{"id":22377191,"url":"https://github.com/kiwiproject/kiwi","last_synced_at":"2026-04-19T19:04:32.003Z","repository":{"id":37635167,"uuid":"94012980","full_name":"kiwiproject/kiwi","owner":"kiwiproject","description":"A set of Java utilities that we could not find in Guava or Apache Commons...or we just felt like having our own version.","archived":false,"fork":false,"pushed_at":"2026-04-09T21:28:43.000Z","size":2469,"stargazers_count":23,"open_issues_count":4,"forks_count":1,"subscribers_count":1,"default_branch":"main","last_synced_at":"2026-04-09T23:22:15.103Z","etag":null,"topics":["java","utilities"],"latest_commit_sha":null,"homepage":"","language":"Java","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/kiwiproject.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE.txt","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":null,"dco":null,"cla":null}},"created_at":"2017-06-11T15:17:25.000Z","updated_at":"2026-04-09T21:01:14.000Z","dependencies_parsed_at":"2024-03-11T00:27:58.846Z","dependency_job_id":"c20409ec-769f-4c9e-8ece-0ab7712c4043","html_url":"https://github.com/kiwiproject/kiwi","commit_stats":null,"previous_names":[],"tags_count":66,"template":false,"template_full_name":null,"purl":"pkg:github/kiwiproject/kiwi","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/kiwiproject%2Fkiwi","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/kiwiproject%2Fkiwi/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/kiwiproject%2Fkiwi/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/kiwiproject%2Fkiwi/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/kiwiproject","download_url":"https://codeload.github.com/kiwiproject/kiwi/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/kiwiproject%2Fkiwi/sbom","scorecard":{"id":520214,"data":{"date":"2025-08-11","repo":{"name":"github.com/kiwiproject/kiwi","commit":"91d7b157b2fbdcfdb5f34b596ef5d458c8fca913"},"scorecard":{"version":"v5.2.1-40-gf6ed084d","commit":"f6ed084d17c9236477efd66e5b258b9d4cc7b389"},"score":5.5,"checks":[{"name":"Packaging","score":-1,"reason":"packaging workflow not detected","details":["Warn: no GitHub/GitLab publishing workflow detected."],"documentation":{"short":"Determines if the project is published as a package that others can easily download, install, easily update, and uninstall.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#packaging"}},{"name":"Code-Review","score":1,"reason":"Found 4/24 approved changesets -- score normalized to 1","details":null,"documentation":{"short":"Determines if the project requires human code review before pull requests (aka merge requests) are merged.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#code-review"}},{"name":"Dangerous-Workflow","score":10,"reason":"no dangerous workflow patterns detected","details":null,"documentation":{"short":"Determines if the project's GitHub Action workflows avoid dangerous patterns.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#dangerous-workflow"}},{"name":"Pinned-Dependencies","score":0,"reason":"dependency not pinned by hash detected -- score normalized to 0","details":["Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build.yml:21: update your workflow using https://app.stepsecurity.io/secureworkflow/kiwiproject/kiwi/build.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build.yml:27: update your workflow using https://app.stepsecurity.io/secureworkflow/kiwiproject/kiwi/build.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build.yml:35: update your workflow using https://app.stepsecurity.io/secureworkflow/kiwiproject/kiwi/build.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build.yml:45: update your workflow using https://app.stepsecurity.io/secureworkflow/kiwiproject/kiwi/build.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build.yml:52: update your workflow using https://app.stepsecurity.io/secureworkflow/kiwiproject/kiwi/build.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/codeql.yml:34: update your workflow using https://app.stepsecurity.io/secureworkflow/kiwiproject/kiwi/codeql.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/codeql.yml:37: update your workflow using https://app.stepsecurity.io/secureworkflow/kiwiproject/kiwi/codeql.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/codeql.yml:43: update your workflow using https://app.stepsecurity.io/secureworkflow/kiwiproject/kiwi/codeql.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/codeql.yml:49: update your workflow using https://app.stepsecurity.io/secureworkflow/kiwiproject/kiwi/codeql.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/codeql.yml:56: update your workflow using https://app.stepsecurity.io/secureworkflow/kiwiproject/kiwi/codeql.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/codeql.yml:59: update your workflow using https://app.stepsecurity.io/secureworkflow/kiwiproject/kiwi/codeql.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/codeql.yml:62: update your workflow using https://app.stepsecurity.io/secureworkflow/kiwiproject/kiwi/codeql.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/print-delomboked-sources.yml:12: update your workflow using https://app.stepsecurity.io/secureworkflow/kiwiproject/kiwi/print-delomboked-sources.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/print-delomboked-sources.yml:15: update your workflow using https://app.stepsecurity.io/secureworkflow/kiwiproject/kiwi/print-delomboked-sources.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/print-delomboked-sources.yml:21: update your workflow using https://app.stepsecurity.io/secureworkflow/kiwiproject/kiwi/print-delomboked-sources.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/print-delomboked-sources.yml:28: update your workflow using https://app.stepsecurity.io/secureworkflow/kiwiproject/kiwi/print-delomboked-sources.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/print-delomboked-sources.yml:31: update your workflow using https://app.stepsecurity.io/secureworkflow/kiwiproject/kiwi/print-delomboked-sources.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/update-license-copyright-years.yml:13: update your workflow using https://app.stepsecurity.io/secureworkflow/kiwiproject/kiwi/update-license-copyright-years.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/update-license-copyright-years.yml:16: update your workflow using https://app.stepsecurity.io/secureworkflow/kiwiproject/kiwi/update-license-copyright-years.yml/main?enable=pin","Info:   0 out of  15 GitHub-owned GitHubAction dependencies pinned","Info:   0 out of   4 third-party GitHubAction dependencies pinned"],"documentation":{"short":"Determines if the project has declared and pinned the dependencies of its build process.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#pinned-dependencies"}},{"name":"Maintained","score":10,"reason":"25 commit(s) and 8 issue activity found in the last 90 days -- score normalized to 10","details":null,"documentation":{"short":"Determines if the project is \"actively maintained\".","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#maintained"}},{"name":"Binary-Artifacts","score":10,"reason":"no binaries found in the repo","details":null,"documentation":{"short":"Determines if the project has generated executable (binary) artifacts in the source repository.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#binary-artifacts"}},{"name":"Token-Permissions","score":0,"reason":"detected GitHub workflow tokens with excessive permissions","details":["Info: jobLevel 'actions' permission set to 'read': .github/workflows/codeql.yml:23","Info: jobLevel 'contents' permission set to 'read': .github/workflows/codeql.yml:24","Warn: no topLevel permission defined: .github/workflows/build.yml:1","Warn: no topLevel permission defined: .github/workflows/codeql.yml:1","Warn: no topLevel permission defined: .github/workflows/print-delomboked-sources.yml:1","Warn: no topLevel permission defined: .github/workflows/update-license-copyright-years.yml:1","Info: no jobLevel write permissions found"],"documentation":{"short":"Determines if the project's workflows follow the principle of least privilege.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#token-permissions"}},{"name":"CII-Best-Practices","score":0,"reason":"no effort to earn an OpenSSF best practices badge detected","details":null,"documentation":{"short":"Determines if the project has an OpenSSF (formerly CII) Best Practices Badge.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#cii-best-practices"}},{"name":"Security-Policy","score":0,"reason":"security policy file not detected","details":["Warn: no security policy file detected","Warn: no security file to analyze","Warn: no security file to analyze","Warn: no security file to analyze"],"documentation":{"short":"Determines if the project has published a security policy.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#security-policy"}},{"name":"Fuzzing","score":0,"reason":"project is not fuzzed","details":["Warn: no fuzzer integrations found"],"documentation":{"short":"Determines if the project uses fuzzing.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#fuzzing"}},{"name":"License","score":10,"reason":"license file detected","details":["Info: project has a license file: LICENSE.txt:0","Info: FSF or OSI recognized license: MIT License: LICENSE.txt:0"],"documentation":{"short":"Determines if the project has defined a license.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#license"}},{"name":"Signed-Releases","score":-1,"reason":"no releases found","details":null,"documentation":{"short":"Determines if the project cryptographically signs release artifacts.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#signed-releases"}},{"name":"Branch-Protection","score":-1,"reason":"internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration","details":null,"documentation":{"short":"Determines if the default and release branches are protected with GitHub's branch protection settings.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#branch-protection"}},{"name":"SAST","score":10,"reason":"SAST tool detected","details":["Info: SAST configuration detected: CodeQL","Info: SAST configuration detected: Sonar","Info: all commits (18) are checked with a SAST tool"],"documentation":{"short":"Determines if the project uses static code analysis.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#sast"}},{"name":"Vulnerabilities","score":9,"reason":"1 existing vulnerabilities detected","details":["Warn: Project is vulnerable to: GHSA-qh8g-58pp-2wxh"],"documentation":{"short":"Determines if the project has open, known unfixed vulnerabilities.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#vulnerabilities"}}]},"last_synced_at":"2025-08-20T02:51:47.688Z","repository_id":37635167,"created_at":"2025-08-20T02:51:47.688Z","updated_at":"2025-08-20T02:51:47.688Z"},"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":32018765,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-04-18T20:23:30.271Z","status":"online","status_checked_at":"2026-04-19T02:00:07.110Z","response_time":55,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["java","utilities"],"created_at":"2024-12-04T22:13:04.491Z","updated_at":"2026-04-19T19:04:31.960Z","avatar_url":"https://github.com/kiwiproject.png","language":"Java","funding_links":[],"categories":[],"sub_categories":[],"readme":"# Kiwi\n[![Build](https://github.com/kiwiproject/kiwi/actions/workflows/build.yml/badge.svg?branch=main)](https://github.com/kiwiproject/kiwi/actions/workflows/build.yml?query=branch%3Amain)\n[![Quality Gate Status](https://sonarcloud.io/api/project_badges/measure?project=kiwiproject_kiwi\u0026metric=alert_status)](https://sonarcloud.io/dashboard?id=kiwiproject_kiwi)\n[![Coverage](https://sonarcloud.io/api/project_badges/measure?project=kiwiproject_kiwi\u0026metric=coverage)](https://sonarcloud.io/dashboard?id=kiwiproject_kiwi)\n[![CodeQL](https://github.com/kiwiproject/kiwi/actions/workflows/codeql.yml/badge.svg)](https://github.com/kiwiproject/kiwi/actions/workflows/codeql.yml)\n[![javadoc](https://javadoc.io/badge2/org.kiwiproject/kiwi/javadoc.svg)](https://javadoc.io/doc/org.kiwiproject/kiwi)\n[![License: MIT](https://img.shields.io/badge/License-MIT-blue.svg)](https://opensource.org/licenses/MIT)\n[![Maven Central](https://img.shields.io/maven-central/v/org.kiwiproject/kiwi)](https://central.sonatype.com/artifact/org.kiwiproject/kiwi/)\n\nKiwi is a utility library. It contains a variety of utilities that we have built over time and find useful.\nIn general, we look first to either Google Guava or Apache Commons for utilities, but if they don't have something\nwe need, or if what they have isn't exactly what we want, then we'll (probably) add it here.\n\nAlmost all the dependencies in the POM have _provided_ scope, so that we don't bring in a ton of required dependencies.\nThis downside to this is that you must specifically add any required dependencies to your own POM to use a\nspecific feature in Kiwi.\n\nThe only required dependencies are guava, commons-lang3, and slf4j-api. If you use the Maven Enforcer plugin, you could therefore\nrun into dependency convergence errors if the kiwi versions are different from the ones you're using.\n\n## Validation Annotations\n\nAs of kiwi 3.4.0, the validation annotations in the `org.kiwiproject.kiwi.validation` package use Java's\n[ServiceLoader](https://docs.oracle.com/en/java/javase/21/docs/api/java.base/java/util/ServiceLoader.html) mechanism.\nThe constraint implementations are defined in `META-INF/services/jakarta.validation.ConstraintValidator` and\nthe validation message bundle is located in `ContributorValidationMessages.properties`. This allows kiwi to\nprovide its custom constraints without interfering with an application that defines its own constraints and\nmessage bundle in its own `ValidationMessages.properties`.\n\nThe [Hibernate Validator](https://hibernate.org/validator/) reference guide describes this in\n[Constraint definitions via ServiceLoader](https://docs.jboss.org/hibernate/stable/validator/reference/en-US/html_single/#_constraint_definitions_via_serviceloader).\nAnother good resource is [Adding custom constraint definitions via the Java service loader](https://in.relation.to/2017/03/02/adding-custom-constraint-definitions-via-the-java-service-loader/).\n\nIf you are using kiwi's custom constraints _in addition to custom constraints provided by another library_, then\nthis requires some additional configuration, otherwise only one of the `ContributorValidationMessages.properties`\nprovided by each library will be found, and therefore the custom messages for some constraints won't be found\nduring validation. To fix this, all `ContributorValidationMessages.properties` files must be combined into a\nsingle file, for example, using the [Maven Shade plugin](https://maven.apache.org/plugins/maven-shade-plugin/) and an\n[AppendingTransformer](https://maven.apache.org/plugins/maven-shade-plugin/examples/resource-transformers.html#AppendingTransformer):\n\n```xml\n\u003cplugin\u003e\n  \u003cgroupId\u003eorg.apache.maven.plugins\u003c/groupId\u003e\n  \u003cartifactId\u003emaven-shade-plugin\u003c/artifactId\u003e\n  \u003cversion\u003e3.5.3\u003c/version\u003e\n  \u003cexecutions\u003e\n    \u003cexecution\u003e\n      \u003cgoals\u003e\n        \u003cgoal\u003eshade\u003c/goal\u003e\n      \u003c/goals\u003e\n      \u003cconfiguration\u003e\n        \u003ctransformers\u003e\n          \u003ctransformer implementation=\"org.apache.maven.plugins.shade.resource.AppendingTransformer\"\u003e\n            \u003cresource\u003eContributorValidationMessages.properties\u003c/resource\u003e\n          \u003c/transformer\u003e\n        \u003c/transformers\u003e\n      \u003c/configuration\u003e\n    \u003c/execution\u003e\n  \u003c/executions\u003e\n\u003c/plugin\u003e\n```\n\nWith this additional build step, multiple libraries can each provide custom constraints.\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fkiwiproject%2Fkiwi","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fkiwiproject%2Fkiwi","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fkiwiproject%2Fkiwi/lists"}