{"id":40817978,"url":"https://github.com/gofunky/update-codeowners","last_synced_at":"2026-01-21T21:43:32.163Z","repository":{"id":38377236,"uuid":"295160979","full_name":"gofunky/update-codeowners","owner":"gofunky","description":"generate and update GitHub's CODEOWNERS file based on the git fame of individual files","archived":false,"fork":false,"pushed_at":"2023-01-09T01:34:05.000Z","size":119,"stargazers_count":6,"open_issues_count":7,"forks_count":2,"subscribers_count":2,"default_branch":"master","last_synced_at":"2024-03-15T14:22:44.181Z","etag":null,"topics":["code","code-review","codeowners","fame","generate","git","git-fame","github-actions","github-codeowners","owners","pull-requests","review","update"],"latest_commit_sha":null,"homepage":"","language":"Shell","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"gpl-3.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/gofunky.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":".github/CODEOWNERS","security":null,"support":null}},"created_at":"2020-09-13T13:49:31.000Z","updated_at":"2023-11-16T12:56:23.000Z","dependencies_parsed_at":"2023-02-08T08:15:47.329Z","dependency_job_id":null,"html_url":"https://github.com/gofunky/update-codeowners","commit_stats":{"total_commits":102,"total_committers":5,"mean_commits":20.4,"dds":"0.18627450980392157","last_synced_commit":"b4862c2fc6d6aaf5bd4c18ee761e89e23662c747"},"previous_names":[],"tags_count":6,"template":false,"template_full_name":null,"purl":"pkg:github/gofunky/update-codeowners","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/gofunky%2Fupdate-codeowners","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/gofunky%2Fupdate-codeowners/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/gofunky%2Fupdate-codeowners/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/gofunky%2Fupdate-codeowners/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/gofunky","download_url":"https://codeload.github.com/gofunky/update-codeowners/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/gofunky%2Fupdate-codeowners/sbom","scorecard":{"id":433804,"data":{"date":"2025-08-11","repo":{"name":"github.com/gofunky/update-codeowners","commit":"b4862c2fc6d6aaf5bd4c18ee761e89e23662c747"},"scorecard":{"version":"v5.2.1-40-gf6ed084d","commit":"f6ed084d17c9236477efd66e5b258b9d4cc7b389"},"score":3.7,"checks":[{"name":"Code-Review","score":0,"reason":"Found 0/17 approved changesets -- score normalized to 0","details":null,"documentation":{"short":"Determines if the project requires human code review before pull requests (aka merge requests) are merged.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#code-review"}},{"name":"Binary-Artifacts","score":10,"reason":"no binaries found in the repo","details":null,"documentation":{"short":"Determines if the project has generated executable (binary) artifacts in the source repository.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#binary-artifacts"}},{"name":"Maintained","score":0,"reason":"0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0","details":null,"documentation":{"short":"Determines if the project is \"actively maintained\".","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#maintained"}},{"name":"Dangerous-Workflow","score":10,"reason":"no dangerous workflow patterns detected","details":null,"documentation":{"short":"Determines if the project's GitHub Action workflows avoid dangerous patterns.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#dangerous-workflow"}},{"name":"Packaging","score":-1,"reason":"packaging workflow not detected","details":["Warn: no GitHub/GitLab publishing workflow detected."],"documentation":{"short":"Determines if the project is published as a package that others can easily download, install, easily update, and uninstall.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#packaging"}},{"name":"Token-Permissions","score":0,"reason":"detected GitHub workflow tokens with excessive permissions","details":["Warn: no topLevel permission defined: .github/workflows/build.yml:1","Warn: no topLevel permission defined: .github/workflows/docs.yml:1","Warn: no topLevel permission defined: .github/workflows/example.yml:1","Warn: no topLevel permission defined: .github/workflows/ownermerge.yml:1","Warn: no topLevel permission defined: .github/workflows/rebase.yml:1","Warn: no topLevel permission defined: .github/workflows/release-drafter.yml:1","Info: no jobLevel write permissions found"],"documentation":{"short":"Determines if the project's workflows follow the principle of least privilege.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#token-permissions"}},{"name":"CII-Best-Practices","score":0,"reason":"no effort to earn an OpenSSF best practices badge detected","details":null,"documentation":{"short":"Determines if the project has an OpenSSF (formerly CII) Best Practices Badge.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#cii-best-practices"}},{"name":"Security-Policy","score":0,"reason":"security policy file not detected","details":["Warn: no security policy file detected","Warn: no security file to analyze","Warn: no security file to analyze","Warn: no security file to analyze"],"documentation":{"short":"Determines if the project has published a security policy.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#security-policy"}},{"name":"Vulnerabilities","score":10,"reason":"0 existing vulnerabilities detected","details":null,"documentation":{"short":"Determines if the project has open, known unfixed vulnerabilities.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#vulnerabilities"}},{"name":"Fuzzing","score":0,"reason":"project is not fuzzed","details":["Warn: no fuzzer integrations found"],"documentation":{"short":"Determines if the project uses fuzzing.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#fuzzing"}},{"name":"Pinned-Dependencies","score":0,"reason":"dependency not pinned by hash detected -- score normalized to 0","details":["Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build.yml:15: update your workflow using https://app.stepsecurity.io/secureworkflow/gofunky/update-codeowners/build.yml/master?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/build.yml:21: update your workflow using https://app.stepsecurity.io/secureworkflow/gofunky/update-codeowners/build.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build.yml:57: update your workflow using https://app.stepsecurity.io/secureworkflow/gofunky/update-codeowners/build.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build.yml:67: update your workflow using https://app.stepsecurity.io/secureworkflow/gofunky/update-codeowners/build.yml/master?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/build.yml:73: update your workflow using https://app.stepsecurity.io/secureworkflow/gofunky/update-codeowners/build.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build.yml:110: update your workflow using https://app.stepsecurity.io/secureworkflow/gofunky/update-codeowners/build.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build.yml:120: update your workflow using https://app.stepsecurity.io/secureworkflow/gofunky/update-codeowners/build.yml/master?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/build.yml:126: update your workflow using https://app.stepsecurity.io/secureworkflow/gofunky/update-codeowners/build.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build.yml:151: update your workflow using https://app.stepsecurity.io/secureworkflow/gofunky/update-codeowners/build.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build.yml:161: update your workflow using https://app.stepsecurity.io/secureworkflow/gofunky/update-codeowners/build.yml/master?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/build.yml:167: update your workflow using https://app.stepsecurity.io/secureworkflow/gofunky/update-codeowners/build.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build.yml:193: update your workflow using https://app.stepsecurity.io/secureworkflow/gofunky/update-codeowners/build.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/docs.yml:26: update your workflow using https://app.stepsecurity.io/secureworkflow/gofunky/update-codeowners/docs.yml/master?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/docs.yml:32: update your workflow using https://app.stepsecurity.io/secureworkflow/gofunky/update-codeowners/docs.yml/master?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/docs.yml:34: update your workflow using https://app.stepsecurity.io/secureworkflow/gofunky/update-codeowners/docs.yml/master?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/docs.yml:43: update your workflow using https://app.stepsecurity.io/secureworkflow/gofunky/update-codeowners/docs.yml/master?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/docs.yml:56: update your workflow using https://app.stepsecurity.io/secureworkflow/gofunky/update-codeowners/docs.yml/master?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/docs.yml:62: update your workflow using https://app.stepsecurity.io/secureworkflow/gofunky/update-codeowners/docs.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/docs.yml:70: update your workflow using https://app.stepsecurity.io/secureworkflow/gofunky/update-codeowners/docs.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/docs.yml:85: update your workflow using https://app.stepsecurity.io/secureworkflow/gofunky/update-codeowners/docs.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/docs.yml:90: update your workflow using https://app.stepsecurity.io/secureworkflow/gofunky/update-codeowners/docs.yml/master?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/docs.yml:101: update your workflow using https://app.stepsecurity.io/secureworkflow/gofunky/update-codeowners/docs.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/example.yml:23: update your workflow using https://app.stepsecurity.io/secureworkflow/gofunky/update-codeowners/example.yml/master?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/example.yml:33: update your workflow using https://app.stepsecurity.io/secureworkflow/gofunky/update-codeowners/example.yml/master?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/example.yml:37: update your workflow using https://app.stepsecurity.io/secureworkflow/gofunky/update-codeowners/example.yml/master?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/example.yml:47: update your workflow using https://app.stepsecurity.io/secureworkflow/gofunky/update-codeowners/example.yml/master?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/example.yml:51: update your workflow using https://app.stepsecurity.io/secureworkflow/gofunky/update-codeowners/example.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ownermerge.yml:26: update your workflow using https://app.stepsecurity.io/secureworkflow/gofunky/update-codeowners/ownermerge.yml/master?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/ownermerge.yml:28: update your workflow using https://app.stepsecurity.io/secureworkflow/gofunky/update-codeowners/ownermerge.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/rebase.yml:15: update your workflow using https://app.stepsecurity.io/secureworkflow/gofunky/update-codeowners/rebase.yml/master?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/rebase.yml:20: update your workflow using https://app.stepsecurity.io/secureworkflow/gofunky/update-codeowners/rebase.yml/master?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/release-drafter.yml:12: update your workflow using https://app.stepsecurity.io/secureworkflow/gofunky/update-codeowners/release-drafter.yml/master?enable=pin","Warn: containerImage not pinned by hash: Dockerfile:1: pin your Docker image by updating casperdcl/git-fame:1.12.2 to casperdcl/git-fame:1.12.2@sha256:07d61d0090126d7a87dfd3f10fdac35384c399d4aceb76dc19ba0bb97e36aa6e","Info:   0 out of  15 GitHub-owned GitHubAction dependencies pinned","Info:   0 out of  17 third-party GitHubAction dependencies pinned","Info:   0 out of   1 containerImage dependencies pinned"],"documentation":{"short":"Determines if the project has declared and pinned the dependencies of its build process.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#pinned-dependencies"}},{"name":"License","score":10,"reason":"license file detected","details":["Info: project has a license file: LICENSE:0","Info: FSF or OSI recognized license: GNU General Public License v3.0: LICENSE:0"],"documentation":{"short":"Determines if the project has defined a license.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#license"}},{"name":"Signed-Releases","score":-1,"reason":"no releases found","details":null,"documentation":{"short":"Determines if the project cryptographically signs release artifacts.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#signed-releases"}},{"name":"Branch-Protection","score":3,"reason":"branch protection is not maximal on development and all release branches","details":["Info: 'allow deletion' disabled on branch 'master'","Info: 'force pushes' disabled on branch 'master'","Warn: 'branch protection settings apply to administrators' is disabled on branch 'master'","Warn: could not determine whether codeowners review is allowed","Warn: no status checks found to merge onto branch 'master'","Warn: PRs are not required to make changes on branch 'master'; or we don't have data to detect it.If you think it might be the latter, make sure to run Scorecard with a PAT or use Repo Rules (that are always public) instead of Branch Protection settings"],"documentation":{"short":"Determines if the default and release branches are protected with GitHub's branch protection settings.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#branch-protection"}},{"name":"SAST","score":0,"reason":"SAST tool is not run on all commits -- score normalized to 0","details":["Warn: 0 commits out of 16 are checked with a SAST tool"],"documentation":{"short":"Determines if the project uses static code analysis.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#sast"}}]},"last_synced_at":"2025-08-19T04:05:42.860Z","repository_id":38377236,"created_at":"2025-08-19T04:05:42.860Z","updated_at":"2025-08-19T04:05:42.860Z"},"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":28644149,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-01-21T21:29:11.980Z","status":"ssl_error","status_checked_at":"2026-01-21T21:24:31.872Z","response_time":86,"last_error":"SSL_connect returned=1 errno=0 peeraddr=140.82.121.5:443 state=error: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["code","code-review","codeowners","fame","generate","git","git-fame","github-actions","github-codeowners","owners","pull-requests","review","update"],"created_at":"2026-01-21T21:43:32.104Z","updated_at":"2026-01-21T21:43:32.154Z","avatar_url":"https://github.com/gofunky.png","language":"Shell","funding_links":[],"categories":[],"sub_categories":[],"readme":"# update code owners action\n\n[![GitHub Workflow Status (branch)](https://img.shields.io/github/workflow/status/gofunky/update-codeowners/build/master?style=for-the-badge)](https://github.com/gofunky/update-codeowners/actions)\n[![Renovate Status](https://img.shields.io/badge/renovate-enabled-green?style=for-the-badge\u0026logo=renovatebot\u0026color=1a1f6c)](https://app.renovatebot.com/dashboard#github/gofunky/update-codeowners)\n[![CodeFactor](https://www.codefactor.io/repository/github/gofunky/update-codeowners/badge?style=for-the-badge)](https://www.codefactor.io/repository/github/gofunky/update-codeowners)\n[![GitHub License](https://img.shields.io/github/license/gofunky/update-codeowners.svg?style=for-the-badge)](https://github.com/gofunky/update-codeowners/blob/master/LICENSE)\n[![GitHub last commit](https://img.shields.io/github/last-commit/gofunky/update-codeowners.svg?style=for-the-badge\u0026color=9cf)](https://github.com/gofunky/update-codeowners/commits/master)\n\nThis is a [GitHub Action](https://github.com/features/actions) that uses [git-fame](https://pypi.org/project/git-fame) to generate and update GitHub's CODEOWNERS file based on the git fame of individual files.\n\n## What does it do?\n\nGitHub's [CODEOWNERS](https://docs.github.com/en/github/creating-cloning-and-archiving-repositories/about-code-owners)\nfeature doesn't provide any method for keeping the code owners list updated automatically.\nThis action solves this by determining code owners based on the git fame of each file.\nAuthors don't have to be asked for their addition based on subjective criteria anymore.\n\n\u003c!--- BEGIN_ACTION_DOCS ---\u003e\n## Inputs\n\n### distribution\n![Required](https://img.shields.io/badge/Required-no-inactive?style=flat-square)\n![Default](https://img.shields.io/badge/Default-25-f6e112?style=flat-square)\n\nThe distribution input defines the minimum percentage of code lines that are required for a contributor to being\nconsidered a code owner.\nSet it to any integer without the percent character to override the default.\n\n\n### granular\n![Required](https://img.shields.io/badge/Required-no-inactive?style=flat-square)\n![Default](https://img.shields.io/badge/Default-''-inactive?style=flat-square)\n\nBy default, this action checks all files in the root, but groups recursive files into their parent directories.\nSet this input to any non-zero value (e.g. `true`) to enable full coverage of all recursive files.\n\n\n### path\n![Required](https://img.shields.io/badge/Required-no-inactive?style=flat-square)\n![Default](https://img.shields.io/badge/Default-.github/CODEOWNERS-7f9004?style=flat-square)\n\nThis defines the path to the CODEOWNERS file.\nThe default uses the path to the `.github` directory.\n\n\n### token\n![Required](https://img.shields.io/badge/Required-no-inactive?style=flat-square)\n![Default](https://img.shields.io/badge/Default-${{_github.token_}}-ef2366?style=flat-square)\n\nA GitHub token has to be set if `inputs.username` is enabled.\nThis is necessary because the GitHub API has a rate limit.\nThe default token has sufficient permissions for the API.\n\n\n### username\n![Required](https://img.shields.io/badge/Required-no-inactive?style=flat-square)\n![Default](https://img.shields.io/badge/Default-''-inactive?style=flat-square)\n\nBy default, this action uses the email addresses of users.\nSet this input to any non-zero value (e.g. `true`) to derive the GitHub usernames and use them instead.\n\n\n\u003c!--- END_ACTION_DOCS ---\u003e\n\n## Example\n\nThis is a typical example for a pull request workflow.\nIt should suffice to trigger it on few event types of pull request events only.\nThat also gives the author the possibility to remove themselves from the owners list optionally.\nMake sure to use `fetch-depth: 0` because otherwise, no git fame will be detected due to the lack of history.\n\n\u003c!-- add-file: ./.github/workflows/example.yml --\u003e\n``` yml markdown-add-files\nname: codeowners\n\non:\n  pull_request_target:\n    paths-ignore:\n      - '**/CODEOWNERS'\n      - 'LICENSE'\n    branches:\n      - master\n    types:\n      - ready_for_review\n      - review_request_removed\n      - reopened\n      - labeled\n\njobs:\n  update:\n    runs-on: ubuntu-latest\n    # only apply on unmerged pull requests\n    if: github.event.pull_request.merged_by == ''\n    steps:\n    - name: checkout code\n      uses: actions/checkout@v2.3.4\n      with:\n        # this only makes sure that forks are built as well\n        repository: ${{ github.event.pull_request.head.repo.full_name }}\n        ref: ${{ github.head_ref }}\n        # the fetch depth 0 (=all) is important\n        fetch-depth: 0\n        # the token is necessary for checks to rerun after auto commit\n        token: ${{ secrets.PAT }}\n    - name: update code owners\n      uses: gofunky/update-codeowners@v0.3.1\n      with:\n        distribution: 25\n        username: true\n    - uses: mszostok/codeowners-validator@v0.5.1\n      id: validation\n      if: ${{ steps.committed.outputs.changes_detected == 'true' }}\n      with:\n        checks: files,owners,duppatterns\n        # the token is required only if the `owners` check is enabled\n        github_access_token: ${{ secrets.PAT }}\n    - name: commit changed files\n      id: committed\n      if: ${{ steps.committed.outputs.changes_detected == 'true' }}\n      uses: stefanzweifel/git-auto-commit-action@v4.7.2\n      with:\n        commit_message: 'chore(meta): update code owners'\n        file_pattern: .github/CODEOWNERS\n    - uses: christianvuerings/add-labels@v1.1\n      if: ${{ steps.committed.outputs.changes_detected == 'true' }}\n      with:\n        labels: owned\n      env:\n        GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}\n\n```\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fgofunky%2Fupdate-codeowners","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fgofunky%2Fupdate-codeowners","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fgofunky%2Fupdate-codeowners/lists"}