{"id":34089541,"url":"https://github.com/17451k/clade","last_synced_at":"2026-03-17T16:05:03.938Z","repository":{"id":32766595,"uuid":"137208430","full_name":"17451k/clade","owner":"17451k","description":"Clade is a tool for extracting information about software build process and source code","archived":false,"fork":false,"pushed_at":"2023-12-18T09:26:58.000Z","size":2535,"stargazers_count":22,"open_issues_count":8,"forks_count":5,"subscribers_count":4,"default_branch":"master","last_synced_at":"2026-01-05T09:38:48.664Z","etag":null,"topics":["build-tool","callgraph","compilation-database","source-code-analysis"],"latest_commit_sha":null,"homepage":"","language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/17451k.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null}},"created_at":"2018-06-13T11:48:44.000Z","updated_at":"2025-08-13T04:07:10.000Z","dependencies_parsed_at":"2023-10-03T18:31:02.032Z","dependency_job_id":"967a0308-55df-488d-a1fd-515d4241a821","html_url":"https://github.com/17451k/clade","commit_stats":{"total_commits":960,"total_committers":8,"mean_commits":120.0,"dds":"0.17604166666666665","last_synced_commit":"b7de9b157288187711329be13e85d0ec90d350b1"},"previous_names":[],"tags_count":68,"template":false,"template_full_name":null,"purl":"pkg:github/17451k/clade","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/17451k%2Fclade","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/17451k%2Fclade/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/17451k%2Fclade/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/17451k%2Fclade/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/17451k","download_url":"https://codeload.github.com/17451k/clade/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/17451k%2Fclade/sbom","scorecard":{"id":1667,"data":{"date":"2025-08-11","repo":{"name":"github.com/17451k/clade","commit":"b06da1c41cf14e58781b5735fbcab36190eaf0d3"},"scorecard":{"version":"v5.2.1-40-gf6ed084d","commit":"f6ed084d17c9236477efd66e5b258b9d4cc7b389"},"score":3.4,"checks":[{"name":"Dangerous-Workflow","score":10,"reason":"no dangerous workflow patterns detected","details":null,"documentation":{"short":"Determines if the project's GitHub Action workflows avoid dangerous patterns.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#dangerous-workflow"}},{"name":"Maintained","score":0,"reason":"0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0","details":null,"documentation":{"short":"Determines if the project is \"actively maintained\".","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#maintained"}},{"name":"Code-Review","score":0,"reason":"Found 0/27 approved changesets -- score normalized to 0","details":null,"documentation":{"short":"Determines if the project requires human code review before pull requests (aka merge requests) are merged.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#code-review"}},{"name":"CII-Best-Practices","score":0,"reason":"no effort to earn an OpenSSF best practices badge detected","details":null,"documentation":{"short":"Determines if the project has an OpenSSF (formerly CII) Best Practices Badge.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#cii-best-practices"}},{"name":"Binary-Artifacts","score":10,"reason":"no binaries found in the repo","details":null,"documentation":{"short":"Determines if the project has generated executable (binary) artifacts in the source repository.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#binary-artifacts"}},{"name":"Token-Permissions","score":0,"reason":"detected GitHub workflow tokens with excessive permissions","details":["Warn: no topLevel permission defined: .github/workflows/black.yml:1","Warn: no topLevel permission defined: .github/workflows/deploy.yml:1","Warn: no topLevel permission defined: .github/workflows/test.yml:1","Warn: no topLevel permission defined: .github/workflows/tinyconfig.yml:1","Info: no jobLevel write permissions found"],"documentation":{"short":"Determines if the project's workflows follow the principle of least privilege.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#token-permissions"}},{"name":"Pinned-Dependencies","score":0,"reason":"dependency not pinned by hash detected -- score normalized to 0","details":["Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/black.yml:9: update your workflow using https://app.stepsecurity.io/secureworkflow/17451k/clade/black.yml/master?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/black.yml:10: update your workflow using https://app.stepsecurity.io/secureworkflow/17451k/clade/black.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/deploy.yml:14: update your workflow using https://app.stepsecurity.io/secureworkflow/17451k/clade/deploy.yml/master?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/deploy.yml:17: update your workflow using https://app.stepsecurity.io/secureworkflow/17451k/clade/deploy.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/deploy.yml:19: update your workflow using https://app.stepsecurity.io/secureworkflow/17451k/clade/deploy.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/deploy.yml:27: update your workflow using https://app.stepsecurity.io/secureworkflow/17451k/clade/deploy.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/deploy.yml:32: update your workflow using https://app.stepsecurity.io/secureworkflow/17451k/clade/deploy.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/deploy.yml:41: update your workflow using https://app.stepsecurity.io/secureworkflow/17451k/clade/deploy.yml/master?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/deploy.yml:46: update your workflow using https://app.stepsecurity.io/secureworkflow/17451k/clade/deploy.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test.yml:15: update your workflow using https://app.stepsecurity.io/secureworkflow/17451k/clade/test.yml/master?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/test.yml:16: update your workflow using https://app.stepsecurity.io/secureworkflow/17451k/clade/test.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test.yml:19: update your workflow using https://app.stepsecurity.io/secureworkflow/17451k/clade/test.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/tinyconfig.yml:10: update your workflow using https://app.stepsecurity.io/secureworkflow/17451k/clade/tinyconfig.yml/master?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/tinyconfig.yml:11: update your workflow using https://app.stepsecurity.io/secureworkflow/17451k/clade/tinyconfig.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/tinyconfig.yml:14: update your workflow using https://app.stepsecurity.io/secureworkflow/17451k/clade/tinyconfig.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/tinyconfig.yml:52: update your workflow using https://app.stepsecurity.io/secureworkflow/17451k/clade/tinyconfig.yml/master?enable=pin","Warn: pipCommand not pinned by hash: .github/workflows/test.yml:31","Warn: pipCommand not pinned by hash: .github/workflows/test.yml:32","Warn: pipCommand not pinned by hash: .github/workflows/test.yml:33","Warn: pipCommand not pinned by hash: .github/workflows/tinyconfig.yml:25","Warn: pipCommand not pinned by hash: .github/workflows/tinyconfig.yml:26","Warn: pipCommand not pinned by hash: .github/workflows/tinyconfig.yml:27","Info:   0 out of  11 GitHub-owned GitHubAction dependencies pinned","Info:   0 out of   5 third-party GitHubAction dependencies pinned","Info:   0 out of   6 pipCommand dependencies pinned"],"documentation":{"short":"Determines if the project has declared and pinned the dependencies of its build process.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#pinned-dependencies"}},{"name":"Vulnerabilities","score":10,"reason":"0 existing vulnerabilities detected","details":null,"documentation":{"short":"Determines if the project has open, known unfixed vulnerabilities.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#vulnerabilities"}},{"name":"Security-Policy","score":0,"reason":"security policy file not detected","details":["Warn: no security policy file detected","Warn: no security file to analyze","Warn: no security file to analyze","Warn: no security file to analyze"],"documentation":{"short":"Determines if the project has published a security policy.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#security-policy"}},{"name":"Fuzzing","score":0,"reason":"project is not fuzzed","details":["Warn: no fuzzer integrations found"],"documentation":{"short":"Determines if the project uses fuzzing.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#fuzzing"}},{"name":"Packaging","score":-1,"reason":"packaging workflow not detected","details":["Warn: no GitHub/GitLab publishing workflow detected."],"documentation":{"short":"Determines if the project is published as a package that others can easily download, install, easily update, and uninstall.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#packaging"}},{"name":"License","score":10,"reason":"license file detected","details":["Info: project has a license file: LICENSE:0","Info: FSF or OSI recognized license: Apache License 2.0: LICENSE:0"],"documentation":{"short":"Determines if the project has defined a license.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#license"}},{"name":"Signed-Releases","score":-1,"reason":"no releases found","details":null,"documentation":{"short":"Determines if the project cryptographically signs release artifacts.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#signed-releases"}},{"name":"Branch-Protection","score":0,"reason":"branch protection not enabled on development/release branches","details":["Warn: branch protection not enabled for branch 'master'"],"documentation":{"short":"Determines if the default and release branches are protected with GitHub's branch protection settings.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#branch-protection"}},{"name":"SAST","score":0,"reason":"SAST tool is not run on all commits -- score normalized to 0","details":["Warn: 0 commits out of 3 are checked with a SAST tool"],"documentation":{"short":"Determines if the project uses static code analysis.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#sast"}}]},"last_synced_at":"2025-08-14T12:41:22.335Z","repository_id":32766595,"created_at":"2025-08-14T12:41:22.335Z","updated_at":"2025-08-14T12:41:22.335Z"},"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":30626906,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-03-17T14:16:03.965Z","status":"ssl_error","status_checked_at":"2026-03-17T14:16:03.380Z","response_time":56,"last_error":"SSL_read: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["build-tool","callgraph","compilation-database","source-code-analysis"],"created_at":"2025-12-14T14:02:23.484Z","updated_at":"2026-03-17T16:05:03.931Z","avatar_url":"https://github.com/17451k.png","language":"Python","funding_links":[],"categories":[],"sub_categories":[],"readme":"[![GitHub Actions status](https://github.com/17451k/clade/workflows/test/badge.svg)](https://github.com/17451k/clade/actions?query=workflow%3Atest)\n[![Supported Versions of Python](https://img.shields.io/pypi/pyversions/clade.svg)](https://pypi.org/project/clade)\n[![PyPI package version](https://img.shields.io/pypi/v/clade.svg)](https://pypi.org/project/clade)\n\n# Clade\n\nClade is a tool for intercepting build commands (stuff like compilation,\nlinking, mv, rm, and all other commands that are executed during build).\nIntercepted commands can be parsed (to search for input and output files,\nand options) and then used for various purposes:\n\n- generating [compilation database](https://clang.llvm.org/docs/JSONCompilationDatabase.html);\n- obtaining information about dependencies between source and object files;\n- obtaining information about the source code (source code querying);\n- generating function call graph;\n- running software verification tools;\n- visualization of all collected information;\n- *and for much more*.\n\nThe interception of build commands is independent of the project type\nand used programming languages.\nHowever, all other functionality available in Clade **IS** dependent.\nCurrently only C projects are supported, but other languages and additional\nfunctionality can be supported through the built-in *extension mechanism*.\n\n## Prerequisites\n\nAn important part of Clade - a build commands intercepting library -\nis written in C and it needs to be compiled before use.\nIt will be performed automatically at the installation stage, but you will\nneed to install some prerequisites beforehand:\n\n- Python 3 (\u003e=3.5)\n- pip (Python package manager)\n- cmake (\u003e=3.3)\n\n*Linux only*:\n\n- make\n- C **and** C++ compiler (gcc or clang)\n- python3-dev (Ubuntu) or python3-devel (openSUSE) package\n- gcc-multilib (Ubuntu) or gcc-32bit (openSUSE) package\n  to intercept build commands of projects leveraging multilib capabilities\n\n*Windows only*:\n\n- Microsoft Visual C++ Build Tools\n\nOptional dependencies:\n\n- For obtaining information about the C code you will need [CIF](https://github.com/17451k/cif)\n  installed. CIF is an interface to [Aspectator](https://github.com/17451k/aspectator) which in turn is a GCC\n  based tool that implements aspect-oriented programming for the C programming\n  language. You may download compiled CIF on [CIF releases](https://github.com/17451k/cif/releases) page.\n- Graphviz for some visualization capabilities.\n\nClade works on Linux, macOS and partially on Windows.\n\n## Hardware requirements\n\nIf you want to run Clade on a large project, like the Linux kernel,\nyou will need at least 16GB of RAM and 100GB of free disk space\nfor temporary files. The size of generated data will be approximately\n10GB, so the space used for temporary files will be freed at the end.\nAlso several CPU cores are recommended, since in some cases Clade takes\ntwice as long time than a typical build process.\n\n## Installation\n\nTo install the latest stable version just run the following command:\n\n``` shell\npython3 -m pip install clade\n```\n\n## Documentation\n\nFollowing documentation is available:\n* [Basic usage](docs/usage.md)\n* [Available configuration options](docs/configuration.md)\n* [Extensions](docs/extensions.md)\n* [Scripts](docs/scripts.md)\n* [Troubleshooting](docs/troubleshooting.md)\n* [Development documentation](docs/dev.md)\n\nYou can also download an example of Clade output on the Linux kernel\n(configuration tinyconfig) [from here](https://github.com/17451k/clade/suites/16820630511/artifacts/960641341) (around 40MB).\n\n## Acknowledgments\n\nClade is inspired by the [Bear](https://github.com/rizsotto/Bear) project created by [László Nagy](https://github.com/rizsotto).\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2F17451k%2Fclade","html_url":"https://awesome.ecosyste.ms/projects/github.com%2F17451k%2Fclade","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2F17451k%2Fclade/lists"}