{"id":13716712,"url":"https://github.com/paketo-buildpacks/nginx","last_synced_at":"2026-04-29T08:01:18.605Z","repository":{"id":37047771,"uuid":"194935781","full_name":"paketo-buildpacks/nginx","owner":"paketo-buildpacks","description":null,"archived":false,"fork":false,"pushed_at":"2026-03-30T17:22:33.000Z","size":5458,"stargazers_count":21,"open_issues_count":27,"forks_count":16,"subscribers_count":5,"default_branch":"main","last_synced_at":"2026-03-30T19:20:38.247Z","etag":null,"topics":["cnb"],"latest_commit_sha":null,"homepage":null,"language":"Go","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/paketo-buildpacks.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":".github/CODEOWNERS","security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":"NOTICE","maintainers":null,"copyright":null,"agents":null,"dco":null,"cla":null}},"created_at":"2019-07-02T21:14:28.000Z","updated_at":"2026-03-30T17:22:36.000Z","dependencies_parsed_at":"2024-01-12T22:15:49.136Z","dependency_job_id":"c0be10d9-88c7-435f-9497-2ad15b6c8ab2","html_url":"https://github.com/paketo-buildpacks/nginx","commit_stats":null,"previous_names":["cloudfoundry/nginx-cnb"],"tags_count":314,"template":false,"template_full_name":null,"purl":"pkg:github/paketo-buildpacks/nginx","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/paketo-buildpacks%2Fnginx","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/paketo-buildpacks%2Fnginx/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/paketo-buildpacks%2Fnginx/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/paketo-buildpacks%2Fnginx/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/paketo-buildpacks","download_url":"https://codeload.github.com/paketo-buildpacks/nginx/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/paketo-buildpacks%2Fnginx/sbom","scorecard":{"id":10199,"data":{"date":"2025-08-04","repo":{"name":"github.com/paketo-buildpacks/nginx","commit":"e25d17c59a75760a49097734ea48633d1749fd52"},"scorecard":{"version":"v5.2.1-28-gc1d103a9","commit":"c1d103a9bb9f635ec7260bf9aa0699466fa4be0e"},"score":6.3,"checks":[{"name":"Maintained","score":10,"reason":"30 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 10","details":null,"documentation":{"short":"Determines if the project is \"actively maintained\".","url":"https://github.com/ossf/scorecard/blob/c1d103a9bb9f635ec7260bf9aa0699466fa4be0e/docs/checks.md#maintained"}},{"name":"Code-Review","score":10,"reason":"all changesets reviewed","details":null,"documentation":{"short":"Determines if the project requires human code review before pull requests (aka merge requests) are merged.","url":"https://github.com/ossf/scorecard/blob/c1d103a9bb9f635ec7260bf9aa0699466fa4be0e/docs/checks.md#code-review"}},{"name":"Dangerous-Workflow","score":10,"reason":"no dangerous workflow patterns detected","details":null,"documentation":{"short":"Determines if the project's GitHub Action workflows avoid dangerous patterns.","url":"https://github.com/ossf/scorecard/blob/c1d103a9bb9f635ec7260bf9aa0699466fa4be0e/docs/checks.md#dangerous-workflow"}},{"name":"CII-Best-Practices","score":0,"reason":"no effort to earn an OpenSSF best practices badge detected","details":null,"documentation":{"short":"Determines if the project has an OpenSSF (formerly CII) Best Practices Badge.","url":"https://github.com/ossf/scorecard/blob/c1d103a9bb9f635ec7260bf9aa0699466fa4be0e/docs/checks.md#cii-best-practices"}},{"name":"Binary-Artifacts","score":10,"reason":"no binaries found in the repo","details":null,"documentation":{"short":"Determines if the project has generated executable (binary) artifacts in the source repository.","url":"https://github.com/ossf/scorecard/blob/c1d103a9bb9f635ec7260bf9aa0699466fa4be0e/docs/checks.md#binary-artifacts"}},{"name":"Fuzzing","score":0,"reason":"project is not fuzzed","details":["Warn: no fuzzer integrations found"],"documentation":{"short":"Determines if the project uses fuzzing.","url":"https://github.com/ossf/scorecard/blob/c1d103a9bb9f635ec7260bf9aa0699466fa4be0e/docs/checks.md#fuzzing"}},{"name":"Token-Permissions","score":0,"reason":"detected GitHub workflow tokens with excessive permissions","details":["Warn: no topLevel permission defined: .github/workflows/approve-bot-pr.yml:1","Warn: no topLevel permission defined: .github/workflows/codeql-analysis.yml:1","Warn: no topLevel permission defined: .github/workflows/create-draft-release.yml:1","Warn: no topLevel permission defined: .github/workflows/label-pr.yml:1","Warn: no topLevel permission defined: .github/workflows/lint-yaml.yml:1","Warn: no topLevel permission defined: .github/workflows/lint.yml:1","Warn: no topLevel permission defined: .github/workflows/publish-releases.yml:1","Warn: no topLevel permission defined: .github/workflows/push-buildpackage.yml:1","Warn: no topLevel permission defined: .github/workflows/synchronize-labels.yml:1","Warn: no topLevel permission defined: .github/workflows/test-pull-request.yml:1","Warn: no topLevel permission defined: .github/workflows/update-dependencies-from-metadata.yml:1","Warn: no topLevel permission defined: .github/workflows/update-github-config.yml:1","Warn: no topLevel permission defined: .github/workflows/update-go-mod-version.yml:1","Info: no jobLevel write permissions found"],"documentation":{"short":"Determines if the project's workflows follow the principle of least privilege.","url":"https://github.com/ossf/scorecard/blob/c1d103a9bb9f635ec7260bf9aa0699466fa4be0e/docs/checks.md#token-permissions"}},{"name":"License","score":10,"reason":"license file detected","details":["Info: project has a license file: LICENSE:0","Info: FSF or OSI recognized license: Apache License 2.0: LICENSE:0"],"documentation":{"short":"Determines if the project has defined a license.","url":"https://github.com/ossf/scorecard/blob/c1d103a9bb9f635ec7260bf9aa0699466fa4be0e/docs/checks.md#license"}},{"name":"Signed-Releases","score":0,"reason":"Project has not signed or included provenance with any releases.","details":["Warn: release artifact v0.17.38 not signed: https://api.github.com/repos/paketo-buildpacks/nginx/releases/237270234","Warn: release artifact v0.17.37 not signed: https://api.github.com/repos/paketo-buildpacks/nginx/releases/236085159","Warn: release artifact v0.17.36 not signed: https://api.github.com/repos/paketo-buildpacks/nginx/releases/234253814","Warn: release artifact v0.17.35 not signed: https://api.github.com/repos/paketo-buildpacks/nginx/releases/232121787","Warn: release artifact v0.17.34 not signed: https://api.github.com/repos/paketo-buildpacks/nginx/releases/230689195","Warn: release artifact v0.17.38 does not have provenance: https://api.github.com/repos/paketo-buildpacks/nginx/releases/237270234","Warn: release artifact v0.17.37 does not have provenance: https://api.github.com/repos/paketo-buildpacks/nginx/releases/236085159","Warn: release artifact v0.17.36 does not have provenance: https://api.github.com/repos/paketo-buildpacks/nginx/releases/234253814","Warn: release artifact v0.17.35 does not have provenance: https://api.github.com/repos/paketo-buildpacks/nginx/releases/232121787","Warn: release artifact v0.17.34 does not have provenance: https://api.github.com/repos/paketo-buildpacks/nginx/releases/230689195"],"documentation":{"short":"Determines if the project cryptographically signs release artifacts.","url":"https://github.com/ossf/scorecard/blob/c1d103a9bb9f635ec7260bf9aa0699466fa4be0e/docs/checks.md#signed-releases"}},{"name":"Security-Policy","score":10,"reason":"security policy file detected","details":["Info: security policy file detected: github.com/paketo-buildpacks/.github/SECURITY.md:1","Info: Found linked content: github.com/paketo-buildpacks/.github/SECURITY.md:1","Info: Found disclosure, vulnerability, and/or timelines in security policy: github.com/paketo-buildpacks/.github/SECURITY.md:1","Info: Found text in security policy: github.com/paketo-buildpacks/.github/SECURITY.md:1"],"documentation":{"short":"Determines if the project has published a security policy.","url":"https://github.com/ossf/scorecard/blob/c1d103a9bb9f635ec7260bf9aa0699466fa4be0e/docs/checks.md#security-policy"}},{"name":"Branch-Protection","score":-1,"reason":"internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration","details":null,"documentation":{"short":"Determines if the default and release branches are protected with GitHub's branch protection settings.","url":"https://github.com/ossf/scorecard/blob/c1d103a9bb9f635ec7260bf9aa0699466fa4be0e/docs/checks.md#branch-protection"}},{"name":"Packaging","score":10,"reason":"packaging workflow detected","details":["Info: Project packages its releases by way of GitHub Actions.: .github/workflows/push-buildpackage.yml:11"],"documentation":{"short":"Determines if the project is published as a package that others can easily download, install, easily update, and uninstall.","url":"https://github.com/ossf/scorecard/blob/c1d103a9bb9f635ec7260bf9aa0699466fa4be0e/docs/checks.md#packaging"}},{"name":"Pinned-Dependencies","score":0,"reason":"dependency not pinned by hash detected -- score normalized to 0","details":["Warn: third-party GitHubAction not pinned by hash: .github/workflows/approve-bot-pr.yml:19: update your workflow using https://app.stepsecurity.io/secureworkflow/paketo-buildpacks/nginx/approve-bot-pr.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/approve-bot-pr.yml:39: update your workflow using https://app.stepsecurity.io/secureworkflow/paketo-buildpacks/nginx/approve-bot-pr.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/approve-bot-pr.yml:47: update your workflow using https://app.stepsecurity.io/secureworkflow/paketo-buildpacks/nginx/approve-bot-pr.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/approve-bot-pr.yml:55: update your workflow using https://app.stepsecurity.io/secureworkflow/paketo-buildpacks/nginx/approve-bot-pr.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/approve-bot-pr.yml:59: update your workflow using https://app.stepsecurity.io/secureworkflow/paketo-buildpacks/nginx/approve-bot-pr.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/codeql-analysis.yml:24: update your workflow using https://app.stepsecurity.io/secureworkflow/paketo-buildpacks/nginx/codeql-analysis.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/codeql-analysis.yml:27: update your workflow using https://app.stepsecurity.io/secureworkflow/paketo-buildpacks/nginx/codeql-analysis.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/codeql-analysis.yml:32: update your workflow using https://app.stepsecurity.io/secureworkflow/paketo-buildpacks/nginx/codeql-analysis.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/codeql-analysis.yml:35: update your workflow using https://app.stepsecurity.io/secureworkflow/paketo-buildpacks/nginx/codeql-analysis.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/create-draft-release.yml:25: update your workflow using https://app.stepsecurity.io/secureworkflow/paketo-buildpacks/nginx/create-draft-release.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/create-draft-release.yml:29: update your workflow using https://app.stepsecurity.io/secureworkflow/paketo-buildpacks/nginx/create-draft-release.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/create-draft-release.yml:50: update your workflow using https://app.stepsecurity.io/secureworkflow/paketo-buildpacks/nginx/create-draft-release.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/create-draft-release.yml:54: update your workflow using https://app.stepsecurity.io/secureworkflow/paketo-buildpacks/nginx/create-draft-release.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/create-draft-release.yml:66: update your workflow using https://app.stepsecurity.io/secureworkflow/paketo-buildpacks/nginx/create-draft-release.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/create-draft-release.yml:71: update your workflow using https://app.stepsecurity.io/secureworkflow/paketo-buildpacks/nginx/create-draft-release.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/create-draft-release.yml:77: update your workflow using https://app.stepsecurity.io/secureworkflow/paketo-buildpacks/nginx/create-draft-release.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/create-draft-release.yml:85: update your workflow using https://app.stepsecurity.io/secureworkflow/paketo-buildpacks/nginx/create-draft-release.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/create-draft-release.yml:115: update your workflow using https://app.stepsecurity.io/secureworkflow/paketo-buildpacks/nginx/create-draft-release.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/create-draft-release.yml:122: update your workflow using https://app.stepsecurity.io/secureworkflow/paketo-buildpacks/nginx/create-draft-release.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/create-draft-release.yml:152: update your workflow using https://app.stepsecurity.io/secureworkflow/paketo-buildpacks/nginx/create-draft-release.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/label-pr.yml:21: update your workflow using https://app.stepsecurity.io/secureworkflow/paketo-buildpacks/nginx/label-pr.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/label-pr.yml:31: update your workflow using https://app.stepsecurity.io/secureworkflow/paketo-buildpacks/nginx/label-pr.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/lint-yaml.yml:13: update your workflow using https://app.stepsecurity.io/secureworkflow/paketo-buildpacks/nginx/lint-yaml.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/lint-yaml.yml:16: update your workflow using https://app.stepsecurity.io/secureworkflow/paketo-buildpacks/nginx/lint-yaml.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/lint-yaml.yml:22: update your workflow using https://app.stepsecurity.io/secureworkflow/paketo-buildpacks/nginx/lint-yaml.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/lint.yml:17: update your workflow using https://app.stepsecurity.io/secureworkflow/paketo-buildpacks/nginx/lint.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/lint.yml:22: update your workflow using https://app.stepsecurity.io/secureworkflow/paketo-buildpacks/nginx/lint.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/lint.yml:25: update your workflow using https://app.stepsecurity.io/secureworkflow/paketo-buildpacks/nginx/lint.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/publish-releases.yml:20: update your workflow using https://app.stepsecurity.io/secureworkflow/paketo-buildpacks/nginx/publish-releases.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/publish-releases.yml:31: update your workflow using https://app.stepsecurity.io/secureworkflow/paketo-buildpacks/nginx/publish-releases.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/push-buildpackage.yml:17: update your workflow using https://app.stepsecurity.io/secureworkflow/paketo-buildpacks/nginx/push-buildpackage.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/push-buildpackage.yml:32: update your workflow using https://app.stepsecurity.io/secureworkflow/paketo-buildpacks/nginx/push-buildpackage.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/push-buildpackage.yml:97: update your workflow using https://app.stepsecurity.io/secureworkflow/paketo-buildpacks/nginx/push-buildpackage.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/push-buildpackage.yml:111: update your workflow using https://app.stepsecurity.io/secureworkflow/paketo-buildpacks/nginx/push-buildpackage.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/synchronize-labels.yml:15: update your workflow using https://app.stepsecurity.io/secureworkflow/paketo-buildpacks/nginx/synchronize-labels.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/synchronize-labels.yml:16: update your workflow using https://app.stepsecurity.io/secureworkflow/paketo-buildpacks/nginx/synchronize-labels.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test-pull-request.yml:52: update your workflow using https://app.stepsecurity.io/secureworkflow/paketo-buildpacks/nginx/test-pull-request.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test-pull-request.yml:57: update your workflow using https://app.stepsecurity.io/secureworkflow/paketo-buildpacks/nginx/test-pull-request.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test-pull-request.yml:85: update your workflow using https://app.stepsecurity.io/secureworkflow/paketo-buildpacks/nginx/test-pull-request.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test-pull-request.yml:21: update your workflow using https://app.stepsecurity.io/secureworkflow/paketo-buildpacks/nginx/test-pull-request.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test-pull-request.yml:26: update your workflow using https://app.stepsecurity.io/secureworkflow/paketo-buildpacks/nginx/test-pull-request.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/update-dependencies-from-metadata.yml:125: update your workflow using https://app.stepsecurity.io/secureworkflow/paketo-buildpacks/nginx/update-dependencies-from-metadata.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/update-dependencies-from-metadata.yml:174: update your workflow using https://app.stepsecurity.io/secureworkflow/paketo-buildpacks/nginx/update-dependencies-from-metadata.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/update-dependencies-from-metadata.yml:196: update your workflow using https://app.stepsecurity.io/secureworkflow/paketo-buildpacks/nginx/update-dependencies-from-metadata.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/update-dependencies-from-metadata.yml:230: update your workflow using https://app.stepsecurity.io/secureworkflow/paketo-buildpacks/nginx/update-dependencies-from-metadata.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/update-dependencies-from-metadata.yml:233: update your workflow using https://app.stepsecurity.io/secureworkflow/paketo-buildpacks/nginx/update-dependencies-from-metadata.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/update-dependencies-from-metadata.yml:248: update your workflow using https://app.stepsecurity.io/secureworkflow/paketo-buildpacks/nginx/update-dependencies-from-metadata.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/update-dependencies-from-metadata.yml:256: update your workflow using https://app.stepsecurity.io/secureworkflow/paketo-buildpacks/nginx/update-dependencies-from-metadata.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/update-dependencies-from-metadata.yml:267: update your workflow using https://app.stepsecurity.io/secureworkflow/paketo-buildpacks/nginx/update-dependencies-from-metadata.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/update-dependencies-from-metadata.yml:286: update your workflow using https://app.stepsecurity.io/secureworkflow/paketo-buildpacks/nginx/update-dependencies-from-metadata.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/update-dependencies-from-metadata.yml:295: update your workflow using https://app.stepsecurity.io/secureworkflow/paketo-buildpacks/nginx/update-dependencies-from-metadata.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/update-dependencies-from-metadata.yml:316: update your workflow using https://app.stepsecurity.io/secureworkflow/paketo-buildpacks/nginx/update-dependencies-from-metadata.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/update-dependencies-from-metadata.yml:319: update your workflow using https://app.stepsecurity.io/secureworkflow/paketo-buildpacks/nginx/update-dependencies-from-metadata.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/update-dependencies-from-metadata.yml:330: update your workflow using https://app.stepsecurity.io/secureworkflow/paketo-buildpacks/nginx/update-dependencies-from-metadata.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/update-dependencies-from-metadata.yml:340: update your workflow using https://app.stepsecurity.io/secureworkflow/paketo-buildpacks/nginx/update-dependencies-from-metadata.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/update-dependencies-from-metadata.yml:357: update your workflow using https://app.stepsecurity.io/secureworkflow/paketo-buildpacks/nginx/update-dependencies-from-metadata.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/update-dependencies-from-metadata.yml:368: update your workflow using https://app.stepsecurity.io/secureworkflow/paketo-buildpacks/nginx/update-dependencies-from-metadata.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/update-dependencies-from-metadata.yml:377: update your workflow using https://app.stepsecurity.io/secureworkflow/paketo-buildpacks/nginx/update-dependencies-from-metadata.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/update-dependencies-from-metadata.yml:383: update your workflow using https://app.stepsecurity.io/secureworkflow/paketo-buildpacks/nginx/update-dependencies-from-metadata.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/update-dependencies-from-metadata.yml:396: update your workflow using https://app.stepsecurity.io/secureworkflow/paketo-buildpacks/nginx/update-dependencies-from-metadata.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/update-dependencies-from-metadata.yml:26: update your workflow using https://app.stepsecurity.io/secureworkflow/paketo-buildpacks/nginx/update-dependencies-from-metadata.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/update-dependencies-from-metadata.yml:29: update your workflow using https://app.stepsecurity.io/secureworkflow/paketo-buildpacks/nginx/update-dependencies-from-metadata.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/update-dependencies-from-metadata.yml:68: update your workflow using https://app.stepsecurity.io/secureworkflow/paketo-buildpacks/nginx/update-dependencies-from-metadata.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/update-dependencies-from-metadata.yml:74: update your workflow using https://app.stepsecurity.io/secureworkflow/paketo-buildpacks/nginx/update-dependencies-from-metadata.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/update-dependencies-from-metadata.yml:90: update your workflow using https://app.stepsecurity.io/secureworkflow/paketo-buildpacks/nginx/update-dependencies-from-metadata.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/update-github-config.yml:17: update your workflow using https://app.stepsecurity.io/secureworkflow/paketo-buildpacks/nginx/update-github-config.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/update-github-config.yml:22: update your workflow using https://app.stepsecurity.io/secureworkflow/paketo-buildpacks/nginx/update-github-config.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/update-github-config.yml:28: update your workflow using https://app.stepsecurity.io/secureworkflow/paketo-buildpacks/nginx/update-github-config.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/update-github-config.yml:33: update your workflow using https://app.stepsecurity.io/secureworkflow/paketo-buildpacks/nginx/update-github-config.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/update-github-config.yml:43: update your workflow using https://app.stepsecurity.io/secureworkflow/paketo-buildpacks/nginx/update-github-config.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/update-github-config.yml:52: update your workflow using https://app.stepsecurity.io/secureworkflow/paketo-buildpacks/nginx/update-github-config.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/update-github-config.yml:58: update your workflow using https://app.stepsecurity.io/secureworkflow/paketo-buildpacks/nginx/update-github-config.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/update-github-config.yml:71: update your workflow using https://app.stepsecurity.io/secureworkflow/paketo-buildpacks/nginx/update-github-config.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/update-go-mod-version.yml:83: update your workflow using https://app.stepsecurity.io/secureworkflow/paketo-buildpacks/nginx/update-go-mod-version.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/update-go-mod-version.yml:16: update your workflow using https://app.stepsecurity.io/secureworkflow/paketo-buildpacks/nginx/update-go-mod-version.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/update-go-mod-version.yml:18: update your workflow using https://app.stepsecurity.io/secureworkflow/paketo-buildpacks/nginx/update-go-mod-version.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/update-go-mod-version.yml:23: update your workflow using https://app.stepsecurity.io/secureworkflow/paketo-buildpacks/nginx/update-go-mod-version.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/update-go-mod-version.yml:28: update your workflow using https://app.stepsecurity.io/secureworkflow/paketo-buildpacks/nginx/update-go-mod-version.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/update-go-mod-version.yml:55: update your workflow using https://app.stepsecurity.io/secureworkflow/paketo-buildpacks/nginx/update-go-mod-version.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/update-go-mod-version.yml:64: update your workflow using https://app.stepsecurity.io/secureworkflow/paketo-buildpacks/nginx/update-go-mod-version.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/update-go-mod-version.yml:70: update your workflow using https://app.stepsecurity.io/secureworkflow/paketo-buildpacks/nginx/update-go-mod-version.yml/main?enable=pin","Warn: containerImage not pinned by hash: dependency/actions/compile/bionic.Dockerfile:1: pin your Docker image by updating ubuntu:18.04 to ubuntu:18.04@sha256:152dc042452c496007f07ca9127571cb9c29697f42acbfad72324b2bb2e43c98","Warn: containerImage not pinned by hash: dependency/actions/compile/jammy.Dockerfile:1: pin your Docker image by updating ubuntu:22.04 to ubuntu:22.04@sha256:1ec65b2719518e27d4d25f104d93f9fac60dc437f81452302406825c46fcc9cb","Warn: containerImage not pinned by hash: dependency/test/bionic/Dockerfile:1: pin your Docker image by updating paketobuildpacks/build:base to paketobuildpacks/build:base@sha256:81c9c820abd9228f2d2982c7730b1da5074f112af961fa0c85869441c5082cb6","Warn: containerImage not pinned by hash: dependency/test/jammy/Dockerfile:1: pin your Docker image by updating paketobuildpacks/build-jammy-base:0.1.14 to paketobuildpacks/build-jammy-base:0.1.14@sha256:31615700dab2eb6887f4f861bc47fbbebf5dfa231ef15d76b664730e707d7cf4","Warn: goCommand not pinned by hash: scripts/.util/tools.sh:197","Warn: pipCommand not pinned by hash: .github/workflows/lint-yaml.yml:28","Info:   0 out of  42 GitHub-owned GitHubAction dependencies pinned","Info:   0 out of  39 third-party GitHubAction dependencies pinned","Info:   0 out of   4 containerImage dependencies pinned","Info:   0 out of   1 goCommand dependencies pinned","Info:   0 out of   1 pipCommand dependencies pinned"],"documentation":{"short":"Determines if the project has declared and pinned the dependencies of its build process.","url":"https://github.com/ossf/scorecard/blob/c1d103a9bb9f635ec7260bf9aa0699466fa4be0e/docs/checks.md#pinned-dependencies"}},{"name":"SAST","score":10,"reason":"SAST tool is run on all commits","details":["Info: SAST configuration detected: CodeQL","Info: all commits (30) are checked with a SAST tool"],"documentation":{"short":"Determines if the project uses static code analysis.","url":"https://github.com/ossf/scorecard/blob/c1d103a9bb9f635ec7260bf9aa0699466fa4be0e/docs/checks.md#sast"}},{"name":"Vulnerabilities","score":5,"reason":"5 existing vulnerabilities detected","details":["Warn: Project is vulnerable to: GO-2025-3754 / GHSA-2x5j-vhc8-9cwm","Warn: Project is vulnerable to: GO-2025-3503 / GHSA-qxp5-gwg8-xv66","Warn: Project is vulnerable to: GO-2025-3595 / GHSA-vvgc-356p-c3xw","Warn: Project is vulnerable to: GO-2022-0635","Warn: Project is vulnerable to: GO-2022-0646"],"documentation":{"short":"Determines if the project has open, known unfixed vulnerabilities.","url":"https://github.com/ossf/scorecard/blob/c1d103a9bb9f635ec7260bf9aa0699466fa4be0e/docs/checks.md#vulnerabilities"}}]},"last_synced_at":"2025-08-14T14:23:45.294Z","repository_id":37047771,"created_at":"2025-08-14T14:23:45.294Z","updated_at":"2025-08-14T14:23:45.294Z"},"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":31290538,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-04-01T13:12:26.723Z","status":"ssl_error","status_checked_at":"2026-04-01T13:12:25.102Z","response_time":53,"last_error":"SSL_read: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["cnb"],"created_at":"2024-08-03T00:01:13.569Z","updated_at":"2026-04-01T17:03:26.368Z","avatar_url":"https://github.com/paketo-buildpacks.png","language":"Go","funding_links":[],"categories":["[Paketo Buildpacks](https://paketo.io/)"],"sub_categories":["Provides buildpacks for:"],"readme":"# NGINX Server Cloud Native Buildpack\n\nThe NGINX buildpack provides the [NGINX](https://www.nginx.com/) binary distribution.\nThe buildpack installs the NGINX binary distribution onto the `$PATH` which\nmakes it available for subsequent buildpacks and/or the application image.\n\n#### The NGINX buildpack is compatible with the following builders:\n\n- Paketo Jammy\n  - `docker.io/paketobuildpacks/builder-jammy-base`\n  - `docker.io/paketobuildpacks/builder-jammy-full`\n- Paketo Noble\n  - `docker.io/paketobuildpacks/ubuntu-noble-builder`\n\n## Usage\n\nTo package this buildpack for consumption:\n\n```\n$ ./scripts/package.sh\n```\n\n## Data driven templates\n\nThe NGINX buildpack supports data driven templates for nginx config. You can\nuse templated variables like `{{port}}`, `{{env \"FOO\"}}` and `{{module\n\"ngx_stream_module\"}}` in your `nginx.conf` to use values known at launch time.\n\nA usage example can be found in the [`samples` repository under the `nginx`\ndirectory](https://github.com/paketo-buildpacks/samples/tree/main/web-servers/nginx-sample).\n\n#### PORT\n\nUse `{{port}}` to dynamically set the port at which the server will accepts requests. At launch time, the buildpack will read the value of `$PORT` to set the value of `{{port}}`.\n\nFor example, to set an NGINX server to listen on `$PORT`, use the following in your `nginx.conf` file:\n\n```\nserver {\n  listen {{port}};\n}\n```\n\nThen run the built image using the `PORT` variable set as follows:\n\n```\ndocker run --tty --env PORT=8080 --publish 8080:8080 my-nginx-image\n```\n\n#### Environment Variables\n\nThis is a generic case of the `{{port}}` directive described ealier. To use the\nvalue of any environment variable `$FOOVAR` available at launch time, use the\ndirective `{{env \"FOOVAR\"}}` in your `nginx.conf`.\n\nFor example, include the following in your `nginx.conf` file to enable or\ndisable gzipping of responses based on the value of `GZIP_DOWNLOADS`:\n\n```\ngzip {{env \"GZIP_DOWNLOADS\"}};\n```\n\nThen run the built image using the `GZIP_DOWNLOADS` variable set as follows:\n\n```\ndocker run --tty --env PORT=8080 --env GZIP_DOWNLOADS=off --publish 8080:8080 my-nginx-image\n```\n\n#### Loading dynamic modules\n\nYou can use templates to set the path to a dynamic module using the\n`load_module` directive.\n\n* To load a user-provided module named `ngx_foo_module`, provide a\n  `modules/ngx_foo_module.so` file in your app directory and add the following\n  to the top of your `nginx.conf` file:\n\n```\n{{module \"ngx_foo_module\"}}\n```\n\n* To load a buildpack-provided module like `ngx_stream_module`, add the\n  following to the top of your `nginx.conf` file. You do not need to provide an\n  `ngx_stream_module.so` file:\n\n```\n{{module \"ngx_stream_module\"}}\n```\n\n## Configurations\n\nSpecifying the NGINX Server version through `buildpack.yml` configuration\nis deprecated and will not be supported in NGINX Server Buildpack v1.0.0.\n\nTo migrate from using `buildpack.yml` please set the following environment\nvariables at build time either directly (ex. `pack build my-app --env\nBP_ENVIRONMENT_VARIABLE=some-value`) or through a [`project.toml`\nfile](https://github.com/buildpacks/spec/blob/main/extensions/project-descriptor.md)\n\n### `BP_NGINX_VERSION`\nThe `BP_NGINX_VERSION` variable allows you to specify the version of NGINX Server that is installed.\n\n```shell\nBP_NGINX_VERSION=1.21.0\n```\n\nThis will replace the following structure in `buildpack.yml`:\n```yaml\nnginx:\n  # this allows you to specify a version constraint for the nginx dependency\n  # any valid semver constraints (e.g. 1.* and 1.21.*) are also acceptable\n  version: \"1.21.0\"\n```\n### `BP_WEB_SERVER_ENABLE_PUSH_STATE`\nThe `BP_WEB_SERVER_ENABLE_PUSH_STATE` variable enables push state based routing for Single-page applications relying on browser history API.\nNGINX Server will send the content at / in response to *any* requested endpoint.\nUsefull for React, Angular, Vue and other SPAs.\n\n### `BP_NGINX_STUB_STATUS_PORT`\nThe `BP_NGINX_STUB_STATUS_PORT` variable exposes a handful of NGINX Server metrics via the [`stub_status`](https://nginx.org/en/docs/http/ngx_http_stub_status_module.html#stub_status) module which provides basic status information on provided port.\nThis comes handy for monitoring the server. For example using [NGINX Prometheus Exporter](https://github.com/nginxinc/nginx-prometheus-exporter)\n\n### `BP_WEB_SERVER_INCLUDE_FILE_PATH`\nThe `BP_WEB_SERVER_INCLUDE_FILE_PATH` variable allows including configuration into generated `nginx.conf`, when no `nginx.conf` file is provided.\nIt will include these snippet into generated config server section:\n\n```\n   include \u003cBP_WEB_SERVER_INCLUDE_FILE_PATH\u003e;\n```\n\nThe file to be included must be inside the path to app dir (like the `--path` switch when using the pack binary) and the value should be relative to that directory.\n\nExample: including proxy.conf file within APP_DIR\n\n```\n| APP_DIR\n  |- public\n  |- proxy.conf\n```\n\nwith this content:\n```\n# proxy.conf\nlocation ~* ^/api(.*) {\n        proxy_pass  http://another_backend_server:8080/api$1$is_args$args;\n        proxy_http_version 1.1;\n        proxy_read_timeout 60s;\n        proxy_buffer_size 4096;\n        proxy_buffering on;\n        proxy_buffers 8 4096;\n        proxy_busy_buffers_size 8192;\n        proxy_set_header Upgrade $http_upgrade;\n        proxy_set_header Connection $http_connection;\n        proxy_set_header Host $http_host;\n        proxy_set_header X-Forwarded-For $remote_addr;\n        proxy_set_header X-Forwarded-Port $server_port;\n        proxy_set_header X-Forwarded-Proto $scheme;\n        proxy_set_header X-Request-Start $msec;\n    }\n```\n\nWe can set the relative path into the BP_WEB_SERVER_INCLUDE_FILE_PATH env\n```\nBP_WEB_SERVER_INCLUDE_FILE_PATH=./proxy.conf\n```\n\n## Integration\n\nThe NGINX CNB provides nginx as a dependency. Downstream buildpacks, like\n[PHP Web CNB](https://github.com/paketo-buildpacks/php-web) can require the nginx\ndependency by generating a [Build Plan\nTOML](https://github.com/buildpacks/spec/blob/master/buildpack.md#build-plan-toml)\nfile that looks like the following:\n\n```toml\n[[requires]]\n\n  # The name of the NGINX dependency is \"nginx\". This value is considered\n  # part of the public API for the buildpack and will not change without a plan\n  # for deprecation.\n  name = \"nginx\"\n\n  # The version of the NGINX dependency is not required. In the case it\n  # is not specified, the buildpack will provide the default version, which can\n  # be seen in the buildpack.toml file.\n  # If you wish to request a specific version, the buildpack supports\n  # specifying a semver constraint in the form of \"1.*\", \"1.17.*\", or even\n  # \"1.17.9\".\n  version = \"1.17.9\"\n\n  # The NGINX buildpack supports some non-required metadata options.\n  [requires.metadata]\n\n    # Setting the launch flag to true will ensure that the NGINX\n    # dependency is available on the $PATH for the running application. If you are\n    # writing an application that needs to run NGINX at runtime, this flag should\n    # be set to true.\n    launch = true\n```\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fpaketo-buildpacks%2Fnginx","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fpaketo-buildpacks%2Fnginx","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fpaketo-buildpacks%2Fnginx/lists"}