Giter Club home page Giter Club logo

pombredanne / fosstars-rating-core Goto Github PK

View Code? Open in Web Editor NEW

This project forked from sap/fosstars-rating-core

0.0 1.0 0.0 24.25 MB

A framework for defining ratings for open-source projects. In particular, the framework offers a security rating for open-source projects that may be used to assess the security risk that comes with open-source components.

Home Page: https://sap.github.io/fosstars-rating-core/

License: Apache License 2.0

Shell 0.91% Java 83.53% Jupyter Notebook 15.45% Python 0.09% Dockerfile 0.03%

fosstars-rating-core's Introduction

Java CI Language grade: Java REUSE status Fosstars security rating Fosstars RoP status

Ratings for open source projects

This is a framework for defining and calculating ratings for open source projects. See docs for more details.

Security rating for open source projects

open source software helps a lot, but it also may bring new security issues and therefore increase security risks. Is it safe to use a particular open source component? Sometimes answering this question is not easy. The security rating for open source projects helps to answer this question. First, it gathers various data about an open source project. Then, it calculates a security rating for it. The rating helps to assess the security risk that comes with this open source project.

More details about the security rating can be found in the docs.

Requirements

  • Java 8+
  • Maven 3.6.0+
  • Python 3.6.8+
  • Jupyter Notebook 4.4.0+

Download and installation

The jars are available on the Maven Central repository:

<dependency>
    <groupId>com.sap.oss.phosphor</groupId>
    <artifactId>fosstars-rating-core</artifactId>
    <version>1.9.0</version>
</dependency>

Or, the project can be built and installed with the following command:

mvn clean install

Fosstars GitHub action

For projects on GitHub, there is a GitHub action that calculates a security rating and generates a badge.

CLI for calculating ratings

There is a CLI for calculating ratings

The tool can be run with commands like the following:

git clone https://github.com/SAP/fosstars-rating-core.git
cd fosstars-rating-core
mvn package -DskipTests
TOKEN=xyz # use your personal token, see below
java -jar target/fosstars-github-rating-calc.jar --rating security --url https://github.com/curl/curl --verbose --token ${TOKEN}

The TOKEN variable contains a token for accessing the GitHub API. You can create a personal token in the settings/tokens tab in your profile on GitHub.

In the verbose mode, the tool is going to print out the following:

  • Data that was used for calculating a security rating
  • Sub-scores that describes particular security aspects
  • Overall score and label
  • Advice on how the rating may be improved.

Here is what the output looks like:

CLI demo

Here you can find full output.

If --interactive option is specified, the tool becomes a bit interactive, and may ask the user a couple of questions. You can also find more details in the docs.

Running CLI in Docker

You can also run the CLI in a Docker container:

docker build --tag fosstars --file src/main/docker/cli/Dockerfile .
docker run -v $(pwd):/work fosstars --rating security --token $TOKEN --url https://github.com/apache/poi

Known issues

Please see GitHub issues.

How to obtain support

Please create a new GitHub issue if you found a bug, or you'd like to propose an enhancement. If you think you found a security issue, please follow this guideline.

If you have a question, please open a discussion.

Contributing

We appreciate feedback, ideas for improvements and, of course, pull requests.

Please follow this guideline if you'd like to contribute to the project.

fosstars-rating-core's People

Contributors

ajinkyapatil8190 avatar artem-smotrakov avatar dependabot[bot] avatar jchen8460 avatar manjunathms35 avatar mibo avatar panishvp avatar pombredanne avatar priyanka-sakundarwar avatar sachpat avatar sebastianwolf-sap avatar sourabhsparkala avatar

Watchers

avatar

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    ๐Ÿ–– Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. ๐Ÿ“Š๐Ÿ“ˆ๐ŸŽ‰

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google โค๏ธ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.