{"id":13738248,"url":"https://github.com/fidelity/spock","last_synced_at":"2026-03-09T22:30:51.199Z","repository":{"id":38821914,"uuid":"285909792","full_name":"fidelity/spock","owner":"fidelity","description":"spock is a framework that helps manage complex parameter configurations during research and development of Python applications","archived":false,"fork":false,"pushed_at":"2023-11-03T15:13:02.000Z","size":3799,"stargazers_count":141,"open_issues_count":19,"forks_count":13,"subscribers_count":3,"default_branch":"master","last_synced_at":"2025-11-27T13:57:18.918Z","etag":null,"topics":["configuration-management","machine-learning","python3"],"latest_commit_sha":null,"homepage":"https://fidelity.github.io/spock/","language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/fidelity.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":"CONTRIBUTING.md","funding":null,"license":"LICENSE.txt","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":"CODEOWNERS","security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null}},"created_at":"2020-08-07T19:52:42.000Z","updated_at":"2025-10-15T17:56:55.000Z","dependencies_parsed_at":"2023-02-14T07:00:27.316Z","dependency_job_id":"668b7b49-47b8-449e-b5d8-73d941050aae","html_url":"https://github.com/fidelity/spock","commit_stats":{"total_commits":225,"total_committers":5,"mean_commits":45.0,"dds":0.3866666666666667,"last_synced_commit":"47bf3cf48d3e45f8c6b435b047ecdb0598627751"},"previous_names":[],"tags_count":39,"template":false,"template_full_name":null,"purl":"pkg:github/fidelity/spock","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/fidelity%2Fspock","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/fidelity%2Fspock/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/fidelity%2Fspock/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/fidelity%2Fspock/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/fidelity","download_url":"https://codeload.github.com/fidelity/spock/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/fidelity%2Fspock/sbom","scorecard":{"id":399023,"data":{"date":"2025-08-11","repo":{"name":"github.com/fidelity/spock","commit":"2e40d0426f0f53b4254c329c0f96c16a3e2726d5"},"scorecard":{"version":"v5.2.1-40-gf6ed084d","commit":"f6ed084d17c9236477efd66e5b258b9d4cc7b389"},"score":4.2,"checks":[{"name":"Maintained","score":0,"reason":"0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0","details":null,"documentation":{"short":"Determines if the project is \"actively maintained\".","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#maintained"}},{"name":"Code-Review","score":6,"reason":"Found 2/3 approved changesets -- score normalized to 6","details":null,"documentation":{"short":"Determines if the project requires human code review before pull requests (aka merge requests) are merged.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#code-review"}},{"name":"Dangerous-Workflow","score":10,"reason":"no dangerous workflow patterns detected","details":null,"documentation":{"short":"Determines if the project's GitHub Action workflows avoid dangerous patterns.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#dangerous-workflow"}},{"name":"Packaging","score":-1,"reason":"packaging workflow not detected","details":["Warn: no GitHub/GitLab publishing workflow detected."],"documentation":{"short":"Determines if the project is published as a package that others can easily download, install, easily update, and uninstall.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#packaging"}},{"name":"Binary-Artifacts","score":10,"reason":"no binaries found in the repo","details":null,"documentation":{"short":"Determines if the project has generated executable (binary) artifacts in the source repository.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#binary-artifacts"}},{"name":"Token-Permissions","score":0,"reason":"detected GitHub workflow tokens with excessive permissions","details":["Warn: no topLevel permission defined: .github/workflows/python-coverage.yaml:1","Warn: no topLevel permission defined: .github/workflows/python-docs.yaml:1","Warn: no topLevel permission defined: .github/workflows/python-lint.yaml:1","Warn: no topLevel permission defined: .github/workflows/python-manual-docs.yaml:1","Warn: no topLevel permission defined: .github/workflows/python-publish.yaml:1","Warn: no topLevel permission defined: .github/workflows/python-pytest-s3.yaml:1","Warn: no topLevel permission defined: .github/workflows/python-pytest-tune.yaml:1","Warn: no topLevel permission defined: .github/workflows/python-pytest.yml:1","Warn: no topLevel permission defined: .github/workflows/python-test-docs.yaml:1","Info: no jobLevel write permissions found"],"documentation":{"short":"Determines if the project's workflows follow the principle of least privilege.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#token-permissions"}},{"name":"CII-Best-Practices","score":5,"reason":"badge detected: Passing","details":null,"documentation":{"short":"Determines if the project has an OpenSSF (formerly CII) Best Practices Badge.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#cii-best-practices"}},{"name":"License","score":10,"reason":"license file detected","details":["Info: project has a license file: LICENSE.txt:0","Info: FSF or OSI recognized license: Apache License 2.0: LICENSE.txt:0"],"documentation":{"short":"Determines if the project has defined a license.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#license"}},{"name":"Pinned-Dependencies","score":0,"reason":"dependency not pinned by hash detected -- score normalized to 0","details":["Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/python-coverage.yaml:17: update your workflow using https://app.stepsecurity.io/secureworkflow/fidelity/spock/python-coverage.yaml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/python-coverage.yaml:20: update your workflow using https://app.stepsecurity.io/secureworkflow/fidelity/spock/python-coverage.yaml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/python-coverage.yaml:24: update your workflow using https://app.stepsecurity.io/secureworkflow/fidelity/spock/python-coverage.yaml/master?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/python-coverage.yaml:46: update your workflow using https://app.stepsecurity.io/secureworkflow/fidelity/spock/python-coverage.yaml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/python-docs.yaml:16: update your workflow using https://app.stepsecurity.io/secureworkflow/fidelity/spock/python-docs.yaml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/python-docs.yaml:18: update your workflow using https://app.stepsecurity.io/secureworkflow/fidelity/spock/python-docs.yaml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/python-docs.yaml:22: update your workflow using https://app.stepsecurity.io/secureworkflow/fidelity/spock/python-docs.yaml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/python-docs.yaml:36: update your workflow using https://app.stepsecurity.io/secureworkflow/fidelity/spock/python-docs.yaml/master?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/python-docs.yaml:49: update your workflow using https://app.stepsecurity.io/secureworkflow/fidelity/spock/python-docs.yaml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/python-lint.yaml:18: update your workflow using https://app.stepsecurity.io/secureworkflow/fidelity/spock/python-lint.yaml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/python-lint.yaml:20: update your workflow using https://app.stepsecurity.io/secureworkflow/fidelity/spock/python-lint.yaml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/python-lint.yaml:24: update your workflow using https://app.stepsecurity.io/secureworkflow/fidelity/spock/python-lint.yaml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/python-manual-docs.yaml:13: update your workflow using https://app.stepsecurity.io/secureworkflow/fidelity/spock/python-manual-docs.yaml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/python-manual-docs.yaml:15: update your workflow using https://app.stepsecurity.io/secureworkflow/fidelity/spock/python-manual-docs.yaml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/python-manual-docs.yaml:19: update your workflow using https://app.stepsecurity.io/secureworkflow/fidelity/spock/python-manual-docs.yaml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/python-manual-docs.yaml:33: update your workflow using https://app.stepsecurity.io/secureworkflow/fidelity/spock/python-manual-docs.yaml/master?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/python-manual-docs.yaml:46: update your workflow using https://app.stepsecurity.io/secureworkflow/fidelity/spock/python-manual-docs.yaml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/python-publish.yaml:17: update your workflow using https://app.stepsecurity.io/secureworkflow/fidelity/spock/python-publish.yaml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/python-publish.yaml:21: update your workflow using https://app.stepsecurity.io/secureworkflow/fidelity/spock/python-publish.yaml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/python-pytest-s3.yaml:20: update your workflow using https://app.stepsecurity.io/secureworkflow/fidelity/spock/python-pytest-s3.yaml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/python-pytest-s3.yaml:22: update your workflow using https://app.stepsecurity.io/secureworkflow/fidelity/spock/python-pytest-s3.yaml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/python-pytest-s3.yaml:26: update your workflow using https://app.stepsecurity.io/secureworkflow/fidelity/spock/python-pytest-s3.yaml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/python-pytest-s3.yaml:43: update your workflow using https://app.stepsecurity.io/secureworkflow/fidelity/spock/python-pytest-s3.yaml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/python-pytest-tune.yaml:20: update your workflow using https://app.stepsecurity.io/secureworkflow/fidelity/spock/python-pytest-tune.yaml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/python-pytest-tune.yaml:22: update your workflow using https://app.stepsecurity.io/secureworkflow/fidelity/spock/python-pytest-tune.yaml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/python-pytest-tune.yaml:26: update your workflow using https://app.stepsecurity.io/secureworkflow/fidelity/spock/python-pytest-tune.yaml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/python-pytest-tune.yaml:45: update your workflow using https://app.stepsecurity.io/secureworkflow/fidelity/spock/python-pytest-tune.yaml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/python-pytest.yml:20: update your workflow using https://app.stepsecurity.io/secureworkflow/fidelity/spock/python-pytest.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/python-pytest.yml:22: update your workflow using https://app.stepsecurity.io/secureworkflow/fidelity/spock/python-pytest.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/python-pytest.yml:26: update your workflow using https://app.stepsecurity.io/secureworkflow/fidelity/spock/python-pytest.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/python-pytest.yml:42: update your workflow using https://app.stepsecurity.io/secureworkflow/fidelity/spock/python-pytest.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/python-test-docs.yaml:20: update your workflow using https://app.stepsecurity.io/secureworkflow/fidelity/spock/python-test-docs.yaml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/python-test-docs.yaml:22: update your workflow using https://app.stepsecurity.io/secureworkflow/fidelity/spock/python-test-docs.yaml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/python-test-docs.yaml:26: update your workflow using https://app.stepsecurity.io/secureworkflow/fidelity/spock/python-test-docs.yaml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/python-test-docs.yaml:36: update your workflow using https://app.stepsecurity.io/secureworkflow/fidelity/spock/python-test-docs.yaml/master?enable=pin","Warn: pipCommand not pinned by hash: .github/workflows/python-coverage.yaml:31","Warn: pipCommand not pinned by hash: .github/workflows/python-coverage.yaml:32","Warn: pipCommand not pinned by hash: .github/workflows/python-coverage.yaml:33","Warn: pipCommand not pinned by hash: .github/workflows/python-coverage.yaml:34","Warn: pipCommand not pinned by hash: .github/workflows/python-coverage.yaml:35","Warn: pipCommand not pinned by hash: .github/workflows/python-coverage.yaml:36","Warn: pipCommand not pinned by hash: .github/workflows/python-docs.yaml:29","Warn: pipCommand not pinned by hash: .github/workflows/python-docs.yaml:30","Warn: pipCommand not pinned by hash: .github/workflows/python-docs.yaml:32","Warn: pipCommand not pinned by hash: .github/workflows/python-docs.yaml:33","Warn: pipCommand not pinned by hash: .github/workflows/python-docs.yaml:34","Warn: pipCommand not pinned by hash: .github/workflows/python-lint.yaml:31","Warn: pipCommand not pinned by hash: .github/workflows/python-lint.yaml:32","Warn: pipCommand not pinned by hash: .github/workflows/python-lint.yaml:33","Warn: pipCommand not pinned by hash: .github/workflows/python-lint.yaml:34","Warn: pipCommand not pinned by hash: .github/workflows/python-lint.yaml:35","Warn: pipCommand not pinned by hash: .github/workflows/python-lint.yaml:36","Warn: pipCommand not pinned by hash: .github/workflows/python-manual-docs.yaml:26","Warn: pipCommand not pinned by hash: .github/workflows/python-manual-docs.yaml:27","Warn: pipCommand not pinned by hash: .github/workflows/python-manual-docs.yaml:28","Warn: pipCommand not pinned by hash: .github/workflows/python-manual-docs.yaml:29","Warn: pipCommand not pinned by hash: .github/workflows/python-manual-docs.yaml:30","Warn: pipCommand not pinned by hash: .github/workflows/python-manual-docs.yaml:31","Warn: pipCommand not pinned by hash: .github/workflows/python-publish.yaml:26","Warn: pipCommand not pinned by hash: .github/workflows/python-publish.yaml:27","Warn: pipCommand not pinned by hash: .github/workflows/python-pytest-s3.yaml:33","Warn: pipCommand not pinned by hash: .github/workflows/python-pytest-s3.yaml:34","Warn: pipCommand not pinned by hash: .github/workflows/python-pytest-s3.yaml:35","Warn: pipCommand not pinned by hash: .github/workflows/python-pytest-s3.yaml:36","Warn: pipCommand not pinned by hash: .github/workflows/python-pytest-tune.yaml:33","Warn: pipCommand not pinned by hash: .github/workflows/python-pytest-tune.yaml:34","Warn: pipCommand not pinned by hash: .github/workflows/python-pytest-tune.yaml:35","Warn: pipCommand not pinned by hash: .github/workflows/python-pytest-tune.yaml:36","Warn: pipCommand not pinned by hash: .github/workflows/python-pytest-tune.yaml:37","Warn: pipCommand not pinned by hash: .github/workflows/python-pytest-tune.yaml:38","Warn: pipCommand not pinned by hash: .github/workflows/python-pytest.yml:33","Warn: pipCommand not pinned by hash: .github/workflows/python-pytest.yml:34","Warn: pipCommand not pinned by hash: .github/workflows/python-pytest.yml:35","Warn: pipCommand not pinned by hash: .github/workflows/python-test-docs.yaml:33","Warn: pipCommand not pinned by hash: .github/workflows/python-test-docs.yaml:34","Info:   0 out of  32 GitHub-owned GitHubAction dependencies pinned","Info:   0 out of   3 third-party GitHubAction dependencies pinned","Info:   0 out of  40 pipCommand dependencies pinned","Info:   3 out of   3 npmCommand dependencies pinned"],"documentation":{"short":"Determines if the project has declared and pinned the dependencies of its build process.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#pinned-dependencies"}},{"name":"Fuzzing","score":0,"reason":"project is not fuzzed","details":["Warn: no fuzzer integrations found"],"documentation":{"short":"Determines if the project uses fuzzing.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#fuzzing"}},{"name":"Signed-Releases","score":-1,"reason":"no releases found","details":null,"documentation":{"short":"Determines if the project cryptographically signs release artifacts.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#signed-releases"}},{"name":"Branch-Protection","score":-1,"reason":"internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration","details":null,"documentation":{"short":"Determines if the default and release branches are protected with GitHub's branch protection settings.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#branch-protection"}},{"name":"Security-Policy","score":10,"reason":"security policy file detected","details":["Info: security policy file detected: github.com/fidelity/.github/SECURITY.md:1","Info: Found linked content: github.com/fidelity/.github/SECURITY.md:1","Info: Found disclosure, vulnerability, and/or timelines in security policy: github.com/fidelity/.github/SECURITY.md:1","Info: Found text in security policy: github.com/fidelity/.github/SECURITY.md:1"],"documentation":{"short":"Determines if the project has published a security policy.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#security-policy"}},{"name":"SAST","score":0,"reason":"SAST tool is not run on all commits -- score normalized to 0","details":["Warn: 0 commits out of 29 are checked with a SAST tool"],"documentation":{"short":"Determines if the project uses static code analysis.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#sast"}},{"name":"Vulnerabilities","score":0,"reason":"76 existing vulnerabilities detected","details":["Warn: Project is vulnerable to: GHSA-968p-4wvh-cqc8","Warn: Project is vulnerable to: GHSA-67hx-6x53-jw92","Warn: Project is vulnerable to: GHSA-c2jc-4fpr-4vhg","Warn: Project is vulnerable to: GHSA-93q8-gq69-wqmw","Warn: Project is vulnerable to: GHSA-fwr7-v2mv-hh25","Warn: Project is vulnerable to: GHSA-wf5p-g6vw-rhxx","Warn: Project is vulnerable to: GHSA-jr5f-v2jv-69x6","Warn: Project is vulnerable to: GHSA-qwcr-r2fm-qrc7","Warn: Project is vulnerable to: GHSA-v6h2-p8h4-qcjw","Warn: Project is vulnerable to: GHSA-grv7-fg5c-xmjg","Warn: Project is vulnerable to: GHSA-w8qv-6jwh-64r5","Warn: Project is vulnerable to: GHSA-pxg6-pf52-xh8x","Warn: Project is vulnerable to: GHSA-7gc6-qh9x-w6h8","Warn: Project is vulnerable to: GHSA-3xgq-45jj-v275","Warn: Project is vulnerable to: GHSA-w573-4hg7-7wgq","Warn: Project is vulnerable to: GHSA-mf6x-hrgr-658f","Warn: Project is vulnerable to: GHSA-xrh7-m5pp-39r6","Warn: Project is vulnerable to: GHSA-6h5x-7c5m-7cr7","Warn: Project is vulnerable to: GHSA-rv95-896h-c2vc","Warn: Project is vulnerable to: GHSA-qw6h-vgh9-j6wx","Warn: Project is vulnerable to: GHSA-74fj-2j2h-c42q","Warn: Project is vulnerable to: GHSA-pw2r-vq6v-hr8c","Warn: Project is vulnerable to: GHSA-jchw-25xp-jwwc","Warn: Project is vulnerable to: GHSA-cxjh-pqwp-8mfp","Warn: Project is vulnerable to: GHSA-pfrx-2q88-qq97","Warn: Project is vulnerable to: GHSA-rc47-6667-2j5j","Warn: Project is vulnerable to: GHSA-c7qv-q95q-8v27","Warn: Project is vulnerable to: GHSA-33f9-j839-rf8h","Warn: Project is vulnerable to: GHSA-c36v-fmgq-m8hx","Warn: Project is vulnerable to: GHSA-78xj-cgh5-2h22","Warn: Project is vulnerable to: GHSA-2p57-rm9w-gvfp","Warn: Project is vulnerable to: GHSA-9c47-m6qq-7p4h","Warn: Project is vulnerable to: GHSA-76p3-8jx3-jpfq","Warn: Project is vulnerable to: GHSA-3rfm-jhwj-7488","Warn: Project is vulnerable to: GHSA-hhq3-ff78-jv3g","Warn: Project is vulnerable to: GHSA-p6mc-m468-83gw","Warn: Project is vulnerable to: GHSA-952p-6rrq-rcjv","Warn: Project is vulnerable to: GHSA-f8q6-p94x-37v3","Warn: Project is vulnerable to: GHSA-xvch-5gv4-984h","Warn: Project is vulnerable to: GHSA-qrpm-p2h7-hrv2","Warn: Project is vulnerable to: GHSA-mwcw-c2x4-8c55","Warn: Project is vulnerable to: GHSA-r683-j2x4-v87g","Warn: Project is vulnerable to: GHSA-5rrq-pxf6-6jx5","Warn: Project is vulnerable to: GHSA-8fr3-hfg3-gpgp","Warn: Project is vulnerable to: GHSA-gf8q-jrpm-jvxq","Warn: Project is vulnerable to: GHSA-2r2c-g63r-vccr","Warn: Project is vulnerable to: GHSA-cfm4-qjh2-4765","Warn: Project is vulnerable to: GHSA-x4jg-mjrx-434g","Warn: Project is vulnerable to: GHSA-rp65-9cf3-cjxr","Warn: Project is vulnerable to: GHSA-76c9-3jph-rj3q","Warn: Project is vulnerable to: GHSA-9wv6-86v2-598j","Warn: Project is vulnerable to: GHSA-rhx6-c78j-4q9w","Warn: Project is vulnerable to: GHSA-7fh5-64p2-3v2j","Warn: Project is vulnerable to: GHSA-3949-f494-cm99","Warn: Project is vulnerable to: GHSA-x7hr-w5r2-h6wg","Warn: Project is vulnerable to: GHSA-hrpp-h998-j3pp","Warn: Project is vulnerable to: GHSA-c2qf-rxjj-qqgw","Warn: Project is vulnerable to: GHSA-m6fv-jmcg-4jfg","Warn: Project is vulnerable to: GHSA-76p7-773f-r4q5","Warn: Project is vulnerable to: GHSA-cm22-4g7w-348p","Warn: Project is vulnerable to: GHSA-g4rg-993r-mgx7","Warn: Project is vulnerable to: GHSA-4rq4-32rv-6wp6","Warn: Project is vulnerable to: GHSA-64g7-mvw6-v9qj","Warn: Project is vulnerable to: GHSA-4wf5-vphf-c2xc","Warn: Project is vulnerable to: GHSA-w5p7-h5w8-2hfq","Warn: Project is vulnerable to: GHSA-fhg7-m89q-25r3","Warn: Project is vulnerable to: GHSA-rqff-837h-mm52","Warn: Project is vulnerable to: GHSA-8v38-pw62-9cw2","Warn: Project is vulnerable to: GHSA-hgjh-723h-mx2j","Warn: Project is vulnerable to: GHSA-jf5r-8hm2-f872","Warn: Project is vulnerable to: GHSA-hc6q-2mpp-qw7j","Warn: Project is vulnerable to: GHSA-4vvj-4cpr-p986","Warn: Project is vulnerable to: GHSA-wr3j-pwj9-hqq6","Warn: Project is vulnerable to: GHSA-4v9v-hfq4-rm2v","Warn: Project is vulnerable to: GHSA-9jgg-88mc-972h","Warn: Project is vulnerable to: GHSA-3h5v-q93c-6h6q"],"documentation":{"short":"Determines if the project has open, known unfixed vulnerabilities.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#vulnerabilities"}}]},"last_synced_at":"2025-08-18T19:42:03.572Z","repository_id":38821914,"created_at":"2025-08-18T19:42:03.572Z","updated_at":"2025-08-18T19:42:03.572Z"},"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":30314626,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-03-09T20:05:46.299Z","status":"ssl_error","status_checked_at":"2026-03-09T19:57:04.425Z","response_time":61,"last_error":"SSL_connect returned=1 errno=0 peeraddr=140.82.121.6:443 state=error: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["configuration-management","machine-learning","python3"],"created_at":"2024-08-03T03:02:15.834Z","updated_at":"2026-03-09T22:30:51.180Z","avatar_url":"https://github.com/fidelity.png","language":"Python","funding_links":[],"categories":["Python"],"sub_categories":[],"readme":"\u003chtml\u003e\n\u003ch1 align=\"center\"\u003e\n    \u003ca href=\"https://fidelity.github.io/spock/\"\u003e\u003cimg src=\"https://raw.githubusercontent.com/fidelity/spock/master/resources/images/logo.png\"/\u003e\u003c/a\u003e\n    \u003ch6 align=\"center\"\u003eManaging complex configurations any other way would be highly illogical...\u003c/h6\u003e\n\u003c/h1\u003e\n\n\u003cp align=\"center\"\u003e\n  \u003ca href=\"https://opensource.org/licenses/Apache-2.0\"\u003e\u003cimg src=\"https://img.shields.io/badge/License-Apache%202.0-9cf\"/\u003e\u003c/a\u003e\n  \u003ca href=\"https://bestpractices.coreinfrastructure.org/projects/5551\"\u003e\u003cimg src=\"https://bestpractices.coreinfrastructure.org/projects/5551/badge\"/\u003e\u003c/a\u003e\n  \u003ca\u003e\u003cimg src=\"https://github.com/fidelity/spock/workflows/pytest/badge.svg?branch=master\"/\u003e\u003c/a\u003e\n\u003ca href=\"https://coveralls.io/github/fidelity/spock?branch=master\"\u003e\u003cimg src=\"https://coveralls.io/repos/github/fidelity/spock/badge.svg?branch=master\"/\u003e\u003c/a\u003e\n  \u003ca\u003e\u003cimg src=\"https://github.com/fidelity/spock/workflows/docs/badge.svg\"/\u003e\u003c/a\u003e\n\u003c/p\u003e\n\n\u003cp align=\"center\"\u003e\n  \u003ca\u003e\u003cimg src=\"https://img.shields.io/badge/python-3.7+-informational.svg\"/\u003e\u003c/a\u003e\n  \u003ca href=\"https://github.com/psf/black\"\u003e\u003cimg src=\"https://img.shields.io/badge/code%20style-black-000000.svg\"/\u003e\u003c/a\u003e\n  \u003ca href=\"https://badge.fury.io/py/spock-config\"\u003e\u003cimg src=\"https://badge.fury.io/py/spock-config.svg\"/\u003e\u003c/a\u003e\n  \u003ca href=\"https://pepy.tech/project/spock-config\"\u003e\u003cimg src=\"https://static.pepy.tech/personalized-badge/spock-config?period=total\u0026units=international_system\u0026left_color=grey\u0026right_color=orange\u0026left_text=Downloads\"/\u003e\u003c/a\u003e\n\u003c/p\u003e\n  \n\u003ch3 align=\"center\"\u003e\n  \u003ca href=\"https://fidelity.github.io/spock/Quick-Start\"\u003eQuick Start\u003c/a\u003e\n  \u003cspan\u003e · \u003c/span\u003e\n  \u003ca href=\"https://fidelity.github.io/spock/\"\u003eDocumentation\u003c/a\u003e\n  \u003cspan\u003e · \u003c/span\u003e\n  \u003ca href=\"https://github.com/fidelity/spock/blob/master/examples\"\u003eExamples\u003c/a\u003e\n  \u003cspan\u003e · \u003c/span\u003e\n  \u003ca href=\"https://github.com/fidelity/spock/releases\"\u003eReleases\u003c/a\u003e\n\u003c/h3\u003e\n  \n\u003c/html\u003e\n\n## About\n\n`spock` is a framework that helps users easily define, manage, and use complex parameter configurations within Python \napplications. It lets you focus on the code you need to write instead of re-implementing boilerplate code such as\ncreating ArgParsers, reading configuration files, handling dependencies, implementing type validation, \nmaintaining traceability, etc.\n\n`spock` configurations are normal python classes that are decorated with `@spock`. It supports \ninheritance, dynamic class dependencies, loading/saving configurations from/to multiple markdown formats, automatically \ngenerating CLI arguments, and hierarchical configuration by composition.\n\n## 💥 Why You Should Use Spock 💥 \n\n* Simple organized parameter definitions (i.e. a single line)\n* Type checked (static-eqsue) \u0026 frozen parameters (i.e. fail early during long ML training runs)\n* Complex parameter dependencies made simple (i.e. `@spock` class with a parameter that is an Enum of other \n`@spock` classes)\n* Fully serializable parameter state(s) (i.e. exactly reproduce prior runtime parameter configurations)\n* Automatic type checked CLI generation w/o argparser boilerplate (i.e click and/or typer for free!)\n* Easily maintain parity between CLIs and Python APIs (i.e. single line changes between CLI and Python API definitions)\n* Unified hyper-parameter definitions and interface (i.e. don't write different definitions for Ax or Optuna)\n* Resolver that supports value definitions from reference to other defined variables, environmental variables, dynamic template re-injection, and encryption of sensitive values\n\n## Key Features\n\n* [Simple Declaration](https://fidelity.github.io/spock/basics/Define): Type checked parameters are \n  defined within a `@spock` decorated class. Supports required/optional and automatic defaults.\n* Easily Managed Parameter Groups: Each class automatically generates its own object within a single namespace.\n* [Parameter Inheritance](https://fidelity.github.io/spock/advanced_features/Inheritance): Classes support \n  inheritance (w/ lazy evaluation of inheritance/dependencies) allowing for complex configurations derived from \n  a common base set of parameters.\n* [Complex Types](https://fidelity.github.io/spock/advanced_features/Advanced-Types/): Nested Lists/Tuples, \n  List/Tuples of Enum of `@spock` classes, List of repeated `@spock` classes\n* Multiple Configuration File Types: Configurations are specified from YAML, TOML, or JSON files.\n* [Hierarchical Configuration](https://fidelity.github.io/spock/advanced_features/Composition/): Compose from \n  multiple configuration files via simple include statements.\n* [Command-Line Overrides](https://fidelity.github.io/spock/advanced_features/Command-Line-Overrides/): Quickly \n  experiment by overriding a value with automatically generated command line arguments.\n* Immutable: All classes are *frozen* preventing any misuse or accidental overwrites (to the extent they can be in \n  Python).\n* [Tractability and Reproducibility](https://fidelity.github.io/spock/basics/Saving): Save runtime \n  parameter configuration to YAML, TOML, or JSON with a single chained command (with extra runtime info such as Git info, \n  Python version, machine FQDN, etc). The saved markdown file can be used as the configuration input to reproduce \n  prior runtime configurations.\n* [Hyper-Parameter Tuner Addon](https://fidelity.github.io/spock/addons/tuner/About): Provides a unified\n  interface for defining hyper-parameters (via `@spockTuner` decorator) that supports various tuning/algorithm \n  backends (currently: Optuna, Ax)\n* [S3 Addon](https://fidelity.github.io/spock/addons/S3): Automatically detects `s3://` URI(s) and handles loading \n  and saving `spock` configuration files when an active `boto3.Session` is passed in (plus any additional \n  `S3Transfer` configurations)\n\n## Quick Install\n\nThe basic install and `[s3]` extension require Python 3.7+ while the `[tune]` extension requires Python 3.8+\n\n| Base | w/ S3 Extension | w/ Hyper-Parameter Tuner |\n|------|-----------------|--------------------------|\n| `pip install spock-config` | `pip install spock-config[s3]` | `pip install spock-config[tune]` |\n\n## News/Releases\n\nSee [Releases](https://github.com/fidelity/spock/releases) for more information.\n\n\u003chtml\u003e\n\u003ch2 id=\"features\"\u003e \n  Recent Changes\n\u003c/h2\u003e\n\u003c/html\u003e\n\n\u003cdetails\u003e\n\n#### August 30th, 2023\n* Removed Python 3.6 support as it was causing dependency hell\n* Collection of bugfixes\n\n#### Jan 12th, 2023\n* Added support for resolving value definitions from references to other defined variables with the following syntax,`${spock.var:SpockClass.defined_variable}`\n* Added support for new fundamental types: (1) file: this is an overload of a str that verifies file existence and (r/w) access (2) directory: this is an overload of a str that verifies directory existence, creation if not existing, and (r/w) access\n* Deprecated support for `List` of repeated `@spock` decorated classes.\n* Collection of bugfixes\n\n#### May 17th, 2022\n* Added support for resolving value definitions from environmental variables with the following syntax, \n`${spock.env:name, default}`\n* Added `.inject` annotation that will write back the original env notation to the saved output\n* Added the `.crypto` annotation which provides a simple way to hide sensitive environmental\nvariables while still maintaining the written/loadable state of the spock config\n\n#### March 17th, 2022\n* Added support for `typing.Callable` types (includes advanced types such as `List[List[Callable]]`)\n* Added support for `typing.Dict` types with type checking for types of both keys and values (includes advanced types\nsuch as `Dict[str, Tuple[Callable, Callable]]`)\n* Added support for post init hooks that allow for validation on parameters defined within `@spock` decorated classes. \nAdditionally, added some common validation check to utils (within, greater than, less than, etc.)\n* Updated unit tests to support Python 3.10\n\n#### January 26th, 2022\n* Added `evolve` support to the underlying `SpockBuilder` class. This provides functionality similar to the underlying attrs library ([attrs.evolve](https://www.attrs.org/en/stable/api.html#attrs.evolve)). `evolve()` creates a new `Spockspace` instance based on differences between the underlying declared state and any passed\n in instantiated `@spock` decorated classes.\n\n\u003c/details\u003e\n\n## Original Implementation\n\n`spock` was originally developed by the **Artificial Intelligence Center of Excellence at Fidelity Investments** by [Nicholas Cilfone](https://github.com/ncilfone) and [Siddharth Narayanan](https://github.com/sidnarayanan)\n\n\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Ffidelity%2Fspock","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Ffidelity%2Fspock","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Ffidelity%2Fspock/lists"}