{"id":13566535,"url":"https://github.com/sbt/sbt","last_synced_at":"2026-04-13T09:01:14.291Z","repository":{"id":638118,"uuid":"279553","full_name":"sbt/sbt","owner":"sbt","description":"sbt, the interactive build tool","archived":false,"fork":false,"pushed_at":"2026-04-07T05:04:22.000Z","size":53283,"stargazers_count":4915,"open_issues_count":465,"forks_count":1022,"subscribers_count":154,"default_branch":"develop","last_synced_at":"2026-04-07T07:49:23.286Z","etag":null,"topics":["build-tool","sbt","scala","zinc"],"latest_commit_sha":null,"homepage":"https://scala-sbt.org","language":"Scala","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/sbt.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":"CONTRIBUTING.md","funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":"SUPPORT.md","governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":"NOTICE","maintainers":null,"copyright":null,"agents":"AGENTS.md","dco":null,"cla":null}},"created_at":"2009-08-17T00:31:14.000Z","updated_at":"2026-04-06T18:40:47.000Z","dependencies_parsed_at":"2025-12-07T02:00:43.086Z","dependency_job_id":null,"html_url":"https://github.com/sbt/sbt","commit_stats":{"total_commits":8963,"total_committers":432,"mean_commits":"20.747685185185187","dds":0.7004351221689167,"last_synced_commit":"586e0a752cd5d0f0335deaa910c4355e0e0a0e56"},"previous_names":[],"tags_count":326,"template":false,"template_full_name":null,"purl":"pkg:github/sbt/sbt","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/sbt%2Fsbt","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/sbt%2Fsbt/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/sbt%2Fsbt/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/sbt%2Fsbt/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/sbt","download_url":"https://codeload.github.com/sbt/sbt/tar.gz/refs/heads/develop","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/sbt%2Fsbt/sbom","scorecard":{"id":111644,"data":{"date":"2025-08-04","repo":{"name":"github.com/sbt/sbt","commit":"d7d2a6f0d481a013e7b27c3d325e983b9fa43e67"},"scorecard":{"version":"v5.2.1-28-gc1d103a9","commit":"c1d103a9bb9f635ec7260bf9aa0699466fa4be0e"},"score":4.2,"checks":[{"name":"Maintained","score":10,"reason":"30 commit(s) and 9 issue activity found in the last 90 days -- score normalized to 10","details":null,"documentation":{"short":"Determines if the project is \"actively maintained\".","url":"https://github.com/ossf/scorecard/blob/c1d103a9bb9f635ec7260bf9aa0699466fa4be0e/docs/checks.md#maintained"}},{"name":"Code-Review","score":0,"reason":"Found 1/13 approved changesets -- score normalized to 0","details":null,"documentation":{"short":"Determines if the project requires human code review before pull requests (aka merge requests) are merged.","url":"https://github.com/ossf/scorecard/blob/c1d103a9bb9f635ec7260bf9aa0699466fa4be0e/docs/checks.md#code-review"}},{"name":"Packaging","score":-1,"reason":"packaging workflow not detected","details":["Warn: no GitHub/GitLab publishing workflow detected."],"documentation":{"short":"Determines if the project is published as a package that others can easily download, install, easily update, and uninstall.","url":"https://github.com/ossf/scorecard/blob/c1d103a9bb9f635ec7260bf9aa0699466fa4be0e/docs/checks.md#packaging"}},{"name":"Dangerous-Workflow","score":10,"reason":"no dangerous workflow patterns detected","details":null,"documentation":{"short":"Determines if the project's GitHub Action workflows avoid dangerous patterns.","url":"https://github.com/ossf/scorecard/blob/c1d103a9bb9f635ec7260bf9aa0699466fa4be0e/docs/checks.md#dangerous-workflow"}},{"name":"Token-Permissions","score":0,"reason":"detected GitHub workflow tokens with excessive permissions","details":["Warn: jobLevel 'contents' permission set to 'write': .github/workflows/dependency-graph.yml:10","Info: topLevel 'contents' permission set to 'read': .github/workflows/ci.yml:7","Warn: no topLevel permission defined: .github/workflows/cla.yml:1","Info: found token with 'none' permissions: .github/workflows/dependency-graph.yml:1","Info: topLevel 'contents' permission set to 'read': .github/workflows/nightly.yml:9","Warn: no topLevel permission defined: .github/workflows/winget.yml:1"],"documentation":{"short":"Determines if the project's workflows follow the principle of least privilege.","url":"https://github.com/ossf/scorecard/blob/c1d103a9bb9f635ec7260bf9aa0699466fa4be0e/docs/checks.md#token-permissions"}},{"name":"CII-Best-Practices","score":0,"reason":"no effort to earn an OpenSSF best practices badge detected","details":null,"documentation":{"short":"Determines if the project has an OpenSSF (formerly CII) Best Practices Badge.","url":"https://github.com/ossf/scorecard/blob/c1d103a9bb9f635ec7260bf9aa0699466fa4be0e/docs/checks.md#cii-best-practices"}},{"name":"License","score":10,"reason":"license file detected","details":["Info: project has a license file: LICENSE:0","Info: FSF or OSI recognized license: Apache License 2.0: LICENSE:0"],"documentation":{"short":"Determines if the project has defined a license.","url":"https://github.com/ossf/scorecard/blob/c1d103a9bb9f635ec7260bf9aa0699466fa4be0e/docs/checks.md#license"}},{"name":"Fuzzing","score":0,"reason":"project is not fuzzed","details":["Warn: no fuzzer integrations found"],"documentation":{"short":"Determines if the project uses fuzzing.","url":"https://github.com/ossf/scorecard/blob/c1d103a9bb9f635ec7260bf9aa0699466fa4be0e/docs/checks.md#fuzzing"}},{"name":"Vulnerabilities","score":10,"reason":"0 existing vulnerabilities detected","details":null,"documentation":{"short":"Determines if the project has open, known unfixed vulnerabilities.","url":"https://github.com/ossf/scorecard/blob/c1d103a9bb9f635ec7260bf9aa0699466fa4be0e/docs/checks.md#vulnerabilities"}},{"name":"Binary-Artifacts","score":0,"reason":"binaries present in source code","details":["Warn: binary detected: sbt-app/src/sbt-test/classloader-cache/jni/src/main/resources/1/libsbt-jni-library-test0.dylib:1","Warn: binary detected: sbt-app/src/sbt-test/classloader-cache/jni/src/main/resources/1/libsbt-jni-library-test0.so:1","Warn: binary detected: sbt-app/src/sbt-test/classloader-cache/jni/src/main/resources/2/libsbt-jni-library-test0.dylib:1","Warn: binary detected: sbt-app/src/sbt-test/classloader-cache/jni/src/main/resources/2/libsbt-jni-library-test0.so:1","Warn: binary detected: sbt-app/src/sbt-test/classloader-cache/jni/src/main/resources/native/x86_64/libswoval-jni-library-test0.dylib:1","Warn: binary detected: sbt-app/src/sbt-test/classloader-cache/library-mismatch/libraries/ivy/sbt/foo-lib/0.1.0/foo-lib-0.1.0-javadoc.jar:1","Warn: binary detected: sbt-app/src/sbt-test/classloader-cache/library-mismatch/libraries/ivy/sbt/foo-lib/0.1.0/foo-lib-0.1.0-sources.jar:1","Warn: binary detected: sbt-app/src/sbt-test/classloader-cache/library-mismatch/libraries/ivy/sbt/foo-lib/0.1.0/foo-lib-0.1.0.jar:1","Warn: binary detected: sbt-app/src/sbt-test/classloader-cache/library-mismatch/libraries/ivy/sbt/foo-lib/0.2.0/foo-lib-0.2.0-javadoc.jar:1","Warn: binary detected: sbt-app/src/sbt-test/classloader-cache/library-mismatch/libraries/ivy/sbt/foo-lib/0.2.0/foo-lib-0.2.0-sources.jar:1","Warn: binary detected: sbt-app/src/sbt-test/classloader-cache/library-mismatch/libraries/ivy/sbt/foo-lib/0.2.0/foo-lib-0.2.0.jar:1","Warn: binary detected: sbt-app/src/sbt-test/classloader-cache/library-mismatch/libraries/ivy/sbt/transitive-lib/0.1.0/transitive-lib-0.1.0-javadoc.jar:1","Warn: binary detected: sbt-app/src/sbt-test/classloader-cache/library-mismatch/libraries/ivy/sbt/transitive-lib/0.1.0/transitive-lib-0.1.0-sources.jar:1","Warn: binary detected: sbt-app/src/sbt-test/classloader-cache/library-mismatch/libraries/ivy/sbt/transitive-lib/0.1.0/transitive-lib-0.1.0.jar:1","Warn: binary detected: sbt-app/src/sbt-test/classloader-cache/resources/libraries/foo/ivy/sbt/foo-lib_2.12/0.1.0/foo-lib_2.12-0.1.0-javadoc.jar:1","Warn: binary detected: sbt-app/src/sbt-test/classloader-cache/resources/libraries/foo/ivy/sbt/foo-lib_2.12/0.1.0/foo-lib_2.12-0.1.0-sources.jar:1","Warn: binary detected: sbt-app/src/sbt-test/classloader-cache/resources/libraries/foo/ivy/sbt/foo-lib_2.12/0.1.0/foo-lib_2.12-0.1.0.jar:1","Warn: binary detected: sbt-app/src/sbt-test/dependency-management/default-artifact/repo/a/b/1.0.0/b1.jar:1","Warn: binary detected: sbt-app/src/sbt-test/dependency-management/default-artifact/repo/a/b/1.0.0/b2.jar:1","Warn: binary detected: sbt-app/src/sbt-test/source-dependencies/canon/actual/a.jar:1"],"documentation":{"short":"Determines if the project has generated executable (binary) artifacts in the source repository.","url":"https://github.com/ossf/scorecard/blob/c1d103a9bb9f635ec7260bf9aa0699466fa4be0e/docs/checks.md#binary-artifacts"}},{"name":"Branch-Protection","score":-1,"reason":"internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration","details":null,"documentation":{"short":"Determines if the default and release branches are protected with GitHub's branch protection settings.","url":"https://github.com/ossf/scorecard/blob/c1d103a9bb9f635ec7260bf9aa0699466fa4be0e/docs/checks.md#branch-protection"}},{"name":"Security-Policy","score":0,"reason":"security policy file not detected","details":["Warn: no security policy file detected","Warn: no security file to analyze","Warn: no security file to analyze","Warn: no security file to analyze"],"documentation":{"short":"Determines if the project has published a security policy.","url":"https://github.com/ossf/scorecard/blob/c1d103a9bb9f635ec7260bf9aa0699466fa4be0e/docs/checks.md#security-policy"}},{"name":"Signed-Releases","score":8,"reason":"5 out of the last 5 releases have a total of 5 signed artifacts.","details":["Info: signed release artifact: sbt-1.11.4.msi.asc: https://github.com/sbt/sbt/releases/tag/v1.11.4","Info: signed release artifact: sbt-1.11.3.msi.asc: https://github.com/sbt/sbt/releases/tag/v1.11.3","Info: signed release artifact: sbt-1.11.2.msi.asc: https://github.com/sbt/sbt/releases/tag/v1.11.2","Info: signed release artifact: sbt-1.11.1.msi.asc: https://github.com/sbt/sbt/releases/tag/v1.11.1","Info: signed release artifact: sbt-1.11.0.msi.asc: https://github.com/sbt/sbt/releases/tag/v1.11.0","Warn: release artifact v1.11.4 does not have provenance: https://api.github.com/repos/sbt/sbt/releases/237300523","Warn: release artifact v1.11.3 does not have provenance: https://api.github.com/repos/sbt/sbt/releases/230230351","Warn: release artifact v1.11.2 does not have provenance: https://api.github.com/repos/sbt/sbt/releases/223818146","Warn: release artifact v1.11.1 does not have provenance: https://api.github.com/repos/sbt/sbt/releases/222326434","Warn: release artifact v1.11.0 does not have provenance: https://api.github.com/repos/sbt/sbt/releases/220774263"],"documentation":{"short":"Determines if the project cryptographically signs release artifacts.","url":"https://github.com/ossf/scorecard/blob/c1d103a9bb9f635ec7260bf9aa0699466fa4be0e/docs/checks.md#signed-releases"}},{"name":"Pinned-Dependencies","score":0,"reason":"dependency not pinned by hash detected -- score normalized to 0","details":["Info: Possibly incomplete results: error parsing shell code: invalid UTF-8 encoding: launcher-package/bin/coursier:0","Info: Possibly incomplete results: error parsing shell code: invalid UTF-8 encoding: sbt-app/src/sbt-test/dependency-management/exclude-dependencies2/coursier:0","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:81: update your workflow using https://app.stepsecurity.io/secureworkflow/sbt/sbt/ci.yml/develop?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:86: update your workflow using https://app.stepsecurity.io/secureworkflow/sbt/sbt/ci.yml/develop?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:92: update your workflow using https://app.stepsecurity.io/secureworkflow/sbt/sbt/ci.yml/develop?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:98: update your workflow using https://app.stepsecurity.io/secureworkflow/sbt/sbt/ci.yml/develop?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/ci.yml:103: update your workflow using https://app.stepsecurity.io/secureworkflow/sbt/sbt/ci.yml/develop?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:105: update your workflow using https://app.stepsecurity.io/secureworkflow/sbt/sbt/ci.yml/develop?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/ci.yml:109: update your workflow using https://app.stepsecurity.io/secureworkflow/sbt/sbt/ci.yml/develop?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/ci.yml:116: update your workflow using https://app.stepsecurity.io/secureworkflow/sbt/sbt/ci.yml/develop?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/cla.yml:8: update your workflow using https://app.stepsecurity.io/secureworkflow/sbt/sbt/cla.yml/develop?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/dependency-graph.yml:15: update your workflow using https://app.stepsecurity.io/secureworkflow/sbt/sbt/dependency-graph.yml/develop?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/dependency-graph.yml:16: update your workflow using https://app.stepsecurity.io/secureworkflow/sbt/sbt/dependency-graph.yml/develop?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/dependency-graph.yml:17: update your workflow using https://app.stepsecurity.io/secureworkflow/sbt/sbt/dependency-graph.yml/develop?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/lock-thread.yml:21: update your workflow using https://app.stepsecurity.io/secureworkflow/sbt/sbt/lock-thread.yml/develop?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/nightly.yml:24: update your workflow using https://app.stepsecurity.io/secureworkflow/sbt/sbt/nightly.yml/develop?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/nightly.yml:26: update your workflow using https://app.stepsecurity.io/secureworkflow/sbt/sbt/nightly.yml/develop?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/nightly.yml:32: update your workflow using https://app.stepsecurity.io/secureworkflow/sbt/sbt/nightly.yml/develop?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/nightly.yml:38: update your workflow using https://app.stepsecurity.io/secureworkflow/sbt/sbt/nightly.yml/develop?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/nightly.yml:43: update your workflow using https://app.stepsecurity.io/secureworkflow/sbt/sbt/nightly.yml/develop?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/winget.yml:9: update your workflow using https://app.stepsecurity.io/secureworkflow/sbt/sbt/winget.yml/develop?enable=pin","Info:   0 out of  10 GitHub-owned GitHubAction dependencies pinned","Info:   0 out of   9 third-party GitHubAction dependencies pinned"],"documentation":{"short":"Determines if the project has declared and pinned the dependencies of its build process.","url":"https://github.com/ossf/scorecard/blob/c1d103a9bb9f635ec7260bf9aa0699466fa4be0e/docs/checks.md#pinned-dependencies"}},{"name":"SAST","score":0,"reason":"SAST tool is not run on all commits -- score normalized to 0","details":["Warn: 0 commits out of 30 are checked with a SAST tool"],"documentation":{"short":"Determines if the project uses static code analysis.","url":"https://github.com/ossf/scorecard/blob/c1d103a9bb9f635ec7260bf9aa0699466fa4be0e/docs/checks.md#sast"}}]},"last_synced_at":"2025-08-15T12:23:59.111Z","repository_id":638118,"created_at":"2025-08-15T12:23:59.112Z","updated_at":"2025-08-15T12:23:59.112Z"},"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":31746113,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-04-13T06:26:45.479Z","status":"ssl_error","status_checked_at":"2026-04-13T06:26:44.645Z","response_time":93,"last_error":"SSL_read: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["build-tool","sbt","scala","zinc"],"created_at":"2024-08-01T13:02:11.546Z","updated_at":"2026-04-13T09:01:14.277Z","avatar_url":"https://github.com/sbt.png","language":"Scala","readme":"[![CI](https://github.com/sbt/sbt/actions/workflows/ci.yml/badge.svg)](https://github.com/sbt/sbt/actions/workflows/ci.yml)\n[![Latest version](https://img.shields.io/github/tag/sbt/sbt.svg)](https://index.scala-lang.org/sbt/sbt)\n[![Discord](https://img.shields.io/discord/632150470000902164?label=Discord%20%23sbt)](https://discord.com/channels/632150470000902164/922600050989875282)\n\n  [sbt/sbt-zero-seven]: https://github.com/sbt/sbt-zero-seven\n  [CONTRIBUTING]: CONTRIBUTING.md\n  [contributing-docs]: contributing-docs/README.md\n  [Setup]: https://www.scala-sbt.org/release/docs/Getting-Started/Setup\n  [FAQ]: https://www.scala-sbt.org/release/docs/Faq.html\n  [sbt-dev]: https://groups.google.com/d/forum/sbt-dev\n  [searching]: https://stackoverflow.com/tags/sbt\n  [asking]: https://stackoverflow.com/questions/ask?tags=sbt\n  [LICENSE]: LICENSE\n  [sbt/io]: https://github.com/sbt/io\n  [sbt/zinc]: https://github.com/sbt/zinc\n  [sbt/sbt]: https://github.com/sbt/sbt\n\nsbt\n===\n\nsbt is a build tool for Scala, Java, and more.\n\nFor general documentation, see https://www.scala-sbt.org/.\n\nsbt 2.x\n---------\n\nThis is the 2.x series of sbt. The source code of sbt is split across\nseveral GitHub repositories, including this one.\n\n- [sbt/io][sbt/io] hosts `sbt.io` module.\n- [sbt/zinc][sbt/zinc] hosts Zinc, an incremental compiler for Scala.\n- [sbt/sbt][sbt/sbt], this repository hosts modules that implement the build tool.\n\n### Other links\n\n * [Setup]: Describes getting started with the latest binary release.\n * [FAQ]: Explains how to get help and more.\n * [sbt/sbt-zero-seven]: hosts sbt 0.7.7 and earlier versions\n\nIssues and Pull Requests\n------------------------\n\nPlease read [CONTRIBUTING] carefully before opening a GitHub Issue or a pull request.\n\nIf you're looking for an idea for a contribution, issues labeled with\n[good first issue](https://github.com/sbt/sbt/issues?q=is%3Aissue+is%3Aopen+label%3A%22good+first+issue%22) or\n[help wanted](https://github.com/sbt/sbt/issues?q=is%3Aissue+is%3Aopen+label%3A%22help+wanted%22) might be good starting points.\n\nIf you would like to ask questions about sbt, there's [sbt channel on Scala Discord](https://discord.com/invite/scala),\nbut it would be good to gather questions on [Stackoverflow](https://stackoverflow.com/questions/tagged/sbt).\n\nlicense\n-------\n\nSee [LICENSE].\n","funding_links":[],"categories":["Scala","构建工具","Table of Contents"],"sub_categories":["Tools"],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fsbt%2Fsbt","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fsbt%2Fsbt","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fsbt%2Fsbt/lists"}