{"id":35154874,"url":"https://github.com/holmesgpt/holmesgpt","last_synced_at":"2026-04-07T12:01:34.619Z","repository":{"id":241896830,"uuid":"808146034","full_name":"HolmesGPT/holmesgpt","owner":"HolmesGPT","description":"SRE Agent - CNCF Sandbox Project","archived":false,"fork":false,"pushed_at":"2026-04-01T09:40:36.000Z","size":225425,"stargazers_count":2131,"open_issues_count":238,"forks_count":284,"subscribers_count":21,"default_branch":"master","last_synced_at":"2026-04-01T10:29:28.535Z","etag":null,"topics":["aiops","chatbot","chatops","devops","devops-tools","incident","incident-management","incident-response","jira","kubernetes","llm","llm-agent","llm-framework","llms","monitoring","observability","prometheus","site-reliability-engineering","slack","sre"],"latest_commit_sha":null,"homepage":"https://holmesgpt.dev/","language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/HolmesGPT.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":"CONTRIBUTING.md","funding":null,"license":"LICENSE","code_of_conduct":"CODE_OF_CONDUCT.md","threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":"SECURITY.md","support":null,"governance":"GOVERNANCE.md","roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":"MAINTAINERS.md","copyright":null,"agents":"AGENTS.md","dco":null,"cla":null}},"created_at":"2024-05-30T13:27:10.000Z","updated_at":"2026-04-01T08:50:13.000Z","dependencies_parsed_at":"2024-06-28T12:51:45.079Z","dependency_job_id":"1e89bab1-e664-4149-bd28-50261d1e9f20","html_url":"https://github.com/HolmesGPT/holmesgpt","commit_stats":{"total_commits":202,"total_committers":18,"mean_commits":"11.222222222222221","dds":0.6188118811881188,"last_synced_commit":"c0eba0d4011b744d59eac39257865746f33ac7a8"},"previous_names":["robusta-dev/holmesgpt","holmesgpt/holmesgpt"],"tags_count":123,"template":false,"template_full_name":null,"purl":"pkg:github/HolmesGPT/holmesgpt","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/HolmesGPT%2Fholmesgpt","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/HolmesGPT%2Fholmesgpt/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/HolmesGPT%2Fholmesgpt/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/HolmesGPT%2Fholmesgpt/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/HolmesGPT","download_url":"https://codeload.github.com/HolmesGPT/holmesgpt/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/HolmesGPT%2Fholmesgpt/sbom","scorecard":{"id":1241964,"data":{"date":"2026-01-19T19:25:51Z","repo":{"name":"github.com/HolmesGPT/holmesgpt","commit":"a925ef08c75bc01d6f7ab44b9b2e5516c53b229f"},"scorecard":{"version":"v5.3.0","commit":"c22063e786c11f9dd714d777a687ff7c4599b600"},"score":5.9,"checks":[{"name":"Security-Policy","score":10,"reason":"security policy file detected","details":["Info: security policy file detected: SECURITY.md:1","Info: Found linked content: SECURITY.md:1","Info: Found disclosure, vulnerability, and/or timelines in security policy: SECURITY.md:1","Info: Found text in security policy: SECURITY.md:1"],"documentation":{"short":"Determines if the project has published a security policy.","url":"https://github.com/ossf/scorecard/blob/c22063e786c11f9dd714d777a687ff7c4599b600/docs/checks.md#security-policy"}},{"name":"Dangerous-Workflow","score":10,"reason":"no dangerous workflow patterns detected","details":null,"documentation":{"short":"Determines if the project's GitHub Action workflows avoid dangerous patterns.","url":"https://github.com/ossf/scorecard/blob/c22063e786c11f9dd714d777a687ff7c4599b600/docs/checks.md#dangerous-workflow"}},{"name":"Maintained","score":10,"reason":"30 commit(s) and 22 issue activity found in the last 90 days -- score normalized to 10","details":null,"documentation":{"short":"Determines if the project is \"actively maintained\".","url":"https://github.com/ossf/scorecard/blob/c22063e786c11f9dd714d777a687ff7c4599b600/docs/checks.md#maintained"}},{"name":"Code-Review","score":10,"reason":"all changesets reviewed","details":null,"documentation":{"short":"Determines if the project requires human code review before pull requests (aka merge requests) are merged.","url":"https://github.com/ossf/scorecard/blob/c22063e786c11f9dd714d777a687ff7c4599b600/docs/checks.md#code-review"}},{"name":"Token-Permissions","score":0,"reason":"detected GitHub workflow tokens with excessive permissions","details":["Info: jobLevel 'contents' permission set to 'read': .github/workflows/build-docker-images.yaml:13","Info: jobLevel 'contents' permission set to 'read': .github/workflows/docker-dev-images.yaml:17","Warn: jobLevel 'contents' permission set to 'write': .github/workflows/eval-benchmarks.yaml:38","Warn: topLevel 'contents' permission set to 'write': .github/workflows/build-and-deploy-docs.yaml:7","Warn: no topLevel permission defined: .github/workflows/build-and-test.yaml:1","Warn: no topLevel permission defined: .github/workflows/build-binaries-and-brew.yaml:1","Warn: no topLevel permission defined: .github/workflows/build-docker-images.yaml:1","Warn: no topLevel permission defined: .github/workflows/docker-dev-images.yaml:1","Warn: no topLevel permission defined: .github/workflows/eval-benchmarks.yaml:1","Info: topLevel 'contents' permission set to 'read': .github/workflows/eval-regression.yaml:40","Warn: no topLevel permission defined: .github/workflows/publish-pypi.yaml:1","Info: topLevel permissions set to 'read-all': .github/workflows/scorecard-analysis.yml:13"],"documentation":{"short":"Determines if the project's workflows follow the principle of least privilege.","url":"https://github.com/ossf/scorecard/blob/c22063e786c11f9dd714d777a687ff7c4599b600/docs/checks.md#token-permissions"}},{"name":"Binary-Artifacts","score":10,"reason":"no binaries found in the repo","details":null,"documentation":{"short":"Determines if the project has generated executable (binary) artifacts in the source repository.","url":"https://github.com/ossf/scorecard/blob/c22063e786c11f9dd714d777a687ff7c4599b600/docs/checks.md#binary-artifacts"}},{"name":"Dependency-Update-Tool","score":10,"reason":"update tool detected","details":["Info: detected update tool: Dependabot: :0"],"documentation":{"short":"Determines if the project uses a dependency update tool.","url":"https://github.com/ossf/scorecard/blob/c22063e786c11f9dd714d777a687ff7c4599b600/docs/checks.md#dependency-update-tool"}},{"name":"CII-Best-Practices","score":2,"reason":"badge detected: InProgress","details":null,"documentation":{"short":"Determines if the project has an OpenSSF (formerly CII) Best Practices Badge.","url":"https://github.com/ossf/scorecard/blob/c22063e786c11f9dd714d777a687ff7c4599b600/docs/checks.md#cii-best-practices"}},{"name":"License","score":10,"reason":"license file detected","details":["Info: project has a license file: LICENSE:0","Info: FSF or OSI recognized license: Apache License 2.0: LICENSE:0"],"documentation":{"short":"Determines if the project has defined a license.","url":"https://github.com/ossf/scorecard/blob/c22063e786c11f9dd714d777a687ff7c4599b600/docs/checks.md#license"}},{"name":"Packaging","score":10,"reason":"packaging workflow detected","details":["Info: Project packages its releases by way of GitHub Actions.: .github/workflows/build-docker-images.yaml:8"],"documentation":{"short":"Determines if the project is published as a package that others can easily download, install, easily update, and uninstall.","url":"https://github.com/ossf/scorecard/blob/c22063e786c11f9dd714d777a687ff7c4599b600/docs/checks.md#packaging"}},{"name":"Pinned-Dependencies","score":0,"reason":"dependency not pinned by hash detected -- score normalized to 0","details":["Info: Possibly incomplete results: error parsing shell code: \"foo(\" must be followed by ): tests/llm/fixtures/test_ask_holmes/156_kafka_opensearch_latency/verify_setup.sh:61","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build-and-deploy-docs.yaml:12: update your workflow using https://app.stepsecurity.io/secureworkflow/HolmesGPT/holmesgpt/build-and-deploy-docs.yaml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build-and-deploy-docs.yaml:17: update your workflow using https://app.stepsecurity.io/secureworkflow/HolmesGPT/holmesgpt/build-and-deploy-docs.yaml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build-and-deploy-docs.yaml:21: update your workflow using https://app.stepsecurity.io/secureworkflow/HolmesGPT/holmesgpt/build-and-deploy-docs.yaml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build-and-test.yaml:21: update your workflow using https://app.stepsecurity.io/secureworkflow/HolmesGPT/holmesgpt/build-and-test.yaml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build-and-test.yaml:24: update your workflow using https://app.stepsecurity.io/secureworkflow/HolmesGPT/holmesgpt/build-and-test.yaml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build-binaries-and-brew.yaml:180: update your workflow using https://app.stepsecurity.io/secureworkflow/HolmesGPT/holmesgpt/build-binaries-and-brew.yaml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build-binaries-and-brew.yaml:19: update your workflow using https://app.stepsecurity.io/secureworkflow/HolmesGPT/holmesgpt/build-binaries-and-brew.yaml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build-binaries-and-brew.yaml:22: update your workflow using https://app.stepsecurity.io/secureworkflow/HolmesGPT/holmesgpt/build-binaries-and-brew.yaml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build-binaries-and-brew.yaml:109: update your workflow using https://app.stepsecurity.io/secureworkflow/HolmesGPT/holmesgpt/build-binaries-and-brew.yaml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build-binaries-and-brew.yaml:119: update your workflow using https://app.stepsecurity.io/secureworkflow/HolmesGPT/holmesgpt/build-binaries-and-brew.yaml/master?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/build-binaries-and-brew.yaml:131: update your workflow using https://app.stepsecurity.io/secureworkflow/HolmesGPT/holmesgpt/build-binaries-and-brew.yaml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build-binaries-and-brew.yaml:146: update your workflow using https://app.stepsecurity.io/secureworkflow/HolmesGPT/holmesgpt/build-binaries-and-brew.yaml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build-binaries-and-brew.yaml:148: update your workflow using https://app.stepsecurity.io/secureworkflow/HolmesGPT/holmesgpt/build-binaries-and-brew.yaml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build-binaries-and-brew.yaml:164: update your workflow using https://app.stepsecurity.io/secureworkflow/HolmesGPT/holmesgpt/build-binaries-and-brew.yaml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build-binaries-and-brew.yaml:166: update your workflow using https://app.stepsecurity.io/secureworkflow/HolmesGPT/holmesgpt/build-binaries-and-brew.yaml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build-docker-images.yaml:18: update your workflow using https://app.stepsecurity.io/secureworkflow/HolmesGPT/holmesgpt/build-docker-images.yaml/master?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/build-docker-images.yaml:20: update your workflow using https://app.stepsecurity.io/secureworkflow/HolmesGPT/holmesgpt/build-docker-images.yaml/master?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/build-docker-images.yaml:26: update your workflow using https://app.stepsecurity.io/secureworkflow/HolmesGPT/holmesgpt/build-docker-images.yaml/master?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/build-docker-images.yaml:41: update your workflow using https://app.stepsecurity.io/secureworkflow/HolmesGPT/holmesgpt/build-docker-images.yaml/master?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/build-docker-images.yaml:47: update your workflow using https://app.stepsecurity.io/secureworkflow/HolmesGPT/holmesgpt/build-docker-images.yaml/master?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/build-docker-images.yaml:50: update your workflow using https://app.stepsecurity.io/secureworkflow/HolmesGPT/holmesgpt/build-docker-images.yaml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build-docker-images.yaml:73: update your workflow using https://app.stepsecurity.io/secureworkflow/HolmesGPT/holmesgpt/build-docker-images.yaml/master?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/build-docker-images.yaml:83: update your workflow using https://app.stepsecurity.io/secureworkflow/HolmesGPT/holmesgpt/build-docker-images.yaml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/docker-dev-images.yaml:22: update your workflow using https://app.stepsecurity.io/secureworkflow/HolmesGPT/holmesgpt/docker-dev-images.yaml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/docker-dev-images.yaml:53: update your workflow using https://app.stepsecurity.io/secureworkflow/HolmesGPT/holmesgpt/docker-dev-images.yaml/master?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/docker-dev-images.yaml:152: update your workflow using https://app.stepsecurity.io/secureworkflow/HolmesGPT/holmesgpt/docker-dev-images.yaml/master?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/docker-dev-images.yaml:160: update your workflow using https://app.stepsecurity.io/secureworkflow/HolmesGPT/holmesgpt/docker-dev-images.yaml/master?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/docker-dev-images.yaml:169: update your workflow using https://app.stepsecurity.io/secureworkflow/HolmesGPT/holmesgpt/docker-dev-images.yaml/master?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/docker-dev-images.yaml:176: update your workflow using https://app.stepsecurity.io/secureworkflow/HolmesGPT/holmesgpt/docker-dev-images.yaml/master?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/docker-dev-images.yaml:186: update your workflow using https://app.stepsecurity.io/secureworkflow/HolmesGPT/holmesgpt/docker-dev-images.yaml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/docker-dev-images.yaml:206: update your workflow using https://app.stepsecurity.io/secureworkflow/HolmesGPT/holmesgpt/docker-dev-images.yaml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/eval-benchmarks.yaml:43: update your workflow using https://app.stepsecurity.io/secureworkflow/HolmesGPT/holmesgpt/eval-benchmarks.yaml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/eval-benchmarks.yaml:113: update your workflow using https://app.stepsecurity.io/secureworkflow/HolmesGPT/holmesgpt/eval-benchmarks.yaml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/eval-regression.yaml:50: update your workflow using https://app.stepsecurity.io/secureworkflow/HolmesGPT/holmesgpt/eval-regression.yaml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/eval-regression.yaml:80: update your workflow using https://app.stepsecurity.io/secureworkflow/HolmesGPT/holmesgpt/eval-regression.yaml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/eval-regression.yaml:83: update your workflow using https://app.stepsecurity.io/secureworkflow/HolmesGPT/holmesgpt/eval-regression.yaml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/eval-regression.yaml:138: update your workflow using https://app.stepsecurity.io/secureworkflow/HolmesGPT/holmesgpt/eval-regression.yaml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/eval-regression.yaml:249: update your workflow using https://app.stepsecurity.io/secureworkflow/HolmesGPT/holmesgpt/eval-regression.yaml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/eval-regression.yaml:257: update your workflow using https://app.stepsecurity.io/secureworkflow/HolmesGPT/holmesgpt/eval-regression.yaml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/eval-regression.yaml:266: update your workflow using https://app.stepsecurity.io/secureworkflow/HolmesGPT/holmesgpt/eval-regression.yaml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/eval-regression.yaml:473: update your workflow using https://app.stepsecurity.io/secureworkflow/HolmesGPT/holmesgpt/eval-regression.yaml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/eval-regression.yaml:571: update your workflow using https://app.stepsecurity.io/secureworkflow/HolmesGPT/holmesgpt/eval-regression.yaml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/eval-regression.yaml:661: update your workflow using https://app.stepsecurity.io/secureworkflow/HolmesGPT/holmesgpt/eval-regression.yaml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/eval-regression.yaml:716: update your workflow using https://app.stepsecurity.io/secureworkflow/HolmesGPT/holmesgpt/eval-regression.yaml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/eval-regression.yaml:812: update your workflow using https://app.stepsecurity.io/secureworkflow/HolmesGPT/holmesgpt/eval-regression.yaml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/eval-regression.yaml:897: update your workflow using https://app.stepsecurity.io/secureworkflow/HolmesGPT/holmesgpt/eval-regression.yaml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/publish-pypi.yaml:12: update your workflow using https://app.stepsecurity.io/secureworkflow/HolmesGPT/holmesgpt/publish-pypi.yaml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/publish-pypi.yaml:15: update your workflow using https://app.stepsecurity.io/secureworkflow/HolmesGPT/holmesgpt/publish-pypi.yaml/master?enable=pin","Warn: containerImage not pinned by hash: Dockerfile:2: pin your Docker image by updating python:3.11-slim-bookworm to python:3.11-slim-bookworm@sha256:bcbbec29f7a3f9cbee891e3cd69d7fe4dec7e281daf36cbd415ddd8ee2ba0077","Warn: containerImage not pinned by hash: Dockerfile:80: pin your Docker image by updating python:3.11-slim-bookworm to python:3.11-slim-bookworm@sha256:bcbbec29f7a3f9cbee891e3cd69d7fe4dec7e281daf36cbd415ddd8ee2ba0077","Warn: containerImage not pinned by hash: tests/llm/fixtures/shared/python-flask-otel/Dockerfile:1: pin your Docker image by updating python:3.11-slim to python:3.11-slim@sha256:5be45dbade29bebd6886af6b438fd7e0b4eb7b611f39ba62b430263f82de36d2","Warn: containerImage not pinned by hash: tests/llm/fixtures/test_ask_holmes/07_high_latency/helm/Dockerfile:1: pin your Docker image by updating python:3.10-slim to python:3.10-slim@sha256:f5d029fe39146b08200bcc73595795ac19b85997ad0e5001a02c7c32e8769efa","Warn: containerImage not pinned by hash: tests/llm/fixtures/test_ask_holmes/55_kafka_runbook/app/accounting-app/Dockerfile:1: pin your Docker image by updating python:3.11-slim to python:3.11-slim@sha256:5be45dbade29bebd6886af6b438fd7e0b4eb7b611f39ba62b430263f82de36d2","Warn: containerImage not pinned by hash: tests/llm/fixtures/test_ask_holmes/55_kafka_runbook/app/finance-app/Dockerfile:1: pin your Docker image by updating python:3.11-slim to python:3.11-slim@sha256:5be45dbade29bebd6886af6b438fd7e0b4eb7b611f39ba62b430263f82de36d2","Warn: containerImage not pinned by hash: tests/llm/fixtures/test_ask_holmes/55_kafka_runbook/app/invoices-app/Dockerfile:1: pin your Docker image by updating python:3.11-slim to python:3.11-slim@sha256:5be45dbade29bebd6886af6b438fd7e0b4eb7b611f39ba62b430263f82de36d2","Warn: containerImage not pinned by hash: tests/llm/fixtures/test_ask_holmes/55_kafka_runbook/app/orders-app/Dockerfile:1: pin your Docker image by updating python:3.11-slim to python:3.11-slim@sha256:5be45dbade29bebd6886af6b438fd7e0b4eb7b611f39ba62b430263f82de36d2","Warn: containerImage not pinned by hash: tests/llm/fixtures/test_investigate/09_high_latency/helm/Dockerfile:1: pin your Docker image by updating python:3.10-slim to python:3.10-slim@sha256:f5d029fe39146b08200bcc73595795ac19b85997ad0e5001a02c7c32e8769efa","Warn: downloadThenRun not pinned by hash: Dockerfile:62","Warn: pipCommand not pinned by hash: Dockerfile:66-69","Warn: pipCommand not pinned by hash: tests/llm/fixtures/shared/python-flask-otel/Dockerfile:6-17","Warn: pipCommand not pinned by hash: tests/llm/fixtures/test_ask_holmes/07_high_latency/helm/Dockerfile:10","Warn: pipCommand not pinned by hash: tests/llm/fixtures/test_ask_holmes/55_kafka_runbook/app/accounting-app/Dockerfile:6","Warn: pipCommand not pinned by hash: tests/llm/fixtures/test_ask_holmes/55_kafka_runbook/app/finance-app/Dockerfile:6","Warn: pipCommand not pinned by hash: tests/llm/fixtures/test_ask_holmes/55_kafka_runbook/app/invoices-app/Dockerfile:6","Warn: pipCommand not pinned by hash: tests/llm/fixtures/test_ask_holmes/55_kafka_runbook/app/orders-app/Dockerfile:6","Warn: pipCommand not pinned by hash: tests/llm/fixtures/test_investigate/09_high_latency/helm/Dockerfile:10","Warn: downloadThenRun not pinned by hash: .github/workflows/build-and-deploy-docs.yaml:29","Warn: pipCommand not pinned by hash: .github/workflows/build-and-test.yaml:31","Warn: downloadThenRun not pinned by hash: .github/workflows/build-and-test.yaml:33","Warn: pipCommand not pinned by hash: .github/workflows/build-binaries-and-brew.yaml:29","Warn: downloadThenRun not pinned by hash: .github/workflows/build-binaries-and-brew.yaml:30","Warn: downloadThenRun not pinned by hash: .github/workflows/publish-pypi.yaml:21","Info:   3 out of  39 GitHub-owned GitHubAction dependencies pinned","Info:   1 out of  13 third-party GitHubAction dependencies pinned","Info:   0 out of  10 pipCommand dependencies pinned","Info:   0 out of   9 containerImage dependencies pinned","Info:   0 out of   5 downloadThenRun dependencies pinned"],"documentation":{"short":"Determines if the project has declared and pinned the dependencies of its build process.","url":"https://github.com/ossf/scorecard/blob/c22063e786c11f9dd714d777a687ff7c4599b600/docs/checks.md#pinned-dependencies"}},{"name":"SAST","score":0,"reason":"SAST tool is not run on all commits -- score normalized to 0","details":["Warn: 0 commits out of 30 are checked with a SAST tool"],"documentation":{"short":"Determines if the project uses static code analysis.","url":"https://github.com/ossf/scorecard/blob/c22063e786c11f9dd714d777a687ff7c4599b600/docs/checks.md#sast"}},{"name":"Branch-Protection","score":-1,"reason":"internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md","details":null,"documentation":{"short":"Determines if the default and release branches are protected with GitHub's branch protection settings.","url":"https://github.com/ossf/scorecard/blob/c22063e786c11f9dd714d777a687ff7c4599b600/docs/checks.md#branch-protection"}},{"name":"Fuzzing","score":0,"reason":"project is not fuzzed","details":["Warn: no fuzzer integrations found"],"documentation":{"short":"Determines if the project uses fuzzing.","url":"https://github.com/ossf/scorecard/blob/c22063e786c11f9dd714d777a687ff7c4599b600/docs/checks.md#fuzzing"}},{"name":"Signed-Releases","score":0,"reason":"Project has not signed or included provenance with any releases.","details":["Warn: release artifact 0.18.5 not signed: https://api.github.com/repos/HolmesGPT/holmesgpt/releases/277860513","Warn: release artifact 0.18.3 not signed: https://api.github.com/repos/HolmesGPT/holmesgpt/releases/274801228","Warn: release artifact 0.18.3-alpha1 not signed: https://api.github.com/repos/HolmesGPT/holmesgpt/releases/274753652","Warn: release artifact 0.18.5 does not have provenance: https://api.github.com/repos/HolmesGPT/holmesgpt/releases/277860513","Warn: release artifact 0.18.3 does not have provenance: https://api.github.com/repos/HolmesGPT/holmesgpt/releases/274801228","Warn: release artifact 0.18.3-alpha1 does not have provenance: https://api.github.com/repos/HolmesGPT/holmesgpt/releases/274753652"],"documentation":{"short":"Determines if the project cryptographically signs release artifacts.","url":"https://github.com/ossf/scorecard/blob/c22063e786c11f9dd714d777a687ff7c4599b600/docs/checks.md#signed-releases"}},{"name":"Vulnerabilities","score":0,"reason":"39 existing vulnerabilities detected","details":["Warn: Project is vulnerable to: GHSA-5j98-mcp5-4vw2","Warn: Project is vulnerable to: GHSA-mh29-5h37-fv8m","Warn: Project is vulnerable to: GHSA-4fh9-h7wg-q85m","Warn: Project is vulnerable to: GHSA-554w-wpv2-vw27","Warn: Project is vulnerable to: GHSA-5gfm-wpxj-wjgq","Warn: Project is vulnerable to: GHSA-65ch-62r8-g69g","Warn: Project is vulnerable to: GHSA-rp65-9cf3-cjxr","Warn: Project is vulnerable to: GHSA-7fh5-64p2-3v2j","Warn: Project is vulnerable to: GHSA-6rw7-vpxm-498p","Warn: Project is vulnerable to: GHSA-4v9v-hfq4-rm2v","Warn: Project is vulnerable to: GHSA-9jgg-88mc-972h","Warn: Project is vulnerable to: GHSA-54jq-c3m8-4m76","Warn: Project is vulnerable to: GHSA-69f9-5gxw-wvc2","Warn: Project is vulnerable to: GHSA-6jhg-hg63-jvvf","Warn: Project is vulnerable to: GHSA-6mq8-rvhq-8wgg","Warn: Project is vulnerable to: GHSA-fh55-r93g-j68g","Warn: Project is vulnerable to: GHSA-g84x-mcqj-x9qq","Warn: Project is vulnerable to: GHSA-jj3x-wxrx-4x23","Warn: Project is vulnerable to: GHSA-mqqc-3gqh-h2x8","Warn: Project is vulnerable to: GHSA-jm66-cg57-jjv5","Warn: Project is vulnerable to: GHSA-qmgc-5h2g-mvrw","Warn: Project is vulnerable to: GHSA-w853-jp5j-5j7f","Warn: Project is vulnerable to: GHSA-768j-98cg-p3fv","Warn: Project is vulnerable to: GHSA-9h52-p55h-vw2f","Warn: Project is vulnerable to: GHSA-63vm-454h-vhhq","Warn: Project is vulnerable to: GHSA-7f5h-v6xp-fcq8","Warn: Project is vulnerable to: GHSA-2xpw-w6gg-jr37","Warn: Project is vulnerable to: GHSA-38jv-5279-wg99","Warn: Project is vulnerable to: GHSA-gm62-xv2j-4w53","Warn: Project is vulnerable to: GHSA-pq67-6m6q-mj2v","Warn: Project is vulnerable to: GHSA-597g-3phw-6986","Warn: Project is vulnerable to: PYSEC-2021-100 / GHSA-8h2j-cgx8-6xv7","Warn: Project is vulnerable to: PYSEC-2024-38","Warn: Project is vulnerable to: GHSA-v9hf-5j83-6xpp","Warn: Project is vulnerable to: PYSEC-2019-124 / GHSA-38fc-9xqv-7f7q","Warn: Project is vulnerable to: PYSEC-2019-123 / GHSA-887w-45rq-vxgf","Warn: Project is vulnerable to: PYSEC-2012-9 / GHSA-hfg2-wf6j-x53p","Warn: Project is vulnerable to: PYSEC-2020-150 / GHSA-33c7-2mpw-hg34","Warn: Project is vulnerable to: PYSEC-2020-151 / GHSA-f97h-2pfx-f59f"],"documentation":{"short":"Determines if the project has open, known unfixed vulnerabilities.","url":"https://github.com/ossf/scorecard/blob/c22063e786c11f9dd714d777a687ff7c4599b600/docs/checks.md#vulnerabilities"}},{"name":"CI-Tests","score":10,"reason":"30 out of 30 merged PRs checked by a CI test -- score normalized to 10","details":null,"documentation":{"short":"Determines if the project runs tests before pull requests are merged.","url":"https://github.com/ossf/scorecard/blob/c22063e786c11f9dd714d777a687ff7c4599b600/docs/checks.md#ci-tests"}},{"name":"Contributors","score":10,"reason":"project has 8 contributing companies or organizations","details":["Info: found contributions from: AroundRoidGroup, Azure, MicrosoftDocs, azure, joytunes, kubesimplify, nearform, robusta"],"documentation":{"short":"Determines if the project has a set of contributors from multiple organizations (e.g., companies).","url":"https://github.com/ossf/scorecard/blob/c22063e786c11f9dd714d777a687ff7c4599b600/docs/checks.md#contributors"}}]},"last_synced_at":"2026-01-19T21:26:40.887Z","repository_id":241896830,"created_at":"2026-01-19T21:26:40.887Z","updated_at":"2026-01-19T21:26:40.887Z"},"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":31511784,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-04-07T03:10:19.677Z","status":"ssl_error","status_checked_at":"2026-04-07T03:10:13.982Z","response_time":105,"last_error":"SSL_connect returned=1 errno=0 peeraddr=140.82.121.5:443 state=error: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["aiops","chatbot","chatops","devops","devops-tools","incident","incident-management","incident-response","jira","kubernetes","llm","llm-agent","llm-framework","llms","monitoring","observability","prometheus","site-reliability-engineering","slack","sre"],"created_at":"2025-12-28T16:46:27.137Z","updated_at":"2026-04-07T12:01:30.585Z","avatar_url":"https://github.com/HolmesGPT.png","language":"Python","readme":null,"funding_links":[],"categories":[],"sub_categories":[],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fholmesgpt%2Fholmesgpt","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fholmesgpt%2Fholmesgpt","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fholmesgpt%2Fholmesgpt/lists"}