{"id":13500423,"url":"https://github.com/carvel-dev/ytt","last_synced_at":"2026-01-12T01:05:34.917Z","repository":{"id":37491416,"uuid":"173207060","full_name":"carvel-dev/ytt","owner":"carvel-dev","description":"YAML templating tool that works on YAML structure instead of text","archived":false,"fork":false,"pushed_at":"2025-12-16T11:07:54.000Z","size":4830,"stargazers_count":1830,"open_issues_count":159,"forks_count":150,"subscribers_count":27,"default_branch":"develop","last_synced_at":"2026-01-02T04:57:48.181Z","etag":null,"topics":["carvel","cli","configuration","data-structures","devops","go","k8s","kubernetes","templating","yaml","yaml-processor","yml"],"latest_commit_sha":null,"homepage":"https://carvel.dev/ytt","language":"Go","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/carvel-dev.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":"CONTRIBUTING.md","funding":null,"license":"LICENSE","code_of_conduct":"CODE_OF_CONDUCT.md","threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":"SECURITY.md","support":null,"governance":"GOVERNANCE.md","roadmap":"ROADMAP.md","authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":"NOTICE","maintainers":"MAINTAINERS.md","copyright":null,"agents":null,"dco":null,"cla":null}},"created_at":"2019-03-01T00:13:56.000Z","updated_at":"2026-01-01T11:53:21.000Z","dependencies_parsed_at":"2023-07-27T22:46:49.108Z","dependency_job_id":"c552d7d2-9a4d-4574-b932-cb94a2fdb69b","html_url":"https://github.com/carvel-dev/ytt","commit_stats":{"total_commits":1072,"total_committers":90,"mean_commits":"11.911111111111111","dds":0.7416044776119404,"last_synced_commit":"b60ca0d4900a558b1fa71d744ee095316d9b84e1"},"previous_names":["vmware-tanzu/carvel-ytt","k14s/ytt","vmware-tanzu/ytt","get-ytt/ytt"],"tags_count":111,"template":false,"template_full_name":null,"purl":"pkg:github/carvel-dev/ytt","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/carvel-dev%2Fytt","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/carvel-dev%2Fytt/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/carvel-dev%2Fytt/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/carvel-dev%2Fytt/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/carvel-dev","download_url":"https://codeload.github.com/carvel-dev/ytt/tar.gz/refs/heads/develop","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/carvel-dev%2Fytt/sbom","scorecard":{"id":266949,"data":{"date":"2025-08-11","repo":{"name":"github.com/carvel-dev/ytt","commit":"45e3c674912845e890f841fc6fb7641e507338ea"},"scorecard":{"version":"v5.2.1-40-gf6ed084d","commit":"f6ed084d17c9236477efd66e5b258b9d4cc7b389"},"score":6.2,"checks":[{"name":"Security-Policy","score":6,"reason":"security policy file detected","details":["Info: security policy file detected: SECURITY.md:1","Info: Found linked content: SECURITY.md:1","Warn: One or no descriptive hints of disclosure, vulnerability, and/or timelines in security policy","Warn: No text (besides links / emails) found in security policy"],"documentation":{"short":"Determines if the project has published a security policy.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#security-policy"}},{"name":"Maintained","score":3,"reason":"2 commit(s) and 2 issue activity found in the last 90 days -- score normalized to 3","details":null,"documentation":{"short":"Determines if the project is \"actively maintained\".","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#maintained"}},{"name":"Dangerous-Workflow","score":10,"reason":"no dangerous workflow patterns detected","details":null,"documentation":{"short":"Determines if the project's GitHub Action workflows avoid dangerous patterns.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#dangerous-workflow"}},{"name":"Code-Review","score":10,"reason":"all changesets reviewed","details":null,"documentation":{"short":"Determines if the project requires human code review before pull requests (aka merge requests) are merged.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#code-review"}},{"name":"CII-Best-Practices","score":0,"reason":"no effort to earn an OpenSSF best practices badge detected","details":null,"documentation":{"short":"Determines if the project has an OpenSSF (formerly CII) Best Practices Badge.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#cii-best-practices"}},{"name":"Token-Permissions","score":0,"reason":"detected GitHub workflow tokens with excessive permissions","details":["Warn: no topLevel permission defined: .github/workflows/add-to-project.yml:1","Warn: no topLevel permission defined: .github/workflows/closed-issue-comment.yml:1","Warn: no topLevel permission defined: .github/workflows/closed-issue.yml:1","Warn: no topLevel permission defined: .github/workflows/golangci-lint.yml:1","Warn: no topLevel permission defined: .github/workflows/inclusive-language-check.yml:1","Warn: no topLevel permission defined: .github/workflows/release-published.yml:1","Warn: no topLevel permission defined: .github/workflows/release.yml:1","Warn: no topLevel permission defined: .github/workflows/reopen-issue.yml:1","Warn: no topLevel permission defined: .github/workflows/stale-issues-action.yml:1","Warn: no topLevel permission defined: .github/workflows/test-all.yml:1","Warn: no topLevel permission defined: .github/workflows/test-windows.yml:1","Warn: no topLevel permission defined: .github/workflows/trivy-scan.yml:1","Warn: no topLevel permission defined: .github/workflows/update-go.yml:1","Info: no jobLevel write permissions found"],"documentation":{"short":"Determines if the project's workflows follow the principle of least privilege.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#token-permissions"}},{"name":"Pinned-Dependencies","score":3,"reason":"dependency not pinned by hash detected -- score normalized to 3","details":["Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/add-to-project.yml:15: update your workflow using https://app.stepsecurity.io/secureworkflow/carvel-dev/ytt/add-to-project.yml/develop?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/golangci-lint.yml:15: update your workflow using https://app.stepsecurity.io/secureworkflow/carvel-dev/ytt/golangci-lint.yml/develop?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/golangci-lint.yml:19: update your workflow using https://app.stepsecurity.io/secureworkflow/carvel-dev/ytt/golangci-lint.yml/develop?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/golangci-lint.yml:24: update your workflow using https://app.stepsecurity.io/secureworkflow/carvel-dev/ytt/golangci-lint.yml/develop?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/inclusive-language-check.yml:10: update your workflow using https://app.stepsecurity.io/secureworkflow/carvel-dev/ytt/inclusive-language-check.yml/develop?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/release-published.yml:10: update your workflow using https://app.stepsecurity.io/secureworkflow/carvel-dev/ytt/release-published.yml/develop?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release.yml:17: update your workflow using https://app.stepsecurity.io/secureworkflow/carvel-dev/ytt/release.yml/develop?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release.yml:22: update your workflow using https://app.stepsecurity.io/secureworkflow/carvel-dev/ytt/release.yml/develop?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/release.yml:28: update your workflow using https://app.stepsecurity.io/secureworkflow/carvel-dev/ytt/release.yml/develop?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release.yml:46: update your workflow using https://app.stepsecurity.io/secureworkflow/carvel-dev/ytt/release.yml/develop?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test-all.yml:14: update your workflow using https://app.stepsecurity.io/secureworkflow/carvel-dev/ytt/test-all.yml/develop?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test-all.yml:19: update your workflow using https://app.stepsecurity.io/secureworkflow/carvel-dev/ytt/test-all.yml/develop?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test-windows.yml:14: update your workflow using https://app.stepsecurity.io/secureworkflow/carvel-dev/ytt/test-windows.yml/develop?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test-windows.yml:16: update your workflow using https://app.stepsecurity.io/secureworkflow/carvel-dev/ytt/test-windows.yml/develop?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/trivy-scan.yml:10: update your workflow using https://app.stepsecurity.io/secureworkflow/carvel-dev/ytt/trivy-scan.yml/develop?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/update-go.yml:13: update your workflow using https://app.stepsecurity.io/secureworkflow/carvel-dev/ytt/update-go.yml/develop?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/update-go.yml:17: update your workflow using https://app.stepsecurity.io/secureworkflow/carvel-dev/ytt/update-go.yml/develop?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/update-go.yml:24: update your workflow using https://app.stepsecurity.io/secureworkflow/carvel-dev/ytt/update-go.yml/develop?enable=pin","Info:   1 out of  13 GitHub-owned GitHubAction dependencies pinned","Info:   4 out of  10 third-party GitHubAction dependencies pinned","Info:   1 out of   1 goCommand dependencies pinned"],"documentation":{"short":"Determines if the project has declared and pinned the dependencies of its build process.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#pinned-dependencies"}},{"name":"Binary-Artifacts","score":10,"reason":"no binaries found in the repo","details":null,"documentation":{"short":"Determines if the project has generated executable (binary) artifacts in the source repository.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#binary-artifacts"}},{"name":"License","score":10,"reason":"license file detected","details":["Info: project has a license file: LICENSE:0","Info: FSF or OSI recognized license: Apache License 2.0: LICENSE:0"],"documentation":{"short":"Determines if the project has defined a license.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#license"}},{"name":"Fuzzing","score":0,"reason":"project is not fuzzed","details":["Warn: no fuzzer integrations found"],"documentation":{"short":"Determines if the project uses fuzzing.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#fuzzing"}},{"name":"Branch-Protection","score":-1,"reason":"internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration","details":null,"documentation":{"short":"Determines if the default and release branches are protected with GitHub's branch protection settings.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#branch-protection"}},{"name":"Signed-Releases","score":8,"reason":"5 out of the last 5 releases have a total of 5 signed artifacts.","details":["Info: signed release artifact: checksums.txt.sig: https://github.com/carvel-dev/ytt/releases/tag/v0.52.0","Info: signed release artifact: checksums.txt.sig: https://github.com/carvel-dev/ytt/releases/tag/v0.51.2","Info: signed release artifact: checksums.txt.sig: https://github.com/carvel-dev/ytt/releases/tag/v0.51.1","Info: signed release artifact: checksums.txt.sig: https://github.com/carvel-dev/ytt/releases/tag/v0.51.0","Info: signed release artifact: checksums.txt.sig: https://github.com/carvel-dev/ytt/releases/tag/v0.50.0","Warn: release artifact v0.52.0 does not have provenance: https://api.github.com/repos/carvel-dev/ytt/releases/216116080","Warn: release artifact v0.51.2 does not have provenance: https://api.github.com/repos/carvel-dev/ytt/releases/208861083","Warn: release artifact v0.51.1 does not have provenance: https://api.github.com/repos/carvel-dev/ytt/releases/190158813","Warn: release artifact v0.51.0 does not have provenance: https://api.github.com/repos/carvel-dev/ytt/releases/183959171","Warn: release artifact v0.50.0 does not have provenance: https://api.github.com/repos/carvel-dev/ytt/releases/165616784"],"documentation":{"short":"Determines if the project cryptographically signs release artifacts.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#signed-releases"}},{"name":"Packaging","score":10,"reason":"packaging workflow detected","details":["Info: Project packages its releases by way of GitHub Actions.: .github/workflows/release.yml:9"],"documentation":{"short":"Determines if the project is published as a package that others can easily download, install, easily update, and uninstall.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#packaging"}},{"name":"Vulnerabilities","score":10,"reason":"0 existing vulnerabilities detected","details":null,"documentation":{"short":"Determines if the project has open, known unfixed vulnerabilities.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#vulnerabilities"}},{"name":"SAST","score":0,"reason":"SAST tool is not run on all commits -- score normalized to 0","details":["Warn: 0 commits out of 30 are checked with a SAST tool"],"documentation":{"short":"Determines if the project uses static code analysis.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#sast"}}]},"last_synced_at":"2025-08-17T12:20:19.116Z","repository_id":37491416,"created_at":"2025-08-17T12:20:19.116Z","updated_at":"2025-08-17T12:20:19.116Z"},"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":28330233,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-01-12T00:36:25.062Z","status":"ssl_error","status_checked_at":"2026-01-12T00:36:15.229Z","response_time":60,"last_error":"SSL_connect returned=1 errno=0 peeraddr=140.82.121.6:443 state=error: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["carvel","cli","configuration","data-structures","devops","go","k8s","kubernetes","templating","yaml","yaml-processor","yml"],"created_at":"2024-07-31T22:01:00.210Z","updated_at":"2026-01-12T01:05:34.893Z","avatar_url":"https://github.com/carvel-dev.png","language":"Go","readme":"![logo](docs/CarvelLogo.png)\n\n[![OpenSSF Best Practices](https://bestpractices.coreinfrastructure.org/projects/7746/badge)](https://bestpractices.coreinfrastructure.org/projects/7746)\n\n# ytt\n\n* Play: Jump right in by trying out the [online playground](https://carvel.dev/ytt/#playground)\n* Discover `ytt` in [video](https://youtu.be/WJw1MDFMVuk)\n* For more information about annotations, data values, overlays and other features see [Docs](https://carvel.dev/ytt/docs/latest/) page\n* Slack: [#carvel in Kubernetes slack](https://slack.kubernetes.io/)\n* Install: Grab prebuilt binaries from the [Releases page](https://github.com/carvel-dev/ytt/releases) or [Homebrew Carvel tap](https://github.com/carvel-dev/homebrew)\n* Backlog: [See what we're up to]([https://app.zenhub.com/workspaces/carvel-backlog-6013063a24147d0011410709/board?repos=173207060). (Note: we use ZenHub which requires GitHub authorization](https://github.com/orgs/carvel-dev/projects/1/views/1?filterQuery=repo%3A%22vmware-tanzu%2Fcarvel-ytt%22)).\n\n## Overview\n\n`ytt` (pronounced spelled out) is a templating tool that understands YAML structure. It helps you easily configure complex software via reusable templates and user provided values. Ytt includes the following features:\n- Structural templating: understands yaml structure so users can focus on their configuration instead of issues associated with text templating, such as YAML value quoting or manual template indentation\n- Built-in programming language: includes the \"fully featured\" Python-like programming language Starlark which helps ease the burden of configuring complex software through a richer set of functionality.\n- Reusable configuration: You can reuse the same configuration in different environments by applying environment-specific values.\n- Custom validations: coupled with the fast and deterministic execution, allows you to take advantage of faster feedback loops when creating and testing templates\n- Overlays: this advanced configuration helps users manage the customization required for complex software. For more, see [this example](https://carvel.dev/ytt/#example:example-overlay-files) in the online playground.\n- Sandboxing: provides a secure, deterministic environment for execution of templates\n\n## Try it\n\nTo get started with `ytt` and to see examples, you use the online playground or download the binaries and run the playground locally.\n\n- Try out the [online playground](https://carvel.dev/ytt/#playground)\n- Download the latest binaries from the [releases page](https://github.com/carvel-dev/ytt/releases) and run the playground locally: `ytt website`\n- See the examples used in the playground on the [examples](https://github.com/carvel-dev/ytt/tree/develop/examples/playground) page\n- Editor Extensions: [vscode syntax highlighting](https://marketplace.visualstudio.com/items?itemName=ewrenn.vscode-ytt)\n\n### Join the Community and Make Carvel Better\nCarvel is better because of our contributors and maintainers. It is because of you that we can bring great software to the community. Please join us during our online community meetings. Details can be found on our [Carvel website](https://carvel.dev/community/).\n\nYou can chat with us on Kubernetes Slack in the #carvel channel and follow us on Twitter at @carvel_dev.\n\nCheck out which organizations are using and contributing to Carvel: [Adopter's list](https://github.com/carvel-dev/carvel/blob/master/ADOPTERS.md)\n\n### Integrating with ytt\n\nIf you want to integrate `ytt` within your own tooling, review our [APIs](examples/integrating-with-ytt/apis.md).\n","funding_links":[],"categories":["Go","Kubernetes","Configuration Management","cli","go"],"sub_categories":["Kubernetes templating"],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fcarvel-dev%2Fytt","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fcarvel-dev%2Fytt","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fcarvel-dev%2Fytt/lists"}