{"id":18637335,"url":"https://github.com/openshift/machine-config-operator","last_synced_at":"2025-10-17T15:47:52.043Z","repository":{"id":37539366,"uuid":"142336347","full_name":"openshift/machine-config-operator","owner":"openshift","description":null,"archived":false,"fork":false,"pushed_at":"2025-10-16T02:50:24.000Z","size":88670,"stargazers_count":256,"open_issues_count":85,"forks_count":449,"subscribers_count":23,"default_branch":"main","last_synced_at":"2025-10-16T18:52:14.311Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":null,"language":"Go","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/openshift.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":null,"dco":null,"cla":null}},"created_at":"2018-07-25T18:04:26.000Z","updated_at":"2025-10-15T17:24:39.000Z","dependencies_parsed_at":"2023-11-27T10:33:51.429Z","dependency_job_id":"f9cbab79-e0ae-4852-96f7-059405ccdac7","html_url":"https://github.com/openshift/machine-config-operator","commit_stats":{"total_commits":2765,"total_committers":205,"mean_commits":"13.487804878048781","dds":0.8701627486437613,"last_synced_commit":"67faae41bae92de126236ab818240bcaf105547a"},"previous_names":[],"tags_count":1070,"template":false,"template_full_name":null,"purl":"pkg:github/openshift/machine-config-operator","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/openshift%2Fmachine-config-operator","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/openshift%2Fmachine-config-operator/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/openshift%2Fmachine-config-operator/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/openshift%2Fmachine-config-operator/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/openshift","download_url":"https://codeload.github.com/openshift/machine-config-operator/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/openshift%2Fmachine-config-operator/sbom","scorecard":{"id":601046,"data":{"date":"2025-08-11","repo":{"name":"github.com/openshift/machine-config-operator","commit":"03a3677b298e05ba870cdf0f26f4db16f80e64ae"},"scorecard":{"version":"v5.2.1-40-gf6ed084d","commit":"f6ed084d17c9236477efd66e5b258b9d4cc7b389"},"score":6.1,"checks":[{"name":"Code-Review","score":10,"reason":"all changesets reviewed","details":null,"documentation":{"short":"Determines if the project requires human code review before pull requests (aka merge requests) are merged.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#code-review"}},{"name":"Packaging","score":-1,"reason":"packaging workflow not detected","details":["Warn: no GitHub/GitLab publishing workflow detected."],"documentation":{"short":"Determines if the project is published as a package that others can easily download, install, easily update, and uninstall.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#packaging"}},{"name":"CII-Best-Practices","score":0,"reason":"no effort to earn an OpenSSF best practices badge detected","details":null,"documentation":{"short":"Determines if the project has an OpenSSF (formerly CII) Best Practices Badge.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#cii-best-practices"}},{"name":"License","score":10,"reason":"license file detected","details":["Info: project has a license file: LICENSE:0","Info: FSF or OSI recognized license: Apache License 2.0: LICENSE:0"],"documentation":{"short":"Determines if the project has defined a license.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#license"}},{"name":"Maintained","score":10,"reason":"30 commit(s) and 1 issue activity found in the last 90 days -- score normalized to 10","details":null,"documentation":{"short":"Determines if the project is \"actively maintained\".","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#maintained"}},{"name":"Token-Permissions","score":-1,"reason":"No tokens found","details":null,"documentation":{"short":"Determines if the project's workflows follow the principle of least privilege.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#token-permissions"}},{"name":"Branch-Protection","score":-1,"reason":"internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration","details":null,"documentation":{"short":"Determines if the default and release branches are protected with GitHub's branch protection settings.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#branch-protection"}},{"name":"Signed-Releases","score":-1,"reason":"no releases found","details":null,"documentation":{"short":"Determines if the project cryptographically signs release artifacts.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#signed-releases"}},{"name":"Dangerous-Workflow","score":-1,"reason":"no workflows found","details":null,"documentation":{"short":"Determines if the project's GitHub Action workflows avoid dangerous patterns.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#dangerous-workflow"}},{"name":"Security-Policy","score":10,"reason":"security policy file detected","details":["Info: security policy file detected: github.com/openshift/.github/SECURITY.md:1","Info: Found linked content: github.com/openshift/.github/SECURITY.md:1","Info: Found disclosure, vulnerability, and/or timelines in security policy: github.com/openshift/.github/SECURITY.md:1","Info: Found text in security policy: github.com/openshift/.github/SECURITY.md:1"],"documentation":{"short":"Determines if the project has published a security policy.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#security-policy"}},{"name":"Fuzzing","score":0,"reason":"project is not fuzzed","details":["Warn: no fuzzer integrations found"],"documentation":{"short":"Determines if the project uses fuzzing.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#fuzzing"}},{"name":"SAST","score":0,"reason":"SAST tool is not run on all commits -- score normalized to 0","details":["Warn: 0 commits out of 30 are checked with a SAST tool"],"documentation":{"short":"Determines if the project uses static code analysis.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#sast"}},{"name":"Binary-Artifacts","score":10,"reason":"no binaries found in the repo","details":null,"documentation":{"short":"Determines if the project has generated executable (binary) artifacts in the source repository.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#binary-artifacts"}},{"name":"Vulnerabilities","score":5,"reason":"5 existing vulnerabilities detected","details":["Warn: Project is vulnerable to: GO-2022-0635","Warn: Project is vulnerable to: GO-2022-0646","Warn: Project is vulnerable to: GO-2022-0451 / GHSA-hj57-j5cw-2mwp","Warn: Project is vulnerable to: GO-2025-3787 / GHSA-fv92-fjc5-jj9h","Warn: Project is vulnerable to: GO-2023-2113 / GHSA-rcjv-mgp8-qvmr"],"documentation":{"short":"Determines if the project has open, known unfixed vulnerabilities.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#vulnerabilities"}},{"name":"Pinned-Dependencies","score":0,"reason":"dependency not pinned by hash detected -- score normalized to 0","details":["Warn: containerImage not pinned by hash: Dockerfile:2","Warn: containerImage not pinned by hash: Dockerfile:15","Warn: containerImage not pinned by hash: Dockerfile:26","Warn: containerImage not pinned by hash: Dockerfile.rhel7:3","Warn: containerImage not pinned by hash: Dockerfile.rhel7:16","Warn: containerImage not pinned by hash: Dockerfile.rhel7:27","Warn: goCommand not pinned by hash: vendor/github.com/json-iterator/go/build.sh:10","Info:   0 out of   1 goCommand dependencies pinned","Info:   0 out of   6 containerImage dependencies pinned"],"documentation":{"short":"Determines if the project has declared and pinned the dependencies of its build process.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#pinned-dependencies"}}]},"last_synced_at":"2025-08-21T00:25:45.471Z","repository_id":37539366,"created_at":"2025-08-21T00:25:45.472Z","updated_at":"2025-08-21T00:25:45.472Z"},"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":279370572,"owners_count":26157143,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","status":"online","status_checked_at":"2025-10-17T02:00:07.504Z","response_time":56,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2024-11-07T05:35:22.235Z","updated_at":"2025-10-17T15:47:47.036Z","avatar_url":"https://github.com/openshift.png","language":"Go","readme":"# machine-config-operator\n\nOpenShift 4 is an [operator-focused platform](https://blog.openshift.com/openshift-4-a-noops-platform/),\nand the Machine Config operator extends that to the operating system itself,\nmanaging updates and configuration changes to essentially everything between the kernel and kubelet.\n\nTo repeat for emphasis, this operator manages updates to systemd, cri-o/kubelet, kernel, NetworkManager,\netc.  It also offers a new `MachineConfig` CRD that can write configuration files onto the host.\n\nThe approach here is a \"fusion\" of code from the original CoreOS\nTectonic as well as some components of Red Hat Enterprise Linux Atomic Host,\nas well as some fundamentally new design.\n\nThe MCO (for short) interacts closely with\nboth [the installer](https://github.com/openshift/installer/) as well as Red Hat\nCoreOS. See also [the machine-api-operator](https://github.com/openshift/machine-api-operator)\nwhich handles provisioning of new machines - once the machine-api-operator\nprovisions a machine (with a \"pristine\" base Red Hat CoreOS), the MCO will take\ncare of configuring it.\n\nOne way to view the MCO is to treat the operating system itself as \"just another\nKubernetes component\" that you can inspect and manage with `oc`.\n\nThe MCO uses [CoreOS Ignition](https://github.com/coreos/ignition) as a configuration\nformat.  Operating system updates use [rpm-ostree](http://github.com/projectatomic/rpm-ostree), with ostree updates encapsulated inside a container image.  More information in [OSUpgrades.md](/docs/OSUpgrades.md).\n\nAs of release 4.12, you can try out [OCP CoreOS Layering](/docs/UsingLayering.md) which lets you use more familiar \"Containerfile\" (Dockerfile) syntax to apply configuration to your pools.\n\n# Sub-components and design\n\nThis one git repository generates 4 components in a cluster; the `machine-config-operator`\npod manages the remaining 3 sub-components.  Here are links to design docs:\n\n - [machine-config-server](/docs/MachineConfigServer.md)\n - [machine-config-controller](/docs/MachineConfigController.md)\n - [machine-config-daemon](/docs/MachineConfigDaemon.md)\n\n# Interacting with the MCO\n\nBecause the MCO is a cluster-level operator, you can inspect its status\njust like any other operator that is part of the release image.  If it's reporting success, then that\nmeans that the operating system is up to date and configured.\n\n`oc describe clusteroperator/machine-config`\n\nOne level down from the operator CRD, the `machineconfigpool` objects\ntrack updates to a group of nodes.  You will often want to run a command\nlike this:\n\n`oc describe machineconfigpool`\n\nParticularly note the `Updated` and `Updating` columns.\n\n# Applying configuration changes to the cluster\n\nThe MCO has \"high level\" knobs for some components of the cluster state; for\nexample, SSH keys and kubelet configuration. However, there are obviously a\nquite large number of things one may want to configure on a system. For example,\noffline environments may want to specify an internal NTP pool. Another example\nis static network configuration. By providing a MachineConfig object\ncontaining [Ignition configuration](https://github.com/coreos/ignition),\nsystemd units can be provided, arbitrary files can be laid down into writable\nlocations (i.e. `/etc` and `/var`).\n\nSee the [OCP product documentation](https://docs.openshift.com/container-platform/4.10/post_installation_configuration/machine-configuration-tasks.html)\nfor more information.\n\n# What to look at after creating a MachineConfig\n\nOnce you create a MachineConfig fragment like the above, the controller will generate a new \"rendered\" version that will be used as a target.\nFor more information, see [MachineConfig](/docs/MachineConfig.md).\n\nIn particular, you should look at `oc describe machineconfigpool` and `oc describe clusteroperator/machine-config` as noted above.\n\n# More information about OS updates\n\nThe model implemented by the MCO is that the cluster controls the operating system.  OS updates are just another entry in the release image.  For more information, see [OSUpgrades.md](/docs/OSUpgrades.md).\n\n# Developing the MCO\n\nSee [HACKING.md](/docs/HACKING.md).\n\n# Frequently Asked Questions\n\nSee [FAQ.md](/docs/FAQ.md).\n\n# Security Response\n\nIf you've found a security issue that you'd like to disclose confidentially\nplease contact Red Hat's Product Security team. Details at\nhttps://access.redhat.com/security/team/contact\n","funding_links":[],"categories":[],"sub_categories":[],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fopenshift%2Fmachine-config-operator","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fopenshift%2Fmachine-config-operator","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fopenshift%2Fmachine-config-operator/lists"}