{"id":47126552,"url":"https://github.com/trisacrypto/trisa","last_synced_at":"2026-03-12T19:50:32.371Z","repository":{"id":37052292,"uuid":"205051563","full_name":"trisacrypto/trisa","owner":"trisacrypto","description":"Travel Rule Information Sharing Architecture for Virtual Asset Service Providers","archived":false,"fork":false,"pushed_at":"2025-07-15T20:47:18.000Z","size":19404,"stargazers_count":47,"open_issues_count":6,"forks_count":30,"subscribers_count":12,"default_branch":"main","last_synced_at":"2025-08-15T14:59:23.054Z","etag":null,"topics":["compliance","protocol","rpc","travelrule"],"latest_commit_sha":null,"homepage":"https://trisa.dev","language":"Go","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/trisacrypto.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null}},"created_at":"2019-08-29T01:03:22.000Z","updated_at":"2025-07-15T20:46:43.000Z","dependencies_parsed_at":"2024-05-27T18:13:29.251Z","dependency_job_id":"40032c56-8023-41ea-9a65-e78cfd8eda2f","html_url":"https://github.com/trisacrypto/trisa","commit_stats":null,"previous_names":[],"tags_count":26,"template":false,"template_full_name":null,"purl":"pkg:github/trisacrypto/trisa","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/trisacrypto%2Ftrisa","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/trisacrypto%2Ftrisa/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/trisacrypto%2Ftrisa/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/trisacrypto%2Ftrisa/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/trisacrypto","download_url":"https://codeload.github.com/trisacrypto/trisa/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/trisacrypto%2Ftrisa/sbom","scorecard":{"id":898921,"data":{"date":"2025-08-11","repo":{"name":"github.com/trisacrypto/trisa","commit":"dbfd1ae113d8b56aec086225340f360c434a08e3"},"scorecard":{"version":"v5.2.1-40-gf6ed084d","commit":"f6ed084d17c9236477efd66e5b258b9d4cc7b389"},"score":3.8,"checks":[{"name":"Code-Review","score":2,"reason":"Found 7/30 approved changesets -- score normalized to 2","details":null,"documentation":{"short":"Determines if the project requires human code review before pull requests (aka merge requests) are merged.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#code-review"}},{"name":"Dangerous-Workflow","score":10,"reason":"no dangerous workflow patterns detected","details":null,"documentation":{"short":"Determines if the project's GitHub Action workflows avoid dangerous patterns.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#dangerous-workflow"}},{"name":"Packaging","score":-1,"reason":"packaging workflow not detected","details":["Warn: no GitHub/GitLab publishing workflow detected."],"documentation":{"short":"Determines if the project is published as a package that others can easily download, install, easily update, and uninstall.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#packaging"}},{"name":"Maintained","score":1,"reason":"2 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 1","details":null,"documentation":{"short":"Determines if the project is \"actively maintained\".","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#maintained"}},{"name":"Token-Permissions","score":0,"reason":"detected GitHub workflow tokens with excessive permissions","details":["Warn: no topLevel permission defined: .github/workflows/build.yml:1","Warn: no topLevel permission defined: .github/workflows/publish-docs.yml:1","Info: no jobLevel write permissions found"],"documentation":{"short":"Determines if the project's workflows follow the principle of least privilege.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#token-permissions"}},{"name":"Binary-Artifacts","score":10,"reason":"no binaries found in the repo","details":null,"documentation":{"short":"Determines if the project has generated executable (binary) artifacts in the source repository.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#binary-artifacts"}},{"name":"CII-Best-Practices","score":0,"reason":"no effort to earn an OpenSSF best practices badge detected","details":null,"documentation":{"short":"Determines if the project has an OpenSSF (formerly CII) Best Practices Badge.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#cii-best-practices"}},{"name":"Pinned-Dependencies","score":3,"reason":"dependency not pinned by hash detected -- score normalized to 3","details":["Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build.yml:17: update your workflow using https://app.stepsecurity.io/secureworkflow/trisacrypto/trisa/build.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build.yml:25: update your workflow using https://app.stepsecurity.io/secureworkflow/trisacrypto/trisa/build.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build.yml:46: update your workflow using https://app.stepsecurity.io/secureworkflow/trisacrypto/trisa/build.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build.yml:51: update your workflow using https://app.stepsecurity.io/secureworkflow/trisacrypto/trisa/build.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build.yml:56: update your workflow using https://app.stepsecurity.io/secureworkflow/trisacrypto/trisa/build.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build.yml:64: update your workflow using https://app.stepsecurity.io/secureworkflow/trisacrypto/trisa/build.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/build.yml:69: update your workflow using https://app.stepsecurity.io/secureworkflow/trisacrypto/trisa/build.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build.yml:98: update your workflow using https://app.stepsecurity.io/secureworkflow/trisacrypto/trisa/build.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build.yml:103: update your workflow using https://app.stepsecurity.io/secureworkflow/trisacrypto/trisa/build.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build.yml:108: update your workflow using https://app.stepsecurity.io/secureworkflow/trisacrypto/trisa/build.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build.yml:116: update your workflow using https://app.stepsecurity.io/secureworkflow/trisacrypto/trisa/build.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/build.yml:121: update your workflow using https://app.stepsecurity.io/secureworkflow/trisacrypto/trisa/build.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/publish-docs.yml:14: update your workflow using https://app.stepsecurity.io/secureworkflow/trisacrypto/trisa/publish-docs.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/publish-docs.yml:20: update your workflow using https://app.stepsecurity.io/secureworkflow/trisacrypto/trisa/publish-docs.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/publish-docs.yml:30: update your workflow using https://app.stepsecurity.io/secureworkflow/trisacrypto/trisa/publish-docs.yml/main?enable=pin","Warn: goCommand not pinned by hash: .github/workflows/build.yml:23","Info:   0 out of  11 GitHub-owned GitHubAction dependencies pinned","Info:   0 out of   4 third-party GitHubAction dependencies pinned","Info:   4 out of   5 goCommand dependencies pinned"],"documentation":{"short":"Determines if the project has declared and pinned the dependencies of its build process.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#pinned-dependencies"}},{"name":"Security-Policy","score":0,"reason":"security policy file not detected","details":["Warn: no security policy file detected","Warn: no security file to analyze","Warn: no security file to analyze","Warn: no security file to analyze"],"documentation":{"short":"Determines if the project has published a security policy.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#security-policy"}},{"name":"License","score":10,"reason":"license file detected","details":["Info: project has a license file: LICENSE:0","Info: FSF or OSI recognized license: MIT License: LICENSE:0"],"documentation":{"short":"Determines if the project has defined a license.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#license"}},{"name":"Fuzzing","score":0,"reason":"project is not fuzzed","details":["Warn: no fuzzer integrations found"],"documentation":{"short":"Determines if the project uses fuzzing.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#fuzzing"}},{"name":"Signed-Releases","score":-1,"reason":"no releases found","details":null,"documentation":{"short":"Determines if the project cryptographically signs release artifacts.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#signed-releases"}},{"name":"Branch-Protection","score":-1,"reason":"internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration","details":null,"documentation":{"short":"Determines if the default and release branches are protected with GitHub's branch protection settings.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#branch-protection"}},{"name":"SAST","score":0,"reason":"SAST tool is not run on all commits -- score normalized to 0","details":["Warn: 0 commits out of 20 are checked with a SAST tool"],"documentation":{"short":"Determines if the project uses static code analysis.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#sast"}},{"name":"Vulnerabilities","score":5,"reason":"5 existing vulnerabilities detected","details":["Warn: Project is vulnerable to: GO-2024-3321 / GHSA-v778-237x-gjrc","Warn: Project is vulnerable to: GO-2025-3487 / GHSA-hcg3-q754-cr77","Warn: Project is vulnerable to: GO-2024-3333","Warn: Project is vulnerable to: GO-2025-3503 / GHSA-qxp5-gwg8-xv66","Warn: Project is vulnerable to: GO-2025-3595 / GHSA-vvgc-356p-c3xw"],"documentation":{"short":"Determines if the project has open, known unfixed vulnerabilities.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#vulnerabilities"}}]},"last_synced_at":"2025-08-24T14:47:17.418Z","repository_id":37052292,"created_at":"2025-08-24T14:47:17.419Z","updated_at":"2025-08-24T14:47:17.419Z"},"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":30441208,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-03-12T14:34:45.044Z","status":"ssl_error","status_checked_at":"2026-03-12T14:09:33.793Z","response_time":114,"last_error":"SSL_read: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["compliance","protocol","rpc","travelrule"],"created_at":"2026-03-12T19:50:31.889Z","updated_at":"2026-03-12T19:50:32.359Z","avatar_url":"https://github.com/trisacrypto.png","language":"Go","funding_links":[],"categories":[],"sub_categories":[],"readme":"\n# Travel Rule Information Sharing Architecture (TRISA) for Virtual Asset Service Providers\n\n[![Go Reference](https://pkg.go.dev/badge/github.com/trisacrypto/trisa/pkg.svg)](https://pkg.go.dev/github.com/trisacrypto/trisa/pkg)\n[![Go Report Card](https://goreportcard.com/badge/github.com/trisacrypto/trisa)](https://goreportcard.com/report/github.com/trisacrypto/trisa)\n\nPlease visit the [TRISA website](https://travelrule.io) for more information and the [TRISA documentation](https://testnet.directory) for developer docs and integration.\n\n# Contributing to TRISA\n\nLooking to contribute to the TRISA open source project?\n\nIf you're a developer whose organization is using (or planning to adopt) the TRISA protocol, this section is for you!\n\n## Navigating the Repository\n\nThis repository contains a gRPC implementation of the TRISA protocol as described by the [white paper](https://travelrule.io/trisa-whitepaper/), which leverages [protocol buffers](https://grpc.io/) and Golang.\n\nThe `proto` folder contains the core RPC definitions, including:\n - the interVASP Messaging Standard (IVMS) message definitions, which serve as the basis for how two VASP peers should mutually describe entities involved in cryptographic transfers, including names, locations, and government identifiers. This is the spec that will allow originators to identify themselves to beneficiaries and to request information from those beneficiaries to meet the legal requirements of their regulators.\n - the TRISA Network's service definitions, essentially how the different parts of the API work \u0026mdash; from the exchange of keys (to ensure both peers have the requisite details to exchange information) to the transfer of \"secure envelopes\" (cryptographically sealed protocol buffer messages that can only be decrypted by the intended recipient). The `trisa` subfolder also contains generic message types for transactions that are intended to provide maximum flexibility for a wide range of TRISA use cases.\n\nThe `pkg` folder contains the reference implementation code, including compiled code generated from the protocol buffer definitions in the `proto` folder[^1].\n - The `iso3166` folder contains language codes.\n - The `ivms101` folder extends the generated protobuf code with JSON loading utilities, validation helpers, short constants, etc.\n - The `trisa` folder contains structs and methods for a range of TRISA-related tasks, such as performing cryptography and making mTLS connections.\n\n The `lib` folder is intended to showcase utility code similar to that in the `pkg` folder, but for languages other than Go. If you work in a language other than go, this would be a great place to start your contribution!\n\n[^1]: Note that these compiled files are compiled for Golang; but this is certainly not the only option. Those interested in building implementation code in a different language should look to the `lib` folder, which currently contains placeholder folders but is intended to showcase such other implementations (including compiled protocol buffer code for these other languages).\n\n## The Global Directory Service\n\nAnother integral part of the TRISA protocol is the Global Directory Service, which serves as a look-up tool for TRISA members to identify peers with which they wish to exchange information. For RPC definitions and implementation code related to the Global Directory Service, visit the companion [directory repository](https://github.com/trisacrypto/directory). To learn more about how to become a member of the directory, visit [trisa.directory](https://trisa.directory/).\n\n## Translations\n\nTranslations of the documentation on trisa.dev are done periodically by human translators, and may become out-of-sync with the English text or reflect errors. If you notice an error, please open a [bug report](https://github.com/trisacrypto/trisa/issues/new) to notify us.\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Ftrisacrypto%2Ftrisa","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Ftrisacrypto%2Ftrisa","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Ftrisacrypto%2Ftrisa/lists"}