{"id":37023462,"url":"https://github.com/versioneye/maven-indexer","last_synced_at":"2026-01-14T02:49:13.096Z","repository":{"id":57729401,"uuid":"42388456","full_name":"versioneye/maven-indexer","owner":"versioneye","description":"Indexer for Maven Repositories","archived":false,"fork":false,"pushed_at":"2017-05-30T18:00:54.000Z","size":175,"stargazers_count":1,"open_issues_count":0,"forks_count":4,"subscribers_count":4,"default_branch":"master","last_synced_at":"2025-08-04T18:56:37.491Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":null,"language":"Java","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/versioneye.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null}},"created_at":"2015-09-13T08:11:10.000Z","updated_at":"2018-12-10T15:58:04.000Z","dependencies_parsed_at":"2022-09-10T22:22:48.348Z","dependency_job_id":null,"html_url":"https://github.com/versioneye/maven-indexer","commit_stats":null,"previous_names":[],"tags_count":3,"template":false,"template_full_name":null,"purl":"pkg:github/versioneye/maven-indexer","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/versioneye%2Fmaven-indexer","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/versioneye%2Fmaven-indexer/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/versioneye%2Fmaven-indexer/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/versioneye%2Fmaven-indexer/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/versioneye","download_url":"https://codeload.github.com/versioneye/maven-indexer/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/versioneye%2Fmaven-indexer/sbom","scorecard":{"id":919020,"data":{"date":"2025-08-11","repo":{"name":"github.com/versioneye/maven-indexer","commit":"8a3e9f2528a8f99c9811a768593b16b96600c12b"},"scorecard":{"version":"v5.2.1-40-gf6ed084d","commit":"f6ed084d17c9236477efd66e5b258b9d4cc7b389"},"score":1.3,"checks":[{"name":"Packaging","score":-1,"reason":"packaging workflow not detected","details":["Warn: no GitHub/GitLab publishing workflow detected."],"documentation":{"short":"Determines if the project is published as a package that others can easily download, install, easily update, and uninstall.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#packaging"}},{"name":"Token-Permissions","score":-1,"reason":"No tokens found","details":null,"documentation":{"short":"Determines if the project's workflows follow the principle of least privilege.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#token-permissions"}},{"name":"Dangerous-Workflow","score":-1,"reason":"no workflows found","details":null,"documentation":{"short":"Determines if the project's GitHub Action workflows avoid dangerous patterns.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#dangerous-workflow"}},{"name":"Code-Review","score":0,"reason":"Found 0/30 approved changesets -- score normalized to 0","details":null,"documentation":{"short":"Determines if the project requires human code review before pull requests (aka merge requests) are merged.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#code-review"}},{"name":"Pinned-Dependencies","score":-1,"reason":"no dependencies found","details":null,"documentation":{"short":"Determines if the project has declared and pinned the dependencies of its build process.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#pinned-dependencies"}},{"name":"SAST","score":0,"reason":"no SAST tool detected","details":["Warn: no pull requests merged into dev branch"],"documentation":{"short":"Determines if the project uses static code analysis.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#sast"}},{"name":"Maintained","score":0,"reason":"0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0","details":null,"documentation":{"short":"Determines if the project is \"actively maintained\".","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#maintained"}},{"name":"Binary-Artifacts","score":10,"reason":"no binaries found in the repo","details":null,"documentation":{"short":"Determines if the project has generated executable (binary) artifacts in the source repository.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#binary-artifacts"}},{"name":"CII-Best-Practices","score":0,"reason":"no effort to earn an OpenSSF best practices badge detected","details":null,"documentation":{"short":"Determines if the project has an OpenSSF (formerly CII) Best Practices Badge.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#cii-best-practices"}},{"name":"Security-Policy","score":0,"reason":"security policy file not detected","details":["Warn: no security policy file detected","Warn: no security file to analyze","Warn: no security file to analyze","Warn: no security file to analyze"],"documentation":{"short":"Determines if the project has published a security policy.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#security-policy"}},{"name":"Fuzzing","score":0,"reason":"project is not fuzzed","details":["Warn: no fuzzer integrations found"],"documentation":{"short":"Determines if the project uses fuzzing.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#fuzzing"}},{"name":"License","score":0,"reason":"license file not detected","details":["Warn: project does not have a license file"],"documentation":{"short":"Determines if the project has defined a license.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#license"}},{"name":"Signed-Releases","score":-1,"reason":"no releases found","details":null,"documentation":{"short":"Determines if the project cryptographically signs release artifacts.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#signed-releases"}},{"name":"Branch-Protection","score":0,"reason":"branch protection not enabled on development/release branches","details":["Warn: branch protection not enabled for branch 'master'"],"documentation":{"short":"Determines if the default and release branches are protected with GitHub's branch protection settings.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#branch-protection"}},{"name":"Vulnerabilities","score":0,"reason":"30 existing vulnerabilities detected","details":["Warn: Project is vulnerable to: GHSA-mm8h-8587-p46h","Warn: Project is vulnerable to: GHSA-w4g2-9hj6-5472","Warn: Project is vulnerable to: GHSA-78wr-2p64-hpwj","Warn: Project is vulnerable to: GHSA-gwrp-pvrq-jmwv","Warn: Project is vulnerable to: GHSA-jv4x-j47q-6qvp","Warn: Project is vulnerable to: GHSA-7r82-7xv7-xcpj","Warn: Project is vulnerable to: GHSA-7rjr-3q55-vv33","Warn: Project is vulnerable to: GHSA-8489-44mv-ggj8","Warn: Project is vulnerable to: GHSA-jfh8-c2jp-5v3q","Warn: Project is vulnerable to: GHSA-p6xc-xr62-6r2g","Warn: Project is vulnerable to: GHSA-vwqq-5vrc-xw9h","Warn: Project is vulnerable to: GHSA-2f88-5hg8-9x2x","Warn: Project is vulnerable to: GHSA-48rh-qgjr-xfj6","Warn: Project is vulnerable to: GHSA-gp7f-rwcx-9369","Warn: Project is vulnerable to: GHSA-m72m-mhq2-9p6c","Warn: Project is vulnerable to: GHSA-36p3-wjmg-h94x","Warn: Project is vulnerable to: GHSA-hh26-6xwr-ggv7","Warn: Project is vulnerable to: GHSA-4gc7-5j7h-4qph","Warn: Project is vulnerable to: GHSA-4wp7-92pw-q264","Warn: Project is vulnerable to: GHSA-g5mm-vmx4-3rg7","Warn: Project is vulnerable to: GHSA-4487-x383-qpph","Warn: Project is vulnerable to: GHSA-f26x-pr96-vw86","Warn: Project is vulnerable to: GHSA-ffvq-7w96-97p7","Warn: Project is vulnerable to: GHSA-g8hw-794c-4j9g","Warn: Project is vulnerable to: GHSA-rcpf-vj53-7h2m","Warn: Project is vulnerable to: GHSA-v596-fwhq-8x48","Warn: Project is vulnerable to: GHSA-558x-2xjg-6232","Warn: Project is vulnerable to: GHSA-564r-hj7v-mcr5","Warn: Project is vulnerable to: GHSA-9cmq-m9j5-mvww","Warn: Project is vulnerable to: GHSA-wxqc-pxw9-g2p8"],"documentation":{"short":"Determines if the project has open, known unfixed vulnerabilities.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#vulnerabilities"}}]},"last_synced_at":"2025-08-24T23:42:07.621Z","repository_id":57729401,"created_at":"2025-08-24T23:42:07.621Z","updated_at":"2025-08-24T23:42:07.621Z"},"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":28408762,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-01-14T01:52:23.358Z","status":"online","status_checked_at":"2026-01-14T02:00:06.678Z","response_time":107,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2026-01-14T02:49:12.582Z","updated_at":"2026-01-14T02:49:13.082Z","avatar_url":"https://github.com/versioneye.png","language":"Java","funding_links":[],"categories":[],"sub_categories":[],"readme":"[![Dependency Status](https://www.versioneye.com/user/projects/56d6ba3dfa908e000e348ffc/badge.svg?style=flat)](https://www.versioneye.com/user/projects/56d6ba3dfa908e000e348ffc)\n\n# maven-indexer\n\nThis Maven project is using\n[org.apache.maven.indexer/indexer-core](https://www.versioneye.com/java/org.apache.maven.indexer:indexer-core/5.1.1)\nto fetch and read maven indexes. Unfortunately the indexer-core project still relies on\nMaven 3.0.5. With higher versions of Maven the indexer-core is not running correctly.\n\nThis project is only fetching and reading Maven indexes from different repository servers.\nThe project checks if the artefact is already in the [VersionEye](https://www.versioneye.com)\nDB or not. If the artefact\nis a new one it sends a message to the RabbitMQ server with the corresponding coordiantes.\nThere are different RabbitMQ workers running on Maven 3.3.X withe Eclipse Aether,\nfetching and parsing the actual pom file and writing the new artefact to the VersionEye DB.\n\n## Start the backend services for VersionEye\n\nThis project contains a [docker-compose.yml](docker-compose.yml) file which describes the backend services\nof VersionEye. You can start the backend services like this:\n\n```\ndocker-compose up -d\n```\n\nThat will start:\n\n - MongoDB\n - RabbitMQ\n - ElasticSearch\n - Memcached\n\nFor persistence you should comment in and adjust the mount volumes in [docker-compose.yml](docker-compose.yml)\nfor MongoDB and ElasticSearch. If you are not interested in persisting the data on your host you can\nlet it untouched.\n\nShutting down the backend services works like this:\n\n```\ndocker-compose down\n```\n\n## MongoDB Config\n\nAs primary database we are using MongoDB. To make this project work you need to configure\nthe MongoDB connection in `src/main/resources/mongo.properties`. If you run MongoDB as a\nsingle instance, only fill out the first 3 lines.\n\n## RabbitMQ Config\n\nTo configure the RabbitMQ connection adjust the settings in `srm/main/resources/settings.properties`.\n\n## Maven Index Directory Config\n\nThe Maven Indexer is downloading the maven index to a local directory. The working directory for\nthat can be configured here: `srm/main/resources/settings.properties`.\n\n## Dependencies\n\nThis project relies on versioneye_persistence and versioneye_service. These projects are currently\nlocated in the [crawl_j](https://github.com/versioneye/crawl_j) project. Run\n\n```\nmvn install\n```\n\non the crawl_j project to install the dependencies.\n\n## Run\n\nTo start the crawler for Maven Central, run this command with Maven 3.0.5:\n\n```\nmvn crawl:central\n```\n\nThis will fetch the maven index form Maven Central and iterate through it. If it finds an\nArtifact which is not yet in the MongoDB, it will send a message to RabbitMQ. To make this\nfully work it is required that at least 1 RabbitMQ consumer is running which is processing\nthe message from this project. The code for the consumers are located in the `versioneye/crawl_j`\nproject.\n\nThis command will fail if you run it with a Maven version higher than 3.0.5!\n\n## Support\n\nFor commercial support send an email to `support@versioneye.com`.\n\n## License\n\nthis project is licensed under the MIT license!\n\nCopyright (c) 2016 VersionEye GmbH\n\nPermission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the \"Software\"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions:\n\nThe above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software.\n\nTHE SOFTWARE IS PROVIDED \"AS IS\", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fversioneye%2Fmaven-indexer","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fversioneye%2Fmaven-indexer","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fversioneye%2Fmaven-indexer/lists"}