{"id":15009275,"url":"https://github.com/kelnos/scala-cross-maven-plugin","last_synced_at":"2025-10-08T04:14:12.054Z","repository":{"id":43104048,"uuid":"204681055","full_name":"kelnos/scala-cross-maven-plugin","owner":"kelnos","description":"Maven plugin to help rewrite POMs for cross-compiled Scala libraries","archived":false,"fork":false,"pushed_at":"2024-06-24T17:17:55.000Z","size":48,"stargazers_count":9,"open_issues_count":11,"forks_count":2,"subscribers_count":2,"default_branch":"master","last_synced_at":"2025-07-30T20:30:17.528Z","etag":null,"topics":["cross-compilation","maven","plugin","scala"],"latest_commit_sha":null,"homepage":null,"language":"Scala","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"bsd-3-clause","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/kelnos.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2019-08-27T10:40:45.000Z","updated_at":"2025-03-12T10:29:22.000Z","dependencies_parsed_at":"2025-02-15T10:32:54.741Z","dependency_job_id":"447a88c1-ea62-4126-ac1d-16eb75154cf8","html_url":"https://github.com/kelnos/scala-cross-maven-plugin","commit_stats":null,"previous_names":[],"tags_count":5,"template":false,"template_full_name":null,"purl":"pkg:github/kelnos/scala-cross-maven-plugin","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/kelnos%2Fscala-cross-maven-plugin","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/kelnos%2Fscala-cross-maven-plugin/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/kelnos%2Fscala-cross-maven-plugin/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/kelnos%2Fscala-cross-maven-plugin/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/kelnos","download_url":"https://codeload.github.com/kelnos/scala-cross-maven-plugin/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/kelnos%2Fscala-cross-maven-plugin/sbom","scorecard":{"id":554460,"data":{"date":"2025-08-11","repo":{"name":"github.com/kelnos/scala-cross-maven-plugin","commit":"64996e867d70e3c7c60411473b35b0afe9dd547c"},"scorecard":{"version":"v5.2.1-40-gf6ed084d","commit":"f6ed084d17c9236477efd66e5b258b9d4cc7b389"},"score":3.4,"checks":[{"name":"Maintained","score":0,"reason":"0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0","details":null,"documentation":{"short":"Determines if the project is \"actively maintained\".","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#maintained"}},{"name":"Dangerous-Workflow","score":10,"reason":"no dangerous workflow patterns detected","details":null,"documentation":{"short":"Determines if the project's GitHub Action workflows avoid dangerous patterns.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#dangerous-workflow"}},{"name":"Code-Review","score":3,"reason":"Found 7/20 approved changesets -- score normalized to 3","details":null,"documentation":{"short":"Determines if the project requires human code review before pull requests (aka merge requests) are merged.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#code-review"}},{"name":"Token-Permissions","score":0,"reason":"detected GitHub workflow tokens with excessive permissions","details":["Warn: no topLevel permission defined: .github/workflows/maven.yml:1","Info: no jobLevel write permissions found"],"documentation":{"short":"Determines if the project's workflows follow the principle of least privilege.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#token-permissions"}},{"name":"Pinned-Dependencies","score":0,"reason":"dependency not pinned by hash detected -- score normalized to 0","details":["Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/maven.yml:12: update your workflow using https://app.stepsecurity.io/secureworkflow/kelnos/scala-cross-maven-plugin/maven.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/maven.yml:14: update your workflow using https://app.stepsecurity.io/secureworkflow/kelnos/scala-cross-maven-plugin/maven.yml/master?enable=pin","Info:   0 out of   2 GitHub-owned GitHubAction dependencies pinned"],"documentation":{"short":"Determines if the project has declared and pinned the dependencies of its build process.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#pinned-dependencies"}},{"name":"Binary-Artifacts","score":10,"reason":"no binaries found in the repo","details":null,"documentation":{"short":"Determines if the project has generated executable (binary) artifacts in the source repository.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#binary-artifacts"}},{"name":"Packaging","score":-1,"reason":"packaging workflow not detected","details":["Warn: no GitHub/GitLab publishing workflow detected."],"documentation":{"short":"Determines if the project is published as a package that others can easily download, install, easily update, and uninstall.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#packaging"}},{"name":"CII-Best-Practices","score":0,"reason":"no effort to earn an OpenSSF best practices badge detected","details":null,"documentation":{"short":"Determines if the project has an OpenSSF (formerly CII) Best Practices Badge.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#cii-best-practices"}},{"name":"Security-Policy","score":0,"reason":"security policy file not detected","details":["Warn: no security policy file detected","Warn: no security file to analyze","Warn: no security file to analyze","Warn: no security file to analyze"],"documentation":{"short":"Determines if the project has published a security policy.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#security-policy"}},{"name":"Fuzzing","score":0,"reason":"project is not fuzzed","details":["Warn: no fuzzer integrations found"],"documentation":{"short":"Determines if the project uses fuzzing.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#fuzzing"}},{"name":"License","score":10,"reason":"license file detected","details":["Info: project has a license file: LICENSE:0","Info: FSF or OSI recognized license: BSD 3-Clause \"New\" or \"Revised\" License: LICENSE:0"],"documentation":{"short":"Determines if the project has defined a license.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#license"}},{"name":"Signed-Releases","score":-1,"reason":"no releases found","details":null,"documentation":{"short":"Determines if the project cryptographically signs release artifacts.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#signed-releases"}},{"name":"Branch-Protection","score":-1,"reason":"internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration","details":null,"documentation":{"short":"Determines if the default and release branches are protected with GitHub's branch protection settings.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#branch-protection"}},{"name":"SAST","score":0,"reason":"SAST tool is not run on all commits -- score normalized to 0","details":["Warn: 0 commits out of 18 are checked with a SAST tool"],"documentation":{"short":"Determines if the project uses static code analysis.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#sast"}},{"name":"Vulnerabilities","score":3,"reason":"7 existing vulnerabilities detected","details":["Warn: Project is vulnerable to: GHSA-2qrg-x229-3v8q","Warn: Project is vulnerable to: GHSA-65fg-84f6-3jq3","Warn: Project is vulnerable to: GHSA-f7vh-qwp3-x37m","Warn: Project is vulnerable to: GHSA-fp5r-v3w9-4333","Warn: Project is vulnerable to: GHSA-w9p3-5cr8-m3jj","Warn: Project is vulnerable to: GHSA-j288-q9x7-2f5v","Warn: Project is vulnerable to: GHSA-2f88-5hg8-9x2x"],"documentation":{"short":"Determines if the project has open, known unfixed vulnerabilities.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#vulnerabilities"}}]},"last_synced_at":"2025-08-20T11:57:57.332Z","repository_id":43104048,"created_at":"2025-08-20T11:57:57.332Z","updated_at":"2025-08-20T11:57:57.332Z"},"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":278887555,"owners_count":26063219,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","status":"online","status_checked_at":"2025-10-08T02:00:06.501Z","response_time":56,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["cross-compilation","maven","plugin","scala"],"created_at":"2024-09-24T19:24:13.167Z","updated_at":"2025-10-08T04:14:12.024Z","avatar_url":"https://github.com/kelnos.png","language":"Scala","funding_links":[],"categories":[],"sub_categories":[],"readme":"# scala-cross-maven-plugin\n\nThis plugin enables you to publish \"clean\" POM files after interpolating\nvalues for the Scala version and Scala binary version.\n\n## Why\n\nA common way to vary Scala binary versions is to use Maven profiles,\ndeclaring one profile for each binary version you want to cross compile\nto.  Then you run Maven once for each binary version, activating the\nappropriate profile, to build and deploy artifacts.\n\nHowever, the published POMs end up not working so well:\n\n* Maven doesn't like it when you use variable substitution in artifact\n  IDs (and will warn you of this on startup).\n* The published POMs will require consumers to know about (and\n  duplicate) the use of your profile IDs in order to interpolate the\n  correct variables.\n* Many developers set one of the Scala-version profiles to be activated\n  by default, which:\n  * can cause confusing (silent) failures if a new developer runs Maven\n    without explicitly specifying the desired profile.\n  * can cause confusing issues if the set of property names in each\n    Scala-version profile is not exactly the same.\n* If one of the Scala-version profiles is _not_ set as activated by\n  default, often default values for the Scala version and binary/compat\n  version are specified outside the profile, which can cause similar\n  problems to those outlined in the previous point.\n\n### Other Resources / Prior Art\n\n* There's a fine discussion of the perils of using Maven for Scala\n  builds [by Ryan Williams of Hammer\n  Lab](http://www.hammerlab.org/2017/04/06/scala-build-tools/).\n* The\n  [flatten-maven-plugin](https://www.mojohaus.org/flatten-maven-plugin/)\n  almost does what we want, but is difficult to configure so that it\n  makes the fewest modifications necessary to the POM file.\n\n## Usage\n\nTo make this work, ideally your POM and build should conform to a\nconvention like so:\n\n* You have a separate profile for each Scala binary/compat version,\n  named like `scala-2.11`, `scala-2.12`, etc.\n* None of these `scala-*` profiles are active by default.\n* You use properties named `scala.version` and `scala.binary.version`\n  (or `scala.compat.version`) to determine which Scala versions to use.\n* You have artifact (and possibly group) IDs that require the\n  binary/compat version to be interpolated into them.\n* You do _not_ put defaults for the above properties in the POM's\n  main properties section.  (Note: Some IDEs, like IntelliJ IDEA, won't\n  work properly without a default for `scala.binary.version`, even if\n  you properly select the correct profile to use.  Adding a default for\n  that property seems to work ok.)\n\nIf you've fulfilled the above, you can just do the following:\n\n```xml\n\u003cbuild\u003e\n  \u003cplugins\u003e\n    ..\n    \u003cplugin\u003e\n      \u003cgroupId\u003eorg.spurint.maven.plugins\u003c/groupId\u003e\n      \u003cartifactId\u003escala-cross-maven-plugin\u003c/artifactId\u003e\n      \u003cversion\u003e{see tags for latest version}\u003c/version\u003e\n      \u003cexecutions\u003e\n          \u003cexecution\u003e\n              \u003cid\u003erewrite-pom\u003c/id\u003e\n              \u003cgoals\u003e\n                  \u003cgoal\u003erewrite-pom\u003c/goal\u003e\n              \u003c/goals\u003e\n          \u003c/execution\u003e\n      \u003c/executions\u003e\n    \u003c/plugin\u003e\n    ..\n  \u003c/plugins\u003e\n\u003c/build\u003e\n```\n\nWhen you run your build, pass `-Pscala-2.12` (or whichever profile you\nwant) to Maven, and things will just work.\n\nIn reality, the plugin will take _any_ properties defined in your\nScala-version profile and interpolate them into group and artifact IDs\nin the rest of the POM.\n\nFor reference, here's an example of some profiles you might use:\n\n```xml\n\u003cprofiles\u003e\n  \u003cprofile\u003e\n    \u003cid\u003escala-2.11\u003c/id\u003e\n    \u003cproperties\u003e\n      \u003cscala.binary.version\u003e2.11\u003c/scala.binary.version\u003e\n      \u003cscala.version\u003e2.11.12\u003c/scala.version\u003e\n    \u003c/properties\u003e\n  \u003c/profile\u003e\n  \u003cprofile\u003e\n    \u003cid\u003escala-2.12\u003c/id\u003e\n    \u003cproperties\u003e\n      \u003cscala.binary.version\u003e2.12\u003c/scala.binary.version\u003e\n      \u003cscala.version\u003e2.12.10\u003c/scala.version\u003e\n    \u003c/properties\u003e\n  \u003c/profile\u003e\n\u003c/profiles\u003e\n```\n\n## Configuration\n\nThere are a few settings you can use to tailor execution to your\nenvironment.\n\n| Name | Default | Description |\n|:-----|:--------|:------------|\n| `rewrittenPomPath` | `${project.build.directory}/.scala-cross-pom.xml` | Full path to where to write the interpolated POM file. |\n| `scalaProfilePrefix` | `scala-` | Prefix for profile names used to for scala cross-compilation.  The assumed suffix is the Scala binary version. |\n| `scalaProfileId` | (none) | Alternatively, you can specify the full name of the profile to use (`scalaProfilePrefix` will be ignored). |\n| `scrubProfiles` | `false` | Before writing the final POM, remove all detected Scala-version profiles. |\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fkelnos%2Fscala-cross-maven-plugin","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fkelnos%2Fscala-cross-maven-plugin","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fkelnos%2Fscala-cross-maven-plugin/lists"}