{"id":13441439,"url":"https://github.com/stashed/stash","last_synced_at":"2026-03-09T20:32:52.352Z","repository":{"id":18186898,"uuid":"83371820","full_name":"stashed/stash","owner":"stashed","description":"🛅 Backup your Kubernetes Stateful Applications","archived":false,"fork":false,"pushed_at":"2025-12-30T12:42:51.000Z","size":80597,"stargazers_count":1397,"open_issues_count":111,"forks_count":84,"subscribers_count":20,"default_branch":"master","last_synced_at":"2026-01-12T03:08:19.880Z","etag":null,"topics":["appscode","backup","cloud-native","kubernetes","restic"],"latest_commit_sha":null,"homepage":"https://stash.run","language":"Go","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"other","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/stashed.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE.md","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":null,"dco":"DCO","cla":null}},"created_at":"2017-02-28T00:37:01.000Z","updated_at":"2026-01-01T12:25:02.000Z","dependencies_parsed_at":"2023-12-13T00:35:53.982Z","dependency_job_id":"23c3224d-2353-4813-b2ec-3ff6f0cb61ca","html_url":"https://github.com/stashed/stash","commit_stats":{"total_commits":1212,"total_committers":33,"mean_commits":36.72727272727273,"dds":"0.37788778877887785","last_synced_commit":"c0166b9abe0ec4323c7b4df75db885dc5925a622"},"previous_names":["appscode/stash","kubedb/stash"],"tags_count":98,"template":false,"template_full_name":null,"purl":"pkg:github/stashed/stash","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/stashed%2Fstash","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/stashed%2Fstash/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/stashed%2Fstash/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/stashed%2Fstash/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/stashed","download_url":"https://codeload.github.com/stashed/stash/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/stashed%2Fstash/sbom","scorecard":{"id":846662,"data":{"date":"2025-08-11","repo":{"name":"github.com/stashed/stash","commit":"303dc4dfe15c8db8df8854dfc044751b12e98f01"},"scorecard":{"version":"v5.2.1-40-gf6ed084d","commit":"f6ed084d17c9236477efd66e5b258b9d4cc7b389"},"score":3.4,"checks":[{"name":"Packaging","score":-1,"reason":"packaging workflow not detected","details":["Warn: no GitHub/GitLab publishing workflow detected."],"documentation":{"short":"Determines if the project is published as a package that others can easily download, install, easily update, and uninstall.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#packaging"}},{"name":"Token-Permissions","score":0,"reason":"detected GitHub workflow tokens with excessive permissions","details":["Warn: no topLevel permission defined: .github/workflows/ci.yml:1","Warn: no topLevel permission defined: .github/workflows/e2e.yml:1","Warn: no topLevel permission defined: .github/workflows/release-tracker.yml:1","Warn: no topLevel permission defined: .github/workflows/release.yml:1","Warn: no topLevel permission defined: .github/workflows/update-docs.yml:1","Info: no jobLevel write permissions found"],"documentation":{"short":"Determines if the project's workflows follow the principle of least privilege.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#token-permissions"}},{"name":"Code-Review","score":8,"reason":"Found 25/30 approved changesets -- score normalized to 8","details":null,"documentation":{"short":"Determines if the project requires human code review before pull requests (aka merge requests) are merged.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#code-review"}},{"name":"Maintained","score":5,"reason":"6 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 5","details":null,"documentation":{"short":"Determines if the project is \"actively maintained\".","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#maintained"}},{"name":"CII-Best-Practices","score":0,"reason":"no effort to earn an OpenSSF best practices badge detected","details":null,"documentation":{"short":"Determines if the project has an OpenSSF (formerly CII) Best Practices Badge.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#cii-best-practices"}},{"name":"Dangerous-Workflow","score":0,"reason":"dangerous workflow patterns detected","details":["Warn: script injection with untrusted input ' github.event.comment.body ': .github/workflows/e2e.yml:66"],"documentation":{"short":"Determines if the project's GitHub Action workflows avoid dangerous patterns.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#dangerous-workflow"}},{"name":"Security-Policy","score":0,"reason":"security policy file not detected","details":["Warn: no security policy file detected","Warn: no security file to analyze","Warn: no security file to analyze","Warn: no security file to analyze"],"documentation":{"short":"Determines if the project has published a security policy.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#security-policy"}},{"name":"License","score":9,"reason":"license file detected","details":["Info: project has a license file: LICENSE.md:0","Warn: project license file does not contain an FSF or OSI license."],"documentation":{"short":"Determines if the project has defined a license.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#license"}},{"name":"Fuzzing","score":0,"reason":"project is not fuzzed","details":["Warn: no fuzzer integrations found"],"documentation":{"short":"Determines if the project uses fuzzing.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#fuzzing"}},{"name":"Signed-Releases","score":-1,"reason":"no releases found","details":null,"documentation":{"short":"Determines if the project cryptographically signs release artifacts.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#signed-releases"}},{"name":"Branch-Protection","score":-1,"reason":"internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration","details":null,"documentation":{"short":"Determines if the default and release branches are protected with GitHub's branch protection settings.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#branch-protection"}},{"name":"Binary-Artifacts","score":10,"reason":"no binaries found in the repo","details":null,"documentation":{"short":"Determines if the project has generated executable (binary) artifacts in the source repository.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#binary-artifacts"}},{"name":"SAST","score":0,"reason":"SAST tool is not run on all commits -- score normalized to 0","details":["Warn: 0 commits out of 25 are checked with a SAST tool"],"documentation":{"short":"Determines if the project uses static code analysis.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#sast"}},{"name":"Pinned-Dependencies","score":0,"reason":"dependency not pinned by hash detected -- score normalized to 0","details":["Info: Possibly incomplete results: error parsing shell code: \"foo(\" must be followed by ): vendor/sigs.k8s.io/controller-runtime/Makefile:0","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:23: update your workflow using https://app.stepsecurity.io/secureworkflow/stashed/stash/ci.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:29: update your workflow using https://app.stepsecurity.io/secureworkflow/stashed/stash/ci.yml/master?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/ci.yml:33: update your workflow using https://app.stepsecurity.io/secureworkflow/stashed/stash/ci.yml/master?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/ci.yml:38: update your workflow using https://app.stepsecurity.io/secureworkflow/stashed/stash/ci.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/e2e.yml:23: update your workflow using https://app.stepsecurity.io/secureworkflow/stashed/stash/e2e.yml/master?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/e2e.yml:27: update your workflow using https://app.stepsecurity.io/secureworkflow/stashed/stash/e2e.yml/master?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/e2e.yml:32: update your workflow using https://app.stepsecurity.io/secureworkflow/stashed/stash/e2e.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/e2e.yml:93: update your workflow using https://app.stepsecurity.io/secureworkflow/stashed/stash/e2e.yml/master?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/e2e.yml:106: update your workflow using https://app.stepsecurity.io/secureworkflow/stashed/stash/e2e.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release-tracker.yml:18: update your workflow using https://app.stepsecurity.io/secureworkflow/stashed/stash/release-tracker.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release.yml:19: update your workflow using https://app.stepsecurity.io/secureworkflow/stashed/stash/release.yml/master?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/release.yml:28: update your workflow using https://app.stepsecurity.io/secureworkflow/stashed/stash/release.yml/master?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/release.yml:33: update your workflow using https://app.stepsecurity.io/secureworkflow/stashed/stash/release.yml/master?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/release.yml:46: update your workflow using https://app.stepsecurity.io/secureworkflow/stashed/stash/release.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/update-docs.yml:20: update your workflow using https://app.stepsecurity.io/secureworkflow/stashed/stash/update-docs.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/update-docs.yml:25: update your workflow using https://app.stepsecurity.io/secureworkflow/stashed/stash/update-docs.yml/master?enable=pin","Warn: containerImage not pinned by hash: Dockerfile.dbg:15: pin your Docker image by updating debian:12 to debian:12@sha256:731dd1380d6a8d170a695dbeb17fe0eade0e1c29f654cf0a3a07f372191c3f4b","Warn: containerImage not pinned by hash: Dockerfile.dbg:31","Warn: containerImage not pinned by hash: Dockerfile.in:15: pin your Docker image by updating debian:12 to debian:12@sha256:731dd1380d6a8d170a695dbeb17fe0eade0e1c29f654cf0a3a07f372191c3f4b","Warn: containerImage not pinned by hash: Dockerfile.in:31","Warn: containerImage not pinned by hash: Dockerfile.test:15: pin your Docker image by updating debian:bullseye to debian:bullseye@sha256:8ec25a9073e8cc89a184a6256e219828196d75203375a8ad4f0977f3011f2115","Warn: containerImage not pinned by hash: Dockerfile.test:31","Warn: goCommand not pinned by hash: vendor/github.com/codegangsta/inject/update_readme.sh:2","Warn: goCommand not pinned by hash: vendor/github.com/json-iterator/go/build.sh:10","Warn: goCommand not pinned by hash: vendor/google.golang.org/grpc/regenerate.sh:35","Warn: goCommand not pinned by hash: vendor/google.golang.org/grpc/vet.sh:37","Warn: downloadThenRun not pinned by hash: .github/workflows/e2e.yml:39","Warn: downloadThenRun not pinned by hash: .github/workflows/e2e.yml:100","Warn: downloadThenRun not pinned by hash: .github/workflows/release-tracker.yml:31","Warn: downloadThenRun not pinned by hash: .github/workflows/update-docs.yml:29","Info: 0 out of 8 GitHub-owned GitHubAction dependencies pinned","Info: 0 out of 8 third-party GitHubAction dependencies pinned","Info: 0 out of 6 containerImage dependencies pinned","Info: 2 out of 6 goCommand dependencies pinned","Info: 0 out of 4 downloadThenRun dependencies pinned"],"documentation":{"short":"Determines if the project has declared and pinned the dependencies of its build process.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#pinned-dependencies"}},{"name":"Vulnerabilities","score":7,"reason":"3 existing vulnerabilities detected","details":["Warn: Project is vulnerable to: GO-2022-0635","Warn: Project is vulnerable to: GO-2022-0646","Warn: Project is vulnerable to: GO-2025-3829 / GHSA-4vq8-7jfc-9cvp"],"documentation":{"short":"Determines if the project has open, known unfixed vulnerabilities.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#vulnerabilities"}}]},"last_synced_at":"2025-08-23T21:38:20.690Z","repository_id":18186898,"created_at":"2025-08-23T21:38:20.690Z","updated_at":"2025-08-23T21:38:20.690Z"},"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":30310785,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-03-09T20:05:46.299Z","status":"ssl_error","status_checked_at":"2026-03-09T19:57:04.425Z","response_time":61,"last_error":"SSL_connect returned=1 errno=0 peeraddr=140.82.121.6:443 state=error: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["appscode","backup","cloud-native","kubernetes","restic"],"created_at":"2024-07-31T03:01:33.939Z","updated_at":"2026-03-09T20:32:52.327Z","avatar_url":"https://github.com/stashed.png","language":"Go","readme":"[![Go Report Card](https://goreportcard.com/badge/stash.appscode.dev/stash)](https://goreportcard.com/report/stash.appscode.dev/stash)\n[![Build Status](https://github.com/stashed/stash/workflows/CI/badge.svg)](https://github.com/stashed/stash/actions?workflow=CI)\n[![Docker Pulls](https://img.shields.io/docker/pulls/appscode/stash.svg)](https://hub.docker.com/r/appscode/stash/)\n[![Slack](https://shields.io/badge/Join_Slack-salck?color=4A154B\u0026logo=slack)](https://slack.appscode.com)\n[![Twitter](https://img.shields.io/twitter/follow/kubestash.svg?style=social\u0026logo=twitter\u0026label=Follow)](https://twitter.com/intent/follow?screen_name=KubeStash)\n\n# Stash\n\n[Stash](https://stash.run) by AppsCode is a cloud-native data backup and recovery solution for Kubernetes workloads. If you are running production workloads in Kubernetes, you might want to take backup of your disks, databases, etc. Traditional tools are too complex to set up and maintain in a dynamic compute environment like Kubernetes. Stash is a Kubernetes operator that uses [restic](https://github.com/restic/restic) or Kubernetes CSI Driver VolumeSnapshotter functionality to address these issues. Using Stash, you can backup Kubernetes volumes mounted in workloads, stand-alone volumes, and databases. Users may even extend Stash via [addons](https://stash.run/docs/latest/guides/latest/addons/overview/) for any custom workload.\n\n## Features\n\n| Features | Community Edition | Enterprise Edition | Scope |\n| --------------------------------------------------------------------------------------- | :---------------------------------: | :-------------------------------------------------: | ------------------------------------------------------------------------------------------------------------------------------------------------------------------- |\n| | Open source Stash Free for everyone | Open Core Stash for production Enterprise workloads | |\n| Backup \u0026 Restore Workload Data | \u0026#10003; | \u0026#10003; | Deployment, DaemonSet, StatefulSet, ReplicaSet, ReplicationController, OpenShift DeploymentConfig |\n| Backup \u0026 Restore Stand-alone Volume (PVC) | \u0026#10003; | \u0026#10003; | PersistentVolumeClaim, PersistentVolume |\n| Schedule Backup, Instant Backup | \u0026#10003; | \u0026#10003; | Schedule through [cron expression](https://en.wikipedia.org/wiki/Cron) or trigger instant backup using Stash Kubernetes plugin |\n| Pause Backup | \u0026#10003; | \u0026#10003; | No new backup when paused. |\n| Backup \u0026 Restore subset of files | \u0026#10003; | \u0026#10003; | Only backup/restore the files that matches the provided patterns |\n| Cleanup old snapshots automatically | \u0026#10003; | \u0026#10003; | Cleanup old snapshots according to different [retention policies](https://restic.readthedocs.io/en/stable/060_forget.html#removing-snapshots-according-to-a-policy) |\n| Encryption, Deduplication (send only diff) | \u0026#10003; | \u0026#10003; | Encrypt backed up data with AES-256. Stash only sends the changes since last backup. |\n| [CSI Driver Integration](https://kubernetes.io/docs/concepts/storage/volume-snapshots/) | \u0026#10003; | \u0026#10003; | VolumeSnapshot for Kubernetes workloads. Supported for Kubernetes v1.17.0+. |\n| Prometheus Metrics | \u0026#10003; | \u0026#10003; | Rich backup metrics, restore metrics and Stash operator metrics. |\n| Security | \u0026#10003; | \u0026#10003; | Built-in support for RBAC, PSP and Network Policy |\n| CLI | \u0026#10003; | \u0026#10003; | `kubectl` plugin (for Kubernetes 1.12+) |\n| Extensibility and Customizability | \u0026#10003; | \u0026#10003; | Write addons for bespoke applications and customize currently supported workloads |\n| Hooks | \u0026#10003; | \u0026#10003; | Execute `httpGet`, `httpPost`, `tcpSocket` and `exec` hooks before and after of backup or restore process. |\n| Cloud Storage as Backend | \u0026#10003; | \u0026#10003; | Stores backup data in AWS S3, Minio, Rook, GCS, Azure, OpenStack Swift, Backblaze B2 and Rest Server |\n| On-prem Storage as Backend | \u0026#10007; | \u0026#10003; | Stores backup data in any locally mounted Kubernetes Volumes such as NFS, etc. |\n| Backup \u0026 Restore databases | \u0026#10007; | \u0026#10003; | PostgreSQL, MySQL, MongoDB, Elasticsearch, Redis, MariaDB, Percona XtraDB |\n| Auto Backup | \u0026#10007; | \u0026#10003; | Share backup configuration across workloads using templates. Enable backup for a target application via annotation. |\n| Batch Backup \u0026 Batch Restore | \u0026#10007; | \u0026#10003; | Backup and restore co-related applications (eg, WordPress server and its database) together |\n| Point-In-Time Recovery (PITR) | \u0026#10007; | Planned | Restore a set of files from a time in the past. |\n\n## Installation\n\nTo install Stash, please follow the guide [here](https://stash.run/docs/latest/setup/).\n\n## Using Stash\n\nWant to learn how to use Stash? Please start [here](https://stash.run/docs/latest/).\n\n## Contribution guidelines\n\nWant to help improve Stash? Please start [here](https://stash.run/docs/latest/welcome/contributing).\n\n## Acknowledgement\n\n- Many thanks to [Alexander Neumann](https://github.com/fd0) for [Restic](https://restic.net) project.\n\n## Support\n\nTo speak with us, please leave a message on [our website](https://appscode.com/contact/).\n\nTo join public discussions with the Stash community, join us in the [AppsCode Slack team](https://appscode.slack.com/messages/C8NCX6N23/details/) channel `#stash`. To sign up, use our [Slack inviter](https://slack.appscode.com/).\n\nTo receive product announcements, follow us on [Twitter](https://twitter.com/KubeStash).\n\nIf you have found a bug with Stash or want to request new features, please [file an issue](https://github.com/stashed/project/issues/new).\n\n## License\n\n[![FOSSA Status](https://app.fossa.io/api/projects/git%2Bgithub.com%2Fstashed%2Fstash.svg?type=large)](https://app.fossa.io/projects/git%2Bgithub.com%2Fstashed%2Fstash?ref=badge_large)\n","funding_links":[],"categories":["HarmonyOS","Go","kubernetes","[💾 sysadmin-devops](https://github.com/stars/ketsapiwiq/lists/sysadmin-devops)","Data Protection \u0026 Backup","OPS","Other"],"sub_categories":["Windows Manager"],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fstashed%2Fstash","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fstashed%2Fstash","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fstashed%2Fstash/lists"}