{"id":26680207,"url":"https://github.com/rcmachado/changelog","last_synced_at":"2026-03-12T06:02:03.760Z","repository":{"id":46176104,"uuid":"134190380","full_name":"rcmachado/changelog","owner":"rcmachado","description":"Read, validate and manipulate CHANGELOG.md files that follow keepachangelog.com specification","archived":false,"fork":false,"pushed_at":"2021-11-11T19:32:58.000Z","size":172,"stargazers_count":49,"open_issues_count":18,"forks_count":9,"subscribers_count":1,"default_branch":"master","last_synced_at":"2025-08-14T09:37:44.598Z","etag":null,"topics":["changelog","changelog-formatter","changelog-parser","cli","golang","keepachangelog"],"latest_commit_sha":null,"homepage":"","language":"Go","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/rcmachado.png","metadata":{"files":{"readme":"README.md","changelog":"CHANGELOG.md","contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null}},"created_at":"2018-05-20T22:01:09.000Z","updated_at":"2025-07-29T20:06:57.000Z","dependencies_parsed_at":"2022-09-26T18:31:49.698Z","dependency_job_id":null,"html_url":"https://github.com/rcmachado/changelog","commit_stats":null,"previous_names":[],"tags_count":9,"template":false,"template_full_name":null,"purl":"pkg:github/rcmachado/changelog","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rcmachado%2Fchangelog","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rcmachado%2Fchangelog/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rcmachado%2Fchangelog/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rcmachado%2Fchangelog/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/rcmachado","download_url":"https://codeload.github.com/rcmachado/changelog/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rcmachado%2Fchangelog/sbom","scorecard":{"id":764596,"data":{"date":"2025-08-11","repo":{"name":"github.com/rcmachado/changelog","commit":"24a2e26bdaaa495c5c1acf38785137169dd9e7cd"},"scorecard":{"version":"v5.2.1-40-gf6ed084d","commit":"f6ed084d17c9236477efd66e5b258b9d4cc7b389"},"score":3.5,"checks":[{"name":"Binary-Artifacts","score":10,"reason":"no binaries found in the repo","details":null,"documentation":{"short":"Determines if the project has generated executable (binary) artifacts in the source repository.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#binary-artifacts"}},{"name":"Maintained","score":0,"reason":"0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0","details":null,"documentation":{"short":"Determines if the project is \"actively maintained\".","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#maintained"}},{"name":"Code-Review","score":1,"reason":"Found 3/18 approved changesets -- score normalized to 1","details":null,"documentation":{"short":"Determines if the project requires human code review before pull requests (aka merge requests) are merged.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#code-review"}},{"name":"Dangerous-Workflow","score":10,"reason":"no dangerous workflow patterns detected","details":null,"documentation":{"short":"Determines if the project's GitHub Action workflows avoid dangerous patterns.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#dangerous-workflow"}},{"name":"Token-Permissions","score":0,"reason":"detected GitHub workflow tokens with excessive permissions","details":["Warn: no topLevel permission defined: .github/workflows/golangci-lint.yml:1","Warn: no topLevel permission defined: .github/workflows/goreleaser.yml:1","Warn: no topLevel permission defined: .github/workflows/tests.yml:1","Info: no jobLevel write permissions found"],"documentation":{"short":"Determines if the project's workflows follow the principle of least privilege.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#token-permissions"}},{"name":"CII-Best-Practices","score":0,"reason":"no effort to earn an OpenSSF best practices badge detected","details":null,"documentation":{"short":"Determines if the project has an OpenSSF (formerly CII) Best Practices Badge.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#cii-best-practices"}},{"name":"Security-Policy","score":0,"reason":"security policy file not detected","details":["Warn: no security policy file detected","Warn: no security file to analyze","Warn: no security file to analyze","Warn: no security file to analyze"],"documentation":{"short":"Determines if the project has published a security policy.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#security-policy"}},{"name":"Fuzzing","score":0,"reason":"project is not fuzzed","details":["Warn: no fuzzer integrations found"],"documentation":{"short":"Determines if the project uses fuzzing.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#fuzzing"}},{"name":"Packaging","score":-1,"reason":"packaging workflow not detected","details":["Warn: no GitHub/GitLab publishing workflow detected."],"documentation":{"short":"Determines if the project is published as a package that others can easily download, install, easily update, and uninstall.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#packaging"}},{"name":"License","score":10,"reason":"license file detected","details":["Info: project has a license file: LICENSE:0","Info: FSF or OSI recognized license: MIT License: LICENSE:0"],"documentation":{"short":"Determines if the project has defined a license.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#license"}},{"name":"Pinned-Dependencies","score":0,"reason":"dependency not pinned by hash detected -- score normalized to 0","details":["Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/golangci-lint.yml:14: update your workflow using https://app.stepsecurity.io/secureworkflow/rcmachado/changelog/golangci-lint.yml/master?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/golangci-lint.yml:17: update your workflow using https://app.stepsecurity.io/secureworkflow/rcmachado/changelog/golangci-lint.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/goreleaser.yml:16: update your workflow using https://app.stepsecurity.io/secureworkflow/rcmachado/changelog/goreleaser.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/goreleaser.yml:22: update your workflow using https://app.stepsecurity.io/secureworkflow/rcmachado/changelog/goreleaser.yml/master?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/goreleaser.yml:28: update your workflow using https://app.stepsecurity.io/secureworkflow/rcmachado/changelog/goreleaser.yml/master?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/goreleaser.yml:42: update your workflow using https://app.stepsecurity.io/secureworkflow/rcmachado/changelog/goreleaser.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/tests.yml:19: update your workflow using https://app.stepsecurity.io/secureworkflow/rcmachado/changelog/tests.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/tests.yml:25: update your workflow using https://app.stepsecurity.io/secureworkflow/rcmachado/changelog/tests.yml/master?enable=pin","Warn: containerImage not pinned by hash: Dockerfile:1","Warn: containerImage not pinned by hash: Dockerfile:8: pin your Docker image by updating alpine:latest to alpine:latest@sha256:4bcff63911fcb4448bd4fdacec207030997caf25e9bea4045fa6c8c44de311d1","Warn: containerImage not pinned by hash: Dockerfile.goreleaser:1: pin your Docker image by updating debian:bullseye-slim to debian:bullseye-slim@sha256:849d9d34d5fe0bf88b5fb3d09eb9684909ac4210488b52f4f7bbe683eedcb851","Info:   0 out of   5 GitHub-owned GitHubAction dependencies pinned","Info:   0 out of   3 third-party GitHubAction dependencies pinned","Info:   0 out of   3 containerImage dependencies pinned"],"documentation":{"short":"Determines if the project has declared and pinned the dependencies of its build process.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#pinned-dependencies"}},{"name":"Signed-Releases","score":0,"reason":"Project has not signed or included provenance with any releases.","details":["Warn: release artifact 0.7.0 not signed: https://api.github.com/repos/rcmachado/changelog/releases/28211082","Warn: release artifact 0.6.0 not signed: https://api.github.com/repos/rcmachado/changelog/releases/26991245","Warn: release artifact 0.5.0 not signed: https://api.github.com/repos/rcmachado/changelog/releases/26971965","Warn: release artifact 0.4.2 not signed: https://api.github.com/repos/rcmachado/changelog/releases/25060105","Warn: release artifact 0.4.1 not signed: https://api.github.com/repos/rcmachado/changelog/releases/24047010","Warn: release artifact 0.7.0 does not have provenance: https://api.github.com/repos/rcmachado/changelog/releases/28211082","Warn: release artifact 0.6.0 does not have provenance: https://api.github.com/repos/rcmachado/changelog/releases/26991245","Warn: release artifact 0.5.0 does not have provenance: https://api.github.com/repos/rcmachado/changelog/releases/26971965","Warn: release artifact 0.4.2 does not have provenance: https://api.github.com/repos/rcmachado/changelog/releases/25060105","Warn: release artifact 0.4.1 does not have provenance: https://api.github.com/repos/rcmachado/changelog/releases/24047010"],"documentation":{"short":"Determines if the project cryptographically signs release artifacts.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#signed-releases"}},{"name":"Branch-Protection","score":-1,"reason":"internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration","details":null,"documentation":{"short":"Determines if the default and release branches are protected with GitHub's branch protection settings.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#branch-protection"}},{"name":"SAST","score":0,"reason":"SAST tool is not run on all commits -- score normalized to 0","details":["Warn: 0 commits out of 20 are checked with a SAST tool"],"documentation":{"short":"Determines if the project uses static code analysis.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#sast"}},{"name":"Vulnerabilities","score":10,"reason":"0 existing vulnerabilities detected","details":null,"documentation":{"short":"Determines if the project has open, known unfixed vulnerabilities.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#vulnerabilities"}}]},"last_synced_at":"2025-08-23T00:25:04.400Z","repository_id":46176104,"created_at":"2025-08-23T00:25:04.400Z","updated_at":"2025-08-23T00:25:04.400Z"},"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":30416736,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-03-12T04:41:02.746Z","status":"ssl_error","status_checked_at":"2026-03-12T04:40:12.571Z","response_time":114,"last_error":"SSL_connect returned=1 errno=0 peeraddr=140.82.121.6:443 state=error: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["changelog","changelog-formatter","changelog-parser","cli","golang","keepachangelog"],"created_at":"2025-03-26T06:26:46.611Z","updated_at":"2026-03-12T06:02:03.735Z","avatar_url":"https://github.com/rcmachado.png","language":"Go","funding_links":[],"categories":[],"sub_categories":[],"readme":"# changelog\n\n![Tests](https://github.com/rcmachado/changelog/workflows/Tests/badge.svg)\n[![Coverage Status](https://coveralls.io/repos/github/rcmachado/changelog/badge.svg?branch=master)](https://coveralls.io/github/rcmachado/changelog?branch=master)\n[![Go Report Card](https://goreportcard.com/badge/github.com/rcmachado/changelog)](https://goreportcard.com/report/github.com/rcmachado/changelog)\n\n`changelog` is a command-line application to read and manipulate\n`CHANGELOG.md` files that follows the [keepachangelog.com][] spec.\n\nIt can normalize the file (`fmt`), create a release (`release`) and\nshow a specific version (`show`). See [Usage](#usage) for details.\n\n## Table of Contents\n\n- [Usage](#usage)\n- [Installation](#installation)\n  - [Linux and macOS](#linux-and-macos)\n  - [Source](#source)\n- [Commands](#commands)\n  - [init](#init)\n  - [fmt](#fmt)\n  - [show](#show)\n  - [release](#release)\n- [Formatting](#formatting)\n- [Contributing](#contributing)\n- [License](#license)\n\n## Usage\n\n```bash\n# Initialize a new CHANGELOG.md file\n$ changelog init --compare-url=https://github.com/myorg/myrepo/compare/abcdef...1234\n# Add a first message under \"Added\" section\n$ changelog added \"Initial commit\"\n# Create release\n$ changelog release 0.1.0\n```\n\n## Installation\n\n### Linux and macOS\n\nThe easiest way to install it is to download the [latest version][]\nfrom GitHub releases.\n\nThere are precompiled binaries for macOS and Linux.\n\n### Source\n\nClone the repository and build the executable:\n\n```bash\nmake build\n```\n\nThis will generate a `changelog` binary that can be copied to `/usr/local/bin`:\n\n```bash\ncp changelog /usr/local/bin\n```\n\n## Commands\n\n```text\nchangelog manipulate and validate markdown changelog files following the keepachangelog.com specification.\n\nUsage:\n  changelog [command]\n\nAvailable Commands:\n  added       Add item under 'Added' section\n  bundle      Bundles files containing unrelased changelog entries\n  changed     Add item under 'Changed' section\n  deprecated  Add item under 'Deprecated' section\n  fixed       Add item under 'Fixed' section\n  fmt         Reformat the change log file\n  help        Help about any command\n  init        Initializes a new changelog\n  release     Change Unreleased to [version]\n  removed     Add item under 'Removed' section\n  security    Add item under 'Security' section\n  show        Show changelog for [version]\n\nFlags:\n  -f, --filename string   Changelog file or '-' for stdin (default \"CHANGELOG.md\")\n  -h, --help              help for changelog\n  -o, --output string     Output file or '-' for stdout (default \"-\")\n\nUse \"changelog [command] --help\" for more information about a command.\n```\n\n### init\n\nOutputs a changelog with only preamble and Unreleased version to standard output. You can specify a filename using `--output/-o` flag:\n\n```bash\n$ touch CHANGELOG.md\n$ changelog init -o CHANGELOG.md --compare-url https://github.com/rcmachado/changelog/compare/abcdef...HEAD\nChangelog file 'CHANGELOG.md' created.\n```\n\n### fmt\n\nNormalize file format (see [Formatting](#formatting) for the specific\ntransformation applied):\n\n```bash\nchangelog fmt\n```\n\n### show\n\nShow what will be in the next release:\n\n```bash\nchangelog show Unreleased\n```\n\nShow the change log for a specific version:\n\n```bash\nchangelog show 1.2.3\n```\n\n### release\n\nCreate a new release:\n\n```bash\nchangelog release 1.2.4\n```\n\n### Formatting\n\n`fmt` command normalizes the changelog file. The idea is to always have\nthe same output, no matter how messy the file is. Right now it doesn't\ndo much, but the plan is to evolve it as a kind of `go fmt` for\nchangelogs.\n\nCurrently, the following transformations are applied:\n\n- Sections are sorted (eg. Added, Changed, etc)\n- Version links are put at the bottom of the file\n- List bullet is always `-`\n\n## Contributing\n\nFeel free to fork and submit a PR. You can also take a look, at the [Issues][] tab to see some ideas.\n\n## License\n\nLicensed under MIT. See [LICENSE][] file for details.\n\n[keepachangelog.com]: https://keepachangelog.com/\n[LICENSE]: ./LICENSE\n[Issues]: https://github.com/rcmachado/changelog\n[latest version]: https://github.com/rcmachado/changelog/releases/latest\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Frcmachado%2Fchangelog","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Frcmachado%2Fchangelog","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Frcmachado%2Fchangelog/lists"}