Our project aims to evaluate and rank open-source projects based on their criticality within the open source ecosystem. Unlike traditional methods that rely solely on GitHub metrics, our project incorporates data from various Linux distributions, corresponding package managers and more code hosting platforms to provide a more comprehensive analysis. By collecting and analyzing metrics from multiple sources, this project offers a robust and comprehensive framework for assessing the criticality of open-source projects. With this ranking at hand, we will spend more resources on the security of these open-source projects.
Difference from ossf/criticality_score:
- Distribution Dependents: Collects data from various Linux distributions (e.g. Debian, Arch, Nix, Gentoo) and corresponding package managers to evaluate the dependency of open-source software.
- Support for All Git Repositories: Analyzes repositories from any Git platform, not just GitHub.
- Comprehensive Metrics Collection: Gathers a wider and more precise metrics from Git repositories and package managers, for example, the number of commits, organization count is more accurate than GitHub API.
- Friendly for Metrics Customization: Customizes any metrics used in the criticality evaluation algorithm other than metrics that can be only collected by Github API.
- No Dependency on Google Cloud or BigQuery: ossf/criticality_score depends on Google Cloud service, making it hard to migrate to other platforms. This project runs independently of specific cloud services, ensuring ease of deployment.
- Easy Deployment: Runs a script, and the system will be easily setup with Docker.
Provides Additional Information: Provides extra insights, such as relationships between projects and dependencies.
We greatly value your valuable feedback and look forward to your generous guidance!
Our project aims to evaluate and rank open-source projects based on their criticality within the open source ecosystem. Unlike traditional methods that rely solely on GitHub metrics, our project incorporates data from various Linux distributions, corresponding package managers and more code hosting platforms to provide a more comprehensive analysis. By collecting and analyzing metrics from multiple sources, this project offers a robust and comprehensive framework for assessing the criticality of open-source projects. With this ranking at hand, we will spend more resources on the security of these open-source projects.
Difference from ossf/criticality_score: - Distribution Dependents: Collects data from various Linux distributions (e.g. Debian, Arch, Nix, Gentoo) and corresponding package managers to evaluate the dependency of open-source software. - Support for All Git Repositories: Analyzes repositories from any Git platform, not just GitHub. - Comprehensive Metrics Collection: Gathers a wider and more precise metrics from Git repositories and package managers, for example, the number of commits, organization count is more accurate than GitHub API. - Friendly for Metrics Customization: Customizes any metrics used in the criticality evaluation algorithm other than metrics that can be only collected by Github API. - No Dependency on Google Cloud or BigQuery: ossf/criticality_score depends on Google Cloud service, making it hard to migrate to other platforms. This project runs independently of specific cloud services, ensuring ease of deployment. - Easy Deployment: Runs a script, and the system will be easily setup with Docker. Provides Additional Information: Provides extra insights, such as relationships between projects and dependencies.
We greatly value your valuable feedback and look forward to your generous guidance!