{"id":37070743,"url":"https://github.com/attzonko/mmpy_bot","last_synced_at":"2026-01-14T08:15:48.534Z","repository":{"id":28869361,"uuid":"116447660","full_name":"attzonko/mmpy_bot","owner":"attzonko","description":"A python-based chatbot for Mattermost (http://www.mattermost.org).","archived":false,"fork":false,"pushed_at":"2025-12-19T00:34:08.000Z","size":580,"stargazers_count":295,"open_issues_count":24,"forks_count":110,"subscribers_count":12,"default_branch":"main","last_synced_at":"2025-12-27T05:59:07.837Z","etag":null,"topics":["bot","chatbot","mattermost","python"],"latest_commit_sha":null,"homepage":"","language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/attzonko.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":"docs/contributing.rst","funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":"AUTHORS.rst","dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":null,"dco":null,"cla":null}},"created_at":"2018-01-06T02:46:34.000Z","updated_at":"2025-12-19T13:25:57.000Z","dependencies_parsed_at":"2023-02-16T10:15:44.181Z","dependency_job_id":"bbc58d86-e312-4ffa-a9b5-a04e1944b45a","html_url":"https://github.com/attzonko/mmpy_bot","commit_stats":{"total_commits":370,"total_committers":39,"mean_commits":9.487179487179487,"dds":0.7108108108108109,"last_synced_commit":"2c0e7b9650bde7b61510dcb8f11a7efd7ff2923d"},"previous_names":[],"tags_count":31,"template":false,"template_full_name":null,"purl":"pkg:github/attzonko/mmpy_bot","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/attzonko%2Fmmpy_bot","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/attzonko%2Fmmpy_bot/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/attzonko%2Fmmpy_bot/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/attzonko%2Fmmpy_bot/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/attzonko","download_url":"https://codeload.github.com/attzonko/mmpy_bot/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/attzonko%2Fmmpy_bot/sbom","scorecard":{"id":215837,"data":{"date":"2025-08-11","repo":{"name":"github.com/attzonko/mmpy_bot","commit":"8b3e5985956e1d3d69faa09068a930915f2e2536"},"scorecard":{"version":"v5.2.1-40-gf6ed084d","commit":"f6ed084d17c9236477efd66e5b258b9d4cc7b389"},"score":4.2,"checks":[{"name":"Maintained","score":5,"reason":"6 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 5","details":null,"documentation":{"short":"Determines if the project is \"actively maintained\".","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#maintained"}},{"name":"Code-Review","score":6,"reason":"Found 10/15 approved changesets -- score normalized to 6","details":null,"documentation":{"short":"Determines if the project requires human code review before pull requests (aka merge requests) are merged.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#code-review"}},{"name":"Binary-Artifacts","score":10,"reason":"no binaries found in the repo","details":null,"documentation":{"short":"Determines if the project has generated executable (binary) artifacts in the source repository.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#binary-artifacts"}},{"name":"Dangerous-Workflow","score":10,"reason":"no dangerous workflow patterns detected","details":null,"documentation":{"short":"Determines if the project's GitHub Action workflows avoid dangerous patterns.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#dangerous-workflow"}},{"name":"Packaging","score":-1,"reason":"packaging workflow not detected","details":["Warn: no GitHub/GitLab publishing workflow detected."],"documentation":{"short":"Determines if the project is published as a package that others can easily download, install, easily update, and uninstall.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#packaging"}},{"name":"Token-Permissions","score":0,"reason":"detected GitHub workflow tokens with excessive permissions","details":["Warn: no topLevel permission defined: .github/workflows/lint.yml:1","Warn: no topLevel permission defined: .github/workflows/pre-commit-autoupdate.yml:1","Warn: no topLevel permission defined: .github/workflows/publish.yml:1","Warn: no topLevel permission defined: .github/workflows/test.yml:1","Info: no jobLevel write permissions found"],"documentation":{"short":"Determines if the project's workflows follow the principle of least privilege.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#token-permissions"}},{"name":"CII-Best-Practices","score":0,"reason":"no effort to earn an OpenSSF best practices badge detected","details":null,"documentation":{"short":"Determines if the project has an OpenSSF (formerly CII) Best Practices Badge.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#cii-best-practices"}},{"name":"Fuzzing","score":0,"reason":"project is not fuzzed","details":["Warn: no fuzzer integrations found"],"documentation":{"short":"Determines if the project uses fuzzing.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#fuzzing"}},{"name":"Security-Policy","score":0,"reason":"security policy file not detected","details":["Warn: no security policy file detected","Warn: no security file to analyze","Warn: no security file to analyze","Warn: no security file to analyze"],"documentation":{"short":"Determines if the project has published a security policy.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#security-policy"}},{"name":"License","score":10,"reason":"license file detected","details":["Info: project has a license file: LICENSE:0","Info: FSF or OSI recognized license: MIT License: LICENSE:0"],"documentation":{"short":"Determines if the project has defined a license.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#license"}},{"name":"Signed-Releases","score":0,"reason":"Project has not signed or included provenance with any releases.","details":["Warn: release artifact v2.1.4 not signed: https://api.github.com/repos/attzonko/mmpy_bot/releases/117171131","Warn: release artifact v2.1.3 not signed: https://api.github.com/repos/attzonko/mmpy_bot/releases/102319896","Warn: release artifact v2.1.1 not signed: https://api.github.com/repos/attzonko/mmpy_bot/releases/77049380","Warn: release artifact v2.1.4 does not have provenance: https://api.github.com/repos/attzonko/mmpy_bot/releases/117171131","Warn: release artifact v2.1.3 does not have provenance: https://api.github.com/repos/attzonko/mmpy_bot/releases/102319896","Warn: release artifact v2.1.1 does not have provenance: https://api.github.com/repos/attzonko/mmpy_bot/releases/77049380"],"documentation":{"short":"Determines if the project cryptographically signs release artifacts.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#signed-releases"}},{"name":"Pinned-Dependencies","score":0,"reason":"dependency not pinned by hash detected -- score normalized to 0","details":["Warn: third-party GitHubAction not pinned by hash: .github/workflows/lint.yml:20: update your workflow using https://app.stepsecurity.io/secureworkflow/attzonko/mmpy_bot/lint.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/lint.yml:23: update your workflow using https://app.stepsecurity.io/secureworkflow/attzonko/mmpy_bot/lint.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/lint.yml:25: update your workflow using https://app.stepsecurity.io/secureworkflow/attzonko/mmpy_bot/lint.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/lint.yml:28: update your workflow using https://app.stepsecurity.io/secureworkflow/attzonko/mmpy_bot/lint.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/pre-commit-autoupdate.yml:14: update your workflow using https://app.stepsecurity.io/secureworkflow/attzonko/mmpy_bot/pre-commit-autoupdate.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/pre-commit-autoupdate.yml:17: update your workflow using https://app.stepsecurity.io/secureworkflow/attzonko/mmpy_bot/pre-commit-autoupdate.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/pre-commit-autoupdate.yml:22: update your workflow using https://app.stepsecurity.io/secureworkflow/attzonko/mmpy_bot/pre-commit-autoupdate.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/pre-commit-autoupdate.yml:34: update your workflow using https://app.stepsecurity.io/secureworkflow/attzonko/mmpy_bot/pre-commit-autoupdate.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/pre-commit-autoupdate.yml:37: update your workflow using https://app.stepsecurity.io/secureworkflow/attzonko/mmpy_bot/pre-commit-autoupdate.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/publish.yml:15: update your workflow using https://app.stepsecurity.io/secureworkflow/attzonko/mmpy_bot/publish.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/publish.yml:17: update your workflow using https://app.stepsecurity.io/secureworkflow/attzonko/mmpy_bot/publish.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/publish.yml:28: update your workflow using https://app.stepsecurity.io/secureworkflow/attzonko/mmpy_bot/publish.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/test.yml:23: update your workflow using https://app.stepsecurity.io/secureworkflow/attzonko/mmpy_bot/test.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test.yml:26: update your workflow using https://app.stepsecurity.io/secureworkflow/attzonko/mmpy_bot/test.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test.yml:28: update your workflow using https://app.stepsecurity.io/secureworkflow/attzonko/mmpy_bot/test.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test.yml:31: update your workflow using https://app.stepsecurity.io/secureworkflow/attzonko/mmpy_bot/test.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test.yml:48: update your workflow using https://app.stepsecurity.io/secureworkflow/attzonko/mmpy_bot/test.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test.yml:50: update your workflow using https://app.stepsecurity.io/secureworkflow/attzonko/mmpy_bot/test.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test.yml:53: update your workflow using https://app.stepsecurity.io/secureworkflow/attzonko/mmpy_bot/test.yml/main?enable=pin","Warn: containerImage not pinned by hash: Dockerfile:1: pin your Docker image by updating python:3.8-slim-buster to python:3.8-slim-buster@sha256:8799b0564103a9f36cfb8a8e1c562e11a9a6f2e3bb214e2adc23982b36a04511","Warn: containerImage not pinned by hash: tests/integration_tests/Dockerfile:1: pin your Docker image by updating jneeven/mattermost-bot-test:new_tokens_14.02.2021 to jneeven/mattermost-bot-test:new_tokens_14.02.2021@sha256:d1f630785456ed88ca995a91688ef880408cebe724968578594f8002b0f216b3","Warn: pipCommand not pinned by hash: Dockerfile:5","Warn: pipCommand not pinned by hash: Dockerfile:7","Warn: pipCommand not pinned by hash: .github/workflows/lint.yml:33","Warn: pipCommand not pinned by hash: .github/workflows/lint.yml:35","Warn: pipCommand not pinned by hash: .github/workflows/pre-commit-autoupdate.yml:28","Warn: pipCommand not pinned by hash: .github/workflows/pre-commit-autoupdate.yml:32","Warn: pipCommand not pinned by hash: .github/workflows/publish.yml:22","Warn: pipCommand not pinned by hash: .github/workflows/test.yml:59","Warn: pipCommand not pinned by hash: .github/workflows/test.yml:37","Info:   0 out of  14 GitHub-owned GitHubAction dependencies pinned","Info:   0 out of   5 third-party GitHubAction dependencies pinned","Info:   0 out of   2 containerImage dependencies pinned","Info:   0 out of   9 pipCommand dependencies pinned"],"documentation":{"short":"Determines if the project has declared and pinned the dependencies of its build process.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#pinned-dependencies"}},{"name":"Branch-Protection","score":-1,"reason":"internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration","details":null,"documentation":{"short":"Determines if the default and release branches are protected with GitHub's branch protection settings.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#branch-protection"}},{"name":"Vulnerabilities","score":7,"reason":"3 existing vulnerabilities detected","details":["Warn: Project is vulnerable to: GHSA-8495-4g3g-x7pr","Warn: Project is vulnerable to: GHSA-9548-qrrj-x5pj","Warn: Project is vulnerable to: PYSEC-2022-183 / GHSA-h8pj-cxx2-jfg2"],"documentation":{"short":"Determines if the project has open, known unfixed vulnerabilities.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#vulnerabilities"}},{"name":"SAST","score":0,"reason":"SAST tool is not run on all commits -- score normalized to 0","details":["Warn: 0 commits out of 29 are checked with a SAST tool"],"documentation":{"short":"Determines if the project uses static code analysis.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#sast"}}]},"last_synced_at":"2025-08-17T01:37:55.741Z","repository_id":28869361,"created_at":"2025-08-17T01:37:55.741Z","updated_at":"2025-08-17T01:37:55.741Z"},"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":28413735,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-01-14T05:26:33.345Z","status":"ssl_error","status_checked_at":"2026-01-14T05:21:57.251Z","response_time":107,"last_error":"SSL_connect returned=1 errno=0 peeraddr=140.82.121.5:443 state=error: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["bot","chatbot","mattermost","python"],"created_at":"2026-01-14T08:15:47.985Z","updated_at":"2026-01-14T08:15:48.524Z","avatar_url":"https://github.com/attzonko.png","language":"Python","funding_links":[],"categories":[],"sub_categories":[],"readme":"[![PyPI](https://badge.fury.io/py/mmpy-bot.svg)](https://pypi.org/project/mmpy-bot/)\n[![Maintainability](https://api.codeclimate.com/v1/badges/809c8d66aea982d9e3da/maintainability)](https://codeclimate.com/github/attzonko/mmpy_bot/maintainability)\n[![Python Support](https://img.shields.io/pypi/pyversions/mmpy-bot.svg)](https://pypi.org/project/mmpy-bot/)\n[![Mattermost](https://img.shields.io/badge/mattermost-4.0+-blue.svg)](http://www.mattermost.org)\n[![License](https://img.shields.io/badge/license-MIT-green.svg)](https://pypi.org/project/mmpy-bot/)\n\nDocumentation available at [Read the Docs](https://mmpy-bot.readthedocs.org/).\n\n\n## Description\n\nA Python based chat bot framework for [Mattermost](http://www.mattermost.org). The code for\nthis bot framework was heavily re-factored in v2.0.0 and will only work with Python 3.8 or higher.\nFor Python 2 and Python3 \u003c 3.8 support, please use versions v1.3.9 or lower.\n\n## Features\n- Based on Mattermost [WebSocket API(V4.0.0)](https://api.mattermost.com)\n- Simple plugins mechanism\n- Concurrent message handling\n- Attachment support\n- Auto-reconnect to Mattermost after connection loss\n\n##### Additional features added in v2.x:\n- Multi-threading and asyncio execution\n- Integrated webhook server\n- Support for click functions\n- Job scheduling\n\n## Compatibility\n\n|    Mattermost    |  mmpy_bot   |\n|------------------|:-----------:|\n|     \u003e= 4.0       |  \u003e 1.2.0    |\n|     \u003c  4.0       | unsupported |\n\n\n## Installation\n:warning: Warning: pip will grab v1.x if your Python version is less than 3.8!\n\n##### v2.x (latest)\n```\npip install mmpy-bot\n```\n\n##### v1.3.9 (force legacy)\n```\npip install mmpy-bot==1.3.9\n```\n\n## Usage (v2.x)\n\n### Registration\n\nFirst you need to create a bot account on your Mattermost server.\nNote: **Enable Bot Account Creation** must be enabled under System Console\n1. Login to your Mattermost server as a user with Administrative privileges.\n1. Navigate to Integrations -\u003e Bot Accounts -\u003e Add Bot Account\n1. Fill in the configuration options and upon creation take note of the **Access Token**\n\nNote that some API functions, such as ephemeral message replies, will require the bot to be part of the **System Admin** group,\nhowever most API functions will work with a regular **Member** account role. Just be aware that if some API functions are not working, it\nmay be due to a lack of appropriate permissions.\n\n\n### Configure and run the bot\n\nCreate an entrypoint file (or copy the one provided), that defines your Mattermost server and bot account settings and imports\nthe desired modules.\n\nExample `my_bot.py`:\n\n```python\n#!/usr/bin/env python\n\nfrom mmpy_bot import Bot, Settings\nfrom my_plugin import MyPlugin\n\nbot = Bot(\n    settings=Settings(\n        MATTERMOST_URL = \"http://chat.example.com\",\n        MATTERMOST_PORT = 443,\n        BOT_TOKEN = \"a69155mvlsobcnqpfdceqihaa\",\n        BOT_TEAM = \"test\",\n        SSL_VERIFY = True,\n    ),  # Either specify your settings here or as environment variables.\n    plugins=[MyPlugin()],  # Add your own plugins here.\n)\nbot.run()\n```\n\nSet the executable bit on the entrypoint file (i.e. `chmod +x my_bot.py`) and start your bot from the command prompt. Now you can talk to your bot in your Mattermost client!\n\nIn order to get the most out of your bot, you will need to write your own plugins. Refer to the [Plugins Documentation](https://mmpy-bot.readthedocs.io/en/latest/plugins.html) to get started.\n\n### Talk to us\n\nThe primary channel for communication is [GitHub](https://github.com/attzonko/mmpy_bot)\nvia [Issues](https://github.com/attzonko/mmpy_bot/issues)\nor [Pull requests](https://github.com/attzonko/mmpy_bot/pulls)\nbut you may also find some of us in [Discord](https://discord.gg/tWe5nVpNRB) for some real-time interaction.\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fattzonko%2Fmmpy_bot","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fattzonko%2Fmmpy_bot","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fattzonko%2Fmmpy_bot/lists"}