{"id":13734708,"url":"https://github.com/jfrog/build-info","last_synced_at":"2025-10-10T02:55:54.629Z","repository":{"id":38375847,"uuid":"1390800","full_name":"jfrog/build-info","owner":"jfrog","description":"Artifactory's open integration layer for CI build servers","archived":false,"fork":false,"pushed_at":"2025-09-24T07:03:01.000Z","size":109191,"stargazers_count":150,"open_issues_count":38,"forks_count":163,"subscribers_count":46,"default_branch":"master","last_synced_at":"2025-09-25T08:18:54.377Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":"https://www.buildinfo.org","language":"Java","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/jfrog.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2011-02-20T23:33:55.000Z","updated_at":"2025-09-24T07:03:05.000Z","dependencies_parsed_at":"2023-02-18T15:31:29.114Z","dependency_job_id":"f239082e-69c2-45f7-9fab-abbe9833df97","html_url":"https://github.com/jfrog/build-info","commit_stats":null,"previous_names":["jfrogdev/build-info"],"tags_count":701,"template":false,"template_full_name":null,"purl":"pkg:github/jfrog/build-info","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/jfrog%2Fbuild-info","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/jfrog%2Fbuild-info/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/jfrog%2Fbuild-info/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/jfrog%2Fbuild-info/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/jfrog","download_url":"https://codeload.github.com/jfrog/build-info/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/jfrog%2Fbuild-info/sbom","scorecard":{"id":68836,"data":{"date":"2025-08-04","repo":{"name":"github.com/jfrog/build-info","commit":"c59705b7455f40c10d884795ede636f978bcde0b"},"scorecard":{"version":"v5.2.1-28-gc1d103a9","commit":"c1d103a9bb9f635ec7260bf9aa0699466fa4be0e"},"score":2.2,"checks":[{"name":"Code-Review","score":3,"reason":"Found 10/30 approved changesets -- score normalized to 3","details":null,"documentation":{"short":"Determines if the project requires human code review before pull requests (aka merge requests) are merged.","url":"https://github.com/ossf/scorecard/blob/c1d103a9bb9f635ec7260bf9aa0699466fa4be0e/docs/checks.md#code-review"}},{"name":"Maintained","score":5,"reason":"7 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 5","details":null,"documentation":{"short":"Determines if the project is \"actively maintained\".","url":"https://github.com/ossf/scorecard/blob/c1d103a9bb9f635ec7260bf9aa0699466fa4be0e/docs/checks.md#maintained"}},{"name":"Dangerous-Workflow","score":0,"reason":"dangerous workflow patterns detected","details":["Warn: untrusted code checkout '${{ github.event.pull_request.head.sha }}': .github/workflows/frogbot-scan-pr-gradle.yml:15","Warn: untrusted code checkout '${{ github.event.pull_request.head.sha }}': .github/workflows/integrationTests.yml:206","Warn: untrusted code checkout '${{ github.event.pull_request.head.sha }}': .github/workflows/integrationTests.yml:274","Warn: untrusted code checkout '${{ github.event.pull_request.head.sha }}': .github/workflows/integrationTests.yml:240","Warn: untrusted code checkout '${{ github.event.pull_request.head.sha }}': .github/workflows/integrationTests.yml:328","Warn: untrusted code checkout '${{ github.event.pull_request.head.sha }}': .github/workflows/integrationTests.yml:399","Warn: untrusted code checkout '${{ github.event.pull_request.head.sha }}': .github/workflows/integrationTests.yml:448","Warn: untrusted code checkout '${{ github.event.pull_request.head.sha }}': .github/workflows/integrationTests.yml:30","Warn: untrusted code checkout '${{ github.event.pull_request.head.sha }}': .github/workflows/integrationTests.yml:68","Warn: untrusted code checkout '${{ github.event.pull_request.head.sha }}': .github/workflows/integrationTests.yml:115","Warn: untrusted code checkout '${{ github.event.pull_request.head.sha }}': .github/workflows/integrationTests.yml:161"],"documentation":{"short":"Determines if the project's GitHub Action workflows avoid dangerous patterns.","url":"https://github.com/ossf/scorecard/blob/c1d103a9bb9f635ec7260bf9aa0699466fa4be0e/docs/checks.md#dangerous-workflow"}},{"name":"CII-Best-Practices","score":0,"reason":"no effort to earn an OpenSSF best practices badge detected","details":null,"documentation":{"short":"Determines if the project has an OpenSSF (formerly CII) Best Practices Badge.","url":"https://github.com/ossf/scorecard/blob/c1d103a9bb9f635ec7260bf9aa0699466fa4be0e/docs/checks.md#cii-best-practices"}},{"name":"Token-Permissions","score":0,"reason":"detected GitHub workflow tokens with excessive permissions","details":["Warn: no topLevel permission defined: .github/workflows/cla.yml:1","Info: topLevel 'contents' permission set to 'read': .github/workflows/frogbot-scan-pr-gradle.yml:7","Warn: no topLevel permission defined: .github/workflows/gradle.yml:1","Warn: no topLevel permission defined: .github/workflows/integrationTests.yml:1","Warn: no topLevel permission defined: .github/workflows/monitorIssues.yml:1","Info: no jobLevel write permissions found"],"documentation":{"short":"Determines if the project's workflows follow the principle of least privilege.","url":"https://github.com/ossf/scorecard/blob/c1d103a9bb9f635ec7260bf9aa0699466fa4be0e/docs/checks.md#token-permissions"}},{"name":"Binary-Artifacts","score":6,"reason":"binaries present in source code","details":["Warn: binary detected: gradle/wrapper/gradle-wrapper.jar:1","Warn: binary detected: native/15/libnative-platform-curses-linux-amd64.so:1","Warn: binary detected: native/15/libnative-platform-linux-amd64.so:1","Warn: binary detected: native/jna/linux-amd64/libjnidispatch.so:1"],"documentation":{"short":"Determines if the project has generated executable (binary) artifacts in the source repository.","url":"https://github.com/ossf/scorecard/blob/c1d103a9bb9f635ec7260bf9aa0699466fa4be0e/docs/checks.md#binary-artifacts"}},{"name":"Pinned-Dependencies","score":0,"reason":"dependency not pinned by hash detected -- score normalized to 0","details":["Warn: third-party GitHubAction not pinned by hash: .github/workflows/cla.yml:13: update your workflow using https://app.stepsecurity.io/secureworkflow/jfrog/build-info/cla.yml/master?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/cla.yml:22: update your workflow using https://app.stepsecurity.io/secureworkflow/jfrog/build-info/cla.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/frogbot-scan-pr-gradle.yml:15: update your workflow using https://app.stepsecurity.io/secureworkflow/jfrog/build-info/frogbot-scan-pr-gradle.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/frogbot-scan-pr-gradle.yml:21: update your workflow using https://app.stepsecurity.io/secureworkflow/jfrog/build-info/frogbot-scan-pr-gradle.yml/master?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/frogbot-scan-pr-gradle.yml:29: update your workflow using https://app.stepsecurity.io/secureworkflow/jfrog/build-info/frogbot-scan-pr-gradle.yml/master?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/gradle.yml:21: update your workflow using https://app.stepsecurity.io/secureworkflow/jfrog/build-info/gradle.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/gradle.yml:39: update your workflow using https://app.stepsecurity.io/secureworkflow/jfrog/build-info/gradle.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/gradle.yml:43: update your workflow using https://app.stepsecurity.io/secureworkflow/jfrog/build-info/gradle.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/integrationTests.yml:69: update your workflow using https://app.stepsecurity.io/secureworkflow/jfrog/build-info/integrationTests.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/integrationTests.yml:74: update your workflow using https://app.stepsecurity.io/secureworkflow/jfrog/build-info/integrationTests.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/integrationTests.yml:80: update your workflow using https://app.stepsecurity.io/secureworkflow/jfrog/build-info/integrationTests.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/integrationTests.yml:86: update your workflow using https://app.stepsecurity.io/secureworkflow/jfrog/build-info/integrationTests.yml/master?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/integrationTests.yml:94: update your workflow using https://app.stepsecurity.io/secureworkflow/jfrog/build-info/integrationTests.yml/master?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/integrationTests.yml:100: update your workflow using https://app.stepsecurity.io/secureworkflow/jfrog/build-info/integrationTests.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/integrationTests.yml:116: update your workflow using https://app.stepsecurity.io/secureworkflow/jfrog/build-info/integrationTests.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/integrationTests.yml:121: update your workflow using https://app.stepsecurity.io/secureworkflow/jfrog/build-info/integrationTests.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/integrationTests.yml:127: update your workflow using https://app.stepsecurity.io/secureworkflow/jfrog/build-info/integrationTests.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/integrationTests.yml:133: update your workflow using https://app.stepsecurity.io/secureworkflow/jfrog/build-info/integrationTests.yml/master?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/integrationTests.yml:142: update your workflow using https://app.stepsecurity.io/secureworkflow/jfrog/build-info/integrationTests.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/integrationTests.yml:162: update your workflow using https://app.stepsecurity.io/secureworkflow/jfrog/build-info/integrationTests.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/integrationTests.yml:167: update your workflow using https://app.stepsecurity.io/secureworkflow/jfrog/build-info/integrationTests.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/integrationTests.yml:173: update your workflow using https://app.stepsecurity.io/secureworkflow/jfrog/build-info/integrationTests.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/integrationTests.yml:179: update your workflow using https://app.stepsecurity.io/secureworkflow/jfrog/build-info/integrationTests.yml/master?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/integrationTests.yml:187: update your workflow using https://app.stepsecurity.io/secureworkflow/jfrog/build-info/integrationTests.yml/master?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/integrationTests.yml:193: update your workflow using https://app.stepsecurity.io/secureworkflow/jfrog/build-info/integrationTests.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/integrationTests.yml:207: update your workflow using https://app.stepsecurity.io/secureworkflow/jfrog/build-info/integrationTests.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/integrationTests.yml:212: update your workflow using https://app.stepsecurity.io/secureworkflow/jfrog/build-info/integrationTests.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/integrationTests.yml:218: update your workflow using https://app.stepsecurity.io/secureworkflow/jfrog/build-info/integrationTests.yml/master?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/integrationTests.yml:227: update your workflow using https://app.stepsecurity.io/secureworkflow/jfrog/build-info/integrationTests.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/integrationTests.yml:241: update your workflow using https://app.stepsecurity.io/secureworkflow/jfrog/build-info/integrationTests.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/integrationTests.yml:246: update your workflow using https://app.stepsecurity.io/secureworkflow/jfrog/build-info/integrationTests.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/integrationTests.yml:252: update your workflow using https://app.stepsecurity.io/secureworkflow/jfrog/build-info/integrationTests.yml/master?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/integrationTests.yml:261: update your workflow using https://app.stepsecurity.io/secureworkflow/jfrog/build-info/integrationTests.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/integrationTests.yml:275: update your workflow using https://app.stepsecurity.io/secureworkflow/jfrog/build-info/integrationTests.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/integrationTests.yml:280: update your workflow using https://app.stepsecurity.io/secureworkflow/jfrog/build-info/integrationTests.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/integrationTests.yml:286: update your workflow using https://app.stepsecurity.io/secureworkflow/jfrog/build-info/integrationTests.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/integrationTests.yml:292: update your workflow using https://app.stepsecurity.io/secureworkflow/jfrog/build-info/integrationTests.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/integrationTests.yml:298: update your workflow using https://app.stepsecurity.io/secureworkflow/jfrog/build-info/integrationTests.yml/master?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/integrationTests.yml:306: update your workflow using https://app.stepsecurity.io/secureworkflow/jfrog/build-info/integrationTests.yml/master?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/integrationTests.yml:312: update your workflow using https://app.stepsecurity.io/secureworkflow/jfrog/build-info/integrationTests.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/integrationTests.yml:329: update your workflow using https://app.stepsecurity.io/secureworkflow/jfrog/build-info/integrationTests.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/integrationTests.yml:350: update your workflow using https://app.stepsecurity.io/secureworkflow/jfrog/build-info/integrationTests.yml/master?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/integrationTests.yml:355: update your workflow using https://app.stepsecurity.io/secureworkflow/jfrog/build-info/integrationTests.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/integrationTests.yml:360: update your workflow using https://app.stepsecurity.io/secureworkflow/jfrog/build-info/integrationTests.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/integrationTests.yml:366: update your workflow using https://app.stepsecurity.io/secureworkflow/jfrog/build-info/integrationTests.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/integrationTests.yml:372: update your workflow using https://app.stepsecurity.io/secureworkflow/jfrog/build-info/integrationTests.yml/master?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/integrationTests.yml:380: update your workflow using https://app.stepsecurity.io/secureworkflow/jfrog/build-info/integrationTests.yml/master?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/integrationTests.yml:386: update your workflow using https://app.stepsecurity.io/secureworkflow/jfrog/build-info/integrationTests.yml/master?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/integrationTests.yml:17: update your workflow using https://app.stepsecurity.io/secureworkflow/jfrog/build-info/integrationTests.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/integrationTests.yml:400: update your workflow using https://app.stepsecurity.io/secureworkflow/jfrog/build-info/integrationTests.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/integrationTests.yml:405: update your workflow using https://app.stepsecurity.io/secureworkflow/jfrog/build-info/integrationTests.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/integrationTests.yml:410: update your workflow using https://app.stepsecurity.io/secureworkflow/jfrog/build-info/integrationTests.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/integrationTests.yml:417: update your workflow using https://app.stepsecurity.io/secureworkflow/jfrog/build-info/integrationTests.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/integrationTests.yml:423: update your workflow using https://app.stepsecurity.io/secureworkflow/jfrog/build-info/integrationTests.yml/master?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/integrationTests.yml:431: update your workflow using https://app.stepsecurity.io/secureworkflow/jfrog/build-info/integrationTests.yml/master?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/integrationTests.yml:437: update your workflow using https://app.stepsecurity.io/secureworkflow/jfrog/build-info/integrationTests.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/integrationTests.yml:449: update your workflow using https://app.stepsecurity.io/secureworkflow/jfrog/build-info/integrationTests.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/integrationTests.yml:454: update your workflow using https://app.stepsecurity.io/secureworkflow/jfrog/build-info/integrationTests.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/integrationTests.yml:460: update your workflow using https://app.stepsecurity.io/secureworkflow/jfrog/build-info/integrationTests.yml/master?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/integrationTests.yml:475: update your workflow using https://app.stepsecurity.io/secureworkflow/jfrog/build-info/integrationTests.yml/master?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/integrationTests.yml:484: update your workflow using https://app.stepsecurity.io/secureworkflow/jfrog/build-info/integrationTests.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/integrationTests.yml:31: update your workflow using https://app.stepsecurity.io/secureworkflow/jfrog/build-info/integrationTests.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/integrationTests.yml:36: update your workflow using https://app.stepsecurity.io/secureworkflow/jfrog/build-info/integrationTests.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/integrationTests.yml:42: update your workflow using https://app.stepsecurity.io/secureworkflow/jfrog/build-info/integrationTests.yml/master?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/integrationTests.yml:51: update your workflow using https://app.stepsecurity.io/secureworkflow/jfrog/build-info/integrationTests.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/monitorIssues.yml:17: update your workflow using https://app.stepsecurity.io/secureworkflow/jfrog/build-info/monitorIssues.yml/master?enable=pin","Info:   0 out of  44 GitHub-owned GitHubAction dependencies pinned","Info:   0 out of  22 third-party GitHubAction dependencies pinned"],"documentation":{"short":"Determines if the project has declared and pinned the dependencies of its build process.","url":"https://github.com/ossf/scorecard/blob/c1d103a9bb9f635ec7260bf9aa0699466fa4be0e/docs/checks.md#pinned-dependencies"}},{"name":"Fuzzing","score":0,"reason":"project is not fuzzed","details":["Warn: no fuzzer integrations found"],"documentation":{"short":"Determines if the project uses fuzzing.","url":"https://github.com/ossf/scorecard/blob/c1d103a9bb9f635ec7260bf9aa0699466fa4be0e/docs/checks.md#fuzzing"}},{"name":"Packaging","score":-1,"reason":"packaging workflow not detected","details":["Warn: no GitHub/GitLab publishing workflow detected."],"documentation":{"short":"Determines if the project is published as a package that others can easily download, install, easily update, and uninstall.","url":"https://github.com/ossf/scorecard/blob/c1d103a9bb9f635ec7260bf9aa0699466fa4be0e/docs/checks.md#packaging"}},{"name":"License","score":10,"reason":"license file detected","details":["Info: project has a license file: LICENSE:0","Info: FSF or OSI recognized license: Apache License 2.0: LICENSE:0"],"documentation":{"short":"Determines if the project has defined a license.","url":"https://github.com/ossf/scorecard/blob/c1d103a9bb9f635ec7260bf9aa0699466fa4be0e/docs/checks.md#license"}},{"name":"Signed-Releases","score":-1,"reason":"no releases found","details":null,"documentation":{"short":"Determines if the project cryptographically signs release artifacts.","url":"https://github.com/ossf/scorecard/blob/c1d103a9bb9f635ec7260bf9aa0699466fa4be0e/docs/checks.md#signed-releases"}},{"name":"Branch-Protection","score":0,"reason":"branch protection not enabled on development/release branches","details":["Warn: branch protection not enabled for branch 'master'"],"documentation":{"short":"Determines if the default and release branches are protected with GitHub's branch protection settings.","url":"https://github.com/ossf/scorecard/blob/c1d103a9bb9f635ec7260bf9aa0699466fa4be0e/docs/checks.md#branch-protection"}},{"name":"Security-Policy","score":10,"reason":"security policy file detected","details":["Info: security policy file detected: github.com/jfrog/.github/SECURITY.md:1","Info: Found linked content: github.com/jfrog/.github/SECURITY.md:1","Info: Found disclosure, vulnerability, and/or timelines in security policy: github.com/jfrog/.github/SECURITY.md:1","Info: Found text in security policy: github.com/jfrog/.github/SECURITY.md:1"],"documentation":{"short":"Determines if the project has published a security policy.","url":"https://github.com/ossf/scorecard/blob/c1d103a9bb9f635ec7260bf9aa0699466fa4be0e/docs/checks.md#security-policy"}},{"name":"SAST","score":0,"reason":"SAST tool is not run on all commits -- score normalized to 0","details":["Warn: 0 commits out of 14 are checked with a SAST tool"],"documentation":{"short":"Determines if the project uses static code analysis.","url":"https://github.com/ossf/scorecard/blob/c1d103a9bb9f635ec7260bf9aa0699466fa4be0e/docs/checks.md#sast"}},{"name":"Vulnerabilities","score":0,"reason":"23 existing vulnerabilities detected","details":["Warn: Project is vulnerable to: GHSA-gwrp-pvrq-jmwv","Warn: Project is vulnerable to: GHSA-p7vm-phxx-g722","Warn: Project is vulnerable to: GHSA-v7cm-w955-pj6g","Warn: Project is vulnerable to: GHSA-8vhq-qq4p-grq3","Warn: Project is vulnerable to: GHSA-g6ph-x5wf-g337","Warn: Project is vulnerable to: GHSA-jcwr-x25h-x5fh","Warn: Project is vulnerable to: GHSA-36p3-wjmg-h94x","Warn: Project is vulnerable to: GHSA-hh26-6xwr-ggv7","Warn: Project is vulnerable to: GHSA-4487-x383-qpph","Warn: Project is vulnerable to: GHSA-8crv-49fr-2h6j","Warn: Project is vulnerable to: GHSA-g8hw-794c-4j9g","Warn: Project is vulnerable to: GHSA-pgf9-h69p-pcgf","Warn: Project is vulnerable to: GHSA-rcpf-vj53-7h2m","Warn: Project is vulnerable to: GHSA-wjjr-h4wh-w6vv","Warn: Project is vulnerable to: GHSA-wv88-pf73-x22p","Warn: Project is vulnerable to: GO-2020-0015 / GHSA-5rcv-m4m3-hfh7","Warn: Project is vulnerable to: GO-2021-0113 / GHSA-ppp9-7jff-5vj2","Warn: Project is vulnerable to: GO-2022-1059 / GHSA-69ch-w2m2-3vjp","Warn: Project is vulnerable to: MAL-2022-4027","Warn: Project is vulnerable to: PYSEC-2021-356 / GHSA-2ww3-fxvq-293j","Warn: Project is vulnerable to: PYSEC-2024-167 / GHSA-cgvx-9447-vcch","Warn: Project is vulnerable to: PYSEC-2021-859 / GHSA-f8m6-h2c7-8h9x","Warn: Project is vulnerable to: PYSEC-2022-5 / GHSA-rqjh-jp2r-59cj"],"documentation":{"short":"Determines if the project has open, known unfixed vulnerabilities.","url":"https://github.com/ossf/scorecard/blob/c1d103a9bb9f635ec7260bf9aa0699466fa4be0e/docs/checks.md#vulnerabilities"}}]},"last_synced_at":"2025-08-15T03:19:48.044Z","repository_id":38375847,"created_at":"2025-08-15T03:19:48.044Z","updated_at":"2025-08-15T03:19:48.044Z"},"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":279002527,"owners_count":26083403,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","status":"online","status_checked_at":"2025-10-10T02:00:06.843Z","response_time":62,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2024-08-03T03:00:59.091Z","updated_at":"2025-10-10T02:55:54.600Z","avatar_url":"https://github.com/jfrog.png","language":"Java","funding_links":[],"categories":["Plugins"],"sub_categories":["CI"],"readme":"# Build-Info\n\n[![Build Info Extractor plugin](https://img.shields.io/maven-central/v/org.jfrog.buildinfo/build-info-extractor?label=build-info-extractor\u0026style=for-the-badge)](https://search.maven.org/artifact/org.jfrog.buildinfo/build-info-extractor) [![Gradle plugin](https://img.shields.io/gradle-plugin-portal/v/com.jfrog.artifactory?label=Gradle%20Artifactory%20plugin\u0026style=for-the-badge)](https://plugins.gradle.org/plugin/com.jfrog.artifactory)\n\n[![Scanned by Frogbot](https://raw.github.com/jfrog/frogbot/master/images/frogbot-badge.svg)](https://github.com/jfrog/frogbot#readme) [![Tests](https://github.com/jfrog/build-info/actions/workflows/integrationTests.yml/badge.svg)](https://github.com/jfrog/build-info/actions/workflows/integrationTests.yml) \n\n## Overview\n\nBuild Info is Artifactory's open integration layer for the CI servers and build tools. The build information is sent to Artifactory in json format.\n\n## Building and testing the sources\n\n* The code is built using Gradle and includes integration tests.\u003cbr/\u003e\n* It must run using JDK 8 and Gradle 5.6.2. If you are using different gradle version you can use the provided gradle wrapper.\u003cbr/\u003e\n* In order to run tests the following environment variables must be set:\n```bash\nexport BITESTS_PLATFORM_URL='http://localhost:8081'\nexport BITESTS_PLATFORM_USERNAME=admin\nexport BITESTS_PLATFORM_ADMIN_TOKEN=admin-access-token\nexport BITESTS_ARTIFACTORY_PIP_ENV=/Users/user/venv-test/bin\n```\nSee [here](https://www.jfrog.com/confluence/display/JFROG/Access+Tokens#AccessTokens-GeneratingAdminTokens) how to generate an admin token for the above environment variable.\n\n### Building\nWhen running the following commands to build the code, the entire testing suite is also executed. See the *Testing* section for configuration instructions prior to running the tests.\n\nTo build the code using the gradle wrapper in Unix run:\n```bash\n./gradlew clean build\n```\nTo build the code using the gradle wrapper in Windows run:\n```bash\ngradlew clean build\n```\nTo build the code using the environment gradle run:\n```bash\ngradle clean build\n```\nTo build the code without running the tests, add to the \"clean build\" command the \"-x test\" option, for example:\n```bash\n./gradlew clean build -x test\n```\n\n### Testing\nTo run *all* tests:\n```bash\n./gradlew clean test\n```\n\n#### Extractor tests\n```bash\n./gradlew clean build-info-api:test build-info-client:test build-info-extractor:test build-info-vcs:test\n```\n\n#### Maven tests\n```bash\n./gradlew clean build-info-extractor-maven3:test\n```\n\n#### Gradle tests\n```bash\n./gradlew clean build-info-extractor-gradle:test\n```\n\n#### npm tests\n* Add npm executable to the system search path (PATH environment variable).\n* npm 7.7 or above is required.\n```bash\n./gradlew clean build-info-extractor-npm:test\n```\n\n#### Go tests\n* Add Go executable to the system search path (PATH environment variable).\n* Go v1.14 or above is required.\n```bash\n./gradlew clean build-info-extractor-go:test\n```\n\n#### Pip tests\n* Add Python and pip executables to the system search path (PATH environment variable).\n* Pip tests must run inside a clean pip-environment. Create a virtual environment and provide its path using the 'BITESTS_ARTIFACTORY_PIP_ENV' variable.\nWhen running on a Windows machine, provide the path to the 'Scripts' directory.\nWhen running on a unix machine, provide the path to the 'bin' directory.\n```bash\npython -m venv buildinfo-tests-env\nexport BITESTS_ARTIFACTORY_PIP_ENV=/Users/user/buildinfo-tests-env/bin\n./gradlew clean build-info-extractor-pip:test\n```\n\n#### NuGet tests\n* Add Nuget \u0026 Dotnet executable to the system search path (PATH environment variable).\n```bash\n./gradlew clean build-info-extractor-nuget:test\n```\n\n#### Docker tests\n* Docker tests run only on Linux/mac.\n* In addition to the general environment variables required for running the tests, you must set the following environment variables, required for the docker tests:\n  ```bash\n  export BITESTS_PLATFORM_CONTAINER_REGISTRY=127.0.0.1:8081\n  export BITESTS_ARTIFACTORY_DOCKER_HOST=tcp://127.0.0.1:1234\n  ```\n* For OSX agents, run a Socat container:\n ```bash\n docker run -d -v /var/run/docker.sock:/var/run/docker.sock -p 127.0.0.1:1234:1234 bobrik/socat TCP-LISTEN:1234,fork UNIX-CONNECT:/var/run/docker.sock\n ```\n* Run tests:\n ```bash\n./gradlew clean build-info-extractor-docker:test\n```\n\n## More about build-info\nRead more about build-info in the [Build Integration documentation](https://www.jfrog.com/confluence/display/JFROG/Build+Integration).\n\n## Release notes\nThe release notes are available [here](https://github.com/jfrog/build-info/releases).\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fjfrog%2Fbuild-info","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fjfrog%2Fbuild-info","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fjfrog%2Fbuild-info/lists"}