# Install frizbee with Homebrew, winget, zypper

Throw a tag at and it comes back with a checksum. Version 0.1.10 via Homebrew; verified from local package data.

## Install

```sh
sudo av install brew:frizbee
```

Additional install commands:

### macOS

- Homebrew (100%):

```sh
brew install frizbee
```

  Evidence: local Homebrew formula metadata

### Linux

- zypper (92%):

```sh
sudo zypper install frizbee
```

  Evidence: openSUSE Tumbleweed package metadata: frizbee from https://download.opensuse.org/tumbleweed/repo/oss/repodata/be8d3611d25469107f32075a1697e69ec57a2b850b42348a658cc671ad5ec2b50760d02c3e59524d50da9a11d5be799bdaffba2e166e8ca8858512e3c0bd665d-primary.xml.zst

### Windows

- winget (92%):

```sh
winget install --id stacklok.frizbee -e
```

  Evidence: Windows Package Manager source index: stacklok.frizbee from https://cdn.winget.microsoft.com/cache/source.msix

## Package facts

- **Package key:** brew:frizbee
- **Package manager:** Homebrew
- **Package manager page:** <https://formulae.brew.sh/formula/frizbee>
- **Version:** 0.1.10
- **Source summary:** Throw a tag at and it comes back with a checksum
- **Homepage:** <https://github.com/stacklok/frizbee>
- **Repository:** <https://github.com/stacklok/frizbee>
- **Upstream docs:** <https://github.com/stacklok/frizbee#readme>
- **License:** Apache-2.0
- **Source archive:** <https://github.com/stacklok/frizbee/archive/refs/tags/v0.1.10.tar.gz>
- **Generated:** 2026-07-08T18:08:21+00:00

## Executables

- frizbee (cli)
- frizbee (alias)

## Build dependencies

- go

## Install behavior

- Post-install hook: not defined
- Bottle: available on arm64_linux, arm64_sequoia, arm64_sonoma, arm64_tahoe, sonoma, x86_64_linux

## Freshness

- Page generated: 2026-07-08
- Package-manager version: 0.1.10
- Local data: ok
- Upstream repository: https://github.com/stacklok/frizbee
- Upstream latest detected: v0.1.10 (current)
- info: No package-manager update timestamp was available.
## Project history and usage

Frizbee is a Stacklok command-line tool and Go library for resolving mutable tags to checksums. Its README describes it as a tool that can take a GitHub Actions reference or container image tag and return a checksum or digest suitable for more reproducible supply-chain references.

### Project history

Frizbee is maintained in the `stacklok/frizbee` GitHub repository and is written in Go. Official release metadata gathered during research showed a young 0.x project, with v0.0.x and v0.1.x releases from 2024 onward and v0.1.10 published in 2026.

### Adoption history

The README documents installation through Go, Homebrew, and winget, and presents Frizbee as both a CLI and a library. It also points to a Frizbee GitHub Action, placing the project in the GitHub Actions and container-image hardening workflow rather than general-purpose checksum utilities.

### How it is used

For GitHub Actions, users can point `frizbee actions` at workflow files or a single action reference to generate replacements and optionally run in dry-run or CI-failing modes. For container images, users can point `frizbee image` at YAML, Dockerfile paths, or a single image tag to get a digest-pinned reference.

The library API exposes replacers for GitHub Actions and container images, with functions for parsing strings, paths, files, and filesystem abstractions.

### Why package nerds care

Frizbee is package-nerd significant as a small supply-chain utility focused on a common packaging and CI problem: tags are convenient but mutable, while checksums and digests are auditable. It sits near Dependabot-style maintenance, GitHub Actions pinning, container digest pinning, and policy enforcement in CI.

Its value as a packaged CLI is that it can be dropped into local workflows or CI jobs without a larger platform, while the library form lets other tools reuse the tag-to-checksum logic.

### Timeline

- 2024: Official releases include early v0.0.x and v0.1.x Frizbee builds.
- 2024: The README documents installation via Go, Homebrew, and winget and usage for GitHub Actions and container images.
- 2026: Official releases include Frizbee v0.1.10.

### Related projects

- Related surfaces include GitHub Actions, the Frizbee GitHub Action, container registries, image digest pinning, and Stacklok supply-chain tooling.
- The CLI's work overlaps with CI policy, tag pinning, reproducible builds, and tools that rewrite workflow or manifest files to less mutable references.

### Sources

- <https://github.com/marketplace/actions/frizbee-action>
- <https://github.com/stacklok/frizbee/releases>
- <https://raw.githubusercontent.com/stacklok/frizbee/main/README.md>


## Security Notes

narrow executable package without higher-risk signals.

- **Geiger risk:** green / low
- narrow executable package without higher-risk signals

## Source Database Details

- **Source Database:** Homebrew formula API
- **Tap:** homebrew/core
- **Full Name:** frizbee
- **Version Scheme:** 0
- **Revision:** 0
- **Head Version:** HEAD
- **Bottle Stable Root URL:** <https://ghcr.io/v2/homebrew/core>
- **Deprecated:** no
- **Disabled:** no
- **Keg Only:** no
- **URL Keys:** head, stable

## Other Package-Manager Records

- zypper - frizbee - 0.1.10-1.2: normalized package name match | openSUSE Tumbleweed package metadata: frizbee from https://download.opensuse.org/tumbleweed/repo/oss/repodata/be8d3611d25469107f32075a1697e69ec57a2b850b42348a658cc671ad5ec2b50760d02c3e59524d50da9a11d5be799bdaffba2e166e8ca8858512e3c0bd665d-primary.xml.zst | Throw a tag at and it comes back with a checksum | https://github.com/stacklok/frizbee
- zypper - frizbee-bash-completion - 0.1.10-1.2: normalized package name match | openSUSE Tumbleweed package metadata: frizbee-bash-completion from https://download.opensuse.org/tumbleweed/repo/oss/repodata/be8d3611d25469107f32075a1697e69ec57a2b850b42348a658cc671ad5ec2b50760d02c3e59524d50da9a11d5be799bdaffba2e166e8ca8858512e3c0bd665d-primary.xml.zst | Bash Completion for frizbee | https://github.com/stacklok/frizbee
- zypper - frizbee-fish-completion - 0.1.10-1.2: normalized package name match | openSUSE Tumbleweed package metadata: frizbee-fish-completion from https://download.opensuse.org/tumbleweed/repo/oss/repodata/be8d3611d25469107f32075a1697e69ec57a2b850b42348a658cc671ad5ec2b50760d02c3e59524d50da9a11d5be799bdaffba2e166e8ca8858512e3c0bd665d-primary.xml.zst | Fish Completion for frizbee | https://github.com/stacklok/frizbee
- zypper - frizbee-zsh-completion - 0.1.10-1.2: normalized package name match | openSUSE Tumbleweed package metadata: frizbee-zsh-completion from https://download.opensuse.org/tumbleweed/repo/oss/repodata/be8d3611d25469107f32075a1697e69ec57a2b850b42348a658cc671ad5ec2b50760d02c3e59524d50da9a11d5be799bdaffba2e166e8ca8858512e3c0bd665d-primary.xml.zst | Zsh Completion for frizbee | https://github.com/stacklok/frizbee
- winget - stacklok.frizbee: normalized package name match | Windows Package Manager source index: stacklok.frizbee from https://cdn.winget.microsoft.com/cache/source.msix


## Related links

- [Source-control packages](https://www.automicvault.com/pkg/source-control-tools/) - Belongs to a source-control command family.
- [Terminal utility packages](https://www.automicvault.com/pkg/terminal-utilities/) - Matched terminal and command-line workflow metadata.
- [Networking and protocol packages](https://www.automicvault.com/pkg/networking-protocol-tools/) - Matched network, protocol, or remote-service metadata.
- [Security and crypto packages](https://www.automicvault.com/pkg/security-crypto-tools/) - Matched security, identity, cryptography, password, signing, or certificate metadata.
- [go](https://www.automicvault.com/pkg/brew/go/) - Build dependency declared by Homebrew.
- [ratchet](https://www.automicvault.com/pkg/brew/ratchet/) - Shares av.db curated category or tags: cli, security, supply-chain.
- [zizmor](https://www.automicvault.com/pkg/brew/zizmor/) - Shares av.db curated category or tags: cli, github-actions, security, supply-chain.
- [chain-bench](https://www.automicvault.com/pkg/brew/chain-bench/) - Shares av.db curated category or tags: cli, security, supply-chain.
- [opensca-cli](https://www.automicvault.com/pkg/brew/opensca-cli/) - Shares av.db curated category or tags: cli, security, supply-chain.
- [parlay](https://www.automicvault.com/pkg/brew/parlay/) - Shares av.db curated category or tags: cli, security, supply-chain.
- [ratify](https://www.automicvault.com/pkg/brew/ratify/) - Shares av.db curated category or tags: cli, security, supply-chain.
- [slsa-verifier](https://www.automicvault.com/pkg/brew/slsa-verifier/) - Shares av.db curated category or tags: cli, security, supply-chain.
- [vet](https://www.automicvault.com/pkg/brew/vet/) - Shares av.db curated category or tags: cli, security, supply-chain.

## Combined YAML source

View the package source record on GitHub. [combined/frizbee.yml](https://github.com/automic-vault/db/blob/main/combined/frizbee.yml)


## Sources

- Nucleus package database
- Geiger risk classifier
- package-page enrichment
- curated package history
- package version freshness
- av.db category and tag curation
- package relationship graph
- external package-manager database matches
- cross-ecosystem install command graph
