{"id":17150787,"url":"https://github.com/object88/tugboat","last_synced_at":"2026-01-20T14:07:51.177Z","repository":{"id":50759872,"uuid":"230019164","full_name":"object88/tugboat","owner":"object88","description":null,"archived":false,"fork":false,"pushed_at":"2021-05-30T21:25:08.000Z","size":14121,"stargazers_count":0,"open_issues_count":7,"forks_count":0,"subscribers_count":1,"default_branch":"master","last_synced_at":"2025-04-06T03:42:36.625Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":null,"language":"Go","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/object88.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null}},"created_at":"2019-12-25T00:46:57.000Z","updated_at":"2021-05-30T21:25:12.000Z","dependencies_parsed_at":"2022-09-05T20:11:59.160Z","dependency_job_id":null,"html_url":"https://github.com/object88/tugboat","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"purl":"pkg:github/object88/tugboat","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/object88%2Ftugboat","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/object88%2Ftugboat/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/object88%2Ftugboat/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/object88%2Ftugboat/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/object88","download_url":"https://codeload.github.com/object88/tugboat/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/object88%2Ftugboat/sbom","scorecard":{"id":700990,"data":{"date":"2025-08-11","repo":{"name":"github.com/object88/tugboat","commit":"f8a4444b95ba0ee85c9e87472cefebf8e5134053"},"scorecard":{"version":"v5.2.1-40-gf6ed084d","commit":"f6ed084d17c9236477efd66e5b258b9d4cc7b389"},"score":2.9,"checks":[{"name":"Dangerous-Workflow","score":10,"reason":"no dangerous workflow patterns detected","details":null,"documentation":{"short":"Determines if the project's GitHub Action workflows avoid dangerous patterns.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#dangerous-workflow"}},{"name":"Code-Review","score":0,"reason":"Found 0/13 approved changesets -- score normalized to 0","details":null,"documentation":{"short":"Determines if the project requires human code review before pull requests (aka merge requests) are merged.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#code-review"}},{"name":"Maintained","score":0,"reason":"0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0","details":null,"documentation":{"short":"Determines if the project is \"actively maintained\".","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#maintained"}},{"name":"Packaging","score":-1,"reason":"packaging workflow not detected","details":["Warn: no GitHub/GitLab publishing workflow detected."],"documentation":{"short":"Determines if the project is published as a package that others can easily download, install, easily update, and uninstall.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#packaging"}},{"name":"Token-Permissions","score":0,"reason":"detected GitHub workflow tokens with excessive permissions","details":["Warn: no topLevel permission defined: .github/workflows/codeql-analysis.yml:1","Warn: no topLevel permission defined: .github/workflows/main.yaml:1","Info: no jobLevel write permissions found"],"documentation":{"short":"Determines if the project's workflows follow the principle of least privilege.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#token-permissions"}},{"name":"CII-Best-Practices","score":0,"reason":"no effort to earn an OpenSSF best practices badge detected","details":null,"documentation":{"short":"Determines if the project has an OpenSSF (formerly CII) Best Practices Badge.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#cii-best-practices"}},{"name":"Security-Policy","score":0,"reason":"security policy file not detected","details":["Warn: no security policy file detected","Warn: no security file to analyze","Warn: no security file to analyze","Warn: no security file to analyze"],"documentation":{"short":"Determines if the project has published a security policy.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#security-policy"}},{"name":"Fuzzing","score":0,"reason":"project is not fuzzed","details":["Warn: no fuzzer integrations found"],"documentation":{"short":"Determines if the project uses fuzzing.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#fuzzing"}},{"name":"License","score":0,"reason":"license file not detected","details":["Warn: project does not have a license file"],"documentation":{"short":"Determines if the project has defined a license.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#license"}},{"name":"Binary-Artifacts","score":10,"reason":"no binaries found in the repo","details":null,"documentation":{"short":"Determines if the project has generated executable (binary) artifacts in the source repository.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#binary-artifacts"}},{"name":"Signed-Releases","score":-1,"reason":"no releases found","details":null,"documentation":{"short":"Determines if the project cryptographically signs release artifacts.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#signed-releases"}},{"name":"Branch-Protection","score":-1,"reason":"internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration","details":null,"documentation":{"short":"Determines if the default and release branches are protected with GitHub's branch protection settings.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#branch-protection"}},{"name":"Pinned-Dependencies","score":0,"reason":"dependency not pinned by hash detected -- score normalized to 0","details":["Info: Possibly incomplete results: error parsing shell code: \"foo(\" must be followed by ): vendor/sigs.k8s.io/controller-runtime/Makefile:0","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/codeql-analysis.yml:33: update your workflow using https://app.stepsecurity.io/secureworkflow/object88/tugboat/codeql-analysis.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/codeql-analysis.yml:46: update your workflow using https://app.stepsecurity.io/secureworkflow/object88/tugboat/codeql-analysis.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/codeql-analysis.yml:57: update your workflow using https://app.stepsecurity.io/secureworkflow/object88/tugboat/codeql-analysis.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/codeql-analysis.yml:71: update your workflow using https://app.stepsecurity.io/secureworkflow/object88/tugboat/codeql-analysis.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/main.yaml:11: update your workflow using https://app.stepsecurity.io/secureworkflow/object88/tugboat/main.yaml/master?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/main.yaml:12: update your workflow using https://app.stepsecurity.io/secureworkflow/object88/tugboat/main.yaml/master?enable=pin","Warn: containerImage not pinned by hash: apps/tugboat-controller/Dockerfile:1","Warn: containerImage not pinned by hash: apps/tugboat-notifier-slack/Dockerfile:1","Warn: containerImage not pinned by hash: apps/tugboat-slack/Dockerfile:1","Warn: containerImage not pinned by hash: apps/tugboat-watcher/Dockerfile:1","Warn: containerImage not pinned by hash: build_tools/Dockerfile:1: pin your Docker image by updating golang:1.15-buster to golang:1.15-buster@sha256:414340e7bfee1b13c72c59e9b0df5488b83b6a5c99c2d806509304ca7ef71350","Warn: containerImage not pinned by hash: docs/diagrams/Dockerfile:1: pin your Docker image by updating python:3.9-slim-buster to python:3.9-slim-buster@sha256:320a7a4250aba4249f458872adecf92eea88dc6abd2d76dc5c0f01cac9b53990","Warn: pipCommand not pinned by hash: docs/diagrams/Dockerfile:6","Warn: goCommand not pinned by hash: vendor/github.com/json-iterator/go/build.sh:10","Warn: goCommand not pinned by hash: vendor/github.com/pelletier/go-toml/benchmark.sh:10","Warn: goCommand not pinned by hash: vendor/github.com/pelletier/go-toml/benchmark.sh:11","Warn: goCommand not pinned by hash: vendor/github.com/pelletier/go-toml/test.sh:26","Warn: goCommand not pinned by hash: vendor/github.com/pelletier/go-toml/test.sh:27","Warn: goCommand not pinned by hash: vendor/github.com/pelletier/go-toml/test.sh:28","Warn: goCommand not pinned by hash: vendor/github.com/pelletier/go-toml/test.sh:29","Warn: goCommand not pinned by hash: vendor/google.golang.org/grpc/regenerate.sh:35","Warn: goCommand not pinned by hash: vendor/google.golang.org/grpc/vet.sh:38","Warn: goCommand not pinned by hash: vendor/google.golang.org/grpc/vet.sh:48","Info:   0 out of   5 GitHub-owned GitHubAction dependencies pinned","Info:   0 out of   1 third-party GitHubAction dependencies pinned","Info:   2 out of  12 goCommand dependencies pinned","Info:   0 out of   6 containerImage dependencies pinned","Info:   0 out of   1 pipCommand dependencies pinned"],"documentation":{"short":"Determines if the project has declared and pinned the dependencies of its build process.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#pinned-dependencies"}},{"name":"SAST","score":7,"reason":"SAST tool detected but not run on all commits","details":["Info: SAST configuration detected: CodeQL","Warn: 0 commits out of 30 are checked with a SAST tool"],"documentation":{"short":"Determines if the project uses static code analysis.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#sast"}},{"name":"Vulnerabilities","score":0,"reason":"44 existing vulnerabilities detected","details":["Warn: Project is vulnerable to: GO-2022-0619 / GHSA-r48q-9g5r-8q2h","Warn: Project is vulnerable to: GO-2023-2153 / GHSA-m425-mq94-257g / GHSA-qppj-fm5r-hxr3","Warn: Project is vulnerable to: GO-2024-2611 / GHSA-8r3f-844c-mc37","Warn: Project is vulnerable to: GO-2022-1040 / GHSA-c38g-469g-cmgx","Warn: Project is vulnerable to: GO-2022-0384 / GHSA-56hp-xqp3-w2jf","Warn: Project is vulnerable to: GO-2022-0962 / GHSA-7hfp-qfw3-5jxh","Warn: Project is vulnerable to: GO-2022-1165 / GHSA-53c4-hhmh-vw5q","Warn: Project is vulnerable to: GO-2022-1166 / GHSA-67fx-wx78-jx33","Warn: Project is vulnerable to: GO-2022-1167 / GHSA-6rx9-889q-vv2r","Warn: Project is vulnerable to: GO-2023-1547 / GHSA-pwcw-6f5g-gxf8","Warn: Project is vulnerable to: GO-2024-2554 / GHSA-v53g-5gjp-272r","Warn: Project is vulnerable to: GO-2024-2575 / GHSA-r53h-jv2g-vpx6","Warn: Project is vulnerable to: GO-2025-3601 / GHSA-4hfp-h4cw-hj8p","Warn: Project is vulnerable to: GO-2025-3602 / GHSA-5xqw-8hwv-wg92","Warn: Project is vulnerable to: GO-2025-3802 / GHSA-557j-xg8c-q2mm","Warn: Project is vulnerable to: GHSA-9h84-qmv7-982p","Warn: Project is vulnerable to: GHSA-f9f8-9pmf-xv68","Warn: Project is vulnerable to: GO-2022-0493 / GHSA-p782-xgp4-8hr8","Warn: Project is vulnerable to: GO-2022-0236 / GHSA-h86h-8ppg-mxmh","Warn: Project is vulnerable to: GO-2021-0238 / GHSA-83g2-8m93-v3w7","Warn: Project is vulnerable to: GO-2022-0288","Warn: Project is vulnerable to: GO-2022-0969 / GHSA-69cg-p879-7622","Warn: Project is vulnerable to: GO-2022-1144 / GHSA-xrjj-mj9h-534m","Warn: Project is vulnerable to: GO-2023-1571 / GHSA-vvpx-j8f3-3w6h","Warn: Project is vulnerable to: GO-2023-1988 / GHSA-2wrh-6pvc-2jm9","Warn: Project is vulnerable to: GO-2023-2102 / GHSA-4374-p667-p6c8","Warn: Project is vulnerable to: GO-2024-2687 / GHSA-4v7x-pqxf-cx7m","Warn: Project is vulnerable to: GO-2024-3333","Warn: Project is vulnerable to: GO-2025-3503 / GHSA-qxp5-gwg8-xv66","Warn: Project is vulnerable to: GO-2025-3595 / GHSA-vvgc-356p-c3xw","Warn: Project is vulnerable to: GO-2020-0015 / GHSA-5rcv-m4m3-hfh7","Warn: Project is vulnerable to: GO-2021-0113 / GHSA-ppp9-7jff-5vj2","Warn: Project is vulnerable to: GO-2022-1059 / GHSA-69ch-w2m2-3vjp","Warn: Project is vulnerable to: GO-2020-0036 / GHSA-wxc4-f4m6-wwqv","Warn: Project is vulnerable to: GO-2021-0061 / GHSA-r88r-gmrh-7j83","Warn: Project is vulnerable to: GO-2022-0956 / GHSA-6q6q-88xp-6f2r","Warn: Project is vulnerable to: GO-2020-0017 / GHSA-w73w-5m7g-f7qc","Warn: Project is vulnerable to: GO-2021-0053 / GHSA-c3h9-896r-86jm","Warn: Project is vulnerable to: GO-2022-0322 / GHSA-cg3q-j54f-5p7p","Warn: Project is vulnerable to: GO-2022-0197 / GHSA-4r78-hx75-jjj2 / GHSA-mv93-wvcp-7m7r","Warn: Project is vulnerable to: GO-2020-0014 / GHSA-vfw5-hrgq-h5wf","Warn: Project is vulnerable to: GO-2022-0536 / GHSA-39qc-96h7-956f / GHSA-hgr8-6h9x-f7q9","Warn: Project is vulnerable to: GO-2025-3372 / GHSA-6wxm-mpqj-6jpf","Warn: Project is vulnerable to: GO-2025-3488 / GHSA-6v2p-p543-phr9"],"documentation":{"short":"Determines if the project has open, known unfixed vulnerabilities.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#vulnerabilities"}}]},"last_synced_at":"2025-08-22T05:12:28.798Z","repository_id":50759872,"created_at":"2025-08-22T05:12:28.798Z","updated_at":"2025-08-22T05:12:28.798Z"},"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":28604712,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-01-20T12:01:53.233Z","status":"ssl_error","status_checked_at":"2026-01-20T12:01:46.545Z","response_time":117,"last_error":"SSL_read: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2024-10-14T21:36:30.274Z","updated_at":"2026-01-20T14:07:51.159Z","avatar_url":"https://github.com/object88.png","language":"Go","funding_links":[],"categories":[],"sub_categories":[],"readme":"# Tugboat\n\n_Tugboat is a work in progress, and documentation here does not reflect the current state of the project._\n\nTugboat improves the [Helm](helm.sh) chart deployment process for developers by exposing pod state and state transitions during a deployment.\n\nIn some kubernetes environments, a software developer may not have complete access all Kubernetes resources. For example, a production environment may be walled off. Tools such as Splunk or Datadog give an excellent _overview_ of a complete Kubernetes environment, but may not provide an easily accessible, _acute_ view of changes relevant to a deployment. This is not a criticism of these tools, just an observation of the space that Tugboat intends to fill.\n\n## What does Tugboat do?\n\nTugboat uses a Kubernetes custom resource (`launch`) to represent a Helm deployment, and uses the observer pattern to perform Help operations (install, update, delete). At the time of deployment, the helm chart's template files are decorated with labels and annotations. This allows tugboat to associate the changes in kubernetes resources introduced with a particular deployment.\n\nBecause Tugboat is in control of the Helm deployments, it has visibility into anticipated changes, and can detect and report on abnormalities.\n\n## What questions does Tugboat answer?\n\nDuring deployment...\n* Have any of my pods updated?\n* Have _all_ of my pods updated?\n* How are the new pods configured (docker image, etc.)?\n* Are my pods in a Crashloop Backoff?\n\n## Do I need Tugboat?\n\nIn short, no. Tugboat does not provide any mission critical tooling not already made available through other means. Tugboat exists as a _facilitator_ for SREs and developers, providing proactive insight into existent data.\n\nYou may want Tugboat if an environment is unavailable via normal `kubectl` or `helm` commands, log collection is far from pod state, or state is not represented sufficiently quickly.\n\n## Why the name \"Tugboat\"?\n\nThe Kubernetes ecosystem follows a nautical theme (note the Kubernetes logo, applications such as `helm`, `spinnaker`, etc.). A [tugboat](https://en.wikipedia.org/wiki/Tugboat) (the nautical vessel) assists other, large boats as they launch from a port, ensuring that they are able to manuever into open waters.\n\nWhile the process is not completely analogous, Tugboat (the software) is designed to help deploy software by hooking into a Kubernetes environment and providing feedback to a developer about what is happening during the deployment itself, in relatively real-time.\n\n## Limitations\n\nTugboat is not intended to observe the state of Kubernetes resources such as nodes.\n\nDocumentation:\n*  for Tugboat developers\n  * [Building](docs/development.md)\n  * [Running locally](docs/running-locally.md)","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fobject88%2Ftugboat","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fobject88%2Ftugboat","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fobject88%2Ftugboat/lists"}