{"id":18835999,"url":"https://github.com/stevespringett/alpine","last_synced_at":"2025-11-12T21:28:18.816Z","repository":{"id":17658384,"uuid":"80898327","full_name":"stevespringett/Alpine","owner":"stevespringett","description":"An opinionated scaffolding framework that jumpstarts Java projects with an API-first design, secure defaults, and minimal dependencies","archived":false,"fork":false,"pushed_at":"2025-04-04T13:28:19.000Z","size":2597,"stargazers_count":63,"open_issues_count":17,"forks_count":49,"subscribers_count":8,"default_branch":"master","last_synced_at":"2025-04-07T03:11:20.587Z","etag":null,"topics":["api-first","java","jdo","ldap","lightweight","rest","rest-api","scaffolding","secure-by-default","swagger","thin-server-architecture"],"latest_commit_sha":null,"homepage":"","language":"Java","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/stevespringett.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE.txt","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2017-02-04T06:16:32.000Z","updated_at":"2025-04-04T13:28:16.000Z","dependencies_parsed_at":"2023-02-10T16:00:39.120Z","dependency_job_id":"2ca14d11-58aa-4875-8c37-3ee4297be05a","html_url":"https://github.com/stevespringett/Alpine","commit_stats":null,"previous_names":[],"tags_count":61,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/stevespringett%2FAlpine","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/stevespringett%2FAlpine/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/stevespringett%2FAlpine/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/stevespringett%2FAlpine/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/stevespringett","download_url":"https://codeload.github.com/stevespringett/Alpine/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":248870803,"owners_count":21175106,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["api-first","java","jdo","ldap","lightweight","rest","rest-api","scaffolding","secure-by-default","swagger","thin-server-architecture"],"created_at":"2024-11-08T02:17:50.358Z","updated_at":"2025-11-12T21:28:18.788Z","avatar_url":"https://github.com/stevespringett.png","language":"Java","readme":"[![Build Status](https://github.com/stevespringett/Alpine/workflows/Maven%20CI/badge.svg)](https://github.com/stevespringett/Alpine/actions?workflow=Maven+CI)\n[![Maven Central](https://maven-badges.herokuapp.com/maven-central/us.springett/alpine-parent/badge.svg)](https://maven-badges.herokuapp.com/maven-central/us.springett/alpine-parent)\n[![Codacy Badge](https://api.codacy.com/project/badge/Grade/cefa2866cbc24deeb7fbc83b8f71ad60)](https://www.codacy.com/app/stevespringett/Alpine?utm_source=github.com\u0026amp;utm_medium=referral\u0026amp;utm_content=stevespringett/Alpine\u0026amp;utm_campaign=Badge_Grade)\n[![Dependency Status](https://img.shields.io/librariesio/github/stevespringett/Alpine.svg)](https://libraries.io/github/stevespringett/Alpine)\n[![CII Best Practices](https://bestpractices.coreinfrastructure.org/projects/690/badge)](https://bestpractices.coreinfrastructure.org/projects/690)\n[![License][license-image]][license-url]\n[![Join the chat at https://gitter.im/java-alpine/Lobby](https://badges.gitter.im/java-alpine/Lobby.svg)](https://gitter.im/java-alpine/Lobby?utm_source=badge\u0026utm_medium=badge\u0026utm_campaign=pr-badge\u0026utm_content=badge)\n![Static Analysis][fortify-image]\n[![Component Analysis][sca-image]][sca-url]\n\u003cimg src=\"http://stevespringett.github.io/alpine/images/Alpine.svg\" width=\"300\" align=\"right\"\u003e\n\nAlpine\n=========\n\nAn opinionated scaffolding library that jump-starts Java projects with an \nAPI-first design, secure defaults, and minimal dependencies. Alpine came \nabout due to many commonalities between several of my personal and \nprofessional projects.\n\nAlpine provides the basis for quickly developing a '**Thin Server Architecture**'.\nThis type of architecture shifts the role of webapps to being API providers\nwith little or no responsibility for server-side HTML rendering. This type\nof architecture is perfect for client-side rendered webapps that rely heavily\non JSON, for Single Page Applications (SPA), and to power back-ends that drive\nmobile applications.\n\nDesign Features\n-\n\n* **API-First Design** - \nAlpine assumes an API-first design where REST (via JAX-RS) is\nat its core. The servers resources are stateless and do not rely\non sessions. JSON Web Tokens (JWT) are used to maintain some state\nand are signed with an HMAC.\n\n* **Authentications** - \nAlpine supports multiple types of principals including LDAP users and \nAPI keys, both of which can be integrated into teams for access control.\n\n* **Simplified Event System** - \nAlpine can perform parallel processing of tasks using an asynchronous\npub/sub model. It can easily scale to consume as much or as little of \navailable resources as necessary.\n\n* **Secure By Default** - \nAll REST resources are secure by default, requiring authentication to \naccess them. Gone are the days of forgetting to protect a resource. \n\n* **Flexible Persistences** - \nUses JDO, the most flexible Java persistence specification available. I \nnever understood how JPA, a small subset of JDO, is viewed as progress.\nIt's not.\n\n* **Minimal Dependencies** - \nToo many frameworks unnecessary increase the attack surface of applications \nbuilt using them. Even a simple Hello World application is often susceptible \nto attack from the use of vulnerable components or poorly configured \nframeworks. Alpine includes what is necessary for a modern app, nothing more.\n\n* **Control** - \nFrameworks often force developers higher up the stack, freeing them from\nlow-level details. While this is certainly a huge win for productivity, \ndevelopers often don't understand how their app actually works. Alpine \ndoes not do this. It provides standards-based APIs in a pre-packaged \nlibrary giving developers both full control over their app, as well as a\nproductivity jumpstart.\n\nApplication Features\n-\n\nThe following features are free and require little or no coding just for using Alpine.\n* Authentication for Internal (managed) and LDAP users\n* Authentication via API keys\n* Authentication via JWT\n* Stateless API-first design\n* REST resources are locked down by default (requires authentication)\n* Configurable enforcement of authentication and authorization\n* Built-in support for BCrypt for the hashing and salting of passwords for managed users\n* Built-in models for managed users, LDAP users, API keys, and groups (called teams in Alpine)\n* Built-in and consistent support for pagination and ordering via REST\n* Embedded database\n* Flexible persistence supporting RDBMS and non-RDBMS datastores (via Datanucleus JDO)\n* Separate application and audit logs\n* Scheduled and on-demand execution of parallel tasks via asynchronous pub/sub event framework\n* Extendable and centralized application configuration\n* Lightweight upgrade framework can optionally perform automatic upgrades on startup\n* Built-in input validation (JSR 303 \u0026 349) for all REST resources and default model classes\n* Defensive security mechanisms for enabling:\n  * Click-jacking protection (X-Frame-Options) (RFC-7034)\n  * Content Security Policy (Level 1 and 2)\n  * HTTP Public Key Pinning (HPKP) (RFC-7469)\n  * HTTP Strict Transport Security (HSTS) (RFC-6797)\n  * Whitelist and Blacklist URL filters\n\nBuild Features\n-\n\nThese build-time features are inherited simply by using the Alpine pom\n* Simplifies dependency management. Simply including Alpine as a dependency is all that's required\n* Analysis of third-party components for known vulnerabilities via Sonatype OSS Index \u0026 Retire.js\n* Automatic creation of CycloneDX BoM incorporating all direct and transitive dependencies used\n* Support for HPE Fortify Source Code Analyzer (SCA) (requires Fortify license to use)\n* Alpine apps are automatically built as WARs\n* Optional packaging as an executable WAR containing an embedded Jetty container\n\nCompiling\n-------------------\n\n```bash\nmvn clean install\n````\n\nMaven Usage\n-------------------\n\n```xml\n\u003c!-- Place the parent right after the \u003cproject\u003e root node\n     to inherit all the goodies from alpine-parent pom --\u003e\n\u003cparent\u003e\n    \u003cgroupId\u003eus.springett\u003c/groupId\u003e\n    \u003cartifactId\u003ealpine-parent\u003c/artifactId\u003e\n\u003c/parent\u003e\n\n\u003cdependencies\u003e\n    \u003c!-- Add the alpine dependency --\u003e\n    \u003cdependency\u003e\n        \u003cgroupId\u003eus.springett\u003c/groupId\u003e\n        \u003cartifactId\u003ealpine\u003c/artifactId\u003e\n    \u003c/dependency\u003e\n\u003c/dependencies\u003e\n```\n\nCopyright \u0026 License\n-\n\nAlpine is Copyright (c) Steve Springett. All Rights Reserved.\n\nPermission to modify and redistribute is granted under the terms of the \n[Apache License 2.0](https://github.com/stevespringett/alpine/blob/master/LICENSE.txt)\n\nAlpine makes use of several other open source libraries. Please see\nthe [NOTICE.txt](https://github.com/stevespringett/alpine/blob/master/NOTICE.txt) file for more information.\n\n  [alpine-image]: http://6000rpms.com/images/Alpine.svg\n  [GitHub Wiki]: https://github.com/stevespringett/alpine/wiki\n  [license-image]: https://img.shields.io/badge/license-apache%20v2-brightgreen.svg\n  [license-url]: https://github.com/stevespringett/alpine/blob/master/LICENSE.txt\n  [fortify-image]: https://img.shields.io/badge/static%20analysis-fortify%20sca-blue.svg\n  [sca-image]: https://img.shields.io/badge/component%20analysis-oss%20index-blue.svg\n  [sca-url]: https://ossindex.sonatype.org/\n","funding_links":[],"categories":[],"sub_categories":[],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fstevespringett%2Falpine","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fstevespringett%2Falpine","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fstevespringett%2Falpine/lists"}