{"id":13393106,"url":"https://github.com/cli/cli","last_synced_at":"2026-02-23T21:14:29.744Z","repository":{"id":36983428,"uuid":"212613049","full_name":"cli/cli","owner":"cli","description":"GitHub’s official command line tool","archived":false,"fork":false,"pushed_at":"2026-01-19T18:27:52.000Z","size":50701,"stargazers_count":42076,"open_issues_count":931,"forks_count":7782,"subscribers_count":999,"default_branch":"trunk","last_synced_at":"2026-01-20T00:48:17.793Z","etag":null,"topics":["cli","git","github-api-v4","golang"],"latest_commit_sha":null,"homepage":"https://cli.github.com","language":"Go","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/cli.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":".github/CONTRIBUTING.md","funding":null,"license":"LICENSE","code_of_conduct":".github/CODE-OF-CONDUCT.md","threat_model":null,"audit":null,"citation":null,"codeowners":".github/CODEOWNERS","security":".github/SECURITY.md","support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":null,"dco":null,"cla":null}},"created_at":"2019-10-03T15:24:53.000Z","updated_at":"2026-01-19T23:40:29.000Z","dependencies_parsed_at":"2024-01-18T12:49:43.499Z","dependency_job_id":"29746f87-a01c-425c-861a-6ce1540ce7b7","html_url":"https://github.com/cli/cli","commit_stats":{"total_commits":5576,"total_committers":555,"mean_commits":"10.046846846846847","dds":0.7727761836441893,"last_synced_commit":"31a9d083bd0feaf237e7cf33b6171a1e902b7d3a"},"previous_names":["github/gh-cli","cli/gh-cli"],"tags_count":200,"template":false,"template_full_name":null,"purl":"pkg:github/cli/cli","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/cli%2Fcli","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/cli%2Fcli/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/cli%2Fcli/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/cli%2Fcli/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/cli","download_url":"https://codeload.github.com/cli/cli/tar.gz/refs/heads/trunk","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/cli%2Fcli/sbom","scorecard":{"id":112759,"data":{"date":"2025-08-11","repo":{"name":"github.com/cli/cli","commit":"1b083c20051900b81a86a3c866af4e3c428a9357"},"scorecard":{"version":"v5.2.1-40-gf6ed084d","commit":"f6ed084d17c9236477efd66e5b258b9d4cc7b389"},"score":5.8,"checks":[{"name":"Security-Policy","score":10,"reason":"security policy file detected","details":["Info: security policy file detected: .github/SECURITY.md:1","Info: Found linked content: .github/SECURITY.md:1","Info: Found disclosure, vulnerability, and/or timelines in security policy: .github/SECURITY.md:1","Info: Found text in security policy: .github/SECURITY.md:1"],"documentation":{"short":"Determines if the project has published a security policy.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#security-policy"}},{"name":"Maintained","score":10,"reason":"30 commit(s) and 19 issue activity found in the last 90 days -- score normalized to 10","details":null,"documentation":{"short":"Determines if the project is \"actively maintained\".","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#maintained"}},{"name":"Dangerous-Workflow","score":10,"reason":"no dangerous workflow patterns detected","details":null,"documentation":{"short":"Determines if the project's GitHub Action workflows avoid dangerous patterns.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#dangerous-workflow"}},{"name":"Code-Review","score":10,"reason":"all changesets reviewed","details":null,"documentation":{"short":"Determines if the project requires human code review before pull requests (aka merge requests) are merged.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#code-review"}},{"name":"CII-Best-Practices","score":0,"reason":"no effort to earn an OpenSSF best practices badge detected","details":null,"documentation":{"short":"Determines if the project has an OpenSSF (formerly CII) Best Practices Badge.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#cii-best-practices"}},{"name":"License","score":10,"reason":"license file detected","details":["Info: project has a license file: LICENSE:0","Info: FSF or OSI recognized license: MIT License: LICENSE:0"],"documentation":{"short":"Determines if the project has defined a license.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#license"}},{"name":"Token-Permissions","score":0,"reason":"detected GitHub workflow tokens with excessive permissions","details":["Info: jobLevel 'contents' permission set to 'read': .github/workflows/govulncheck.yml:9","Warn: jobLevel 'contents' permission set to 'write': .github/workflows/third-party-licenses.yml:21","Warn: topLevel 'contents' permission set to 'write': .github/workflows/bump-go.yml:6","Info: topLevel 'actions' permission set to 'read': .github/workflows/codeql.yml:14","Info: topLevel 'contents' permission set to 'read': .github/workflows/codeql.yml:15","Warn: topLevel 'security-events' permission set to 'write': .github/workflows/codeql.yml:16","Warn: topLevel 'contents' permission set to 'write': .github/workflows/deployment.yml:10","Info: topLevel 'models' permission set to 'read': .github/workflows/detect-spam.yml:9","Info: found token with 'none' permissions: .github/workflows/detect-spam.yml:7","Info: topLevel 'contents' permission set to 'read': .github/workflows/go.yml:9","Warn: no topLevel permission defined: .github/workflows/govulncheck.yml:1","Warn: topLevel 'contents' permission set to 'write': .github/workflows/homebrew-bump.yml:4","Info: found token with 'none' permissions: .github/workflows/issueauto.yml:7","Info: topLevel 'contents' permission set to 'read': .github/workflows/lint.yml:16","Info: found token with 'none' permissions: .github/workflows/pr-help-wanted.yml:13","Info: topLevel 'issues' permission set to 'read': .github/workflows/pr-help-wanted.yml:14","Info: found token with 'none' permissions: .github/workflows/prauto.yml:7","Warn: no topLevel permission defined: .github/workflows/third-party-licenses.yml:1","Info: found token with 'none' permissions: .github/workflows/triage.yml:1"],"documentation":{"short":"Determines if the project's workflows follow the principle of least privilege.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#token-permissions"}},{"name":"Binary-Artifacts","score":9,"reason":"binaries present in source code","details":["Warn: binary detected: pkg/cmd/attestation/test/data/github_provenance_demo-0.0.12-py3-none-any.whl:1"],"documentation":{"short":"Determines if the project has generated executable (binary) artifacts in the source repository.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#binary-artifacts"}},{"name":"Fuzzing","score":0,"reason":"project is not fuzzed","details":["Warn: no fuzzer integrations found"],"documentation":{"short":"Determines if the project uses fuzzing.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#fuzzing"}},{"name":"Packaging","score":10,"reason":"packaging workflow detected","details":["Info: Project packages its releases by way of GitHub Actions.: .github/workflows/deployment.yml:40"],"documentation":{"short":"Determines if the project is published as a package that others can easily download, install, easily update, and uninstall.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#packaging"}},{"name":"Branch-Protection","score":5,"reason":"branch protection is not maximal on development and all release branches","details":["Info: 'allow deletion' disabled on branch 'trunk'","Info: 'force pushes' disabled on branch 'trunk'","Info: 'branch protection settings apply to administrators' is required to merge on branch 'trunk'","Warn: 'stale review dismissal' is disabled on branch 'trunk'","Warn: required approving review count is 1 on branch 'trunk'","Info: codeowner review is required on branch 'trunk'","Warn: 'last push approval' is disabled on branch 'trunk'","Info: status check found to merge onto on branch 'trunk'","Info: PRs are required in order to make changes on branch 'trunk'"],"documentation":{"short":"Determines if the default and release branches are protected with GitHub's branch protection settings.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#branch-protection"}},{"name":"Signed-Releases","score":0,"reason":"Project has not signed or included provenance with any releases.","details":["Warn: release artifact v2.76.2 not signed: https://api.github.com/repos/cli/cli/releases/236410564","Warn: release artifact v2.76.1 not signed: https://api.github.com/repos/cli/cli/releases/234663562","Warn: release artifact v2.76.0 not signed: https://api.github.com/repos/cli/cli/releases/233292003","Warn: release artifact v2.75.1 not signed: https://api.github.com/repos/cli/cli/releases/232349293","Warn: release artifact v2.75.0 not signed: https://api.github.com/repos/cli/cli/releases/231177396","Warn: release artifact v2.76.2 does not have provenance: https://api.github.com/repos/cli/cli/releases/236410564","Warn: release artifact v2.76.1 does not have provenance: https://api.github.com/repos/cli/cli/releases/234663562","Warn: release artifact v2.76.0 does not have provenance: https://api.github.com/repos/cli/cli/releases/233292003","Warn: release artifact v2.75.1 does not have provenance: https://api.github.com/repos/cli/cli/releases/232349293","Warn: release artifact v2.75.0 does not have provenance: https://api.github.com/repos/cli/cli/releases/231177396"],"documentation":{"short":"Determines if the project cryptographically signs release artifacts.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#signed-releases"}},{"name":"Pinned-Dependencies","score":4,"reason":"dependency not pinned by hash detected -- score normalized to 4","details":["Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/bump-go.yml:13: update your workflow using https://app.stepsecurity.io/secureworkflow/cli/cli/bump-go.yml/trunk?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/bump-go.yml:16: update your workflow using https://app.stepsecurity.io/secureworkflow/cli/cli/bump-go.yml/trunk?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/codeql.yml:28: update your workflow using https://app.stepsecurity.io/secureworkflow/cli/cli/codeql.yml/trunk?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/codeql.yml:32: update your workflow using https://app.stepsecurity.io/secureworkflow/cli/cli/codeql.yml/trunk?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/codeql.yml:37: update your workflow using https://app.stepsecurity.io/secureworkflow/cli/cli/codeql.yml/trunk?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/codeql.yml:43: update your workflow using https://app.stepsecurity.io/secureworkflow/cli/cli/codeql.yml/trunk?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/codeql.yml:59: update your workflow using https://app.stepsecurity.io/secureworkflow/cli/cli/codeql.yml/trunk?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/deployment.yml:47: update your workflow using https://app.stepsecurity.io/secureworkflow/cli/cli/deployment.yml/trunk?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/deployment.yml:49: update your workflow using https://app.stepsecurity.io/secureworkflow/cli/cli/deployment.yml/trunk?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/deployment.yml:65: update your workflow using https://app.stepsecurity.io/secureworkflow/cli/cli/deployment.yml/trunk?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/deployment.yml:82: update your workflow using https://app.stepsecurity.io/secureworkflow/cli/cli/deployment.yml/trunk?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/deployment.yml:84: update your workflow using https://app.stepsecurity.io/secureworkflow/cli/cli/deployment.yml/trunk?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/deployment.yml:137: update your workflow using https://app.stepsecurity.io/secureworkflow/cli/cli/deployment.yml/trunk?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/deployment.yml:154: update your workflow using https://app.stepsecurity.io/secureworkflow/cli/cli/deployment.yml/trunk?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/deployment.yml:156: update your workflow using https://app.stepsecurity.io/secureworkflow/cli/cli/deployment.yml/trunk?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/deployment.yml:241: update your workflow using https://app.stepsecurity.io/secureworkflow/cli/cli/deployment.yml/trunk?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/deployment.yml:257: update your workflow using https://app.stepsecurity.io/secureworkflow/cli/cli/deployment.yml/trunk?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/deployment.yml:259: update your workflow using https://app.stepsecurity.io/secureworkflow/cli/cli/deployment.yml/trunk?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/deployment.yml:261: update your workflow using https://app.stepsecurity.io/secureworkflow/cli/cli/deployment.yml/trunk?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/detect-spam.yml:17: update your workflow using https://app.stepsecurity.io/secureworkflow/cli/cli/detect-spam.yml/trunk?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/go.yml:21: update your workflow using https://app.stepsecurity.io/secureworkflow/cli/cli/go.yml/trunk?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/go.yml:24: update your workflow using https://app.stepsecurity.io/secureworkflow/cli/cli/go.yml/trunk?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/go.yml:48: update your workflow using https://app.stepsecurity.io/secureworkflow/cli/cli/go.yml/trunk?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/go.yml:51: update your workflow using https://app.stepsecurity.io/secureworkflow/cli/cli/go.yml/trunk?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/govulncheck.yml:13: update your workflow using https://app.stepsecurity.io/secureworkflow/cli/cli/govulncheck.yml/trunk?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/govulncheck.yml:16: update your workflow using https://app.stepsecurity.io/secureworkflow/cli/cli/govulncheck.yml/trunk?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/lint.yml:22: update your workflow using https://app.stepsecurity.io/secureworkflow/cli/cli/lint.yml/trunk?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/lint.yml:25: update your workflow using https://app.stepsecurity.io/secureworkflow/cli/cli/lint.yml/trunk?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/lint.yml:54: update your workflow using https://app.stepsecurity.io/secureworkflow/cli/cli/lint.yml/trunk?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/lint.yml:57: update your workflow using https://app.stepsecurity.io/secureworkflow/cli/cli/lint.yml/trunk?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/pr-help-wanted.yml:22: update your workflow using https://app.stepsecurity.io/secureworkflow/cli/cli/pr-help-wanted.yml/trunk?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/stale-issues.yml:13: update your workflow using https://app.stepsecurity.io/secureworkflow/cli/cli/stale-issues.yml/trunk?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/third-party-licenses.yml:24: update your workflow using https://app.stepsecurity.io/secureworkflow/cli/cli/third-party-licenses.yml/trunk?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/third-party-licenses.yml:29: update your workflow using https://app.stepsecurity.io/secureworkflow/cli/cli/third-party-licenses.yml/trunk?enable=pin","Warn: containerImage not pinned by hash: third-party/github.com/letsencrypt/boulder/test/boulder-tools/Dockerfile:2","Warn: containerImage not pinned by hash: third-party/github.com/letsencrypt/boulder/test/boulder-tools/Dockerfile:19","Warn: containerImage not pinned by hash: third-party/github.com/letsencrypt/boulder/test/boulder-tools/Dockerfile:33: pin your Docker image by updating buildpack-deps:noble-scm to buildpack-deps:noble-scm@sha256:505ca873b239319eae61bac98d944de644ad2376bb869636ae22ec5062100a58","Warn: containerImage not pinned by hash: third-party/github.com/letsencrypt/boulder/test/ct-test-srv/Dockerfile:4","Warn: containerImage not pinned by hash: third-party/github.com/letsencrypt/boulder/test/ct-test-srv/Dockerfile:14: pin your Docker image by updating ubuntu:24.04 to ubuntu:24.04@sha256:7c06e91f61fa88c08cc74f7e1b7c69ae24910d745357e0dfe1d2c0322aaf20f9","Warn: goCommand not pinned by hash: script/licenses:5","Warn: goCommand not pinned by hash: script/licenses-check:5","Warn: goCommand not pinned by hash: third-party/github.com/letsencrypt/boulder/test.sh:278","Warn: pipCommand not pinned by hash: third-party/github.com/letsencrypt/boulder/test/boulder-tools/build.sh:26","Info:   2 out of  36 GitHub-owned GitHubAction dependencies pinned","Info:   8 out of   8 third-party GitHubAction dependencies pinned","Info:   0 out of   5 containerImage dependencies pinned","Info:   8 out of  11 goCommand dependencies pinned","Info:   0 out of   1 pipCommand dependencies pinned"],"documentation":{"short":"Determines if the project has declared and pinned the dependencies of its build process.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#pinned-dependencies"}},{"name":"SAST","score":8,"reason":"SAST tool detected but not run on all commits","details":["Info: SAST configuration detected: CodeQL","Warn: 17 commits out of 30 are checked with a SAST tool"],"documentation":{"short":"Determines if the project uses static code analysis.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#sast"}},{"name":"Vulnerabilities","score":0,"reason":"22 existing vulnerabilities detected","details":["Warn: Project is vulnerable to: GO-2025-3770","Warn: Project is vulnerable to: GHSA-3ww4-gg4f-jr7f","Warn: Project is vulnerable to: GHSA-5cpq-8wj7-hf2v","Warn: Project is vulnerable to: GHSA-9v9h-cgj8-h64p","Warn: Project is vulnerable to: PYSEC-2021-62 / GHSA-hggm-jpg3-v476","Warn: Project is vulnerable to: PYSEC-2017-8 / GHSA-q3cj-2r34-2cwc","Warn: Project is vulnerable to: PYSEC-2018-24 / GHSA-2rcm-phc9-3945","Warn: Project is vulnerable to: PYSEC-2013-31 / GHSA-6748-36qp-fx6r","Warn: Project is vulnerable to: PYSEC-2018-23 / GHSA-p28m-34f6-967q","Warn: Project is vulnerable to: PYSEC-2014-14 / GHSA-652x-xj99-gmcc","Warn: Project is vulnerable to: GHSA-9hjg-9r4m-mvj7","Warn: Project is vulnerable to: GHSA-9wx4-h78v-vm56","Warn: Project is vulnerable to: PYSEC-2014-13 / GHSA-cfj3-7x9c-4p3h","Warn: Project is vulnerable to: PYSEC-2018-28 / GHSA-x84v-xcm2-53pg","Warn: Project is vulnerable to: PYSEC-2018-34 / GHSA-2fc2-6r4j-p65h","Warn: Project is vulnerable to: PYSEC-2021-856 / GHSA-5545-2q6w-2gh6","Warn: Project is vulnerable to: PYSEC-2019-108 / GHSA-9fq2-x9r6-wfmf","Warn: Project is vulnerable to: PYSEC-2018-33 / GHSA-cw6w-4rcx-xphc","Warn: Project is vulnerable to: PYSEC-2021-857 / GHSA-f7c7-j99h-c22f","Warn: Project is vulnerable to: GHSA-fpfv-jqm9-f5jm","Warn: Project is vulnerable to: PYSEC-2017-1 / GHSA-frgw-fgh6-9g52","Warn: Project is vulnerable to: PYSEC-2020-73"],"documentation":{"short":"Determines if the project has open, known unfixed vulnerabilities.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#vulnerabilities"}}]},"last_synced_at":"2025-08-15T14:22:32.243Z","repository_id":36983428,"created_at":"2025-08-15T14:22:32.243Z","updated_at":"2025-08-15T14:22:32.243Z"},"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":28641293,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-01-21T18:04:35.752Z","status":"ssl_error","status_checked_at":"2026-01-21T18:03:55.054Z","response_time":86,"last_error":"SSL_connect returned=1 errno=0 peeraddr=140.82.121.6:443 state=error: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["cli","git","github-api-v4","golang"],"created_at":"2024-07-30T17:00:43.298Z","updated_at":"2026-01-21T20:01:19.341Z","avatar_url":"https://github.com/cli.png","language":"Go","readme":"# GitHub CLI\n\n`gh` is GitHub on the command line. It brings pull requests, issues, and other GitHub concepts to the terminal next to where you are already working with `git` and your code.\n\n![screenshot of gh pr status](https://user-images.githubusercontent.com/98482/84171218-327e7a80-aa40-11ea-8cd1-5177fc2d0e72.png)\n\nGitHub CLI is supported for users on GitHub.com, GitHub Enterprise Cloud, and GitHub Enterprise Server 2.20+ with support for macOS, Windows, and Linux.\n\n## Documentation\n\nFor [installation options see below](#installation), for usage instructions [see the manual]( https://cli.github.com/manual/).\n\n## Contributing\n\nIf anything feels off or if you feel that some functionality is missing, please check out the [contributing page](.github/CONTRIBUTING.md). There you will find instructions for sharing your feedback, building the tool locally, and submitting pull requests to the project.\n\nIf you are a hubber and are interested in shipping new commands for the CLI, check out our [doc on internal contributions](docs/working-with-us.md)\n\n\u003c!-- this anchor is linked to from elsewhere, so avoid renaming it --\u003e\n## Installation\n\n### [macOS](docs/install_macos.md)\n\n- [Homebrew](docs/install_macos.md#homebrew)\n- [Precompiled binaries](docs/install_macos.md#precompiled-binaries) on [releases page][]\n\nFor additional macOS packages and installers, see [community-supported docs](docs/install_macos.md#community-unofficial)\n\n### [Linux \u0026 Unix](docs/install_linux.md)\n\n- [Debian, Raspberry Pi, Ubuntu](docs/install_linux.md#debian)\n- [Amazon Linux, CentOS, Fedora, openSUSE, RHEL, SUSE](docs/install_linux.md#rpm)\n- [Precompiled binaries](docs/install_linux.md#precompiled-binaries) on [releases page][]\n\nFor additional Linux \u0026 Unix packages and installers, see [community-supported docs](docs/install_linux.md#community-unofficial)\n\n### [Windows](docs/install_windows.md)\n\n- [WinGet](docs/install_windows.md#winget)\n- [Precompiled binaries](docs/install_windows.md#precompiled-binaries) on [releases page][]\n\nFor additional Windows packages and installers, see [community-supported docs](docs/install_windows.md#community-unofficial)\n\n### Build from source\n\nSee here on how to [build GitHub CLI from source](docs/install_source.md).\n\n### GitHub Codespaces\n\nTo add GitHub CLI to your codespace, add the following to your [devcontainer file](https://docs.github.com/en/codespaces/setting-up-your-project-for-codespaces/adding-features-to-a-devcontainer-file):\n\n```json\n\"features\": {\n  \"ghcr.io/devcontainers/features/github-cli:1\": {}\n}\n```\n\n### GitHub Actions\n\n[GitHub-hosted runners](https://docs.github.com/en/actions/using-github-hosted-runners/about-github-hosted-runners) have the GitHub CLI pre-installed, which is updated weekly.\n\nIf a specific version is needed, your GitHub Actions workflow will need to install it based on the [macOS](#macos), [Linux \u0026 Unix](#linux--unix), or [Windows](#windows) instructions above.\n\nFor information on all pre-installed tools, see [`actions/runner-images`](https://github.com/actions/runner-images)\n\n### Verification of binaries\n\nSince version 2.50.0, `gh` has been producing [Build Provenance Attestation](https://github.blog/changelog/2024-06-25-artifact-attestations-is-generally-available/), enabling a cryptographically verifiable paper-trail back to the origin GitHub repository, git revision, and build instructions used. The build provenance attestations are signed and rely on Public Good [Sigstore](https://www.sigstore.dev/) for PKI.\n\nThere are two common ways to verify a downloaded release, depending on whether `gh` is already installed or not. If `gh` is installed, it's trivial to verify a new release:\n\n- **Option 1: Using `gh` if already installed:**\n\n  ```shell\n  $ gh at verify -R cli/cli gh_2.62.0_macOS_arm64.zip\n  Loaded digest sha256:fdb77f31b8a6dd23c3fd858758d692a45f7fc76383e37d475bdcae038df92afc for file://gh_2.62.0_macOS_arm64.zip\n  Loaded 1 attestation from GitHub API\n  ✓ Verification succeeded!\n\n  sha256:fdb77f31b8a6dd23c3fd858758d692a45f7fc76383e37d475bdcae038df92afc was attested by:\n  REPO     PREDICATE_TYPE                  WORKFLOW\n  cli/cli  https://slsa.dev/provenance/v1  .github/workflows/deployment.yml@refs/heads/trunk\n  ```\n\n- **Option 2: Using Sigstore [`cosign`](https://github.com/sigstore/cosign):**\n\n  To perform this, download the [attestation](https://github.com/cli/cli/attestations) for the downloaded release and use cosign to verify the authenticity of the downloaded release:\n\n  ```shell\n  $ cosign verify-blob-attestation --bundle cli-cli-attestation-3120304.sigstore.json \\\n        --new-bundle-format \\\n        --certificate-oidc-issuer=\"https://token.actions.githubusercontent.com\" \\\n        --certificate-identity=\"https://github.com/cli/cli/.github/workflows/deployment.yml@refs/heads/trunk\" \\\n        gh_2.62.0_macOS_arm64.zip\n  Verified OK\n  ```\n\n## Comparison with hub\n\nFor many years, [hub](https://github.com/github/hub) was the unofficial GitHub CLI tool. `gh` is a new project that helps us explore\nwhat an official GitHub CLI tool can look like with a fundamentally different design. While both\ntools bring GitHub to the terminal, `hub` behaves as a proxy to `git`, and `gh` is a standalone\ntool. Check out our [more detailed explanation](docs/gh-vs-hub.md) to learn more.\n\n[releases page]: https://github.com/cli/cli/releases/latest\n","funding_links":[],"categories":["Go","Popular","Github","HarmonyOS","Git interfaces","Productivity","Uncategorized","语言资源库","golang","后端开发框架及项目","Tools","OSS CLIs","cli","命令行工具","Developer Tools","App / CLI","GitHub","Terminal"],"sub_categories":["Snippets Manager","Windows Manager","Misc","Kubernetes","Uncategorized","go","管理面板","Go","Command Line Tools","Other"],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fcli%2Fcli","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fcli%2Fcli","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fcli%2Fcli/lists"}