{"id":13461414,"url":"https://github.com/loft-sh/vcluster","last_synced_at":"2026-03-16T02:03:00.278Z","repository":{"id":36958682,"uuid":"355946670","full_name":"loft-sh/vcluster","owner":"loft-sh","description":"vCluster - Create fully functional virtual Kubernetes clusters - Each vcluster runs inside a namespace of the underlying k8s cluster. It's cheaper than creating separate full-blown clusters and it offers better multi-tenancy and isolation than regular namespaces.","archived":false,"fork":false,"pushed_at":"2026-01-16T23:06:47.000Z","size":106768,"stargazers_count":10834,"open_issues_count":119,"forks_count":548,"subscribers_count":51,"default_branch":"main","last_synced_at":"2026-01-17T05:09:40.545Z","etag":null,"topics":["cloud-native","helm","k3s","k8s","kubectl","kubernetes","multi-tenancy","platform-engineering","vcluster","virtual-clusters"],"latest_commit_sha":null,"homepage":"https://www.vcluster.com","language":"Go","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/loft-sh.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":"CONTRIBUTING.md","funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":".github/CODEOWNERS","security":".github/SECURITY.md","support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":null,"dco":null,"cla":null}},"created_at":"2021-04-08T14:47:46.000Z","updated_at":"2026-01-17T00:32:44.000Z","dependencies_parsed_at":"2026-01-12T12:03:02.838Z","dependency_job_id":null,"html_url":"https://github.com/loft-sh/vcluster","commit_stats":{"total_commits":1978,"total_committers":147,"mean_commits":13.45578231292517,"dds":0.6941354903943378,"last_synced_commit":"6143e2233c9c1a3bbd0d6e16c041217092f0019b"},"previous_names":[],"tags_count":551,"template":false,"template_full_name":null,"purl":"pkg:github/loft-sh/vcluster","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/loft-sh%2Fvcluster","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/loft-sh%2Fvcluster/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/loft-sh%2Fvcluster/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/loft-sh%2Fvcluster/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/loft-sh","download_url":"https://codeload.github.com/loft-sh/vcluster/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/loft-sh%2Fvcluster/sbom","scorecard":{"id":596987,"data":{"date":"2025-08-11","repo":{"name":"github.com/loft-sh/vcluster","commit":"7d2bcf18df2757f216f0b88922a37a7862d370e5"},"scorecard":{"version":"v5.2.1-40-gf6ed084d","commit":"f6ed084d17c9236477efd66e5b258b9d4cc7b389"},"score":6.6,"checks":[{"name":"Maintained","score":10,"reason":"30 commit(s) and 2 issue activity found in the last 90 days -- score normalized to 10","details":null,"documentation":{"short":"Determines if the project is \"actively maintained\".","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#maintained"}},{"name":"Code-Review","score":10,"reason":"all changesets reviewed","details":null,"documentation":{"short":"Determines if the project requires human code review before pull requests (aka merge requests) are merged.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#code-review"}},{"name":"Security-Policy","score":10,"reason":"security policy file detected","details":["Info: security policy file detected: .github/SECURITY.md:1","Info: Found linked content: .github/SECURITY.md:1","Info: Found disclosure, vulnerability, and/or timelines in security policy: .github/SECURITY.md:1","Info: Found text in security policy: .github/SECURITY.md:1"],"documentation":{"short":"Determines if the project has published a security policy.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#security-policy"}},{"name":"Dangerous-Workflow","score":10,"reason":"no dangerous workflow patterns detected","details":null,"documentation":{"short":"Determines if the project's GitHub Action workflows avoid dangerous patterns.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#dangerous-workflow"}},{"name":"CII-Best-Practices","score":0,"reason":"no effort to earn an OpenSSF best practices badge detected","details":null,"documentation":{"short":"Determines if the project has an OpenSSF (formerly CII) Best Practices Badge.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#cii-best-practices"}},{"name":"Token-Permissions","score":0,"reason":"detected GitHub workflow tokens with excessive permissions","details":["Info: jobLevel 'contents' permission set to 'read': .github/workflows/e2e.yaml:260","Info: jobLevel 'contents' permission set to 'read': .github/workflows/push-head-images.yaml:14","Info: jobLevel 'contents' permission set to 'read': .github/workflows/push-head-images.yaml:30","Info: jobLevel 'contents' permission set to 'read': .github/workflows/push-head-images.yaml:50","Info: topLevel 'contents' permission set to 'read': .github/workflows/actionlint.yml:9","Warn: no topLevel permission defined: .github/workflows/backport.yaml:1","Warn: no topLevel permission defined: .github/workflows/e2e.yaml:1","Warn: no topLevel permission defined: .github/workflows/go-licenses-check.yaml:1","Warn: no topLevel permission defined: .github/workflows/go-licenses.yaml:1","Warn: no topLevel permission defined: .github/workflows/lint.yaml:1","Warn: no topLevel permission defined: .github/workflows/notify-release.yaml:1","Warn: no topLevel permission defined: .github/workflows/publish-chart.yaml:1","Warn: no topLevel permission defined: .github/workflows/push-head-images.yaml:1","Warn: no topLevel permission defined: .github/workflows/release.yaml:1","Warn: no topLevel permission defined: .github/workflows/sync-config-schema.yaml:1","Warn: no topLevel permission defined: .github/workflows/unit-tests.yaml:1","Warn: no topLevel permission defined: .github/workflows/update-cache.yaml:1","Warn: topLevel 'contents' permission set to 'write': .github/workflows/update-platform-minimum-version.yaml:9","Info: no jobLevel write permissions found"],"documentation":{"short":"Determines if the project's workflows follow the principle of least privilege.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#token-permissions"}},{"name":"License","score":10,"reason":"license file detected","details":["Info: project has a license file: LICENSE:0","Info: FSF or OSI recognized license: Apache License 2.0: LICENSE:0"],"documentation":{"short":"Determines if the project has defined a license.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#license"}},{"name":"Fuzzing","score":0,"reason":"project is not fuzzed","details":["Warn: no fuzzer integrations found"],"documentation":{"short":"Determines if the project uses fuzzing.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#fuzzing"}},{"name":"Signed-Releases","score":8,"reason":"5 out of the last 5 releases have a total of 5 signed artifacts.","details":["Info: signed release artifact: checksums.txt.sig: https://github.com/loft-sh/vcluster/releases/tag/v0.28.0-alpha.6","Info: signed release artifact: checksums.txt.sig: https://github.com/loft-sh/vcluster/releases/tag/v0.28.0-alpha.5","Info: signed release artifact: checksums.txt.sig: https://github.com/loft-sh/vcluster/releases/tag/v0.28.0-alpha.4","Info: signed release artifact: checksums.txt.sig: https://github.com/loft-sh/vcluster/releases/tag/v0.28.0-alpha.3","Info: signed release artifact: checksums.txt.sig: https://github.com/loft-sh/vcluster/releases/tag/v0.28.0-alpha.2","Warn: release artifact v0.28.0-alpha.6 does not have provenance: https://api.github.com/repos/loft-sh/vcluster/releases/240295043","Warn: release artifact v0.28.0-alpha.5 does not have provenance: https://api.github.com/repos/loft-sh/vcluster/releases/240182057","Warn: release artifact v0.28.0-alpha.4 does not have provenance: https://api.github.com/repos/loft-sh/vcluster/releases/240057521","Warn: release artifact v0.28.0-alpha.3 does not have provenance: https://api.github.com/repos/loft-sh/vcluster/releases/239803170","Warn: release artifact v0.28.0-alpha.2 does not have provenance: https://api.github.com/repos/loft-sh/vcluster/releases/239699344"],"documentation":{"short":"Determines if the project cryptographically signs release artifacts.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#signed-releases"}},{"name":"Branch-Protection","score":-1,"reason":"internal error: error during GetBranch(v0.27): error during branchesHandler.query: internal error: githubv4.Query: Resource not accessible by integration","details":null,"documentation":{"short":"Determines if the default and release branches are protected with GitHub's branch protection settings.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#branch-protection"}},{"name":"Packaging","score":10,"reason":"packaging workflow detected","details":["Info: Project packages its releases by way of GitHub Actions.: .github/workflows/e2e.yaml:35"],"documentation":{"short":"Determines if the project is published as a package that others can easily download, install, easily update, and uninstall.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#packaging"}},{"name":"Binary-Artifacts","score":10,"reason":"no binaries found in the repo","details":null,"documentation":{"short":"Determines if the project has generated executable (binary) artifacts in the source repository.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#binary-artifacts"}},{"name":"SAST","score":2,"reason":"SAST tool is not run on all commits -- score normalized to 2","details":["Warn: 6 commits out of 30 are checked with a SAST tool"],"documentation":{"short":"Determines if the project uses static code analysis.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#sast"}},{"name":"Vulnerabilities","score":6,"reason":"4 existing vulnerabilities detected","details":["Warn: Project is vulnerable to: GO-2025-3774 / GHSA-hj2p-8wj8-pfq4","Warn: Project is vulnerable to: GO-2025-3521","Warn: Project is vulnerable to: GO-2025-3547","Warn: Project is vulnerable to: GO-2025-3488 / GHSA-6v2p-p543-phr9"],"documentation":{"short":"Determines if the project has open, known unfixed vulnerabilities.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#vulnerabilities"}},{"name":"Pinned-Dependencies","score":0,"reason":"dependency not pinned by hash detected -- score normalized to 0","details":["Info: Possibly incomplete results: error parsing shell code: \"foo(\" must be followed by ): vendor/sigs.k8s.io/controller-runtime/Makefile:0","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/actionlint.yml:18: update your workflow using https://app.stepsecurity.io/secureworkflow/loft-sh/vcluster/actionlint.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/actionlint.yml:24: update your workflow using https://app.stepsecurity.io/secureworkflow/loft-sh/vcluster/actionlint.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/actionlint.yml:30: update your workflow using https://app.stepsecurity.io/secureworkflow/loft-sh/vcluster/actionlint.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/backport.yaml:22: update your workflow using https://app.stepsecurity.io/secureworkflow/loft-sh/vcluster/backport.yaml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/backport.yaml:27: update your workflow using https://app.stepsecurity.io/secureworkflow/loft-sh/vcluster/backport.yaml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/backport.yaml:30: update your workflow using https://app.stepsecurity.io/secureworkflow/loft-sh/vcluster/backport.yaml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/e2e.yaml:87: update your workflow using https://app.stepsecurity.io/secureworkflow/loft-sh/vcluster/e2e.yaml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/e2e.yaml:104: update your workflow using https://app.stepsecurity.io/secureworkflow/loft-sh/vcluster/e2e.yaml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/e2e.yaml:106: update your workflow using https://app.stepsecurity.io/secureworkflow/loft-sh/vcluster/e2e.yaml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/e2e.yaml:112: update your workflow using https://app.stepsecurity.io/secureworkflow/loft-sh/vcluster/e2e.yaml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/e2e.yaml:127: update your workflow using https://app.stepsecurity.io/secureworkflow/loft-sh/vcluster/e2e.yaml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/e2e.yaml:132: update your workflow using https://app.stepsecurity.io/secureworkflow/loft-sh/vcluster/e2e.yaml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/e2e.yaml:159: update your workflow using https://app.stepsecurity.io/secureworkflow/loft-sh/vcluster/e2e.yaml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/e2e.yaml:177: update your workflow using https://app.stepsecurity.io/secureworkflow/loft-sh/vcluster/e2e.yaml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/e2e.yaml:179: update your workflow using https://app.stepsecurity.io/secureworkflow/loft-sh/vcluster/e2e.yaml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/e2e.yaml:185: update your workflow using https://app.stepsecurity.io/secureworkflow/loft-sh/vcluster/e2e.yaml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/e2e.yaml:200: update your workflow using https://app.stepsecurity.io/secureworkflow/loft-sh/vcluster/e2e.yaml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/e2e.yaml:206: update your workflow using https://app.stepsecurity.io/secureworkflow/loft-sh/vcluster/e2e.yaml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/e2e.yaml:211: update your workflow using https://app.stepsecurity.io/secureworkflow/loft-sh/vcluster/e2e.yaml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/e2e.yaml:285: update your workflow using https://app.stepsecurity.io/secureworkflow/loft-sh/vcluster/e2e.yaml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/e2e.yaml:288: update your workflow using https://app.stepsecurity.io/secureworkflow/loft-sh/vcluster/e2e.yaml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/e2e.yaml:292: update your workflow using https://app.stepsecurity.io/secureworkflow/loft-sh/vcluster/e2e.yaml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/e2e.yaml:298: update your workflow using https://app.stepsecurity.io/secureworkflow/loft-sh/vcluster/e2e.yaml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/e2e.yaml:313: update your workflow using https://app.stepsecurity.io/secureworkflow/loft-sh/vcluster/e2e.yaml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/e2e.yaml:318: update your workflow using https://app.stepsecurity.io/secureworkflow/loft-sh/vcluster/e2e.yaml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/e2e.yaml:40: update your workflow using https://app.stepsecurity.io/secureworkflow/loft-sh/vcluster/e2e.yaml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/e2e.yaml:47: update your workflow using https://app.stepsecurity.io/secureworkflow/loft-sh/vcluster/e2e.yaml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/e2e.yaml:52: update your workflow using https://app.stepsecurity.io/secureworkflow/loft-sh/vcluster/e2e.yaml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/e2e.yaml:70: update your workflow using https://app.stepsecurity.io/secureworkflow/loft-sh/vcluster/e2e.yaml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/e2e.yaml:77: update your workflow using https://app.stepsecurity.io/secureworkflow/loft-sh/vcluster/e2e.yaml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/go-licenses-check.yaml:22: update your workflow using https://app.stepsecurity.io/secureworkflow/loft-sh/vcluster/go-licenses-check.yaml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/go-licenses-check.yaml:25: update your workflow using https://app.stepsecurity.io/secureworkflow/loft-sh/vcluster/go-licenses-check.yaml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/go-licenses.yaml:23: update your workflow using https://app.stepsecurity.io/secureworkflow/loft-sh/vcluster/go-licenses.yaml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/go-licenses.yaml:26: update your workflow using https://app.stepsecurity.io/secureworkflow/loft-sh/vcluster/go-licenses.yaml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/go-licenses.yaml:38: update your workflow using https://app.stepsecurity.io/secureworkflow/loft-sh/vcluster/go-licenses.yaml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/lint.yaml:25: update your workflow using https://app.stepsecurity.io/secureworkflow/loft-sh/vcluster/lint.yaml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/lint.yaml:42: update your workflow using https://app.stepsecurity.io/secureworkflow/loft-sh/vcluster/lint.yaml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/lint.yaml:68: update your workflow using https://app.stepsecurity.io/secureworkflow/loft-sh/vcluster/lint.yaml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/notify-release.yaml:23: update your workflow using https://app.stepsecurity.io/secureworkflow/loft-sh/vcluster/notify-release.yaml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/notify-release.yaml:62: update your workflow using https://app.stepsecurity.io/secureworkflow/loft-sh/vcluster/notify-release.yaml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/publish-chart.yaml:23: update your workflow using https://app.stepsecurity.io/secureworkflow/loft-sh/vcluster/publish-chart.yaml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/publish-chart.yaml:29: update your workflow using https://app.stepsecurity.io/secureworkflow/loft-sh/vcluster/publish-chart.yaml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/publish-chart.yaml:32: update your workflow using https://app.stepsecurity.io/secureworkflow/loft-sh/vcluster/publish-chart.yaml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/push-head-images.yaml:17: update your workflow using https://app.stepsecurity.io/secureworkflow/loft-sh/vcluster/push-head-images.yaml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/push-head-images.yaml:33: update your workflow using https://app.stepsecurity.io/secureworkflow/loft-sh/vcluster/push-head-images.yaml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/push-head-images.yaml:35: update your workflow using https://app.stepsecurity.io/secureworkflow/loft-sh/vcluster/push-head-images.yaml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/push-head-images.yaml:55: update your workflow using https://app.stepsecurity.io/secureworkflow/loft-sh/vcluster/push-head-images.yaml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/push-head-images.yaml:60: update your workflow using https://app.stepsecurity.io/secureworkflow/loft-sh/vcluster/push-head-images.yaml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/push-head-images.yaml:66: update your workflow using https://app.stepsecurity.io/secureworkflow/loft-sh/vcluster/push-head-images.yaml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/push-head-images.yaml:69: update your workflow using https://app.stepsecurity.io/secureworkflow/loft-sh/vcluster/push-head-images.yaml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/push-head-images.yaml:72: update your workflow using https://app.stepsecurity.io/secureworkflow/loft-sh/vcluster/push-head-images.yaml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/push-head-images.yaml:75: update your workflow using https://app.stepsecurity.io/secureworkflow/loft-sh/vcluster/push-head-images.yaml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/push-head-images.yaml:80: update your workflow using https://app.stepsecurity.io/secureworkflow/loft-sh/vcluster/push-head-images.yaml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/push-head-images.yaml:87: update your workflow using https://app.stepsecurity.io/secureworkflow/loft-sh/vcluster/push-head-images.yaml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release.yaml:32: update your workflow using https://app.stepsecurity.io/secureworkflow/loft-sh/vcluster/release.yaml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release.yaml:37: update your workflow using https://app.stepsecurity.io/secureworkflow/loft-sh/vcluster/release.yaml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/release.yaml:42: update your workflow using https://app.stepsecurity.io/secureworkflow/loft-sh/vcluster/release.yaml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/release.yaml:44: update your workflow using https://app.stepsecurity.io/secureworkflow/loft-sh/vcluster/release.yaml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/release.yaml:48: update your workflow using https://app.stepsecurity.io/secureworkflow/loft-sh/vcluster/release.yaml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/release.yaml:50: update your workflow using https://app.stepsecurity.io/secureworkflow/loft-sh/vcluster/release.yaml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/release.yaml:52: update your workflow using https://app.stepsecurity.io/secureworkflow/loft-sh/vcluster/release.yaml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/release.yaml:53: update your workflow using https://app.stepsecurity.io/secureworkflow/loft-sh/vcluster/release.yaml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/release.yaml:63: update your workflow using https://app.stepsecurity.io/secureworkflow/loft-sh/vcluster/release.yaml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/release.yaml:67: update your workflow using https://app.stepsecurity.io/secureworkflow/loft-sh/vcluster/release.yaml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/release.yaml:72: update your workflow using https://app.stepsecurity.io/secureworkflow/loft-sh/vcluster/release.yaml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/release.yaml:77: update your workflow using https://app.stepsecurity.io/secureworkflow/loft-sh/vcluster/release.yaml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release.yaml:87: update your workflow using https://app.stepsecurity.io/secureworkflow/loft-sh/vcluster/release.yaml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/release.yaml:92: update your workflow using https://app.stepsecurity.io/secureworkflow/loft-sh/vcluster/release.yaml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release.yaml:98: update your workflow using https://app.stepsecurity.io/secureworkflow/loft-sh/vcluster/release.yaml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release.yaml:135: update your workflow using https://app.stepsecurity.io/secureworkflow/loft-sh/vcluster/release.yaml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release.yaml:136: update your workflow using https://app.stepsecurity.io/secureworkflow/loft-sh/vcluster/release.yaml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/sync-config-schema.yaml:54: update your workflow using https://app.stepsecurity.io/secureworkflow/loft-sh/vcluster/sync-config-schema.yaml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/sync-config-schema.yaml:71: update your workflow using https://app.stepsecurity.io/secureworkflow/loft-sh/vcluster/sync-config-schema.yaml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/unit-tests.yaml:44: update your workflow using https://app.stepsecurity.io/secureworkflow/loft-sh/vcluster/unit-tests.yaml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/unit-tests.yaml:46: update your workflow using https://app.stepsecurity.io/secureworkflow/loft-sh/vcluster/unit-tests.yaml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/unit-tests.yaml:30: update your workflow using https://app.stepsecurity.io/secureworkflow/loft-sh/vcluster/unit-tests.yaml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/update-cache.yaml:20: update your workflow using https://app.stepsecurity.io/secureworkflow/loft-sh/vcluster/update-cache.yaml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/update-cache.yaml:27: update your workflow using https://app.stepsecurity.io/secureworkflow/loft-sh/vcluster/update-cache.yaml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/update-cache.yaml:33: update your workflow using https://app.stepsecurity.io/secureworkflow/loft-sh/vcluster/update-cache.yaml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/update-platform-minimum-version.yaml:17: update your workflow using https://app.stepsecurity.io/secureworkflow/loft-sh/vcluster/update-platform-minimum-version.yaml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/update-platform-minimum-version.yaml:37: update your workflow using https://app.stepsecurity.io/secureworkflow/loft-sh/vcluster/update-platform-minimum-version.yaml/main?enable=pin","Warn: containerImage not pinned by hash: .devcontainer/Dockerfile:1: pin your Docker image by updating mcr.microsoft.com/devcontainers/go:1.22-bullseye to mcr.microsoft.com/devcontainers/go:1.22-bullseye@sha256:f2d2a2bf200bb2de430a9eb4115fa87ae5d665a39539a2d5dee868227f786531","Warn: containerImage not pinned by hash: Dockerfile:2","Warn: containerImage not pinned by hash: Dockerfile:5","Warn: containerImage not pinned by hash: Dockerfile:60: pin your Docker image by updating alpine:3.22 to alpine:3.22@sha256:4bcff63911fcb4448bd4fdacec207030997caf25e9bea4045fa6c8c44de311d1","Warn: containerImage not pinned by hash: Dockerfile.cli:1","Warn: containerImage not pinned by hash: Dockerfile.cli:36: pin your Docker image by updating alpine:3.22 to alpine:3.22@sha256:4bcff63911fcb4448bd4fdacec207030997caf25e9bea4045fa6c8c44de311d1","Warn: containerImage not pinned by hash: Dockerfile.cli.release:2: pin your Docker image by updating alpine:3.22 to alpine:3.22@sha256:4bcff63911fcb4448bd4fdacec207030997caf25e9bea4045fa6c8c44de311d1","Warn: containerImage not pinned by hash: Dockerfile.release:2","Warn: containerImage not pinned by hash: Dockerfile.release:5","Warn: containerImage not pinned by hash: Dockerfile.release:21: pin your Docker image by updating alpine:3.22 to alpine:3.22@sha256:4bcff63911fcb4448bd4fdacec207030997caf25e9bea4045fa6c8c44de311d1","Warn: goCommand not pinned by hash: Dockerfile:21","Warn: goCommand not pinned by hash: vendor/github.com/json-iterator/go/build.sh:10","Warn: goCommand not pinned by hash: vendor/modernc.org/sqlite/tpch.sh:6","Warn: goCommand not pinned by hash: .github/workflows/e2e.yaml:217","Info:   0 out of  46 GitHub-owned GitHubAction dependencies pinned","Info:   0 out of  35 third-party GitHubAction dependencies pinned","Info:   0 out of  10 containerImage dependencies pinned","Info:   2 out of   6 goCommand dependencies pinned"],"documentation":{"short":"Determines if the project has declared and pinned the dependencies of its build process.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#pinned-dependencies"}}]},"last_synced_at":"2025-08-20T23:22:44.601Z","repository_id":36958682,"created_at":"2025-08-20T23:22:44.601Z","updated_at":"2025-08-20T23:22:44.601Z"},"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":28571556,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-01-19T12:50:50.164Z","status":"ssl_error","status_checked_at":"2026-01-19T12:50:42.704Z","response_time":67,"last_error":"SSL_connect returned=1 errno=0 peeraddr=140.82.121.5:443 state=error: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["cloud-native","helm","k3s","k8s","kubectl","kubernetes","multi-tenancy","platform-engineering","vcluster","virtual-clusters"],"created_at":"2024-07-31T11:00:38.365Z","updated_at":"2026-01-19T14:01:45.259Z","avatar_url":"https://github.com/loft-sh.png","language":"Go","readme":"\u003cdiv align=\"center\"\u003e\n  \u003ca href=\"https://www.vcluster.com\" target=\"_blank\"\u003e\n\n\n\u003cpicture\u003e\n      \u003c!-- For Dark Mode --\u003e\n      \u003csource media=\"(prefers-color-scheme: dark)\" srcset=\"docs/static/media/vcluster_horizontal_orange_white.svg\"\u003e\n      \u003c!-- For Light Mode --\u003e\n      \u003csource media=\"(prefers-color-scheme: light)\" srcset=\"docs/static/media/vcluster_horizontal_orange_black.svg\"\u003e\n      \u003c!-- Fallback --\u003e\n      \u003cimg alt=\"vCluster Logo\" src=\"docs/static/media/vcluster_horizontal_orange_white.svg\" width=\"600\"\u003e\n\u003c/picture\u003e\t  \n\n  \u003c/a\u003e\n\u003c/div\u003e\n\n\u003cdiv align=\"center\"\u003e\n\n### **[Website](https://www.vcluster.com)** • **[Quickstart](https://www.vcluster.com/docs/get-started/)** • **[Documentation](https://www.vcluster.com/docs/what-are-virtual-clusters)** • **[Blog](https://loft.sh/blog)** • **[Twitter](https://x.com/vcluster)** • **[Slack](https://slack.loft.sh/)**\n\n\u003c/div\u003e\n\n\n\n---\n\n### 🚀 Get Started Quickly!\n\nDeploy your first virtual cluster with minimal effort:\n\n```bash\nbrew install loft-sh/tap/vcluster\nvcluster create my-vcluster --namespace team-x\n```\n\nhttps://github.com/user-attachments/assets/d97c21ae-5d23-499c-a1e8-e8d784493be4\n\nFor detailed steps, visit our [Quickstart Documentation](https://www.vcluster.com/docs/get-started).\n\n---\n\n### 🌟Why vCluster?\n\n\u003cdetails\u003e\n\u003csummary\u003e\u003cstrong\u003eRobust Security and Isolation\u003c/strong\u003e\u003c/summary\u003e\n\n- **Granular Permissions**:  \n  vCluster users operate with minimized permissions in the host cluster, significantly reducing the risk of privileged access misuse. Within their vCluster, users have admin-level control, enabling them to manage CRDs, RBAC, and other security policies independently.\n\n- **Isolated Control Plane**:  \n  Each vCluster comes with its own dedicated API server and control plane, creating a strong isolation boundary.\n\n- **Customizable Security Policies**:  \n  Tenants can implement additional vCluster-specific governance, including OPA policies, network policies, resource quotas, limit ranges, and admission control, in addition to the existing policies and security measures in the underlying physical host cluster.\n\n- **Enhanced Data Protection**:  \n  With options for separate backing stores, including embedded SQLite, etcd, or external databases, virtual clusters allow for isolated data management, reducing the risk of data leakage between tenants.\n\n\u003c/details\u003e\n\n\u003cdetails\u003e\n\u003csummary\u003e\u003cstrong\u003eAccess for Tenants\u003c/strong\u003e\u003c/summary\u003e\n\n- **Full Admin Access per Tenant**:  \n  Tenants can freely deploy CRDs, create namespaces, taint, and label nodes, and manage cluster-scoped resources typically restricted in standard Kubernetes namespaces.\n\n- **Isolated yet Integrated Networking**:  \n  While ensuring automatic isolation (for example, pods in different virtual clusters cannot communicate by default), vCluster allows for configurable network policies and service sharing, supporting both separation and sharing as needed.\n\n- **Node Management**:  \n  Assign static nodes to specific virtual clusters or share node pools among multiple virtual clusters, providing flexibility in resource allocation.\n\n\u003c/details\u003e\n\n\u003cdetails\u003e\n\u003csummary\u003e\u003cstrong\u003eCost-Effectiveness and Reduced Overhead\u003c/strong\u003e\u003c/summary\u003e\n\n- **Lightweight Infrastructure**:  \n  Virtual clusters are significantly more lightweight than physical clusters, able to spin up in seconds, which contrasts sharply with the lengthy provisioning times often seen in environments like EKS (~45 minutes).\n\n- **Resource Efficiency**:  \n  By sharing the underlying host cluster's resources, virtual clusters minimize the need for additional physical infrastructure, reducing costs and environmental impact.\n\n- **Simplified Management**:  \n  The vCluster control plane, running inside a single pod, along with optional integrated CoreDNS, minimizes the operational overhead, making virtual clusters especially suitable for large-scale deployments and multi-tenancy scenarios.\n\n\u003c/details\u003e\n\n\u003cdetails\u003e\n\u003csummary\u003e\u003cstrong\u003eEnhanced Flexibility and Compatibility\u003c/strong\u003e\u003c/summary\u003e\n\n- **Diverse Kubernetes Environments**:  \n  vCluster supports different Kubernetes versions and distributions (including K8s, K3s, and K0s), allowing version skews. This makes it possible to tailor each virtual cluster to specific requirements without impacting others.\n\n- **Adaptable Backing Stores**:  \n  Choose from a range of data stores, from lightweight (SQLite) to enterprise-grade options (embedded etcd, external data stores like Global RDS), catering to various scalability and durability needs.\n\n- **Runs Anywhere**:  \n  Virtual clusters can run on EKS, GKE, AKS, OpenShift, RKE, K3s, cloud, edge, and on-prem. As long as it's a K8s cluster, you can run a virtual cluster on top of it.\n\n\u003c/details\u003e\n\n\u003cdetails\u003e\n\u003csummary\u003e\u003cstrong\u003eImproved Scalability\u003c/strong\u003e\u003c/summary\u003e\n\n- **Reduced API Server Load**:  \n  Virtual clusters, each with their own dedicated API server, significantly reduce the operational load on the host cluster's Kubernetes API server by isolating and handling requests internally.\n\n- **Conflict-Free CRD Management**:  \n  Independent management of CRDs within each virtual cluster eliminates the potential for CRD conflicts and version discrepancies, ensuring smoother operations and easier scaling as the user base expands.\n\n\u003c/details\u003e\n\n\n---\n\n### 📚 Expand Your Knowledge\n#### Conference Talks\n| Event             | Speaker         | Title                                           | YouTube Link                          |\n|--------------------|----------------|-------------------------------------------------|---------------------------------------|\n| CNCF Book Club 2024| Marc Boorshtein| Kubernetes - An Enterprise Guide (vCluster) | [Watch Here](https://www.youtube.com/watch?v=8vwnDlkkuJM) |\n| KCD NYC 2024   | Lukas Gentele    | Tenant Autonomy \u0026 Isolation In Multi-Tenant Kubernetes Clusters | [Watch Here](https://www.youtube.com/watch?v=AKJVLbXsUmE\u0026t=758s)| \n| KubeCon Eu 2023   | Ilia Medvedev \u0026 Kostis Kapelonis | How We Securely Scaled Multi-Tenancy with VCluster, Crossplane, and Argo CD | [Watch Here](https://www.youtube.com/watch?v=hFiHU6W4_z0) |\n|Solo Webinar 2022 | Rich and Fabian | Speed your Istio development environment with vCluster | [Watch Here](https://www.youtube.com/watch?v=b7OkYjvLf4Y)|\n|Mirantis Tech Talks 2022| Mirantis |Multi-tenancy \u0026 Isolation using Virtual Clusters (vCluster) in K8s| [Watch Here](https://www.youtube.com/watch?v=CoqRXdJbCwY) |\n| TGI 2022 | TGI | TGI Kubernetes 188: vCluster | [Watch Here](https://www.youtube.com/watch?v=EaoxUDGpARE)|\n| KubeCon NA 2022 | Whitney Lee \u0026 Mauricio Salatino | What a RUSH! Let's Deploy Straight to Production! | [Watch Here](https://www.youtube.com/watch?v=eJG7uIU9NpM) | \n| KubeCon NA 2022   | Joseph Sandoval \u0026 Dan Garfield       | How Adobe Planned For Scale With Argo CD, Cluster API, And VCluster| [Watch Here](https://www.youtube.com/watch?v=p8BluR5WT5w)| \n| KubeCon NA 2021    | Lukas Gentele  | Beyond Namespaces: Virtual Clusters are the Future of Multi-Tenancy | [Watch Here](https://www.youtube.com/watch?v=QddWNqchD9I) |\n\n#### Community Voice\n| Youtube Channel             | Speaker         | Title                                           | YouTube Link                          |\n|--------------------|----------------|-------------------------------------------------|---------------------------------------|\n|TeKanAid 2024|TeKanAid|Getting Started with vCluster: Build Your IDP with Backstage, Crossplane, and ArgoCD | [Watch Here](https://www.youtube.com/watch?v=nIxl2PcEs-0)|\n| DevOps Toolkit 2021 | Viktor Farcic |  How To Create Virtual Kubernetes Clusters | [Watch Here](https://www.youtube.com/watch?v=JqBjpvp268Y\u0026t=82s) |\n| TechWorld with Nana 2021 | Nana | Build your Self-Service Kubernetes Platform with Virtual Clusters  | [Watch Here](https://www.youtube.com/watch?v=tt7hope6zU0)\n| Kubesimplify 2021 | Saiyam Pathak and Lukas Gentele | Let's Learn vCluster| [Watch Here](https://www.youtube.com/watch?v=I4mztvnRCjs\u0026t=1s) |\n| Rawkode 2021 | David and Lukas | Hands on Introduction to vCluster | [Watch Here](https://www.youtube.com/watch?v=IMdMvn2_LeI) | \n\nExplore more vCluster tips on our [Youtube Channel](https://www.youtube.com/@vcluster) and [Blogs](https://loft.sh/blog).\n\n---\n\n### 💻 Contribute to vCluster\nWe love contributions! Check out our [Contributing Guide](https://github.com/loft-sh/vcluster/blob/main/CONTRIBUTING.md).\n\nFor quick local development, use [![Open in DevPod!](https://devpod.sh/assets/open-in-devpod.svg)](https://devpod.sh/open#https://github.com/loft-sh/vcluster)\n\n---\n\n### 🔗 Useful Links\n- [Documentation](https://www.vcluster.com/docs/what-are-virtual-clusters)\n- [Slack Community](https://slack.loft.sh/)\n- [vCluster Website](https://www.vcluster.com)\n\n---\n### Adopters\n\nWe're glad to see vCluster being adopted by organizations around the world! Below are just a few examples of how vCluster is being used in production environments:\n- **[Atlan](https://www.vcluster.com/case-studies/atlan)**: Atlan Reduced Their Infrastructure From 100 Kubernetes Clusters To 1 Using vCluster.\n- **[Adobe](https://www.youtube.com/watch?v=p8BluR5WT5w)**: Enhancing development environments with virtual clusters.\n- **[Aussie Broadband](https://www.vcluster.com/case-studies/aussie-broadband)**:  Aussie Broadband Achieved 99% Faster Cluster Provisioning with vCluster.\n- **[Codefresh](https://www.loft.sh/blog/how-codefresh-uses-vcluster-to-provide-hosted-argo-cd)**: Codefresh uses vCluster to provide hosted ArgoCD.\n- **[Coreweave](https://www.coreweave.com/blog/coreweave-and-loft-labs-leverage-vcluster-in-kubernetes-at-scale)**: CoreWeave and Loft Labs Leverage vCluster to Run Virtual Clusters in Kubernetes at Scale.\n- **[Scanmetrics](https://www.vcluster.com/case-studies/scanmetrix)**: Scanmetrix Achieved 99% Faster Customer Deployments with vCluster\n- **[Trade Connectors](https://www.vcluster.com/case-studies/trade-connectors)**: Trade Connectors Optimized Kubernetes Cost with Multi-Tenancy from vCluster.\n- **ABBYY**\n- **Aera**\n- **Lintasarta**\n- **Precisely**\n- **Shipwire**\n\nAre you using vCluster? We'd love to hear your story! Please [open a pull request](https://github.com/loft-sh/vcluster/pulls) to add your name here, or [contact us](mailto:contact@loft.sh).\n\n---\n\n### 📜 License\nvCluster is licensed under the [Apache 2.0 License](http://www.apache.org/licenses/LICENSE-2.0).\n\n### Copyright\n\n© 2025 [Loft Labs](https://loft.sh). All rights reserved.\nThis project and its maintainers are committed to fostering a welcoming, inclusive, and respectful community.\n\n","funding_links":[],"categories":["Go","kubernetes","Kubernetes distributions"],"sub_categories":[],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Floft-sh%2Fvcluster","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Floft-sh%2Fvcluster","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Floft-sh%2Fvcluster/lists"}