fosstars-rating-core
fosstars-rating-core copied to clipboard
SAP
A framework for defining ratings for open source projects. In particular, the framework offers a security rating for open source projects that may be used to assess the security risk that comes with o...
gorilla/csrf provides Cross-Site Request Forgery (CSRF) prevention middleware for Go web applications & services. Things to do: Check if information can be extracted from GitHub, if gorilla/csrf is used in...
Bodyclose is a static analysis tool which checks whether res.Body is correctly closed. Things to do: Check if information can be extracted from GitHub, if Bodyclose is used in the...
GoKart is a static analysis tool for Go that finds vulnerabilities using the SSA (single static assignment) form of Go source code. Things to do: Check if information can be...
safehtml provides immutable string-like types that wrap web types such as HTML, JavaScript and CSS. These wrappers are safe by construction against XSS and similar web vulnerabilities, and they can...
Secure is an HTTP middleware for Go that facilitates some quick security wins Things to do: Check if information can be extracted from GitHub, if Secure is used in the...
Nosurf is an HTTP package for Go that helps you prevent Cross-Site Request Forgery attacks. It acts like a middleware and therefore is compatible with basically any Go HTTP application....
Dependabot data provider can include Golang. DoD: 1. Added Golang as supported language in the Depdendabot data provider
- Find if SpotBugs can contribute to Security Score? - PoC identify ways to integrate it into the core Ref: https://github.com/spotbugs/spotbugs
https://github.com/google/osv It would be good to figure out if it's possible to use OSV. Ideally, it would be good to start with implementing an experimental data provider and define a...
Bumps org.eclipse.jgit from 5.13.0.202109080827-r to 6.0.0.202111291000-r. [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a...
![dependabot[bot] avatar](https://avatars.githubusercontent.com/in/29110?v=4 "dependabot[bot] avatar"){kind=avatar}