{"id":30865047,"url":"https://github.com/ozi-project/ozi.build","last_synced_at":"2026-01-20T17:05:48.573Z","repository":{"id":221087720,"uuid":"749970089","full_name":"OZI-Project/OZI.build","owner":"OZI-Project","description":"PEP 517 compatible build backend for the OZI packaging system.","archived":false,"fork":false,"pushed_at":"2025-09-04T11:40:25.000Z","size":1248,"stargazers_count":0,"open_issues_count":12,"forks_count":1,"subscribers_count":0,"default_branch":"master","last_synced_at":"2025-09-04T18:05:29.048Z","etag":null,"topics":["build-backend","mesonbuild","pep-517"],"latest_commit_sha":null,"homepage":"https://build.oziproject.dev","language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/OZI-Project.png","metadata":{"files":{"readme":"README","changelog":"CHANGELOG.md","contributing":null,"funding":null,"license":"COPYING","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":".github/SECURITY.md","support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null}},"created_at":"2024-01-29T18:38:01.000Z","updated_at":"2025-09-01T03:35:43.000Z","dependencies_parsed_at":"2024-02-06T05:25:29.797Z","dependency_job_id":"716f7b9c-6a63-4d3e-a75a-99bae813778d","html_url":"https://github.com/OZI-Project/OZI.build","commit_stats":null,"previous_names":["ozi-project/mesonpep517","ozi-project/ozi.build"],"tags_count":88,"template":false,"template_full_name":null,"purl":"pkg:github/OZI-Project/OZI.build","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/OZI-Project%2FOZI.build","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/OZI-Project%2FOZI.build/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/OZI-Project%2FOZI.build/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/OZI-Project%2FOZI.build/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/OZI-Project","download_url":"https://codeload.github.com/OZI-Project/OZI.build/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/OZI-Project%2FOZI.build/sbom","scorecard":{"id":923642,"data":{"date":"2025-08-25T06:17:00Z","repo":{"name":"github.com/OZI-Project/OZI.build","commit":"bf9b760a1e0bf65a98988d2e18be565da7095b8f"},"scorecard":{"version":"v5.2.1","commit":"ab2f6e92482462fe66246d9e32f642855a691dc1"},"score":7.3,"checks":[{"name":"Code-Review","score":0,"reason":"Found 0/3 approved changesets -- score normalized to 0","details":null,"documentation":{"short":"Determines if the project requires human code review before pull requests (aka merge requests) are merged.","url":"https://github.com/ossf/scorecard/blob/ab2f6e92482462fe66246d9e32f642855a691dc1/docs/checks.md#code-review"}},{"name":"Dependency-Update-Tool","score":10,"reason":"update tool detected","details":["Info: detected update tool: Dependabot: .github/dependabot.yml:1"],"documentation":{"short":"Determines if the project uses a dependency update tool.","url":"https://github.com/ossf/scorecard/blob/ab2f6e92482462fe66246d9e32f642855a691dc1/docs/checks.md#dependency-update-tool"}},{"name":"Pinned-Dependencies","score":9,"reason":"dependency not pinned by hash detected -- score normalized to 9","details":["Warn: pipCommand not pinned by hash: .github/workflows/ozi.yml:185","Info:  11 out of  11 GitHub-owned GitHubAction dependencies pinned","Info:  29 out of  29 third-party GitHubAction dependencies pinned","Info:   0 out of   1 pipCommand dependencies pinned"],"documentation":{"short":"Determines if the project has declared and pinned the dependencies of its build process.","url":"https://github.com/ossf/scorecard/blob/ab2f6e92482462fe66246d9e32f642855a691dc1/docs/checks.md#pinned-dependencies"}},{"name":"Binary-Artifacts","score":10,"reason":"no binaries found in the repo","details":null,"documentation":{"short":"Determines if the project has generated executable (binary) artifacts in the source repository.","url":"https://github.com/ossf/scorecard/blob/ab2f6e92482462fe66246d9e32f642855a691dc1/docs/checks.md#binary-artifacts"}},{"name":"Security-Policy","score":10,"reason":"security policy file detected","details":["Info: security policy file detected: .github/SECURITY.md:1","Info: Found linked content: .github/SECURITY.md:1","Info: Found disclosure, vulnerability, and/or timelines in security policy: .github/SECURITY.md:1","Info: Found text in security policy: .github/SECURITY.md:1"],"documentation":{"short":"Determines if the project has published a security policy.","url":"https://github.com/ossf/scorecard/blob/ab2f6e92482462fe66246d9e32f642855a691dc1/docs/checks.md#security-policy"}},{"name":"Maintained","score":10,"reason":"30 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 10","details":null,"documentation":{"short":"Determines if the project is \"actively maintained\".","url":"https://github.com/ossf/scorecard/blob/ab2f6e92482462fe66246d9e32f642855a691dc1/docs/checks.md#maintained"}},{"name":"Dangerous-Workflow","score":10,"reason":"no dangerous workflow patterns detected","details":null,"documentation":{"short":"Determines if the project's GitHub Action workflows avoid dangerous patterns.","url":"https://github.com/ossf/scorecard/blob/ab2f6e92482462fe66246d9e32f642855a691dc1/docs/checks.md#dangerous-workflow"}},{"name":"Token-Permissions","score":10,"reason":"GitHub workflow tokens follow principle of least privilege","details":["Warn: jobLevel 'contents' permission set to 'write': .github/workflows/cleanup.yml:14","Warn: jobLevel 'actions' permission set to 'write': .github/workflows/cleanup.yml:15","Info: jobLevel 'actions' permission set to 'read': .github/workflows/codeql.yml:31","Info: jobLevel 'contents' permission set to 'read': .github/workflows/codeql.yml:32","Warn: jobLevel 'contents' permission set to 'write': .github/workflows/ozi.yml:239","Warn: jobLevel 'contents' permission set to 'write': .github/workflows/ozi.yml:268","Warn: jobLevel 'contents' permission set to 'write': .github/workflows/ozi.yml:127","Warn: jobLevel 'contents' permission set to 'write': .github/workflows/ozi.yml:156","Info: topLevel permissions set to 'read-all': .github/workflows/cleanup.yml:7","Info: topLevel 'contents' permission set to 'read': .github/workflows/codeql.yml:24","Info: topLevel 'contents' permission set to 'read': .github/workflows/dependency-review.yml:13","Info: topLevel 'contents' permission set to 'read': .github/workflows/dev.yml:10","Info: topLevel 'contents' permission set to 'read': .github/workflows/ozi.yml:10","Info: topLevel permissions set to 'read-all': .github/workflows/scorecards.yml:18"],"documentation":{"short":"Determines if the project's workflows follow the principle of least privilege.","url":"https://github.com/ossf/scorecard/blob/ab2f6e92482462fe66246d9e32f642855a691dc1/docs/checks.md#token-permissions"}},{"name":"CII-Best-Practices","score":0,"reason":"no effort to earn an OpenSSF best practices badge detected","details":null,"documentation":{"short":"Determines if the project has an OpenSSF (formerly CII) Best Practices Badge.","url":"https://github.com/ossf/scorecard/blob/ab2f6e92482462fe66246d9e32f642855a691dc1/docs/checks.md#cii-best-practices"}},{"name":"Vulnerabilities","score":10,"reason":"0 existing vulnerabilities detected","details":null,"documentation":{"short":"Determines if the project has open, known unfixed vulnerabilities.","url":"https://github.com/ossf/scorecard/blob/ab2f6e92482462fe66246d9e32f642855a691dc1/docs/checks.md#vulnerabilities"}},{"name":"SAST","score":9,"reason":"SAST tool detected but not run on all commits","details":["Info: SAST configuration detected: CodeQL","Warn: 28 commits out of 30 are checked with a SAST tool"],"documentation":{"short":"Determines if the project uses static code analysis.","url":"https://github.com/ossf/scorecard/blob/ab2f6e92482462fe66246d9e32f642855a691dc1/docs/checks.md#sast"}},{"name":"Fuzzing","score":0,"reason":"project is not fuzzed","details":["Warn: no fuzzer integrations found"],"documentation":{"short":"Determines if the project uses fuzzing.","url":"https://github.com/ossf/scorecard/blob/ab2f6e92482462fe66246d9e32f642855a691dc1/docs/checks.md#fuzzing"}},{"name":"Packaging","score":10,"reason":"packaging workflow detected","details":["Info: Project packages its releases by way of GitHub Actions.: .github/workflows/ozi.yml:262"],"documentation":{"short":"Determines if the project is published as a package that others can easily download, install, easily update, and uninstall.","url":"https://github.com/ossf/scorecard/blob/ab2f6e92482462fe66246d9e32f642855a691dc1/docs/checks.md#packaging"}},{"name":"License","score":10,"reason":"license file detected","details":["Info: project has a license file: COPYING:0","Info: FSF or OSI recognized license: Apache License 2.0: COPYING:0"],"documentation":{"short":"Determines if the project has defined a license.","url":"https://github.com/ossf/scorecard/blob/ab2f6e92482462fe66246d9e32f642855a691dc1/docs/checks.md#license"}},{"name":"Branch-Protection","score":3,"reason":"branch protection is not maximal on development and all release branches","details":["Info: 'allow deletion' disabled on branch 'master'","Info: 'force pushes' disabled on branch 'master'","Warn: 'branch protection settings apply to administrators' is disabled on branch 'master'","Warn: 'stale review dismissal' is disabled on branch 'master'","Warn: branch 'master' does not require approvers","Warn: codeowners review is not required on branch 'master'","Warn: 'last push approval' is disabled on branch 'master'","Warn: 'up-to-date branches' is disabled on branch 'master'","Info: status check found to merge onto on branch 'master'","Info: PRs are required in order to make changes on branch 'master'"],"documentation":{"short":"Determines if the default and release branches are protected with GitHub's branch protection settings.","url":"https://github.com/ossf/scorecard/blob/ab2f6e92482462fe66246d9e32f642855a691dc1/docs/checks.md#branch-protection"}},{"name":"Signed-Releases","score":0,"reason":"Project has not signed or included provenance with any releases.","details":["Warn: release artifact 2.3.10 not signed: https://api.github.com/repos/OZI-Project/OZI.build/releases/242170260","Warn: release artifact 2.3.9 not signed: https://api.github.com/repos/OZI-Project/OZI.build/releases/238493523","Warn: release artifact 2.3.8 not signed: https://api.github.com/repos/OZI-Project/OZI.build/releases/226031396","Warn: release artifact 2.3.10 does not have provenance: https://api.github.com/repos/OZI-Project/OZI.build/releases/242170260","Warn: release artifact 2.3.9 does not have provenance: https://api.github.com/repos/OZI-Project/OZI.build/releases/238493523","Warn: release artifact 2.3.8 does not have provenance: https://api.github.com/repos/OZI-Project/OZI.build/releases/226031396"],"documentation":{"short":"Determines if the project cryptographically signs release artifacts.","url":"https://github.com/ossf/scorecard/blob/ab2f6e92482462fe66246d9e32f642855a691dc1/docs/checks.md#signed-releases"}},{"name":"Contributors","score":10,"reason":"project has 6 contributing companies or organizations","details":["Info: found contributions from: Igalia, OZI-Project, id=27082021/7654386, igalia, osam-cologne, pitivi"],"documentation":{"short":"Determines if the project has a set of contributors from multiple organizations (e.g., companies).","url":"https://github.com/ossf/scorecard/blob/ab2f6e92482462fe66246d9e32f642855a691dc1/docs/checks.md#contributors"}},{"name":"CI-Tests","score":10,"reason":"19 out of 19 merged PRs checked by a CI test -- score normalized to 10","details":null,"documentation":{"short":"Determines if the project runs tests before pull requests are merged.","url":"https://github.com/ossf/scorecard/blob/ab2f6e92482462fe66246d9e32f642855a691dc1/docs/checks.md#ci-tests"}}]},"last_synced_at":"2025-08-25T07:25:17.863Z","repository_id":221087720,"created_at":"2025-08-25T07:25:17.863Z","updated_at":"2025-08-25T07:25:17.863Z"},"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":274088843,"owners_count":25220311,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","status":"online","status_checked_at":"2025-09-07T02:00:09.463Z","response_time":67,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["build-backend","mesonbuild","pep-517"],"created_at":"2025-09-07T20:20:54.193Z","updated_at":"2026-01-20T17:05:45.532Z","avatar_url":"https://github.com/OZI-Project.png","language":"Python","funding_links":[],"categories":[],"sub_categories":[],"readme":"=========\nOZI.build\n=========\n\n.. image:: https://www.oziproject.dev/assets/brand/images/ozi-build-logo.svg\n  :align: left\n  :height: 62\n  :target: https://build.oziproject.dev/\n\nThis is the `OZI-Project \u003chttps://github.com/OZI-Project\u003e`_ maintained fork of the mesonpep517 0.2 tag.\n\nThis is a module that implements PEP-517 for the meson build system.\n\nThis means that you only need to provide a ``pyproject.toml`` and a\n``meson.build`` in your project source root to be able to create a wheel\nfor the project and to publish your project on PyPI.\n\nOther features include:\n\n* `signing wheels \u003chttps://packaging.python.org/en/latest/specifications/binary-distribution-format/#signed-wheel-files\u003e`_ with JOSE JWS\n* compiling modules to bytecode with pyc_wheel\n* scanning ``pyproject.toml`` for exploitable ReDoS patterns with regexploit\n\nFor more information have a look at `the documentation \u003chttps://docs.oziproject.dev/en/stable/ozi_build.html\u003e`_\n\nLicense\n-------\n\nOZI.build is licensed under Apache-2.0 and includes ``regexploit``,\n``pyc_wheel`` and portions of ``wheel`` whose copyright information is\nreproduced here.\n\nApache-2.0 contributors\n^^^^^^^^^^^^^^^^^^^^^^^\n\n``mesonpep517`` Copyright (c) 2017-2019 Thibault Saunier \u003ctsaunier@gnome.org\u003e\n\n``regexploit`` Copyright (c) 2021 Ben Caller \u003cREMOVETHISPREFIX.ben@doyensec.com\u003e\n\n``pyc_wheel`` Copyright (c) 2016 Grant Patten \u003cgrant@gpatten.com\u003e\n\n``pyc_wheel`` Copyright (c) 2019-2021 Adam Karpierz \u003cadam@karpierz.net\u003e\n\nMIT contributors\n^^^^^^^^^^^^^^^^\n\n``wheel`` Copyright (c) 2012-2014 Daniel Holth \u003cdholth@fastmail.fm\u003e and contributors.\n\n``PyJWT`` Copyright (c) 2015-2022 José Padilla\n\nPermission is hereby granted, free of charge, to any person obtaining a copy\nof this software and associated documentation files (the \"Software\"), to deal\nin the Software without restriction, including without limitation the rights\nto use, copy, modify, merge, publish, distribute, sublicense, and/or sell\ncopies of the Software, and to permit persons to whom the Software is\nfurnished to do so, subject to the following conditions:\n\nThe above copyright notice and this permission notice shall be included in\nall copies or substantial portions of the Software.\n\nTHE SOFTWARE IS PROVIDED \"AS IS\", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR\nIMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,\nFITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE\nAUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER\nLIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,\nOUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE\nSOFTWARE.\n\n\nSee Also:\n\nhttps://oziproject.dev\nhttps://mesonbuild.com\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fozi-project%2Fozi.build","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fozi-project%2Fozi.build","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fozi-project%2Fozi.build/lists"}