{"id":48070092,"url":"https://github.com/fair-software/howfairis-github-action","last_synced_at":"2026-04-04T14:40:59.272Z","repository":{"id":43113549,"uuid":"292216250","full_name":"fair-software/howfairis-github-action","owner":"fair-software","description":"GitHub Action to analyze a GitHub repository’s compliance with the fair-software.eu recommendations.","archived":false,"fork":false,"pushed_at":"2025-04-11T15:24:54.000Z","size":118,"stargazers_count":20,"open_issues_count":8,"forks_count":6,"subscribers_count":5,"default_branch":"main","last_synced_at":"2025-09-04T19:49:16.559Z","etag":null,"topics":["fair-software","fair4rs","research-software"],"latest_commit_sha":null,"homepage":"","language":"Dockerfile","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/fair-software.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":"CITATION.cff","codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":null,"dco":null,"cla":null}},"created_at":"2020-09-02T07:52:59.000Z","updated_at":"2025-06-09T12:55:03.000Z","dependencies_parsed_at":"2025-09-04T19:47:24.648Z","dependency_job_id":"6c4d66d4-bc64-473a-8d36-d58946c74db2","html_url":"https://github.com/fair-software/howfairis-github-action","commit_stats":null,"previous_names":[],"tags_count":3,"template":false,"template_full_name":null,"purl":"pkg:github/fair-software/howfairis-github-action","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/fair-software%2Fhowfairis-github-action","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/fair-software%2Fhowfairis-github-action/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/fair-software%2Fhowfairis-github-action/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/fair-software%2Fhowfairis-github-action/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/fair-software","download_url":"https://codeload.github.com/fair-software/howfairis-github-action/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/fair-software%2Fhowfairis-github-action/sbom","scorecard":{"id":391503,"data":{"date":"2025-08-11","repo":{"name":"github.com/fair-software/howfairis-github-action","commit":"4c11146488125aa6e1531184eed51d781bcd5871"},"scorecard":{"version":"v5.2.1-40-gf6ed084d","commit":"f6ed084d17c9236477efd66e5b258b9d4cc7b389"},"score":3.4,"checks":[{"name":"Dangerous-Workflow","score":10,"reason":"no dangerous workflow patterns detected","details":null,"documentation":{"short":"Determines if the project's GitHub Action workflows avoid dangerous patterns.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#dangerous-workflow"}},{"name":"Code-Review","score":0,"reason":"Found 1/14 approved changesets -- score normalized to 0","details":null,"documentation":{"short":"Determines if the project requires human code review before pull requests (aka merge requests) are merged.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#code-review"}},{"name":"Binary-Artifacts","score":10,"reason":"no binaries found in the repo","details":null,"documentation":{"short":"Determines if the project has generated executable (binary) artifacts in the source repository.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#binary-artifacts"}},{"name":"Maintained","score":0,"reason":"0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0","details":null,"documentation":{"short":"Determines if the project is \"actively maintained\".","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#maintained"}},{"name":"Packaging","score":-1,"reason":"packaging workflow not detected","details":["Warn: no GitHub/GitLab publishing workflow detected."],"documentation":{"short":"Determines if the project is published as a package that others can easily download, install, easily update, and uninstall.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#packaging"}},{"name":"Token-Permissions","score":0,"reason":"detected GitHub workflow tokens with excessive permissions","details":["Warn: no topLevel permission defined: .github/workflows/selftest.yml:1","Info: no jobLevel write permissions found"],"documentation":{"short":"Determines if the project's workflows follow the principle of least privilege.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#token-permissions"}},{"name":"CII-Best-Practices","score":0,"reason":"no effort to earn an OpenSSF best practices badge detected","details":null,"documentation":{"short":"Determines if the project has an OpenSSF (formerly CII) Best Practices Badge.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#cii-best-practices"}},{"name":"Vulnerabilities","score":10,"reason":"0 existing vulnerabilities detected","details":null,"documentation":{"short":"Determines if the project has open, known unfixed vulnerabilities.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#vulnerabilities"}},{"name":"Security-Policy","score":0,"reason":"security policy file not detected","details":["Warn: no security policy file detected","Warn: no security file to analyze","Warn: no security file to analyze","Warn: no security file to analyze"],"documentation":{"short":"Determines if the project has published a security policy.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#security-policy"}},{"name":"Fuzzing","score":0,"reason":"project is not fuzzed","details":["Warn: no fuzzer integrations found"],"documentation":{"short":"Determines if the project uses fuzzing.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#fuzzing"}},{"name":"Pinned-Dependencies","score":0,"reason":"dependency not pinned by hash detected -- score normalized to 0","details":["Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/selftest.yml:15: update your workflow using https://app.stepsecurity.io/secureworkflow/fair-software/howfairis-github-action/selftest.yml/main?enable=pin","Warn: containerImage not pinned by hash: Dockerfile:1: pin your Docker image by updating python:3.9-alpine to python:3.9-alpine@sha256:372f3cfc1738ed91b64c7d36a7a02d5c3468ec1f60c906872c3fd346dda8cbbb","Warn: pipCommand not pinned by hash: Dockerfile:7-10","Warn: pipCommand not pinned by hash: Dockerfile:7-10","Info:   0 out of   1 GitHub-owned GitHubAction dependencies pinned","Info:   0 out of   1 containerImage dependencies pinned","Info:   0 out of   2 pipCommand dependencies pinned"],"documentation":{"short":"Determines if the project has declared and pinned the dependencies of its build process.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#pinned-dependencies"}},{"name":"License","score":10,"reason":"license file detected","details":["Info: project has a license file: LICENSE:0","Info: FSF or OSI recognized license: Apache License 2.0: LICENSE:0"],"documentation":{"short":"Determines if the project has defined a license.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#license"}},{"name":"Signed-Releases","score":-1,"reason":"no releases found","details":null,"documentation":{"short":"Determines if the project cryptographically signs release artifacts.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#signed-releases"}},{"name":"Branch-Protection","score":0,"reason":"branch protection not enabled on development/release branches","details":["Warn: branch protection not enabled for branch 'main'"],"documentation":{"short":"Determines if the default and release branches are protected with GitHub's branch protection settings.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#branch-protection"}},{"name":"SAST","score":0,"reason":"SAST tool is not run on all commits -- score normalized to 0","details":["Warn: 0 commits out of 20 are checked with a SAST tool"],"documentation":{"short":"Determines if the project uses static code analysis.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#sast"}}]},"last_synced_at":"2025-08-18T17:55:48.141Z","repository_id":43113549,"created_at":"2025-08-18T17:55:48.141Z","updated_at":"2025-08-18T17:55:48.141Z"},"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":31403267,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-04-04T10:20:44.708Z","status":"ssl_error","status_checked_at":"2026-04-04T10:20:06.846Z","response_time":60,"last_error":"SSL_read: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["fair-software","fair4rs","research-software"],"created_at":"2026-04-04T14:40:53.626Z","updated_at":"2026-04-04T14:40:59.257Z","avatar_url":"https://github.com/fair-software.png","language":"Dockerfile","funding_links":[],"categories":[],"sub_categories":[],"readme":"[![ci:selftest](https://github.com/fair-software/howfairis-github-action/actions/workflows/selftest.yml/badge.svg)](https://github.com/fair-software/howfairis-github-action/actions/workflows/selftest.yml)\n[![fair-software.eu](https://img.shields.io/badge/fair--software.eu-%E2%97%8F%20%20%E2%97%8F%20%20%E2%97%8F%20%20%E2%97%8F%20%20%E2%97%8B-yellow)](https://fair-software.eu)\n\n# Assess compliance with fair-software.eu\n\nTo enable this checker, add the following snippet as ``.github/workflows/fair-software.yml`` in your GitHub repository.\n\n```yaml\nname: fair-software\n\non: push\n\njobs:\n  verify:\n    name: \"fair-software\"\n    runs-on: ubuntu-latest\n    steps:\n      - uses: fair-software/howfairis-github-action@0.2.1\n        name: Measure compliance with fair-software.eu recommendations\n        env:\n          PYCHARM_HOSTED: \"Trick colorama into displaying colored output\" \n        with:\n          MY_REPO_URL: \"https://github.com/${{ github.repository }}\"\n```\n\n## FAIR badges explained\n\nThis GitHub action will suggest a badge visualizing compliance with the FAIR Software\nrecommendations as described on [fair-software.eu](https://fair-software.eu/).\n\nThe [Netherlands eScience Center](https://www.esciencecenter.nl/) and [DANS](https://dans.knaw.nl/) launched\nfair-software.eu with five actionable and practical recommendations that help researchers to make their software more\nFAIR (Findable, Accessible, Interoperable, Reusable).\n\n### What do we mean by compliance\n\nThe GitHub Action does checks on the repository it runs on, and rates the repository according to these 5 aspects:\n\n1. [``repository``](https://fair-software.eu/recommendations/repository): Is the software in a publicly accessible\nrepository with version control?\n1. [``license``](https://fair-software.eu/recommendations/license): Is there a license file? The license does not have\nto be OSI approved license, but it has to be one of the standard licenses.\n1. [``registry``](https://fair-software.eu/recommendations/registry): Is the software registered in one or more software\nregistries? You can find an extensive list of registries in the [Awesome Research Software\nRegistries](https://github.com/NLeSC/awesome-research-software-registries)\n1. [``citation``](https://fair-software.eu/recommendations/citation): Can the repository be cited easily? For example,\nthis can be done by including a ``CITATION.cff`` file, that uses [Citation File\nFormat](https://citation-file-format.github.io/).\n1. [``checklist``](https://fair-software.eu/recommendations/checklist): Do the developers of the software use a software\nquality checklist?\n\nThrough this GitHub action and the badges that it generates, we want to incentivize Research Software Engineers and\nresearchers who develop software to implement these Five recommendations for FAIR software, by making their effort and\ncompliance with the [fair-software.eu](https://fair-software.eu) recommendations more visible to the rest of the world.\nWe also want to promote the recommendations to a wider audience.\n\n### How to interpret FAIR badges?\n\nThe color of the badge depends on the level of compliance; the pattern of filled and empty circles will vary depending\nwhat aspects the software complies with.\n\nEach circle represents one of the recommendations, meaning the first symbol represents the first recommendation, _Use a\npublicly accessible repository with version control_, the second symbol represents the second recommendations, and so\non. You can find more information about the recommendations on [fair-software.eu](https://fair-software.eu/).\n\n#### Here are some examples:\n\n![](https://img.shields.io/badge/fair--software.eu-%E2%97%8B%20%E2%97%8B%20%E2%97%8F%20%E2%97%8B%20%E2%97%8B-red)\n\nThis badge's red color means that the repository complies with 0 or 1 recommendations. The state of the third circle\nindicates the software has been registered in a community registry.\n\n![](https://img.shields.io/badge/fair--software.eu-%E2%97%8F%20%E2%97%8B%20%E2%97%8F%20%E2%97%8F%20%E2%97%8B-orange)\n\nThe repository with this badge complies with 3 out of 5 recommendations, hence its color is orange. It is a publicly\naccessible repository with version control. It has been registered in a community registry, and it contains citation\ninformation. There is no license in this repository, and the project does not use a checklist.\n\n![](https://img.shields.io/badge/fair--software.eu-%E2%97%8F%20%E2%97%8F%20%E2%97%8F%20%E2%97%8F%20%E2%97%8B-yellow)\n\nA yellow badge means the repository complies with 4 recommendations.\n\n![](https://img.shields.io/badge/fair--software.eu-%E2%97%8F%20%E2%97%8F%20%E2%97%8F%20%E2%97%8F%20%E2%97%8F-green)\n\nA green badge means the repository complies with all 5 recommendations.\n\n## For developers\n\nBuilding the docker image:\n\n```shell\n# (from project root directory)\ndocker build -t howfairis .\n```\n\nRunning the dockerized ``howfairis`` locally:\n\n```shell\n# show howfairis'es help\ndocker run -ti howfairis --help\n```\n\n```shell\n# start the analysis for a github repo\ndocker run -ti howfairis https://github.com/owner/repo\n\n# start the analysis for a gitlab repo\ndocker run -ti howfairis https://gitlab.com/owner/repo\n```\n\n```shell\n# show howfairis'es version\ndocker run -ti howfairis --version\n```\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Ffair-software%2Fhowfairis-github-action","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Ffair-software%2Fhowfairis-github-action","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Ffair-software%2Fhowfairis-github-action/lists"}