{"id":41860132,"url":"https://github.com/pkic/ltl","last_synced_at":"2026-01-25T11:14:42.071Z","repository":{"id":48586705,"uuid":"375792953","full_name":"pkic/ltl","owner":"pkic","description":"List of Trust Lists","archived":false,"fork":false,"pushed_at":"2025-03-31T13:27:47.000Z","size":68,"stargazers_count":16,"open_issues_count":22,"forks_count":4,"subscribers_count":4,"default_branch":"main","last_synced_at":"2025-03-31T13:31:10.916Z","etag":null,"topics":["certificate","pki","root-program","root-store","trust-list"],"latest_commit_sha":null,"homepage":"","language":"Go","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/pkic.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":".github/CONTRIBUTING.md","funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2021-06-10T18:27:39.000Z","updated_at":"2025-03-31T13:27:14.000Z","dependencies_parsed_at":"2024-06-19T11:15:24.843Z","dependency_job_id":"ee35b221-eb71-434e-b608-8c48aaf7d055","html_url":"https://github.com/pkic/ltl","commit_stats":{"total_commits":60,"total_committers":3,"mean_commits":20.0,"dds":"0.31666666666666665","last_synced_commit":"ddd3375e839af648392a4d8b950c2218a51d961c"},"previous_names":[],"tags_count":10,"template":false,"template_full_name":null,"purl":"pkg:github/pkic/ltl","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pkic%2Fltl","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pkic%2Fltl/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pkic%2Fltl/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pkic%2Fltl/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/pkic","download_url":"https://codeload.github.com/pkic/ltl/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pkic%2Fltl/sbom","scorecard":{"id":736460,"data":{"date":"2025-08-11","repo":{"name":"github.com/pkic/ltl","commit":"24b3b08c30b94367b3c8c5fd0733a91577629091"},"scorecard":{"version":"v5.2.1-40-gf6ed084d","commit":"f6ed084d17c9236477efd66e5b258b9d4cc7b389"},"score":3.1,"checks":[{"name":"Binary-Artifacts","score":10,"reason":"no binaries found in the repo","details":null,"documentation":{"short":"Determines if the project has generated executable (binary) artifacts in the source repository.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#binary-artifacts"}},{"name":"Dangerous-Workflow","score":10,"reason":"no dangerous workflow patterns detected","details":null,"documentation":{"short":"Determines if the project's GitHub Action workflows avoid dangerous patterns.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#dangerous-workflow"}},{"name":"Packaging","score":-1,"reason":"packaging workflow not detected","details":["Warn: no GitHub/GitLab publishing workflow detected."],"documentation":{"short":"Determines if the project is published as a package that others can easily download, install, easily update, and uninstall.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#packaging"}},{"name":"Code-Review","score":0,"reason":"Found 2/27 approved changesets -- score normalized to 0","details":null,"documentation":{"short":"Determines if the project requires human code review before pull requests (aka merge requests) are merged.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#code-review"}},{"name":"Pinned-Dependencies","score":0,"reason":"dependency not pinned by hash detected -- score normalized to 0","details":["Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/go.yml:15: update your workflow using https://app.stepsecurity.io/secureworkflow/pkic/ltl/go.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/go.yml:18: update your workflow using https://app.stepsecurity.io/secureworkflow/pkic/ltl/go.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/issues.yml:26: update your workflow using https://app.stepsecurity.io/secureworkflow/pkic/ltl/issues.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/issues.yml:32: update your workflow using https://app.stepsecurity.io/secureworkflow/pkic/ltl/issues.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/issues.yml:40: update your workflow using https://app.stepsecurity.io/secureworkflow/pkic/ltl/issues.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/issues.yml:53: update your workflow using https://app.stepsecurity.io/secureworkflow/pkic/ltl/issues.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/issues.yml:62: update your workflow using https://app.stepsecurity.io/secureworkflow/pkic/ltl/issues.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release.yml:17: update your workflow using https://app.stepsecurity.io/secureworkflow/pkic/ltl/release.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release.yml:22: update your workflow using https://app.stepsecurity.io/secureworkflow/pkic/ltl/release.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/release.yml:47: update your workflow using https://app.stepsecurity.io/secureworkflow/pkic/ltl/release.yml/main?enable=pin","Warn: npmCommand not pinned by hash: .github/workflows/issues.yml:59","Info:   0 out of   7 GitHub-owned GitHubAction dependencies pinned","Info:   0 out of   3 third-party GitHubAction dependencies pinned","Info:   0 out of   1 npmCommand dependencies pinned"],"documentation":{"short":"Determines if the project has declared and pinned the dependencies of its build process.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#pinned-dependencies"}},{"name":"Token-Permissions","score":0,"reason":"detected GitHub workflow tokens with excessive permissions","details":["Warn: no topLevel permission defined: .github/workflows/go.yml:1","Warn: topLevel 'contents' permission set to 'write': .github/workflows/issues.yml:12","Warn: no topLevel permission defined: .github/workflows/release.yml:1","Info: no jobLevel write permissions found"],"documentation":{"short":"Determines if the project's workflows follow the principle of least privilege.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#token-permissions"}},{"name":"Maintained","score":0,"reason":"0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0","details":null,"documentation":{"short":"Determines if the project is \"actively maintained\".","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#maintained"}},{"name":"CII-Best-Practices","score":0,"reason":"no effort to earn an OpenSSF best practices badge detected","details":null,"documentation":{"short":"Determines if the project has an OpenSSF (formerly CII) Best Practices Badge.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#cii-best-practices"}},{"name":"Fuzzing","score":0,"reason":"project is not fuzzed","details":["Warn: no fuzzer integrations found"],"documentation":{"short":"Determines if the project uses fuzzing.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#fuzzing"}},{"name":"License","score":10,"reason":"license file detected","details":["Info: project has a license file: LICENSE:0","Info: FSF or OSI recognized license: MIT License: LICENSE:0"],"documentation":{"short":"Determines if the project has defined a license.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#license"}},{"name":"Branch-Protection","score":0,"reason":"branch protection not enabled on development/release branches","details":["Warn: branch protection not enabled for branch 'main'"],"documentation":{"short":"Determines if the default and release branches are protected with GitHub's branch protection settings.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#branch-protection"}},{"name":"Signed-Releases","score":0,"reason":"Project has not signed or included provenance with any releases.","details":["Warn: release artifact v0.1.10 not signed: https://api.github.com/repos/pkic/ltl/releases/193627111","Warn: release artifact v0.1.9 not signed: https://api.github.com/repos/pkic/ltl/releases/97853539","Warn: release artifact v0.1.8 not signed: https://api.github.com/repos/pkic/ltl/releases/81061525","Warn: release artifact v0.1.7 not signed: https://api.github.com/repos/pkic/ltl/releases/68220622","Warn: release artifact v0.1.6 not signed: https://api.github.com/repos/pkic/ltl/releases/62594075","Warn: release artifact v0.1.10 does not have provenance: https://api.github.com/repos/pkic/ltl/releases/193627111","Warn: release artifact v0.1.9 does not have provenance: https://api.github.com/repos/pkic/ltl/releases/97853539","Warn: release artifact v0.1.8 does not have provenance: https://api.github.com/repos/pkic/ltl/releases/81061525","Warn: release artifact v0.1.7 does not have provenance: https://api.github.com/repos/pkic/ltl/releases/68220622","Warn: release artifact v0.1.6 does not have provenance: https://api.github.com/repos/pkic/ltl/releases/62594075"],"documentation":{"short":"Determines if the project cryptographically signs release artifacts.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#signed-releases"}},{"name":"Security-Policy","score":0,"reason":"security policy file not detected","details":["Warn: no security policy file detected","Warn: no security file to analyze","Warn: no security file to analyze","Warn: no security file to analyze"],"documentation":{"short":"Determines if the project has published a security policy.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#security-policy"}},{"name":"SAST","score":0,"reason":"SAST tool is not run on all commits -- score normalized to 0","details":["Warn: 0 commits out of 5 are checked with a SAST tool"],"documentation":{"short":"Determines if the project uses static code analysis.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#sast"}},{"name":"Vulnerabilities","score":10,"reason":"0 existing vulnerabilities detected","details":null,"documentation":{"short":"Determines if the project has open, known unfixed vulnerabilities.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#vulnerabilities"}}]},"last_synced_at":"2025-08-22T16:00:54.142Z","repository_id":48586705,"created_at":"2025-08-22T16:00:54.143Z","updated_at":"2025-08-22T16:00:54.143Z"},"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":28752666,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-01-25T10:25:12.305Z","status":"ssl_error","status_checked_at":"2026-01-25T10:25:11.933Z","response_time":113,"last_error":"SSL_connect returned=1 errno=0 peeraddr=140.82.121.5:443 state=error: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["certificate","pki","root-program","root-store","trust-list"],"created_at":"2026-01-25T11:14:42.017Z","updated_at":"2026-01-25T11:14:42.064Z","avatar_url":"https://github.com/pkic.png","language":"Go","funding_links":[],"categories":[],"sub_categories":[],"readme":"# List of Trust Lists\n\nThey have many names, such as ‘trusted root list’, ‘trusted root store’, ‘trust store’, ‘approved trust list’, etc. The PKI Consortium is curating a global List of Trust Lists (a list of root, intermediate or issuing CA certificates accepted by a public, private, industry, or solution-specific PKI), one that is not limited to a specific purpose, region or size, and is open to anyone to contribute.\n\nEach list is documented as a YAML file and hosted in this repository. This makes it easier to read for humans while retaining version control and allowing systems to process and analyze the data.\n\nSome lists will share a common purpose or audit regime, might be extensively documented, list policies, discussion groups, etc. Others focus on a specific purpose, region or use-case and might only have some basic information.\n\nThere are many trust lists and often there is little overlap or interoperability. With this project the PKI consortium is not only building a comprehensive list of trust lists but also a place where the industry can find each other, engage, share knowledge, policies and best practices to improve security, interoperability and mutual trust.\n\nThe PKI Consortium welcomes contributions and would like to engage in related activities from other organizations or stakeholders.\n\n## Criteria for inclusion of a trust list\n\nA trust list can be included on the List of Trust List of the PKI Consortium when it defines a list of CA certificates of different entities that provide trust for the intended purpose. The list is not limited to a specific purpose, region or size, and is open to anyone to contribute. \n\nThe PKI Consortium is not endorsing any of the trust lists included and does not validate the accuracy of the data, the quality of the trust lists included or the policy framework and supervision that supports them. \n\nA trust list can be included on the List of Trust List of the PKI Consortium when:\n- information about the trust list is publicly available on the internet \n- the list is intended to distribute CA certificates for the use in a PKI system \n- the list includes a CA certificate from at least two independent entities \n\nIt’s not required for a Trust List to: \n- disclose all CA certificates included on the trust list \n- have the inclusion covered by a policy or audit framework \n\n## Disclaimer\n\nThe PKI Consortium does not endorse any of the trust lists included in the List of Trust Lists, nor does it validate the policies or quality of these lists. The PKI Consortium makes no representations or warranties regarding the accuracy, completeness, or reliability of these trust lists, and shall not be held liable for any damages resulting from their use. The inclusion of a trust list in the List of Trust Lists does not constitute an endorsement by the PKI Consortium. It is the responsibility of the user to carefully evaluate and verify the trustworthiness of any trust list before relying on it for any purpose.\n\n## Contributing to this repository \n\nWe [welcome and love contributions](https://github.com/pkic/ltl/contribute) to this repository, please make sure you check the [contribution guidelines](.github/CONTRIBUTING.md).\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fpkic%2Fltl","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fpkic%2Fltl","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fpkic%2Fltl/lists"}