fosstars-rating-core
fosstars-rating-core copied to clipboard
SAP
A framework for defining ratings for open source projects. In particular, the framework offers a security rating for open source projects that may be used to assess the security risk that comes with o...
A violation against the OSS Rules of Play has been detected. Rule ID: rl-reuse_tool-4 Explanation: Is it compliant with REUSE rules? **No** Find more information at: https://sap.github.io/fosstars-rating-core/oss_rules_of_play_rating.html
Bumps [jackson-databind](https://github.com/FasterXML/jackson) from 2.13.3 to 2.13.4.2. Commits See full diff in compare view [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter...
![dependabot[bot] avatar](https://avatars.githubusercontent.com/in/29110?v=4 "dependabot[bot] avatar"){kind=avatar}
Bumps [slf4j-simple](https://github.com/qos-ch/slf4j) from 1.7.36 to 2.0.3. Commits b2cb05f prepare release 2.0.3 4b5bb41 fix SLF4J-546, Fluent logging API doesn't populate timestamp with Reload4JLogger b500a6f javadoc explaining using multiple markers instead of...
Bumps [maven-checkstyle-plugin](https://github.com/apache/maven-checkstyle-plugin) from 3.1.2 to 3.2.0. Commits 1aaf7cb [maven-release-plugin] prepare release maven-checkstyle-plugin-3.2.0 627fa4f [MCHECKSTYLE-417] Upgrade Maven Reporting API to 3.1.1/Maven Reporting Impl t... cbf3751 [MCHECKSTYLE-418] Deprecate RSS feature and disable...
Sometimes when the NVD json download fails as a prestep for OWASP dependency check. A `null pointer exception` is thrown ``` [!] Holy Moly, VulnerabilitiesFromOwaspDependencyCheck data provider failed! [!] The...
GoSec can be enabled from CI yaml files like from CircleCI's .golangci.yaml file and these needs to be checked for the GoLang projects. Sample - https://github.com/OmegaRogue/eliteJournal/blob/be279b9ac9e122f0b6890a4381f4bbbb3a92939d/.golangci.yaml#L124 Tings to do: -...
The advices shown should be actionable and related to the rating requested project. The current implementation shows the advices independent of the programming languages used in a project due to...
After the introduction of Snyk score, the DependencyScanScore "okay" range lies in the "very good" range, which can be confirmed from the test vector here https://github.com/SAP/fosstars-rating-core/blob/02f66d6569bf2664a9091e5ca932102cad842eba/src/test/resources/com/sap/oss/phosphor/fosstars/model/score/oss/DependencyScanScoreTestVectors.yml#L106 Issue cause: Having GitHub...
Bumps [maven-javadoc-plugin](https://github.com/apache/maven-javadoc-plugin) from 3.3.2 to 3.4.0. Commits 40cc602 [maven-release-plugin] prepare release maven-javadoc-plugin-3.4.0 0c6b32f [MJAVADOC-714] Upgrade to Maven 3.2.5 506cb74 [MJAVADOC-696] Invalid anchors in Javadoc and plugin mojo 47d03d3 [MJAVADOC-712] Remove...
Securecookie encodes and decodes authenticated and optionally encrypted cookie values. Secure cookies can't be forged, because their values are validated using HMAC. When encrypted, the content is also inaccessible to...