fosstars-rating-core
fosstars-rating-core copied to clipboard
SAP
A framework for defining ratings for open source projects. In particular, the framework offers a security rating for open source projects that may be used to assess the security risk that comes with o...
Things to do: - Research on finding list of vulnerabilities in VulnDB - https://github.com/stevespringett/vulndb-data-mirror
If I run the build as per the documentation I get the following error: `[ERROR] Failed to execute goal org.apache.maven.plugins:maven-javadoc-plugin:3.3.2:jar (attach-javadocs) on project fosstars-rating-core: MavenReportException: Error while generating Javadoc: Project...
ESLint is a tool for identifying and reporting on patterns found in ECMAScript/JavaScript code, with the goal of making code more consistent and avoiding bugs. - Configuration requires presence of...
First of all - we love your project. Thank you for building this amazing tool. Right now only github repositories and organizations can be scanned. We have a long list...
Is it possible to determine if a OSS has reached EOL? If it is? How can we use this as part of our rating-core https://endoflife.date/, Things to do: - Learn...
Hi all, I'm using the YAML config approach to rate a list of GitHub projects. My issue is every time the calculations run it clones each project to disk, using...
At present we are assuming that `run:` if it mentions `bandit `, it is a a function call. - There maybe --options - There may not be --options - Approximation...
It is found that Bandit can be triggered in other ways - https://github.com/PyCQA/bandit#version-control-integration - Existence of `.bandit` file https://github.com/PyCQA/bandit#per-project-command-line-args - Check for more possible configurations as listed above. Improve on...
The label thresholds (`com.sap.oss.phosphor.fosstars.model.rating.oss.OssArtifactSecurityRating.Thresholds`) used by the `OssArtifactSecurityRating` were copied from the `OssSecurityRating` without validation (as it was for the PoC). As the scores used by the `OssArtifactSecurityRating` are now...
It may be possible to use Java Packager to build packages for Windows, Mac and Linux https://docs.oracle.com/javase/10/tools/javapackager.htm#JSWOR719
