{"id":13780653,"url":"https://github.com/chainguard-dev/clank","last_synced_at":"2025-05-06T21:34:31.188Z","repository":{"id":142658510,"uuid":"610788275","full_name":"chainguard-dev/clank","owner":"chainguard-dev","description":"Simple tool that allows you to detect imposter commits in GitHub Actions workflows.","archived":false,"fork":false,"pushed_at":"2024-11-12T23:25:39.000Z","size":235,"stargazers_count":22,"open_issues_count":0,"forks_count":4,"subscribers_count":5,"default_branch":"main","last_synced_at":"2024-11-13T00:23:19.626Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":"","language":"Go","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/chainguard-dev.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2023-03-07T13:39:39.000Z","updated_at":"2024-11-12T23:25:41.000Z","dependencies_parsed_at":null,"dependency_job_id":"b06e0ee9-db1c-4656-a069-61058b5b8398","html_url":"https://github.com/chainguard-dev/clank","commit_stats":null,"previous_names":[],"tags_count":2,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/chainguard-dev%2Fclank","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/chainguard-dev%2Fclank/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/chainguard-dev%2Fclank/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/chainguard-dev%2Fclank/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/chainguard-dev","download_url":"https://codeload.github.com/chainguard-dev/clank/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":224536709,"owners_count":17327680,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2024-08-03T18:01:18.381Z","updated_at":"2024-11-13T22:35:05.596Z","avatar_url":"https://github.com/chainguard-dev.png","language":"Go","funding_links":[],"categories":["Tools"],"sub_categories":["ArgoCD"],"readme":"# clank\n\nclank is a simple tool that allows you to detect imposter commits in GitHub\nActions workflows.\n\nThis is primarily a proof-of-concept - our aim is to upstream this check to\n[OpenSSF Scorecards](https://github.com/ossf/scorecard).\n\nThe name is inspired by https://github.com/sethvargo/ratchet.\n\n## Installation\n\n```sh\n$ go install github.com/chainguard-dev/clank@latest\n```\n\n## Usage\n\n```sh\n$ clank [ path/to/workflow/dir | URL ]\n```\n\n### Examples:\n\nBy path:\n\n```sh\n$ clank ./testdata\ntestdata/push.yaml\n+---------------------------------------------------------------------+--------+-------+-------------------------+\n|                                 REF                                 | STATUS | LINES |         DETAILS         |\n+---------------------------------------------------------------------+--------+-------+-------------------------+\n| actions://actions/checkout@main                                     | OK     | [10]  |                         |\n| actions://actions/checkout@c7d749a2d57b4b375d1ebcd17cfbfb60c676f18e | ERROR  | [7]   | SHA not present in repo |\n+---------------------------------------------------------------------+--------+-------+-------------------------+\n```\n\nBy URL:\n\n```sh\n$ clank https://github.com/sigstore/cosign\n/var/folders/83/j7crs0zj5g9_nj3wb9hql9hh0000gn/T/clank-3841068745/sigstore/cosign/.github/workflows/build.yaml\n+-------------------------------------------------------------------------------+--------+-------+---------+\n|                                      REF                                      | STATUS | LINES | DETAILS |\n+-------------------------------------------------------------------------------+--------+-------+---------+\n| actions://sigstore/cosign-installer@c3667d99424e7e6047999fb6246c0da843953c65  | OK     | [46]  |         |\n| actions://actions/setup-go@6edd4406fa81c3da01a34fa6f6343087c207a568           | OK     | [48]  |         |\n| actions://ko-build/setup-ko@ace48d793556083a76f1e3e6068850c1f4a369aa          | OK     | [54]  |         |\n| actions://google-github-actions/auth@ef5d53e30bbcd8d0836f4288f5e50ff3e086997d | OK     | [57]  |         |\n| actions://actions/checkout@ac593985615ec2ede58e132d2e21d2b1cbd6127c           | OK     | [44]  |         |\n+-------------------------------------------------------------------------------+--------+-------+---------+\n\n/var/folders/83/j7crs0zj5g9_nj3wb9hql9hh0000gn/T/clank-3841068745/sigstore/cosign/.github/workflows/codeql-analysis.yml\n+---------------------------------------------------------------------------------+--------+-------+---------+\n|                                       REF                                       | STATUS | LINES | DETAILS |\n+---------------------------------------------------------------------------------+--------+-------+---------+\n| actions://actions/setup-go@6edd4406fa81c3da01a34fa6f6343087c207a568             | OK     | [63]  |         |\n| actions://github/codeql-action/init@32dc499307d133bb5085bae78498c0ac2cf762d5    | OK     | [70]  |         |\n| actions://github/codeql-action/analyze@32dc499307d133bb5085bae78498c0ac2cf762d5 | OK     | [78]  |         |\n| actions://actions/checkout@ac593985615ec2ede58e132d2e21d2b1cbd6127c             | OK     | [50]  |         |\n| actions://actions/cache@69d9d449aced6a2ede0bc19182fadc3a0a42d2b0                | OK     | [53]  |         |\n+---------------------------------------------------------------------------------+--------+-------+---------+\n\n...\n```\n\n## Authentication\n\nclank looks for an access token to be passed in via the `GITHUB_TOKEN`\nenvironment variable. This token is used to fetch content and compute diffs.\n\nWhile clank can be used against public repos without a token, you may run into\nrate limiting without it.\n\nThe easiest way to get a token is to run:\n\n```sh\n$ export GITHUB_TOKEN=`gh auth token`\n$ clank ./testdata\n```\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fchainguard-dev%2Fclank","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fchainguard-dev%2Fclank","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fchainguard-dev%2Fclank/lists"}