{"id":34126219,"url":"https://github.com/hyperscale-stack/security","last_synced_at":"2026-06-09T07:31:15.382Z","repository":{"id":47763590,"uuid":"296019253","full_name":"hyperscale-stack/security","owner":"hyperscale-stack","description":"The Hyperscale security is a powerful and highly customizable authentication and access-control framework.","archived":false,"fork":false,"pushed_at":"2026-05-21T20:05:46.000Z","size":611,"stargazers_count":0,"open_issues_count":0,"forks_count":0,"subscribers_count":1,"default_branch":"master","last_synced_at":"2026-05-22T05:32:33.864Z","etag":null,"topics":["auth","authentication","authenticator","authorization","go","go-modules","golang","oauth2","oauth2-server","security"],"latest_commit_sha":null,"homepage":"","language":"Go","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/hyperscale-stack.png","metadata":{"files":{"readme":"README.md","changelog":"CHANGELOG.md","contributing":null,"funding":null,"license":"LICENSE.md","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":"docs/security-considerations.md","support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":null,"dco":null,"cla":null}},"created_at":"2020-09-16T12:00:10.000Z","updated_at":"2026-05-21T20:05:50.000Z","dependencies_parsed_at":"2024-06-19T18:54:00.184Z","dependency_job_id":"501b7e3e-5f70-4563-b51d-5471630397d4","html_url":"https://github.com/hyperscale-stack/security","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"purl":"pkg:github/hyperscale-stack/security","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hyperscale-stack%2Fsecurity","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hyperscale-stack%2Fsecurity/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hyperscale-stack%2Fsecurity/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hyperscale-stack%2Fsecurity/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/hyperscale-stack","download_url":"https://codeload.github.com/hyperscale-stack/security/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hyperscale-stack%2Fsecurity/sbom","scorecard":{"id":475516,"data":{"date":"2025-08-11","repo":{"name":"github.com/hyperscale-stack/security","commit":"0026d000b22557a3bf772bcc590113dad4fce434"},"scorecard":{"version":"v5.2.1-40-gf6ed084d","commit":"f6ed084d17c9236477efd66e5b258b9d4cc7b389"},"score":3.2,"checks":[{"name":"Dangerous-Workflow","score":10,"reason":"no dangerous workflow patterns detected","details":null,"documentation":{"short":"Determines if the project's GitHub Action workflows avoid dangerous patterns.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#dangerous-workflow"}},{"name":"Packaging","score":-1,"reason":"packaging workflow not detected","details":["Warn: no GitHub/GitLab publishing workflow detected."],"documentation":{"short":"Determines if the project is published as a package that others can easily download, install, easily update, and uninstall.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#packaging"}},{"name":"Maintained","score":0,"reason":"0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0","details":null,"documentation":{"short":"Determines if the project is \"actively maintained\".","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#maintained"}},{"name":"Pinned-Dependencies","score":0,"reason":"dependency not pinned by hash detected -- score normalized to 0","details":["Warn: third-party GitHubAction not pinned by hash: .github/workflows/go.yml:49: update your workflow using https://app.stepsecurity.io/secureworkflow/hyperscale-stack/security/go.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/go.yml:17: update your workflow using https://app.stepsecurity.io/secureworkflow/hyperscale-stack/security/go.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/go.yml:23: update your workflow using https://app.stepsecurity.io/secureworkflow/hyperscale-stack/security/go.yml/master?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/go.yml:35: update your workflow using https://app.stepsecurity.io/secureworkflow/hyperscale-stack/security/go.yml/master?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/go.yml:40: update your workflow using https://app.stepsecurity.io/secureworkflow/hyperscale-stack/security/go.yml/master?enable=pin","Info:   0 out of   2 GitHub-owned GitHubAction dependencies pinned","Info:   0 out of   3 third-party GitHubAction dependencies pinned"],"documentation":{"short":"Determines if the project has declared and pinned the dependencies of its build process.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#pinned-dependencies"}},{"name":"Binary-Artifacts","score":10,"reason":"no binaries found in the repo","details":null,"documentation":{"short":"Determines if the project has generated executable (binary) artifacts in the source repository.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#binary-artifacts"}},{"name":"Token-Permissions","score":0,"reason":"detected GitHub workflow tokens with excessive permissions","details":["Warn: no topLevel permission defined: .github/workflows/go.yml:1","Info: no jobLevel write permissions found"],"documentation":{"short":"Determines if the project's workflows follow the principle of least privilege.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#token-permissions"}},{"name":"Code-Review","score":0,"reason":"Found 0/12 approved changesets -- score normalized to 0","details":null,"documentation":{"short":"Determines if the project requires human code review before pull requests (aka merge requests) are merged.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#code-review"}},{"name":"CII-Best-Practices","score":0,"reason":"no effort to earn an OpenSSF best practices badge detected","details":null,"documentation":{"short":"Determines if the project has an OpenSSF (formerly CII) Best Practices Badge.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#cii-best-practices"}},{"name":"Security-Policy","score":0,"reason":"security policy file not detected","details":["Warn: no security policy file detected","Warn: no security file to analyze","Warn: no security file to analyze","Warn: no security file to analyze"],"documentation":{"short":"Determines if the project has published a security policy.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#security-policy"}},{"name":"Fuzzing","score":0,"reason":"project is not fuzzed","details":["Warn: no fuzzer integrations found"],"documentation":{"short":"Determines if the project uses fuzzing.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#fuzzing"}},{"name":"Signed-Releases","score":-1,"reason":"no releases found","details":null,"documentation":{"short":"Determines if the project cryptographically signs release artifacts.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#signed-releases"}},{"name":"License","score":10,"reason":"license file detected","details":["Info: project has a license file: LICENSE.md:0","Info: FSF or OSI recognized license: MIT License: LICENSE.md:0"],"documentation":{"short":"Determines if the project has defined a license.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#license"}},{"name":"Branch-Protection","score":0,"reason":"branch protection not enabled on development/release branches","details":["Warn: branch protection not enabled for branch 'master'"],"documentation":{"short":"Determines if the default and release branches are protected with GitHub's branch protection settings.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#branch-protection"}},{"name":"SAST","score":0,"reason":"SAST tool is not run on all commits -- score normalized to 0","details":["Warn: 0 commits out of 18 are checked with a SAST tool"],"documentation":{"short":"Determines if the project uses static code analysis.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#sast"}},{"name":"Vulnerabilities","score":7,"reason":"3 existing vulnerabilities detected","details":["Warn: Project is vulnerable to: GO-2023-2402 / GHSA-45x7-px36-x8w8","Warn: Project is vulnerable to: GO-2024-3321 / GHSA-v778-237x-gjrc","Warn: Project is vulnerable to: GO-2025-3487 / GHSA-hcg3-q754-cr77"],"documentation":{"short":"Determines if the project has open, known unfixed vulnerabilities.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#vulnerabilities"}}]},"last_synced_at":"2025-08-19T15:10:58.822Z","repository_id":47763590,"created_at":"2025-08-19T15:10:58.822Z","updated_at":"2025-08-19T15:10:58.822Z"},"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":34096950,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-05-26T15:22:16.424Z","status":"online","status_checked_at":"2026-06-09T02:00:06.510Z","response_time":63,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["auth","authentication","authenticator","authorization","go","go-modules","golang","oauth2","oauth2-server","security"],"created_at":"2025-12-14T23:37:51.156Z","updated_at":"2026-06-09T07:31:15.376Z","avatar_url":"https://github.com/hyperscale-stack.png","language":"Go","funding_links":[],"categories":[],"sub_categories":[],"readme":"Hyperscale security [![Last release](https://img.shields.io/github/release/hyperscale-stack/security.svg)](https://github.com/hyperscale-stack/security/releases/latest) [![Documentation](https://godoc.org/github.com/hyperscale-stack/security?status.svg)](https://godoc.org/github.com/hyperscale-stack/security)\n====================\n\n[![Go Report Card](https://goreportcard.com/badge/github.com/hyperscale-stack/security)](https://goreportcard.com/report/github.com/hyperscale-stack/security)\n\n| Branch  | Status | Coverage |\n|---------|--------|----------|\n| master  | [![Build Status](https://github.com/hyperscale-stack/security/workflows/Go/badge.svg?branch=master)](https://github.com/hyperscale-stack/security/actions?query=workflow%3AGo) | [![Coveralls](https://img.shields.io/coveralls/hyperscale-stack/security/master.svg)](https://coveralls.io/github/hyperscale-stack/security?branch=master) |\n\nA transport-agnostic authentication and authorization toolkit for Go —\nHTTP, gRPC and ConnectRPC, OAuth2, JWT, sessions, and a composable\nVoter-based access model. It is shipped as a multi-module workspace so you\nimport only what you need.\n\n## Modules\n\n| Module                                              | Purpose                                                         |\n| --------------------------------------------------- | --------------------------------------------------------------- |\n| `github.com/hyperscale-stack/security`              | Core: `Authentication`, `Engine`, `Manager`, `Voter`, ADM       |\n| `…/security/http`                                   | `httpsec` — `net/http` middleware + authorization               |\n| `…/security/grpc`                                   | `grpcsec` — unary/stream interceptors                           |\n| `…/security/connectrpc`                             | `connectrpcsec` — ConnectRPC auth + authorize interceptors      |\n| `…/security/basic`                                  | HTTP Basic extractor + authenticator                            |\n| `…/security/bearer`                                 | Bearer extractor + `TokenVerifier` authenticator                |\n| `…/security/password`                               | BCrypt + Argon2id hashers (`NeedsRehash`)                       |\n| `…/security/jwt`                                    | `jwtsec` — JWT signer/verifier, JWKS                            |\n| `…/security/session`                                | Stateless encrypted cookie sessions + CSRF                      |\n| `…/security/oauth2`                                 | OAuth2 server: profiles, grants, endpoints                      |\n| `…/security/oauth2/store/sql`                       | Production OAuth2 storage on `database/sql`                     |\n| `…/security/oauth2/store/redis`                     | Production OAuth2 storage on Redis                              |\n\n## Install\n\n```sh\ngo get github.com/hyperscale-stack/security\ngo get github.com/hyperscale-stack/security/http   # and any other module you need\n```\n\n## Quick start — HTTP Basic\n\n```go\npackage main\n\nimport (\n\t\"net/http\"\n\n\t\"github.com/hyperscale-stack/security\"\n\t\"github.com/hyperscale-stack/security/basic\"\n\thttpsec \"github.com/hyperscale-stack/security/http\"\n\t\"github.com/hyperscale-stack/security/password\"\n)\n\nfunc main() {\n\t// loader is your UserLoader implementation (DB-backed, etc.).\n\tauthenticator := basic.NewAuthenticator(loader, password.NewBCryptHasher(12))\n\n\tengine := security.NewEngine(\n\t\tsecurity.NewManager(authenticator),\n\t\tbasic.NewExtractor(),\n\t)\n\n\tmux := http.NewServeMux()\n\tmux.HandleFunc(\"/\", func(w http.ResponseWriter, r *http.Request) {\n\t\tauth, _ := security.FromContext(r.Context())\n\t\tw.Write([]byte(\"hello \" + auth.Name()))\n\t})\n\n\thttp.ListenAndServe(\":8080\", httpsec.Middleware(engine)(mux))\n}\n```\n\nAdd authorization with a Voter and an `AccessDecisionManager`:\n\n```go\nadm := security.NewAffirmativeDecisionManager(voter.HasRole(\"ADMIN\"))\nmux.Handle(\"/admin\", httpsec.Authorize(adm, security.Role(\"ADMIN\"))(adminHandler))\n```\n\n## Documentation\n\n- [docs/architecture.md](docs/architecture.md) — modules, pipelines, design.\n- [docs/observability.md](docs/observability.md) — OpenTelemetry span catalog.\n- [docs/security-considerations.md](docs/security-considerations.md) — defaults and threat model.\n- [docs/migration-from-v0.md](docs/migration-from-v0.md) — upgrading from the v0 stack.\n- [MIGRATION.md](MIGRATION.md) — workspace layout and dependency policy.\n- [LIMITATIONS.md](LIMITATIONS.md) — known gaps.\n- [examples/](examples) — runnable per-scenario demos.\n\n## Development\n\n```sh\nmake sync     # go work sync\nmake build    # build every module\nmake test     # race + coverage\nmake lint     # golangci-lint with the shared config\n```\n\n## License\n\nHyperscale security is licensed under [the MIT license](LICENSE.md).\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fhyperscale-stack%2Fsecurity","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fhyperscale-stack%2Fsecurity","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fhyperscale-stack%2Fsecurity/lists"}