{"id":13665315,"url":"https://github.com/rtimush/sbt-updates","last_synced_at":"2025-09-03T12:49:54.919Z","repository":{"id":4956962,"uuid":"6114386","full_name":"rtimush/sbt-updates","owner":"rtimush","description":"sbt plugin that can check Maven and Ivy repositories for dependency updates","archived":false,"fork":false,"pushed_at":"2025-08-21T07:22:54.000Z","size":598,"stargazers_count":774,"open_issues_count":22,"forks_count":55,"subscribers_count":22,"default_branch":"master","last_synced_at":"2025-08-27T14:44:46.281Z","etag":null,"topics":["sbt","sbt-plugin","scala"],"latest_commit_sha":null,"homepage":"","language":"Scala","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"bsd-3-clause","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/rtimush.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":"CONTRIBUTING.md","funding":".github/FUNDING.yml","license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null},"funding":{"github":"rtimush"}},"created_at":"2012-10-07T17:20:50.000Z","updated_at":"2025-08-22T19:43:06.000Z","dependencies_parsed_at":"2023-11-30T09:42:33.234Z","dependency_job_id":"f847dbcb-c589-443b-a4f7-e0bfc03e8306","html_url":"https://github.com/rtimush/sbt-updates","commit_stats":{"total_commits":373,"total_committers":33,"mean_commits":"11.303030303030303","dds":0.5335120643431636,"last_synced_commit":"0310b0c4f4cc6d916235c2eb811ec52e417fb36b"},"previous_names":[],"tags_count":30,"template":false,"template_full_name":null,"purl":"pkg:github/rtimush/sbt-updates","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rtimush%2Fsbt-updates","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rtimush%2Fsbt-updates/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rtimush%2Fsbt-updates/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rtimush%2Fsbt-updates/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/rtimush","download_url":"https://codeload.github.com/rtimush/sbt-updates/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rtimush%2Fsbt-updates/sbom","scorecard":{"id":788124,"data":{"date":"2025-08-11","repo":{"name":"github.com/rtimush/sbt-updates","commit":"b0eda51a0d928215c6c70d48c22d1b4e30936700"},"scorecard":{"version":"v5.2.1-40-gf6ed084d","commit":"f6ed084d17c9236477efd66e5b258b9d4cc7b389"},"score":4.6,"checks":[{"name":"Code-Review","score":8,"reason":"Found 13/15 approved changesets -- score normalized to 8","details":null,"documentation":{"short":"Determines if the project requires human code review before pull requests (aka merge requests) are merged.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#code-review"}},{"name":"Maintained","score":0,"reason":"0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0","details":null,"documentation":{"short":"Determines if the project is \"actively maintained\".","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#maintained"}},{"name":"Binary-Artifacts","score":10,"reason":"no binaries found in the repo","details":null,"documentation":{"short":"Determines if the project has generated executable (binary) artifacts in the source repository.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#binary-artifacts"}},{"name":"Dangerous-Workflow","score":10,"reason":"no dangerous workflow patterns detected","details":null,"documentation":{"short":"Determines if the project's GitHub Action workflows avoid dangerous patterns.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#dangerous-workflow"}},{"name":"Token-Permissions","score":0,"reason":"detected GitHub workflow tokens with excessive permissions","details":["Warn: no topLevel permission defined: .github/workflows/ci.yml:1","Info: no jobLevel write permissions found"],"documentation":{"short":"Determines if the project's workflows follow the principle of least privilege.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#token-permissions"}},{"name":"Packaging","score":-1,"reason":"packaging workflow not detected","details":["Warn: no GitHub/GitLab publishing workflow detected."],"documentation":{"short":"Determines if the project is published as a package that others can easily download, install, easily update, and uninstall.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#packaging"}},{"name":"Pinned-Dependencies","score":0,"reason":"dependency not pinned by hash detected -- score normalized to 0","details":["Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:13: update your workflow using https://app.stepsecurity.io/secureworkflow/rtimush/sbt-updates/ci.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:16: update your workflow using https://app.stepsecurity.io/secureworkflow/rtimush/sbt-updates/ci.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:23: update your workflow using https://app.stepsecurity.io/secureworkflow/rtimush/sbt-updates/ci.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:28: update your workflow using https://app.stepsecurity.io/secureworkflow/rtimush/sbt-updates/ci.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:46: update your workflow using https://app.stepsecurity.io/secureworkflow/rtimush/sbt-updates/ci.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:49: update your workflow using https://app.stepsecurity.io/secureworkflow/rtimush/sbt-updates/ci.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:56: update your workflow using https://app.stepsecurity.io/secureworkflow/rtimush/sbt-updates/ci.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:60: update your workflow using https://app.stepsecurity.io/secureworkflow/rtimush/sbt-updates/ci.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:77: update your workflow using https://app.stepsecurity.io/secureworkflow/rtimush/sbt-updates/ci.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:80: update your workflow using https://app.stepsecurity.io/secureworkflow/rtimush/sbt-updates/ci.yml/master?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/ci.yml:87: update your workflow using https://app.stepsecurity.io/secureworkflow/rtimush/sbt-updates/ci.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:91: update your workflow using https://app.stepsecurity.io/secureworkflow/rtimush/sbt-updates/ci.yml/master?enable=pin","Info:   0 out of  11 GitHub-owned GitHubAction dependencies pinned","Info:   0 out of   1 third-party GitHubAction dependencies pinned"],"documentation":{"short":"Determines if the project has declared and pinned the dependencies of its build process.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#pinned-dependencies"}},{"name":"CII-Best-Practices","score":0,"reason":"no effort to earn an OpenSSF best practices badge detected","details":null,"documentation":{"short":"Determines if the project has an OpenSSF (formerly CII) Best Practices Badge.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#cii-best-practices"}},{"name":"Security-Policy","score":0,"reason":"security policy file not detected","details":["Warn: no security policy file detected","Warn: no security file to analyze","Warn: no security file to analyze","Warn: no security file to analyze"],"documentation":{"short":"Determines if the project has published a security policy.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#security-policy"}},{"name":"Fuzzing","score":0,"reason":"project is not fuzzed","details":["Warn: no fuzzer integrations found"],"documentation":{"short":"Determines if the project uses fuzzing.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#fuzzing"}},{"name":"Vulnerabilities","score":10,"reason":"0 existing vulnerabilities detected","details":null,"documentation":{"short":"Determines if the project has open, known unfixed vulnerabilities.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#vulnerabilities"}},{"name":"License","score":10,"reason":"license file detected","details":["Info: project has a license file: LICENSE:0","Info: FSF or OSI recognized license: BSD 3-Clause \"New\" or \"Revised\" License: LICENSE:0"],"documentation":{"short":"Determines if the project has defined a license.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#license"}},{"name":"Branch-Protection","score":-1,"reason":"internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration","details":null,"documentation":{"short":"Determines if the default and release branches are protected with GitHub's branch protection settings.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#branch-protection"}},{"name":"Signed-Releases","score":-1,"reason":"no releases found","details":null,"documentation":{"short":"Determines if the project cryptographically signs release artifacts.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#signed-releases"}},{"name":"SAST","score":0,"reason":"SAST tool is not run on all commits -- score normalized to 0","details":["Warn: 0 commits out of 30 are checked with a SAST tool"],"documentation":{"short":"Determines if the project uses static code analysis.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#sast"}}]},"last_synced_at":"2025-08-23T06:40:10.648Z","repository_id":4956962,"created_at":"2025-08-23T06:40:10.649Z","updated_at":"2025-08-23T06:40:10.649Z"},"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":273446214,"owners_count":25107153,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","status":"online","status_checked_at":"2025-09-03T02:00:09.631Z","response_time":76,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["sbt","sbt-plugin","scala"],"created_at":"2024-08-02T06:00:32.550Z","updated_at":"2025-09-03T12:49:54.896Z","avatar_url":"https://github.com/rtimush.png","language":"Scala","readme":"sbt-updates\n==================\nDisplay your sbt project's dependency updates.\n\nUpdate information is obtained from the maven metadata.\nThere is also a limited support for Ivy repositories hosted on BinTray.\n\nIf your project uses `crossScalaVersions` you will be presented only with updates available for all scala versions.\n\nRequirements\n==============\nsbt 0.13.9 and later. sbt 1.x is supported since version 0.3.1.\n\nInstallation\n============\n### Stable version\nCreate a `~/.sbt/1.0/plugins/sbt-updates.sbt` file (for sbt 1.x series), or `~/.sbt/0.13/plugins/sbt-updates.sbt` (for sbt 0.13.x series) with the following content:\n\n```\naddSbtPlugin(\"com.timushev.sbt\" % \"sbt-updates\" % \"x.x.x\")\n```\n\nThe latest version is [![Maven Central](https://maven-badges.herokuapp.com/maven-central/com.timushev.sbt/sbt-updates/badge.svg?subject=sbt-updates)](https://maven-badges.herokuapp.com/maven-central/com.timushev.sbt/sbt-updates/)\n\n### Snapshot version\nChoose one of versions available on [Sonatype](https://oss.sonatype.org/content/repositories/snapshots/com/timushev/sbt/sbt-updates_2.12_1.0/). Then create a `~/.sbt/1.0/plugins/sbt-updates.sbt` file (for sbt 1.x series), or `~/.sbt/0.13/plugins/sbt-updates.sbt` (for sbt 0.13.x series) with the following content:\n\n```\nresolvers += Resolver.sonatypeRepo(\"snapshots\")\naddSbtPlugin(\"com.timushev.sbt\" % \"sbt-updates\" % \"x.x.x-y+gzzzzzzz-SNAPSHOT\")\n```\n\nNote, that snapshots are not updated automatically.\n\nTasks\n=====\n* `dependencyUpdates`: show a list of project dependencies that can be updated,\n* `dependencyUpdatesReport`: writes a list of project dependencies to a file.\n\nSettings\n========\n* `dependencyUpdatesReportFile`: report file location, `target/dependency-updates.txt` by default.\n* `dependencyUpdatesFilter`: filter matching dependencies that should be included to update reporting.\n* `dependencyUpdatesFailBuild`: `dependencyUpdates` task will fail a build if updates found.\n* `dependencyAllowPreRelease`: when enabled, pre-release dependencies will be reported as well.\n\n#### Deprecated Settings\n* `dependencyUpdatesExclusions`: filter matching dependencies that should be excluded from update reporting.\n\nExclusions\n==========\nYou can exclude some modules from update checking:\n```\ndependencyUpdatesFilter -= moduleFilter(organization = \"org.scala-lang\")\n```\n\nsbt plugin updates\n=============\nIf `sbt-updates` is installed in your global file you can get updates for sbt plugins by using the `reload plugins` command:\n```\n\u003e reload plugins\n...\n\u003e dependencyUpdates\n[info] Found 2 dependency updates for project\n[info]   com.timushev.sbt:sbt-updates          : 0.3.0  -\u003e 0.3.4 -\u003e 0.4.3\n[info]   org.scala-lang:scala-library:provided : 2.10.6          -\u003e 2.12.4\n\u003e reload return\n```\nOnly plugins defined in a project are checked, there is currently no way to check updates for global plugins.\n\nYou can also check updates for dependencies and sbt plugins with:\n```\nsbt \";dependencyUpdates; reload plugins; dependencyUpdates\"\n```\n\nUsage as project plugin\n=======================\nIt is preferred to use sbt-updates as a global plugin. Nevertheless, there might be cases when you want to use sbt-updates\nas a project plugin. In that case, add the plugin definition to `project/sbt-updates.sbt`. You can then use dependencyUpdates\ntarget to find updates for your project. But this way you won't be able to check sbt plugin updates. In order to check both\ndependency updates and sbt plugin updates, add the plugin to both project and meta project i.e `project/sbt-updates.sbt`\n and `project/project/sbt-updates.sbt` and run:\n```\nsbt \";dependencyUpdates; reload plugins; dependencyUpdates; reload return\"\n```\n\nPublishing\n==========\n`sbt-updates` relies on the repository Maven metadata. If you want to get update notifications\n for artifacts published by other sbt projects, you should ensure that metadata is updated\n correctly. One possible way to achieve this is to use [sbt-aether-deploy](https://github.com/arktekk/sbt-aether-deploy).\n\nExample\n=======\n\nIn order from left, the result shows current version, patch update version, minor update version and major update version.\n\n```\n\u003e dependencyUpdates\n[info] Found 3 dependency updates for test-project\n[info]   ch.qos.logback:logback-classic : 0.8   -\u003e 0.8.1 -\u003e 0.9.30 -\u003e 1.0.13\n[info]   org.scala-lang:scala-library   : 2.9.1 -\u003e 2.9.3 -\u003e 2.10.3\n[info]   org.slf4j:slf4j-api            : 1.6.4 -\u003e 1.6.6 -\u003e 1.7.5\n```\n","funding_links":["https://github.com/sponsors/rtimush"],"categories":["Table of Contents","Sbt plugins","OTHER"],"sub_categories":["Sbt plugins"],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Frtimush%2Fsbt-updates","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Frtimush%2Fsbt-updates","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Frtimush%2Fsbt-updates/lists"}