{"id":13593293,"url":"https://github.com/openzipkin/brave","last_synced_at":"2026-04-24T03:10:12.755Z","repository":{"id":7898914,"uuid":"9278888","full_name":"openzipkin/brave","owner":"openzipkin","description":"Java distributed tracing implementation compatible with Zipkin backend services.","archived":false,"fork":false,"pushed_at":"2026-03-25T19:20:55.000Z","size":32391,"stargazers_count":2403,"open_issues_count":119,"forks_count":714,"subscribers_count":122,"default_branch":"master","last_synced_at":"2026-04-13T17:17:19.367Z","etag":null,"topics":["distributed-tracing","instrumentation","java","openzipkin","tracing","zipkin","zipkin-brave"],"latest_commit_sha":null,"homepage":"","language":"Java","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/openzipkin.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":".github/CONTRIBUTING.md","funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":"SECURITY.md","support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":"NOTICE","maintainers":null,"copyright":null,"agents":null,"dco":null,"cla":null}},"created_at":"2013-04-07T15:48:18.000Z","updated_at":"2026-04-02T08:30:58.000Z","dependencies_parsed_at":"2023-12-15T11:26:11.176Z","dependency_job_id":"5e4b67bf-4a67-4a24-909e-47073a1046d2","html_url":"https://github.com/openzipkin/brave","commit_stats":{"total_commits":1788,"total_committers":134,"mean_commits":"13.343283582089553","dds":0.7539149888143177,"last_synced_commit":"84b695c7b0d16b7dedf7c6e247b547b125729d73"},"previous_names":["kristofa/brave"],"tags_count":204,"template":false,"template_full_name":null,"purl":"pkg:github/openzipkin/brave","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/openzipkin%2Fbrave","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/openzipkin%2Fbrave/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/openzipkin%2Fbrave/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/openzipkin%2Fbrave/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/openzipkin","download_url":"https://codeload.github.com/openzipkin/brave/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/openzipkin%2Fbrave/sbom","scorecard":{"id":710851,"data":{"date":"2025-08-11","repo":{"name":"github.com/openzipkin/brave","commit":"6eb165143230762898905f90512e81d9740b842e"},"scorecard":{"version":"v5.2.1-40-gf6ed084d","commit":"f6ed084d17c9236477efd66e5b258b9d4cc7b389"},"score":5.4,"checks":[{"name":"Maintained","score":4,"reason":"4 commit(s) and 1 issue activity found in the last 90 days -- score normalized to 4","details":null,"documentation":{"short":"Determines if the project is \"actively maintained\".","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#maintained"}},{"name":"Security-Policy","score":9,"reason":"security policy file detected","details":["Info: security policy file detected: SECURITY.md:1","Info: Found linked content: SECURITY.md:1","Warn: One or no descriptive hints of disclosure, vulnerability, and/or timelines in security policy","Info: Found text in security policy: SECURITY.md:1"],"documentation":{"short":"Determines if the project has published a security policy.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#security-policy"}},{"name":"Code-Review","score":7,"reason":"Found 22/30 approved changesets -- score normalized to 7","details":null,"documentation":{"short":"Determines if the project requires human code review before pull requests (aka merge requests) are merged.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#code-review"}},{"name":"Token-Permissions","score":0,"reason":"detected GitHub workflow tokens with excessive permissions","details":["Warn: no topLevel permission defined: .github/workflows/create_release.yml:1","Warn: no topLevel permission defined: .github/workflows/deploy.yml:1","Warn: no topLevel permission defined: .github/workflows/security.yml:1","Warn: no topLevel permission defined: .github/workflows/test.yml:1","Info: no jobLevel write permissions found"],"documentation":{"short":"Determines if the project's workflows follow the principle of least privilege.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#token-permissions"}},{"name":"CII-Best-Practices","score":0,"reason":"no effort to earn an OpenSSF best practices badge detected","details":null,"documentation":{"short":"Determines if the project has an OpenSSF (formerly CII) Best Practices Badge.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#cii-best-practices"}},{"name":"License","score":10,"reason":"license file detected","details":["Info: project has a license file: LICENSE:0","Info: FSF or OSI recognized license: Apache License 2.0: LICENSE:0"],"documentation":{"short":"Determines if the project has defined a license.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#license"}},{"name":"Dangerous-Workflow","score":10,"reason":"no dangerous workflow patterns detected","details":null,"documentation":{"short":"Determines if the project's GitHub Action workflows avoid dangerous patterns.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#dangerous-workflow"}},{"name":"Packaging","score":-1,"reason":"packaging workflow not detected","details":["Warn: no GitHub/GitLab publishing workflow detected."],"documentation":{"short":"Determines if the project is published as a package that others can easily download, install, easily update, and uninstall.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#packaging"}},{"name":"Binary-Artifacts","score":9,"reason":"binaries present in source code","details":["Warn: binary detected: .mvn/wrapper/maven-wrapper.jar:1"],"documentation":{"short":"Determines if the project has generated executable (binary) artifacts in the source repository.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#binary-artifacts"}},{"name":"Branch-Protection","score":-1,"reason":"internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration","details":null,"documentation":{"short":"Determines if the default and release branches are protected with GitHub's branch protection settings.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#branch-protection"}},{"name":"Fuzzing","score":0,"reason":"project is not fuzzed","details":["Warn: no fuzzer integrations found"],"documentation":{"short":"Determines if the project uses fuzzing.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#fuzzing"}},{"name":"Signed-Releases","score":-1,"reason":"no releases found","details":null,"documentation":{"short":"Determines if the project cryptographically signs release artifacts.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#signed-releases"}},{"name":"Pinned-Dependencies","score":0,"reason":"dependency not pinned by hash detected -- score normalized to 0","details":["Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/create_release.yml:17: update your workflow using https://app.stepsecurity.io/secureworkflow/openzipkin/brave/create_release.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/create_release.yml:23: update your workflow using https://app.stepsecurity.io/secureworkflow/openzipkin/brave/create_release.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/create_release.yml:28: update your workflow using https://app.stepsecurity.io/secureworkflow/openzipkin/brave/create_release.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/deploy.yml:30: update your workflow using https://app.stepsecurity.io/secureworkflow/openzipkin/brave/deploy.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/deploy.yml:37: update your workflow using https://app.stepsecurity.io/secureworkflow/openzipkin/brave/deploy.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/deploy.yml:42: update your workflow using https://app.stepsecurity.io/secureworkflow/openzipkin/brave/deploy.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/security.yml:31: update your workflow using https://app.stepsecurity.io/secureworkflow/openzipkin/brave/security.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/security.yml:32: update your workflow using https://app.stepsecurity.io/secureworkflow/openzipkin/brave/security.yml/master?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/security.yml:39: update your workflow using https://app.stepsecurity.io/secureworkflow/openzipkin/brave/security.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test.yml:24: update your workflow using https://app.stepsecurity.io/secureworkflow/openzipkin/brave/test.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test.yml:26: update your workflow using https://app.stepsecurity.io/secureworkflow/openzipkin/brave/test.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test.yml:31: update your workflow using https://app.stepsecurity.io/secureworkflow/openzipkin/brave/test.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test.yml:52: update your workflow using https://app.stepsecurity.io/secureworkflow/openzipkin/brave/test.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test.yml:54: update your workflow using https://app.stepsecurity.io/secureworkflow/openzipkin/brave/test.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test.yml:59: update your workflow using https://app.stepsecurity.io/secureworkflow/openzipkin/brave/test.yml/master?enable=pin","Info:   0 out of  14 GitHub-owned GitHubAction dependencies pinned","Info:   0 out of   1 third-party GitHubAction dependencies pinned"],"documentation":{"short":"Determines if the project has declared and pinned the dependencies of its build process.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#pinned-dependencies"}},{"name":"SAST","score":0,"reason":"SAST tool is not run on all commits -- score normalized to 0","details":["Warn: 0 commits out of 22 are checked with a SAST tool"],"documentation":{"short":"Determines if the project uses static code analysis.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#sast"}},{"name":"Vulnerabilities","score":10,"reason":"0 existing vulnerabilities detected","details":null,"documentation":{"short":"Determines if the project has open, known unfixed vulnerabilities.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#vulnerabilities"}}]},"last_synced_at":"2025-08-22T08:10:38.427Z","repository_id":7898914,"created_at":"2025-08-22T08:10:38.428Z","updated_at":"2025-08-22T08:10:38.428Z"},"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":32207242,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-04-24T01:12:49.758Z","status":"online","status_checked_at":"2026-04-24T02:00:07.115Z","response_time":64,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["distributed-tracing","instrumentation","java","openzipkin","tracing","zipkin","zipkin-brave"],"created_at":"2024-08-01T16:01:18.847Z","updated_at":"2026-04-24T03:10:11.548Z","avatar_url":"https://github.com/openzipkin.png","language":"Java","funding_links":[],"categories":["Java","Tracing","分布式跟踪"],"sub_categories":["Client-side"],"readme":"[![Gitter chat](http://img.shields.io/badge/gitter-join%20chat%20%E2%86%92-brightgreen.svg)](https://gitter.im/openzipkin/zipkin)\n[![Build Status](https://github.com/openzipkin/brave/workflows/test/badge.svg)](https://github.com/openzipkin/brave/actions?query=workflow%3Atest)\n[![Maven Central](https://img.shields.io/maven-central/v/io.zipkin.brave/brave.svg)](https://search.maven.org/search?q=g:io.zipkin.brave%20AND%20a:brave)\n\n# Brave\n\nBrave is a distributed tracing instrumentation library. Brave typically\nintercepts production requests to gather timing data, correlate and\npropagate trace contexts. While typically trace data is sent to\n[Zipkin server](https://github.com/openzipkin/zipkin/tree/master/zipkin-server),\nthird-party plugins are available to send to alternate services such as\n[Amazon X-Ray](https://github.com/openzipkin/zipkin-aws/tree/master/storage/xray-udp).\n\nThis repository includes dependency-free Java libraries and\ninstrumentation for common components used in production services. For\nexample, this includes trace filters for Servlet and log correlation for\nApache Log4J.\n\nYou can look at our [example project](https://github.com/openzipkin/brave-webmvc-example)\nfor how to trace a simple web application.\n\n## What's included\n\nBrave's dependency-free [tracer library](brave/) works against JRE6+.\nThis is the underlying api that instrumentation use to time operations\nand add tags that describe them. This library also includes code that\nparses `X-B3-TraceId` headers.\n\nMost users won't write tracing code directly. Rather, they reuse\ninstrumentation others have written. Check our\n[instrumentation](instrumentation/) and\n[Zipkin's list](https://zipkin.io/pages/tracers_instrumentation.html)\nbefore rolling your own. Common tracing libraries like Servlet\nand Spring already exist. Instrumentation written here are tested and\nbenchmarked.\n\nIf you are trying to trace legacy applications, you may be interested in\n[Spring XML Configuration](spring-beans/). This allows you to set up\ntracing without any custom code.\n\nYou may want to put trace IDs into your log files, or change thread local\nbehavior. Look at our [context libraries](context/), for integration with\ntools such as SLF4J.\n\n## Version Compatibility policy\nAll Brave libraries match the minimum Java version of what's being\ntraced or integrated with, and adds no 3rd party dependencies. The goal\nis to neither impact your projects' choices, nor subject your project\nto dependency decisions made by others.\n\nFor example, even including a basic reporting library,\n[zipkin-sender-urlconnection](https://github.com/openzipkin/zipkin-reporter-java),\nBrave transitively includes no json,\nlogging, protobuf or thrift dependency. This means zero concern if your\napplication chooses a specific version of SLF4J, Gson or Guava.\nMoreover, the entire dependency tree including basic reporting in json,\nthrift or protobuf is less than 512KiB of jars.\n\nThere is a floor Java version of 1.6, which allows older JREs and older\nAndroid runtimes, yet may limit some applications. For example, Servlet\n2.5 works with Java 1.5, but due to Brave being 1.6, you will not be\nable to trace Servlet 2.5 applications until you use at least JRE 1.6.\n\nAll integrations set their associated library to \"provided\" scope. This\nensures Brave doesn't interfere with the versions you choose.\n\nSome libraries update often which leads to api drift. In some cases, we\ntest versions ranges to reduce the impact of this. For example, we test\n[gRPC](instrumentation/grpc) and [Kafka](instrumentation/kafka-clients)\nagainst multiple library versions.\n\n## Artifacts\nAll artifacts publish to the group ID \"io.zipkin.brave\". We use a common\nrelease version for all components.\n\n### Library Releases\nSnapshots are uploaded to\n[Sonatype](https://oss.sonatype.org/content/repositories/releases) which\nsynchronizes with\n[Maven Central](http://search.maven.org/#search%7Cga%7C1%7Cg%3A%22io.zipkin.brave%22)\n\n### Library Snapshots\nSnapshots are uploaded to\n[Sonatype](https://oss.sonatype.org/content/repositories/snapshots) after\ncommits to master.\n\n### Version alignments\nWhen using multiple brave components, you'll want to align versions in\none place. This allows you to more safely upgrade, with less worry about\nconflicts.\n\nYou can use our Maven instrumentation BOM (Bill of Materials) for this:\n\nEx. in your dependencies section, import the BOM like this:\n```xml\n  \u003cdependencyManagement\u003e\n    \u003cdependencies\u003e\n      \u003cdependency\u003e\n        \u003cgroupId\u003eio.zipkin.brave\u003c/groupId\u003e\n        \u003cartifactId\u003ebrave-bom\u003c/artifactId\u003e\n        \u003cversion\u003e${brave.version}\u003c/version\u003e\n        \u003ctype\u003epom\u003c/type\u003e\n        \u003cscope\u003eimport\u003c/scope\u003e\n      \u003c/dependency\u003e\n    \u003c/dependencies\u003e\n  \u003c/dependencyManagement\u003e\n```\n\nNow, you can leave off the version when choosing any supported\ninstrumentation. Also, any indirect use will have versions aligned:\n```xml\n\u003cdependency\u003e\n  \u003cgroupId\u003eio.zipkin.brave\u003c/groupId\u003e\n  \u003cartifactId\u003ebrave-instrumentation-okhttp3\u003c/artifactId\u003e\n\u003c/dependency\u003e\n```\n\nWith the above in place, you can use the property `brave.version` to\noverride dependency versions coherently. This is most commonly to test a\nnew feature or fix.\n\nNote: If you override a version, always double check that your version\nis valid (equal to or later) than what you are updating. This will avoid\nclass conflicts.\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fopenzipkin%2Fbrave","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fopenzipkin%2Fbrave","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fopenzipkin%2Fbrave/lists"}