{"id":19209426,"url":"https://github.com/devtron-labs/winter-soldier","last_synced_at":"2026-03-04T08:02:36.785Z","repository":{"id":45939843,"uuid":"341839418","full_name":"devtron-labs/winter-soldier","owner":"devtron-labs","description":"Scale down or delete unneeded workload after work hours based on conditions","archived":false,"fork":false,"pushed_at":"2024-08-30T14:14:27.000Z","size":8782,"stargazers_count":184,"open_issues_count":8,"forks_count":25,"subscribers_count":4,"default_branch":"main","last_synced_at":"2025-10-19T13:45:58.503Z","etag":null,"topics":["cleanup","cost-saving","delete","garbage-collector","hibernate","kubernetes","resource-management","scale-down"],"latest_commit_sha":null,"homepage":"https://devtron.ai","language":"Go","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/devtron-labs.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":"CODE_OF_CONDUCT.md","threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2021-02-24T09:02:27.000Z","updated_at":"2025-10-07T16:26:09.000Z","dependencies_parsed_at":"2024-06-20T04:25:16.129Z","dependency_job_id":"bd84be8f-0d47-4046-afa1-eb6ba41bd740","html_url":"https://github.com/devtron-labs/winter-soldier","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"purl":"pkg:github/devtron-labs/winter-soldier","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/devtron-labs%2Fwinter-soldier","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/devtron-labs%2Fwinter-soldier/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/devtron-labs%2Fwinter-soldier/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/devtron-labs%2Fwinter-soldier/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/devtron-labs","download_url":"https://codeload.github.com/devtron-labs/winter-soldier/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/devtron-labs%2Fwinter-soldier/sbom","scorecard":{"id":338521,"data":{"date":"2025-08-11","repo":{"name":"github.com/devtron-labs/winter-soldier","commit":"3dda8480ee37996ed15aa06768fee0999beaf7c5"},"scorecard":{"version":"v5.2.1-40-gf6ed084d","commit":"f6ed084d17c9236477efd66e5b258b9d4cc7b389"},"score":3.2,"checks":[{"name":"Maintained","score":0,"reason":"0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0","details":null,"documentation":{"short":"Determines if the project is \"actively maintained\".","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#maintained"}},{"name":"Packaging","score":-1,"reason":"packaging workflow not detected","details":["Warn: no GitHub/GitLab publishing workflow detected."],"documentation":{"short":"Determines if the project is published as a package that others can easily download, install, easily update, and uninstall.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#packaging"}},{"name":"Code-Review","score":8,"reason":"Found 8/10 approved changesets -- score normalized to 8","details":null,"documentation":{"short":"Determines if the project requires human code review before pull requests (aka merge requests) are merged.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#code-review"}},{"name":"Token-Permissions","score":-1,"reason":"No tokens found","details":null,"documentation":{"short":"Determines if the project's workflows follow the principle of least privilege.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#token-permissions"}},{"name":"Dangerous-Workflow","score":-1,"reason":"no workflows found","details":null,"documentation":{"short":"Determines if the project's GitHub Action workflows avoid dangerous patterns.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#dangerous-workflow"}},{"name":"CII-Best-Practices","score":0,"reason":"no effort to earn an OpenSSF best practices badge detected","details":null,"documentation":{"short":"Determines if the project has an OpenSSF (formerly CII) Best Practices Badge.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#cii-best-practices"}},{"name":"Fuzzing","score":0,"reason":"project is not fuzzed","details":["Warn: no fuzzer integrations found"],"documentation":{"short":"Determines if the project uses fuzzing.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#fuzzing"}},{"name":"License","score":0,"reason":"license file not detected","details":["Warn: project does not have a license file"],"documentation":{"short":"Determines if the project has defined a license.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#license"}},{"name":"Signed-Releases","score":-1,"reason":"no releases found","details":null,"documentation":{"short":"Determines if the project cryptographically signs release artifacts.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#signed-releases"}},{"name":"Binary-Artifacts","score":10,"reason":"no binaries found in the repo","details":null,"documentation":{"short":"Determines if the project has generated executable (binary) artifacts in the source repository.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#binary-artifacts"}},{"name":"Branch-Protection","score":6,"reason":"branch protection is not maximal on development and all release branches","details":["Info: 'allow deletion' disabled on branch 'main'","Info: 'force pushes' disabled on branch 'main'","Info: 'branch protection settings apply to administrators' is required to merge on branch 'main'","Info: 'stale review dismissal' is required to merge on branch 'main'","Info: required approving review count is 2 on branch 'main'","Warn: codeowners review is required - but no codeowners file found in repo","Info: 'last push approval' is required to merge on branch 'main'","Warn: no status checks found to merge onto branch 'main'","Info: PRs are required in order to make changes on branch 'main'"],"documentation":{"short":"Determines if the default and release branches are protected with GitHub's branch protection settings.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#branch-protection"}},{"name":"Security-Policy","score":0,"reason":"security policy file not detected","details":["Warn: no security policy file detected","Warn: no security file to analyze","Warn: no security file to analyze","Warn: no security file to analyze"],"documentation":{"short":"Determines if the project has published a security policy.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#security-policy"}},{"name":"Pinned-Dependencies","score":4,"reason":"dependency not pinned by hash detected -- score normalized to 4","details":["Info: Possibly incomplete results: error parsing shell code: \"foo(\" must be followed by ): vendor/sigs.k8s.io/controller-runtime/Makefile:0","Warn: containerImage not pinned by hash: Dockerfile:2","Warn: containerImage not pinned by hash: Dockerfile:23: pin your Docker image by updating gcr.io/distroless/static:nonroot to gcr.io/distroless/static:nonroot@sha256:cdf4daaf154e3e27cfffc799c16f343a384228f38646928a1513d925f473cb46","Warn: goCommand not pinned by hash: vendor/github.com/json-iterator/go/build.sh:10","Info:   2 out of   3 goCommand dependencies pinned","Info:   0 out of   2 containerImage dependencies pinned"],"documentation":{"short":"Determines if the project has declared and pinned the dependencies of its build process.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#pinned-dependencies"}},{"name":"SAST","score":0,"reason":"SAST tool is not run on all commits -- score normalized to 0","details":["Warn: 2 commits out of 28 are checked with a SAST tool"],"documentation":{"short":"Determines if the project uses static code analysis.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#sast"}},{"name":"Vulnerabilities","score":0,"reason":"16 existing vulnerabilities detected","details":["Warn: Project is vulnerable to: GO-2022-0619 / GHSA-r48q-9g5r-8q2h","Warn: Project is vulnerable to: GO-2022-0969 / GHSA-69cg-p879-7622","Warn: Project is vulnerable to: GO-2022-1144 / GHSA-xrjj-mj9h-534m","Warn: Project is vulnerable to: GO-2023-1571 / GHSA-vvpx-j8f3-3w6h","Warn: Project is vulnerable to: GO-2023-1988 / GHSA-2wrh-6pvc-2jm9","Warn: Project is vulnerable to: GO-2023-2102 / GHSA-4374-p667-p6c8","Warn: Project is vulnerable to: GHSA-qppj-fm5r-hxr3","Warn: Project is vulnerable to: GO-2024-2687 / GHSA-4v7x-pqxf-cx7m","Warn: Project is vulnerable to: GO-2024-3333","Warn: Project is vulnerable to: GO-2025-3503 / GHSA-qxp5-gwg8-xv66","Warn: Project is vulnerable to: GO-2025-3595 / GHSA-vvgc-356p-c3xw","Warn: Project is vulnerable to: GO-2025-3488 / GHSA-6v2p-p543-phr9","Warn: Project is vulnerable to: GO-2022-0493 / GHSA-p782-xgp4-8hr8","Warn: Project is vulnerable to: GO-2022-1059 / GHSA-69ch-w2m2-3vjp","Warn: Project is vulnerable to: GO-2024-2611 / GHSA-8r3f-844c-mc37","Warn: Project is vulnerable to: GO-2022-0603 / GHSA-hp87-p4gw-j4gq"],"documentation":{"short":"Determines if the project has open, known unfixed vulnerabilities.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#vulnerabilities"}}]},"last_synced_at":"2025-08-18T05:15:56.039Z","repository_id":45939843,"created_at":"2025-08-18T05:15:56.039Z","updated_at":"2025-08-18T05:15:56.039Z"},"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":30075918,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-03-04T08:01:56.766Z","status":"ssl_error","status_checked_at":"2026-03-04T08:00:42.919Z","response_time":59,"last_error":"SSL_connect returned=1 errno=0 peeraddr=140.82.121.5:443 state=error: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["cleanup","cost-saving","delete","garbage-collector","hibernate","kubernetes","resource-management","scale-down"],"created_at":"2024-11-09T13:30:57.255Z","updated_at":"2026-03-04T08:02:36.767Z","avatar_url":"https://github.com/devtron-labs.png","language":"Go","funding_links":[],"categories":[],"sub_categories":[],"readme":"# Winter Soldier\nWinter Soldier can be used to\n\n- cleans up (delete) Kubernetes resources\n- reduce workload pods to 0\n\nat user defined time of the day and conditions.\nWinter Soldier is an operator which expects conditions to be defined using CRD hibernator.\n\n## Motivation\nOvertime Kubernetes clusters end up with workloads which have outlived their utility and add to the TCO of infrastructure.  Some prominent use cases are\n\n1. Microservices in QA environment are not required during off-work hours or during weekends\n2. UAT environment is required only before releasing to production but is kept running because of time required to bring it up\n3. Workload created for POC purpose, eg - Kafka, Mongodb, SQL workload, are left running long after POC is done\n\n## Configuration\n### Actions\nWinter Soldier supports two type of actions on the workload\n#### Delete\nThis action can be used to delete any Kubernetes object. eg\n ```yaml\n spec:\n  action: delete\n```\n#### Sleep\nThis condition can be used to change replicas of workload to 0. eg\n```yaml\nspec:\n  action: sleep\n```\nAt the end of hibernation cycle it sets replica count of workload to same number as it was before hibernation.\n### Conditions\nHibernator uses [gjson](https://github.com/tidwall/gjson) to select fields in Kubernetes objects and [expr](github.com/antonmedv/expr) for conditions. Please check them out for advanced cases.\n\nObjects can be included and excluded based on\n1. Label Selector\n2. Object Kind\n3. Name\n4. Namespace\n5. Any field in the kubernetes object\n\n```yaml\nselectors:\n- inclusions:\n  - objectSelector:\n      name: \"\"\n      type: \"deployment\"\n      fieldSelector:\n      - AfterTime(Now(), AddTime(ParseTime({{metadata.creationTimestamp}}, '2006-01-02T15:04:05Z'), '10h'))\n    namespaceSelector:\n      name: \"all\"\n  exclusions: \n  - objectSelector:\n      name: \"\"\n      type: \"deployment\"\n    namespaceSelector:\n      name: \"kube-system\"\n```\nThe above example will select `Deployment` kind objects which have been created 10 hours ago across all namespaces excluding `kube-system` namespace. Winter soldier exposes following functions to handle time, cpu and memory.\n\n1. ParseTime - This function can be used to parse time. For eg to parse creationTimestamp use `ParseTime({{metadata.creationTimestamp}}, '2006-01-02T15:04:05Z')`\n2. AddTime - This can be used to add time. For eg `AddTime(ParseTime({{metadata.creationTimestamp}}, '2006-01-02T15:04:05Z'), '-10h')` ll add 10h to the time. Use `d` for day, `h` for hour, `m` for minutes and `s` for seconds. Use negative number to get earlier time.\n3. Now - This can be used to get current time.\n4. CpuToNumber - This can be used to compare CPU. For eg `any({{spec.containers.#.resources.requests}}, { MemoryToNumber(.memory) \u003c MemoryToNumber('60Mi')})` will check if any `resource.requests` is less than `60Mi`\n\n### Time Range\nThis defines the execution time\n\n```yaml\nspec:\n  action: sleep\n  timeRangesWithZone:\n    reSyncInterval: 300 # in minutes\n    timeZone: \"Asia/Kolkata\"\n    timeRanges:\n      - timeFrom: 00:00\n        timeTo: 23:59:59\n        weekdayFrom: Sat\n        weekdayTo: Sun\n      - timeFrom: 00:00\n        timeTo: 08:00\n        weekdayFrom: Mon\n        weekdayTo: Fri\n      - timeFrom: 20:00\n        timeTo: 23:59:59\n        weekdayFrom: Mon\n        weekdayTo: Fri\n```\nAbove settings will take action on Sat and Sun from 00:00 to 23:59:59, and on Mon-Fri from 00:00 to 08:00 and 20:00 to 23:59:59. If `action:sleep` then runs hibernate at `timeFrom` and unhibernate at `timeTo`.  If `action: delete` then it will delete workloads at `timeFrom` and `timeTo`.\n\n### Other Configurations\n1. Pause - To pause execution\n```yaml\nspec:\n  pause: true\n```\n2. PauseUntil - To pause execution\n```yaml\nspec:\n  pauseUntil: \"Jan 2, 2026 3:04pm\"\n```\n3. Hibernate - Hibernates immediately till this flag is unset\n```yaml\nspec:\n  hibernate: true\n```\n4. UnHiberbate - UnHibernates immediately till this flag is unset\n```yaml\nspec:\n  unHibernate: true\n```\n** Please Note: If both hibernate and unHibernate flag are set then hibernate flag is ignored\n\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fdevtron-labs%2Fwinter-soldier","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fdevtron-labs%2Fwinter-soldier","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fdevtron-labs%2Fwinter-soldier/lists"}