prescriptions
ochrona-cli
| prescriptions | ochrona-cli | |
|---|---|---|
| 1 | 2 | |
| 17 | 52 | |
| - | - | |
| 4.3 | 0.6 | |
| 11 months ago | about 1 year ago | |
| Python | Python | |
| GNU Affero General Public License v3.0 | MIT License |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
prescriptions
-
Insights for any repository on Github
When I checked it, prescriptions was the most active... apparently, they have a bot pushing commits to update some kind of manifest file for each dependency, one by one (and there's a lot of them), every few days. That seems to be how they got to 22,000+ commits!!!!
ochrona-cli
What are some alternatives?
special-broccoli
pip-audit - Audits Python environments, requirements files and dependency trees for known security vulnerabilities, and can automatically fix them
repometascore - repometascore (aka repository metadata scoring) analyzes metadata of the given repository, collects info about its contributors, and outputs the risk level.
safety - Safety checks Python dependencies for known security vulnerabilities and suggests the proper remediations for vulnerabilities detected.
ggshield - Find and fix 360+ types of hardcoded secrets and 70+ types of infrastructure-as-code misconfigurations.
best-of-python-dev - ๐ A ranked list of awesome python developer tools and libraries. Updated weekly.
in-toto - in-toto is a framework to protect supply chain integrity.
dephell - :package: :fire: Python project management. Manage packages: convert between formats, lock, install, resolve, isolate, test, build graph, show outdated, audit. Manage venvs, build package, bump version.
anchore-engine - A service that analyzes docker images and scans for vulnerabilities
ThreatPlaybook - A unified DevSecOps Framework that allows you to go from iterative, collaborative Threat Modeling to Application Security Test Orchestration
dep-scan - OWASP dep-scan is a next-generation security and risk audit tool based on known vulnerabilities, advisories, and license limitations for project dependencies. Both local repositories and container images are supported as the input, and the tool is ideal for integration.