{"id":13483520,"url":"https://github.com/mdn/kuma","last_synced_at":"2025-12-17T13:42:28.237Z","repository":{"id":790463,"uuid":"1352520","full_name":"mdn/kuma","owner":"mdn","description":"The project that powers MDN.","archived":true,"fork":false,"pushed_at":"2022-08-26T11:03:14.000Z","size":217266,"stargazers_count":1919,"open_issues_count":0,"forks_count":674,"subscribers_count":129,"default_branch":"main","last_synced_at":"2025-09-11T13:14:52.661Z","etag":null,"topics":["css","html","javascript","mdn","nodejs","python","reactjs","sass"],"latest_commit_sha":null,"homepage":"https://developer.mozilla.org","language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mpl-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/mdn.png","metadata":{"files":{"readme":"README.rst","changelog":null,"contributing":"CONTRIBUTING.md","funding":null,"license":"LICENSE","code_of_conduct":"CODE_OF_CONDUCT.md","threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":"SECURITY.md","support":null}},"created_at":"2011-02-10T21:48:06.000Z","updated_at":"2025-09-09T20:28:55.000Z","dependencies_parsed_at":"2022-07-29T21:09:29.790Z","dependency_job_id":null,"html_url":"https://github.com/mdn/kuma","commit_stats":null,"previous_names":["mozilla/kuma"],"tags_count":27,"template":false,"template_full_name":null,"purl":"pkg:github/mdn/kuma","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/mdn%2Fkuma","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/mdn%2Fkuma/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/mdn%2Fkuma/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/mdn%2Fkuma/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/mdn","download_url":"https://codeload.github.com/mdn/kuma/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/mdn%2Fkuma/sbom","scorecard":{"id":633257,"data":{"date":"2025-08-11","repo":{"name":"github.com/mdn/kuma","commit":"ae0860087cfb7ce19c9296f5dfbae10260dca759"},"scorecard":{"version":"v5.2.1-40-gf6ed084d","commit":"f6ed084d17c9236477efd66e5b258b9d4cc7b389"},"score":4,"checks":[{"name":"Maintained","score":0,"reason":"project is archived","details":["Warn: Repository is archived."],"documentation":{"short":"Determines if the project is \"actively maintained\".","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#maintained"}},{"name":"Packaging","score":-1,"reason":"packaging workflow not detected","details":["Warn: no GitHub/GitLab publishing workflow detected."],"documentation":{"short":"Determines if the project is published as a package that others can easily download, install, easily update, and uninstall.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#packaging"}},{"name":"Dangerous-Workflow","score":10,"reason":"no dangerous workflow patterns detected","details":null,"documentation":{"short":"Determines if the project's GitHub Action workflows avoid dangerous patterns.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#dangerous-workflow"}},{"name":"Security-Policy","score":10,"reason":"security policy file detected","details":["Info: security policy file detected: SECURITY.md:1","Info: Found linked content: SECURITY.md:1","Info: Found disclosure, vulnerability, and/or timelines in security policy: SECURITY.md:1","Info: Found text in security policy: SECURITY.md:1"],"documentation":{"short":"Determines if the project has published a security policy.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#security-policy"}},{"name":"Code-Review","score":5,"reason":"Found 12/23 approved changesets -- score normalized to 5","details":null,"documentation":{"short":"Determines if the project requires human code review before pull requests (aka merge requests) are merged.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#code-review"}},{"name":"Binary-Artifacts","score":10,"reason":"no binaries found in the repo","details":null,"documentation":{"short":"Determines if the project has generated executable (binary) artifacts in the source repository.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#binary-artifacts"}},{"name":"Token-Permissions","score":0,"reason":"detected GitHub workflow tokens with excessive permissions","details":["Warn: no topLevel permission defined: .github/workflows/docker.yml:1","Warn: no topLevel permission defined: .github/workflows/documentation-build.yml:1","Warn: no topLevel permission defined: .github/workflows/python-lints.yml:1","Info: no jobLevel write permissions found"],"documentation":{"short":"Determines if the project's workflows follow the principle of least privilege.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#token-permissions"}},{"name":"CII-Best-Practices","score":0,"reason":"no effort to earn an OpenSSF best practices badge detected","details":null,"documentation":{"short":"Determines if the project has an OpenSSF (formerly CII) Best Practices Badge.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#cii-best-practices"}},{"name":"Fuzzing","score":0,"reason":"project is not fuzzed","details":["Warn: no fuzzer integrations found"],"documentation":{"short":"Determines if the project uses fuzzing.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#fuzzing"}},{"name":"License","score":10,"reason":"license file detected","details":["Info: project has a license file: LICENSE:0","Info: FSF or OSI recognized license: Mozilla Public License 2.0: LICENSE:0"],"documentation":{"short":"Determines if the project has defined a license.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#license"}},{"name":"Signed-Releases","score":-1,"reason":"no releases found","details":null,"documentation":{"short":"Determines if the project cryptographically signs release artifacts.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#signed-releases"}},{"name":"Branch-Protection","score":-1,"reason":"internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration","details":null,"documentation":{"short":"Determines if the default and release branches are protected with GitHub's branch protection settings.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#branch-protection"}},{"name":"Pinned-Dependencies","score":0,"reason":"dependency not pinned by hash detected -- score normalized to 0","details":["Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/docker.yml:18: update your workflow using https://app.stepsecurity.io/secureworkflow/mdn/kuma/docker.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/documentation-build.yml:14: update your workflow using https://app.stepsecurity.io/secureworkflow/mdn/kuma/documentation-build.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/documentation-build.yml:16: update your workflow using https://app.stepsecurity.io/secureworkflow/mdn/kuma/documentation-build.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/python-lints.yml:16: update your workflow using https://app.stepsecurity.io/secureworkflow/mdn/kuma/python-lints.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/python-lints.yml:18: update your workflow using https://app.stepsecurity.io/secureworkflow/mdn/kuma/python-lints.yml/main?enable=pin","Warn: containerImage not pinned by hash: docker/images/kuma/Dockerfile:1: pin your Docker image by updating mdnwebdocs/kuma_base:latest to mdnwebdocs/kuma_base:latest@sha256:acf158c15746f8a020649243b072ba3c258f49a8f90ff6608f99557d0662b88e","Warn: pipCommand not pinned by hash: docker/images/kuma_base/Dockerfile:31-33","Warn: downloadThenRun not pinned by hash: scripts/ci-codecovsubmit:8","Warn: downloadThenRun not pinned by hash: .github/workflows/docker.yml:41","Warn: pipCommand not pinned by hash: .github/workflows/documentation-build.yml:22","Warn: pipCommand not pinned by hash: .github/workflows/documentation-build.yml:23","Warn: pipCommand not pinned by hash: .github/workflows/python-lints.yml:24","Warn: pipCommand not pinned by hash: .github/workflows/python-lints.yml:25","Info:   0 out of   5 GitHub-owned GitHubAction dependencies pinned","Info:   1 out of   2 containerImage dependencies pinned","Info:   0 out of   5 pipCommand dependencies pinned","Info:   0 out of   2 downloadThenRun dependencies pinned"],"documentation":{"short":"Determines if the project has declared and pinned the dependencies of its build process.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#pinned-dependencies"}},{"name":"SAST","score":0,"reason":"SAST tool is not run on all commits -- score normalized to 0","details":["Warn: 0 commits out of 22 are checked with a SAST tool"],"documentation":{"short":"Determines if the project uses static code analysis.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#sast"}},{"name":"Vulnerabilities","score":0,"reason":"60 existing vulnerabilities detected","details":["Warn: Project is vulnerable to: GHSA-cpwx-vrp4-4pq7","Warn: Project is vulnerable to: GHSA-gmj6-6f8f-6699","Warn: Project is vulnerable to: GHSA-h5c8-rqwp-cp95","Warn: Project is vulnerable to: GHSA-h75v-3vvj-5mfj","Warn: Project is vulnerable to: GHSA-q2x7-8rv6-6q7h","Warn: Project is vulnerable to: PYSEC-2023-117 / GHSA-mrwq-x4v8-fh7p","Warn: Project is vulnerable to: PYSEC-2024-48 / GHSA-fj7x-q9j7-g6q6","Warn: Project is vulnerable to: PYSEC-2021-858 / GHSA-q4xr-rc97-m4xx","Warn: Project is vulnerable to: PYSEC-2024-230 / GHSA-248v-346w-9cwc","Warn: Project is vulnerable to: PYSEC-2022-42986 / GHSA-43fp-rhv2-5gv8","Warn: Project is vulnerable to: PYSEC-2023-135 / GHSA-xqr8-7jwr-rhp7","Warn: Project is vulnerable to: GHSA-3ww4-gg4f-jr7f","Warn: Project is vulnerable to: GHSA-5cpq-8wj7-hf2v","Warn: Project is vulnerable to: GHSA-9v9h-cgj8-h64p","Warn: Project is vulnerable to: PYSEC-2023-254 / GHSA-jfhm-5ghh-2f97","Warn: Project is vulnerable to: GHSA-jm77-qphf-c4w8","Warn: Project is vulnerable to: GHSA-v8gr-m533-ghj9","Warn: Project is vulnerable to: GHSA-w7pp-m8wf-vj6r","Warn: Project is vulnerable to: GHSA-x4qr-2fvf-3mr5","Warn: Project is vulnerable to: PYSEC-2022-190 / GHSA-2gwj-7jmv-h26r","Warn: Project is vulnerable to: PYSEC-2023-13 / GHSA-2hrw-hx67-34x6","Warn: Project is vulnerable to: PYSEC-2023-225 / GHSA-7h4p-27mh-hmrw","Warn: Project is vulnerable to: GHSA-7xr5-9hcq-chf9","Warn: Project is vulnerable to: PYSEC-2022-245 / GHSA-8x94-hmjh-97hq","Warn: Project is vulnerable to: PYSEC-2023-226 / GHSA-h8gc-pgj2-vjm3","Warn: Project is vulnerable to: PYSEC-2023-100 / GHSA-jh3w-4vvf-mjgr","Warn: Project is vulnerable to: PYSEC-2022-213 / GHSA-p64x-8rxx-wf6q","Warn: Project is vulnerable to: PYSEC-2023-12 / GHSA-q2jf-h9jm-m7p4","Warn: Project is vulnerable to: PYSEC-2023-222 / GHSA-qmf9-6jqf-j8fq","Warn: Project is vulnerable to: PYSEC-2022-304 / GHSA-qrw5-5h28-6cmg","Warn: Project is vulnerable to: PYSEC-2023-61 / GHSA-r3xc-prgr-mg9p","Warn: Project is vulnerable to: GHSA-rrqc-c2jx-6jgv","Warn: Project is vulnerable to: PYSEC-2024-47 / GHSA-vm8q-m57g-pff3","Warn: Project is vulnerable to: PYSEC-2022-191 / GHSA-w24h-v9qh-8gxj","Warn: Project is vulnerable to: PYSEC-2024-28 / GHSA-xxj9-f6rv-m3x4","Warn: Project is vulnerable to: PYSEC-2023-177 / GHSA-x7m3-jprg-wc5g","Warn: Project is vulnerable to: GHSA-hc5x-x2vx-497g","Warn: Project is vulnerable to: GHSA-w3h3-4rj7-4ph4","Warn: Project is vulnerable to: PYSEC-2024-60 / GHSA-jjg7-2v4v-x38h","Warn: Project is vulnerable to: GHSA-29gw-9793-fvw7","Warn: Project is vulnerable to: PYSEC-2022-42969","Warn: Project is vulnerable to: GHSA-mr82-8j83-vxmv","Warn: Project is vulnerable to: GHSA-9hjg-9r4m-mvj7","Warn: Project is vulnerable to: GHSA-9wx4-h78v-vm56","Warn: Project is vulnerable to: PYSEC-2023-74 / GHSA-j8r2-6x86-q33q","Warn: Project is vulnerable to: GHSA-29pr-6jr8-q5jm","Warn: Project is vulnerable to: GHSA-g92j-qhmh-64v2","Warn: Project is vulnerable to: GHSA-2m57-hf25-phgg","Warn: Project is vulnerable to: PYSEC-2023-87 / GHSA-rrm6-wvj7-cwh2","Warn: Project is vulnerable to: GHSA-34jh-p97f-mpxf","Warn: Project is vulnerable to: PYSEC-2023-212 / GHSA-g4mx-q9vg-27p4","Warn: Project is vulnerable to: GHSA-pq67-6m6q-mj2v","Warn: Project is vulnerable to: PYSEC-2023-192 / GHSA-v845-jxx5-vc9f","Warn: Project is vulnerable to: GHSA-2g68-c3qc-8985","Warn: Project is vulnerable to: GHSA-f9vj-2wh5-fj8j","Warn: Project is vulnerable to: PYSEC-2023-221 / GHSA-hrfv-mqp8-q5rw","Warn: Project is vulnerable to: PYSEC-2023-57 / GHSA-px8h-6qxv-m22q","Warn: Project is vulnerable to: GHSA-q34m-jh98-gwm2","Warn: Project is vulnerable to: PYSEC-2023-58 / GHSA-xg9f-g7g7-2323","Warn: Project is vulnerable to: PYSEC-2022-203"],"documentation":{"short":"Determines if the project has open, known unfixed vulnerabilities.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#vulnerabilities"}}]},"last_synced_at":"2025-08-21T08:27:01.073Z","repository_id":790463,"created_at":"2025-08-21T08:27:01.073Z","updated_at":"2025-08-21T08:27:01.073Z"},"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":275691245,"owners_count":25510511,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","status":"online","status_checked_at":"2025-09-17T02:00:09.119Z","response_time":84,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["css","html","javascript","mdn","nodejs","python","reactjs","sass"],"created_at":"2024-07-31T17:01:12.299Z","updated_at":"2025-09-27T07:31:52.500Z","avatar_url":"https://github.com/mdn.png","language":"Python","readme":"=================\nKuma (deprecated)\n=================\n\n**Note**: In July 2022, Kuma was superseded by `Rumba`_.\n\n.. _Rumba: https://github.com/mdn/rumba\n\n.. image:: https://github.com/mdn/kuma/workflows/Docker%20testing/badge.svg\n   :target: https://github.com/mdn/kuma/actions?query=workflow%3A%22Docker+testing%22\n   :alt: Docker testing\n\n.. image:: https://github.com/mdn/kuma/workflows/Python%20Lints/badge.svg\n   :target: https://github.com/mdn/kuma/actions?query=workflow%3A%22Python+Lints%22\n   :alt: Python Lints\n\n.. image:: https://github.com/mdn/kuma/workflows/JavaScript%20and%20SASS%20Lints/badge.svg\n   :target: https://github.com/mdn/kuma/actions?query=workflow%3A%22JavaScript+Lints%22\n   :alt: JavaScript Lints\n\n.. image:: https://github.com/mdn/kuma/workflows/Documentation%20Build/badge.svg\n   :target: https://github.com/mdn/kuma/actions?query=workflow%3A%22Documentation+Build%22\n   :alt: Documentation Build\n\n.. image:: https://codecov.io/github/mdn/kuma/coverage.svg?branch=main\n   :target: https://codecov.io/github/mdn/kuma?branch=main\n   :alt: Code Coverage Status\n\n.. image:: http://img.shields.io/badge/license-MPL2-blue.svg\n   :target: https://raw.githubusercontent.com/mdn/kuma/main/LICENSE\n   :alt: License\n\n.. image:: https://img.shields.io/badge/whatsdeployed-stage,prod-green.svg\n   :target: https://whatsdeployed.io/s/HC0/mdn/kuma\n   :alt: What's deployed on stage,prod?\n\n.. Omit badges from docs\n\nKuma is the platform that powers `MDN (developer.mozilla.org)\n\u003chttps://developer.mozilla.org\u003e`_\n\nDevelopment\n===========\n\n:Code:          https://github.com/mdn/kuma\n:Issues:        `P1 Bugs`_ (to be fixed ASAP)\n\n                `P2 Bugs`_ (to be fixed in 180 days)\n\n:Dev Docs:      https://kuma.readthedocs.io/en/latest/installation.html\n:Forum:         https://discourse.mozilla.org/c/mdn\n:Matrix:        `#mdn room`_\n:Servers:       `What's Deployed on MDN?`_\n\n                https://developer.allizom.org/ (stage)\n\n                https://developer.mozilla.org/ (prod)\n\n.. _`P1 Bugs`: https://github.com/mdn/kuma/issues?q=is%3Aopen+is%3Aissue+label%3Ap1\n.. _`P2 Bugs`: https://github.com/mdn/kuma/issues?q=is%3Aopen+is%3Aissue+label%3Ap2\n.. _`What's Deployed on MDN?`: https://whatsdeployed.io/s/HC0/mdn/kuma\n.. _`#mdn room`: https://chat.mozilla.org/#/room/#mdn:mozilla.org\n\n\nGetting started\n===============\n\nWant to help make MDN great? Our `contribution guide\n\u003chttps://github.com/mdn/kuma/blob/main/CONTRIBUTING.md\u003e`_ lists some good\nfirst projects and offers direction on submitting code.\n","funding_links":[],"categories":["Python","\u003ca id=\"tag-dev\" href=\"#tag-dev\"\u003eDev\u003c/a\u003e","Projects","css"],"sub_categories":["\u003ca id=\"tag-dev.docs\" href=\"#tag-dev.docs\"\u003eDocs\u003c/a\u003e"],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fmdn%2Fkuma","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fmdn%2Fkuma","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fmdn%2Fkuma/lists"}