{"id":13581849,"url":"https://github.com/bdd/runitor","last_synced_at":"2026-03-17T23:22:59.861Z","repository":{"id":37697007,"uuid":"257488822","full_name":"bdd/runitor","owner":"bdd","description":"A command runner with healthchecks.io integration","archived":false,"fork":false,"pushed_at":"2026-02-18T01:41:03.000Z","size":257,"stargazers_count":331,"open_issues_count":7,"forks_count":19,"subscribers_count":3,"default_branch":"main","last_synced_at":"2026-02-18T06:52:18.943Z","etag":null,"topics":["cron","go","golang","healthchecks","healthchecksio","monitoring","scheduled-job"],"latest_commit_sha":null,"homepage":"","language":"Go","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"0bsd","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/bdd.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":"CODE_OF_CONDUCT.md","threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":"SECURITY.md","support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":null,"dco":null,"cla":null}},"created_at":"2020-04-21T05:24:33.000Z","updated_at":"2026-02-18T01:41:07.000Z","dependencies_parsed_at":"2023-12-27T08:32:02.165Z","dependency_job_id":"763bf953-566e-4483-9ebf-b621e4f248f7","html_url":"https://github.com/bdd/runitor","commit_stats":null,"previous_names":["bdd/hcpingrun"],"tags_count":62,"template":false,"template_full_name":null,"purl":"pkg:github/bdd/runitor","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/bdd%2Frunitor","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/bdd%2Frunitor/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/bdd%2Frunitor/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/bdd%2Frunitor/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/bdd","download_url":"https://codeload.github.com/bdd/runitor/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/bdd%2Frunitor/sbom","scorecard":{"id":229014,"data":{"date":"2025-08-11","repo":{"name":"github.com/bdd/runitor","commit":"99c5526724685c016744e2680817a28434ad2201"},"scorecard":{"version":"v5.2.1-40-gf6ed084d","commit":"f6ed084d17c9236477efd66e5b258b9d4cc7b389"},"score":7.6,"checks":[{"name":"Security-Policy","score":10,"reason":"security policy file detected","details":["Info: security policy file detected: SECURITY.md:1","Info: Found linked content: SECURITY.md:1","Info: Found disclosure, vulnerability, and/or timelines in security policy: SECURITY.md:1","Info: Found text in security policy: SECURITY.md:1"],"documentation":{"short":"Determines if the project has published a security policy.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#security-policy"}},{"name":"Binary-Artifacts","score":10,"reason":"no binaries found in the repo","details":null,"documentation":{"short":"Determines if the project has generated executable (binary) artifacts in the source repository.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#binary-artifacts"}},{"name":"Token-Permissions","score":10,"reason":"GitHub workflow tokens follow principle of least privilege","details":["Info: found token with 'none' permissions: .github/workflows/build.yml:1","Info: found token with 'none' permissions: .github/workflows/codeql.yml:1","Info: no jobLevel write permissions found"],"documentation":{"short":"Determines if the project's workflows follow the principle of least privilege.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#token-permissions"}},{"name":"Code-Review","score":0,"reason":"Found 0/27 approved changesets -- score normalized to 0","details":null,"documentation":{"short":"Determines if the project requires human code review before pull requests (aka merge requests) are merged.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#code-review"}},{"name":"Maintained","score":6,"reason":"7 commit(s) and 1 issue activity found in the last 90 days -- score normalized to 6","details":null,"documentation":{"short":"Determines if the project is \"actively maintained\".","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#maintained"}},{"name":"Packaging","score":-1,"reason":"packaging workflow not detected","details":["Warn: no GitHub/GitLab publishing workflow detected."],"documentation":{"short":"Determines if the project is published as a package that others can easily download, install, easily update, and uninstall.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#packaging"}},{"name":"Dangerous-Workflow","score":10,"reason":"no dangerous workflow patterns detected","details":null,"documentation":{"short":"Determines if the project's GitHub Action workflows avoid dangerous patterns.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#dangerous-workflow"}},{"name":"Pinned-Dependencies","score":10,"reason":"all dependencies are pinned","details":["Info:   6 out of   6 GitHub-owned GitHubAction dependencies pinned"],"documentation":{"short":"Determines if the project has declared and pinned the dependencies of its build process.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#pinned-dependencies"}},{"name":"Fuzzing","score":0,"reason":"project is not fuzzed","details":["Warn: no fuzzer integrations found"],"documentation":{"short":"Determines if the project uses fuzzing.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#fuzzing"}},{"name":"CII-Best-Practices","score":5,"reason":"badge detected: Passing","details":null,"documentation":{"short":"Determines if the project has an OpenSSF (formerly CII) Best Practices Badge.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#cii-best-practices"}},{"name":"License","score":10,"reason":"license file detected","details":["Info: project has a license file: LICENSE:0","Info: FSF or OSI recognized license: BSD Zero Clause License: LICENSE:0"],"documentation":{"short":"Determines if the project has defined a license.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#license"}},{"name":"Branch-Protection","score":8,"reason":"branch protection is not maximal on development and all release branches","details":["Info: 'allow deletion' disabled on branch 'main'","Info: 'force pushes' disabled on branch 'main'","Warn: required approving review count is 1 on branch 'main'","Warn: codeowners review is required - but no codeowners file found in repo","Info: status check found to merge onto on branch 'main'","Info: PRs are required in order to make changes on branch 'main'"],"documentation":{"short":"Determines if the default and release branches are protected with GitHub's branch protection settings.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#branch-protection"}},{"name":"Signed-Releases","score":8,"reason":"5 out of the last 5 releases have a total of 5 signed artifacts.","details":["Info: signed release artifact: SHA256.sig: https://github.com/bdd/runitor/releases/tag/v1.4.1","Info: signed release artifact: SHA256.sig: https://github.com/bdd/runitor/releases/tag/v1.4.0","Info: signed release artifact: SHA256.sig: https://github.com/bdd/runitor/releases/tag/v1.4.0-beta.3","Info: signed release artifact: SHA256.sig: https://github.com/bdd/runitor/releases/tag/v1.3.0-build.5","Info: signed release artifact: SHA256.sig: https://github.com/bdd/runitor/releases/tag/v1.4.0-beta.2","Warn: release artifact v1.4.1 does not have provenance: https://api.github.com/repos/bdd/runitor/releases/227204733","Warn: release artifact v1.4.0 does not have provenance: https://api.github.com/repos/bdd/runitor/releases/220801756","Warn: release artifact v1.4.0-beta.3 does not have provenance: https://api.github.com/repos/bdd/runitor/releases/219314264","Warn: release artifact v1.3.0-build.5 does not have provenance: https://api.github.com/repos/bdd/runitor/releases/203984266","Warn: release artifact v1.4.0-beta.2 does not have provenance: https://api.github.com/repos/bdd/runitor/releases/200625003"],"documentation":{"short":"Determines if the project cryptographically signs release artifacts.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#signed-releases"}},{"name":"Vulnerabilities","score":10,"reason":"0 existing vulnerabilities detected","details":null,"documentation":{"short":"Determines if the project has open, known unfixed vulnerabilities.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#vulnerabilities"}},{"name":"SAST","score":7,"reason":"SAST tool detected but not run on all commits","details":["Info: SAST configuration detected: CodeQL","Warn: 0 commits out of 3 are checked with a SAST tool"],"documentation":{"short":"Determines if the project uses static code analysis.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#sast"}}]},"last_synced_at":"2025-08-17T04:28:10.114Z","repository_id":37697007,"created_at":"2025-08-17T04:28:10.115Z","updated_at":"2025-08-17T04:28:10.115Z"},"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":30635163,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-03-17T22:38:22.569Z","status":"ssl_error","status_checked_at":"2026-03-17T22:38:11.804Z","response_time":56,"last_error":"SSL_read: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["cron","go","golang","healthchecks","healthchecksio","monitoring","scheduled-job"],"created_at":"2024-08-01T15:02:16.467Z","updated_at":"2026-03-17T23:22:59.813Z","avatar_url":"https://github.com/bdd.png","language":"Go","funding_links":[],"categories":["Go"],"sub_categories":[],"readme":"# runitor\n\nRunitor runs the supplied command, captures its output, and based on its exit\ncode reports successful or failed execution to https://healthchecks.io or your\nprivate instance.\n\nHealthchecks.io is a web service for monitoring periodic tasks. It's like a\ndead man's switch for your cron jobs. You get alerted if they don't run on time\nor terminate with a failure.\n\n## Installation\n\n### Download Signed Release Binaries\n\nBinaries of the latest release for popular platforms are at\nhttps://github.com/bdd/runitor/releases/latest\n\n#### Verify Signatures\n\nSHA256 checksum manifest of the releases are signed with one of the SSH\nkeys published at https://bdd.fi/x/runitor.pub.\n\nAn [example verification script](scripts/verify) shows how to use `ssh-keygen`\nand `sha256sum` to verify downloads.\n\n### Build Locally\n\nIf you have Go 1.19 or newer installed, you can use the command:\n\n\tgo install bdd.fi/x/runitor/cmd/runitor@latest\n\n...and the binary will be at `$GOPATH/bin/runitor` or if `GOPATH` isn't set,\nunder `$HOME/go/bin/runitor`.\n\n#### Cross Compilation\n\nIf you need to build the binary on a platform different than the target, you\ncan pass the target operating system and architecture with GOOS and GOARCH\nenvironment variables to the `go install` command.\n\n\tGOOS=plan9 GOARCH=arm go install bdd.fi/x/runitor/cmd/runitor@latest\n\n...and the binary will be under `$GOPATH/bin/plan9_arm/runitor`.\n\n\n### Container Image\n\nIf you prefer to run your workloads in containers,\n[runitor/runitor](https://hub.docker.com/r/runitor/runitor) on Docker Hub\nprovides images based on Alpine, Debian, and Ubuntu for x86_64, arm64v8, and\narmv7 architectures.\n\n\n## Why Do I Need This Instead of Calling curl from a Shell Script?\n\nIn addition to clean separation of concerns from the thing that needs to run and\nthe act of calling an external monitor, runitor packs a few neat extra features\nthat are bit more involved than single line additions to a script.\n\nIt can capture the stdout and stderr of the command to send it along with\nexecution reports, a.k.a. \"pings\". When you respond to an alert you can quickly\nstart investigating the issue with the relevant context already available.\n\nIt can be used as a long running process acting as a task scheduler, executing\nthe command at specified intervals. This feature comes in handy when you don't\nreadily have access to a job scheduler like crond or systemd.timer. Works well\nin one process per container environments.\n\n\n## Example Uses\n\n### Certificate Renewal\n\n\t# (Using per check UUIDs.)\n\texport CHECK_UUID=8116e449-d71c-4112-8f5d-a66f60902091\n\trunitor -- dehydrated --cron --config example.com.conf\n\n### Repository Maintenance\n\n\t# Run the maintenance script 10 times a day (24h/10 = 2h 24m)\n\t# (Using per-project ping key, and check slugs.)\n\texport PING_KEY=file:/run/secrets/hc_prod_pingkey\n\trunitor -slug git-repo-maintenance \\\n\t\t-every 2h24m -- \\\n\t\t/script/git-maint\n\n### Backup\n\n\t# Do not attach output to ping.\n\t# Backup software may leak filenames and paths.\n\n\trunitor -no-output-in-ping -- restic backup /home /etc\n\n### Triggering an Immediate Run in Periodic Mode\n\nWhen invoked with `-every \u003cduration\u003e` flag, runitor will also act as a basic\ntask scheduler.\n\nSometimes you may not want to restart the process or the container just to force\nan immediate run. Instead, you can send SIGALRM to runitor to get it run the\ncommand right away and reset the interval.\n\n\tpkill -ALRM runitor\n\n\n## Usage\n\n\trunitor [-uuid uuid] -- command\n\n### Flags\n\t-api-retries uint\n\t      Number of times an API request will be retried if it fails with a transient error (default 2)\n\t-api-timeout duration\n\t      Client timeout per request (default 5s)\n\t-api-url string\n\t      API URL (env: $HC_API_URL) (default \"https://hc-ping.com\")\n\t-create\n\t      Create a new check if passed slug is not found in the project\n\t-every duration\n\t      If non-zero, periodically run command at specified interval\n\t-no-output-in-ping\n\t      Don't send command's output in pings\n\t-no-run-id\n\t      Don't generate and send a run id per run in pings\n\t-no-start-ping\n\t      Don't send start ping\n\t-on-exec-fail value\n\t      Ping type to send when runitor cannot execute the command (exit-code|success|fail|log (default fail))\n\t-on-nonzero-exit value\n\t      Ping type to send when command exits with a nonzero code (exit-code|success|fail|log (default exit-code))\n\t-on-success value\n\t      Ping type to send when command exits successfully (exit-code|success|fail|log (default success))\n\t-ping-body-limit uint\n\t      If non-zero, truncate the ping body to its last N bytes, including a truncation notice. (default 10000)\n\t-ping-key string\n\t      Ping Key (env: $PING_KEY). Use 'file:' prefix for indirection\n\t-quiet\n\t      Don't capture command's stdout\n\t-req-header value\n\t      Additional request header as \"key: value\" string\n\t-silent\n\t      Don't capture command's stdout or stderr\n\t-slug string\n\t      Slug of check (env: $CHECK_SLUG). Requires a ping key. Use 'file:' prefix for indirection\n\t-uuid string\n\t      UUID of check (env: $CHECK_UUID). Use 'file:' prefix for indirection\n\t-version\n\t      Show version\n\n## More on What healthchecks.io Provides\n\n* It listens for HTTP requests (pings) from services being monitored.\n\n* It keeps silent as long as pings arrive on time. It raises an alert as soon\n  as a ping does not arrive on time.\n\n* Pings can signal start of execution so run durations can be tracked.\n\n* Pings can explicitly signal failure of execution so an alert can be send.\n\n* Pings can attach up to 100KB of logs. Runitor automatically handles truncation if needed.\n\n* It can alert you via email, SMS, WhatsApp, Slack, and many more services.\n\n* It has a free tier with up to 20 checks.\n\n* Software behind the service is open source. You can run your own instance if\n  you'd like to.\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fbdd%2Frunitor","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fbdd%2Frunitor","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fbdd%2Frunitor/lists"}