{"id":18341849,"url":"https://github.com/sbaudoin/yamllint","last_synced_at":"2025-10-10T09:11:28.745Z","repository":{"id":38774712,"uuid":"135351835","full_name":"sbaudoin/yamllint","owner":"sbaudoin","description":"YAML Linter written in Java","archived":false,"fork":false,"pushed_at":"2023-12-10T15:16:39.000Z","size":681,"stargazers_count":20,"open_issues_count":3,"forks_count":14,"subscribers_count":1,"default_branch":"master","last_synced_at":"2025-09-14T03:36:32.686Z","etag":null,"topics":["lint","linter","yaml","yaml-lint","yamllint"],"latest_commit_sha":null,"homepage":"","language":"Java","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/sbaudoin.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE.txt","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2018-05-29T20:53:12.000Z","updated_at":"2024-10-25T21:01:28.000Z","dependencies_parsed_at":"2024-11-05T20:34:01.426Z","dependency_job_id":null,"html_url":"https://github.com/sbaudoin/yamllint","commit_stats":{"total_commits":220,"total_committers":7,"mean_commits":"31.428571428571427","dds":"0.040909090909090895","last_synced_commit":"911bad2f1a30fa2066e34810b7c06bfa0422658f"},"previous_names":[],"tags_count":12,"template":false,"template_full_name":null,"purl":"pkg:github/sbaudoin/yamllint","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/sbaudoin%2Fyamllint","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/sbaudoin%2Fyamllint/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/sbaudoin%2Fyamllint/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/sbaudoin%2Fyamllint/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/sbaudoin","download_url":"https://codeload.github.com/sbaudoin/yamllint/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/sbaudoin%2Fyamllint/sbom","scorecard":{"id":802512,"data":{"date":"2025-08-11","repo":{"name":"github.com/sbaudoin/yamllint","commit":"911bad2f1a30fa2066e34810b7c06bfa0422658f"},"scorecard":{"version":"v5.2.1-40-gf6ed084d","commit":"f6ed084d17c9236477efd66e5b258b9d4cc7b389"},"score":2.9,"checks":[{"name":"Dangerous-Workflow","score":-1,"reason":"no workflows found","details":null,"documentation":{"short":"Determines if the project's GitHub Action workflows avoid dangerous patterns.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#dangerous-workflow"}},{"name":"Maintained","score":0,"reason":"0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0","details":null,"documentation":{"short":"Determines if the project is \"actively maintained\".","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#maintained"}},{"name":"Packaging","score":-1,"reason":"packaging workflow not detected","details":["Warn: no GitHub/GitLab publishing workflow detected."],"documentation":{"short":"Determines if the project is published as a package that others can easily download, install, easily update, and uninstall.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#packaging"}},{"name":"Binary-Artifacts","score":10,"reason":"no binaries found in the repo","details":null,"documentation":{"short":"Determines if the project has generated executable (binary) artifacts in the source repository.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#binary-artifacts"}},{"name":"Token-Permissions","score":-1,"reason":"No tokens found","details":null,"documentation":{"short":"Determines if the project's workflows follow the principle of least privilege.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#token-permissions"}},{"name":"Code-Review","score":0,"reason":"Found 0/11 approved changesets -- score normalized to 0","details":null,"documentation":{"short":"Determines if the project requires human code review before pull requests (aka merge requests) are merged.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#code-review"}},{"name":"CII-Best-Practices","score":0,"reason":"no effort to earn an OpenSSF best practices badge detected","details":null,"documentation":{"short":"Determines if the project has an OpenSSF (formerly CII) Best Practices Badge.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#cii-best-practices"}},{"name":"Pinned-Dependencies","score":-1,"reason":"no dependencies found","details":["Info: Possibly incomplete results: error parsing shell code: invalid parameter name: src/main/scripts/bin/yamllint:0"],"documentation":{"short":"Determines if the project has declared and pinned the dependencies of its build process.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#pinned-dependencies"}},{"name":"Security-Policy","score":0,"reason":"security policy file not detected","details":["Warn: no security policy file detected","Warn: no security file to analyze","Warn: no security file to analyze","Warn: no security file to analyze"],"documentation":{"short":"Determines if the project has published a security policy.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#security-policy"}},{"name":"Fuzzing","score":0,"reason":"project is not fuzzed","details":["Warn: no fuzzer integrations found"],"documentation":{"short":"Determines if the project uses fuzzing.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#fuzzing"}},{"name":"License","score":10,"reason":"license file detected","details":["Info: project has a license file: LICENSE.txt:0","Info: FSF or OSI recognized license: Apache License 2.0: LICENSE.txt:0"],"documentation":{"short":"Determines if the project has defined a license.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#license"}},{"name":"Signed-Releases","score":0,"reason":"Project has not signed or included provenance with any releases.","details":["Warn: release artifact v1.6.1 not signed: https://api.github.com/repos/sbaudoin/yamllint/releases/133321805","Warn: release artifact v1.6.0 not signed: https://api.github.com/repos/sbaudoin/yamllint/releases/129056079","Warn: release artifact v1.5.0 not signed: https://api.github.com/repos/sbaudoin/yamllint/releases/56279570","Warn: release artifact v1.4.0 not signed: https://api.github.com/repos/sbaudoin/yamllint/releases/44928459","Warn: release artifact v1.3.1 not signed: https://api.github.com/repos/sbaudoin/yamllint/releases/33604148","Warn: release artifact v1.6.1 does not have provenance: https://api.github.com/repos/sbaudoin/yamllint/releases/133321805","Warn: release artifact v1.6.0 does not have provenance: https://api.github.com/repos/sbaudoin/yamllint/releases/129056079","Warn: release artifact v1.5.0 does not have provenance: https://api.github.com/repos/sbaudoin/yamllint/releases/56279570","Warn: release artifact v1.4.0 does not have provenance: https://api.github.com/repos/sbaudoin/yamllint/releases/44928459","Warn: release artifact v1.3.1 does not have provenance: https://api.github.com/repos/sbaudoin/yamllint/releases/33604148"],"documentation":{"short":"Determines if the project cryptographically signs release artifacts.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#signed-releases"}},{"name":"Branch-Protection","score":-1,"reason":"internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration","details":null,"documentation":{"short":"Determines if the default and release branches are protected with GitHub's branch protection settings.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#branch-protection"}},{"name":"SAST","score":0,"reason":"SAST tool is not run on all commits -- score normalized to 0","details":["Warn: 0 commits out of 30 are checked with a SAST tool"],"documentation":{"short":"Determines if the project uses static code analysis.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#sast"}},{"name":"Vulnerabilities","score":9,"reason":"1 existing vulnerabilities detected","details":["Warn: Project is vulnerable to: GHSA-78wr-2p64-hpwj"],"documentation":{"short":"Determines if the project has open, known unfixed vulnerabilities.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#vulnerabilities"}}]},"last_synced_at":"2025-08-23T10:53:19.550Z","repository_id":38774712,"created_at":"2025-08-23T10:53:19.551Z","updated_at":"2025-08-23T10:53:19.551Z"},"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":279003389,"owners_count":26083579,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","status":"online","status_checked_at":"2025-10-10T02:00:06.843Z","response_time":62,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["lint","linter","yaml","yaml-lint","yamllint"],"created_at":"2024-11-05T20:28:45.408Z","updated_at":"2025-10-10T09:11:28.723Z","avatar_url":"https://github.com/sbaudoin.png","language":"Java","funding_links":[],"categories":[],"sub_categories":[],"readme":"\u003c!---\n Licensed to the Apache Software Foundation (ASF) under one or more\n contributor license agreements.  See the NOTICE file distributed with\n this work for additional information regarding copyright ownership.\n The ASF licenses this file to You under the Apache License, Version 2.0\n (the \"License\"); you may not use this file except in compliance with\n the License.  You may obtain a copy of the License at\n\n      http://www.apache.org/licenses/LICENSE-2.0\n\n Unless required by applicable law or agreed to in writing, software\n distributed under the License is distributed on an \"AS IS\" BASIS,\n WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n See the License for the specific language governing permissions and\n limitations under the License.\n--\u003e\nYAML Lint\n=========\n\n[![Apache License, Version 2.0, January 2004](https://img.shields.io/github/license/apache/maven.svg?label=License)](http://www.apache.org/licenses/LICENSE-2.0)\n[![Maven Central](https://img.shields.io/maven-central/v/com.github.sbaudoin/yamllint.svg?label=Maven%20Central)](https://search.maven.org/#search%7Cgav%7C1%7Cg%3A%22com.github.sbaudoin%22%20AND%20a%3A%22yamllint%22)\n[![Build Status](https://travis-ci.org/sbaudoin/yamllint.svg?branch=master)](https://travis-ci.org/sbaudoin/yamllint)\n[![Sonarcloud Status](https://sonarcloud.io/api/project_badges/measure?project=sbaudoin_yamllint\u0026metric=alert_status)](https://sonarcloud.io/dashboard?id=sbaudoin_yamllint)\n[![Sonarcloud Status](https://sonarcloud.io/api/project_badges/measure?project=sbaudoin_yamllint\u0026metric=coverage)](https://sonarcloud.io/dashboard?id=sbaudoin_yamllint)\n[![javadoc](https://javadoc.io/badge2/com.github.sbaudoin/yamllint/javadoc.svg)](https://javadoc.io/doc/com.github.sbaudoin/yamllint) \n\nYAML lint written in Java.\nIts main purpose is to provide an API and scripts to analyze YAML documents.\nThe YAML documents are syntactically checked as well as against rules. To get the list of rules, please refer to the classes\nof the [`com.github.sbaudoin.yamllint.rules`](src/main/java/com/github/sbaudoin/yamllint/rules) package. Among\nother, we have a rule to check the presence of the start and end YAML document marker, the correct and consistent indentation, etc.\n\n## API usage\n\nMaven dependency:\n\n    \u003cdependency\u003e\n        \u003cgroupId\u003ecom.github.sbaudoin\u003c/groupId\u003e\n        \u003cartifactId\u003eyamllint\u003c/artifactId\u003e\n        \u003cversion\u003e1.6.1\u003c/version\u003e\n    \u003c/dependency\u003e\n\nFor use, please refer to the [JavaDoc](https://javadoc.io/doc/com.github.sbaudoin/yamllint/latest/index.html).\n\nThe class that will mostly interest you is `com.github.sbaudoin.yamllint.Linter`: it contains static methods\nthat can be used to analyze a YAML string or a file.\n\n3 errors levels have been defined: info, warning and error.\n\nThe linter can return only one syntax error per file (once a syntax error has been met we cannot expect a lot from the rest\nof the file with respect to the syntax). It is returned apart, not as part of the so-called \"cosmetic errors\", that represent\nall other errors checked with specific rules.\n\n## Configuration\n\nYAML lint uses [rules](src/main/java/com/github/sbaudoin/yamllint/rules) to check the YAML files. These rules have default\nsettings that can changed or overridden with, whether an instance of `com.github.sbaudoin.yamllint.YamlLintConfig` or a YAML\nconfiguration file if using the batch tool (see below). The expected format for this YAML configuration file is as follows:\n\n    ---\n    yaml-files:\n      - '.*\\.yaml'\n      - '.*\\.yml'\n    \n    ignore: pathspecs\n    \n    rules:\n      \u003crule name\u003e: enable|disable\n        level: info|warning|error\n        ignore: pathspecs\n        rule_conf_param1: value\n        rule_conf_param2: value\n        ...\n      ...\n\nSome details:\n\n- The `yaml-files` block is **optional** and allows you to specify a list of regexp file name patterns used to identify YAML files.\n  The default configuration is to take only the `.yml` and `.yaml` files into account.\n- The `ignore` parameter is also **optional** and allows you do the contrary, i.e. specify regexp patterns to be used to\n  ignore files. It can be defined globally or per rule. Be aware that it is a string, not a list, that contains an expression\n  per line:\n  \n      ignore: |\n        .*\\.txt$\n        foo.bar\n\n- The rule `level` is also **optional** (the default rule level is \"error\").\n- See [the default configuration](src/main/java/resources/conf/default.yaml) to get the default rules' parameter values.\n\n## Batch usage\n\nGet the `.zip` or `.tar.gz` distribution archive, unpack and execute the script corresponding to your platform in the `bin` directory:\n\n    bin/yamllint [options] files/directories\n\nor for Windows:\n\n    bin\\yamllint [options] files/directories\n\nor even like this to lint from the standard input:\n\n    a command | bin/yamllint [options]\n\n**Warning!** The Unix version requires Bash. There is no guaranty that the script will work with other Shell interpreters.\n\nUse the `--help` (or `-h`) option to get help with the complete list of options and values.\n\nBy default, if the terminal supports it, the output is colorized and has the following output format:\n\n    file.yml\n      line:column       level  message  (ruleId)\n      ...\n\nYou can force color with the `-f colored` format; you can force the non-colorized output with `-f standard`.\n\nYou can specify the `-f parsable` on the command line to get a parsable output as follows:\n\n    \u003cfile path\u003e:\u003cline\u003e:\u003ccolumn\u003e:\u003cruleId\u003e:\u003clevel\u003e:\u003cmessage\u003e\n\nThe `-f github` format also provides a parsable output as follows:\n\n    ::\u003clevel\u003e file=\u003cfile path\u003e,line=\u003cline\u003e,col=\u003ccol\u003e::\u003cruleId\u003e\u003cmessage\u003e\n\nThe YAML lint configuration file can be passed in different ways:\n\n- Use the `-d` option to specify a YAML configuration directly on the command line or specify the \"relaxed\" configuration;\n- Use the `-c` option to specify a path to a configuration file;\n- If `-c` is not provided, yamllint will look for a configuration file in the following locations (by order of preference):\n  - `.yamllint`, `.yamllint.yaml` or `.yamllint.yml` in the current working directory\n  - the file referenced by `YAMLLINT_CONFIG_FILE` environment variable if set\n  - `$XDG_CONFIG_HOME/yamllint/config` if the `XDG_CONFIG_HOME` environment variable is set\n  - `~/.config/yamllint/config` if this file exists\n- Finally if no config file is found, the default configuration is applied.\n\nAs a reminder, the default configuration can be found [here](src/main/resources/conf/default.yaml) and the relaxed\nversion [here](src/main/resources/conf/relaxed.yaml).\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fsbaudoin%2Fyamllint","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fsbaudoin%2Fyamllint","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fsbaudoin%2Fyamllint/lists"}