ochrona-cli
repometascore
ochrona-cli | repometascore | |
---|---|---|
2 | 1 | |
52 | 33 | |
- | - | |
0.6 | 0.0 | |
about 1 year ago | almost 2 years ago | |
Python | Python | |
MIT License | Apache License 2.0 |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
ochrona-cli
repometascore
-
RepoMetaScore: evaluate supply chain risks of open-source projects
Repometascore uses public information disclosed by contributors themselves. RepoMetaScore collects such info through the APIs and calculates results as a risk rating. It can be the first tool in a series of security checkup developers go through when deciding whether to add a certain project or not.
What are some alternatives?
pip-audit - Audits Python environments, requirements files and dependency trees for known security vulnerabilities, and can automatically fix them
cppdep - C/C++ Dependency Analyzer: a rewrite of John Lakos' dep_utils (adep/cdep/ldep) from "Large-Scale C++ Software Design"
safety - Safety checks Python dependencies for known security vulnerabilities and suggests the proper remediations for vulnerabilities detected.
dep-scan - OWASP dep-scan is a next-generation security and risk audit tool based on known vulnerabilities, advisories, and license limitations for project dependencies. Both local repositories and container images are supported as the input, and the tool is ideal for integration.
ggshield - Find and fix 360+ types of hardcoded secrets and 70+ types of infrastructure-as-code misconfigurations.
Android-multimodule-dependency-graph - Creates a dependency graph for an Android multimodule project.
best-of-python-dev - ๐ A ranked list of awesome python developer tools and libraries. Updated weekly.
emerge - Emerge is a browser-based interactive codebase and dependency visualization tool for many different programming languages. It supports some basic code quality and graph metrics and provides a simple and intuitive way to explore and analyze a codebase by using graph structures.
in-toto - in-toto is a framework to protect supply chain integrity.
prescriptions - โ๏ธ๐ Prescriptions to heal your applications and application dependencies ๐โ๏ธ
dephell - :package: :fire: Python project management. Manage packages: convert between formats, lock, install, resolve, isolate, test, build graph, show outdated, audit. Manage venvs, build package, bump version.
anchore-engine - A service that analyzes docker images and scans for vulnerabilities