{"id":18027743,"url":"https://github.com/sj14/review-bot","last_synced_at":"2026-03-15T15:15:15.625Z","repository":{"id":35113561,"uuid":"179461165","full_name":"sj14/review-bot","owner":"sj14","description":"🤖 A pull/merge-request reminder-bot for Gitlab and Github, posting on Mattermost or Slack.","archived":false,"fork":false,"pushed_at":"2026-03-09T19:26:02.000Z","size":2206,"stargazers_count":46,"open_issues_count":3,"forks_count":7,"subscribers_count":1,"default_branch":"main","last_synced_at":"2026-03-10T00:56:57.401Z","etag":null,"topics":["github","gitlab","hacktoberfest","mattermost","merge-request","reminder","slack"],"latest_commit_sha":null,"homepage":"https://www.review-bot.com","language":"Go","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/sj14.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":null,"dco":null,"cla":null}},"created_at":"2019-04-04T09:01:48.000Z","updated_at":"2026-03-09T19:26:05.000Z","dependencies_parsed_at":"2023-12-14T13:46:01.745Z","dependency_job_id":"7ef078b9-105f-48c3-87a4-c12dfed69538","html_url":"https://github.com/sj14/review-bot","commit_stats":{"total_commits":170,"total_committers":6,"mean_commits":"28.333333333333332","dds":0.4,"last_synced_commit":"a0826b026b2a21bded6a0722df4f1d62018cafb7"},"previous_names":["sj14/review-reminder"],"tags_count":9,"template":false,"template_full_name":null,"purl":"pkg:github/sj14/review-bot","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/sj14%2Freview-bot","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/sj14%2Freview-bot/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/sj14%2Freview-bot/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/sj14%2Freview-bot/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/sj14","download_url":"https://codeload.github.com/sj14/review-bot/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/sj14%2Freview-bot/sbom","scorecard":{"id":543057,"data":{"date":"2025-08-11","repo":{"name":"github.com/sj14/review-bot","commit":"16c752e17393a5dd25fa7d744f595e041d9dccea"},"scorecard":{"version":"v5.2.1-40-gf6ed084d","commit":"f6ed084d17c9236477efd66e5b258b9d4cc7b389"},"score":4.5,"checks":[{"name":"Code-Review","score":-1,"reason":"Found no human activity in the last 30 changesets","details":null,"documentation":{"short":"Determines if the project requires human code review before pull requests (aka merge requests) are merged.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#code-review"}},{"name":"Maintained","score":0,"reason":"1 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0","details":null,"documentation":{"short":"Determines if the project is \"actively maintained\".","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#maintained"}},{"name":"Dangerous-Workflow","score":10,"reason":"no dangerous workflow patterns detected","details":null,"documentation":{"short":"Determines if the project's GitHub Action workflows avoid dangerous patterns.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#dangerous-workflow"}},{"name":"Token-Permissions","score":0,"reason":"detected GitHub workflow tokens with excessive permissions","details":["Warn: no topLevel permission defined: .github/workflows/codeql-analysis.yml:1","Warn: no topLevel permission defined: .github/workflows/go.yaml:1","Warn: no topLevel permission defined: .github/workflows/release.yaml:1","Info: no jobLevel write permissions found"],"documentation":{"short":"Determines if the project's workflows follow the principle of least privilege.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#token-permissions"}},{"name":"CII-Best-Practices","score":0,"reason":"no effort to earn an OpenSSF best practices badge detected","details":null,"documentation":{"short":"Determines if the project has an OpenSSF (formerly CII) Best Practices Badge.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#cii-best-practices"}},{"name":"Binary-Artifacts","score":10,"reason":"no binaries found in the repo","details":null,"documentation":{"short":"Determines if the project has generated executable (binary) artifacts in the source repository.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#binary-artifacts"}},{"name":"Security-Policy","score":0,"reason":"security policy file not detected","details":["Warn: no security policy file detected","Warn: no security file to analyze","Warn: no security file to analyze","Warn: no security file to analyze"],"documentation":{"short":"Determines if the project has published a security policy.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#security-policy"}},{"name":"Pinned-Dependencies","score":2,"reason":"dependency not pinned by hash detected -- score normalized to 2","details":["Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/codeql-analysis.yml:38: update your workflow using https://app.stepsecurity.io/secureworkflow/sj14/review-bot/codeql-analysis.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/codeql-analysis.yml:42: update your workflow using https://app.stepsecurity.io/secureworkflow/sj14/review-bot/codeql-analysis.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/codeql-analysis.yml:53: update your workflow using https://app.stepsecurity.io/secureworkflow/sj14/review-bot/codeql-analysis.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/codeql-analysis.yml:67: update your workflow using https://app.stepsecurity.io/secureworkflow/sj14/review-bot/codeql-analysis.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/go.yaml:15: update your workflow using https://app.stepsecurity.io/secureworkflow/sj14/review-bot/go.yaml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/go.yaml:17: update your workflow using https://app.stepsecurity.io/secureworkflow/sj14/review-bot/go.yaml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release.yaml:12: update your workflow using https://app.stepsecurity.io/secureworkflow/sj14/review-bot/release.yaml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release.yaml:16: update your workflow using https://app.stepsecurity.io/secureworkflow/sj14/review-bot/release.yaml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/release.yaml:20: update your workflow using https://app.stepsecurity.io/secureworkflow/sj14/review-bot/release.yaml/main?enable=pin","Info:   0 out of   8 GitHub-owned GitHubAction dependencies pinned","Info:   0 out of   1 third-party GitHubAction dependencies pinned","Info:   1 out of   1 goCommand dependencies pinned"],"documentation":{"short":"Determines if the project has declared and pinned the dependencies of its build process.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#pinned-dependencies"}},{"name":"Fuzzing","score":0,"reason":"project is not fuzzed","details":["Warn: no fuzzer integrations found"],"documentation":{"short":"Determines if the project uses fuzzing.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#fuzzing"}},{"name":"Packaging","score":-1,"reason":"packaging workflow not detected","details":["Warn: no GitHub/GitLab publishing workflow detected."],"documentation":{"short":"Determines if the project is published as a package that others can easily download, install, easily update, and uninstall.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#packaging"}},{"name":"License","score":10,"reason":"license file detected","details":["Info: project has a license file: LICENSE:0","Info: FSF or OSI recognized license: MIT License: LICENSE:0"],"documentation":{"short":"Determines if the project has defined a license.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#license"}},{"name":"Signed-Releases","score":0,"reason":"Project has not signed or included provenance with any releases.","details":["Warn: release artifact v0.3.5 not signed: https://api.github.com/repos/sj14/review-bot/releases/148644400","Warn: release artifact v0.3.4 not signed: https://api.github.com/repos/sj14/review-bot/releases/128027293","Warn: release artifact v0.3.3 not signed: https://api.github.com/repos/sj14/review-bot/releases/80720851","Warn: release artifact v0.3.3-rc1 not signed: https://api.github.com/repos/sj14/review-bot/releases/80720740","Warn: release artifact v0.3.5 does not have provenance: https://api.github.com/repos/sj14/review-bot/releases/148644400","Warn: release artifact v0.3.4 does not have provenance: https://api.github.com/repos/sj14/review-bot/releases/128027293","Warn: release artifact v0.3.3 does not have provenance: https://api.github.com/repos/sj14/review-bot/releases/80720851","Warn: release artifact v0.3.3-rc1 does not have provenance: https://api.github.com/repos/sj14/review-bot/releases/80720740"],"documentation":{"short":"Determines if the project cryptographically signs release artifacts.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#signed-releases"}},{"name":"Branch-Protection","score":-1,"reason":"internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration","details":null,"documentation":{"short":"Determines if the default and release branches are protected with GitHub's branch protection settings.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#branch-protection"}},{"name":"Vulnerabilities","score":10,"reason":"0 existing vulnerabilities detected","details":null,"documentation":{"short":"Determines if the project has open, known unfixed vulnerabilities.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#vulnerabilities"}},{"name":"SAST","score":8,"reason":"SAST tool detected but not run on all commits","details":["Info: SAST configuration detected: CodeQL","Warn: 20 commits out of 30 are checked with a SAST tool"],"documentation":{"short":"Determines if the project uses static code analysis.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#sast"}}]},"last_synced_at":"2025-08-20T08:43:24.297Z","repository_id":35113561,"created_at":"2025-08-20T08:43:24.297Z","updated_at":"2025-08-20T08:43:24.297Z"},"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":30545450,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-03-15T15:03:43.933Z","status":"ssl_error","status_checked_at":"2026-03-15T15:03:37.630Z","response_time":61,"last_error":"SSL_read: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["github","gitlab","hacktoberfest","mattermost","merge-request","reminder","slack"],"created_at":"2024-10-30T08:12:23.661Z","updated_at":"2026-03-15T15:15:15.606Z","avatar_url":"https://github.com/sj14.png","language":"Go","readme":"# Review Reminder Bot\n\nFor an enhanced SaaS version, visit https://www.review-bot.com/\n\n---\n\n![Action](https://github.com/sj14/review-bot/workflows/Go/badge.svg)\n[![Go Report Card](https://goreportcard.com/badge/github.com/sj14/review-bot)](https://goreportcard.com/report/github.com/sj14/review-bot)\n\n`review-bot` sends a reminder message to Mattermost or Slack with all open pull/merge requests which need an approval. Well suitable for running as a cron-job, e.g. for daily reminders.\n\nThis tool is still **beta**. The usage with Gitlab and Mattermost is more mature while the Github and Slack usage is an early preview.\n\n## Installation\n\n### Precompiled Binaries\n\nSee the [releases](https://github.com/sj14/review-bot/releases) page for precompiled binaries.\n\n### Manually\n\nIt's also possible to install the latest release with `go install`:\n\n```bash\ngo install github.com/sj14/review-bot\n```\n\n## Example\n\n### Sample Output for Gitlab and Mattermost\n\n\u003e# [Project Name](https://gitlab.com/my_user/my_project)\n\u003e\n\u003e**How-To**: *Got reminded? Just normally review the given merge request with 👍/👎 or use 😴 if you don't want to receive a reminder about this merge request.*\n\u003e\n\u003e---\n\u003e\n\u003e**[Support SHIELD](https://gitlab.com/my_user/my_project/merge_requests/1940)**  \n\u003e 1 💬   3 👍  @hulk\n\u003e\n\u003e**[Ask Deadpool to join us](https://gitlab.com/my_user/my_project/merge_requests/1923)**  \n\u003e 3 💬   3 👍  @batman\n\u003e\n\u003e**[Repair the Helicarrier](https://gitlab.com/my_user/my_project/merge_requests/1777)**  \n\u003e 3 💬   @hulk @batman @groot @iron_man\n\u003e\n\u003e**[Find Kingpin](https://gitlab.com/my_user/my_project/merge_requests/1099)**  \n\u003e 2 💬   4 👍  You got all reviews, @daredevil.\n\n### Configuration\n\nThe `reviewers.json` file contains the gitlab/github user name as key and the mattermost name or slack [user id](https://api.slack.com/methods/users.identity) as value.\n\n**Example 1**: github/gitlab username and mattermost name\n\n```json\n{\n    \"hulk51\": \"@hulk\",\n    \"tonystark\": \"@iron_man\",\n    \"groot\": \"@groot\",\n    \"darkknight\": \"@batman\",\n    \"lawyer\": \"@daredevil\"\n}\n```\n\n**Example 2**: github/gitlab username and slack id\n\n```json\n{\n    \"hulk51\": \"@U024BE7LH\",\n    \"tonystark\": \"U0G9QF9C6\",\n    \"groot\": \"@U0JA38A\",\n    \"darkknight\": \"@U0QM9L4\",\n    \"lawyer\": \"@U0JMB8O1\"\n}\n```\n\n### Running\n\nGet all open merge requests from the Gitlab project `owner/repo` and post the resulting reminder to the specified Mattermost channel:\n\n``` text\nreview-bot -host=$GITLAB_HOST -token=$GITLAB_API_TOKEN -repo=owner/repo -webhook=$WEBHOOK_ADDRESS -channel=$MATTERMOST_CHANNEL\n```\n\n## Command Line Flags\n\n``` text\n  -channel string\n        mattermost channel (e.g. MyChannel) or user (e.g. @AnyUser)\n  -host string\n        host address (e.g. github.com, gitlab.com or self-hosted gitlab url)\n  -repo string\n        repository (format: 'owner/repo'), or project id (only gitlab)\n  -reviewers string\n        path to the reviewers file (default \"examples/reviewers.json\")\n  -template string\n        path to the template file\n  -token string\n        host API token\n  -webhook string\n        slack/mattermost webhook URL\n```\n\n## Templates\n\nWe use the Go [template](https://golang.org/pkg/text/template/) package for parsing.\nDepending on which backend you use, there are different fields you can use. Check the [examples](https://github.com/sj14/review-bot/tree/master/examples) folder for a quick overview.\n\n### Gitlab\n\nAccessing `{{.Project}}` gives you access to these [fields](https://godoc.org/github.com/xanzy/go-gitlab#Project).  \nWhile `{{range .Reminders}}` gives you access to `{{.MR}}` which is the [merge request](https://godoc.org/github.com/xanzy/go-gitlab#MergeRequest). `{{.Missing}}` is the Slack/Mattermost handle of the missing reviewer. `{{.Discussions}}` is the number of open discussion. `{{.Owner}}` is the Mattermost name of the assignee or otherwise the creator of the merge request. `{{.Emojis}}` is a map with the reacted emoji's and their count on this merge request.\n\nThe corresponding Go structs:\n\n```go\ntype data struct {\n      Project   gitlab.Project\n      Reminders []reminder\n}\n\ntype reminder struct {\n      MR          *gitlab.MergeRequest\n      Missing     []string\n      Discussions int\n      Owner       string\n      Emojis      map[string]int\n}\n```\n\n\n### Github\n\nAccessing `{{.Repository}}` gives you access to these [fields](https://godoc.org/github.com/google/go-github/github#Repository).  \nWhile `{{range .Reminders}}` gives you access to `{{.PR}}` which is the [pull request](https://godoc.org/github.com/google/go-github/github#PullRequest). `{{.Owner}}` the Mattermost name of the PR creator or the Github login as fallback. `{{.Missing}}` is the Slack/Mattermost handle of the missing reviewer.\n\n```go\ntype data struct {\n      Repository *github.Repository\n      Reminders  []reminder\n}\n\ntype reminder struct {\n      PR          *github.PullRequest\n      Missing     []string\n      Owner       string\n}\n```\n","funding_links":[],"categories":[],"sub_categories":[],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fsj14%2Freview-bot","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fsj14%2Freview-bot","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fsj14%2Freview-bot/lists"}