitRoutingKey: \"badge.received\"                   # routing key for exchange\n  rabbitQueueName: \"kandalf-customers-badge.received\"  # the name of RabbitMQ queue to read messages from\n  rabbitDurableQueue: true                             # determines if the queue should be declared as durable\n  rabbitAutoDeleteQueue: false                         # determines if the queue should be declared as auto-delete\n```\n\nYou can find sample Kafka Pipes Config file in [assets/pipes.yml](./assets/pipes.yml).\n\n## How to build a binary on a local machine\n\n1. Make sure you have `go` and `make` utility installed on your machine;\n2. Run: `make` to install all required dependencies and build binaries;\n3. Binaries for Linux and MacOS X would be in `./dist/`.\n\n## How to run service in a docker environment\n\nFor testing and development you can use [`docker-compose`](./docker-compose.yml) file with all the required services.\n\nFor production you can use minimalistic prebuilt [hellofresh/kandalf](https://hub.docker.com/r/hellofresh/kandalf/tags) image as base image or mount pipes configuration volume to `/etc/kandalf/conf/`.\n\n## Todo\n\n* [x] Handle dependencies in a proper way (gvt, glide or smth.)\n* [ ] Tests\n\n## Contributing\n\nTo start contributing, please check [CONTRIBUTING](CONTRIBUTING.md).\n","funding_links":[],"categories":[],"sub_categories":[],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fhellofresh%2Fkandalf","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fhellofresh%2Fkandalf","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fhellofresh%2Fkandalf/lists"}