{"id":20875217,"url":"https://github.com/smallrye/smallrye-parent","last_synced_at":"2026-04-27T18:01:18.474Z","repository":{"id":33314381,"uuid":"135302708","full_name":"smallrye/smallrye-parent","owner":"smallrye","description":"Maven Parent POM","archived":false,"fork":false,"pushed_at":"2026-04-21T10:51:16.000Z","size":702,"stargazers_count":6,"open_issues_count":1,"forks_count":19,"subscribers_count":11,"default_branch":"main","last_synced_at":"2026-04-21T12:42:54.093Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":"","language":null,"has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/smallrye.png","metadata":{"files":{"readme":"README.adoc","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":"CODEOWNERS","security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":null,"dco":null,"cla":null}},"created_at":"2018-05-29T13:46:44.000Z","updated_at":"2026-04-21T10:51:17.000Z","dependencies_parsed_at":"2023-01-15T00:27:59.553Z","dependency_job_id":"f5c5d22d-88ee-4987-93a2-0023da80ad32","html_url":"https://github.com/smallrye/smallrye-parent","commit_stats":null,"previous_names":[],"tags_count":48,"template":false,"template_full_name":null,"purl":"pkg:github/smallrye/smallrye-parent","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/smallrye%2Fsmallrye-parent","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/smallrye%2Fsmallrye-parent/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/smallrye%2Fsmallrye-parent/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/smallrye%2Fsmallrye-parent/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/smallrye","download_url":"https://codeload.github.com/smallrye/smallrye-parent/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/smallrye%2Fsmallrye-parent/sbom","scorecard":{"id":832450,"data":{"date":"2025-08-11","repo":{"name":"github.com/smallrye/smallrye-parent","commit":"af788322ae5d96c5588dd596dcf50ef1ecd167ed"},"scorecard":{"version":"v5.2.1-40-gf6ed084d","commit":"f6ed084d17c9236477efd66e5b258b9d4cc7b389"},"score":6.4,"checks":[{"name":"Binary-Artifacts","score":10,"reason":"no binaries found in the repo","details":null,"documentation":{"short":"Determines if the project has generated executable (binary) artifacts in the source repository.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#binary-artifacts"}},{"name":"Maintained","score":10,"reason":"22 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 10","details":null,"documentation":{"short":"Determines if the project is \"actively maintained\".","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#maintained"}},{"name":"Code-Review","score":10,"reason":"all changesets reviewed","details":null,"documentation":{"short":"Determines if the project requires human code review before pull requests (aka merge requests) are merged.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#code-review"}},{"name":"Packaging","score":-1,"reason":"packaging workflow not detected","details":["Warn: no GitHub/GitLab publishing workflow detected."],"documentation":{"short":"Determines if the project is published as a package that others can easily download, install, easily update, and uninstall.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#packaging"}},{"name":"Dangerous-Workflow","score":10,"reason":"no dangerous workflow patterns detected","details":null,"documentation":{"short":"Determines if the project's GitHub Action workflows avoid dangerous patterns.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#dangerous-workflow"}},{"name":"Pinned-Dependencies","score":0,"reason":"dependency not pinned by hash detected -- score normalized to 0","details":["Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build.yml:21: update your workflow using https://app.stepsecurity.io/secureworkflow/smallrye/smallrye-parent/build.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build.yml:26: update your workflow using https://app.stepsecurity.io/secureworkflow/smallrye/smallrye-parent/build.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build.yml:41: update your workflow using https://app.stepsecurity.io/secureworkflow/smallrye/smallrye-parent/build.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build.yml:54: update your workflow using https://app.stepsecurity.io/secureworkflow/smallrye/smallrye-parent/build.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build.yml:67: update your workflow using https://app.stepsecurity.io/secureworkflow/smallrye/smallrye-parent/build.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build.yml:80: update your workflow using https://app.stepsecurity.io/secureworkflow/smallrye/smallrye-parent/build.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/prepare-release.yml:17: update your workflow using https://app.stepsecurity.io/secureworkflow/smallrye/smallrye-parent/prepare-release.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/release.yml:25: update your workflow using https://app.stepsecurity.io/secureworkflow/smallrye/smallrye-parent/release.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/review-release.yml:14: update your workflow using https://app.stepsecurity.io/secureworkflow/smallrye/smallrye-parent/review-release.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/review-release.yml:27: update your workflow using https://app.stepsecurity.io/secureworkflow/smallrye/smallrye-parent/review-release.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/update-milestone.yml:14: update your workflow using https://app.stepsecurity.io/secureworkflow/smallrye/smallrye-parent/update-milestone.yml/main?enable=pin","Info:   0 out of   6 GitHub-owned GitHubAction dependencies pinned","Info:   0 out of   5 third-party GitHubAction dependencies pinned"],"documentation":{"short":"Determines if the project has declared and pinned the dependencies of its build process.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#pinned-dependencies"}},{"name":"Token-Permissions","score":0,"reason":"detected GitHub workflow tokens with excessive permissions","details":["Warn: no topLevel permission defined: .github/workflows/build.yml:1","Warn: no topLevel permission defined: .github/workflows/prepare-release.yml:1","Info: topLevel 'contents' permission set to 'read': .github/workflows/release.yml:16","Warn: no topLevel permission defined: .github/workflows/review-release.yml:1","Warn: no topLevel permission defined: .github/workflows/update-milestone.yml:1","Info: no jobLevel write permissions found"],"documentation":{"short":"Determines if the project's workflows follow the principle of least privilege.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#token-permissions"}},{"name":"CII-Best-Practices","score":0,"reason":"no effort to earn an OpenSSF best practices badge detected","details":null,"documentation":{"short":"Determines if the project has an OpenSSF (formerly CII) Best Practices Badge.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#cii-best-practices"}},{"name":"Fuzzing","score":0,"reason":"project is not fuzzed","details":["Warn: no fuzzer integrations found"],"documentation":{"short":"Determines if the project uses fuzzing.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#fuzzing"}},{"name":"License","score":0,"reason":"license file not detected","details":["Warn: project does not have a license file"],"documentation":{"short":"Determines if the project has defined a license.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#license"}},{"name":"Vulnerabilities","score":10,"reason":"0 existing vulnerabilities detected","details":null,"documentation":{"short":"Determines if the project has open, known unfixed vulnerabilities.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#vulnerabilities"}},{"name":"Signed-Releases","score":-1,"reason":"no releases found","details":null,"documentation":{"short":"Determines if the project cryptographically signs release artifacts.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#signed-releases"}},{"name":"Security-Policy","score":0,"reason":"security policy file not detected","details":["Warn: no security policy file detected","Warn: no security file to analyze","Warn: no security file to analyze","Warn: no security file to analyze"],"documentation":{"short":"Determines if the project has published a security policy.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#security-policy"}},{"name":"Branch-Protection","score":8,"reason":"branch protection is not maximal on development and all release branches","details":["Info: 'allow deletion' disabled on branch 'main'","Info: 'force pushes' disabled on branch 'main'","Warn: 'branch protection settings apply to administrators' is disabled on branch 'main'","Info: 'stale review dismissal' is required to merge on branch 'main'","Warn: required approving review count is 1 on branch 'main'","Info: codeowner review is required on branch 'main'","Info: 'last push approval' is required to merge on branch 'main'","Info: 'up-to-date branches' is required to merge on branch 'main'","Info: status check found to merge onto on branch 'main'","Info: PRs are required in order to make changes on branch 'main'"],"documentation":{"short":"Determines if the default and release branches are protected with GitHub's branch protection settings.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#branch-protection"}},{"name":"SAST","score":10,"reason":"SAST tool detected","details":["Info: SAST configuration detected: Sonar","Warn: 0 commits out of 30 are checked with a SAST tool"],"documentation":{"short":"Determines if the project uses static code analysis.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#sast"}}]},"last_synced_at":"2025-08-23T18:05:51.383Z","repository_id":33314381,"created_at":"2025-08-23T18:05:51.383Z","updated_at":"2025-08-23T18:05:51.383Z"},"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":32348058,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-04-27T17:12:42.749Z","status":"ssl_error","status_checked_at":"2026-04-27T17:12:41.658Z","response_time":128,"last_error":"SSL_connect returned=1 errno=0 peeraddr=140.82.121.6:443 state=error: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2024-11-18T06:43:10.728Z","updated_at":"2026-04-27T18:01:18.452Z","avatar_url":"https://github.com/smallrye.png","language":null,"funding_links":[],"categories":[],"sub_categories":[],"readme":":ci: https://github.com/smallrye/smallrye-parent/actions?query=workflow%3A%22SmallRye+Build%22\n:doctype: book\n\nimage:https://github.com/smallrye/smallrye-parent/workflows/SmallRye%20Build/badge.svg?branch=main[link={ci}]\nimage:https://img.shields.io/github/license/thorntail/thorntail.svg[\"License\", link=\"http://www.apache.org/licenses/LICENSE-2.0\"]\nimage:https://img.shields.io/maven-central/v/io.smallrye/smallrye-parent?color=green[]\n\n= SmallRye Parent\n\nDefine Maven setup for all SmallRye projects.\n\n[id='mr-jars']\n== Multi-Release JARs\nStarting with version 13, the SmallRye Parent POM provides a framework for multi-release JAR build and test.\n\n[id='mr-jar-overview']\n=== Functional overview\n\nThe multi-release JAR support works in two parts: compilation and testing.\n\n[id='mr-jar-compilation']\n==== Compilation\n\nCompilation works by providing extra executions of the compiler plugin in order to build the additional JAR layers. The\nbase layer is built by the standard `default-compile` execution.  After that, Maven profiles are activated based on the\npresence of extra layer source directories (e.g. `src/main/java18`, `src/main/java19` etc.).  These profiles contain\nadditional executions of the compiler plugin which compile the sources in the layer directory, while putting the output\nof the previous step on the class path.\n\nEach present layer is in turn compiled with the results of all the previous layers on the classpath in the correct\norder. The additional layer class files are output under the `target/classes` directory in the appropriate location for\nmulti-release JAR layers.\n\nIn order to select the correct class files for the given Java version, the `\u003crelease\u003e` property is used.\nThis prevents accidental usage of APIs which are only present in later versions than the one\nbeing compiled.\n\n[id='mr-jar-testing']\n==== Testing\n\nTesting using `maven-surefire-plugin` is supported by running the project unit tests on every supported Java version.\nIn order to do so, it is expected that the following system property or properties are set as needed:\n\n* `java17.home`: this property must be set to the location of a Java 17 JDK installation\n* `java21.home`: this property must be set to the location of a Java 21 JDK installation\n* `java25.home`: this property must be set to the location of a Java 21 JDK installation\n\nIn order to simplify development, it is recommended to project maintainers to set these\nproperties in your personal Maven `settings.xml` file.\n\nExtra unit tests are run for a given platform whenever a newer version than that platform\nwas used to build the project and the appropriate control file is found (see \u003c\u003cbuild-control-files\u003e\u003e).\n\n=== Configuration\n\nTo configure a multi-release JAR, you need the following pieces of information:\n\n* The minimum (oldest) version of Java that will be supported by the project\n* The maximum (newest) version of Java for which your project has sources\n\n[id='mr-jar-base-layer']\n==== Step 1: Base layer version\n\nChoose your base layer version.  This can be Java 17 or anything later.  Configure the version by configuring the\n`release` property in the `default-compile` execution of `maven-compiler-plugin`:\n\n[source,xml]\n----\n\u003cplugin\u003e\n  \u003cartifactId\u003emaven-compiler-plugin\u003c/artifactId\u003e\n  \u003cexecutions\u003e\n    \u003cexecution\u003e\n      \u003cid\u003edefault-compile\u003c/id\u003e\n      \u003cconfiguration\u003e\n        \u003crelease\u003e17\u003c/release\u003e\n      \u003c/configuration\u003e\n    \u003c/execution\u003e\n  \u003c/executions\u003e\n\u003c/plugin\u003e\n----\n\nIf the `build-release-17`, `build-release-21`, or `build-release-25` file is present in the root of your project, then this step is automatically done for you, for the corresponding version. Only one such file should be present.\n\n[id='mr-jar-highest-layer']\n==== Step 2: Highest layer version\n\nConfigure the `jdk.min.version` property as described above to match either:\n\n* The maximum (newest) Java version for which _sources exist_ in your project, or\n* Some Java version higher than that\n\nThis is the version of Java that will build all of your layers, so it necessarily must be\nable to compile every version of Java sources from oldest to newest.\n\n[id='mr-jar-source-dirs']\n==== Step 3: Source directories\n\nThe sources for your base layer continue to reside in `src/main/java` and `src/test/java`.\n\nAdditional layers are in directories whose names correspond to the version of Java that\nis targeted by that directory. For example, sources which are specific to Java 18 and later\nwould be in `src/main/java18`, whereas sources which are specific to Java 19 and later would\nbe in `src/main/java19`.\n\nIf you have a class that needs an alternative version for a given Java version, you only\nneed to provide the replacement source file in the directory corresponding to the _oldest_\nversion that supports the alternative source. It is not necessary to copy identical classes into\nmore than one layer; doing so will increase the size of the resultant artifact needlessly.\n\nThere are restrictions on these directories. You may only provide sources that correspond\nto sources that exist in the base layer - that is, it is a violation of the MR JAR specification to provide\nsources that introduce new APIs only in later Java versions. The JDK does enforce this at run time.\nIn addition, providing additional public members in later versions is generally not recommended.\n\n[id='mr-jar-gh-actions']\n=== Using MR JAR functions with GitHub Actions\n\nUsing this functionality with GitHub Actions is relatively simple.  It entails adding the additional JDK\nversion(s) by way of a setup action, and then passing the location of each additional JDK to the build.\n\nAs an example, for a project that is built on Java 25 but must also be tested against JDK 17 your `build.yml`\nmight look something like this:\n\n[source,yaml]\n----\njobs:\n  build:\n    runs-on: ubuntu-latest\n    name: Build using Maven\n\n    steps:\n      - uses: actions/checkout@v2\n        name: Checkout\n\n      - uses: actions/setup-java@v3\n        name: Set up JDKs\n        with:\n          distribution: temurin\n          java-version: |\n            17\n            25\n\n      - name: Build\n        run: mvn -B verify --file pom.xml -Djava17.home=${{env.JAVA_HOME_17_X64}}\n----\n\nSee also link:https://github.com/actions/setup-java#readme[the README for `actions/setup-java`].\n\nNote that this configuration causes the default `JAVA_HOME` environment to be set to JDK 25.\n\n[id='build-control-files']\n== Build control files reference\n\nThese build control files are tested only for their presence.\nThey do not need to have any content (i.e. they can be zero-sized).\n\n[cols=\"1m,2,1\",options=\"header\"]\n|===\n|File name|Purpose|Reference\n|build-release-17|Use the `\u003crelease\u003e` option to set Java 17 for the base layer.|\u003c\u003cmr-jar-base-layer\u003e\u003e\n|build-release-21|Use the `\u003crelease\u003e` option to set Java 21 for the base layer.|\u003c\u003cmr-jar-base-layer\u003e\u003e\n|build-release-25|Use the `\u003crelease\u003e` option to set Java 21 for the base layer.|\u003c\u003cmr-jar-base-layer\u003e\u003e\n|build-test-java17|Run tests for Java 17 when `java17.home` is set and JDK 18 or later is used.|\u003c\u003cmr-jar-testing\u003e\u003e\n|build-test-java21|Run tests for Java 21 when `java21.home` is set and JDK 22 or later is used.|\u003c\u003cmr-jar-testing\u003e\u003e\n|build-test-java25|Run tests for Java 25 when `java25.home` is set and JDK 26 or later is used.|\u003c\u003cmr-jar-testing\u003e\u003e\n|===\n\n[id='release-process']\n== Release Process\n\nThe process to release smallye-parent is described in the https://github.com/smallrye/smallrye/wiki/Release-Process[Release Process wiki page].\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fsmallrye%2Fsmallrye-parent","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fsmallrye%2Fsmallrye-parent","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fsmallrye%2Fsmallrye-parent/lists"}