{"id":17649692,"url":"https://github.com/shizhmsft/gha","last_synced_at":"2025-10-27T05:10:13.017Z","repository":{"id":172664052,"uuid":"649572205","full_name":"shizhMSFT/gha","owner":"shizhMSFT","description":"GitHub Analyzer","archived":false,"fork":false,"pushed_at":"2023-12-04T09:45:06.000Z","size":112,"stargazers_count":3,"open_issues_count":3,"forks_count":1,"subscribers_count":1,"default_branch":"main","last_synced_at":"2024-12-20T15:53:05.256Z","etag":null,"topics":["analyzer","github"],"latest_commit_sha":null,"homepage":"","language":"Go","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/shizhMSFT.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2023-06-05T07:09:27.000Z","updated_at":"2024-11-02T09:53:37.000Z","dependencies_parsed_at":"2024-12-20T15:51:40.724Z","dependency_job_id":null,"html_url":"https://github.com/shizhMSFT/gha","commit_stats":null,"previous_names":["shizhmsft/ghutil","shizhmsft/gha"],"tags_count":3,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/shizhMSFT%2Fgha","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/shizhMSFT%2Fgha/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/shizhMSFT%2Fgha/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/shizhMSFT%2Fgha/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/shizhMSFT","download_url":"https://codeload.github.com/shizhMSFT/gha/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":238618736,"owners_count":19502118,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["analyzer","github"],"created_at":"2024-10-23T11:28:52.464Z","updated_at":"2025-10-27T05:10:12.948Z","avatar_url":"https://github.com/shizhMSFT.png","language":"Go","funding_links":[],"categories":[],"sub_categories":[],"readme":"# GitHub Analyzer\n\nAnalyze GitHub repositories and produce reports.\n\n## Build and Install\n\n\u003e **Note**\n\u003e Make sure `go 1.21.0` or above is installed before `make`.\n\nTo build and install `gha` to `~/bin` on Linux, simply run\n\n```bash\nmake install\n```\n\n## Tutorial\n\nAnalyzing a GitHub repository requires two steps:\n\n1. `gha snapshot` to fetch raw information from GitHub API\n - Personal Access Token (PAT) is required to be set to the environment variable `GITHUB_TOKEN` if throttled\n2. `gha report` or `gha pr-review` to generate a markdown report from raw information fetched above.\n\n### Examples\n\n#### Take Snapshot\n\n```console\n$ gha snapshot --pr-reviews --pr-reviews-ago 365 notaryproject/notation\n........\nFetched 714 issues and pull requests\nSaved snapshot to notaryproject_notation_20230719_234453_snapshot.json\nFetching reviews of 291 pull requests since 2022-07-19...\n.................................................. 17.18%\n.................................................. 34.36%\n.................................................. 51.54%\n.................................................. 68.72%\n.................................................. 85.91%\n......................................... 100.00%\nSaved pull request reviews to notaryproject_notation_20230719_234809_reviews.json\n```\n\n#### Analyze Snapshot\n\n```console\n$ gha report --ago 90 notaryproject_notation_20230719_234453_snapshot.json\nGitHub Analysis Report\n======================\n- Start Date: `2023-04-20 16:06:32`\n\n## notaryproject_notation_20230719_234453_snapshot.json\nIssues\n- Total: 43\n - Open: 24\n - Closed: 19\n- Time to close:\n - Min: 43s\n - Max: 1mo 12d\n - Mean: 6d 8h\n - Median: 3d 6h\n - 90th percentile: 10d 10h\n - 95th percentile: 12d 19h\n - 99th percentile: 12d 19h\n\nPull Requests\n- Total: 64\n - Open: 12\n - Closed: 13\n - Merged: 39\n- Time to merge:\n - Min: 16m 50s\n - Max: 25d 21h\n - Mean: 3d 22h\n - Median: 2d 18h\n - 90th percentile: 8d 4h\n - 95th percentile: 9d 17h\n - 99th percentile: 15d 15h\n$ gha pr-review --ago 90 notaryproject_notation_20230719_234809_reviews.json\nPull Request Review Count\n==========================\n- Start Date: `2023-04-20 16:06:57`\n\n## notaryproject_notation_20230719_234809_reviews.json\n\n| Reviewer | Count | |\n|-----------------|-------|------------------------------------------------------|\n| priteshbandi | 50 | ` ` |\n| shizhMSFT | 46 | ` ` |\n| JeyJeyGao | 30 | ` ` |\n| Two-Hearts | 29 | ` ` |\n| FeynmanZhou | 9 | ` ` |\n| yizha1 | 8 | ` ` |\n| patrickzheng200 | 6 | ` ` |\n| rgnote | 5 | ` ` |\n| gokarnm | 4 | ` ` |\n| Wwwsylvia | 3 | ` ` |\n| sajayantony | 3 | ` ` |\n| zr-msft | 2 | ` ` |\n| wangxiaoxuan273 | 1 | ` ` |\n| toddysm | 1 | ` ` |\n| vaninrao10 | 1 | ` ` |\n| tungbq | 1 | ` ` |\n| duffney | 1 | ` ` |\n| ningziwen | 1 | ` ` |\n| qweeah | 1 | ` ` |\n| byronchien | 1 | ` ` |\n```\n\n#### Analyze Issue Comments\n\n```console\n$ gha snapshot --issue-comments --issue-comments-since 2023-01-01 notaryproject/notation\n........\nFetched 734 issues and pull requests\nSaved snapshot to notaryproject_notation_20230828_093829_snapshot.json\nFetching comments of 264 issues since 2023-01-01...\n.................................................. 18.93%\n.................................................. 37.87%\n.................................................. 56.81%\n.................................................. 75.75%\n.................................................. 94.69%\n.............. 100.00%\nSaved issue comments to notaryproject_notation_20230828_094020_comments.json\n$ # Download CODEOWNERS or MAINTAINERS. Both work.\n$ wget https://raw.githubusercontent.com/notaryproject/notation/main/MAINTAINERS\n--2023-08-28 23:10:54-- https://raw.githubusercontent.com/notaryproject/notation/main/MAINTAINERS\nResolving raw.githubusercontent.com (raw.githubusercontent.com)... 185.199.109.133, 185.199.110.133, 185.199.111.133, ...\nConnecting to raw.githubusercontent.com (raw.githubusercontent.com)|185.199.109.133|:443... connected.\nHTTP request sent, awaiting response... 200 OK\nLength: 682 [text/plain]\nSaving to: ‘MAINTAINERS’\n\nMAINTAINERS 100%[=================================================\u003e] 682 --.-KB/s in 0s\n\n2023-08-28 23:10:55 (15.4 MB/s) - ‘MAINTAINERS’ saved [682/682]\n$ gha issue-comment --maintainers MAINTAINERS --start-date 2023-01-01 --sla 14 notaryproject_notation_20230828_093829_snapshot.json notaryproject_notation_20230828_094020_comments.json\nIssue Comment Summary\n=====================\n- Start Date: `2023-01-01 00:00:00`\n\n## Maintainers\n\n- @justincormack\n- @niazfk\n- @stevelasker\n- @JeyJeyGao\n- @gokarnm\n- @Two-Hearts\n- @priteshbandi\n- @rgnote\n- @shizhMSFT\n\n## First Response Time\n\n- Non-maintainer issues: 79\n - Responded: 26\n - Min: 2m 8s\n - Max: 5mo 26d\n - Mean: 21d 20h\n - Median: 8d 13h\n - 90th percentile: 1mo 10d\n - 95th percentile: 1mo 17d\n - 99th percentile: 3mo 5d\n - No Response: 53\n\n### Out of SLA: 14 Days\n\n| #Issue | Duration | Title |\n|--------|----------|-------------------------------------------------------------------------------------------|\n| #506 | 7mo 17d | doc: notation Inspect Command line Spec - Phase 2 |\n| #508 | 7mo 16d | CLI switch to store signatures using OCI image manifest. |\n| #513 | 7mo 5d | Notation Verify should warnings output to Stderr |\n| #539 | 6mo 22d | Signing with local private keys |\n| #545 | 6mo 19d | Add a helper function in ioutil to PrintObjectAsTree |\n| #548 | 6mo 19d | CLI Cmds for trust policy management - phase 1 |\n| #570 | 6mo 2d | Add Notation CLI to Winget package manager |\n| #574 | 6mo 1d | Change the default signature manifest |\n| #575 | 6mo | Verify referrers API when pushing image manifest |\n| #578 | 5mo 28d | Documenting the security process for Notation |\n| #571 | 5mo 26d | Create a Homebrew formula for Notation CLI |\n| #584 | 5mo 24d | Add an example to CLI help info for notation signing |\n| #586 | 5mo 24d | Update references from Notary v2 to Notation |\n| #587 | 5mo 18d | Login without credential helper |\n| #590 | 5mo 16d | Discussion of out of box experience for trust policy |\n| #596 | 5mo 8d | add labels for features subject to changes with proper doc |\n| #597 | 5mo 7d | Sign/verify OCI image layout |\n| #599 | 5mo 7d | Print manifests as part of the `--debug` option |\n| #600 | 5mo 6d | Simplify Docker Credential Helper configuration for Notation authentication |\n| #604 | 5mo 1d | Notation delete returns confusing message |\n| #605 | 5mo 1d | Fix the text for notation version |\n| #609 | 4mo 28d | [Usability Issue] Cert list is not helpful and just lists the files |\n| #610 | 4mo 27d | [Usability Issue] `notation inspect` help is missing |\n| #614 | 4mo 26d | Support experimental feature |\n| #618 | 4mo 25d | `notation sign` error messages are not helpful to understand what parameter is missing |\n| #620 | 4mo 23d | Improve the messages for `notation verify` |\n| #622 | 4mo 22d | `notation cert delete` confirms deletion without doing anything |\n| #624 | 4mo 20d | Improve the output message of `notation inspect` images without signatures |\n| #625 | 4mo 20d | Error message too general for `notation verify` command |\n| #628 | 4mo 19d | Notation CLI guideline and CLI spec template |\n| #630 | 4mo 17d | Introduce an experimental flag to enable backward compatibility with OCI registries |\n| #631 | 4mo 16d | Support adding public key to trust store by specifying URL |\n| #633 | 4mo 13d | Missing e2e test cases for flag `--plain-http` |\n| #635 | 4mo 13d | Use SHA2 in output of notation inspect |\n| #637 | 4mo 10d | [Usability issue] Notation login error message is confusing |\n| #638 | 4mo 10d | Add E2E test cases for validating certificate revocation with OCSP |\n| #640 | 4mo 9d | Release Notation CLI v1.0.0-rc.4 |\n| #642 | 4mo 8d | Decide on main commit for a release: 6cd6555 and PR bump up versions |\n| #644 | 4mo 7d | Improve the output for notation plugin |\n| #645 | 4mo 5d | Examples were shown for experimental feature |\n| #646 | 4mo 5d | Missing annotations in the output of `notation inspect` |\n| #652 | 4mo 4d | Requesting UX improvement in signing and verifying with user metadata via Notation CLI |\n| #655 | 4mo 1d | Image Verification for containerd |\n| #662 | 3mo 20d | Trace the execution of executables |\n| #667 | 3mo 15d | Low code coverage (33%) reported for notation main branch |\n| #681 | 3mo 6d | docs: `notation login` error message improvement |\n| #549 | 3mo 5d | Improved Plugin installation UX - phase 1 |\n| #695 | 3mo | feat: Print out the signature digest when sign an artifact |\n| #697 | 2mo 29d | `notation login` fails to detect existing credentials for `docker.io` |\n| #704 | 2mo 23d | Improve error output for notation plugin |\n| #705 | 2mo 23d | Use existing credentials to auth to remote registries |\n| #706 | 2mo 23d | Check the license header for Notation and its dependencies |\n| #715 | 2mo 12d | Update the README for the repository |\n| #718 | 2mo 8d | Add Golang lint to GitHub Actions for static Go code formatting scanning |\n| #728 | 2mo 1d | Add --force to notation key add |\n| #621 | 1mo 17d | Improve the error for missing trust policy |\n| #598 | 1mo 10d | Add ability to redirect --debug logs to file |\n| #634 | 1mo 6d | Standardize symlink checking per trust store spec |\n| #623 | 28d 22h | Flag `--plain-http` didn't explicitly remind users the insecure connection to registries |\n| #647 | 21d 21h | Support clean up the source key and certificate generated by Notation |\n| #653 | 21d 1h | `notation policy init` command is necessary for user experiences |\n| #503 | 20d 21h | Improve Notation authentication experience |\n| #759 | 18d 1h | Add support for multiple trust policies |\n| #721 | 17d 19h | Read certificate from windows certificate store |\n| #519 | 15d 6h | Update the branch policies for the repository |\n```","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fshizhmsft%2Fgha","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fshizhmsft%2Fgha","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fshizhmsft%2Fgha/lists"}