{"id":37072272,"url":"https://github.com/anthonycorletti/cbpa","last_synced_at":"2026-01-14T08:29:14.283Z","repository":{"id":45104477,"uuid":"444329045","full_name":"anthonycorletti/cbpa","owner":"anthonycorletti","description":"Coinbase Pro Automation for buying your favourite cryptocurrencies.","archived":true,"fork":false,"pushed_at":"2022-11-27T22:07:42.000Z","size":56,"stargazers_count":2,"open_issues_count":0,"forks_count":0,"subscribers_count":1,"default_branch":"main","last_synced_at":"2026-01-04T17:13:46.544Z","etag":null,"topics":["coinbasepro","docker","fastapi","google-cloud-run","google-cloud-scheduler","google-cloud-secrets-manager","python3","typer"],"latest_commit_sha":null,"homepage":"","language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/anthonycorletti.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":"CONTRIBUTING.md","funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null}},"created_at":"2022-01-04T07:41:43.000Z","updated_at":"2024-03-08T00:29:16.000Z","dependencies_parsed_at":"2023-01-22T03:18:52.854Z","dependency_job_id":null,"html_url":"https://github.com/anthonycorletti/cbpa","commit_stats":null,"previous_names":[],"tags_count":3,"template":false,"template_full_name":null,"purl":"pkg:github/anthonycorletti/cbpa","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/anthonycorletti%2Fcbpa","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/anthonycorletti%2Fcbpa/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/anthonycorletti%2Fcbpa/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/anthonycorletti%2Fcbpa/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/anthonycorletti","download_url":"https://codeload.github.com/anthonycorletti/cbpa/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/anthonycorletti%2Fcbpa/sbom","scorecard":{"id":198836,"data":{"date":"2025-08-11","repo":{"name":"github.com/anthonycorletti/cbpa","commit":"a4e3a1c12018a795928be38346d46c275e5acba9"},"scorecard":{"version":"v5.2.1-40-gf6ed084d","commit":"f6ed084d17c9236477efd66e5b258b9d4cc7b389"},"score":3.8,"checks":[{"name":"Dangerous-Workflow","score":10,"reason":"no dangerous workflow patterns detected","details":null,"documentation":{"short":"Determines if the project's GitHub Action workflows avoid dangerous patterns.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#dangerous-workflow"}},{"name":"Maintained","score":0,"reason":"project is archived","details":["Warn: Repository is archived."],"documentation":{"short":"Determines if the project is \"actively maintained\".","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#maintained"}},{"name":"Code-Review","score":0,"reason":"Found 0/16 approved changesets -- score normalized to 0","details":null,"documentation":{"short":"Determines if the project requires human code review before pull requests (aka merge requests) are merged.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#code-review"}},{"name":"Binary-Artifacts","score":10,"reason":"no binaries found in the repo","details":null,"documentation":{"short":"Determines if the project has generated executable (binary) artifacts in the source repository.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#binary-artifacts"}},{"name":"Packaging","score":-1,"reason":"packaging workflow not detected","details":["Warn: no GitHub/GitLab publishing workflow detected."],"documentation":{"short":"Determines if the project is published as a package that others can easily download, install, easily update, and uninstall.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#packaging"}},{"name":"Token-Permissions","score":0,"reason":"detected GitHub workflow tokens with excessive permissions","details":["Warn: no topLevel permission defined: .github/workflows/publish.yaml:1","Warn: no topLevel permission defined: .github/workflows/test.yaml:1","Info: no jobLevel write permissions found"],"documentation":{"short":"Determines if the project's workflows follow the principle of least privilege.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#token-permissions"}},{"name":"CII-Best-Practices","score":0,"reason":"no effort to earn an OpenSSF best practices badge detected","details":null,"documentation":{"short":"Determines if the project has an OpenSSF (formerly CII) Best Practices Badge.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#cii-best-practices"}},{"name":"Security-Policy","score":0,"reason":"security policy file not detected","details":["Warn: no security policy file detected","Warn: no security file to analyze","Warn: no security file to analyze","Warn: no security file to analyze"],"documentation":{"short":"Determines if the project has published a security policy.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#security-policy"}},{"name":"Fuzzing","score":0,"reason":"project is not fuzzed","details":["Warn: no fuzzer integrations found"],"documentation":{"short":"Determines if the project uses fuzzing.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#fuzzing"}},{"name":"Vulnerabilities","score":10,"reason":"0 existing vulnerabilities detected","details":null,"documentation":{"short":"Determines if the project has open, known unfixed vulnerabilities.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#vulnerabilities"}},{"name":"Pinned-Dependencies","score":0,"reason":"dependency not pinned by hash detected -- score normalized to 0","details":["Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/publish.yaml:13: update your workflow using https://app.stepsecurity.io/secureworkflow/anthonycorletti/cbpa/publish.yaml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/publish.yaml:16: update your workflow using https://app.stepsecurity.io/secureworkflow/anthonycorletti/cbpa/publish.yaml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test.yaml:19: update your workflow using https://app.stepsecurity.io/secureworkflow/anthonycorletti/cbpa/test.yaml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test.yaml:23: update your workflow using https://app.stepsecurity.io/secureworkflow/anthonycorletti/cbpa/test.yaml/main?enable=pin","Warn: containerImage not pinned by hash: Dockerfile:1: pin your Docker image by updating python:3.9.6-slim to python:3.9.6-slim@sha256:4115592fd02679fb3d9e8c513cae33ad3fdd64747b64d32b504419d7118bcd7c","Warn: pipCommand not pinned by hash: Dockerfile:8-13","Warn: pipCommand not pinned by hash: scripts/install.sh:3","Warn: pipCommand not pinned by hash: scripts/install.sh:4","Warn: pipCommand not pinned by hash: .github/workflows/publish.yaml:22","Info:   0 out of   4 GitHub-owned GitHubAction dependencies pinned","Info:   0 out of   1 containerImage dependencies pinned","Info:   0 out of   4 pipCommand dependencies pinned"],"documentation":{"short":"Determines if the project has declared and pinned the dependencies of its build process.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#pinned-dependencies"}},{"name":"License","score":10,"reason":"license file detected","details":["Info: project has a license file: LICENSE:0","Info: FSF or OSI recognized license: MIT License: LICENSE:0"],"documentation":{"short":"Determines if the project has defined a license.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#license"}},{"name":"Signed-Releases","score":-1,"reason":"no releases found","details":null,"documentation":{"short":"Determines if the project cryptographically signs release artifacts.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#signed-releases"}},{"name":"Branch-Protection","score":-1,"reason":"internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration","details":null,"documentation":{"short":"Determines if the default and release branches are protected with GitHub's branch protection settings.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#branch-protection"}},{"name":"SAST","score":0,"reason":"SAST tool is not run on all commits -- score normalized to 0","details":["Warn: 0 commits out of 1 are checked with a SAST tool"],"documentation":{"short":"Determines if the project uses static code analysis.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#sast"}}]},"last_synced_at":"2025-08-16T22:23:28.281Z","repository_id":45104477,"created_at":"2025-08-16T22:23:28.281Z","updated_at":"2025-08-16T22:23:28.281Z"},"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":28414036,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-01-14T08:16:59.381Z","status":"ssl_error","status_checked_at":"2026-01-14T08:13:45.490Z","response_time":107,"last_error":"SSL_connect returned=1 errno=0 peeraddr=140.82.121.5:443 state=error: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["coinbasepro","docker","fastapi","google-cloud-run","google-cloud-scheduler","google-cloud-secrets-manager","python3","typer"],"created_at":"2026-01-14T08:29:13.734Z","updated_at":"2026-01-14T08:29:14.268Z","avatar_url":"https://github.com/anthonycorletti.png","language":"Python","funding_links":[],"categories":[],"sub_categories":[],"readme":"# cbpa\n\n---\n\n:warning: `cbpa` is now deprecated because [Coinbase Pro is sunsetting for Coinbase Advanced Trade](https://www.coinbase.com/blog/hello-advanced-trade-goodbye-coinbase-pro). You can check out the documentation for the new Advanced Trade API [here](https://docs.cloud.coinbase.com/advanced-trade-api/docs).\n\nI have no plans to update this library to use the new API, and will consider making a new library for the new API if users express interest. Cheers!\n\n---\n\nCoinbase Pro Automation for making buy orders from a default bank account.\n\n## Quickstart\n\n1. Install with pip\n\n    ```sh\n    pip install cbpa\n    ```\n\n1. [Create a Coinbase API Key](https://help.coinbase.com/en/pro/other-topics/api/how-do-i-create-an-api-key-for-coinbase-pro), you will need to select all fields of access.\n\n1. (Optional). [Create a Discord webhook](https://support.discord.com/hc/en-us/articles/228383668-Intro-to-Webhooks).\n\n1. Make your config file. See the [examples](./examples) for more.\n\n    ```yaml\n    ---\n    api:\n        key: \"myKey\"\n        secret: \"mySecret\"\n        passphrase: \"myPassphrase\"\n        url: \"https://api.pro.coinbase.com\"\n    discord:\n        webhook: https://discord.com/api/webhooks/123/abc\n    account:\n        auto_funding_limit: 20\n        fiat_currency: USD\n    buys:\n        - send_currency: USD\n            send_amount: 2\n            receive_currency: BTC\n        - send_currency: USD\n            send_amount: 2\n            receive_currency: ETH\n        - send_currency: USD\n            send_amount: 2\n            receive_currency: DOGE\n    ```\n\n1. Make your orders!\n\n    ```sh\n    cbpa run -f my-buys.yaml\n    ```\n\n## Running `cbpa` in Google Cloud Run\n\nYou can run `cbpa` as a server in Google Cloud Run, which can called by Google Cloud Scheduler to automatically place buys for you each day, or on any cron schedule you like.\n\nThese steps assume you have installed and configured `gcloud` already.\n\n1. Store your buy order file as a secret in GCP.\n\n    ```sh\n    gcloud secrets versions add my_buys --data-file=my-buys.yaml\n    ```\n\n1. Build and push your docker container to Google Cloud, and then deploy your container.\n\n    ```sh\n    ./scripts/docker-build.sh \u0026\u0026 ./scripts/docker-push.sh; SECRET_ID=my_buys ./scripts/gcloud-run-deploy.sh\n    ```\n\n1. [Create an authenticated scheduler](https://cloud.google.com/scheduler/docs/http-target-auth#using-the-console) that uses an http target to hit the `buy` endpoint.\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fanthonycorletti%2Fcbpa","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fanthonycorletti%2Fcbpa","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fanthonycorletti%2Fcbpa/lists"}