fosstars-rating-core
fosstars-rating-core copied to clipboard
SAP
A framework for defining ratings for open source projects. In particular, the framework offers a security rating for open source projects that may be used to assess the security risk that comes with o...
Coverity is a static analyzer that can detect security issues. It offers free scans for open-source projects. Coverity also offers badges. See for example: https://scan.coverity.com/projects/thrift https://github.com/apache/thrift If a project uses...
SonarCloud offers a static analyzer that includes multiple security check. The service is free for opne-source projects. For example, some Apache projects use it: https://sonarcloud.io/organizations/apache/projects It would be good if...
`VulnerabilitiesFromGitHubAdvisories` is not a full-fledge DataProvider The above Data provider provides only those `VULNERABILITIES` which are not present in NVD Database. We need to remove this check and allow all...
`VulnerabilitiesFromGitHubAdvisories` is not a full-fledge DataProvider The above Data provider does not handle all the `PackageManagers`. Also, it doesn't recursively parse through all the types of `PackageManagers` config files -...
Currently there are two interactive data providers: - `AskAboutSecurityTeam` - `AskAboutUnpatchedVulnerabilities` In the `SingleSecurityRatingCalculator` class, they have to be added to the end of the list of data providers: ```java...
Currently the `RatingReposotiry` class maintains only ratings. The class may be updated to maintain a list of registered scores as well. It would make it possible to use scores independently....
I was unable to build working .jar file using the provided instructions ```bash java -version openjdk version "21.0.2" 2024-01-16 LTS OpenJDK Runtime Environment SapMachine (build 21.0.2+13-LTS) OpenJDK 64-Bit Server VM...
We have configured the default CodeQL setup for our repo https://github.com/SAP/ui5-tooling-extensions/. CodeQL checks run for every PR and weekly on the default branch. However fossstars does not recognize this https://github.com/SAP/ui5-tooling-extensions/blob/fosstars-report/fosstars_report.md#how-a-project-uses-codeql.
Bumps [org.owasp:dependency-check-core](https://github.com/jeremylong/DependencyCheck) from 8.3.1 to 8.4.3. Release notes Sourced from org.owasp:dependency-check-core's releases. Version 8.4.3 fix: bump jcs3 (#6047) docs: Corrected docs on hostedSuppressions (#6035) See the full listing of changes....
![dependabot[bot] avatar](https://avatars.githubusercontent.com/in/29110?v=4 "dependabot[bot] avatar"){kind=avatar}