{"id":37088892,"url":"https://github.com/oasisprotocol/tendermint","last_synced_at":"2026-01-14T10:54:46.098Z","repository":{"id":38242564,"uuid":"155842170","full_name":"oasisprotocol/tendermint","owner":"oasisprotocol","description":"⟁ Tendermint Core (BFT Consensus) in Go","archived":true,"fork":true,"pushed_at":"2022-12-13T07:16:58.000Z","size":99518,"stargazers_count":3,"open_issues_count":9,"forks_count":3,"subscribers_count":15,"default_branch":"v0.34.23-oasis","last_synced_at":"2025-08-14T15:20:01.219Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":"https://tendermint.com/","language":"Go","has_issues":false,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":"tendermint/tendermint","license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/oasisprotocol.png","metadata":{"files":{"readme":"README.md","changelog":"CHANGELOG.md","contributing":"CONTRIBUTING.md","funding":null,"license":"LICENSE","code_of_conduct":"CODE_OF_CONDUCT.md","threat_model":null,"audit":null,"citation":null,"codeowners":".github/CODEOWNERS","security":"SECURITY.md","support":null}},"created_at":"2018-11-02T09:16:37.000Z","updated_at":"2024-04-18T15:12:50.000Z","dependencies_parsed_at":null,"dependency_job_id":null,"html_url":"https://github.com/oasisprotocol/tendermint","commit_stats":null,"previous_names":["oasislabs/tendermint"],"tags_count":100,"template":false,"template_full_name":null,"purl":"pkg:github/oasisprotocol/tendermint","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/oasisprotocol%2Ftendermint","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/oasisprotocol%2Ftendermint/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/oasisprotocol%2Ftendermint/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/oasisprotocol%2Ftendermint/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/oasisprotocol","download_url":"https://codeload.github.com/oasisprotocol/tendermint/tar.gz/refs/heads/v0.34.23-oasis","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/oasisprotocol%2Ftendermint/sbom","scorecard":{"id":700647,"data":{"date":"2025-08-11","repo":{"name":"github.com/oasisprotocol/tendermint","commit":"cb494d2b056fa22412f022d3a991d14a7c790dde"},"scorecard":{"version":"v5.2.1-40-gf6ed084d","commit":"f6ed084d17c9236477efd66e5b258b9d4cc7b389"},"score":3.6,"checks":[{"name":"Maintained","score":0,"reason":"project is archived","details":["Warn: Repository is archived."],"documentation":{"short":"Determines if the project is \"actively maintained\".","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#maintained"}},{"name":"Security-Policy","score":10,"reason":"security policy file detected","details":["Info: security policy file detected: SECURITY.md:1","Info: Found linked content: SECURITY.md:1","Info: Found disclosure, vulnerability, and/or timelines in security policy: SECURITY.md:1","Info: Found text in security policy: SECURITY.md:1"],"documentation":{"short":"Determines if the project has published a security policy.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#security-policy"}},{"name":"CII-Best-Practices","score":0,"reason":"no effort to earn an OpenSSF best practices badge detected","details":null,"documentation":{"short":"Determines if the project has an OpenSSF (formerly CII) Best Practices Badge.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#cii-best-practices"}},{"name":"Code-Review","score":0,"reason":"Found 0/30 approved changesets -- score normalized to 0","details":null,"documentation":{"short":"Determines if the project requires human code review before pull requests (aka merge requests) are merged.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#code-review"}},{"name":"Dangerous-Workflow","score":10,"reason":"no dangerous workflow patterns detected","details":null,"documentation":{"short":"Determines if the project's GitHub Action workflows avoid dangerous patterns.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#dangerous-workflow"}},{"name":"Token-Permissions","score":0,"reason":"detected GitHub workflow tokens with excessive permissions","details":["Info: topLevel 'contents' permission set to 'read': .github/workflows/check-generated.yml:13","Warn: no topLevel permission defined: .github/workflows/coverage.yml:1","Warn: no topLevel permission defined: .github/workflows/docker.yml:1","Warn: no topLevel permission defined: .github/workflows/e2e-manual.yml:1","Warn: no topLevel permission defined: .github/workflows/e2e-nightly-34x.yml:1","Warn: no topLevel permission defined: .github/workflows/e2e-nightly-master.yml:1","Warn: no topLevel permission defined: .github/workflows/e2e.yml:1","Warn: no topLevel permission defined: .github/workflows/fuzz-nightly.yml:1","Warn: no topLevel permission defined: .github/workflows/lint.yml:1","Warn: no topLevel permission defined: .github/workflows/linter.yml:1","Warn: no topLevel permission defined: .github/workflows/proto-lint.yml:1","Warn: no topLevel permission defined: .github/workflows/release.yml:1","Warn: no topLevel permission defined: .github/workflows/stale.yml:1","Warn: no topLevel permission defined: .github/workflows/tests.yml:1","Info: no jobLevel write permissions found"],"documentation":{"short":"Determines if the project's workflows follow the principle of least privilege.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#token-permissions"}},{"name":"Signed-Releases","score":-1,"reason":"no releases found","details":null,"documentation":{"short":"Determines if the project cryptographically signs release artifacts.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#signed-releases"}},{"name":"License","score":10,"reason":"license file detected","details":["Info: project has a license file: LICENSE:0","Info: FSF or OSI recognized license: Apache License 2.0: LICENSE:0"],"documentation":{"short":"Determines if the project has defined a license.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#license"}},{"name":"SAST","score":0,"reason":"no SAST tool detected","details":["Warn: no pull requests merged into dev branch"],"documentation":{"short":"Determines if the project uses static code analysis.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#sast"}},{"name":"Fuzzing","score":0,"reason":"project is not fuzzed","details":["Warn: no fuzzer integrations found"],"documentation":{"short":"Determines if the project uses fuzzing.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#fuzzing"}},{"name":"Binary-Artifacts","score":10,"reason":"no binaries found in the repo","details":null,"documentation":{"short":"Determines if the project has generated executable (binary) artifacts in the source repository.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#binary-artifacts"}},{"name":"Packaging","score":-1,"reason":"packaging workflow not detected","details":["Warn: no GitHub/GitLab publishing workflow detected."],"documentation":{"short":"Determines if the project is published as a package that others can easily download, install, easily update, and uninstall.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#packaging"}},{"name":"Branch-Protection","score":5,"reason":"branch protection is not maximal on development and all release branches","details":["Info: 'allow deletion' disabled on branch 'v0.34.23-oasis'","Info: 'force pushes' disabled on branch 'v0.34.23-oasis'","Warn: 'branch protection settings apply to administrators' is disabled on branch 'v0.34.23-oasis'","Warn: 'stale review dismissal' is disabled on branch 'v0.34.23-oasis'","Warn: required approving review count is 1 on branch 'v0.34.23-oasis'","Warn: codeowners review is not required on branch 'v0.34.23-oasis'","Warn: 'last push approval' is disabled on branch 'v0.34.23-oasis'","Warn: no status checks found to merge onto branch 'v0.34.23-oasis'","Info: PRs are required in order to make changes on branch 'v0.34.23-oasis'"],"documentation":{"short":"Determines if the default and release branches are protected with GitHub's branch protection settings.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#branch-protection"}},{"name":"Pinned-Dependencies","score":0,"reason":"dependency not pinned by hash detected -- score normalized to 0","details":["Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/check-generated.yml:45: update your workflow using https://app.stepsecurity.io/secureworkflow/oasisprotocol/tendermint/check-generated.yml/v0.34.23-oasis?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/check-generated.yml:49: update your workflow using https://app.stepsecurity.io/secureworkflow/oasisprotocol/tendermint/check-generated.yml/v0.34.23-oasis?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/check-generated.yml:19: update your workflow using https://app.stepsecurity.io/secureworkflow/oasisprotocol/tendermint/check-generated.yml/v0.34.23-oasis?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/check-generated.yml:23: update your workflow using https://app.stepsecurity.io/secureworkflow/oasisprotocol/tendermint/check-generated.yml/v0.34.23-oasis?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/coverage.yml:94: update your workflow using https://app.stepsecurity.io/secureworkflow/oasisprotocol/tendermint/coverage.yml/v0.34.23-oasis?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/coverage.yml:95: update your workflow using https://app.stepsecurity.io/secureworkflow/oasisprotocol/tendermint/coverage.yml/v0.34.23-oasis?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/coverage.yml:101: update your workflow using https://app.stepsecurity.io/secureworkflow/oasisprotocol/tendermint/coverage.yml/v0.34.23-oasis?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/coverage.yml:105: update your workflow using https://app.stepsecurity.io/secureworkflow/oasisprotocol/tendermint/coverage.yml/v0.34.23-oasis?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/coverage.yml:109: update your workflow using https://app.stepsecurity.io/secureworkflow/oasisprotocol/tendermint/coverage.yml/v0.34.23-oasis?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/coverage.yml:113: update your workflow using https://app.stepsecurity.io/secureworkflow/oasisprotocol/tendermint/coverage.yml/v0.34.23-oasis?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/coverage.yml:120: update your workflow using https://app.stepsecurity.io/secureworkflow/oasisprotocol/tendermint/coverage.yml/v0.34.23-oasis?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/coverage.yml:13: update your workflow using https://app.stepsecurity.io/secureworkflow/oasisprotocol/tendermint/coverage.yml/v0.34.23-oasis?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/coverage.yml:19: update your workflow using https://app.stepsecurity.io/secureworkflow/oasisprotocol/tendermint/coverage.yml/v0.34.23-oasis?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/coverage.yml:23: update your workflow using https://app.stepsecurity.io/secureworkflow/oasisprotocol/tendermint/coverage.yml/v0.34.23-oasis?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/coverage.yml:27: update your workflow using https://app.stepsecurity.io/secureworkflow/oasisprotocol/tendermint/coverage.yml/v0.34.23-oasis?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/coverage.yml:31: update your workflow using https://app.stepsecurity.io/secureworkflow/oasisprotocol/tendermint/coverage.yml/v0.34.23-oasis?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/coverage.yml:45: update your workflow using https://app.stepsecurity.io/secureworkflow/oasisprotocol/tendermint/coverage.yml/v0.34.23-oasis?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/coverage.yml:48: update your workflow using https://app.stepsecurity.io/secureworkflow/oasisprotocol/tendermint/coverage.yml/v0.34.23-oasis?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/coverage.yml:49: update your workflow using https://app.stepsecurity.io/secureworkflow/oasisprotocol/tendermint/coverage.yml/v0.34.23-oasis?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/coverage.yml:67: update your workflow using https://app.stepsecurity.io/secureworkflow/oasisprotocol/tendermint/coverage.yml/v0.34.23-oasis?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/coverage.yml:70: update your workflow using https://app.stepsecurity.io/secureworkflow/oasisprotocol/tendermint/coverage.yml/v0.34.23-oasis?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/coverage.yml:71: update your workflow using https://app.stepsecurity.io/secureworkflow/oasisprotocol/tendermint/coverage.yml/v0.34.23-oasis?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/coverage.yml:77: update your workflow using https://app.stepsecurity.io/secureworkflow/oasisprotocol/tendermint/coverage.yml/v0.34.23-oasis?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/coverage.yml:85: update your workflow using https://app.stepsecurity.io/secureworkflow/oasisprotocol/tendermint/coverage.yml/v0.34.23-oasis?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/docker.yml:17: update your workflow using https://app.stepsecurity.io/secureworkflow/oasisprotocol/tendermint/docker.yml/v0.34.23-oasis?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/docker.yml:38: update your workflow using https://app.stepsecurity.io/secureworkflow/oasisprotocol/tendermint/docker.yml/v0.34.23-oasis?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/docker.yml:43: update your workflow using https://app.stepsecurity.io/secureworkflow/oasisprotocol/tendermint/docker.yml/v0.34.23-oasis?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/docker.yml:47: update your workflow using https://app.stepsecurity.io/secureworkflow/oasisprotocol/tendermint/docker.yml/v0.34.23-oasis?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/docker.yml:53: update your workflow using https://app.stepsecurity.io/secureworkflow/oasisprotocol/tendermint/docker.yml/v0.34.23-oasis?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/e2e-manual.yml:17: update your workflow using https://app.stepsecurity.io/secureworkflow/oasisprotocol/tendermint/e2e-manual.yml/v0.34.23-oasis?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/e2e-manual.yml:21: update your workflow using https://app.stepsecurity.io/secureworkflow/oasisprotocol/tendermint/e2e-manual.yml/v0.34.23-oasis?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/e2e-nightly-34x.yml:24: update your workflow using https://app.stepsecurity.io/secureworkflow/oasisprotocol/tendermint/e2e-nightly-34x.yml/v0.34.23-oasis?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/e2e-nightly-34x.yml:28: update your workflow using https://app.stepsecurity.io/secureworkflow/oasisprotocol/tendermint/e2e-nightly-34x.yml/v0.34.23-oasis?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/e2e-nightly-master.yml:23: update your workflow using https://app.stepsecurity.io/secureworkflow/oasisprotocol/tendermint/e2e-nightly-master.yml/v0.34.23-oasis?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/e2e-nightly-master.yml:27: update your workflow using https://app.stepsecurity.io/secureworkflow/oasisprotocol/tendermint/e2e-nightly-master.yml/v0.34.23-oasis?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/e2e.yml:16: update your workflow using https://app.stepsecurity.io/secureworkflow/oasisprotocol/tendermint/e2e.yml/v0.34.23-oasis?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/e2e.yml:19: update your workflow using https://app.stepsecurity.io/secureworkflow/oasisprotocol/tendermint/e2e.yml/v0.34.23-oasis?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/e2e.yml:20: update your workflow using https://app.stepsecurity.io/secureworkflow/oasisprotocol/tendermint/e2e.yml/v0.34.23-oasis?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/fuzz-nightly.yml:12: update your workflow using https://app.stepsecurity.io/secureworkflow/oasisprotocol/tendermint/fuzz-nightly.yml/v0.34.23-oasis?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/fuzz-nightly.yml:16: update your workflow using https://app.stepsecurity.io/secureworkflow/oasisprotocol/tendermint/fuzz-nightly.yml/v0.34.23-oasis?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/fuzz-nightly.yml:48: update your workflow using https://app.stepsecurity.io/secureworkflow/oasisprotocol/tendermint/fuzz-nightly.yml/v0.34.23-oasis?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/fuzz-nightly.yml:55: update your workflow using https://app.stepsecurity.io/secureworkflow/oasisprotocol/tendermint/fuzz-nightly.yml/v0.34.23-oasis?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/lint.yml:16: update your workflow using https://app.stepsecurity.io/secureworkflow/oasisprotocol/tendermint/lint.yml/v0.34.23-oasis?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/lint.yml:17: update your workflow using https://app.stepsecurity.io/secureworkflow/oasisprotocol/tendermint/lint.yml/v0.34.23-oasis?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/lint.yml:20: update your workflow using https://app.stepsecurity.io/secureworkflow/oasisprotocol/tendermint/lint.yml/v0.34.23-oasis?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/lint.yml:26: update your workflow using https://app.stepsecurity.io/secureworkflow/oasisprotocol/tendermint/lint.yml/v0.34.23-oasis?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/linter.yml:22: update your workflow using https://app.stepsecurity.io/secureworkflow/oasisprotocol/tendermint/linter.yml/v0.34.23-oasis?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/linter.yml:24: update your workflow using https://app.stepsecurity.io/secureworkflow/oasisprotocol/tendermint/linter.yml/v0.34.23-oasis?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/proto-lint.yml:17: update your workflow using https://app.stepsecurity.io/secureworkflow/oasisprotocol/tendermint/proto-lint.yml/v0.34.23-oasis?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/proto-lint.yml:18: update your workflow using https://app.stepsecurity.io/secureworkflow/oasisprotocol/tendermint/proto-lint.yml/v0.34.23-oasis?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/proto-lint.yml:19: update your workflow using https://app.stepsecurity.io/secureworkflow/oasisprotocol/tendermint/proto-lint.yml/v0.34.23-oasis?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release.yml:13: update your workflow using https://app.stepsecurity.io/secureworkflow/oasisprotocol/tendermint/release.yml/v0.34.23-oasis?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release.yml:17: update your workflow using https://app.stepsecurity.io/secureworkflow/oasisprotocol/tendermint/release.yml/v0.34.23-oasis?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/release.yml:24: update your workflow using https://app.stepsecurity.io/secureworkflow/oasisprotocol/tendermint/release.yml/v0.34.23-oasis?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/stale.yml:10: update your workflow using https://app.stepsecurity.io/secureworkflow/oasisprotocol/tendermint/stale.yml/v0.34.23-oasis?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/tests.yml:16: update your workflow using https://app.stepsecurity.io/secureworkflow/oasisprotocol/tendermint/tests.yml/v0.34.23-oasis?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/tests.yml:26: update your workflow using https://app.stepsecurity.io/secureworkflow/oasisprotocol/tendermint/tests.yml/v0.34.23-oasis?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/tests.yml:29: update your workflow using https://app.stepsecurity.io/secureworkflow/oasisprotocol/tendermint/tests.yml/v0.34.23-oasis?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/tests.yml:30: update your workflow using https://app.stepsecurity.io/secureworkflow/oasisprotocol/tendermint/tests.yml/v0.34.23-oasis?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/tests.yml:39: update your workflow using https://app.stepsecurity.io/secureworkflow/oasisprotocol/tendermint/tests.yml/v0.34.23-oasis?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/tests.yml:47: update your workflow using https://app.stepsecurity.io/secureworkflow/oasisprotocol/tendermint/tests.yml/v0.34.23-oasis?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/tests.yml:58: update your workflow using https://app.stepsecurity.io/secureworkflow/oasisprotocol/tendermint/tests.yml/v0.34.23-oasis?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/tests.yml:61: update your workflow using https://app.stepsecurity.io/secureworkflow/oasisprotocol/tendermint/tests.yml/v0.34.23-oasis?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/tests.yml:62: update your workflow using https://app.stepsecurity.io/secureworkflow/oasisprotocol/tendermint/tests.yml/v0.34.23-oasis?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/tests.yml:68: update your workflow using https://app.stepsecurity.io/secureworkflow/oasisprotocol/tendermint/tests.yml/v0.34.23-oasis?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/tests.yml:75: update your workflow using https://app.stepsecurity.io/secureworkflow/oasisprotocol/tendermint/tests.yml/v0.34.23-oasis?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/tests.yml:90: update your workflow using https://app.stepsecurity.io/secureworkflow/oasisprotocol/tendermint/tests.yml/v0.34.23-oasis?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/tests.yml:93: update your workflow using https://app.stepsecurity.io/secureworkflow/oasisprotocol/tendermint/tests.yml/v0.34.23-oasis?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/tests.yml:94: update your workflow using https://app.stepsecurity.io/secureworkflow/oasisprotocol/tendermint/tests.yml/v0.34.23-oasis?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/tests.yml:100: update your workflow using https://app.stepsecurity.io/secureworkflow/oasisprotocol/tendermint/tests.yml/v0.34.23-oasis?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/tests.yml:107: update your workflow using https://app.stepsecurity.io/secureworkflow/oasisprotocol/tendermint/tests.yml/v0.34.23-oasis?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/tests.yml:121: update your workflow using https://app.stepsecurity.io/secureworkflow/oasisprotocol/tendermint/tests.yml/v0.34.23-oasis?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/tests.yml:124: update your workflow using https://app.stepsecurity.io/secureworkflow/oasisprotocol/tendermint/tests.yml/v0.34.23-oasis?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/tests.yml:125: update your workflow using https://app.stepsecurity.io/secureworkflow/oasisprotocol/tendermint/tests.yml/v0.34.23-oasis?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/tests.yml:131: update your workflow using https://app.stepsecurity.io/secureworkflow/oasisprotocol/tendermint/tests.yml/v0.34.23-oasis?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/tests.yml:138: update your workflow using https://app.stepsecurity.io/secureworkflow/oasisprotocol/tendermint/tests.yml/v0.34.23-oasis?enable=pin","Warn: containerImage not pinned by hash: DOCKER/Dockerfile:2","Warn: containerImage not pinned by hash: DOCKER/Dockerfile:11: pin your Docker image by updating golang:1.18-alpine to golang:1.18-alpine@sha256:77f25981bd57e60a510165f3be89c901aec90453fd0f1c5a45691f6cb1528807","Warn: containerImage not pinned by hash: DOCKER/Dockerfile.build_c-amazonlinux:1: pin your Docker image by updating amazonlinux:2 to amazonlinux:2@sha256:a48f2b8789b7dbb3cfd055bdb141556d186c4fa478c5c390e9c63c2cb6eee5a0","Warn: containerImage not pinned by hash: DOCKER/Dockerfile.testing:1: pin your Docker image by updating golang:latest to golang:latest@sha256:9e56f0d0f043a68bb8c47c819e47dc29f6e8f5129b8885bed9d43f058f7f3ed6","Warn: containerImage not pinned by hash: networks/local/localnode/Dockerfile:1: pin your Docker image by updating alpine:3.7 to alpine:3.7@sha256:8421d9a84432575381bfabd248f1eb56f3aa21d9d7cd2511583c68c9b7511d10","Warn: containerImage not pinned by hash: spec/ivy-proofs/Dockerfile:2: pin your Docker image by updating debian:buster to debian:buster@sha256:58ce6f1271ae1c8a2006ff7d3e54e9874d839f573d8009c20154ad0f2fb0a225","Warn: containerImage not pinned by hash: test/docker/Dockerfile:1: pin your Docker image by updating golang:1.18 to golang:1.18@sha256:50c889275d26f816b5314fc99f55425fa76b18fcaf16af255f5d57f09e1f48da","Warn: containerImage not pinned by hash: test/e2e/docker/Dockerfile:4: pin your Docker image by updating golang:1.18 to golang:1.18@sha256:50c889275d26f816b5314fc99f55425fa76b18fcaf16af255f5d57f09e1f48da","Warn: containerImage not pinned by hash: tools/proto/Dockerfile:1","Warn: containerImage not pinned by hash: tools/proto/Dockerfile:3","Warn: containerImage not pinned by hash: tools/proto/Dockerfile:18: pin your Docker image by updating alpine:edge to alpine:edge@sha256:115729ec5cb049ba6359c3ab005ac742012d92bbaa5b8bc1a878f1e8f62c0cb8","Warn: containerImage not pinned by hash: tools/tm-signer-harness/Dockerfile:2","Warn: pipCommand not pinned by hash: spec/ivy-proofs/Dockerfile:31","Warn: pipCommand not pinned by hash: networks/remote/integration.sh:60","Warn: npmCommand not pinned by hash: scripts/get_nodejs.sh:13","Warn: goCommand not pinned by hash: .github/workflows/check-generated.yml:63","Warn: goCommand not pinned by hash: .github/workflows/check-generated.yml:64","Warn: goCommand not pinned by hash: .github/workflows/fuzz-nightly.yml:21","Info:   0 out of  56 GitHub-owned GitHubAction dependencies pinned","Info:   5 out of  25 third-party GitHubAction dependencies pinned","Info:   0 out of  12 containerImage dependencies pinned","Info:   0 out of   2 pipCommand dependencies pinned","Info:   0 out of   1 npmCommand dependencies pinned","Info:   0 out of   3 goCommand dependencies pinned"],"documentation":{"short":"Determines if the project has declared and pinned the dependencies of its build process.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#pinned-dependencies"}},{"name":"Vulnerabilities","score":0,"reason":"129 existing vulnerabilities detected","details":["Warn: Project is vulnerable to: GHSA-968p-4wvh-cqc8","Warn: Project is vulnerable to: GHSA-67hx-6x53-jw92","Warn: Project is vulnerable to: GHSA-93q8-gq69-wqmw","Warn: Project is vulnerable to: GHSA-fwr7-v2mv-hh25","Warn: Project is vulnerable to: GHSA-4w2v-q235-vp99","Warn: Project is vulnerable to: GHSA-cph5-m8f7-6c5x","Warn: Project is vulnerable to: GHSA-wf5p-g6vw-rhxx","Warn: Project is vulnerable to: GHSA-jr5f-v2jv-69x6","Warn: Project is vulnerable to: GHSA-qwcr-r2fm-qrc7","Warn: Project is vulnerable to: GHSA-v6h2-p8h4-qcjw","Warn: Project is vulnerable to: GHSA-grv7-fg5c-xmjg","Warn: Project is vulnerable to: GHSA-x9w5-v3q2-3rhw","Warn: Project is vulnerable to: GHSA-pxg6-pf52-xh8x","Warn: Project is vulnerable to: GHSA-3xgq-45jj-v275","Warn: Project is vulnerable to: GHSA-w573-4hg7-7wgq","Warn: Project is vulnerable to: GHSA-434g-2637-qmqr","Warn: Project is vulnerable to: GHSA-49q7-c7j4-3p7m","Warn: Project is vulnerable to: GHSA-977x-g7h5-7qgw","Warn: Project is vulnerable to: GHSA-f7q4-pwc6-w24p","Warn: Project is vulnerable to: GHSA-fc9h-whq2-v747","Warn: Project is vulnerable to: GHSA-vjh7-7g9h-fjfh","Warn: Project is vulnerable to: GHSA-67mh-4wv8-2f99","Warn: Project is vulnerable to: GHSA-6h5x-7c5m-7cr7","Warn: Project is vulnerable to: GHSA-rv95-896h-c2vc","Warn: Project is vulnerable to: GHSA-qw6h-vgh9-j6wx","Warn: Project is vulnerable to: GHSA-pw2r-vq6v-hr8c","Warn: Project is vulnerable to: GHSA-jchw-25xp-jwwc","Warn: Project is vulnerable to: GHSA-cxjh-pqwp-8mfp","Warn: Project is vulnerable to: GHSA-74fj-2j2h-c42q","Warn: Project is vulnerable to: GHSA-fjxv-7rqg-78g4","Warn: Project is vulnerable to: GHSA-pfrx-2q88-qq97","Warn: Project is vulnerable to: GHSA-7wwv-vh3v-89cq","Warn: Project is vulnerable to: GHSA-pfq8-rq6v-vf5m","Warn: Project is vulnerable to: GHSA-rc47-6667-2j5j","Warn: Project is vulnerable to: GHSA-c7qv-q95q-8v27","Warn: Project is vulnerable to: GHSA-4www-5p9h-95mh","Warn: Project is vulnerable to: GHSA-9gqv-wp59-fq42","Warn: Project is vulnerable to: GHSA-78xj-cgh5-2h22","Warn: Project is vulnerable to: GHSA-2p57-rm9w-gvfp","Warn: Project is vulnerable to: GHSA-9c47-m6qq-7p4h","Warn: Project is vulnerable to: GHSA-76p3-8jx3-jpfq","Warn: Project is vulnerable to: GHSA-3rfm-jhwj-7488","Warn: Project is vulnerable to: GHSA-hhq3-ff78-jv3g","Warn: Project is vulnerable to: GHSA-35jh-r3h4-6jhm","Warn: Project is vulnerable to: GHSA-6vfc-qv3f-vr6c","Warn: Project is vulnerable to: GHSA-952p-6rrq-rcjv","Warn: Project is vulnerable to: GHSA-f8q6-p94x-37v3","Warn: Project is vulnerable to: GHSA-5rrq-pxf6-6jx5","Warn: Project is vulnerable to: GHSA-8fr3-hfg3-gpgp","Warn: Project is vulnerable to: GHSA-gf8q-jrpm-jvxq","Warn: Project is vulnerable to: GHSA-2r2c-g63r-vccr","Warn: Project is vulnerable to: GHSA-cfm4-qjh2-4765","Warn: Project is vulnerable to: GHSA-x4jg-mjrx-434g","Warn: Project is vulnerable to: GHSA-rp65-9cf3-cjxr","Warn: Project is vulnerable to: GHSA-76c9-3jph-rj3q","Warn: Project is vulnerable to: GHSA-9wv6-86v2-598j","Warn: Project is vulnerable to: GHSA-rhx6-c78j-4q9w","Warn: Project is vulnerable to: GHSA-h7cp-r72f-jxh6","Warn: Project is vulnerable to: GHSA-v62p-rq8g-8h59","Warn: Project is vulnerable to: GHSA-7fh5-64p2-3v2j","Warn: Project is vulnerable to: GHSA-3949-f494-cm99","Warn: Project is vulnerable to: GHSA-x7hr-w5r2-h6wg","Warn: Project is vulnerable to: GHSA-3965-hpx2-q597","Warn: Project is vulnerable to: GHSA-hrpp-h998-j3pp","Warn: Project is vulnerable to: GHSA-p8p7-x288-28g6","Warn: Project is vulnerable to: GHSA-c2qf-rxjj-qqgw","Warn: Project is vulnerable to: GHSA-m6fv-jmcg-4jfg","Warn: Project is vulnerable to: GHSA-cm22-4g7w-348p","Warn: Project is vulnerable to: GHSA-4wf5-vphf-c2xc","Warn: Project is vulnerable to: GHSA-72xf-g2v4-qvf3","Warn: Project is vulnerable to: GHSA-5j4c-8p2g-v4jx","Warn: Project is vulnerable to: GHSA-g3ch-rx76-35fx","Warn: Project is vulnerable to: GHSA-wr3j-pwj9-hqq6","Warn: Project is vulnerable to: GHSA-4v9v-hfq4-rm2v","Warn: Project is vulnerable to: GHSA-9jgg-88mc-972h","Warn: Project is vulnerable to: GHSA-3h5v-q93c-6h6q","Warn: Project is vulnerable to: GO-2022-1098 / GHSA-2chg-86hq-7w38","Warn: Project is vulnerable to: GO-2024-2818 / GHSA-3jgf-r68h-xfqm","Warn: Project is vulnerable to: GO-2024-3189 / GHSA-27vh-h6mc-q6g8","Warn: Project is vulnerable to: GO-2022-1147 / GHSA-2qjp-425j-52j9","Warn: Project is vulnerable to: GO-2023-1573 / GHSA-259w-8hf6-59c2","Warn: Project is vulnerable to: GO-2023-1574 / GHSA-hmfx-3pcx-653p","Warn: Project is vulnerable to: GO-2023-2412 / GHSA-7ww5-4wqc-m92c","Warn: Project is vulnerable to: GO-2025-3528 / GHSA-265r-hfxg-fhmg","Warn: Project is vulnerable to: GHSA-hqxw-f8mx-cpmw","Warn: Project is vulnerable to: GO-2022-1107 / GHSA-vp35-85q5-9f25","Warn: Project is vulnerable to: GO-2023-1699 / GHSA-232p-vwff-86mp","Warn: Project is vulnerable to: GO-2023-1700 / GHSA-33pg-m6jh-5237","Warn: Project is vulnerable to: GO-2023-1701 / GHSA-6wrf-mxfj-pf5p","Warn: Project is vulnerable to: GHSA-jq35-85cj-fj4p","Warn: Project is vulnerable to: GHSA-mq39-4gv4-mvpx","Warn: Project is vulnerable to: GO-2024-3005 / GHSA-v23v-6jw2-98fq","Warn: Project is vulnerable to: GO-2024-2512 / GHSA-xw73-rw38-6vjc","Warn: Project is vulnerable to: GO-2025-3829 / GHSA-4vq8-7jfc-9cvp","Warn: Project is vulnerable to: GO-2025-3770 / GHSA-vrw8-fxc6-2r93","Warn: Project is vulnerable to: GHSA-gc89-7gcr-jxqc","Warn: Project is vulnerable to: GO-2024-2494 / GHSA-4v98-7qmw-rqr8","Warn: Project is vulnerable to: GO-2024-2492 / GHSA-9p26-698r-w4hx","Warn: Project is vulnerable to: GO-2024-2493 / GHSA-m3r6-h7wv-7xxv","Warn: Project is vulnerable to: GO-2024-2497 / GHSA-wr6v-9f75-vh2g","Warn: Project is vulnerable to: GO-2023-1683 / GHSA-g2j6-57v7-gm8c","Warn: Project is vulnerable to: GO-2023-1682 / GHSA-m8cg-xc2p-r3fc","Warn: Project is vulnerable to: GO-2023-1627 / GHSA-vpvm-3wq2-2wvm","Warn: Project is vulnerable to: GO-2024-2491 / GHSA-xr7r-f8xq-vfvv","Warn: Project is vulnerable to: GO-2024-3110 / GHSA-jfvp-7x6p-h2pv","Warn: Project is vulnerable to: GO-2023-2331 / GHSA-8pgv-569h-w5rw","Warn: Project is vulnerable to: GO-2023-2402 / GHSA-45x7-px36-x8w8","Warn: Project is vulnerable to: GO-2024-3321 / GHSA-v778-237x-gjrc","Warn: Project is vulnerable to: GO-2025-3487 / GHSA-hcg3-q754-cr77","Warn: Project is vulnerable to: GO-2023-1495 / GHSA-fxg5-wq6x-vr4w","Warn: Project is vulnerable to: GO-2022-1144 / GHSA-xrjj-mj9h-534m","Warn: Project is vulnerable to: GO-2023-1571 / GHSA-vvpx-j8f3-3w6h","Warn: Project is vulnerable to: GO-2023-1988 / GHSA-2wrh-6pvc-2jm9","Warn: Project is vulnerable to: GO-2023-2102 / GHSA-4374-p667-p6c8","Warn: Project is vulnerable to: GO-2023-2153 / GHSA-m425-mq94-257g / GHSA-qppj-fm5r-hxr3","Warn: Project is vulnerable to: GO-2024-2687 / GHSA-4v7x-pqxf-cx7m","Warn: Project is vulnerable to: GO-2024-3333","Warn: Project is vulnerable to: GO-2025-3503 / GHSA-qxp5-gwg8-xv66","Warn: Project is vulnerable to: GO-2025-3595 / GHSA-vvgc-356p-c3xw","Warn: Project is vulnerable to: GO-2024-2611 / GHSA-8r3f-844c-mc37","Warn: Project is vulnerable to: GHSA-6673-4983-2vx5","Warn: Project is vulnerable to: GHSA-3f63-hfp8-52jq","Warn: Project is vulnerable to: GHSA-44wm-f244-xhp3","Warn: Project is vulnerable to: PYSEC-2023-227 / GHSA-8ghj-p4vj-mr35","Warn: Project is vulnerable to: GHSA-j7hp-h8jx-5ppr","Warn: Project is vulnerable to: PYSEC-2022-42980 / GHSA-q4mp-jvh2-76fj","Warn: Project is vulnerable to: OSV-2022-1074","Warn: Project is vulnerable to: OSV-2022-715","Warn: Project is vulnerable to: PYSEC-2023-175"],"documentation":{"short":"Determines if the project has open, known unfixed vulnerabilities.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#vulnerabilities"}}]},"last_synced_at":"2025-08-22T05:08:24.554Z","repository_id":38242564,"created_at":"2025-08-22T05:08:24.555Z","updated_at":"2025-08-22T05:08:24.555Z"},"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":28417732,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-01-14T10:47:48.104Z","status":"ssl_error","status_checked_at":"2026-01-14T10:46:19.031Z","response_time":107,"last_error":"SSL_connect returned=1 errno=0 peeraddr=140.82.121.6:443 state=error: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2026-01-14T10:54:45.500Z","updated_at":"2026-01-14T10:54:46.091Z","avatar_url":"https://github.com/oasisprotocol.png","language":"Go","funding_links":[],"categories":[],"sub_categories":[],"readme":"# Tendermint\n\n![banner](docs/tendermint-core-image.jpg)\n\n[Byzantine-Fault Tolerant][bft] [State Machine Replication][smr]. Or\n[Blockchain], for short.\n\n[![Version][version-badge]][version-url]\n[![API Reference][api-badge]][api-url]\n[![Go version][go-badge]][go-url]\n[![Discord chat][discord-badge]][discord-url]\n[![License][license-badge]][license-url]\n[![Sourcegraph][sg-badge]][sg-url]\n\n| Branch | Tests                              | Linting                         |\n|--------|------------------------------------|---------------------------------|\n| main   | [![Tests][tests-badge]][tests-url] | [![Lint][lint-badge]][lint-url] |\n\nTendermint Core is a Byzantine Fault Tolerant (BFT) middleware that takes a\nstate transition machine - written in any programming language - and securely\nreplicates it on many machines.\n\nFor protocol details, refer to the [Tendermint Specification](./spec/README.md).\n\nFor detailed analysis of the consensus protocol, including safety and liveness\nproofs, read our paper, \"[The latest gossip on BFT\nconsensus](https://arxiv.org/abs/1807.04938)\".\n\n## Documentation\n\nComplete documentation can be found on the\n[website](https://docs.tendermint.com/).\n\n## Releases\n\nPlease do not depend on `main` as your production branch. Use\n[releases](https://github.com/tendermint/tendermint/releases) instead.\n\nTendermint has been in the production of private and public environments, most\nnotably the blockchains of the Cosmos Network. we haven't released v1.0 yet\nsince we are making breaking changes to the protocol and the APIs. See below for\nmore details about [versioning](#versioning).\n\nIn any case, if you intend to run Tendermint in production, we're happy to help.\nYou can contact us [over email](mailto:hello@interchain.io) or [join the\nchat](https://discord.gg/cosmosnetwork).\n\nMore on how releases are conducted can be found [here](./RELEASES.md).\n\n## Security\n\nTo report a security vulnerability, see our [bug bounty\nprogram](https://hackerone.com/cosmos). For examples of the kinds of bugs we're\nlooking for, see [our security policy](SECURITY.md).\n\nWe also maintain a dedicated mailing list for security updates. We will only\never use this mailing list to notify you of vulnerabilities and fixes in\nTendermint Core. You can subscribe [here](http://eepurl.com/gZ5hQD).\n\n## Minimum requirements\n\n| Requirement | Notes             |\n|-------------|-------------------|\n| Go version  | Go 1.18 or higher |\n\n### Install\n\nSee the [install instructions](./docs/introduction/install.md).\n\n### Quick Start\n\n- [Single node](./docs/introduction/quick-start.md)\n- [Local cluster using docker-compose](./docs/tools/docker-compose.md)\n- [Remote cluster using Terraform and Ansible](./docs/tools/terraform-and-ansible.md)\n\n## Contributing\n\nPlease abide by the [Code of Conduct](CODE_OF_CONDUCT.md) in all interactions.\n\nBefore contributing to the project, please take a look at the [contributing\nguidelines](CONTRIBUTING.md) and the [style guide](STYLE_GUIDE.md). You may also\nfind it helpful to read the [specifications](./spec/README.md), and familiarize\nyourself with our [Architectural Decision Records\n(ADRs)](./docs/architecture/README.md) and\n[Request For Comments (RFCs)](./docs/rfc/README.md).\n\n## Versioning\n\n### Semantic Versioning\n\nTendermint uses [Semantic Versioning](http://semver.org/) to determine when and\nhow the version changes. According to SemVer, anything in the public API can\nchange at any time before version 1.0.0\n\nTo provide some stability to users of 0.X.X versions of Tendermint, the MINOR\nversion is used to signal breaking changes across Tendermint's API. This API\nincludes all publicly exposed types, functions, and methods in non-internal Go\npackages as well as the types and methods accessible via the Tendermint RPC\ninterface.\n\nBreaking changes to these public APIs will be documented in the CHANGELOG.\n\n### Upgrades\n\nIn an effort to avoid accumulating technical debt prior to 1.0.0, we do not\nguarantee that breaking changes (ie. bumps in the MINOR version) will work with\nexisting Tendermint blockchains. In these cases you will have to start a new\nblockchain, or write something custom to get the old data into the new chain.\nHowever, any bump in the PATCH version should be compatible with existing\nblockchain histories.\n\nFor more information on upgrading, see [UPGRADING.md](./UPGRADING.md).\n\n### Supported Versions\n\nBecause we are a small core team, we only ship patch updates, including security\nupdates, to the most recent minor release and the second-most recent minor\nrelease. Consequently, we strongly recommend keeping Tendermint up-to-date.\nUpgrading instructions can be found in [UPGRADING.md](./UPGRADING.md).\n\n## Resources\n\n### Libraries\n\n- [Cosmos SDK](http://github.com/cosmos/cosmos-sdk); A framework for building\n  applications in Golang\n- [Tendermint in Rust](https://github.com/informalsystems/tendermint-rs)\n- [ABCI Tower](https://github.com/penumbra-zone/tower-abci)\n\n### Applications\n\n- [Cosmos Hub](https://hub.cosmos.network/)\n- [Terra](https://www.terra.money/)\n- [Celestia](https://celestia.org/)\n- [Anoma](https://anoma.network/)\n- [Vocdoni](https://docs.vocdoni.io/)\n\n### Research\n\n- [The latest gossip on BFT consensus](https://arxiv.org/abs/1807.04938)\n- [Master's Thesis on Tendermint](https://atrium.lib.uoguelph.ca/xmlui/handle/10214/9769)\n- [Original Whitepaper: \"Tendermint: Consensus Without Mining\"](https://tendermint.com/static/docs/tendermint.pdf)\n- [Tendermint Core Blog](https://medium.com/tendermint/tagged/tendermint-core)\n- [Cosmos Blog](https://blog.cosmos.network/tendermint/home)\n\n## Join us!\n\nTendermint Core is maintained by [Interchain GmbH](https://interchain.berlin).\nIf you'd like to work full-time on Tendermint Core,\n[we're hiring](https://interchain-gmbh.breezy.hr/)!\n\nFunding for Tendermint Core development comes primarily from the\n[Interchain Foundation](https://interchain.io), a Swiss non-profit. The\nTendermint trademark is owned by [Tendermint Inc.](https://tendermint.com), the\nfor-profit entity that also maintains [tendermint.com](https://tendermint.com).\n\n[bft]: https://en.wikipedia.org/wiki/Byzantine_fault_tolerance\n[smr]: https://en.wikipedia.org/wiki/State_machine_replication\n[Blockchain]: https://en.wikipedia.org/wiki/Blockchain\n[version-badge]: https://img.shields.io/github/tag/tendermint/tendermint.svg\n[version-url]: https://github.com/tendermint/tendermint/releases/latest\n[api-badge]: https://camo.githubusercontent.com/915b7be44ada53c290eb157634330494ebe3e30a/68747470733a2f2f676f646f632e6f72672f6769746875622e636f6d2f676f6c616e672f6764646f3f7374617475732e737667\n[api-url]: https://pkg.go.dev/github.com/tendermint/tendermint\n[go-badge]: https://img.shields.io/badge/go-1.18-blue.svg\n[go-url]: https://github.com/moovweb/gvm\n[discord-badge]: https://img.shields.io/discord/669268347736686612.svg\n[discord-url]: https://discord.gg/cosmosnetwork\n[license-badge]: https://img.shields.io/github/license/tendermint/tendermint.svg\n[license-url]: https://github.com/tendermint/tendermint/blob/main/LICENSE\n[sg-badge]: https://sourcegraph.com/github.com/tendermint/tendermint/-/badge.svg\n[sg-url]: https://sourcegraph.com/github.com/tendermint/tendermint?badge\n[tests-url]: https://github.com/tendermint/tendermint/actions/workflows/tests.yml\n[tests-badge]: https://github.com/tendermint/tendermint/actions/workflows/tests.yml/badge.svg?branch=main\n[lint-badge]: https://github.com/tendermint/tendermint/actions/workflows/lint.yml/badge.svg\n[lint-url]: https://github.com/tendermint/tendermint/actions/workflows/lint.yml\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Foasisprotocol%2Ftendermint","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Foasisprotocol%2Ftendermint","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Foasisprotocol%2Ftendermint/lists"}