{"id":13541502,"url":"https://github.com/spiffe/spire","last_synced_at":"2026-04-01T17:33:31.577Z","repository":{"id":37418012,"uuid":"100061496","full_name":"spiffe/spire","owner":"spiffe","description":"The SPIFFE Runtime Environment","archived":false,"fork":false,"pushed_at":"2026-04-01T03:20:18.000Z","size":29377,"stargazers_count":2289,"open_issues_count":137,"forks_count":598,"subscribers_count":77,"default_branch":"main","last_synced_at":"2026-04-01T04:13:47.768Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":"https://spiffe.io","language":"Go","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/spiffe.png","metadata":{"files":{"readme":"README.md","changelog":"CHANGELOG.md","contributing":"CONTRIBUTING.md","funding":null,"license":"LICENSE","code_of_conduct":"CODE-OF-CONDUCT.md","threat_model":null,"audit":null,"citation":null,"codeowners":"CODEOWNERS","security":"SECURITY.md","support":"support/oidc-discovery-provider/README.md","governance":null,"roadmap":"ROADMAP.md","authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":"MAINTAINERS.md","copyright":null,"agents":null,"dco":null,"cla":null}},"created_at":"2017-08-11T18:46:51.000Z","updated_at":"2026-04-01T03:20:14.000Z","dependencies_parsed_at":"2026-01-27T23:04:48.552Z","dependency_job_id":null,"html_url":"https://github.com/spiffe/spire","commit_stats":{"total_commits":4840,"total_committers":228,"mean_commits":"21.228070175438596","dds":0.7572314049586777,"last_synced_commit":"2d784fc74af668948cc18cb2a7a37de395fd97a8"},"previous_names":["spiffe/sri"],"tags_count":147,"template":false,"template_full_name":null,"purl":"pkg:github/spiffe/spire","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/spiffe%2Fspire","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/spiffe%2Fspire/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/spiffe%2Fspire/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/spiffe%2Fspire/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/spiffe","download_url":"https://codeload.github.com/spiffe/spire/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/spiffe%2Fspire/sbom","scorecard":{"id":579610,"data":{"date":"2025-08-11","repo":{"name":"github.com/spiffe/spire","commit":"7f6394bd00c0e0f94449ee8fdd488d1e1b5db89b"},"scorecard":{"version":"v5.2.1-40-gf6ed084d","commit":"f6ed084d17c9236477efd66e5b258b9d4cc7b389"},"score":7.1,"checks":[{"name":"Maintained","score":10,"reason":"30 commit(s) and 12 issue activity found in the last 90 days -- score normalized to 10","details":null,"documentation":{"short":"Determines if the project is \"actively maintained\".","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#maintained"}},{"name":"Dangerous-Workflow","score":10,"reason":"no dangerous workflow patterns detected","details":null,"documentation":{"short":"Determines if the project's GitHub Action workflows avoid dangerous patterns.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#dangerous-workflow"}},{"name":"Security-Policy","score":10,"reason":"security policy file detected","details":["Info: security policy file detected: SECURITY.md:1","Info: Found linked content: SECURITY.md:1","Info: Found disclosure, vulnerability, and/or timelines in security policy: SECURITY.md:1","Info: Found text in security policy: SECURITY.md:1"],"documentation":{"short":"Determines if the project has published a security policy.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#security-policy"}},{"name":"Packaging","score":-1,"reason":"packaging workflow not detected","details":["Warn: no GitHub/GitLab publishing workflow detected."],"documentation":{"short":"Determines if the project is published as a package that others can easily download, install, easily update, and uninstall.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#packaging"}},{"name":"Code-Review","score":10,"reason":"all changesets reviewed","details":null,"documentation":{"short":"Determines if the project requires human code review before pull requests (aka merge requests) are merged.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#code-review"}},{"name":"Token-Permissions","score":0,"reason":"detected GitHub workflow tokens with excessive permissions","details":["Info: jobLevel 'contents' permission set to 'read': .github/workflows/depsreview.yaml:9","Info: jobLevel 'contents' permission set to 'read': .github/workflows/nightly_build.yaml:16","Warn: jobLevel 'packages' permission set to 'write': .github/workflows/nightly_build.yaml:18","Info: jobLevel 'contents' permission set to 'read': .github/workflows/pr_build.yaml:312","Info: jobLevel 'contents' permission set to 'read': .github/workflows/pr_build.yaml:42","Info: jobLevel 'contents' permission set to 'read': .github/workflows/pr_build.yaml:127","Info: jobLevel 'contents' permission set to 'read': .github/workflows/pr_build.yaml:519","Info: jobLevel 'contents' permission set to 'read': .github/workflows/pr_build.yaml:559","Info: jobLevel 'contents' permission set to 'read': .github/workflows/pr_build.yaml:161","Info: jobLevel 'contents' permission set to 'read': .github/workflows/pr_build.yaml:201","Info: jobLevel 'contents' permission set to 'read': .github/workflows/pr_build.yaml:609","Info: jobLevel 'contents' permission set to 'read': .github/workflows/pr_build.yaml:18","Info: jobLevel 'contents' permission set to 'read': .github/workflows/pr_build.yaml:79","Info: jobLevel 'contents' permission set to 'read': .github/workflows/pr_build.yaml:103","Info: jobLevel 'contents' permission set to 'read': .github/workflows/pr_build.yaml:249","Info: jobLevel 'contents' permission set to 'read': .github/workflows/pr_build.yaml:387","Info: jobLevel 'contents' permission set to 'read': .github/workflows/pr_build.yaml:440","Info: jobLevel 'contents' permission set to 'read': .github/workflows/pr_build.yaml:470","Info: jobLevel 'contents' permission set to 'read': .github/workflows/pr_build.yaml:228","Info: jobLevel 'contents' permission set to 'read': .github/workflows/release_build.yaml:35","Info: jobLevel 'contents' permission set to 'read': .github/workflows/release_build.yaml:376","Info: jobLevel 'contents' permission set to 'read': .github/workflows/release_build.yaml:487","Info: jobLevel 'contents' permission set to 'read': .github/workflows/release_build.yaml:520","Warn: jobLevel 'contents' permission set to 'write': .github/workflows/release_build.yaml:568","Info: jobLevel 'contents' permission set to 'read': .github/workflows/release_build.yaml:12","Info: jobLevel 'contents' permission set to 'read': .github/workflows/release_build.yaml:186","Info: jobLevel 'contents' permission set to 'read': .github/workflows/release_build.yaml:234","Info: jobLevel 'contents' permission set to 'read': .github/workflows/release_build.yaml:71","Info: jobLevel 'contents' permission set to 'read': .github/workflows/release_build.yaml:308","Warn: jobLevel 'packages' permission set to 'write': .github/workflows/release_build.yaml:602","Info: jobLevel 'contents' permission set to 'read': .github/workflows/release_build.yaml:600","Info: jobLevel 'contents' permission set to 'read': .github/workflows/release_build.yaml:94","Info: jobLevel 'contents' permission set to 'read': .github/workflows/release_build.yaml:118","Info: jobLevel 'contents' permission set to 'read': .github/workflows/release_build.yaml:151","Info: jobLevel 'contents' permission set to 'read': .github/workflows/release_build.yaml:213","Info: jobLevel 'contents' permission set to 'read': .github/workflows/release_build.yaml:422","Info: jobLevel 'contents' permission set to 'read': .github/workflows/release_build.yaml:445","Warn: no topLevel permission defined: .github/workflows/dco.yaml:1","Warn: no topLevel permission defined: .github/workflows/depsreview.yaml:1","Warn: no topLevel permission defined: .github/workflows/nightly_build.yaml:1","Info: topLevel 'contents' permission set to 'read': .github/workflows/pr_build.yaml:9","Warn: no topLevel permission defined: .github/workflows/release_build.yaml:1","Warn: no topLevel permission defined: .github/workflows/stalebot.yaml:1"],"documentation":{"short":"Determines if the project's workflows follow the principle of least privilege.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#token-permissions"}},{"name":"Binary-Artifacts","score":10,"reason":"no binaries found in the repo","details":null,"documentation":{"short":"Determines if the project has generated executable (binary) artifacts in the source repository.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#binary-artifacts"}},{"name":"CII-Best-Practices","score":5,"reason":"badge detected: Passing","details":null,"documentation":{"short":"Determines if the project has an OpenSSF (formerly CII) Best Practices Badge.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#cii-best-practices"}},{"name":"License","score":10,"reason":"license file detected","details":["Info: project has a license file: LICENSE:0","Info: FSF or OSI recognized license: Apache License 2.0: LICENSE:0"],"documentation":{"short":"Determines if the project has defined a license.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#license"}},{"name":"Fuzzing","score":10,"reason":"project is fuzzed","details":["Info: GoBuiltInFuzzer integration found: pkg/common/x509util/dns_test.go:11","Info: GoBuiltInFuzzer integration found: pkg/server/api/entry/v1/service_test.go:3302"],"documentation":{"short":"Determines if the project uses fuzzing.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#fuzzing"}},{"name":"Branch-Protection","score":-1,"reason":"internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration","details":null,"documentation":{"short":"Determines if the default and release branches are protected with GitHub's branch protection settings.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#branch-protection"}},{"name":"Signed-Releases","score":0,"reason":"Project has not signed or included provenance with any releases.","details":["Warn: release artifact v1.13.0 not signed: https://api.github.com/repos/spiffe/spire/releases/240281885","Warn: release artifact v1.12.4 not signed: https://api.github.com/repos/spiffe/spire/releases/229242993","Warn: release artifact v1.12.3 not signed: https://api.github.com/repos/spiffe/spire/releases/226008399","Warn: release artifact v1.11.3 not signed: https://api.github.com/repos/spiffe/spire/releases/225999367","Warn: release artifact v1.12.2 not signed: https://api.github.com/repos/spiffe/spire/releases/219573481","Warn: release artifact v1.13.0 does not have provenance: https://api.github.com/repos/spiffe/spire/releases/240281885","Warn: release artifact v1.12.4 does not have provenance: https://api.github.com/repos/spiffe/spire/releases/229242993","Warn: release artifact v1.12.3 does not have provenance: https://api.github.com/repos/spiffe/spire/releases/226008399","Warn: release artifact v1.11.3 does not have provenance: https://api.github.com/repos/spiffe/spire/releases/225999367","Warn: release artifact v1.12.2 does not have provenance: https://api.github.com/repos/spiffe/spire/releases/219573481"],"documentation":{"short":"Determines if the project cryptographically signs release artifacts.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#signed-releases"}},{"name":"SAST","score":0,"reason":"SAST tool is not run on all commits -- score normalized to 0","details":["Warn: 0 commits out of 30 are checked with a SAST tool"],"documentation":{"short":"Determines if the project uses static code analysis.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#sast"}},{"name":"Pinned-Dependencies","score":7,"reason":"dependency not pinned by hash detected -- score normalized to 7","details":["Warn: containerImage not pinned by hash: Dockerfile:5","Warn: containerImage not pinned by hash: Dockerfile:19","Warn: containerImage not pinned by hash: Dockerfile:39","Warn: containerImage not pinned by hash: Dockerfile:46","Warn: containerImage not pinned by hash: Dockerfile.dev:1: pin your Docker image by updating ubuntu:24.04 to ubuntu:24.04@sha256:7c06e91f61fa88c08cc74f7e1b7c69ae24910d745357e0dfe1d2c0322aaf20f9","Warn: containerImage not pinned by hash: Dockerfile.windows:4","Warn: containerImage not pinned by hash: Dockerfile.windows:11","Warn: containerImage not pinned by hash: Dockerfile.windows:16","Warn: containerImage not pinned by hash: Dockerfile.windows:21","Warn: containerImage not pinned by hash: test/integration/suites/envoy-sds-v3-spiffe-auth/Dockerfile:1","Warn: containerImage not pinned by hash: test/integration/suites/envoy-sds-v3-spiffe-auth/Dockerfile:3","Warn: containerImage not pinned by hash: test/integration/suites/force-rotation-self-signed/Dockerfile:1","Warn: containerImage not pinned by hash: test/integration/suites/ghostunnel-federation/Dockerfile:1","Warn: containerImage not pinned by hash: test/integration/suites/ghostunnel-federation/Dockerfile:3","Warn: containerImage not pinned by hash: test/integration/suites/ghostunnel-federation/Dockerfile:5","Warn: containerImage not pinned by hash: test/integration/suites/nested-rotation/Dockerfile:1","Warn: containerImage not pinned by hash: test/integration/suites/spire-server-cli/Dockerfile:1","Warn: pipCommand not pinned by hash: .github/workflows/dco.yaml:22","Info: 126 out of 126 GitHub-owned GitHubAction dependencies pinned","Info:  22 out of  22 third-party GitHubAction dependencies pinned","Info:   4 out of  21 containerImage dependencies pinned","Info:   2 out of   2 goCommand dependencies pinned","Info:   0 out of   1 pipCommand dependencies pinned"],"documentation":{"short":"Determines if the project has declared and pinned the dependencies of its build process.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#pinned-dependencies"}},{"name":"Vulnerabilities","score":9,"reason":"1 existing vulnerabilities detected","details":["Warn: Project is vulnerable to: GO-2025-3770"],"documentation":{"short":"Determines if the project has open, known unfixed vulnerabilities.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#vulnerabilities"}}]},"last_synced_at":"2025-08-20T18:50:45.854Z","repository_id":37418012,"created_at":"2025-08-20T18:50:45.854Z","updated_at":"2025-08-20T18:50:45.854Z"},"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":31290537,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-04-01T13:12:26.723Z","status":"ssl_error","status_checked_at":"2026-04-01T13:12:25.102Z","response_time":53,"last_error":"SSL_read: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2024-08-01T10:00:49.338Z","updated_at":"2026-04-01T17:33:31.550Z","avatar_url":"https://github.com/spiffe.png","language":"Go","readme":"![SPIRE Logo](/doc/images/spire_logo.png)\n\n[![CII Best Practices](https://bestpractices.coreinfrastructure.org/projects/3303/badge)](https://bestpractices.coreinfrastructure.org/projects/3303)\n[![Build Status](https://github.com/spiffe/spire/actions/workflows/pr_build.yaml/badge.svg)](https://github.com/spiffe/spire/actions/workflows/pr_build.yaml)\n[![Go Report Card](https://goreportcard.com/badge/github.com/spiffe/spire)](https://goreportcard.com/report/github.com/spiffe/spire)\n[![Production Phase](https://img.shields.io/badge/SPIFFE-Prod-green.svg?logoWidth=18\u0026logo=data:image/svg+xml;base64,PHN2ZyB4bWxucz0iaHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmciIHJvbGU9ImltZyIgdmlld0JveD0iMC4xMSAxLjg2IDM1OC4yOCAzNTguMjgiPjxzdHlsZT5zdmcge2VuYWJsZS1iYWNrZ3JvdW5kOm5ldyAwIDAgMzYwIDM2MH08L3N0eWxlPjxzdHlsZT4uc3QyLC5zdDN7ZmlsbC1ydWxlOmV2ZW5vZGQ7Y2xpcC1ydWxlOmV2ZW5vZGQ7ZmlsbDojYmNkOTE4fS5zdDN7ZmlsbDojMDRiZGQ5fTwvc3R5bGU+PGcgaWQ9IkxPR08iPjxwYXRoIGQ9Ik0xMi4xIDguOWgyOC4zYzIuNyAwIDUgMi4yIDUgNXYyOC4zYzAgMi43LTIuMiA1LTUgNUgxMi4xYy0yLjcgMC01LTIuMi01LTVWMTMuOWMuMS0yLjcgMi4zLTUgNS01eiIgY2xhc3M9InN0MiIvPjxwYXRoIGQ9Ik04OC43IDguOWgyNThjMi43IDAgNSAyLjIgNSA1djI4LjNjMCAyLjctMi4yIDUtNSA1aC0yNThjLTIuNyAwLTUtMi4yLTUtNVYxMy45YzAtMi43IDIuMi01IDUtNXoiIGNsYXNzPSJzdDMiLz48cGF0aCBkPSJNMzQ2LjcgODUuNWgtMjguM2MtMi43IDAtNSAyLjItNSA1djI4LjNjMCAyLjggMi4yIDUgNSA1aDI4LjNjMi43IDAgNS0yLjIgNS01VjkwLjVjMC0yLjgtMi4zLTUtNS01eiIgY2xhc3M9InN0MiIvPjxwYXRoIGQ9Ik0xOTMuNiA4NS41SDEyLjFjLTIuNyAwLTUgMi4zLTUgNXYyOC4zYzAgMi43IDIuMiA1IDUgNWgxODEuNWMyLjcgMCA1LTIuMiA1LTVWOTAuNWMwLTIuOC0yLjItNS01LTV6IiBjbGFzcz0ic3QzIi8+PHBhdGggZD0iTTI3MC4yIDg1LjVoLTI4LjNjLTIuNyAwLTUgMi4yLTUgNXYyOC4zYzAgMi44IDIuMiA1IDUgNWgyOC4zYzIuNyAwIDUtMi4yIDUtNVY5MC41Yy0uMS0yLjgtMi4zLTUtNS01eiIgY2xhc3M9InN0MiIvPjxwYXRoIGQ9Ik0yNzAuMiAxNjJIODguN2MtMi43IDAtNSAyLjItNSA1djI4LjNjMCAyLjcgMi4yIDUgNSA1aDE4MS41YzIuNyAwIDUtMi4yIDUtNVYxNjdjLS4xLTIuOC0yLjMtNS01LTV6IiBjbGFzcz0ic3QzIi8+PHBhdGggZD0iTTM0Ni43IDE2MmgtMjguM2MtMi43IDAtNSAyLjItNSA1djI4LjNjMCAyLjggMi4yIDUgNSA1aDI4LjNjMi43IDAgNS0yLjIgNS01VjE2N2MwLTIuOC0yLjMtNS01LTV6bS0zMDYuMyAwSDEyLjFjLTIuNyAwLTUgMi4yLTUgNXYyOC4zYzAgMi44IDIuMiA1IDUgNWgyOC4zYzIuNyAwIDUtMi4yIDUtNVYxNjdjMC0yLjgtMi4yLTUtNS01em0tMjguMyA3Ni41aDI4LjNjMi43IDAgNSAyLjIgNSA1djI4LjNjMCAyLjctMi4yIDUtNSA1SDEyLjFjLTIuNyAwLTUtMi4yLTUtNXYtMjguM2MuMS0yLjcgMi4zLTUgNS01eiIgY2xhc3M9InN0MiIvPjxwYXRoIGQ9Ik0xNjUuMiAyMzguNWgxODEuNWMyLjcgMCA1IDIuMiA1IDV2MjguM2MwIDIuNy0yLjIgNS01IDVIMTY1LjJjLTIuNyAwLTUtMi4yLTUtNXYtMjguM2MwLTIuNyAyLjItNSA1LTV6IiBjbGFzcz0ic3QzIi8+PHBhdGggZD0iTTg4LjcgMjM4LjVIMTE3YzIuNyAwIDUgMi4yIDUgNXYyOC4zYzAgMi43LTIuMiA1LTUgNUg4OC43Yy0yLjcgMC01LTIuMi01LTV2LTI4LjNjMC0yLjcgMi4yLTUgNS01em0yNTggNzYuN2gtMjguM2MtMi43IDAtNSAyLjItNSA1djI4LjNjMCAyLjggMi4yIDUgNSA1aDI4LjNjMi43IDAgNS0yLjIgNS01di0yOC4zYzAtMi44LTIuMy01LTUtNXoiIGNsYXNzPSJzdDIiLz48cGF0aCBkPSJNMjcwLjIgMzE1LjJoLTI1OGMtMi43IDAtNSAyLjItNSA1djI4LjNjMCAyLjcgMi4yIDUgNSA1aDI1OGMyLjcgMCA1LTIuMiA1LTV2LTI4LjNjLS4xLTIuOC0yLjMtNS01LTV6IiBjbGFzcz0ic3QzIi8+PC9nPjwvc3ZnPg==)](https://github.com/spiffe/spiffe/blob/main/MATURITY.md#production)\n\nSPIRE (the [SPIFFE](https://github.com/spiffe/spiffe) Runtime Environment) is a toolchain of APIs for establishing trust between software systems across a wide variety of hosting platforms. SPIRE exposes the [SPIFFE Workload API](https://github.com/spiffe/go-spiffe/blob/main/proto/spiffe/workload/workload.proto), which can attest running software systems and issue [SPIFFE IDs](https://github.com/spiffe/spiffe/blob/main/standards/SPIFFE-ID.md) and [SVID](https://github.com/spiffe/spiffe/blob/main/standards/SPIFFE-ID.md)s to them.  This in turn allows two workloads to establish trust between each other, for example by establishing an mTLS connection or by signing and verifying a JWT token. SPIRE can also enable workloads to securely authenticate to a secret store, a database, or a cloud provider service.\n\n- [Get SPIRE](#get-spire)\n- [Learn about SPIRE](#learn-about-spire)\n- [Integrate with SPIRE](#integrate-with-spire)\n- [Contribute to SPIRE](#contribute-to-spire)\n- [Further Reading](#further-reading)\n- [Security](#security)\n\nSPIRE is a [graduated](https://www.cncf.io/projects/spire/) project of the [Cloud Native Computing Foundation](https://cncf.io) (CNCF). If you are an organization that wants to help shape the evolution of technologies that are container-packaged, dynamically-scheduled and microservices-oriented, consider joining the CNCF.\n\n## Get SPIRE\n\n- Pre-built releases of SPIRE can be found at [https://github.com/spiffe/spire/releases](https://github.com/spiffe/spire/releases). These releases contain both SPIRE Server and SPIRE Agent binaries.\n- Container images are published for [spire-server](https://ghcr.io/spiffe/spire-server), [spire-agent](https://ghcr.io/spiffe/spire-agent), and [oidc-discovery-provider](https://ghcr.io/spiffe/oidc-discovery-provider).\n- Alternatively, you can [build SPIRE from source](/CONTRIBUTING.md).\n\n## Learn about SPIRE\n\n- Before trying SPIRE, it's a good idea to learn about its [architecture](https://spiffe.io/spire/) and design goals.\n- Once ready to get started, see the [Quickstart Guides](https://spiffe.io/spire/try/) for Kubernetes, Linux, and MacOS.\n- There are several examples demonstrating SPIRE usage in the [spire-examples](https://github.com/spiffe/spire-examples) and [spire-tutorials](https://github.com/spiffe/spire-tutorials) repositories.\n- Check [ADOPTERS.md](./ADOPTERS.md) for a list of production SPIRE adopters, a view of the ecosystem, and use cases.\n- See the [SPIRE Roadmap](/ROADMAP.md) for a list of planned features and enhancements.\n- [Join](https://slack.spiffe.io/) the SPIFFE community on Slack. If you have any questions about how SPIRE works, or how to get it up and running, the best places to ask questions are the [SPIFFE Slack channels](https://spiffe.slack.com).\n- Download the free book about SPIFFE and SPIRE, \"[Solving the Bottom Turtle](https://spiffe.io/book/).\"\n\n## Integrate with SPIRE\n\n- See [Extend SPIRE](https://spiffe.io/spire/docs/extending/) to learn about the highly extensible SPIRE plugin framework.\n- Officially maintained client libraries for interacting with the [SPIFFE Workload API](https://github.com/spiffe/spiffe/blob/main/standards/SPIFFE_Workload_API.md) are available in [Go](https://github.com/spiffe/go-spiffe/tree/main) and [Java](https://github.com/spiffe/java-spiffe). See [SPIFFE Library Usage Examples](https://spiffe.io/spire/try/spiffe-library-usage-examples/) for a full list of official and community libraries, as well as code samples.\n- SPIRE provides an implementation of the [Envoy](https://envoyproxy.io) [Secret Discovery Service](https://www.envoyproxy.io/docs/envoy/latest/configuration/security/secret) (SDS) for use with [Envoy Proxy](https://envoyproxy.io).  SDS can be used to transparently install and rotate TLS certificates and trust bundles in Envoy. See [Using SPIRE with Envoy](https://spiffe.io/spire/docs/envoy/) for more information.\n\nFor supported integration versions, see [Supported Integrations](/doc/supported_integrations.md).\n\n## Contribute to SPIRE\n\nThe SPIFFE community maintains the SPIRE project. Information on the various SIGs and relevant standards can be found in\n\u003chttps://github.com/spiffe/spiffe\u003e.\n\n- See [CONTRIBUTING](https://github.com/spiffe/spire/blob/main/CONTRIBUTING.md) to get started.\n- Use [GitHub Issues](https://github.com/spiffe/spire/issues) to request features or file bugs.\n- See [GOVERNANCE](https://github.com/spiffe/spiffe/blob/main/GOVERNANCE.md) for SPIFFE and SPIRE governance policies.\n\n## Further Reading\n\n- The [Scaling SPIRE guide](/doc/scaling_spire.md) covers design guidelines, recommendations, and deployment models.\n- For an explanation of how SPIRE compares to related systems such as secret stores, identity providers, authorization policy engines and service meshes see [comparisons](https://spiffe.io/spire/comparisons/).\n\n## Security\n\n### Security Assessments\n\nA third party security firm ([Cure53](https://cure53.de/)) completed a security audit of SPIFFE and SPIRE in February of 2021. Additionally, the [CNCF Technical Advisory Group for Security](https://github.com/cncf/tag-security) conducted two assessments on SPIFFE and SPIRE in 2018 and 2020. Please find the reports and supporting material, including the threat model exercise results, below.\n\n- [Cure53 Security Audit Report](doc/cure53-report.pdf)\n- [SIG-Security SPIFFE/SPIRE Security Assessment: summary](https://github.com/cncf/sig-security/tree/main/community/assessments/projects/spiffe-spire)\n- [SIG-Security SPIFFE/SPIRE Security Assessment: full assessment](https://github.com/cncf/sig-security/blob/main/community/assessments/projects/spiffe-spire/self-assessment.md)\n- [Scrutinizing SPIRE to Sensibly Strengthen SPIFFE Security](https://blog.spiffe.io/scrutinizing-spire-security-9c82ba542019)\n\n### Reporting Security Vulnerabilities\n\nIf you've found a vulnerability or a potential vulnerability in SPIRE please let us know at \u003csecurity@spiffe.io\u003e. We'll send a confirmation email to acknowledge your report, and we'll send an additional email when we've identified the issue positively or negatively.\n\n\u003c!-- markdownlint-configure-file { \"MD041\": false } --\u003e\n","funding_links":[],"categories":["Zero Trust","Provisioning","Go (134)","Identity, signing and provenance","Open Source Projects at HPE","Backend frameworks \u0026 libraries","others","Security","Go","零信任","Libraries for creating HTTP middlewares"],"sub_categories":["Routers","Utility/Miscellaneous","Supply chain beyond libraries","路由器","Tutorials"],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fspiffe%2Fspire","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fspiffe%2Fspire","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fspiffe%2Fspire/lists"}