{"id":37089667,"url":"https://github.com/mattermost/chewbacca","last_synced_at":"2026-01-14T10:59:34.742Z","repository":{"id":50230318,"uuid":"257823084","full_name":"mattermost/chewbacca","owner":"mattermost","description":"Chewbacca GitHub Bot","archived":false,"fork":false,"pushed_at":"2024-10-30T11:43:07.000Z","size":67,"stargazers_count":18,"open_issues_count":0,"forks_count":7,"subscribers_count":19,"default_branch":"master","last_synced_at":"2025-11-22T13:04:57.432Z","etag":null,"topics":["github-bot","golang"],"latest_commit_sha":null,"homepage":"","language":"Go","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/mattermost.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2020-04-22T07:20:56.000Z","updated_at":"2025-04-04T04:25:07.000Z","dependencies_parsed_at":"2024-10-23T13:08:12.707Z","dependency_job_id":null,"html_url":"https://github.com/mattermost/chewbacca","commit_stats":null,"previous_names":[],"tags_count":8,"template":false,"template_full_name":null,"purl":"pkg:github/mattermost/chewbacca","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/mattermost%2Fchewbacca","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/mattermost%2Fchewbacca/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/mattermost%2Fchewbacca/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/mattermost%2Fchewbacca/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/mattermost","download_url":"https://codeload.github.com/mattermost/chewbacca/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/mattermost%2Fchewbacca/sbom","scorecard":{"id":626291,"data":{"date":"2025-08-11","repo":{"name":"github.com/mattermost/chewbacca","commit":"e04e07c3e29c25d43e185cf35e70790fbde784c8"},"scorecard":{"version":"v5.2.1-40-gf6ed084d","commit":"f6ed084d17c9236477efd66e5b258b9d4cc7b389"},"score":4.4,"checks":[{"name":"Dangerous-Workflow","score":10,"reason":"no dangerous workflow patterns detected","details":null,"documentation":{"short":"Determines if the project's GitHub Action workflows avoid dangerous patterns.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#dangerous-workflow"}},{"name":"Maintained","score":0,"reason":"0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0","details":null,"documentation":{"short":"Determines if the project is \"actively maintained\".","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#maintained"}},{"name":"Code-Review","score":2,"reason":"Found 4/19 approved changesets -- score normalized to 2","details":null,"documentation":{"short":"Determines if the project requires human code review before pull requests (aka merge requests) are merged.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#code-review"}},{"name":"Binary-Artifacts","score":10,"reason":"no binaries found in the repo","details":null,"documentation":{"short":"Determines if the project has generated executable (binary) artifacts in the source repository.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#binary-artifacts"}},{"name":"Packaging","score":-1,"reason":"packaging workflow not detected","details":["Warn: no GitHub/GitLab publishing workflow detected."],"documentation":{"short":"Determines if the project is published as a package that others can easily download, install, easily update, and uninstall.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#packaging"}},{"name":"Token-Permissions","score":0,"reason":"detected GitHub workflow tokens with excessive permissions","details":["Warn: no topLevel permission defined: .github/workflows/.docker-push.yml:1","Warn: no topLevel permission defined: .github/workflows/.test.yml:1","Warn: no topLevel permission defined: .github/workflows/ci.yml:1","Warn: no topLevel permission defined: .github/workflows/notify-release.yml:1","Warn: no topLevel permission defined: .github/workflows/publish-github-release.yml:1","Info: no jobLevel write permissions found"],"documentation":{"short":"Determines if the project's workflows follow the principle of least privilege.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#token-permissions"}},{"name":"Pinned-Dependencies","score":0,"reason":"dependency not pinned by hash detected -- score normalized to 0","details":["Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/.docker-push.yml:19: update your workflow using https://app.stepsecurity.io/secureworkflow/mattermost/chewbacca/.docker-push.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/.test.yml:15: update your workflow using https://app.stepsecurity.io/secureworkflow/mattermost/chewbacca/.test.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/.test.yml:19: update your workflow using https://app.stepsecurity.io/secureworkflow/mattermost/chewbacca/.test.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/.test.yml:33: update your workflow using https://app.stepsecurity.io/secureworkflow/mattermost/chewbacca/.test.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/.test.yml:37: update your workflow using https://app.stepsecurity.io/secureworkflow/mattermost/chewbacca/.test.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/notify-release.yml:10: update your workflow using https://app.stepsecurity.io/secureworkflow/mattermost/chewbacca/notify-release.yml/master?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/notify-release.yml:23: update your workflow using https://app.stepsecurity.io/secureworkflow/mattermost/chewbacca/notify-release.yml/master?enable=pin","Warn: containerImage not pinned by hash: Dockerfile:5","Warn: containerImage not pinned by hash: Dockerfile:14","Info:   0 out of   6 GitHub-owned GitHubAction dependencies pinned","Info:   0 out of   1 third-party GitHubAction dependencies pinned","Info:   0 out of   2 containerImage dependencies pinned"],"documentation":{"short":"Determines if the project has declared and pinned the dependencies of its build process.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#pinned-dependencies"}},{"name":"CII-Best-Practices","score":0,"reason":"no effort to earn an OpenSSF best practices badge detected","details":null,"documentation":{"short":"Determines if the project has an OpenSSF (formerly CII) Best Practices Badge.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#cii-best-practices"}},{"name":"Fuzzing","score":0,"reason":"project is not fuzzed","details":["Warn: no fuzzer integrations found"],"documentation":{"short":"Determines if the project uses fuzzing.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#fuzzing"}},{"name":"License","score":10,"reason":"license file detected","details":["Info: project has a license file: LICENSE:0","Info: FSF or OSI recognized license: Apache License 2.0: LICENSE:0"],"documentation":{"short":"Determines if the project has defined a license.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#license"}},{"name":"Signed-Releases","score":-1,"reason":"no releases found","details":null,"documentation":{"short":"Determines if the project cryptographically signs release artifacts.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#signed-releases"}},{"name":"Security-Policy","score":10,"reason":"security policy file detected","details":["Info: security policy file detected: github.com/mattermost/.github/SECURITY.md:1","Info: Found linked content: github.com/mattermost/.github/SECURITY.md:1","Info: Found disclosure, vulnerability, and/or timelines in security policy: github.com/mattermost/.github/SECURITY.md:1","Info: Found text in security policy: github.com/mattermost/.github/SECURITY.md:1"],"documentation":{"short":"Determines if the project has published a security policy.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#security-policy"}},{"name":"SAST","score":0,"reason":"SAST tool is not run on all commits -- score normalized to 0","details":["Warn: 0 commits out of 5 are checked with a SAST tool"],"documentation":{"short":"Determines if the project uses static code analysis.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#sast"}},{"name":"Branch-Protection","score":5,"reason":"branch protection is not maximal on development and all release branches","details":["Info: 'allow deletion' disabled on branch 'master'","Info: 'force pushes' disabled on branch 'master'","Warn: 'branch protection settings apply to administrators' is disabled on branch 'master'","Warn: 'stale review dismissal' is disabled on branch 'master'","Info: required approving review count is 2 on branch 'master'","Warn: codeowners review is required - but no codeowners file found in repo","Warn: 'last push approval' is disabled on branch 'master'","Warn: no status checks found to merge onto branch 'master'","Info: PRs are required in order to make changes on branch 'master'"],"documentation":{"short":"Determines if the default and release branches are protected with GitHub's branch protection settings.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#branch-protection"}},{"name":"Vulnerabilities","score":7,"reason":"3 existing vulnerabilities detected","details":["Warn: Project is vulnerable to: GO-2024-3321 / GHSA-v778-237x-gjrc","Warn: Project is vulnerable to: GO-2025-3487 / GHSA-hcg3-q754-cr77","Warn: Project is vulnerable to: GO-2025-3488 / GHSA-6v2p-p543-phr9"],"documentation":{"short":"Determines if the project has open, known unfixed vulnerabilities.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#vulnerabilities"}}]},"last_synced_at":"2025-08-21T06:34:10.856Z","repository_id":50230318,"created_at":"2025-08-21T06:34:10.856Z","updated_at":"2025-08-21T06:34:10.856Z"},"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":28417798,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-01-14T10:47:48.104Z","status":"ssl_error","status_checked_at":"2026-01-14T10:46:19.031Z","response_time":107,"last_error":"SSL_connect returned=1 errno=0 peeraddr=140.82.121.6:443 state=error: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["github-bot","golang"],"created_at":"2026-01-14T10:59:33.809Z","updated_at":"2026-01-14T10:59:34.737Z","avatar_url":"https://github.com/mattermost.png","language":"Go","funding_links":[],"categories":[],"sub_categories":[],"readme":"# Chewbacca - Github Bot\n\n`Chewbacca` born to help us at Mattermost when need to interact with GitHub.\nThe name `Chewbacca` was choosen because Chewbacca in Star Wars movies help everybody and this bot will help us :-)\n\n`Chewbacca` is helping today to check and set labels related to release notes. The code was fork from some plugins from https://github.com/kubernetes/test-infra/tree/master/prow which is an awesome Bot for Kubernetes community.\n\n### Installation\n\nTo install you can deploy the manifests in the `kubernetes` folder.\nBut before that please change the secret manifest to add your own secrets and also the ingress manifest to add your own domain.\n\nWhen this is running you can set your GitHub repo to send the webhooks for `Chewbacca`, this bot need only `issue_comments` and `pull_request` events for now.\n\nAlso is good to set, at least, those labels in your repo.\n\n```YAML\nlabels:\n- name: do-not-merge\n  description: Should not be merged until this label is removed\n  color: a32735\n- name: do-not-merge/awaiting-PR\n  description: \"\"\n  color: a32735\n- name: do-not-merge/release-note-label-needed\n  description: \"\"\n  color: e11d21\n- name: do-not-merge/work-in-progress\n  description: \"\"\n  color: a32735\n- name: do-not-merge/awaiting-submitter-action\n  description: Blocked on the author\n  color: e11d21\n- name: kind/api-change\n  description: Categorizes issue or PR as related to adding, removing, or otherwise\n    changing an API\n  color: e11d21\n- name: kind/bug\n  description: Categorizes issue or PR as related to a bug.\n  color: e11d21\n- name: kind/cleanup\n  description: Categorizes issue or PR as related to cleaning up code, process, or\n    technical debt.\n  color: c7def8\n- name: kind/deprecation\n  description: Categorizes issue or PR as related to a feature/enhancement marked\n    for deprecation.\n  color: e11d21\n- name: kind/design\n  description: Categorizes issue or PR as related to design.\n  color: c7def8\n- name: kind/documentation\n  description: Categorizes issue or PR as related to documentation.\n  color: c7def8\n- name: kind/feature\n  description: Categorizes issue or PR as related to a new feature.\n  color: c7def8\n- name: kind/regression\n  description: Categorizes issue or PR as related to a regression from a prior release.\n  color: e11d21\n- name: priority/critical-urgent\n  description: Highest priority. Must be actively worked on as someone's top priority\n    right now.\n  color: e11d21\n- name: priority/important-longterm\n  description: Important over the long term, but may not be staffed and/or may need\n    multiple releases to complete.\n  color: eb6420\n- name: priority/important-soon\n  description: Must be staffed and worked on either currently, or very soon, ideally\n    in time for the next release.\n  color: eb6420\n- name: release-note\n  description: Denotes a PR that will be considered when it comes time to generate\n    release notes.\n  color: c2e0c6\n- name: release-note-action-required\n  description: Denotes a PR that introduces potentially breaking changes that require\n    user action.\n  color: c2e0c6\n- name: release-note-none\n  description: Denotes a PR that doesn't merit a release note.\n  color: c2e0c6\n```\n\nTo apply the labels in your repo you can edit manually or use a tool like https://github.com/cpanato/github-gitlab-labels\n\n\n### Pull request template\n\nAlso is good to set a Pull request template to add the `release-note` section. For that in your repo add the folder `.github` and a file called `PULL_REQUEST_TEMPLATE.md`\n\nWe are using this template\n\n```\n    \u003c!-- Thank you for contributing a pull request! Here are a few tips to help you:\n\n    1. If this is your first contribution, make sure you've read the Contribution Checklist https://developers.mattermost.com/contribute/getting-started/contribution-checklist/\n    2. Read our blog post about \"Submitting Great PRs\" https://developers.mattermost.com/blog/2019-01-24-submitting-great-prs\n    3. Take a look at other repository specific documentation at https://developers.mattermost.com/contribute\n    --\u003e\n\n    #### Summary\n    \u003c!--\n    A description of what this pull request does.\n    --\u003e\n\n    #### Ticket Link\n    \u003c!--\n    If this pull request addresses a Help Wanted ticket, please link the relevant GitHub issue, e.g.\n\n      Fixes https://github.com/mattermost/mattermost-server/issues/XXXXX\n\n    Otherwise, link the JIRA ticket.\n    --\u003e\n\n    #### Release Note\n    \u003c!--\n    If no, just write \"NONE\" in the release-note block below.\n    If yes, a release note is required:\n    Enter your extended release note in the block below. If the PR requires additional action from users switching to the new release, include the string \"action required\".\n\n    --\u003e\n\n    ```release-note\n\n    ```\n```\n\n## Release Notes process\n\n### Does my pull request need a release note?\n\nAny user-visible or operator-visible change qualifies for a release note. This\ncould be a:\n\n- CLI change\n- API change\n- UI change\n- configuration schema change\n- behavioral change\n- change in non-functional attributes such as efficiency or availability,\n  availability of a new platform\n- a warning about a deprecation\n- fix of a previous _Known Issue_\n- fix of a vulnerability (CVE)\n\nNo release notes are required for changes to:\n\n- tests\n- build infrastructure\n- fixes of bugs which have not been released\n\n### Contents of a Release Note\n\nA release note needs a clear, concise description of the change. This includes:\n\n1. an indicator if the pull request _Added_, _Changed_, _Fixed_, _Removed_,\n   _Deprecated_ functionality or changed enhancement/feature maturity (alpha,\n   beta, stable/GA)\n2. an indicator if there is user _Action required_\n3. the name of the affected API or configuration fields, CLI commands/flags or\n   enhancement/feature\n4. a link to relevant user documentation about the enhancement/feature\n\n### Applying a Release Note\n\nTo meet this requirement, do one of the following:\n- Add notes in the release notes block, or\n- Update the release note label\n\nIf you don't add release notes in the pull request template, the `do-not-merge/release-note-label-needed` label is added to your pull request automatically after you create it. There are a few ways to update it.\n\nTo add a release-note section to the pull request description:\n\nFor pull requests with a release note:\n\n    ```release-note\n    Your release note here\n    ```\n\nFor pull requests that require additional action from users switching to the new release, include the string \"action required\" (case insensitive) in the release note:\n\n    ```release-note\n    action required: your release note here\n    ```\n\nFor pull requests that don't need to be mentioned at release time, use the `/release-note-none` Chewbacca command to add the `release-note-none` label to the PR. You can also write the string \"NONE\" as a release note in your PR description:\n\n    ```release-note\n    NONE\n    ```\n\n### Reviewing Release Notes\n\nReviewing the release notes of a pull request should be a dedicated step in the\noverall review process. It is necessary to rely on the same metrics as other\nreviewers to be able to distinguish release notes which might need to be\nrephrased.\n\nAs a guideline, a release notes entry needs to be rephrased if one of the\nfollowing cases apply:\n\n- The release note does not communicate the full purpose of the change.\n- The release note has no impact on any user.\n- The release note is grammatically incorrect.\n\nIn any other case the release note should be fine.\n\n\n\n*note: this was copy and adapt from [kubernetes/community](https://github.com/kubernetes/community/edit/master/contributors/guide/release-notes.md)*\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fmattermost%2Fchewbacca","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fmattermost%2Fchewbacca","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fmattermost%2Fchewbacca/lists"}