{"id":13602597,"url":"https://github.com/brettswift/cdk-git-config","last_synced_at":"2026-05-01T13:33:14.291Z","repository":{"id":36301539,"uuid":"222995835","full_name":"brettswift/cdk-git-config","owner":"brettswift","description":"Store configs from a git directory in AWS","archived":false,"fork":false,"pushed_at":"2023-06-13T13:20:12.000Z","size":1800,"stargazers_count":2,"open_issues_count":3,"forks_count":0,"subscribers_count":1,"default_branch":"master","last_synced_at":"2026-04-28T01:20:00.657Z","etag":null,"topics":["aws","aws-cdk","aws-cdk-constructs","aws-ssm","cdk","ssm"],"latest_commit_sha":null,"homepage":null,"language":"TypeScript","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/brettswift.png","metadata":{"files":{"readme":"README.md","changelog":"CHANGELOG.md","contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2019-11-20T17:53:49.000Z","updated_at":"2024-07-31T14:25:25.000Z","dependencies_parsed_at":"2024-09-23T07:02:31.429Z","dependency_job_id":"3c940650-7b9e-4270-a29b-4b9b87df9259","html_url":"https://github.com/brettswift/cdk-git-config","commit_stats":{"total_commits":67,"total_committers":2,"mean_commits":33.5,"dds":"0.26865671641791045","last_synced_commit":"93622188c1e9cacb09f97210e3955d7423555756"},"previous_names":[],"tags_count":27,"template":false,"template_full_name":null,"purl":"pkg:github/brettswift/cdk-git-config","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/brettswift%2Fcdk-git-config","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/brettswift%2Fcdk-git-config/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/brettswift%2Fcdk-git-config/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/brettswift%2Fcdk-git-config/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/brettswift","download_url":"https://codeload.github.com/brettswift/cdk-git-config/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/brettswift%2Fcdk-git-config/sbom","scorecard":{"id":252620,"data":{"date":"2025-08-11","repo":{"name":"github.com/brettswift/cdk-git-config","commit":"93622188c1e9cacb09f97210e3955d7423555756"},"scorecard":{"version":"v5.2.1-40-gf6ed084d","commit":"f6ed084d17c9236477efd66e5b258b9d4cc7b389"},"score":1.6,"checks":[{"name":"Token-Permissions","score":-1,"reason":"No tokens found","details":null,"documentation":{"short":"Determines if the project's workflows follow the principle of least privilege.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#token-permissions"}},{"name":"Packaging","score":-1,"reason":"packaging workflow not detected","details":["Warn: no GitHub/GitLab publishing workflow detected."],"documentation":{"short":"Determines if the project is published as a package that others can easily download, install, easily update, and uninstall.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#packaging"}},{"name":"Maintained","score":0,"reason":"0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0","details":null,"documentation":{"short":"Determines if the project is \"actively maintained\".","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#maintained"}},{"name":"Dangerous-Workflow","score":-1,"reason":"no workflows found","details":null,"documentation":{"short":"Determines if the project's GitHub Action workflows avoid dangerous patterns.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#dangerous-workflow"}},{"name":"Code-Review","score":2,"reason":"Found 3/15 approved changesets -- score normalized to 2","details":null,"documentation":{"short":"Determines if the project requires human code review before pull requests (aka merge requests) are merged.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#code-review"}},{"name":"Binary-Artifacts","score":10,"reason":"no binaries found in the repo","details":null,"documentation":{"short":"Determines if the project has generated executable (binary) artifacts in the source repository.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#binary-artifacts"}},{"name":"CII-Best-Practices","score":0,"reason":"no effort to earn an OpenSSF best practices badge detected","details":null,"documentation":{"short":"Determines if the project has an OpenSSF (formerly CII) Best Practices Badge.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#cii-best-practices"}},{"name":"Pinned-Dependencies","score":-1,"reason":"no dependencies found","details":null,"documentation":{"short":"Determines if the project has declared and pinned the dependencies of its build process.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#pinned-dependencies"}},{"name":"Security-Policy","score":0,"reason":"security policy file not detected","details":["Warn: no security policy file detected","Warn: no security file to analyze","Warn: no security file to analyze","Warn: no security file to analyze"],"documentation":{"short":"Determines if the project has published a security policy.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#security-policy"}},{"name":"License","score":0,"reason":"license file not detected","details":["Warn: project does not have a license file"],"documentation":{"short":"Determines if the project has defined a license.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#license"}},{"name":"Fuzzing","score":0,"reason":"project is not fuzzed","details":["Warn: no fuzzer integrations found"],"documentation":{"short":"Determines if the project uses fuzzing.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#fuzzing"}},{"name":"Signed-Releases","score":-1,"reason":"no releases found","details":null,"documentation":{"short":"Determines if the project cryptographically signs release artifacts.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#signed-releases"}},{"name":"Branch-Protection","score":0,"reason":"branch protection not enabled on development/release branches","details":["Warn: branch protection not enabled for branch 'master'"],"documentation":{"short":"Determines if the default and release branches are protected with GitHub's branch protection settings.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#branch-protection"}},{"name":"SAST","score":0,"reason":"SAST tool is not run on all commits -- score normalized to 0","details":["Warn: 0 commits out of 21 are checked with a SAST tool"],"documentation":{"short":"Determines if the project uses static code analysis.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#sast"}},{"name":"Vulnerabilities","score":0,"reason":"11 existing vulnerabilities detected","details":["Warn: Project is vulnerable to: GHSA-968p-4wvh-cqc8","Warn: Project is vulnerable to: GHSA-67hx-6x53-jw92","Warn: Project is vulnerable to: GHSA-v6h2-p8h4-qcjw","Warn: Project is vulnerable to: GHSA-grv7-fg5c-xmjg","Warn: Project is vulnerable to: GHSA-3xgq-45jj-v275","Warn: Project is vulnerable to: GHSA-x3cc-x39p-42qx","Warn: Project is vulnerable to: GHSA-9c47-m6qq-7p4h","Warn: Project is vulnerable to: GHSA-952p-6rrq-rcjv","Warn: Project is vulnerable to: GHSA-9wv6-86v2-598j","Warn: Project is vulnerable to: GHSA-c2qf-rxjj-qqgw","Warn: Project is vulnerable to: GHSA-776f-qx25-q3cc"],"documentation":{"short":"Determines if the project has open, known unfixed vulnerabilities.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#vulnerabilities"}}]},"last_synced_at":"2025-08-17T08:53:07.759Z","repository_id":36301539,"created_at":"2025-08-17T08:53:07.759Z","updated_at":"2025-08-17T08:53:07.759Z"},"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":32499682,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-04-30T13:12:12.517Z","status":"online","status_checked_at":"2026-05-01T02:00:05.856Z","response_time":64,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["aws","aws-cdk","aws-cdk-constructs","aws-ssm","cdk","ssm"],"created_at":"2024-08-01T18:01:31.294Z","updated_at":"2026-05-01T13:33:14.248Z","avatar_url":"https://github.com/brettswift.png","language":"TypeScript","funding_links":[],"categories":["aws"],"sub_categories":[],"readme":"# CDK Git Config\n\nAn AWS CDK construct that will replicate a directory structure of yaml files into AWS SSM. (Or other providers like DynamoDB / S3 in the future).\n\n## Motivation\n\nIn Continuous Delivery, you need to tweak configuration in production at runtime, quickly, without flowing through your entire dev --\u003e staging --\u003e prod pipeline.  This can be called \"out of band\" configuration.  Alternative to \"in-band\" configuration which is committed to your software git repo, and updates when the software is deployed.\n\nOne popular way of storing out of band configuration is SSM.  However this can get out of hand quickly.\n\nHaving configuration stored in git, with a simple interface (yaml) is nice.  So lets do that, and replicate the directory via CDK / Cloudformation into AWS SSM!\n\nKey advantages:\n\n* history of out of band configuration\n* easy to revert to previous configuration\n* Pull Requests, added options for reviewing configuration (prod \u0026 dev)\n* Easy to replicate into new accounts.\n\n## Example\n\nSee the examples folder for a deployable stack you can use to evaluate.\n\n## Deficiencies / TODO\n\n* Secure parameters - currently not supported\n* Include a CodePipeline construct, as automating this is critical.\n\n## Releasing\n\n1. Merge PR to master\n2. Run the release script according to what type of release this should be\n    * `npm run release-[major|minor|patch]`\n    * This will:\n        * create the appropriate release number in package.json\n        * create the tag, and commit\n        * Finally push the tag and commit up\n        * Travis will run the build and release to NPM.\n\n\n## Contributing\n\nPR's welcome.  Issues / requests welcome.\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fbrettswift%2Fcdk-git-config","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fbrettswift%2Fcdk-git-config","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fbrettswift%2Fcdk-git-config/lists"}