{"id":14109266,"url":"https://github.com/spotify/spotify-checkstyle-config","last_synced_at":"2026-01-14T02:29:50.563Z","repository":{"id":57727187,"uuid":"62063237","full_name":"spotify/spotify-checkstyle-config","owner":"spotify","description":"The Spotify checkstyle configuration","archived":true,"fork":false,"pushed_at":"2020-07-08T00:29:48.000Z","size":75,"stargazers_count":26,"open_issues_count":3,"forks_count":15,"subscribers_count":13,"default_branch":"master","last_synced_at":"2025-12-26T16:51:10.260Z","etag":null,"topics":["checkstyle","java"],"latest_commit_sha":null,"homepage":null,"language":null,"has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"lgpl-2.1","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/spotify.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE.txt","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null}},"created_at":"2016-06-27T14:40:30.000Z","updated_at":"2025-05-10T16:22:01.000Z","dependencies_parsed_at":"2022-09-26T21:51:17.008Z","dependency_job_id":null,"html_url":"https://github.com/spotify/spotify-checkstyle-config","commit_stats":null,"previous_names":[],"tags_count":12,"template":false,"template_full_name":null,"purl":"pkg:github/spotify/spotify-checkstyle-config","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/spotify%2Fspotify-checkstyle-config","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/spotify%2Fspotify-checkstyle-config/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/spotify%2Fspotify-checkstyle-config/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/spotify%2Fspotify-checkstyle-config/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/spotify","download_url":"https://codeload.github.com/spotify/spotify-checkstyle-config/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/spotify%2Fspotify-checkstyle-config/sbom","scorecard":{"id":842231,"data":{"date":"2025-08-11","repo":{"name":"github.com/spotify/spotify-checkstyle-config","commit":"a6a7d8fd0aad0b88d2921b73c6e7ef4b51ebc35f"},"scorecard":{"version":"v5.2.1-40-gf6ed084d","commit":"f6ed084d17c9236477efd66e5b258b9d4cc7b389"},"score":3.4,"checks":[{"name":"Packaging","score":-1,"reason":"packaging workflow not detected","details":["Warn: no GitHub/GitLab publishing workflow detected."],"documentation":{"short":"Determines if the project is published as a package that others can easily download, install, easily update, and uninstall.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#packaging"}},{"name":"Dangerous-Workflow","score":-1,"reason":"no workflows found","details":null,"documentation":{"short":"Determines if the project's GitHub Action workflows avoid dangerous patterns.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#dangerous-workflow"}},{"name":"Binary-Artifacts","score":10,"reason":"no binaries found in the repo","details":null,"documentation":{"short":"Determines if the project has generated executable (binary) artifacts in the source repository.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#binary-artifacts"}},{"name":"Token-Permissions","score":-1,"reason":"No tokens found","details":null,"documentation":{"short":"Determines if the project's workflows follow the principle of least privilege.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#token-permissions"}},{"name":"Maintained","score":0,"reason":"project is archived","details":["Warn: Repository is archived."],"documentation":{"short":"Determines if the project is \"actively maintained\".","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#maintained"}},{"name":"Code-Review","score":3,"reason":"Found 7/20 approved changesets -- score normalized to 3","details":null,"documentation":{"short":"Determines if the project requires human code review before pull requests (aka merge requests) are merged.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#code-review"}},{"name":"Pinned-Dependencies","score":-1,"reason":"no dependencies found","details":null,"documentation":{"short":"Determines if the project has declared and pinned the dependencies of its build process.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#pinned-dependencies"}},{"name":"CII-Best-Practices","score":0,"reason":"no effort to earn an OpenSSF best practices badge detected","details":null,"documentation":{"short":"Determines if the project has an OpenSSF (formerly CII) Best Practices Badge.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#cii-best-practices"}},{"name":"Fuzzing","score":0,"reason":"project is not fuzzed","details":["Warn: no fuzzer integrations found"],"documentation":{"short":"Determines if the project uses fuzzing.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#fuzzing"}},{"name":"Vulnerabilities","score":10,"reason":"0 existing vulnerabilities detected","details":null,"documentation":{"short":"Determines if the project has open, known unfixed vulnerabilities.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#vulnerabilities"}},{"name":"License","score":10,"reason":"license file detected","details":["Info: project has a license file: LICENSE.txt:0","Info: FSF or OSI recognized license: GNU Lesser General Public License v2.1: LICENSE.txt:0"],"documentation":{"short":"Determines if the project has defined a license.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#license"}},{"name":"Signed-Releases","score":-1,"reason":"no releases found","details":null,"documentation":{"short":"Determines if the project cryptographically signs release artifacts.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#signed-releases"}},{"name":"Branch-Protection","score":0,"reason":"branch protection not enabled on development/release branches","details":["Warn: branch protection not enabled for branch 'master'"],"documentation":{"short":"Determines if the default and release branches are protected with GitHub's branch protection settings.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#branch-protection"}},{"name":"Security-Policy","score":0,"reason":"security policy file not detected","details":["Warn: no security policy file detected","Warn: no security file to analyze","Warn: no security file to analyze","Warn: no security file to analyze"],"documentation":{"short":"Determines if the project has published a security policy.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#security-policy"}},{"name":"SAST","score":0,"reason":"SAST tool is not run on all commits -- score normalized to 0","details":["Warn: 0 commits out of 18 are checked with a SAST tool"],"documentation":{"short":"Determines if the project uses static code analysis.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#sast"}}]},"last_synced_at":"2025-08-23T20:44:08.749Z","repository_id":57727187,"created_at":"2025-08-23T20:44:08.749Z","updated_at":"2025-08-23T20:44:08.749Z"},"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":28408711,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-01-14T01:52:23.358Z","status":"online","status_checked_at":"2026-01-14T02:00:06.678Z","response_time":107,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["checkstyle","java"],"created_at":"2024-08-14T10:02:11.558Z","updated_at":"2026-01-14T02:29:50.541Z","avatar_url":"https://github.com/spotify.png","language":null,"funding_links":[],"categories":["Others"],"sub_categories":[],"readme":"Spotify Checkstyle Configuration\n================================\n[![Maven Central](https://img.shields.io/maven-central/v/com.spotify.checkstyle/spotify-checkstyle-config.svg)](https://search.maven.org/#search%7Cga%7C1%7Cg%3A%22com.spotify.checkstyle%22%20spotify-checkstyle-config)\n[![License](https://img.shields.io/github/license/spotify/spotify-checkstyle-config.svg)](LICENSE.txt)\n\n\n\nThis project provides a default configuration for checkstyle at Spotify.\n\nTo use it, configure your maven-checkstyle-plugin like so:\n\n```\n   \u003cplugin\u003e\n     \u003cartifactId\u003emaven-checkstyle-plugin\u003c/artifactId\u003e\n     \u003cversion\u003e2.17\u003c/version\u003e\n     \u003cdependencies\u003e\n       \u003cdependency\u003e\n         \u003cgroupId\u003ecom.spotify.checkstyle\u003c/groupId\u003e\n         \u003cartifactId\u003espotify-checkstyle-config\u003c/artifactId\u003e\n         \u003cversion\u003eLATEST-VERSION\u003c/version\u003e\n       \u003c/dependency\u003e\n       \u003cdependency\u003e\n         \u003cgroupId\u003ecom.puppycrawl.tools\u003c/groupId\u003e\n         \u003cartifactId\u003echeckstyle\u003c/artifactId\u003e\n         \u003cversion\u003e8.24\u003c/version\u003e\n       \u003c/dependency\u003e\n     \u003c/dependencies\u003e\n     \u003cconfiguration\u003e\n       \u003cconfigLocation\u003espotify_checks.xml\u003c/configLocation\u003e\n       \n       \u003c!-- The following parameters are optional: --\u003e\n       \u003cconsoleOutput\u003etrue\u003c/consoleOutput\u003e\n       \u003cfailOnViolation\u003etrue\u003c/failOnViolation\u003e\n       \u003clogViolationsToConsole\u003etrue\u003c/logViolationsToConsole\u003e\n       \u003cviolationSeverity\u003eerror\u003c/violationSeverity\u003e\n     \u003c/configuration\u003e\n     \u003cexecutions\u003e\n       \u003cexecution\u003e\n         \u003cid\u003evalidate\u003c/id\u003e\n         \u003cphase\u003evalidate\u003c/phase\u003e\n         \u003cgoals\u003e\n           \u003cgoal\u003echeck\u003c/goal\u003e\n         \u003c/goals\u003e\n       \u003c/execution\u003e\n     \u003c/executions\u003e\n   \u003c/plugin\u003e\n```\n\nSee the [maven-checkstyle-plugin docs](https://maven.apache.org/plugins/maven-checkstyle-plugin/check-mojo.html) \nfor more information about what the configuration parameters mean.\n\nInternally, we have the above configuration in the `\u003cpluginManagement/\u003e` section of a \ncompany-wide parent pom, meaning that projects only need to specify the below in their\n`\u003cbuild\u003e\u003cplugins\u003e` section:\n\n```\n   \u003cplugin\u003e\n      \u003cartifactId\u003emaven-checkstyle-plugin\u003c/artifactId\u003e\n   \u003c/plugin\u003e\n```\n\n# Configuration\n\n## Suppressions\n\nThe configuration of the checkstyle plugin you get from `spotify_checks.xml` tells it to \noptionally look for a file named `suppressions.xml` as per the\n[SuppressionFilter docs](http://checkstyle.sourceforge.net/config_filters.html#SuppressionFilter). \nThis means you can configure suppressions by providing such a file on your\nproject's classpath or in the current directory where you build it - note \nthat for multi-module projects, it's probably a good idea to use something\nlike [this solution](http://stackoverflow.com/a/19690484/1659929) to share\nthe configuration among each sub-module.\n\n# IDEA support\n\nThere is a [configuration file for IntelliJ IDEA](src/main/idea/spotify-checkstyle-idea.xml) that you can import into your project.\n\n# Code of conduct\nThis project adheres to the [Open Code of Conduct][code-of-conduct]. By participating, you are expected to honor this code.\n\n[code-of-conduct]: https://github.com/spotify/code-of-conduct/blob/master/code-of-conduct.md\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fspotify%2Fspotify-checkstyle-config","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fspotify%2Fspotify-checkstyle-config","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fspotify%2Fspotify-checkstyle-config/lists"}