{"id":28767029,"url":"https://github.com/hortonworks/cloud-haunter","last_synced_at":"2026-06-02T12:00:54.964Z","repository":{"id":30841403,"uuid":"125079728","full_name":"hortonworks/cloud-haunter","owner":"hortonworks","description":"Cloud agnostic resource monitoring and janitor tool","archived":false,"fork":false,"pushed_at":"2026-05-28T12:47:14.000Z","size":12282,"stargazers_count":21,"open_issues_count":8,"forks_count":12,"subscribers_count":35,"default_branch":"master","last_synced_at":"2026-05-28T14:20:43.369Z","etag":null,"topics":["aws","azure","cloud","gcp","golang","janitor","monitoring"],"latest_commit_sha":null,"homepage":"","language":"Go","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/hortonworks.png","metadata":{"files":{"readme":"README.MD","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":null,"dco":null,"cla":null}},"created_at":"2018-03-13T16:13:56.000Z","updated_at":"2026-05-27T08:27:24.000Z","dependencies_parsed_at":"2024-06-19T00:34:28.062Z","dependency_job_id":"f58d8df6-2ca7-47a6-af30-30eed1168946","html_url":"https://github.com/hortonworks/cloud-haunter","commit_stats":null,"previous_names":["hortonworks/cloud-cost-reducer"],"tags_count":98,"template":false,"template_full_name":null,"purl":"pkg:github/hortonworks/cloud-haunter","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hortonworks%2Fcloud-haunter","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hortonworks%2Fcloud-haunter/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hortonworks%2Fcloud-haunter/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hortonworks%2Fcloud-haunter/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/hortonworks","download_url":"https://codeload.github.com/hortonworks/cloud-haunter/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hortonworks%2Fcloud-haunter/sbom","scorecard":{"id":469231,"data":{"date":"2025-08-11","repo":{"name":"github.com/hortonworks/cloud-haunter","commit":"de7274d2aec402f087af961f9c5862072f69c4be"},"scorecard":{"version":"v5.2.1-40-gf6ed084d","commit":"f6ed084d17c9236477efd66e5b258b9d4cc7b389"},"score":3,"checks":[{"name":"Packaging","score":-1,"reason":"packaging workflow not detected","details":["Warn: no GitHub/GitLab publishing workflow detected."],"documentation":{"short":"Determines if the project is published as a package that others can easily download, install, easily update, and uninstall.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#packaging"}},{"name":"Maintained","score":1,"reason":"2 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 1","details":null,"documentation":{"short":"Determines if the project is \"actively maintained\".","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#maintained"}},{"name":"Code-Review","score":10,"reason":"all changesets reviewed","details":null,"documentation":{"short":"Determines if the project requires human code review before pull requests (aka merge requests) are merged.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#code-review"}},{"name":"Token-Permissions","score":-1,"reason":"No tokens found","details":null,"documentation":{"short":"Determines if the project's workflows follow the principle of least privilege.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#token-permissions"}},{"name":"Dangerous-Workflow","score":-1,"reason":"no workflows found","details":null,"documentation":{"short":"Determines if the project's GitHub Action workflows avoid dangerous patterns.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#dangerous-workflow"}},{"name":"CII-Best-Practices","score":0,"reason":"no effort to earn an OpenSSF best practices badge detected","details":null,"documentation":{"short":"Determines if the project has an OpenSSF (formerly CII) Best Practices Badge.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#cii-best-practices"}},{"name":"Security-Policy","score":0,"reason":"security policy file not detected","details":["Warn: no security policy file detected","Warn: no security file to analyze","Warn: no security file to analyze","Warn: no security file to analyze"],"documentation":{"short":"Determines if the project has published a security policy.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#security-policy"}},{"name":"License","score":10,"reason":"license file detected","details":["Info: project has a license file: LICENSE:0","Info: FSF or OSI recognized license: Apache License 2.0: LICENSE:0"],"documentation":{"short":"Determines if the project has defined a license.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#license"}},{"name":"Binary-Artifacts","score":10,"reason":"no binaries found in the repo","details":null,"documentation":{"short":"Determines if the project has generated executable (binary) artifacts in the source repository.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#binary-artifacts"}},{"name":"Fuzzing","score":0,"reason":"project is not fuzzed","details":["Warn: no fuzzer integrations found"],"documentation":{"short":"Determines if the project uses fuzzing.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#fuzzing"}},{"name":"Signed-Releases","score":0,"reason":"Project has not signed or included provenance with any releases.","details":["Warn: release artifact v0.5.69 not signed: https://api.github.com/repos/hortonworks/cloud-haunter/releases/225549807","Warn: release artifact v0.5.68 not signed: https://api.github.com/repos/hortonworks/cloud-haunter/releases/220359004","Warn: release artifact v0.5.67 not signed: https://api.github.com/repos/hortonworks/cloud-haunter/releases/217934593","Warn: release artifact v0.5.69 does not have provenance: https://api.github.com/repos/hortonworks/cloud-haunter/releases/225549807","Warn: release artifact v0.5.68 does not have provenance: https://api.github.com/repos/hortonworks/cloud-haunter/releases/220359004","Warn: release artifact v0.5.67 does not have provenance: https://api.github.com/repos/hortonworks/cloud-haunter/releases/217934593"],"documentation":{"short":"Determines if the project cryptographically signs release artifacts.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#signed-releases"}},{"name":"Branch-Protection","score":0,"reason":"branch protection not enabled on development/release branches","details":["Warn: branch protection not enabled for branch 'master'"],"documentation":{"short":"Determines if the default and release branches are protected with GitHub's branch protection settings.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#branch-protection"}},{"name":"Pinned-Dependencies","score":6,"reason":"dependency not pinned by hash detected -- score normalized to 6","details":["Warn: goCommand not pinned by hash: vendor/google.golang.org/grpc/regenerate.sh:35","Warn: goCommand not pinned by hash: vendor/google.golang.org/grpc/vet.sh:37","Info:   3 out of   5 goCommand dependencies pinned"],"documentation":{"short":"Determines if the project has declared and pinned the dependencies of its build process.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#pinned-dependencies"}},{"name":"SAST","score":0,"reason":"SAST tool is not run on all commits -- score normalized to 0","details":["Warn: 0 commits out of 30 are checked with a SAST tool"],"documentation":{"short":"Determines if the project uses static code analysis.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#sast"}},{"name":"Vulnerabilities","score":0,"reason":"10 existing vulnerabilities detected","details":["Warn: Project is vulnerable to: GO-2022-0391 / GHSA-6jvc-q2x7-pchv / GHSA-76wf-9vgp-pj7w","Warn: Project is vulnerable to: GO-2022-0635 / GHSA-7f33-f4f5-xwgw","Warn: Project is vulnerable to: GO-2022-0646 / GHSA-f5pg-7wfw-84q9","Warn: Project is vulnerable to: GO-2025-3553 / GHSA-mh63-6h87-95cp","Warn: Project is vulnerable to: GO-2025-3487 / GHSA-hcg3-q754-cr77","Warn: Project is vulnerable to: GO-2025-3503 / GHSA-qxp5-gwg8-xv66","Warn: Project is vulnerable to: GO-2025-3595 / GHSA-vvgc-356p-c3xw","Warn: Project is vulnerable to: GO-2025-3488 / GHSA-6v2p-p543-phr9","Warn: Project is vulnerable to: GO-2023-2153 / GHSA-m425-mq94-257g / GHSA-qppj-fm5r-hxr3","Warn: Project is vulnerable to: GO-2024-2611 / GHSA-8r3f-844c-mc37"],"documentation":{"short":"Determines if the project has open, known unfixed vulnerabilities.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#vulnerabilities"}}]},"last_synced_at":"2025-08-19T13:22:32.059Z","repository_id":30841403,"created_at":"2025-08-19T13:22:32.059Z","updated_at":"2025-08-19T13:22:32.059Z"},"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":33820643,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-05-26T15:22:16.424Z","status":"online","status_checked_at":"2026-06-02T02:00:07.132Z","response_time":109,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["aws","azure","cloud","gcp","golang","janitor","monitoring"],"created_at":"2025-06-17T13:00:51.375Z","updated_at":"2026-06-02T12:00:54.956Z","avatar_url":"https://github.com/hortonworks.png","language":"Go","funding_links":[],"categories":[],"sub_categories":[],"readme":"[![CircleCI](https://circleci.com/gh/hortonworks/cloud-haunter.svg?style=shield)](https://circleci.com/gh/hortonworks/cloud-haunter) [![Go Report Card](https://goreportcard.com/badge/github.com/hortonworks/cloud-haunter)](https://goreportcard.com/report/github.com/hortonworks/cloud-haunter)\n\n# Cloud Haunter\n\n`Haunter is a pokémon ghost which will poison and kill your unidentified and orphan cloud resources`\n \nThe main goal of this project is to save costs in the cloud by monitoring and terminating resources.\nCloud Haunter (ch) supports the three major cloud providers.\n\n`The project is under construction, use on your own risk!`\n\n## Supported resources\n---\n\n|          | AWS                                                  | AZURE           | GCP                            |\n|----------|------------------------------------------------------|-----------------|--------------------------------|\n| Stack    | Cloudformation stack, Native stack assembled by tags | Resource group  | Native stack assembled by tags |\n| Instance | EC2 instance                                         | Virtual machine | Compute Engine instances       |\n| Disk     | EC2 disk                                             | -               | Compute Engine disks           |\n| Access   | IAM user                                             | -               | IAM service accounts           |\n| Database | RDS database                                         | -               | SQL instances                  |\n| Alert    | CloudWatch alarm                                     | -               | -                              |\n| Storage  | -                                                    | Storage account | -                              |\n\n### Filters appliable to resources:\n * long running\n * without owner\n * actually running\n * already stopped\n * old cloud credentials\n * resource unused\n\n### Actions appliable to resources:\n * send notification\n * log result\n * print result in json format\n * stop instances [AWS, AZURE, GCP]\n * terminate instances [AWS, AZURE, GCP]\n * terminate stacks [AWS, AZURE, GCP]\n * terminate disks [AWS, GCP]\n * terminate images [AWS, AZURE, GCP]\n * cleanup storages [AWS, AZURE]\n\n## Prerequisites\n---\nFor the proper work, you have to use some custom tags/labels on your cloud resources.\n\n#### AWS\n * Owner tag: `owner`\n * Ignore tag: `cloud-cost-reducer-ignore`\n * Resource grouping label: `Cloudera-Environment-Resource-Name` (for native stacks)\n\n#### Azure\n * Owner tag: `owner`\n * Ignore tag: `cloud-cost-reducer-ignore`\n * Resource creation time, because Azure SDK doesn't response it: `cb-creation-timestamp`\n\n#### Google\n * Owner label: `owner`\n * Ignore label: `cloud-cost-reducer-ignore`\n * Resource grouping label: `cloudera-environment-resource-name`\n * Resource description (optional): `Generated by CDP.`\n\nThere is an option to use custom tags/labels, but you have to recompile the project with a bunch of custom environment variables like `OWNER_LABEL`. Please check Makefile.\n\n### Resource filtering\n\nThis tool works well if you use it from early days of your cloud account and all of your users are following the basic rules of tagging instances. On the other hand introducing it on an existing environment should be pain in the back.\nThere is an option to declare your include/exclude policies in a YAML file (please have look at utils/testdata/filterConfig.yml).\nCH will include/exclude all the resources where the name, owner, or any of the tags are matching with the given configuration.\n\n## Installation\n---\n\n```\ncurl -Ls https://github.com/hortonworks/cloud-haunter/releases/download/v0.5.41/cloud-haunter_0.5.41_$(uname)_x86_64.tgz | tar x\n```\n**NOTE**: You can find the latest version released under https://github.com/hortonworks/cloud-haunter/releases\n\n## Usage\n---\n\n```\nNAME:\n   Cloud Haunter\nUSAGE:\n   ch -o=operation -a=action [-f=filter1,filter2] [-c=cloud1,cloud2]\nVERSION:\n   v0.5.7-snapshot\n\nAUTHOR(S):\n   Hortonworks\nOPERATIONS:\n\t-o getAccess\n\t-o getAlerts\n\t-o getDatabases\n\t-o getDisks\n\t-o getImages\n\t-o getInstances\n\t-o getStacks\n\t-o getStorages\n\t-o readImages\nFILTERS:\n\t-f failed\n\t-f longrunning\n\t-f match\n\t-f nomatch\n\t-f oldaccess\n\t-f ownerless\n\t-f running\n\t-f stopped\n\t-f unused\nACTIONS:\n\t-a cleanup\n\t-a json\n\t-a log\n\t-a notification\n\t-a stop\n\t-a termination\nCLOUDS:\n\t-c AWS_GOV\n\t-c AWS\n\t-c AZURE\n\t-c GCP\nFILTER_CONFIG:\n\t-fc=/location/of/filter/config.yml\nDRY RUN:\n\t-d\nVERBOSE:\n\t-v\nDISABLE_IGNORE_LABEL:\n\t-i\nEXACT_MATCH_OWNERS:\n\t-e\nHELP:\n\t-h\n```\n\n### Environment variables\n\n#### AWS\n * AWS_ACCESS_KEY_ID\n * AWS_SECRET_ACCESS_KEY\n\n#### Azure\n * AZURE_SUBSCRIPTION_ID\n * AZURE_TENANT_ID\n * AZURE_CLIENT_ID\n * AZURE_CLIENT_SECRET\n\n#### Google\n * GOOGLE_PROJECT_ID\n * GOOGLE_APPLICATION_CREDENTIALS, location of service account JSON \n\n#### HipChat\n * HIPCHAT_TOKEN\n * HIPCHAT_SERVER\n * HIPCHAT_ROOM\n\n#### Slack\n * SLACK_WEBHOOK_URL\n\n#### Long running\n * RUNNING_PERIOD, default: 24h\n\n#### Old access\n * ACCESS_AVAILABLE_PERIOD, default: 2880h\n\n#### Retention days for cleanup\n * RETENTION_DAYS, default: 90\n\n### Usage examples\n\nTerminate AWS stacks with owners not exactly matching the known owners, even if they have an ignore label\n```\n# Set up cloud provider settings\nexport AWS_ACCESS_KEY_ID=...\nexport AWS_SECRET_ACCESS_KEY=...\n\n# Run Cloud Haunter\nch -o getStacks -a termination -f nomatch -c aws -fc known-owners-filter-config.yml -i -e\n```\n\nTerminate Azure instances with specific owners if they are running longer than 6 hours\n```\n# Set up cloud provider settings\nexport AZURE_SUBSCRIPTION_ID=...\nexport AZURE_TENANT_ID=...\nexport AZURE_CLIENT_ID=...\nexport AZURE_CLIENT_SECRET=...\n\n# Set up additional parameters\nexport RUNNING_PERIOD=6h\n\n# Run Cloud Haunter\nch -o getInstances -a termination -f longrunning,match -c azure -fc owner-filter-config-v2.yml -e\n```\n\n**NOTE**: You can find example filter config files under _utils/testdata_\n\n## Development\n\n### Dependencies\n\n * Golang 1.15\n * Docker\n * GNU Make\n\n### Building the project\n\nMake sure you have the needed dependencies ony your development machine, then simply use make for building the project:\n\n```\nmake build\n```\n\nYou may also need to format your changes before building to pass the pre-build checks, you can do this with `make format`\n\n### Adding a new dependency\n\n * Import the dependency in your go code\n * Run `make mod-tidy`\n\n### Releasing a new version\n\n```\nVERSION={{new-semantic-version}} make release\n```\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fhortonworks%2Fcloud-haunter","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fhortonworks%2Fcloud-haunter","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fhortonworks%2Fcloud-haunter/lists"}