{"id":21590981,"url":"https://github.com/toolsplus/atlassian-connect-play","last_synced_at":"2026-03-04T09:00:42.335Z","repository":{"id":47408034,"uuid":"85818154","full_name":"toolsplus/atlassian-connect-play","owner":"toolsplus","description":"Atlassian Connect for Scala and Play Framework","archived":false,"fork":false,"pushed_at":"2026-03-03T05:57:42.000Z","size":322,"stargazers_count":7,"open_issues_count":3,"forks_count":1,"subscribers_count":2,"default_branch":"master","last_synced_at":"2026-03-03T08:23:54.795Z","etag":null,"topics":["atlassian","atlassian-connect","bitbucket","confluence","jira","jwt","play-framework","scala"],"latest_commit_sha":null,"homepage":"","language":"Scala","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/toolsplus.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":"CONTRIBUTING.md","funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":null,"dco":null,"cla":null}},"created_at":"2017-03-22T11:07:14.000Z","updated_at":"2026-03-03T05:57:44.000Z","dependencies_parsed_at":"2025-09-15T12:17:33.262Z","dependency_job_id":"7ad5e478-d5cc-4a4c-92ad-d3bcd43dc3a9","html_url":"https://github.com/toolsplus/atlassian-connect-play","commit_stats":null,"previous_names":[],"tags_count":35,"template":false,"template_full_name":null,"purl":"pkg:github/toolsplus/atlassian-connect-play","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/toolsplus%2Fatlassian-connect-play","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/toolsplus%2Fatlassian-connect-play/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/toolsplus%2Fatlassian-connect-play/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/toolsplus%2Fatlassian-connect-play/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/toolsplus","download_url":"https://codeload.github.com/toolsplus/atlassian-connect-play/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/toolsplus%2Fatlassian-connect-play/sbom","scorecard":{"id":628268,"data":{"date":"2025-08-11","repo":{"name":"github.com/toolsplus/atlassian-connect-play","commit":"0e04b0bb504214060f3c77ad2497379800b5f745"},"scorecard":{"version":"v5.2.1-40-gf6ed084d","commit":"f6ed084d17c9236477efd66e5b258b9d4cc7b389"},"score":3.8,"checks":[{"name":"Token-Permissions","score":0,"reason":"detected GitHub workflow tokens with excessive permissions","details":["Warn: no topLevel permission defined: .github/workflows/ci.yml:1","Warn: no topLevel permission defined: .github/workflows/scala-steward.yml:1","Info: no jobLevel write permissions found"],"documentation":{"short":"Determines if the project's workflows follow the principle of least privilege.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#token-permissions"}},{"name":"Packaging","score":-1,"reason":"packaging workflow not detected","details":["Warn: no GitHub/GitLab publishing workflow detected."],"documentation":{"short":"Determines if the project is published as a package that others can easily download, install, easily update, and uninstall.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#packaging"}},{"name":"Maintained","score":0,"reason":"0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0","details":null,"documentation":{"short":"Determines if the project is \"actively maintained\".","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#maintained"}},{"name":"Code-Review","score":0,"reason":"Found 0/23 approved changesets -- score normalized to 0","details":null,"documentation":{"short":"Determines if the project requires human code review before pull requests (aka merge requests) are merged.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#code-review"}},{"name":"Binary-Artifacts","score":10,"reason":"no binaries found in the repo","details":null,"documentation":{"short":"Determines if the project has generated executable (binary) artifacts in the source repository.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#binary-artifacts"}},{"name":"Dangerous-Workflow","score":10,"reason":"no dangerous workflow patterns detected","details":null,"documentation":{"short":"Determines if the project's GitHub Action workflows avoid dangerous patterns.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#dangerous-workflow"}},{"name":"Pinned-Dependencies","score":0,"reason":"dependency not pinned by hash detected -- score normalized to 0","details":["Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:8: update your workflow using https://app.stepsecurity.io/secureworkflow/toolsplus/atlassian-connect-play/ci.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:9: update your workflow using https://app.stepsecurity.io/secureworkflow/toolsplus/atlassian-connect-play/ci.yml/master?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/ci.yml:14: update your workflow using https://app.stepsecurity.io/secureworkflow/toolsplus/atlassian-connect-play/ci.yml/master?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/ci.yml:18: update your workflow using https://app.stepsecurity.io/secureworkflow/toolsplus/atlassian-connect-play/ci.yml/master?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/scala-steward.yml:14: update your workflow using https://app.stepsecurity.io/secureworkflow/toolsplus/atlassian-connect-play/scala-steward.yml/master?enable=pin","Info:   0 out of   2 GitHub-owned GitHubAction dependencies pinned","Info:   0 out of   3 third-party GitHubAction dependencies pinned"],"documentation":{"short":"Determines if the project has declared and pinned the dependencies of its build process.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#pinned-dependencies"}},{"name":"CII-Best-Practices","score":0,"reason":"no effort to earn an OpenSSF best practices badge detected","details":null,"documentation":{"short":"Determines if the project has an OpenSSF (formerly CII) Best Practices Badge.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#cii-best-practices"}},{"name":"Vulnerabilities","score":10,"reason":"0 existing vulnerabilities detected","details":null,"documentation":{"short":"Determines if the project has open, known unfixed vulnerabilities.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#vulnerabilities"}},{"name":"Security-Policy","score":0,"reason":"security policy file not detected","details":["Warn: no security policy file detected","Warn: no security file to analyze","Warn: no security file to analyze","Warn: no security file to analyze"],"documentation":{"short":"Determines if the project has published a security policy.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#security-policy"}},{"name":"Fuzzing","score":0,"reason":"project is not fuzzed","details":["Warn: no fuzzer integrations found"],"documentation":{"short":"Determines if the project uses fuzzing.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#fuzzing"}},{"name":"License","score":10,"reason":"license file detected","details":["Info: project has a license file: LICENSE:0","Info: FSF or OSI recognized license: Apache License 2.0: LICENSE:0"],"documentation":{"short":"Determines if the project has defined a license.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#license"}},{"name":"Signed-Releases","score":-1,"reason":"no releases found","details":null,"documentation":{"short":"Determines if the project cryptographically signs release artifacts.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#signed-releases"}},{"name":"Branch-Protection","score":-1,"reason":"internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration","details":null,"documentation":{"short":"Determines if the default and release branches are protected with GitHub's branch protection settings.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#branch-protection"}},{"name":"SAST","score":0,"reason":"SAST tool is not run on all commits -- score normalized to 0","details":["Warn: 0 commits out of 14 are checked with a SAST tool"],"documentation":{"short":"Determines if the project uses static code analysis.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#sast"}}]},"last_synced_at":"2025-08-21T07:08:23.479Z","repository_id":47408034,"created_at":"2025-08-21T07:08:23.479Z","updated_at":"2025-08-21T07:08:23.479Z"},"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":30076935,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-03-04T08:01:56.766Z","status":"ssl_error","status_checked_at":"2026-03-04T08:00:42.919Z","response_time":59,"last_error":"SSL_connect returned=1 errno=0 peeraddr=140.82.121.5:443 state=error: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["atlassian","atlassian-connect","bitbucket","confluence","jira","jwt","play-framework","scala"],"created_at":"2024-11-24T16:21:31.335Z","updated_at":"2026-03-04T09:00:42.310Z","avatar_url":"https://github.com/toolsplus.png","language":"Scala","funding_links":[],"categories":[],"sub_categories":[],"readme":"Atlassian Connect Play\n======================\n\n[![Continuous integration](https://github.com/toolsplus/atlassian-connect-play/actions/workflows/ci.yml/badge.svg)](https://github.com/toolsplus/atlassian-connect-play/actions/workflows/ci.yml)\n[![codecov](https://codecov.io/gh/toolsplus/atlassian-connect-play/branch/master/graph/badge.svg)](https://codecov.io/gh/toolsplus/atlassian-connect-play)\n[![Maven Central](https://img.shields.io/maven-central/v/io.toolsplus/atlassian-connect-play-core_3.svg)](https://maven-badges.herokuapp.com/maven-central/io.toolsplus/atlassian-connect-play-core_3)\n\n\nThis project contains a [Play Scala](https://www.playframework.com/) based \nimplementation of the [Atlassian Connect](https://connect.atlassian.com/) framework. \nIt serves as a starter for building Atlassian Connect add-ons for JIRA and Confluence.\n\n## Quick start\n\natlassian-connect-play is published to Maven Central for Scala 3 and Play 3, \nso you can just add the following to your build:\n\n    libraryDependencies += \"io.toolsplus\" %% \"atlassian-connect-play\" % \"x.x.x\"\n\n## Basics\n\nYou can generate a fresh project by cloning the seed project, which will provide \nyou with the basic project structure. Alternatively if you have an existing Scala \nproject, you can manually add the framework dependency to your project to turn \nit into an Atlassian Connect add-on.\n\n### Creating a project from the seed project\n\nThe easiest way to get started is by cloning the [Atlassian Connect Play Seed](atlassian-connect-play-seed) \nproject.\n\n## Responding to requests\n \n### Requests from an Atlassian Host\n\n### Requests from the add-on\n\n\n## Making API requests to the product\n\n### Send requests as the add-on\n\natlassian-connect-play will automatically sign requests from your add-on to an \ninstalled host product with JSON Web Tokens. To make a request, inject an \n`AtlassianConnectHttpClient` object into your class.\nThen call `authenticatedAsAddon(url)` with a relative URL. Make sure you have a \nimplicit instance of `AtlassianHost` available in the calling function. It is \nrequired to sign and determine the absolute URL for the outgoing request.\n\n    class RestClient @Inject()(httpClient: AtlassianConnectHttpClient) {\n   \n        def fetchIssue(issueKey: String)(implicit host: AtlassianHost): Future[WSResponse] = {\n            httpClient.authenticatedAsAddon(s\"/rest/api/2/issue/$issueKey\").get\n        }\n    }\n\n### Send requests as a user\n\nNot yet implemented.\n\n## Authenticating requests from iframe content back to the add-on\n\nThe initial request to load iframe content served by the add-on is secured by \nJWT, as described above. However, add-ons often need to make authenticated \nrequests back to the add-on from within the iframe. Using sessions is not \nrecommended, since some browsers block third-party cookies by default. Also, the \nJWT token issued by the Atlassian host cannot be used for other requests to the \nadd-on since it contains the `qsh` (query-string hash) claim.\n\nInstead, add-ons can use the JWT *self-authentication token* - provided by \natlassian-connect-play. \nPages (iframes) rendered by a add-on may include a meta tag containing an \ninitial self-authentication token.\n\n    \u003cmeta name=\"token\" content=\"@token\"\u003e\n \nA client-side script can easily extract the token\n \n    document.head.querySelector(\"[name=token]\").content\n \nand use it to sign the request back to the add-on. Whenever possible, e.g. for \nAJAX requests, the token should be sent in the Authorization HTTP header:\n\n    beforeSend: function (request) {\n        request.setRequestHeader(\"Authorization\", \"JWT \" + token);\n    }\nYou can also send the token in the `jwt` query parameter:\n\n    \u003ca href=\"/protected-resource?jwt=...\"\u003eSee more\u003c/a\u003e\n    \nAdd-ons may respond to client-side requests with refreshed token provided in the\nAuthorization HTTP header. You may save the refreshed token for the next request\nback to the add-on.\n\n## Reacting to add-on lifecycle events\n\n\n## Configuration\n\n### Referencing configuration values in the add-on\n\n\n## Making your add-on production ready\n  \n\n## Contributing\n \nPull requests are always welcome. Please follow the [contribution guidelines](CONTRIBUTING.md).\n\n## License\n\natlassian-connect-play is licensed under the **[Apache License, Version 2.0][apache]** (the\n\"License\"); you may not use this software except in compliance with the License.\n\nUnless required by applicable law or agreed to in writing, software\ndistributed under the License is distributed on an \"AS IS\" BASIS,\nWITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\nSee the License for the specific language governing permissions and\nlimitations under the License.\n\n[atlassian-connect-play-seed]: https://github.com/toolsplus/atlassian-connect-play-seed\n[apache]: http://www.apache.org/licenses/LICENSE-2.0\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Ftoolsplus%2Fatlassian-connect-play","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Ftoolsplus%2Fatlassian-connect-play","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Ftoolsplus%2Fatlassian-connect-play/lists"}