barista icon indicating copy to clipboard operation
barista copied to clipboard

Published 20 hours ago verified publisher icon Optum

Metadata

project barista - open source license and vulnerability management

buildcontainers buildrelease deploydocs CLA assistant

Barista alt text

Project Barista is a developer focused, cloud native, pure open source solution for open source license and vulnerability management.

Project goals include but are not limited to:

  1. maintain a license inventory system of record per project/service/product for OSS consumption within an organization
  2. automate license impact analysis related to OSS consumption
  3. automate publisher attribution analysis related to OSS consumption
  4. automate OSS vulnerability scanning

Barista allows a developer to set up their project for scanning from any Git compatible repo. Once a scan is initiated, the project is processed as follows:

  1. The repo is cloned into a temporary directory. All contents will be destroyed once processing is finished.

  2. License scanning is initiated. Barista currently supports the following technology stacks:

    1. Java using the Maven package manager
    2. .Net using the NuGet package manager
    3. Node using the NPM package manager
    4. Python using the PIP package manager
    5. GoLang using modules package manager
      • Support for additional package managers are on the roadmap as the community evolves e.g. Gradle

  3. Each technology stack uses native tools to gather project dependencies with as much meta data as can be harvested e.g. license, publisher information and or the project's published URL

  4. Unsupported technology stacks can be scanned using the nexB/scancode-tool but results are not as comprehensive and performance is degraded.

  5. All project and dependency code is then run through the OWASP Dependency Check tool to gather published vulnerability information.

  6. Both license and vulnerability findings are then run through a set of user defined business rules which allow categorization of findings into 1 of 3 categories:

  • alt text Approved
  • alt text Warning
  • alt text Disapproved

Join our growing community!

Start with our developer documentation.

Project Credits

Please see our original project team.

Sample Screen Shots

Login Page

alt text

Dashboard

alt text

Project Summary Licenses

alt text

Project Summary Vulnerabilities

alt text

Project Obligations

alt text

Metadata

74
Stars
16
Forks
Watchers

Owner

verified publisher icon Optum

Metadata

project barista - open source license and vulnerability management

Back