{"id":13746773,"url":"https://github.com/onflow/flow-go","last_synced_at":"2026-02-25T06:17:07.322Z","repository":{"id":36967604,"uuid":"297778512","full_name":"onflow/flow-go","owner":"onflow","description":"A fast, secure, and developer-friendly blockchain built to support the next generation of games, apps, and the digital assets that power them.","archived":false,"fork":false,"pushed_at":"2026-01-22T22:09:24.000Z","size":567255,"stargazers_count":559,"open_issues_count":317,"forks_count":201,"subscribers_count":52,"default_branch":"master","last_synced_at":"2026-01-23T04:23:53.765Z","etag":null,"topics":["blockchain","flow","go","golang","onflow"],"latest_commit_sha":null,"homepage":"","language":"Go","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"agpl-3.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/onflow.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":"CONTRIBUTING.md","funding":null,"license":"LICENSE.txt","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":"CODEOWNERS","security":"SECURITY.md","support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":"NOTICE","maintainers":null,"copyright":null,"agents":"AGENTS.md","dco":null,"cla":null}},"created_at":"2020-09-22T21:39:12.000Z","updated_at":"2026-01-22T15:40:50.000Z","dependencies_parsed_at":"2023-09-22T18:29:50.065Z","dependency_job_id":"f9ef868b-62fd-4d65-9241-a7f8bbe42278","html_url":"https://github.com/onflow/flow-go","commit_stats":{"total_commits":33557,"total_committers":116,"mean_commits":289.2844827586207,"dds":0.8874154423816193,"last_synced_commit":"941178d08f5bdb940f780d7abe3a7bffce4b27c1"},"previous_names":[],"tags_count":1035,"template":false,"template_full_name":null,"purl":"pkg:github/onflow/flow-go","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/onflow%2Fflow-go","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/onflow%2Fflow-go/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/onflow%2Fflow-go/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/onflow%2Fflow-go/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/onflow","download_url":"https://codeload.github.com/onflow/flow-go/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/onflow%2Fflow-go/sbom","scorecard":{"id":113172,"data":{"date":"2025-08-04","repo":{"name":"github.com/onflow/flow-go","commit":"73569b423c6e8589ffacea7ab488859c7a3c29c1"},"scorecard":{"version":"v5.2.1-28-gc1d103a9","commit":"c1d103a9bb9f635ec7260bf9aa0699466fa4be0e"},"score":6.2,"checks":[{"name":"Maintained","score":10,"reason":"30 commit(s) and 6 issue activity found in the last 90 days -- score normalized to 10","details":null,"documentation":{"short":"Determines if the project is \"actively maintained\".","url":"https://github.com/ossf/scorecard/blob/c1d103a9bb9f635ec7260bf9aa0699466fa4be0e/docs/checks.md#maintained"}},{"name":"Code-Review","score":10,"reason":"all changesets reviewed","details":null,"documentation":{"short":"Determines if the project requires human code review before pull requests (aka merge requests) are merged.","url":"https://github.com/ossf/scorecard/blob/c1d103a9bb9f635ec7260bf9aa0699466fa4be0e/docs/checks.md#code-review"}},{"name":"CII-Best-Practices","score":0,"reason":"no effort to earn an OpenSSF best practices badge detected","details":null,"documentation":{"short":"Determines if the project has an OpenSSF (formerly CII) Best Practices Badge.","url":"https://github.com/ossf/scorecard/blob/c1d103a9bb9f635ec7260bf9aa0699466fa4be0e/docs/checks.md#cii-best-practices"}},{"name":"Security-Policy","score":10,"reason":"security policy file detected","details":["Info: security policy file detected: SECURITY.md:1","Info: Found linked content: SECURITY.md:1","Info: Found disclosure, vulnerability, and/or timelines in security policy: SECURITY.md:1","Info: Found text in security policy: SECURITY.md:1"],"documentation":{"short":"Determines if the project has published a security policy.","url":"https://github.com/ossf/scorecard/blob/c1d103a9bb9f635ec7260bf9aa0699466fa4be0e/docs/checks.md#security-policy"}},{"name":"Dangerous-Workflow","score":10,"reason":"no dangerous workflow patterns detected","details":null,"documentation":{"short":"Determines if the project's GitHub Action workflows avoid dangerous patterns.","url":"https://github.com/ossf/scorecard/blob/c1d103a9bb9f635ec7260bf9aa0699466fa4be0e/docs/checks.md#dangerous-workflow"}},{"name":"Packaging","score":-1,"reason":"packaging workflow not detected","details":["Warn: no GitHub/GitLab publishing workflow detected."],"documentation":{"short":"Determines if the project is published as a package that others can easily download, install, easily update, and uninstall.","url":"https://github.com/ossf/scorecard/blob/c1d103a9bb9f635ec7260bf9aa0699466fa4be0e/docs/checks.md#packaging"}},{"name":"License","score":10,"reason":"license file detected","details":["Info: project has a license file: LICENSE.txt:0","Info: FSF or OSI recognized license: GNU Affero General Public License v3.0: LICENSE.txt:0"],"documentation":{"short":"Determines if the project has defined a license.","url":"https://github.com/ossf/scorecard/blob/c1d103a9bb9f635ec7260bf9aa0699466fa4be0e/docs/checks.md#license"}},{"name":"Token-Permissions","score":0,"reason":"detected GitHub workflow tokens with excessive permissions","details":["Warn: no topLevel permission defined: .github/workflows/ci.yml:1","Info: topLevel 'contents' permission set to 'read': .github/workflows/flaky-test-monitor.yml:13","Warn: no topLevel permission defined: .github/workflows/image_builds.yml:1","Warn: no topLevel permission defined: .github/workflows/release-drafter.yml:1","Warn: no topLevel permission defined: .github/workflows/semver-tags.yaml:1","Warn: no topLevel permission defined: .github/workflows/stale.yml:1","Warn: no topLevel permission defined: .github/workflows/tools.yml:1","Info: no jobLevel write permissions found"],"documentation":{"short":"Determines if the project's workflows follow the principle of least privilege.","url":"https://github.com/ossf/scorecard/blob/c1d103a9bb9f635ec7260bf9aa0699466fa4be0e/docs/checks.md#token-permissions"}},{"name":"Branch-Protection","score":-1,"reason":"internal error: error during GetBranch(v0.41): error during branchesHandler.query: internal error: githubv4.Query: Resource not accessible by integration","details":null,"documentation":{"short":"Determines if the default and release branches are protected with GitHub's branch protection settings.","url":"https://github.com/ossf/scorecard/blob/c1d103a9bb9f635ec7260bf9aa0699466fa4be0e/docs/checks.md#branch-protection"}},{"name":"Signed-Releases","score":-1,"reason":"no releases found","details":null,"documentation":{"short":"Determines if the project cryptographically signs release artifacts.","url":"https://github.com/ossf/scorecard/blob/c1d103a9bb9f635ec7260bf9aa0699466fa4be0e/docs/checks.md#signed-releases"}},{"name":"Binary-Artifacts","score":10,"reason":"no binaries found in the repo","details":null,"documentation":{"short":"Determines if the project has generated executable (binary) artifacts in the source repository.","url":"https://github.com/ossf/scorecard/blob/c1d103a9bb9f635ec7260bf9aa0699466fa4be0e/docs/checks.md#binary-artifacts"}},{"name":"Fuzzing","score":10,"reason":"project is fuzzed","details":["Info: GoBuiltInFuzzer integration found: fvm/fvm_fuzz_test.go:26"],"documentation":{"short":"Determines if the project uses fuzzing.","url":"https://github.com/ossf/scorecard/blob/c1d103a9bb9f635ec7260bf9aa0699466fa4be0e/docs/checks.md#fuzzing"}},{"name":"SAST","score":0,"reason":"SAST tool is not run on all commits -- score normalized to 0","details":["Warn: 0 commits out of 30 are checked with a SAST tool"],"documentation":{"short":"Determines if the project uses static code analysis.","url":"https://github.com/ossf/scorecard/blob/c1d103a9bb9f635ec7260bf9aa0699466fa4be0e/docs/checks.md#sast"}},{"name":"Pinned-Dependencies","score":0,"reason":"dependency not pinned by hash detected -- score normalized to 0","details":["Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:128: update your workflow using https://app.stepsecurity.io/secureworkflow/onflow/flow-go/ci.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:137: update your workflow using https://app.stepsecurity.io/secureworkflow/onflow/flow-go/ci.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:172: update your workflow using https://app.stepsecurity.io/secureworkflow/onflow/flow-go/ci.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:174: update your workflow using https://app.stepsecurity.io/secureworkflow/onflow/flow-go/ci.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:190: update your workflow using https://app.stepsecurity.io/secureworkflow/onflow/flow-go/ci.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:192: update your workflow using https://app.stepsecurity.io/secureworkflow/onflow/flow-go/ci.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:212: update your workflow using https://app.stepsecurity.io/secureworkflow/onflow/flow-go/ci.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:221: update your workflow using https://app.stepsecurity.io/secureworkflow/onflow/flow-go/ci.yml/master?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/ci.yml:229: update your workflow using https://app.stepsecurity.io/secureworkflow/onflow/flow-go/ci.yml/master?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/ci.yml:238: update your workflow using https://app.stepsecurity.io/secureworkflow/onflow/flow-go/ci.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:258: update your workflow using https://app.stepsecurity.io/secureworkflow/onflow/flow-go/ci.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:267: update your workflow using https://app.stepsecurity.io/secureworkflow/onflow/flow-go/ci.yml/master?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/ci.yml:275: update your workflow using https://app.stepsecurity.io/secureworkflow/onflow/flow-go/ci.yml/master?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/ci.yml:284: update your workflow using https://app.stepsecurity.io/secureworkflow/onflow/flow-go/ci.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:300: update your workflow using https://app.stepsecurity.io/secureworkflow/onflow/flow-go/ci.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:312: update your workflow using https://app.stepsecurity.io/secureworkflow/onflow/flow-go/ci.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:335: update your workflow using https://app.stepsecurity.io/secureworkflow/onflow/flow-go/ci.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:154: update your workflow using https://app.stepsecurity.io/secureworkflow/onflow/flow-go/ci.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:156: update your workflow using https://app.stepsecurity.io/secureworkflow/onflow/flow-go/ci.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:353: update your workflow using https://app.stepsecurity.io/secureworkflow/onflow/flow-go/ci.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:362: update your workflow using https://app.stepsecurity.io/secureworkflow/onflow/flow-go/ci.yml/master?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/ci.yml:370: update your workflow using https://app.stepsecurity.io/secureworkflow/onflow/flow-go/ci.yml/master?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/ci.yml:379: update your workflow using https://app.stepsecurity.io/secureworkflow/onflow/flow-go/ci.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:450: update your workflow using https://app.stepsecurity.io/secureworkflow/onflow/flow-go/ci.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:462: update your workflow using https://app.stepsecurity.io/secureworkflow/onflow/flow-go/ci.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:468: update your workflow using https://app.stepsecurity.io/secureworkflow/onflow/flow-go/ci.yml/master?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/ci.yml:479: update your workflow using https://app.stepsecurity.io/secureworkflow/onflow/flow-go/ci.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:34: update your workflow using https://app.stepsecurity.io/secureworkflow/onflow/flow-go/ci.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:36: update your workflow using https://app.stepsecurity.io/secureworkflow/onflow/flow-go/ci.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:42: update your workflow using https://app.stepsecurity.io/secureworkflow/onflow/flow-go/ci.yml/master?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/ci.yml:62: update your workflow using https://app.stepsecurity.io/secureworkflow/onflow/flow-go/ci.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:83: update your workflow using https://app.stepsecurity.io/secureworkflow/onflow/flow-go/ci.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:85: update your workflow using https://app.stepsecurity.io/secureworkflow/onflow/flow-go/ci.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:92: update your workflow using https://app.stepsecurity.io/secureworkflow/onflow/flow-go/ci.yml/master?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/ci.yml:117: update your workflow using https://app.stepsecurity.io/secureworkflow/onflow/flow-go/ci.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/flaky-test-monitor.yml:40: update your workflow using https://app.stepsecurity.io/secureworkflow/onflow/flow-go/flaky-test-monitor.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/flaky-test-monitor.yml:42: update your workflow using https://app.stepsecurity.io/secureworkflow/onflow/flow-go/flaky-test-monitor.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/flaky-test-monitor.yml:61: update your workflow using https://app.stepsecurity.io/secureworkflow/onflow/flow-go/flaky-test-monitor.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/flaky-test-monitor.yml:63: update your workflow using https://app.stepsecurity.io/secureworkflow/onflow/flow-go/flaky-test-monitor.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/flaky-test-monitor.yml:103: update your workflow using https://app.stepsecurity.io/secureworkflow/onflow/flow-go/flaky-test-monitor.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/flaky-test-monitor.yml:105: update your workflow using https://app.stepsecurity.io/secureworkflow/onflow/flow-go/flaky-test-monitor.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/flaky-test-monitor.yml:163: update your workflow using https://app.stepsecurity.io/secureworkflow/onflow/flow-go/flaky-test-monitor.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/flaky-test-monitor.yml:168: update your workflow using https://app.stepsecurity.io/secureworkflow/onflow/flow-go/flaky-test-monitor.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/image_builds.yml:155: update your workflow using https://app.stepsecurity.io/secureworkflow/onflow/flow-go/image_builds.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/image_builds.yml:187: update your workflow using https://app.stepsecurity.io/secureworkflow/onflow/flow-go/image_builds.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/image_builds.yml:77: update your workflow using https://app.stepsecurity.io/secureworkflow/onflow/flow-go/image_builds.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/image_builds.yml:82: update your workflow using https://app.stepsecurity.io/secureworkflow/onflow/flow-go/image_builds.yml/master?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/image_builds.yml:89: update your workflow using https://app.stepsecurity.io/secureworkflow/onflow/flow-go/image_builds.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/image_builds.yml:118: update your workflow using https://app.stepsecurity.io/secureworkflow/onflow/flow-go/image_builds.yml/master?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/image_builds.yml:125: update your workflow using https://app.stepsecurity.io/secureworkflow/onflow/flow-go/image_builds.yml/master?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/release-drafter.yml:12: update your workflow using https://app.stepsecurity.io/secureworkflow/onflow/flow-go/release-drafter.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/stale.yml:10: update your workflow using https://app.stepsecurity.io/secureworkflow/onflow/flow-go/stale.yml/master?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/tools.yml:27: update your workflow using https://app.stepsecurity.io/secureworkflow/onflow/flow-go/tools.yml/master?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/tools.yml:31: update your workflow using https://app.stepsecurity.io/secureworkflow/onflow/flow-go/tools.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/tools.yml:35: update your workflow using https://app.stepsecurity.io/secureworkflow/onflow/flow-go/tools.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/tools.yml:39: update your workflow using https://app.stepsecurity.io/secureworkflow/onflow/flow-go/tools.yml/master?enable=pin","Warn: containerImage not pinned by hash: cmd/Dockerfile:6","Warn: containerImage not pinned by hash: cmd/Dockerfile:12","Warn: containerImage not pinned by hash: cmd/Dockerfile:35","Warn: containerImage not pinned by hash: cmd/Dockerfile:61","Warn: containerImage not pinned by hash: cmd/Dockerfile:69","Warn: containerImage not pinned by hash: cmd/Dockerfile:88","Warn: containerImage not pinned by hash: cmd/Dockerfile:97","Warn: containerImage not pinned by hash: integration/benchmark/cmd/manual/Dockerfile:4","Warn: containerImage not pinned by hash: integration/benchmark/cmd/manual/Dockerfile:13","Warn: containerImage not pinned by hash: integration/benchmark/cmd/manual/Dockerfile:29","Warn: containerImage not pinned by hash: integration/benchmark/cmd/manual/Dockerfile:49","Warn: containerImage not pinned by hash: integration/localnet/client/Dockerfile:1: pin your Docker image by updating golang:1.23 to golang:1.23@sha256:8b9a1e34c73ab8a774613c6b66cd92c750d1eeaa72c914b551026156ca5a8c52","Warn: goCommand not pinned by hash: cmd/Dockerfile:90","Info:   0 out of  42 GitHub-owned GitHubAction dependencies pinned","Info:   0 out of  14 third-party GitHubAction dependencies pinned","Info:   0 out of  12 containerImage dependencies pinned","Info:   0 out of   1 goCommand dependencies pinned"],"documentation":{"short":"Determines if the project has declared and pinned the dependencies of its build process.","url":"https://github.com/ossf/scorecard/blob/c1d103a9bb9f635ec7260bf9aa0699466fa4be0e/docs/checks.md#pinned-dependencies"}},{"name":"Vulnerabilities","score":0,"reason":"22 existing vulnerabilities detected","details":["Warn: Project is vulnerable to: GO-2024-3321 / GHSA-v778-237x-gjrc","Warn: Project is vulnerable to: GO-2025-3487 / GHSA-hcg3-q754-cr77","Warn: Project is vulnerable to: GO-2024-2687 / GHSA-4v7x-pqxf-cx7m","Warn: Project is vulnerable to: GO-2024-3333","Warn: Project is vulnerable to: GO-2025-3503 / GHSA-qxp5-gwg8-xv66","Warn: Project is vulnerable to: GO-2025-3595 / GHSA-vvgc-356p-c3xw","Warn: Project is vulnerable to: GO-2023-2153 / GHSA-m425-mq94-257g / GHSA-qppj-fm5r-hxr3","Warn: Project is vulnerable to: GO-2024-2611 / GHSA-8r3f-844c-mc37","Warn: Project is vulnerable to: GO-2024-2819 / GHSA-4xc9-8hmq-j652","Warn: Project is vulnerable to: GO-2025-3485 / GHSA-c6gw-w398-hv78","Warn: Project is vulnerable to: GO-2024-3218","Warn: Project is vulnerable to: GO-2025-3748 / GHSA-f26w-gh5m-qq77","Warn: Project is vulnerable to: GO-2024-2453 / GHSA-9763-4f94-gfch","Warn: Project is vulnerable to: GO-2025-3754 / GHSA-2x5j-vhc8-9cwm","Warn: Project is vulnerable to: GHSA-jq35-85cj-fj4p","Warn: Project is vulnerable to: GO-2024-2512 / GHSA-xw73-rw38-6vjc","Warn: Project is vulnerable to: GO-2024-3005 / GHSA-v23v-6jw2-98fq","Warn: Project is vulnerable to: GHSA-4vq8-7jfc-9cvp","Warn: Project is vulnerable to: GO-2025-3367 / GHSA-r9px-m959-cxf4","Warn: Project is vulnerable to: GO-2025-3368 / GHSA-v725-9546-7q7m","Warn: Project is vulnerable to: GO-2021-0061 / GHSA-r88r-gmrh-7j83","Warn: Project is vulnerable to: GO-2020-0036 / GHSA-wxc4-f4m6-wwqv"],"documentation":{"short":"Determines if the project has open, known unfixed vulnerabilities.","url":"https://github.com/ossf/scorecard/blob/c1d103a9bb9f635ec7260bf9aa0699466fa4be0e/docs/checks.md#vulnerabilities"}}]},"last_synced_at":"2025-08-15T16:31:26.968Z","repository_id":36967604,"created_at":"2025-08-15T16:31:26.968Z","updated_at":"2025-08-15T16:31:26.968Z"},"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":28860664,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-01-28T22:56:21.783Z","status":"online","status_checked_at":"2026-01-29T02:00:06.714Z","response_time":59,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["blockchain","flow","go","golang","onflow"],"created_at":"2024-08-03T06:01:01.011Z","updated_at":"2026-01-29T02:02:47.331Z","avatar_url":"https://github.com/onflow.png","language":"Go","funding_links":[],"categories":["Networks / Blockchains","Others"],"sub_categories":[],"readme":"# Flow [![GoDoc](https://godoc.org/github.com/onflow/flow-go?status.svg)](https://godoc.org/github.com/onflow/flow-go)\n\nFlow is a fast, secure, and developer-friendly blockchain built to support the next generation of games, apps and the\ndigital assets that power them. Read more about it [here](https://github.com/onflow/flow).\n\n\u003c!-- START doctoc generated TOC please keep comment here to allow auto update --\u003e\n\u003c!-- DON'T EDIT THIS SECTION, INSTEAD RE-RUN doctoc TO UPDATE --\u003e\n\n## Table of Contents\n\n- [Getting started](#getting-started)\n- [Documentation](#documentation)\n- [Installation](#installation)\n    - [Clone Repository](#clone-repository)\n    - [Install Dependencies](#install-dependencies)\n- [Development Workflow](#development-workflow)\n    - [Testing](#testing)\n    - [Building](#building)\n    - [Local Network](#local-network)\n    - [Code Generation](#code-generation)\n\n\u003c!-- END doctoc generated TOC please keep comment here to allow auto update --\u003e\n\n## Getting started\n\n- To install all dependencies and tools, see the [project setup](#installation) guide\n- To dig into more documentation about Flow, see the [documentation](#documentation)\n- To learn how to contribute, see the [contributing guide](/CONTRIBUTING.md)\n- To see information on developing Flow, see the [development workflow](#development-workflow)\n\n## Documentation\n\nYou can find an overview of the Flow architecture on the [documentation website](https://www.flow.com/primer).\n\nDevelopment on Flow is divided into work streams. Each work stream has a home directory containing high-level\ndocumentation for the stream, as well as links to documentation for relevant components used by that work stream.\n\nThe following table lists all work streams and links to their home directory and documentation:\n\n| Work Stream        | Home directory                             |\n|--------------------|--------------------------------------------|\n| Access Node        | [/cmd/access](/cmd/access)                 |\n| Collection Node    | [/cmd/collection](/cmd/collection)         |\n| Consensus Node     | [/cmd/consensus](/cmd/consensus)           |\n| Execution Node     | [/cmd/execution](/cmd/execution)           |\n| Verification Node  | [/cmd/verification](/cmd/verification)     |\n| Observer Service   | [/cmd/observer](/cmd/observer)             |\n| HotStuff           | [/consensus/hotstuff](/consensus/hotstuff) |\n| Storage            | [/storage](/storage)                       |\n| Ledger             | [/ledger](/ledger)                         |\n| Networking         | [/network](/network/)                      |\n| Cryptography       | [/crypto](/crypto)                         |\n\n## Installation\n\n- Clone this repository\n- Install [Go](https://golang.org/doc/install) (Flow requires Go 1.25 and later)\n- Install [Docker](https://docs.docker.com/get-docker/), which is used for running a local network and integration tests\n- Make sure the [`GOPATH`](https://golang.org/cmd/go/#hdr-GOPATH_environment_variable) and `GOBIN` environment variables\n  are set, and `GOBIN` is added to your path:\n\n    ```bash\n    export GOPATH=$(go env GOPATH)\n    export GOBIN=$GOPATH/bin\n    export PATH=$PATH:$GOBIN\n    ```\n\n  Add these to your shell profile to persist them for future runs.\n- Then, run the following command:\n\n    ```bash\n    make install-tools\n    ```\n\nAt this point, you should be ready to build, test, and run Flow! 🎉\n\n## Development Workflow\n\n### Testing\n\nFlow has a unit test suite and an integration test suite. Unit tests for a module live within the module they are\ntesting. Integration tests live in `integration/tests`.\n\nRun the unit test suite:\n\n```bash\nmake test\n```\n\nRun the integration test suite:\n\n```bash\nmake integration-test\n```\n\n### Building\n\nThe recommended way to build and run Flow for local development is using Docker.\n\nBuild a Docker image for all nodes:\n\n```bash\nmake docker-native-build-flow\n```\n\nBuild a Docker image for a particular node role (replace `$ROLE` with `collection`, `consensus`, etc.):\n\n```bash\nmake docker-native-build-$ROLE\n```\n\n#### Building a binary for the access node\n\nBuild the binary for an access node that can be run directly on the machine without using Docker.\n\n```bash\nmake docker-native-build-access-binary\n```\n_this builds a binary for Linux/x86_64 machine_.\n\nThe make command will generate a binary called `flow_access_node`\n\n### Importing the module\n\nWhen importing the `github.com/onflow/flow-go` module in your Go project, testing or building your project may require setting extra Go flags because the module requires [cgo](https://pkg.go.dev/cmd/cgo). In particular, `CGO_ENABLED` must be set to `1` if `cgo` isn't enabled by default. This constraint comes from the underlying cryptography library. Refer to the [crypto repository build](https://github.com/onflow/crypto?tab=readme-ov-file#build) for more details.\n\n### Local Network\n\nA local version of the network can be run for manual testing and integration. See\nthe [Local Network Guide](/integration/localnet/README.md) for instructions.\n\n### Code Generation\n\nGenerated code is kept up to date in the repository, so should be committed whenever it changes.\n\nRun all code generators:\n\n```bash\nmake generate\n```\n\nGenerate protobuf stubs:\n\n```bash\nmake generate-proto\n```\n\nGenerate OpenAPI schema models:\n\n```bash\nmake generate-openapi\n```\n\nGenerate mocks used for unit tests:\n\n```bash\nmake generate-mocks\n```\n\n### Mocks\n\nWe use `github.com/vektra/mockery` for mocking interfaces within tests. The configuration is in `.mockery.yaml`.\n\n#### Adding and updating packages\n\nYou can add new packages by their fully qualified name. e.g.\n```\ngithub.com/onflow/flow-go/module/execution:\n```\n\nThis will add all interfaces within the `module/execution/` (non-recursive).\n\n#### Mocking functions\n\nMockery dropped support for generating function mocks. Instead, you can use this pattern:\n\n1. Create a `mock_interfaces` directory in the package where the function mock exists.\n2. Add a file that mocks the function. for example, this mocks the `StateMachineEventsTelemetryFactory(candidateView uint64) protocol_state.StateMachineTelemetryConsumer\n```golang\npackage mockinterfaces\n\nimport \"github.com/onflow/flow-go/state/protocol/protocol_state\"\n\n// ExecForkActor allows to create a mock for the ExecForkActor callback\ntype StateMachineEventsTelemetryFactory interface {\n\tExecute(candidateView uint64) protocol_state.StateMachineTelemetryConsumer\n}\n```\n3. Add the package to `.mockery.yaml`. Note: specify the directory where you want the mock to be placed.\n```\n  github.com/onflow/flow-go/state/protocol/protocol_state/mock_interfaces:\n    config:\n      dir: \"state/protocol/protocol_state/mock\"\n```\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fonflow%2Fflow-go","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fonflow%2Fflow-go","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fonflow%2Fflow-go/lists"}