{"id":13459441,"url":"https://github.com/owncloud/core","last_synced_at":"2026-06-17T00:01:34.751Z","repository":{"id":4412982,"uuid":"5550552","full_name":"owncloud/core","owner":"owncloud","description":":cloud: ownCloud web server core (Files, DAV, etc.)","archived":false,"fork":false,"pushed_at":"2026-06-15T07:30:00.000Z","size":356494,"stargazers_count":8790,"open_issues_count":294,"forks_count":2063,"subscribers_count":434,"default_branch":"master","last_synced_at":"2026-06-15T09:15:42.710Z","etag":null,"topics":["enterprise","federated","file-sharing","file-sync","javascript","owncloud","php","platform","self-hosting","sharing"],"latest_commit_sha":null,"homepage":"https://owncloud.com","language":"PHP","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"agpl-3.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/owncloud.png","metadata":{"files":{"readme":"README.md","changelog":"CHANGELOG.md","contributing":".github/CONTRIBUTING.md","funding":null,"license":"COPYING","code_of_conduct":"CODE_OF_CONDUCT.md","threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":".github/SECURITY.md","support":"SUPPORT.md","governance":null,"roadmap":null,"authors":"AUTHORS","dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":"agents.md","dco":null,"cla":null}},"created_at":"2012-08-25T10:32:48.000Z","updated_at":"2026-06-15T07:28:14.000Z","dependencies_parsed_at":"2024-04-15T11:07:15.412Z","dependency_job_id":"627fbf7d-6d67-4ccb-826f-ea4b6dba28d2","html_url":"https://github.com/owncloud/core","commit_stats":{"total_commits":36325,"total_committers":650,"mean_commits":55.88461538461539,"dds":0.9117687543014453,"last_synced_commit":"0401d6aea19cc442409fa794c82f4d6c48243477"},"previous_names":[],"tags_count":523,"template":false,"template_full_name":null,"purl":"pkg:github/owncloud/core","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/owncloud%2Fcore","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/owncloud%2Fcore/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/owncloud%2Fcore/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/owncloud%2Fcore/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/owncloud","download_url":"https://codeload.github.com/owncloud/core/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/owncloud%2Fcore/sbom","scorecard":{"id":549928,"data":{"date":"2025-08-11","repo":{"name":"github.com/owncloud/core","commit":"f50f60ad978866527e57bb2a31a9a6363c0135ca"},"scorecard":{"version":"v5.2.1-40-gf6ed084d","commit":"f6ed084d17c9236477efd66e5b258b9d4cc7b389"},"score":6.8,"checks":[{"name":"Code-Review","score":2,"reason":"Found 3/15 approved changesets -- score normalized to 2","details":null,"documentation":{"short":"Determines if the project requires human code review before pull requests (aka merge requests) are merged.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#code-review"}},{"name":"Maintained","score":10,"reason":"23 commit(s) and 4 issue activity found in the last 90 days -- score normalized to 10","details":null,"documentation":{"short":"Determines if the project is \"actively maintained\".","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#maintained"}},{"name":"Packaging","score":-1,"reason":"packaging workflow not detected","details":["Warn: no GitHub/GitLab publishing workflow detected."],"documentation":{"short":"Determines if the project is published as a package that others can easily download, install, easily update, and uninstall.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#packaging"}},{"name":"CII-Best-Practices","score":0,"reason":"no effort to earn an OpenSSF best practices badge detected","details":null,"documentation":{"short":"Determines if the project has an OpenSSF (formerly CII) Best Practices Badge.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#cii-best-practices"}},{"name":"Security-Policy","score":10,"reason":"security policy file detected","details":["Info: security policy file detected: .github/SECURITY.md:1","Info: Found linked content: .github/SECURITY.md:1","Info: Found disclosure, vulnerability, and/or timelines in security policy: .github/SECURITY.md:1","Info: Found text in security policy: .github/SECURITY.md:1"],"documentation":{"short":"Determines if the project has published a security policy.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#security-policy"}},{"name":"Dangerous-Workflow","score":10,"reason":"no dangerous workflow patterns detected","details":null,"documentation":{"short":"Determines if the project's GitHub Action workflows avoid dangerous patterns.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#dangerous-workflow"}},{"name":"Token-Permissions","score":9,"reason":"detected GitHub workflow tokens with excessive permissions","details":["Warn: no topLevel permission defined: .github/workflows/stale.yml:1","Info: no jobLevel write permissions found"],"documentation":{"short":"Determines if the project's workflows follow the principle of least privilege.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#token-permissions"}},{"name":"License","score":10,"reason":"license file detected","details":["Info: project has a license file: COPYING:0","Info: FSF or OSI recognized license: GNU Affero General Public License v3.0: COPYING:0"],"documentation":{"short":"Determines if the project has defined a license.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#license"}},{"name":"Signed-Releases","score":-1,"reason":"no releases found","details":null,"documentation":{"short":"Determines if the project cryptographically signs release artifacts.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#signed-releases"}},{"name":"Branch-Protection","score":5,"reason":"branch protection is not maximal on development and all release branches","details":["Info: 'allow deletion' disabled on branch 'master'","Info: 'force pushes' disabled on branch 'master'","Warn: 'branch protection settings apply to administrators' is disabled on branch 'master'","Warn: required approving review count is 1 on branch 'master'","Warn: codeowners review is not required on branch 'master'","Warn: 'up-to-date branches' is disabled on branch 'master'","Info: status check found to merge onto on branch 'master'","Info: PRs are required in order to make changes on branch 'master'"],"documentation":{"short":"Determines if the default and release branches are protected with GitHub's branch protection settings.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#branch-protection"}},{"name":"SAST","score":10,"reason":"SAST tool is run on all commits","details":["Info: all commits (18) are checked with a SAST tool"],"documentation":{"short":"Determines if the project uses static code analysis.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#sast"}},{"name":"Binary-Artifacts","score":10,"reason":"no binaries found in the repo","details":null,"documentation":{"short":"Determines if the project has generated executable (binary) artifacts in the source repository.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#binary-artifacts"}},{"name":"Fuzzing","score":0,"reason":"project is not fuzzed","details":["Warn: no fuzzer integrations found"],"documentation":{"short":"Determines if the project uses fuzzing.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#fuzzing"}},{"name":"Vulnerabilities","score":6,"reason":"4 existing vulnerabilities detected","details":["Warn: Project is vulnerable to: GHSA-968p-4wvh-cqc8","Warn: Project is vulnerable to: GHSA-pxg6-pf52-xh8x","Warn: Project is vulnerable to: GHSA-52f5-9888-hmc6","Warn: Project is vulnerable to: GHSA-3h5v-q93c-6h6q"],"documentation":{"short":"Determines if the project has open, known unfixed vulnerabilities.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#vulnerabilities"}},{"name":"Pinned-Dependencies","score":0,"reason":"dependency not pinned by hash detected -- score normalized to 0","details":["Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/stale.yml:18: update your workflow using https://app.stepsecurity.io/secureworkflow/owncloud/core/stale.yml/master?enable=pin","Info:   0 out of   1 GitHub-owned GitHubAction dependencies pinned"],"documentation":{"short":"Determines if the project has declared and pinned the dependencies of its build process.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#pinned-dependencies"}}]},"last_synced_at":"2025-08-20T10:31:44.836Z","repository_id":4412982,"created_at":"2025-08-20T10:31:44.836Z","updated_at":"2025-08-20T10:31:44.836Z"},"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":34428197,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-05-26T15:22:16.424Z","status":"online","status_checked_at":"2026-06-16T02:00:06.860Z","response_time":126,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["enterprise","federated","file-sharing","file-sync","javascript","owncloud","php","platform","self-hosting","sharing"],"created_at":"2024-07-31T09:01:22.439Z","updated_at":"2026-06-17T00:01:34.743Z","avatar_url":"https://github.com/owncloud.png","language":"PHP","funding_links":[],"categories":["PHP","Uncategorized","Apps","File Sharing / Cloud Storage","javascript","File Sharing","Application Recommendation","php","Table of Contents","Software"],"sub_categories":["Uncategorized","FileSharing","Follow me","☁️ Cloud storage","Storage"],"readme":"# ownCloud Core\n\n\u003c!-- OSPO-managed README | Generated: 2026-04-16 | v2 --\u003e\n\n[![License](https://img.shields.io/badge/License-AGPL--3.0-blue.svg)](COPYING) [![ownCloud OSPO](https://img.shields.io/badge/OSPO-ownCloud-blue)](https://kiteworks.com/opensource) [![Docker Hub](https://img.shields.io/docker/pulls/owncloud)](https://hub.docker.com/r/owncloud/server)\n\nownCloud Core is the server-side component of ownCloud 10 (Classic), providing file storage, synchronization, and sharing trusted by over 200 million users worldwide. It includes WebDAV, CalDAV, and CardDAV servers, a plugin architecture for apps, user and group management, encryption support, external storage backends, and a comprehensive REST API. The server runs on PHP with support for MySQL, MariaDB, PostgreSQL, and SQLite databases.\n\n## Part of Classic (OC10)\n\nThis is the main repository for [ownCloud Server (Classic)](https://github.com/owncloud/core), also known as ownCloud 10 or OC10. It is the foundation that apps like [Activity](https://github.com/owncloud/activity), [Calendar](https://github.com/owncloud/calendar), [Contacts](https://github.com/owncloud/contacts), and many others extend. The server is available as a Docker image on [Docker Hub](https://hub.docker.com/r/owncloud/server).\n\nFor the next-generation ownCloud platform, see [ownCloud Infinite Scale (oCIS)](https://github.com/owncloud/ocis).\n\n## Getting Started\n\nFor installing ownCloud Server, see the official [ownCloud 10 installation manual](https://doc.owncloud.com/server/latest/admin_manual/installation/).\n\n### Development Build Prerequisites\n\n- **Composer v2**\n- **Yarn** and **Node.js** (v14 or higher)\n\n```bash\nmake\n```\n\n## Documentation\n\n- [ownCloud Server documentation](https://doc.owncloud.com)\n- [Developer documentation](https://doc.owncloud.com/server/latest/developer_manual/)\n- [CHANGELOG.md](https://github.com/owncloud/core/blob/master/CHANGELOG.md)\n- [Conventional Commits specification](https://www.conventionalcommits.org/)\n\n## Community \u0026 Support\n\n**[Star](https://github.com/owncloud/core)** this repo and **Watch** for release notifications!\n\n- [ownCloud Website](https://owncloud.com)\n- [Community Discussions](https://github.com/orgs/owncloud/discussions)\n- [Matrix Chat](https://app.element.io/#/room/#owncloud:matrix.org)\n- [Documentation](https://doc.owncloud.com)\n- [Enterprise Support](https://owncloud.com/contact-us/)\n- [OSPO Home](https://kiteworks.com/opensource)\n\n## Contributing\n\nWe welcome contributions! Please read the [Contributing Guidelines](CONTRIBUTING.md)\nand our [Code of Conduct](CODE_OF_CONDUCT.md) before getting started.\n\n### Workflow\n\n- **Rebase Early, Rebase Often!** We use a rebase workflow. Always rebase on the target branch before submitting a PR.\n- **Dependabot**: Automated dependency updates are managed via Dependabot. Review and merge dependency PRs promptly.\n- **Signed Commits**: All commits **must** be PGP/GPG signed. See [GitHub's signing guide](https://docs.github.com/en/authentication/managing-commit-signature-verification).\n- **DCO Sign-off**: Every commit must carry a `Signed-off-by` line:\n  ```\n  git commit -s -S -m \"your commit message\"\n  ```\n- **GitHub Actions Policy**: Workflows may only use actions that are (a) owned by `owncloud`, (b) created by GitHub (`actions/*`), or (c) verified in the GitHub Marketplace.\n\n## Translations\n\nHelp translate this project on Transifex:\n**\u003chttps://explore.transifex.com/owncloud-org/owncloud/\u003e**\n\nPlease submit translations via Transifex -- do not open pull requests for translation changes.\n\n## Security\n\n**Do not open a public GitHub issue for security vulnerabilities.**\n\nReport vulnerabilities at **\u003chttps://security.owncloud.com\u003e** -- see [SECURITY.md](SECURITY.md).\n\nBug bounty: [YesWeHack ownCloud Program](https://yeswehack.com/programs/owncloud-bug-bounty-program)\n\n## License\n\nThis project is licensed under the [AGPL-3.0](COPYING).\n\n## About the ownCloud OSPO\n\nThe [Kiteworks Open Source Program Office](https://kiteworks.com/opensource), operating under\nthe [ownCloud](https://owncloud.com) brand, launched on May 5, 2026, to steward the open source\necosystem around ownCloud's products. The OSPO ensures transparent governance, license compliance,\ncommunity health, and sustainable collaboration between the open source community and\n[Kiteworks](https://www.kiteworks.com), which acquired ownCloud in 2023.\n\n- **OSPO Home**: \u003chttps://kiteworks.com/opensource\u003e\n- **GitHub**: \u003chttps://github.com/owncloud\u003e\n- **ownCloud**: \u003chttps://owncloud.com\u003e\n\nFor questions about the OSPO or licensing, contact ospo@kiteworks.com.\n\n### License Migration to Apache 2.0\n\nThe OSPO is driving a strategic relicensing of ownCloud repositories toward the\n[Apache License 2.0](https://www.apache.org/licenses/LICENSE-2.0), following\nthe [Apache Software Foundation's third-party license policy](https://www.apache.org/legal/resolved.html).\n\nIndividual repositories will migrate as their audit is completed. The LICENSE file\nin each repo reflects its **current** license status (not the target).\n\n**Current license: AGPL-3.0** (Category X per Apache policy -- cannot be included in Apache-2.0 works).\n\nMigration prerequisites for this repository:\n\n- **CLA/DCO coverage**: All past contributors must have signed agreements permitting relicensing\n- **Copyleft dependency audit**: All AGPL/GPL dependencies must be replaced or isolated\n- **KDE heritage review**: Any code with KDE-era copyrights requires legal analysis\n- **Complete relicensing**: AGPL-3.0 is a strong copyleft license; migration requires full relicensing of all files, not just a header change\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fowncloud%2Fcore","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fowncloud%2Fcore","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fowncloud%2Fcore/lists"}