{"id":13549727,"url":"https://github.com/mnot/redbot","last_synced_at":"2026-04-11T05:00:59.710Z","repository":{"id":547352,"uuid":"177438","full_name":"mnot/redbot","owner":"mnot","description":"REDbot is lint for HTTP resources.","archived":false,"fork":false,"pushed_at":"2026-04-08T07:17:05.000Z","size":19131,"stargazers_count":550,"open_issues_count":7,"forks_count":53,"subscribers_count":17,"default_branch":"main","last_synced_at":"2026-04-08T07:22:30.765Z","etag":null,"topics":["http","lint","linter","protocol-analyser","python"],"latest_commit_sha":null,"homepage":"https://redbot.org/","language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"other","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/mnot.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":"CONTRIBUTING.md","funding":null,"license":"LICENSE.md","code_of_conduct":"CODE_OF_CONDUCT.md","threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":null,"dco":null,"cla":null},"funding":{"github":"mnot"}},"created_at":"2009-04-16T09:45:53.000Z","updated_at":"2026-04-08T07:17:10.000Z","dependencies_parsed_at":"2023-09-26T04:34:45.918Z","dependency_job_id":"fead1e5a-bf1e-48d4-ae38-07a580889a2f","html_url":"https://github.com/mnot/redbot","commit_stats":{"total_commits":1901,"total_committers":25,"mean_commits":76.04,"dds":"0.024197790636507066","last_synced_commit":"86e90d8250d8659bdc9348db69fa4535dbd112bc"},"previous_names":[],"tags_count":48,"template":false,"template_full_name":null,"purl":"pkg:github/mnot/redbot","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/mnot%2Fredbot","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/mnot%2Fredbot/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/mnot%2Fredbot/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/mnot%2Fredbot/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/mnot","download_url":"https://codeload.github.com/mnot/redbot/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/mnot%2Fredbot/sbom","scorecard":{"id":655038,"data":{"date":"2025-08-11","repo":{"name":"github.com/mnot/redbot","commit":"a758ab1516d859c72f7638fd5cc3c9cab4c5417c"},"scorecard":{"version":"v5.2.1-40-gf6ed084d","commit":"f6ed084d17c9236477efd66e5b258b9d4cc7b389"},"score":5,"checks":[{"name":"Code-Review","score":0,"reason":"Found 0/21 approved changesets -- score normalized to 0","details":null,"documentation":{"short":"Determines if the project requires human code review before pull requests (aka merge requests) are merged.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#code-review"}},{"name":"Binary-Artifacts","score":10,"reason":"no binaries found in the repo","details":null,"documentation":{"short":"Determines if the project has generated executable (binary) artifacts in the source repository.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#binary-artifacts"}},{"name":"Dangerous-Workflow","score":10,"reason":"no dangerous workflow patterns detected","details":null,"documentation":{"short":"Determines if the project's GitHub Action workflows avoid dangerous patterns.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#dangerous-workflow"}},{"name":"Maintained","score":5,"reason":"6 commit(s) and 1 issue activity found in the last 90 days -- score normalized to 5","details":null,"documentation":{"short":"Determines if the project is \"actively maintained\".","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#maintained"}},{"name":"CII-Best-Practices","score":0,"reason":"no effort to earn an OpenSSF best practices badge detected","details":null,"documentation":{"short":"Determines if the project has an OpenSSF (formerly CII) Best Practices Badge.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#cii-best-practices"}},{"name":"Security-Policy","score":0,"reason":"security policy file not detected","details":["Warn: no security policy file detected","Warn: no security file to analyze","Warn: no security file to analyze","Warn: no security file to analyze"],"documentation":{"short":"Determines if the project has published a security policy.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#security-policy"}},{"name":"Token-Permissions","score":0,"reason":"detected GitHub workflow tokens with excessive permissions","details":["Info: jobLevel 'contents' permission set to 'read': .github/workflows/docker-image.yml:16","Warn: jobLevel 'contents' permission set to 'write': .github/workflows/publish.yml:32","Warn: jobLevel 'contents' permission set to 'write': .github/workflows/publish.yml:53","Warn: no topLevel permission defined: .github/workflows/codeql-analysis.yml:1","Warn: no topLevel permission defined: .github/workflows/docker-image.yml:1","Warn: no topLevel permission defined: .github/workflows/publish.yml:1","Warn: no topLevel permission defined: .github/workflows/test.yml:1"],"documentation":{"short":"Determines if the project's workflows follow the principle of least privilege.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#token-permissions"}},{"name":"Vulnerabilities","score":10,"reason":"0 existing vulnerabilities detected","details":null,"documentation":{"short":"Determines if the project has open, known unfixed vulnerabilities.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#vulnerabilities"}},{"name":"License","score":9,"reason":"license file detected","details":["Info: project has a license file: LICENSE.md:0","Warn: project license file does not contain an FSF or OSI license."],"documentation":{"short":"Determines if the project has defined a license.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#license"}},{"name":"Fuzzing","score":0,"reason":"project is not fuzzed","details":["Warn: no fuzzer integrations found"],"documentation":{"short":"Determines if the project uses fuzzing.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#fuzzing"}},{"name":"Branch-Protection","score":0,"reason":"branch protection not enabled on development/release branches","details":["Warn: branch protection not enabled for branch 'main'"],"documentation":{"short":"Determines if the default and release branches are protected with GitHub's branch protection settings.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#branch-protection"}},{"name":"Packaging","score":10,"reason":"packaging workflow detected","details":["Info: Project packages its releases by way of GitHub Actions.: .github/workflows/publish.yml:79"],"documentation":{"short":"Determines if the project is published as a package that others can easily download, install, easily update, and uninstall.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#packaging"}},{"name":"Signed-Releases","score":8,"reason":"5 out of the last 5 releases have a total of 5 signed artifacts.","details":["Info: signed release artifact: redbot-2.0.15-py3-none-any.whl.sigstore.json: https://github.com/mnot/redbot/releases/tag/v2.0.15","Info: signed release artifact: redbot-2.0.14-py3-none-any.whl.sigstore: https://github.com/mnot/redbot/releases/tag/v2.0.14","Info: signed release artifact: redbot-2.0.13-py3-none-any.whl.sigstore: https://github.com/mnot/redbot/releases/tag/v2.0.13","Info: signed release artifact: redbot-2.0.12-py3-none-any.whl.sigstore: https://github.com/mnot/redbot/releases/tag/v2.0.12","Info: signed release artifact: redbot-2.0.11-py3-none-any.whl.sigstore: https://github.com/mnot/redbot/releases/tag/v2.0.11","Warn: release artifact v2.0.15 does not have provenance: https://api.github.com/repos/mnot/redbot/releases/213399088","Warn: release artifact v2.0.14 does not have provenance: https://api.github.com/repos/mnot/redbot/releases/154333096","Warn: release artifact v2.0.13 does not have provenance: https://api.github.com/repos/mnot/redbot/releases/144560035","Warn: release artifact v2.0.12 does not have provenance: https://api.github.com/repos/mnot/redbot/releases/142481241","Warn: release artifact v2.0.11 does not have provenance: https://api.github.com/repos/mnot/redbot/releases/137903580"],"documentation":{"short":"Determines if the project cryptographically signs release artifacts.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#signed-releases"}},{"name":"Pinned-Dependencies","score":0,"reason":"dependency not pinned by hash detected -- score normalized to 0","details":["Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/codeql-analysis.yml:29: update your workflow using https://app.stepsecurity.io/secureworkflow/mnot/redbot/codeql-analysis.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/codeql-analysis.yml:33: update your workflow using https://app.stepsecurity.io/secureworkflow/mnot/redbot/codeql-analysis.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/codeql-analysis.yml:41: update your workflow using https://app.stepsecurity.io/secureworkflow/mnot/redbot/codeql-analysis.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/codeql-analysis.yml:55: update your workflow using https://app.stepsecurity.io/secureworkflow/mnot/redbot/codeql-analysis.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/docker-image.yml:22: update your workflow using https://app.stepsecurity.io/secureworkflow/mnot/redbot/docker-image.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/docker-image.yml:25: update your workflow using https://app.stepsecurity.io/secureworkflow/mnot/redbot/docker-image.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/docker-image.yml:28: update your workflow using https://app.stepsecurity.io/secureworkflow/mnot/redbot/docker-image.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/docker-image.yml:31: update your workflow using https://app.stepsecurity.io/secureworkflow/mnot/redbot/docker-image.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/docker-image.yml:38: update your workflow using https://app.stepsecurity.io/secureworkflow/mnot/redbot/docker-image.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/docker-image.yml:45: update your workflow using https://app.stepsecurity.io/secureworkflow/mnot/redbot/docker-image.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/publish.yml:13: update your workflow using https://app.stepsecurity.io/secureworkflow/mnot/redbot/publish.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/publish.yml:15: update your workflow using https://app.stepsecurity.io/secureworkflow/mnot/redbot/publish.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/publish.yml:21: update your workflow using https://app.stepsecurity.io/secureworkflow/mnot/redbot/publish.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/publish.yml:34: update your workflow using https://app.stepsecurity.io/secureworkflow/mnot/redbot/publish.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/publish.yml:58: update your workflow using https://app.stepsecurity.io/secureworkflow/mnot/redbot/publish.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/publish.yml:63: update your workflow using https://app.stepsecurity.io/secureworkflow/mnot/redbot/publish.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/publish.yml:92: update your workflow using https://app.stepsecurity.io/secureworkflow/mnot/redbot/publish.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/publish.yml:97: update your workflow using https://app.stepsecurity.io/secureworkflow/mnot/redbot/publish.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test.yml:18: update your workflow using https://app.stepsecurity.io/secureworkflow/mnot/redbot/test.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test.yml:21: update your workflow using https://app.stepsecurity.io/secureworkflow/mnot/redbot/test.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test.yml:25: update your workflow using https://app.stepsecurity.io/secureworkflow/mnot/redbot/test.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test.yml:35: update your workflow using https://app.stepsecurity.io/secureworkflow/mnot/redbot/test.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test.yml:39: update your workflow using https://app.stepsecurity.io/secureworkflow/mnot/redbot/test.yml/main?enable=pin","Warn: containerImage not pinned by hash: Dockerfile:1: pin your Docker image by updating python:3-slim-bookworm to python:3-slim-bookworm@sha256:9b8102b7b3a61db24fe58f335b526173e5aeaaf7d13b2fbfb514e20f84f5e386","Info:   0 out of  16 GitHub-owned GitHubAction dependencies pinned","Info:   0 out of   7 third-party GitHubAction dependencies pinned","Info:   0 out of   1 containerImage dependencies pinned"],"documentation":{"short":"Determines if the project has declared and pinned the dependencies of its build process.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#pinned-dependencies"}},{"name":"SAST","score":9,"reason":"SAST tool detected but not run on all commits","details":["Info: SAST configuration detected: CodeQL","Warn: 7 commits out of 9 are checked with a SAST tool"],"documentation":{"short":"Determines if the project uses static code analysis.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#sast"}}]},"last_synced_at":"2025-08-21T14:25:41.077Z","repository_id":547352,"created_at":"2025-08-21T14:25:41.077Z","updated_at":"2025-08-21T14:25:41.077Z"},"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":31669117,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-04-10T17:19:37.612Z","status":"online","status_checked_at":"2026-04-11T02:00:05.776Z","response_time":54,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["http","lint","linter","protocol-analyser","python"],"created_at":"2024-08-01T12:01:24.834Z","updated_at":"2026-04-11T05:00:59.679Z","avatar_url":"https://github.com/mnot.png","language":"Python","readme":"# REDbot\n\nREDbot is lint for HTTP resources.\n\nIt checks HTTP resources for feature support and common protocol problems at the HTTP semantic and caching layers. You can use the public instance on \u003chttps://redbot.org/\u003e, or you can install it locally.\n\n[![Test](https://github.com/mnot/redbot/actions/workflows/test.yml/badge.svg)](https://github.com/mnot/redbot/actions/workflows/test.yml)\n\n\n## Contributing to REDbot\n\nYour ideas, questions and other contributions are most welcome. See\n[CONTRIBUTING.md](CONTRIBUTING.md) for details.\n\n\n## Setting Up Your Own REDbot\n\n### Installation\n\nREDbot requires a current version of [Python](https://python.org/).\n\nThe recommended method for installing REDbot is using `pipx`. To install the latest release, do:\n\n\u003e pipx install redbot\n\nOr, to use the most development version of REDbot, run:\n\n\u003e pipx install git+https://github.com/mnot/redbot.git\n\nBoth of these methods will install the following programs into your [pipx binary folder](https://pypa.github.io/pipx/installation/):\n\n* `redbot` - the command-line interface\n* `redbot_daemon` - Web interface as a standalone daemon\n\n\n### Running REDbot as a systemd Service\n\nREDbot can run as a standalone service, managed by [systemd](https://freedesktop.org/wiki/Software/systemd/). This offers a degree of sandboxing and resource management, as well as process monitoring (including a watchdog function).\n\nTo do this, install REDbot on your system with the `systemd` option. For example:\n\n\u003e pipx install redbot[systemd]\n\nThe copy `extra/redbot.service` into the appropriate directory (on most systems, `/etc/systemd/system/`.)\n\nModify the file appropriately; this is only a sample. Then, as root:\n\n~~~ bash\n\u003e systemctl reload-daemon\n\u003e systemctl enable redbot\n\u003e systemctl start redbot\n~~~\n\nBy default, REDbot will listen on localhost port 8000. This can be adjusted in `config.txt`. Running REDbot behind a reverse proxy is recommended, if it is to be exposed to the Internet.\n\nIf you want to allow people to save test results, create the directory referenced by the 'save_dir' configuration variable, and make sure that it's writable to the REDbot process.\n\n\n### Running REDbot in a Container\n\n[OCI](https://opencontainers.org)-compliant containers are [available on Github](https://github.com/mnot/redbot/pkgs/container/redbot), and it's easy to run REDbot one using a tool like [Docker](https://www.docker.com) or [Podman](https://podman.io). For example:\n\n\u003e docker run --rm -p 8000:8000 ghcr.io/mnot/redbot\n\nor\n\n\u003e podman run --rm -p 8000:8000 ghcr.io/mnot/redbot\n\n\n## Credits\n\nIcons by [Font Awesome](https://fontawesome.com/). REDbot includes code from [tippy.js](https://atomiks.github.io/tippyjs/) and [prettify.js](https://github.com/google/code-prettify).\n\n","funding_links":["https://github.com/sponsors/mnot"],"categories":["Python"],"sub_categories":[],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fmnot%2Fredbot","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fmnot%2Fredbot","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fmnot%2Fredbot/lists"}