Gives criticality score for an open source project

Overview

Open Source Project Criticality Score (Beta)

This project is maintained by members of the Securing Critical Projects WG.

Goals

  1. Generate a criticality score for every open source project.

  2. Create a list of critical projects that the open source community depends on.

  3. Use this data to proactively improve the security posture of these critical projects.

Criticality Score

A project's criticality score defines the influence and importance of a project. It is a number between 0 (least-critical) and 1 (most-critical). It is based on the following algorithm by Rob Pike:

We use the following parameters to derive the criticality score for an open source project:

Parameter (Si) Weight (αi) Max threshold (Ti) Description Reasoning
created_since 1 120 Time since the project was created (in months) Older project has higher chance of being widely used or being dependent upon.
updated_since -1 120 Time since the project was last updated (in months) Unmaintained projects with no recent commits have higher chance of being less relied upon.
contributor_count 2 5000 Count of project contributors (with commits) Different contributors involvement indicates project's importance.
org_count 1 10 Count of distinct organizations that contributors belong to Indicates cross-organization dependency.
commit_frequency 1 1000 Average number of commits per week in the last year Higher code churn has slight indication of project's importance. Also, higher susceptibility to vulnerabilities.
recent_releases_count 0.5 26 Number of releases in the last year Frequent releases indicates user dependency. Lower weight since this is not always used.
closed_issues_count 0.5 5000 Number of issues closed in the last 90 days Indicates high contributor involvement and focus on closing user issues. Lower weight since it is dependent on project contributors.
updated_issues_count 0.5 5000 Number of issues updated in the last 90 days Indicates high contributor involvement. Lower weight since it is dependent on project contributors.
comment_frequency 1 15 Average number of comments per issue in the last 90 days Indicates high user activity and dependence.
dependents_count 2 500000 Number of project mentions in the commit messages Indicates repository use, usually in version rolls. This parameter works across all languages, including C/C++ that don't have package dependency graphs (though hack-ish). Plan to add package dependency trees in the near future.

NOTE:

  • We are looking for community ideas to improve upon these parameters.
  • There will always be exceptions to the individual reasoning rules.

Usage

The program only requires one argument to run, the name of the repo:

$ pip3 install criticality-score

$ criticality_score --repo github.com/kubernetes/kubernetes
name: kubernetes
url: https://github.com/kubernetes/kubernetes
language: Go
created_since: 79
updated_since: 0
contributor_count: 3664
org_count: 5
commit_frequency: 102.7
recent_releases_count: 76
closed_issues_count: 2906
updated_issues_count: 5136
comment_frequency: 5.7
dependents_count: 407254
criticality_score: 0.9862

You can add your own parameters to the criticality score calculation. For example, you can add internal project usage data to re-adjust the project's criticality score for your prioritization needs. This can be done by adding the --params :: ... argument on the command line.

Authentication

Before running criticality score, you need to:

# For posix platforms, e.g. linux, mac:
export GITHUB_AUTH_TOKEN=<your access token>

# For windows:
set GITHUB_AUTH_TOKEN=<your access token>
  • For GitLab repos, you need to create a GitLab access token and set it in environment variable GITLAB_AUTH_TOKEN. This helps to avoid the GitLab's api limitations for unauthenticated users.
# For posix platforms, e.g. linux, mac:
export GITLAB_AUTH_TOKEN=<your access token>

# For windows:
set GITLAB_AUTH_TOKEN=<your access token>

Formatting Results

There are three formats currently: default, json, and csv. Others may be added in the future.

These may be specified with the --format flag.

Public Data

If you're only interested in seeing a list of critical projects with their criticality score, we publish them in csv format.

This data is available on Google Cloud Storage and can be downloaded via the gsutil command-line tool or the web browser here.

NOTE: Currently, these lists are derived from projects hosted on GitHub ONLY. We do plan to expand them in near future to account for projects hosted on other source control systems.

$ gsutil ls gs://ossf-criticality-score/*.csv
gs://ossf-criticality-score/c_top_200.csv
gs://ossf-criticality-score/cplusplus_top_200.csv
gs://ossf-criticality-score/csharp_top_200.csv
gs://ossf-criticality-score/go_top_200.csv
gs://ossf-criticality-score/java_top_200.csv
gs://ossf-criticality-score/js_top_200.csv
gs://ossf-criticality-score/php_top_200.csv
gs://ossf-criticality-score/python_top_200.csv
gs://ossf-criticality-score/ruby_top_200.csv
gs://ossf-criticality-score/rust_top_200.csv
gs://ossf-criticality-score/shell_top_200.csv

This data is generated using this generator script. For example, to generate a list of top 200 C language projects, run:

$ pip3 install python-gitlab PyGithub
$ python3 -u -m criticality_score.generate \
    --language c --count 200 --sample-size 5000 --output-dir output

We have also aggregated the results over 100K repositories in GitHub (language-independent) and are available for download here.

Contributing

If you want to get involved or have ideas you'd like to chat about, we discuss this project in the Securing Critical Projects WG meetings.

See the Community Calendar for the schedule and meeting invitations.

See the Contributing documentation for guidance on how to contribute.

Issues
  • GeoTools not showing in top 200 for java projects, run criticality score on larger sample set

    GeoTools not showing in top 200 for java projects, run criticality score on larger sample set

    I looked at the top 200 Java projects, out of curiosity, to see if any of the projects I'm working on, like GeoTools, is included in the list. It was not, which is not an issue per se, but then I've computed the criticality score from command line, getting this:

    criticality_score --repo "https://github.com/geotools/geotools"
    name: geotools
    url: https://github.com/geotools/geotools
    language: Java
    created_since: 111
    updated_since: 0
    contributor_count: 315
    org_count: 6
    commit_frequency: 9.7
    recent_releases_count: 16
    closed_issues_count: 150
    updated_issues_count: 161
    comment_frequency: 1.0
    dependents_count: 337
    criticality_score: 0.66477
    

    The score alone would place the project at around position 100 of the top 200 projects. Since it's a no show, I'm wondering if there is any other criteria used to include/exclude projects, besides the pure score?

    opened by aaime 12
  • Use project first commit date for created_since, instead of github project creation date

    Use project first commit date for created_since, instead of github project creation date

    For many projects the github creation date might not match the project creation date.

    Would it be better to look at the date of the oldest commit in the repository?

    For example, for OpenSSL the computed creation_since value is 95 months, as the date of creation of a github mirror (2013-01-15T22:34:48Z), but the project is almost 22 years old (the first commit in the master branch dates back to 1998-12-21T10:52:45+00:00)!

    The cap for the field is 10 years anyway, so it's not that bad, but still it is one parameter in the equation that might be adjusted.

    Edit: this also affects other fields (e.g. recent_releases) when they are computed based on estimates based on the time since creation.

    Thoughts?

    priority 
    opened by romen 7
  • What is dependents_count parameter, looks suspect ?

    What is dependents_count parameter, looks suspect ?

    I asked for the criticality info on several projects in my industry's ecosystem, and the dependents_count really confuses me and makes me suspicious about how it's computed. Some of the projects I checked are hard dependencies of others, so if transitive dependencies are being properly tracked, the former should always have higher dependents_count than the latter, no? But this is not the case.

    One project that I run is very specialized and is of no use to casual small projects, only making sense as an embedded component of a large open source or commercial app. So while certainly very important in my industry and having a large number of end users touch those things in which it is embedded, I expect it to have a tiny number of directly downstream projects. Yet it has an absurdly, implausibly high dependents_count. Other projects I checked on that I know are directly used by orders of magnitude more projects, have implausibly low dependents_count.

    Is there some kind of verbose mode that prints details that would give us more information about how these scores are computed? Like, more insight into why it thinks a project has few or many dependent projects?

    I should mention that these are C++ projects, so perhaps the means by which dependencies are tracked is very flawed compared to a python (say) which may have a requirements.txt. How is it computed for C++? Has anybody considered promoting a GitHub convention of having a particularly named file serve as a manifest for what other projects a code base is dependent on? (Informationally only, since no C++ build system cares about such things.)

    question+answer 
    opened by lgritz 6
  • Maven and Gradle not in the Top 2000 java list

    Maven and Gradle not in the Top 2000 java list

    Hi,

    I just saw that the Maven and Gradle projects are less important that 2000 java projects where they are used in as a build tool. Maybe due to the fact that they:

    • are not a declared dependency
    • https://github.com/ossf/criticality_score/issues/14
    • https://github.com/ossf/criticality_score/issues/23
    • external issue tracker
    • All the parts (pluggable, not a dependency!) are split into many repositories
    • Mosten downloaded via maven.org, sdkman, package systems, etc

    Probably the same for other languages and build-tools, but haven’t checked.

    opened by bmarwell 6
  • Installation does not work as described in README

    Installation does not work as described in README

    I get:

    $ pip3 install criticality-score
    Collecting criticality-score
      Could not find a version that satisfies the requirement criticality-score (from versions: )
    No matching distribution found for criticality-score
    
    opened by sschuberth 6
  • Add Watchers/Description Metrics

    Add Watchers/Description Metrics

    I wanted to submit a suggestion to include GitHub Watchers (to help assess popularity) and the GitHub Description (to clarify the project's overall goal). I am currently helping contribute to OSSF's Security Metrics project, in which we are retrieving several of the GitHub metrics covered in this project (but also need to analyze the two mentioned above to help with our overall security assessment). If these can be included via the pull request I have submitted that would be extremely helpful. Thank you!

    opened by dilanbhalla 5
  • Handle empty repo case

    Handle empty repo case

    When I was running the script, I bumped into these repos that they fall into the filter due to high number of stars but they're actually empty and the script throws an exception: https://github.com/fossasia/libregraphics.asia https://github.com/libredesktop/libredesktop-events https://github.com/libredesktop/libredesktop-project-list https://github.com/libredesktop/LibreDesktop-Specs https://github.com/meilix/arch-meilix https://github.com/meilix/deb-meilix https://github.com/meilix/meilix-addons https://github.com/meilix/meilix-art https://github.com/meilix/meilix-connect https://github.com/meilix/meilix-web https://github.com/susiai/susi_partners https://github.com/susiai/susi_sdk https://github.com/ascoders/blog https://github.com/bigdongdongCLUB/newGCP https://github.com/koush/support-wiki https://github.com/mariobehling/ai-packages https://github.com/mariobehling/mb-sandbox https://github.com/meilix/meilix-docs https://github.com/paulirish/devtools-addons https://github.com/QingDaoIT/BlackList https://github.com/zhengzhouqiuzhi/zhengzhouqiuzhi

    To handle it, for GitLab, checking the commits length was enough:

    if len(repo.commits.list()) == 0:
    

    For GitHub, I couldn't find any proper way to understand whether the repo is empty. When we call "get_commits().totalCount", it already throws an exception. What I did is to force it to throw the exception by assigning "totalCount" to an unused variable (I could do it by printing the value as well?). Not an ideal solution, so let me know what you think.

    try:
    	repo = get_github_auth_token().get_repo(repo_url)
    	# Validate whether repo is empty; if it's empty, calling totalCount throws a 409 exception
    	total_commits = repo.get_commits().totalCount
    except github.GithubException as exp:
    	if exp.status == 404 or exp.status == 409:
    		return None
    return GitHubRepository(repo)
    

    Another remark is that we're spending one more request from our rate limit when calling "get_commits()" to make this validation. I only tested this for GitHub, but I'm assuming it's the same for GitLab as well.

    Alternatively, we can make all these calls before initializing the repo, do the validations, and pass them to repo object as arguments? This would also help us reducing the number of call to the API, but making these changes would take some time.

    To be able to test my changes, I created empty repos on both GitHub & GitLab btw: https://github.com/coni2k/empty-repo https://gitlab.com/coni2k/empty-repo

    Last, I also added this bit to "generate" script. Otherwise it fails when there are no processed repos:

    if len(stats) == 0:
        return
    
    opened by coni2k 5
  • why apache/spark isn't in Java top 200 public data?

    why apache/spark isn't in Java top 200 public data?

    Spark has much higher score than ElasticSearch and Beam, Spark is missing but ElasticSearch and Beam are there, why?

    apache/spark:

    $ criticality_score --repo github.com/apache/spark
    name: spark
    url: https://github.com/apache/spark
    language: Scala
    created_since: 83
    updated_since: 0
    contributor_count: 2374
    org_count: 4
    commit_frequency: 53.8
    recent_releases_count: 20
    closed_issues_count: 1252
    updated_issues_count: 1456
    comment_frequency: 12.1
    dependents_count: 396346
    criticality_score: 0.96476
    

    elastic/elasticsearch:

    $ criticality_score --repo github.com/elastic/elasticsearch
    name: elasticsearch
    url: https://github.com/elastic/elasticsearch
    language: Java
    created_since: 132
    updated_since: 0
    contributor_count: 1709
    org_count: 3
    commit_frequency: 127.1
    recent_releases_count: 21
    closed_issues_count: 7966
    updated_issues_count: 9234
    comment_frequency: 1.0
    dependents_count: 95320
    criticality_score: 0.88175
    

    apache/beam:

    $ criticality_score --repo github.com/apache/beam
    name: beam
    url: https://github.com/apache/beam
    language: Java
    created_since: 59
    updated_since: 0
    contributor_count: 980
    org_count: 7
    commit_frequency: 67.1
    recent_releases_count: 7
    closed_issues_count: 725
    updated_issues_count: 826
    comment_frequency: 4.3
    dependents_count: 11397
    criticality_score: 0.8319
    
    opened by Dieken 4
  • How are the top 200 lists computed?

    How are the top 200 lists computed?

    I am directly responsible for two open source projects. I was shocked to see that one is on your "top 200" list of C++ projects. The other project has been around longer, has more contributors, more PRs, surely has an order of magnitude more downstream users, and in fact has a much higher criticality score. But it's not on the list. I can't quite figure out what the top 200 would be measuring (I would think the 200 projects with the very highest criticality score itself? But apparently not?) for the first project to show up on the list but not the other.

    Can you give any insight about WHAT is being ranked in your "top" lists?

    opened by lgritz 4
  • Language implementation is less critical than language project generator, create list for TypeScript projects inside JS list.

    Language implementation is less critical than language project generator, create list for TypeScript projects inside JS list.

    tsdx, a TypeScript project generator, appears in the top 200 list for JavaScript packages; however, TypeScript itself does not. That seems somewhat counterintuitive.

    opened by DanielRosenwasser 4
  • Check here for why downloads count not used in criticality score.

    Check here for why downloads count not used in criticality score.

    I think downloads count have a serious role here as well because it shows the actual size of the audience who depends on the package. Imagine a very popular project depends on project X. For project X it's only one dependant, but the dependant project has criticality of 1 with millions of downloads. Making this project also much more important than it is in isolation.

    question+answer 
    opened by kof 4
  • Bump google.golang.org/api from 0.74.0 to 0.86.0

    Bump google.golang.org/api from 0.74.0 to 0.86.0

    Bumps google.golang.org/api from 0.74.0 to 0.86.0.

    Release notes

    Sourced from google.golang.org/api's releases.

    v0.86.0

    0.86.0 (2022-06-28)

    Features

    v0.85.0

    0.85.0 (2022-06-21)

    Features

    v0.84.0

    0.84.0 (2022-06-14)

    Features

    v0.83.0

    0.83.0 (2022-06-07)

    Features

    v0.82.0

    0.82.0 (2022-06-01)

    Features

    v0.81.0

    0.81.0 (2022-05-24)

    Features

    v0.80.0

    ... (truncated)

    Changelog

    Sourced from google.golang.org/api's changelog.

    0.86.0 (2022-06-28)

    Features

    0.85.0 (2022-06-21)

    Features

    0.84.0 (2022-06-14)

    Features

    0.83.0 (2022-06-07)

    Features

    0.82.0 (2022-06-01)

    Features

    0.81.0 (2022-05-24)

    Features

    0.80.0 (2022-05-17)

    Features

    ... (truncated)

    Commits

    Dependabot compatibility score

    Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


    Dependabot commands and options

    You can trigger Dependabot actions by commenting on this PR:

    • @dependabot rebase will rebase this PR
    • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
    • @dependabot merge will merge this PR after your CI passes on it
    • @dependabot squash and merge will squash and merge this PR after your CI passes on it
    • @dependabot cancel merge will cancel a previously requested merge and block automerging
    • @dependabot reopen will reopen this PR if it is closed
    • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
    • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    dependencies go 
    opened by dependabot[bot] 0
  • Use Debian/other distro dependent count data for C/C++ projects

    Use Debian/other distro dependent count data for C/C++ projects

    For Debian, we could potentially extract this information from package indexes. This could be a useful proxy for C/C++ projects.

    e.g. from https://snapshot.debian.org/archive/debian/20220627T213404Z/dists/bullseye/main/binary-amd64/Packages.xz and https://snapshot.debian.org/archive/debian/20220627T213404Z/dists/bullseye/main/source/Sources.xz

    opened by oliverchang 0
  • Bump cloud.google.com/go/bigquery from 1.32.0 to 1.34.1

    Bump cloud.google.com/go/bigquery from 1.32.0 to 1.34.1

    Bumps cloud.google.com/go/bigquery from 1.32.0 to 1.34.1.

    Release notes

    Sourced from cloud.google.com/go/bigquery's releases.

    bigquery: v1.34.1

    1.34.1 (2022-06-23)

    Bug Fixes

    spanner: v1.34.0

    1.34.0 (2022-06-17)

    Features

    • spanner/spansql: add a support for parsing INSERT statement (#6148) (c6185cf)
    • spanner: add Session creator role docs: clarify transaction semantics (4134941)

    bigquery: v1.34.0

    1.34.0 (2022-06-23)

    Features

    • bigquery/storage: add fields to eventually contain row level errors (5fe3b1d)

    Bug Fixes

    • bigquery/storage/managedwriter: address locking and schema updates (#6243) (fe264a5)

    spanner: v1.33.0

    1.33.0 (2022-05-28)

    Bug Fixes

    • spanner/spansql: fix invalid timestamp literal formats (#6077) (6ab8bed)

    Miscellaneous Chores

    bigquery: v1.33.0

    1.33.0 (2022-06-16)

    Features

    • bigquery/migration: Add SQL Server dialect to bigquerymigration v2 client library (90489b1)

    ... (truncated)

    Commits

    Dependabot compatibility score

    Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


    Dependabot commands and options

    You can trigger Dependabot actions by commenting on this PR:

    • @dependabot rebase will rebase this PR
    • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
    • @dependabot merge will merge this PR after your CI passes on it
    • @dependabot squash and merge will squash and merge this PR after your CI passes on it
    • @dependabot cancel merge will cancel a previously requested merge and block automerging
    • @dependabot reopen will reopen this PR if it is closed
    • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
    • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    dependencies go 
    opened by dependabot[bot] 0
  • Allow naming additional parameters and display them in the results

    Allow naming additional parameters and display them in the results

    This extends the command line syntax to support naming additional parameters: [<name>:]<value>:<weight>:<max_threshold>

    And it displays additional parameters in the results:

    $ python3 -m criticality_score.run --repo repo --params p1:10:1:12 12:1:2 p3:1:2:3 ... p1: 10.0 Unnamed param # 1: 12.0 p3: 1.0 criticality_score: 0.44264

    This also changes additional parameters from int to float.

    This addresses issue #109.

    Signed-off-by: Arnaud J Le Hors [email protected]

    opened by lehors 0
  • Additional parameters aren't listed in the results

    Additional parameters aren't listed in the results

    The command line currently supports the --params flag to add parameters to be included in the calculation of the criticality score but those aren't listed in the output. The output should allow naming the additional parameters and include them in the output along with the rest.

    opened by lehors 0
  • Rebuild criticality score project to improve its reliability and scalability.

    Rebuild criticality score project to improve its reliability and scalability.

    The current implementation of criticality_score available in this repo has been stagnant for a while.

    It has some serious problems with how it enumerates projects on GitHub (see #33), and lacks robust support for non-GitHub projects (see #29).

    There are problems with the existing signals being collected (see #55, #102) and interest in exploring other signals and approaches (#53, #102 deps.dev, #31, #82, etc).

    Additionally, in #102 I propose an approach to improving the quality of the criticality score.


    With all this in mind I am planning a rebuild of this project to:

    • allow anyone using this project to generate comparable results to someone else
    • improve the extensibility of the project to better allow new project sources (i.e. GitLab, et al) and signals (e.g. deps.dev)
    • export raw signal data to allow exploration and experimentation (to BigQuery)
    • solve GitHub project enumeration problems

    I also have a view to normalize GitHub/GitLab/etc API usage with Scorecards to reduce some of the duplication between these projects, which pushes this work towards Go.

    The long term view is to automate updates to the raw signals and criticality scores for projects.

    I am currently documenting a plan for an initial milestone which I hope to share in this issue soon.

    opened by calebbrown 1
Releases(v1.0.7)
Owner
Open Source Security Foundation (OpenSSF)
Open Source Security Foundation (OpenSSF)
Bubbly is an open-source platform that gives you confidence in your continuous release process.

Bubbly Bubbly - Release Readiness in a Bubble Bubbly emerged from a need that many lean software teams practicing Continuous Integration and Delivery

Valocode 33 Jun 11, 2022
Get live cricket score right in your terminal.

cric Get cricket score right in your terminal. How to use?! Make sure you have Node.js installed on your machine and just type the following command w

Tushar Choudhari 2 Feb 4, 2022
Parse NYT crossword puzzle score screenshots and extract the times.

Parse NYT crossword puzzle score screenshots and extract the times.

Keegan Campbell 3 Mar 11, 2022
Go library for calculating the Nutri-Score of foods and beverages.

nutriscore Go library for calculating the Nutri-Score Based on https://www.santepubliquefrance.fr/content/download/150263/file/2021_07_21_QR_scientifi

Evgeniy Vasilev 1 Dec 23, 2021
Magma: Gives network operators an open, flexible and extendable mobile core network solution

Connecting the Next Billion People Magma is an open-source software platform tha

nikhilc 0 Dec 24, 2021
SigNoz helps developers monitor their applications & troubleshoot problems, an open-source alternative to DataDog, NewRelic, etc. 🔥 🖥. 👉 Open source Application Performance Monitoring (APM) & Observability tool

Monitor your applications and troubleshoot problems in your deployed applications, an open-source alternative to DataDog, New Relic, etc. Documentatio

SigNoz 4.7k Sep 24, 2021
An open-source, distributed, cloud-native CD (Continuous Delivery) product designed for developersAn open-source, distributed, cloud-native CD (Continuous Delivery) product designed for developers

Developer-oriented Continuous Delivery Product ⁣ English | 简体中文 Table of Contents Zadig Table of Contents What is Zadig Quick start How to use? How to

null 0 Oct 19, 2021
Configure is a Go package that gives you easy configuration of your project through redundancy

Configure Configure is a Go package that gives you easy configuration of your project through redundancy. It has an API inspired by negroni and the fl

Harrison Shoebridge 56 Feb 22, 2022
Open-IM-Server is open source instant messaging Server.Backend in Go.

Open-IM-Server Open-IM-Server: Open source Instant Messaging Server Instant messaging server. Backend in pure Golang, wire transport protocol is JSON

OpenIM Corporation 8.6k Jun 30, 2022
Open-IM-Server is open source instant messaging Server.Backend in Go.

Open-IM-Server is open source instant messaging Server.Backend in Go.

OpenIM Corporation 8.5k Jun 23, 2022
go-opa-validate is an open-source lib that evaluates OPA (open policy agent) policy against JSON or YAML data.

go-opa-validate go-opa-validate is an open-source lib that evaluates OPA (open policy agent) policy against JSON or YAML data. Installation Usage Cont

chenk 5 Feb 5, 2022
mesh-kridik is an open-source security scanner that performs various security checks on a Kubernetes cluster with istio service mesh and is leveraged by OPA (Open Policy Agent) to enforce security rules.

mesh-kridik Enhance your Kubernetes service mesh security !! mesh-kridik is an open-source security scanner that performs various security checks on a

chenk 22 May 18, 2022
go-opa-validate is an open-source lib that evaluates OPA (open policy agent) policy against JSON or YAML data.

go-opa-validate go-opa-validate is an open-source lib that evaluates OPA (open policy agent) policy against JSON or YAML data. Installation Usage Cont

chenk 5 Feb 5, 2022
onnx-go gives the ability to import a pre-trained neural network within Go without being linked to a framework or library.

This is a Go Interface to Open Neural Network Exchange (ONNX). Overview onnx-go contains primitives to decode a onnx binary model into a computation b

Olivier Wulveryck 399 Jun 22, 2022
Pixie gives you instant visibility by giving access to metrics, events, traces and logs without changing code.

Pixie gives you instant visibility by giving access to metrics, events, traces and logs without changing code.

Pixie Labs 3.5k Jun 29, 2022
A cowin bot that gives you an update whenever it finds a vacancy in your region

go-cowin-bot A cowin bot that will give you an update on discord whenever it finds a vacancy for the parameters provided Setup: download go-cowin-bot

Varun Sapre 4 Mar 29, 2022
Gowl is a process management and process monitoring tool at once. An infinite worker pool gives you the ability to control the pool and processes and monitor their status.

Gowl is a process management and process monitoring tool at once. An infinite worker pool gives you the ability to control the pool and processes and monitor their status.

Hamed Yousefi 21 Jun 14, 2022
A Telegram Repo For Bots Under Maintenance Which Gives Faster Response To Users

Maintenance Bot A Telegram Repo For Bots Under Maintenance Which Gives Faster Response To Users Requests » Report a Bug | Request Feature Table of Con

HEIMAN PICTURES 9 Mar 21, 2022
Emulate a Vikings War of Clans battle with the real game mechanics and gives you the results of your emulated rapport!

VikingsStatsCalc Emulate a Vikings War of Clans battle with the real game mechanics and gives you the results of your emulated rapport! TODO Introduce

Spar 7 Apr 19, 2022
`ctxio` gives `io.copy` operations the ability to cancel with context and retrieve progress data.

ctxio The ctxio package gives golang io.copy operations the ability to terminate with context and retrieve progress data. Install go get github.com/

Binalyze 11 Apr 17, 2022
A restart tracker that gives context to what is restarting in your cluster

A restart tracker that gives context to what is restarting in your cluster

Soraro Labs 45 Apr 27, 2022
Peimports - based on golang's debug/pe this package gives quick access to the ordered imports of pe files with ordinal support

This code is almost entirely derived from the Go standard library's debug/pe package. It didn't provide access to ordinal based entries in the IAT and

Mike Wiacek 0 Jan 5, 2022
A Discord bot that automatically retrieves ELO ratings for Age of Empires 4 and gives users custom roles.

AOE 4 ELO Bot This is a Discord bot that automatically retrieves ELO ratings for Age of Empires 4 and gives users custom roles. Uses the public API fo

Alexis Geoffrey 1 May 13, 2022
The sntr command-line program gives you convenient access to Sentry directly from your terminal.

sntr: all of Sentry at your fingertips The sntr command-line program gives you convenient access to Sentry directly from your terminal. Disclaimer: th

Rodolfo Carvalho 0 Jan 31, 2022
A self-bot that gives data about minecraft names, droptimes, upcoming 3 chars and more.

Commands !searches <input> - Grabs a usernames searches !info <input> - Gets information on the account.. cape, skin, uuid etc. !droptime <input> - ge

null 1 Feb 13, 2022
Project Flogo is an open source ecosystem of opinionated event-driven capabilities to simplify building efficient & modern serverless functions, microservices & edge apps.

Project Flogo is an Open Source ecosystem for event-driven apps Ecosystem | Core | Flows | Streams | Flogo Rules | Go Developers | When to use Flogo |

TIBCO Software Inc. 2k Jun 23, 2022
This is an open source project for commonly used functions for the Go programming language.

Common Functions This is an open source project for commonly used functions for the Go programming language. This package need >= go 1.3 Code Conventi

ᴜɴᴋɴᴡᴏɴ 730 Jun 12, 2022
Project Kebe is the open-source Snap Store implementation.

Introduction Kebe intends to be a full replacement for the Snap Store. Quickstart Once you have an environment setup (for instance using https://githu

Free To Compute 23 Jun 15, 2022