{"id":13580413,"url":"https://github.com/kanidm/kanidm","last_synced_at":"2026-05-07T04:03:18.884Z","repository":{"id":36971521,"uuid":"168782501","full_name":"kanidm/kanidm","owner":"kanidm","description":"Kanidm: A simple, secure, and fast identity management platform","archived":false,"fork":false,"pushed_at":"2026-05-01T07:22:07.000Z","size":174163,"stargazers_count":4892,"open_issues_count":242,"forks_count":319,"subscribers_count":22,"default_branch":"master","last_synced_at":"2026-05-01T09:35:07.648Z","etag":null,"topics":["authentication","iam","identity","identity-management","idm","ldap","oidc","radius","rust","scim","security","ssh-authentication","webauthn"],"latest_commit_sha":null,"homepage":"https://kanidm.com","language":"Rust","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mpl-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/kanidm.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE.md","code_of_conduct":"CODE_OF_CONDUCT.md","threat_model":null,"audit":null,"citation":null,"codeowners":"CODEOWNERS","security":"SECURITY.md","support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":"AGENTS.md","dco":null,"cla":null}},"created_at":"2019-02-02T01:41:26.000Z","updated_at":"2026-05-01T09:29:29.000Z","dependencies_parsed_at":"2023-09-29T03:41:50.284Z","dependency_job_id":"23965211-15bc-406f-979a-c9945db8c595","html_url":"https://github.com/kanidm/kanidm","commit_stats":{"total_commits":2190,"total_committers":94,"mean_commits":23.29787234042553,"dds":0.6141552511415524,"last_synced_commit":"6c3b8500a230a9c2463ea2d51a3cb93fde7d18c7"},"previous_names":[],"tags_count":93,"template":false,"template_full_name":null,"purl":"pkg:github/kanidm/kanidm","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/kanidm%2Fkanidm","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/kanidm%2Fkanidm/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/kanidm%2Fkanidm/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/kanidm%2Fkanidm/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/kanidm","download_url":"https://codeload.github.com/kanidm/kanidm/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/kanidm%2Fkanidm/sbom","scorecard":{"id":435013,"data":{"date":"2025-08-11","repo":{"name":"github.com/kanidm/kanidm","commit":"070d1c9599d2e160732c7a7dee4cf98ae38bea69"},"scorecard":{"version":"v5.2.1-40-gf6ed084d","commit":"f6ed084d17c9236477efd66e5b258b9d4cc7b389"},"score":6.3,"checks":[{"name":"Security-Policy","score":10,"reason":"security policy file detected","details":["Info: security policy file detected: SECURITY.md:1","Info: Found linked content: SECURITY.md:1","Info: Found disclosure, vulnerability, and/or timelines in security policy: SECURITY.md:1","Info: Found text in security policy: SECURITY.md:1"],"documentation":{"short":"Determines if the project has published a security policy.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#security-policy"}},{"name":"Code-Review","score":10,"reason":"all changesets reviewed","details":null,"documentation":{"short":"Determines if the project requires human code review before pull requests (aka merge requests) are merged.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#code-review"}},{"name":"Maintained","score":10,"reason":"30 commit(s) and 26 issue activity found in the last 90 days -- score normalized to 10","details":null,"documentation":{"short":"Determines if the project is \"actively maintained\".","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#maintained"}},{"name":"Dangerous-Workflow","score":10,"reason":"no dangerous workflow patterns detected","details":null,"documentation":{"short":"Determines if the project's GitHub Action workflows avoid dangerous patterns.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#dangerous-workflow"}},{"name":"CII-Best-Practices","score":5,"reason":"badge detected: Passing","details":null,"documentation":{"short":"Determines if the project has an OpenSSF (formerly CII) Best Practices Badge.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#cii-best-practices"}},{"name":"Token-Permissions","score":0,"reason":"detected GitHub workflow tokens with excessive permissions","details":["Warn: no topLevel permission defined: .github/workflows/clippy.yml:1","Warn: no topLevel permission defined: .github/workflows/codespell.yml:1","Warn: topLevel 'contents' permission set to 'write': .github/workflows/dependabot_auto_merge.yml:7","Info: topLevel 'contents' permission set to 'read': .github/workflows/dependency_review.yml:9","Warn: no topLevel permission defined: .github/workflows/docker_build_kanidm.yml:1","Warn: no topLevel permission defined: .github/workflows/docker_build_kanidmd.yml:1","Warn: no topLevel permission defined: .github/workflows/docker_build_radiusd.yml:1","Warn: no topLevel permission defined: .github/workflows/javascript_lint.yml:1","Info: topLevel 'checks' permission set to 'read': .github/workflows/kanidm_book.yml:15","Warn: topLevel 'contents' permission set to 'write': .github/workflows/kanidm_book.yml:16","Warn: topLevel 'deployments' permission set to 'write': .github/workflows/kanidm_book.yml:17","Info: topLevel 'issues' permission set to 'read': .github/workflows/kanidm_book.yml:18","Info: topLevel 'statuses' permission set to 'read': .github/workflows/kanidm_book.yml:20","Info: topLevel 'actions' permission set to 'read': .github/workflows/kanidm_book.yml:14","Info: topLevel 'pull-requests' permission set to 'read': .github/workflows/kanidm_book.yml:19","Warn: no topLevel permission defined: .github/workflows/kanidm_individual_book.yml:1","Warn: no topLevel permission defined: .github/workflows/pykanidm.yml:1","Warn: no topLevel permission defined: .github/workflows/rust_build.yml:1","Warn: no topLevel permission defined: .github/workflows/windows_build.yml:1","Info: no jobLevel write permissions found"],"documentation":{"short":"Determines if the project's workflows follow the principle of least privilege.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#token-permissions"}},{"name":"License","score":10,"reason":"license file detected","details":["Info: project has a license file: LICENSE.md:0","Info: FSF or OSI recognized license: Mozilla Public License 2.0: LICENSE.md:0"],"documentation":{"short":"Determines if the project has defined a license.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#license"}},{"name":"Binary-Artifacts","score":10,"reason":"no binaries found in the repo","details":null,"documentation":{"short":"Determines if the project has generated executable (binary) artifacts in the source repository.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#binary-artifacts"}},{"name":"Branch-Protection","score":-1,"reason":"internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration","details":null,"documentation":{"short":"Determines if the default and release branches are protected with GitHub's branch protection settings.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#branch-protection"}},{"name":"Signed-Releases","score":-1,"reason":"no releases found","details":null,"documentation":{"short":"Determines if the project cryptographically signs release artifacts.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#signed-releases"}},{"name":"Fuzzing","score":0,"reason":"project is not fuzzed","details":["Warn: no fuzzer integrations found"],"documentation":{"short":"Determines if the project uses fuzzing.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#fuzzing"}},{"name":"Packaging","score":10,"reason":"packaging workflow detected","details":["Info: Project packages its releases by way of GitHub Actions.: .github/workflows/docker_build_kanidm.yml:32"],"documentation":{"short":"Determines if the project is published as a package that others can easily download, install, easily update, and uninstall.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#packaging"}},{"name":"Pinned-Dependencies","score":0,"reason":"dependency not pinned by hash detected -- score normalized to 0","details":["Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/clippy.yml:20: update your workflow using https://app.stepsecurity.io/secureworkflow/kanidm/kanidm/clippy.yml/master?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/clippy.yml:22: update your workflow using https://app.stepsecurity.io/secureworkflow/kanidm/kanidm/clippy.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/clippy.yml:40: update your workflow using https://app.stepsecurity.io/secureworkflow/kanidm/kanidm/clippy.yml/master?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/clippy.yml:42: update your workflow using https://app.stepsecurity.io/secureworkflow/kanidm/kanidm/clippy.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/codespell.yml:14: update your workflow using https://app.stepsecurity.io/secureworkflow/kanidm/kanidm/codespell.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/codespell.yml:20: update your workflow using https://app.stepsecurity.io/secureworkflow/kanidm/kanidm/codespell.yml/master?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/dependabot_auto_merge.yml:18: update your workflow using https://app.stepsecurity.io/secureworkflow/kanidm/kanidm/dependabot_auto_merge.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/dependabot_auto_merge.yml:23: update your workflow using https://app.stepsecurity.io/secureworkflow/kanidm/kanidm/dependabot_auto_merge.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/dependency_review.yml:19: update your workflow using https://app.stepsecurity.io/secureworkflow/kanidm/kanidm/dependency_review.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/dependency_review.yml:21: update your workflow using https://app.stepsecurity.io/secureworkflow/kanidm/kanidm/dependency_review.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/docker_build_kanidm.yml:39: update your workflow using https://app.stepsecurity.io/secureworkflow/kanidm/kanidm/docker_build_kanidm.yml/master?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/docker_build_kanidm.yml:43: update your workflow using https://app.stepsecurity.io/secureworkflow/kanidm/kanidm/docker_build_kanidm.yml/master?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/docker_build_kanidm.yml:46: update your workflow using https://app.stepsecurity.io/secureworkflow/kanidm/kanidm/docker_build_kanidm.yml/master?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/docker_build_kanidm.yml:48: update your workflow using https://app.stepsecurity.io/secureworkflow/kanidm/kanidm/docker_build_kanidm.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/docker_build_kanidm.yml:62: update your workflow using https://app.stepsecurity.io/secureworkflow/kanidm/kanidm/docker_build_kanidm.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/docker_build_kanidm.yml:79: update your workflow using https://app.stepsecurity.io/secureworkflow/kanidm/kanidm/docker_build_kanidm.yml/master?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/docker_build_kanidm.yml:84: update your workflow using https://app.stepsecurity.io/secureworkflow/kanidm/kanidm/docker_build_kanidm.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/docker_build_kanidmd.yml:78: update your workflow using https://app.stepsecurity.io/secureworkflow/kanidm/kanidm/docker_build_kanidmd.yml/master?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/docker_build_kanidmd.yml:83: update your workflow using https://app.stepsecurity.io/secureworkflow/kanidm/kanidm/docker_build_kanidmd.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/docker_build_kanidmd.yml:39: update your workflow using https://app.stepsecurity.io/secureworkflow/kanidm/kanidm/docker_build_kanidmd.yml/master?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/docker_build_kanidmd.yml:43: update your workflow using https://app.stepsecurity.io/secureworkflow/kanidm/kanidm/docker_build_kanidmd.yml/master?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/docker_build_kanidmd.yml:46: update your workflow using https://app.stepsecurity.io/secureworkflow/kanidm/kanidm/docker_build_kanidmd.yml/master?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/docker_build_kanidmd.yml:48: update your workflow using https://app.stepsecurity.io/secureworkflow/kanidm/kanidm/docker_build_kanidmd.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/docker_build_kanidmd.yml:61: update your workflow using https://app.stepsecurity.io/secureworkflow/kanidm/kanidm/docker_build_kanidmd.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/docker_build_radiusd.yml:39: update your workflow using https://app.stepsecurity.io/secureworkflow/kanidm/kanidm/docker_build_radiusd.yml/master?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/docker_build_radiusd.yml:43: update your workflow using https://app.stepsecurity.io/secureworkflow/kanidm/kanidm/docker_build_radiusd.yml/master?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/docker_build_radiusd.yml:45: update your workflow using https://app.stepsecurity.io/secureworkflow/kanidm/kanidm/docker_build_radiusd.yml/master?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/docker_build_radiusd.yml:48: update your workflow using https://app.stepsecurity.io/secureworkflow/kanidm/kanidm/docker_build_radiusd.yml/master?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/docker_build_radiusd.yml:50: update your workflow using https://app.stepsecurity.io/secureworkflow/kanidm/kanidm/docker_build_radiusd.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/docker_build_radiusd.yml:61: update your workflow using https://app.stepsecurity.io/secureworkflow/kanidm/kanidm/docker_build_radiusd.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/docker_build_radiusd.yml:78: update your workflow using https://app.stepsecurity.io/secureworkflow/kanidm/kanidm/docker_build_radiusd.yml/master?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/docker_build_radiusd.yml:83: update your workflow using https://app.stepsecurity.io/secureworkflow/kanidm/kanidm/docker_build_radiusd.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/javascript_lint.yml:17: update your workflow using https://app.stepsecurity.io/secureworkflow/kanidm/kanidm/javascript_lint.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/javascript_lint.yml:10: update your workflow using https://app.stepsecurity.io/secureworkflow/kanidm/kanidm/javascript_lint.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/kanidm_book.yml:35: update your workflow using https://app.stepsecurity.io/secureworkflow/kanidm/kanidm/kanidm_book.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/kanidm_book.yml:55: update your workflow using https://app.stepsecurity.io/secureworkflow/kanidm/kanidm/kanidm_book.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/kanidm_book.yml:90: update your workflow using https://app.stepsecurity.io/secureworkflow/kanidm/kanidm/kanidm_book.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/kanidm_book.yml:94: update your workflow using https://app.stepsecurity.io/secureworkflow/kanidm/kanidm/kanidm_book.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/kanidm_book.yml:101: update your workflow using https://app.stepsecurity.io/secureworkflow/kanidm/kanidm/kanidm_book.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/kanidm_book.yml:108: update your workflow using https://app.stepsecurity.io/secureworkflow/kanidm/kanidm/kanidm_book.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/kanidm_book.yml:130: update your workflow using https://app.stepsecurity.io/secureworkflow/kanidm/kanidm/kanidm_book.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/kanidm_book.yml:132: update your workflow using https://app.stepsecurity.io/secureworkflow/kanidm/kanidm/kanidm_book.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/kanidm_book.yml:139: update your workflow using https://app.stepsecurity.io/secureworkflow/kanidm/kanidm/kanidm_book.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/kanidm_individual_book.yml:23: update your workflow using https://app.stepsecurity.io/secureworkflow/kanidm/kanidm/kanidm_individual_book.yml/master?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/kanidm_individual_book.yml:27: update your workflow using https://app.stepsecurity.io/secureworkflow/kanidm/kanidm/kanidm_individual_book.yml/master?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/kanidm_individual_book.yml:39: update your workflow using https://app.stepsecurity.io/secureworkflow/kanidm/kanidm/kanidm_individual_book.yml/master?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/kanidm_individual_book.yml:44: update your workflow using https://app.stepsecurity.io/secureworkflow/kanidm/kanidm/kanidm_individual_book.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/kanidm_individual_book.yml:47: update your workflow using https://app.stepsecurity.io/secureworkflow/kanidm/kanidm/kanidm_individual_book.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/kanidm_individual_book.yml:79: update your workflow using https://app.stepsecurity.io/secureworkflow/kanidm/kanidm/kanidm_individual_book.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/pykanidm.yml:18: update your workflow using https://app.stepsecurity.io/secureworkflow/kanidm/kanidm/pykanidm.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/pykanidm.yml:22: update your workflow using https://app.stepsecurity.io/secureworkflow/kanidm/kanidm/pykanidm.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/rust_build.yml:26: update your workflow using https://app.stepsecurity.io/secureworkflow/kanidm/kanidm/rust_build.yml/master?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/rust_build.yml:28: update your workflow using https://app.stepsecurity.io/secureworkflow/kanidm/kanidm/rust_build.yml/master?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/rust_build.yml:30: update your workflow using https://app.stepsecurity.io/secureworkflow/kanidm/kanidm/rust_build.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/rust_build.yml:69: update your workflow using https://app.stepsecurity.io/secureworkflow/kanidm/kanidm/rust_build.yml/master?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/rust_build.yml:71: update your workflow using https://app.stepsecurity.io/secureworkflow/kanidm/kanidm/rust_build.yml/master?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/rust_build.yml:75: update your workflow using https://app.stepsecurity.io/secureworkflow/kanidm/kanidm/rust_build.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/rust_build.yml:111: update your workflow using https://app.stepsecurity.io/secureworkflow/kanidm/kanidm/rust_build.yml/master?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/rust_build.yml:113: update your workflow using https://app.stepsecurity.io/secureworkflow/kanidm/kanidm/rust_build.yml/master?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/rust_build.yml:115: update your workflow using https://app.stepsecurity.io/secureworkflow/kanidm/kanidm/rust_build.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/windows_build.yml:23: update your workflow using https://app.stepsecurity.io/secureworkflow/kanidm/kanidm/windows_build.yml/master?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/windows_build.yml:29: update your workflow using https://app.stepsecurity.io/secureworkflow/kanidm/kanidm/windows_build.yml/master?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/windows_build.yml:34: update your workflow using https://app.stepsecurity.io/secureworkflow/kanidm/kanidm/windows_build.yml/master?enable=pin","Warn: containerImage not pinned by hash: examples/apache_oauth/Dockerfile:1: pin your Docker image by updating ubuntu/apache2:latest to ubuntu/apache2:latest@sha256:a4c990d4e22454c7109409133c6a265d2a91026531c0477ff2647ea3beac606c","Warn: containerImage not pinned by hash: rlm_python/Dockerfile:5","Warn: containerImage not pinned by hash: scripts/Dockerfile.devcontainer:1: pin your Docker image by updating rust:latest to rust:latest@sha256:e090f7b4adf86191313dba91260351d7f5e15cac0fe34f26706a805c0cb9641f","Warn: containerImage not pinned by hash: server/Dockerfile:5","Warn: containerImage not pinned by hash: server/Dockerfile:10","Warn: containerImage not pinned by hash: tools/Dockerfile:5","Warn: containerImage not pinned by hash: tools/Dockerfile:9","Warn: containerImage not pinned by hash: tools/Dockerfile:66","Warn: containerImage not pinned by hash: tools/orca/Dockerfile:5","Warn: containerImage not pinned by hash: tools/orca/Dockerfile:9","Warn: containerImage not pinned by hash: tools/orca/Dockerfile:58","Warn: pipCommand not pinned by hash: rlm_python/Dockerfile:58-64","Warn: downloadThenRun not pinned by hash: scripts/install_ubuntu_dependencies.sh:58","Warn: pipCommand not pinned by hash: scripts/pykanidm/run.sh:12","Warn: pipCommand not pinned by hash: scripts/pykanidm/run.sh:13","Warn: pipCommand not pinned by hash: scripts/pykanidm/run.sh:15","Warn: pipCommand not pinned by hash: .github/workflows/codespell.yml:26","Warn: pipCommand not pinned by hash: .github/workflows/kanidm_individual_book.yml:65","Warn: pipCommand not pinned by hash: .github/workflows/pykanidm.yml:27","Info:   0 out of  36 GitHub-owned GitHubAction dependencies pinned","Info:   0 out of  27 third-party GitHubAction dependencies pinned","Info:   0 out of   7 pipCommand dependencies pinned","Info:   0 out of   1 downloadThenRun dependencies pinned","Info:   0 out of  11 containerImage dependencies pinned"],"documentation":{"short":"Determines if the project has declared and pinned the dependencies of its build process.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#pinned-dependencies"}},{"name":"SAST","score":0,"reason":"SAST tool is not run on all commits -- score normalized to 0","details":["Warn: 0 commits out of 30 are checked with a SAST tool"],"documentation":{"short":"Determines if the project uses static code analysis.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#sast"}},{"name":"Vulnerabilities","score":3,"reason":"7 existing vulnerabilities detected","details":["Warn: Project is vulnerable to: RUSTSEC-2024-0384","Warn: Project is vulnerable to: RUSTSEC-2024-0436","Warn: Project is vulnerable to: RUSTSEC-2024-0370","Warn: Project is vulnerable to: RUSTSEC-2023-0071","Warn: Project is vulnerable to: RUSTSEC-2021-0127","Warn: Project is vulnerable to: GHSA-xffm-g5w8-qvg7","Warn: Project is vulnerable to: GHSA-v6h2-p8h4-qcjw"],"documentation":{"short":"Determines if the project has open, known unfixed vulnerabilities.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#vulnerabilities"}}]},"last_synced_at":"2025-08-19T04:24:13.785Z","repository_id":36971521,"created_at":"2025-08-19T04:24:13.785Z","updated_at":"2025-08-19T04:24:13.785Z"},"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":32717087,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-05-06T19:35:05.142Z","status":"ssl_error","status_checked_at":"2026-05-06T19:35:03.996Z","response_time":117,"last_error":"SSL_read: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["authentication","iam","identity","identity-management","idm","ldap","oidc","radius","rust","scim","security","ssh-authentication","webauthn"],"created_at":"2024-08-01T15:01:50.909Z","updated_at":"2026-05-07T04:03:18.854Z","avatar_url":"https://github.com/kanidm.png","language":"Rust","funding_links":[],"categories":["Rust","security","rust","Multi-factor auth"],"sub_categories":["Identifiers"],"readme":"# Kanidm - Simple and Secure Identity Management\n\n![Kanidm Logo](artwork/logo-small.png)\n\n## About\n\nKanidm is a simple and secure identity management platform, allowing other applications and services to offload the\nchallenge of authenticating and storing identities to Kanidm.\n\nThe goal of this project is to be a complete identity provider, covering the broadest possible set of requirements and\nintegrations. You should not need any other components (like Keycloak) when you use Kanidm - we already have everything\nyou need!\n\nTo achieve this we rely heavily on strict defaults, simple configuration, and self-healing components. This allows\nKanidm to support small home labs, families, small businesses, and all the way to the largest enterprise needs.\n\nIf you want to host your own authentication service, then Kanidm is for you!\n\n\u003cdetails\u003e\n  \u003csummary\u003eSupported Features\u003c/summary\u003e\n\nKanidm supports:\n\n- Passkeys (WebAuthn) for secure cryptographic authentication\n  - Attested passkeys for high security environments\n- Application Portal allowing easy access to linked applications\n- OAuth2/OIDC authentication provider for SSO\n- OAuth2/OIDC service access with token exchange services\n- Linux/Unix integration with TPM protected offline authentication\n- SSH key distribution to Linux/Unix systems\n- RADIUS for network and VPN authentication\n- Read-only LDAPs gateway for Legacy Systems\n- Complete CLI tooling for Administration\n- Two node high availability using database replication\n- A WebUI for user self-service\n- And more!\n\n\u003c/details\u003e\n\n## Documentation / Getting Started / Install\n\nIf you want to read more about what Kanidm can do, you should read our documentation.\n\n- [Kanidm book (latest stable)](https://kanidm.github.io/kanidm/stable/)\n\nWe also have a set of [support guidelines](https://github.com/kanidm/kanidm/blob/master/book/src/support.md) for what\nthe project team will support.\n\n## Code of Conduct / Ethics\n\nAll interactions with the project are covered by our [code of conduct].\n\nWhen we develop features, we follow our project's guidelines on [rights and ethics].\n\n[code of conduct]: https://github.com/kanidm/kanidm/blob/master/CODE_OF_CONDUCT.md\n[rights and ethics]: https://github.com/kanidm/kanidm/blob/master/book/src/developers/developer_ethics.md\n\n## Getting in Contact / Questions\n\nWe have a Matrix-powered [gitter community channel] where project members are always happy to chat and answer questions.\nAlternately you can open a new [GitHub discussion].\n\n[gitter community channel]: https://app.gitter.im/#/room/#kanidm_community:gitter.im\n[github discussion]: https://github.com/kanidm/kanidm/discussions\n\n## What does Kanidm mean?\n\nKanidm is a portmanteau of 'kani' and 'idm'. Kani is Japanese for crab, related to Rust's mascot Ferris the crab.\nIdentity management is often abbreviated to 'idm', and is a common industry term for authentication providers.\n\nKanidm is pronounced as \"kar - nee - dee - em\".\n\n## Kanidm Anthem\n\n\u003e An anthem is a popular song, especially a rock song felt to sum up the attitudes or feelings associated with a period\n\u003e or social group.\n\nThe Kanidm anthem is [Crab Rave - Noisestorm](https://www.youtube.com/watch?v=LDU_Txk06tM)\n\n## Comparison with other services\n\n\u003cdetails\u003e \u003csummary\u003eLLDAP\u003c/summary\u003e\n\n[LLDAP](https://github.com/nitnelave/lldap) is a similar project focused on providing a small, easy-to-administer LDAP\nserver with a web administration portal. Both LLDAP and Kanidm use the\n[Kanidm LDAP bindings](https://github.com/kanidm/ldap3) and share many common design ideas.\n\nThe primary advantage of Kanidm over LLDAP is its broader built-in feature set, including native support for OAuth2 and\nOIDC. In contrast, LLDAP requires integration with an external portal like Keycloak to provide these features. However,\nLLDAP’s simplicity — offering fewer features — can make it easier to deploy and manage for certain use cases.\n\nWhile LLDAP provides a simple Web UI as the main user management interface, Kanidm currently offers administrative\nfunctionality primarily via its CLI, with its Web UI designed more for user interactions than for administration.\n\nIf Kanidm feels too complex for your needs, LLDAP is a smaller and simpler alternative. But if you want a more\nfeature-rich solution out of the box, Kanidm will likely be a better fit.\n\n\u003c/details\u003e\n\n\u003cdetails\u003e \u003csummary\u003e389-ds / OpenLDAP\u003c/summary\u003e\n\nBoth 389 Directory Server (389-ds) and OpenLDAP are general-purpose LDAP servers. They provide LDAP functionality only,\nso you must supply your own Identity Management (IDM) components—such as an OIDC portal, self-service web UI,\ncommand-line tools for administration, and more.\n\nIf you require maximum customization of your LDAP deployment, 389-ds or OpenLDAP may be better choices. However, if you\nprefer an easy-to-set-up service focused specifically on IDM, Kanidm is a superior option.\n\nKanidm draws inspiration from both 389-ds and OpenLDAP and already matches or exceeds 389-ds in directory service\nperformance and scalability, while offering a richer feature set.\n\n\u003c/details\u003e\n\n\u003cdetails\u003e \u003csummary\u003eFreeIPA\u003c/summary\u003e\n\nFreeIPA is a comprehensive identity management system for Linux/Unix, bundling many services including LDAP, Kerberos,\nDNS, and a Certificate Authority.\n\nHowever, FreeIPA is complex, consisting of numerous components and configurations, which leads to higher resource usage\nand administrative overhead during setup and upgrades.\n\nKanidm aims to offer the feature richness of FreeIPA but with a lighter resource footprint and simpler management. In\nbenchmarks with 3,000 users and 1,500 groups, Kanidm demonstrated approximately three times faster search operations and\nfive times faster modifications and additions (results may vary, but Kanidm generally outperforms FreeIPA in speed).\n\nIf you want a full IDM solution that’s easier to manage and more efficient, Kanidm is worth considering.\n\n\u003c/details\u003e\n\n\u003cdetails\u003e \u003csummary\u003eKeycloak\u003c/summary\u003e\n\n[Keycloak](https://github.com/keycloak/keycloak) is an OIDC/OAuth2/SAML provider that can layer WebAuthn authentication\non top of existing IDM systems. Although it can operate as a stand-alone IDM solution, it is commonly used alongside an\nLDAP server or similar backend.\n\nDeploying Keycloak requires significant configuration and expertise. Its extensive customization options for\nauthentication workflows can make initial setup challenging.\n\nKanidm does not require Keycloak to provide OAuth2 and other services. It integrates many of these capabilities in a\nsimpler, more streamlined way right out of the box.\n\n\u003c/details\u003e \u003cdetails\u003e \u003csummary\u003eRauthy\u003c/summary\u003e\n\n[Rauthy](https://github.com/sebadob/rauthy) is a minimal OIDC provider supporting WebAuthn—using some of the same\nlibraries as Kanidm.\n\nHowever, Rauthy focuses exclusively on OIDC and does not support additional use cases such as RADIUS or Unix\nauthentication.\n\nIf you need a minimal OIDC-only provider, Rauthy is an excellent choice. But if you require a broader feature set,\nKanidm is the better option.\n\n\u003c/details\u003e\n\n\u003cdetails\u003e \u003csummary\u003eAuthentik / Authelia / Zitadel\u003c/summary\u003e\n\n[Authentik](https://github.com/goauthentik/authentik) (written in Python),\n[Authelia](https://github.com/authelia/authelia), and [Zitadel](https://github.com/zitadel/zitadel) (both written in Go)\nare IDM providers similar to Kanidm in many respects. However, all three have weaker support for Unix authentication and\ndo not provide the advanced authentication policies or WebAuthn Attestation capabilities that Kanidm offers.\n\nAdditionally, these projects rely on external SQL databases such as PostgreSQL, which can introduce potential single\npoints of failure and performance bottlenecks. In contrast, Kanidm uses its own high-performance database and\nreplication system, developed based on enterprise LDAP server experience.\n\n\u003c/details\u003e\n\n## Developer Getting Started\n\nIf you want to contribute to Kanidm there is a getting started [guide for developers]. IDM is a diverse topic and we\nencourage contributions of many kinds in the project, from people of all backgrounds.\n\nWhen developing the server you should refer to the latest commit documentation instead.\n\n- [Kanidm book (latest commit)](https://kanidm.github.io/kanidm/master/)\n\n[guide for developers]: https://kanidm.github.io/kanidm/master/developers/index.html\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fkanidm%2Fkanidm","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fkanidm%2Fkanidm","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fkanidm%2Fkanidm/lists"}