{"id":16788637,"url":"https://github.com/breml/depcaps","last_synced_at":"2025-07-14T17:31:52.114Z","repository":{"id":196300366,"uuid":"693824943","full_name":"breml/depcaps","owner":"breml","description":"map capabilities of dependencies against a set of allowed capabilities","archived":false,"fork":false,"pushed_at":"2024-09-17T05:02:02.000Z","size":121,"stargazers_count":1,"open_issues_count":0,"forks_count":0,"subscribers_count":2,"default_branch":"master","last_synced_at":"2024-09-17T07:55:14.505Z","etag":null,"topics":["capabilities","dependencies","go","golang","linter"],"latest_commit_sha":null,"homepage":"","language":"Go","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/breml.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2023-09-19T19:38:37.000Z","updated_at":"2024-09-17T05:02:00.000Z","dependencies_parsed_at":null,"dependency_job_id":"ff59bd25-69e1-4741-b573-6f3a45bd441c","html_url":"https://github.com/breml/depcaps","commit_stats":null,"previous_names":["breml/depcaps"],"tags_count":2,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/breml%2Fdepcaps","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/breml%2Fdepcaps/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/breml%2Fdepcaps/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/breml%2Fdepcaps/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/breml","download_url":"https://codeload.github.com/breml/depcaps/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":219853961,"owners_count":16556194,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["capabilities","dependencies","go","golang","linter"],"created_at":"2024-10-13T08:18:34.703Z","updated_at":"2025-07-14T17:31:52.099Z","avatar_url":"https://github.com/breml.png","language":"Go","funding_links":[],"categories":[],"sub_categories":[],"readme":"# depcaps - map capabilities of dependencies against a set of allowed capabilities\n\n**This was an experiment and I do no longer have the time to continue with it. Therefore I archive this repository.**\n\n[![Test Status](https://github.com/breml/depcaps/workflows/Go%20Matrix/badge.svg)](https://github.com/breml/depcaps/actions?query=workflow%3AGo%20Matrix) [![Go Report Card](https://goreportcard.com/badge/github.com/breml/depcaps)](https://goreportcard.com/report/github.com/breml/depcaps) [![License](https://img.shields.io/badge/license-MIT-blue.svg)](LICENSE)\n\ndepcaps maps capabilities of dependencies agains a set of allowed capabilities.\n\nList of reported capabilities:\n\n* CAPABILITY_UNSPECIFIED\n* CAPABILITY_SAFE\n* CAPABILITY_FILES\n* CAPABILITY_NETWORK\n* CAPABILITY_RUNTIME\n* CAPABILITY_READ_SYSTEM_STATE\n* CAPABILITY_MODIFY_SYSTEM_STATE\n* CAPABILITY_OPERATING_SYSTEM\n* CAPABILITY_SYSTEM_CALLS\n* CAPABILITY_ARBITRARY_EXECUTION\n* CAPABILITY_CGO\n* CAPABILITY_UNANALYZED\n* CAPABILITY_UNSAFE_POINTER\n* CAPABILITY_REFLECT\n* CAPABILITY_EXEC\n\n## Installation\n\nDownload `depcaps` from the [releases](https://github.com/breml/depcaps/releases) or get the latest version from source with:\n\n```shell\ngo get github.com/breml/depcaps/cmd/depcaps\n```\n\n## Usage\n\n### Shell\n\nCheck everything:\n\n```shell\ndepcaps ./...\n```\n\n### Config JSON file\n\nThe config JSON file allows to define a set of accepted capabilities. Capabilities\ncan be accepted globally or on a per package level.\n\nThe config JSON file has the following structure (`github.com/google/uuid` just\nserves as an example package):\n\n```json\n{\n  \"GlobalAllowedCapabilities\": {\n    \"CAPABILITY_UNSPECIFIED\": true\n  },\n  \"PackageAllowedCapabilities\": {\n    \"github.com/google/uuid\": {\n      \"CAPABILITY_RUNTIME\": true\n    }\n  }\n}\n```\n\n### Reference file\n\nA reference file can be generated by using [`capslock`](https://github.com/google/capslock):\n\n```shell\ncapslock -noisy -output json -packages ./... \u003e reference.json\n```\n\nIn order to verify against a `capslock` reference file the following command can be used:\n\n```shell\ndepcaps -reference reference.json ./...\n```\n\nA reference file and a config file might be combined. In this case, the actual\ncapabilities are first compared against the reference. The remaining offending\ncapabilites are then compared against the allowed capabilites in the config JSON.\nOnly the remaining offending capabilities after both comparisons are reported.\n\n## Inspiration\n\n* [capslock](https://github.com/google/capslock)\n* [Capslock: What is your code really capable of?](https://security.googleblog.com/2023/09/capslock-what-is-your-code-really.html)\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fbreml%2Fdepcaps","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fbreml%2Fdepcaps","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fbreml%2Fdepcaps/lists"}