fosstars-rating-core
fosstars-rating-core copied to clipboard
SAP
A framework for defining ratings for open source projects. In particular, the framework offers a security rating for open source projects that may be used to assess the security risk that comes with o...
We get a list of `Vulnerability` for a `project`. We use `NVD` to get information on Vulnerabilities. While gathering the information, it is observed that we get - `versionEndExcluding` -...
#539 introduced explanations for all values. The data providers, which gather data for the OSS security rating, should explain the values they create.
Check the possibility of replacing `SemanticVersion` with [`semver4j`](https://search.maven.org/artifact/com.vdurmont/semver4j/3.1.0/jar). More details can be found here - [SemVer](https://www.baeldung.com/cs/semantic-versioning) - Example for [implementation](https://www.baeldung.com/java-comparing-versions) But this does not cover non-semantic versions. Please keep this...
Improve `ArtifactVersionVulnerabilityScore` to work with not semantic versions. Currently only version which follows the [Semantic Version](https://semver.org/) format can be used.
This is in continuation from #504 We need to set up the cache for accumulating release Infos for the Artifacts. Setup the cache mechanism in `AbstractReleaseInfoLoader`.
https://isitmaintained.com/#about The project offers two metrics https://isitmaintained.com/#metrics Let's check whether those metrics may be used in the security ratings.
Refactor current `Oss*Scores`: - `OssSecurityScore` - `OssArtifactSecurityScore` - ~`OssArtifactVersionScore`~ `ArtifactVersionSecurityScore` 1. Discuss if ~`OssArtifactVersionScore`~ `ArtifactVersionSecurityScore` is required (as additional hierarchy) or if it can be merged in `OssArtifactSecurityScore` 2. Discuss...
Let's consider adding a new feature for Google Tink https://github.com/google/tink Since the feature may or may not apply to specific projects, it would be wrong to require any project to...
It may be good to have three submodules which can contain the following: - Core libraries (mainly `com.sap.sgs.phosphor.fosstars.model` package). - Data providers. - The demo tool. The submodules should produce...