{"id":34129683,"url":"https://github.com/secretflow/scql","last_synced_at":"2026-04-05T17:40:45.743Z","repository":{"id":151791945,"uuid":"598978819","full_name":"secretflow/scql","owner":"secretflow","description":"SCQL  (Secure Collaborative Query Language) is a system that allows multiple distrusting parties to run joint analysis without revealing their private data.","archived":false,"fork":false,"pushed_at":"2026-03-17T03:34:50.000Z","size":33732,"stargazers_count":177,"open_issues_count":22,"forks_count":72,"subscribers_count":4,"default_branch":"main","last_synced_at":"2026-03-17T14:42:34.766Z","etag":null,"topics":["collaborative-analytics","mpc-sql","privacy-enhancing-technology","scql","secure-collaborative-query","secure-querying","sf-sql"],"latest_commit_sha":null,"homepage":"https://www.secretflow.org.cn/docs/scql/en/","language":"Go","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/secretflow.png","metadata":{"files":{"readme":"README.md","changelog":"CHANGELOG.md","contributing":"CONTRIBUTING.md","funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":".github/CODEOWNERS","security":"SECURITY.md","support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":null,"dco":null,"cla":null}},"created_at":"2023-02-08T07:40:19.000Z","updated_at":"2026-03-16T06:35:07.000Z","dependencies_parsed_at":"2023-11-15T10:30:58.012Z","dependency_job_id":"d18ee128-518a-4a03-99eb-4059c466d3ce","html_url":"https://github.com/secretflow/scql","commit_stats":null,"previous_names":[],"tags_count":19,"template":false,"template_full_name":null,"purl":"pkg:github/secretflow/scql","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/secretflow%2Fscql","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/secretflow%2Fscql/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/secretflow%2Fscql/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/secretflow%2Fscql/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/secretflow","download_url":"https://codeload.github.com/secretflow/scql/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/secretflow%2Fscql/sbom","scorecard":{"id":456232,"data":{"date":"2025-08-19T09:18:59Z","repo":{"name":"github.com/secretflow/scql","commit":"971d2c793b1daeeb10ee5b7b30004638acc426a1"},"scorecard":{"version":"v5.0.0","commit":"ea7e27ed41b76ab879c862fa0ca4cc9c61764ee4"},"score":6.9,"checks":[{"name":"Binary-Artifacts","score":10,"reason":"no binaries found in the repo","details":null,"documentation":{"short":"Determines if the project has generated executable (binary) artifacts in the source repository.","url":"https://github.com/ossf/scorecard/blob/ea7e27ed41b76ab879c862fa0ca4cc9c61764ee4/docs/checks.md#binary-artifacts"}},{"name":"Branch-Protection","score":-1,"reason":"internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration","details":null,"documentation":{"short":"Determines if the default and release branches are protected with GitHub's branch protection settings.","url":"https://github.com/ossf/scorecard/blob/ea7e27ed41b76ab879c862fa0ca4cc9c61764ee4/docs/checks.md#branch-protection"}},{"name":"CI-Tests","score":10,"reason":"30 out of 30 merged PRs checked by a CI test -- score normalized to 10","details":null,"documentation":{"short":"Determines if the project runs tests before pull requests are merged.","url":"https://github.com/ossf/scorecard/blob/ea7e27ed41b76ab879c862fa0ca4cc9c61764ee4/docs/checks.md#ci-tests"}},{"name":"CII-Best-Practices","score":0,"reason":"no effort to earn an OpenSSF best practices badge detected","details":null,"documentation":{"short":"Determines if the project has an OpenSSF (formerly CII) Best Practices Badge.","url":"https://github.com/ossf/scorecard/blob/ea7e27ed41b76ab879c862fa0ca4cc9c61764ee4/docs/checks.md#cii-best-practices"}},{"name":"Code-Review","score":10,"reason":"all changesets reviewed","details":null,"documentation":{"short":"Determines if the project requires human code review before pull requests (aka merge requests) are merged.","url":"https://github.com/ossf/scorecard/blob/ea7e27ed41b76ab879c862fa0ca4cc9c61764ee4/docs/checks.md#code-review"}},{"name":"Contributors","score":6,"reason":"project has 2 contributing companies or organizations -- score normalized to 6","details":["Info: secretflow contributor org/company found, nvidia contributor org/company found, "],"documentation":{"short":"Determines if the project has a set of contributors from multiple organizations (e.g., companies).","url":"https://github.com/ossf/scorecard/blob/ea7e27ed41b76ab879c862fa0ca4cc9c61764ee4/docs/checks.md#contributors"}},{"name":"Dangerous-Workflow","score":10,"reason":"no dangerous workflow patterns detected","details":null,"documentation":{"short":"Determines if the project's GitHub Action workflows avoid dangerous patterns.","url":"https://github.com/ossf/scorecard/blob/ea7e27ed41b76ab879c862fa0ca4cc9c61764ee4/docs/checks.md#dangerous-workflow"}},{"name":"Dependency-Update-Tool","score":10,"reason":"update tool detected","details":["Info: detected update tool: RenovateBot: renovate.json:1"],"documentation":{"short":"Determines if the project uses a dependency update tool.","url":"https://github.com/ossf/scorecard/blob/ea7e27ed41b76ab879c862fa0ca4cc9c61764ee4/docs/checks.md#dependency-update-tool"}},{"name":"Fuzzing","score":0,"reason":"project is not fuzzed","details":["Warn: no fuzzer integrations found"],"documentation":{"short":"Determines if the project uses fuzzing.","url":"https://github.com/ossf/scorecard/blob/ea7e27ed41b76ab879c862fa0ca4cc9c61764ee4/docs/checks.md#fuzzing"}},{"name":"License","score":10,"reason":"license file detected","details":["Info: project has a license file: LICENSE:0","Info: FSF or OSI recognized license: Apache License 2.0: LICENSE:0"],"documentation":{"short":"Determines if the project has defined a license.","url":"https://github.com/ossf/scorecard/blob/ea7e27ed41b76ab879c862fa0ca4cc9c61764ee4/docs/checks.md#license"}},{"name":"Maintained","score":10,"reason":"30 commit(s) and 11 issue activity found in the last 90 days -- score normalized to 10","details":null,"documentation":{"short":"Determines if the project is \"actively maintained\".","url":"https://github.com/ossf/scorecard/blob/ea7e27ed41b76ab879c862fa0ca4cc9c61764ee4/docs/checks.md#maintained"}},{"name":"Packaging","score":-1,"reason":"packaging workflow not detected","details":["Warn: no GitHub/GitLab publishing workflow detected."],"documentation":{"short":"Determines if the project is published as a package that others can easily download, install, easily update, and uninstall.","url":"https://github.com/ossf/scorecard/blob/ea7e27ed41b76ab879c862fa0ca4cc9c61764ee4/docs/checks.md#packaging"}},{"name":"Pinned-Dependencies","score":4,"reason":"dependency not pinned by hash detected -- score normalized to 4","details":["Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/docs-publish.yml:28: update your workflow using https://app.stepsecurity.io/secureworkflow/secretflow/scql/docs-publish.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/docs-publish.yml:29: update your workflow using https://app.stepsecurity.io/secureworkflow/secretflow/scql/docs-publish.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/docs-publish.yml:32: update your workflow using https://app.stepsecurity.io/secureworkflow/secretflow/scql/docs-publish.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/govulncheck.yml:28: update your workflow using https://app.stepsecurity.io/secureworkflow/secretflow/scql/govulncheck.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/whitespace-check.yml:16: update your workflow using https://app.stepsecurity.io/secureworkflow/secretflow/scql/whitespace-check.yml/main?enable=pin","Warn: containerImage not pinned by hash: .devcontainer/Dockerfile:1: pin your Docker image by updating secretflow/ubuntu-base-ci:latest to secretflow/ubuntu-base-ci:latest@sha256:287cd98a952bd2b6eb08214db8ade6d5b2a287c2221346bdcf54be4980666a3a","Warn: containerImage not pinned by hash: docker/scql-anolis.Dockerfile:1","Warn: containerImage not pinned by hash: docker/scql-anolis.Dockerfile:25","Warn: containerImage not pinned by hash: docker/scql-anolis.Dockerfile:56","Warn: containerImage not pinned by hash: docker/scql-ubuntu.Dockerfile:1","Warn: containerImage not pinned by hash: docker/scql-ubuntu.Dockerfile:22","Warn: containerImage not pinned by hash: docker/scql-ubuntu.Dockerfile:51","Warn: goCommand not pinned by hash: docker/scql-anolis.Dockerfile:49","Warn: goCommand not pinned by hash: docker/scql-ubuntu.Dockerfile:46","Warn: pipCommand not pinned by hash: .ci/script/ensure_binary_safety.sh:21","Warn: goCommand not pinned by hash: api/generate_proto.sh:37","Warn: pipCommand not pinned by hash: .github/workflows/docs-publish.yml:39","Info:  14 out of  18 GitHub-owned GitHubAction dependencies pinned","Info:   9 out of  10 third-party GitHubAction dependencies pinned","Info:   0 out of   7 containerImage dependencies pinned","Info:   0 out of   3 goCommand dependencies pinned","Info:   0 out of   2 pipCommand dependencies pinned"],"documentation":{"short":"Determines if the project has declared and pinned the dependencies of its build process.","url":"https://github.com/ossf/scorecard/blob/ea7e27ed41b76ab879c862fa0ca4cc9c61764ee4/docs/checks.md#pinned-dependencies"}},{"name":"SAST","score":10,"reason":"SAST tool is run on all commits","details":["Info: SAST configuration detected: CodeQL","Info: all commits (30) are checked with a SAST tool"],"documentation":{"short":"Determines if the project uses static code analysis.","url":"https://github.com/ossf/scorecard/blob/ea7e27ed41b76ab879c862fa0ca4cc9c61764ee4/docs/checks.md#sast"}},{"name":"Security-Policy","score":10,"reason":"security policy file detected","details":["Info: security policy file detected: SECURITY.md:1","Info: Found linked content: SECURITY.md:1","Info: Found disclosure, vulnerability, and/or timelines in security policy: SECURITY.md:1","Info: Found text in security policy: SECURITY.md:1"],"documentation":{"short":"Determines if the project has published a security policy.","url":"https://github.com/ossf/scorecard/blob/ea7e27ed41b76ab879c862fa0ca4cc9c61764ee4/docs/checks.md#security-policy"}},{"name":"Signed-Releases","score":-1,"reason":"no releases found","details":null,"documentation":{"short":"Determines if the project cryptographically signs release artifacts.","url":"https://github.com/ossf/scorecard/blob/ea7e27ed41b76ab879c862fa0ca4cc9c61764ee4/docs/checks.md#signed-releases"}},{"name":"Token-Permissions","score":0,"reason":"detected GitHub workflow tokens with excessive permissions","details":["Info: jobLevel 'actions' permission set to 'read': .github/workflows/codeql.yml:31","Info: jobLevel 'contents' permission set to 'read': .github/workflows/codeql.yml:32","Info: jobLevel 'contents' permission set to 'read': .github/workflows/scorecards.yml:29","Info: jobLevel 'actions' permission set to 'read': .github/workflows/scorecards.yml:30","Info: jobLevel 'issues' permission set to 'read': .github/workflows/scorecards.yml:32","Info: jobLevel 'pull-requests' permission set to 'read': .github/workflows/scorecards.yml:33","Info: jobLevel 'checks' permission set to 'read': .github/workflows/scorecards.yml:35","Info: topLevel 'contents' permission set to 'read': .github/workflows/black.yml:15","Info: topLevel 'contents' permission set to 'read': .github/workflows/buildifier.yml:11","Warn: no topLevel permission defined: .github/workflows/cla.yml:1","Info: topLevel 'contents' permission set to 'read': .github/workflows/clang-format-linter.yml:23","Info: topLevel 'contents' permission set to 'read': .github/workflows/codeql.yml:24","Info: topLevel 'contents' permission set to 'read': .github/workflows/dependency-review.yml:13","Info: topLevel 'contents' permission set to 'read': .github/workflows/docs-check.yml:16","Info: topLevel 'pull-requests' permission set to 'read': .github/workflows/docs-check.yml:17","Warn: no topLevel permission defined: .github/workflows/docs-publish.yml:1","Info: topLevel 'contents' permission set to 'read': .github/workflows/golangci-lint.yml:24","Info: topLevel 'pull-requests' permission set to 'read': .github/workflows/golangci-lint.yml:26","Warn: no topLevel permission defined: .github/workflows/govulncheck.yml:1","Info: topLevel 'contents' permission set to 'read': .github/workflows/license-check.yml:11","Warn: no topLevel permission defined: .github/workflows/oscp.yml:1","Info: topLevel permissions set to 'read-all': .github/workflows/scorecards.yml:18","Warn: no topLevel permission defined: .github/workflows/stale.yml:1","Warn: no topLevel permission defined: .github/workflows/trigger-ci-cov.yml:1","Warn: no topLevel permission defined: .github/workflows/trigger-ci-regtest.yml:1","Warn: no topLevel permission defined: .github/workflows/trigger-ci-release.yml:1","Warn: no topLevel permission defined: .github/workflows/trigger-ci-ut.yml:1","Warn: no topLevel permission defined: .github/workflows/whitespace-check.yml:1","Info: topLevel 'contents' permission set to 'read': .github/workflows/yaml-linter.yml:11","Info: no jobLevel write permissions found"],"documentation":{"short":"Determines if the project's workflows follow the principle of least privilege.","url":"https://github.com/ossf/scorecard/blob/ea7e27ed41b76ab879c862fa0ca4cc9c61764ee4/docs/checks.md#token-permissions"}},{"name":"Vulnerabilities","score":0,"reason":"19 existing vulnerabilities detected","details":["Warn: Project is vulnerable to: GHSA-7q8x-38mc-p84f / PYSEC-2010-1","Warn: Project is vulnerable to: GHSA-v973-fxgf-6xhp / PYSEC-2022-260","Warn: Project is vulnerable to: GHSA-8q59-q68h-6hv4 / PYSEC-2021-142","Warn: Project is vulnerable to: GHSA-rprw-h62v-c2w7 / PYSEC-2018-49","Warn: Project is vulnerable to: PYSEC-2020-73","Warn: Project is vulnerable to: GHSA-8h2j-cgx8-6xv7 / PYSEC-2021-100","Warn: Project is vulnerable to: PYSEC-2024-38","Warn: Project is vulnerable to: GHSA-462w-v97r-4m45 / PYSEC-2019-217","Warn: Project is vulnerable to: GHSA-8r7q-cvjq-x353 / PYSEC-2014-8","Warn: Project is vulnerable to: GHSA-cpwx-vrp4-4pq7","Warn: Project is vulnerable to: GHSA-fqh9-2qgg-h84h / PYSEC-2014-82","Warn: Project is vulnerable to: GHSA-g3rq-g295-4j3m / PYSEC-2021-66","Warn: Project is vulnerable to: GHSA-h5c8-rqwp-cp95","Warn: Project is vulnerable to: GHSA-h75v-3vvj-5mfj","Warn: Project is vulnerable to: GHSA-hj2j-77xm-mc5v / PYSEC-2019-220","Warn: Project is vulnerable to: GHSA-q2x7-8rv6-6q7h","Warn: Project is vulnerable to: GHSA-33c7-2mpw-hg34 / PYSEC-2020-150","Warn: Project is vulnerable to: GHSA-f97h-2pfx-f59f / PYSEC-2020-151","Warn: Project is vulnerable to: GHSA-4vq8-7jfc-9cvp / GO-2025-3829"],"documentation":{"short":"Determines if the project has open, known unfixed vulnerabilities.","url":"https://github.com/ossf/scorecard/blob/ea7e27ed41b76ab879c862fa0ca4cc9c61764ee4/docs/checks.md#vulnerabilities"}}]},"last_synced_at":"2025-08-19T09:45:19.241Z","repository_id":151791945,"created_at":"2025-08-19T09:45:19.241Z","updated_at":"2025-08-19T09:45:19.241Z"},"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":31444702,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-04-05T15:22:31.103Z","status":"ssl_error","status_checked_at":"2026-04-05T15:22:00.205Z","response_time":75,"last_error":"SSL_connect returned=1 errno=0 peeraddr=140.82.121.5:443 state=error: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["collaborative-analytics","mpc-sql","privacy-enhancing-technology","scql","secure-collaborative-query","secure-querying","sf-sql"],"created_at":"2025-12-15T00:11:49.679Z","updated_at":"2026-04-05T17:40:45.730Z","avatar_url":"https://github.com/secretflow.png","language":"Go","funding_links":[],"categories":[],"sub_categories":[],"readme":"# SCQL\n\n[![CircleCI](https://dl.circleci.com/status-badge/img/gh/secretflow/scql/tree/main.svg?style=svg)](https://dl.circleci.com/status-badge/redirect/gh/secretflow/scql/tree/main)\n\nSecure Collaborative Query Language (SCQL) is a system that translates SQL statements into Secure Multiparty Computation (SMC) primitives and executes them on a federation of database systems.\n\n\u003e **Note**: If you are looking for SCQL 1.0, please check the [1.x branch](https://github.com/secretflow/scql/tree/release/1.x).\n\n![SCQL Workflow](./docs/imgs/scql_workflow.png)\n\n## Documentation\n\n- [Documentation in English](https://www.secretflow.org.cn/en/docs/scql)\n- [中文文档](https://www.secretflow.org.cn/zh-CN/docs/scql/)\n\n## Docker Image Release\n\n- Official release docker image: [secretflow/scql](https://hub.docker.com/r/secretflow/scql/tags)\n- We also have images at Alibaba Cloud: secretflow-registry.cn-hangzhou.cr.aliyuncs.com/secretflow/scql:[tag]\n\n## Contribution Guidelines\n\nIf you would like to contribute to SCQL, please see the [Contribution guidelines](CONTRIBUTING.md).\n\nThis documentation also contains instructions for [build and testing](CONTRIBUTING.md#build)\n\n## Hardware Requirements\n\nThe following requirements only apply to SCQLEngine.\n\n- CPU\n  - x86_64: minimum required AVX instruction set. For FourQ based PSI, the AVX2 instruction set is required.\n\n## Disclaimer\n\nNon-release versions of SCQL are prohibited to use in any production environment due to possible bugs, glitches, lack of functionality, security issues or other problems.\n\n## Citing SCQL\n\nIf you think SCQL is helpful for your research or development, please consider citing our [paper](https://www.vldb.org/pvldb/vol17/p3987-fang.pdf):\n\n```text\n@article{scql,\n  author       = {Wenjing Fang and\n                  Shunde Cao and\n                  Guojin Hua and\n                  Junming Ma and\n                  Yongqiang Yu and\n                  Qunshan Huang and\n                  Jun Feng and\n                  Jin Tan and\n                  Xiaopeng Zan and\n                  Pu Duan and\n                  Yang Yang and\n                  Li Wang and\n                  Ke Zhang and\n                  Lei Wang},\n  title        = {SecretFlow-SCQL: {A} Secure Collaborative Query pLatform},\n  journal      = {Proc. VLDB Endow.},\n  volume       = {17},\n  number       = {12},\n  pages        = {3987--4000},\n  year         = {2024},\n  url          = {https://www.vldb.org/pvldb/vol17/p3987-fang.pdf},\n}\n```\n\n## Acknowledgments\n\n- Thanks [TiDB](https://github.com/pingcap/tidb) for providing a powerful SQL parser and planner.\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fsecretflow%2Fscql","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fsecretflow%2Fscql","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fsecretflow%2Fscql/lists"}