{"id":16373393,"url":"https://github.com/antham/versem","last_synced_at":"2026-03-03T22:01:05.220Z","repository":{"id":37548427,"uuid":"183675662","full_name":"antham/versem","owner":"antham","description":"Create semver tags from your pull requests","archived":false,"fork":false,"pushed_at":"2025-03-27T10:11:46.000Z","size":1131,"stargazers_count":3,"open_issues_count":1,"forks_count":0,"subscribers_count":2,"default_branch":"master","last_synced_at":"2025-06-23T09:08:17.198Z","etag":null,"topics":["release","semver","tags"],"latest_commit_sha":null,"homepage":"","language":"Go","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/antham.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE.txt","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null}},"created_at":"2019-04-26T18:22:03.000Z","updated_at":"2025-03-27T10:11:48.000Z","dependencies_parsed_at":"2023-11-06T10:27:17.953Z","dependency_job_id":"e5e336a8-7513-4003-b337-d3d1a6ef5363","html_url":"https://github.com/antham/versem","commit_stats":null,"previous_names":[],"tags_count":4,"template":false,"template_full_name":null,"purl":"pkg:github/antham/versem","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/antham%2Fversem","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/antham%2Fversem/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/antham%2Fversem/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/antham%2Fversem/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/antham","download_url":"https://codeload.github.com/antham/versem/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/antham%2Fversem/sbom","scorecard":{"id":198726,"data":{"date":"2025-08-11","repo":{"name":"github.com/antham/versem","commit":"87f8c7fc9455fa5888d9aacdf12aceff4ca6acea"},"scorecard":{"version":"v5.2.1-40-gf6ed084d","commit":"f6ed084d17c9236477efd66e5b258b9d4cc7b389"},"score":3.4,"checks":[{"name":"Packaging","score":-1,"reason":"packaging workflow not detected","details":["Warn: no GitHub/GitLab publishing workflow detected."],"documentation":{"short":"Determines if the project is published as a package that others can easily download, install, easily update, and uninstall.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#packaging"}},{"name":"Code-Review","score":0,"reason":"Found 0/2 approved changesets -- score normalized to 0","details":null,"documentation":{"short":"Determines if the project requires human code review before pull requests (aka merge requests) are merged.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#code-review"}},{"name":"Pinned-Dependencies","score":0,"reason":"dependency not pinned by hash detected -- score normalized to 0","details":["Warn: third-party GitHubAction not pinned by hash: .github/workflows/build.yml:16: update your workflow using https://app.stepsecurity.io/secureworkflow/antham/versem/build.yml/master?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/create-release.yml:13: update your workflow using https://app.stepsecurity.io/secureworkflow/antham/versem/create-release.yml/master?enable=pin","Info:   0 out of   2 third-party GitHubAction dependencies pinned"],"documentation":{"short":"Determines if the project has declared and pinned the dependencies of its build process.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#pinned-dependencies"}},{"name":"Binary-Artifacts","score":10,"reason":"no binaries found in the repo","details":null,"documentation":{"short":"Determines if the project has generated executable (binary) artifacts in the source repository.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#binary-artifacts"}},{"name":"CII-Best-Practices","score":0,"reason":"no effort to earn an OpenSSF best practices badge detected","details":null,"documentation":{"short":"Determines if the project has an OpenSSF (formerly CII) Best Practices Badge.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#cii-best-practices"}},{"name":"Maintained","score":1,"reason":"2 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 1","details":null,"documentation":{"short":"Determines if the project is \"actively maintained\".","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#maintained"}},{"name":"Token-Permissions","score":0,"reason":"detected GitHub workflow tokens with excessive permissions","details":["Info: topLevel 'contents' permission set to 'read': .github/workflows/build.yml:12","Warn: topLevel 'contents' permission set to 'write': .github/workflows/create-release.yml:9","Info: no jobLevel write permissions found"],"documentation":{"short":"Determines if the project's workflows follow the principle of least privilege.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#token-permissions"}},{"name":"Dangerous-Workflow","score":10,"reason":"no dangerous workflow patterns detected","details":null,"documentation":{"short":"Determines if the project's GitHub Action workflows avoid dangerous patterns.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#dangerous-workflow"}},{"name":"Security-Policy","score":0,"reason":"security policy file not detected","details":["Warn: no security policy file detected","Warn: no security file to analyze","Warn: no security file to analyze","Warn: no security file to analyze"],"documentation":{"short":"Determines if the project has published a security policy.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#security-policy"}},{"name":"Fuzzing","score":0,"reason":"project is not fuzzed","details":["Warn: no fuzzer integrations found"],"documentation":{"short":"Determines if the project uses fuzzing.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#fuzzing"}},{"name":"License","score":10,"reason":"license file detected","details":["Info: project has a license file: LICENSE.txt:0","Info: FSF or OSI recognized license: MIT License: LICENSE.txt:0"],"documentation":{"short":"Determines if the project has defined a license.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#license"}},{"name":"Signed-Releases","score":0,"reason":"Project has not signed or included provenance with any releases.","details":["Warn: release artifact v1.3.0 not signed: https://api.github.com/repos/antham/versem/releases/185822878","Warn: release artifact v1.2.0 not signed: https://api.github.com/repos/antham/versem/releases/66205728","Warn: release artifact v1.1.0 not signed: https://api.github.com/repos/antham/versem/releases/17142976","Warn: release artifact v1.0.0 not signed: https://api.github.com/repos/antham/versem/releases/17134789","Warn: release artifact v1.3.0 does not have provenance: https://api.github.com/repos/antham/versem/releases/185822878","Warn: release artifact v1.2.0 does not have provenance: https://api.github.com/repos/antham/versem/releases/66205728","Warn: release artifact v1.1.0 does not have provenance: https://api.github.com/repos/antham/versem/releases/17142976","Warn: release artifact v1.0.0 does not have provenance: https://api.github.com/repos/antham/versem/releases/17134789"],"documentation":{"short":"Determines if the project cryptographically signs release artifacts.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#signed-releases"}},{"name":"Branch-Protection","score":-1,"reason":"internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration","details":null,"documentation":{"short":"Determines if the default and release branches are protected with GitHub's branch protection settings.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#branch-protection"}},{"name":"Vulnerabilities","score":9,"reason":"1 existing vulnerabilities detected","details":["Warn: Project is vulnerable to: GO-2025-3787 / GHSA-fv92-fjc5-jj9h"],"documentation":{"short":"Determines if the project has open, known unfixed vulnerabilities.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#vulnerabilities"}},{"name":"SAST","score":0,"reason":"SAST tool is not run on all commits -- score normalized to 0","details":["Warn: 0 commits out of 30 are checked with a SAST tool"],"documentation":{"short":"Determines if the project uses static code analysis.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#sast"}}]},"last_synced_at":"2025-08-16T22:21:25.041Z","repository_id":37548427,"created_at":"2025-08-16T22:21:25.041Z","updated_at":"2025-08-16T22:21:25.041Z"},"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":30063348,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-03-03T18:21:05.932Z","status":"ssl_error","status_checked_at":"2026-03-03T18:20:59.341Z","response_time":61,"last_error":"SSL_connect returned=1 errno=0 peeraddr=140.82.121.5:443 state=error: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["release","semver","tags"],"created_at":"2024-10-11T03:14:12.263Z","updated_at":"2026-03-03T22:01:05.182Z","avatar_url":"https://github.com/antham.png","language":"Go","funding_links":[],"categories":[],"sub_categories":[],"readme":"# Versem [![codecov](https://codecov.io/gh/antham/versem/branch/master/graph/badge.svg)](https://codecov.io/gh/antham/versem) [![Go Report Card](https://goreportcard.com/badge/github.com/antham/versem)](https://goreportcard.com/report/github.com/antham/versem) [![GitHub tag](https://img.shields.io/github/tag/antham/versem.svg)]()\n\nVersem creates a semver git tag and a github release when merging a pull request according to the version label set on the repository.\n\n---\n\n- [Usage](#usage)\n- [Documentation](#documentation)\n- [Setup](#setup)\n- [Contribute](#contribute)\n\n---\n\n## Usage\n\n```\nSemver manager\n\nUsage:\n  versem [command]\n\nAvailable Commands:\n  help        Help about any command\n  label       Manage pull request labels\n  release     Manage release\n\nFlags:\n  -h, --help   help for versem\n\nUse \"versem [command] --help\" for more information about a command.\n\n```\n\nYou must define several environment variables : _GITHUB_OWNER_, _GITHUB_REPOSITORY_ and _GITHUB_TOKEN_\n\n### label check [commitSha|pullRequestId]\n\nEnsure a semver label is defined on a pull request or a commit that belong to a pull request, if not it exit with an error, if the commit is not tied to a pull request, it aborts without any errors.\n\n### label create\n\nCreate labels (patch, minor, major and norelease) on a repository.\n\n### release create [commitSha]\n\nCreate the semver tag using label version defined in pull request tied to the commit given as argument, if the commit is not tied to a pull request, it aborts without any errors.\n\n## Documentation\n\n### Workflow\n\nYou will use the command `versem label create` to add semver labels to your repository manually.\n\nYou will use the command `versem label check [pullRequestId]` in your CI to ensure a version label is linked to a pull request, when a pull request is built.\n\nWhen the pull request is merged, you will use the command `versem release create` in your CI to create the release according to the version label defined in the pull request and according to the previous semver tag created.\n\nHave a look to [versem-circleci](https://github.com/antham/versem-circleci) to have a full example of how to use it in a CI.\n\n### Recommended settings\n\nYou should force in a CI, a check to ensure every pull request are labelled properly like in the example above.\n\nYou should enable this setting in your github repository : `Require branches to be up to date before merging`, to be sure 2 pull requests are not merged in the same time and avoiding release creation mess.\n\n### Label norelease\n\nWhen your pull request is not intended to produce a new semver tag, it must be labelled with `norelease`, the CI will pass and will not produce any new release on merge.\n\n### V version suffix or not\n\nIf you started to prefix your semver tag with a `v`, versem will automatically detect it and will create new versions following this convention, if not it will continue not adding `v` as a suffix.\n\nWhen no tag exist yet, a `v` is added for the first tag created.\n\n### Repository not following semver before\n\nIf you want to install versem on a repository that wasn't following semver convention before, you must first create a proper semver tag manually before settting it, to let versem be able to understand from where it should start to tag. You must be really careful with the order of tags and check your semver tag appears as the last one otherwise versem won't work properly.\n\n## Setup\n\nDownload the binary from the release page according to your architecture : https://github.com/antham/versem/releases\n\n## Contribute\n\nIf you want to add a new feature to versem project, the best way is to open a ticket first to know exactly how to implement your changes in code.\n\n### Setup\n\nAfter cloning the repository you need to install vendors with `go mod vendor`\nTo test your changes locally you can run all tests with : `make test-all`.\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fantham%2Fversem","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fantham%2Fversem","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fantham%2Fversem/lists"}