{"id":39681872,"url":"https://github.com/gembaadvantage/codecommit-sign","last_synced_at":"2026-01-18T09:53:47.606Z","repository":{"id":37254752,"uuid":"402789650","full_name":"gembaadvantage/codecommit-sign","owner":"gembaadvantage","description":"Generate a signed AWS V4 CodeCommit URL directly from an IAM role. No dedicated CodeCommit credentials are needed","archived":false,"fork":false,"pushed_at":"2024-06-19T22:37:23.000Z","size":120,"stargazers_count":2,"open_issues_count":6,"forks_count":1,"subscribers_count":0,"default_branch":"main","last_synced_at":"2024-06-21T18:57:04.378Z","etag":null,"topics":["aws","cli","codecommit","go","golang","requests","signed","v4"],"latest_commit_sha":null,"homepage":"","language":"Go","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/gembaadvantage.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":"CODE_OF_CONDUCT.md","threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2021-09-03T14:03:05.000Z","updated_at":"2024-06-14T17:28:13.000Z","dependencies_parsed_at":"2024-04-29T01:26:58.119Z","dependency_job_id":"b27d0b29-a95a-401c-abfc-d7d6a36acef9","html_url":"https://github.com/gembaadvantage/codecommit-sign","commit_stats":null,"previous_names":[],"tags_count":6,"template":false,"template_full_name":null,"purl":"pkg:github/gembaadvantage/codecommit-sign","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/gembaadvantage%2Fcodecommit-sign","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/gembaadvantage%2Fcodecommit-sign/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/gembaadvantage%2Fcodecommit-sign/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/gembaadvantage%2Fcodecommit-sign/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/gembaadvantage","download_url":"https://codeload.github.com/gembaadvantage/codecommit-sign/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/gembaadvantage%2Fcodecommit-sign/sbom","scorecard":{"id":421951,"data":{"date":"2025-08-11","repo":{"name":"github.com/gembaadvantage/codecommit-sign","commit":"8aac35a86a75cea8c7d50ef71d0d992eb0714e93"},"scorecard":{"version":"v5.2.1-40-gf6ed084d","commit":"f6ed084d17c9236477efd66e5b258b9d4cc7b389"},"score":4.2,"checks":[{"name":"Dangerous-Workflow","score":10,"reason":"no dangerous workflow patterns detected","details":null,"documentation":{"short":"Determines if the project's GitHub Action workflows avoid dangerous patterns.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#dangerous-workflow"}},{"name":"Code-Review","score":0,"reason":"Found 0/14 approved changesets -- score normalized to 0","details":null,"documentation":{"short":"Determines if the project requires human code review before pull requests (aka merge requests) are merged.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#code-review"}},{"name":"Maintained","score":0,"reason":"0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0","details":null,"documentation":{"short":"Determines if the project is \"actively maintained\".","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#maintained"}},{"name":"Binary-Artifacts","score":10,"reason":"no binaries found in the repo","details":null,"documentation":{"short":"Determines if the project has generated executable (binary) artifacts in the source repository.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#binary-artifacts"}},{"name":"Token-Permissions","score":0,"reason":"detected GitHub workflow tokens with excessive permissions","details":["Info: jobLevel 'contents' permission set to 'read': .github/workflows/codeql-analysis.yml:38","Info: jobLevel 'actions' permission set to 'read': .github/workflows/codeql-analysis.yml:37","Warn: no topLevel permission defined: .github/workflows/ci.yml:1","Warn: no topLevel permission defined: .github/workflows/codeql-analysis.yml:1","Info: topLevel 'contents' permission set to 'read': .github/workflows/dependency-review.yml:26","Info: topLevel 'contents' permission set to 'read': .github/workflows/gitleaks.yml:29","Warn: no topLevel permission defined: .github/workflows/release.yml:1","Info: no jobLevel write permissions found"],"documentation":{"short":"Determines if the project's workflows follow the principle of least privilege.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#token-permissions"}},{"name":"Pinned-Dependencies","score":0,"reason":"dependency not pinned by hash detected -- score normalized to 0","details":["Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:32: update your workflow using https://app.stepsecurity.io/secureworkflow/gembaadvantage/codecommit-sign/ci.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:34: update your workflow using https://app.stepsecurity.io/secureworkflow/gembaadvantage/codecommit-sign/ci.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/ci.yml:38: update your workflow using https://app.stepsecurity.io/secureworkflow/gembaadvantage/codecommit-sign/ci.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/ci.yml:40: update your workflow using https://app.stepsecurity.io/secureworkflow/gembaadvantage/codecommit-sign/ci.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/ci.yml:46: update your workflow using https://app.stepsecurity.io/secureworkflow/gembaadvantage/codecommit-sign/ci.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:57: update your workflow using https://app.stepsecurity.io/secureworkflow/gembaadvantage/codecommit-sign/ci.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/ci.yml:62: update your workflow using https://app.stepsecurity.io/secureworkflow/gembaadvantage/codecommit-sign/ci.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/codeql-analysis.yml:48: update your workflow using https://app.stepsecurity.io/secureworkflow/gembaadvantage/codecommit-sign/codeql-analysis.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/codeql-analysis.yml:52: update your workflow using https://app.stepsecurity.io/secureworkflow/gembaadvantage/codecommit-sign/codeql-analysis.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/codeql-analysis.yml:57: update your workflow using https://app.stepsecurity.io/secureworkflow/gembaadvantage/codecommit-sign/codeql-analysis.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/codeql-analysis.yml:60: update your workflow using https://app.stepsecurity.io/secureworkflow/gembaadvantage/codecommit-sign/codeql-analysis.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/dependency-review.yml:33: update your workflow using https://app.stepsecurity.io/secureworkflow/gembaadvantage/codecommit-sign/dependency-review.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/dependency-review.yml:35: update your workflow using https://app.stepsecurity.io/secureworkflow/gembaadvantage/codecommit-sign/dependency-review.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/gitleaks.yml:36: update your workflow using https://app.stepsecurity.io/secureworkflow/gembaadvantage/codecommit-sign/gitleaks.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/gitleaks.yml:40: update your workflow using https://app.stepsecurity.io/secureworkflow/gembaadvantage/codecommit-sign/gitleaks.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release.yml:31: update your workflow using https://app.stepsecurity.io/secureworkflow/gembaadvantage/codecommit-sign/release.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release.yml:35: update your workflow using https://app.stepsecurity.io/secureworkflow/gembaadvantage/codecommit-sign/release.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/release.yml:40: update your workflow using https://app.stepsecurity.io/secureworkflow/gembaadvantage/codecommit-sign/release.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/release.yml:45: update your workflow using https://app.stepsecurity.io/secureworkflow/gembaadvantage/codecommit-sign/release.yml/main?enable=pin","Info:   0 out of  12 GitHub-owned GitHubAction dependencies pinned","Info:   0 out of   7 third-party GitHubAction dependencies pinned"],"documentation":{"short":"Determines if the project has declared and pinned the dependencies of its build process.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#pinned-dependencies"}},{"name":"CII-Best-Practices","score":0,"reason":"no effort to earn an OpenSSF best practices badge detected","details":null,"documentation":{"short":"Determines if the project has an OpenSSF (formerly CII) Best Practices Badge.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#cii-best-practices"}},{"name":"Security-Policy","score":0,"reason":"security policy file not detected","details":["Warn: no security policy file detected","Warn: no security file to analyze","Warn: no security file to analyze","Warn: no security file to analyze"],"documentation":{"short":"Determines if the project has published a security policy.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#security-policy"}},{"name":"Fuzzing","score":0,"reason":"project is not fuzzed","details":["Warn: no fuzzer integrations found"],"documentation":{"short":"Determines if the project uses fuzzing.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#fuzzing"}},{"name":"License","score":10,"reason":"license file detected","details":["Info: project has a license file: LICENSE:0","Info: FSF or OSI recognized license: MIT License: LICENSE:0"],"documentation":{"short":"Determines if the project has defined a license.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#license"}},{"name":"Packaging","score":-1,"reason":"packaging workflow not detected","details":["Warn: no GitHub/GitLab publishing workflow detected."],"documentation":{"short":"Determines if the project is published as a package that others can easily download, install, easily update, and uninstall.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#packaging"}},{"name":"Branch-Protection","score":0,"reason":"branch protection not enabled on development/release branches","details":["Warn: branch protection not enabled for branch 'main'"],"documentation":{"short":"Determines if the default and release branches are protected with GitHub's branch protection settings.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#branch-protection"}},{"name":"Signed-Releases","score":8,"reason":"5 out of the last 5 releases have a total of 5 signed artifacts.","details":["Info: signed release artifact: codecommit-sign_1.4.0_checksums.txt.sig: https://github.com/gembaadvantage/codecommit-sign/releases/tag/v1.4.0","Info: signed release artifact: codecommit-sign_1.3.1_checksums.txt.sig: https://github.com/gembaadvantage/codecommit-sign/releases/tag/v1.3.1","Info: signed release artifact: codecommit-sign_1.3.0_checksums.txt.sig: https://github.com/gembaadvantage/codecommit-sign/releases/tag/v1.3.0","Info: signed release artifact: codecommit-sign_1.2.0_checksums.txt.sig: https://github.com/gembaadvantage/codecommit-sign/releases/tag/v1.2.0","Info: signed release artifact: codecommit-sign_1.1.0_checksums.txt.sig: https://github.com/gembaadvantage/codecommit-sign/releases/tag/v1.1.0","Warn: release artifact v1.4.0 does not have provenance: https://api.github.com/repos/gembaadvantage/codecommit-sign/releases/69122218","Warn: release artifact v1.3.1 does not have provenance: https://api.github.com/repos/gembaadvantage/codecommit-sign/releases/69097208","Warn: release artifact v1.3.0 does not have provenance: https://api.github.com/repos/gembaadvantage/codecommit-sign/releases/58486283","Warn: release artifact v1.2.0 does not have provenance: https://api.github.com/repos/gembaadvantage/codecommit-sign/releases/51071895","Warn: release artifact v1.1.0 does not have provenance: https://api.github.com/repos/gembaadvantage/codecommit-sign/releases/49065634"],"documentation":{"short":"Determines if the project cryptographically signs release artifacts.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#signed-releases"}},{"name":"Vulnerabilities","score":10,"reason":"0 existing vulnerabilities detected","details":null,"documentation":{"short":"Determines if the project has open, known unfixed vulnerabilities.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#vulnerabilities"}},{"name":"SAST","score":7,"reason":"SAST tool detected but not run on all commits","details":["Info: SAST configuration detected: CodeQL","Warn: 0 commits out of 23 are checked with a SAST tool"],"documentation":{"short":"Determines if the project uses static code analysis.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#sast"}}]},"last_synced_at":"2025-08-19T01:26:37.536Z","repository_id":37254752,"created_at":"2025-08-19T01:26:37.536Z","updated_at":"2025-08-19T01:26:37.536Z"},"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":28534181,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-01-18T00:39:45.795Z","status":"online","status_checked_at":"2026-01-18T02:00:07.578Z","response_time":98,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["aws","cli","codecommit","go","golang","requests","signed","v4"],"created_at":"2026-01-18T09:53:47.482Z","updated_at":"2026-01-18T09:53:47.573Z","avatar_url":"https://github.com/gembaadvantage.png","language":"Go","readme":"# codecommit-sign\n\n[![Build status](https://img.shields.io/github/workflow/status/gembaadvantage/codecommit-sign/ci?style=flat-square\u0026logo=go)](https://github.com/gembaadvantage/codecommit-sign/actions?workflow=ci)\n[![License MIT](https://img.shields.io/badge/license-MIT-blue.svg?style=flat-square)](/LICENSE)\n[![Go Report Card](https://goreportcard.com/badge/github.com/gembaadvantage/codecommit-sign?style=flat-square)](https://goreportcard.com/report/github.com/gembaadvantage/codecommit-sign)\n[![Go Version](https://img.shields.io/github/go-mod/go-version/gembaadvantage/codecommit-sign.svg?style=flat-square)](go.mod)\n[![codecov](https://codecov.io/gh/gembaadvantage/codecommit-sign/branch/main/graph/badge.svg)](https://codecov.io/gh/gembaadvantage/codecommit-sign)\n\nGenerate a signed AWS V4 CodeCommit URL without the need for dedicated IAM user credentials.\n\n## Install\n\nBinary downloads can be found on the [Releases](https://github.com/gembaadvantage/codecommit-sign/releases) page. Unpack the `codecommit-sign` binary and add it to your PATH.\n\n### Homebrew\n\nTo use [Homebrew](https://brew.sh/):\n\n```sh\nbrew tap gembaadvantage/tap\nbrew install codecommit-sign\n```\n\n### Scoop\n\nTo use [Scoop](https://scoop.sh/):\n\n```sh\nscoop install codecommit-sign\n```\n\n### Yum\n\nTo install using the yum package manager:\n\n```sh\necho '[codecommit-sign]\nname=uplift\nbaseurl=https://yum.fury.io/ga-paul-t/\nenabled=1\ngpgcheck=0' | sudo tee /etc/yum.repos.d/codecommit-sign.repo\nsudo yum install -y codecommit-sign\n\n```\n\n### Apt\n\n```sh\necho 'deb [trusted=yes] https://apt.fury.io/ga-paul-t/ /' | sudo tee /etc/apt/sources.list.d/codecommit-sign.list\nsudo apt update\nsudo apt install -y codecommit-sign\n```\n\n### Aur\n\nTo install from the [aur](https://archlinux.org/) using [yay](https://github.com/Jguer/yay):\n\n```sh\nyay -S codecommit-sign-bin\n```\n\n### Linux Packages\n\nDownload and manually install one of the .deb, .rpm or .apk packages from the [Releases](https://github.com/gembaadvantage/codecommit-sign/releases) page.\n\n```sh\nsudo apt install codecommit-sign_*.deb\n```\n\n```sh\nsudo yum localinstall codecommit-sign-*.rpm\n```\n\n```sh\nsudo apk add --no-cache --allow-untrusted codecommit-sign_*.apk\n```\n\n### Script\n\nTo install using a shell script:\n\n```sh\ncurl https://raw.githubusercontent.com/gembaadvantage/codecommit-sign/main/scripts/install \u003e install\nchmod 700 install\n./install\n```\n\n## Quick Start\n\nRetrieve (_or construct_) the clone URL to your chosen CodeCommit repository and then sign it. Depending on your chosen authentication mechanism, you may need to provide an AWS named profile through the optional `--profile` flag.\n\n### HTTPS\n\n```sh\ncodecommit-sign https://git-codecommit.eu-west-1.amazonaws.com/v1/repos/repository\n```\n\n### GRC\n\n```sh\ncodecommit-sign codecommit::eu-west-1://repository\n```\n\nAll GRC variants are supported:\n\n- `codecommit://repository`\n- `codecommit://profile@repository`\n- `codecommit::region://profile@repository`\n","funding_links":[],"categories":[],"sub_categories":[],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fgembaadvantage%2Fcodecommit-sign","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fgembaadvantage%2Fcodecommit-sign","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fgembaadvantage%2Fcodecommit-sign/lists"}