{"id":13398387,"url":"https://github.com/protocolbuffers/protobuf","last_synced_at":"2026-01-23T00:50:07.023Z","repository":{"id":20088389,"uuid":"23357588","full_name":"protocolbuffers/protobuf","owner":"protocolbuffers","description":"Protocol Buffers - Google's data interchange format","archived":false,"fork":false,"pushed_at":"2025-09-03T19:38:11.000Z","size":196162,"stargazers_count":68945,"open_issues_count":515,"forks_count":15854,"subscribers_count":2030,"default_branch":"main","last_synced_at":"2025-09-03T19:40:00.364Z","etag":null,"topics":["marshalling","protobuf","protobuf-runtime","protoc","protocol-buffers","protocol-compiler","rpc","serialization"],"latest_commit_sha":null,"homepage":"http://protobuf.dev","language":"C++","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"other","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/protocolbuffers.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":"CONTRIBUTING.md","funding":null,"license":"LICENSE","code_of_conduct":"CODE_OF_CONDUCT.md","threat_model":null,"audit":null,"citation":null,"codeowners":".github/CODEOWNERS","security":"SECURITY.md","support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":null,"dco":null,"cla":null}},"created_at":"2014-08-26T15:52:15.000Z","updated_at":"2025-09-03T18:56:40.000Z","dependencies_parsed_at":"2024-03-31T19:41:56.671Z","dependency_job_id":"84c1b4d6-75f9-44a7-8979-275636d0b4f1","html_url":"https://github.com/protocolbuffers/protobuf","commit_stats":{"total_commits":16174,"total_committers":1232,"mean_commits":"13.128246753246753","dds":0.8605168789415111,"last_synced_commit":"bf068d9e0e62dd5a1ea1c3660cb7b9385c6b8262"},"previous_names":["google/protobuf"],"tags_count":411,"template":false,"template_full_name":null,"purl":"pkg:github/protocolbuffers/protobuf","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/protocolbuffers%2Fprotobuf","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/protocolbuffers%2Fprotobuf/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/protocolbuffers%2Fprotobuf/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/protocolbuffers%2Fprotobuf/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/protocolbuffers","download_url":"https://codeload.github.com/protocolbuffers/protobuf/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/protocolbuffers%2Fprotobuf/sbom","scorecard":{"id":437709,"data":{"date":"2025-08-19T00:19:47Z","repo":{"name":"github.com/protocolbuffers/protobuf","commit":"aa1f665cdc44878724aa783ad64f371e227fa619"},"scorecard":{"version":"v4.13.1","commit":"49c0eed3a423f00c872b5c3c9f1bbca9e8aae799"},"score":5.7,"checks":[{"name":"Binary-Artifacts","score":10,"reason":"no binaries found in the repo","details":null,"documentation":{"short":"Determines if the project has generated executable (binary) artifacts in the source repository.","url":"https://github.com/ossf/scorecard/blob/49c0eed3a423f00c872b5c3c9f1bbca9e8aae799/docs/checks.md#binary-artifacts"}},{"name":"Branch-Protection","score":-1,"reason":"internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration","details":null,"documentation":{"short":"Determines if the default and release branches are protected with GitHub's branch protection settings.","url":"https://github.com/ossf/scorecard/blob/49c0eed3a423f00c872b5c3c9f1bbca9e8aae799/docs/checks.md#branch-protection"}},{"name":"CI-Tests","score":10,"reason":"24 out of 24 merged PRs checked by a CI test -- score normalized to 10","details":null,"documentation":{"short":"Determines if the project runs tests before pull requests are merged.","url":"https://github.com/ossf/scorecard/blob/49c0eed3a423f00c872b5c3c9f1bbca9e8aae799/docs/checks.md#ci-tests"}},{"name":"CII-Best-Practices","score":0,"reason":"no effort to earn an OpenSSF best practices badge detected","details":null,"documentation":{"short":"Determines if the project has an OpenSSF (formerly CII) Best Practices Badge.","url":"https://github.com/ossf/scorecard/blob/49c0eed3a423f00c872b5c3c9f1bbca9e8aae799/docs/checks.md#cii-best-practices"}},{"name":"Code-Review","score":0,"reason":"found 28 unreviewed changesets out of 30 -- score normalized to 0","details":null,"documentation":{"short":"Determines if the project requires human code review before pull requests (aka merge requests) are merged.","url":"https://github.com/ossf/scorecard/blob/49c0eed3a423f00c872b5c3c9f1bbca9e8aae799/docs/checks.md#code-review"}},{"name":"Contributors","score":10,"reason":"9 different organizations found -- score normalized to 10","details":["Info: contributors work for GoogleCloudPlatform,bazelbuild,cloudflare,google,googlers,nodatime,protocolbuffers,rust @google,v8"],"documentation":{"short":"Determines if the project has a set of contributors from multiple organizations (e.g., companies).","url":"https://github.com/ossf/scorecard/blob/49c0eed3a423f00c872b5c3c9f1bbca9e8aae799/docs/checks.md#contributors"}},{"name":"Dangerous-Workflow","score":0,"reason":"dangerous workflow patterns detected","details":["Warn: script injection with untrusted input ' !contains(toJson(github.event.pull_request.body), '#test-continuous') ': .github/workflows/test_runner.yml:101"],"documentation":{"short":"Determines if the project's GitHub Action workflows avoid dangerous patterns.","url":"https://github.com/ossf/scorecard/blob/49c0eed3a423f00c872b5c3c9f1bbca9e8aae799/docs/checks.md#dangerous-workflow"}},{"name":"Dependency-Update-Tool","score":10,"reason":"update tool detected","details":["Info: tool 'Dependabot' is used: .github/dependabot.yml:1"],"documentation":{"short":"Determines if the project uses a dependency update tool.","url":"https://github.com/ossf/scorecard/blob/49c0eed3a423f00c872b5c3c9f1bbca9e8aae799/docs/checks.md#dependency-update-tool"}},{"name":"Fuzzing","score":10,"reason":"project is fuzzed","details":["Info: OSSFuzz integration found","Info: CppLibFuzzer integration found: third_party/utf8_range/fuzz/utf8_validity_fuzzer.cc:13","Info: CppLibFuzzer integration found: third_party/utf8_range/fuzz/utf8_validity_fuzzer.cc:13"],"documentation":{"short":"Determines if the project uses fuzzing.","url":"https://github.com/ossf/scorecard/blob/49c0eed3a423f00c872b5c3c9f1bbca9e8aae799/docs/checks.md#fuzzing"}},{"name":"License","score":9,"reason":"license file detected","details":["Info: License file found in expected location: LICENSE:1","Warn: Any licence detected not an FSF or OSI recognized license: LICENSE:1"],"documentation":{"short":"Determines if the project has defined a license.","url":"https://github.com/ossf/scorecard/blob/49c0eed3a423f00c872b5c3c9f1bbca9e8aae799/docs/checks.md#license"}},{"name":"Maintained","score":10,"reason":"30 commit(s) out of 30 and 8 issue activity out of 30 found in the last 90 days -- score normalized to 10","details":null,"documentation":{"short":"Determines if the project is \"actively maintained\".","url":"https://github.com/ossf/scorecard/blob/49c0eed3a423f00c872b5c3c9f1bbca9e8aae799/docs/checks.md#maintained"}},{"name":"Packaging","score":-1,"reason":"no published package detected","details":["Warn: no GitHub/GitLab publishing workflow detected"],"documentation":{"short":"Determines if the project is published as a package that others can easily download, install, easily update, and uninstall.","url":"https://github.com/ossf/scorecard/blob/49c0eed3a423f00c872b5c3c9f1bbca9e8aae799/docs/checks.md#packaging"}},{"name":"Pinned-Dependencies","score":0,"reason":"dependency not pinned by hash detected -- score normalized to 0","details":["Warn: third-party GitHubAction not pinned by hash: .github/workflows/staleness_check.yml:30: update your workflow using https://app.stepsecurity.io/secureworkflow/protocolbuffers/protobuf/staleness_check.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/staleness_check.yml:53: update your workflow using https://app.stepsecurity.io/secureworkflow/protocolbuffers/protobuf/staleness_check.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/test_bazel.yml:38: update your workflow using https://app.stepsecurity.io/secureworkflow/protocolbuffers/protobuf/test_bazel.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/test_bazel.yml:67: update your workflow using https://app.stepsecurity.io/secureworkflow/protocolbuffers/protobuf/test_bazel.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/test_cpp.yml:214: update your workflow using https://app.stepsecurity.io/secureworkflow/protocolbuffers/protobuf/test_cpp.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/test_cpp.yml:220: update your workflow using https://app.stepsecurity.io/secureworkflow/protocolbuffers/protobuf/test_cpp.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/test_cpp.yml:227: update your workflow using https://app.stepsecurity.io/secureworkflow/protocolbuffers/protobuf/test_cpp.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/test_cpp.yml:355: update your workflow using https://app.stepsecurity.io/secureworkflow/protocolbuffers/protobuf/test_cpp.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/test_cpp.yml:361: update your workflow using https://app.stepsecurity.io/secureworkflow/protocolbuffers/protobuf/test_cpp.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/test_cpp.yml:368: update your workflow using https://app.stepsecurity.io/secureworkflow/protocolbuffers/protobuf/test_cpp.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/test_cpp.yml:387: update your workflow using https://app.stepsecurity.io/secureworkflow/protocolbuffers/protobuf/test_cpp.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/test_cpp.yml:392: update your workflow using https://app.stepsecurity.io/secureworkflow/protocolbuffers/protobuf/test_cpp.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/test_cpp.yml:398: update your workflow using https://app.stepsecurity.io/secureworkflow/protocolbuffers/protobuf/test_cpp.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/test_cpp.yml:440: update your workflow using https://app.stepsecurity.io/secureworkflow/protocolbuffers/protobuf/test_cpp.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/test_cpp.yml:445: update your workflow using https://app.stepsecurity.io/secureworkflow/protocolbuffers/protobuf/test_cpp.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/test_cpp.yml:68: update your workflow using https://app.stepsecurity.io/secureworkflow/protocolbuffers/protobuf/test_cpp.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/test_cpp.yml:73: update your workflow using https://app.stepsecurity.io/secureworkflow/protocolbuffers/protobuf/test_cpp.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/test_cpp.yml:95: update your workflow using https://app.stepsecurity.io/secureworkflow/protocolbuffers/protobuf/test_cpp.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/test_cpp.yml:100: update your workflow using https://app.stepsecurity.io/secureworkflow/protocolbuffers/protobuf/test_cpp.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/test_cpp.yml:117: update your workflow using https://app.stepsecurity.io/secureworkflow/protocolbuffers/protobuf/test_cpp.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/test_cpp.yml:122: update your workflow using https://app.stepsecurity.io/secureworkflow/protocolbuffers/protobuf/test_cpp.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/test_cpp.yml:128: update your workflow using https://app.stepsecurity.io/secureworkflow/protocolbuffers/protobuf/test_cpp.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/test_cpp.yml:133: update your workflow using https://app.stepsecurity.io/secureworkflow/protocolbuffers/protobuf/test_cpp.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/test_cpp.yml:172: update your workflow using https://app.stepsecurity.io/secureworkflow/protocolbuffers/protobuf/test_cpp.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/test_cpp.yml:178: update your workflow using https://app.stepsecurity.io/secureworkflow/protocolbuffers/protobuf/test_cpp.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/test_cpp.yml:185: update your workflow using https://app.stepsecurity.io/secureworkflow/protocolbuffers/protobuf/test_cpp.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/test_cpp.yml:281: update your workflow using https://app.stepsecurity.io/secureworkflow/protocolbuffers/protobuf/test_cpp.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/test_cpp.yml:313: update your workflow using https://app.stepsecurity.io/secureworkflow/protocolbuffers/protobuf/test_cpp.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/test_cpp.yml:319: update your workflow using https://app.stepsecurity.io/secureworkflow/protocolbuffers/protobuf/test_cpp.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/test_cpp.yml:326: update your workflow using https://app.stepsecurity.io/secureworkflow/protocolbuffers/protobuf/test_cpp.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/test_cpp.yml:500: update your workflow using https://app.stepsecurity.io/secureworkflow/protocolbuffers/protobuf/test_cpp.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/test_cpp.yml:513: update your workflow using https://app.stepsecurity.io/secureworkflow/protocolbuffers/protobuf/test_cpp.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/test_cpp.yml:521: update your workflow using https://app.stepsecurity.io/secureworkflow/protocolbuffers/protobuf/test_cpp.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/test_cpp.yml:547: update your workflow using https://app.stepsecurity.io/secureworkflow/protocolbuffers/protobuf/test_cpp.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/test_csharp.yml:22: update your workflow using https://app.stepsecurity.io/secureworkflow/protocolbuffers/protobuf/test_csharp.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/test_csharp.yml:28: update your workflow using https://app.stepsecurity.io/secureworkflow/protocolbuffers/protobuf/test_csharp.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/test_csharp.yml:44: update your workflow using https://app.stepsecurity.io/secureworkflow/protocolbuffers/protobuf/test_csharp.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/test_csharp.yml:56: update your workflow using https://app.stepsecurity.io/secureworkflow/protocolbuffers/protobuf/test_csharp.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/test_csharp.yml:66: update your workflow using https://app.stepsecurity.io/secureworkflow/protocolbuffers/protobuf/test_csharp.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/test_csharp.yml:79: update your workflow using https://app.stepsecurity.io/secureworkflow/protocolbuffers/protobuf/test_csharp.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/test_csharp.yml:86: update your workflow using https://app.stepsecurity.io/secureworkflow/protocolbuffers/protobuf/test_csharp.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/test_csharp.yml:103: update your workflow using https://app.stepsecurity.io/secureworkflow/protocolbuffers/protobuf/test_csharp.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/test_java.yml:66: update your workflow using https://app.stepsecurity.io/secureworkflow/protocolbuffers/protobuf/test_java.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/test_java.yml:71: update your workflow using https://app.stepsecurity.io/secureworkflow/protocolbuffers/protobuf/test_java.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/test_java.yml:103: update your workflow using https://app.stepsecurity.io/secureworkflow/protocolbuffers/protobuf/test_java.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/test_java.yml:107: update your workflow using https://app.stepsecurity.io/secureworkflow/protocolbuffers/protobuf/test_java.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/test_objectivec.yml:53: update your workflow using https://app.stepsecurity.io/secureworkflow/protocolbuffers/protobuf/test_objectivec.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/test_objectivec.yml:59: update your workflow using https://app.stepsecurity.io/secureworkflow/protocolbuffers/protobuf/test_objectivec.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/test_objectivec.yml:66: update your workflow using https://app.stepsecurity.io/secureworkflow/protocolbuffers/protobuf/test_objectivec.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/test_objectivec.yml:105: update your workflow using https://app.stepsecurity.io/secureworkflow/protocolbuffers/protobuf/test_objectivec.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/test_objectivec.yml:113: update your workflow using https://app.stepsecurity.io/secureworkflow/protocolbuffers/protobuf/test_objectivec.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/test_objectivec.yml:156: update your workflow using https://app.stepsecurity.io/secureworkflow/protocolbuffers/protobuf/test_objectivec.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/test_objectivec.yml:161: update your workflow using https://app.stepsecurity.io/secureworkflow/protocolbuffers/protobuf/test_objectivec.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/test_php.yml:61: update your workflow using https://app.stepsecurity.io/secureworkflow/protocolbuffers/protobuf/test_php.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/test_php.yml:66: update your workflow using https://app.stepsecurity.io/secureworkflow/protocolbuffers/protobuf/test_php.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/test_php.yml:72: update your workflow using https://app.stepsecurity.io/secureworkflow/protocolbuffers/protobuf/test_php.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/test_php.yml:115: update your workflow using https://app.stepsecurity.io/secureworkflow/protocolbuffers/protobuf/test_php.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/test_php.yml:122: update your workflow using https://app.stepsecurity.io/secureworkflow/protocolbuffers/protobuf/test_php.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/test_php.yml:130: update your workflow using https://app.stepsecurity.io/secureworkflow/protocolbuffers/protobuf/test_php.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/test_php.yml:137: update your workflow using https://app.stepsecurity.io/secureworkflow/protocolbuffers/protobuf/test_php.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/test_php.yml:155: update your workflow using https://app.stepsecurity.io/secureworkflow/protocolbuffers/protobuf/test_php.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/test_php.yml:161: update your workflow using https://app.stepsecurity.io/secureworkflow/protocolbuffers/protobuf/test_php.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/test_php.yml:168: update your workflow using https://app.stepsecurity.io/secureworkflow/protocolbuffers/protobuf/test_php.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/test_php.yml:174: update your workflow using https://app.stepsecurity.io/secureworkflow/protocolbuffers/protobuf/test_php.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/test_php.yml:200: update your workflow using https://app.stepsecurity.io/secureworkflow/protocolbuffers/protobuf/test_php.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/test_php.yml:224: update your workflow using https://app.stepsecurity.io/secureworkflow/protocolbuffers/protobuf/test_php.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/test_php.yml:231: update your workflow using https://app.stepsecurity.io/secureworkflow/protocolbuffers/protobuf/test_php.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/test_php.yml:245: update your workflow using https://app.stepsecurity.io/secureworkflow/protocolbuffers/protobuf/test_php.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/test_php_ext.yml:31: update your workflow using https://app.stepsecurity.io/secureworkflow/protocolbuffers/protobuf/test_php_ext.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/test_php_ext.yml:36: update your workflow using https://app.stepsecurity.io/secureworkflow/protocolbuffers/protobuf/test_php_ext.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/test_php_ext.yml:72: update your workflow using https://app.stepsecurity.io/secureworkflow/protocolbuffers/protobuf/test_php_ext.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/test_python.yml:62: update your workflow using https://app.stepsecurity.io/secureworkflow/protocolbuffers/protobuf/test_python.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/test_python.yml:67: update your workflow using https://app.stepsecurity.io/secureworkflow/protocolbuffers/protobuf/test_python.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/test_python.yml:96: update your workflow using https://app.stepsecurity.io/secureworkflow/protocolbuffers/protobuf/test_python.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/test_python.yml:116: update your workflow using https://app.stepsecurity.io/secureworkflow/protocolbuffers/protobuf/test_python.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/test_ruby.yml:103: update your workflow using https://app.stepsecurity.io/secureworkflow/protocolbuffers/protobuf/test_ruby.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/test_ruby.yml:109: update your workflow using https://app.stepsecurity.io/secureworkflow/protocolbuffers/protobuf/test_ruby.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/test_ruby.yml:116: update your workflow using https://app.stepsecurity.io/secureworkflow/protocolbuffers/protobuf/test_ruby.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/test_ruby.yml:149: update your workflow using https://app.stepsecurity.io/secureworkflow/protocolbuffers/protobuf/test_ruby.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/test_ruby.yml:165: update your workflow using https://app.stepsecurity.io/secureworkflow/protocolbuffers/protobuf/test_ruby.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/test_ruby.yml:193: update your workflow using https://app.stepsecurity.io/secureworkflow/protocolbuffers/protobuf/test_ruby.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/test_ruby.yml:198: update your workflow using https://app.stepsecurity.io/secureworkflow/protocolbuffers/protobuf/test_ruby.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/test_ruby.yml:47: update your workflow using https://app.stepsecurity.io/secureworkflow/protocolbuffers/protobuf/test_ruby.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/test_ruby.yml:52: update your workflow using https://app.stepsecurity.io/secureworkflow/protocolbuffers/protobuf/test_ruby.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/test_ruby.yml:72: update your workflow using https://app.stepsecurity.io/secureworkflow/protocolbuffers/protobuf/test_ruby.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/test_ruby.yml:78: update your workflow using https://app.stepsecurity.io/secureworkflow/protocolbuffers/protobuf/test_ruby.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/test_ruby.yml:85: update your workflow using https://app.stepsecurity.io/secureworkflow/protocolbuffers/protobuf/test_ruby.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/test_rust.yml:48: update your workflow using https://app.stepsecurity.io/secureworkflow/protocolbuffers/protobuf/test_rust.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/test_rust.yml:52: update your workflow using https://app.stepsecurity.io/secureworkflow/protocolbuffers/protobuf/test_rust.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/test_rust.yml:68: update your workflow using https://app.stepsecurity.io/secureworkflow/protocolbuffers/protobuf/test_rust.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/test_rust.yml:75: update your workflow using https://app.stepsecurity.io/secureworkflow/protocolbuffers/protobuf/test_rust.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/test_upb.yml:66: update your workflow using https://app.stepsecurity.io/secureworkflow/protocolbuffers/protobuf/test_upb.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/test_upb.yml:70: update your workflow using https://app.stepsecurity.io/secureworkflow/protocolbuffers/protobuf/test_upb.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/test_upb.yml:155: update your workflow using https://app.stepsecurity.io/secureworkflow/protocolbuffers/protobuf/test_upb.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/test_upb.yml:159: update your workflow using https://app.stepsecurity.io/secureworkflow/protocolbuffers/protobuf/test_upb.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/test_upb.yml:339: update your workflow using https://app.stepsecurity.io/secureworkflow/protocolbuffers/protobuf/test_upb.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/test_upb.yml:45: update your workflow using https://app.stepsecurity.io/secureworkflow/protocolbuffers/protobuf/test_upb.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/test_upb.yml:50: update your workflow using https://app.stepsecurity.io/secureworkflow/protocolbuffers/protobuf/test_upb.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/test_upb.yml:87: update your workflow using https://app.stepsecurity.io/secureworkflow/protocolbuffers/protobuf/test_upb.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/test_upb.yml:91: update your workflow using https://app.stepsecurity.io/secureworkflow/protocolbuffers/protobuf/test_upb.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/test_upb.yml:110: update your workflow using https://app.stepsecurity.io/secureworkflow/protocolbuffers/protobuf/test_upb.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/test_upb.yml:120: update your workflow using https://app.stepsecurity.io/secureworkflow/protocolbuffers/protobuf/test_upb.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/test_upb.yml:134: update your workflow using https://app.stepsecurity.io/secureworkflow/protocolbuffers/protobuf/test_upb.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/test_upb.yml:138: update your workflow using https://app.stepsecurity.io/secureworkflow/protocolbuffers/protobuf/test_upb.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/test_yaml.yml:20: update your workflow using https://app.stepsecurity.io/secureworkflow/protocolbuffers/protobuf/test_yaml.yml/main?enable=pin","Warn: pipCommand not pinned by hash: .github/workflows/test_upb.yml:235","Warn: pipCommand not pinned by hash: .github/workflows/test_upb.yml:242","Warn: pipCommand not pinned by hash: .github/workflows/test_upb.yml:247","Warn: pipCommand not pinned by hash: .github/workflows/test_upb.yml:250","Warn: pipCommand not pinned by hash: .github/workflows/test_upb.yml:256","Warn: pipCommand not pinned by hash: .github/workflows/test_upb.yml:263","Warn: pipCommand not pinned by hash: .github/workflows/test_upb.yml:299","Warn: pipCommand not pinned by hash: .github/workflows/test_upb.yml:310","Warn: pipCommand not pinned by hash: .github/workflows/test_upb.yml:312","Warn: pipCommand not pinned by hash: .github/workflows/test_upb.yml:359","Warn: pipCommand not pinned by hash: .github/workflows/test_upb.yml:372","Warn: pipCommand not pinned by hash: .github/workflows/test_upb.yml:375","Info:  28 out of  28 GitHub-owned GitHubAction dependencies pinned","Info:   5 out of 110 third-party GitHubAction dependencies pinned","Info:   0 out of  12 pipCommand dependencies pinned"],"documentation":{"short":"Determines if the project has declared and pinned the dependencies of its build process.","url":"https://github.com/ossf/scorecard/blob/49c0eed3a423f00c872b5c3c9f1bbca9e8aae799/docs/checks.md#pinned-dependencies"}},{"name":"SAST","score":9,"reason":"SAST tool is not run on all commits -- score normalized to 9","details":["Warn: 23 commits out of 24 are checked with a SAST tool","Warn: CodeQL tool not detected"],"documentation":{"short":"Determines if the project uses static code analysis.","url":"https://github.com/ossf/scorecard/blob/49c0eed3a423f00c872b5c3c9f1bbca9e8aae799/docs/checks.md#sast"}},{"name":"Security-Policy","score":10,"reason":"security policy file detected","details":["Info: security policy file detected: SECURITY.md:1","Info: Found linked content: SECURITY.md:1","Info: Found disclosure, vulnerability, and/or timelines in security policy: SECURITY.md:1","Info: Found text in security policy: SECURITY.md:1"],"documentation":{"short":"Determines if the project has published a security policy.","url":"https://github.com/ossf/scorecard/blob/49c0eed3a423f00c872b5c3c9f1bbca9e8aae799/docs/checks.md#security-policy"}},{"name":"Signed-Releases","score":0,"reason":"0 out of 5 artifacts are signed or have provenance","details":["Warn: release artifact v32.0 does not have provenance: https://api.github.com/repos/protocolbuffers/protobuf/releases/240085594","Warn: release artifact v32.0 not signed: https://api.github.com/repos/protocolbuffers/protobuf/releases/240085594","Warn: release artifact v32.0-rc2 does not have provenance: https://api.github.com/repos/protocolbuffers/protobuf/releases/237762298","Warn: release artifact v32.0-rc2 not signed: https://api.github.com/repos/protocolbuffers/protobuf/releases/237762298","Warn: release artifact v32.0-rc1 does not have provenance: https://api.github.com/repos/protocolbuffers/protobuf/releases/234069969","Warn: release artifact v32.0-rc1 not signed: https://api.github.com/repos/protocolbuffers/protobuf/releases/234069969","Warn: release artifact v31.1 does not have provenance: https://api.github.com/repos/protocolbuffers/protobuf/releases/221645360","Warn: release artifact v31.1 not signed: https://api.github.com/repos/protocolbuffers/protobuf/releases/221645360","Warn: release artifact v29.5 does not have provenance: https://api.github.com/repos/protocolbuffers/protobuf/releases/221681497","Warn: release artifact v29.5 not signed: https://api.github.com/repos/protocolbuffers/protobuf/releases/221681497"],"documentation":{"short":"Determines if the project cryptographically signs release artifacts.","url":"https://github.com/ossf/scorecard/blob/49c0eed3a423f00c872b5c3c9f1bbca9e8aae799/docs/checks.md#signed-releases"}},{"name":"Token-Permissions","score":10,"reason":"GitHub workflow tokens follow principle of least privilege","details":["Info: topLevel 'contents' permission set to 'read': .github/workflows/clear_caches.yml:12","Warn: jobLevel 'actions' permission set to 'write': .github/workflows/clear_caches.yml:23: Verify which permissions are needed and consider whether you can reduce them. (High effort)","Info: jobLevel 'contents' permission set to 'read': .github/workflows/clear_caches.yml:24","Info: topLevel 'contents' permission set to 'read': .github/workflows/forked_pr_workflow_check.yml:21","Info: topLevel permissions set to 'none': .github/workflows/janitor.yml:1","Warn: jobLevel 'contents' permission set to 'write': .github/workflows/janitor.yml:16: Verify which permissions are needed and consider whether you can reduce them. (High effort)","Info: topLevel permissions set to 'read-all': .github/workflows/scorecard.yml:18","Info: topLevel 'contents' permission set to 'read': .github/workflows/staleness_check.yml:21","Info: topLevel permissions set to 'none': .github/workflows/staleness_refresh.yml:1","Warn: jobLevel 'contents' permission set to 'write': .github/workflows/staleness_refresh.yml:13: Verify which permissions are needed and consider whether you can reduce them. (High effort)","Info: topLevel 'contents' permission set to 'read': .github/workflows/test_bazel.yml:22","Info: topLevel 'contents' permission set to 'read': .github/workflows/test_cpp.yml:23","Info: topLevel 'contents' permission set to 'read': .github/workflows/test_csharp.yml:12","Info: topLevel 'contents' permission set to 'read': .github/workflows/test_java.yml:23","Info: topLevel 'contents' permission set to 'read': .github/workflows/test_objectivec.yml:23","Info: topLevel 'contents' permission set to 'read': .github/workflows/test_php.yml:24","Info: topLevel 'contents' permission set to 'read': .github/workflows/test_php_ext.yml:23","Info: topLevel 'contents' permission set to 'read': .github/workflows/test_python.yml:23","Info: topLevel permissions set to 'none': .github/workflows/test_release_branches.yml:1","Warn: jobLevel 'actions' permission set to 'write': .github/workflows/test_release_branches.yml:19: Verify which permissions are needed and consider whether you can reduce them. (High effort)","Info: topLevel 'contents' permission set to 'read': .github/workflows/test_ruby.yml:23","Info: topLevel 'contents' permission set to 'read': .github/workflows/test_runner.yml:47","Info: topLevel 'contents' permission set to 'read': .github/workflows/test_rust.yml:12","Info: topLevel 'contents' permission set to 'read': .github/workflows/test_upb.yml:23","Info: topLevel 'contents' permission set to 'read': .github/workflows/test_yaml.yml:12","Info: topLevel 'contents' permission set to 'read': .github/workflows/update_php_repo.yml:10"],"documentation":{"short":"Determines if the project's workflows follow the principle of least privilege.","url":"https://github.com/ossf/scorecard/blob/49c0eed3a423f00c872b5c3c9f1bbca9e8aae799/docs/checks.md#token-permissions"}},{"name":"Vulnerabilities","score":1,"reason":"9 existing vulnerabilities detected","details":["Warn: Project is vulnerable to: RUSTSEC-2024-0436","Warn: Project is vulnerable to: GHSA-8r3f-844c-mc37 / GO-2024-2611","Warn: Project is vulnerable to: GHSA-4gg5-vx3j-xwc7","Warn: Project is vulnerable to: GHSA-735f-pc8j-v9w8","Warn: Project is vulnerable to: GHSA-77rm-9x9h-xj3g","Warn: Project is vulnerable to: GHSA-g5ww-5jh7-63cx","Warn: Project is vulnerable to: GHSA-h4h5-3hr4-j3g2","Warn: Project is vulnerable to: GHSA-wrvw-hg22-4m67","Warn: Project is vulnerable to: GHSA-5mg8-w23w-74h3"],"documentation":{"short":"Determines if the project has open, known unfixed vulnerabilities.","url":"https://github.com/ossf/scorecard/blob/49c0eed3a423f00c872b5c3c9f1bbca9e8aae799/docs/checks.md#vulnerabilities"}}]},"last_synced_at":"2025-08-19T05:03:43.866Z","repository_id":20088389,"created_at":"2025-08-19T05:03:43.866Z","updated_at":"2025-08-19T05:03:43.866Z"},"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":273555481,"owners_count":25126321,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","status":"online","status_checked_at":"2025-09-04T02:00:08.968Z","response_time":61,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["marshalling","protobuf","protobuf-runtime","protoc","protocol-buffers","protocol-compiler","rpc","serialization"],"created_at":"2024-07-30T19:00:24.488Z","updated_at":"2026-01-15T22:20:50.035Z","avatar_url":"https://github.com/protocolbuffers.png","language":"C++","readme":"Protocol Buffers - Google's data interchange format\n===================================================\n\n[![OpenSSF Scorecard](https://api.securityscorecards.dev/projects/github.com/protocolbuffers/protobuf/badge)](https://securityscorecards.dev/viewer/?uri=github.com/protocolbuffers/protobuf)\n\nCopyright 2008 Google LLC\n\nOverview\n--------\n\nProtocol Buffers (a.k.a., protobuf) are Google's language-neutral,\nplatform-neutral, extensible mechanism for serializing structured data. You\ncan learn more about it in [protobuf's documentation](https://protobuf.dev).\n\nThis README file contains protobuf installation instructions. To install\nprotobuf, you need to install the protocol compiler (used to compile .proto\nfiles) and the protobuf runtime for your chosen programming language.\n\nWorking With Protobuf Source Code\n---------------------------------\n\nMost users will find working from\n[supported releases](https://github.com/protocolbuffers/protobuf/releases) to be\nthe easiest path.\n\nIf you choose to work from the head revision of the main branch your build will\noccasionally be broken by source-incompatible changes and insufficiently-tested\n(and therefore broken) behavior.\n\nIf you are using C++ or otherwise need to build protobuf from source as a part\nof your project, you should pin to a release commit on a release branch.\n\nThis is because even release branches can experience some instability in between\nrelease commits.\n\n### Bazel with Bzlmod\n\nProtobuf supports\n[Bzlmod](https://bazel.build/external/module) with Bazel 7 +.\nUsers should specify a dependency on protobuf in their MODULE.bazel file as\nfollows.\n\n```\nbazel_dep(name = \"protobuf\", version = \u003cVERSION\u003e)\n```\n\nUsers can optionally override the repo name, such as for compatibility with\nWORKSPACE.\n\n```\nbazel_dep(name = \"protobuf\", version = \u003cVERSION\u003e, repo_name = \"com_google_protobuf\")\n```\n\n### Bazel with WORKSPACE\n\nUsers can also add the following to their legacy\n[WORKSPACE](https://bazel.build/external/overview#workspace-system) file.\n\nNote that with the release of 30.x there are a few more load statements to\nproperly set up rules_java and rules_python.\n\n```\nhttp_archive(\n    name = \"com_google_protobuf\",\n    strip_prefix = \"protobuf-VERSION\",\n    sha256 = ...,\n    url = ...,\n)\n\nload(\"@com_google_protobuf//:protobuf_deps.bzl\", \"protobuf_deps\")\n\nprotobuf_deps()\n\nload(\"@rules_java//java:rules_java_deps.bzl\", \"rules_java_dependencies\")\n\nrules_java_dependencies()\n\nload(\"@rules_java//java:repositories.bzl\", \"rules_java_toolchains\")\n\nrules_java_toolchains()\n\nload(\"@rules_python//python:repositories.bzl\", \"py_repositories\")\n\npy_repositories()\n```\n\nProtobuf Compiler Installation\n------------------------------\n\nThe protobuf compiler is written in C++. If you are using C++, please follow\nthe [C++ Installation Instructions](src/README.md) to install protoc along\nwith the C++ runtime.\n\nFor non-C++ users, the simplest way to install the protocol compiler is to\ndownload a pre-built binary from our [GitHub release page](https://github.com/protocolbuffers/protobuf/releases).\n\nIn the downloads section of each release, you can find pre-built binaries in\nzip packages: `protoc-$VERSION-$PLATFORM.zip`. It contains the protoc binary\nas well as a set of standard `.proto` files distributed along with protobuf.\n\nIf you are looking for an old version that is not available in the release\npage, check out the [Maven repository](https://repo1.maven.org/maven2/com/google/protobuf/protoc/).\n\nThese pre-built binaries are only provided for released versions. If you want\nto use the github main version at HEAD, or you need to modify protobuf code,\nor you are using C++, it's recommended to build your own protoc binary from\nsource.\n\nIf you would like to build protoc binary from source, see the [C++ Installation Instructions](src/README.md).\n\nProtobuf Runtime Installation\n-----------------------------\n\nProtobuf supports several different programming languages. For each programming\nlanguage, you can find instructions in the corresponding source directory about\nhow to install protobuf runtime for that specific language:\n\n| Language                             | Source                                                      |\n|--------------------------------------|-------------------------------------------------------------|\n| C++ (include C++ runtime and protoc) | [src](src)                                                  |\n| Java                                 | [java](java)                                                |\n| Python                               | [python](python)                                            |\n| Objective-C                          | [objectivec](objectivec)                                    |\n| C#                                   | [csharp](csharp)                                            |\n| Ruby                                 | [ruby](ruby)                                                |\n| Go                                   | [protocolbuffers/protobuf-go](https://github.com/protocolbuffers/protobuf-go)|\n| PHP                                  | [php](php)                                                  |\n| Dart                                 | [dart-lang/protobuf](https://github.com/dart-lang/protobuf) |\n| JavaScript                           | [protocolbuffers/protobuf-javascript](https://github.com/protocolbuffers/protobuf-javascript)|\n\nQuick Start\n-----------\n\nThe best way to learn how to use protobuf is to follow the [tutorials in our\ndeveloper guide](https://protobuf.dev/getting-started).\n\nIf you want to learn from code examples, take a look at the examples in the\n[examples](examples) directory.\n\nDocumentation\n-------------\n\nThe complete documentation is available at the [Protocol Buffers doc site](https://protobuf.dev).\n\nSupport Policy\n--------------\n\nRead about our [version support policy](https://protobuf.dev/version-support/)\nto stay current on support timeframes for the language libraries.\n\nDeveloper Community\n-------------------\n\nTo be alerted to upcoming changes in Protocol Buffers and connect with protobuf developers and users,\n[join the Google Group](https://groups.google.com/g/protobuf).\n","funding_links":[],"categories":["C++","Serialization","Misc","开发资源","Projects","\u003ca name=\"cpp\"\u003e\u003c/a\u003eC++","Network and Middleware","C++ (70)","Data Format \u0026 I/O","项目","Data Serialization","Cpp","Features","HarmonyOS","其他","Libraries","蓝队工具","Uncategorized","Recently Updated","System","Serialization format","Repositories","工具","Resources"],"sub_categories":["C/C++","Data Structures","Real-Time Kernel","Streaming Data Management","数据结构","Windows Manager","网络服务_其他","C++","云原生相关工具","Uncategorized","[Apr 02, 2025](/content/2025/04/02/README.md)","Network and Middleware","开发工具","Data Formats"],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fprotocolbuffers%2Fprotobuf","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fprotocolbuffers%2Fprotobuf","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fprotocolbuffers%2Fprotobuf/lists"}