{"id":20632040,"url":"https://github.com/pivotal/hammer","last_synced_at":"2026-04-02T15:47:15.430Z","repository":{"id":40005189,"uuid":"192361669","full_name":"pivotal/hammer","owner":"pivotal","description":"Wrapper CLI for interacting with OM, BOSH and others for PCF environments","archived":false,"fork":false,"pushed_at":"2026-03-27T22:43:48.000Z","size":310,"stargazers_count":13,"open_issues_count":0,"forks_count":3,"subscribers_count":446,"default_branch":"master","last_synced_at":"2026-03-28T05:09:27.881Z","etag":null,"topics":["cli","esg","golang","pcf"],"latest_commit_sha":null,"homepage":"","language":"Go","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/pivotal.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":"CONTRIBUTING.md","funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":"NOTICE","maintainers":null,"copyright":null,"agents":null,"dco":null,"cla":null}},"created_at":"2019-06-17T14:22:37.000Z","updated_at":"2026-03-27T22:43:51.000Z","dependencies_parsed_at":"2023-02-19T04:31:27.350Z","dependency_job_id":"e5a17260-6403-473d-847a-cef9c4767db8","html_url":"https://github.com/pivotal/hammer","commit_stats":{"total_commits":161,"total_committers":11,"mean_commits":"14.636363636363637","dds":0.3291925465838509,"last_synced_commit":"069de91872ca54ff59e9310d4c0ec0d776272cb2"},"previous_names":["pivotal/pcf-cli"],"tags_count":17,"template":false,"template_full_name":null,"purl":"pkg:github/pivotal/hammer","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pivotal%2Fhammer","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pivotal%2Fhammer/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pivotal%2Fhammer/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pivotal%2Fhammer/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/pivotal","download_url":"https://codeload.github.com/pivotal/hammer/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pivotal%2Fhammer/sbom","scorecard":{"id":735758,"data":{"date":"2025-08-18","repo":{"name":"github.com/pivotal/hammer","commit":"bf6f012b1d1efaaa04a8f270175c68712df2d560"},"scorecard":{"version":"v5.2.1-41-g40576783","commit":"40576783fda6698350fcbbeaea760ff827433034"},"score":4.2,"checks":[{"name":"Maintained","score":1,"reason":"2 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 1","details":null,"documentation":{"short":"Determines if the project is \"actively maintained\".","url":"https://github.com/ossf/scorecard/blob/40576783fda6698350fcbbeaea760ff827433034/docs/checks.md#maintained"}},{"name":"Binary-Artifacts","score":10,"reason":"no binaries found in the repo","details":null,"documentation":{"short":"Determines if the project has generated executable (binary) artifacts in the source repository.","url":"https://github.com/ossf/scorecard/blob/40576783fda6698350fcbbeaea760ff827433034/docs/checks.md#binary-artifacts"}},{"name":"Packaging","score":-1,"reason":"packaging workflow not detected","details":["Warn: no GitHub/GitLab publishing workflow detected."],"documentation":{"short":"Determines if the project is published as a package that others can easily download, install, easily update, and uninstall.","url":"https://github.com/ossf/scorecard/blob/40576783fda6698350fcbbeaea760ff827433034/docs/checks.md#packaging"}},{"name":"Dangerous-Workflow","score":10,"reason":"no dangerous workflow patterns detected","details":null,"documentation":{"short":"Determines if the project's GitHub Action workflows avoid dangerous patterns.","url":"https://github.com/ossf/scorecard/blob/40576783fda6698350fcbbeaea760ff827433034/docs/checks.md#dangerous-workflow"}},{"name":"Code-Review","score":1,"reason":"Found 2/19 approved changesets -- score normalized to 1","details":null,"documentation":{"short":"Determines if the project requires human code review before pull requests (aka merge requests) are merged.","url":"https://github.com/ossf/scorecard/blob/40576783fda6698350fcbbeaea760ff827433034/docs/checks.md#code-review"}},{"name":"Token-Permissions","score":0,"reason":"detected GitHub workflow tokens with excessive permissions","details":["Warn: no topLevel permission defined: .github/workflows/test.yml:1","Info: no jobLevel write permissions found"],"documentation":{"short":"Determines if the project's workflows follow the principle of least privilege.","url":"https://github.com/ossf/scorecard/blob/40576783fda6698350fcbbeaea760ff827433034/docs/checks.md#token-permissions"}},{"name":"CII-Best-Practices","score":0,"reason":"no effort to earn an OpenSSF best practices badge detected","details":null,"documentation":{"short":"Determines if the project has an OpenSSF (formerly CII) Best Practices Badge.","url":"https://github.com/ossf/scorecard/blob/40576783fda6698350fcbbeaea760ff827433034/docs/checks.md#cii-best-practices"}},{"name":"Pinned-Dependencies","score":0,"reason":"dependency not pinned by hash detected -- score normalized to 0","details":["Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test.yml:13: update your workflow using https://app.stepsecurity.io/secureworkflow/pivotal/hammer/test.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test.yml:17: update your workflow using https://app.stepsecurity.io/secureworkflow/pivotal/hammer/test.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test.yml:27: update your workflow using https://app.stepsecurity.io/secureworkflow/pivotal/hammer/test.yml/master?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/test.yml:29: update your workflow using https://app.stepsecurity.io/secureworkflow/pivotal/hammer/test.yml/master?enable=pin","Warn: goCommand not pinned by hash: .github/workflows/test.yml:20","Info:   0 out of   3 GitHub-owned GitHubAction dependencies pinned","Info:   0 out of   1 third-party GitHubAction dependencies pinned","Info:   0 out of   1 goCommand dependencies pinned"],"documentation":{"short":"Determines if the project has declared and pinned the dependencies of its build process.","url":"https://github.com/ossf/scorecard/blob/40576783fda6698350fcbbeaea760ff827433034/docs/checks.md#pinned-dependencies"}},{"name":"Fuzzing","score":0,"reason":"project is not fuzzed","details":["Warn: no fuzzer integrations found"],"documentation":{"short":"Determines if the project uses fuzzing.","url":"https://github.com/ossf/scorecard/blob/40576783fda6698350fcbbeaea760ff827433034/docs/checks.md#fuzzing"}},{"name":"License","score":10,"reason":"license file detected","details":["Info: project has a license file: LICENSE:0","Info: FSF or OSI recognized license: Apache License 2.0: LICENSE:0"],"documentation":{"short":"Determines if the project has defined a license.","url":"https://github.com/ossf/scorecard/blob/40576783fda6698350fcbbeaea760ff827433034/docs/checks.md#license"}},{"name":"Signed-Releases","score":0,"reason":"Project has not signed or included provenance with any releases.","details":["Warn: release artifact v0.13.0 not signed: https://api.github.com/repos/pivotal/hammer/releases/219603073","Warn: release artifact v0.12.0 not signed: https://api.github.com/repos/pivotal/hammer/releases/58195416","Warn: release artifact v0.11.0 not signed: https://api.github.com/repos/pivotal/hammer/releases/52675998","Warn: release artifact v0.10.0 not signed: https://api.github.com/repos/pivotal/hammer/releases/26632976","Warn: release artifact v0.9.0 not signed: https://api.github.com/repos/pivotal/hammer/releases/25610485","Warn: release artifact v0.13.0 does not have provenance: https://api.github.com/repos/pivotal/hammer/releases/219603073","Warn: release artifact v0.12.0 does not have provenance: https://api.github.com/repos/pivotal/hammer/releases/58195416","Warn: release artifact v0.11.0 does not have provenance: https://api.github.com/repos/pivotal/hammer/releases/52675998","Warn: release artifact v0.10.0 does not have provenance: https://api.github.com/repos/pivotal/hammer/releases/26632976","Warn: release artifact v0.9.0 does not have provenance: https://api.github.com/repos/pivotal/hammer/releases/25610485"],"documentation":{"short":"Determines if the project cryptographically signs release artifacts.","url":"https://github.com/ossf/scorecard/blob/40576783fda6698350fcbbeaea760ff827433034/docs/checks.md#signed-releases"}},{"name":"Branch-Protection","score":-1,"reason":"internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration","details":null,"documentation":{"short":"Determines if the default and release branches are protected with GitHub's branch protection settings.","url":"https://github.com/ossf/scorecard/blob/40576783fda6698350fcbbeaea760ff827433034/docs/checks.md#branch-protection"}},{"name":"Security-Policy","score":10,"reason":"security policy file detected","details":["Info: security policy file detected: github.com/vmware-archive/.github/SECURITY.md:1","Info: Found linked content: github.com/vmware-archive/.github/SECURITY.md:1","Info: Found disclosure, vulnerability, and/or timelines in security policy: github.com/vmware-archive/.github/SECURITY.md:1","Info: Found text in security policy: github.com/vmware-archive/.github/SECURITY.md:1"],"documentation":{"short":"Determines if the project has published a security policy.","url":"https://github.com/ossf/scorecard/blob/40576783fda6698350fcbbeaea760ff827433034/docs/checks.md#security-policy"}},{"name":"Vulnerabilities","score":10,"reason":"0 existing vulnerabilities detected","details":null,"documentation":{"short":"Determines if the project has open, known unfixed vulnerabilities.","url":"https://github.com/ossf/scorecard/blob/40576783fda6698350fcbbeaea760ff827433034/docs/checks.md#vulnerabilities"}},{"name":"SAST","score":0,"reason":"SAST tool is not run on all commits -- score normalized to 0","details":["Warn: 0 commits out of 18 are checked with a SAST tool"],"documentation":{"short":"Determines if the project uses static code analysis.","url":"https://github.com/ossf/scorecard/blob/40576783fda6698350fcbbeaea760ff827433034/docs/checks.md#sast"}}]},"last_synced_at":"2025-08-22T15:45:56.956Z","repository_id":40005189,"created_at":"2025-08-22T15:45:56.956Z","updated_at":"2025-08-22T15:45:56.956Z"},"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":31309312,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-04-02T12:59:32.332Z","status":"ssl_error","status_checked_at":"2026-04-02T12:54:48.875Z","response_time":89,"last_error":"SSL_connect returned=1 errno=0 peeraddr=140.82.121.5:443 state=error: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["cli","esg","golang","pcf"],"created_at":"2024-11-16T14:14:44.547Z","updated_at":"2026-04-02T15:47:15.405Z","avatar_url":"https://github.com/pivotal.png","language":"Go","funding_links":[],"categories":[],"sub_categories":[],"readme":"# hammer - wrapper CLI for interacting with PCF environments\n[![Test Status](https://github.com/pivotal/hammer/workflows/Test/badge.svg)](https://github.com/pivotal/hammer/actions)\n\n## Installation\n\nThe latest build of the `hammer` cli is available from the releases page.\nDownload the tar for your platform, untar it, and move it to your $PATH.\n\nOr using `brew` on macOS or Linux:\n```bash\nbrew tap pivotal/hammer https://github.com/pivotal/hammer\nbrew install hammer\n```\n\nAlternatively you can build `hammer` from source if you have Go installed:\n```bash\ngit clone git@github.com:pivotal/hammer.git \u0026\u0026 cd hammer \u0026\u0026 go install\n```\n\nYou will also need to install, separately, any of the underlying cli tools that `hammer` will use in your workflow. `hammer` does not include `cf`, `bosh`, `om`, etc.\n\n## Config\n\nIn order to run the `hammer` tool against a given environment you need to have an environment config file in the following format:\n```json\n{\n  \"name\": \"ENVIRONMENT-NAME\",\n  \"ops_manager\": {\n    \"url\": \"OPSMAN-URL\",\n    \"client_id\": \"OPSMAN-CLIENT-ID\",\n    \"client_secret\": \"OPSMAN-CLIENT-SECRET\",\n    \"username\": \"OPSMAN-USERNAME\",\n    \"password\": \"OPSMAN-PASSWORD\"\n  },\n  \"ops_manager_private_key\": \"OPSMAN-RSA-PRIVATE-KEY\",\n  \"ops_manager_public_ip\": \"OPSMAN-PUBLIC-IP\",\n  \"ops_manager_ssh_user\": \"OPSMAN-SSH-USER\",\n  \"sys_domain\": \"PAS-SYSTEM-DOMAIN\",\n  \"pks_api\":  {\n     \"url\": \"PKS-API-URL\"\n  }\n}\n```\nOr the equivalent in yaml:\n```yaml\nname: ENVIRONMENT-NAME\nops_manager:\n  client_id: OPSMAN-CLIENT-ID\n  client_secret: OPSMAN-CLIENT-SECRET\n  password: OPSMAN-PASSWORD\n  url: OPSMAN-URL\n  username: OPSMAN-USERNAME\nops_manager_private_key: OPSMAN-RSA-PRIVATE-KEY\nops_manager_public_ip: OPSMAN-PUBLIC-IP\nops_manager_ssh_user: OPSMAN-SSH-USER\npks_api:\n  url: PKS-API-URL\nsys_domain: PAS-SYSTEM-DOMAIN\n```\nThis file can then be passed into the tool via `hammer -t path-to-env-config \u003ccommand\u003e`.\n\n`ops_manager_ssh_user` is an optional field and if not set then `hammer -t path-to-env-config ssh opsman` will use\n`ubuntu` to ssh to the OpsManager VM, if users need to ssh via a different username they should set this as appropriate.\n\nOnly one set of `ops_manager.client_id` and `ops_manager.client_secret` or `ops_manager.username` and `ops_manager.password`\nneed to be specified, if both sets are specified then in line with `om` the client details will be used.\n\nNB: `sys_domain` and `pks_api.url` are only needed for using `hammer cf-login` and `hammer pks-login` respectively.\n\n### Multiple environments in a single config\n\nThe config file can contain a list of environments in previously defined structure, such as:\n```json\n[{\n  \"name\": \"ENVIRONMENT-NAME-1\",\n  \"ops_manager\": {\n    \"url\": \"OPSMAN-URL\",\n    \"client_id\": \"OPSMAN-CLIENT-ID\",\n    \"client_secret\": \"OPSMAN-CLIENT-SECRET\",\n    \"username\": \"OPSMAN-USERNAME\",\n    \"password\": \"OPSMAN-PASSWORD\"\n  },\n  \"ops_manager_private_key\": \"OPSMAN-RSA-PRIVATE-KEY\",\n  \"ops_manager_public_ip\": \"OPSMAN-PUBLIC-IP\",\n  \"ops_manager_ssh_user\": \"OPSMAN-SSH-USER\",\n  \"sys_domain\": \"PAS-SYSTEM-DOMAIN\",\n  \"pks_api\":  {\n     \"url\": \"PKS-API-URL\"\n  }\n},\n{\n  \"name\": \"ENVIRONMENT-NAME-2\",\n  \"ops_manager\": {\n    \"url\": \"OPSMAN-URL\",\n    \"client_id\": \"OPSMAN-CLIENT-ID\",\n    \"client_secret\": \"OPSMAN-CLIENT-SECRET\",\n    \"username\": \"OPSMAN-USERNAME\",\n    \"password\": \"OPSMAN-PASSWORD\"\n  },\n  \"ops_manager_private_key\": \"OPSMAN-RSA-PRIVATE-KEY\",\n  \"ops_manager_public_ip\": \"OPSMAN-PUBLIC-IP\",\n  \"ops_manager_ssh_user\": \"OPSMAN-SSH-USER\",\n  \"sys_domain\": \"PAS-SYSTEM-DOMAIN\",\n  \"pks_api\":  {\n    \"url\": \"PKS-API-URL\"\n  }\n}]\n```\nOr the equivalent in yaml:\n```yaml\n- name: ENVIRONMENT-NAME-1\n  ops_manager:\n    client_id: OPSMAN-CLIENT-ID\n    client_secret: OPSMAN-CLIENT-SECRET\n    password: OPSMAN-PASSWORD\n    url: OPSMAN-URL\n    username: OPSMAN-USERNAME\n  ops_manager_private_key: OPSMAN-RSA-PRIVATE-KEY\n  ops_manager_public_ip: OPSMAN-PUBLIC-IP\n  ops_manager_ssh_user: OPSMAN-SSH-USER\n  pks_api:\n    url: PKS-API-URL\n  sys_domain: PAS-SYSTEM-DOMAIN\n- name: ENVIRONMENT-NAME-2\n  ops_manager:\n    client_id: OPSMAN-CLIENT-ID\n    client_secret: OPSMAN-CLIENT-SECRET\n    password: OPSMAN-PASSWORD\n    url: OPSMAN-URL\n    username: OPSMAN-USERNAME\n  ops_manager_private_key: OPSMAN-RSA-PRIVATE-KEY\n  ops_manager_public_ip: OPSMAN-PUBLIC-IP\n  ops_manager_ssh_user: OPSMAN-SSH-USER\n  pks_api:\n    url: PKS-API-URL\n  sys_domain: PAS-SYSTEM-DOMAIN\n```\nAn environment can then be specified via `hammer -t path-to-env-config -e environment-name \u003ccommand\u003e`. If an environment\nname is not specified then the first environment in the config will be used.\n\n## Development\n\nUnit and integration tests can be run if you have [Ginkgo](https://github.com/onsi/ginkgo) installed:\n```bash\nginkgo -r .\n```\n\nLinters can also be run using [golangci-lint](https://github.com/golangci/golangci-lint):\n```bash\ngolangci-lint run\n```\n\nOr just run both with:\n```bash\nmake test\n```\n\n---\n\nSpecial thanks to [@blgm](https://github.com/blgm) for letting an internal tool he created serve as the basis for this tool.\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fpivotal%2Fhammer","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fpivotal%2Fhammer","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fpivotal%2Fhammer/lists"}