Open Source Project Status

This page described the meaning of various availability and quality designations that open source projects provided by Curity may have. If a project on the Curity GitHub Organiztion doesn’t have one of these designations, you should assume that the only availability is source and the quality is experiment/demo.

Browse Code Examples


SourceSource Availability

When a project is said to be available as source, it is only distributed as source code. Users of this project are expected to compile the project themselves (where applicable). This may require tools not directly provided by Curity or as a part of the open source project. Users of this component will require these and the expertise necessary to perform any compilation to binary form prior to deployment and execution. When updates are made to a project with this availability designation, users will also need to obtain those updates, recompile them, and deploy them.

BinaryBinary Availability

A project may be pre-compiled to binary form. When it is, it will have an availability of binary. Users of a project that has this availability may still obtain in it source form, but, for convenience, may also download a pre-built version. Projects with this availability designation are typically more mature and more widely used, but this is not necessarily the case. Binaries will be distributed together with the source and can be obtained from the project’s GitHub page under the releases section. When source code updates are made to the project, a binary distribution will not necessarily follow immediately; multiple updates may be made before a new binary release is created. Users of projects with binary distributions will need to obtain new binaries when available and deploy them.

BundledBundled Availability

A project that has an availability designation of bundled is one that is included with the Curity Identity Server. This means that the project’s source code has been compiled into binary form, and is distributed with the product obtained from Curity. Those binaries are not necessarily also provided on the project’s GitHub page. Additional terms and conditions may also be applied when receiving the project’s code in this manner. When updates are made to the project’s source code, eventually those will be included in an update on the Curity Identity Server, and users only need to update that rather than the module provided by the open source project (unless changes to the code have been made by the customer).


Experiment/DemoExperiment Quality

A project is said to have an experiment/demo quality when it was written to prove a concept (POC). This means that certain error cases probably aren’t handled. Logging may be insufficient. Translations and localization probably does not exist. Very limited testing has been performed, and few engineers (perhaps even just one) have contributed to the code base. Security vulnerability scanning is probably provided by GitHub, and secure development was done during coding. However, a full security analysis is still lacking.

TestTest Quality

A project that has a quality designation of test is one that has undergone testing by Curity, and is deemed sufficient for testing by customers. Curity feels the quality is sufficient for internal testing or small-scale pilots. The bar is raised to this point, for instance, after more engineers have reviewed and contributed to the code, analyzed it, and existing and internal demos/pilots have been completed. The component may be usable in a production environment, but that is a determination that the user of the component is responsible for making in their situation and based on their testing. If a project with this quality designation is used in production, customers should make Curity aware the usage.

ProductionProduction Quality

A project with a quality of production is one that customers can use in a production environment. It is deemed by Curity to be safe and secure in all supportable environments. The code of such a project has been thoroughly reviewed, comments, and analyzed. It has been deployed internally by Curity and/or multiple customers. Logging and error handling are sufficient to avoid production issues and allow for troubleshooting of business critical cases. It is probably available as a part of the Curity Identity Server (i.e., budled).


Support is available for some open source projects. However, this service is sold separately, and will only be provided when a customer has purchased such a service. Curity only sells support for projects that are available in binary or bundled form and only for projects that have a quality designation of production. Support is not sold and not provided for any other project.

Browse Code Examples

Next steps

Ready to modernize IAM?

Start Today - Build security and improve ease of use to stay ahead of the competition.