{"id":13548914,"url":"https://github.com/google/addlicense","last_synced_at":"2026-02-21T11:32:46.159Z","repository":{"id":37385118,"uuid":"62048325","full_name":"google/addlicense","owner":"google","description":"A program which ensures source code files have copyright license headers by scanning directory patterns recursively","archived":false,"fork":false,"pushed_at":"2025-10-28T18:50:02.000Z","size":145,"stargazers_count":851,"open_issues_count":55,"forks_count":189,"subscribers_count":12,"default_branch":"master","last_synced_at":"2025-12-09T22:56:57.279Z","etag":null,"topics":["license","utility"],"latest_commit_sha":null,"homepage":"","language":"Go","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/google.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":"CONTRIBUTING.md","funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":null,"dco":null,"cla":null}},"created_at":"2016-06-27T10:37:54.000Z","updated_at":"2025-12-04T20:06:21.000Z","dependencies_parsed_at":"2023-02-16T18:31:51.346Z","dependency_job_id":"267884b9-d4ea-4160-ae2a-169db91ab1a2","html_url":"https://github.com/google/addlicense","commit_stats":{"total_commits":74,"total_committers":40,"mean_commits":1.85,"dds":0.7972972972972973,"last_synced_commit":"af4d9cf5dd41c61bc46403857fb8da301101cf8a"},"previous_names":[],"tags_count":5,"template":false,"template_full_name":null,"purl":"pkg:github/google/addlicense","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/google%2Faddlicense","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/google%2Faddlicense/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/google%2Faddlicense/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/google%2Faddlicense/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/google","download_url":"https://codeload.github.com/google/addlicense/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/google%2Faddlicense/sbom","scorecard":{"id":436317,"data":{"date":"2025-08-11","repo":{"name":"github.com/google/addlicense","commit":"0a5f8b4e300178b1bf647d7bc3ad1a1724a4b24c"},"scorecard":{"version":"v5.2.1-40-gf6ed084d","commit":"f6ed084d17c9236477efd66e5b258b9d4cc7b389"},"score":6.4,"checks":[{"name":"Maintained","score":10,"reason":"9 commit(s) and 4 issue activity found in the last 90 days -- score normalized to 10","details":null,"documentation":{"short":"Determines if the project is \"actively maintained\".","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#maintained"}},{"name":"Code-Review","score":7,"reason":"Found 19/24 approved changesets -- score normalized to 7","details":null,"documentation":{"short":"Determines if the project requires human code review before pull requests (aka merge requests) are merged.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#code-review"}},{"name":"Dangerous-Workflow","score":10,"reason":"no dangerous workflow patterns detected","details":null,"documentation":{"short":"Determines if the project's GitHub Action workflows avoid dangerous patterns.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#dangerous-workflow"}},{"name":"CII-Best-Practices","score":0,"reason":"no effort to earn an OpenSSF best practices badge detected","details":null,"documentation":{"short":"Determines if the project has an OpenSSF (formerly CII) Best Practices Badge.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#cii-best-practices"}},{"name":"Token-Permissions","score":0,"reason":"detected GitHub workflow tokens with excessive permissions","details":["Info: jobLevel 'contents' permission set to 'read': .github/workflows/release.yaml:40","Warn: jobLevel 'actions' permission set to 'write': .github/workflows/tests.yaml:19","Warn: no topLevel permission defined: .github/workflows/linter.yaml:1","Warn: no topLevel permission defined: .github/workflows/release.yaml:1","Warn: no topLevel permission defined: .github/workflows/tests.yaml:1"],"documentation":{"short":"Determines if the project's workflows follow the principle of least privilege.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#token-permissions"}},{"name":"Binary-Artifacts","score":10,"reason":"no binaries found in the repo","details":null,"documentation":{"short":"Determines if the project has generated executable (binary) artifacts in the source repository.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#binary-artifacts"}},{"name":"Fuzzing","score":0,"reason":"project is not fuzzed","details":["Warn: no fuzzer integrations found"],"documentation":{"short":"Determines if the project uses fuzzing.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#fuzzing"}},{"name":"License","score":10,"reason":"license file detected","details":["Info: project has a license file: LICENSE:0","Info: FSF or OSI recognized license: Apache License 2.0: LICENSE:0"],"documentation":{"short":"Determines if the project has defined a license.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#license"}},{"name":"Packaging","score":10,"reason":"packaging workflow detected","details":["Info: Project packages its releases by way of GitHub Actions.: .github/workflows/release.yaml:11"],"documentation":{"short":"Determines if the project is published as a package that others can easily download, install, easily update, and uninstall.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#packaging"}},{"name":"Branch-Protection","score":-1,"reason":"internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration","details":null,"documentation":{"short":"Determines if the default and release branches are protected with GitHub's branch protection settings.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#branch-protection"}},{"name":"Pinned-Dependencies","score":8,"reason":"dependency not pinned by hash detected -- score normalized to 8","details":["Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release.yaml:48: update your workflow using https://app.stepsecurity.io/secureworkflow/google/addlicense/release.yaml/master?enable=pin","Warn: containerImage not pinned by hash: Dockerfile:1","Info:   7 out of   8 GitHub-owned GitHubAction dependencies pinned","Info:   7 out of   7 third-party GitHubAction dependencies pinned","Info:   0 out of   1 containerImage dependencies pinned"],"documentation":{"short":"Determines if the project has declared and pinned the dependencies of its build process.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#pinned-dependencies"}},{"name":"Security-Policy","score":10,"reason":"security policy file detected","details":["Info: security policy file detected: github.com/google/.github/SECURITY.md:1","Info: Found linked content: github.com/google/.github/SECURITY.md:1","Info: Found disclosure, vulnerability, and/or timelines in security policy: github.com/google/.github/SECURITY.md:1","Info: Found text in security policy: github.com/google/.github/SECURITY.md:1"],"documentation":{"short":"Determines if the project has published a security policy.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#security-policy"}},{"name":"Signed-Releases","score":0,"reason":"Project has not signed or included provenance with any releases.","details":["Warn: release artifact v1.2.0 not signed: https://api.github.com/repos/google/addlicense/releases/239830239","Warn: release artifact v1.2.0-rc0 not signed: https://api.github.com/repos/google/addlicense/releases/236104676","Warn: release artifact v1.1.1 not signed: https://api.github.com/repos/google/addlicense/releases/89400661","Warn: release artifact v1.1.0 not signed: https://api.github.com/repos/google/addlicense/releases/83138429","Warn: release artifact v1.0.0 not signed: https://api.github.com/repos/google/addlicense/releases/47940744","Warn: release artifact v1.2.0 does not have provenance: https://api.github.com/repos/google/addlicense/releases/239830239","Warn: release artifact v1.2.0-rc0 does not have provenance: https://api.github.com/repos/google/addlicense/releases/236104676","Warn: release artifact v1.1.1 does not have provenance: https://api.github.com/repos/google/addlicense/releases/89400661","Warn: release artifact v1.1.0 does not have provenance: https://api.github.com/repos/google/addlicense/releases/83138429","Warn: release artifact v1.0.0 does not have provenance: https://api.github.com/repos/google/addlicense/releases/47940744"],"documentation":{"short":"Determines if the project cryptographically signs release artifacts.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#signed-releases"}},{"name":"SAST","score":0,"reason":"SAST tool is not run on all commits -- score normalized to 0","details":["Warn: 2 commits out of 30 are checked with a SAST tool"],"documentation":{"short":"Determines if the project uses static code analysis.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#sast"}},{"name":"Vulnerabilities","score":10,"reason":"0 existing vulnerabilities detected","details":null,"documentation":{"short":"Determines if the project has open, known unfixed vulnerabilities.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#vulnerabilities"}}]},"last_synced_at":"2025-08-19T04:45:31.536Z","repository_id":37385118,"created_at":"2025-08-19T04:45:31.536Z","updated_at":"2025-08-19T04:45:31.536Z"},"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":29679849,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-02-21T11:29:27.227Z","status":"ssl_error","status_checked_at":"2026-02-21T11:29:20.292Z","response_time":107,"last_error":"SSL_connect returned=1 errno=0 peeraddr=140.82.121.5:443 state=error: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["license","utility"],"created_at":"2024-08-01T12:01:15.932Z","updated_at":"2026-02-21T11:32:41.148Z","avatar_url":"https://github.com/google.png","language":"Go","funding_links":[],"categories":["Go","Programming"],"sub_categories":["Go"],"readme":"# addlicense\n\nThe program ensures source code files have copyright license headers\nby scanning directory patterns recursively.\n\nIt modifies all source files in place and avoids adding a license header\nto any file that already has one.\n\naddlicense requires go 1.16 or later.\n\n## install\n\n    go install github.com/google/addlicense@latest\n\n## usage\n\n    addlicense [flags] pattern [pattern ...]\n\n    -c      copyright holder (default \"Google LLC\")\n    -check  check only mode: verify presence of license headers and exit with non-zero code if missing\n    -f      license file\n    -ignore file patterns to ignore, for example: -ignore **/*.go -ignore vendor/**\n    -l      license type: apache, bsd, mit, mpl (default \"apache\")\n    -s      Include SPDX identifier in license header. Set -s=only to only include SPDX identifier.\n    -v      verbose mode: print the name of the files that are modified\n    -y      copyright year(s) (default is the current year)\n\nThe pattern argument can be provided multiple times, and may also refer\nto single files.  Directories are processed recursively.\n\nFor example, to run addlicense across everything in the current directory and\nall subdirectories:\n\n    addlicense .\n\nThe `-ignore` flag can use any pattern [supported by\ndoublestar](https://github.com/bmatcuk/doublestar#patterns).\n\n## Running in a Docker Container\n\nThe simplest way to get the addlicense docker image is to pull from GitHub\nContainer Registry:\n\n```bash\ndocker pull ghcr.io/google/addlicense:latest\n```\n\nAlternately, you can build it from source yourself:\n\n```bash\ndocker build -t ghcr.io/google/addlicense .\n```\n\nOnce you have the image, you can test that it works by running:\n\n```bash\ndocker run -it ghcr.io/google/addlicense -h\n```\n\nFinally, to run it, mount the directory you want to scan to `/src` and pass the\nappropriate addlicense flags:\n\n```bash\ndocker run -it -v ${PWD}:/src ghcr.io/google/addlicense -c \"Google LLC\" *.go\n```\n\n## Running with pre-commit\n\nThis is the official [pre-commit hook](https://pre-commit.com/) for addlicense.\n\nActivate by adding it to your `.pre-commit-config.yaml`:\n\n```bash\nrepos:\n- repo: https://github.com/google/addlicense\n  rev: \u003clatest tag\u003e\n  hooks:\n  - id: addlicense\n    args: [ \"-c\", \"Company, Inc\", \"*.go\" ]\n```\n\n## license\n\nApache 2.0\n\nThis is not an official Google product.\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fgoogle%2Faddlicense","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fgoogle%2Faddlicense","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fgoogle%2Faddlicense/lists"}