{"id":13425086,"url":"https://github.com/k3s-io/k3s","last_synced_at":"2026-04-24T01:09:36.727Z","repository":{"id":37029216,"uuid":"135516270","full_name":"k3s-io/k3s","owner":"k3s-io","description":"Lightweight Kubernetes","archived":false,"fork":false,"pushed_at":"2026-02-04T01:18:17.000Z","size":588891,"stargazers_count":32071,"open_issues_count":136,"forks_count":2586,"subscribers_count":279,"default_branch":"main","last_synced_at":"2026-02-04T03:43:43.066Z","etag":null,"topics":["k8s","kubernetes"],"latest_commit_sha":null,"homepage":"https://k3s.io","language":"Go","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/k3s-io.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":"CONTRIBUTING.md","funding":null,"license":"LICENSE","code_of_conduct":"CODE_OF_CONDUCT.md","threat_model":null,"audit":null,"citation":null,"codeowners":"CODEOWNERS","security":".github/SECURITY.md","support":null,"governance":"GOVERNANCE.md","roadmap":"ROADMAP.md","authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":"MAINTAINERS","copyright":null,"agents":null,"dco":"DCO","cla":null}},"created_at":"2018-05-31T01:37:46.000Z","updated_at":"2026-02-04T03:38:36.000Z","dependencies_parsed_at":"2026-01-02T16:02:38.472Z","dependency_job_id":null,"html_url":"https://github.com/k3s-io/k3s","commit_stats":{"total_commits":2031,"total_committers":215,"mean_commits":9.446511627906977,"dds":0.7833579517479075,"last_synced_commit":"f076080b2b5320446cb18f2ea6884be6c4f7780c"},"previous_names":["rancher/k3s","ibuildthecloud/k3s"],"tags_count":1006,"template":false,"template_full_name":null,"purl":"pkg:github/k3s-io/k3s","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/k3s-io%2Fk3s","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/k3s-io%2Fk3s/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/k3s-io%2Fk3s/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/k3s-io%2Fk3s/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/k3s-io","download_url":"https://codeload.github.com/k3s-io/k3s/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/k3s-io%2Fk3s/sbom","scorecard":{"id":546449,"data":{"date":"2025-08-15T12:38:29Z","repo":{"name":"github.com/k3s-io/k3s","commit":"e7dd3b7e7e4df0eb2da8ba31d331e95899650165"},"scorecard":{"version":"v5.2.1","commit":"ab2f6e92482462fe66246d9e32f642855a691dc1"},"score":8.2,"checks":[{"name":"Code-Review","score":10,"reason":"all changesets reviewed","details":null,"documentation":{"short":"Determines if the project requires human code review before pull requests (aka merge requests) are merged.","url":"https://github.com/ossf/scorecard/blob/ab2f6e92482462fe66246d9e32f642855a691dc1/docs/checks.md#code-review"}},{"name":"Dependency-Update-Tool","score":10,"reason":"update tool detected","details":["Info: detected update tool: Dependabot: .github/dependabot.yml:1"],"documentation":{"short":"Determines if the project uses a dependency update tool.","url":"https://github.com/ossf/scorecard/blob/ab2f6e92482462fe66246d9e32f642855a691dc1/docs/checks.md#dependency-update-tool"}},{"name":"Maintained","score":10,"reason":"30 commit(s) and 23 issue activity found in the last 90 days -- score normalized to 10","details":null,"documentation":{"short":"Determines if the project is \"actively maintained\".","url":"https://github.com/ossf/scorecard/blob/ab2f6e92482462fe66246d9e32f642855a691dc1/docs/checks.md#maintained"}},{"name":"Security-Policy","score":10,"reason":"security policy file detected","details":["Info: security policy file detected: .github/SECURITY.md:1","Info: Found linked content: .github/SECURITY.md:1","Info: Found disclosure, vulnerability, and/or timelines in security policy: .github/SECURITY.md:1","Info: Found text in security policy: .github/SECURITY.md:1"],"documentation":{"short":"Determines if the project has published a security policy.","url":"https://github.com/ossf/scorecard/blob/ab2f6e92482462fe66246d9e32f642855a691dc1/docs/checks.md#security-policy"}},{"name":"Dangerous-Workflow","score":10,"reason":"no dangerous workflow patterns detected","details":null,"documentation":{"short":"Determines if the project's GitHub Action workflows avoid dangerous patterns.","url":"https://github.com/ossf/scorecard/blob/ab2f6e92482462fe66246d9e32f642855a691dc1/docs/checks.md#dangerous-workflow"}},{"name":"Binary-Artifacts","score":10,"reason":"no binaries found in the repo","details":null,"documentation":{"short":"Determines if the project has generated executable (binary) artifacts in the source repository.","url":"https://github.com/ossf/scorecard/blob/ab2f6e92482462fe66246d9e32f642855a691dc1/docs/checks.md#binary-artifacts"}},{"name":"Token-Permissions","score":10,"reason":"GitHub workflow tokens follow principle of least privilege","details":["Info: jobLevel 'contents' permission set to 'read': .github/workflows/e2e.yaml:33","Warn: jobLevel 'packages' permission set to 'write': .github/workflows/e2e.yaml:34","Info: jobLevel 'contents' permission set to 'read': .github/workflows/e2e.yaml:41","Warn: jobLevel 'packages' permission set to 'write': .github/workflows/e2e.yaml:42","Warn: jobLevel 'contents' permission set to 'write': .github/workflows/release.yml:107","Warn: jobLevel 'contents' permission set to 'write': .github/workflows/release.yml:158","Warn: jobLevel 'contents' permission set to 'write': .github/workflows/stale.yml:13","Warn: jobLevel 'contents' permission set to 'write': .github/workflows/trivy-scan.yml:17","Warn: jobLevel 'contents' permission set to 'write': .github/workflows/updatecli.yaml:17","Info: topLevel 'contents' permission set to 'read': .github/workflows/build-k3s.yaml:24","Info: topLevel 'contents' permission set to 'read': .github/workflows/codeql.yml:9","Info: topLevel 'contents' permission set to 'read': .github/workflows/e2e.yaml:28","Info: topLevel 'contents' permission set to 'read': .github/workflows/epic.yaml:7","Info: topLevel permissions set to 'read-all': .github/workflows/govulncheck.yml:10","Info: topLevel 'contents' permission set to 'read': .github/workflows/install.yaml:20","Info: topLevel 'contents' permission set to 'read': .github/workflows/integration.yaml:26","Info: topLevel 'contents' permission set to 'read': .github/workflows/nightly-install.yaml:8","Info: topLevel 'contents' permission set to 'read': .github/workflows/release.yml:8","Info: topLevel 'packages' permission set to 'read': .github/workflows/release.yml:9","Info: topLevel permissions set to 'read-all': .github/workflows/scorecard.yml:18","Info: topLevel 'contents' permission set to 'read': .github/workflows/stale.yml:7","Info: topLevel 'contents' permission set to 'read': .github/workflows/trivy-scan.yml:10","Info: topLevel 'contents' permission set to 'read': .github/workflows/trivy-trigger.yml:14","Info: topLevel 'contents' permission set to 'read': .github/workflows/unitcoverage.yaml:26","Info: topLevel 'contents' permission set to 'read': .github/workflows/updatecli.yaml:11"],"documentation":{"short":"Determines if the project's workflows follow the principle of least privilege.","url":"https://github.com/ossf/scorecard/blob/ab2f6e92482462fe66246d9e32f642855a691dc1/docs/checks.md#token-permissions"}},{"name":"CII-Best-Practices","score":5,"reason":"badge detected: Passing","details":null,"documentation":{"short":"Determines if the project has an OpenSSF (formerly CII) Best Practices Badge.","url":"https://github.com/ossf/scorecard/blob/ab2f6e92482462fe66246d9e32f642855a691dc1/docs/checks.md#cii-best-practices"}},{"name":"SAST","score":7,"reason":"SAST tool detected but not run on all commits","details":["Info: SAST configuration detected: CodeQL","Warn: 0 commits out of 30 are checked with a SAST tool"],"documentation":{"short":"Determines if the project uses static code analysis.","url":"https://github.com/ossf/scorecard/blob/ab2f6e92482462fe66246d9e32f642855a691dc1/docs/checks.md#sast"}},{"name":"License","score":10,"reason":"license file detected","details":["Info: project has a license file: LICENSE:0","Info: FSF or OSI recognized license: Apache License 2.0: LICENSE:0"],"documentation":{"short":"Determines if the project has defined a license.","url":"https://github.com/ossf/scorecard/blob/ab2f6e92482462fe66246d9e32f642855a691dc1/docs/checks.md#license"}},{"name":"Signed-Releases","score":0,"reason":"Project has not signed or included provenance with any releases.","details":["Warn: release artifact v1.33.4-rc1+k3s1 not signed: https://api.github.com/repos/k3s-io/k3s/releases/240102814","Warn: release artifact v1.32.8-rc1+k3s1 not signed: https://api.github.com/repos/k3s-io/k3s/releases/240102847","Warn: release artifact v1.31.12-rc1+k3s1 not signed: https://api.github.com/repos/k3s-io/k3s/releases/240102863","Warn: release artifact v1.30.14+k3s2 not signed: https://api.github.com/repos/k3s-io/k3s/releases/235337356","Warn: release artifact v1.30.14-rc1+k3s2 not signed: https://api.github.com/repos/k3s-io/k3s/releases/234008425","Warn: release artifact v1.33.4-rc1+k3s1 does not have provenance: https://api.github.com/repos/k3s-io/k3s/releases/240102814","Warn: release artifact v1.32.8-rc1+k3s1 does not have provenance: https://api.github.com/repos/k3s-io/k3s/releases/240102847","Warn: release artifact v1.31.12-rc1+k3s1 does not have provenance: https://api.github.com/repos/k3s-io/k3s/releases/240102863","Warn: release artifact v1.30.14+k3s2 does not have provenance: https://api.github.com/repos/k3s-io/k3s/releases/235337356","Warn: release artifact v1.30.14-rc1+k3s2 does not have provenance: https://api.github.com/repos/k3s-io/k3s/releases/234008425"],"documentation":{"short":"Determines if the project cryptographically signs release artifacts.","url":"https://github.com/ossf/scorecard/blob/ab2f6e92482462fe66246d9e32f642855a691dc1/docs/checks.md#signed-releases"}},{"name":"Pinned-Dependencies","score":0,"reason":"dependency not pinned by hash detected -- score normalized to 0","details":["Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build-k3s.yaml:37: update your workflow using https://app.stepsecurity.io/secureworkflow/k3s-io/k3s/build-k3s.yaml/master?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/build-k3s.yaml:41: update your workflow using https://app.stepsecurity.io/secureworkflow/k3s-io/k3s/build-k3s.yaml/master?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/build-k3s.yaml:46: update your workflow using https://app.stepsecurity.io/secureworkflow/k3s-io/k3s/build-k3s.yaml/master?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/build-k3s.yaml:63: update your workflow using https://app.stepsecurity.io/secureworkflow/k3s-io/k3s/build-k3s.yaml/master?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/build-k3s.yaml:84: update your workflow using https://app.stepsecurity.io/secureworkflow/k3s-io/k3s/build-k3s.yaml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build-k3s.yaml:123: update your workflow using https://app.stepsecurity.io/secureworkflow/k3s-io/k3s/build-k3s.yaml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/codeql.yml:29: update your workflow using https://app.stepsecurity.io/secureworkflow/k3s-io/k3s/codeql.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/codeql.yml:33: update your workflow using https://app.stepsecurity.io/secureworkflow/k3s-io/k3s/codeql.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/codeql.yml:47: update your workflow using https://app.stepsecurity.io/secureworkflow/k3s-io/k3s/codeql.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/e2e.yaml:58: update your workflow using https://app.stepsecurity.io/secureworkflow/k3s-io/k3s/e2e.yaml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/e2e.yaml:65: update your workflow using https://app.stepsecurity.io/secureworkflow/k3s-io/k3s/e2e.yaml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/e2e.yaml:72: update your workflow using https://app.stepsecurity.io/secureworkflow/k3s-io/k3s/e2e.yaml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/e2e.yaml:86: update your workflow using https://app.stepsecurity.io/secureworkflow/k3s-io/k3s/e2e.yaml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/e2e.yaml:99: update your workflow using https://app.stepsecurity.io/secureworkflow/k3s-io/k3s/e2e.yaml/master?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/e2e.yaml:106: update your workflow using https://app.stepsecurity.io/secureworkflow/k3s-io/k3s/e2e.yaml/master?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/e2e.yaml:112: update your workflow using https://app.stepsecurity.io/secureworkflow/k3s-io/k3s/e2e.yaml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/e2e.yaml:129: update your workflow using https://app.stepsecurity.io/secureworkflow/k3s-io/k3s/e2e.yaml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/e2e.yaml:137: update your workflow using https://app.stepsecurity.io/secureworkflow/k3s-io/k3s/e2e.yaml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/e2e.yaml:182: update your workflow using https://app.stepsecurity.io/secureworkflow/k3s-io/k3s/e2e.yaml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/e2e.yaml:184: update your workflow using https://app.stepsecurity.io/secureworkflow/k3s-io/k3s/e2e.yaml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/e2e.yaml:198: update your workflow using https://app.stepsecurity.io/secureworkflow/k3s-io/k3s/e2e.yaml/master?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/epic.yaml:17: update your workflow using https://app.stepsecurity.io/secureworkflow/k3s-io/k3s/epic.yaml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/govulncheck.yml:18: update your workflow using https://app.stepsecurity.io/secureworkflow/k3s-io/k3s/govulncheck.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/install.yaml:42: update your workflow using https://app.stepsecurity.io/secureworkflow/k3s-io/k3s/install.yaml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/install.yaml:47: update your workflow using https://app.stepsecurity.io/secureworkflow/k3s-io/k3s/install.yaml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/install.yaml:55: update your workflow using https://app.stepsecurity.io/secureworkflow/k3s-io/k3s/install.yaml/master?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/install.yaml:103: update your workflow using https://app.stepsecurity.io/secureworkflow/k3s-io/k3s/install.yaml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/integration.yaml:52: update your workflow using https://app.stepsecurity.io/secureworkflow/k3s-io/k3s/integration.yaml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/integration.yaml:58: update your workflow using https://app.stepsecurity.io/secureworkflow/k3s-io/k3s/integration.yaml/master?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/integration.yaml:68: update your workflow using https://app.stepsecurity.io/secureworkflow/k3s-io/k3s/integration.yaml/master?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/integration.yaml:76: update your workflow using https://app.stepsecurity.io/secureworkflow/k3s-io/k3s/integration.yaml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/integration.yaml:91: update your workflow using https://app.stepsecurity.io/secureworkflow/k3s-io/k3s/integration.yaml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/integration.yaml:96: update your workflow using https://app.stepsecurity.io/secureworkflow/k3s-io/k3s/integration.yaml/master?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/integration.yaml:123: update your workflow using https://app.stepsecurity.io/secureworkflow/k3s-io/k3s/integration.yaml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/nightly-install.yaml:28: update your workflow using https://app.stepsecurity.io/secureworkflow/k3s-io/k3s/nightly-install.yaml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/nightly-install.yaml:33: update your workflow using https://app.stepsecurity.io/secureworkflow/k3s-io/k3s/nightly-install.yaml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release.yml:163: update your workflow using https://app.stepsecurity.io/secureworkflow/k3s-io/k3s/release.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release.yml:166: update your workflow using https://app.stepsecurity.io/secureworkflow/k3s-io/k3s/release.yml/master?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/release.yml:188: update your workflow using https://app.stepsecurity.io/secureworkflow/k3s-io/k3s/release.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release.yml:40: update your workflow using https://app.stepsecurity.io/secureworkflow/k3s-io/k3s/release.yml/master?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/release.yml:43: update your workflow using https://app.stepsecurity.io/secureworkflow/k3s-io/k3s/release.yml/master?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/release.yml:46: update your workflow using https://app.stepsecurity.io/secureworkflow/k3s-io/k3s/release.yml/master?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/release.yml:72: update your workflow using https://app.stepsecurity.io/secureworkflow/k3s-io/k3s/release.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release.yml:80: update your workflow using https://app.stepsecurity.io/secureworkflow/k3s-io/k3s/release.yml/master?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/release.yml:92: update your workflow using https://app.stepsecurity.io/secureworkflow/k3s-io/k3s/release.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release.yml:114: update your workflow using https://app.stepsecurity.io/secureworkflow/k3s-io/k3s/release.yml/master?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/release.yml:117: update your workflow using https://app.stepsecurity.io/secureworkflow/k3s-io/k3s/release.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release.yml:131: update your workflow using https://app.stepsecurity.io/secureworkflow/k3s-io/k3s/release.yml/master?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/release.yml:137: update your workflow using https://app.stepsecurity.io/secureworkflow/k3s-io/k3s/release.yml/master?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/release.yml:148: update your workflow using https://app.stepsecurity.io/secureworkflow/k3s-io/k3s/release.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/scorecard.yml:77: update your workflow using https://app.stepsecurity.io/secureworkflow/k3s-io/k3s/scorecard.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/stale.yml:16: update your workflow using https://app.stepsecurity.io/secureworkflow/k3s-io/k3s/stale.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/trivy-scan.yml:25: update your workflow using https://app.stepsecurity.io/secureworkflow/k3s-io/k3s/trivy-scan.yml/master?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/trivy-scan.yml:61: update your workflow using https://app.stepsecurity.io/secureworkflow/k3s-io/k3s/trivy-scan.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/trivy-scan.yml:72: update your workflow using https://app.stepsecurity.io/secureworkflow/k3s-io/k3s/trivy-scan.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/trivy-scan.yml:88: update your workflow using https://app.stepsecurity.io/secureworkflow/k3s-io/k3s/trivy-scan.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/trivy-trigger.yml:22: update your workflow using https://app.stepsecurity.io/secureworkflow/k3s-io/k3s/trivy-trigger.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/trivy-trigger.yml:49: update your workflow using https://app.stepsecurity.io/secureworkflow/k3s-io/k3s/trivy-trigger.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/trivy-trigger.yml:64: update your workflow using https://app.stepsecurity.io/secureworkflow/k3s-io/k3s/trivy-trigger.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/unitcoverage.yaml:85: update your workflow using https://app.stepsecurity.io/secureworkflow/k3s-io/k3s/unitcoverage.yaml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/unitcoverage.yaml:35: update your workflow using https://app.stepsecurity.io/secureworkflow/k3s-io/k3s/unitcoverage.yaml/master?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/unitcoverage.yaml:46: update your workflow using https://app.stepsecurity.io/secureworkflow/k3s-io/k3s/unitcoverage.yaml/master?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/unitcoverage.yaml:50: update your workflow using https://app.stepsecurity.io/secureworkflow/k3s-io/k3s/unitcoverage.yaml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/unitcoverage.yaml:62: update your workflow using https://app.stepsecurity.io/secureworkflow/k3s-io/k3s/unitcoverage.yaml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/unitcoverage.yaml:66: update your workflow using https://app.stepsecurity.io/secureworkflow/k3s-io/k3s/unitcoverage.yaml/master?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/unitcoverage.yaml:74: update your workflow using https://app.stepsecurity.io/secureworkflow/k3s-io/k3s/unitcoverage.yaml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/updatecli.yaml:23: update your workflow using https://app.stepsecurity.io/secureworkflow/k3s-io/k3s/updatecli.yaml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/updatecli.yaml:26: update your workflow using https://app.stepsecurity.io/secureworkflow/k3s-io/k3s/updatecli.yaml/master?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/updatecli.yaml:39: update your workflow using https://app.stepsecurity.io/secureworkflow/k3s-io/k3s/updatecli.yaml/master?enable=pin","Warn: containerImage not pinned by hash: Dockerfile.dapper:2","Warn: containerImage not pinned by hash: Dockerfile.local:2","Warn: containerImage not pinned by hash: Dockerfile.local:28","Warn: containerImage not pinned by hash: Dockerfile.local:44","Warn: containerImage not pinned by hash: Dockerfile.local:53","Warn: containerImage not pinned by hash: Dockerfile.manifest:2","Warn: containerImage not pinned by hash: Dockerfile.test:2","Warn: containerImage not pinned by hash: Dockerfile.test:10","Warn: containerImage not pinned by hash: Dockerfile.test:15","Warn: containerImage not pinned by hash: Dockerfile.test:37","Warn: containerImage not pinned by hash: package/Dockerfile:1","Warn: containerImage not pinned by hash: tests/e2e/scripts/Dockerfile:1: pin your Docker image by updating ubuntu:24.04 to ubuntu:24.04@sha256:7c06e91f61fa88c08cc74f7e1b7c69ae24910d745357e0dfe1d2c0322aaf20f9","Warn: containerImage not pinned by hash: tests/integration/Dockerfile.test:1: pin your Docker image by updating golang:buster to golang:buster@sha256:eb3f9ac805435c1b2c965d63ce460988e1000058e1f67881324746362baf9572","Warn: goCommand not pinned by hash: Dockerfile.dapper:31","Warn: downloadThenRun not pinned by hash: Dockerfile.dapper:37-39","Warn: goCommand not pinned by hash: Dockerfile.local:14","Warn: downloadThenRun not pinned by hash: Dockerfile.local:17-19","Warn: downloadThenRun not pinned by hash: tests/integration/Dockerfile.test:5-7","Warn: goCommand not pinned by hash: tests/integration/Dockerfile.test:16","Warn: goCommand not pinned by hash: tests/integration/Dockerfile.test:17","Warn: goCommand not pinned by hash: .github/workflows/govulncheck.yml:27","Info:   2 out of  47 GitHub-owned GitHubAction dependencies pinned","Info:   1 out of  25 third-party GitHubAction dependencies pinned","Info:   0 out of  13 containerImage dependencies pinned","Info:   0 out of   5 goCommand dependencies pinned","Info:   0 out of   3 downloadThenRun dependencies pinned"],"documentation":{"short":"Determines if the project has declared and pinned the dependencies of its build process.","url":"https://github.com/ossf/scorecard/blob/ab2f6e92482462fe66246d9e32f642855a691dc1/docs/checks.md#pinned-dependencies"}},{"name":"Branch-Protection","score":-1,"reason":"internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by personal access token","details":null,"documentation":{"short":"Determines if the default and release branches are protected with GitHub's branch protection settings.","url":"https://github.com/ossf/scorecard/blob/ab2f6e92482462fe66246d9e32f642855a691dc1/docs/checks.md#branch-protection"}},{"name":"Packaging","score":10,"reason":"packaging workflow detected","details":["Info: Project packages its releases by way of GitHub Actions.: .github/workflows/release.yml:32"],"documentation":{"short":"Determines if the project is published as a package that others can easily download, install, easily update, and uninstall.","url":"https://github.com/ossf/scorecard/blob/ab2f6e92482462fe66246d9e32f642855a691dc1/docs/checks.md#packaging"}},{"name":"Vulnerabilities","score":7,"reason":"3 existing vulnerabilities detected","details":["Warn: Project is vulnerable to: GO-2025-3829 / GHSA-4vq8-7jfc-9cvp","Warn: Project is vulnerable to: GO-2024-3218","Warn: Project is vulnerable to: GO-2025-3748 / GHSA-f26w-gh5m-qq77"],"documentation":{"short":"Determines if the project has open, known unfixed vulnerabilities.","url":"https://github.com/ossf/scorecard/blob/ab2f6e92482462fe66246d9e32f642855a691dc1/docs/checks.md#vulnerabilities"}},{"name":"Fuzzing","score":10,"reason":"project is fuzzed","details":["Info: GoBuiltInFuzzer integration found: pkg/authenticator/hash/scrypt_test.go:41"],"documentation":{"short":"Determines if the project uses fuzzing.","url":"https://github.com/ossf/scorecard/blob/ab2f6e92482462fe66246d9e32f642855a691dc1/docs/checks.md#fuzzing"}},{"name":"CI-Tests","score":8,"reason":"22 out of 27 merged PRs checked by a CI test -- score normalized to 8","details":null,"documentation":{"short":"Determines if the project runs tests before pull requests are merged.","url":"https://github.com/ossf/scorecard/blob/ab2f6e92482462fe66246d9e32f642855a691dc1/docs/checks.md#ci-tests"}},{"name":"Contributors","score":10,"reason":"project has 42 contributing companies or organizations","details":["Info: found contributions from: ClangBuiltLinux, NIV-DEVELOPER, SUSE, acorn labs, acorn-io, aind-containers, anza-xyz, axiscommunications, aya-rs, cilium, containerbuilding, containerd, dwavesystems, exein-io, fiuskylab, flannel-io, go-phoenix-chandler, hobbyfarm, k3s-io, k3s-io | @rancher | suse, kubernetes, kubernetes-sigs, lima-vm, lockc-project, moby, netgroup-polito, ntt, ntt-developers, opencontainers, osrg, principal engineer at akamai, rancher, rancher @suse @k3s-io, rancherfederal, rancherlabs, reproducible-containers, rootless-containers, submariner-io, suse, suse @rancher, suse rancher labs, wordfence"],"documentation":{"short":"Determines if the project has a set of contributors from multiple organizations (e.g., companies).","url":"https://github.com/ossf/scorecard/blob/ab2f6e92482462fe66246d9e32f642855a691dc1/docs/checks.md#contributors"}}]},"last_synced_at":"2025-08-20T09:39:33.280Z","repository_id":37029216,"created_at":"2025-08-20T09:39:33.280Z","updated_at":"2025-08-20T09:39:33.280Z"},"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":29347412,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-02-11T20:11:40.865Z","status":"ssl_error","status_checked_at":"2026-02-11T20:10:41.637Z","response_time":97,"last_error":"SSL_connect returned=1 errno=0 peeraddr=140.82.121.5:443 state=error: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["k8s","kubernetes"],"created_at":"2024-07-31T00:01:04.274Z","updated_at":"2026-02-11T22:01:43.917Z","avatar_url":"https://github.com/k3s-io.png","language":"Go","funding_links":[],"categories":["Go","HarmonyOS","Kubernetes","kubernetes","Uncategorized","Software Packages","Back-End Development","软件包","Go Tools","Edge \u0026 IoT","Kubernetes Operations","cli"],"sub_categories":["Windows Manager","Distributions","Uncategorized","Kubernetes Distributions","DevOps Tools","DevOps 工具","Streaming Operations","collection"],"readme":"K3s - Lightweight Kubernetes\n===============================================\n[![FOSSA Status](https://app.fossa.com/api/projects/custom%2B25850%2Fgithub.com%2Fk3s-io%2Fk3s.svg?type=shield)](https://app.fossa.com/projects/custom%2B25850%2Fgithub.com%2Fk3s-io%2Fk3s?ref=badge_shield)\n[![Nightly CI](https://github.com/k3s-io/k3s/actions/workflows/nightly-install.yaml/badge.svg)](https://github.com/k3s-io/k3s/actions/workflows/nightly-install.yaml)\n[![Build Status](https://drone-publish.k3s.io/api/badges/k3s-io/k3s/status.svg)](https://drone-publish.k3s.io/k3s-io/k3s)\n[![Integration Test Coverage](https://github.com/k3s-io/k3s/actions/workflows/integration.yaml/badge.svg)](https://github.com/k3s-io/k3s/actions/workflows/integration.yaml)\n[![Unit Test Coverage](https://github.com/k3s-io/k3s/actions/workflows/unitcoverage.yaml/badge.svg)](https://github.com/k3s-io/k3s/actions/workflows/unitcoverage.yaml)\n[![OpenSSF Best Practices](https://www.bestpractices.dev/projects/6835/badge)](https://www.bestpractices.dev/projects/6835)\n[![OpenSSF Scorecard](https://api.scorecard.dev/projects/github.com/k3s-io/k3s/badge)](https://scorecard.dev/viewer/?uri=github.com/k3s-io/k3s)\n[![Releases](https://img.shields.io/github/downloads/k3s-io/k3s/total.svg)](https://github.com/k3s-io/k3s/tags?label=Downloads)\n[![CLOMonitor](https://img.shields.io/endpoint?url=https://clomonitor.io/api/projects/cncf/k3s/badge)](https://clomonitor.io/projects/cncf/k3s)\n\nLightweight Kubernetes.  Production ready, easy to install, half the memory, all in a binary less than 100 MB.\n\nGreat for:\n\n* Edge\n* IoT\n* CI\n* Development\n* ARM\n* Embedding k8s\n* Situations where a PhD in k8s clusterology is infeasible\n\nWhat is this?\n---\n\nK3s is a [fully conformant](https://github.com/cncf/k8s-conformance/pulls?q=is%3Apr+k3s) production-ready Kubernetes distribution with the following changes:\n\n1. It is packaged as a single binary.\n1. It adds support for sqlite3 as the default storage backend. Etcd3, MariaDB, MySQL, and Postgres are also supported.\n1. It wraps Kubernetes and other components in a single, simple launcher.\n1. It is secure by default with reasonable defaults for lightweight environments.\n1. It has minimal to no OS dependencies (just a sane kernel and cgroup mounts needed).\n1. It eliminates the need to expose a port on Kubernetes worker nodes for the kubelet API by exposing this API to the Kubernetes control plane nodes over a websocket tunnel.\n\nK3s bundles the following technologies together into a single cohesive distribution:\n\n* [Containerd](https://containerd.io/) \u0026 [runc](https://github.com/opencontainers/runc)\n* [Flannel](https://github.com/flannel-io/flannel) for CNI\n* [CoreDNS](https://coredns.io/)\n* [Metrics Server](https://github.com/kubernetes-sigs/metrics-server)\n* [Traefik](https://containo.us/traefik/) for ingress\n* [Klipper-lb](https://github.com/k3s-io/klipper-lb) as an embedded service load balancer provider\n* [Kube-router](https://www.kube-router.io/) netpol controller for network policy\n* [Helm-controller](https://github.com/k3s-io/helm-controller) to allow for CRD-driven deployment of helm manifests\n* [Kine](https://github.com/k3s-io/kine) as a datastore shim that allows etcd to be replaced with other databases\n* [Local-path-provisioner](https://github.com/rancher/local-path-provisioner) for provisioning volumes using local storage\n* [Host utilities](https://github.com/k3s-io/k3s-root) such as iptables/nftables, ebtables, ethtool, \u0026 socat\n\nThese technologies can be disabled or swapped out for technologies of your choice.\n\nAdditionally, K3s simplifies Kubernetes operations by maintaining functionality for:\n\n* Managing the TLS certificates of Kubernetes components\n* Managing the connection between worker and server nodes\n* Auto-deploying Kubernetes resources from local manifests in realtime as they are changed.\n* Managing an embedded etcd cluster\n\nWhat's with the name?\n--------------------\n\nWe wanted an installation of Kubernetes that was half the size in terms of memory footprint. Kubernetes is a\n10 letter word stylized as k8s. So something half as big as Kubernetes would be a 5 letter word stylized as\nK3s. A '3' is also an '8' cut in half vertically. There is neither a long-form of K3s nor official pronunciation.\n\nIs this a fork?\n---------------\n\nNo, it's a distribution. A fork implies continued divergence from the original. This is not K3s's goal or practice. K3s explicitly intends not to change any core Kubernetes functionality. We seek to remain as close to upstream Kubernetes as possible. However, we maintain a small set of patches (well under 1000 lines) important to K3s's use case and deployment model. We maintain patches for other components as well. When possible, we contribute these changes back to the upstream projects, for example, with [SELinux support in containerd](https://github.com/containerd/cri/pull/1487/commits/24209b91bf361e131478d15cfea1ab05694dc3eb). This is a common practice amongst software distributions.\n\nK3s is a distribution because it packages additional components and services necessary for a fully functional cluster that go beyond vanilla Kubernetes. These are opinionated choices on technologies for components like ingress, storage class, network policy, service load balancer, and even container runtime. These choices and technologies are touched on in more detail in the [What is this?](#what-is-this) section.\n\nHow is this lightweight or smaller than upstream Kubernetes?\n---\n\nThere are two major ways that K3s is lighter weight than upstream Kubernetes:\n1. The memory footprint to run it is smaller\n2. The binary, which contains all the non-containerized components needed to run a cluster, is smaller\n\nThe memory footprint is reduced primarily by running many components inside of a single process. This eliminates significant overhead that would otherwise be duplicated for each component.\n\nThe binary is smaller by removing third-party storage drivers and cloud providers, explained in more detail below.\n\nWhat have you removed from upstream Kubernetes?\n---\n\nThis is a common point of confusion because it has changed over time. Early versions of K3s had much more removed than the current version. K3s currently removes two things:\n\n1. In-tree storage drivers\n1. In-tree cloud provider\n\nBoth of these have out-of-tree alternatives in the form of [CSI](https://github.com/container-storage-interface/spec/blob/master/spec.md) and [CCM](https://kubernetes.io/docs/tasks/administer-cluster/running-cloud-controller/), which work in K3s and which upstream is moving towards.\n\nWe remove these to achieve a smaller binary size. They can be removed while remaining conformant because neither affects core Kubernetes functionality. They are also dependent on third-party cloud or data center technologies/services, which may not be available in many K3s' use cases.\n\nGetting Started\n---\n- [Quick Install](https://docs.k3s.io/quick-start)\n- [Architecture](https://docs.k3s.io/architecture)\n- [FAQ](https://docs.k3s.io/faq)\n- [Contribute](CONTRIBUTING.md)\n\nCommunity\n---\n- ### Slack\n\nJoin [Slack](https://slack.rancher.io/) to chat with K3s developers and other K3s users. Great place to learn and ask questions: [#k3s](https://rancher-users.slack.com/archives/CGGQEHPPW) and [#k3s-contributor](https://rancher-users.slack.com/archives/CGXR87T8B) and [#k3s](https://cloud-native.slack.com/archives/C0196ULKX8S) channel in [CNCF Slack](https://cloud-native.slack.com)\n\n- ### Getting involved\n[GitHub Issues](https://github.com/k3s-io/k3s/issues) - Submit your issues and feature requests via GitHub.\n\n- ### Community Meetings and Office hours\nThe K3s developer community hangs out on Zoom to chat. Everybody is welcome.\n\n**Add the [Linux Foundation iCal](https://webcal.prod.itx.linuxfoundation.org/lfx/a092M00001IkYIjQAN) to your calendar**: \n- AMS/EMEA TZ 10:00 am PST - every *second* Tuesday of the month\n- EMEA/APAC TimeZone friendly - every *third* Tuesday of the month\n\n**Meeting notes and agenda**: https://hackmd.io/@k3s/meet-notes/\n\n**Meeting recordings**: [K3s Channel](https://www.youtube.com/watch?v=HRuJROA6Z3k\u0026list=PLlBG85HKlLE9KFDqJ_K6NOpup-zVw8ANl\u0026pp=gAQB)\n\nYou can check also the full details on the website: https://k3s.io/community\n\n\nWhat's next?\n---\n\nCheck out our [roadmap](ROADMAP.md) to see what we have planned moving forward.\n\nRelease cadence\n---\n\nK3s maintains pace with upstream Kubernetes releases. Our goal is to release patch releases within one week, and new minors within 30 days.\n\nOur release versioning reflects the version of upstream Kubernetes that is being released. For example, the K3s release [v1.27.4+k3s1](https://github.com/k3s-io/k3s/releases/tag/v1.27.4%2Bk3s1) maps to the `v1.27.4` Kubernetes release. We add a postfix in the form of `+k3s\u003cnumber\u003e` to allow us to make additional releases using the same version of upstream Kubernetes while remaining [semver](https://semver.org/) compliant. For example, if we discovered a high severity bug in `v1.27.4+k3s1` and needed to release an immediate fix for it, we would release `v1.27.4+k3s2`.\n\nDocumentation\n-------------\n\nPlease see [the official docs site](https://docs.k3s.io) for complete documentation.\n\nQuick-Start - Install Script\n--------------\n\nThe `install.sh` script provides a convenient way to download K3s and add a service to systemd or openrc.\n\nTo install k3s as a service, run:\n\n```bash\ncurl -sfL https://get.k3s.io | sh -\n```\n\nA kubeconfig file is written to `/etc/rancher/k3s/k3s.yaml` and the service is automatically started or restarted.\nThe install script will install K3s and additional utilities, such as `kubectl`, `crictl`, `k3s-killall.sh`, and `k3s-uninstall.sh`, for example:\n\n```bash\nsudo kubectl get nodes\n```\n\n`K3S_TOKEN` is created at `/var/lib/rancher/k3s/server/node-token` on your server.\nTo install on worker nodes, pass `K3S_URL` along with\n`K3S_TOKEN` environment variables, for example:\n\n```bash\ncurl -sfL https://get.k3s.io | K3S_URL=https://myserver:6443 K3S_TOKEN=XXX sh -\n```\n\nManual Download\n---------------\n\n1. Download `k3s` from latest [release](https://github.com/k3s-io/k3s/releases/latest), x86_64, armhf, arm64 and s390x are supported.\n1. Run the server.\n\n```bash\nsudo k3s server \u0026\n# Kubeconfig is written to /etc/rancher/k3s/k3s.yaml\nsudo k3s kubectl get nodes\n\n# On a different node run the below. NODE_TOKEN comes from\n# /var/lib/rancher/k3s/server/node-token on your server\nsudo k3s agent --server https://myserver:6443 --token ${NODE_TOKEN}\n```\n\nContributing\n------------\n\nPlease check out our [contributing guide](CONTRIBUTING.md) if you're interested in contributing to K3s.\n\nSecurity\n--------\n\nSecurity issues in K3s can be reported by sending an email to [security@k3s.io](mailto:security@k3s.io).\nPlease do not file issues about security issues.\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fk3s-io%2Fk3s","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fk3s-io%2Fk3s","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fk3s-io%2Fk3s/lists"}