John Speed Meyers jspeed-meyers

## anaconda_scrape.py
"""Scrape anaconda package names and corresponding github links.

User provides a URL to the anaconda page that contains the package information
for one particular python version, e.g. 3.9, and for one particular platform,
e.g. linux 64. This program then extracts all the package names and associated
links (provided by Anaconda) for each package. This data is then exported
to a csv.
"""

import csv

## filter_packages_with_github_repos.py
"""Filter in packages with a GitHub link.

Take as input a .csv file with a field called clean_link, then
output only those values that include https://github.com.

The ouput should be a .txt file, each github link on its own line.
"""

import time

## summarize_by_contributor.py
"""Summarize GitGeo .csv results by contributor.

Input is a .csv file from GitGeo, which includes a column named 'country.'

Output is terminal output listing the count by contributor.
"""

import time

import pandas as pd

## qosf_scrape.py
"""Scrape quantum open source fund package links

Identify and store in CSV all GitHub links associated with quantum open source
fund projects. Projects without a GitHub link will not be included.

NOTE: User has to do a little manual cleaning after running this script.
"""

import csv

## scoredeck.sh
#!/bin/bash

# scoredeck.sh
# Collect scorecard data from a set of repos listed in repos.txt
# and store in files inside a data folder
#
# Usage:
# $ ./scoredeck.sh
#
# Requires GITHUB_AUTH_TOKEN to be set to a valid GitHub personal access

## get_github_org_repos.py
# collect all non-archived repo names associated with one GitHub organization and
# save in text file.
#
# USAGE:
#
# export GITHUB_AUTH_TOKEN=lkdjflkdjglkdjlkjg
#
# python get_org_repos.py
#
# NOTE:

## parse_scorecard_json.py
# Parse json files created by scorecard tool and store results in
# a csv
#
# Usage:
#
# python parse_scorecard_json.py
#
#
# Note: Results are stored in a csv folder in a timestamped csv
#

## create-scorecards-histogram.py
import matplotlib.pyplot as plt
import pandas as pd

df = pd.read_csv("csv/FILENAE.csv")

# create plot
fig, ax = plt.subplots(figsize=(6,4)) # size of sub-figures

n, _, _ = plt.hist(df.score, bins=[i/4 for i in range(0, 40)])

## deps_dev_retrieve_most_depended_upon_packages.sql
DECLARE LatestSnapshot TIMESTAMP;

SET LatestSnapshot = (SELECT MAX(Time) FROM `bigquery-public-data.deps_dev_v1.Snapshots`);

WITH
-- Releases includes every release of every package.
Releases AS (
SELECT
System,
Name,

## calculate_attack_surface_reduction.py
"""Calculate attack surface reduction percentage for pairs of container images.

This script calculates the number of packages present in each image and then
calculates the reduction in "attack surface."

Note: Must install syft (https://github.com/anchore/syft) to use.

Author: John Speed Meyers (jsmeyers@chainguard.dev)
"""
	"""Scrape anaconda package names and corresponding github links.

	User provides a URL to the anaconda page that contains the package information
	for one particular python version, e.g. 3.9, and for one particular platform,
	e.g. linux 64. This program then extracts all the package names and associated
	links (provided by Anaconda) for each package. This data is then exported
	to a csv.
	"""

	import csv
	"""Filter in packages with a GitHub link.

	Take as input a .csv file with a field called clean_link, then
	output only those values that include https://github.com.

	The ouput should be a .txt file, each github link on its own line.
	"""

	import time
	"""Summarize GitGeo .csv results by contributor.

	Input is a .csv file from GitGeo, which includes a column named 'country.'

	Output is terminal output listing the count by contributor.
	"""

	import time

	import pandas as pd
	"""Scrape quantum open source fund package links

	Identify and store in CSV all GitHub links associated with quantum open source
	fund projects. Projects without a GitHub link will not be included.

	NOTE: User has to do a little manual cleaning after running this script.
	"""

	import csv
	#!/bin/bash

	# scoredeck.sh
	# Collect scorecard data from a set of repos listed in repos.txt
	# and store in files inside a data folder
	#
	# Usage:
	# $ ./scoredeck.sh
	#
	# Requires GITHUB_AUTH_TOKEN to be set to a valid GitHub personal access
	# collect all non-archived repo names associated with one GitHub organization and
	# save in text file.
	#
	# USAGE:
	#
	# export GITHUB_AUTH_TOKEN=lkdjflkdjglkdjlkjg
	#
	# python get_org_repos.py
	#
	# NOTE:
	# Parse json files created by scorecard tool and store results in
	# a csv
	#
	# Usage:
	#
	# python parse_scorecard_json.py
	#
	#
	# Note: Results are stored in a csv folder in a timestamped csv
	#
	import matplotlib.pyplot as plt
	import pandas as pd

	df = pd.read_csv("csv/FILENAE.csv")

	# create plot
	fig, ax = plt.subplots(figsize=(6,4)) # size of sub-figures

	n, _, _ = plt.hist(df.score, bins=[i/4 for i in range(0, 40)])
	DECLARE LatestSnapshot TIMESTAMP;

	SET LatestSnapshot = (SELECT MAX(Time) FROM `bigquery-public-data.deps_dev_v1.Snapshots`);

	WITH
	-- Releases includes every release of every package.
	Releases AS (
	SELECT
	System,
	Name,
	"""Calculate attack surface reduction percentage for pairs of container images.

	This script calculates the number of packages present in each image and then
	calculates the reduction in "attack surface."

	Note: Must install syft (https://github.com/anchore/syft) to use.

	Author: John Speed Meyers (jsmeyers@chainguard.dev)
	"""