{"id":37018616,"url":"https://github.com/trendyol/komposto","last_synced_at":"2026-01-14T02:01:03.641Z","repository":{"id":309891688,"uuid":"748213510","full_name":"Trendyol/komposto","owner":"Trendyol","description":"Android design system built with Jetpack Compose. 20+ reusable UI components with design tokens, RTL support, and accessibility features.","archived":false,"fork":false,"pushed_at":"2026-01-12T10:56:13.000Z","size":9330,"stargazers_count":35,"open_issues_count":3,"forks_count":4,"subscribers_count":6,"default_branch":"main","last_synced_at":"2026-01-12T16:11:35.079Z","etag":null,"topics":["android","android-ui-kit","design-system","ui-components","ui-kit"],"latest_commit_sha":null,"homepage":"https://trendyol.github.io/komposto/","language":"Kotlin","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/Trendyol.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":"CONTRIBUTING.md","funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":".github/CODEOWNERS","security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":null,"dco":null,"cla":null}},"created_at":"2024-01-25T14:11:53.000Z","updated_at":"2026-01-12T10:26:47.000Z","dependencies_parsed_at":"2025-10-07T13:21:55.373Z","dependency_job_id":"0ac30aac-b8fd-4a40-9283-a2845d5c25f8","html_url":"https://github.com/Trendyol/komposto","commit_stats":null,"previous_names":["trendyol/komposto"],"tags_count":6,"template":false,"template_full_name":null,"purl":"pkg:github/Trendyol/komposto","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Trendyol%2Fkomposto","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Trendyol%2Fkomposto/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Trendyol%2Fkomposto/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Trendyol%2Fkomposto/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/Trendyol","download_url":"https://codeload.github.com/Trendyol/komposto/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Trendyol%2Fkomposto/sbom","scorecard":{"id":1238313,"data":{"date":"2025-09-30T08:06:09Z","repo":{"name":"github.com/Trendyol/komposto","commit":"4dbd5ed5b8d11143cdc39b5d16ef058f0a9b9ed4"},"scorecard":{"version":"v4.13.1","commit":"49c0eed3a423f00c872b5c3c9f1bbca9e8aae799"},"score":5.4,"checks":[{"name":"Binary-Artifacts","score":9,"reason":"binaries present in source code","details":["Warn: binary detected: gradle/wrapper/gradle-wrapper.jar:1"],"documentation":{"short":"Determines if the project has generated executable (binary) artifacts in the source repository.","url":"https://github.com/ossf/scorecard/blob/49c0eed3a423f00c872b5c3c9f1bbca9e8aae799/docs/checks.md#binary-artifacts"}},{"name":"Branch-Protection","score":9,"reason":"branch protection is not maximal on development and all release branches","details":["Info: 'force pushes' disabled on branch 'main'","Info: 'allow deletion' disabled on branch 'main'","Info: status checks require up-to-date branches for 'main'","Info: 'last push approval' enabled on branch 'main'","Info: status check found to merge onto on branch 'main'","Info: number of required reviewers is 2 on branch 'main'","Info: stale review dismissal enabled on branch 'main'","Warn: settings do not apply to administrators on branch 'main'","Info: codeowner review is required on branch 'main'"],"documentation":{"short":"Determines if the default and release branches are protected with GitHub's branch protection settings.","url":"https://github.com/ossf/scorecard/blob/49c0eed3a423f00c872b5c3c9f1bbca9e8aae799/docs/checks.md#branch-protection"}},{"name":"CI-Tests","score":-1,"reason":"internal error: internal error: Client.Repositories.ListCheckRunsForRef: error during graphqlHandler.setupCheckRuns: Although you appear to have the correct authorization credentials, the `bridgecrewio` organization has an IP allow list enabled, and your IP address is not permitted to access this resource.","details":null,"documentation":{"short":"Determines if the project runs tests before pull requests are merged.","url":"https://github.com/ossf/scorecard/blob/49c0eed3a423f00c872b5c3c9f1bbca9e8aae799/docs/checks.md#ci-tests"}},{"name":"CII-Best-Practices","score":0,"reason":"no effort to earn an OpenSSF best practices badge detected","details":null,"documentation":{"short":"Determines if the project has an OpenSSF (formerly CII) Best Practices Badge.","url":"https://github.com/ossf/scorecard/blob/49c0eed3a423f00c872b5c3c9f1bbca9e8aae799/docs/checks.md#cii-best-practices"}},{"name":"Code-Review","score":0,"reason":"found 14 unreviewed changesets out of 15 -- score normalized to 0","details":null,"documentation":{"short":"Determines if the project requires human code review before pull requests (aka merge requests) are merged.","url":"https://github.com/ossf/scorecard/blob/49c0eed3a423f00c872b5c3c9f1bbca9e8aae799/docs/checks.md#code-review"}},{"name":"Contributors","score":10,"reason":"3 different organizations found -- score normalized to 10","details":["Info: contributors work for Kodluyoruz,Trendyol,trendyol"],"documentation":{"short":"Determines if the project has a set of contributors from multiple organizations (e.g., companies).","url":"https://github.com/ossf/scorecard/blob/49c0eed3a423f00c872b5c3c9f1bbca9e8aae799/docs/checks.md#contributors"}},{"name":"Dangerous-Workflow","score":10,"reason":"no dangerous workflow patterns detected","details":null,"documentation":{"short":"Determines if the project's GitHub Action workflows avoid dangerous patterns.","url":"https://github.com/ossf/scorecard/blob/49c0eed3a423f00c872b5c3c9f1bbca9e8aae799/docs/checks.md#dangerous-workflow"}},{"name":"Dependency-Update-Tool","score":0,"reason":"no update tool detected","details":["Warn: tool 'RenovateBot' is not used: Follow the instructions from https://docs.renovatebot.com/configuration-options/. (Low effort)","Warn: tool 'Dependabot' is not used: Follow the instructions from https://docs.github.com/code-security/dependabot/dependabot-version-updates/about-dependabot-version-updates. (Low effort)","Warn: tool 'PyUp' is not used: Follow the instructions from https://docs.pyup.io/docs. (Low effort)","Warn: tool 'Sonatype Lift' is not used: Follow the instructions from https://help.sonatype.com/lift/getting-started. (Low effort)"],"documentation":{"short":"Determines if the project uses a dependency update tool.","url":"https://github.com/ossf/scorecard/blob/49c0eed3a423f00c872b5c3c9f1bbca9e8aae799/docs/checks.md#dependency-update-tool"}},{"name":"Fuzzing","score":0,"reason":"project is not fuzzed","details":["Warn: no OSSFuzz integration found: Follow the steps in https://github.com/google/oss-fuzz to integrate fuzzing for your project.\nOver time, try to add fuzzing for more functionalities of your project. (High effort)","Warn: no OneFuzz integration found: Follow the steps in https://github.com/microsoft/onefuzz to start fuzzing for your project.\nOver time, try to add fuzzing for more functionalities of your project. (High effort)","Warn: no GoBuiltInFuzzer integration found: Follow the steps in https://go.dev/doc/fuzz/ to enable fuzzing on your project.\nOver time, try to add fuzzing for more functionalities of your project. (Medium effort)","Warn: no PythonAtherisFuzzer integration found: Follow the steps in https://github.com/google/atheris to enable fuzzing on your project.\nOver time, try to add fuzzing for more functionalities of your project. (Medium effort)","Warn: no CLibFuzzer integration found: Follow the steps in https://llvm.org/docs/LibFuzzer.html to enable fuzzing on your project.\nOver time, try to add fuzzing for more functionalities of your project. (Medium effort)","Warn: no CppLibFuzzer integration found: Follow the steps in https://llvm.org/docs/LibFuzzer.html to enable fuzzing on your project.\nOver time, try to add fuzzing for more functionalities of your project. (Medium effort)","Warn: no SwiftLibFuzzer integration found: Follow the steps in https://google.github.io/oss-fuzz/getting-started/new-project-guide/swift-lang/ to enable fuzzing on your project.\nOver time, try to add fuzzing for more functionalities of your project. (Medium effort)","Warn: no RustCargoFuzzer integration found: Follow the steps in https://rust-fuzz.github.io/book/cargo-fuzz.html to enable fuzzing on your project.\nOver time, try to add fuzzing for more functionalities of your project. (Medium effort)","Warn: no JavaJazzerFuzzer integration found: Follow the steps in https://github.com/CodeIntelligenceTesting/jazzer to enable fuzzing on your project.\nOver time, try to add fuzzing for more functionalities of your project. (Medium effort)","Warn: no ClusterFuzzLite integration found: Follow the steps in https://github.com/google/clusterfuzzlite to integrate fuzzing as part of CI.\nOver time, try to add fuzzing for more functionalities of your project. (High effort)","Warn: no HaskellPropertyBasedTesting integration found: Use one of the following frameworks to fuzz your project:\nQuickCheck: https://hackage.haskell.org/package/QuickCheck\nhedgehog: https://hedgehog.qa/\nvalidity: https://github.com/NorfairKing/validity\nsmallcheck: https://hackage.haskell.org/package/smallcheck\nhspec: https://hspec.github.io/\ntasty: https://hackage.haskell.org/package/tasty (High effort)","Warn: no TypeScriptPropertyBasedTesting integration found: Use fast-check: https://github.com/dubzzz/fast-check (High effort)","Warn: no JavaScriptPropertyBasedTesting integration found: Use fast-check: https://github.com/dubzzz/fast-check (High effort)"],"documentation":{"short":"Determines if the project uses fuzzing.","url":"https://github.com/ossf/scorecard/blob/49c0eed3a423f00c872b5c3c9f1bbca9e8aae799/docs/checks.md#fuzzing"}},{"name":"License","score":10,"reason":"license file detected","details":["Info: License file found in expected location: LICENSE:1","Info: FSF or OSI recognized license: LICENSE:1"],"documentation":{"short":"Determines if the project has defined a license.","url":"https://github.com/ossf/scorecard/blob/49c0eed3a423f00c872b5c3c9f1bbca9e8aae799/docs/checks.md#license"}},{"name":"Maintained","score":10,"reason":"30 commit(s) out of 30 and 1 issue activity out of 3 found in the last 90 days -- score normalized to 10","details":null,"documentation":{"short":"Determines if the project is \"actively maintained\".","url":"https://github.com/ossf/scorecard/blob/49c0eed3a423f00c872b5c3c9f1bbca9e8aae799/docs/checks.md#maintained"}},{"name":"Packaging","score":10,"reason":"publishing workflow detected","details":["Info: GitHub/GitLab publishing workflow used in run https://api.github.com/repos/Trendyol/komposto/actions/runs/16962407417: .github/workflows/publish.yml:12"],"documentation":{"short":"Determines if the project is published as a package that others can easily download, install, easily update, and uninstall.","url":"https://github.com/ossf/scorecard/blob/49c0eed3a423f00c872b5c3c9f1bbca9e8aae799/docs/checks.md#packaging"}},{"name":"Pinned-Dependencies","score":0,"reason":"dependency not pinned by hash detected -- score normalized to 0","details":["Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build-and-send-apk.yml:26: update your workflow using https://app.stepsecurity.io/secureworkflow/Trendyol/komposto/build-and-send-apk.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build-and-send-apk.yml:29: update your workflow using https://app.stepsecurity.io/secureworkflow/Trendyol/komposto/build-and-send-apk.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/build-and-send-apk.yml:35: update your workflow using https://app.stepsecurity.io/secureworkflow/Trendyol/komposto/build-and-send-apk.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/build-and-send-apk.yml:71: update your workflow using https://app.stepsecurity.io/secureworkflow/Trendyol/komposto/build-and-send-apk.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/pr_jobs.yml:15: update your workflow using https://app.stepsecurity.io/secureworkflow/Trendyol/komposto/pr_jobs.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/pr_jobs.yml:17: update your workflow using https://app.stepsecurity.io/secureworkflow/Trendyol/komposto/pr_jobs.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/pr_jobs.yml:27: update your workflow using https://app.stepsecurity.io/secureworkflow/Trendyol/komposto/pr_jobs.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/pr_jobs.yml:29: update your workflow using https://app.stepsecurity.io/secureworkflow/Trendyol/komposto/pr_jobs.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/pr_jobs.yml:39: update your workflow using https://app.stepsecurity.io/secureworkflow/Trendyol/komposto/pr_jobs.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/pr_jobs.yml:41: update your workflow using https://app.stepsecurity.io/secureworkflow/Trendyol/komposto/pr_jobs.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/pr_jobs_screenshot_tests.yml:16: update your workflow using https://app.stepsecurity.io/secureworkflow/Trendyol/komposto/pr_jobs_screenshot_tests.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/pr_jobs_screenshot_tests.yml:25: update your workflow using https://app.stepsecurity.io/secureworkflow/Trendyol/komposto/pr_jobs_screenshot_tests.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/pr_jobs_screenshot_tests.yml:31: update your workflow using https://app.stepsecurity.io/secureworkflow/Trendyol/komposto/pr_jobs_screenshot_tests.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/pr_jobs_screenshot_tests.yml:40: update your workflow using https://app.stepsecurity.io/secureworkflow/Trendyol/komposto/pr_jobs_screenshot_tests.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/pr_jobs_screenshot_tests.yml:43: update your workflow using https://app.stepsecurity.io/secureworkflow/Trendyol/komposto/pr_jobs_screenshot_tests.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/pr_jobs_screenshot_tests.yml:53: update your workflow using https://app.stepsecurity.io/secureworkflow/Trendyol/komposto/pr_jobs_screenshot_tests.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/pr_jobs_screenshot_tests.yml:68: update your workflow using https://app.stepsecurity.io/secureworkflow/Trendyol/komposto/pr_jobs_screenshot_tests.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/pr_jobs_screenshot_tests.yml:84: update your workflow using https://app.stepsecurity.io/secureworkflow/Trendyol/komposto/pr_jobs_screenshot_tests.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/pr_jobs_screenshot_tests.yml:110: update your workflow using https://app.stepsecurity.io/secureworkflow/Trendyol/komposto/pr_jobs_screenshot_tests.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/pr_jobs_screenshot_tests.yml:133: update your workflow using https://app.stepsecurity.io/secureworkflow/Trendyol/komposto/pr_jobs_screenshot_tests.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/publish-docs.yml:20: update your workflow using https://app.stepsecurity.io/secureworkflow/Trendyol/komposto/publish-docs.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/publish-docs.yml:23: update your workflow using https://app.stepsecurity.io/secureworkflow/Trendyol/komposto/publish-docs.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/publish-docs.yml:30: update your workflow using https://app.stepsecurity.io/secureworkflow/Trendyol/komposto/publish-docs.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/publish-docs.yml:41: update your workflow using https://app.stepsecurity.io/secureworkflow/Trendyol/komposto/publish-docs.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/publish-docs.yml:54: update your workflow using https://app.stepsecurity.io/secureworkflow/Trendyol/komposto/publish-docs.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/publish.yml:17: update your workflow using https://app.stepsecurity.io/secureworkflow/Trendyol/komposto/publish.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/publish.yml:20: update your workflow using https://app.stepsecurity.io/secureworkflow/Trendyol/komposto/publish.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/publish.yml:42: update your workflow using https://app.stepsecurity.io/secureworkflow/Trendyol/komposto/publish.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/publish.yml:45: update your workflow using https://app.stepsecurity.io/secureworkflow/Trendyol/komposto/publish.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/publish.yml:52: update your workflow using https://app.stepsecurity.io/secureworkflow/Trendyol/komposto/publish.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/publish.yml:63: update your workflow using https://app.stepsecurity.io/secureworkflow/Trendyol/komposto/publish.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/publish.yml:76: update your workflow using https://app.stepsecurity.io/secureworkflow/Trendyol/komposto/publish.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/publish.yml:99: update your workflow using https://app.stepsecurity.io/secureworkflow/Trendyol/komposto/publish.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/update_screenshots.yml:28: update your workflow using https://app.stepsecurity.io/secureworkflow/Trendyol/komposto/update_screenshots.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/update_screenshots.yml:36: update your workflow using https://app.stepsecurity.io/secureworkflow/Trendyol/komposto/update_screenshots.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/update_screenshots.yml:42: update your workflow using https://app.stepsecurity.io/secureworkflow/Trendyol/komposto/update_screenshots.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/update_screenshots.yml:51: update your workflow using https://app.stepsecurity.io/secureworkflow/Trendyol/komposto/update_screenshots.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/update_screenshots.yml:54: update your workflow using https://app.stepsecurity.io/secureworkflow/Trendyol/komposto/update_screenshots.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/update_screenshots.yml:64: update your workflow using https://app.stepsecurity.io/secureworkflow/Trendyol/komposto/update_screenshots.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/update_screenshots.yml:81: update your workflow using https://app.stepsecurity.io/secureworkflow/Trendyol/komposto/update_screenshots.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/update_screenshots.yml:109: update your workflow using https://app.stepsecurity.io/secureworkflow/Trendyol/komposto/update_screenshots.yml/main?enable=pin","Info:   3 out of  32 GitHub-owned GitHubAction dependencies pinned","Info:   1 out of  13 third-party GitHubAction dependencies pinned"],"documentation":{"short":"Determines if the project has declared and pinned the dependencies of its build process.","url":"https://github.com/ossf/scorecard/blob/49c0eed3a423f00c872b5c3c9f1bbca9e8aae799/docs/checks.md#pinned-dependencies"}},{"name":"SAST","score":-1,"reason":"internal error: Client.Checks.ListCheckRunsForRef: error during graphqlHandler.setupCheckRuns: Although you appear to have the correct authorization credentials, the `bridgecrewio` organization has an IP allow list enabled, and your IP address is not permitted to access this resource.","details":null,"documentation":{"short":"Determines if the project uses static code analysis.","url":"https://github.com/ossf/scorecard/blob/49c0eed3a423f00c872b5c3c9f1bbca9e8aae799/docs/checks.md#sast"}},{"name":"Security-Policy","score":0,"reason":"security policy file not detected","details":["Warn: no security policy file detected: On GitHub:\nEnable private vulnerability disclosure in your repository settings https://docs.github.com/en/code-security/security-advisories/repository-security-advisories/configuring-private-vulnerability-reporting-for-a-repository\nAdd a section in your SECURITY.md indicating you have enabled private reporting, and tell them to follow the steps in https://docs.github.com/en/code-security/security-advisories/guidance-on-reporting-and-writing/privately-reporting-a-security-vulnerability to report vulnerabilities.\nOn GitLab:\nAdd a section in your SECURITY.md indicating the process to disclose vulnerabilities for your project.\nExamples: https://github.com/ossf/scorecard/blob/main/SECURITY.md, https://github.com/slsa-framework/slsa-github-generator/blob/main/SECURITY.md, https://github.com/sigstore/.github/blob/main/SECURITY.md.\nFor additional information on vulnerability disclosure, see https://github.com/ossf/oss-vulnerability-guide/blob/main/maintainer-guide.md. (Medium effort)","Warn: no security file to analyze: On GitHub:\nEnable private vulnerability disclosure in your repository settings https://docs.github.com/en/code-security/security-advisories/repository-security-advisories/configuring-private-vulnerability-reporting-for-a-repository\nAdd a section in your SECURITY.md indicating you have enabled private reporting, and tell them to follow the steps in https://docs.github.com/en/code-security/security-advisories/guidance-on-reporting-and-writing/privately-reporting-a-security-vulnerability to report vulnerabilities.\nOn GitLab:\nProvide a point of contact in your SECURITY.md.\nExamples: https://github.com/ossf/scorecard/blob/main/SECURITY.md, https://github.com/slsa-framework/slsa-github-generator/blob/main/SECURITY.md, https://github.com/sigstore/.github/blob/main/SECURITY.md. (Low effort)","Warn: no security file to analyze: On GitHub:\nEnable private vulnerability disclosure in your repository settings https://docs.github.com/en/code-security/security-advisories/repository-security-advisories/configuring-private-vulnerability-reporting-for-a-repository\nAdd a section in your SECURITY.md indicating you have enabled private reporting, and tell them to follow the steps in https://docs.github.com/en/code-security/security-advisories/guidance-on-reporting-and-writing/privately-reporting-a-security-vulnerability to report vulnerabilities.\nOn GitLab:\nAdd a section in your SECURITY.md indicating the process to disclose vulnerabilities for your project.\nExamples: https://github.com/ossf/scorecard/blob/main/SECURITY.md, https://github.com/slsa-framework/slsa-github-generator/blob/main/SECURITY.md, https://github.com/sigstore/.github/blob/main/SECURITY.md. (Low effort)","Warn: no security file to analyze: On GitHub:\nEnable private vulnerability disclosure in your repository settings https://docs.github.com/en/code-security/security-advisories/repository-security-advisories/configuring-private-vulnerability-reporting-for-a-repository\nAdd a section in your SECURITY.md indicating you have enabled private reporting, and tell them to follow the steps in https://docs.github.com/en/code-security/security-advisories/guidance-on-reporting-and-writing/privately-reporting-a-security-vulnerability to report vulnerabilities.\nOn GitLab:\nAdd a section in your SECURITY.md indicating the process to disclose vulnerabilities for your project.\nExamples: https://github.com/ossf/scorecard/blob/main/SECURITY.md, https://github.com/slsa-framework/slsa-github-generator/blob/main/SECURITY.md, https://github.com/sigstore/.github/blob/main/SECURITY.md. (Low effort)"],"documentation":{"short":"Determines if the project has published a security policy.","url":"https://github.com/ossf/scorecard/blob/49c0eed3a423f00c872b5c3c9f1bbca9e8aae799/docs/checks.md#security-policy"}},{"name":"Signed-Releases","score":-1,"reason":"no releases found","details":["Warn: no GitHub releases found"],"documentation":{"short":"Determines if the project cryptographically signs release artifacts.","url":"https://github.com/ossf/scorecard/blob/49c0eed3a423f00c872b5c3c9f1bbca9e8aae799/docs/checks.md#signed-releases"}},{"name":"Token-Permissions","score":0,"reason":"detected GitHub workflow tokens with excessive permissions","details":["Info: topLevel 'contents' permission set to 'read': .github/workflows/build-and-send-apk.yml:17","Warn: no topLevel permission defined: .github/workflows/pr_jobs.yml:1: Visit https://app.stepsecurity.io/secureworkflow/Trendyol/komposto/pr_jobs.yml/main?enable=permissions\nTick the 'Restrict permissions for GITHUB_TOKEN'\nUntick other options\nNOTE: If you want to resolve multiple issues at once, you can visit https://app.stepsecurity.io/securerepo instead. (Low effort)","Warn: no topLevel permission defined: .github/workflows/pr_jobs_screenshot_tests.yml:1: Visit https://app.stepsecurity.io/secureworkflow/Trendyol/komposto/pr_jobs_screenshot_tests.yml/main?enable=permissions\nTick the 'Restrict permissions for GITHUB_TOKEN'\nUntick other options\nNOTE: If you want to resolve multiple issues at once, you can visit https://app.stepsecurity.io/securerepo instead. (Low effort)","Info: topLevel 'contents' permission set to 'read': .github/workflows/publish-docs.yml:7","Info: topLevel 'contents' permission set to 'read': .github/workflows/publish.yml:7","Info: topLevel permissions set to 'read-all': .github/workflows/scorecard.yml:13","Warn: no topLevel permission defined: .github/workflows/security-gates.yml:1: Visit https://app.stepsecurity.io/secureworkflow/Trendyol/komposto/security-gates.yml/main?enable=permissions\nTick the 'Restrict permissions for GITHUB_TOKEN'\nUntick other options\nNOTE: If you want to resolve multiple issues at once, you can visit https://app.stepsecurity.io/securerepo instead. (Low effort)","Info: jobLevel 'actions' permission set to 'read': .github/workflows/security-gates.yml:19","Info: jobLevel 'contents' permission set to 'read': .github/workflows/security-gates.yml:20","Warn: jobLevel 'security-events' permission set to 'write': .github/workflows/security-gates.yml:21: Verify which permissions are needed and consider whether you can reduce them. (High effort)","Warn: no topLevel permission defined: .github/workflows/update_screenshots.yml:1: Visit https://app.stepsecurity.io/secureworkflow/Trendyol/komposto/update_screenshots.yml/main?enable=permissions\nTick the 'Restrict permissions for GITHUB_TOKEN'\nUntick other options\nNOTE: If you want to resolve multiple issues at once, you can visit https://app.stepsecurity.io/securerepo instead. (Low effort)"],"documentation":{"short":"Determines if the project's workflows follow the principle of least privilege.","url":"https://github.com/ossf/scorecard/blob/49c0eed3a423f00c872b5c3c9f1bbca9e8aae799/docs/checks.md#token-permissions"}},{"name":"Vulnerabilities","score":10,"reason":"no vulnerabilities detected","details":null,"documentation":{"short":"Determines if the project has open, known unfixed vulnerabilities.","url":"https://github.com/ossf/scorecard/blob/49c0eed3a423f00c872b5c3c9f1bbca9e8aae799/docs/checks.md#vulnerabilities"}}]},"last_synced_at":"2025-09-30T08:34:53.077Z","repository_id":309891688,"created_at":"2025-09-30T08:34:53.077Z","updated_at":"2025-09-30T08:34:53.077Z"},"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":28408709,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-01-14T01:52:23.358Z","status":"online","status_checked_at":"2026-01-14T02:00:06.678Z","response_time":107,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["android","android-ui-kit","design-system","ui-components","ui-kit"],"created_at":"2026-01-14T02:00:42.429Z","updated_at":"2026-01-14T02:01:03.579Z","avatar_url":"https://github.com/Trendyol.png","language":"Kotlin","funding_links":[],"categories":[],"sub_categories":[],"readme":"\n[![OpenSSF Scorecard](https://api.scorecard.dev/projects/github.com/Trendyol/komposto/badge)](https://scorecard.dev/viewer/?uri=github.com/Trendyol/komposto)\n# Komposto Design System\n\n[![Maven Central](https://img.shields.io/maven-central/v/com.trendyol.design/core.svg?label=Maven%20Central)](https://search.maven.org/search?q=%22com.trendyol.design%22)\n[![License](https://img.shields.io/badge/License-Apache%202.0-blue.svg)](https://github.com/Trendyol/komposto/blob/main/LICENSE)\n[![Kotlin](https://img.shields.io/badge/Kotlin-2.1.21-blue.svg)](https://kotlinlang.org)\n[![Android](https://img.shields.io/badge/Android-5.0%2B-green.svg)](https://android.com)\n[![Compose](https://img.shields.io/badge/Compose-2025.05.00-brightgreen.svg)](https://developer.android.com/jetpack/compose)\n\nKomposto is Trendyol's comprehensive Android design system built with Jetpack Compose. It provides a collection of reusable UI components, design tokens, and guidelines to help developers create consistent and beautiful user interfaces across Trendyol's Android applications.\n\n## ✨ Features\n\n- **Modern Architecture**: Built with Jetpack Compose\n- **Comprehensive Components**: 20+ UI components covering common use cases\n- **Design Tokens**: Consistent colors, typography, and spacing\n- **RTL Support**: Full right-to-left layout support\n- **Accessibility**: Components follow accessibility best practices\n- **Type Safety**: Kotlin-first design with compile-time safety\n- **Screenshot Testing**: Visual regression testing for components\n- **Showkase Integration**: Interactive component catalog\n\n## 🚀 Installation\n\n### Gradle (Kotlin DSL)\n\nAdd the following dependencies to your `build.gradle.kts`:\n\n```kotlin\ndependencies {\n    // Core module (required)\n    implementation(\"com.trendyol.design:core:latest\")\n    \n    // Theme module (required)\n    implementation(\"com.trendyol.design:theme:latest\")\n    \n    // Optional: Bottom sheet components\n    implementation(\"com.trendyol.design:bottomsheet:latest\")\n}\n```\n\n## 🏗️ Architecture\n\nKomposto is organized into modular components:\n\n- **`core`**: Main UI components and design tokens\n- **`theme`**: Theme configuration and color system\n- **`bottomsheet`**: Bottom sheet components and layouts\n- **`app`**: Demo application with Showkase integration\n\n## 🎨 Getting Started\n\n### 1. Setup Your Theme\n\nCreate your own theme using Komposto's design system. The `TrendyolTheme` in the demo app is just an example - you'll need to set up your own theme provider:\n\n```kotlin\n@Composable\nfun MyAppTheme(\n    content: @Composable () -\u003e Unit\n) {\n    // Create your custom theme\n    val myDesignTheme = KPDesignTheme(\n        colors = KPDesignColors(\n            // Customize colors for your app\n            colorPrimary = Color(0xFF6200EE), // Your brand color\n            colorBackground = Color(0xFFFFFBFE)\n        ),\n        typography = KPDesignTypography(),\n        fontFamily = KPDesignFontFamily()\n    )\n    \n    CompositionLocalProvider(\n        LocalKPDesignTheme provides myDesignTheme\n    ) {\n        content()\n    }\n}\n```\n\n### 2. Wrap Your App\n\nApply your theme to your entire app:\n\n```kotlin\n@Composable\nfun MyApp() {\n    MyAppTheme {\n        // Your app content\n        MyAppContent()\n    }\n}\n```\n\n### 3. Using Components\n\nAccess design tokens and components through `KPDesign`:\n\n```kotlin\n@Composable\nfun MyScreen() {\n    Column {\n        KPText(\n            text = \"Welcome to Komposto\",\n            style = KPDesign.typography.header,\n            color = KPDesign.colors.colorPrimary\n        )\n        \n        KPButton(\n            onClick = { /* Handle click */ },\n            style = KPButtonStyle.Primary,\n            size = KPButtonSize.Large\n        ) {\n            KPText(text = \"Get Started\")\n        }\n    }\n}\n```\n\n### 4. Design Tokens Access\n\nUse design tokens consistently across your app:\n\n```kotlin\n@Composable\nfun MyCustomComponent() {\n    Box(\n        modifier = Modifier\n            .background(KPDesign.colors.colorBackground)\n            .padding(16.dp)\n    ) {\n        KPText(\n            text = \"Custom Component\",\n            style = KPDesign.typography.body1,\n            color = KPDesign.colors.colorOnSurface\n        )\n    }\n}\n```\n\n## 📚 Available Components\n\n### Core Components\n\n| Component | Description |\n|-----------|-------------|\n| **KPButton** | Primary, secondary, and tertiary buttons with various sizes |\n| **KPText** | Typography component with predefined styles |\n| **KPCheckbox** | Checkbox with text and content variants |\n| **KPRadioButton** | Radio button with customizable content |\n| **KPToolbar** | App bar with various action configurations |\n| **KPIcon** | Icon component with size and color options |\n| **KPInputField** | Text input fields (single-line, multi-line, email, password, etc.) |\n| **KPSearchBar** | Search input with customizable appearance |\n| **KPDialog** | Alert, success, error, and generic dialogs |\n| **KPInfoBox** | Information display with icon support |\n| **KPPrice** | Price display with single and dual price modes |\n| **KPRatingBar** | Star rating component |\n| **KPCountdownTimer** | Countdown timer with customizable styling |\n| **KPBoxBadge** | Badge components for various use cases |\n| **KPStateLayout** | Loading and warning state layouts |\n\n### Bottom Sheet Components\n\n| Component | Description |\n|-----------|-------------|\n| **KPBottomSheetHeader** | Header with title and action buttons |\n| **KPBottomSheetListContent** | List-based content for bottom sheets |\n| **KPBottomSheetImageContent** | Image gallery for bottom sheets |\n| **KPBottomSheetSliderContent** | Slider/carousel content |\n| **KPBottomSheetRadioItem** | Radio selection items |\n| **KPBottomSheetCheckboxItem** | Checkbox selection items |\n\n### Design Tokens\n\nAccess design tokens through `KPDesign`:\n\n```kotlin\n// Colors\nKPDesign.colors.colorPrimary\nKPDesign.colors.colorBackground\nKPDesign.colors.colorOnSurface\n\n// Typography\nKPDesign.typography.header\nKPDesign.typography.body1\nKPDesign.typography.body2\n```\n\n## 🧪 Testing\n\nKomposto includes comprehensive screenshot testing. Components are tested across different:\n\n- **Styles**: All component variations\n- **Sizes**: Small, medium, large options\n- **States**: Enabled, disabled, loading, error states\n\n## 📖 Documentation\n\n- **Component Catalog**: Run the demo app to see all components in action\n- **Showkase Integration**: Browse components interactively\n- **API Documentation**: [Dokka Documentation](https://trendyol.github.io/komposto/) - Generated KDoc documentation\n\n## 🤝 Contributing\n\nWe welcome contributions! Please see our [Contributing Guide](CONTRIBUTING.md) for details.\n\n### Development Setup\n\n1. Clone the repository:\n   ```bash\n   git clone https://github.com/Trendyol/komposto.git\n   cd komposto\n   ```\n\n2. Open in Android Studio\n\n3. Run the demo app to see components in action\n\n### Guidelines\n\n- Follow existing component patterns\n- Add screenshot tests for new components\n- Update documentation and examples\n- Maintain backward compatibility\n\n## 📱 Demo App\n\nThe included demo app showcases all components with Showkase integration:\n\n1. Run the `app` module\n2. Browse components by category\n3. View different states and configurations\n4. Copy code examples\n\n## 🔗 Links\n\n- **Documentation**: [https://trendyol.github.io/komposto/](https://trendyol.github.io/komposto/) - API Documentation\n- **GitHub**: [https://github.com/Trendyol/komposto](https://github.com/Trendyol/komposto)\n- **Maven Central**: [https://search.maven.org/search?q=g:com.trendyol.design](https://search.maven.org/search?q=g:com.trendyol.design)\n- **Issues**: [https://github.com/Trendyol/komposto/issues](https://github.com/Trendyol/komposto/issues)\n\n## 📄 License\n\n```\nCopyright 2024 Trendyol\n\nLicensed under the Apache License, Version 2.0 (the \"License\");\nyou may not use this file except in compliance with the License.\nYou may obtain a copy of the License at\n\n    http://www.apache.org/licenses/LICENSE-2.0\n\nUnless required by applicable law or agreed to in writing, software\ndistributed under the License is distributed on an \"AS IS\" BASIS,\nWITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\nSee the License for the specific language governing permissions and\nlimitations under the License.\n```\n\n---\n\n\u003cdiv align=\"center\"\u003e\n  \u003cp\u003eMade with ❤️ by the Komposto Team\u003c/p\u003e\n\u003c/div\u003e\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Ftrendyol%2Fkomposto","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Ftrendyol%2Fkomposto","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Ftrendyol%2Fkomposto/lists"}