{"id":31322848,"url":"https://github.com/obecker/decycle","last_synced_at":"2025-09-25T19:23:49.522Z","repository":{"id":45080275,"uuid":"212862143","full_name":"obecker/decycle","owner":"obecker","description":"Perform package cycle dependency checks in JVM projects (Java, Groovy, Scala, Kotlin, ...)","archived":false,"fork":false,"pushed_at":"2025-09-19T07:30:57.000Z","size":832,"stargazers_count":13,"open_issues_count":3,"forks_count":3,"subscribers_count":1,"default_branch":"master","last_synced_at":"2025-09-19T09:36:26.738Z","etag":null,"topics":["code-quality","gradle","gradle-plugin","java","maven-plugin","modularization"],"latest_commit_sha":null,"homepage":"","language":"Java","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/obecker.png","metadata":{"files":{"readme":"README.md","changelog":"CHANGELOG.md","contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":null,"dco":null,"cla":null}},"created_at":"2019-10-04T16:50:22.000Z","updated_at":"2025-09-19T07:31:00.000Z","dependencies_parsed_at":"2024-02-05T09:24:37.750Z","dependency_job_id":"697790e2-8f11-4cfb-8e10-bbebafa02385","html_url":"https://github.com/obecker/decycle","commit_stats":null,"previous_names":[],"tags_count":18,"template":false,"template_full_name":null,"purl":"pkg:github/obecker/decycle","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/obecker%2Fdecycle","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/obecker%2Fdecycle/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/obecker%2Fdecycle/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/obecker%2Fdecycle/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/obecker","download_url":"https://codeload.github.com/obecker/decycle/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/obecker%2Fdecycle/sbom","scorecard":{"id":112632,"data":{"date":"2025-08-04","repo":{"name":"github.com/obecker/decycle","commit":"3eba45b585a5d1749bd532e762432b734e8f4906"},"scorecard":{"version":"v5.2.1-28-gc1d103a9","commit":"c1d103a9bb9f635ec7260bf9aa0699466fa4be0e"},"score":4.2,"checks":[{"name":"Dangerous-Workflow","score":10,"reason":"no dangerous workflow patterns detected","details":null,"documentation":{"short":"Determines if the project's GitHub Action workflows avoid dangerous patterns.","url":"https://github.com/ossf/scorecard/blob/c1d103a9bb9f635ec7260bf9aa0699466fa4be0e/docs/checks.md#dangerous-workflow"}},{"name":"Code-Review","score":0,"reason":"Found 0/6 approved changesets -- score normalized to 0","details":null,"documentation":{"short":"Determines if the project requires human code review before pull requests (aka merge requests) are merged.","url":"https://github.com/ossf/scorecard/blob/c1d103a9bb9f635ec7260bf9aa0699466fa4be0e/docs/checks.md#code-review"}},{"name":"Maintained","score":9,"reason":"10 commit(s) and 1 issue activity found in the last 90 days -- score normalized to 9","details":null,"documentation":{"short":"Determines if the project is \"actively maintained\".","url":"https://github.com/ossf/scorecard/blob/c1d103a9bb9f635ec7260bf9aa0699466fa4be0e/docs/checks.md#maintained"}},{"name":"Packaging","score":-1,"reason":"packaging workflow not detected","details":["Warn: no GitHub/GitLab publishing workflow detected."],"documentation":{"short":"Determines if the project is published as a package that others can easily download, install, easily update, and uninstall.","url":"https://github.com/ossf/scorecard/blob/c1d103a9bb9f635ec7260bf9aa0699466fa4be0e/docs/checks.md#packaging"}},{"name":"Token-Permissions","score":0,"reason":"detected GitHub workflow tokens with excessive permissions","details":["Info: topLevel 'contents' permission set to 'read': .github/workflows/dependency-review.yml:6","Warn: no topLevel permission defined: .github/workflows/gradle.yml:1","Info: no jobLevel write permissions found"],"documentation":{"short":"Determines if the project's workflows follow the principle of least privilege.","url":"https://github.com/ossf/scorecard/blob/c1d103a9bb9f635ec7260bf9aa0699466fa4be0e/docs/checks.md#token-permissions"}},{"name":"Binary-Artifacts","score":5,"reason":"binaries present in source code","details":["Warn: binary detected: compatibility-test/gradle-5.6/gradle/wrapper/gradle-wrapper.jar:1","Warn: binary detected: compatibility-test/gradle-8-java-17/gradle/wrapper/gradle-wrapper.jar:1","Warn: binary detected: compatibility-test/issue-16/gradle/wrapper/gradle-wrapper.jar:1","Warn: binary detected: compatibility-test/maven-3.3.1/.mvn/wrapper/maven-wrapper.jar:1","Warn: binary detected: gradle/wrapper/gradle-wrapper.jar:1"],"documentation":{"short":"Determines if the project has generated executable (binary) artifacts in the source repository.","url":"https://github.com/ossf/scorecard/blob/c1d103a9bb9f635ec7260bf9aa0699466fa4be0e/docs/checks.md#binary-artifacts"}},{"name":"CII-Best-Practices","score":0,"reason":"no effort to earn an OpenSSF best practices badge detected","details":null,"documentation":{"short":"Determines if the project has an OpenSSF (formerly CII) Best Practices Badge.","url":"https://github.com/ossf/scorecard/blob/c1d103a9bb9f635ec7260bf9aa0699466fa4be0e/docs/checks.md#cii-best-practices"}},{"name":"Pinned-Dependencies","score":0,"reason":"dependency not pinned by hash detected -- score normalized to 0","details":["Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/dependency-review.yml:13: update your workflow using https://app.stepsecurity.io/secureworkflow/obecker/decycle/dependency-review.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/dependency-review.yml:15: update your workflow using https://app.stepsecurity.io/secureworkflow/obecker/decycle/dependency-review.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/gradle.yml:20: update your workflow using https://app.stepsecurity.io/secureworkflow/obecker/decycle/gradle.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/gradle.yml:22: update your workflow using https://app.stepsecurity.io/secureworkflow/obecker/decycle/gradle.yml/master?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/gradle.yml:27: update your workflow using https://app.stepsecurity.io/secureworkflow/obecker/decycle/gradle.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/gradle.yml:33: update your workflow using https://app.stepsecurity.io/secureworkflow/obecker/decycle/gradle.yml/master?enable=pin","Info:   0 out of   5 GitHub-owned GitHubAction dependencies pinned","Info:   0 out of   1 third-party GitHubAction dependencies pinned"],"documentation":{"short":"Determines if the project has declared and pinned the dependencies of its build process.","url":"https://github.com/ossf/scorecard/blob/c1d103a9bb9f635ec7260bf9aa0699466fa4be0e/docs/checks.md#pinned-dependencies"}},{"name":"Security-Policy","score":0,"reason":"security policy file not detected","details":["Warn: no security policy file detected","Warn: no security file to analyze","Warn: no security file to analyze","Warn: no security file to analyze"],"documentation":{"short":"Determines if the project has published a security policy.","url":"https://github.com/ossf/scorecard/blob/c1d103a9bb9f635ec7260bf9aa0699466fa4be0e/docs/checks.md#security-policy"}},{"name":"Vulnerabilities","score":10,"reason":"0 existing vulnerabilities detected","details":null,"documentation":{"short":"Determines if the project has open, known unfixed vulnerabilities.","url":"https://github.com/ossf/scorecard/blob/c1d103a9bb9f635ec7260bf9aa0699466fa4be0e/docs/checks.md#vulnerabilities"}},{"name":"Fuzzing","score":0,"reason":"project is not fuzzed","details":["Warn: no fuzzer integrations found"],"documentation":{"short":"Determines if the project uses fuzzing.","url":"https://github.com/ossf/scorecard/blob/c1d103a9bb9f635ec7260bf9aa0699466fa4be0e/docs/checks.md#fuzzing"}},{"name":"License","score":10,"reason":"license file detected","details":["Info: project has a license file: LICENSE:0","Info: FSF or OSI recognized license: Apache License 2.0: LICENSE:0"],"documentation":{"short":"Determines if the project has defined a license.","url":"https://github.com/ossf/scorecard/blob/c1d103a9bb9f635ec7260bf9aa0699466fa4be0e/docs/checks.md#license"}},{"name":"Signed-Releases","score":-1,"reason":"no releases found","details":null,"documentation":{"short":"Determines if the project cryptographically signs release artifacts.","url":"https://github.com/ossf/scorecard/blob/c1d103a9bb9f635ec7260bf9aa0699466fa4be0e/docs/checks.md#signed-releases"}},{"name":"Branch-Protection","score":-1,"reason":"internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration","details":null,"documentation":{"short":"Determines if the default and release branches are protected with GitHub's branch protection settings.","url":"https://github.com/ossf/scorecard/blob/c1d103a9bb9f635ec7260bf9aa0699466fa4be0e/docs/checks.md#branch-protection"}},{"name":"SAST","score":0,"reason":"SAST tool is not run on all commits -- score normalized to 0","details":["Warn: 0 commits out of 24 are checked with a SAST tool"],"documentation":{"short":"Determines if the project uses static code analysis.","url":"https://github.com/ossf/scorecard/blob/c1d103a9bb9f635ec7260bf9aa0699466fa4be0e/docs/checks.md#sast"}}]},"last_synced_at":"2025-08-15T13:28:27.840Z","repository_id":45080275,"created_at":"2025-08-15T13:28:27.840Z","updated_at":"2025-08-15T13:28:27.840Z"},"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":276191197,"owners_count":25600407,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","status":"online","status_checked_at":"2025-09-21T02:00:07.055Z","response_time":72,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["code-quality","gradle","gradle-plugin","java","maven-plugin","modularization"],"created_at":"2025-09-25T19:23:47.753Z","updated_at":"2025-09-25T19:23:49.509Z","avatar_url":"https://github.com/obecker.png","language":"Java","readme":"[![Release](https://img.shields.io/github/v/tag/obecker/decycle?label=Release)](CHANGELOG.md)\n[![Build](https://github.com/obecker/decycle/actions/workflows/gradle.yml/badge.svg)](https://github.com/obecker/decycle/actions/workflows/gradle.yml)\n[![License](https://img.shields.io/github/license/obecker/decycle?label=License)](https://github.com/obecker/decycle/blob/master/LICENSE)\n\n![Decycle](readme/images/logo.svg#gh-light-mode-only)\n![Decycle](readme/images/logo-dm.svg#gh-dark-mode-only)\n\nDecycle detects [circular dependencies](https://en.wikipedia.org/wiki/Circular_dependency) within packages or \n[slices](readme/slicings.md) in a Java (or JVM language) project.\nHaving Decycle as a guard in your project prevents cycles and will help keeping \nyour code base [clean](https://wiki.sei.cmu.edu/confluence/display/java/DCL60-J.+Avoid+cyclic+dependencies+between+packages) \nand [modular](https://www.infoq.com/articles/modular-java-what-is-it/).\n\nDecycle is based on the ideas of [Degraph](http://riy.github.io/degraph/index.html) that was created by \n[Jens Schauder](https://github.com/schauder).\n\nDecycle provides the following core features:\n\n* it works with a **minimal configuration** – using just the default settings will find cycles between\n  the packages of your project\n* it provides a **visualization** of the detected package (and slice) dependencies that helps to understand, which \n  classes are responsible for a certain dependency\n* it allows the definition of **custom slicings** and additional dependency constraints\n\nThe following example shows a package dependency graph created by Decycle. \nIt is cycle free (all dependency arcs are on the right side and go downwards).\nHovering over a package will display all incoming and outgoing dependencies.\nThe width of each arc corresponds to the number of the underlying class dependencies.\nHovering over a dependency arc will show these class dependencies.\n\nDependencies creating cycles would be displayed as arcs going upwards on the left side of the package blocks.\n\n\u003cimg src=\"https://user-images.githubusercontent.com/197628/148555788-0acb50d1-01b6-4bcb-8559-571c218baa0a.gif\" alt=\"Example report\" width=\"400\"\u003e\n\nDecycle requires Java 11 or above.\nThe recommended way of integrating Decycle is by using the [Gradle](plugin-gradle) or [Maven](plugin-maven) plugins. \n\n## Documentation\n\nThere are specific sections in the [Gradle](plugin-gradle/README.md#configuration) and\n[Maven](plugin-maven/README.md#configuration) plugin README files for configuring Decycle.\n\nMoreover, there are separate pages about [slicings](readme/slicings.md),\nthe [pattern syntax](readme/patterns.md) that is used heavily in the configuration,\nand the [limitations](readme/limitations.md) of Decycle. \n\n\n## Subprojects\n\n* [decycle-gradle-plugin](plugin-gradle) is a Gradle plugin that performs Decycle checks of the project sources within\n  a gradle build.\n* [decycle-maven-plugin](plugin-maven) is a Maven plugin that performs Decycle checks of the project sources within \n  the maven verify phase.\n* [decycle-lib](lib) is the core library used by both plugins that might also be used within other JVM projects, \n  however currently it is not recommended doing so as the API is not stable yet.\n\n## Building\n\nCompile and test the Decycle project\n\n\u003cpre\u003e\ngradlew build\n\u003c/pre\u003e\n\nPublish local versions of the current build to maven local\n\n\u003cpre\u003e\ngradlew publishToMavenLocal\n\u003c/pre\u003e\n","funding_links":[],"categories":[],"sub_categories":[],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fobecker%2Fdecycle","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fobecker%2Fdecycle","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fobecker%2Fdecycle/lists"}