Skip to content

Instantly share code, notes, and snippets.

View nathannaveen's full-sized avatar

Nathan Naveen nathannaveen

View GitHub Profile
the number of dependencies : the package name
---------------------------------------------
68 golang_golang.org/x_sys
46 golang_golang.org/x_text
43 golang_google.golang.org_protobuf
43 golang_golang.org/x_net
42 golang_github.com/golang_protobuf
41 deb_debian_base-files
35 deb_debian_tzdata
33 golang_google.golang.org_genproto
{
"id": "13",
"justification": "top-level package GUAC heuristic connecting to each file/package",
"package": {
"id": "10",
"type": "guac",
"namespaces": [
{
"id": "12",
"namespace": "random-namespace-2",
{
"id": "10",
"type": "guac",
"namespaces": [
{
"id": "11",
"namespace": "random-namespace-1",
"names": [
{
"id": "1",
@nathannaveen
nathannaveen / main.go
Last active January 23, 2024 16:48
Next Actionable Critical Dependency Example
package main
import (
"context"
"fmt"
"log"
"net/http"
"sort"
"time"
{
"spdxVersion": "SPDX-2.3",
"dataLicense": "CC0-1.0",
"SPDXID": "SPDXRef-DOCUMENT",
"name": "golangci-lint",
"documentNamespace": "https://anchore.com/syft/file/golangci-lint-2f12bc2f-33dd-49ac-a92e-aacd7fe39ade",
"creationInfo": {
"licenseListVersion": "3.22",
"creators": [
"Organization: Anchore, Inc",
@nathannaveen
nathannaveen / parsed.txt
Created May 26, 2023 18:36
All dependencies of some OSSF repos parsed as GitHub repo URLs.
https://github.com/Abirdcfly/dupword
https://github.com/AdaLogics/go-fuzz-headers
https://github.com/AkihiroSuda/containerd-fuse-overlayfs
https://github.com/Antonboom/errname
https://github.com/Antonboom/nilnil
https://github.com/Azure/azure-amqp-common-go
https://github.com/Azure/azure-pipeline-go
https://github.com/Azure/azure-sdk-for-go
https://github.com/Azure/azure-service-bus-go
https://github.com/Azure/azure-storage-blob-go
@nathannaveen
nathannaveen / score_modifed.csv
Created May 26, 2023 16:50
The Criticality Score (https://github.com/ossf/criticality_score) of dependencies of some OSSF repos with modified weights. The modified weights can be found here: https://gist.github.com/nathannaveen/f9fb9c61afd21adb4dac708d61973ef0.
We can make this file beautiful and searchable if this error is corrected: It looks like row 6 should actually have 17 columns, instead of 1 in line 5.
repo.url,repo.language,repo.license,repo.star_count,repo.created_at,repo.updated_at,legacy.created_since,legacy.updated_since,legacy.contributor_count,legacy.org_count,legacy.commit_frequency,legacy.recent_release_count,legacy.updated_issues_count,legacy.closed_issues_count,legacy.issue_comment_frequency,legacy.github_mention_count,original_pike_modified_score
https://github.com/moby/moby,Go,Apache License 2.0,65235,2013-01-18T18:10:57Z,2023-03-01T16:57:31Z,123,0,2385,11,39.27,19,16184,12678,1.85,28243,0.69588
https://github.com/hashicorp/consul,Go,Mozilla Public License 2.0,26119,2013-11-04T22:15:27Z,2023-03-01T22:21:32Z,113,0,983,2,53.9,38,14156,12938,1.94,4196,0.66780
https://github.com/containerd/containerd,Go,Apache License 2.0,13296,2015-11-05T23:29:53Z,2023-03-02T01:25:05Z,89,0,577,8,31.19,35,7201,6695,4.17,10619,0.66043
https://github.com/etcd-io/etcd,Go,Apache License 2.0,42726,2013-06-07T00:43:32Z,2023-02-28T08:52:01Z,118,0,920,5,30.69,11,14589,14377,2,6264,0.63869
https://github.com/prometheus/prom
@nathannaveen
nathannaveen / pike_modified.yml
Created May 26, 2023 16:47
A modified set of weights based on the original set of weights defined for the criticality score project using Rob Pike's algorithm.
# Copyright 2022 Criticality Score Authors
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# https://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
@nathannaveen
nathannaveen / score.csv
Created May 26, 2023 16:39
The Criticality Score (https://github.com/ossf/criticality_score) of dependencies of some OSSF repos with default weights.
We can make this file beautiful and searchable if this error is corrected: It looks like row 6 should actually have 17 columns, instead of 3 in line 5.
repo.url,repo.language,repo.license,repo.star_count,repo.created_at,repo.updated_at,legacy.created_since,legacy.updated_since,legacy.contributor_count,legacy.org_count,legacy.commit_frequency,legacy.recent_release_count,legacy.updated_issues_count,legacy.closed_issues_count,legacy.issue_comment_frequency,legacy.github_mention_count,original_pike_score
https://github.com/moby/moby,Go,Apache License 2.0,65235,2013-01-18T18:10:57Z,2023-03-01T16:57:31Z,123,0,2385,11,39.27,19,16184,12678,1.85,28243,0.83385
https://github.com/prometheus/prometheus,Go,Apache License 2.0,46959,2012-11-24T11:14:12Z,2023-03-01T12:21:02Z,124,0,896,9,19.1,39,10358,9476,2.9,15653,0.80515
https://github.com/docker/cli,Go,Apache License 2.0,3893,2013-02-14T01:10:00Z,2023-02-28T23:43:43Z,122,0,860,8,14.35,16,3988,3172,3.19,49129,0.80490
https://github.com/containerd/containerd,Go,Apache License 2.0,13296,2015-11-05T23:29:53Z,2023-03-02T01:25:05Z,89,0,577,8,31.19,35,7201,6695,4.17,10619,0.79580
https://github.com/goreleaser/goreleaser,Go,MIT