{"id":13473068,"url":"https://github.com/soot-oss/soot","last_synced_at":"2026-04-01T19:18:33.619Z","repository":{"id":3657856,"uuid":"4726093","full_name":"soot-oss/soot","owner":"soot-oss","description":"Soot - A Java optimization framework","archived":false,"fork":false,"pushed_at":"2026-03-03T21:19:32.000Z","size":1151405,"stargazers_count":3077,"open_issues_count":348,"forks_count":719,"subscribers_count":98,"default_branch":"develop","last_synced_at":"2026-03-28T00:58:06.552Z","etag":null,"topics":["analysis-framework","bytecode","java","java-optimization-framework","jimple","optimization","soot","static-analysis"],"latest_commit_sha":null,"homepage":null,"language":"Java","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"lgpl-2.1","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/soot-oss.png","metadata":{"files":{"readme":"README.coding_rules","changelog":"CHANGES","contributing":"CONTRIBUTING.md","funding":".github/FUNDING.yml","license":"LICENSE.txt","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":null,"dco":null,"cla":null},"funding":{"github":"soot-oss"}},"created_at":"2012-06-20T12:41:19.000Z","updated_at":"2026-03-27T07:15:42.000Z","dependencies_parsed_at":"2023-07-05T18:02:05.010Z","dependency_job_id":"e73a1fb9-a8ad-4890-a43d-13c4db18dc53","html_url":"https://github.com/soot-oss/soot","commit_stats":{"total_commits":6092,"total_committers":208,"mean_commits":29.28846153846154,"dds":0.8900196979645436,"last_synced_commit":"944263dc4212ebf8e59b13a7a4d44948ace9de2d"},"previous_names":["sable/soot"],"tags_count":37,"template":false,"template_full_name":null,"purl":"pkg:github/soot-oss/soot","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/soot-oss%2Fsoot","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/soot-oss%2Fsoot/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/soot-oss%2Fsoot/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/soot-oss%2Fsoot/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/soot-oss","download_url":"https://codeload.github.com/soot-oss/soot/tar.gz/refs/heads/develop","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/soot-oss%2Fsoot/sbom","scorecard":{"id":838279,"data":{"date":"2025-08-11","repo":{"name":"github.com/soot-oss/soot","commit":"9b1cfe645c7166b7a9eb5e37f72be24ba18a45d4"},"scorecard":{"version":"v5.2.1-40-gf6ed084d","commit":"f6ed084d17c9236477efd66e5b258b9d4cc7b389"},"score":4.8,"checks":[{"name":"Maintained","score":10,"reason":"30 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 10","details":null,"documentation":{"short":"Determines if the project is \"actively maintained\".","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#maintained"}},{"name":"Code-Review","score":8,"reason":"Found 5/6 approved changesets -- score normalized to 8","details":null,"documentation":{"short":"Determines if the project requires human code review before pull requests (aka merge requests) are merged.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#code-review"}},{"name":"CII-Best-Practices","score":0,"reason":"no effort to earn an OpenSSF best practices badge detected","details":null,"documentation":{"short":"Determines if the project has an OpenSSF (formerly CII) Best Practices Badge.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#cii-best-practices"}},{"name":"Dangerous-Workflow","score":10,"reason":"no dangerous workflow patterns detected","details":null,"documentation":{"short":"Determines if the project's GitHub Action workflows avoid dangerous patterns.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#dangerous-workflow"}},{"name":"Token-Permissions","score":0,"reason":"detected GitHub workflow tokens with excessive permissions","details":["Warn: no topLevel permission defined: .github/workflows/ci.yml:1","Info: no jobLevel write permissions found"],"documentation":{"short":"Determines if the project's workflows follow the principle of least privilege.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#token-permissions"}},{"name":"Security-Policy","score":0,"reason":"security policy file not detected","details":["Warn: no security policy file detected","Warn: no security file to analyze","Warn: no security file to analyze","Warn: no security file to analyze"],"documentation":{"short":"Determines if the project has published a security policy.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#security-policy"}},{"name":"License","score":10,"reason":"license file detected","details":["Info: project has a license file: LICENSE.txt:0","Info: FSF or OSI recognized license: GNU Lesser General Public License v2.1: LICENSE.txt:0"],"documentation":{"short":"Determines if the project has defined a license.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#license"}},{"name":"Signed-Releases","score":-1,"reason":"no releases found","details":null,"documentation":{"short":"Determines if the project cryptographically signs release artifacts.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#signed-releases"}},{"name":"Branch-Protection","score":-1,"reason":"internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration","details":null,"documentation":{"short":"Determines if the default and release branches are protected with GitHub's branch protection settings.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#branch-protection"}},{"name":"Binary-Artifacts","score":0,"reason":"binaries present in source code","details":["Warn: binary detected: eclipse/ca.mcgill.sable.soot.updatesite/artifacts.jar:1","Warn: binary detected: eclipse/ca.mcgill.sable.soot.updatesite/content.jar:1","Warn: binary detected: eclipse/ca.mcgill.sable.soot.updatesite/features/ca.mcgill.sable.soot.feature_2.5.2.jar:1","Warn: binary detected: eclipse/ca.mcgill.sable.soot.updatesite/plugins/ca.mcgill.sable.soot.help_2.5.2.jar:1","Warn: binary detected: eclipse/ca.mcgill.sable.soot.updatesite/plugins/ca.mcgill.sable.soot.lib_2.5.2.jar:1","Warn: binary detected: eclipse/ca.mcgill.sable.soot.updatesite/plugins/ca.mcgill.sable.soot_2.5.2.jar:1","Warn: binary detected: src/it/tests/arrayclone/classes/test.class:1","Warn: binary detected: src/it/tests/cat1cat2/classes/Cat1Cat2.class:1","Warn: binary detected: src/it/tests/devirt/classes/Devirt.class:1","Warn: binary detected: src/it/tests/hello/classes/Hello.class:1","Warn: binary detected: src/it/tests/typing/classes/test.class:1","Warn: binary detected: src/systemTest/resources/soot/dexpler/instructions/dexBytecodeTarget.dex:1","Warn: binary detected: src/systemTest/targets-resources/org/apache/xalan/templates/ElemApplyTemplates.class:1","Warn: binary detected: src/systemTest/targets-resources/org/apache/xml/serializer/WriterToUTF8Buffered.class:1","Warn: binary detected: src/systemTest/targets-resources/org/apache/xpath/objects/XNodeSet.class:1","Warn: binary detected: src/systemTest/targets-resources/soot/lambdaMetaFactory/Issue1292$test.class:1","Warn: binary detected: src/systemTest/targets-resources/soot/lambdaMetaFactory/Issue1292.class:1","Warn: binary detected: test-classes-asm/soot/asm/backend/targets/AnnotatedAnnotatedClass.class:1","Warn: binary detected: test-classes-asm/soot/asm/backend/targets/AnnotatedClass.class:1","Warn: binary detected: test-classes-asm/soot/asm/backend/targets/AnnotatedField.class:1","Warn: binary detected: test-classes-asm/soot/asm/backend/targets/AnnotatedMethod.class:1","Warn: binary detected: test-classes-asm/soot/asm/backend/targets/AnnotatedParameter.class:1","Warn: binary detected: test-classes-asm/soot/asm/backend/targets/ArithmeticLib.class:1","Warn: binary detected: test-classes-asm/soot/asm/backend/targets/Arrays.class:1","Warn: binary detected: test-classes-asm/soot/asm/backend/targets/Bean.class:1","Warn: binary detected: test-classes-asm/soot/asm/backend/targets/Comparable.class:1","Warn: binary detected: test-classes-asm/soot/asm/backend/targets/CompareArithmeticInstructions2.class:1","Warn: binary detected: test-classes-asm/soot/asm/backend/targets/CompareArithmeticInstuctions.class:1","Warn: binary detected: test-classes-asm/soot/asm/backend/targets/CompareInstructions.class:1","Warn: binary detected: test-classes-asm/soot/asm/backend/targets/ConstantPool.class:1","Warn: binary detected: test-classes-asm/soot/asm/backend/targets/ControlStructures.class:1","Warn: binary detected: test-classes-asm/soot/asm/backend/targets/Dups.class:1","Warn: binary detected: test-classes-asm/soot/asm/backend/targets/ExceptionMethods.class:1","Warn: binary detected: test-classes-asm/soot/asm/backend/targets/ExtendedArithmeticLib.class:1","Warn: binary detected: test-classes-asm/soot/asm/backend/targets/InnerClass$1.class:1","Warn: binary detected: test-classes-asm/soot/asm/backend/targets/InnerClass$Inner.class:1","Warn: binary detected: test-classes-asm/soot/asm/backend/targets/InnerClass.class:1","Warn: binary detected: test-classes-asm/soot/asm/backend/targets/InnerStaticClass$1.class:1","Warn: binary detected: test-classes-asm/soot/asm/backend/targets/InnerStaticClass$Inner.class:1","Warn: binary detected: test-classes-asm/soot/asm/backend/targets/InnerStaticClass.class:1","Warn: binary detected: test-classes-asm/soot/asm/backend/targets/InstanceOfCasts.class:1","Warn: binary detected: test-classes-asm/soot/asm/backend/targets/LineNumbers.class:1","Warn: binary detected: test-classes-asm/soot/asm/backend/targets/LogicalOperations.class:1","Warn: binary detected: test-classes-asm/soot/asm/backend/targets/Measurable.class:1","Warn: binary detected: test-classes-asm/soot/asm/backend/targets/Modifiers.class:1","Warn: binary detected: test-classes-asm/soot/asm/backend/targets/Monitor.class:1","Warn: binary detected: test-classes-asm/soot/asm/backend/targets/MyAnnotatedAnnotation.class:1","Warn: binary detected: test-classes-asm/soot/asm/backend/targets/MyEnum.class:1","Warn: binary detected: test-classes-asm/soot/asm/backend/targets/MyTestAnnotation.class:1","Warn: binary detected: test-classes-asm/soot/asm/backend/targets/Returns.class:1","Warn: binary detected: test-classes-asm/soot/asm/backend/targets/Stores.class:1","Warn: binary detected: test-classes-asm/soot/asm/backend/targets/TryCatch.class:1","Warn: binary detected: test-classes-asm/soot/asm/backend/targets/nullTypes.class:1","Warn: binary detected: tutorial/pldi03/examples/Main.class:1","Warn: binary detected: tutorial/pldi03/examples/NullTagAggregator.class:1","Warn: binary detected: tutorial/pldi03/examples/foo.class:1"],"documentation":{"short":"Determines if the project has generated executable (binary) artifacts in the source repository.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#binary-artifacts"}},{"name":"Packaging","score":10,"reason":"packaging workflow detected","details":["Info: Project packages its releases by way of GitHub Actions.: .github/workflows/ci.yml:48"],"documentation":{"short":"Determines if the project is published as a package that others can easily download, install, easily update, and uninstall.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#packaging"}},{"name":"SAST","score":0,"reason":"SAST tool is not run on all commits -- score normalized to 0","details":["Warn: 0 commits out of 30 are checked with a SAST tool"],"documentation":{"short":"Determines if the project uses static code analysis.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#sast"}},{"name":"Fuzzing","score":0,"reason":"project is not fuzzed","details":["Warn: no fuzzer integrations found"],"documentation":{"short":"Determines if the project uses fuzzing.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#fuzzing"}},{"name":"Pinned-Dependencies","score":0,"reason":"dependency not pinned by hash detected -- score normalized to 0","details":["Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:15: update your workflow using https://app.stepsecurity.io/secureworkflow/soot-oss/soot/ci.yml/develop?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:17: update your workflow using https://app.stepsecurity.io/secureworkflow/soot-oss/soot/ci.yml/develop?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:38: update your workflow using https://app.stepsecurity.io/secureworkflow/soot-oss/soot/ci.yml/develop?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:40: update your workflow using https://app.stepsecurity.io/secureworkflow/soot-oss/soot/ci.yml/develop?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:55: update your workflow using https://app.stepsecurity.io/secureworkflow/soot-oss/soot/ci.yml/develop?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:57: update your workflow using https://app.stepsecurity.io/secureworkflow/soot-oss/soot/ci.yml/develop?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/ci.yml:93: update your workflow using https://app.stepsecurity.io/secureworkflow/soot-oss/soot/ci.yml/develop?enable=pin","Info:   0 out of   6 GitHub-owned GitHubAction dependencies pinned","Info:   0 out of   1 third-party GitHubAction dependencies pinned"],"documentation":{"short":"Determines if the project has declared and pinned the dependencies of its build process.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#pinned-dependencies"}},{"name":"Vulnerabilities","score":8,"reason":"2 existing vulnerabilities detected","details":["Warn: Project is vulnerable to: GHSA-5mg8-w23w-74h3","Warn: Project is vulnerable to: GHSA-7g45-4rm6-3mm3"],"documentation":{"short":"Determines if the project has open, known unfixed vulnerabilities.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#vulnerabilities"}}]},"last_synced_at":"2025-08-23T19:46:14.227Z","repository_id":3657856,"created_at":"2025-08-23T19:46:14.227Z","updated_at":"2025-08-23T19:46:14.227Z"},"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":31291117,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-04-01T13:12:26.723Z","status":"ssl_error","status_checked_at":"2026-04-01T13:12:25.102Z","response_time":53,"last_error":"SSL_read: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["analysis-framework","bytecode","java","java-optimization-framework","jimple","optimization","soot","static-analysis"],"created_at":"2024-07-31T16:01:00.426Z","updated_at":"2026-04-01T19:18:33.594Z","avatar_url":"https://github.com/soot-oss.png","language":"Java","readme":"In March 2003, we made several modifications to Soot to make it better\nsuited to being used as a library or inside a GUI. The most significant\nchange was moving all global variables to a single class called G, so\nthat they could be reset in between different runs of Soot. In order to\nmaintain interoperability as a library and with GUIs, the following\ncoding rules have been imposed. A checker has been included which points\nout potential violations of these rules. To run it, enter:\n\nant badfields\n\nRules:\n\n1) System.out and System.err should not be used. G.v().out should be\n   used instead. It is normally mapped to System.out, but may be\n   remapped by a program using Soot as a library or by a GUI.\n   If you accidentally send stuff to System.out instead, the output\n   will not appear in Eclipse.\n\n2) There should be no calls to System.exit(). This will kill programs\n   using Soot as a library and GUIs. Instead, Soot should throw a\n   CompilationDeathException or a RuntimeException.\n\n3) Static fields should not be used, unless they are final AND of\n   an immutable type such as a primitive type, String, Object,\n   Integer or Boolean.\n\n4) Static initializers should not have any side-effects. In particular,\n   they should not read any static fields. In addition, in order to\n   ensure that static initializers have no side-effects, they should\n   not call any methods, except trivial ones known to have no side-effects.\n\n5) Singletons should be implemented as follows:\n   - add the name of the singleton to soot/src/singletons.list\n   - run soot/src/make_singletons \u003e soot/src/soot/Singletons.java\n   - in your singleton, include the following two methods following\n     the model in soot.jimple.toolkits.base.Aggregator:\n\n    public Aggregator( Singletons.Global g ) {}\n    public static Aggregator v() { return G.v().Aggregator(); }\n\n     The Singletons.Global parameter to the only constructor ensures\n     that only the Singletons class may instantiate the singleton,\n     since only it can create a Singletons.Global. The v() method\n     fetches the singleton instance from the Singletons class.\n     THE SINGLETON SHOULD NOT HAVE ITS OWN STATIC FIELD CONTAINING\n     THE SINGLETON INSTANCE. soot.G is the only singleton holding\n     its own instance, meaning that all global variables and singletons\n     can be reset by resetting that one single instance.\n\n6) \"ant badfields\" should be run periodically to check that these rules\n   are being followed. It will report most violations. Unfortunately,\n   it also reports some false positives that must be checked by hand.\n   Many of these are final static arrays, whose elements are never\n   modified. Unfortunately, Java doesn't have a final keyword that\n   applies to elements of arrays. It must be checked by hand that these\n   elements are never written. Presumably Spark could be used to check\n   that elements of static arrays are not written, but this may make\n   the checker too clumsy; the intent is for the checker to be widely\n   used.\n\nEOF\n","funding_links":["https://github.com/sponsors/soot-oss"],"categories":["Android","Java","Java (504)"],"sub_categories":["Tools"],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fsoot-oss%2Fsoot","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fsoot-oss%2Fsoot","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fsoot-oss%2Fsoot/lists"}