{"id":33167562,"url":"https://github.com/mendersoftware/deployments","last_synced_at":"2026-02-03T18:36:37.400Z","repository":{"id":11524730,"uuid":"46868944","full_name":"mendersoftware/deployments","owner":"mendersoftware","description":"Microservice for managing software deployments for IIoT devices within Mender ecosystem.","archived":false,"fork":false,"pushed_at":"2025-11-20T00:56:16.000Z","size":24396,"stargazers_count":22,"open_issues_count":2,"forks_count":48,"subscribers_count":13,"default_branch":"master","last_synced_at":"2025-11-20T18:03:53.928Z","etag":null,"topics":["iot","mender","ota","updater"],"latest_commit_sha":null,"homepage":"mender.io","language":"Go","has_issues":false,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"other","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/mendersoftware.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2015-11-25T15:09:38.000Z","updated_at":"2024-09-13T11:50:44.000Z","dependencies_parsed_at":"2023-12-06T11:07:45.153Z","dependency_job_id":"14790d21-f7d7-484e-80a0-12cb050a5953","html_url":"https://github.com/mendersoftware/deployments","commit_stats":null,"previous_names":[],"tags_count":76,"template":false,"template_full_name":null,"purl":"pkg:github/mendersoftware/deployments","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/mendersoftware%2Fdeployments","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/mendersoftware%2Fdeployments/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/mendersoftware%2Fdeployments/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/mendersoftware%2Fdeployments/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/mendersoftware","download_url":"https://codeload.github.com/mendersoftware/deployments/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/mendersoftware%2Fdeployments/sbom","scorecard":{"id":636310,"data":{"date":"2025-08-11","repo":{"name":"github.com/mendersoftware/deployments","commit":"167e338b9004cf824b5c982092ee279cf6c616e3"},"scorecard":{"version":"v5.2.1-40-gf6ed084d","commit":"f6ed084d17c9236477efd66e5b258b9d4cc7b389"},"score":2.8,"checks":[{"name":"Token-Permissions","score":-1,"reason":"No tokens found","details":null,"documentation":{"short":"Determines if the project's workflows follow the principle of least privilege.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#token-permissions"}},{"name":"Code-Review","score":10,"reason":"all changesets reviewed","details":null,"documentation":{"short":"Determines if the project requires human code review before pull requests (aka merge requests) are merged.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#code-review"}},{"name":"Dangerous-Workflow","score":-1,"reason":"no workflows found","details":null,"documentation":{"short":"Determines if the project's GitHub Action workflows avoid dangerous patterns.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#dangerous-workflow"}},{"name":"Packaging","score":-1,"reason":"packaging workflow not detected","details":["Warn: no GitHub/GitLab publishing workflow detected."],"documentation":{"short":"Determines if the project is published as a package that others can easily download, install, easily update, and uninstall.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#packaging"}},{"name":"Maintained","score":0,"reason":"0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0","details":null,"documentation":{"short":"Determines if the project is \"actively maintained\".","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#maintained"}},{"name":"Binary-Artifacts","score":10,"reason":"no binaries found in the repo","details":null,"documentation":{"short":"Determines if the project has generated executable (binary) artifacts in the source repository.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#binary-artifacts"}},{"name":"CII-Best-Practices","score":0,"reason":"no effort to earn an OpenSSF best practices badge detected","details":null,"documentation":{"short":"Determines if the project has an OpenSSF (formerly CII) Best Practices Badge.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#cii-best-practices"}},{"name":"Pinned-Dependencies","score":0,"reason":"dependency not pinned by hash detected -- score normalized to 0","details":["Warn: containerImage not pinned by hash: Dockerfile:1","Warn: containerImage not pinned by hash: Dockerfile.acceptance-testing:1","Warn: pipCommand not pinned by hash: tests/mock-workflows/docker-entrypoint.sh:17","Info:   0 out of   2 containerImage dependencies pinned","Info:   0 out of   1 pipCommand dependencies pinned"],"documentation":{"short":"Determines if the project has declared and pinned the dependencies of its build process.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#pinned-dependencies"}},{"name":"Security-Policy","score":0,"reason":"security policy file not detected","details":["Warn: no security policy file detected","Warn: no security file to analyze","Warn: no security file to analyze","Warn: no security file to analyze"],"documentation":{"short":"Determines if the project has published a security policy.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#security-policy"}},{"name":"Fuzzing","score":0,"reason":"project is not fuzzed","details":["Warn: no fuzzer integrations found"],"documentation":{"short":"Determines if the project uses fuzzing.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#fuzzing"}},{"name":"License","score":9,"reason":"license file detected","details":["Info: project has a license file: LICENSE:0","Warn: project license file does not contain an FSF or OSI license."],"documentation":{"short":"Determines if the project has defined a license.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#license"}},{"name":"Signed-Releases","score":0,"reason":"Project has not signed or included provenance with any releases.","details":["Warn: release artifact 0.0.2 not signed: https://api.github.com/repos/mendersoftware/deployments/releases/2234541","Warn: release artifact 0.0.1 not signed: https://api.github.com/repos/mendersoftware/deployments/releases/2214054","Warn: release artifact 0.0.2 does not have provenance: https://api.github.com/repos/mendersoftware/deployments/releases/2234541","Warn: release artifact 0.0.1 does not have provenance: https://api.github.com/repos/mendersoftware/deployments/releases/2214054"],"documentation":{"short":"Determines if the project cryptographically signs release artifacts.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#signed-releases"}},{"name":"Branch-Protection","score":-1,"reason":"internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration","details":null,"documentation":{"short":"Determines if the default and release branches are protected with GitHub's branch protection settings.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#branch-protection"}},{"name":"SAST","score":0,"reason":"SAST tool is not run on all commits -- score normalized to 0","details":["Warn: 0 commits out of 30 are checked with a SAST tool"],"documentation":{"short":"Determines if the project uses static code analysis.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#sast"}},{"name":"Vulnerabilities","score":0,"reason":"10 existing vulnerabilities detected","details":["Warn: Project is vulnerable to: GO-2024-3321 / GHSA-v778-237x-gjrc","Warn: Project is vulnerable to: GO-2025-3487 / GHSA-hcg3-q754-cr77","Warn: Project is vulnerable to: GO-2024-3333","Warn: Project is vulnerable to: GO-2025-3503 / GHSA-qxp5-gwg8-xv66","Warn: Project is vulnerable to: GO-2025-3595 / GHSA-vvgc-356p-c3xw","Warn: Project is vulnerable to: GHSA-cpwx-vrp4-4pq7","Warn: Project is vulnerable to: GHSA-gmj6-6f8f-6699","Warn: Project is vulnerable to: GHSA-q2x7-8rv6-6q7h","Warn: Project is vulnerable to: GHSA-f9vj-2wh5-fj8j","Warn: Project is vulnerable to: GHSA-q34m-jh98-gwm2"],"documentation":{"short":"Determines if the project has open, known unfixed vulnerabilities.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#vulnerabilities"}}]},"last_synced_at":"2025-08-21T09:16:01.094Z","repository_id":11524730,"created_at":"2025-08-21T09:16:01.094Z","updated_at":"2025-08-21T09:16:01.094Z"},"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":29052639,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-02-03T15:43:47.601Z","status":"ssl_error","status_checked_at":"2026-02-03T15:43:46.709Z","response_time":96,"last_error":"SSL_read: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["iot","mender","ota","updater"],"created_at":"2025-11-16T00:00:45.513Z","updated_at":"2026-02-03T18:36:37.395Z","avatar_url":"https://github.com/mendersoftware.png","language":"Go","readme":"# MOVED\n\nThis repository has been moved to the mender-server monorepo: https://github.com/mendersoftware/mender-server\n\n# Deployments\n[![Build Status](https://gitlab.com/Northern.tech/Mender/deployments/badges/master/pipeline.svg)](https://gitlab.com/Northern.tech/Mender/deployments/pipelines)\n[![Coverage Status](https://coveralls.io/repos/github/mendersoftware/deployments/badge.svg?branch=master)](https://coveralls.io/github/mendersoftware/deployments?branch=master)\n[![Go Report Card](https://goreportcard.com/badge/github.com/mendersoftware/deployments)](https://goreportcard.com/report/github.com/mendersoftware/deployments)\n[![Docker pulls](https://img.shields.io/docker/pulls/mendersoftware/deployments.svg?maxAge=3600)](https://hub.docker.com/r/mendersoftware/deployments/)\n\n\nMender: Deployment Service\n==============================================\n\nMender is an open source over-the-air (OTA) software updater for embedded Linux\ndevices. Mender comprises a client running at the embedded device, as well as\na server that manages deployments across many devices.\n\nThis repository contains the Mender Deployments service, which is part of the\nMender server. The Mender server is designed as a microservices architecture\nand comprises several repositories.\n\nThe Deployment Service manages artifacts, deployments, and reports of outcome of deployments.\n\n\n![Mender logo](https://raw.githubusercontent.com/mendersoftware/mender/master/mender_logo.png)\n\n\n## Getting started\n\nTo start using Mender, we recommend that you begin with the Getting started\nsection in [the Mender documentation](https://docs.mender.io/).\n\n\n## Building from source\n\nAs the Mender server is designed as microservices architecture, it requires several\nrepositories to be built to be fully functional. If you are testing the Mender server it\nis therefore easier to follow the getting started section above as it integrates these\nservices.\n\nIf you would like to build the Deployments Service independently, you can follow\nthese steps:\n\n```\ngit clone https://github.com/mendersoftware/deployments.git\ncd deployments\ngo build\n```\n\n## Configuration\n\nThe service can be configured by:\n* providing configuration file (supports JSON, TOML, YAML and HCL formatting).\nThe default configuration file is provided to be downloaded from [config.yaml](https://github.com/mendersoftware/deployments/blob/master/config.yaml).\n* setting environment variables. The service will check for a environment variable\nwith a name matching the key uppercased and prefixed with DEPLOYMENTS_.\nEg. for \"listen\" the variable name is \"DEPLOYMENTS_LISTEN\".\n\nApplication requirements:\n* Access to AWS S3 bucket, keys can be configured in several ways, documented in the configuration file.\n* Access to MongoDB instance and configured in config file. [Installation instructions](https://www.mongodb.org/downloads#)\n* Access to Mender Gateway with Integration API access.\n\n## Contributing\n\nWe welcome and ask for your contribution. If you would like to contribute to Mender, please read our guide on how to best get started [contributing code or\ndocumentation](https://github.com/mendersoftware/mender/blob/master/CONTRIBUTING.md).\n\n## License\n\nMender is licensed under the Apache License, Version 2.0. See\n[LICENSE](https://github.com/mendersoftware/deployments/blob/master/LICENSE) for the\nfull license text.\n\n## Security disclosure\n\nWe take security very seriously. If you come across any issue regarding\nsecurity, please disclose the information by sending an email to\n[security@mender.io](security@mender.io). Please do not create a new public\nissue. We thank you in advance for your cooperation.\n\n## Connect with us\n\n* Join the [Mender Hub discussion forum](https://hub.mender.io)\n* Follow us on [Twitter](https://twitter.com/mender_io). Please\n  feel free to tweet us questions.\n* Fork us on [Github](https://github.com/mendersoftware)\n* Create an issue in the [bugtracker](https://northerntech.atlassian.net/projects/MEN)\n* Email us at [contact@mender.io](mailto:contact@mender.io)\n* Connect to the [#mender IRC channel on Libera](https://web.libera.chat/?#mender)\n","funding_links":[],"categories":["Hardware Com"],"sub_categories":["Others"],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fmendersoftware%2Fdeployments","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fmendersoftware%2Fdeployments","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fmendersoftware%2Fdeployments/lists"}