{"id":34044735,"url":"https://github.com/redhat-performance/cloud-governance","last_synced_at":"2025-12-30T06:02:22.315Z","repository":{"id":37086724,"uuid":"321587537","full_name":"redhat-performance/cloud-governance","owner":"redhat-performance","description":"The Next generation of cloud management and security ","archived":false,"fork":false,"pushed_at":"2025-11-25T20:21:44.000Z","size":12159,"stargazers_count":18,"open_issues_count":7,"forks_count":18,"subscribers_count":4,"default_branch":"main","last_synced_at":"2025-11-28T03:22:40.425Z","etag":null,"topics":["cloud-governance","openshift"],"latest_commit_sha":null,"homepage":"","language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/redhat-performance.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":"CONTRIBUTING.md","funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":"SECURITY.md","support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":null,"dco":null,"cla":null}},"created_at":"2020-12-15T07:30:57.000Z","updated_at":"2025-11-25T20:21:47.000Z","dependencies_parsed_at":"2023-12-20T10:33:25.492Z","dependency_job_id":"57d16938-a6fd-4e2f-a681-34a2856fd89a","html_url":"https://github.com/redhat-performance/cloud-governance","commit_stats":{"total_commits":1151,"total_committers":7,"mean_commits":"164.42857142857142","dds":0.3805386620330148,"last_synced_commit":"5475c77146e69cc9ab3942e8575d332730d56752"},"previous_names":[],"tags_count":729,"template":false,"template_full_name":null,"purl":"pkg:github/redhat-performance/cloud-governance","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/redhat-performance%2Fcloud-governance","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/redhat-performance%2Fcloud-governance/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/redhat-performance%2Fcloud-governance/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/redhat-performance%2Fcloud-governance/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/redhat-performance","download_url":"https://codeload.github.com/redhat-performance/cloud-governance/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/redhat-performance%2Fcloud-governance/sbom","scorecard":{"id":767749,"data":{"date":"2025-08-11","repo":{"name":"github.com/redhat-performance/cloud-governance","commit":"cda9c366c69449921f00c6f8cbc37b80124539b1"},"scorecard":{"version":"v5.2.1-40-gf6ed084d","commit":"f6ed084d17c9236477efd66e5b258b9d4cc7b389"},"score":3.2,"checks":[{"name":"Code-Review","score":4,"reason":"Found 12/30 approved changesets -- score normalized to 4","details":null,"documentation":{"short":"Determines if the project requires human code review before pull requests (aka merge requests) are merged.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#code-review"}},{"name":"Security-Policy","score":4,"reason":"security policy file detected","details":["Info: security policy file detected: SECURITY.md:1","Warn: no linked content found","Info: Found disclosure, vulnerability, and/or timelines in security policy: SECURITY.md:1","Info: Found text in security policy: SECURITY.md:1"],"documentation":{"short":"Determines if the project has published a security policy.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#security-policy"}},{"name":"Maintained","score":10,"reason":"30 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 10","details":null,"documentation":{"short":"Determines if the project is \"actively maintained\".","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#maintained"}},{"name":"CII-Best-Practices","score":0,"reason":"no effort to earn an OpenSSF best practices badge detected","details":null,"documentation":{"short":"Determines if the project has an OpenSSF (formerly CII) Best Practices Badge.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#cii-best-practices"}},{"name":"Dangerous-Workflow","score":0,"reason":"dangerous workflow patterns detected","details":["Warn: untrusted code checkout '${{ github.event.pull_request.head.sha }}': .github/workflows/PR.yml:31","Warn: untrusted code checkout '${{ github.event.pull_request.head.sha }}': .github/workflows/PR.yml:76","Warn: untrusted code checkout '${{ github.event.pull_request.head.sha }}': .github/workflows/PR.yml:144","Warn: untrusted code checkout '${{ github.event.pull_request.head.sha }}': .github/workflows/PR.yml:204","Warn: untrusted code checkout '${{ github.event.pull_request.head.sha }}': .github/workflows/PR.yml:252"],"documentation":{"short":"Determines if the project's GitHub Action workflows avoid dangerous patterns.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#dangerous-workflow"}},{"name":"Binary-Artifacts","score":10,"reason":"no binaries found in the repo","details":null,"documentation":{"short":"Determines if the project has generated executable (binary) artifacts in the source repository.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#binary-artifacts"}},{"name":"Token-Permissions","score":0,"reason":"detected GitHub workflow tokens with excessive permissions","details":["Warn: no topLevel permission defined: .github/workflows/Build.yml:1","Warn: no topLevel permission defined: .github/workflows/PR.yml:1","Info: no jobLevel write permissions found"],"documentation":{"short":"Determines if the project's workflows follow the principle of least privilege.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#token-permissions"}},{"name":"Fuzzing","score":0,"reason":"project is not fuzzed","details":["Warn: no fuzzer integrations found"],"documentation":{"short":"Determines if the project uses fuzzing.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#fuzzing"}},{"name":"License","score":10,"reason":"license file detected","details":["Info: project has a license file: LICENSE:0","Info: FSF or OSI recognized license: Apache License 2.0: LICENSE:0"],"documentation":{"short":"Determines if the project has defined a license.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#license"}},{"name":"Signed-Releases","score":-1,"reason":"no releases found","details":null,"documentation":{"short":"Determines if the project cryptographically signs release artifacts.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#signed-releases"}},{"name":"Branch-Protection","score":0,"reason":"branch protection not enabled on development/release branches","details":["Warn: branch protection not enabled for branch 'main'"],"documentation":{"short":"Determines if the default and release branches are protected with GitHub's branch protection settings.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#branch-protection"}},{"name":"Packaging","score":10,"reason":"packaging workflow detected","details":["Info: Project packages its releases by way of GitHub Actions.: .github/workflows/Build.yml:313"],"documentation":{"short":"Determines if the project is published as a package that others can easily download, install, easily update, and uninstall.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#packaging"}},{"name":"SAST","score":0,"reason":"SAST tool is not run on all commits -- score normalized to 0","details":["Warn: 0 commits out of 15 are checked with a SAST tool"],"documentation":{"short":"Determines if the project uses static code analysis.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#sast"}},{"name":"Vulnerabilities","score":0,"reason":"11 existing vulnerabilities detected","details":["Warn: Project is vulnerable to: GHSA-m5vv-6r4h-3vj9","Warn: Project is vulnerable to: GHSA-cpwx-vrp4-4pq7","Warn: Project is vulnerable to: GHSA-9hjg-9r4m-mvj7","Warn: Project is vulnerable to: GHSA-9548-qrrj-x5pj","Warn: Project is vulnerable to: PYSEC-2022-269 / GHSA-3pgj-pg6c-r5p7","Warn: Project is vulnerable to: PYSEC-2020-73","Warn: Project is vulnerable to: PYSEC-2013-22 / GHSA-27x4-j476-jp5f","Warn: Project is vulnerable to: PYSEC-2025-49 / GHSA-5rjg-fvgr-3xxf","Warn: Project is vulnerable to: GHSA-cx63-2mw6-8hw5","Warn: Project is vulnerable to: PYSEC-2022-43012 / GHSA-r9hx-vwmv-q579","Warn: Project is vulnerable to: GHSA-pq67-6m6q-mj2v"],"documentation":{"short":"Determines if the project has open, known unfixed vulnerabilities.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#vulnerabilities"}},{"name":"Pinned-Dependencies","score":0,"reason":"dependency not pinned by hash detected -- score normalized to 0","details":["Info: Possibly incomplete results: error parsing shell code: \u0026\u0026 must be followed by a statement: Docker/postfix/Dockerfile:18-19","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/Build.yml:71: update your workflow using https://app.stepsecurity.io/secureworkflow/redhat-performance/cloud-governance/Build.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/Build.yml:73: update your workflow using https://app.stepsecurity.io/secureworkflow/redhat-performance/cloud-governance/Build.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/Build.yml:77: update your workflow using https://app.stepsecurity.io/secureworkflow/redhat-performance/cloud-governance/Build.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/Build.yml:111: update your workflow using https://app.stepsecurity.io/secureworkflow/redhat-performance/cloud-governance/Build.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/Build.yml:137: update your workflow using https://app.stepsecurity.io/secureworkflow/redhat-performance/cloud-governance/Build.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/Build.yml:139: update your workflow using https://app.stepsecurity.io/secureworkflow/redhat-performance/cloud-governance/Build.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/Build.yml:158: update your workflow using https://app.stepsecurity.io/secureworkflow/redhat-performance/cloud-governance/Build.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/Build.yml:248: update your workflow using https://app.stepsecurity.io/secureworkflow/redhat-performance/cloud-governance/Build.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/Build.yml:250: update your workflow using https://app.stepsecurity.io/secureworkflow/redhat-performance/cloud-governance/Build.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/Build.yml:271: update your workflow using https://app.stepsecurity.io/secureworkflow/redhat-performance/cloud-governance/Build.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/Build.yml:273: update your workflow using https://app.stepsecurity.io/secureworkflow/redhat-performance/cloud-governance/Build.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/Build.yml:321: update your workflow using https://app.stepsecurity.io/secureworkflow/redhat-performance/cloud-governance/Build.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/Build.yml:323: update your workflow using https://app.stepsecurity.io/secureworkflow/redhat-performance/cloud-governance/Build.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/Build.yml:342: update your workflow using https://app.stepsecurity.io/secureworkflow/redhat-performance/cloud-governance/Build.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/Build.yml:344: update your workflow using https://app.stepsecurity.io/secureworkflow/redhat-performance/cloud-governance/Build.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/Build.yml:367: update your workflow using https://app.stepsecurity.io/secureworkflow/redhat-performance/cloud-governance/Build.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/Build.yml:369: update your workflow using https://app.stepsecurity.io/secureworkflow/redhat-performance/cloud-governance/Build.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/Build.yml:22: update your workflow using https://app.stepsecurity.io/secureworkflow/redhat-performance/cloud-governance/Build.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/Build.yml:24: update your workflow using https://app.stepsecurity.io/secureworkflow/redhat-performance/cloud-governance/Build.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/Build.yml:43: update your workflow using https://app.stepsecurity.io/secureworkflow/redhat-performance/cloud-governance/Build.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/Build.yml:201: update your workflow using https://app.stepsecurity.io/secureworkflow/redhat-performance/cloud-governance/Build.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/Build.yml:203: update your workflow using https://app.stepsecurity.io/secureworkflow/redhat-performance/cloud-governance/Build.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/Build.yml:207: update your workflow using https://app.stepsecurity.io/secureworkflow/redhat-performance/cloud-governance/Build.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/Build.yml:213: update your workflow using https://app.stepsecurity.io/secureworkflow/redhat-performance/cloud-governance/Build.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/Build.yml:395: update your workflow using https://app.stepsecurity.io/secureworkflow/redhat-performance/cloud-governance/Build.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/Build.yml:415: update your workflow using https://app.stepsecurity.io/secureworkflow/redhat-performance/cloud-governance/Build.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/PR.yml:252: update your workflow using https://app.stepsecurity.io/secureworkflow/redhat-performance/cloud-governance/PR.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/PR.yml:256: update your workflow using https://app.stepsecurity.io/secureworkflow/redhat-performance/cloud-governance/PR.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/PR.yml:275: update your workflow using https://app.stepsecurity.io/secureworkflow/redhat-performance/cloud-governance/PR.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/PR.yml:31: update your workflow using https://app.stepsecurity.io/secureworkflow/redhat-performance/cloud-governance/PR.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/PR.yml:35: update your workflow using https://app.stepsecurity.io/secureworkflow/redhat-performance/cloud-governance/PR.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/PR.yml:54: update your workflow using https://app.stepsecurity.io/secureworkflow/redhat-performance/cloud-governance/PR.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/PR.yml:76: update your workflow using https://app.stepsecurity.io/secureworkflow/redhat-performance/cloud-governance/PR.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/PR.yml:80: update your workflow using https://app.stepsecurity.io/secureworkflow/redhat-performance/cloud-governance/PR.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/PR.yml:84: update your workflow using https://app.stepsecurity.io/secureworkflow/redhat-performance/cloud-governance/PR.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/PR.yml:117: update your workflow using https://app.stepsecurity.io/secureworkflow/redhat-performance/cloud-governance/PR.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/PR.yml:144: update your workflow using https://app.stepsecurity.io/secureworkflow/redhat-performance/cloud-governance/PR.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/PR.yml:148: update your workflow using https://app.stepsecurity.io/secureworkflow/redhat-performance/cloud-governance/PR.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/PR.yml:167: update your workflow using https://app.stepsecurity.io/secureworkflow/redhat-performance/cloud-governance/PR.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/PR.yml:204: update your workflow using https://app.stepsecurity.io/secureworkflow/redhat-performance/cloud-governance/PR.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/PR.yml:208: update your workflow using https://app.stepsecurity.io/secureworkflow/redhat-performance/cloud-governance/PR.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/PR.yml:212: update your workflow using https://app.stepsecurity.io/secureworkflow/redhat-performance/cloud-governance/PR.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/PR.yml:218: update your workflow using https://app.stepsecurity.io/secureworkflow/redhat-performance/cloud-governance/PR.yml/main?enable=pin","Warn: containerImage not pinned by hash: Docker/centos-stream8-jenkins-slave/Dockerfile:6: pin your Docker image by updating quay.io/centos/centos:stream8 to quay.io/centos/centos:stream8@sha256:20da069d4f8126c4517ee563e6e723d4cbe79ff62f6c4597f753478af91a09a3","Warn: containerImage not pinned by hash: Docker/fedora-38-jenkins-slave/Dockerfile:7: pin your Docker image by updating quay.io/fedora/fedora:38 to quay.io/fedora/fedora:38@sha256:6349d2df6b4322c5690df1bb7743c45c356e20471dda69f27218cd9ba4a6c3c7","Warn: containerImage not pinned by hash: Docker/postfix/Dockerfile:2: pin your Docker image by updating alpine:3.13 to alpine:3.13@sha256:469b6e04ee185740477efa44ed5bdd64a07bbdd6c7e5f5d169e540889597b911","Warn: containerImage not pinned by hash: Dockerfile:1: pin your Docker image by updating python:3.12-slim to python:3.12-slim@sha256:d67a7b66b989ad6b6d6b10d428dcc5e0bfc3e5f88906e67d490c4d3daac57047","Warn: pipCommand not pinned by hash: aws_lambda_functions/CloudResourceOrchestration/upload_to_lambda.sh:16","Warn: pipCommand not pinned by hash: cloudsensei/agg_lambda/run.sh:16","Warn: pipCommand not pinned by hash: cloudsensei/agg_lambda/run.sh:17","Warn: pipCommand not pinned by hash: cloudsensei/run.sh:27","Warn: pipCommand not pinned by hash: cloudsensei/run.sh:28","Warn: pipCommand not pinned by hash: .github/workflows/Build.yml:224","Warn: pipCommand not pinned by hash: .github/workflows/Build.yml:32","Warn: pipCommand not pinned by hash: .github/workflows/Build.yml:33","Warn: pipCommand not pinned by hash: .github/workflows/Build.yml:34","Warn: pipCommand not pinned by hash: .github/workflows/Build.yml:35","Warn: pipCommand not pinned by hash: .github/workflows/Build.yml:58","Warn: pipCommand not pinned by hash: .github/workflows/Build.yml:89","Warn: pipCommand not pinned by hash: .github/workflows/Build.yml:258","Warn: pipCommand not pinned by hash: .github/workflows/Build.yml:259","Warn: pipCommand not pinned by hash: .github/workflows/Build.yml:349","Warn: pipCommand not pinned by hash: .github/workflows/Build.yml:374","Warn: pipCommand not pinned by hash: .github/workflows/Build.yml:147","Warn: pipCommand not pinned by hash: .github/workflows/Build.yml:148","Warn: pipCommand not pinned by hash: .github/workflows/Build.yml:149","Warn: pipCommand not pinned by hash: .github/workflows/Build.yml:150","Warn: pipCommand not pinned by hash: .github/workflows/Build.yml:189","Warn: pipCommand not pinned by hash: .github/workflows/PR.yml:156","Warn: pipCommand not pinned by hash: .github/workflows/PR.yml:157","Warn: pipCommand not pinned by hash: .github/workflows/PR.yml:158","Warn: pipCommand not pinned by hash: .github/workflows/PR.yml:159","Warn: pipCommand not pinned by hash: .github/workflows/PR.yml:228","Warn: pipCommand not pinned by hash: .github/workflows/PR.yml:264","Warn: pipCommand not pinned by hash: .github/workflows/PR.yml:265","Warn: pipCommand not pinned by hash: .github/workflows/PR.yml:266","Warn: pipCommand not pinned by hash: .github/workflows/PR.yml:267","Warn: pipCommand not pinned by hash: .github/workflows/PR.yml:43","Warn: pipCommand not pinned by hash: .github/workflows/PR.yml:44","Warn: pipCommand not pinned by hash: .github/workflows/PR.yml:45","Warn: pipCommand not pinned by hash: .github/workflows/PR.yml:46","Warn: pipCommand not pinned by hash: .github/workflows/PR.yml:95","Info:   0 out of  34 GitHub-owned GitHubAction dependencies pinned","Info:   0 out of   9 third-party GitHubAction dependencies pinned","Info:   0 out of   4 containerImage dependencies pinned","Info:   0 out of  35 pipCommand dependencies pinned"],"documentation":{"short":"Determines if the project has declared and pinned the dependencies of its build process.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#pinned-dependencies"}}]},"last_synced_at":"2025-08-23T01:19:46.010Z","repository_id":37086724,"created_at":"2025-08-23T01:19:46.010Z","updated_at":"2025-08-23T01:19:46.010Z"},"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":27516126,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","status":"online","status_checked_at":"2025-12-05T02:00:07.920Z","response_time":54,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["cloud-governance","openshift"],"created_at":"2025-12-13T23:02:18.777Z","updated_at":"2025-12-13T23:02:20.968Z","avatar_url":"https://github.com/redhat-performance.png","language":"Python","funding_links":[],"categories":[],"sub_categories":[],"readme":"[![PyPI Latest Release](https://img.shields.io/pypi/v/cloud-governance.svg)](https://pypi.org/project/cloud-governance/)\n[![Container Repository on Quay](https://quay.io/repository/projectquay/quay/status \"Container Repository on Quay\")](https://quay.io/repository/cloud-governance/cloud-governance?tab=tags)\n[![Actions Status](https://github.com/redhat-performance/cloud-governance/actions/workflows/Build.yml/badge.svg)](https://github.com/redhat-performance/cloud-governance/actions)[![Coverage Status](https://coveralls.io/repos/github/redhat-performance/cloud-governance/badge.svg?branch=main)](https://coveralls.io/github/redhat-performance/cloud-governance?branch=main)\n[![Documentation Status](https://readthedocs.org/projects/cloud-governance/badge/?version=latest)](https://cloud-governance.readthedocs.io/en/latest/?badge=latest)\n[![python](https://img.shields.io/pypi/pyversions/cloud-governance.svg?color=%2334D058)](https://pypi.org/project/cloud-governance)\n[![License](https://img.shields.io/pypi/l/cloud-governance.svg)](https://github.com/redhat-performance/cloud-governance/blob/main/LICENSE)\n\n# Cloud Governance\n\n![](images/cloud_governance.png)\n\n## What is it?\n\n**Cloud Governance** tool provides a lightweight and flexible framework for deploying cloud management policies focusing\non cost optimize and security.\nWe have implemented several pruning policies. \\\nWhen monitoring the resources, we found that most of the cost leakage is from available volumes, unused NAT gateways,\nand unattached Public IPv4 addresses (Starting from February 2024, public IPv4 addresses are chargeable whether they are\nused or not).\n\n| Providers | Disks   | NatGateway | PublicIp | Snapshots | InstanceIdle | TagResources | EC2Stop | ocp_cleanup | ClusterRun | EmptyBucket | EmptyRoles |\n|-----------|---------|------------|----------|-----------|--------------|--------------|---------|-------------|------------|-------------|------------|\n| AWS       | \u0026check; | \u0026check;    | \u0026check;  | \u0026check;   | \u0026check;      | \u0026check;      | \u0026check; | \u0026check;     | \u0026check;    | \u0026check;     | \u0026check;    |\n| Azure     | \u0026check; | \u0026check;    | \u0026check;  | \u0026check;   | \u0026check;      | \u0026cross;      | \u0026cross; | \u0026cross;     | \u0026check;    | \u0026cross;     | \u0026cross;    |\n\nList of Policies:\n\n##### [AWS Polices!](./POLICIES.md#aws-policies)\n\n- instance_idle\n- instance_run\n- unattached_volume\n- zombie_cluster_resource\n- ip_unattached\n- zombie_snapshots\n- unused_nat_gateway\n- s3_inactive\n- unused_access_key\n- empty_roles\n- tag_resources\n- tag_iam_user\n- cost_over_usage\n- cluster_run\n\n##### [Azure Polices!](POLICIES.md)\n\n- instance_idle\n- unattached_volume\n- ip_unattached\n- unused_nat_gateway\n\n##### [IBM Polices!](POLICIES.md)\n\n- tag_baremetal\n- tag_vm\n- tag_resources\n\nCheck out policy summary [here!](POLICIES.md)\n\n![](images/cloud_governance1.png)\n![](images/demo.gif)\n\nReference:\n\n* Checkout\n  blog: [Optimizing cloud resource management with cloud governance](https://www.redhat.com/en/blog/optimizing-cloud-resource-management-cloud-governance)\n* The cloud-governance package is placed in [PyPi](https://pypi.org/project/cloud-governance/)\n* The cloud-governance container image is placed in [Quay.io](https://quay.io/repository/ebattat/cloud-governance)\n* The cloud-governance readthedocs link is [ReadTheDocs](https://cloud-governance.readthedocs.io/en/latest/)\n\n[//]: # (  ![]\u0026#40;images/cloud_governance3.png\u0026#41;)\n\n_**Table of Contents**_\n\n\u003c!-- TOC --\u003e\n\n- [Installation](#installation)\n- [Configuration](#environment-variables-configurations)\n- [Run Policies](#run-policies)\n- [Run Policy Using Pod](#run-policy-using-pod)\n- [Pytest](#pytest)\n- [Post Installation](#post-installation)\n\n\u003c!-- /TOC --\u003e\n\n## Installation\n\n#### Download cloud-governance image from quay.io\n\n```sh\npodman pull quay.io/cloud-governance/cloud-governance\n```\n\n#### Environment variables configurations:\n\n| Key                            | Value    | Description                                                                 |\n|--------------------------------|----------|:----------------------------------------------------------------------------|\n| AWS_ACCESS_KEY_ID              | required | AWS access key                                                              |\n| AWS_SECRET_ACCESS_KEY          | required | AWS Secret key                                                              |\n| AWS_DEFAULT_REGION             | required | AWS Region, default set to us-east-2                                        |\n| BUCKET_NAME                    | optional | Cloud bucket Name, to store data                                            |\n| policy                         | required | check [here](POLICIES.md) for policies list                                 |\n| dry_run                        | optional | default set to \"yes\", supported only two: yes/ no                           |\n| log_level                      | optional | default set to INFO                                                         |\n| LDAP_HOST_NAME                 | optional | ldap hostnames                                                              |\n| es_host                        | optional | Elasticsearch Host                                                          |\n| es_port                        | optional | Elasticsearch Port                                                          |\n| es_index                       | optional | Elasticsearch Index, to push the data. default to cloud-governance-es-index |\n| GOOGLE_APPLICATION_CREDENTIALS | optional | GCP creds, to access google resources. i.e Sheets, Docs                     |\n| AZURE_CLIENT_SECRET            | required | Azure Client Secret                                                         |\n| AZURE_TENANT_ID                |          | Azure Tenant Id                                                             |\n| AZURE_ACCOUNT_ID               |          | Azure Account Id                                                            |\n| AZURE_CLIENT_ID                |          | Azure Client Id                                                             |\n| GCP_DATABASE_NAME              |          | GCP BigQuery database name, used to generate cost reports                   |\n| GCP_DATABASE_TABLE_NAME        |          | GCP BigQuery TableName, used to generate cost reports                       |\n| IBM_API_USERNAME               |          | IBM Account Username                                                        |\n| IBM_API_KEY                    |          | IBM Account Classic Infrastructure key                                      |\n| IBM_CLOUD_API_KEY              |          | IBM Cloud API Key                                                           |\n| IBM_CUSTOM_TAGS_LIST           |          | pass string with separated with comma. i.e: \"cost-center: test, env: test\"  |\n\n### AWS Configuration\n\nCreate IAM User with Read/Delete Permissions and create S3 bucket.\n\n- Follow the instructions [README.md](iam/clouds/aws/CloudGovernanceInfra/README.md).\n\n### IBM Configuration\n\n* Create classic infrastructure API key\n* Create IBM CLOUD API key to use tag_resources policy\n\n## Run Policies\n\n## AWS\n\n- Passing environment variables\n\n```shell\n  podman run --rm --name cloud-governance \\\n  -e policy=\"zombie_cluster_resource\" \\\n  -e AWS_ACCESS_KEY_ID=\"$AWS_ACCESS_KEY_ID\" \\\n  -e AWS_SECRET_ACCESS_KEY=\"$AWS_SECRET_ACCESS_KEY\" \\\n  -e AWS_DEFAULT_REGION=\"us-east-2\" \\\n  -e dry_run=\"yes\"  \\\n   \"quay.io/cloud-governance/cloud-governance\"\n```\n\n- Using involvement file config\n- Create env.yaml file, and mount it to /tmp/env.yaml else mount to anypath and pass env DEFAULT_CONFIG_PATH where you\n  mounted\n\n```yaml\nAWS_ACCESS_KEY_ID: \"\"\nAWS_SECRET_ACCESS_KEY: \"\"\nAWS_DEFAULT_REGION: \"us-east-2\"\npolicy: \"zombie_cluster_resource\"\ndry_run: \"yes\"\nes_host: \"\"\nes_port: \"\"\nes_index: \"\"\n```\n\n```shell\n  podman run --rm --name cloud-governance \\\n  -v \"env.yaml\":\"/tmp/env.yaml\" \\\n  --net=\"host\" \\\n   \"quay.io/cloud-governance/cloud-governance\"\n```\n\n## Run Policy Using Pod\n\n#### Run as a pod job via OpenShift\n\nJob Pod: [cloud-governance.yaml](pod_yaml/cloud-governance.yaml)\n\nConfigmaps: [cloud_governance_configmap.yaml](pod_yaml/cloud_governance_configmap.yaml)\n\nQuay.io Secret: [quayio_secret.sh](pod_yaml/quayio_secret.sh)\n\nAWS Secret: [cloud_governance_secret.yaml](pod_yaml/cloud_governance_secret.yaml)\n\n    * Need to convert secret key to base64 [run_base64.py](pod_yaml/run_base64.py)\n\n## Pytest\n\n##### Cloud-governance integration tests using pytest\n\n```sh\npython3 -m venv governance\nsource governance/bin/activate\n(governance) $ python -m pip install --upgrade pip\n(governance) $ pip install coverage\n(governance) $ pip install pytest\n(governance) $ git clone https://github.com/redhat-performance/cloud-governance\n(governance) $ cd cloud-governance\n(governance) $ coverage run -m pytest\n(governance) $ deactivate\nrm -rf *governance*\n```\n\n## Post Installation\n\n#### Delete cloud-governance image\n\n```sh\nsudo podman rmi quay.io/cloud-governance/cloud-governance\n```\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fredhat-performance%2Fcloud-governance","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fredhat-performance%2Fcloud-governance","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fredhat-performance%2Fcloud-governance/lists"}