{"id":37081842,"url":"https://github.com/markusressel/grocy-telegram-bot","last_synced_at":"2026-01-14T09:58:19.084Z","repository":{"id":57436081,"uuid":"243360960","full_name":"markusressel/grocy-telegram-bot","owner":"markusressel","description":"A telegram bot to interact with Grocy.","archived":true,"fork":false,"pushed_at":"2020-09-07T14:15:11.000Z","size":232,"stargazers_count":5,"open_issues_count":12,"forks_count":1,"subscribers_count":2,"default_branch":"master","last_synced_at":"2025-11-30T21:43:34.916Z","etag":null,"topics":["bot","cli","docker","grocy","grocy-telegram-bot","telegram","telegram-bot","telegram-click","yaml"],"latest_commit_sha":null,"homepage":null,"language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"agpl-3.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/markusressel.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":".github/FUNDING.yml","license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null},"funding":{"github":["markusressel"]}},"created_at":"2020-02-26T20:39:19.000Z","updated_at":"2025-03-14T20:27:30.000Z","dependencies_parsed_at":"2022-09-01T13:50:35.488Z","dependency_job_id":null,"html_url":"https://github.com/markusressel/grocy-telegram-bot","commit_stats":null,"previous_names":[],"tags_count":1,"template":false,"template_full_name":null,"purl":"pkg:github/markusressel/grocy-telegram-bot","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/markusressel%2Fgrocy-telegram-bot","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/markusressel%2Fgrocy-telegram-bot/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/markusressel%2Fgrocy-telegram-bot/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/markusressel%2Fgrocy-telegram-bot/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/markusressel","download_url":"https://codeload.github.com/markusressel/grocy-telegram-bot/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/markusressel%2Fgrocy-telegram-bot/sbom","scorecard":{"id":620669,"data":{"date":"2025-08-11","repo":{"name":"github.com/markusressel/grocy-telegram-bot","commit":"547e4983dd5b9535f9f2608605710f1ce0229b5a"},"scorecard":{"version":"v5.2.1-40-gf6ed084d","commit":"f6ed084d17c9236477efd66e5b258b9d4cc7b389"},"score":2.5,"checks":[{"name":"Dangerous-Workflow","score":10,"reason":"no dangerous workflow patterns detected","details":null,"documentation":{"short":"Determines if the project's GitHub Action workflows avoid dangerous patterns.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#dangerous-workflow"}},{"name":"Maintained","score":0,"reason":"project is archived","details":["Warn: Repository is archived."],"documentation":{"short":"Determines if the project is \"actively maintained\".","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#maintained"}},{"name":"Packaging","score":-1,"reason":"packaging workflow not detected","details":["Warn: no GitHub/GitLab publishing workflow detected."],"documentation":{"short":"Determines if the project is published as a package that others can easily download, install, easily update, and uninstall.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#packaging"}},{"name":"Code-Review","score":0,"reason":"Found 0/11 approved changesets -- score normalized to 0","details":null,"documentation":{"short":"Determines if the project requires human code review before pull requests (aka merge requests) are merged.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#code-review"}},{"name":"Binary-Artifacts","score":10,"reason":"no binaries found in the repo","details":null,"documentation":{"short":"Determines if the project has generated executable (binary) artifacts in the source repository.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#binary-artifacts"}},{"name":"Token-Permissions","score":0,"reason":"detected GitHub workflow tokens with excessive permissions","details":["Warn: no topLevel permission defined: .github/workflows/python_package.yml:1","Warn: no topLevel permission defined: .github/workflows/python_publish.yaml:1","Warn: no topLevel permission defined: .github/workflows/update_docker_description.yml:1","Info: no jobLevel write permissions found"],"documentation":{"short":"Determines if the project's workflows follow the principle of least privilege.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#token-permissions"}},{"name":"CII-Best-Practices","score":0,"reason":"no effort to earn an OpenSSF best practices badge detected","details":null,"documentation":{"short":"Determines if the project has an OpenSSF (formerly CII) Best Practices Badge.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#cii-best-practices"}},{"name":"Security-Policy","score":0,"reason":"security policy file not detected","details":["Warn: no security policy file detected","Warn: no security file to analyze","Warn: no security file to analyze","Warn: no security file to analyze"],"documentation":{"short":"Determines if the project has published a security policy.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#security-policy"}},{"name":"Fuzzing","score":0,"reason":"project is not fuzzed","details":["Warn: no fuzzer integrations found"],"documentation":{"short":"Determines if the project uses fuzzing.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#fuzzing"}},{"name":"License","score":10,"reason":"license file detected","details":["Info: project has a license file: LICENSE:0","Info: FSF or OSI recognized license: GNU Affero General Public License v3.0: LICENSE:0"],"documentation":{"short":"Determines if the project has defined a license.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#license"}},{"name":"Pinned-Dependencies","score":0,"reason":"dependency not pinned by hash detected -- score normalized to 0","details":["Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/python_package.yml:15: update your workflow using https://app.stepsecurity.io/secureworkflow/markusressel/grocy-telegram-bot/python_package.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/python_package.yml:17: update your workflow using https://app.stepsecurity.io/secureworkflow/markusressel/grocy-telegram-bot/python_package.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/python_publish.yaml:14: update your workflow using https://app.stepsecurity.io/secureworkflow/markusressel/grocy-telegram-bot/python_publish.yaml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/python_publish.yaml:16: update your workflow using https://app.stepsecurity.io/secureworkflow/markusressel/grocy-telegram-bot/python_publish.yaml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/update_docker_description.yml:7: update your workflow using https://app.stepsecurity.io/secureworkflow/markusressel/grocy-telegram-bot/update_docker_description.yml/master?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/update_docker_description.yml:9: update your workflow using https://app.stepsecurity.io/secureworkflow/markusressel/grocy-telegram-bot/update_docker_description.yml/master?enable=pin","Warn: containerImage not pinned by hash: Dockerfile:1: pin your Docker image by updating python:3.8-slim-buster to python:3.8-slim-buster@sha256:8799b0564103a9f36cfb8a8e1c562e11a9a6f2e3bb214e2adc23982b36a04511","Warn: pipCommand not pinned by hash: Dockerfile:14","Warn: pipCommand not pinned by hash: Dockerfile:15","Warn: pipCommand not pinned by hash: Dockerfile:17","Warn: pipCommand not pinned by hash: .github/workflows/python_package.yml:22","Warn: pipCommand not pinned by hash: .github/workflows/python_package.yml:23","Warn: pipCommand not pinned by hash: .github/workflows/python_package.yml:28","Warn: pipCommand not pinned by hash: .github/workflows/python_publish.yaml:21","Warn: pipCommand not pinned by hash: .github/workflows/python_publish.yaml:22","Info:   0 out of   5 GitHub-owned GitHubAction dependencies pinned","Info:   0 out of   1 third-party GitHubAction dependencies pinned","Info:   0 out of   1 containerImage dependencies pinned","Info:   0 out of   8 pipCommand dependencies pinned"],"documentation":{"short":"Determines if the project has declared and pinned the dependencies of its build process.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#pinned-dependencies"}},{"name":"Signed-Releases","score":-1,"reason":"no releases found","details":null,"documentation":{"short":"Determines if the project cryptographically signs release artifacts.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#signed-releases"}},{"name":"Branch-Protection","score":0,"reason":"branch protection not enabled on development/release branches","details":["Warn: branch protection not enabled for branch 'master'"],"documentation":{"short":"Determines if the default and release branches are protected with GitHub's branch protection settings.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#branch-protection"}},{"name":"SAST","score":0,"reason":"SAST tool is not run on all commits -- score normalized to 0","details":["Warn: 0 commits out of 19 are checked with a SAST tool"],"documentation":{"short":"Determines if the project uses static code analysis.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#sast"}},{"name":"Vulnerabilities","score":0,"reason":"29 existing vulnerabilities detected","details":["Warn: Project is vulnerable to: PYSEC-2021-421 / GHSA-h4m5-qpfp-3mpv","Warn: Project is vulnerable to: PYSEC-2022-42986 / GHSA-43fp-rhv2-5gv8","Warn: Project is vulnerable to: PYSEC-2023-135 / GHSA-xqr8-7jwr-rhp7","Warn: Project is vulnerable to: GHSA-3ww4-gg4f-jr7f","Warn: Project is vulnerable to: GHSA-5cpq-8wj7-hf2v","Warn: Project is vulnerable to: GHSA-9v9h-cgj8-h64p","Warn: Project is vulnerable to: PYSEC-2021-62 / GHSA-hggm-jpg3-v476","Warn: Project is vulnerable to: GHSA-jm77-qphf-c4w8","Warn: Project is vulnerable to: GHSA-v8gr-m533-ghj9","Warn: Project is vulnerable to: GHSA-w7pp-m8wf-vj6r","Warn: Project is vulnerable to: GHSA-x4qr-2fvf-3mr5","Warn: Project is vulnerable to: PYSEC-2022-42991 / GHSA-v3c5-jqr6-7qm8","Warn: Project is vulnerable to: PYSEC-2024-60 / GHSA-jjg7-2v4v-x38h","Warn: Project is vulnerable to: PYSEC-2020-92 / GHSA-hj5v-574p-mj7c","Warn: Project is vulnerable to: PYSEC-2022-42969","Warn: Project is vulnerable to: GHSA-9hjg-9r4m-mvj7","Warn: Project is vulnerable to: GHSA-9wx4-h78v-vm56","Warn: Project is vulnerable to: PYSEC-2023-74 / GHSA-j8r2-6x86-q33q","Warn: Project is vulnerable to: GHSA-753j-mpmx-qq6g","Warn: Project is vulnerable to: GHSA-7cx3-6m66-7c5m","Warn: Project is vulnerable to: GHSA-8w49-h785-mj3c","Warn: Project is vulnerable to: PYSEC-2023-75 / GHSA-hj3f-6gcp-jg8j","Warn: Project is vulnerable to: GHSA-qppv-j76h-2rpx","Warn: Project is vulnerable to: GHSA-w235-7p84-xx57","Warn: Project is vulnerable to: GHSA-34jh-p97f-mpxf","Warn: Project is vulnerable to: PYSEC-2023-212 / GHSA-g4mx-q9vg-27p4","Warn: Project is vulnerable to: GHSA-pq67-6m6q-mj2v","Warn: Project is vulnerable to: PYSEC-2021-108 / GHSA-q2q7-5pp4-w6pg","Warn: Project is vulnerable to: PYSEC-2023-192 / GHSA-v845-jxx5-vc9f"],"documentation":{"short":"Determines if the project has open, known unfixed vulnerabilities.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#vulnerabilities"}}]},"last_synced_at":"2025-08-21T05:09:08.011Z","repository_id":57436081,"created_at":"2025-08-21T05:09:08.011Z","updated_at":"2025-08-21T05:09:08.011Z"},"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":28416307,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-01-14T08:38:59.149Z","status":"ssl_error","status_checked_at":"2026-01-14T08:38:43.588Z","response_time":107,"last_error":"SSL_connect returned=1 errno=0 peeraddr=140.82.121.6:443 state=error: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["bot","cli","docker","grocy","grocy-telegram-bot","telegram","telegram-bot","telegram-click","yaml"],"created_at":"2026-01-14T09:58:18.274Z","updated_at":"2026-01-14T09:58:19.078Z","avatar_url":"https://github.com/markusressel.png","language":"Python","funding_links":["https://github.com/sponsors/markusressel"],"categories":[],"sub_categories":[],"readme":"# grocy-telegram-bot [![Build Status](https://travis-ci.com/markusressel/grocy-telegram-bot.svg?branch=master)](https://travis-ci.com/markusressel/grocy-telegram-bot) [![PyPI version](https://badge.fury.io/py/grocy-telegram-bot.svg)](https://badge.fury.io/py/grocy-telegram-bot)\n\n**grocy-telegram-bot** is a telegram bot that allows you to receive notifications\nand interact with [Grocy](https://github.com/grocy/grocy).\n\n# Features\n* Chores\n  * [x] Show a list of overdue chores (or all)\n  * [ ] Check off a chore when done\n* Products\n  * [x] List inventory\n  * [x] Add/Remove a product to the inventory\n* Shopping\n  * [x] List shopping list items\n  * [x] Add missing products to the shopping list \n  * [x] Show a list of buttons to check off shopping list items and\n        automatically add them to the inventory\n* Recipes\n  * [ ] List recipes\n  * [ ] Add missing items for a recipe to the shopping list\n* Tasks\n  * [ ] List tasks\n  * [ ] Create a new task\n  * [ ] Complete a task\n* Batteries\n  * [ ] List batteries\n  * [ ] Update the charging state of a battery\n\n# How it works\n\n**grocy-telegram-bot** is a self contained python application that talks\nto your [Grocy](https://github.com/grocy/grocy) instance via its REST API \nfor which [pygrocy](https://github.com/sebrut/pygrocy) is used.\n\n# How to use\n\n## Manual installation\n\n### Install\n\nInstall **grocy-telegram-bot** using pip:\n\n```shell\npip3 install grocy-telegram-bot\n```\n\n### Configuration\n\n**grocy-telegram-bot** uses [container-app-conf](https://github.com/markusressel/container-app-conf)\nto provide configuration via a YAML file as well as ENV variables. Have a look at the \n[documentation about it](https://github.com/markusressel/container-app-conf).\n\nSee [grocy_telegram_bot_example.yaml](/grocy_telegram_bot_example.yaml) for an example in this repo.\n\n### Run\n\nStart the bot by using:\n\n```shell script\ngrocy-telegram-bot\n```\n\n## Docker\n\nTo run **grocy-telegram-bot** using docker you can use the [markusressel/grocy-telegram-bot](https://hub.docker.com/r/markusressel/grocy-telegram-bot) \nimage from DockerHub:\n\n```\nsudo docker run -t \\\n    markusressel/grocy-telegram-bot:latest\n```\n\nConfigure the image using either environment variables, or mount the configuration\nfile from your host system to `/app/grocy_telegram_bot.yaml`.\n\n# Contributing\n\nGitHub is for social coding: if you want to write code, I encourage contributions through pull requests from forks\nof this repository. Create GitHub tickets for bugs and new features and comment on the ones that you are interested in.\n\n# License\n\n```text\ngrocy-telegram-bot by Markus Ressel\nCopyright (C) 2020  Markus Ressel\n\nThis program is free software: you can redistribute it and/or modify\nit under the terms of the GNU General Public License as published by\nthe Free Software Foundation, either version 3 of the License, or\n(at your option) any later version.\n\nThis program is distributed in the hope that it will be useful,\nbut WITHOUT ANY WARRANTY; without even the implied warranty of\nMERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the\nGNU General Public License for more details.\n\nYou should have received a copy of the GNU General Public License\nalong with this program.  If not, see \u003chttp://www.gnu.org/licenses/\u003e.\n```\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fmarkusressel%2Fgrocy-telegram-bot","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fmarkusressel%2Fgrocy-telegram-bot","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fmarkusressel%2Fgrocy-telegram-bot/lists"}