{"id":36591301,"url":"https://github.com/mauricioaniche/codesheriff","last_synced_at":"2026-01-14T03:31:03.216Z","repository":{"id":57721394,"uuid":"340755056","full_name":"mauricioaniche/codesheriff","owner":"mauricioaniche","description":"A library that lets you specify your quality rules via JUnit tests","archived":false,"fork":false,"pushed_at":"2021-08-23T07:52:50.000Z","size":94,"stargazers_count":66,"open_issues_count":2,"forks_count":6,"subscribers_count":4,"default_branch":"main","last_synced_at":"2026-01-12T16:27:35.596Z","etag":null,"topics":["code-metrics","code-quality","junit-plugin"],"latest_commit_sha":null,"homepage":"","language":"Java","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/mauricioaniche.png","metadata":{"files":{"readme":"README.md","changelog":"CHANGELOG.md","contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null}},"created_at":"2021-02-20T21:15:48.000Z","updated_at":"2025-10-10T08:17:32.000Z","dependencies_parsed_at":"2022-09-26T21:41:31.768Z","dependency_job_id":null,"html_url":"https://github.com/mauricioaniche/codesheriff","commit_stats":null,"previous_names":[],"tags_count":3,"template":false,"template_full_name":null,"purl":"pkg:github/mauricioaniche/codesheriff","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/mauricioaniche%2Fcodesheriff","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/mauricioaniche%2Fcodesheriff/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/mauricioaniche%2Fcodesheriff/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/mauricioaniche%2Fcodesheriff/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/mauricioaniche","download_url":"https://codeload.github.com/mauricioaniche/codesheriff/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/mauricioaniche%2Fcodesheriff/sbom","scorecard":{"id":628489,"data":{"date":"2025-08-11","repo":{"name":"github.com/mauricioaniche/codesheriff","commit":"49be4843bedc35318bbd3e78b7a9c3337973466d"},"scorecard":{"version":"v5.2.1-40-gf6ed084d","commit":"f6ed084d17c9236477efd66e5b258b9d4cc7b389"},"score":1.9,"checks":[{"name":"Packaging","score":-1,"reason":"packaging workflow not detected","details":["Warn: no GitHub/GitLab publishing workflow detected."],"documentation":{"short":"Determines if the project is published as a package that others can easily download, install, easily update, and uninstall.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#packaging"}},{"name":"Dangerous-Workflow","score":-1,"reason":"no workflows found","details":null,"documentation":{"short":"Determines if the project's GitHub Action workflows avoid dangerous patterns.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#dangerous-workflow"}},{"name":"Token-Permissions","score":-1,"reason":"No tokens found","details":null,"documentation":{"short":"Determines if the project's workflows follow the principle of least privilege.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#token-permissions"}},{"name":"Code-Review","score":0,"reason":"Found 0/30 approved changesets -- score normalized to 0","details":null,"documentation":{"short":"Determines if the project requires human code review before pull requests (aka merge requests) are merged.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#code-review"}},{"name":"Maintained","score":0,"reason":"0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0","details":null,"documentation":{"short":"Determines if the project is \"actively maintained\".","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#maintained"}},{"name":"Pinned-Dependencies","score":-1,"reason":"no dependencies found","details":null,"documentation":{"short":"Determines if the project has declared and pinned the dependencies of its build process.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#pinned-dependencies"}},{"name":"Binary-Artifacts","score":10,"reason":"no binaries found in the repo","details":null,"documentation":{"short":"Determines if the project has generated executable (binary) artifacts in the source repository.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#binary-artifacts"}},{"name":"SAST","score":0,"reason":"no SAST tool detected","details":["Warn: no pull requests merged into dev branch"],"documentation":{"short":"Determines if the project uses static code analysis.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#sast"}},{"name":"CII-Best-Practices","score":0,"reason":"no effort to earn an OpenSSF best practices badge detected","details":null,"documentation":{"short":"Determines if the project has an OpenSSF (formerly CII) Best Practices Badge.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#cii-best-practices"}},{"name":"Security-Policy","score":0,"reason":"security policy file not detected","details":["Warn: no security policy file detected","Warn: no security file to analyze","Warn: no security file to analyze","Warn: no security file to analyze"],"documentation":{"short":"Determines if the project has published a security policy.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#security-policy"}},{"name":"Fuzzing","score":0,"reason":"project is not fuzzed","details":["Warn: no fuzzer integrations found"],"documentation":{"short":"Determines if the project uses fuzzing.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#fuzzing"}},{"name":"License","score":10,"reason":"license file detected","details":["Info: project has a license file: LICENSE:0","Info: FSF or OSI recognized license: MIT License: LICENSE:0"],"documentation":{"short":"Determines if the project has defined a license.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#license"}},{"name":"Signed-Releases","score":-1,"reason":"no releases found","details":null,"documentation":{"short":"Determines if the project cryptographically signs release artifacts.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#signed-releases"}},{"name":"Branch-Protection","score":0,"reason":"branch protection not enabled on development/release branches","details":["Warn: branch protection not enabled for branch 'main'"],"documentation":{"short":"Determines if the default and release branches are protected with GitHub's branch protection settings.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#branch-protection"}},{"name":"Vulnerabilities","score":1,"reason":"9 existing vulnerabilities detected","details":["Warn: Project is vulnerable to: GHSA-5mg8-w23w-74h3","Warn: Project is vulnerable to: GHSA-7g45-4rm6-3mm3","Warn: Project is vulnerable to: GHSA-78wr-2p64-hpwj","Warn: Project is vulnerable to: GHSA-2qrg-x229-3v8q","Warn: Project is vulnerable to: GHSA-65fg-84f6-3jq3","Warn: Project is vulnerable to: GHSA-f7vh-qwp3-x37m","Warn: Project is vulnerable to: GHSA-fp5r-v3w9-4333","Warn: Project is vulnerable to: GHSA-w9p3-5cr8-m3jj","Warn: Project is vulnerable to: GHSA-j288-q9x7-2f5v"],"documentation":{"short":"Determines if the project has open, known unfixed vulnerabilities.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#vulnerabilities"}}]},"last_synced_at":"2025-08-21T07:11:35.987Z","repository_id":57721394,"created_at":"2025-08-21T07:11:35.987Z","updated_at":"2025-08-21T07:11:35.987Z"},"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":28408843,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-01-14T01:52:23.358Z","status":"online","status_checked_at":"2026-01-14T02:00:06.678Z","response_time":107,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["code-metrics","code-quality","junit-plugin"],"created_at":"2026-01-12T08:15:55.959Z","updated_at":"2026-01-14T03:31:03.207Z","avatar_url":"https://github.com/mauricioaniche.png","language":"Java","readme":"# CodeSheriff\n\n[![Build Status](https://travis-ci.org/mauricioaniche/codesheriff.svg?branch=main)](https://travis-ci.org/mauricioaniche/codesheriff)\n\nCodeSheriff is a simple library that helps you in writing JUnit tests \nthat check the quality of your code.\nFor example, CodeSheriff may fail because you have methods in your code that \nhave more than X lines of code, or that have complexity greater than Y.\n\nCodeSheriff is highly flexible and lets you define the quality rules through\na very simple DSL. No more complicated configurations in complicated code\nquality tools. Just write a test!\n\nThis framework was highly inspired by [ArchUnit](https://github.com/TNG/ArchUnit). If you want to write unit tests \nto check architectural conformance, check that framework! \n\n*Note that this is still just a prototype and is not yet battle tested. Help me out here!*\n\n## The CodeSheriff API\n\nThe best way to understand CodeSheriff is by means of examples. See the \ntest class below:\n\n```java\nimport com.github.mauricioaniche.codesheriff.dsl.CodeSheriff;\nimport com.github.mauricioaniche.codesheriff.junit.CodeSheriffJUnit5;\n\npublic class SheriffRunnerJUnitTest extends CodeSheriffJUnit5 {\n\n    // it can be a method that returns 'CodeSheriff' ...\n    CodeSheriff complexity() {\n        CodeSheriff sheriff = new CodeSheriff();\n\n        sheriff.thatEnsures()\n                .methods()\n                .inClassesOfPackage(\"a.b.c\")\n                .withExceptionOfClass(\"Abc\")\n                .have()\n                .complexity(m -\u003e m \u003c 10);\n\n        return sheriff;\n    }\n\n    // ... or a field!\n    CodeSheriff loc = new CodeSheriff()\n            .thatEnsures()\n            .methods()\n            .inClassesOfPackage(\"fixture.f3\")\n            .withExceptionOfMethod(\"abc\")\n            .have()\n            .linesOfCode(m -\u003e m \u003c 100);\n\n}\n```\nFor CodeSheriff to work, all you need to do it:\n\n- Create a class that extends from the provided `CodeSheriffJUnit` class.\n- Write as many _CodeSheriff_s as you want. A CodeSheriff is basically a rule\nthat the library will check later.\n- See the `complexity` rule. It ensures that all methods within the `a.b.c` package\nhave complexity of less than 10. Complexity here is basically cyclomatic complexity (i.e.,\nthe number of ifs, fors, while, etc, in your code)\n- See the `loc` rule. It ensures that all classes in the `a.b.c` package have\nless than 100 lines of code.\n\nThis class is a JUnit 5 test class. Just run it. If no rules are broken in your\ncode, then, the test passes. If a rule is broken, CodeSheriff will list you all\nthe classes and methods that break a rule.\n\n## How to import it in my project?\n\nSimply add it to your Maven or Gradle file:\n\n```xml\n\u003cdependency\u003e\n    \u003cgroupId\u003ecom.github.mauricioaniche\u003c/groupId\u003e\n    \u003cartifactId\u003ecodesheriff\u003c/artifactId\u003e\n    \u003cversion\u003e0.2.0\u003c/version\u003e\n    \u003cscope\u003etest\u003c/scope\u003e\n\u003c/dependency\u003e\n```\n\n## How does it work?\n\nCodeSheriff builds the AST of your entire source code and collect code metrics.\nThis is done by my other library, [CK](https://github.com/mauricioaniche/ck). \n\nThis means that checking the rules may take a while depending on the size of\nyour project.\n\n## Available rules\n\nJust use the DSL to explore all the options.\n\n## License\n\nThis code is licensed under the MIT license.\n","funding_links":[],"categories":[],"sub_categories":[],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fmauricioaniche%2Fcodesheriff","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fmauricioaniche%2Fcodesheriff","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fmauricioaniche%2Fcodesheriff/lists"}