{"id":15020824,"url":"https://github.com/kong/kong","last_synced_at":"2025-09-09T20:39:02.143Z","repository":{"id":23420547,"uuid":"26783295","full_name":"Kong/kong","owner":"Kong","description":"🦍 The Cloud-Native API Gateway and AI Gateway.","archived":false,"fork":false,"pushed_at":"2025-09-01T02:11:18.000Z","size":95320,"stargazers_count":41697,"open_issues_count":141,"forks_count":4973,"subscribers_count":1022,"default_branch":"master","last_synced_at":"2025-09-06T05:25:34.084Z","etag":null,"topics":["ai","ai-gateway","api-gateway","api-management","apis","artificial-intelligence","cloud-native","devops","kubernetes","kubernetes-ingress","kubernetes-ingress-controller","llm-gateway","llm-ops","luajit","microservice","microservices","nginx","openai-proxy","reverse-proxy","serverless"],"latest_commit_sha":null,"homepage":"https://konghq.com/install/","language":"Lua","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/Kong.png","metadata":{"files":{"readme":"README.md","changelog":"CHANGELOG-OLD.md","contributing":"CONTRIBUTING.md","funding":null,"license":"LICENSE","code_of_conduct":"CODE_OF_CONDUCT.md","threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":"SECURITY.md","support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null}},"created_at":"2014-11-17T23:56:08.000Z","updated_at":"2025-09-06T04:20:16.000Z","dependencies_parsed_at":"2023-10-20T21:03:04.547Z","dependency_job_id":"468f871d-fe7b-403c-84cf-62946b614908","html_url":"https://github.com/Kong/kong","commit_stats":{"total_commits":10030,"total_committers":428,"mean_commits":"23.434579439252335","dds":0.8373878364905284,"last_synced_commit":"096d4756eed3e2b28f7361752bb10d1044642fd3"},"previous_names":["mashape/kong"],"tags_count":176,"template":false,"template_full_name":null,"purl":"pkg:github/Kong/kong","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Kong%2Fkong","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Kong%2Fkong/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Kong%2Fkong/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Kong%2Fkong/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/Kong","download_url":"https://codeload.github.com/Kong/kong/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Kong%2Fkong/sbom","scorecard":{"id":79819,"data":{"date":"2025-08-11","repo":{"name":"github.com/Kong/kong","commit":"acb37df645a1cfd06f638794e61f113088f0d7bd"},"scorecard":{"version":"v5.2.1-40-gf6ed084d","commit":"f6ed084d17c9236477efd66e5b258b9d4cc7b389"},"score":4.9,"checks":[{"name":"Code-Review","score":10,"reason":"all changesets reviewed","details":null,"documentation":{"short":"Determines if the project requires human code review before pull requests (aka merge requests) are merged.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#code-review"}},{"name":"Maintained","score":10,"reason":"30 commit(s) and 3 issue activity found in the last 90 days -- score normalized to 10","details":null,"documentation":{"short":"Determines if the project is \"actively maintained\".","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#maintained"}},{"name":"Security-Policy","score":10,"reason":"security policy file detected","details":["Info: security policy file detected: SECURITY.md:1","Info: Found linked content: SECURITY.md:1","Info: Found disclosure, vulnerability, and/or timelines in security policy: SECURITY.md:1","Info: Found text in security policy: SECURITY.md:1"],"documentation":{"short":"Determines if the project has published a security policy.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#security-policy"}},{"name":"Fuzzing","score":0,"reason":"project is not fuzzed","details":["Warn: no fuzzer integrations found"],"documentation":{"short":"Determines if the project uses fuzzing.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#fuzzing"}},{"name":"License","score":10,"reason":"license file detected","details":["Info: project has a license file: LICENSE:0","Info: FSF or OSI recognized license: Apache License 2.0: LICENSE:0"],"documentation":{"short":"Determines if the project has defined a license.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#license"}},{"name":"CII-Best-Practices","score":2,"reason":"badge detected: InProgress","details":null,"documentation":{"short":"Determines if the project has an OpenSSF (formerly CII) Best Practices Badge.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#cii-best-practices"}},{"name":"Dangerous-Workflow","score":0,"reason":"dangerous workflow patterns detected","details":["Warn: script injection with untrusted input ' github.event.comment.body ': .github/workflows/perf.yml:138","Warn: script injection with untrusted input ' github.event.comment.body ': .github/workflows/perf.yml:138","Warn: script injection with untrusted input ' github.event.comment.body ': .github/workflows/perf.yml:169","Warn: script injection with untrusted input ' github.head_ref ': .github/workflows/perf.yml:169","Warn: script injection with untrusted input ' github.event.comment.body ': .github/workflows/perf.yml:169"],"documentation":{"short":"Determines if the project's GitHub Action workflows avoid dangerous patterns.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#dangerous-workflow"}},{"name":"Token-Permissions","score":0,"reason":"detected GitHub workflow tokens with excessive permissions","details":["Info: jobLevel 'contents' permission set to 'read': .github/workflows/labeler-v2.yml:9","Warn: jobLevel 'contents' permission set to 'write': .github/workflows/release.yml:312","Warn: jobLevel 'contents' permission set to 'write': .github/workflows/update-ngx-wasm-module.yml:15","Warn: no topLevel permission defined: .github/workflows/add-release-pongo.yml:1","Warn: no topLevel permission defined: .github/workflows/ast-grep.yml:1","Warn: no topLevel permission defined: .github/workflows/autodocs.yml:1","Warn: no topLevel permission defined: .github/workflows/backport-fail-bot.yml:1","Warn: topLevel 'contents' permission set to 'write': .github/workflows/backport-v2.yml:6","Warn: topLevel 'actions' permission set to 'write': .github/workflows/backport-v2.yml:8","Warn: no topLevel permission defined: .github/workflows/build.yml:1","Warn: no topLevel permission defined: .github/workflows/build_and_test.yml:1","Warn: no topLevel permission defined: .github/workflows/buildifier.yml:1","Warn: no topLevel permission defined: .github/workflows/changelog-requirement.yml:1","Warn: no topLevel permission defined: .github/workflows/changelog-validation.yml:1","Warn: topLevel 'contents' permission set to 'write': .github/workflows/cherry-picks-v2.yml:8","Warn: no topLevel permission defined: .github/workflows/community-stale.yml:1","Warn: no topLevel permission defined: .github/workflows/copyright-check.yml:1","Warn: no topLevel permission defined: .github/workflows/label-check.yml:1","Warn: no topLevel permission defined: .github/workflows/label-schema.yml:1","Warn: no topLevel permission defined: .github/workflows/labeler-v2.yml:1","Warn: no topLevel permission defined: .github/workflows/openresty-patches-companion.yml:1","Warn: no topLevel permission defined: .github/workflows/perf.yml:1","Warn: no topLevel permission defined: .github/workflows/release.yml:1","Warn: no topLevel permission defined: .github/workflows/update-ngx-wasm-module.yml:1","Warn: no topLevel permission defined: .github/workflows/update-test-runtime-statistics.yml:1","Warn: no topLevel permission defined: .github/workflows/upgrade-tests.yml:1"],"documentation":{"short":"Determines if the project's workflows follow the principle of least privilege.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#token-permissions"}},{"name":"Signed-Releases","score":-1,"reason":"no releases found","details":null,"documentation":{"short":"Determines if the project cryptographically signs release artifacts.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#signed-releases"}},{"name":"Branch-Protection","score":-1,"reason":"internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration","details":null,"documentation":{"short":"Determines if the default and release branches are protected with GitHub's branch protection settings.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#branch-protection"}},{"name":"Binary-Artifacts","score":10,"reason":"no binaries found in the repo","details":null,"documentation":{"short":"Determines if the project has generated executable (binary) artifacts in the source repository.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#binary-artifacts"}},{"name":"Packaging","score":10,"reason":"packaging workflow detected","details":["Info: Project packages its releases by way of GitHub Actions.: .github/workflows/release.yml:305"],"documentation":{"short":"Determines if the project is published as a package that others can easily download, install, easily update, and uninstall.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#packaging"}},{"name":"Pinned-Dependencies","score":5,"reason":"dependency not pinned by hash detected -- score normalized to 5","details":["Info: Possibly incomplete results: error parsing shell code: parameter expansion requires a literal: scripts/dependency_services/up.sh:0","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/add-release-pongo.yml:43: update your workflow using https://app.stepsecurity.io/secureworkflow/Kong/kong/add-release-pongo.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ast-grep.yml:29: update your workflow using https://app.stepsecurity.io/secureworkflow/Kong/kong/ast-grep.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/autodocs.yml:83: update your workflow using https://app.stepsecurity.io/secureworkflow/Kong/kong/autodocs.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/autodocs.yml:89: update your workflow using https://app.stepsecurity.io/secureworkflow/Kong/kong/autodocs.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/autodocs.yml:97: update your workflow using https://app.stepsecurity.io/secureworkflow/Kong/kong/autodocs.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/autodocs.yml:35: update your workflow using https://app.stepsecurity.io/secureworkflow/Kong/kong/autodocs.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/autodocs.yml:38: update your workflow using https://app.stepsecurity.io/secureworkflow/Kong/kong/autodocs.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/autodocs.yml:46: update your workflow using https://app.stepsecurity.io/secureworkflow/Kong/kong/autodocs.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/autodocs.yml:54: update your workflow using https://app.stepsecurity.io/secureworkflow/Kong/kong/autodocs.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/backport-fail-bot.yml:15: update your workflow using https://app.stepsecurity.io/secureworkflow/Kong/kong/backport-fail-bot.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/backport-fail-bot.yml:28: update your workflow using https://app.stepsecurity.io/secureworkflow/Kong/kong/backport-fail-bot.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/backport-v2.yml:15: update your workflow using https://app.stepsecurity.io/secureworkflow/Kong/kong/backport-v2.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build.yml:26: update your workflow using https://app.stepsecurity.io/secureworkflow/Kong/kong/build.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build.yml:34: update your workflow using https://app.stepsecurity.io/secureworkflow/Kong/kong/build.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build.yml:70: update your workflow using https://app.stepsecurity.io/secureworkflow/Kong/kong/build.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build_and_test.yml:46: update your workflow using https://app.stepsecurity.io/secureworkflow/Kong/kong/build_and_test.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build_and_test.yml:91: update your workflow using https://app.stepsecurity.io/secureworkflow/Kong/kong/build_and_test.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build_and_test.yml:95: update your workflow using https://app.stepsecurity.io/secureworkflow/Kong/kong/build_and_test.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build_and_test.yml:139: update your workflow using https://app.stepsecurity.io/secureworkflow/Kong/kong/build_and_test.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build_and_test.yml:158: update your workflow using https://app.stepsecurity.io/secureworkflow/Kong/kong/build_and_test.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build_and_test.yml:232: update your workflow using https://app.stepsecurity.io/secureworkflow/Kong/kong/build_and_test.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build_and_test.yml:236: update your workflow using https://app.stepsecurity.io/secureworkflow/Kong/kong/build_and_test.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build_and_test.yml:245: update your workflow using https://app.stepsecurity.io/secureworkflow/Kong/kong/build_and_test.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build_and_test.yml:306: update your workflow using https://app.stepsecurity.io/secureworkflow/Kong/kong/build_and_test.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build_and_test.yml:323: update your workflow using https://app.stepsecurity.io/secureworkflow/Kong/kong/build_and_test.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build_and_test.yml:329: update your workflow using https://app.stepsecurity.io/secureworkflow/Kong/kong/build_and_test.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build_and_test.yml:359: update your workflow using https://app.stepsecurity.io/secureworkflow/Kong/kong/build_and_test.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build_and_test.yml:367: update your workflow using https://app.stepsecurity.io/secureworkflow/Kong/kong/build_and_test.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build_and_test.yml:375: update your workflow using https://app.stepsecurity.io/secureworkflow/Kong/kong/build_and_test.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build_and_test.yml:382: update your workflow using https://app.stepsecurity.io/secureworkflow/Kong/kong/build_and_test.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build_and_test.yml:409: update your workflow using https://app.stepsecurity.io/secureworkflow/Kong/kong/build_and_test.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build_and_test.yml:413: update your workflow using https://app.stepsecurity.io/secureworkflow/Kong/kong/build_and_test.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build_and_test.yml:446: update your workflow using https://app.stepsecurity.io/secureworkflow/Kong/kong/build_and_test.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build_and_test.yml:453: update your workflow using https://app.stepsecurity.io/secureworkflow/Kong/kong/build_and_test.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build_and_test.yml:474: update your workflow using https://app.stepsecurity.io/secureworkflow/Kong/kong/build_and_test.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build_and_test.yml:483: update your workflow using https://app.stepsecurity.io/secureworkflow/Kong/kong/build_and_test.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/buildifier.yml:28: update your workflow using https://app.stepsecurity.io/secureworkflow/Kong/kong/buildifier.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/changelog-requirement.yml:18: update your workflow using https://app.stepsecurity.io/secureworkflow/Kong/kong/changelog-requirement.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/changelog-validation.yml:12: update your workflow using https://app.stepsecurity.io/secureworkflow/Kong/kong/changelog-validation.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/cherry-picks-v2.yml:29: update your workflow using https://app.stepsecurity.io/secureworkflow/Kong/kong/cherry-picks-v2.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/community-stale.yml:13: update your workflow using https://app.stepsecurity.io/secureworkflow/Kong/kong/community-stale.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/copyright-check.yml:15: update your workflow using https://app.stepsecurity.io/secureworkflow/Kong/kong/copyright-check.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/deck-integration.yml:54: update your workflow using https://app.stepsecurity.io/secureworkflow/Kong/kong/deck-integration.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/deck-integration.yml:60: update your workflow using https://app.stepsecurity.io/secureworkflow/Kong/kong/deck-integration.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/label-community-pr.yml:17: update your workflow using https://app.stepsecurity.io/secureworkflow/Kong/kong/label-community-pr.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/labeler-v2.yml:13: update your workflow using https://app.stepsecurity.io/secureworkflow/Kong/kong/labeler-v2.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/perf.yml:35: update your workflow using https://app.stepsecurity.io/secureworkflow/Kong/kong/perf.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/perf.yml:45: update your workflow using https://app.stepsecurity.io/secureworkflow/Kong/kong/perf.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/perf.yml:68: update your workflow using https://app.stepsecurity.io/secureworkflow/Kong/kong/perf.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/perf.yml:113: update your workflow using https://app.stepsecurity.io/secureworkflow/Kong/kong/perf.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/perf.yml:121: update your workflow using https://app.stepsecurity.io/secureworkflow/Kong/kong/perf.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/perf.yml:254: update your workflow using https://app.stepsecurity.io/secureworkflow/Kong/kong/perf.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/perf.yml:270: update your workflow using https://app.stepsecurity.io/secureworkflow/Kong/kong/perf.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/perf.yml:281: update your workflow using https://app.stepsecurity.io/secureworkflow/Kong/kong/perf.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release.yml:61: update your workflow using https://app.stepsecurity.io/secureworkflow/Kong/kong/release.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release.yml:136: update your workflow using https://app.stepsecurity.io/secureworkflow/Kong/kong/release.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release.yml:168: update your workflow using https://app.stepsecurity.io/secureworkflow/Kong/kong/release.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release.yml:185: update your workflow using https://app.stepsecurity.io/secureworkflow/Kong/kong/release.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release.yml:267: update your workflow using https://app.stepsecurity.io/secureworkflow/Kong/kong/release.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release.yml:284: update your workflow using https://app.stepsecurity.io/secureworkflow/Kong/kong/release.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release.yml:287: update your workflow using https://app.stepsecurity.io/secureworkflow/Kong/kong/release.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release.yml:293: update your workflow using https://app.stepsecurity.io/secureworkflow/Kong/kong/release.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release.yml:320: update your workflow using https://app.stepsecurity.io/secureworkflow/Kong/kong/release.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release.yml:323: update your workflow using https://app.stepsecurity.io/secureworkflow/Kong/kong/release.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release.yml:330: update your workflow using https://app.stepsecurity.io/secureworkflow/Kong/kong/release.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release.yml:421: update your workflow using https://app.stepsecurity.io/secureworkflow/Kong/kong/release.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release.yml:424: update your workflow using https://app.stepsecurity.io/secureworkflow/Kong/kong/release.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release.yml:527: update your workflow using https://app.stepsecurity.io/secureworkflow/Kong/kong/release.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release.yml:530: update your workflow using https://app.stepsecurity.io/secureworkflow/Kong/kong/release.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release.yml:597: update your workflow using https://app.stepsecurity.io/secureworkflow/Kong/kong/release.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/update-ngx-wasm-module.yml:21: update your workflow using https://app.stepsecurity.io/secureworkflow/Kong/kong/update-ngx-wasm-module.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/update-test-runtime-statistics.yml:17: update your workflow using https://app.stepsecurity.io/secureworkflow/Kong/kong/update-test-runtime-statistics.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/upgrade-tests.yml:43: update your workflow using https://app.stepsecurity.io/secureworkflow/Kong/kong/upgrade-tests.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/upgrade-tests.yml:50: update your workflow using https://app.stepsecurity.io/secureworkflow/Kong/kong/upgrade-tests.yml/master?enable=pin","Warn: containerImage not pinned by hash: .devcontainer/Dockerfile:1: pin your Docker image by updating kong/kong:3.0.0-ubuntu to kong/kong:3.0.0-ubuntu@sha256:e076b149f79c17a539020167510bdfab68892122bef13cbd25b57ac42ee5ad21","Warn: containerImage not pinned by hash: build/dockerfiles/deb.Dockerfile:2","Warn: containerImage not pinned by hash: build/dockerfiles/rpm.Dockerfile:2","Warn: containerImage not pinned by hash: scripts/Dockerfile:1","Warn: containerImage not pinned by hash: scripts/Dockerfile:18: pin your Docker image by updating ubuntu:latest to ubuntu:latest@sha256:a08e551cb33850e4740772b38217fc1796a66da2506d312abe51acda354ff061","Warn: downloadThenRun not pinned by hash: scripts/build-wasm-test-filters.sh:48","Warn: pipCommand not pinned by hash: .github/workflows/build_and_test.yml:320","Warn: pipCommand not pinned by hash: .github/workflows/perf.yml:264","Warn: downloadThenRun not pinned by hash: .github/workflows/release.yml:229","Warn: pipCommand not pinned by hash: .github/workflows/release.yml:301","Info:   0 out of  74 GitHub-owned GitHubAction dependencies pinned","Info:  35 out of  35 third-party GitHubAction dependencies pinned","Info:   0 out of   5 containerImage dependencies pinned","Info:   0 out of   2 downloadThenRun dependencies pinned","Info:   0 out of   3 pipCommand dependencies pinned"],"documentation":{"short":"Determines if the project has declared and pinned the dependencies of its build process.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#pinned-dependencies"}},{"name":"Vulnerabilities","score":0,"reason":"21 existing vulnerabilities detected","details":["Warn: Project is vulnerable to: PYSEC-2021-324 / GHSA-22x7-vwh9-5w4g","Warn: Project is vulnerable to: PYSEC-2022-277 / GHSA-2p5h-hpj4-fxgg","Warn: Project is vulnerable to: GHSA-377p-g8gr-5wpg","Warn: Project is vulnerable to: PYSEC-2022-43138 / GHSA-38hf-c37x-32hv","Warn: Project is vulnerable to: PYSEC-2022-276 / GHSA-42vg-2q93-fj6j","Warn: Project is vulnerable to: PYSEC-2022-274 / GHSA-52xx-r3g2-p8jm","Warn: Project is vulnerable to: PYSEC-2022-43140 / GHSA-jvp9-phwp-p738","Warn: Project is vulnerable to: PYSEC-2022-43139 / GHSA-rm2x-hgr8-w343","Warn: Project is vulnerable to: PYSEC-2022-275 / GHSA-x2xx-jw5m-5j86","Warn: Project is vulnerable to: PYSEC-2022-43137","Warn: Project is vulnerable to: GO-2023-2153 / GHSA-m425-mq94-257g / GHSA-qppj-fm5r-hxr3","Warn: Project is vulnerable to: GO-2024-2611 / GHSA-8r3f-844c-mc37","Warn: Project is vulnerable to: RUSTSEC-2019-0036 / RUSTSEC-2020-0036 / GHSA-jq66-xh47-j9f3 / GHSA-r98r-j25q-rmpr","Warn: Project is vulnerable to: RUSTSEC-2024-0421 / GHSA-h97m-ww89-6jmq","Warn: Project is vulnerable to: RUSTSEC-2021-0041 / GHSA-qpgv-g792-wh6x","Warn: Project is vulnerable to: RUSTSEC-2020-0071 / GHSA-wcg3-cvx6-7396","Warn: Project is vulnerable to: PYSEC-2014-14 / GHSA-652x-xj99-gmcc","Warn: Project is vulnerable to: GHSA-9hjg-9r4m-mvj7","Warn: Project is vulnerable to: GHSA-9wx4-h78v-vm56","Warn: Project is vulnerable to: PYSEC-2014-13 / GHSA-cfj3-7x9c-4p3h","Warn: Project is vulnerable to: PYSEC-2018-28 / GHSA-x84v-xcm2-53pg"],"documentation":{"short":"Determines if the project has open, known unfixed vulnerabilities.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#vulnerabilities"}},{"name":"SAST","score":0,"reason":"SAST tool is not run on all commits -- score normalized to 0","details":["Warn: 1 commits out of 30 are checked with a SAST tool"],"documentation":{"short":"Determines if the project uses static code analysis.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#sast"}}]},"last_synced_at":"2025-08-15T05:34:48.284Z","repository_id":23420547,"created_at":"2025-08-15T05:34:48.284Z","updated_at":"2025-08-15T05:34:48.284Z"},"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":274358535,"owners_count":25270679,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","status":"online","status_checked_at":"2025-09-09T02:00:10.223Z","response_time":80,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["ai","ai-gateway","api-gateway","api-management","apis","artificial-intelligence","cloud-native","devops","kubernetes","kubernetes-ingress","kubernetes-ingress-controller","llm-gateway","llm-ops","luajit","microservice","microservices","nginx","openai-proxy","reverse-proxy","serverless"],"created_at":"2024-09-24T19:55:42.379Z","updated_at":"2025-09-09T20:39:02.133Z","avatar_url":"https://github.com/Kong.png","language":"Lua","readme":"[![][kong-logo]][kong-url]\n\n![Stars](https://img.shields.io/github/stars/Kong/kong?style=flat-square) ![GitHub commit activity](https://img.shields.io/github/commit-activity/m/Kong/kong?style=flat-square) ![Docker Pulls](https://img.shields.io/docker/pulls/_/kong?style=flat-square) [![Build Status][badge-action-image]][badge-action-url] ![Version](https://img.shields.io/github/v/release/Kong/kong?color=green\u0026label=Version\u0026style=flat-square)  ![License](https://img.shields.io/badge/License-Apache%202.0-blue?style=flat-square)  ![Twitter Follow](https://img.shields.io/twitter/follow/thekonginc?style=social)\n\n\n**Kong** or **Kong API Gateway** is a cloud-native, platform-agnostic, scalable API Gateway distinguished for its high performance and extensibility via plugins. It also provides advanced AI capabilities with multi-LLM support.\n\nBy providing functionality for proxying, routing, load balancing, health checking, authentication (and [more](#features)), Kong serves as the central layer for orchestrating microservices or conventional API traffic with ease.\n\nKong runs natively on Kubernetes thanks to its official [Kubernetes Ingress Controller](https://github.com/Kong/kubernetes-ingress-controller).\n\n---\n\n[Installation](https://konghq.com/install/#kong-community) | [Documentation](https://docs.konghq.com) | [Discussions](https://github.com/Kong/kong/discussions) | [Forum](https://discuss.konghq.com) | [Blog](https://konghq.com/blog) | [Builds][kong-master-builds] | [Cloud Hosted Kong](https://konghq.com/kong-konnect/)\n\n---\n\n## Getting Started\n\nIf you prefer to use a cloud-hosted Kong, you can [sign up for a free trial of Kong Konnect](https://konghq.com/products/kong-konnect/register?utm_medium=Referral\u0026utm_source=Github\u0026utm_campaign=kong-gateway\u0026utm_content=konnect-promo-in-gateway\u0026utm_term=get-started) and get started in minutes. If not, you can follow the instructions below to get started with Kong on your own infrastructure.\n\nLet’s test drive Kong by adding authentication to an API in under 5 minutes.\n\nWe suggest using the docker-compose distribution via the instructions below, but there is also a [docker installation](https://docs.konghq.com/gateway/latest/install/docker/#install-kong-gateway-in-db-less-mode) procedure if you’d prefer to run the Kong API Gateway in DB-less mode.\n\nWhether you’re running in the cloud, on bare metal, or using containers, you can find every supported distribution on our [official installation](https://konghq.com/install/#kong-community) page.\n\n1) To start, clone the Docker repository and navigate to the compose folder.\n```cmd\n  $ git clone https://github.com/Kong/docker-kong\n  $ cd docker-kong/compose/\n```\n\n2) Start the Gateway stack using:\n```cmd\n  $ KONG_DATABASE=postgres docker-compose --profile database up\n```\n\nThe Gateway is now available on the following ports on localhost:\n\n- `:8000` - send traffic to your service via Kong\n- `:8001` - configure Kong using Admin API or via [decK](https://github.com/kong/deck)\n- `:8002` - access Kong's management Web UI ([Kong Manager](https://github.com/Kong/kong-manager)) on [localhost:8002](http://localhost:8002)\n\nNext, follow the [quick start guide](https://docs.konghq.com/gateway-oss/latest/getting-started/configuring-a-service/\n) to tour the Gateway features.\n\n## Features\n\nBy centralizing common API functionality across all your organization's services, the Kong API Gateway creates more freedom for engineering teams to focus on the challenges that matter most.\n\nThe top Kong features include:\n\n- Advanced routing, load balancing, health checking - all configurable via a RESTful admin API or declarative configuration.\n- Authentication and authorization for APIs using methods like JWT, basic auth, OAuth, ACLs and more.\n- Proxy, SSL/TLS termination, and connectivity support for L4 or L7 traffic.\n- Plugins for enforcing traffic controls, rate limiting, req/res transformations, logging, monitoring and including a plugin developer hub.\n- Plugins for AI traffic to support multi-LLM implementations and no-code AI use cases, with advanced AI prompt engineering, AI observability, AI security and more.\n- Sophisticated deployment models like Declarative Databaseless Deployment and Hybrid Deployment (control plane/data plane separation) without any vendor lock-in.\n- Native [ingress controller](https://github.com/Kong/kubernetes-ingress-controller) support for serving Kubernetes.\n\n[![][kong-benefits]][kong-url]\n\n### Plugin Hub\n\nPlugins provide advanced functionality that extends the use of the Gateway. Many of the Kong Inc. and community-developed plugins like AWS Lambda, Correlation ID, and Response Transformer are showcased at the [Plugin Hub](https://docs.konghq.com/hub/).\n\nContribute to the Plugin Hub and ensure your next innovative idea is published and available to the broader community!\n\n## Contributing\n\nWe ❤️ pull requests, and we’re continually working hard to make it as easy as possible for developers to contribute. Before beginning development with the Kong API Gateway, please familiarize yourself with the following developer resources:\n\n- Community Pledge ([COMMUNITY_PLEDGE.md](COMMUNITY_PLEDGE.md)) for our pledge to interact with you, the open source community.\n- Contributor Guide ([CONTRIBUTING.md](CONTRIBUTING.md)) to learn about how to contribute to Kong.\n- Development Guide ([DEVELOPER.md](DEVELOPER.md)): Setting up your development environment.\n- [CODE_OF_CONDUCT](CODE_OF_CONDUCT.md) and [COPYRIGHT](COPYRIGHT)\n\nUse the [Plugin Development Guide](https://docs.konghq.com/latest/plugin-development/) for building new and creative plugins, or browse the online version of Kong's source code documentation in the [Plugin Development Kit (PDK) Reference](https://docs.konghq.com/latest/pdk/). Developers can build plugins in [Lua](https://docs.konghq.com/gateway/latest/plugin-development/), [Go](https://docs.konghq.com/gateway-oss/latest/external-plugins/#developing-go-plugins) or [JavaScript](https://docs.konghq.com/gateway-oss/latest/external-plugins/#developing-javascript-plugins).\n\n## Releases\n\nPlease see the [Changelog](CHANGELOG.md) for more details about a given release. The [SemVer Specification](https://semver.org) is followed when versioning Gateway releases.\n\n## Join the Community\n\n- Check out the [docs](https://docs.konghq.com/)\n- Join the [Kong discussions forum](https://github.com/Kong/kong/discussions)\n- Join the Kong discussions at the Kong Nation forum: [https://discuss.konghq.com/](https://discuss.konghq.com/)\n- Join our [Community Slack](http://kongcommunity.slack.com/)\n- Read up on the latest happenings at our [blog](https://konghq.com/blog/)\n- Follow us on [X](https://x.com/thekonginc)\n- Subscribe to our [YouTube channel](https://www.youtube.com/c/KongInc/videos)\n- Visit our [homepage](https://konghq.com/) to learn more\n\n## Konnect Cloud\n\nKong Inc. offers commercial subscriptions that enhance the Kong API Gateway in a variety of ways. Customers of Kong's [Konnect Cloud](https://konghq.com/kong-konnect/) subscription take advantage of additional gateway functionality, commercial support, and access to Kong's managed (SaaS) control plane platform. The Konnect Cloud platform features include real-time analytics, a service catalog, developer portals, and so much more! [Get started](https://konghq.com/products/kong-konnect/register?utm_medium=Referral\u0026utm_source=Github\u0026utm_campaign=kong-gateway\u0026utm_content=konnect-promo-in-gateway\u0026utm_term=get-started) with Konnect Cloud.\n\n## License\n\n```\nCopyright 2016-2025 Kong Inc.\n\nLicensed under the Apache License, Version 2.0 (the \"License\");\nyou may not use this file except in compliance with the License.\nYou may obtain a copy of the License at\n\n   https://www.apache.org/licenses/LICENSE-2.0\n\nUnless required by applicable law or agreed to in writing, software\ndistributed under the License is distributed on an \"AS IS\" BASIS,\nWITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\nSee the License for the specific language governing permissions and\nlimitations under the License.\n```\n\n[kong-url]: https://konghq.com/\n[kong-logo]: https://konghq.com/wp-content/uploads/2018/05/kong-logo-github-readme.png\n[kong-benefits]: https://konghq.com/wp-content/uploads/2018/05/kong-benefits-github-readme.png\n[kong-master-builds]: https://hub.docker.com/r/kong/kong/tags\n[badge-action-url]: https://github.com/Kong/kong/actions\n[badge-action-image]: https://github.com/Kong/kong/actions/workflows/build_and_test.yml/badge.svg?branch=master\u0026event=push\n\n[busted]: https://github.com/Olivine-Labs/busted\n[luacheck]: https://github.com/mpeterv/luacheck\n","funding_links":[],"categories":["Capabilities"],"sub_categories":["API Gateways / Edge Services"],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fkong%2Fkong","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fkong%2Fkong","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fkong%2Fkong/lists"}