{"id":13398643,"url":"https://github.com/spring-projects/spring-framework","last_synced_at":"2026-03-13T10:04:06.906Z","repository":{"id":37239993,"uuid":"1148753","full_name":"spring-projects/spring-framework","owner":"spring-projects","description":"Spring Framework","archived":false,"fork":false,"pushed_at":"2026-03-08T13:54:21.000Z","size":239135,"stargazers_count":59729,"open_issues_count":358,"forks_count":38914,"subscribers_count":3287,"default_branch":"main","last_synced_at":"2026-03-09T07:36:26.929Z","etag":null,"topics":["framework","spring","spring-framework"],"latest_commit_sha":null,"homepage":"https://spring.io/projects/spring-framework","language":"Java","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/spring-projects.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":"CONTRIBUTING.md","funding":null,"license":"LICENSE.txt","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":"SECURITY.md","support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":null,"dco":null,"cla":null}},"created_at":"2010-12-08T04:04:45.000Z","updated_at":"2026-03-09T07:29:39.000Z","dependencies_parsed_at":"2023-09-22T19:18:56.599Z","dependency_job_id":"12e999da-710d-4703-b558-df35f7a8fbb5","html_url":"https://github.com/spring-projects/spring-framework","commit_stats":{"total_commits":28630,"total_committers":1141,"mean_commits":25.0920245398773,"dds":0.8931889626266154,"last_synced_commit":"ba692aa3efb22c5e686d44f38cec013ba1d83045"},"previous_names":["springsource/spring-framework"],"tags_count":356,"template":false,"template_full_name":null,"purl":"pkg:github/spring-projects/spring-framework","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/spring-projects%2Fspring-framework","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/spring-projects%2Fspring-framework/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/spring-projects%2Fspring-framework/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/spring-projects%2Fspring-framework/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/spring-projects","download_url":"https://codeload.github.com/spring-projects/spring-framework/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/spring-projects%2Fspring-framework/sbom","scorecard":{"id":133309,"data":{"date":"2025-08-04","repo":{"name":"github.com/spring-projects/spring-framework","commit":"29521e2f8a3465049fb2e43efcacb25b84fc2711"},"scorecard":{"version":"v5.2.1-28-gc1d103a9","commit":"c1d103a9bb9f635ec7260bf9aa0699466fa4be0e"},"score":6.2,"checks":[{"name":"Maintained","score":10,"reason":"30 commit(s) and 11 issue activity found in the last 90 days -- score normalized to 10","details":null,"documentation":{"short":"Determines if the project is \"actively maintained\".","url":"https://github.com/ossf/scorecard/blob/c1d103a9bb9f635ec7260bf9aa0699466fa4be0e/docs/checks.md#maintained"}},{"name":"Code-Review","score":0,"reason":"Found 0/30 approved changesets -- score normalized to 0","details":null,"documentation":{"short":"Determines if the project requires human code review before pull requests (aka merge requests) are merged.","url":"https://github.com/ossf/scorecard/blob/c1d103a9bb9f635ec7260bf9aa0699466fa4be0e/docs/checks.md#code-review"}},{"name":"CII-Best-Practices","score":0,"reason":"no effort to earn an OpenSSF best practices badge detected","details":null,"documentation":{"short":"Determines if the project has an OpenSSF (formerly CII) Best Practices Badge.","url":"https://github.com/ossf/scorecard/blob/c1d103a9bb9f635ec7260bf9aa0699466fa4be0e/docs/checks.md#cii-best-practices"}},{"name":"License","score":10,"reason":"license file detected","details":["Info: project has a license file: LICENSE.txt:0","Info: FSF or OSI recognized license: Apache License 2.0: LICENSE.txt:0"],"documentation":{"short":"Determines if the project has defined a license.","url":"https://github.com/ossf/scorecard/blob/c1d103a9bb9f635ec7260bf9aa0699466fa4be0e/docs/checks.md#license"}},{"name":"Packaging","score":-1,"reason":"packaging workflow not detected","details":["Warn: no GitHub/GitLab publishing workflow detected."],"documentation":{"short":"Determines if the project is published as a package that others can easily download, install, easily update, and uninstall.","url":"https://github.com/ossf/scorecard/blob/c1d103a9bb9f635ec7260bf9aa0699466fa4be0e/docs/checks.md#packaging"}},{"name":"Security-Policy","score":10,"reason":"security policy file detected","details":["Info: security policy file detected: SECURITY.md:1","Info: Found linked content: SECURITY.md:1","Info: Found disclosure, vulnerability, and/or timelines in security policy: SECURITY.md:1","Info: Found text in security policy: SECURITY.md:1"],"documentation":{"short":"Determines if the project has published a security policy.","url":"https://github.com/ossf/scorecard/blob/c1d103a9bb9f635ec7260bf9aa0699466fa4be0e/docs/checks.md#security-policy"}},{"name":"Dangerous-Workflow","score":10,"reason":"no dangerous workflow patterns detected","details":null,"documentation":{"short":"Determines if the project's GitHub Action workflows avoid dangerous patterns.","url":"https://github.com/ossf/scorecard/blob/c1d103a9bb9f635ec7260bf9aa0699466fa4be0e/docs/checks.md#dangerous-workflow"}},{"name":"Branch-Protection","score":3,"reason":"branch protection is not maximal on development and all release branches","details":["Info: 'allow deletion' disabled on branch 'main'","Info: 'force pushes' disabled on branch 'main'","Warn: branch 'main' does not require approvers","Warn: codeowners review is not required on branch 'main'","Warn: no status checks found to merge onto branch 'main'"],"documentation":{"short":"Determines if the default and release branches are protected with GitHub's branch protection settings.","url":"https://github.com/ossf/scorecard/blob/c1d103a9bb9f635ec7260bf9aa0699466fa4be0e/docs/checks.md#branch-protection"}},{"name":"Signed-Releases","score":-1,"reason":"no releases found","details":null,"documentation":{"short":"Determines if the project cryptographically signs release artifacts.","url":"https://github.com/ossf/scorecard/blob/c1d103a9bb9f635ec7260bf9aa0699466fa4be0e/docs/checks.md#signed-releases"}},{"name":"Token-Permissions","score":0,"reason":"detected GitHub workflow tokens with excessive permissions","details":["Info: jobLevel 'contents' permission set to 'read': .github/workflows/backport-bot.yml:15","Info: topLevel 'contents' permission set to 'read': .github/workflows/backport-bot.yml:11","Warn: no topLevel permission defined: .github/workflows/build-and-deploy-snapshot.yml:1","Info: topLevel 'contents' permission set to 'read': .github/workflows/build-pull-request.yml:4","Warn: no topLevel permission defined: .github/workflows/ci.yml:1","Warn: topLevel 'actions' permission set to 'write': .github/workflows/deploy-docs.yml:14","Warn: no topLevel permission defined: .github/workflows/release-milestone.yml:1","Warn: no topLevel permission defined: .github/workflows/release.yml:1","Warn: topLevel 'contents' permission set to 'write': .github/workflows/update-antora-ui-spring.yml:11","Warn: no topLevel permission defined: .github/workflows/verify.yml:1","Info: no jobLevel write permissions found"],"documentation":{"short":"Determines if the project's workflows follow the principle of least privilege.","url":"https://github.com/ossf/scorecard/blob/c1d103a9bb9f635ec7260bf9aa0699466fa4be0e/docs/checks.md#token-permissions"}},{"name":"SAST","score":0,"reason":"no SAST tool detected","details":["Warn: no pull requests merged into dev branch"],"documentation":{"short":"Determines if the project uses static code analysis.","url":"https://github.com/ossf/scorecard/blob/c1d103a9bb9f635ec7260bf9aa0699466fa4be0e/docs/checks.md#sast"}},{"name":"Vulnerabilities","score":10,"reason":"0 existing vulnerabilities detected","details":null,"documentation":{"short":"Determines if the project has open, known unfixed vulnerabilities.","url":"https://github.com/ossf/scorecard/blob/c1d103a9bb9f635ec7260bf9aa0699466fa4be0e/docs/checks.md#vulnerabilities"}},{"name":"Binary-Artifacts","score":9,"reason":"binaries present in source code","details":["Warn: binary detected: gradle/wrapper/gradle-wrapper.jar:1"],"documentation":{"short":"Determines if the project has generated executable (binary) artifacts in the source repository.","url":"https://github.com/ossf/scorecard/blob/c1d103a9bb9f635ec7260bf9aa0699466fa4be0e/docs/checks.md#binary-artifacts"}},{"name":"Pinned-Dependencies","score":6,"reason":"dependency not pinned by hash detected -- score normalized to 6","details":["Info: Possibly incomplete results: error parsing shell code: invalid parameter name: .github/workflows/release-milestone.yml:80","Info: Possibly incomplete results: error parsing shell code: invalid parameter name: .github/workflows/release.yml:79","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/backport-bot.yml:21: update your workflow using https://app.stepsecurity.io/secureworkflow/spring-projects/spring-framework/backport-bot.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/backport-bot.yml:23: update your workflow using https://app.stepsecurity.io/secureworkflow/spring-projects/spring-framework/backport-bot.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build-and-deploy-snapshot.yml:16: update your workflow using https://app.stepsecurity.io/secureworkflow/spring-projects/spring-framework/build-and-deploy-snapshot.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build-pull-request.yml:13: update your workflow using https://app.stepsecurity.io/secureworkflow/spring-projects/spring-framework/build-pull-request.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build-pull-request.yml:22: update your workflow using https://app.stepsecurity.io/secureworkflow/spring-projects/spring-framework/build-pull-request.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:38: update your workflow using https://app.stepsecurity.io/secureworkflow/spring-projects/spring-framework/ci.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/deploy-docs.yml:22: update your workflow using https://app.stepsecurity.io/secureworkflow/spring-projects/spring-framework/deploy-docs.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release-milestone.yml:16: update your workflow using https://app.stepsecurity.io/secureworkflow/spring-projects/spring-framework/release-milestone.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release.yml:15: update your workflow using https://app.stepsecurity.io/secureworkflow/spring-projects/spring-framework/release.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/verify.yml:33: update your workflow using https://app.stepsecurity.io/secureworkflow/spring-projects/spring-framework/verify.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/verify.yml:39: update your workflow using https://app.stepsecurity.io/secureworkflow/spring-projects/spring-framework/verify.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/verify.yml:44: update your workflow using https://app.stepsecurity.io/secureworkflow/spring-projects/spring-framework/verify.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/verify.yml:67: update your workflow using https://app.stepsecurity.io/secureworkflow/spring-projects/spring-framework/verify.yml/main?enable=pin","Warn: downloadThenRun not pinned by hash: .github/workflows/backport-bot.yml:34","Info:   4 out of  17 GitHub-owned GitHubAction dependencies pinned","Info:   8 out of   8 third-party GitHubAction dependencies pinned","Info:   0 out of   1 downloadThenRun dependencies pinned"],"documentation":{"short":"Determines if the project has declared and pinned the dependencies of its build process.","url":"https://github.com/ossf/scorecard/blob/c1d103a9bb9f635ec7260bf9aa0699466fa4be0e/docs/checks.md#pinned-dependencies"}},{"name":"Fuzzing","score":10,"reason":"project is fuzzed","details":["Info: OSSFuzz integration found"],"documentation":{"short":"Determines if the project uses fuzzing.","url":"https://github.com/ossf/scorecard/blob/c1d103a9bb9f635ec7260bf9aa0699466fa4be0e/docs/checks.md#fuzzing"}}]},"last_synced_at":"2025-08-16T05:44:16.926Z","repository_id":37239993,"created_at":"2025-08-16T05:44:16.926Z","updated_at":"2025-08-16T05:44:16.926Z"},"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":30464987,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-03-13T06:34:02.089Z","status":"ssl_error","status_checked_at":"2026-03-13T06:33:49.182Z","response_time":60,"last_error":"SSL_connect returned=1 errno=0 peeraddr=140.82.121.5:443 state=error: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["framework","spring","spring-framework"],"created_at":"2024-07-30T19:00:29.873Z","updated_at":"2026-03-13T10:04:06.891Z","avatar_url":"https://github.com/spring-projects.png","language":"Java","readme":"# \u003cimg src=\"framework-docs/src/docs/spring-framework.png\" width=\"80\" height=\"80\"\u003e Spring Framework [![Build Status](https://github.com/spring-projects/spring-framework/actions/workflows/build-and-deploy-snapshot.yml/badge.svg?branch=main)](https://github.com/spring-projects/spring-framework/actions/workflows/build-and-deploy-snapshot.yml?query=branch%3Amain) [![Revved up by Develocity](https://img.shields.io/badge/Revved%20up%20by-Develocity-06A0CE?logo=Gradle\u0026labelColor=02303A)](https://ge.spring.io/scans?search.rootProjectNames=spring)\n\nThis is the home of the Spring Framework: the foundation for all [Spring projects](https://spring.io/projects). Collectively the Spring Framework and the family of Spring projects are often referred to simply as \"Spring\". \n\nSpring provides everything required beyond the Java programming language for creating enterprise applications for a wide range of scenarios and architectures. Please read the [Overview](https://docs.spring.io/spring-framework/reference/overview.html) section of the reference documentation for a more complete introduction.\n\n## Code of Conduct\n\nThis project is governed by the [Spring Code of Conduct](https://github.com/spring-projects/spring-framework/?tab=coc-ov-file#contributor-code-of-conduct). By participating, you are expected to uphold this code of conduct. Please report unacceptable behavior to spring-code-of-conduct@spring.io.\n\n## Access to Binaries\n\nFor access to artifacts or a distribution zip, see the [Spring Framework Artifacts](https://github.com/spring-projects/spring-framework/wiki/Spring-Framework-Artifacts) wiki page.\n\n## Documentation\n\nThe Spring Framework maintains reference documentation ([published](https://docs.spring.io/spring-framework/reference/) and [source](framework-docs/modules/ROOT)), GitHub [wiki pages](https://github.com/spring-projects/spring-framework/wiki), and an\n[API reference](https://docs.spring.io/spring-framework/docs/current/javadoc-api/). There are also [guides and tutorials](https://spring.io/guides) across Spring projects.\n\n## Micro-Benchmarks\n\nSee the [Micro-Benchmarks](https://github.com/spring-projects/spring-framework/wiki/Micro-Benchmarks) wiki page.\n\n## Build from Source\n\nSee the [Build from Source](https://github.com/spring-projects/spring-framework/wiki/Build-from-Source) wiki page and the [CONTRIBUTING.md](CONTRIBUTING.md) file.\n\n## Continuous Integration Builds\n\nCI builds are defined with [GitHub Actions workflows](.github/workflows).\n\n## Stay in Touch\n\nFollow [@SpringCentral](https://twitter.com/springcentral), [@SpringFramework](https://twitter.com/springframework), and its [team members](https://twitter.com/springframework/lists/team/members) on 𝕏. In-depth articles can be found at [The Spring Blog](https://spring.io/blog/), and releases are announced via our [releases feed](https://spring.io/blog/category/releases).\n\n## License\n\nThe Spring Framework is released under version 2.0 of the [Apache License](https://www.apache.org/licenses/LICENSE-2.0).\n","funding_links":[],"categories":["Java","Misc","I. Development","HarmonyOS","数据库开发"],"sub_categories":["Frameworks:","1. Common frameworks and libraries","Windows Manager"],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fspring-projects%2Fspring-framework","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fspring-projects%2Fspring-framework","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fspring-projects%2Fspring-framework/lists"}