{"id":35000549,"url":"https://github.com/mojohaus/wagon-maven-plugin","last_synced_at":"2025-12-27T03:37:42.856Z","repository":{"id":32128300,"uuid":"35700902","full_name":"mojohaus/wagon-maven-plugin","owner":"mojohaus","description":null,"archived":false,"fork":false,"pushed_at":"2025-11-24T17:57:42.000Z","size":1919,"stargazers_count":33,"open_issues_count":1,"forks_count":32,"subscribers_count":17,"default_branch":"master","last_synced_at":"2025-11-28T06:21:14.471Z","etag":null,"topics":["java","maven","maven-plugin","mojohaus"],"latest_commit_sha":null,"homepage":"https://www.mojohaus.org/wagon-maven-plugin/","language":"Java","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/mojohaus.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":null,"dco":null,"cla":null}},"created_at":"2015-05-15T22:58:46.000Z","updated_at":"2025-11-24T17:57:44.000Z","dependencies_parsed_at":"2023-10-30T19:29:28.872Z","dependency_job_id":"56ab19d3-fcfe-4eca-a49b-866936e4ebd4","html_url":"https://github.com/mojohaus/wagon-maven-plugin","commit_stats":null,"previous_names":[],"tags_count":10,"template":false,"template_full_name":null,"purl":"pkg:github/mojohaus/wagon-maven-plugin","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/mojohaus%2Fwagon-maven-plugin","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/mojohaus%2Fwagon-maven-plugin/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/mojohaus%2Fwagon-maven-plugin/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/mojohaus%2Fwagon-maven-plugin/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/mojohaus","download_url":"https://codeload.github.com/mojohaus/wagon-maven-plugin/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/mojohaus%2Fwagon-maven-plugin/sbom","scorecard":{"id":657321,"data":{"date":"2025-08-11","repo":{"name":"github.com/mojohaus/wagon-maven-plugin","commit":"e5c311f71baa6769375aa0dcdc2e3a4aa9689f08"},"scorecard":{"version":"v5.2.1-40-gf6ed084d","commit":"f6ed084d17c9236477efd66e5b258b9d4cc7b389"},"score":3,"checks":[{"name":"Code-Review","score":0,"reason":"Found 0/5 approved changesets -- score normalized to 0","details":null,"documentation":{"short":"Determines if the project requires human code review before pull requests (aka merge requests) are merged.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#code-review"}},{"name":"Dangerous-Workflow","score":10,"reason":"no dangerous workflow patterns detected","details":null,"documentation":{"short":"Determines if the project's GitHub Action workflows avoid dangerous patterns.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#dangerous-workflow"}},{"name":"License","score":0,"reason":"license file not detected","details":["Warn: project does not have a license file"],"documentation":{"short":"Determines if the project has defined a license.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#license"}},{"name":"Maintained","score":1,"reason":"2 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 1","details":null,"documentation":{"short":"Determines if the project is \"actively maintained\".","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#maintained"}},{"name":"CII-Best-Practices","score":0,"reason":"no effort to earn an OpenSSF best practices badge detected","details":null,"documentation":{"short":"Determines if the project has an OpenSSF (formerly CII) Best Practices Badge.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#cii-best-practices"}},{"name":"Packaging","score":-1,"reason":"packaging workflow not detected","details":["Warn: no GitHub/GitLab publishing workflow detected."],"documentation":{"short":"Determines if the project is published as a package that others can easily download, install, easily update, and uninstall.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#packaging"}},{"name":"Fuzzing","score":0,"reason":"project is not fuzzed","details":["Warn: no fuzzer integrations found"],"documentation":{"short":"Determines if the project uses fuzzing.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#fuzzing"}},{"name":"Binary-Artifacts","score":10,"reason":"no binaries found in the repo","details":null,"documentation":{"short":"Determines if the project has generated executable (binary) artifacts in the source repository.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#binary-artifacts"}},{"name":"Token-Permissions","score":0,"reason":"detected GitHub workflow tokens with excessive permissions","details":["Warn: no topLevel permission defined: .github/workflows/maven.yml:1","Warn: no topLevel permission defined: .github/workflows/release-drafter.yml:1","Warn: no topLevel permission defined: .github/workflows/stale.yml:1","Info: no jobLevel write permissions found"],"documentation":{"short":"Determines if the project's workflows follow the principle of least privilege.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#token-permissions"}},{"name":"Signed-Releases","score":-1,"reason":"no releases found","details":null,"documentation":{"short":"Determines if the project cryptographically signs release artifacts.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#signed-releases"}},{"name":"Branch-Protection","score":-1,"reason":"internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration","details":null,"documentation":{"short":"Determines if the default and release branches are protected with GitHub's branch protection settings.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#branch-protection"}},{"name":"Security-Policy","score":0,"reason":"security policy file not detected","details":["Warn: no security policy file detected","Warn: no security file to analyze","Warn: no security file to analyze","Warn: no security file to analyze"],"documentation":{"short":"Determines if the project has published a security policy.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#security-policy"}},{"name":"Pinned-Dependencies","score":0,"reason":"dependency not pinned by hash detected -- score normalized to 0","details":["Warn: third-party GitHubAction not pinned by hash: .github/workflows/maven.yml:25: update your workflow using https://app.stepsecurity.io/secureworkflow/mojohaus/wagon-maven-plugin/maven.yml/master?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/release-drafter.yml:11: update your workflow using https://app.stepsecurity.io/secureworkflow/mojohaus/wagon-maven-plugin/release-drafter.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/stale.yml:10: update your workflow using https://app.stepsecurity.io/secureworkflow/mojohaus/wagon-maven-plugin/stale.yml/master?enable=pin","Info:   0 out of   1 GitHub-owned GitHubAction dependencies pinned","Info:   0 out of   2 third-party GitHubAction dependencies pinned"],"documentation":{"short":"Determines if the project has declared and pinned the dependencies of its build process.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#pinned-dependencies"}},{"name":"SAST","score":0,"reason":"SAST tool is not run on all commits -- score normalized to 0","details":["Warn: 0 commits out of 26 are checked with a SAST tool"],"documentation":{"short":"Determines if the project uses static code analysis.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#sast"}},{"name":"Vulnerabilities","score":5,"reason":"5 existing vulnerabilities detected","details":["Warn: Project is vulnerable to: GHSA-5mg8-w23w-74h3","Warn: Project is vulnerable to: GHSA-7g45-4rm6-3mm3","Warn: Project is vulnerable to: GHSA-j288-q9x7-2f5v","Warn: Project is vulnerable to: GHSA-rhgr-952r-6p8q","Warn: Project is vulnerable to: GHSA-2f88-5hg8-9x2x"],"documentation":{"short":"Determines if the project has open, known unfixed vulnerabilities.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#vulnerabilities"}}]},"last_synced_at":"2025-08-21T15:03:47.815Z","repository_id":32128300,"created_at":"2025-08-21T15:03:47.815Z","updated_at":"2025-08-21T15:03:47.815Z"},"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":28071506,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","status":"online","status_checked_at":"2025-12-27T02:00:05.897Z","response_time":58,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["java","maven","maven-plugin","mojohaus"],"created_at":"2025-12-27T03:37:42.166Z","updated_at":"2025-12-27T03:37:42.849Z","avatar_url":"https://github.com/mojohaus.png","language":"Java","funding_links":[],"categories":[],"sub_categories":[],"readme":"# MojoHaus Wagon Maven Plugin\n\nThis is the [wagon-maven-plugin](http://www.mojohaus.org/wagon-maven-plugin/).\n\n[![Maven Central](https://img.shields.io/maven-central/v/org.codehaus.mojo/wagon-maven-plugin.svg?label=Maven%20Central)](http://search.maven.org/#search%7Cga%7C1%7Cg%3A%22org.codehaus.mojo%22%20a%3A%wagon-maven-plugin%22)\n[![Apache License 2](https://img.shields.io/badge/wagon-Apache_v2-yellow.svg)](http://www.apache.org/licenses/LICENSE-2.0.txt)\n[![GitHub CI](https://github.com/mojohaus/wagon-maven-plugin/actions/workflows/maven.yml/badge.svg)](https://github.com/mojohaus/wagon-maven-plugin/actions/workflows/maven.yml)\n\n## Maintained versions\n\nWagen Maven Plugin requires Maven 3.6.3+ and JDK 8+\n\nHowever, we maintain the latest Plugin version with the latest Maven.\n\nWe execute tests against different operating systems and JDKs\nby [GitHub Actions](https://github.com/mojohaus/wagon-maven-plugin/actions/workflows/maven.yml?query=branch%3Amaster)\n\n## Contributing\n\n### Creating Issues\n\nIf you find a problem please first search current opened and closed issues and pull requests.\nIt can be that someone already has reported similar.\n\nYou can also check current [milestone](https://github.com/mojohaus/wagon-maven-plugin/milestones)\nin order to see what will be in next release.\n\nOnly when you can not find similar issue please create a new one in the\n[ticket system](https://github.com/mojohaus/wagon-maven-plugin/issues)\nand describe what is going wrong or what you expect to happen.\n\nIf you have a full working example or a log file this is also helpful.\n\nYou should of course describe only a single issue in a single ticket and not\nmixing up several things into a single issue.\n\nPlease always check your issue with the latest Plugin and tha latest Maven version.\n\n### Creating a Pull Request\n\nBefore you start working on more complicated change, new feature\nit is good practice to create an issue in\nthe [ticket system](https://github.com/mojohaus/wagon-maven-plugin/issues)\nor send an emil to [development list](https://www.mojohaus.org/wagon-maven-plugin/mailing-lists.html)\nand describe what the problem is or what kind of feature you would like to add.\nWait a few days for feedback from other contributors.\nAfterwards you can create an appropriate pull request.\n\nIt is required if you want to get a pull request to be integrated into please\nsquash your commits into a single commit which references the optional issue\nin the commit message which looks like this:\n\n```\nFixed #Issue - change subject \n\na description\n```\n\nPlease take consider that change subject will be used in release notes\nand will be present in git history so should be enough descriptive.\n\nThis makes it simpler to merge it and this will also close the\nappropriate issue automatically in one go.\nThis make the life as maintainer a little bit easier.\n\nA pull request has to fulfill only a single ticket and should never\ncreate/add/fix several issues in one, cause otherwise the history is hard to\nread and to understand and makes the maintenance of the issues and pull request\nhard or to be honest impossible.\n\n## Releasing\n\n* Make sure `gpg-agent` is running.\n* Execute `./mvnw -B release:prepare release:perform`\n\nFor publishing the site do the following:\n\n```\ncd target/checkout\n../mvnw site\n../mvnw scm-publish:publish-scm\n```\n\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fmojohaus%2Fwagon-maven-plugin","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fmojohaus%2Fwagon-maven-plugin","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fmojohaus%2Fwagon-maven-plugin/lists"}