{"id":13566191,"url":"https://github.com/azerpas/bourso-api","last_synced_at":"2026-01-12T14:51:10.558Z","repository":{"id":202672655,"uuid":"707823696","full_name":"azerpas/bourso-api","owner":"azerpas","description":"Boursorama / BoursoBank unofficial API and CLI","archived":false,"fork":false,"pushed_at":"2025-12-02T20:26:26.000Z","size":315,"stargazers_count":67,"open_issues_count":8,"forks_count":8,"subscribers_count":1,"default_branch":"main","last_synced_at":"2025-12-05T01:56:08.998Z","etag":null,"topics":["api","banking","cli","dca","investing","rust"],"latest_commit_sha":null,"homepage":"","language":"Rust","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/azerpas.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":null,"dco":null,"cla":null}},"created_at":"2023-10-20T18:35:30.000Z","updated_at":"2025-12-03T08:17:52.000Z","dependencies_parsed_at":null,"dependency_job_id":"a9a3da29-625a-4c89-9692-37d61f083a61","html_url":"https://github.com/azerpas/bourso-api","commit_stats":null,"previous_names":["azerpas/bourso-api"],"tags_count":18,"template":false,"template_full_name":null,"purl":"pkg:github/azerpas/bourso-api","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/azerpas%2Fbourso-api","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/azerpas%2Fbourso-api/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/azerpas%2Fbourso-api/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/azerpas%2Fbourso-api/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/azerpas","download_url":"https://codeload.github.com/azerpas/bourso-api/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/azerpas%2Fbourso-api/sbom","scorecard":{"id":1239198,"data":{"date":"2025-10-20T00:41:12Z","repo":{"name":"github.com/azerpas/bourso-api","commit":"5aa90fc5ee1ddffe608e0d24d940537086d84f86"},"scorecard":{"version":"v4.13.1","commit":"49c0eed3a423f00c872b5c3c9f1bbca9e8aae799"},"score":3.8,"checks":[{"name":"Binary-Artifacts","score":10,"reason":"no binaries found in the repo","details":null,"documentation":{"short":"Determines if the project has generated executable (binary) artifacts in the source repository.","url":"https://github.com/ossf/scorecard/blob/49c0eed3a423f00c872b5c3c9f1bbca9e8aae799/docs/checks.md#binary-artifacts"}},{"name":"Branch-Protection","score":-1,"reason":"internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration","details":null,"documentation":{"short":"Determines if the default and release branches are protected with GitHub's branch protection settings.","url":"https://github.com/ossf/scorecard/blob/49c0eed3a423f00c872b5c3c9f1bbca9e8aae799/docs/checks.md#branch-protection"}},{"name":"CI-Tests","score":4,"reason":"3 out of 7 merged PRs checked by a CI test -- score normalized to 4","details":null,"documentation":{"short":"Determines if the project runs tests before pull requests are merged.","url":"https://github.com/ossf/scorecard/blob/49c0eed3a423f00c872b5c3c9f1bbca9e8aae799/docs/checks.md#ci-tests"}},{"name":"CII-Best-Practices","score":0,"reason":"no effort to earn an OpenSSF best practices badge detected","details":null,"documentation":{"short":"Determines if the project has an OpenSSF (formerly CII) Best Practices Badge.","url":"https://github.com/ossf/scorecard/blob/49c0eed3a423f00c872b5c3c9f1bbca9e8aae799/docs/checks.md#cii-best-practices"}},{"name":"Code-Review","score":0,"reason":"found 10 unreviewed changesets out of 11 -- score normalized to 0","details":null,"documentation":{"short":"Determines if the project requires human code review before pull requests (aka merge requests) are merged.","url":"https://github.com/ossf/scorecard/blob/49c0eed3a423f00c872b5c3c9f1bbca9e8aae799/docs/checks.md#code-review"}},{"name":"Contributors","score":3,"reason":"1 different organizations found -- score normalized to 3","details":["Info: contributors work for datadome"],"documentation":{"short":"Determines if the project has a set of contributors from multiple organizations (e.g., companies).","url":"https://github.com/ossf/scorecard/blob/49c0eed3a423f00c872b5c3c9f1bbca9e8aae799/docs/checks.md#contributors"}},{"name":"Dangerous-Workflow","score":10,"reason":"no dangerous workflow patterns detected","details":null,"documentation":{"short":"Determines if the project's GitHub Action workflows avoid dangerous patterns.","url":"https://github.com/ossf/scorecard/blob/49c0eed3a423f00c872b5c3c9f1bbca9e8aae799/docs/checks.md#dangerous-workflow"}},{"name":"Dependency-Update-Tool","score":10,"reason":"update tool detected","details":["Info: tool 'Dependabot' is used: :0"],"documentation":{"short":"Determines if the project uses a dependency update tool.","url":"https://github.com/ossf/scorecard/blob/49c0eed3a423f00c872b5c3c9f1bbca9e8aae799/docs/checks.md#dependency-update-tool"}},{"name":"Fuzzing","score":0,"reason":"project is not fuzzed","details":["Warn: no OSSFuzz integration found: Follow the steps in https://github.com/google/oss-fuzz to integrate fuzzing for your project.\nOver time, try to add fuzzing for more functionalities of your project. (High effort)","Warn: no OneFuzz integration found: Follow the steps in https://github.com/microsoft/onefuzz to start fuzzing for your project.\nOver time, try to add fuzzing for more functionalities of your project. (High effort)","Warn: no GoBuiltInFuzzer integration found: Follow the steps in https://go.dev/doc/fuzz/ to enable fuzzing on your project.\nOver time, try to add fuzzing for more functionalities of your project. (Medium effort)","Warn: no PythonAtherisFuzzer integration found: Follow the steps in https://github.com/google/atheris to enable fuzzing on your project.\nOver time, try to add fuzzing for more functionalities of your project. (Medium effort)","Warn: no CLibFuzzer integration found: Follow the steps in https://llvm.org/docs/LibFuzzer.html to enable fuzzing on your project.\nOver time, try to add fuzzing for more functionalities of your project. (Medium effort)","Warn: no CppLibFuzzer integration found: Follow the steps in https://llvm.org/docs/LibFuzzer.html to enable fuzzing on your project.\nOver time, try to add fuzzing for more functionalities of your project. (Medium effort)","Warn: no SwiftLibFuzzer integration found: Follow the steps in https://google.github.io/oss-fuzz/getting-started/new-project-guide/swift-lang/ to enable fuzzing on your project.\nOver time, try to add fuzzing for more functionalities of your project. (Medium effort)","Warn: no RustCargoFuzzer integration found: Follow the steps in https://rust-fuzz.github.io/book/cargo-fuzz.html to enable fuzzing on your project.\nOver time, try to add fuzzing for more functionalities of your project. (Medium effort)","Warn: no JavaJazzerFuzzer integration found: Follow the steps in https://github.com/CodeIntelligenceTesting/jazzer to enable fuzzing on your project.\nOver time, try to add fuzzing for more functionalities of your project. (Medium effort)","Warn: no ClusterFuzzLite integration found: Follow the steps in https://github.com/google/clusterfuzzlite to integrate fuzzing as part of CI.\nOver time, try to add fuzzing for more functionalities of your project. (High effort)","Warn: no HaskellPropertyBasedTesting integration found: Use one of the following frameworks to fuzz your project:\nQuickCheck: https://hackage.haskell.org/package/QuickCheck\nhedgehog: https://hedgehog.qa/\nvalidity: https://github.com/NorfairKing/validity\nsmallcheck: https://hackage.haskell.org/package/smallcheck\nhspec: https://hspec.github.io/\ntasty: https://hackage.haskell.org/package/tasty (High effort)","Warn: no TypeScriptPropertyBasedTesting integration found: Use fast-check: https://github.com/dubzzz/fast-check (High effort)","Warn: no JavaScriptPropertyBasedTesting integration found: Use fast-check: https://github.com/dubzzz/fast-check (High effort)"],"documentation":{"short":"Determines if the project uses fuzzing.","url":"https://github.com/ossf/scorecard/blob/49c0eed3a423f00c872b5c3c9f1bbca9e8aae799/docs/checks.md#fuzzing"}},{"name":"License","score":10,"reason":"license file detected","details":["Info: License file found in expected location: LICENSE:1","Info: FSF or OSI recognized license: LICENSE:1"],"documentation":{"short":"Determines if the project has defined a license.","url":"https://github.com/ossf/scorecard/blob/49c0eed3a423f00c872b5c3c9f1bbca9e8aae799/docs/checks.md#license"}},{"name":"Maintained","score":0,"reason":"0 commit(s) out of 30 and 0 issue activity out of 12 found in the last 90 days -- score normalized to 0","details":null,"documentation":{"short":"Determines if the project is \"actively maintained\".","url":"https://github.com/ossf/scorecard/blob/49c0eed3a423f00c872b5c3c9f1bbca9e8aae799/docs/checks.md#maintained"}},{"name":"Packaging","score":-1,"reason":"no published package detected","details":["Warn: no GitHub/GitLab publishing workflow detected"],"documentation":{"short":"Determines if the project is published as a package that others can easily download, install, easily update, and uninstall.","url":"https://github.com/ossf/scorecard/blob/49c0eed3a423f00c872b5c3c9f1bbca9e8aae799/docs/checks.md#packaging"}},{"name":"Pinned-Dependencies","score":2,"reason":"dependency not pinned by hash detected -- score normalized to 2","details":["Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/cicd.yml:30: update your workflow using https://app.stepsecurity.io/secureworkflow/azerpas/bourso-api/cicd.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/cicd.yml:39: update your workflow using https://app.stepsecurity.io/secureworkflow/azerpas/bourso-api/cicd.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/cicd.yml:45: update your workflow using https://app.stepsecurity.io/secureworkflow/azerpas/bourso-api/cicd.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/cicd.yml:89: update your workflow using https://app.stepsecurity.io/secureworkflow/azerpas/bourso-api/cicd.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/coverage.yml:13: update your workflow using https://app.stepsecurity.io/secureworkflow/azerpas/bourso-api/coverage.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/coverage.yml:20: update your workflow using https://app.stepsecurity.io/secureworkflow/azerpas/bourso-api/coverage.yml/main?enable=pin","Info:   3 out of   5 GitHub-owned GitHubAction dependencies pinned","Info:   1 out of   5 third-party GitHubAction dependencies pinned"],"documentation":{"short":"Determines if the project has declared and pinned the dependencies of its build process.","url":"https://github.com/ossf/scorecard/blob/49c0eed3a423f00c872b5c3c9f1bbca9e8aae799/docs/checks.md#pinned-dependencies"}},{"name":"SAST","score":0,"reason":"SAST tool is not run on all commits -- score normalized to 0","details":["Warn: 0 commits out of 25 are checked with a SAST tool","Warn: CodeQL tool not detected"],"documentation":{"short":"Determines if the project uses static code analysis.","url":"https://github.com/ossf/scorecard/blob/49c0eed3a423f00c872b5c3c9f1bbca9e8aae799/docs/checks.md#sast"}},{"name":"Security-Policy","score":0,"reason":"security policy file not detected","details":["Warn: no security policy file detected: On GitHub:\nEnable private vulnerability disclosure in your repository settings https://docs.github.com/en/code-security/security-advisories/repository-security-advisories/configuring-private-vulnerability-reporting-for-a-repository\nAdd a section in your SECURITY.md indicating you have enabled private reporting, and tell them to follow the steps in https://docs.github.com/en/code-security/security-advisories/guidance-on-reporting-and-writing/privately-reporting-a-security-vulnerability to report vulnerabilities.\nOn GitLab:\nAdd a section in your SECURITY.md indicating the process to disclose vulnerabilities for your project.\nExamples: https://github.com/ossf/scorecard/blob/main/SECURITY.md, https://github.com/slsa-framework/slsa-github-generator/blob/main/SECURITY.md, https://github.com/sigstore/.github/blob/main/SECURITY.md.\nFor additional information on vulnerability disclosure, see https://github.com/ossf/oss-vulnerability-guide/blob/main/maintainer-guide.md. (Medium effort)","Warn: no security file to analyze: On GitHub:\nEnable private vulnerability disclosure in your repository settings https://docs.github.com/en/code-security/security-advisories/repository-security-advisories/configuring-private-vulnerability-reporting-for-a-repository\nAdd a section in your SECURITY.md indicating you have enabled private reporting, and tell them to follow the steps in https://docs.github.com/en/code-security/security-advisories/guidance-on-reporting-and-writing/privately-reporting-a-security-vulnerability to report vulnerabilities.\nOn GitLab:\nProvide a point of contact in your SECURITY.md.\nExamples: https://github.com/ossf/scorecard/blob/main/SECURITY.md, https://github.com/slsa-framework/slsa-github-generator/blob/main/SECURITY.md, https://github.com/sigstore/.github/blob/main/SECURITY.md. (Low effort)","Warn: no security file to analyze: On GitHub:\nEnable private vulnerability disclosure in your repository settings https://docs.github.com/en/code-security/security-advisories/repository-security-advisories/configuring-private-vulnerability-reporting-for-a-repository\nAdd a section in your SECURITY.md indicating you have enabled private reporting, and tell them to follow the steps in https://docs.github.com/en/code-security/security-advisories/guidance-on-reporting-and-writing/privately-reporting-a-security-vulnerability to report vulnerabilities.\nOn GitLab:\nAdd a section in your SECURITY.md indicating the process to disclose vulnerabilities for your project.\nExamples: https://github.com/ossf/scorecard/blob/main/SECURITY.md, https://github.com/slsa-framework/slsa-github-generator/blob/main/SECURITY.md, https://github.com/sigstore/.github/blob/main/SECURITY.md. (Low effort)","Warn: no security file to analyze: On GitHub:\nEnable private vulnerability disclosure in your repository settings https://docs.github.com/en/code-security/security-advisories/repository-security-advisories/configuring-private-vulnerability-reporting-for-a-repository\nAdd a section in your SECURITY.md indicating you have enabled private reporting, and tell them to follow the steps in https://docs.github.com/en/code-security/security-advisories/guidance-on-reporting-and-writing/privately-reporting-a-security-vulnerability to report vulnerabilities.\nOn GitLab:\nAdd a section in your SECURITY.md indicating the process to disclose vulnerabilities for your project.\nExamples: https://github.com/ossf/scorecard/blob/main/SECURITY.md, https://github.com/slsa-framework/slsa-github-generator/blob/main/SECURITY.md, https://github.com/sigstore/.github/blob/main/SECURITY.md. (Low effort)"],"documentation":{"short":"Determines if the project has published a security policy.","url":"https://github.com/ossf/scorecard/blob/49c0eed3a423f00c872b5c3c9f1bbca9e8aae799/docs/checks.md#security-policy"}},{"name":"Signed-Releases","score":6,"reason":"6 out of 9 artifacts are signed or have provenance","details":["Warn: release artifact v0.2.1 does not have provenance: https://api.github.com/repos/azerpas/bourso-api/releases/216315806","Warn: release artifact v0.2.1 not signed: https://api.github.com/repos/azerpas/bourso-api/releases/216315806","Warn: release artifact v0.2.0 does not have provenance: https://api.github.com/repos/azerpas/bourso-api/releases/212623808","Warn: release artifact v0.2.0 not signed: https://api.github.com/repos/azerpas/bourso-api/releases/212623808","Info: provenance for release artifact: provenance-id-macos-latest.intoto.jsonl: https://api.github.com/repos/azerpas/bourso-api/releases/assets/221164899","Info: provenance for release artifact: provenance-id-macos-latest.intoto.jsonl: https://api.github.com/repos/azerpas/bourso-api/releases/assets/172970517","Info: provenance for release artifact: provenance-id-macos-latest.intoto.jsonl: https://api.github.com/repos/azerpas/bourso-api/releases/assets/170776512","Info: provenance for release artifact: provenance-id-macos-latest.intoto.jsonl: https://api.github.com/repos/azerpas/bourso-api/releases/assets/163257297","Info: provenance for release artifact: provenance-id-macos-latest.intoto.jsonl: https://api.github.com/repos/azerpas/bourso-api/releases/assets/161570832","Info: provenance for release artifact: provenance-id-macos-latest.intoto.jsonl: https://api.github.com/repos/azerpas/bourso-api/releases/assets/160617457","Warn: release artifact v0.1.4 does not have provenance: https://api.github.com/repos/azerpas/bourso-api/releases/149635729","Warn: release artifact v0.1.4 not signed: https://api.github.com/repos/azerpas/bourso-api/releases/149635729"],"documentation":{"short":"Determines if the project cryptographically signs release artifacts.","url":"https://github.com/ossf/scorecard/blob/49c0eed3a423f00c872b5c3c9f1bbca9e8aae799/docs/checks.md#signed-releases"}},{"name":"Token-Permissions","score":0,"reason":"detected GitHub workflow tokens with excessive permissions","details":["Warn: topLevel 'contents' permission set to 'write': .github/workflows/cicd.yml:10: Visit https://app.stepsecurity.io/secureworkflow/azerpas/bourso-api/cicd.yml/main?enable=permissions\nTick the 'Restrict permissions for GITHUB_TOKEN'\nUntick other options\nNOTE: If you want to resolve multiple issues at once, you can visit https://app.stepsecurity.io/securerepo instead. (Low effort)","Info: jobLevel 'actions' permission set to 'read': .github/workflows/cicd.yml:103","Warn: no topLevel permission defined: .github/workflows/coverage.yml:1: Visit https://app.stepsecurity.io/secureworkflow/azerpas/bourso-api/coverage.yml/main?enable=permissions\nTick the 'Restrict permissions for GITHUB_TOKEN'\nUntick other options\nNOTE: If you want to resolve multiple issues at once, you can visit https://app.stepsecurity.io/securerepo instead. (Low effort)","Info: topLevel permissions set to 'read-all': .github/workflows/scorecard.yml:18","Info: no jobLevel write permissions found"],"documentation":{"short":"Determines if the project's workflows follow the principle of least privilege.","url":"https://github.com/ossf/scorecard/blob/49c0eed3a423f00c872b5c3c9f1bbca9e8aae799/docs/checks.md#token-permissions"}},{"name":"Vulnerabilities","score":0,"reason":"18 existing vulnerabilities detected","details":["Warn: Project is vulnerable to: RUSTSEC-2024-0388","Warn: Project is vulnerable to: GHSA-4fcv-w3qc-ppgg","Warn: Project is vulnerable to: GHSA-rpmj-rpgj-qmpm / RUSTSEC-2025-0004","Warn: Project is vulnerable to: RUSTSEC-2025-0022","Warn: Project is vulnerable to: GHSA-4p46-pwfr-66x6","Warn: Project is vulnerable to: GHSA-c86p-w88r-qvqr","Warn: Project is vulnerable to: RUSTSEC-2025-0009","Warn: Project is vulnerable to: GHSA-qg5g-gv98-5ffh","Warn: Project is vulnerable to: RUSTSEC-2024-0399","Warn: Project is vulnerable to: GHSA-rr8g-9fpq-6wmg","Warn: Project is vulnerable to: RUSTSEC-2025-0023","Warn: Project is vulnerable to: RUSTSEC-2025-0056","Warn: Project is vulnerable to: GHSA-2rxc-gjrp-vjhx","Warn: Project is vulnerable to: RUSTSEC-2024-0404","Warn: Project is vulnerable to: GHSA-q6cp-qfwq-4gcv / RUSTSEC-2024-0332","Warn: Project is vulnerable to: GHSA-h97m-ww89-6jmq / RUSTSEC-2024-0421","Warn: Project is vulnerable to: GHSA-q445-7m23-qrmw","Warn: Project is vulnerable to: RUSTSEC-2024-0357"],"documentation":{"short":"Determines if the project has open, known unfixed vulnerabilities.","url":"https://github.com/ossf/scorecard/blob/49c0eed3a423f00c872b5c3c9f1bbca9e8aae799/docs/checks.md#vulnerabilities"}}]},"last_synced_at":"2025-10-25T12:06:03.009Z","repository_id":202672655,"created_at":"2025-10-25T12:06:03.009Z","updated_at":"2025-10-25T12:06:03.009Z"},"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":28340411,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-01-12T12:22:26.515Z","status":"ssl_error","status_checked_at":"2026-01-12T12:22:10.856Z","response_time":98,"last_error":"SSL_connect returned=1 errno=0 peeraddr=140.82.121.6:443 state=error: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["api","banking","cli","dca","investing","rust"],"created_at":"2024-08-01T13:02:04.138Z","updated_at":"2026-01-12T14:51:10.522Z","avatar_url":"https://github.com/azerpas.png","language":"Rust","funding_links":[],"categories":["Rust"],"sub_categories":[],"readme":"# Bourso CLI\n\n[![OpenSSF Scorecard](https://api.securityscorecards.dev/projects/github.com/azerpas/bourso-api/badge)](https://securityscorecards.dev/viewer/?uri=github.com/azerpas/bourso-api)\n[![codecov](https://codecov.io/gh/azerpas/bourso-api/graph/badge.svg?token=I47J55VCB3)](https://codecov.io/gh/azerpas/bourso-api)\n\n\u003cimg width=\"1264\" alt=\"Screenshot of Bourso CLI\" src=\"https://github.com/azerpas/bourso-api/assets/19282069/9ddbc5aa-7e52-4ab3-8a86-b15bd2328b67\"\u003e\n\n\nThis app aims to be a simple CLI powered by *[Bourso API](./src/bourso_api/)* to log in to your [BoursoBank/Boursorama](https://www.boursorama.com) account and achieve some basic tasks.\n\nThe first goal of this project was creating an automated [DCA (Dollar Cost Average)](https://www.investopedia.com/terms/d/dollarcostaveraging.asp) solution to buy [ETFs (Exchange Traded Funds)](https://www.investopedia.com/terms/e/etf.asp) on a regular basis with your Bourso account.\n\n[Follow these instructions](#dca-dollar-cost-averaging-investing) to setup your own automated DCA.\n\n- [Installation](#installation)\n  - [From releases](#from-releases)\n    - [Approve the app (MacOS)](#approve-the-app)\n    - [Verify your installation](#verify-your-installation) \n  - [From source](#from-source)\n- [Usage](#usage)\n  - [Get your accounts](#get-your-accounts) \n  - [Place an order](#place-an-order)\n  - [Quote 🥷](#quote)\n  - [DCA](#dca-dollar-cost-averaging-investing)\n- [Security](#security)\n- [Disclaimer](#disclaimer)\n\n(🥷 annoted commands require no login)\n\n## Installation\n### From releases\nYou can download the latest release [here](https://github.com/azerpas/bourso-api/releases).\n\nChoose the right binary for your OS between:\n- `bourso-cli-darwin.tar.gz` for MacOS\n- `bourso-cli-linux.tar.gz` for Linux\n- `bourso-cli.exe` for Windows\n\n#### Approve the app (MacOS)\n\nIf you then get a `\"bourso-cli\" cannot be opened because the developer cannot be verified` error, go to `System Preferences \u003e Security \u0026 Privacy \u003e General` and click `Open Anyway`\n\nIf the above doesn't help you, make sure the file is executable:\n```sh\nchmod +x bourso-cli\n# if it still says `Permission denied`, try\nchown 777 bourso-cli\n```\n\n⚠️ Signing in with a different IP address than the ones you usually use will trigger a security check from Bourso. You'll have to validate the connection from your phone. A [GitHub pull request](https://github.com/azerpas/bourso-api/pull/10) is open to handle this case.\n\n#### Verify your installation\nBourso CLI embeds [SLSA](https://slsa.dev/) standard to verify the integrity of the binary. You can verify the signature of the binary by:\n- Downloading the provenance generated by the release pipeline for your OS: https://github.com/azerpas/bourso-api/releases/latest\n- Installing [slsa-verifier](https://github.com/slsa-framework/slsa-verifier?tab=readme-ov-file#installation)\n- Running `slsa-verifier`. MacOS example:\n```sh\nslsa-verifier-darwin-arm64 verify-artifact --provenance-path provenance-id-macos-latest.intoto.jsonl --source-uri \"github.com/azerpas/bourso-api\" bourso-cli\n```\nWhich should output:\n```\nVerifying artifact ~/bourso-cli: PASSED\n```\n\n### From source\nRequires [\u003e=Rust 1.77.2](https://www.rust-lang.org)\n```sh\ngit clone git@github.com:azerpas/bourso-api.git\ncd bourso-api\ncargo build --release\n# You can run any command from the built application, e.g:\n./target/release/bourso-cli config\n```\n\n## Usage\n\n### Configuration\nSave your client ID with this config command:\n```\n./bourso-cli config\n```\nThe password will be asked each time you run the app to avoid storing it in a file.\n\n### Get your accounts\n```\n./bourso-cli accounts\n```\nYou'll get something like this:\n```\n[\n    Account {\n        id: \"1a2953bd1a28a37bd3fe89d32986e613\",\n        name: \"BoursoBank\",\n        balance: 100,\n        bank_name: \"BoursoBank\",\n        kind: Banking,\n    },\n    Account {\n        id: \"a583f3c5842c34fb00b408486ef493e0\",\n        name: \"PEA DOE\",\n        balance: 1000000,\n        bank_name: \"BoursoBank\",\n        kind: Trading,\n    },\n]\n```\n\n### Place an order\n**Make sure to have a trading account with enough balance to place the order.** Check the previous section to see how to get your account ID.\n\n🛍️ Place a buy order for 4 shares of the ETF \"1rTCW8\" (AMUNDI MSCI WORLD UCITS ETF - EUR) on your account \"a583f3c5842c34fb00b408486ef493e0\":\n```\n./bourso-cli trade order new --side buy --symbol 1rTCW8 --account a583f3c5842c34fb00b408486ef493e0 --quantity 4\n```\n\n*Tip: You can get the ETF ID from the tracker URL, e.g. \"AMUNDI MSCI WORLD UCITS ETF - EUR\" url is https://www.boursorama.com/bourse/trackers/cours/1rTCW8/ (1rTCW8)*\n\n### Quote\nQuote an asset to retrieve its value over time, e.g:\n```\n➜  ~ ./bourso-cli quote --symbol 1rTCW8 average\nINFO  bourso_cli \u003e Welcome to BoursoBank CLI 👋\nINFO  bourso_cli \u003e ℹ️ - Version 0.1.6. Make sure you're running the latest version: https://github.com/azerpas/bourso-api\n\nINFO  bourso_cli \u003e Fetching quotes...\nINFO  bourso_cli \u003e Average quote: 494.5348136363637\n```\nSubcommands available: `highest`, `lowest`, `average`, `volume`, `last`\n\n### DCA (Dollar Cost Averaging) investing\n\nYou can use this script to do DCA investing. For example, if you want to buy 1 share of the ETF \"1rTCW8\" (AMUNDI MSCI WORLD UCITS ETF - EUR) every month, you can use a cron job to run the script every month.\n\n#### With MacOS\nYou can use the `launchd` daemon to run the script every week. Create a file named `com.bourso-cli.plist` in `~/Library/LaunchAgents/` with the following content:\n```xml\n\u003c?xml version=\"1.0\" encoding=\"UTF-8\"?\u003e\n\u003c!DOCTYPE plist PUBLIC \"-//Apple//DTD PLIST 1.0//EN\" \"http://www.apple.com/DTDs/PropertyList-1.0.dtd\"\u003e\n\u003cplist version=\"1.0\"\u003e\n\u003cdict\u003e\n    \u003ckey\u003eLabel\u003c/key\u003e\n    \u003cstring\u003ecom.azerpas.bourso-cli\u003c/string\u003e\n    \u003ckey\u003eProgramArguments\u003c/key\u003e\n    \u003carray\u003e\n        \u003cstring\u003e/Users/YOUR_USER/bourso-launchd.sh\u003c/string\u003e\n    \u003c/array\u003e\n    \u003ckey\u003eStartCalendarInterval\u003c/key\u003e\n    \u003cdict\u003e\n        \u003ckey\u003eWeekday\u003c/key\u003e\n        \u003cinteger\u003e1\u003c/integer\u003e \u003c!-- Run the script every Monday --\u003e\n        \u003ckey\u003eHour\u003c/key\u003e\n        \u003cinteger\u003e20\u003c/integer\u003e \u003c!-- Run the script at 08:00 PM --\u003e\n        \u003ckey\u003eMinute\u003c/key\u003e\n        \u003cinteger\u003e00\u003c/integer\u003e\n    \u003c/dict\u003e\n    \u003ckey\u003eRunAtLoad\u003c/key\u003e\n    \u003ctrue/\u003e \u003c!-- Run the script when the agent is loaded, i.e., when the system starts --\u003e\n    \u003ckey\u003eStandardOutPath\u003c/key\u003e\n    \u003cstring\u003e/Users/YOUR_USER/bourso-launchd-cli-stdout.log\u003c/string\u003e\n    \u003ckey\u003eStandardErrorPath\u003c/key\u003e\n    \u003cstring\u003e/Users/YOUR_USER/bourso-launchd-cli-stderr.log\u003c/string\u003e\n\u003c/dict\u003e\n\u003c/plist\u003e\n```\nReplace `YOUR_USER` with your username.\n\nThen copy the `bourso-launchd.sh` script in your home directory, modify the variables and make it executable.\n```sh\nchmod +x bourso-launchd.sh\nchown 777 bourso-launchd.sh\n```\nFinally, load the agent with the following command:\n```sh\nlaunchctl load ~/Library/LaunchAgents/com.bourso-cli.plist\n```\nThe script will now run every week at 08:00 PM on Monday. You can check the logs in `~/bourso-launchd-cli-stdout.log` and `~/bourso-launchd-cli-stderr.log`.\n#### With Linux\nTODO\n#### With Windows\nCopy/paste the following commands and replace the path with the actual location of `bourso-cli.exe`. Then paste the commands to Powershell.\n```ps1\n# Create a new task trigger that will run weekly on Sunday at 1:00pm \n$trigger = New-ScheduledTaskTrigger -Weekly -DaysOfWeek Sunday -At 1:00PM\n# Create a new task action that will execute the trade based on the trigger defined above\n$action = New-ScheduledTaskAction -Execute \"PowerShell.exe\" -Argument \"-NoExit -Command `\"\u0026 { `$exePath = 'C:\\Path\\To\\bourso-cli.exe'; `$arguments = 'trade order new --side buy --symbol 1rTCW8 --account a583f3c5842c34fb00b408486ef493e0 --quantity 4'; Start-Process -FilePath `$exePath -ArgumentList `$arguments -NoNewWindow -Wait }`\"\"\n# Create a task named \"Weekly Bourso CLI Task\"\nRegister-ScheduledTask -TaskName \"Weekly Bourso CLI Task\" -Trigger $trigger -Action $action\n```\n\n## Security\nThis app runs locally. All outbound/inbound data is sent/received to/from BoursoBank servers **only**. Your password will not be saved locally and will be asked each time you run the app. Your client ID has to be configurated and will be saved into the app data for next usages.\n\n## Disclaimer\n\nThis script is provided as is, without any warranty. I am not responsible for any loss of funds. Use at your own risk. I am not affiliated with BoursoBank or any other project mentioned in this repository. This is not financial advice.\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fazerpas%2Fbourso-api","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fazerpas%2Fbourso-api","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fazerpas%2Fbourso-api/lists"}