{"id":47892945,"url":"https://github.com/ossf/pvtr-github-repo-scanner","last_synced_at":"2026-04-07T22:02:09.823Z","repository":{"id":280564708,"uuid":"942314439","full_name":"ossf/pvtr-github-repo-scanner","owner":"ossf","description":"Privateer plugin for scanning the security hygiene of a GitHub repository.","archived":false,"fork":false,"pushed_at":"2026-04-03T21:06:18.000Z","size":1243,"stargazers_count":21,"open_issues_count":27,"forks_count":12,"subscribers_count":3,"default_branch":"main","last_synced_at":"2026-04-04T03:26:23.748Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":null,"language":"Go","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/ossf.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":".github/CONTRIBUTING.md","funding":null,"license":"LICENSE","code_of_conduct":".github/CODE_OF_CONDUCT.md","threat_model":null,"audit":null,"citation":null,"codeowners":".github/CODEOWNERS","security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":null,"dco":null,"cla":null}},"created_at":"2025-03-03T23:09:25.000Z","updated_at":"2026-04-03T21:06:27.000Z","dependencies_parsed_at":"2025-03-04T05:29:49.032Z","dependency_job_id":"efdf75b3-8ed7-49ec-9d81-8dd6d3b61a06","html_url":"https://github.com/ossf/pvtr-github-repo-scanner","commit_stats":null,"previous_names":["revanite-io/pvtr-github-repo","ossf/pvtr-github-repo-scanner"],"tags_count":31,"template":false,"template_full_name":null,"purl":"pkg:github/ossf/pvtr-github-repo-scanner","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ossf%2Fpvtr-github-repo-scanner","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ossf%2Fpvtr-github-repo-scanner/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ossf%2Fpvtr-github-repo-scanner/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ossf%2Fpvtr-github-repo-scanner/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/ossf","download_url":"https://codeload.github.com/ossf/pvtr-github-repo-scanner/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ossf%2Fpvtr-github-repo-scanner/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":31530647,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-04-07T16:28:08.000Z","status":"ssl_error","status_checked_at":"2026-04-07T16:28:06.951Z","response_time":105,"last_error":"SSL_connect returned=1 errno=0 peeraddr=140.82.121.5:443 state=error: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2026-04-04T03:12:21.056Z","updated_at":"2026-04-07T22:02:09.818Z","avatar_url":"https://github.com/ossf.png","language":"Go","funding_links":[],"categories":[],"sub_categories":[],"readme":"# Privateer Plugin for GitHub Repositories\n\nThis application performs automated assessments against GitHub repositories using controls defined in the [Open Source Project Security Baseline v2025.02.25](https://baseline.openssf.org). The application consumes the OSPS Baseline controls using [Gemara](https://github.com/gemaraproj/go-gemara) layer 2 and produces results of the automated assessments using layer 4.\n\nMany of the assessments depend upon the presence of a [Security Insights](https://github.com/ossf/security-insights) file at the root of the repository, or `./github/security-insights.yml`.\n\n## Work in Progress\n\nCurrently 39 control requirements across OSPS Baselines levels 1-3 are covered, with 13 not yet implemented. [Maturity Level 1](https://baseline.openssf.org/versions/2025-02-25.html#level-1) requirements are the most rigorously tested and are recommended for use. The results of these layer 1 assessments are integrated into [LFX Insights](https://insights.linuxfoundation.org/project/k8s/repository/kubernetes-kubernetes/security), powering the [Security \u0026 Best Practices results](https://insights.linuxfoundation.org/docs/metrics/security/).\n\n![alt text](kubernetes_insights_baseline.png)\n\nLevel 2 and Level 3 requirements are undergoing current development and may be less rigorously tested.\n\n## Local Usage\n\nTo run the GitHub scanner locally, you will need the Privateer (`pvtr`) framework and the GitHub repository scanner (`pvtr-github-repo-scanner`) plugin.\n\n1. Install pvtr using one of the methods described [here](https://github.com/privateerproj/privateer/blob/main/README.md#step-2-choose-your-installation-method).\n2. Next, download the `pvtr-github-repo-scanner` plugin from the [releases](https://github.com/ossf/pvtr-github-repo-scanner/releases).\n\nThe following command is an example where the `pvtr`, the `pvtr-github-repo-scanner`, and the `config.yaml` are in the same directory.\n```sh\n./pvtr run --binaries-path .\n```\nIf the binaries and the config files are in different directories specify the complete path using `--binaries-path` and `--config` flags.\n\nYou may have to adjust the plugin name in the config.yaml file to match them.\n\n## Docker Usage\n\n```sh\n# build the image\ndocker build . -t local\ndocker run \\\n  -v ./config.yml:/.privateer/config.yml \\\n  -v ./evaluation_results:/.privateer/bin/evaluation_results \\\n  local\n```\n\n## GitHub Actions Usage\n\nSee the [OSPS Security Baseline Scanner](https://github.com/marketplace/actions/open-source-project-security-baseline-scanner)\n\n## Contributing\n\nContributions are welcome! Please see our [Contributing Guidelines](.github/CONTRIBUTING.md) for more information.\n\n## License\n\nThis project is licensed under the Apache 2.0 License - see the [LICENSE](LICENSE) file for details.\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fossf%2Fpvtr-github-repo-scanner","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fossf%2Fpvtr-github-repo-scanner","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fossf%2Fpvtr-github-repo-scanner/lists"}