ochrona-cli VS repometascore

Compare ochrona-cli vs repometascore and see what are their differences.

ochrona-cli

A command line tool for detecting vulnerabilities in Python dependencies and doing safe package installs (by ochronasec)
Security security-tools Vulnerabilities vulnerability-scanners dependency-analysis supply-chain Python developer-tools Pipfile Pip requirements Devsecops
Source Code
ochrona.dev
Suggest alternative
Edit details

repometascore

repometascore (aka repository metadata scoring) analyzes metadata of the given repository, collects info about its contributors, and outputs the risk level. (by cossacklabs)
dependency-analysis security-tools dependency-manager
Source Code
Suggest alternative
Edit details
InfluxDB - Power Real-Time Data Analytics at Scale
Get real-time insights from all types of time series data with InfluxDB. Ingest, query, and analyze billions of data points in real-time with unbounded cardinality.
www.influxdata.com
featured
SaaSHub - Software Alternatives and Reviews
SaaSHub helps you find the best software and product alternatives
www.saashub.com
featured
ochrona-cli repometascore
2 1
52 33
- -
0.6 0.0
about 1 year ago almost 2 years ago
Python Python
MIT License Apache License 2.0
The number of mentions indicates the total number of mentions that we've tracked plus the number of user suggested alternatives.
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.

ochrona-cli

Posts with mentions or reviews of ochrona-cli. We have used some of these posts to build our list of alternatives and similar projects.

repometascore

Posts with mentions or reviews of repometascore. We have used some of these posts to build our list of alternatives and similar projects.
  • RepoMetaScore: evaluate supply chain risks of open-source projects
    1 project | dev.to | 18 May 2022
    Repometascore uses public information disclosed by contributors themselves. RepoMetaScore collects such info through the APIs and calculates results as a risk rating. It can be the first tool in a series of security checkup developers go through when deciding whether to add a certain project or not.

What are some alternatives?

When comparing ochrona-cli and repometascore you can also consider the following projects:

pip-audit - Audits Python environments, requirements files and dependency trees for known security vulnerabilities, and can automatically fix them

cppdep - C/C++ Dependency Analyzer: a rewrite of John Lakos' dep_utils (adep/cdep/ldep) from "Large-Scale C++ Software Design"

safety - Safety checks Python dependencies for known security vulnerabilities and suggests the proper remediations for vulnerabilities detected.

dep-scan - OWASP dep-scan is a next-generation security and risk audit tool based on known vulnerabilities, advisories, and license limitations for project dependencies. Both local repositories and container images are supported as the input, and the tool is ideal for integration.

ggshield - Find and fix 360+ types of hardcoded secrets and 70+ types of infrastructure-as-code misconfigurations.

Android-multimodule-dependency-graph - Creates a dependency graph for an Android multimodule project.

best-of-python-dev - ๐Ÿ† A ranked list of awesome python developer tools and libraries. Updated weekly.

emerge - Emerge is a browser-based interactive codebase and dependency visualization tool for many different programming languages. It supports some basic code quality and graph metrics and provides a simple and intuitive way to explore and analyze a codebase by using graph structures.

in-toto - in-toto is a framework to protect supply chain integrity.

prescriptions - โš•๏ธ๐Ÿ’Š Prescriptions to heal your applications and application dependencies ๐Ÿ’Šโš•๏ธ

dephell - :package: :fire: Python project management. Manage packages: convert between formats, lock, install, resolve, isolate, test, build graph, show outdated, audit. Manage venvs, build package, bump version.

anchore-engine - A service that analyzes docker images and scans for vulnerabilities

ochrona-cli vs pip-audit repometascore vs cppdep ochrona-cli vs safety repometascore vs dep-scan ochrona-cli vs ggshield repometascore vs Android-multimodule-dependency-graph ochrona-cli vs best-of-python-dev repometascore vs emerge ochrona-cli vs in-toto repometascore vs prescriptions ochrona-cli vs dephell ochrona-cli vs anchore-engine