{"id":13832171,"url":"https://github.com/capitalone/checks-out","last_synced_at":"2026-01-14T13:05:37.438Z","repository":{"id":54716390,"uuid":"111554751","full_name":"capitalone/checks-out","owner":"capitalone","description":"Checks-Out pull request approval system","archived":true,"fork":false,"pushed_at":"2022-02-15T18:49:16.000Z","size":3432,"stargazers_count":76,"open_issues_count":25,"forks_count":19,"subscribers_count":9,"default_branch":"dev","last_synced_at":"2025-09-27T05:40:59.994Z","etag":null,"topics":["approval-management","approvals","github","go","golang","tagging","versioning","workflow-management"],"latest_commit_sha":null,"homepage":"","language":"Go","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/capitalone.png","metadata":{"files":{"readme":"README.md","changelog":"CHANGELOG.md","contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":"CODEOWNERS","security":null,"support":null}},"created_at":"2017-11-21T13:48:17.000Z","updated_at":"2024-09-11T02:12:19.000Z","dependencies_parsed_at":"2022-08-14T00:40:48.459Z","dependency_job_id":null,"html_url":"https://github.com/capitalone/checks-out","commit_stats":null,"previous_names":[],"tags_count":8,"template":false,"template_full_name":null,"purl":"pkg:github/capitalone/checks-out","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/capitalone%2Fchecks-out","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/capitalone%2Fchecks-out/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/capitalone%2Fchecks-out/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/capitalone%2Fchecks-out/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/capitalone","download_url":"https://codeload.github.com/capitalone/checks-out/tar.gz/refs/heads/dev","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/capitalone%2Fchecks-out/sbom","scorecard":{"id":265123,"data":{"date":"2025-08-11","repo":{"name":"github.com/capitalone/checks-out","commit":"4cbfb343fb1df0a8622adcd89be9a6f90e2b751f"},"scorecard":{"version":"v5.2.1-40-gf6ed084d","commit":"f6ed084d17c9236477efd66e5b258b9d4cc7b389"},"score":3.1,"checks":[{"name":"Code-Review","score":5,"reason":"Found 6/11 approved changesets -- score normalized to 5","details":null,"documentation":{"short":"Determines if the project requires human code review before pull requests (aka merge requests) are merged.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#code-review"}},{"name":"Token-Permissions","score":-1,"reason":"No tokens found","details":null,"documentation":{"short":"Determines if the project's workflows follow the principle of least privilege.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#token-permissions"}},{"name":"Dangerous-Workflow","score":-1,"reason":"no workflows found","details":null,"documentation":{"short":"Determines if the project's GitHub Action workflows avoid dangerous patterns.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#dangerous-workflow"}},{"name":"Packaging","score":-1,"reason":"packaging workflow not detected","details":["Warn: no GitHub/GitLab publishing workflow detected."],"documentation":{"short":"Determines if the project is published as a package that others can easily download, install, easily update, and uninstall.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#packaging"}},{"name":"Maintained","score":0,"reason":"project is archived","details":["Warn: Repository is archived."],"documentation":{"short":"Determines if the project is \"actively maintained\".","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#maintained"}},{"name":"Binary-Artifacts","score":10,"reason":"no binaries found in the repo","details":null,"documentation":{"short":"Determines if the project has generated executable (binary) artifacts in the source repository.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#binary-artifacts"}},{"name":"Pinned-Dependencies","score":-1,"reason":"no dependencies found","details":null,"documentation":{"short":"Determines if the project has declared and pinned the dependencies of its build process.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#pinned-dependencies"}},{"name":"CII-Best-Practices","score":0,"reason":"no effort to earn an OpenSSF best practices badge detected","details":null,"documentation":{"short":"Determines if the project has an OpenSSF (formerly CII) Best Practices Badge.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#cii-best-practices"}},{"name":"Fuzzing","score":0,"reason":"project is not fuzzed","details":["Warn: no fuzzer integrations found"],"documentation":{"short":"Determines if the project uses fuzzing.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#fuzzing"}},{"name":"License","score":10,"reason":"license file detected","details":["Info: project has a license file: LICENSE:0","Info: FSF or OSI recognized license: Apache License 2.0: LICENSE:0"],"documentation":{"short":"Determines if the project has defined a license.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#license"}},{"name":"Signed-Releases","score":-1,"reason":"no releases found","details":null,"documentation":{"short":"Determines if the project cryptographically signs release artifacts.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#signed-releases"}},{"name":"Security-Policy","score":0,"reason":"security policy file not detected","details":["Warn: no security policy file detected","Warn: no security file to analyze","Warn: no security file to analyze","Warn: no security file to analyze"],"documentation":{"short":"Determines if the project has published a security policy.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#security-policy"}},{"name":"Branch-Protection","score":-1,"reason":"internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration","details":null,"documentation":{"short":"Determines if the default and release branches are protected with GitHub's branch protection settings.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#branch-protection"}},{"name":"Vulnerabilities","score":0,"reason":"29 existing vulnerabilities detected","details":["Warn: Project is vulnerable to: GO-2020-0017 / GHSA-w73w-5m7g-f7qc","Warn: Project is vulnerable to: GO-2020-0001 / GHSA-6vm3-jj99-7229","Warn: Project is vulnerable to: GHSA-869c-j7wc-8jqv","Warn: Project is vulnerable to: GO-2021-0052 / GHSA-h395-qcrw-5vmq","Warn: Project is vulnerable to: GHSA-3vp4-m3rf-835h","Warn: Project is vulnerable to: GO-2021-0078 / GHSA-5p4h-3377-7w67","Warn: Project is vulnerable to: GO-2022-0193 / GHSA-fcf9-6fv2-fc5v","Warn: Project is vulnerable to: GO-2022-0192 / GHSA-2wp2-chmh-r934","Warn: Project is vulnerable to: GO-2022-0197 / GHSA-4r78-hx75-jjj2 / GHSA-mv93-wvcp-7m7r","Warn: Project is vulnerable to: GO-2020-0014 / GHSA-vfw5-hrgq-h5wf","Warn: Project is vulnerable to: GO-2022-0536 / GHSA-39qc-96h7-956f / GHSA-hgr8-6h9x-f7q9","Warn: Project is vulnerable to: GO-2022-0236 / GHSA-h86h-8ppg-mxmh","Warn: Project is vulnerable to: GO-2021-0238 / GHSA-83g2-8m93-v3w7","Warn: Project is vulnerable to: GO-2022-0288","Warn: Project is vulnerable to: GO-2022-0969 / GHSA-69cg-p879-7622","Warn: Project is vulnerable to: GO-2022-1144 / GHSA-xrjj-mj9h-534m","Warn: Project is vulnerable to: GO-2023-1571 / GHSA-vvpx-j8f3-3w6h","Warn: Project is vulnerable to: GO-2023-1988 / GHSA-2wrh-6pvc-2jm9","Warn: Project is vulnerable to: GO-2023-2102 / GHSA-4374-p667-p6c8","Warn: Project is vulnerable to: GHSA-qppj-fm5r-hxr3","Warn: Project is vulnerable to: GO-2024-2687 / GHSA-4v7x-pqxf-cx7m","Warn: Project is vulnerable to: GO-2024-3333","Warn: Project is vulnerable to: GO-2025-3503 / GHSA-qxp5-gwg8-xv66","Warn: Project is vulnerable to: GO-2025-3595 / GHSA-vvgc-356p-c3xw","Warn: Project is vulnerable to: GO-2025-3488 / GHSA-6v2p-p543-phr9","Warn: Project is vulnerable to: GO-2022-0493 / GHSA-p782-xgp4-8hr8","Warn: Project is vulnerable to: GO-2021-0061 / GHSA-r88r-gmrh-7j83","Warn: Project is vulnerable to: GO-2022-0956 / GHSA-6q6q-88xp-6f2r","Warn: Project is vulnerable to: GO-2020-0036 / GHSA-wxc4-f4m6-wwqv"],"documentation":{"short":"Determines if the project has open, known unfixed vulnerabilities.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#vulnerabilities"}},{"name":"SAST","score":-1,"reason":"internal error: internal error: Client.Checks.ListCheckRunsForRef: error during graphqlHandler.setupCheckRuns: non-200 OK status code: 502 Bad Gateway body: \"\u003chtml\u003e\\r\\n\u003chead\u003e\u003ctitle\u003e502 Bad Gateway\u003c/title\u003e\u003c/head\u003e\\r\\n\u003cbody\u003e\\r\\n\u003ccenter\u003e\u003ch1\u003e502 Bad Gateway\u003c/h1\u003e\u003c/center\u003e\\r\\n\u003chr\u003e\u003ccenter\u003enginx\u003c/center\u003e\\r\\n\u003c/body\u003e\\r\\n\u003c/html\u003e\\r\\n\"","details":null,"documentation":{"short":"Determines if the project uses static code analysis.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#sast"}}]},"last_synced_at":"2025-08-17T11:49:03.391Z","repository_id":54716390,"created_at":"2025-08-17T11:49:03.391Z","updated_at":"2025-08-17T11:49:03.391Z"},"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":28420817,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-01-14T10:47:48.104Z","status":"ssl_error","status_checked_at":"2026-01-14T10:46:19.031Z","response_time":107,"last_error":"SSL_connect returned=1 errno=0 peeraddr=140.82.121.6:443 state=error: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["approval-management","approvals","github","go","golang","tagging","versioning","workflow-management"],"created_at":"2024-08-04T10:01:53.584Z","updated_at":"2026-01-14T13:05:37.420Z","avatar_url":"https://github.com/capitalone.png","language":"Go","funding_links":[],"categories":["Go"],"sub_categories":[],"readme":"# Due to changes in the priorities, this project is currently not being supported. The project is archived as of 2/15/22 and will be available in a read-only state. Please note, since archival, the project is not maintained or reviewed.\n\n# Checks-Out\n\n[![Join the chat at https://gitter.im/capitalone/checks-out](https://badges.gitter.im/capitalone/checks-out.svg)](https://gitter.im/capitalone/checks-out?utm_source=badge\u0026utm_medium=badge\u0026utm_campaign=pr-badge\u0026utm_content=badge)\n\nChecks-Out is a simple pull request approval system using GitHub\nprotected branches and maintainers files. Pull requests are locked and cannot be\nmerged until the minimum number of approvals are received. Project maintainers\ncan indicate their approval by commenting on the pull request and including\n\"I approve\" in their approval text. Checks-Out also provides integration\nwith GitHub Reviews. An accepted GitHub Review is counted as an approval.\nGitHub Review that requests additional changes blocks the pull request from merging.\n\nRead the [online documentation](https://capitalone.github.io/checks-out) to find out more about Checks-Out.\n\n### Development\n\nChecks-Out is a fork of [LGTM](https://github.com/lgtmco/lgtm). Our git repository\ncontains the commit history from the upstream project. We are actively seeking\ncontributions from the community. If you'd like to contribute we recommend\ntaking a look at the issues page. You can pick up an open issue and work on it,\nsubmit a bug, or submit a new feature request for feedback.\n\n### Features\n\nChecks-Out has several features that distinguish itself from the parent LGTM project.\n\nThe most popular feature is the ability to specify multiple approval policies.\nPolicies are based around the concept of organizations. An organization is\na set of project maintainers. Various types of thresholds can be configured\nfor organizations and boolean conditions can be used to combine policies.\nPolicies can be configured to apply to specific file paths and/or git branches.\nRefer to the customization documentation for more information about policies.\n\nChecks-Out has optional support for automatic tagging of merges. Tags can configured\nbased on timestamp or semantic versioning.\n\nChecks-Out has optional support for automatic merging of pull requests when\nall status checks have passed.\n\nChecks-Out has changed the default behavior when new commits are added to a pull\nrequest. By default only comments that have a later timestamp than the\nlatest commit are processed by Checks-Out. There is a configuration property to use\nthe original LGTM behavior which is to consider all comments on a pull request. \n\n### Usage\n\n#### .checks-out file\n\nEach repository managed by Checks-Out must have a .checks-out file in the root of the\nrepository. This file provides the configuration that Checks-Out uses for the\nrepository. The configuration file is described in detail in the\ncustomization section of the online documentation.\n\nThis repository has an .checks-out file that you can use as an example.\nIt is likely that you will need a simple .checks-out file, so you can use\nthe following template:\n\n```\napprovals:\n[\n  {\n    match: \"all[count=1,self=false]\"\n  }\n]\n```\n\n#### MAINTAINERS file\n\nEach repository managed by Checks-Out should have a MAINTAINERS file that specifies\nwho is allowed to approve pull requests. The format of the file\nis described in the maintainers section of the online\ndocumentation. Here is a sample MAINTAINERS file to get you started:\n\n```\ngithub-org repo-self\n```\n\n### Build\n\nChecks-Out uses the Go [dep](https://github.com/golang/dep) dependency management tool.\nDependencies are not stored in the repository. Run `dep ensure` to install dependencies.\n\nCommands to build from source:\n\n```sh\nmake build   # Build the binary\n```\n\n## Contributors\n\nWe welcome your interest in Capital One’s Open Source Projects (the “Project”). Any Contributor to the Project must accept and sign a CLA indicating agreement to the license terms. Except for the license granted in this CLA to Capital One and to recipients of software distributed by Capital One, You reserve all right, title, and interest in and to your Contributions; this CLA does not impact your rights to use your own contributions for any other purpose.\n\n[Link to Individual CLA](https://docs.google.com/forms/d/19LpBBjykHPox18vrZvBbZUcK6gQTj7qv1O5hCduAZFU/viewform)\n\n[Link to Corporate CLA](https://docs.google.com/forms/d/e/1FAIpQLSeAbobIPLCVZD_ccgtMWBDAcN68oqbAJBQyDTSAQ1AkYuCp_g/viewform)\n\nThis project adheres to the Capital One [Open Source Code of Conduct](http://www.capitalone.io/codeofconduct/). By participating, you are expected to honor this code.\n\n### Contribution Guidelines\nWe encourage any contributions that align with the intent of this project and add more functionality or languages that other developers can make use of. To contribute to the project, please submit a PR for our review. Before contributing any source code, familiarize yourself with the [Apache License 2.0](LICENSE), which controls the licensing for this project.\n\n## License\n\nChecks-Out is available under the Apache License 2.0.\n\nThis distribution has a binary dependency on errwrap, which is available under\nthe Mozilla Public License 2.0 License. The source code of errwrap can be found at\nhttps://github.com/hashicorp/errwrap.\n\nThis distribution has a binary dependency on go-version, which is available under\nthe Mozilla Public License 2.0 License. The source code of go-version can be found at\nhttps://github.com/hashicorp/go-version.\n\nThis distribution has a binary dependency on go-multierror, which is available under\nthe Mozilla Public License 2.0 License. The source code of go-multierror can be found\nat https://github.com/mspiegel/go-multierror.\n\nThis distribution has a binary dependency on go-sql-driver/mysql, which is available under\nthe Mozilla Public License 2.0 License. The source code of go-sql-driver/mysql can be found\nat https://github.com/go-sql-driver/mysql\n\n## FAQ\n\n1\\. How is this different from GitHub Reviews?\n\nPlease use [GitHub Reviews](https://help.github.com/articles/about-pull-request-reviews/) if it meets all your requirements. Some significant features in Checks-Out that are not (yet) in GitHub Reviews are: custom\napproval policies, different approval policies for different branches and/or file paths, optional auto-merge\nwhen all status checks have passed, optional auto-tagging of merges.\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fcapitalone%2Fchecks-out","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fcapitalone%2Fchecks-out","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fcapitalone%2Fchecks-out/lists"}