feat: support direct imageReference for knative deployments by oleksii-donets · Pull Request #182 · epam/ai-dial-admin-deployment-manager-backend

oleksii-donets · 2026-03-02T09:12:44Z

Applicable issues

fixes [MCP] Allow direct use of external Docker images in Deployment UI (bypass Image Builder) #172

Description of changes

Unified deployment source handling: moved source from per-type tables (nim_deployment, inference_deployment) and individual columns (image_definition_id, image_definition_type, etc.) into a single source JSON column on the base deployment table.
Introduced a Source sealed interface hierarchy (ImageReferenceSource, InternalImageSource, HuggingFaceSource, NgcRegistrySource) in the domain model, replacing scattered fields.
Added direct imageReference source support for Knative deployments (MCP, Adapter, Interceptor), allowing deployments without an image definition.
Updated request/response DTOs to use typed source objects per deployment type (DeploymentSourceDto, NimDeploymentSourceDto, InferenceDeploymentSourceDto).
Refactored DeploymentDtoMapper to use @SubclassMapping with @Mapping(target = "source", ignore = true) on base methods, removing redundant concrete mapper methods. Source mapping handled via @AfterMapping.
Removed redundant Lombok annotations from empty subclasses (CreateAdapterDeployment, CreateInterceptorDeployment, AdapterDeploymentEntity, InterceptorDeploymentEntity, AdapterDeployment, InterceptorDeployment).
Added isjson check constraint on deployment.source column in MS SQL Server migration.
Added DB migrations (H2, Postgres, MSSQL) to unify source data and drop legacy columns.
Extended tests to validate direct image reference behavior, source mapping, and deployment validation.

Checklist

Title of the pull request follows Conventional Commits specification

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.

Allow MCP, Adapter, and Interceptor deployments to use either an internal imageDefinitionId or a direct imageReference, reducing deployment friction for pre-built images and preserving backward compatibility. Made-with: Cursor

ai-dial-actions · 2026-03-02T09:13:36Z

Dependency Review

The following issues were found:

✅ 0 vulnerable package(s)
✅ 0 package(s) with incompatible licenses
✅ 0 package(s) with invalid SPDX license definitions
⚠️ 2 package(s) with unknown licenses.

See the Details below.

License Issues

settings.gradle

Package	Version	License	Issue Type
com.gradle:common-custom-user-data-gradle-plugin	2.1	Null	Unknown License
com.gradle:develocity-gradle-plugin	4.2	Null	Unknown License

OpenSSF Scorecard

Package	Version	Score	Details
maven/com.gradle:common-custom-user-data-gradle-plugin	2.1	Unknown	Unknown
maven/com.gradle:develocity-gradle-plugin	4.2	Unknown	Unknown

Scanned Files

settings.gradle

Use typed source payloads for MCP/Adapter/Interceptor create and response DTOs so clients use one consistent contract for internal images and direct image references. Move source-to-domain conversion into the mapper to keep request DTOs declarative. Made-with: Cursor

...n/java/com/epam/aidial/deployment/manager/dao/entity/deployment/AdapterDeploymentEntity.java

src/main/resources/db/migration/H2/V1.47__AddImageReferenceToKnativeDeployments.sql

Return image origin via the nested source object in deployment list responses and remove redundant top-level image definition fields from DeploymentInfoDto. Made-with: Cursor

Made-with: Cursor # Conflicts: # src/main/java/com/epam/aidial/deployment/manager/model/deployment/AdapterDeployment.java # src/main/java/com/epam/aidial/deployment/manager/model/deployment/InterceptorDeployment.java # src/main/java/com/epam/aidial/deployment/manager/web/dto/DeploymentInfoDto.java # src/main/java/com/epam/aidial/deployment/manager/web/dto/deployment/CreateImageBasedDeploymentRequestDto.java # src/main/java/com/epam/aidial/deployment/manager/web/dto/deployment/ImageBasedDeploymentDto.java # src/main/java/com/epam/aidial/deployment/manager/web/mapper/DeploymentDtoMapper.java

ai-dial-actions · 2026-03-02T13:51:27Z

Dependency Review

The following issues were found:

✅ 0 vulnerable package(s)
✅ 0 package(s) with incompatible licenses
✅ 0 package(s) with invalid SPDX license definitions
⚠️ 2 package(s) with unknown licenses.

See the Details below.

License Issues

settings.gradle

Package	Version	License	Issue Type
com.gradle:common-custom-user-data-gradle-plugin	2.1	Null	Unknown License
com.gradle:develocity-gradle-plugin	4.2	Null	Unknown License

OpenSSF Scorecard

Package	Version	Score	Details
maven/com.gradle:common-custom-user-data-gradle-plugin	2.1	Unknown	Unknown
maven/com.gradle:develocity-gradle-plugin	4.2	Unknown	Unknown

Scanned Files

settings.gradle

ai-dial-actions · 2026-03-02T13:54:17Z

Dependency Review

The following issues were found:

✅ 0 vulnerable package(s)
✅ 0 package(s) with incompatible licenses
✅ 0 package(s) with invalid SPDX license definitions
⚠️ 2 package(s) with unknown licenses.

See the Details below.

License Issues

settings.gradle

Package	Version	License	Issue Type
com.gradle:common-custom-user-data-gradle-plugin	2.1	Null	Unknown License
com.gradle:develocity-gradle-plugin	4.2	Null	Unknown License

OpenSSF Scorecard

Package	Version	Score	Details
maven/com.gradle:common-custom-user-data-gradle-plugin	2.1	Unknown	Unknown
maven/com.gradle:develocity-gradle-plugin	4.2	Unknown	Unknown

Scanned Files

settings.gradle

…ings Prevents MapStruct unmapped-property warnings from failing builds with -Werror after merge-related DTO changes. Made-with: Cursor

ai-dial-actions · 2026-03-02T14:23:30Z

Dependency Review

The following issues were found:

✅ 0 vulnerable package(s)
✅ 0 package(s) with incompatible licenses
✅ 0 package(s) with invalid SPDX license definitions
⚠️ 2 package(s) with unknown licenses.

See the Details below.

License Issues

settings.gradle

Package	Version	License	Issue Type
com.gradle:common-custom-user-data-gradle-plugin	2.1	Null	Unknown License
com.gradle:develocity-gradle-plugin	4.2	Null	Unknown License

OpenSSF Scorecard

Package	Version	Score	Details
maven/com.gradle:common-custom-user-data-gradle-plugin	2.1	Unknown	Unknown
maven/com.gradle:develocity-gradle-plugin	4.2	Unknown	Unknown

Scanned Files

settings.gradle

ai-dial-actions · 2026-03-02T14:30:17Z

Dependency Review

The following issues were found:

✅ 0 vulnerable package(s)
✅ 0 package(s) with incompatible licenses
✅ 0 package(s) with invalid SPDX license definitions
⚠️ 2 package(s) with unknown licenses.

See the Details below.

License Issues

settings.gradle

Package	Version	License	Issue Type
com.gradle:common-custom-user-data-gradle-plugin	2.1	Null	Unknown License
com.gradle:develocity-gradle-plugin	4.2	Null	Unknown License

OpenSSF Scorecard

Package	Version	Score	Details
maven/com.gradle:common-custom-user-data-gradle-plugin	2.1	Unknown	Unknown
maven/com.gradle:develocity-gradle-plugin	4.2	Unknown	Unknown

Scanned Files

settings.gradle

ai-dial-actions · 2026-03-02T15:14:26Z

Dependency Review

The following issues were found:

✅ 0 vulnerable package(s)
✅ 0 package(s) with incompatible licenses
✅ 0 package(s) with invalid SPDX license definitions
⚠️ 2 package(s) with unknown licenses.

See the Details below.

License Issues

settings.gradle

Package	Version	License	Issue Type
com.gradle:common-custom-user-data-gradle-plugin	2.1	Null	Unknown License
com.gradle:develocity-gradle-plugin	4.2	Null	Unknown License

OpenSSF Scorecard

Package	Version	Score	Details
maven/com.gradle:common-custom-user-data-gradle-plugin	2.1	Unknown	Unknown
maven/com.gradle:develocity-gradle-plugin	4.2	Unknown	Unknown

Scanned Files

settings.gradle

ai-dial-actions · 2026-03-02T15:55:46Z

Dependency Review

The following issues were found:

✅ 0 vulnerable package(s)
✅ 0 package(s) with incompatible licenses
✅ 0 package(s) with invalid SPDX license definitions
⚠️ 2 package(s) with unknown licenses.

See the Details below.

License Issues

settings.gradle

Package	Version	License	Issue Type
com.gradle:common-custom-user-data-gradle-plugin	2.1	Null	Unknown License
com.gradle:develocity-gradle-plugin	4.2	Null	Unknown License

OpenSSF Scorecard

Package	Version	Score	Details
maven/com.gradle:common-custom-user-data-gradle-plugin	2.1	Unknown	Unknown
maven/com.gradle:develocity-gradle-plugin	4.2	Unknown	Unknown

Scanned Files

settings.gradle

...ial/deployment/manager/web/dto/deployment/CreateInternalImageDeploymentSourceRequestDto.java

...main/java/com/epam/aidial/deployment/manager/web/dto/deployment/ImageBasedDeploymentDto.java

ai-dial-actions · 2026-03-04T09:23:43Z

Dependency Review

The following issues were found:

✅ 0 vulnerable package(s)
✅ 0 package(s) with incompatible licenses
✅ 0 package(s) with invalid SPDX license definitions
⚠️ 2 package(s) with unknown licenses.

See the Details below.

License Issues

settings.gradle

Package	Version	License	Issue Type
com.gradle:common-custom-user-data-gradle-plugin	2.1	Null	Unknown License
com.gradle:develocity-gradle-plugin	4.2	Null	Unknown License

OpenSSF Scorecard

Package	Version	Score	Details
maven/com.gradle:common-custom-user-data-gradle-plugin	2.1	Unknown	Unknown
maven/com.gradle:develocity-gradle-plugin	4.2	Unknown	Unknown

Scanned Files

settings.gradle

ai-dial-actions · 2026-03-04T09:56:23Z

Dependency Review

The following issues were found:

✅ 0 vulnerable package(s)
✅ 0 package(s) with incompatible licenses
✅ 0 package(s) with invalid SPDX license definitions
⚠️ 2 package(s) with unknown licenses.

See the Details below.

License Issues

settings.gradle

Package	Version	License	Issue Type
com.gradle:common-custom-user-data-gradle-plugin	2.1	Null	Unknown License
com.gradle:develocity-gradle-plugin	4.2	Null	Unknown License

OpenSSF Scorecard

Package	Version	Score	Details
maven/com.gradle:common-custom-user-data-gradle-plugin	2.1	Unknown	Unknown
maven/com.gradle:develocity-gradle-plugin	4.2	Unknown	Unknown

Scanned Files

settings.gradle

...in/java/com/epam/aidial/deployment/manager/model/deployment/CreateInterceptorDeployment.java

Pasichniuk · 2026-03-05T09:04:14Z

Please update PR description to reflect fresh changes

Remove redundant Lombok annotations from empty CreateAdapterDeployment and CreateInterceptorDeployment subclasses. Add isjson check constraint on deployment.source column in MS SQL Server migration. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

ai-dial-actions · 2026-03-05T09:14:45Z

Dependency Review

The following issues were found:

✅ 0 vulnerable package(s)
✅ 0 package(s) with incompatible licenses
✅ 0 package(s) with invalid SPDX license definitions
⚠️ 2 package(s) with unknown licenses.

See the Details below.

License Issues

settings.gradle

Package	Version	License	Issue Type
com.gradle:common-custom-user-data-gradle-plugin	2.1	Null	Unknown License
com.gradle:develocity-gradle-plugin	4.2	Null	Unknown License

OpenSSF Scorecard

Package	Version	Score	Details
maven/com.gradle:common-custom-user-data-gradle-plugin	2.1	Unknown	Unknown
maven/com.gradle:develocity-gradle-plugin	4.2	Unknown	Unknown

Scanned Files

settings.gradle

Pasichniuk · 2026-03-05T09:21:35Z

Make sure FE is ready to support new API changes

ai-dial-actions · 2026-03-05T13:26:04Z

Dependency Review

The following issues were found:

✅ 0 vulnerable package(s)
✅ 0 package(s) with incompatible licenses
✅ 0 package(s) with invalid SPDX license definitions
⚠️ 2 package(s) with unknown licenses.

See the Details below.

License Issues

settings.gradle

Package	Version	License	Issue Type
com.gradle:common-custom-user-data-gradle-plugin	2.1	Null	Unknown License
com.gradle:develocity-gradle-plugin	4.2	Null	Unknown License

OpenSSF Scorecard

Package	Version	Score	Details
maven/com.gradle:common-custom-user-data-gradle-plugin	2.1	Unknown	Unknown
maven/com.gradle:develocity-gradle-plugin	4.2	Unknown	Unknown

Scanned Files

settings.gradle

ai-dial-actions · 2026-03-05T14:40:29Z

Dependency Review

The following issues were found:

✅ 0 vulnerable package(s)
✅ 0 package(s) with incompatible licenses
✅ 0 package(s) with invalid SPDX license definitions
⚠️ 2 package(s) with unknown licenses.

See the Details below.

License Issues

settings.gradle

Package	Version	License	Issue Type
com.gradle:common-custom-user-data-gradle-plugin	2.1	Null	Unknown License
com.gradle:develocity-gradle-plugin	4.2	Null	Unknown License

OpenSSF Scorecard

Package	Version	Score	Details
maven/com.gradle:common-custom-user-data-gradle-plugin	2.1	Unknown	Unknown
maven/com.gradle:develocity-gradle-plugin	4.2	Unknown	Unknown

Scanned Files

settings.gradle

Resolve conflicts: - KnativeDeploymentManager: keep PR's resolveImageName + development's getScaling() - DeploymentInfoDto: add missing imports from development - DeploymentFunctionalTest: keep PR's source-based assertions, drop old scaling assertions Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

ai-dial-actions · 2026-03-09T15:36:34Z

Dependency Review

The following issues were found:

✅ 0 vulnerable package(s)
✅ 0 package(s) with incompatible licenses
✅ 0 package(s) with invalid SPDX license definitions
⚠️ 2 package(s) with unknown licenses.

See the Details below.

License Issues

settings.gradle

Package	Version	License	Issue Type
com.gradle:common-custom-user-data-gradle-plugin	2.1	Null	Unknown License
com.gradle:develocity-gradle-plugin	4.3.1	Null	Unknown License

OpenSSF Scorecard

Package	Version	Score	Details
maven/com.gradle:common-custom-user-data-gradle-plugin	2.1	Unknown	Unknown
maven/com.gradle:develocity-gradle-plugin	4.3.1	Unknown	Unknown

Scanned Files

settings.gradle

ai-dial-actions · 2026-03-09T15:38:28Z

Dependency Review

The following issues were found:

✅ 0 vulnerable package(s)
✅ 0 package(s) with incompatible licenses
✅ 0 package(s) with invalid SPDX license definitions
⚠️ 2 package(s) with unknown licenses.

See the Details below.

License Issues

settings.gradle

Package	Version	License	Issue Type
com.gradle:common-custom-user-data-gradle-plugin	2.1	Null	Unknown License
com.gradle:develocity-gradle-plugin	4.3.1	Null	Unknown License

OpenSSF Scorecard

Package	Version	Score	Details
maven/com.gradle:common-custom-user-data-gradle-plugin	2.1	Unknown	Unknown
maven/com.gradle:develocity-gradle-plugin	4.3.1	Unknown	Unknown

Scanned Files

settings.gradle

V1.47 and V1.48 are now taken by development branch migrations (AddScalingToDeploymentTable, CreateDeploymentTopicsTable). Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

ai-dial-actions · 2026-03-09T16:21:15Z

Dependency Review

The following issues were found:

✅ 0 vulnerable package(s)
✅ 0 package(s) with incompatible licenses
✅ 0 package(s) with invalid SPDX license definitions
⚠️ 2 package(s) with unknown licenses.

See the Details below.

License Issues

settings.gradle

Package	Version	License	Issue Type
com.gradle:common-custom-user-data-gradle-plugin	2.1	Null	Unknown License
com.gradle:develocity-gradle-plugin	4.3.1	Null	Unknown License

OpenSSF Scorecard

Package	Version	Score	Details
maven/com.gradle:common-custom-user-data-gradle-plugin	2.1	Unknown	Unknown
maven/com.gradle:develocity-gradle-plugin	4.3.1	Unknown	Unknown

Scanned Files

settings.gradle

ai-dial-actions · 2026-03-10T11:15:40Z

Dependency Review

The following issues were found:

✅ 0 vulnerable package(s)
✅ 0 package(s) with incompatible licenses
✅ 0 package(s) with invalid SPDX license definitions
⚠️ 2 package(s) with unknown licenses.

See the Details below.

License Issues

settings.gradle

Package	Version	License	Issue Type
com.gradle:common-custom-user-data-gradle-plugin	2.1	Null	Unknown License
com.gradle:develocity-gradle-plugin	4.3.1	Null	Unknown License

OpenSSF Scorecard

Package	Version	Score	Details
maven/com.gradle:common-custom-user-data-gradle-plugin	2.1	Unknown	Unknown
maven/com.gradle:develocity-gradle-plugin	4.3.1	Unknown	Unknown

Scanned Files

settings.gradle

Add feature spec 003-unified-deployment-source with full speckit artifacts (spec, plan, research, data-model, contracts, quickstart, tasks, checklists). Update 7 existing specs to reflect the unified Source sealed interface, source-based image contract for Knative deployments, renamed source classes for Inference/NIM, and schema version bump to V1.49. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

…hema V1.49 already exists in the codebase; the unified deployment source migration will use V1.50 instead. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

…ent-source' into feat/172-image-reference-knative-sources

ai-dial-actions · 2026-03-10T12:49:04Z

Dependency Review

The following issues were found:

✅ 0 vulnerable package(s)
✅ 0 package(s) with incompatible licenses
✅ 0 package(s) with invalid SPDX license definitions
⚠️ 2 package(s) with unknown licenses.

See the Details below.

License Issues

settings.gradle

Package	Version	License	Issue Type
com.gradle:common-custom-user-data-gradle-plugin	2.1	Null	Unknown License
com.gradle:develocity-gradle-plugin	4.3.1	Null	Unknown License

OpenSSF Scorecard

Package	Version	Score	Details
maven/com.gradle:common-custom-user-data-gradle-plugin	2.1	Unknown	Unknown
maven/com.gradle:develocity-gradle-plugin	4.3.1	Unknown	Unknown

Scanned Files

settings.gradle

Resolve merge conflicts with command/args support (development): - Removed command/args and source from inference subclasses (both now on base) - Renumbered UnifyDeploymentSource migrations from V1.49 to V1.50 - Updated KnativeDeploymentManagerTest mocks for new serviceConfig signature - Updated create_mcp_deployment_request_with_command_args.json to use source format Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

ai-dial-actions · 2026-03-10T13:30:09Z

Dependency Review

The following issues were found:

✅ 0 vulnerable package(s)
✅ 0 package(s) with incompatible licenses
✅ 0 package(s) with invalid SPDX license definitions
⚠️ 113 package(s) with unknown licenses.
⚠️ 14 packages with OpenSSF Scorecard issues.

See the Details below.

Snapshot Warnings

⚠️: The number of snapshots compared for the base SHA (0) and the head SHA (1) do not match. You may see unexpected additions in the diff.

Re-running this action after a short time may resolve the issue. See the documentation for more information and troubleshooting advice.

License Issues

settings.gradle

Package	Version	License	Issue Type
biz.aQute.bnd:biz.aqute.bnd.annotation	7.1.0	Null	Unknown License
com.fasterxml.jackson.core:jackson-core	2.21.1	Null	Unknown License
com.fasterxml.jackson.core:jackson-databind	2.21.1	Null	Unknown License
com.fasterxml.jackson.dataformat:jackson-dataformat-cbor	2.21.1	Null	Unknown License
com.fasterxml.jackson.dataformat:jackson-dataformat-yaml	2.21.1	Null	Unknown License
com.fasterxml.jackson.datatype:jackson-datatype-jdk8	2.21.1	Null	Unknown License
com.fasterxml.jackson.datatype:jackson-datatype-jsr310	2.21.1	Null	Unknown License
com.fasterxml.jackson.module:jackson-module-parameter-names	2.21.1	Null	Unknown License
com.fasterxml.jackson:jackson-bom	2.21.1	Null	Unknown License
com.github.javaparser:javaparser-core	3.27.1	Null	Unknown License
com.github.jnr:jffi	1.3.14	Null	Unknown License
com.github.jnr:jnr-enxio	0.32.19	Null	Unknown License
com.github.jnr:jnr-ffi	2.2.18	Null	Unknown License
com.github.jnr:jnr-posix	3.1.21	Null	Unknown License
com.google.api:api-common	2.53.0	Null	Unknown License
com.google.api:gax	2.73.0-rc1	Null	Unknown License
com.google.auth:google-auth-library-oauth2-http	1.42.0-rc1	Null	Unknown License
com.google.cloud.sql:jdbc-socket-factory-core	1.28.0	Null	Unknown License
com.google.cloud.sql:postgres-socket-factory	1.28.0	Null	Unknown License
com.google.errorprone:error_prone_annotations	2.46.0	Null	Unknown License
com.google.http-client:google-http-client	2.1.0-rc1	Null	Unknown License
com.gradle:common-custom-user-data-gradle-plugin	2.1	Null	Unknown License
com.gradle:develocity-gradle-plugin	4.3.1	Null	Unknown License
com.zaxxer:hikaricp	6.3.3	Null	Unknown License
io.fabric8.java-generator:io.fabric8.java-generator.gradle.plugin	7.5.2	Null	Unknown License
io.fabric8:generator-annotations	7.5.2	Null	Unknown License
io.fabric8:java-generator-core	7.5.2	Null	Unknown License
io.fabric8:knative-client	7.5.2	Null	Unknown License
io.fabric8:knative-model	7.5.2	Null	Unknown License
io.fabric8:kubernetes-client-api	7.5.2	Null	Unknown License
io.fabric8:kubernetes-httpclient-vertx	7.5.2	Null	Unknown License
io.fabric8:kubernetes-model-admissionregistration	7.5.2	Null	Unknown License
io.fabric8:kubernetes-model-apiextensions	7.5.2	Null	Unknown License
io.fabric8:kubernetes-model-apps	7.5.2	Null	Unknown License
io.fabric8:kubernetes-model-autoscaling	7.5.2	Null	Unknown License
io.fabric8:kubernetes-model-batch	7.5.2	Null	Unknown License
io.fabric8:kubernetes-model-certificates	7.5.2	Null	Unknown License
io.fabric8:kubernetes-model-common	7.5.2	Null	Unknown License
io.fabric8:kubernetes-model-coordination	7.5.2	Null	Unknown License
io.fabric8:kubernetes-model-core	7.5.2	Null	Unknown License
io.fabric8:kubernetes-model-discovery	7.5.2	Null	Unknown License
io.fabric8:kubernetes-model-events	7.5.2	Null	Unknown License
io.fabric8:kubernetes-model-extensions	7.5.2	Null	Unknown License
io.fabric8:kubernetes-model-flowcontrol	7.5.2	Null	Unknown License
io.fabric8:kubernetes-model-gatewayapi	7.5.2	Null	Unknown License
io.fabric8:kubernetes-model-metrics	7.5.2	Null	Unknown License
io.fabric8:kubernetes-model-networking	7.5.2	Null	Unknown License
io.fabric8:kubernetes-model-node	7.5.2	Null	Unknown License
io.fabric8:kubernetes-model-policy	7.5.2	Null	Unknown License
io.fabric8:kubernetes-model-rbac	7.5.2	Null	Unknown License
io.fabric8:kubernetes-model-resource	7.5.2	Null	Unknown License
io.fabric8:kubernetes-model-scheduling	7.5.2	Null	Unknown License
io.fabric8:kubernetes-model-storageclass	7.5.2	Null	Unknown License
io.fabric8:zjsonpatch	7.5.2	Null	Unknown License
io.modelcontextprotocol.sdk:mcp	0.15.0	Null	Unknown License
io.modelcontextprotocol.sdk:mcp-core	0.15.0	Null	Unknown License
io.modelcontextprotocol.sdk:mcp-json	0.15.0	Null	Unknown License
io.modelcontextprotocol.sdk:mcp-json-jackson2	0.15.0	Null	Unknown License
io.netty:netty-buffer	4.1.130.Final	Null	Unknown License
io.netty:netty-codec	4.1.130.Final	Null	Unknown License
io.netty:netty-codec-compression	4.2.8.Final	Null	Unknown License
io.netty:netty-codec-dns	4.1.130.Final	Null	Unknown License
io.netty:netty-codec-http	4.1.130.Final	Null	Unknown License
io.netty:netty-codec-http2	4.1.130.Final	Null	Unknown License
io.netty:netty-codec-socks	4.1.130.Final	Null	Unknown License
io.netty:netty-common	4.1.130.Final	Null	Unknown License
io.netty:netty-handler	4.1.130.Final	Null	Unknown License
io.netty:netty-handler-proxy	4.1.130.Final	Null	Unknown License
io.netty:netty-resolver	4.1.130.Final	Null	Unknown License
io.netty:netty-resolver-dns	4.1.130.Final	Null	Unknown License
io.netty:netty-resolver-dns-classes-macos	4.1.130.Final	Null	Unknown License
io.netty:netty-resolver-dns-native-macos	4.1.130.Final	Null	Unknown License
io.netty:netty-transport	4.1.130.Final	Null	Unknown License
io.netty:netty-transport-native-epoll	4.1.130.Final	Null	Unknown License
io.netty:netty-transport-native-unix-common	4.1.130.Final	Null	Unknown License
io.opentelemetry.contrib:opentelemetry-aws-resources	1.42.0-alpha	Null	Unknown License
io.opentelemetry.contrib:opentelemetry-gcp-resources	1.42.0-alpha	Null	Unknown License
io.opentelemetry.instrumentation:opentelemetry-instrumentation-bom	2.12.0	Null	Unknown License
io.opentelemetry:opentelemetry-bom	1.46.0	Null	Unknown License
io.sundr:builder-annotations	0.230.1	Null	Unknown License
io.sundr:resourcecify-annotations	0.230.1	Null	Unknown License
io.sundr:sundr-adapter-api	0.230.1	Null	Unknown License
io.sundr:sundr-adapter-apt	0.230.1	Null	Unknown License
io.sundr:sundr-adapter-reflect	0.230.1	Null	Unknown License
io.sundr:sundr-core	0.230.1	Null	Unknown License
io.sundr:sundr-model	0.230.1	Null	Unknown License
io.sundr:sundr-model-base	0.230.1	Null	Unknown License
io.sundr:sundr-model-repo	0.230.1	Null	Unknown License
io.sundr:sundr-model-utils	0.230.1	Null	Unknown License
io.vertx:vertx-auth-common	4.5.24	Null	Unknown License
io.vertx:vertx-core	4.5.24	Null	Unknown License
io.vertx:vertx-web-client	4.5.24	Null	Unknown License
io.vertx:vertx-web-common	4.5.24	Null	Unknown License
jakarta.xml.bind:jakarta.xml.bind-api	4.0.4	Null	Unknown License
net.sf.saxon:saxon-he	12.5	Null	Unknown License
org.apache.tomcat.embed:tomcat-embed-el	10.1.50	Null	Unknown License
org.flywaydb:flyway-sqlserver	11.14.0	Null	Unknown License
org.hdrhistogram:hdrhistogram	2.2.2	Null	Unknown License
org.junit:junit-bom	5.12.2	Null	Unknown License
org.latencyutils:latencyutils	2.0.3	Null	Unknown License
org.springframework.boot:spring-boot-buildpack-platform	3.5.10	Null	Unknown License
org.springframework.boot:spring-boot-dependencies	3.5.10	Null	Unknown License
org.springframework.boot:spring-boot-gradle-plugin	3.5.10	Null	Unknown License
org.springframework.boot:spring-boot-loader-tools	3.5.10	Null	Unknown License
org.springframework.boot:spring-boot-testcontainers	3.5.10	Null	Unknown License
org.springframework:spring-aspects	6.2.15	Null	Unknown License
org.springframework:spring-jdbc	6.2.15	Null	Unknown License
org.springframework:spring-orm	6.2.15	Null	Unknown License
org.springframework:spring-test	6.2.15	Null	Unknown License
org.springframework:spring-tx	6.2.15	Null	Unknown License
org.springframework:spring-web	6.2.15	Null	Unknown License
org.springframework:spring-webmvc	6.2.15	Null	Unknown License
org.testcontainers:mssqlserver	1.21.4	Null	Unknown License

OpenSSF Scorecard

Scorecard details

Package

Version

Score

Details

maven/biz.aQute.bnd:biz.aqute.bnd.annotation

7.1.0

Unknown

maven/com.amazonaws:aws-java-sdk-core

1.12.777

🟢 6.6

Details

Check	Score	Reason
Maintained	🟢 9	9 commit(s) and 2 issue activity found in the last 90 days -- score normalized to 9
Code-Review	⚠️ 0	Found 1/28 approved changesets -- score normalized to 0
Packaging	⚠️ -1	packaging workflow not detected
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
License	🟢 10	license file detected
Branch-Protection	⚠️ -1	internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md
Signed-Releases	⚠️ -1	no releases found
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
Token-Permissions	🟢 8	detected GitHub workflow tokens with excessive permissions
Security-Policy	🟢 10	security policy file detected
SAST	🟢 10	SAST tool is run on all commits
Binary-Artifacts	🟢 10	no binaries found in the repo
Pinned-Dependencies	⚠️ 0	dependency not pinned by hash detected -- score normalized to 0
Fuzzing	⚠️ 0	project is not fuzzed

maven/com.amazonaws:aws-java-sdk-sts

1.12.777

🟢 6.6

Details

Check	Score	Reason
Maintained	🟢 9	9 commit(s) and 2 issue activity found in the last 90 days -- score normalized to 9
Code-Review	⚠️ 0	Found 1/28 approved changesets -- score normalized to 0
Packaging	⚠️ -1	packaging workflow not detected
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
License	🟢 10	license file detected
Branch-Protection	⚠️ -1	internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md
Signed-Releases	⚠️ -1	no releases found
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
Token-Permissions	🟢 8	detected GitHub workflow tokens with excessive permissions
Security-Policy	🟢 10	security policy file detected
SAST	🟢 10	SAST tool is run on all commits
Binary-Artifacts	🟢 10	no binaries found in the repo
Pinned-Dependencies	⚠️ 0	dependency not pinned by hash detected -- score normalized to 0
Fuzzing	⚠️ 0	project is not fuzzed

maven/com.amazonaws:jmespath-java

1.12.777

🟢 6.6

Details

Check	Score	Reason
Maintained	🟢 9	9 commit(s) and 2 issue activity found in the last 90 days -- score normalized to 9
Code-Review	⚠️ 0	Found 1/28 approved changesets -- score normalized to 0
Packaging	⚠️ -1	packaging workflow not detected
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
License	🟢 10	license file detected
Branch-Protection	⚠️ -1	internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md
Signed-Releases	⚠️ -1	no releases found
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
Token-Permissions	🟢 8	detected GitHub workflow tokens with excessive permissions
Security-Policy	🟢 10	security policy file detected
SAST	🟢 10	SAST tool is run on all commits
Binary-Artifacts	🟢 10	no binaries found in the repo
Pinned-Dependencies	⚠️ 0	dependency not pinned by hash detected -- score normalized to 0
Fuzzing	⚠️ 0	project is not fuzzed

maven/com.azure:azure-core

1.57.1

🟢 8.3

Details

Check	Score	Reason
Maintained	🟢 10	30 commit(s) out of 30 and 21 issue activity out of 30 found in the last 90 days -- score normalized to 10
Code-Review	🟢 10	all last 30 commits are reviewed through GitHub
CII-Best-Practices	⚠️ 0	no badge detected
Vulnerabilities	🟢 10	no vulnerabilities detected
Signed-Releases	⚠️ -1	no releases found
Branch-Protection	🟢 8	branch protection is not maximal on development and all release branches
Security-Policy	🟢 10	security policy file detected
Packaging	⚠️ -1	no published package detected
License	🟢 10	license file detected
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
Token-Permissions	🟢 10	tokens are read-only in GitHub workflows
Dependency-Update-Tool	🟢 10	update tool detected
Fuzzing	⚠️ 0	project is not fuzzed
Pinned-Dependencies	⚠️ 2	dependency not pinned by hash detected -- score normalized to 2
Binary-Artifacts	🟢 9	binaries present in source code

maven/com.azure:azure-core-http-netty

1.16.3

🟢 8.3

Details

Check	Score	Reason
Maintained	🟢 10	30 commit(s) out of 30 and 21 issue activity out of 30 found in the last 90 days -- score normalized to 10
Code-Review	🟢 10	all last 30 commits are reviewed through GitHub
CII-Best-Practices	⚠️ 0	no badge detected
Vulnerabilities	🟢 10	no vulnerabilities detected
Signed-Releases	⚠️ -1	no releases found
Branch-Protection	🟢 8	branch protection is not maximal on development and all release branches
Security-Policy	🟢 10	security policy file detected
Packaging	⚠️ -1	no published package detected
License	🟢 10	license file detected
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
Token-Permissions	🟢 10	tokens are read-only in GitHub workflows
Dependency-Update-Tool	🟢 10	update tool detected
Fuzzing	⚠️ 0	project is not fuzzed
Pinned-Dependencies	⚠️ 2	dependency not pinned by hash detected -- score normalized to 2
Binary-Artifacts	🟢 9	binaries present in source code

maven/com.azure:azure-identity

1.18.2

🟢 8.3

Details

Check	Score	Reason
Maintained	🟢 10	30 commit(s) out of 30 and 21 issue activity out of 30 found in the last 90 days -- score normalized to 10
Code-Review	🟢 10	all last 30 commits are reviewed through GitHub
CII-Best-Practices	⚠️ 0	no badge detected
Vulnerabilities	🟢 10	no vulnerabilities detected
Signed-Releases	⚠️ -1	no releases found
Branch-Protection	🟢 8	branch protection is not maximal on development and all release branches
Security-Policy	🟢 10	security policy file detected
Packaging	⚠️ -1	no published package detected
License	🟢 10	license file detected
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
Token-Permissions	🟢 10	tokens are read-only in GitHub workflows
Dependency-Update-Tool	🟢 10	update tool detected
Fuzzing	⚠️ 0	project is not fuzzed
Pinned-Dependencies	⚠️ 2	dependency not pinned by hash detected -- score normalized to 2
Binary-Artifacts	🟢 9	binaries present in source code

maven/com.azure:azure-identity-extensions

1.2.7

🟢 8.3

Details

Check	Score	Reason
Maintained	🟢 10	30 commit(s) out of 30 and 21 issue activity out of 30 found in the last 90 days -- score normalized to 10
Code-Review	🟢 10	all last 30 commits are reviewed through GitHub
CII-Best-Practices	⚠️ 0	no badge detected
Vulnerabilities	🟢 10	no vulnerabilities detected
Signed-Releases	⚠️ -1	no releases found
Branch-Protection	🟢 8	branch protection is not maximal on development and all release branches
Security-Policy	🟢 10	security policy file detected
Packaging	⚠️ -1	no published package detected
License	🟢 10	license file detected
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
Token-Permissions	🟢 10	tokens are read-only in GitHub workflows
Dependency-Update-Tool	🟢 10	update tool detected
Fuzzing	⚠️ 0	project is not fuzzed
Pinned-Dependencies	⚠️ 2	dependency not pinned by hash detected -- score normalized to 2
Binary-Artifacts	🟢 9	binaries present in source code

maven/com.azure:azure-json

1.5.1

🟢 8.3

Details

Check	Score	Reason
Maintained	🟢 10	30 commit(s) out of 30 and 21 issue activity out of 30 found in the last 90 days -- score normalized to 10
Code-Review	🟢 10	all last 30 commits are reviewed through GitHub
CII-Best-Practices	⚠️ 0	no badge detected
Vulnerabilities	🟢 10	no vulnerabilities detected
Signed-Releases	⚠️ -1	no releases found
Branch-Protection	🟢 8	branch protection is not maximal on development and all release branches
Security-Policy	🟢 10	security policy file detected
Packaging	⚠️ -1	no published package detected
License	🟢 10	license file detected
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
Token-Permissions	🟢 10	tokens are read-only in GitHub workflows
Dependency-Update-Tool	🟢 10	update tool detected
Fuzzing	⚠️ 0	project is not fuzzed
Pinned-Dependencies	⚠️ 2	dependency not pinned by hash detected -- score normalized to 2
Binary-Artifacts	🟢 9	binaries present in source code

maven/com.azure:azure-xml

1.2.1

🟢 6.8

Details

Check	Score	Reason
Maintained	🟢 10	30 commit(s) and 17 issue activity found in the last 90 days -- score normalized to 10
Code-Review	🟢 9	Found 26/27 approved changesets -- score normalized to 9
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
Packaging	⚠️ -1	packaging workflow not detected
License	🟢 10	license file detected
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
Signed-Releases	⚠️ -1	no releases found
Token-Permissions	🟢 9	detected GitHub workflow tokens with excessive permissions
Security-Policy	🟢 10	security policy file detected
Branch-Protection	🟢 5	branch protection is not maximal on development and all release branches
SAST	⚠️ 0	SAST tool is not run on all commits -- score normalized to 0
Binary-Artifacts	🟢 9	binaries present in source code
Pinned-Dependencies	⚠️ 0	dependency not pinned by hash detected -- score normalized to 0
Fuzzing	⚠️ 0	project is not fuzzed

maven/com.ethlo.time:itu

1.10.3

Unknown

maven/com.fasterxml.jackson.core:jackson-annotations

2.21

Unknown

maven/com.fasterxml.jackson.core:jackson-core

2.21.1

Unknown

maven/com.fasterxml.jackson.core:jackson-databind

2.21.1

Unknown

maven/com.fasterxml.jackson.dataformat:jackson-dataformat-cbor

2.21.1

Unknown

maven/com.fasterxml.jackson.dataformat:jackson-dataformat-yaml

2.21.1

Unknown

maven/com.fasterxml.jackson.datatype:jackson-datatype-jdk8

2.21.1

Unknown

maven/com.fasterxml.jackson.datatype:jackson-datatype-jsr310

2.21.1

Unknown

maven/com.fasterxml.jackson.module:jackson-module-parameter-names

2.21.1

Unknown

maven/com.fasterxml.jackson:jackson-bom

2.21.1

Unknown

maven/com.fasterxml:classmate

1.7.3

Unknown

maven/com.github.ben-manes.caffeine:caffeine

3.2.3

🟢 9

Details

Check	Score	Reason
Maintained	🟢 10	30 commit(s) and 11 issue activity found in the last 90 days -- score normalized to 10
Code-Review	⚠️ 0	Found 0/30 approved changesets -- score normalized to 0
CI-Tests	⚠️ -1	no pull request found
Dependency-Update-Tool	🟢 10	update tool detected
Security-Policy	🟢 10	security policy file detected
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
Packaging	⚠️ -1	packaging workflow not detected
SAST	🟢 10	SAST tool detected
Token-Permissions	🟢 10	GitHub workflow tokens follow principle of least privilege
Vulnerabilities	🟢 10	0 existing vulnerabilities detected
CII-Best-Practices	🟢 10	badge detected: Gold
Pinned-Dependencies	🟢 10	all dependencies are pinned
License	🟢 10	license file detected
Binary-Artifacts	🟢 10	no binaries found in the repo
Fuzzing	🟢 10	project is fuzzed
Signed-Releases	⚠️ -1	no releases found
Branch-Protection	🟢 8	branch protection is not maximal on development and all release branches
Contributors	🟢 10	project has 8 contributing companies or organizations

maven/com.github.docker-java:docker-java-api

3.4.2

🟢 3.7

Details

Check	Score	Reason
Code-Review	⚠️ 2	Found 2/9 approved changesets -- score normalized to 2
Maintained	⚠️ 0	0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
Token-Permissions	⚠️ 0	detected GitHub workflow tokens with excessive permissions
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
Binary-Artifacts	🟢 9	binaries present in source code
Pinned-Dependencies	⚠️ 0	dependency not pinned by hash detected -- score normalized to 0
Security-Policy	⚠️ 0	security policy file not detected
License	🟢 10	license file detected
Fuzzing	⚠️ 0	project is not fuzzed
Branch-Protection	⚠️ -1	internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md
Signed-Releases	⚠️ -1	no releases found
Packaging	🟢 10	packaging workflow detected
SAST	⚠️ 0	SAST tool is not run on all commits -- score normalized to 0

maven/com.github.docker-java:docker-java-transport

3.4.2

🟢 3.7

Details

Check	Score	Reason
Code-Review	⚠️ 2	Found 2/9 approved changesets -- score normalized to 2
Maintained	⚠️ 0	0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
Token-Permissions	⚠️ 0	detected GitHub workflow tokens with excessive permissions
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
Binary-Artifacts	🟢 9	binaries present in source code
Pinned-Dependencies	⚠️ 0	dependency not pinned by hash detected -- score normalized to 0
Security-Policy	⚠️ 0	security policy file not detected
License	🟢 10	license file detected
Fuzzing	⚠️ 0	project is not fuzzed
Branch-Protection	⚠️ -1	internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md
Signed-Releases	⚠️ -1	no releases found
Packaging	🟢 10	packaging workflow detected
SAST	⚠️ 0	SAST tool is not run on all commits -- score normalized to 0

maven/com.github.docker-java:docker-java-transport-zerodep

3.4.2

🟢 3.7

Details

Check	Score	Reason
Code-Review	⚠️ 2	Found 2/9 approved changesets -- score normalized to 2
Maintained	⚠️ 0	0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
Token-Permissions	⚠️ 0	detected GitHub workflow tokens with excessive permissions
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
Binary-Artifacts	🟢 9	binaries present in source code
Pinned-Dependencies	⚠️ 0	dependency not pinned by hash detected -- score normalized to 0
Security-Policy	⚠️ 0	security policy file not detected
License	🟢 10	license file detected
Fuzzing	⚠️ 0	project is not fuzzed
Branch-Protection	⚠️ -1	internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md
Signed-Releases	⚠️ -1	no releases found
Packaging	🟢 10	packaging workflow detected
SAST	⚠️ 0	SAST tool is not run on all commits -- score normalized to 0

maven/com.github.javaparser:javaparser-core

3.27.1

🟢 4.7

Details

Check	Score	Reason
Maintained	🟢 10	30 commit(s) and 23 issue activity found in the last 90 days -- score normalized to 10
Code-Review	⚠️ 0	Found 2/22 approved changesets -- score normalized to 0
Packaging	⚠️ -1	packaging workflow not detected
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
Token-Permissions	⚠️ 0	detected GitHub workflow tokens with excessive permissions
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
Binary-Artifacts	🟢 8	binaries present in source code
Security-Policy	⚠️ 0	security policy file not detected
Pinned-Dependencies	⚠️ 0	dependency not pinned by hash detected -- score normalized to 0
License	🟢 9	license file detected
Fuzzing	🟢 10	project is fuzzed
Branch-Protection	⚠️ -1	internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md
Signed-Releases	⚠️ -1	no releases found
SAST	⚠️ 0	SAST tool is not run on all commits -- score normalized to 0

maven/com.github.jnr:jffi

1.3.14

Unknown

maven/com.github.jnr:jnr-a64asm

1.0.0

Unknown

maven/com.github.jnr:jnr-constants

0.10.4

Unknown

maven/com.github.jnr:jnr-enxio

0.32.19

Unknown

maven/com.github.jnr:jnr-ffi

2.2.18

Unknown

maven/com.github.jnr:jnr-posix

3.1.21

⚠️ 2.9

Details

Check	Score	Reason
Packaging	⚠️ -1	packaging workflow not detected
Maintained	⚠️ 0	0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
Code-Review	⚠️ 2	Found 4/17 approved changesets -- score normalized to 2
Token-Permissions	⚠️ 0	detected GitHub workflow tokens with excessive permissions
Binary-Artifacts	🟢 10	no binaries found in the repo
Pinned-Dependencies	⚠️ 0	dependency not pinned by hash detected -- score normalized to 0
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
Security-Policy	⚠️ 0	security policy file not detected
Fuzzing	⚠️ 0	project is not fuzzed
License	🟢 9	license file detected
Signed-Releases	⚠️ -1	no releases found
Branch-Protection	⚠️ 0	branch protection not enabled on development/release branches
SAST	⚠️ 0	SAST tool is not run on all commits -- score normalized to 0

maven/com.github.jnr:jnr-unixsocket

0.38.24

Unknown

maven/com.github.jnr:jnr-x86asm

1.0.2

⚠️ 2

Details

Check	Score	Reason
Code-Review	⚠️ 0	Found 0/28 approved changesets -- score normalized to 0
Packaging	⚠️ -1	packaging workflow not detected
Maintained	⚠️ 0	0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0
Dangerous-Workflow	⚠️ -1	no workflows found
Token-Permissions	⚠️ -1	No tokens found
Binary-Artifacts	🟢 10	no binaries found in the repo
Pinned-Dependencies	⚠️ -1	no dependencies found
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
Security-Policy	⚠️ 0	security policy file not detected
License	🟢 10	license file detected
Fuzzing	⚠️ 0	project is not fuzzed
Signed-Releases	⚠️ -1	no releases found
Branch-Protection	⚠️ 0	branch protection not enabled on development/release branches
SAST	⚠️ 0	SAST tool is not run on all commits -- score normalized to 0

maven/com.google.api-client:google-api-client

2.8.1

🟢 6

Details

Check	Score	Reason
Code-Review	🟢 10	all changesets reviewed
Maintained	🟢 5	6 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 5
Security-Policy	🟢 10	security policy file detected
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
Packaging	⚠️ -1	packaging workflow not detected
Binary-Artifacts	🟢 10	no binaries found in the repo
License	🟢 10	license file detected
Token-Permissions	⚠️ 0	detected GitHub workflow tokens with excessive permissions
Fuzzing	⚠️ 0	project is not fuzzed
Pinned-Dependencies	⚠️ 2	dependency not pinned by hash detected -- score normalized to 2
Signed-Releases	⚠️ -1	no releases found
Branch-Protection	⚠️ -1	internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration
SAST	🟢 4	SAST tool is not run on all commits -- score normalized to 4

maven/com.google.api:api-common

2.53.0

Unknown

maven/com.google.api:gax

2.73.0-rc1

Unknown

maven/com.google.apis:google-api-services-sqladmin

v1beta4-rev20251201-2.0.0

Unknown

maven/com.google.auth:google-auth-library-credentials

1.42.0-rc1

🟢 7.6

Details

Check	Score	Reason
Security-Policy	🟢 10	security policy file detected
Packaging	⚠️ -1	packaging workflow not detected
Maintained	🟢 10	17 commit(s) and 4 issue activity found in the last 90 days -- score normalized to 10
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
Code-Review	🟢 10	all changesets reviewed
Token-Permissions	⚠️ 0	detected GitHub workflow tokens with excessive permissions
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
Binary-Artifacts	🟢 10	no binaries found in the repo
Pinned-Dependencies	⚠️ 0	dependency not pinned by hash detected -- score normalized to 0
License	🟢 10	license file detected
Fuzzing	🟢 10	project is fuzzed
Branch-Protection	⚠️ -1	internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration
Signed-Releases	⚠️ -1	no releases found
SAST	🟢 9	SAST tool is not run on all commits -- score normalized to 9

maven/com.google.auth:google-auth-library-oauth2-http

1.42.0-rc1

🟢 7.6

Details

Check	Score	Reason
Security-Policy	🟢 10	security policy file detected
Packaging	⚠️ -1	packaging workflow not detected
Maintained	🟢 10	17 commit(s) and 4 issue activity found in the last 90 days -- score normalized to 10
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
Code-Review	🟢 10	all changesets reviewed
Token-Permissions	⚠️ 0	detected GitHub workflow tokens with excessive permissions
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
Binary-Artifacts	🟢 10	no binaries found in the repo
Pinned-Dependencies	⚠️ 0	dependency not pinned by hash detected -- score normalized to 0
License	🟢 10	license file detected
Fuzzing	🟢 10	project is fuzzed
Branch-Protection	⚠️ -1	internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration
Signed-Releases	⚠️ -1	no releases found
SAST	🟢 9	SAST tool is not run on all commits -- score normalized to 9

maven/com.google.auto.value:auto-value-annotations

1.11.0

🟢 6.8

Details

Check	Score	Reason
Code-Review	🟢 9	Found 29/30 approved changesets -- score normalized to 9
Maintained	🟢 10	23 commit(s) and 3 issue activity found in the last 90 days -- score normalized to 10
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
Packaging	⚠️ -1	packaging workflow not detected
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
Token-Permissions	⚠️ 0	detected GitHub workflow tokens with excessive permissions
Binary-Artifacts	🟢 10	no binaries found in the repo
Pinned-Dependencies	🟢 10	all dependencies are pinned
License	🟢 10	license file detected
Fuzzing	⚠️ 0	project is not fuzzed
Branch-Protection	⚠️ -1	internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md
Signed-Releases	⚠️ -1	no releases found
Security-Policy	🟢 10	security policy file detected
SAST	⚠️ 0	SAST tool is not run on all commits -- score normalized to 0

maven/com.google.cloud.opentelemetry:detector-resources-support

0.33.0

🟢 5.7

Details

Check	Score	Reason
Code-Review	🟢 10	all changesets reviewed
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
Packaging	⚠️ -1	packaging workflow not detected
Security-Policy	🟢 10	security policy file detected
Maintained	⚠️ 2	2 commit(s) and 1 issue activity found in the last 90 days -- score normalized to 2
Token-Permissions	⚠️ 0	detected GitHub workflow tokens with excessive permissions
Binary-Artifacts	🟢 8	binaries present in source code
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
License	🟢 10	license file detected
Fuzzing	⚠️ 0	project is not fuzzed
Signed-Releases	⚠️ -1	no releases found
Branch-Protection	⚠️ -1	internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md
Pinned-Dependencies	⚠️ 0	dependency not pinned by hash detected -- score normalized to 0
SAST	🟢 9	SAST tool detected but not run on all commits

maven/com.google.cloud.sql:jdbc-socket-factory-core

1.28.0

Unknown

maven/com.google.cloud.sql:postgres-socket-factory

1.28.0

Unknown

maven/com.google.cloud.tools:jib-build-plan

0.4.0

Unknown

maven/com.google.cloud.tools:jib-core

0.27.3

Unknown

maven/com.google.code.findbugs:jsr305

3.0.2

Unknown

maven/com.google.code.gson:gson

2.8.9

🟢 9.4

Details

Check	Score	Reason
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
Packaging	⚠️ -1	packaging workflow not detected
Pinned-Dependencies	🟢 7	dependency not pinned by hash detected -- score normalized to 7
Token-Permissions	🟢 10	GitHub workflow tokens follow principle of least privilege
Maintained	🟢 10	21 commit(s) and 3 issue activity found in the last 90 days -- score normalized to 10
Binary-Artifacts	🟢 10	no binaries found in the repo
Code-Review	🟢 8	Found 20/23 approved changesets -- score normalized to 8
Dependency-Update-Tool	🟢 10	update tool detected
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
SAST	🟢 10	SAST tool is run on all commits
Fuzzing	🟢 10	project is fuzzed
License	🟢 10	license file detected
Signed-Releases	⚠️ -1	no releases found
Branch-Protection	⚠️ -1	internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md
Security-Policy	🟢 10	security policy file detected
Vulnerabilities	🟢 10	0 existing vulnerabilities detected
CI-Tests	🟢 10	30 out of 30 merged PRs checked by a CI test -- score normalized to 10
Contributors	🟢 10	project has 12 contributing companies or organizations

maven/com.google.errorprone:error_prone_annotations

2.46.0

🟢 6.5

Details

Check	Score	Reason
Code-Review	⚠️ 2	Found 6/29 approved changesets -- score normalized to 2
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
Maintained	🟢 10	30 commit(s) and 20 issue activity found in the last 90 days -- score normalized to 10
Token-Permissions	🟢 9	detected GitHub workflow tokens with excessive permissions
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
License	🟢 10	license file detected
Binary-Artifacts	🟢 10	no binaries found in the repo
Pinned-Dependencies	⚠️ 0	dependency not pinned by hash detected -- score normalized to 0
Fuzzing	⚠️ 0	project is not fuzzed
Signed-Releases	⚠️ -1	no releases found
Security-Policy	🟢 10	security policy file detected
Branch-Protection	⚠️ -1	internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md
Packaging	🟢 10	packaging workflow detected
SAST	⚠️ 0	SAST tool is not run on all commits -- score normalized to 0

maven/com.google.errorprone:error_prone_annotations

2.36.0

🟢 6.5

Details

Check	Score	Reason
Code-Review	⚠️ 2	Found 6/29 approved changesets -- score normalized to 2
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
Maintained	🟢 10	30 commit(s) and 20 issue activity found in the last 90 days -- score normalized to 10
Token-Permissions	🟢 9	detected GitHub workflow tokens with excessive permissions
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
License	🟢 10	license file detected
Binary-Artifacts	🟢 10	no binaries found in the repo
Pinned-Dependencies	⚠️ 0	dependency not pinned by hash detected -- score normalized to 0
Fuzzing	⚠️ 0	project is not fuzzed
Signed-Releases	⚠️ -1	no releases found
Security-Policy	🟢 10	security policy file detected
Branch-Protection	⚠️ -1	internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md
Packaging	🟢 10	packaging workflow detected
SAST	⚠️ 0	SAST tool is not run on all commits -- score normalized to 0

maven/com.google.guava:failureaccess

1.0.3

🟢 8.7

Details

Check	Score	Reason
Maintained	🟢 10	30 commit(s) and 14 issue activity found in the last 90 days -- score normalized to 10
Packaging	⚠️ -1	packaging workflow not detected
Code-Review	⚠️ 0	Found 2/30 approved changesets -- score normalized to 0
Token-Permissions	🟢 10	GitHub workflow tokens follow principle of least privilege
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
Dependency-Update-Tool	🟢 10	update tool detected
Binary-Artifacts	🟢 9	binaries present in source code
Pinned-Dependencies	🟢 10	all dependencies are pinned
Signed-Releases	⚠️ -1	no releases found
CII-Best-Practices	⚠️ 2	badge detected: InProgress
Fuzzing	🟢 10	project is fuzzed
License	🟢 10	license file detected
Branch-Protection	⚠️ -1	internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md
SAST	🟢 9	SAST tool is not run on all commits -- score normalized to 9
Security-Policy	🟢 10	security policy file detected
Vulnerabilities	🟢 10	0 existing vulnerabilities detected
CI-Tests	🟢 9	27 out of 28 merged PRs checked by a CI test -- score normalized to 9
Contributors	🟢 10	project has 11 contributing companies or organizations

maven/com.google.guava:failureaccess

1.0.2

🟢 8.7

Details

Check	Score	Reason
Maintained	🟢 10	30 commit(s) and 14 issue activity found in the last 90 days -- score normalized to 10
Packaging	⚠️ -1	packaging workflow not detected
Code-Review	⚠️ 0	Found 2/30 approved changesets -- score normalized to 0
Token-Permissions	🟢 10	GitHub workflow tokens follow principle of least privilege
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
Dependency-Update-Tool	🟢 10	update tool detected
Binary-Artifacts	🟢 9	binaries present in source code
Pinned-Dependencies	🟢 10	all dependencies are pinned
Signed-Releases	⚠️ -1	no releases found
CII-Best-Practices	⚠️ 2	badge detected: InProgress
Fuzzing	🟢 10	project is fuzzed
License	🟢 10	license file detected
Branch-Protection	⚠️ -1	internal error: error during branchesHandler.setup: internal error: some github tokens can't rea...[Comment body truncated]

feat: support direct imageReference for knative deployments

fb4ab2e

Allow MCP, Adapter, and Interceptor deployments to use either an internal imageDefinitionId or a direct imageReference, reducing deployment friction for pre-built images and preserving backward compatibility. Made-with: Cursor

oleksii-donets requested a review from siarhei-fedziukovich as a code owner March 2, 2026 09:12

oleksii-donets changed the title ~~feat: support direct imageReference for knative deployments~~ Draft: feat: support direct imageReference for knative deployments Mar 2, 2026

oleksii-donets changed the title ~~Draft: feat: support direct imageReference for knative deployments~~ feat: support direct imageReference for knative deployments Mar 2, 2026

oleksii-donets marked this pull request as draft March 2, 2026 09:16

oleksii-donets marked this pull request as ready for review March 2, 2026 09:24

oleksii-donets requested a review from Pasichniuk March 2, 2026 09:24

Pasichniuk reviewed Mar 2, 2026

View reviewed changes

...n/java/com/epam/aidial/deployment/manager/dao/entity/deployment/AdapterDeploymentEntity.java Outdated Show resolved Hide resolved

Pasichniuk reviewed Mar 2, 2026

View reviewed changes

src/main/resources/db/migration/H2/V1.47__AddImageReferenceToKnativeDeployments.sql Outdated Show resolved Hide resolved

oleksii-donets added 2 commits March 2, 2026 15:39

feat: expose deployment source in deployment info response

e47a82f

Return image origin via the nested source object in deployment list responses and remove redundant top-level image definition fields from DeploymentInfoDto. Made-with: Cursor

chore: update migration version

9250a9d

fix: ignore legacy image definition fields in image-based create mapp…

cde978a

…ings Prevents MapStruct unmapped-property warnings from failing builds with -Werror after merge-related DTO changes. Made-with: Cursor

Merge branch 'development' into feat/172-image-reference-knative-sources

1768e4e

Merge branch 'development' into feat/172-image-reference-knative-sources

2518662

Merge branch 'development' into feat/172-image-reference-knative-sources

208b858

Pasichniuk reviewed Mar 3, 2026

View reviewed changes

...ial/deployment/manager/web/dto/deployment/CreateInternalImageDeploymentSourceRequestDto.java Outdated Show resolved Hide resolved

Pasichniuk reviewed Mar 3, 2026

View reviewed changes

...main/java/com/epam/aidial/deployment/manager/web/dto/deployment/ImageBasedDeploymentDto.java Show resolved Hide resolved

chore: save source in base Deployment entity

8befbaa

Merge branch 'development' into feat/172-image-reference-knative-sources

9a0f114

Pasichniuk reviewed Mar 5, 2026

View reviewed changes

...in/java/com/epam/aidial/deployment/manager/model/deployment/CreateInterceptorDeployment.java Outdated Show resolved Hide resolved

Pasichniuk previously approved these changes Mar 5, 2026

View reviewed changes

oleksii-donets dismissed Pasichniuk’s stale review via 1fdd50b March 5, 2026 13:24

oleksii-donets force-pushed the feat/172-image-reference-knative-sources branch from 1fdd50b to 9784456 Compare March 5, 2026 14:39

Merge branch 'development' into feat/172-image-reference-knative-sources

64d3bc8

chore: delete .claude/settings.local.json

7b75148

fix: renumber UnifyDeploymentSource migration from V1.47 to V1.49

4b1c30f

V1.47 and V1.48 are now taken by development branch migrations (AddScalingToDeploymentTable, CreateDeploymentTopicsTable). Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

Merge branch 'development' into feat/172-image-reference-knative-sources

0f273b1

oleksii-donets and others added 3 commits March 10, 2026 14:34

docs: bump migration version from V1.49 to V1.50 and regenerate db-sc…

6543cad

…hema V1.49 already exists in the codebase; the unified deployment source migration will use V1.50 instead. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

Merge remote-tracking branch 'refs/remotes/origin/003-unified-deploym…

231e477

…ent-source' into feat/172-image-reference-knative-sources

oleksii-donets and others added 3 commits March 10, 2026 15:13

chore: regenerate db-schema.md after merge

a329ac4

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

chore: remove specs/003-unified-deployment-source/data-model.md

8962a92

Pasichniuk approved these changes Mar 10, 2026

View reviewed changes

oleksii-donets merged commit ea65ac4 into development Mar 10, 2026
8 checks passed

oleksii-donets deleted the feat/172-image-reference-knative-sources branch March 10, 2026 13:53

Conversation

oleksii-donets commented Mar 2, 2026 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Applicable issues

Description of changes

Checklist

Uh oh!

ai-dial-actions commented Mar 2, 2026

Dependency Review

License Issues

settings.gradle

OpenSSF Scorecard

Scanned Files

Uh oh!

Uh oh!

Uh oh!

ai-dial-actions commented Mar 2, 2026

Dependency Review

License Issues

settings.gradle

OpenSSF Scorecard

Scanned Files

Uh oh!

ai-dial-actions commented Mar 2, 2026

Dependency Review

License Issues

settings.gradle

OpenSSF Scorecard

Scanned Files

Uh oh!

ai-dial-actions commented Mar 2, 2026

Dependency Review

License Issues

settings.gradle

OpenSSF Scorecard

Scanned Files

Uh oh!

ai-dial-actions commented Mar 2, 2026

Dependency Review

License Issues

settings.gradle

OpenSSF Scorecard

Scanned Files

Uh oh!

ai-dial-actions commented Mar 2, 2026

Dependency Review

License Issues

settings.gradle

OpenSSF Scorecard

Scanned Files

Uh oh!

ai-dial-actions commented Mar 2, 2026

Dependency Review

License Issues

settings.gradle

OpenSSF Scorecard

Scanned Files

Uh oh!

Uh oh!

Uh oh!

ai-dial-actions commented Mar 4, 2026

Dependency Review

License Issues

settings.gradle

OpenSSF Scorecard

Scanned Files

Uh oh!

ai-dial-actions commented Mar 4, 2026

Dependency Review

License Issues

settings.gradle

OpenSSF Scorecard

Scanned Files

Uh oh!

Uh oh!

Pasichniuk commented Mar 5, 2026

Uh oh!

ai-dial-actions commented Mar 5, 2026

Dependency Review

License Issues

oleksii-donets commented Mar 2, 2026 •

edited

Loading