Nathan Naveen nathannaveen
nathannaveen
/ Next Actionable Critical Deps Output
Created
January 26, 2024 18:18
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| the number of dependencies : the package name | |
| --------------------------------------------- | |
| 68 golang_golang.org/x_sys | |
| 46 golang_golang.org/x_text | |
| 43 golang_google.golang.org_protobuf | |
| 43 golang_golang.org/x_net | |
| 42 golang_github.com/golang_protobuf | |
| 41 deb_debian_base-files | |
| 35 deb_debian_tzdata | |
| 33 golang_google.golang.org_genproto |
nathannaveen
/ modelDependencies.json
Created
January 24, 2024 22:39
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| { | |
| "id": "13", | |
| "justification": "top-level package GUAC heuristic connecting to each file/package", | |
| "package": { | |
| "id": "10", | |
| "type": "guac", | |
| "namespaces": [ | |
| { | |
| "id": "12", | |
| "namespace": "random-namespace-2", |
nathannaveen
/ modelPackages.json
Created
January 24, 2024 22:38
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| { | |
| "id": "10", | |
| "type": "guac", | |
| "namespaces": [ | |
| { | |
| "id": "11", | |
| "namespace": "random-namespace-1", | |
| "names": [ | |
| { | |
| "id": "1", |
nathannaveen
/ main.go
Last active
January 23, 2024 16:48
Next Actionable Critical Dependency Example
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| package main | |
| import ( | |
| "context" | |
| "fmt" | |
| "log" | |
| "net/http" | |
| "sort" | |
| "time" |
nathannaveen
/ sbom.json
Created
October 16, 2023 14:00
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| { | |
| "spdxVersion": "SPDX-2.3", | |
| "dataLicense": "CC0-1.0", | |
| "SPDXID": "SPDXRef-DOCUMENT", | |
| "name": "golangci-lint", | |
| "documentNamespace": "https://anchore.com/syft/file/golangci-lint-2f12bc2f-33dd-49ac-a92e-aacd7fe39ade", | |
| "creationInfo": { | |
| "licenseListVersion": "3.22", | |
| "creators": [ | |
| "Organization: Anchore, Inc", |
nathannaveen
/ parsed.txt
Created
May 26, 2023 18:36
All dependencies of some OSSF repos parsed as GitHub repo URLs.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| https://github.com/Abirdcfly/dupword | |
| https://github.com/AdaLogics/go-fuzz-headers | |
| https://github.com/AkihiroSuda/containerd-fuse-overlayfs | |
| https://github.com/Antonboom/errname | |
| https://github.com/Antonboom/nilnil | |
| https://github.com/Azure/azure-amqp-common-go | |
| https://github.com/Azure/azure-pipeline-go | |
| https://github.com/Azure/azure-sdk-for-go | |
| https://github.com/Azure/azure-service-bus-go | |
| https://github.com/Azure/azure-storage-blob-go |
nathannaveen
/ score_modifed.csv
Created
May 26, 2023 16:50
The Criticality Score (https://github.com/ossf/criticality_score) of dependencies of some OSSF repos with modified weights. The modified weights can be found here: https://gist.github.com/nathannaveen/f9fb9c61afd21adb4dac708d61973ef0.
We can make this file beautiful and searchable if this error is corrected: It looks like row 6 should actually have 17 columns, instead of 1. in line 5.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| repo.url,repo.language,repo.license,repo.star_count,repo.created_at,repo.updated_at,legacy.created_since,legacy.updated_since,legacy.contributor_count,legacy.org_count,legacy.commit_frequency,legacy.recent_release_count,legacy.updated_issues_count,legacy.closed_issues_count,legacy.issue_comment_frequency,legacy.github_mention_count,original_pike_modified_score | |
| https://github.com/moby/moby,Go,Apache License 2.0,65235,2013-01-18T18:10:57Z,2023-03-01T16:57:31Z,123,0,2385,11,39.27,19,16184,12678,1.85,28243,0.69588 | |
| https://github.com/hashicorp/consul,Go,Mozilla Public License 2.0,26119,2013-11-04T22:15:27Z,2023-03-01T22:21:32Z,113,0,983,2,53.9,38,14156,12938,1.94,4196,0.66780 | |
| https://github.com/containerd/containerd,Go,Apache License 2.0,13296,2015-11-05T23:29:53Z,2023-03-02T01:25:05Z,89,0,577,8,31.19,35,7201,6695,4.17,10619,0.66043 | |
| https://github.com/etcd-io/etcd,Go,Apache License 2.0,42726,2013-06-07T00:43:32Z,2023-02-28T08:52:01Z,118,0,920,5,30.69,11,14589,14377,2,6264,0.63869 | |
| https://github.com/prometheus/prom |
nathannaveen
/ pike_modified.yml
Created
May 26, 2023 16:47
A modified set of weights based on the original set of weights defined for the criticality score project using Rob Pike's algorithm.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Copyright 2022 Criticality Score Authors | |
| # | |
| # Licensed under the Apache License, Version 2.0 (the "License"); | |
| # you may not use this file except in compliance with the License. | |
| # You may obtain a copy of the License at | |
| # | |
| # https://www.apache.org/licenses/LICENSE-2.0 | |
| # | |
| # Unless required by applicable law or agreed to in writing, software | |
| # distributed under the License is distributed on an "AS IS" BASIS, |
nathannaveen
/ score.csv
Created
May 26, 2023 16:39
The Criticality Score (https://github.com/ossf/criticality_score) of dependencies of some OSSF repos with default weights.
We can make this file beautiful and searchable if this error is corrected: It looks like row 6 should actually have 17 columns, instead of 3. in line 5.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| repo.url,repo.language,repo.license,repo.star_count,repo.created_at,repo.updated_at,legacy.created_since,legacy.updated_since,legacy.contributor_count,legacy.org_count,legacy.commit_frequency,legacy.recent_release_count,legacy.updated_issues_count,legacy.closed_issues_count,legacy.issue_comment_frequency,legacy.github_mention_count,original_pike_score | |
| https://github.com/moby/moby,Go,Apache License 2.0,65235,2013-01-18T18:10:57Z,2023-03-01T16:57:31Z,123,0,2385,11,39.27,19,16184,12678,1.85,28243,0.83385 | |
| https://github.com/prometheus/prometheus,Go,Apache License 2.0,46959,2012-11-24T11:14:12Z,2023-03-01T12:21:02Z,124,0,896,9,19.1,39,10358,9476,2.9,15653,0.80515 | |
| https://github.com/docker/cli,Go,Apache License 2.0,3893,2013-02-14T01:10:00Z,2023-02-28T23:43:43Z,122,0,860,8,14.35,16,3988,3172,3.19,49129,0.80490 | |
| https://github.com/containerd/containerd,Go,Apache License 2.0,13296,2015-11-05T23:29:53Z,2023-03-02T01:25:05Z,89,0,577,8,31.19,35,7201,6695,4.17,10619,0.79580 | |
| https://github.com/goreleaser/goreleaser,Go,MIT |