{"id":13400472,"url":"https://github.com/rails/rails","last_synced_at":"2025-10-24T13:34:47.771Z","repository":{"id":390886,"uuid":"8514","full_name":"rails/rails","owner":"rails","description":"Ruby on Rails","archived":false,"fork":false,"pushed_at":"2025-10-23T21:36:43.000Z","size":271007,"stargazers_count":57758,"open_issues_count":1299,"forks_count":22008,"subscribers_count":2317,"default_branch":"main","last_synced_at":"2025-10-24T07:51:39.086Z","etag":null,"topics":["activejob","activerecord","framework","html","mvc","rails","ruby"],"latest_commit_sha":null,"homepage":"https://rubyonrails.org","language":"Ruby","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/rails.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":"CONTRIBUTING.md","funding":null,"license":"MIT-LICENSE","code_of_conduct":"CODE_OF_CONDUCT.md","threat_model":null,"audit":null,"citation":null,"codeowners":".github/CODEOWNERS","security":".github/security.md","support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":null,"dco":null,"cla":null}},"created_at":"2008-04-11T02:19:47.000Z","updated_at":"2025-10-24T04:50:34.000Z","dependencies_parsed_at":"2024-02-04T10:23:48.595Z","dependency_job_id":"76bea4fd-bd22-40af-b9bb-10ebcdcbd69d","html_url":"https://github.com/rails/rails","commit_stats":{"total_commits":70043,"total_committers":6052,"mean_commits":"11.573529411764707","dds":0.9368816298559456,"last_synced_commit":"be9aa73dd72f1097be5d45a58d7912447a266bd1"},"previous_names":[],"tags_count":578,"template":false,"template_full_name":null,"purl":"pkg:github/rails/rails","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rails%2Frails","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rails%2Frails/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rails%2Frails/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rails%2Frails/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/rails","download_url":"https://codeload.github.com/rails/rails/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rails%2Frails/sbom","scorecard":{"id":759285,"data":{"date":"2025-08-11","repo":{"name":"github.com/rails/rails","commit":"4f595868f95c63849653446e5ab7a96f191974d3"},"scorecard":{"version":"v5.2.1-40-gf6ed084d","commit":"f6ed084d17c9236477efd66e5b258b9d4cc7b389"},"score":6.1,"checks":[{"name":"Code-Review","score":8,"reason":"Found 16/19 approved changesets -- score normalized to 8","details":null,"documentation":{"short":"Determines if the project requires human code review before pull requests (aka merge requests) are merged.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#code-review"}},{"name":"Packaging","score":-1,"reason":"packaging workflow not detected","details":["Warn: no GitHub/GitLab publishing workflow detected."],"documentation":{"short":"Determines if the project is published as a package that others can easily download, install, easily update, and uninstall.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#packaging"}},{"name":"Security-Policy","score":10,"reason":"security policy file detected","details":["Info: security policy file detected: .github/security.md:1","Info: Found linked content: .github/security.md:1","Info: Found disclosure, vulnerability, and/or timelines in security policy: .github/security.md:1","Info: Found text in security policy: .github/security.md:1"],"documentation":{"short":"Determines if the project has published a security policy.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#security-policy"}},{"name":"Maintained","score":10,"reason":"30 commit(s) and 9 issue activity found in the last 90 days -- score normalized to 10","details":null,"documentation":{"short":"Determines if the project is \"actively maintained\".","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#maintained"}},{"name":"Dangerous-Workflow","score":10,"reason":"no dangerous workflow patterns detected","details":null,"documentation":{"short":"Determines if the project's GitHub Action workflows avoid dangerous patterns.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#dangerous-workflow"}},{"name":"Token-Permissions","score":9,"reason":"detected GitHub workflow tokens with excessive permissions","details":["Info: jobLevel 'contents' permission set to 'read': .github/workflows/devcontainer-smoke-test.yml:11","Warn: jobLevel 'packages' permission set to 'write': .github/workflows/devcontainer-smoke-test.yml:12","Warn: jobLevel 'contents' permission set to 'write': .github/workflows/release.yml:10","Info: topLevel 'contents' permission set to 'read': .github/workflows/devcontainer-shellcheck.yml:12","Warn: no topLevel permission defined: .github/workflows/devcontainer-smoke-test.yml:1","Info: topLevel 'contents' permission set to 'read': .github/workflows/rail_inspector.yml:12","Info: topLevel 'contents' permission set to 'read': .github/workflows/rails-new-docker.yml:6","Info: topLevel 'contents' permission set to 'read': .github/workflows/rails_releaser_tests.yml:12","Warn: no topLevel permission defined: .github/workflows/release.yml:1"],"documentation":{"short":"Determines if the project's workflows follow the principle of least privilege.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#token-permissions"}},{"name":"Fuzzing","score":0,"reason":"project is not fuzzed","details":["Warn: no fuzzer integrations found"],"documentation":{"short":"Determines if the project uses fuzzing.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#fuzzing"}},{"name":"CII-Best-Practices","score":2,"reason":"badge detected: InProgress","details":null,"documentation":{"short":"Determines if the project has an OpenSSF (formerly CII) Best Practices Badge.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#cii-best-practices"}},{"name":"License","score":10,"reason":"license file detected","details":["Info: project has a license file: MIT-LICENSE:0","Info: FSF or OSI recognized license: MIT License: MIT-LICENSE:0"],"documentation":{"short":"Determines if the project has defined a license.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#license"}},{"name":"Binary-Artifacts","score":10,"reason":"no binaries found in the repo","details":null,"documentation":{"short":"Determines if the project has generated executable (binary) artifacts in the source repository.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#binary-artifacts"}},{"name":"Branch-Protection","score":3,"reason":"branch protection is not maximal on development and all release branches","details":["Info: 'allow deletion' disabled on branch 'main'","Info: 'force pushes' disabled on branch 'main'","Warn: 'branch protection settings apply to administrators' is disabled on branch 'main'","Warn: branch 'main' does not require approvers","Warn: codeowners review is not required on branch 'main'","Warn: 'up-to-date branches' is disabled on branch 'main'","Info: status check found to merge onto on branch 'main'","Warn: PRs are not required to make changes on branch 'main'; or we don't have data to detect it.If you think it might be the latter, make sure to run Scorecard with a PAT or use Repo Rules (that are always public) instead of Branch Protection settings"],"documentation":{"short":"Determines if the default and release branches are protected with GitHub's branch protection settings.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#branch-protection"}},{"name":"Signed-Releases","score":-1,"reason":"no releases found","details":null,"documentation":{"short":"Determines if the project cryptographically signs release artifacts.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#signed-releases"}},{"name":"SAST","score":0,"reason":"SAST tool is not run on all commits -- score normalized to 0","details":["Warn: 0 commits out of 28 are checked with a SAST tool"],"documentation":{"short":"Determines if the project uses static code analysis.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#sast"}},{"name":"Pinned-Dependencies","score":2,"reason":"dependency not pinned by hash detected -- score normalized to 2","details":["Info: Possibly incomplete results: error parsing shell code: a command can only contain words and redirects; encountered (: railties/lib/rails/generators/rails/app/templates/Dockerfile.tt:17-20","Info: Possibly incomplete results: error parsing shell code: a command can only contain words and redirects; encountered (: railties/lib/rails/generators/rails/app/templates/Dockerfile.tt:33-35","Info: Possibly incomplete results: error parsing shell code: \u003e must be followed by a word: railties/lib/rails/generators/rails/app/templates/Dockerfile.tt:65-67","Info: Possibly incomplete results: error parsing shell code: \u003e must be followed by a word: railties/lib/rails/generators/rails/app/templates/docker-entrypoint.tt:0","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/devcontainer-shellcheck.yml:20: update your workflow using https://app.stepsecurity.io/secureworkflow/rails/rails/devcontainer-shellcheck.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/devcontainer-smoke-test.yml:18: update your workflow using https://app.stepsecurity.io/secureworkflow/rails/rails/devcontainer-smoke-test.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/devcontainer-smoke-test.yml:28: update your workflow using https://app.stepsecurity.io/secureworkflow/rails/rails/devcontainer-smoke-test.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/rail_inspector.yml:19: update your workflow using https://app.stepsecurity.io/secureworkflow/rails/rails/rail_inspector.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/rail_inspector.yml:23: update your workflow using https://app.stepsecurity.io/secureworkflow/rails/rails/rail_inspector.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/rails-new-docker.yml:17: update your workflow using https://app.stepsecurity.io/secureworkflow/rails/rails/rails-new-docker.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/rails-new-docker.yml:21: update your workflow using https://app.stepsecurity.io/secureworkflow/rails/rails/rails-new-docker.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/rails_releaser_tests.yml:20: update your workflow using https://app.stepsecurity.io/secureworkflow/rails/rails/rails_releaser_tests.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/rails_releaser_tests.yml:22: update your workflow using https://app.stepsecurity.io/secureworkflow/rails/rails/rails_releaser_tests.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release.yml:18: update your workflow using https://app.stepsecurity.io/secureworkflow/rails/rails/release.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/release.yml:20: update your workflow using https://app.stepsecurity.io/secureworkflow/rails/rails/release.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release.yml:23: update your workflow using https://app.stepsecurity.io/secureworkflow/rails/rails/release.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/release.yml:28: update your workflow using https://app.stepsecurity.io/secureworkflow/rails/rails/release.yml/main?enable=pin","Warn: containerImage not pinned by hash: .devcontainer/Dockerfile:5","Warn: containerImage not pinned by hash: railties/lib/rails/generators/rails/app/templates/Dockerfile.tt:12","Warn: containerImage not pinned by hash: railties/lib/rails/generators/rails/app/templates/Dockerfile.tt:31","Warn: containerImage not pinned by hash: railties/lib/rails/generators/rails/app/templates/Dockerfile.tt:106","Warn: containerImage not pinned by hash: railties/lib/rails/generators/rails/devcontainer/templates/devcontainer/Dockerfile.tt:3","Warn: containerImage not pinned by hash: railties/test/fixtures/Dockerfile.test:5","Warn: containerImage not pinned by hash: railties/test/fixtures/Dockerfile.test:21","Warn: containerImage not pinned by hash: railties/test/fixtures/Dockerfile.test:42","Warn: npmCommand not pinned by hash: railties/lib/rails/generators/rails/app/templates/Dockerfile.tt:49-52","Warn: downloadThenRun not pinned by hash: railties/lib/rails/generators/rails/app/templates/Dockerfile.tt:60","Info:   0 out of   7 GitHub-owned GitHubAction dependencies pinned","Info:   6 out of  12 third-party GitHubAction dependencies pinned","Info:   0 out of   8 containerImage dependencies pinned","Info:   0 out of   1 npmCommand dependencies pinned","Info:   0 out of   1 downloadThenRun dependencies pinned"],"documentation":{"short":"Determines if the project has declared and pinned the dependencies of its build process.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#pinned-dependencies"}},{"name":"Vulnerabilities","score":0,"reason":"26 existing vulnerabilities detected","details":["Warn: Project is vulnerable to: GHSA-7fc5-f82f-cx69","Warn: Project is vulnerable to: GHSA-j3g3-5qv5-52mj","Warn: Project is vulnerable to: GHSA-353f-x4gh-cqq8","Warn: Project is vulnerable to: GHSA-22h5-pq3x-2gf2","Warn: Project is vulnerable to: GHSA-qwcr-r2fm-qrc7","Warn: Project is vulnerable to: GHSA-v6h2-p8h4-qcjw","Warn: Project is vulnerable to: GHSA-grv7-fg5c-xmjg","Warn: Project is vulnerable to: GHSA-3xgq-45jj-v275","Warn: Project is vulnerable to: GHSA-jchw-25xp-jwwc","Warn: Project is vulnerable to: GHSA-cxjh-pqwp-8mfp","Warn: Project is vulnerable to: GHSA-fjxv-7rqg-78g4","Warn: Project is vulnerable to: GHSA-p8p7-x288-28g6","Warn: Project is vulnerable to: GHSA-gcx4-mw62-g8wm","Warn: Project is vulnerable to: GHSA-52f5-9888-hmc6","Warn: Project is vulnerable to: GHSA-72xf-g2v4-qvf3","Warn: Project is vulnerable to: GHSA-6vx4-v2jw-qwqh","Warn: Project is vulnerable to: GHSA-j386-3444-qgwg","Warn: Project is vulnerable to: GHSA-mcrw-746g-9q8h","Warn: Project is vulnerable to: GHSA-3329-pjwv-fjpg","Warn: Project is vulnerable to: GHSA-p6j9-7xhc-rhwp","Warn: Project is vulnerable to: GHSA-89gv-h8wf-cg8r","Warn: Project is vulnerable to: GHSA-gcv8-gh4r-25x6","Warn: Project is vulnerable to: GHSA-gmv4-r438-p67f","Warn: Project is vulnerable to: GHSA-8h2f-7jc4-7m3m","Warn: Project is vulnerable to: GHSA-3vjf-82ff-p4r3","Warn: Project is vulnerable to: GHSA-g694-m8vq-gv9h"],"documentation":{"short":"Determines if the project has open, known unfixed vulnerabilities.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#vulnerabilities"}}]},"last_synced_at":"2025-08-22T22:49:27.036Z","repository_id":390886,"created_at":"2025-08-22T22:49:27.036Z","updated_at":"2025-08-22T22:49:27.036Z"},"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":280776483,"owners_count":26388950,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","status":"online","status_checked_at":"2025-10-24T02:00:06.418Z","response_time":73,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["activejob","activerecord","framework","html","mvc","rails","ruby"],"created_at":"2024-07-30T19:00:52.413Z","updated_at":"2025-10-24T13:34:47.735Z","avatar_url":"https://github.com/rails.png","language":"Ruby","readme":"# Welcome to Rails\n\n## What's Rails?\n\nRails is a web-application framework that includes everything needed to\ncreate database-backed web applications according to the\n[Model-View-Controller (MVC)](https://en.wikipedia.org/wiki/Model-view-controller)\npattern.\n\nUnderstanding the MVC pattern is key to understanding Rails. MVC divides your\napplication into three layers: Model, View, and Controller, each with a specific responsibility.\n\n## Model layer\n\nThe _**Model layer**_ represents the domain model (such as Account, Product,\nPerson, Post, etc.) and encapsulates the business logic specific to\nyour application. In Rails, database-backed model classes are derived from\n`ActiveRecord::Base`. [Active Record](activerecord/README.rdoc) allows you to present the data from\ndatabase rows as objects and embellish these data objects with business logic\nmethods.\nAlthough most Rails models are backed by a database, models can also be ordinary\nRuby classes, or Ruby classes that implement a set of interfaces as provided by\nthe [Active Model](activemodel/README.rdoc) module.\n\n## View layer\n\nThe _**View layer**_ is composed of \"templates\" that are responsible for providing\nappropriate representations of your application's resources. Templates can\ncome in a variety of formats, but most view templates are HTML with embedded\nRuby code (ERB files). Views are typically rendered to generate a controller response\nor to generate the body of an email. In Rails, View generation is handled by [Action View](actionview/README.rdoc).\n\n## Controller layer\n\nThe _**Controller layer**_ is responsible for handling incoming HTTP requests and\nproviding a suitable response. Usually, this means returning HTML, but Rails controllers\ncan also generate XML, JSON, PDFs, mobile-specific views, and more. Controllers load and\nmanipulate models, and render view templates in order to generate the appropriate HTTP response.\nIn Rails, incoming requests are routed by Action Dispatch to an appropriate controller, and\ncontroller classes are derived from `ActionController::Base`. Action Dispatch and Action Controller\nare bundled together in [Action Pack](actionpack/README.rdoc).\n\n## Frameworks and libraries\n\n[Active Record](activerecord/README.rdoc), [Active Model](activemodel/README.rdoc), [Action Pack](actionpack/README.rdoc), and [Action View](actionview/README.rdoc) can each be used independently outside Rails.\n\nIn addition to that, Rails also comes with:\n\n- [Action Mailer](actionmailer/README.rdoc), a library to generate and send emails\n- [Action Mailbox](actionmailbox/README.md), a library to receive emails within a Rails application\n- [Active Job](activejob/README.md), a framework for declaring jobs and making them run on a variety of queuing backends\n- [Action Cable](actioncable/README.md), a framework to integrate WebSockets with a Rails application\n- [Active Storage](activestorage/README.md), a library to attach cloud and local files to Rails applications\n- [Action Text](actiontext/README.md), a library to handle rich text content\n- [Active Support](activesupport/README.rdoc), a collection of utility classes and standard library extensions that are useful for Rails, and may also be used independently outside Rails\n\n## Getting Started\n\n1. Install Rails at the command prompt if you haven't yet:\n\n\t```bash\n\t$ gem install rails\n\t```\n\n2. At the command prompt, create a new Rails application:\n\n\t```bash\n\t$ rails new myapp\n\t```\n\n   where \"myapp\" is the application name.\n\n3. Change directory to `myapp` and start the web server:\n\n\t```bash\n\t$ cd myapp\n\t$ bin/rails server\n\t```\n   Run with `--help` or `-h` for options.\n\n4. Go to `http://localhost:3000` and you'll see the Rails bootscreen with your Rails and Ruby versions.\n\n5. Follow the guidelines to start developing your application. You may find\n   the following resources handy:\n    * [Getting Started with Rails](https://guides.rubyonrails.org/getting_started.html)\n    * [Ruby on Rails Guides](https://guides.rubyonrails.org)\n    * [The API Documentation](https://api.rubyonrails.org)\n\n## Contributing\n\nWe encourage you to contribute to Ruby on Rails! Please check out the\n[Contributing to Ruby on Rails guide](https://edgeguides.rubyonrails.org/contributing_to_ruby_on_rails.html) for guidelines about how to proceed. [Join us!](https://contributors.rubyonrails.org)\n\nTrying to report a possible security vulnerability in Rails? Please\ncheck out our [security policy](https://rubyonrails.org/security) for\nguidelines about how to proceed.\n\nEveryone interacting in Rails and its sub-projects' codebases, issue trackers, chat rooms, and mailing lists is expected to follow the Rails [code of conduct](https://rubyonrails.org/conduct).\n\n## License\n\nRuby on Rails is released under the [MIT License](https://opensource.org/licenses/MIT).\n","funding_links":[],"categories":["Ruby","Web 后端","[Ruby](#ruby)","Misc","前端开发框架及项目","Resources","Framework","Web Apps, Services \u0026 Interaction","Back-End Development","Libraries","Built With","Frameworks","REST Framework"],"sub_categories":["Open Source:","其他_文本生成、文本对话","Official Resources","Misc","Web App Frameworks","Ruby","Resource Management"],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Frails%2Frails","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Frails%2Frails","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Frails%2Frails/lists"}