{"id":13461565,"url":"https://github.com/kubernetes-sigs/kubebuilder","last_synced_at":"2025-09-09T20:45:44.019Z","repository":{"id":37381796,"uuid":"125275487","full_name":"kubernetes-sigs/kubebuilder","owner":"kubernetes-sigs","description":"Kubebuilder - SDK for building Kubernetes APIs using CRDs","archived":false,"fork":false,"pushed_at":"2025-09-06T17:51:25.000Z","size":72992,"stargazers_count":8683,"open_issues_count":62,"forks_count":1586,"subscribers_count":94,"default_branch":"master","last_synced_at":"2025-09-06T19:34:38.420Z","etag":null,"topics":["k8s-sig-api-machinery"],"latest_commit_sha":null,"homepage":"http://book.kubebuilder.io","language":"Go","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/kubernetes-sigs.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":"CONTRIBUTING.md","funding":null,"license":"LICENSE","code_of_conduct":"code-of-conduct.md","threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":".github/SECURITY.md","support":null,"governance":null,"roadmap":"roadmap/README.md","authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":null,"dco":null,"cla":null}},"created_at":"2018-03-14T21:26:14.000Z","updated_at":"2025-09-06T17:51:30.000Z","dependencies_parsed_at":"2024-02-02T14:36:26.192Z","dependency_job_id":"7afd9644-17e6-485a-8a71-b74c20784a6e","html_url":"https://github.com/kubernetes-sigs/kubebuilder","commit_stats":{"total_commits":2292,"total_committers":412,"mean_commits":5.563106796116505,"dds":0.7534904013961605,"last_synced_commit":"423d56bd689f8267fcc1a7f2022df8de43080436"},"previous_names":[],"tags_count":80,"template":false,"template_full_name":null,"purl":"pkg:github/kubernetes-sigs/kubebuilder","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/kubernetes-sigs%2Fkubebuilder","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/kubernetes-sigs%2Fkubebuilder/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/kubernetes-sigs%2Fkubebuilder/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/kubernetes-sigs%2Fkubebuilder/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/kubernetes-sigs","download_url":"https://codeload.github.com/kubernetes-sigs/kubebuilder/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/kubernetes-sigs%2Fkubebuilder/sbom","scorecard":{"id":572650,"data":{"date":"2025-08-11","repo":{"name":"github.com/kubernetes-sigs/kubebuilder","commit":"3ebbb2edbf6bec93a23cc6a1d7e155c955c6c69c"},"scorecard":{"version":"v5.2.1-40-gf6ed084d","commit":"f6ed084d17c9236477efd66e5b258b9d4cc7b389"},"score":6.6,"checks":[{"name":"Code-Review","score":10,"reason":"all changesets reviewed","details":null,"documentation":{"short":"Determines if the project requires human code review before pull requests (aka merge requests) are merged.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#code-review"}},{"name":"Maintained","score":10,"reason":"30 commit(s) and 20 issue activity found in the last 90 days -- score normalized to 10","details":null,"documentation":{"short":"Determines if the project is \"actively maintained\".","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#maintained"}},{"name":"Security-Policy","score":10,"reason":"security policy file detected","details":["Info: security policy file detected: .github/SECURITY.md:1","Info: Found linked content: .github/SECURITY.md:1","Info: Found disclosure, vulnerability, and/or timelines in security policy: .github/SECURITY.md:1","Info: Found text in security policy: .github/SECURITY.md:1"],"documentation":{"short":"Determines if the project has published a security policy.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#security-policy"}},{"name":"CII-Best-Practices","score":0,"reason":"no effort to earn an OpenSSF best practices badge detected","details":null,"documentation":{"short":"Determines if the project has an OpenSSF (formerly CII) Best Practices Badge.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#cii-best-practices"}},{"name":"Dangerous-Workflow","score":10,"reason":"no dangerous workflow patterns detected","details":null,"documentation":{"short":"Determines if the project's GitHub Action workflows avoid dangerous patterns.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#dangerous-workflow"}},{"name":"License","score":10,"reason":"license file detected","details":["Info: project has a license file: LICENSE:0","Info: FSF or OSI recognized license: Apache License 2.0: LICENSE:0"],"documentation":{"short":"Determines if the project has defined a license.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#license"}},{"name":"Pinned-Dependencies","score":0,"reason":"dependency not pinned by hash detected -- score normalized to 0","details":["Info: Possibly incomplete results: error parsing shell code: invalid var name: Makefile:0","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/apidiff.yml:19: update your workflow using https://app.stepsecurity.io/secureworkflow/kubernetes-sigs/kubebuilder/apidiff.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/apidiff.yml:23: update your workflow using https://app.stepsecurity.io/secureworkflow/kubernetes-sigs/kubebuilder/apidiff.yml/master?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/apidiff.yml:27: update your workflow using https://app.stepsecurity.io/secureworkflow/kubernetes-sigs/kubebuilder/apidiff.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/codeql.yml:23: update your workflow using https://app.stepsecurity.io/secureworkflow/kubernetes-sigs/kubebuilder/codeql.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/codeql.yml:26: update your workflow using https://app.stepsecurity.io/secureworkflow/kubernetes-sigs/kubebuilder/codeql.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/codeql.yml:46: update your workflow using https://app.stepsecurity.io/secureworkflow/kubernetes-sigs/kubebuilder/codeql.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/codeql.yml:52: update your workflow using https://app.stepsecurity.io/secureworkflow/kubernetes-sigs/kubebuilder/codeql.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/external-plugin.yml:22: update your workflow using https://app.stepsecurity.io/secureworkflow/kubernetes-sigs/kubebuilder/external-plugin.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/external-plugin.yml:25: update your workflow using https://app.stepsecurity.io/secureworkflow/kubernetes-sigs/kubebuilder/external-plugin.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/legacy-webhook-path.yml:25: update your workflow using https://app.stepsecurity.io/secureworkflow/kubernetes-sigs/kubebuilder/legacy-webhook-path.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/legacy-webhook-path.yml:27: update your workflow using https://app.stepsecurity.io/secureworkflow/kubernetes-sigs/kubebuilder/legacy-webhook-path.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/lint-sample.yml:32: update your workflow using https://app.stepsecurity.io/secureworkflow/kubernetes-sigs/kubebuilder/lint-sample.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/lint-sample.yml:34: update your workflow using https://app.stepsecurity.io/secureworkflow/kubernetes-sigs/kubebuilder/lint-sample.yml/master?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/lint-sample.yml:44: update your workflow using https://app.stepsecurity.io/secureworkflow/kubernetes-sigs/kubebuilder/lint-sample.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/lint.yml:19: update your workflow using https://app.stepsecurity.io/secureworkflow/kubernetes-sigs/kubebuilder/lint.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/lint.yml:21: update your workflow using https://app.stepsecurity.io/secureworkflow/kubernetes-sigs/kubebuilder/lint.yml/master?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/lint.yml:27: update your workflow using https://app.stepsecurity.io/secureworkflow/kubernetes-sigs/kubebuilder/lint.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/lint.yml:34: update your workflow using https://app.stepsecurity.io/secureworkflow/kubernetes-sigs/kubebuilder/lint.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release-version-ci.yml:23: update your workflow using https://app.stepsecurity.io/secureworkflow/kubernetes-sigs/kubebuilder/release-version-ci.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release-version-ci.yml:28: update your workflow using https://app.stepsecurity.io/secureworkflow/kubernetes-sigs/kubebuilder/release-version-ci.yml/master?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/release-version-ci.yml:45: update your workflow using https://app.stepsecurity.io/secureworkflow/kubernetes-sigs/kubebuilder/release-version-ci.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release.yml:16: update your workflow using https://app.stepsecurity.io/secureworkflow/kubernetes-sigs/kubebuilder/release.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release.yml:22: update your workflow using https://app.stepsecurity.io/secureworkflow/kubernetes-sigs/kubebuilder/release.yml/master?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/release.yml:32: update your workflow using https://app.stepsecurity.io/secureworkflow/kubernetes-sigs/kubebuilder/release.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release.yml:39: update your workflow using https://app.stepsecurity.io/secureworkflow/kubernetes-sigs/kubebuilder/release.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/spaces.yml:19: update your workflow using https://app.stepsecurity.io/secureworkflow/kubernetes-sigs/kubebuilder/spaces.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test-alpha-generate.yml:21: update your workflow using https://app.stepsecurity.io/secureworkflow/kubernetes-sigs/kubebuilder/test-alpha-generate.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test-alpha-generate.yml:24: update your workflow using https://app.stepsecurity.io/secureworkflow/kubernetes-sigs/kubebuilder/test-alpha-generate.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test-devcontainer.yml:17: update your workflow using https://app.stepsecurity.io/secureworkflow/kubernetes-sigs/kubebuilder/test-devcontainer.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test-devcontainer.yml:20: update your workflow using https://app.stepsecurity.io/secureworkflow/kubernetes-sigs/kubebuilder/test-devcontainer.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test-devcontainer.yml:25: update your workflow using https://app.stepsecurity.io/secureworkflow/kubernetes-sigs/kubebuilder/test-devcontainer.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test-e2e-book.yml:31: update your workflow using https://app.stepsecurity.io/secureworkflow/kubernetes-sigs/kubebuilder/test-e2e-book.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test-e2e-book.yml:34: update your workflow using https://app.stepsecurity.io/secureworkflow/kubernetes-sigs/kubebuilder/test-e2e-book.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test-e2e-samples.yml:21: update your workflow using https://app.stepsecurity.io/secureworkflow/kubernetes-sigs/kubebuilder/test-e2e-samples.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test-e2e-samples.yml:24: update your workflow using https://app.stepsecurity.io/secureworkflow/kubernetes-sigs/kubebuilder/test-e2e-samples.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test-e2e-samples.yml:60: update your workflow using https://app.stepsecurity.io/secureworkflow/kubernetes-sigs/kubebuilder/test-e2e-samples.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test-e2e-samples.yml:63: update your workflow using https://app.stepsecurity.io/secureworkflow/kubernetes-sigs/kubebuilder/test-e2e-samples.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test-e2e-samples.yml:96: update your workflow using https://app.stepsecurity.io/secureworkflow/kubernetes-sigs/kubebuilder/test-e2e-samples.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test-e2e-samples.yml:99: update your workflow using https://app.stepsecurity.io/secureworkflow/kubernetes-sigs/kubebuilder/test-e2e-samples.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test-helm-book.yml:35: update your workflow using https://app.stepsecurity.io/secureworkflow/kubernetes-sigs/kubebuilder/test-helm-book.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test-helm-book.yml:38: update your workflow using https://app.stepsecurity.io/secureworkflow/kubernetes-sigs/kubebuilder/test-helm-book.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test-helm-samples.yml:21: update your workflow using https://app.stepsecurity.io/secureworkflow/kubernetes-sigs/kubebuilder/test-helm-samples.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test-helm-samples.yml:24: update your workflow using https://app.stepsecurity.io/secureworkflow/kubernetes-sigs/kubebuilder/test-helm-samples.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/testdata.yml:16: update your workflow using https://app.stepsecurity.io/secureworkflow/kubernetes-sigs/kubebuilder/testdata.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/testdata.yml:18: update your workflow using https://app.stepsecurity.io/secureworkflow/kubernetes-sigs/kubebuilder/testdata.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/unit-tests.yml:25: update your workflow using https://app.stepsecurity.io/secureworkflow/kubernetes-sigs/kubebuilder/unit-tests.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/unit-tests.yml:27: update your workflow using https://app.stepsecurity.io/secureworkflow/kubernetes-sigs/kubebuilder/unit-tests.yml/master?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/unit-tests.yml:37: update your workflow using https://app.stepsecurity.io/secureworkflow/kubernetes-sigs/kubebuilder/unit-tests.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/unit-tests.yml:55: update your workflow using https://app.stepsecurity.io/secureworkflow/kubernetes-sigs/kubebuilder/unit-tests.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/unit-tests.yml:57: update your workflow using https://app.stepsecurity.io/secureworkflow/kubernetes-sigs/kubebuilder/unit-tests.yml/master?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/unit-tests.yml:63: update your workflow using https://app.stepsecurity.io/secureworkflow/kubernetes-sigs/kubebuilder/unit-tests.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/verify.yml:13: update your workflow using https://app.stepsecurity.io/secureworkflow/kubernetes-sigs/kubebuilder/verify.yml/master?enable=pin","Warn: goCommand not pinned by hash: test/common.sh:131","Warn: downloadThenRun not pinned by hash: .github/workflows/release-version-ci.yml:41","Warn: downloadThenRun not pinned by hash: .github/workflows/release.yml:29","Warn: npmCommand not pinned by hash: .github/workflows/test-devcontainer.yml:31","Warn: downloadThenRun not pinned by hash: .github/workflows/test-helm-book.yml:63","Warn: downloadThenRun not pinned by hash: .github/workflows/test-helm-samples.yml:49","Info:   0 out of  45 GitHub-owned GitHubAction dependencies pinned","Info:   0 out of   7 third-party GitHubAction dependencies pinned","Info:   1 out of   2 goCommand dependencies pinned","Info:   0 out of   4 downloadThenRun dependencies pinned","Info:   0 out of   1 npmCommand dependencies pinned"],"documentation":{"short":"Determines if the project has declared and pinned the dependencies of its build process.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#pinned-dependencies"}},{"name":"Binary-Artifacts","score":10,"reason":"no binaries found in the repo","details":null,"documentation":{"short":"Determines if the project has generated executable (binary) artifacts in the source repository.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#binary-artifacts"}},{"name":"Fuzzing","score":0,"reason":"project is not fuzzed","details":["Warn: no fuzzer integrations found"],"documentation":{"short":"Determines if the project uses fuzzing.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#fuzzing"}},{"name":"Token-Permissions","score":0,"reason":"detected GitHub workflow tokens with excessive permissions","details":["Info: jobLevel 'packages' permission set to 'read': .github/workflows/codeql.yml:17","Info: jobLevel 'actions' permission set to 'read': .github/workflows/codeql.yml:18","Info: jobLevel 'contents' permission set to 'read': .github/workflows/codeql.yml:19","Warn: no topLevel permission defined: .github/workflows/apidiff.yml:1","Warn: no topLevel permission defined: .github/workflows/codeql.yml:1","Warn: no topLevel permission defined: .github/workflows/external-plugin.yml:1","Warn: no topLevel permission defined: .github/workflows/legacy-webhook-path.yml:1","Warn: no topLevel permission defined: .github/workflows/lint-sample.yml:1","Warn: no topLevel permission defined: .github/workflows/lint.yml:1","Warn: no topLevel permission defined: .github/workflows/release-version-ci.yml:1","Warn: topLevel 'contents' permission set to 'write': .github/workflows/release.yml:8","Warn: no topLevel permission defined: .github/workflows/spaces.yml:1","Warn: no topLevel permission defined: .github/workflows/test-alpha-generate.yml:1","Warn: no topLevel permission defined: .github/workflows/test-devcontainer.yml:1","Warn: no topLevel permission defined: .github/workflows/test-e2e-book.yml:1","Warn: no topLevel permission defined: .github/workflows/test-e2e-samples.yml:1","Warn: no topLevel permission defined: .github/workflows/test-helm-book.yml:1","Warn: no topLevel permission defined: .github/workflows/test-helm-samples.yml:1","Warn: no topLevel permission defined: .github/workflows/testdata.yml:1","Warn: no topLevel permission defined: .github/workflows/unit-tests.yml:1","Warn: no topLevel permission defined: .github/workflows/verify.yml:1","Info: no jobLevel write permissions found"],"documentation":{"short":"Determines if the project's workflows follow the principle of least privilege.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#token-permissions"}},{"name":"Branch-Protection","score":-1,"reason":"internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration","details":null,"documentation":{"short":"Determines if the default and release branches are protected with GitHub's branch protection settings.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#branch-protection"}},{"name":"Signed-Releases","score":0,"reason":"Project has not signed or included provenance with any releases.","details":["Warn: release artifact v4.7.1 not signed: https://api.github.com/repos/kubernetes-sigs/kubebuilder/releases/234979619","Warn: release artifact v4.7.0 not signed: https://api.github.com/repos/kubernetes-sigs/kubebuilder/releases/232147553","Warn: release artifact v4.6.0 not signed: https://api.github.com/repos/kubernetes-sigs/kubebuilder/releases/220819804","Warn: release artifact v4.5.2 not signed: https://api.github.com/repos/kubernetes-sigs/kubebuilder/releases/208505207","Warn: release artifact v4.5.1 not signed: https://api.github.com/repos/kubernetes-sigs/kubebuilder/releases/201774326","Warn: release artifact v4.7.1 does not have provenance: https://api.github.com/repos/kubernetes-sigs/kubebuilder/releases/234979619","Warn: release artifact v4.7.0 does not have provenance: https://api.github.com/repos/kubernetes-sigs/kubebuilder/releases/232147553","Warn: release artifact v4.6.0 does not have provenance: https://api.github.com/repos/kubernetes-sigs/kubebuilder/releases/220819804","Warn: release artifact v4.5.2 does not have provenance: https://api.github.com/repos/kubernetes-sigs/kubebuilder/releases/208505207","Warn: release artifact v4.5.1 does not have provenance: https://api.github.com/repos/kubernetes-sigs/kubebuilder/releases/201774326"],"documentation":{"short":"Determines if the project cryptographically signs release artifacts.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#signed-releases"}},{"name":"Packaging","score":10,"reason":"packaging workflow detected","details":["Info: Project packages its releases by way of GitHub Actions.: .github/workflows/release-version-ci.yml:18"],"documentation":{"short":"Determines if the project is published as a package that others can easily download, install, easily update, and uninstall.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#packaging"}},{"name":"SAST","score":7,"reason":"SAST tool detected but not run on all commits","details":["Info: SAST configuration detected: CodeQL","Warn: 0 commits out of 30 are checked with a SAST tool"],"documentation":{"short":"Determines if the project uses static code analysis.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#sast"}},{"name":"Vulnerabilities","score":10,"reason":"0 existing vulnerabilities detected","details":null,"documentation":{"short":"Determines if the project has open, known unfixed vulnerabilities.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#vulnerabilities"}}]},"last_synced_at":"2025-08-20T16:45:33.171Z","repository_id":37381796,"created_at":"2025-08-20T16:45:33.171Z","updated_at":"2025-08-20T16:45:33.171Z"},"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":274359007,"owners_count":25270683,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","status":"online","status_checked_at":"2025-09-09T02:00:10.223Z","response_time":80,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["k8s-sig-api-machinery"],"created_at":"2024-07-31T11:00:44.580Z","updated_at":"2025-09-09T20:45:44.004Z","avatar_url":"https://github.com/kubernetes-sigs.png","language":"Go","funding_links":[],"categories":["Go","Operator Frameworks","others","Kubernetes Operators"],"sub_categories":[],"readme":"\u003e ⚠️ **IMPORTANT NOTICE:** Images under `gcr.io/kubebuilder/` Will Be Unavailable Soon\n\u003e\n\u003e **If your project uses `gcr.io/kubebuilder/kube-rbac-proxy`** it will be affected.\n\u003e Your project may fail to work if the image cannot be pulled. **You must move as soon as possible**, sometime from early 2025, the GCR will go away.\n\u003e\n\u003e The usage of the project [kube-rbac-proxy](https://github.com/brancz/kube-rbac-proxy) was discontinued from Kubebuilder\n\u003e and replaced for similar protection using `authn/authz` via Controller-Runtime's feature [WithAuthenticationAndAuthorization](https://pkg.go.dev/sigs.k8s.io/controller-runtime@v0.18.4/pkg/metrics/filters#WithAuthenticationAndAuthorization).\n\u003e\n\u003e For more information and guidance see the discussion https://github.com/kubernetes-sigs/kubebuilder/discussions/3907\n\n[![Lint](https://github.com/kubernetes-sigs/kubebuilder/actions/workflows/lint.yml/badge.svg)](https://github.com/kubernetes-sigs/kubebuilder/actions/workflows/lint.yml)\n[![Go Report Card](https://goreportcard.com/badge/sigs.k8s.io/kubebuilder)](https://goreportcard.com/report/sigs.k8s.io/kubebuilder)\n[![Coverage Status](https://coveralls.io/repos/github/kubernetes-sigs/kubebuilder/badge.svg?branch=master)](https://coveralls.io/github/kubernetes-sigs/kubebuilder?branch=master)\n[![Latest release](https://badgen.net/github/release/kubernetes-sigs/kubebuilder)](https://github.com/kubernetes-sigs/kubebuilder/releases)\n\n## Kubebuilder\n\nKubebuilder is a framework for building Kubernetes APIs using [custom resource definitions (CRDs)](https://kubernetes.io/docs/tasks/access-kubernetes-api/extend-api-custom-resource-definitions).\n\nSimilar to web development frameworks such as *Ruby on Rails* and *SpringBoot*,\nKubebuilder increases velocity and reduces the complexity managed by\ndevelopers for rapidly building and publishing Kubernetes APIs in Go.\nIt builds on top of the canonical techniques used to build the core Kubernetes APIs to provide simple abstractions that reduce boilerplate and toil.\n\nKubebuilder does **not** exist as an example to *copy-paste*, but instead provides powerful libraries and tools\nto simplify building and publishing Kubernetes APIs from scratch. It\nprovides a plugin architecture allowing users to take advantage of optional helpers\nand features. To learn more about this see the [Plugin section][plugin-section].\n\nKubebuilder is developed on top of the [controller-runtime][controller-runtime] and [controller-tools][controller-tools] libraries.\n\n### Kubebuilder is also a library\n\nKubebuilder is extensible and can be used as a library in other projects.\n[Operator-SDK][operator-sdk] is a good example of a project that uses Kubebuilder as a library.\n[Operator-SDK][operator-sdk] uses the plugin feature to include non-Go operators _e.g. operator-sdk's Ansible and Helm-based language Operators_.\n\nTo learn more see [how to create your own plugins][your-own-plugins].\n\n### Installation\n\nIt is strongly recommended that you use a released version. Release binaries are available on the [releases](https://github.com/kubernetes-sigs/kubebuilder/releases) page.\nFollow the [instructions](https://book.kubebuilder.io/quick-start.html#installation) to install Kubebuilder.\n\n## Getting Started\n\nSee the [Getting Started](https://book.kubebuilder.io/quick-start.html) documentation.\n\n![Quick Start](docs/gif/kb-demo.v3.11.1.svg)\n\nAlso, ensure that you check out the [Deploy Image](./docs/book/src/plugins/available/deploy-image-plugin-v1-alpha.md)\nPlugin. This plugin allows users to scaffold API/Controllers to deploy and manage an\nOperand (image) on the cluster following the guidelines and best practices. It abstracts the\ncomplexities of achieving this goal while allowing users to customize the generated code.\n\n## Documentation\n\nCheck out the Kubebuilder [book](https://book.kubebuilder.io).\n\n## Resources\n\n- Kubebuilder Book: [book.kubebuilder.io](https://book.kubebuilder.io)\n- GitHub Repo: [kubernetes-sigs/kubebuilder](https://github.com/kubernetes-sigs/kubebuilder)\n- Slack channel: [#kubebuilder](https://kubernetes.slack.com/messages/#kubebuilder)\n- Google Group: [kubebuilder@googlegroups.com](https://groups.google.com/forum/#!forum/kubebuilder)\n- Design Documents: [designs](designs/)\n- Plugin: [plugins][plugin-section]\n\n## Motivation\n\nBuilding Kubernetes tools and APIs involves making a lot of decisions and writing a lot of boilerplate.\n\nTo facilitate easily building Kubernetes APIs and tools using the canonical approach, this framework\nprovides a collection of Kubernetes development tools to minimize toil.\n\nKubebuilder attempts to facilitate the following developer workflow for building APIs\n\n1. Create a new project directory\n2. Create one or more resource APIs as CRDs and then add fields to the resources\n3. Implement reconcile loops in controllers and watch additional resources\n4. Test by running against a cluster (self-installs CRDs and starts controllers automatically)\n5. Update bootstrapped integration tests to test new fields and business logic\n6. Build and publish a container from the provided Dockerfile\n\n## Scope\n\nBuilding APIs using CRDs, Controllers, and Admission Webhooks.\n\n## Philosophy\n\nSee [DESIGN.md](DESIGN.md) for the guiding principles of the various Kubebuilder projects.\n\nTL;DR:\n\nProvide clean library abstractions with clear and well-exampled go docs.\n\n- Prefer using go *interfaces* and *libraries* over-relying on *code generation*\n- Prefer using *code generation* over *1 time init* of stubs\n- Prefer *1 time init* of stubs over forked and modified boilerplate\n- Never fork and modify boilerplate\n\n## Techniques\n\n- Provide higher-level libraries on top of low-level client libraries\n  - Protect developers from breaking changes in low-level libraries\n  - Start minimal and provide progressive discovery of functionality\n  - Provide sane defaults and allow users to override when they exist\n- Provide code generators to maintain common boilerplate that can't be addressed by interfaces\n  - Driven off of `// +` comments\n- Provide bootstrapping commands to initialize new packages\n\n## Versioning and Releasing\n\nSee [VERSIONING.md](VERSIONING.md).\n\n## Troubleshooting\n\n- ### Bugs and Feature Requests:\n  If you have what looks like a bug, or you would like to make a feature request, please use the [Github issue tracking system.](https://github.com/kubernetes-sigs/kubebuilder/issues)\nBefore you file an issue, please search existing issues to see if your issue is already covered.\n\n- ### Slack\n  For real-time discussion,  you can join the [#kubebuilder](https://slack.k8s.io/#kubebuilder) slack channel. Slack requires registration, but the Kubernetes team is an open invitation to anyone to register here. Feel free to come and ask any questions.\n\n## Contributing\n\nContributions are greatly appreciated. The maintainers actively manage the issues list and try to highlight issues suitable for newcomers.\nThe project follows the typical GitHub pull request model. See [CONTRIBUTING.md](CONTRIBUTING.md) for more details.\nBefore starting any work, please either comment on an existing issue or file a new one.\n\n## Operating Systems Supported\n\nCurrently, Kubebuilder officially supports macOS and Linux platforms. If you are using a Windows OS, we recommend you read the instructions in [here](docs/windows.md).\n\nContributions towards supporting Windows are not planned.\n\n## Versions Compatibility and Supportability\n\nProjects created by Kubebuilder contain a `Makefile` that installs tools at versions defined during project creation. The main tools included are:\n\n- [kustomize](https://github.com/kubernetes-sigs/kustomize)\n- [controller-gen](https://github.com/kubernetes-sigs/controller-tools)\n- [setup-envtest](https://github.com/kubernetes-sigs/controller-runtime/tree/main/tools/setup-envtest)\n\nAdditionally, these projects include a `go.mod` file specifying dependency versions.\nKubebuilder relies on [controller-runtime](https://github.com/kubernetes-sigs/controller-runtime) and its Go and Kubernetes dependencies.\nTherefore, the versions defined in the `Makefile` and `go.mod` files are the ones that have been tested, supported, and recommended.\n\nEach minor version of Kubebuilder is tested with a specific minor version of the client-go.\nWhile a Kubebuilder minor version *may* be compatible with other client-go minor versions,\nor other tools this compatibility is not guaranteed, supported, or tested.\n\nThe minimum Go version required by Kubebuilder is determined by the highest minimum\nGo version required by its dependencies. This is usually aligned with the minimum\nGo version required by the corresponding `k8s.io/*` dependencies.\n\nCompatible `k8s.io/*` versions, client-go versions, and minimum Go versions can be found in the `go.mod`\nfile scaffolded for each project for each [tag release](https://github.com/kubernetes-sigs/kubebuilder/tags).\n\n**Example:** For the `4.1.1` release, the minimum Go version compatibility is `1.22`.\nYou can refer to the samples in the testdata directory of the tag released [v4.1.1](https://github.com/kubernetes-sigs/kubebuilder/tree/v4.1.1/testdata),\nsuch as the [go.mod](https://github.com/kubernetes-sigs/kubebuilder/blob/v4.1.1/testdata/project-v4/go.mod#L3) file for `project-v4`. You can also check the versions of the tools supported and\ntested for this release by examining the [Makefile](https://github.com/kubernetes-sigs/kubebuilder/blob/v4.1.1/testdata/project-v4/Makefile#L160-L165).\n\n## Community Meetings\n\nThe following meetings happen biweekly:\n\n- Kubebuilder Meeting\n\nYou are more than welcome to attend. For further info join to [kubebuilder@googlegroups.com](https://groups.google.com/g/kubebuilder).\nEvery month, our team meets on the first Thursday at 11:00 PT (Pacific Time) to discuss our progress and plan for the upcoming weeks.\nPlease note that we have been syncing more frequently offline via Slack lately. However, if you add a topic to the agenda, we will hold the meeting as scheduled.\nAdditionally, we can use this channel to demonstrate new features.\n\n[operator-sdk]: https://github.com/operator-framework/operator-sdk\n[plugin-section]: https://book.kubebuilder.io/plugins/plugins.html\n[controller-runtime]: https://github.com/kubernetes-sigs/controller-runtime\n[your-own-plugins]: https://book.kubebuilder.io/plugins/extending\n[controller-tools]: https://github.com/kubernetes-sigs/controller-tools\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fkubernetes-sigs%2Fkubebuilder","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fkubernetes-sigs%2Fkubebuilder","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fkubernetes-sigs%2Fkubebuilder/lists"}