{"id":50897729,"url":"https://github.com/revapi/revapi","last_synced_at":"2026-07-03T16:01:21.721Z","repository":{"id":23132124,"uuid":"26486958","full_name":"revapi/revapi","owner":"revapi","description":"  Revapi is an API analysis and change tracking tool written in Java.  Its focus is mainly on Java language itself but it has been specifically designed to not be limited to just Java. API is much more than just java classes - also various configuration files, schemas, etc. can contribute to it and users can become reliant on them.","archived":false,"fork":false,"pushed_at":"2025-11-08T15:12:37.000Z","size":7383,"stargazers_count":212,"open_issues_count":40,"forks_count":51,"subscribers_count":8,"default_branch":"main","last_synced_at":"2026-02-24T17:30:59.884Z","etag":null,"topics":["api","api-analyzer","compatibility","java","maven-plugin","revapi"],"latest_commit_sha":null,"homepage":"http://revapi.org","language":"Java","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":"gophercon/2016-talks","license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/revapi.png","metadata":{"files":{"readme":"README.adoc","changelog":null,"contributing":null,"funding":".github/FUNDING.yml","license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":null,"dco":null,"cla":null},"funding":{"github":null,"patreon":null,"open_collective":"revapi","ko_fi":null,"tidelift":null,"community_bridge":null,"liberapay":null,"issuehunt":null,"otechie":null,"custom":null}},"created_at":"2014-11-11T13:50:08.000Z","updated_at":"2026-02-10T08:33:39.000Z","dependencies_parsed_at":"2024-04-15T01:07:52.885Z","dependency_job_id":"d72e29b1-9643-4c2f-8b2d-3cb3025a9bc0","html_url":"https://github.com/revapi/revapi","commit_stats":{"total_commits":2428,"total_committers":32,"mean_commits":75.875,"dds":0.3801482701812191,"last_synced_commit":"4d862015c357ffda74f6cba86603a9162330ac3a"},"previous_names":[],"tags_count":582,"template":false,"template_full_name":null,"purl":"pkg:github/revapi/revapi","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/revapi%2Frevapi","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/revapi%2Frevapi/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/revapi%2Frevapi/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/revapi%2Frevapi/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/revapi","download_url":"https://codeload.github.com/revapi/revapi/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/revapi%2Frevapi/sbom","scorecard":{"id":772587,"data":{"date":"2025-08-11","repo":{"name":"github.com/revapi/revapi","commit":"2f476666a04abb8b4baa9af8da03c0b15738d9d8"},"scorecard":{"version":"v5.2.1-40-gf6ed084d","commit":"f6ed084d17c9236477efd66e5b258b9d4cc7b389"},"score":3.6,"checks":[{"name":"Maintained","score":0,"reason":"0 commit(s) and 1 issue activity found in the last 90 days -- score normalized to 0","details":null,"documentation":{"short":"Determines if the project is \"actively maintained\".","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#maintained"}},{"name":"Packaging","score":-1,"reason":"packaging workflow not detected","details":["Warn: no GitHub/GitLab publishing workflow detected."],"documentation":{"short":"Determines if the project is published as a package that others can easily download, install, easily update, and uninstall.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#packaging"}},{"name":"Code-Review","score":0,"reason":"Found 0/30 approved changesets -- score normalized to 0","details":null,"documentation":{"short":"Determines if the project requires human code review before pull requests (aka merge requests) are merged.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#code-review"}},{"name":"Dangerous-Workflow","score":10,"reason":"no dangerous workflow patterns detected","details":null,"documentation":{"short":"Determines if the project's GitHub Action workflows avoid dangerous patterns.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#dangerous-workflow"}},{"name":"Token-Permissions","score":0,"reason":"detected GitHub workflow tokens with excessive permissions","details":["Info: jobLevel 'actions' permission set to 'read': .github/workflows/codeql-analysis.yml:28","Info: jobLevel 'contents' permission set to 'read': .github/workflows/codeql-analysis.yml:29","Warn: no topLevel permission defined: .github/workflows/build.yml:1","Warn: no topLevel permission defined: .github/workflows/codeql-analysis.yml:1","Info: no jobLevel write permissions found"],"documentation":{"short":"Determines if the project's workflows follow the principle of least privilege.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#token-permissions"}},{"name":"CII-Best-Practices","score":0,"reason":"no effort to earn an OpenSSF best practices badge detected","details":null,"documentation":{"short":"Determines if the project has an OpenSSF (formerly CII) Best Practices Badge.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#cii-best-practices"}},{"name":"SAST","score":10,"reason":"SAST tool detected: CodeQL","details":["Info: SAST configuration detected: CodeQL","Warn: no pull requests merged into dev branch"],"documentation":{"short":"Determines if the project uses static code analysis.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#sast"}},{"name":"Binary-Artifacts","score":8,"reason":"binaries present in source code","details":["Warn: binary detected: .mvn/wrapper/maven-wrapper.jar:1","Warn: binary detected: revapi-maven-plugin/src/it/build/simple-tests/war/v1/web-resources/API.class:1"],"documentation":{"short":"Determines if the project has generated executable (binary) artifacts in the source repository.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#binary-artifacts"}},{"name":"Security-Policy","score":0,"reason":"security policy file not detected","details":["Warn: no security policy file detected","Warn: no security file to analyze","Warn: no security file to analyze","Warn: no security file to analyze"],"documentation":{"short":"Determines if the project has published a security policy.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#security-policy"}},{"name":"Pinned-Dependencies","score":0,"reason":"dependency not pinned by hash detected -- score normalized to 0","details":["Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build.yml:20: update your workflow using https://app.stepsecurity.io/secureworkflow/revapi/revapi/build.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build.yml:24: update your workflow using https://app.stepsecurity.io/secureworkflow/revapi/revapi/build.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/codeql-analysis.yml:41: update your workflow using https://app.stepsecurity.io/secureworkflow/revapi/revapi/codeql-analysis.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/codeql-analysis.yml:45: update your workflow using https://app.stepsecurity.io/secureworkflow/revapi/revapi/codeql-analysis.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/codeql-analysis.yml:56: update your workflow using https://app.stepsecurity.io/secureworkflow/revapi/revapi/codeql-analysis.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/codeql-analysis.yml:70: update your workflow using https://app.stepsecurity.io/secureworkflow/revapi/revapi/codeql-analysis.yml/main?enable=pin","Warn: npmCommand not pinned by hash: revapi-site-assembly/build.sh:16","Info:   0 out of   6 GitHub-owned GitHubAction dependencies pinned","Info:   0 out of   1 npmCommand dependencies pinned"],"documentation":{"short":"Determines if the project has declared and pinned the dependencies of its build process.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#pinned-dependencies"}},{"name":"Fuzzing","score":0,"reason":"project is not fuzzed","details":["Warn: no fuzzer integrations found"],"documentation":{"short":"Determines if the project uses fuzzing.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#fuzzing"}},{"name":"License","score":10,"reason":"license file detected","details":["Info: project has a license file: LICENSE:0","Info: FSF or OSI recognized license: Apache License 2.0: LICENSE:0"],"documentation":{"short":"Determines if the project has defined a license.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#license"}},{"name":"Signed-Releases","score":-1,"reason":"no releases found","details":null,"documentation":{"short":"Determines if the project cryptographically signs release artifacts.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#signed-releases"}},{"name":"Branch-Protection","score":-1,"reason":"internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration","details":null,"documentation":{"short":"Determines if the default and release branches are protected with GitHub's branch protection settings.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#branch-protection"}},{"name":"Vulnerabilities","score":3,"reason":"7 existing vulnerabilities detected","details":["Warn: Project is vulnerable to: GHSA-h46c-h94j-95f3","Warn: Project is vulnerable to: GHSA-288c-cq4h-88gq","Warn: Project is vulnerable to: GHSA-3x8x-79m2-3w2w","Warn: Project is vulnerable to: GHSA-57j2-w4cx-62h2","Warn: Project is vulnerable to: GHSA-jjjh-jjxp-wpff","Warn: Project is vulnerable to: GHSA-rgv9-q543-rqg4","Warn: Project is vulnerable to: GHSA-j288-q9x7-2f5v"],"documentation":{"short":"Determines if the project has open, known unfixed vulnerabilities.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#vulnerabilities"}}]},"last_synced_at":"2025-08-23T02:35:49.718Z","repository_id":23132124,"created_at":"2025-08-23T02:35:49.719Z","updated_at":"2025-08-23T02:35:49.719Z"},"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":35092185,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-05-26T15:22:16.424Z","status":"online","status_checked_at":"2026-07-03T02:00:05.635Z","response_time":110,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["api","api-analyzer","compatibility","java","maven-plugin","revapi"],"created_at":"2026-06-16T01:31:30.077Z","updated_at":"2026-07-03T16:01:21.700Z","avatar_url":"https://github.com/revapi.png","language":"Java","funding_links":["https://opencollective.com/revapi"],"categories":["api"],"sub_categories":[],"readme":"= Revapi\n:toc:\n\nimage:https://github.com/revapi/revapi/actions/workflows/build.yml/badge.svg[Build Status, link=https://github.com/revapi/revapi/actions/workflows/build.yml]\nimage:https://codecov.io/github/revapi/revapi/coverage.svg?branch=main[Code Coverage,link=https://codecov.io/github/revapi/revapi?branch=main]\n\nhttps://revapi.org[Revapi] is a tool for API analysis and change tracking.\n\n== Summary\n\nWhile Revapi is designed to be extensible and in theory should support API checks in other languages\nthan Java (not just programming languages but anything that can be decomposed to a tree structure)\nthe only extension in existence today is the Java API checker.\n\nThe main distinguishing features of the Java API checker include:\n\n* large number of https://revapi.org/revapi-java/differences.html[API checks]\n** categorized by their influence on source, binary and \"semantic\" compatibility\n* support for computing the API \"surface\" by tracking usages of types across the checked library\nand also its dependencies (ability to report type \"leakage\" from deps)\n* powerful filtering of elements to check and reclassification of found problems\n* ability to filter by annotation presence\n* Maven plugin automatically includes dependencies in the check\n\nOther features:\n\n* ability to judge the severity of changes based on semver rules (see\nhttps://revapi.org/revapi-basic-features/versions.html[here])\n* automatic updates of pom.xml or release.properties versions according to semver rules (see \nhttps://revapi.org/revapi-maven-plugin/specifying-versions.html[here])\n* pluggable reporting (standard output, maven site generation, https://revapi.org/revapi-reporter-text/index.html[FreeMarker templates], https://revapi.org/revapi-reporter-json/index.html[JSON], ...)\n\n== Building\n\nThis is a maven project, so to build you simply:\n\n mvn install\n\n== Usage\n\nRevapi can be invoked in a couple of ways. It can be used as a standalone program, \nas a maven plugin or it can also be embedded in your application and used as a library.\n\n=== Standalone\n\nhttps://revapi.org/revapi-site/downloads.html[Download] the standalone distribution zip and\n\n unzip revapi-XXX-standalone.zip\n cd revapi-XXX-standalone\n ./revapi.sh\n\nRead the usage info and go.\n\n=== Maven\n\n[source,xml]\n----\n\u003cbuild\u003e\n    \u003cplugins\u003e\n        \u003cplugin\u003e\n            \u003cgroupId\u003eorg.revapi\u003c/groupId\u003e\n            \u003cartifactId\u003erevapi-maven-plugin\u003c/artifactId\u003e\n            \u003cversion\u003e...\u003c/version\u003e\n            \u003cdependencies\u003e\n                \u003cdependency\u003e\n                    \u003cgroupId\u003eorg.revapi\u003c/groupId\u003e\n                    \u003cartifactId\u003erevapi-java\u003c/artifactId\u003e\n                    \u003cversion\u003e...\u003c/version\u003e\n                \u003c/dependency\u003e\n                \u003cdependency\u003e\n                    \u003cgroupId\u003ecom.acme\u003c/groupId\u003e\n                    \u003cartifactId\u003emy-extension\u003c/artifactId\u003e\n                    \u003cversion\u003e...\u003c/version\u003e\n                \u003c/dependency\u003e\n                ...\n            \u003c/dependencies\u003e\n            \u003cconfiguration\u003e\n                ...\n            \u003c/configuration\u003e\n            \u003cexecutions\u003e\n                \u003cexecution\u003e\n                    \u003cid\u003eapi-check\u003c/id\u003e\n                    \u003cgoals\u003e\u003cgoal\u003echeck\u003c/goal\u003e\u003c/goals\u003e\n                    ...\n                \u003c/execution\u003e\n                ...\n            \u003c/executions\u003e\n        \u003c/plugin\u003e\n        ...\n    \u003c/plugins\u003e\n    ...\n\u003c/build\u003e\n----\n\n=== Gradle\n\nThe Gradle plugin available for Revapi at https://plugins.gradle.org/plugin/org.revapi.revapi-gradle-plugin\nand it is maintained under https://github.com/revapi/gradle-revapi\n\n[source,kotlin]\n----\nbuildscript {\n  repositories {\n    maven {\n      url = uri(\"https://plugins.gradle.org/m2/\")\n    }\n  }\n  dependencies {\n    classpath(\"org.revapi:gradle-revapi:x.y.z\")\n  }\n}\n\napply(plugin = \"org.revapi.revapi-gradle-plugin\")\n----\n\n=== Embedding\n\n[source,java]\n----\nRevapi revapi = Revapi.builder().withAllExtensionsFromThreadContextClassLoader().build();\n\nAnalysisContext analysisContext = AnalysisContext.builder()\n    .withOldAPI(API.of(...))\n    .withNewAPI(API.of(...))\n    .withConfigurationFromJSON(\"json\").build();\n\nrevapi.analyze(analysisContext);\n----\n\n== Extending Revapi\n\nSee the https://revapi.org/revapi/architecture.html[site] for more info.\n\n== Getting in touch\n\nMastodon:: https://botsin.space/@revapi[+@revapi@botsin.space+]\nTwitter:: https://twitter.com/revapi_org[@revapi_org]\nMatrix:: #revapiorg:matrix.org\nMailing list:: https://groups.google.com/forum/#!forum/revapi[revapi@googlegroups.com]\nIssues:: https://github.com/revapi/revapi/issues\nCode:: https://github.com/revapi/\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Frevapi%2Frevapi","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Frevapi%2Frevapi","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Frevapi%2Frevapi/lists"}