{"id":30590546,"url":"https://github.com/phantran/moco","last_synced_at":"2026-05-07T10:33:53.413Z","repository":{"id":51840155,"uuid":"365775591","full_name":"phantran/moco","owner":"phantran","description":"An efficient mutation testing tool written in Kotlin for Java Maven projects","archived":false,"fork":false,"pushed_at":"2021-05-10T08:39:36.000Z","size":658,"stargazers_count":3,"open_issues_count":4,"forks_count":1,"subscribers_count":1,"default_branch":"master","last_synced_at":"2026-05-06T21:48:41.162Z","etag":null,"topics":["bytecode-manipulation","caching","java","junit","jvm-bytecode","jvm-languages","kotlin","maven","maven-plugin","mutation","mutation-analysis","mutation-testing","testng","unit-test","unit-testing"],"latest_commit_sha":null,"homepage":"","language":"Kotlin","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/phantran.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null}},"created_at":"2021-05-09T14:43:38.000Z","updated_at":"2024-07-02T13:57:04.000Z","dependencies_parsed_at":"2022-09-11T15:31:46.191Z","dependency_job_id":null,"html_url":"https://github.com/phantran/moco","commit_stats":null,"previous_names":[],"tags_count":1,"template":false,"template_full_name":null,"purl":"pkg:github/phantran/moco","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/phantran%2Fmoco","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/phantran%2Fmoco/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/phantran%2Fmoco/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/phantran%2Fmoco/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/phantran","download_url":"https://codeload.github.com/phantran/moco/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/phantran%2Fmoco/sbom","scorecard":{"id":730576,"data":{"date":"2025-08-11","repo":{"name":"github.com/phantran/moco","commit":"27fbaa063c96d6c3607353c72e1b1b7ba8ed55e8"},"scorecard":{"version":"v5.2.1-40-gf6ed084d","commit":"f6ed084d17c9236477efd66e5b258b9d4cc7b389"},"score":2.8,"checks":[{"name":"Code-Review","score":0,"reason":"Found 0/29 approved changesets -- score normalized to 0","details":null,"documentation":{"short":"Determines if the project requires human code review before pull requests (aka merge requests) are merged.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#code-review"}},{"name":"Maintained","score":0,"reason":"0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0","details":null,"documentation":{"short":"Determines if the project is \"actively maintained\".","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#maintained"}},{"name":"Token-Permissions","score":0,"reason":"detected GitHub workflow tokens with excessive permissions","details":["Warn: no topLevel permission defined: .github/workflows/actions.yml:1","Info: no jobLevel write permissions found"],"documentation":{"short":"Determines if the project's workflows follow the principle of least privilege.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#token-permissions"}},{"name":"Packaging","score":-1,"reason":"packaging workflow not detected","details":["Warn: no GitHub/GitLab publishing workflow detected."],"documentation":{"short":"Determines if the project is published as a package that others can easily download, install, easily update, and uninstall.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#packaging"}},{"name":"Binary-Artifacts","score":10,"reason":"no binaries found in the repo","details":null,"documentation":{"short":"Determines if the project has generated executable (binary) artifacts in the source repository.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#binary-artifacts"}},{"name":"Dangerous-Workflow","score":10,"reason":"no dangerous workflow patterns detected","details":null,"documentation":{"short":"Determines if the project's GitHub Action workflows avoid dangerous patterns.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#dangerous-workflow"}},{"name":"CII-Best-Practices","score":0,"reason":"no effort to earn an OpenSSF best practices badge detected","details":null,"documentation":{"short":"Determines if the project has an OpenSSF (formerly CII) Best Practices Badge.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#cii-best-practices"}},{"name":"Pinned-Dependencies","score":0,"reason":"dependency not pinned by hash detected -- score normalized to 0","details":["Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/actions.yml:10: update your workflow using https://app.stepsecurity.io/secureworkflow/phantran/moco/actions.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/actions.yml:13: update your workflow using https://app.stepsecurity.io/secureworkflow/phantran/moco/actions.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/actions.yml:19: update your workflow using https://app.stepsecurity.io/secureworkflow/phantran/moco/actions.yml/master?enable=pin","Info:   0 out of   3 GitHub-owned GitHubAction dependencies pinned"],"documentation":{"short":"Determines if the project has declared and pinned the dependencies of its build process.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#pinned-dependencies"}},{"name":"Security-Policy","score":0,"reason":"security policy file not detected","details":["Warn: no security policy file detected","Warn: no security file to analyze","Warn: no security file to analyze","Warn: no security file to analyze"],"documentation":{"short":"Determines if the project has published a security policy.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#security-policy"}},{"name":"Fuzzing","score":0,"reason":"project is not fuzzed","details":["Warn: no fuzzer integrations found"],"documentation":{"short":"Determines if the project uses fuzzing.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#fuzzing"}},{"name":"License","score":10,"reason":"license file detected","details":["Info: project has a license file: LICENSE:0","Info: FSF or OSI recognized license: Apache License 2.0: LICENSE:0"],"documentation":{"short":"Determines if the project has defined a license.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#license"}},{"name":"Signed-Releases","score":-1,"reason":"no releases found","details":null,"documentation":{"short":"Determines if the project cryptographically signs release artifacts.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#signed-releases"}},{"name":"Branch-Protection","score":-1,"reason":"internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration","details":null,"documentation":{"short":"Determines if the default and release branches are protected with GitHub's branch protection settings.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#branch-protection"}},{"name":"SAST","score":0,"reason":"SAST tool is not run on all commits -- score normalized to 0","details":["Warn: 0 commits out of 2 are checked with a SAST tool"],"documentation":{"short":"Determines if the project uses static code analysis.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#sast"}},{"name":"Vulnerabilities","score":0,"reason":"25 existing vulnerabilities detected","details":["Warn: Project is vulnerable to: GHSA-h46c-h94j-95f3","Warn: Project is vulnerable to: GHSA-wf8f-6423-gfxg","Warn: Project is vulnerable to: GHSA-3x8x-79m2-3w2w","Warn: Project is vulnerable to: GHSA-57j2-w4cx-62h2","Warn: Project is vulnerable to: GHSA-jjjh-jjxp-wpff","Warn: Project is vulnerable to: GHSA-rgv9-q543-rqg4","Warn: Project is vulnerable to: GHSA-5mg8-w23w-74h3","Warn: Project is vulnerable to: GHSA-7g45-4rm6-3mm3","Warn: Project is vulnerable to: GHSA-mvr2-9pj6-7w5j","Warn: Project is vulnerable to: GHSA-22wj-vf5f-wrvj","Warn: Project is vulnerable to: GHSA-45hx-wfhj-473x","Warn: Project is vulnerable to: GHSA-7rpj-hg47-cx62","Warn: Project is vulnerable to: GHSA-h376-j262-vhq6","Warn: Project is vulnerable to: GHSA-269g-pwp5-87pp","Warn: Project is vulnerable to: GHSA-j288-q9x7-2f5v","Warn: Project is vulnerable to: GHSA-2f88-5hg8-9x2x","Warn: Project is vulnerable to: GHSA-g6ph-x5wf-g337","Warn: Project is vulnerable to: GHSA-jcwr-x25h-x5fh","Warn: Project is vulnerable to: GHSA-3p86-9955-h393","Warn: Project is vulnerable to: GHSA-vrpq-qp53-qv56","Warn: Project is vulnerable to: GHSA-2qp4-g3q3-f92w","Warn: Project is vulnerable to: GHSA-3vqj-43w4-2q58","Warn: Project is vulnerable to: GHSA-4jq9-2xhw-jpx7","Warn: Project is vulnerable to: GHSA-gp7f-rwcx-9369","Warn: Project is vulnerable to: GHSA-m72m-mhq2-9p6c"],"documentation":{"short":"Determines if the project has open, known unfixed vulnerabilities.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#vulnerabilities"}}]},"last_synced_at":"2025-08-22T14:17:58.216Z","repository_id":51840155,"created_at":"2025-08-22T14:17:58.216Z","updated_at":"2025-08-22T14:17:58.216Z"},"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":32733633,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-05-07T02:14:30.463Z","status":"ssl_error","status_checked_at":"2026-05-07T02:14:29.405Z","response_time":62,"last_error":"SSL_connect returned=1 errno=0 peeraddr=140.82.121.6:443 state=error: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["bytecode-manipulation","caching","java","junit","jvm-bytecode","jvm-languages","kotlin","maven","maven-plugin","mutation","mutation-analysis","mutation-testing","testng","unit-test","unit-testing"],"created_at":"2025-08-29T16:40:18.188Z","updated_at":"2026-05-07T10:33:53.395Z","avatar_url":"https://github.com/phantran.png","language":"Kotlin","funding_links":[],"categories":["Software testing"],"sub_categories":["Mutation testing"],"readme":"# MoCo\n\n![example workflow](https://github.com/phantran/moco/actions/workflows/actions.yml/badge.svg)\n[![License](https://img.shields.io/badge/License-Apache%202.0-blue.svg)](https://opensource.org/licenses/Apache-2.0)\n[![Quality Gate Status](https://sonarcloud.io/api/project_badges/measure?project=phantran_moco\u0026metric=alert_status)](https://sonarcloud.io/dashboard?id=phantran_moco)\n[![Maven Central](https://maven-badges.herokuapp.com/maven-central/io.github.phantran/m0c0-maven-plugin/badge.svg?style=plastic\u0026gav=true)](https://maven-badges.herokuapp.com/maven-central/io.github.phantran/m0c0-maven-plugin)\n\nThis is the [m0c0-maven-plugin](http://).\n\nA Maven plugin written in Kotlin that supports mutation testing for Java projects.\n\nMutation testing is computationally expensive, and that prevents mutation testing from being applied in \nbig projects and CI/CD pipelines. MoCo is a mutation testing tool that uses the bytecode manipulation approach, and it applies optimization such as Git Mode (only execute mutation tests for changed source classes) and database caching, thus mutation testing execution time in MoCo can be reduced significantly.\nWith the applied optimization, MoCo has good performance, and it can calculate mutation scores without re-running mutation tests for the whole project under test.\n\nMoCo was originally developed to support Gamekins which is a Jenkins plugin that uses a gamification\napproach to motivate software testing activities. More information about Gamekins Jenkins plugin can be found here: https://github.com/se2p/gamekins\n\n\n### Project requirements\n\n- Java 8+\n- Apache Maven 3\n\n#### Test Frameworks\nMoCo supports TestNG and JUnit (3, 4, 5)\n\n### Setup Project\n\nClone this repository and install it by using Maven install command:\n\n`mvn install`\n\nWhile developing MoCo, a quick installation without testing and generating descriptor to test MoCo in your local repository can be done with:\n\n` mvn install -Ddescriptor.skip -Dtest.skip`\n\n### Usage\n\n#### pom.xml\n\nMoCo is available on Maven Central, and it can be used easily by adding the following information to \npom.xml file of your project (replace MOCO-VERSION with a MoCo version, e.g. `1.0.1`):\n\n- To dependencies tag\n```xml\n\u003cdependency\u003e\n    \u003cgroupId\u003eio.github.phantran\u003c/groupId\u003e\n    \u003cartifactId\u003em0c0-maven-plugin\u003c/artifactId\u003e\n    \u003cversion\u003eMOCO-VERSION\u003c/version\u003e\n\u003c/dependency\u003e\n```\n\n- To build tag\n```xml\n\u003cplugin\u003e\n    \u003cgroupId\u003eio.github.phantran\u003c/groupId\u003e\n    \u003cartifactId\u003em0c0-maven-plugin\u003c/artifactId\u003e\n    \u003cversion\u003eMOCO-VERSION\u003c/version\u003e\n    \u003cexecutions\u003e\n        \u003cexecution\u003e\n            \u003cgoals\u003e\n                \u003cgoal\u003emoco\u003c/goal\u003e\n            \u003c/goals\u003e\n        \u003c/execution\u003e\n    \u003c/executions\u003e\n\u003c/plugin\u003e\n```\n\nThe default Maven phase of MoCo is verify phase, if you want to change the phase that executes MoCo, just change the execution \nconfiguration as below\n\n```xml\n\u003cexecution\u003e\n    \u003cgoals\u003e\n        \u003cgoal\u003emoco\u003c/goal\u003e\n    \u003c/goals\u003e\n    \u003cphase\u003eENTER-PHASE\u003c/phase\u003e\n\u003c/execution\u003e\n```\n\n#### Trigger MoCo\nIf MoCo is added as a dependency of your project as above, it can be triggered with \n`mvn verify` (if execution phase is kept as default). It can also be executed alone with this command\n`mvn m0c0:moco`\n\nBecause MoCo uses compiled test classes and compiled source classes of your project for mutation testing, please make\nsure MoCo is executed after the compile phase and test phase of Maven so that all compiled sources classes and compiled test classes\nare available and updated in the build (or target) folder.\n\nTarget source classes and test classes for mutation are configurable through `codeRoot` and `testRoot` parameters.\nIf `codeRoot` and `testRoot` are not specified, MoCo will use the default folder path information given by Maven. You\ncould check the configuration section or use helpmojo goal for more details about all configurable parameters of MoCo.\n\nIt's highly recommended to configure your `codeRoot` and `testRoot` for MoCo mutation testing if your project is big.\nIt will take a long time to finish if you have a big project with hundred of source classes and test classes. \n\nExample: We wanted to have mutation tests only for source classes inside org/example (assume there is \n a corresponding org/example folder in built test classes folder), then the configuration is:\n```xml\n\u003ccodeRoot\u003eorg/example\u003c/codeRoot\u003e\n```\n```xml\n\u003ctestRoot\u003eorg/example\u003c/testRoot\u003e\n```\nTo remedy the problem of re-running mutation tests for unchanged source classes with \ncorresponding test classes, MoCo offers Git Mode. Git Mode is ON by default, it helps reduce \nexecution time significantly by only considering changed classes. We can turn it off with\n```xml\n\u003cgitMode\u003efalse\u003c/gitMode\u003e\n```\n\nMutation score is not calculated by default. You can enable it by adding this to your configuration\n```xml\n\u003cenableMetrics\u003etrue\u003c/enableMetrics\u003e\n```\n\nMutation testing is computationally expensive even with the bytecode manipulation approach. \nA big project with hundred of tests can take hours to finish. To speed it up you can use more worker threads. \nMoCo uses 2 threads by default.\nExample: Using 3 threads.\n```xml\n\u003cnumberOfThreads\u003e3\u003c/numberOfThreads\u003e\n```\n\n\nBelow is an example configuration that uses MoCo version 1.0.1, Git Mode ON, mutation score calculation enabled, \ndebug messages logging enabled, test timeout in preprocessing phase (collecting mutations) as 500ms, \nand use 3 threads for parallel execution:\n\n```xml\n\u003cplugin\u003e\n    \u003cgroupId\u003eio.github.phantran\u003c/groupId\u003e\n    \u003cartifactId\u003em0c0-maven-plugin\u003c/artifactId\u003e\n    \u003cversion\u003e1.0.1\u003c/version\u003e\n    \u003cconfiguration\u003e\n        \u003cgitMode\u003etrue\u003c/gitMode\u003e\n        \u003cdebugEnabled\u003etrue\u003c/debugEnabled\u003e\n        \u003cenableMetrics\u003etrue\u003c/enableMetrics\u003e\n        \u003cpreprocessTestTimeout\u003e500\u003c/preprocessTestTimeout\u003e\n        \u003cnumberOfThreads\u003e3\u003c/numberOfThreads\u003e\n    \u003c/configuration\u003e\n    \u003cexecutions\u003e\n        \u003cexecution\u003e\n            \u003cgoals\u003e\n                \u003cgoal\u003emoco\u003c/goal\u003e\n            \u003c/goals\u003e\n        \u003c/execution\u003e\n    \u003c/executions\u003e\n\u003c/plugin\u003e\n```\n\n#### Report\nAfter each execution, MoCo will produce a file named `moco.json`. The default path to this file is \n`**\\moco\\mutation\\moco.json` (inside your project output build folder).\nThis `moco.json` file contains information about all mutations that MoCo has collected and executed so far.\n\n\n#### Configuration \nDetails about more configurable parameters of MoCo will be updated here later. At the moment, you could use\nthe helpmojo command to learn more about it.\n\n`mvn m0c0:help -Ddetail=true`\n\n### Contributing\nIf you find a problem with MoCo and wanted to fix it, it would be very helpful to create a ticket along with your pull request.\nThe ticket in issues should describe clearly what your pull request is about. Please create new branch from the \ndevelopment branch, implement the changes, then create a pull request to development branch after finishing.\n\n### License\n\nThis software is licensed under the terms in the file named \"LICENSE\" in the root directory of this project. This\nproject has dependencies that are under different licenses.\n\n### Author Information\n\n#### Tran Phan\nphantran197@gmail.com\n\nThis project was developed as a part of my work at the\n[Chair of Software Engineering II](https://www.fim.uni-passau.de/lehrstuhl-fuer-software-engineering-ii/),\nUniversity of Passau.\n\n\n\n\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fphantran%2Fmoco","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fphantran%2Fmoco","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fphantran%2Fmoco/lists"}