bytecodealliance · dependabot · May 13, 2026 · May 13, 2026 · May 13, 2026 · May 13, 2026
@@ -0,0 +1,4 @@
+# Endive Code Owners
+# These users will be automatically requested for review on PRs.
+
+* @andreaTP @evacchi
@@ -72,7 +72,7 @@ jobs:
         uses: actions/setup-node@v6
         with:
           node-version: '22'
-      - name: Build Chicory
+      - name: Build Endive
         run: ./mvnw -B -Dquickly
       - name: Test Docs
         working-directory: docs

@@ -0,0 +1,41 @@
+name: Dependency Check
+
+on:
+  schedule:
+    - cron: "30 2 * * *" # every day at 2:30 AM
+  workflow_dispatch: # allow manual triggering
+
+permissions:
+  contents: read
+
+jobs:
+  dependency-check:
+    name: OWASP Dependency Check
+    runs-on: ubuntu-latest
+    if: github.repository_owner == 'bytecodealliance'
+    steps:
+      - name: Checkout sources
+        uses: actions/checkout@v6
+      - name: Set up Java
+        uses: actions/setup-java@v5
+        with:
+          distribution: 'temurin'
+          java-version: '21'
+          cache: maven
+      - name: Build
+        run: mvn -B -Dquickly
+      - name: Run OWASP Dependency Check
+        run: |
+          mvn -B org.owasp:dependency-check-maven:check \
+            -DfailBuildOnCVSS=7 \
+            -DsuppressedPaths=./dependency-check-suppressions.xml \
+            -Dformats=HTML,JSON \
+            -Danalyzer.ossindexAnalyzerEnabled=true
+      - name: Upload report
+        uses: actions/upload-artifact@v7
+        if: always()
+        with:
+          name: dependency-check-report
+          path: target/dependency-check-report.*
+          retention-days: 30
+          if-no-files-found: ignore
@@ -0,0 +1,65 @@
+name: Deploy Docs
+
+on:
+  push:
+    branches: [main]
+    paths:
+      - 'docs/**'
+      - 'docs-lib/**'
+      - 'wasm-corpus/**'
+  workflow_dispatch:
+
+permissions:
+  contents: read
+  pages: write
+  id-token: write
+
+concurrency:
+  group: pages
+  cancel-in-progress: true
+
+jobs:
+  build:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v6
+
+      - name: Set up Java
+        uses: actions/setup-java@v5
+        with:
+          distribution: 'temurin'
+          java-version: '21'
+          cache: maven
+
+      - name: Set up Node.js
+        uses: actions/setup-node@v6
+        with:
+          node-version: '22'
+
+      - name: Build Endive
+        run: ./mvnw -B -Dquickly
+
+      - name: Install docs dependencies
+        working-directory: docs
+        run: npm ci
+
+      - name: Build Docusaurus site
+        working-directory: docs
+        run: npm run build
+
+      - name: Upload artifact
+        uses: actions/upload-pages-artifact@v4
+        with:
+          path: docs/build
+
+  deploy:
+    environment:
+      name: github-pages
+      url: ${{ steps.deployment.outputs.page_url }}
+    runs-on: ubuntu-latest
+    needs: build
+    steps:
+      - name: Deploy to GitHub Pages
+        id: deployment
+        uses: actions/deploy-pages@v4
@@ -22,7 +22,7 @@ jobs:
           java-version: '21'
           cache: maven
       - name: Fuzz Test
-        if: github.repository_owner == 'dylibso'
+        if: github.repository_owner == 'bytecodealliance'
         run: |
           # Build everything
           mvn -B -Dquickly

@@ -14,7 +14,7 @@ jobs:
     name: JMH tests on baseline
     runs-on: ubuntu-latest
     outputs:
-      result-link: "https://nightly.link/dylibso/chicory/actions/artifacts/${{ steps.artifact-upload-step.outputs.artifact-id }}.zip"
+      result-link: "https://nightly.link/bytecodealliance/endive/actions/artifacts/${{ steps.artifact-upload-step.outputs.artifact-id }}.zip"
     steps:
       - name: Checkout sources for this branch
         uses: actions/checkout@v6
@@ -41,7 +41,7 @@ jobs:
     name: JMH tests on current branch
     runs-on: ubuntu-latest
     outputs:
-      result-link: "https://nightly.link/dylibso/chicory/actions/artifacts/${{ steps.artifact-upload-step.outputs.artifact-id }}.zip"
+      result-link: "https://nightly.link/bytecodealliance/endive/actions/artifacts/${{ steps.artifact-upload-step.outputs.artifact-id }}.zip"
     steps:
       - name: Checkout sources for this branch
         uses: actions/checkout@v6
@@ -76,4 +76,4 @@ jobs:
           echo "Visualize JMH results using this script from the project root:" >> $GITHUB_STEP_SUMMARY
           echo -e '<pre><code>./scripts/show-results.sh ci ${{ needs.perf-main.outputs.result-link }} ${{ needs.perf-current.outputs.result-link }}</code></pre>' >> $GITHUB_STEP_SUMMARY
           echo "Or use a pre-built container image:" >> $GITHUB_STEP_SUMMARY
-          echo -e '<pre><code>docker run --rm -it -p 3000:3000 docker.io/andreatp/chicory-show-jmh ci ${{ needs.perf-main.outputs.result-link }} ${{ needs.perf-current.outputs.result-link }}</code></pre>' >> $GITHUB_STEP_SUMMARY
+          echo -e '<pre><code>docker run --rm -it -p 3000:3000 docker.io/andreatp/endive-show-jmh ci ${{ needs.perf-main.outputs.result-link }} ${{ needs.perf-current.outputs.result-link }}</code></pre>' >> $GITHUB_STEP_SUMMARY
@@ -47,8 +47,8 @@ jobs:
 
       - name: Setup Git
         run: |
-          git config user.name "Chicory BOT"
-          git config user.email "chicory@dylibso.com"
+          git config user.name "Endive BOT"
+          git config user.email "endive@bytecodealliance.org"
 
       - name: Set the version
         run: |

@@ -21,10 +21,10 @@ jobs:
           java-version: '21'
           cache: maven
       - name: Compile the Zig testsuite
-        if: github.repository_owner == 'dylibso'
+        if: github.repository_owner == 'bytecodealliance'
         run: ./scripts/build-zig-testsuite.sh
       - name: Nightly Test
-        if: github.repository_owner == 'dylibso'
+        if: github.repository_owner == 'bytecodealliance'
         run: |
           # Build everything
           mvn -B -Dquickly

@@ -0,0 +1,22 @@
+# Endive Adopters
+
+Organizations and projects using Endive (formerly Chicory) in production:
+
+* [sqlite4j](https://github.com/roastedroot/sqlite4j) - Pure Java SQLite JDBC driver
+* [pglite4j](https://github.com/roastedroot/pglite4j) - Embedded PostgreSQL 17 in pure Java
+* [Quickjs4J](https://github.com/roastedroot/quickjs4j) - Sandboxed runtime for JavaScript (used by [Microcks](https://github.com/microcks/microcks) and [Apicurio Registry](https://github.com/Apicurio/apicurio-registry))
+* [jq4j](https://github.com/roastedroot/jq4j) - jq JSON processor as pure Java bytecode
+* [protobuf4j](https://github.com/roastedroot/protobuf4j) - protoc compiler as pure Java bytecode
+* [lumis4j](https://github.com/roastedroot/lumis4j) - Pure Java syntax highlighter powered by Tree-sitter
+* [Proxy-Wasm Java Host](https://github.com/roastedroot/proxy-wasm-java-host)
+* [Apache Camel - Wasm component](https://camel.apache.org/components/4.8.x/wasm-component.html)
+* [JRuby](https://github.com/jruby/jruby) - Ruby Prism parser
+* [Debezium](https://github.com/debezium/debezium) - Pluggable Go Single Message Transformations
+* [OPA Java Wasm SDK](https://github.com/StyraInc/opa-java-wasm) - Open Policy Agent WebAssembly Java SDK
+* [Trino](https://trino.io/docs/current/udf/python.html) - Python user-defined functions
+* [Extism Chicory SDK](https://github.com/extism/chicory-sdk)
+* [OpenFeature Go Feature Flag provider](https://github.com/open-feature/java-sdk-contrib) - local feature flag evaluation
+* [Spotify Confidence resolver](https://github.com/spotify/confidence-resolver) - local feature flag evaluation
+* [Bazel](https://github.com/bazelbuild/bazel) - WebAssembly execution in repo rules
+* [WildFly AI Feature Pack](https://github.com/wildfly-extras/wildfly-ai-feature-pack)
+* Quarkus extensions: [quarkus-chicory](https://github.com/quarkiverse/quarkus-chicory), [quarkus-proxy-wasm](https://github.com/quarkiverse/quarkus-proxy-wasm), [quarkus-quickjs4j](https://github.com/quarkiverse/quarkus-quickjs4j), [quarkus-grpc-zero](https://github.com/quarkiverse/quarkus-grpc-zero)
@@ -1,6 +1,6 @@
 # Working with this repository
 
-Chicory is a WebAssembly runtime written in Java. This document captures practical knowledge for working in the codebase.
+Endive is a WebAssembly runtime written in Java. This document captures practical knowledge for working in the codebase.
 
 ## Prerequisites
 

@@ -0,0 +1,49 @@
+# Contributor Covenant Code of Conduct
+
+## Our Pledge
+
+In the interest of fostering an open and welcoming environment, we as contributors and maintainers pledge to making participation in our project and our community a harassment-free experience for everyone, regardless of age, body size, disability, ethnicity, gender identity and expression, level of experience, nationality, personal appearance, race, religion, or sexual identity and orientation.
+
+## Our Standards
+
+Examples of behavior that contributes to creating a positive environment include:
+
+* Using welcoming and inclusive language
+* Being respectful of differing viewpoints and experiences
+* Gracefully accepting constructive criticism
+* Focusing on what is best for the community
+* Showing empathy towards other community members
+
+Examples of unacceptable behavior by participants include:
+
+* The use of sexualized language or imagery and unwelcome sexual attention or advances
+* Trolling, insulting/derogatory comments, and personal or political attacks
+* Public or private harassment
+* Publishing others' private information, such as a physical or electronic address, without explicit permission
+* Other conduct which could reasonably be considered inappropriate in a professional setting
+
+## Our Responsibilities
+
+Project maintainers are responsible for clarifying the standards of acceptable behavior and are expected to take appropriate and fair corrective action in response to any instances of unacceptable behavior.
+
+Project maintainers have the right and responsibility to remove, edit, or reject comments, commits, code, wiki edits, issues, and other contributions that are not aligned to this Code of Conduct, or to ban temporarily or permanently any contributor for other behaviors that they deem inappropriate, threatening, offensive, or harmful.
+
+## Scope
+
+This Code of Conduct applies both within project spaces and in public spaces when an individual is representing the project or its community. Examples of representing a project or community include using an official project e-mail address, posting via an official social media account, or acting as an appointed representative at an online or offline event. Representation of a project may be further defined and clarified by project maintainers.
+
+## Code of Conduct Team
+
+The Organization’s Code of Conduct Team is responsible for ensuring that all Code of Conduct complaints are investigated and resolved. It consists of the members of the Technical Steering Commmittee along with the Executive Director acting as Compliance Officer. The Compliance Officer, on behalf of the Code of Conduct Team, will advise the Board of all complaints and their resolution and will report at least annually to the Board on compliance activity relating to the organizational Code of Conduct.
+
+## Enforcement
+
+Instances of abusive, harassing, or otherwise unacceptable behavior may be reported by contacting the Bytecode Alliance CoC Team at [report@bytecodealliance.org](mailto:report@bytecodealliance.org). The CoC Team will review and investigate all complaints, and will respond in a way that it deems appropriate to the circumstances. The CoC Team is obligated to maintain confidentiality with regard to the reporter of an incident. Further details of specific enforcement policies may be posted separately.
+
+Project maintainers who do not follow or enforce the Code of Conduct in good faith may face temporary or permanent repercussions as determined by other members of the Bytecode Alliance's leadership.
+
+## Attribution
+
+This Code of Conduct is adapted from the [Contributor Covenant][homepage], version 1.4, available at http://contributor-covenant.org/version/1/4.
+
+[homepage]: https://www.contributor-covenant.org
@@ -19,7 +19,7 @@ But first, read this page (including the small print at the end).
 
 ## Coding Philosophy
 
-Writing a runtime is a big challenge. We want Chicory to always be a solid foundation
+Writing a runtime is a big challenge. We want Endive to always be a solid foundation
 for running Wasm in Java. In order to accomplish this, it's going to take a large team
 of diverse contributors. That's why our goal up front is to aim for writing
 simple code that's easy to understand and is as backwards compatible as possible.
@@ -92,7 +92,7 @@ Our priority is to focus on implementing [proposals](https://github.com/WebAssem
 
 ### Continuous Integration
 
-Because we are all humans, and to ensure Chicory evolves in the right direction, all changes must pass continuous integration before being merged. The CI is based on GitHub Actions, which means that pull requests will receive automatic feedback.  Please watch out for the results of these workflows to see if your PR passes all tests.
+Because we are all humans, and to ensure Endive evolves in the right direction, all changes must pass continuous integration before being merged. The CI is based on GitHub Actions, which means that pull requests will receive automatic feedback.  Please watch out for the results of these workflows to see if your PR passes all tests.
 
 ### IntelliJ default limits
 
@@ -125,7 +125,7 @@ If you believe you found a bug, and it's likely possible, please indicate a way
 
 ## Legal
 
-All original contributions to Chicory projects are licensed under the
+All original contributions to Endive projects are licensed under the
 [ASL - Apache License](https://www.apache.org/licenses/LICENSE-2.0),
 version 2.0 or later, or, if another license is specified as governing the file or directory being
 modified, such other license.

@@ -0,0 +1,5 @@
+Endive
+Copyright 2026 The Bytecode Alliance
+
+This project is based on Chicory, originally created by Dylibso, Inc.
+Original source: https://github.com/dylibso/chicory