{"id":13676169,"url":"https://github.com/synfinatic/aws-sso-cli","last_synced_at":"2025-10-21T04:54:30.187Z","repository":{"id":39503712,"uuid":"367531971","full_name":"synfinatic/aws-sso-cli","owner":"synfinatic","description":"A powerful tool for using AWS Identity Center for the CLI and web console.","archived":false,"fork":false,"pushed_at":"2025-10-09T15:28:24.000Z","size":5396,"stargazers_count":573,"open_issues_count":47,"forks_count":69,"subscribers_count":6,"default_branch":"main","last_synced_at":"2025-10-14T03:19:54.613Z","etag":null,"topics":["aws","aws-identity-center","aws-sso","cli","credentials","credentials-helper","iam","iam-role","keychain","security-tools","temporary-credentials"],"latest_commit_sha":null,"homepage":"https://synfinatic.github.io/aws-sso-cli/latest/","language":"Go","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"gpl-3.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/synfinatic.png","metadata":{"files":{"readme":"README.md","changelog":"CHANGELOG.md","contributing":"CONTRIBUTING.md","funding":null,"license":"LICENSE.md","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":"docs/security.md","support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":null,"dco":null,"cla":null}},"created_at":"2021-05-15T03:36:13.000Z","updated_at":"2025-10-13T12:08:26.000Z","dependencies_parsed_at":"2023-10-16T08:38:52.372Z","dependency_job_id":"522a2852-b62a-4c98-a4d9-1705b84cdf59","html_url":"https://github.com/synfinatic/aws-sso-cli","commit_stats":{"total_commits":512,"total_committers":22,"mean_commits":"23.272727272727273","dds":0.1640625,"last_synced_commit":"fb95df2ee3277f08f19ff349487c54af904ab090"},"previous_names":[],"tags_count":56,"template":false,"template_full_name":null,"purl":"pkg:github/synfinatic/aws-sso-cli","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/synfinatic%2Faws-sso-cli","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/synfinatic%2Faws-sso-cli/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/synfinatic%2Faws-sso-cli/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/synfinatic%2Faws-sso-cli/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/synfinatic","download_url":"https://codeload.github.com/synfinatic/aws-sso-cli/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/synfinatic%2Faws-sso-cli/sbom","scorecard":{"id":773092,"data":{"date":"2025-08-11","repo":{"name":"github.com/synfinatic/aws-sso-cli","commit":"23193a6e70381add71c46ebf22c0a272b679f94e"},"scorecard":{"version":"v5.2.1-40-gf6ed084d","commit":"f6ed084d17c9236477efd66e5b258b9d4cc7b389"},"score":5.1,"checks":[{"name":"Dangerous-Workflow","score":10,"reason":"no dangerous workflow patterns detected","details":null,"documentation":{"short":"Determines if the project's GitHub Action workflows avoid dangerous patterns.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#dangerous-workflow"}},{"name":"Maintained","score":10,"reason":"28 commit(s) and 13 issue activity found in the last 90 days -- score normalized to 10","details":null,"documentation":{"short":"Determines if the project is \"actively maintained\".","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#maintained"}},{"name":"Code-Review","score":0,"reason":"Found 1/14 approved changesets -- score normalized to 0","details":null,"documentation":{"short":"Determines if the project requires human code review before pull requests (aka merge requests) are merged.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#code-review"}},{"name":"Binary-Artifacts","score":10,"reason":"no binaries found in the repo","details":null,"documentation":{"short":"Determines if the project has generated executable (binary) artifacts in the source repository.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#binary-artifacts"}},{"name":"Security-Policy","score":10,"reason":"security policy file detected","details":["Info: security policy file detected: docs/security.md:1","Info: Found linked content: docs/security.md:1","Info: Found disclosure, vulnerability, and/or timelines in security policy: docs/security.md:1","Info: Found text in security policy: docs/security.md:1"],"documentation":{"short":"Determines if the project has published a security policy.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#security-policy"}},{"name":"CII-Best-Practices","score":0,"reason":"no effort to earn an OpenSSF best practices badge detected","details":null,"documentation":{"short":"Determines if the project has an OpenSSF (formerly CII) Best Practices Badge.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#cii-best-practices"}},{"name":"Token-Permissions","score":0,"reason":"detected GitHub workflow tokens with excessive permissions","details":["Info: jobLevel 'actions' permission set to 'read': .github/workflows/codeql.yml:39","Info: jobLevel 'contents' permission set to 'read': .github/workflows/codeql.yml:40","Warn: jobLevel 'security-events' permission set to 'write': .github/workflows/codeql.yml:41","Warn: no topLevel permission defined: .github/workflows/auto-close.yml:1","Warn: no topLevel permission defined: .github/workflows/build-release.yml:1","Warn: no topLevel permission defined: .github/workflows/codeql.yml:1","Warn: no topLevel permission defined: .github/workflows/docker-hub.yml:1","Warn: no topLevel permission defined: .github/workflows/lint.yml:1","Warn: topLevel 'contents' permission set to 'write': .github/workflows/release-mkdocs.yaml:7","Info: topLevel 'contents' permission set to 'read': .github/workflows/tests.yml:17","Warn: topLevel 'contents' permission set to 'write': .github/workflows/update-mkdocs.yaml:13","Warn: no topLevel permission defined: .github/workflows/validate-codecov.yml:1"],"documentation":{"short":"Determines if the project's workflows follow the principle of least privilege.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#token-permissions"}},{"name":"Fuzzing","score":0,"reason":"project is not fuzzed","details":["Warn: no fuzzer integrations found"],"documentation":{"short":"Determines if the project uses fuzzing.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#fuzzing"}},{"name":"License","score":10,"reason":"license file detected","details":["Info: project has a license file: LICENSE.md:0","Info: FSF or OSI recognized license: GNU General Public License v3.0: LICENSE.md:0"],"documentation":{"short":"Determines if the project has defined a license.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#license"}},{"name":"Branch-Protection","score":-1,"reason":"internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration","details":null,"documentation":{"short":"Determines if the default and release branches are protected with GitHub's branch protection settings.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#branch-protection"}},{"name":"Packaging","score":10,"reason":"packaging workflow detected","details":["Info: Project packages its releases by way of GitHub Actions.: .github/workflows/docker-hub.yml:8"],"documentation":{"short":"Determines if the project is published as a package that others can easily download, install, easily update, and uninstall.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#packaging"}},{"name":"Signed-Releases","score":8,"reason":"5 out of the last 5 releases have a total of 5 signed artifacts.","details":["Info: signed release artifact: release.sig.asc: https://github.com/synfinatic/aws-sso-cli/releases/tag/v2.0.3","Info: signed release artifact: release.sig.asc: https://github.com/synfinatic/aws-sso-cli/releases/tag/v2.0.2","Info: signed release artifact: release.sig.asc: https://github.com/synfinatic/aws-sso-cli/releases/tag/v2.0.1","Info: signed release artifact: release.sig.asc: https://github.com/synfinatic/aws-sso-cli/releases/tag/v2.0.0","Info: signed release artifact: release.sig.asc: https://github.com/synfinatic/aws-sso-cli/releases/tag/v2.0.0-beta4","Warn: release artifact v2.0.3 does not have provenance: https://api.github.com/repos/synfinatic/aws-sso-cli/releases/221863847","Warn: release artifact v2.0.2 does not have provenance: https://api.github.com/repos/synfinatic/aws-sso-cli/releases/221718538","Warn: release artifact v2.0.1 does not have provenance: https://api.github.com/repos/synfinatic/aws-sso-cli/releases/219225638","Warn: release artifact v2.0.0 does not have provenance: https://api.github.com/repos/synfinatic/aws-sso-cli/releases/217809028","Warn: release artifact v2.0.0-beta4 does not have provenance: https://api.github.com/repos/synfinatic/aws-sso-cli/releases/177500147"],"documentation":{"short":"Determines if the project cryptographically signs release artifacts.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#signed-releases"}},{"name":"Pinned-Dependencies","score":0,"reason":"dependency not pinned by hash detected -- score normalized to 0","details":["Info: Possibly incomplete results: error parsing shell code: parameter expansion requires a literal: internal/helper/zshrc.sh:0","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/auto-close.yml:14: update your workflow using https://app.stepsecurity.io/secureworkflow/synfinatic/aws-sso-cli/auto-close.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build-release.yml:23: update your workflow using https://app.stepsecurity.io/secureworkflow/synfinatic/aws-sso-cli/build-release.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build-release.yml:26: update your workflow using https://app.stepsecurity.io/secureworkflow/synfinatic/aws-sso-cli/build-release.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build-release.yml:40: update your workflow using https://app.stepsecurity.io/secureworkflow/synfinatic/aws-sso-cli/build-release.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build-release.yml:51: update your workflow using https://app.stepsecurity.io/secureworkflow/synfinatic/aws-sso-cli/build-release.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build-release.yml:54: update your workflow using https://app.stepsecurity.io/secureworkflow/synfinatic/aws-sso-cli/build-release.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build-release.yml:64: update your workflow using https://app.stepsecurity.io/secureworkflow/synfinatic/aws-sso-cli/build-release.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build-release.yml:79: update your workflow using https://app.stepsecurity.io/secureworkflow/synfinatic/aws-sso-cli/build-release.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build-release.yml:85: update your workflow using https://app.stepsecurity.io/secureworkflow/synfinatic/aws-sso-cli/build-release.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/build-release.yml:92: update your workflow using https://app.stepsecurity.io/secureworkflow/synfinatic/aws-sso-cli/build-release.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/build-release.yml:103: update your workflow using https://app.stepsecurity.io/secureworkflow/synfinatic/aws-sso-cli/build-release.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/codeql.yml:54: update your workflow using https://app.stepsecurity.io/secureworkflow/synfinatic/aws-sso-cli/codeql.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/codeql.yml:57: update your workflow using https://app.stepsecurity.io/secureworkflow/synfinatic/aws-sso-cli/codeql.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/codeql.yml:90: update your workflow using https://app.stepsecurity.io/secureworkflow/synfinatic/aws-sso-cli/codeql.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/docker-hub.yml:13: update your workflow using https://app.stepsecurity.io/secureworkflow/synfinatic/aws-sso-cli/docker-hub.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/docker-hub.yml:16: update your workflow using https://app.stepsecurity.io/secureworkflow/synfinatic/aws-sso-cli/docker-hub.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/docker-hub.yml:23: update your workflow using https://app.stepsecurity.io/secureworkflow/synfinatic/aws-sso-cli/docker-hub.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/docker-hub.yml:28: update your workflow using https://app.stepsecurity.io/secureworkflow/synfinatic/aws-sso-cli/docker-hub.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/lint.yml:9: update your workflow using https://app.stepsecurity.io/secureworkflow/synfinatic/aws-sso-cli/lint.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/lint.yml:11: update your workflow using https://app.stepsecurity.io/secureworkflow/synfinatic/aws-sso-cli/lint.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/lint.yml:20: update your workflow using https://app.stepsecurity.io/secureworkflow/synfinatic/aws-sso-cli/lint.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/lint.yml:21: update your workflow using https://app.stepsecurity.io/secureworkflow/synfinatic/aws-sso-cli/lint.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release-mkdocs.yaml:13: update your workflow using https://app.stepsecurity.io/secureworkflow/synfinatic/aws-sso-cli/release-mkdocs.yaml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release-mkdocs.yaml:16: update your workflow using https://app.stepsecurity.io/secureworkflow/synfinatic/aws-sso-cli/release-mkdocs.yaml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/tests.yml:32: update your workflow using https://app.stepsecurity.io/secureworkflow/synfinatic/aws-sso-cli/tests.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/tests.yml:38: update your workflow using https://app.stepsecurity.io/secureworkflow/synfinatic/aws-sso-cli/tests.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/tests.yml:42: update your workflow using https://app.stepsecurity.io/secureworkflow/synfinatic/aws-sso-cli/tests.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/tests.yml:49: update your workflow using https://app.stepsecurity.io/secureworkflow/synfinatic/aws-sso-cli/tests.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/tests.yml:58: update your workflow using https://app.stepsecurity.io/secureworkflow/synfinatic/aws-sso-cli/tests.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/tests.yml:61: update your workflow using https://app.stepsecurity.io/secureworkflow/synfinatic/aws-sso-cli/tests.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/tests.yml:63: update your workflow using https://app.stepsecurity.io/secureworkflow/synfinatic/aws-sso-cli/tests.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/update-mkdocs.yaml:19: update your workflow using https://app.stepsecurity.io/secureworkflow/synfinatic/aws-sso-cli/update-mkdocs.yaml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/update-mkdocs.yaml:22: update your workflow using https://app.stepsecurity.io/secureworkflow/synfinatic/aws-sso-cli/update-mkdocs.yaml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/validate-codecov.yml:19: update your workflow using https://app.stepsecurity.io/secureworkflow/synfinatic/aws-sso-cli/validate-codecov.yml/main?enable=pin","Warn: containerImage not pinned by hash: Dockerfile:2","Warn: containerImage not pinned by hash: Dockerfile:13: pin your Docker image by updating alpine:latest to alpine:latest@sha256:4bcff63911fcb4448bd4fdacec207030997caf25e9bea4045fa6c8c44de311d1","Warn: containerImage not pinned by hash: Dockerfile.mkdocs:1: pin your Docker image by updating squidfunk/mkdocs-material:9.6.5 to squidfunk/mkdocs-material:9.6.5@sha256:26153027ff0b192d3dbea828f2fe2dd1bf6ff753c58dd542b3ddfe866b08bf60","Warn: containerImage not pinned by hash: Dockerfile.package:1","Warn: containerImage not pinned by hash: Dockerfile.package:8","Warn: pipCommand not pinned by hash: Dockerfile.mkdocs:3","Warn: pipCommand not pinned by hash: .github/workflows/release-mkdocs.yaml:21","Warn: pipCommand not pinned by hash: .github/workflows/update-mkdocs.yaml:27","Info:   0 out of  23 GitHub-owned GitHubAction dependencies pinned","Info:   0 out of  11 third-party GitHubAction dependencies pinned","Info:   0 out of   5 containerImage dependencies pinned","Info:   0 out of   3 pipCommand dependencies pinned"],"documentation":{"short":"Determines if the project has declared and pinned the dependencies of its build process.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#pinned-dependencies"}},{"name":"SAST","score":0,"reason":"SAST tool is not run on all commits -- score normalized to 0","details":["Warn: 0 commits out of 30 are checked with a SAST tool"],"documentation":{"short":"Determines if the project uses static code analysis.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#sast"}},{"name":"Vulnerabilities","score":0,"reason":"56 existing vulnerabilities detected","details":["Warn: Project is vulnerable to: PYSEC-2021-5 / GHSA-hq37-853p-g5cf","Warn: Project is vulnerable to: PYSEC-2023-9 / GHSA-rwmf-w63j-p7gv","Warn: Project is vulnerable to: GHSA-3c5c-7235-994j","Warn: Project is vulnerable to: GHSA-3f63-hfp8-52jq","Warn: Project is vulnerable to: PYSEC-2021-41 / GHSA-3wvg-mj6g-m9cv","Warn: Project is vulnerable to: PYSEC-2020-77 / GHSA-3xv8-3j54-hgrp","Warn: Project is vulnerable to: PYSEC-2020-80 / GHSA-43fq-w8qq-v88h","Warn: Project is vulnerable to: GHSA-44wm-f244-xhp3","Warn: Project is vulnerable to: GHSA-4fx9-vc88-q2xc","Warn: Project is vulnerable to: PYSEC-2021-35 / GHSA-57h3-9rgr-c24m","Warn: Project is vulnerable to: PYSEC-2020-172 / GHSA-5gm3-px64-rw72","Warn: Project is vulnerable to: PYSEC-2021-331 / GHSA-7534-mm45-c74v","Warn: Project is vulnerable to: PYSEC-2021-92 / GHSA-7r7m-5h27-29hp","Warn: Project is vulnerable to: PYSEC-2020-78 / GHSA-8843-m7mw-mxqm","Warn: Project is vulnerable to: PYSEC-2023-227 / GHSA-8ghj-p4vj-mr35","Warn: Project is vulnerable to: PYSEC-2014-87 / GHSA-8m9x-pxwq-j236","Warn: Project is vulnerable to: PYSEC-2022-10 / GHSA-8vj2-vxx3-667w","Warn: Project is vulnerable to: PYSEC-2021-36 / GHSA-8xjq-8fcg-g5hw","Warn: Project is vulnerable to: PYSEC-2016-6 / GHSA-8xjv-v9xq-m5h9","Warn: Project is vulnerable to: PYSEC-2021-42 / GHSA-95q3-8gr9-gm8w","Warn: Project is vulnerable to: PYSEC-2022-168 / GHSA-9j59-75qj-795w","Warn: Project is vulnerable to: PYSEC-2014-10 / GHSA-cfmr-38g9-f2h7","Warn: Project is vulnerable to: PYSEC-2020-76 / GHSA-cqhg-xjhh-p8hf","Warn: Project is vulnerable to: PYSEC-2021-40 / GHSA-f4w8-cv6p-x6r5","Warn: Project is vulnerable to: PYSEC-2021-69 / GHSA-f5g8-5qq7-938w","Warn: Project is vulnerable to: PYSEC-2021-139 / GHSA-g6rj-rv7j-xwp4","Warn: Project is vulnerable to: PYSEC-2015-16 / GHSA-h5rf-vgqx-wjv2","Warn: Project is vulnerable to: PYSEC-2016-5 / GHSA-hggx-3h72-49ww","Warn: Project is vulnerable to: PYSEC-2020-84 / GHSA-hj69-c76v-86wr","Warn: Project is vulnerable to: PYSEC-2016-7 / GHSA-hvr8-466p-75rh","Warn: Project is vulnerable to: PYSEC-2015-15 / GHSA-j6f7-g425-4gmx","Warn: Project is vulnerable to: GHSA-j7hp-h8jx-5ppr","Warn: Project is vulnerable to: PYSEC-2019-110 / GHSA-j7mj-748x-7p78","Warn: Project is vulnerable to: GHSA-jgpv-4h4c-xhw3","Warn: Project is vulnerable to: PYSEC-2022-42979 / GHSA-m2vv-5vj5-2hm7","Warn: Project is vulnerable to: PYSEC-2021-37 / GHSA-mvg9-xffr-p774","Warn: Project is vulnerable to: PYSEC-2020-83 / GHSA-p49h-hjvm-jg3h","Warn: Project is vulnerable to: PYSEC-2022-8 / GHSA-pw3c-h7wp-cvhx","Warn: Project is vulnerable to: PYSEC-2021-93 / GHSA-q5hq-fp76-qmrc","Warn: Project is vulnerable to: PYSEC-2020-82 / GHSA-r7rm-8j6h-r933","Warn: Project is vulnerable to: PYSEC-2014-23 / GHSA-r854-96gq-rfg3","Warn: Project is vulnerable to: PYSEC-2016-8 / GHSA-rwr3-c2q8-gm56","Warn: Project is vulnerable to: PYSEC-2020-81 / GHSA-vcqg-3p29-xw73","Warn: Project is vulnerable to: PYSEC-2020-79 / GHSA-vj42-xq3r-hr3r","Warn: Project is vulnerable to: PYSEC-2021-70 / GHSA-vqcj-wrf2-7v73","Warn: Project is vulnerable to: PYSEC-2016-9 / GHSA-w4vg-rf63-f3j3","Warn: Project is vulnerable to: PYSEC-2014-22 / GHSA-x895-2wrm-hvp7","Warn: Project is vulnerable to: PYSEC-2022-9 / GHSA-xrcv-f9gm-v42c","Warn: Project is vulnerable to: PYSEC-2021-137","Warn: Project is vulnerable to: PYSEC-2021-138","Warn: Project is vulnerable to: PYSEC-2021-317","Warn: Project is vulnerable to: PYSEC-2021-38","Warn: Project is vulnerable to: PYSEC-2021-39","Warn: Project is vulnerable to: PYSEC-2021-94","Warn: Project is vulnerable to: PYSEC-2023-175","Warn: Project is vulnerable to: GO-2025-3829 / GHSA-4vq8-7jfc-9cvp"],"documentation":{"short":"Determines if the project has open, known unfixed vulnerabilities.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#vulnerabilities"}}]},"last_synced_at":"2025-08-23T02:44:32.195Z","repository_id":39503712,"created_at":"2025-08-23T02:44:32.195Z","updated_at":"2025-08-23T02:44:32.195Z"},"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":280207203,"owners_count":26290616,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","status":"online","status_checked_at":"2025-10-21T02:00:06.614Z","response_time":58,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["aws","aws-identity-center","aws-sso","cli","credentials","credentials-helper","iam","iam-role","keychain","security-tools","temporary-credentials"],"created_at":"2024-08-02T13:00:19.569Z","updated_at":"2025-10-21T04:54:30.182Z","avatar_url":"https://github.com/synfinatic.png","language":"Go","readme":"# AWS SSO CLI\n\n[![Tests](https://github.com/synfinatic/aws-sso-cli/actions/workflows/tests.yml/badge.svg)](https://github.com/synfinatic/aws-sso-cli/actions/workflows/tests.yml)\n[![Go Report Card](https://goreportcard.com/badge/github.com/synfinatic/aws-sso-cli)](https://goreportcard.com/report/github.com/synfinatic/aws-sso-cli)\n[![License Badge](https://img.shields.io/badge/license-GPLv3-blue.svg)](https://raw.githubusercontent.com/synfinatic/aws-sso-cli/main/LICENSE.md)\n[![Codecov Badge](https://codecov.io/gh/synfinatic/aws-sso-cli/branch/main/graph/badge.svg?token=F8454GS4HS)](https://codecov.io/gh/synfinatic/aws-sso-cli)\n[![Publish Docs](https://github.com/synfinatic/aws-sso-cli/actions/workflows/update-mkdocs.yaml/badge.svg)](https://github.com/synfinatic/aws-sso-cli/actions/workflows/update-mkdocs.yaml)\n[![Build Release Binaries](https://github.com/synfinatic/aws-sso-cli/actions/workflows/build-release.yml/badge.svg)](https://github.com/synfinatic/aws-sso-cli/actions/workflows/build-release.yml)\n[![Last Release](https://img.shields.io/github/v/release/synfinatic/aws-sso-cli)](https://github.com/synfinatic/aws-sso-cli/releases/)\n\n[Documentation](https://synfinatic.github.io/aws-sso-cli/) |\n[Demos](https://synfinatic.github.io/aws-sso-cli/latest/demos/) |\n[ChangeLog](CHANGELOG.md)\n\n## About\n\nAWS SSO CLI is a secure replacement for using the [aws configure sso](\nhttps://docs.aws.amazon.com/cli/latest/userguide/cli-configure-sso.html)\nwizard with a focus on security and ease of use for organizations with\nmany AWS Accounts and/or users with many IAM Roles to assume. It shares\na lot in common with [aws-vault](https://github.com/99designs/aws-vault),\nbut is more focused on the AWS IAM Identity Center use case instead\nof static API credentials.\n\nAWS SSO CLI requires your AWS account(s) to be setup with [AWS IAM Identity Center](\nhttps://aws.amazon.com/iam/identity-center/), which was previously known as AWS Single Sign-On.\nIf your organization is using the older SAML integration (typically you will\nhave multiple tiles in OneLogin/Okta) then this won't work for you.\n\nAWS SSO CLI focuses on making it easy to select a role via CLI arguments or\nvia an interactive auto-complete experience with both automatic and user-defined\nmetadata (tags) and exports the necessary [AWS STS Token credentials](\nhttps://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_use-resources.html#using-temp-creds-sdk-cli)\nto your shell environment in a variety of ways.  It even supports sharing\ncredentials via the [AWS ECS Task IAM Role](https://synfinatic.github.io/aws-sso-cli/latest/ecs-server/).\n\nAs part of the goal of improving the end-user experience with AWS SSO, it also\nsupports using [multiple AWS Web Console sessions](https://synfinatic.github.io/aws-sso-cli/latest/quickstart/#aws-console-access)\nand many other quality of life improvements!\n\n## Key Features\n\n* Enhanced security over stock AWS tooling\n* Auto-discover your AWS SSO roles and [manage](https://synfinatic.github.io/aws-sso-cli/latest/commands/#config)\n     your `~/.aws/config` file\n* Support selecting an IAM role via `$AWS_PROFILE`, CLI (with auto-completion)\n    or interactive search\n* Ability to select roles based on [user-defined](https://synfinatic.github.io/aws-sso-cli/latest/config/#tags)\n    and auto-discovered tags\n* Support for [multiple active AWS Console sessions](https://synfinatic.github.io/aws-sso-cli/latest/quickstart/#aws-console-access)\n* Guided setup to help you configure `aws-sso` the first time you run\n* Advanced configuration available to [adjust colors](https://synfinatic.github.io/aws-sso-cli/latest/config/#PromptColors)\n    and generate [named profiles via templates](https://synfinatic.github.io/aws-sso-cli/latest/config/#ProfileFormat)\n* Easily see how much longer your STS credentials [are valid for](https://synfinatic.github.io/aws-sso-cli/latest/commands/#time)\n* Written in GoLang, so only need to install a single binary (no dependencies)\n* Supports Linux, MacOS, and Windows\n\n## Security\n\nUnlike the official [AWS cli tooling](https://aws.amazon.com/cli/), _all_\nauthentication tokens and credentials used for accessing AWS and your SSO\nprovider are encrypted on disk using your choice of secure storage solution.\nAll encryption is handled by the [99designs/keyring](https://github.com/99designs/keyring)\nlibrary which is also used by [aws-vault](https://github.com/99designs/aws-vault).\n\nCredentials encrypted by `aws-sso` and not via the standard AWS CLI tool:\n\n* AWS SSO ClientID/ClientSecret -- `~/.aws/sso/cache/botocore-client-id-\u003cregion\u003e.json`\n* AWS SSO AccessToken -- `~/.aws/sso/cache/\u003crandom\u003e.json`\n* AWS Profile Access Credentials -- `~/.aws/cli/cache/\u003crandom\u003e.json`\n\nAs you can see, not only does the standard AWS CLI tool expose the temporary\nAWS access credentials to your IAM roles, but more importantly the SSO\nAccessToken which can be used to fetch IAM credentials for any role you have\nbeen granted access!\n","funding_links":[],"categories":["Go"],"sub_categories":[],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fsynfinatic%2Faws-sso-cli","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fsynfinatic%2Faws-sso-cli","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fsynfinatic%2Faws-sso-cli/lists"}