{"id":15065901,"url":"https://github.com/pukkaone/grapid","last_synced_at":"2026-01-18T18:33:24.356Z","repository":{"id":37986217,"uuid":"172007940","full_name":"pukkaone/grapid","owner":"pukkaone","description":"Schema-first GraphQL server framework for Java","archived":false,"fork":false,"pushed_at":"2025-09-28T22:45:14.000Z","size":623,"stargazers_count":2,"open_issues_count":10,"forks_count":0,"subscribers_count":2,"default_branch":"main","last_synced_at":"2025-09-29T00:17:14.356Z","etag":null,"topics":["framework","graphql","graphql-java","graphql-server","java","spring","spring-boot"],"latest_commit_sha":null,"homepage":"https://pukkaone.github.io/grapid/","language":"Java","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/pukkaone.png","metadata":{"files":{"readme":"README.adoc","changelog":null,"contributing":null,"funding":null,"license":"LICENSE.txt","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2019-02-22T06:35:45.000Z","updated_at":"2025-09-28T22:45:18.000Z","dependencies_parsed_at":"2023-02-19T03:46:16.040Z","dependency_job_id":"e2b1763b-6d0a-463e-b068-bf10ded42805","html_url":"https://github.com/pukkaone/grapid","commit_stats":null,"previous_names":[],"tags_count":6,"template":false,"template_full_name":null,"purl":"pkg:github/pukkaone/grapid","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pukkaone%2Fgrapid","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pukkaone%2Fgrapid/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pukkaone%2Fgrapid/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pukkaone%2Fgrapid/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/pukkaone","download_url":"https://codeload.github.com/pukkaone/grapid/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pukkaone%2Fgrapid/sbom","scorecard":{"id":749305,"data":{"date":"2025-08-11","repo":{"name":"github.com/pukkaone/grapid","commit":"ffbd115535c9b1258fa08fc798114c59f1102738"},"scorecard":{"version":"v5.2.1-40-gf6ed084d","commit":"f6ed084d17c9236477efd66e5b258b9d4cc7b389"},"score":4.2,"checks":[{"name":"Dangerous-Workflow","score":10,"reason":"no dangerous workflow patterns detected","details":null,"documentation":{"short":"Determines if the project's GitHub Action workflows avoid dangerous patterns.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#dangerous-workflow"}},{"name":"Maintained","score":0,"reason":"0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0","details":null,"documentation":{"short":"Determines if the project is \"actively maintained\".","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#maintained"}},{"name":"Code-Review","score":0,"reason":"Found 0/1 approved changesets -- score normalized to 0","details":null,"documentation":{"short":"Determines if the project requires human code review before pull requests (aka merge requests) are merged.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#code-review"}},{"name":"Token-Permissions","score":0,"reason":"detected GitHub workflow tokens with excessive permissions","details":["Warn: no topLevel permission defined: .github/workflows/codeql-analysis.yml:1","Warn: no topLevel permission defined: .github/workflows/continuous-integration.yml:1","Info: no jobLevel write permissions found"],"documentation":{"short":"Determines if the project's workflows follow the principle of least privilege.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#token-permissions"}},{"name":"Binary-Artifacts","score":9,"reason":"binaries present in source code","details":["Warn: binary detected: .mvn/wrapper/maven-wrapper.jar:1"],"documentation":{"short":"Determines if the project has generated executable (binary) artifacts in the source repository.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#binary-artifacts"}},{"name":"Pinned-Dependencies","score":0,"reason":"dependency not pinned by hash detected -- score normalized to 0","details":["Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/codeql-analysis.yml:27: update your workflow using https://app.stepsecurity.io/secureworkflow/pukkaone/grapid/codeql-analysis.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/codeql-analysis.yml:33: update your workflow using https://app.stepsecurity.io/secureworkflow/pukkaone/grapid/codeql-analysis.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/codeql-analysis.yml:52: update your workflow using https://app.stepsecurity.io/secureworkflow/pukkaone/grapid/codeql-analysis.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/codeql-analysis.yml:61: update your workflow using https://app.stepsecurity.io/secureworkflow/pukkaone/grapid/codeql-analysis.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/continuous-integration.yml:9: update your workflow using https://app.stepsecurity.io/secureworkflow/pukkaone/grapid/continuous-integration.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/continuous-integration.yml:14: update your workflow using https://app.stepsecurity.io/secureworkflow/pukkaone/grapid/continuous-integration.yml/main?enable=pin","Info:   0 out of   6 GitHub-owned GitHubAction dependencies pinned"],"documentation":{"short":"Determines if the project has declared and pinned the dependencies of its build process.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#pinned-dependencies"}},{"name":"CII-Best-Practices","score":0,"reason":"no effort to earn an OpenSSF best practices badge detected","details":null,"documentation":{"short":"Determines if the project has an OpenSSF (formerly CII) Best Practices Badge.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#cii-best-practices"}},{"name":"Security-Policy","score":0,"reason":"security policy file not detected","details":["Warn: no security policy file detected","Warn: no security file to analyze","Warn: no security file to analyze","Warn: no security file to analyze"],"documentation":{"short":"Determines if the project has published a security policy.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#security-policy"}},{"name":"Fuzzing","score":0,"reason":"project is not fuzzed","details":["Warn: no fuzzer integrations found"],"documentation":{"short":"Determines if the project uses fuzzing.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#fuzzing"}},{"name":"License","score":10,"reason":"license file detected","details":["Info: project has a license file: LICENSE.txt:0","Info: FSF or OSI recognized license: Apache License 2.0: LICENSE.txt:0"],"documentation":{"short":"Determines if the project has defined a license.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#license"}},{"name":"Signed-Releases","score":-1,"reason":"no releases found","details":null,"documentation":{"short":"Determines if the project cryptographically signs release artifacts.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#signed-releases"}},{"name":"Packaging","score":-1,"reason":"packaging workflow not detected","details":["Warn: no GitHub/GitLab publishing workflow detected."],"documentation":{"short":"Determines if the project is published as a package that others can easily download, install, easily update, and uninstall.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#packaging"}},{"name":"Branch-Protection","score":-1,"reason":"internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration","details":null,"documentation":{"short":"Determines if the default and release branches are protected with GitHub's branch protection settings.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#branch-protection"}},{"name":"SAST","score":7,"reason":"SAST tool detected but not run on all commits","details":["Info: SAST configuration detected: CodeQL","Warn: 0 commits out of 29 are checked with a SAST tool"],"documentation":{"short":"Determines if the project uses static code analysis.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#sast"}},{"name":"Vulnerabilities","score":10,"reason":"0 existing vulnerabilities detected","details":null,"documentation":{"short":"Determines if the project has open, known unfixed vulnerabilities.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#vulnerabilities"}}]},"last_synced_at":"2025-08-22T19:47:30.416Z","repository_id":37986217,"created_at":"2025-08-22T19:47:30.417Z","updated_at":"2025-08-22T19:47:30.417Z"},"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":28547269,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-01-18T14:59:57.589Z","status":"ssl_error","status_checked_at":"2026-01-18T14:59:46.540Z","response_time":98,"last_error":"SSL_read: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["framework","graphql","graphql-java","graphql-server","java","spring","spring-boot"],"created_at":"2024-09-25T00:57:10.905Z","updated_at":"2026-01-18T18:33:24.335Z","avatar_url":"https://github.com/pukkaone.png","language":"Java","funding_links":[],"categories":[],"sub_categories":[],"readme":"= Grapid {nbsp}image:{maven-image}[Maven Central,link=\"{maven-link}\"]\n:maven-image: https://maven-badges.herokuapp.com/maven-central/com.github.pukkaone/grapid-core/badge.svg\n:maven-link: https://maven-badges.herokuapp.com/maven-central/com.github.pukkaone/grapid-core\n\nGrapid is an opinionated, schema-first framework for implementing GraphQL servers in Java.  While\nthe framework prescribes where you put GraphQL schema definition files and Java classes, you only\nneed to implement the business logic for your API.  The framework generates the code to wire GraphQL\nrequests to your business logic.\n\n\n== GraphQL Server Quick Start Guide\n\nAdd this Spring Boot starter which auto-configures a GraphQL server accepting requests by HTTP.\nBy default, the server URL path is `/graphql` relative to the context path.\n\n[source,xml]\n----\n\u003cdependency\u003e\n  \u003cgroupId\u003ecom.github.pukkaone\u003c/groupId\u003e\n  \u003cartifactId\u003egrapid-web-spring-boot-starter\u003c/artifactId\u003e\n  \u003cversion\u003e${grapid.version}\u003c/version\u003e\n\u003c/dependency\u003e\n----\n\nAdd this Maven plugin which compiles GraphQL schema definition files to Java source files.\n\n[source,xml]\n----\n\u003cplugin\u003e\n  \u003cgroupId\u003ecom.github.pukkaone\u003c/groupId\u003e\n  \u003cartifactId\u003egrapid-maven-plugin\u003c/artifactId\u003e\n  \u003cversion\u003e${grapid.version}\u003c/version\u003e\n  \u003cconfiguration\u003e\n    \u003c!-- The compiler generates Java classes under this Java package. --\u003e\n    \u003cpackagePrefix\u003ecom.example.graphql\u003c/packagePrefix\u003e\n  \u003c/configuration\u003e\n  \u003cexecutions\u003e\n    \u003cexecution\u003e\n      \u003cgoals\u003e\n        \u003cgoal\u003ecompile\u003c/goal\u003e\n      \u003c/goals\u003e\n    \u003c/execution\u003e\n  \u003c/executions\u003e\n\u003c/plugin\u003e\n----\n\nAn API version represents a set of types and operations defined by a GraphQL schema.  A version\nidentifier must be a valid Java identifier and not a Java keyword.\n\nBy convention, GraphQL schema definition files are located under a resources directory\n`src/main/resources/graphql/_version_/` where _version_ identifies an API version.  Create the\nresources directory `src/main/resources/graphql/v2018_12_31/`.  Add this GraphQL schema definition\nfile in the directory.  By convention, GraphQL schema definition file names end with the extension\n`.graphqls`.\n\n.Author.graphqls\n[source,graphql]\n----\ntype Author {\n  id: ID!\n  name: String!\n}\n\ntype Query {\n  author(id: ID!): Author\n}\n----\n\nThe GraphQL schema defines the root object type Query.  The compiler appends the suffix `Resolver`\nto this root object type name to derive the Java class name QueryResolver.  As an application\ndeveloper, you must implement the QueryResolver class.  By convention, this class is in the Java\npackage named _packagePrefix_``.resolver``.\n\n.QueryResolver.java\n[source,java]\n----\npackage com.example.graphql.resolver;\n\nimport com.example.graphql.v2018_12_31.type.Author; // \u003c1\u003e\nimport org.springframework.stereotype.Component;\n\n@Component\npublic class QueryResolver {\n\n  public Author author(String id) { // \u003c2\u003e\n    return Author.builder()\n        .id(id)\n        .name(\"NAME\")\n        .build();\n  }\n}\n----\n\u003c1\u003e The compiler generated the simple Java data class Author from the GraphQL object type Author.\n\u003c2\u003e The compiler translated this Java method signature from the field `author` of the GraphQL\n    root object type Query.\n\nRun the application.  In https://github.com/prisma/graphql-playground[GraphQL Playground],\nconnect to `http://localhost:8080/graphql/v2018_12_31` to send a GraphQL query to the server.\n\nFor more details, see the https://pukkaone.github.io/grapid/documentation/[Getting Started Guide].\n\n\n== Interface Stability\n\nMajor version zero (0.x.x) is for initial development. Anything may change at any time. The public\nAPI should not be considered stable.\n\n\n== Building\n\nPrerequisites are:\n\n  - Java 17\n  - Gradle\n\nTo compile the project and run integration tests:\n\n----\ngradle publishToMavenLocal check\n----\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fpukkaone%2Fgrapid","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fpukkaone%2Fgrapid","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fpukkaone%2Fgrapid/lists"}