{"id":37114382,"url":"https://github.com/geckoboard/slash-infra","last_synced_at":"2026-01-14T13:27:47.035Z","repository":{"id":45366946,"uuid":"162321091","full_name":"geckoboard/slash-infra","owner":"geckoboard","description":"Minimal slack slash commands for managing AWS infrastructure","archived":false,"fork":false,"pushed_at":"2025-01-28T12:42:57.000Z","size":3094,"stargazers_count":0,"open_issues_count":0,"forks_count":1,"subscribers_count":16,"default_branch":"master","last_synced_at":"2025-01-28T13:48:43.908Z","etag":null,"topics":["aws","chatops","slack","slack-commands"],"latest_commit_sha":null,"homepage":"","language":"Go","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/geckoboard.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2018-12-18T17:06:57.000Z","updated_at":"2025-01-28T12:42:59.000Z","dependencies_parsed_at":"2025-01-28T13:42:24.489Z","dependency_job_id":"2911c372-9eb0-405a-8144-9bcd79faf6ad","html_url":"https://github.com/geckoboard/slash-infra","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"purl":"pkg:github/geckoboard/slash-infra","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/geckoboard%2Fslash-infra","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/geckoboard%2Fslash-infra/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/geckoboard%2Fslash-infra/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/geckoboard%2Fslash-infra/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/geckoboard","download_url":"https://codeload.github.com/geckoboard/slash-infra/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/geckoboard%2Fslash-infra/sbom","scorecard":{"id":421325,"data":{"date":"2025-08-11","repo":{"name":"github.com/geckoboard/slash-infra","commit":"279b7043c7a9ac358dc286bbebdc7ccf3332a93c"},"scorecard":{"version":"v5.2.1-40-gf6ed084d","commit":"f6ed084d17c9236477efd66e5b258b9d4cc7b389"},"score":1.6,"checks":[{"name":"Token-Permissions","score":-1,"reason":"No tokens found","details":null,"documentation":{"short":"Determines if the project's workflows follow the principle of least privilege.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#token-permissions"}},{"name":"Packaging","score":-1,"reason":"packaging workflow not detected","details":["Warn: no GitHub/GitLab publishing workflow detected."],"documentation":{"short":"Determines if the project is published as a package that others can easily download, install, easily update, and uninstall.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#packaging"}},{"name":"Code-Review","score":2,"reason":"Found 6/24 approved changesets -- score normalized to 2","details":null,"documentation":{"short":"Determines if the project requires human code review before pull requests (aka merge requests) are merged.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#code-review"}},{"name":"Dangerous-Workflow","score":-1,"reason":"no workflows found","details":null,"documentation":{"short":"Determines if the project's GitHub Action workflows avoid dangerous patterns.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#dangerous-workflow"}},{"name":"Maintained","score":0,"reason":"0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0","details":null,"documentation":{"short":"Determines if the project is \"actively maintained\".","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#maintained"}},{"name":"CII-Best-Practices","score":0,"reason":"no effort to earn an OpenSSF best practices badge detected","details":null,"documentation":{"short":"Determines if the project has an OpenSSF (formerly CII) Best Practices Badge.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#cii-best-practices"}},{"name":"Binary-Artifacts","score":10,"reason":"no binaries found in the repo","details":null,"documentation":{"short":"Determines if the project has generated executable (binary) artifacts in the source repository.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#binary-artifacts"}},{"name":"Pinned-Dependencies","score":-1,"reason":"no dependencies found","details":null,"documentation":{"short":"Determines if the project has declared and pinned the dependencies of its build process.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#pinned-dependencies"}},{"name":"Security-Policy","score":0,"reason":"security policy file not detected","details":["Warn: no security policy file detected","Warn: no security file to analyze","Warn: no security file to analyze","Warn: no security file to analyze"],"documentation":{"short":"Determines if the project has published a security policy.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#security-policy"}},{"name":"Fuzzing","score":0,"reason":"project is not fuzzed","details":["Warn: no fuzzer integrations found"],"documentation":{"short":"Determines if the project uses fuzzing.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#fuzzing"}},{"name":"License","score":0,"reason":"license file not detected","details":["Warn: project does not have a license file"],"documentation":{"short":"Determines if the project has defined a license.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#license"}},{"name":"Signed-Releases","score":-1,"reason":"no releases found","details":null,"documentation":{"short":"Determines if the project cryptographically signs release artifacts.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#signed-releases"}},{"name":"Branch-Protection","score":0,"reason":"branch protection not enabled on development/release branches","details":["Warn: branch protection not enabled for branch 'master'"],"documentation":{"short":"Determines if the default and release branches are protected with GitHub's branch protection settings.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#branch-protection"}},{"name":"SAST","score":0,"reason":"SAST tool is not run on all commits -- score normalized to 0","details":["Warn: 0 commits out of 14 are checked with a SAST tool"],"documentation":{"short":"Determines if the project uses static code analysis.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#sast"}},{"name":"Vulnerabilities","score":0,"reason":"22 existing vulnerabilities detected","details":["Warn: Project is vulnerable to: GO-2022-0391 / GHSA-6jvc-q2x7-pchv / GHSA-76wf-9vgp-pj7w","Warn: Project is vulnerable to: GO-2022-0635 / GHSA-7f33-f4f5-xwgw","Warn: Project is vulnerable to: GO-2022-0646 / GHSA-f5pg-7wfw-84q9","Warn: Project is vulnerable to: GHSA-22f2-v57c-j9cx","Warn: Project is vulnerable to: GHSA-3h57-hmj3-gj3p","Warn: Project is vulnerable to: GHSA-54rr-7fvw-6x8f","Warn: Project is vulnerable to: GHSA-5f9h-9pjv-v6j7","Warn: Project is vulnerable to: GHSA-65f5-mfpf-vfhj","Warn: Project is vulnerable to: GHSA-7g2v-jj9q-g3rg","Warn: Project is vulnerable to: GHSA-7wqh-767x-r66v","Warn: Project is vulnerable to: GHSA-8cgq-6mh2-7j6v","Warn: Project is vulnerable to: GHSA-93pm-5p5f-3ghx","Warn: Project is vulnerable to: GHSA-c6qg-cjj8-47qp","Warn: Project is vulnerable to: GHSA-gjh7-p2fx-99vx","Warn: Project is vulnerable to: GHSA-hrqr-hxpp-chr3","Warn: Project is vulnerable to: GHSA-hxqx-xwvh-44m2","Warn: Project is vulnerable to: GHSA-j6w9-fv6q-3q52","Warn: Project is vulnerable to: GHSA-rqv2-275x-2jq5","Warn: Project is vulnerable to: GHSA-vpfw-47h7-xj4g","Warn: Project is vulnerable to: GHSA-wq4h-7r42-5hrr","Warn: Project is vulnerable to: GHSA-xj5v-6v4g-jfw6","Warn: Project is vulnerable to: GHSA-jppv-gw3r-w3q8"],"documentation":{"short":"Determines if the project has open, known unfixed vulnerabilities.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#vulnerabilities"}}]},"last_synced_at":"2025-08-19T01:16:33.377Z","repository_id":45366946,"created_at":"2025-08-19T01:16:33.377Z","updated_at":"2025-08-19T01:16:33.377Z"},"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":28421188,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-01-14T10:47:48.104Z","status":"ssl_error","status_checked_at":"2026-01-14T10:46:19.031Z","response_time":107,"last_error":"SSL_connect returned=1 errno=0 peeraddr=140.82.121.6:443 state=error: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["aws","chatops","slack","slack-commands"],"created_at":"2026-01-14T13:27:46.419Z","updated_at":"2026-01-14T13:27:47.012Z","avatar_url":"https://github.com/geckoboard.png","language":"Go","funding_links":[],"categories":[],"sub_categories":[],"readme":"# slash-infra\n\nThis is a slack integration for \"chatops\". A lot of the hubot scripts\ndon't integrate natively with slack's slash commands, or give you\nunnecessarily powerful commands (e.g. launching individual ec2 instances,\nor creating auto-scaling groups), or only work against one AWS account.\n\nThis tool came from a need to lookup EC2 instances by their IP/instance\nID. Our production/staging/dev environments are hosted in different AWS\naccounts, and some are hosted in different regions. Switching between\naccounts and regions to track down an instance can be quite laborious\nand error prone, especially if you're under pressure trying to triage a\nproblem.\n\n`/infra-search {query}` can search multiple AWS accounts to find\nresources. Currently it only supports looking up instances by their\ninstance ID.\n\n## Configuring Slack\n\n- [Create a slack app](https://api.slack.com/apps)\n- export the signing secret (from the `App Credentials` section of the\n  app's basic information) as the environment variable\n  `SLACK_SIGNING_SECRET`\n- Configure slash commands to point at the routes specified in\n  `server.go`\n\n## Configuring AWS access\n\nRather than create a user in each AWS account, the app uses a limited\nIAM user to assume roles in each AWS account that should be searched.\n\nThis approach seems convoluted, but there are several benefits.\n\nFirstly, when an IAM user \"assumes\" a role, AWS generates a set of temporary\ncredentials for the user that have the same permissions as the role.\nThese credentials are short-lived, and are rotated transparently by\nthe AWS SDK. If these temporary credentials were leaked to a\nthird party, they would only be usable for a short period of time.\n\nSecondly, if the credentials for the IAM user are leaked, the attacker\nwill only be able to assume IAM roles. If they do not know the ARN of\nyour role they will not be able to assume it, and thus won't be able to\nperform actions on your account. You then only need to rotate one set of\ncredentials, rather credentials for all of your AWS accounts.\n\nNote that if you're using the role name suggested in these docs then\nthey will likely be able to guess the full ARN, as you can always get\nthe ID of the AWS account credentials belong to using `aws sts\nget-caller-identity`. If this is a concern for you, you can make things\nslightly more difficult for attackers by choosing a unique name for your\nroles that are different to the name of the IAM user. `slash-infra` only\nuses the role ARN to authenticate to AWS, so you could use a different\nrole name for each environment.\n\nYou can configure the IAM user using the conventional environment\nvariables:\n\n```console\nexport AWS_ACCESS_KEY_ID=...\nexport AWS_SECRET_ACCESS_KEY=...\n```\n\nThis IAM user should have the following permission policy:\n\n```json\n{\n    \"Version\": \"2012-10-17\",\n    \"Statement\": [\n        {\n            \"Sid\": \"AllowAssumingSlashInfraRoles\",\n            \"Effect\": \"Allow\",\n            \"Action\": \"sts:AssumeRole\",\n            \"Resource\": \"arn:aws:iam::*:role/SlashInfraInspection\"\n        }\n    ]\n}\n```\n\nNote that the `*` in the ARN allows this user to assume the\n`SlashInfraInspection` role in any AWS account that:\n\n- has that role\n- has marked the IAM user's AWS account ID as a \"Trusted entity\" in the\n  role's \"Trust relationships\"\n\nIf these are new concepts for you, I'd really recommend reading [AWS'\ndocumentation on IAM\nroles](https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_common-scenarios_aws-accounts.html)\n\nEach role in each account should have a permission policy like this:\n\n\n```json\n{\n    \"Version\": \"2012-10-17\",\n    \"Statement\": [\n        {\n            \"Sid\": \"AllowReadOnlyAccess\",\n            \"Effect\": \"Allow\",\n            \"Action\": \"ec2:DescribeInstances\",\n            \"Resource\": \"*\"\n        }\n    ]\n}\n```\n\nYou can then configure `slash-infra` to use the role via environment\nvariables:\n\n```console\nexport AWS_ROLE_{role alias}=arn:aws:iam:.....:role/SlashInfraInspection\n# The region defaults to `us-east-1` if left unspecified\nexport AWS_REGION_{role alias}=eu-west-2\n\n# e.g.\nexport AWS_ROLE_PRODUCTION=arn:aws:iam:.....:role/SlashInfraInspection\nexport AWS_REGION_PRODUCTION=eu-west-2\n```\n\nIf you need to search multiple regions within a single account you can\ncreate several aliases that use the same role ARN.\n\n## Testing locally\n\nDownload [ngrok](http://ngrok.com), and [create a slack\napp](https://api.slack.com/apps) in your slack workspace. Create slash\ncommands in the app for the commands you want to support (see server.go).\n\n## FAQ\n\n### Why not write this in a lambda?\n\n- I don't know how to write lambdas. I wrote this in 20% time and didn't\n  want to spend my day learning how to deploy lambdas\n- We don't mind spending the few $X heroku charge to run this on a hobby\n  dyno\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fgeckoboard%2Fslash-infra","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fgeckoboard%2Fslash-infra","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fgeckoboard%2Fslash-infra/lists"}