{"id":15323641,"url":"https://github.com/joeig/eee-safe","last_synced_at":"2026-03-06T15:32:02.729Z","repository":{"id":34929671,"uuid":"163890017","full_name":"joeig/eee-safe","owner":"joeig","description":"Custom Threema Safe server","archived":false,"fork":false,"pushed_at":"2026-02-11T17:15:26.000Z","size":7205,"stargazers_count":6,"open_issues_count":2,"forks_count":3,"subscribers_count":1,"default_branch":"main","last_synced_at":"2026-02-12T01:47:13.604Z","etag":null,"topics":["backup","safe","threema"],"latest_commit_sha":null,"homepage":"","language":"Go","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/joeig.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":null,"dco":null,"cla":null}},"created_at":"2019-01-02T21:11:27.000Z","updated_at":"2026-02-11T17:15:30.000Z","dependencies_parsed_at":"2024-04-10T09:43:16.768Z","dependency_job_id":"598c8c1a-5297-41d2-ab33-2ae6c301ab5e","html_url":"https://github.com/joeig/eee-safe","commit_stats":{"total_commits":146,"total_committers":4,"mean_commits":36.5,"dds":0.5205479452054795,"last_synced_commit":"c4f4ec13f4ccd3fcbee47c7a6bf2a0c76556a8ef"},"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"purl":"pkg:github/joeig/eee-safe","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/joeig%2Feee-safe","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/joeig%2Feee-safe/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/joeig%2Feee-safe/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/joeig%2Feee-safe/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/joeig","download_url":"https://codeload.github.com/joeig/eee-safe/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/joeig%2Feee-safe/sbom","scorecard":{"id":526699,"data":{"date":"2025-08-11","repo":{"name":"github.com/joeig/eee-safe","commit":"9afeaef558c8096efc820942f43b91270f61249f"},"scorecard":{"version":"v5.2.1-40-gf6ed084d","commit":"f6ed084d17c9236477efd66e5b258b9d4cc7b389"},"score":3.7,"checks":[{"name":"Binary-Artifacts","score":10,"reason":"no binaries found in the repo","details":null,"documentation":{"short":"Determines if the project has generated executable (binary) artifacts in the source repository.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#binary-artifacts"}},{"name":"Packaging","score":-1,"reason":"packaging workflow not detected","details":["Warn: no GitHub/GitLab publishing workflow detected."],"documentation":{"short":"Determines if the project is published as a package that others can easily download, install, easily update, and uninstall.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#packaging"}},{"name":"Code-Review","score":0,"reason":"Found 0/6 approved changesets -- score normalized to 0","details":null,"documentation":{"short":"Determines if the project requires human code review before pull requests (aka merge requests) are merged.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#code-review"}},{"name":"Maintained","score":1,"reason":"2 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 1","details":null,"documentation":{"short":"Determines if the project is \"actively maintained\".","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#maintained"}},{"name":"Dangerous-Workflow","score":10,"reason":"no dangerous workflow patterns detected","details":null,"documentation":{"short":"Determines if the project's GitHub Action workflows avoid dangerous patterns.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#dangerous-workflow"}},{"name":"Pinned-Dependencies","score":0,"reason":"dependency not pinned by hash detected -- score normalized to 0","details":["Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build.yml:18: update your workflow using https://app.stepsecurity.io/secureworkflow/joeig/eee-safe/build.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build.yml:19: update your workflow using https://app.stepsecurity.io/secureworkflow/joeig/eee-safe/build.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/go-licenses.yml:20: update your workflow using https://app.stepsecurity.io/secureworkflow/joeig/eee-safe/go-licenses.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/go-licenses.yml:21: update your workflow using https://app.stepsecurity.io/secureworkflow/joeig/eee-safe/go-licenses.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/golangci-lint.yml:18: update your workflow using https://app.stepsecurity.io/secureworkflow/joeig/eee-safe/golangci-lint.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/golangci-lint.yml:19: update your workflow using https://app.stepsecurity.io/secureworkflow/joeig/eee-safe/golangci-lint.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/golangci-lint.yml:23: update your workflow using https://app.stepsecurity.io/secureworkflow/joeig/eee-safe/golangci-lint.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/govulncheck.yml:20: update your workflow using https://app.stepsecurity.io/secureworkflow/joeig/eee-safe/govulncheck.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/lint.yml:18: update your workflow using https://app.stepsecurity.io/secureworkflow/joeig/eee-safe/lint.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/lint.yml:19: update your workflow using https://app.stepsecurity.io/secureworkflow/joeig/eee-safe/lint.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test.yml:18: update your workflow using https://app.stepsecurity.io/secureworkflow/joeig/eee-safe/test.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test.yml:19: update your workflow using https://app.stepsecurity.io/secureworkflow/joeig/eee-safe/test.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/test.yml:26: update your workflow using https://app.stepsecurity.io/secureworkflow/joeig/eee-safe/test.yml/main?enable=pin","Info:   0 out of   9 GitHub-owned GitHubAction dependencies pinned","Info:   0 out of   4 third-party GitHubAction dependencies pinned"],"documentation":{"short":"Determines if the project has declared and pinned the dependencies of its build process.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#pinned-dependencies"}},{"name":"Token-Permissions","score":0,"reason":"detected GitHub workflow tokens with excessive permissions","details":["Warn: no topLevel permission defined: .github/workflows/build.yml:1","Info: topLevel 'contents' permission set to 'read': .github/workflows/go-licenses.yml:15","Warn: no topLevel permission defined: .github/workflows/golangci-lint.yml:1","Warn: no topLevel permission defined: .github/workflows/govulncheck.yml:1","Warn: no topLevel permission defined: .github/workflows/lint.yml:1","Warn: no topLevel permission defined: .github/workflows/test.yml:1","Info: no jobLevel write permissions found"],"documentation":{"short":"Determines if the project's workflows follow the principle of least privilege.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#token-permissions"}},{"name":"CII-Best-Practices","score":0,"reason":"no effort to earn an OpenSSF best practices badge detected","details":null,"documentation":{"short":"Determines if the project has an OpenSSF (formerly CII) Best Practices Badge.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#cii-best-practices"}},{"name":"Security-Policy","score":0,"reason":"security policy file not detected","details":["Warn: no security policy file detected","Warn: no security file to analyze","Warn: no security file to analyze","Warn: no security file to analyze"],"documentation":{"short":"Determines if the project has published a security policy.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#security-policy"}},{"name":"Fuzzing","score":0,"reason":"project is not fuzzed","details":["Warn: no fuzzer integrations found"],"documentation":{"short":"Determines if the project uses fuzzing.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#fuzzing"}},{"name":"License","score":10,"reason":"license file detected","details":["Info: project has a license file: LICENSE:0","Info: FSF or OSI recognized license: MIT License: LICENSE:0"],"documentation":{"short":"Determines if the project has defined a license.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#license"}},{"name":"Branch-Protection","score":-1,"reason":"internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration","details":null,"documentation":{"short":"Determines if the default and release branches are protected with GitHub's branch protection settings.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#branch-protection"}},{"name":"Signed-Releases","score":-1,"reason":"no releases found","details":null,"documentation":{"short":"Determines if the project cryptographically signs release artifacts.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#signed-releases"}},{"name":"SAST","score":0,"reason":"SAST tool is not run on all commits -- score normalized to 0","details":["Warn: 0 commits out of 30 are checked with a SAST tool"],"documentation":{"short":"Determines if the project uses static code analysis.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#sast"}},{"name":"Vulnerabilities","score":8,"reason":"2 existing vulnerabilities detected","details":["Warn: Project is vulnerable to: GO-2022-0635","Warn: Project is vulnerable to: GO-2022-0646"],"documentation":{"short":"Determines if the project has open, known unfixed vulnerabilities.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#vulnerabilities"}}]},"last_synced_at":"2025-08-20T04:35:11.150Z","repository_id":34929671,"created_at":"2025-08-20T04:35:11.151Z","updated_at":"2025-08-20T04:35:11.151Z"},"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":30183466,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-03-06T14:42:24.748Z","status":"ssl_error","status_checked_at":"2026-03-06T14:42:14.925Z","response_time":250,"last_error":"SSL_connect returned=1 errno=0 peeraddr=140.82.121.6:443 state=error: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["backup","safe","threema"],"created_at":"2024-10-01T09:20:49.197Z","updated_at":"2026-03-06T15:32:02.702Z","avatar_url":"https://github.com/joeig.png","language":"Go","funding_links":[],"categories":[],"sub_categories":[],"readme":"# eee-safe\n\nA custom Threema Safe server implementation with multi-backend support.\n\n[![Test coverage](https://img.shields.io/badge/coverage-79%25-success)](https://github.com/joeig/eee-safe/tree/master/.github/testcoverage.yml)\n[![Go Report Card](https://goreportcard.com/badge/github.com/joeig/eee-safe)](https://goreportcard.com/report/github.com/joeig/eee-safe)\n\nCurrently supported backends:\n\n* DynamoDB\n* Filesystem\n\n## Client setup\n\nThreema supports third party backup servers out of the box. Simply choose \"Threema Safe\", \"Expert settings\" and deactivate \"Use default server\". You will be asked for your custom server endpoint and credentials.\n\n## Server setup\n\n### Install from source\n\nYou need `go` and `GOBIN` in your `PATH`. Once that is done, install `eee-safe` using the following command:\n\n~~~ bash\ngo install github.com/joeig/eee-safe/cmd/eee-safe@latest\n~~~\n\n### Configuration\n\nAfter that, copy [`config.dist.yml`](configs/config.dist.yml) to `config.yml`, replace the default settings and run the binary:\n\n~~~ bash\neee-safe -config=/path/to/config.yml\n~~~\n\nIf you're intending to add the application to your systemd runlevel, you may want to take a look at [`init/eee-safe.service`](init/eee-safe.service).\n\nThreema requires a valid CA certificate.\n\nChoose one of the following storage backends:\n\n| Storage backend               | DynamoDB | Filesystem |\n|-------------------------------|----------|------------|\n| Built-in TTL                  | yes      | no         |\n| Thread safe                   | yes      | no         |\n| Works without further efforts | no       | yes        |\n\n#### DynamoDB settings\n\nThis option requires a pre-configured AWS environment.\n\n##### Table settings\n\nCreate a new table with the following settings:\n\n* Table name in this example: `EEESafe`\n* Primary key: `backupID`\n* Time to live attribute: `expirationTime`\n* Turn backup functionality on if required.\n\n##### IAM\n\nRequired IAM permissions to access the DynamoDB table (change the resource ARN if necessary):\n\n~~~ json\n{\n    \"Version\": \"2012-10-17\",\n    \"Statement\": [\n        {\n            \"Sid\": \"MaintainEEESafeTable\",\n            \"Effect\": \"Allow\",\n            \"Action\": [\n                \"dynamodb:PutItem\",\n                \"dynamodb:GetItem\",\n                \"dynamodb:DeleteItem\"\n            ],\n            \"Resource\": \"arn:aws:dynamodb:eu-west-1:1234567890:table/EEESafe\"\n        }\n    ]\n}\n~~~\n\nExamples:\n\n- Provide credential files: `~/.aws/credentials` and `~/.aws/config`\n- Set credentials via environment variables:\n  ~~~ bash\n  export AWS_REGION=\"eu-west-1\"\n  export AWS_ACCESS_KEY_ID=\"Your Access Key ID\"\n  export AWS_SECRET_ACCESS_KEY=\"Your Secret Access Key\"\n  ~~~\n- Use EC2 instance roles/ECS task roles/Lambda roles/... (you should always choose this option whenever possible!)\n\nSee also: https://docs.aws.amazon.com/cli/latest/userguide/cli-chap-configure.html\n\n#### Filesystem settings\n\nThis option stores every backup in a dedicated file on the local filesystem.\n\nThis storage backend does currently **not** support thread-safety and auto-deletion of expired backups. You probably want to implement auto-deletion by using a `find` cronjob.\n\n## Troubleshooting\n\nRun `eee-safe` in debug mode in order to increase the verbosity tremendously: `-debug`\n\n## Contribution\n\nFeel free to contribute. This is the API reference: [Cryptography Whitepaper](https://threema.ch/press-files/2_documentation/cryptography_whitepaper.pdf)\n\nThis project follows the [Standard Go Project Layout](https://github.com/golang-standards/project-layout) principals.\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fjoeig%2Feee-safe","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fjoeig%2Feee-safe","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fjoeig%2Feee-safe/lists"}