{"id":20127567,"url":"https://github.com/ctc-oss/fapolicy-analyzer","last_synced_at":"2026-02-01T05:14:18.720Z","repository":{"id":37050796,"uuid":"330963873","full_name":"ctc-oss/fapolicy-analyzer","owner":"ctc-oss","description":"Tools to assist with the configuration and management of fapolicyd.","archived":false,"fork":false,"pushed_at":"2026-01-28T00:34:45.000Z","size":2116,"stargazers_count":19,"open_issues_count":113,"forks_count":6,"subscribers_count":4,"default_branch":"master","last_synced_at":"2026-01-28T15:52:18.436Z","etag":null,"topics":["fapolicyd","fedora","pyo3","python","rhel","rust","security","whitelisting"],"latest_commit_sha":null,"homepage":"https://ctc-oss.github.io/fapolicy-analyzer","language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"gpl-3.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/ctc-oss.png","metadata":{"files":{"readme":"README.md","changelog":"CHANGELOG.md","contributing":"CONTRIBUTING.md","funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":null,"dco":null,"cla":null}},"created_at":"2021-01-19T11:54:14.000Z","updated_at":"2026-01-28T00:34:50.000Z","dependencies_parsed_at":"2024-01-22T07:44:37.654Z","dependency_job_id":"0ebc164a-9a81-4200-8987-ebd60e5c5ecd","html_url":"https://github.com/ctc-oss/fapolicy-analyzer","commit_stats":null,"previous_names":[],"tags_count":79,"template":false,"template_full_name":null,"purl":"pkg:github/ctc-oss/fapolicy-analyzer","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ctc-oss%2Ffapolicy-analyzer","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ctc-oss%2Ffapolicy-analyzer/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ctc-oss%2Ffapolicy-analyzer/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ctc-oss%2Ffapolicy-analyzer/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/ctc-oss","download_url":"https://codeload.github.com/ctc-oss/fapolicy-analyzer/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ctc-oss%2Ffapolicy-analyzer/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":28969086,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-02-01T04:44:20.970Z","status":"ssl_error","status_checked_at":"2026-02-01T04:44:19.994Z","response_time":56,"last_error":"SSL_connect returned=1 errno=0 peeraddr=140.82.121.6:443 state=error: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["fapolicyd","fedora","pyo3","python","rhel","rust","security","whitelisting"],"created_at":"2024-11-13T20:22:26.461Z","updated_at":"2026-02-01T05:14:18.715Z","avatar_url":"https://github.com/ctc-oss.png","language":"Python","funding_links":[],"categories":[],"sub_categories":[],"readme":"\u003cdiv align=\"center\"\u003e\n  \u003ch1\u003e\u003csamp\u003eFile Access Policy Analyzer\u003c/samp\u003e\u003c/h1\u003e\n\n\n\u003cp\u003e\n\u003ca href=\"https://packages.fedoraproject.org/pkgs/fapolicy-analyzer/fapolicy-analyzer/\"\u003e\u003cimg src=\"https://img.shields.io/fedora/v/fapolicy-analyzer?logo=fedora\u0026label=Fedora\u0026color=3c6eb4\"\u003e\u003c/a\u003e\n\u003ca href=\"https://github.com/ctc-oss/fapolicy-analyzer/releases\"\u003e\u003cimg src=\"https://img.shields.io/github/v/release/ctc-oss/fapolicy-analyzer?color=4078c0\u0026include_prereleases\u0026label=GitHub\u0026logo=github\"\u003e\u003c/a\u003e\n\u003ca href=\"https://copr.fedorainfracloud.org/coprs/ctc-oss/fapolicy-analyzer/\"\u003e\u003cimg src=\"https://img.shields.io/badge/dynamic/json?color=B87333\u0026logo=fedora\u0026label=Copr\u0026query=builds.latest.state\u0026url=https%3A%2F%2Fcopr.fedorainfracloud.org%2Fapi_3%2Fpackage%3Fownername%3Dctc-oss%26projectname%3Dfapolicy-analyzer%26packagename%3Dfapolicy-analyzer%26with_latest_build%3DTrue\"\u003e\u003c/a\u003e\n\u003cimg src=\"https://badgen.net/github/checks/ctc-oss/fapolicy-analyzer?label=CI\u0026icon=github\"\u003e\n\u003ca href=\"https://scan.coverity.com/projects/ctc-oss-fapolicy-analyzer\"\u003e\u003cimg src=\"https://img.shields.io/coverity/scan/26261?label=Coverity\"\u003e\u003c/a\u003e\n\u003cimg src=\"https://img.shields.io/github/license/ctc-oss/fapolicy-analyzer?color=3c6eb4\u0026label=License\"\u003e\n\u003c/p\u003e\n\n\u003cp\u003e\n\u003cstrong\u003eTools to assist with the configuration and management of \u003ca href=\"https://github.com/linux-application-whitelisting/fapolicyd\"\u003efapolicyd\u003c/a\u003e\u003c/strong\u003e\n\u003c/p\u003e\n\n\u003c/div\u003e\n\n## Features\n\n1. Rule editor with syntax highlighting, syntax validation, and policy linting\n2. Trust database manager to synchronize what fapolicyd believes and what exists on disk\n3. Log analyzer provides insight to help understand and tune fapolicyd runtime behavior\n4. Disk access profiler to capture file access requests for an executing application\n5. Configuration file editor for fapolicyd, with syntax validation and linting\n6. DBUS based control of the fapolicyd daemon which is immune to bad policy lockout\n\nSee the [**User Guide**][1] for details.\n\n## Building\n\nThe Policy Analyzer builds and runs with [**`uv`**](https://github.com/astral-sh/uv?tab=readme-ov-file#installation).\n\nSee [BUILD.md](BUILD.md) for environment setup and build instructions. \n\n## Installation\n\nYou can install the Policy Analyzer in one of the following ways\n\n\u003cdetails\u003e\n\n  \u003csummary\u003eFrom Fedora Packages\u003c/summary\u003e\n\n\u003ca href=\"https://packages.fedoraproject.org/pkgs/fapolicy-analyzer/fapolicy-analyzer/\"\u003e\u003cimg src=\"https://img.shields.io/fedora/v/fapolicy-analyzer?logo=fedora\u0026label=Fedora\u0026color=3c6eb4\"\u003e\u003c/a\u003e\n\nThis installation method is currently available for Fedora EPEL 8, EPEL 9, and Fedora 37 or later, including Rawhide.\n\n```sh\ndnf install fapolicy-analyzer\n```\n\n\u003c/details\u003e\n\n\u003cdetails\u003e\n\n  \u003csummary\u003eFrom GitHub releases\u003c/summary\u003e\n\n[![GitHub latest release](https://shields.io/github/v/release/ctc-oss/fapolicy-analyzer?color=3c6eb4\u0026display_name=tag\u0026sort=semver\u0026label=Stable\u0026logo=github)](https://github.com/ctc-oss/fapolicy-analyzer/releases/latest)\n[![GitHub Latest pre-release)](https://img.shields.io/github/v/release/ctc-oss/fapolicy-analyzer?color=3c6eb4\u0026include_prereleases\u0026label=Beta\u0026logo=github)](https://github.com/ctc-oss/fapolicy-analyzer/releases)\n![GitHub downloads](https://img.shields.io/github/downloads/ctc-oss/fapolicy-analyzer/total?color=3c6eb4\u0026logo=github)\n\nYou can install the Policy Analyzer through the installers available in\nthe [latest release](https://github.com/ctc-oss/fapolicy-analyzer/releases). \u003cbr\u003e\nChoose an RPM from the latest Fedora stable, Rawhide, and EPEL builds. \u003cbr\u003e\n\n\u003c/details\u003e\n\n\u003cdetails\u003e\n\n  \u003csummary\u003eFrom Fedora Copr\u003c/summary\u003e\n\n\u003ca href=\"https://copr.fedorainfracloud.org/coprs/ctc-oss/fapolicy-analyzer/\"\u003e\u003cimg src=\"https://img.shields.io/badge/dynamic/json?color=B87333\u0026logo=fedora\u0026label=Copr\u0026query=builds.latest.state\u0026url=https%3A%2F%2Fcopr.fedorainfracloud.org%2Fapi_3%2Fpackage%3Fownername%3Dctc-oss%26projectname%3Dfapolicy-analyzer%26packagename%3Dfapolicy-analyzer%26with_latest_build%3DTrue\"\u003e\u003c/a\u003e\n\nThe Copr repository contains the latest development builds and release builds prior to publishing to the Fedora\nrepositories.\n\nFollow this method to install a prerelease package.\n\n### Add Copr repository\n\nInstall the ctc-oss repo with\n\n```sh\ndnf install dnf-plugins-core\ndnf copr enable ctc-oss/fapolicy-analyzer\n```\n\n### Copr Release builds\n\nReleases packages of the Policy Analyzer are generally available from Copr a week before being available from Fedora.\n\nThe Policy Analyzer can be installed from the ctc-oss repository with the normal process\n\n`dnf install fapolicy-analyzer`\n\n### Copr pre-release builds\n\nPre-release packages of the Policy Analyzer for all targets are created using the latest commit to master.\n\nUse the `dev` tag + the commit number from the `master` branch, for example\n\n`dnf install fapolicy-analyzer-1.0.0~dev308`\n\nwill install the prerelease 1.0.0 version at the 308th commit on the master branch.\n\n\u003c/details\u003e\n\n\u003cdetails\u003e\n\n  \u003csummary\u003eFrom a containerized build environment\u003c/summary\u003e\n\nFollow this method only if you have cloned the GitHub repository and have Podman installed\n\n- `make fc-rpm` to build a Rawhide RPM\n- `make el-rpm` to build a RHEL 8 RPM\n\nAfter a successful build the container will copy the RPMs into the host `/tmp` directory.\n\n\u003c/details\u003e\n\n\n\u003cdetails\u003e\n\n  \u003csummary\u003eFrom a local development environment\u003c/summary\u003e\n\nFollow this method only if you have installed all required build tools\n\n`make run`\n\nSee [BUILD.md](BUILD.md) for required dependencies.\n\n\u003c/details\u003e\n\n## fapolicyd\n\nCompatible with v1.0+\n\nThe [![fapolicyd-badge](https://img.shields.io/github/labels/ctc-oss/fapolicy-analyzer/fapolicyd-feature?style=flat)][2]\nlabel tracks support for specific [capability][3].\n\n### fapolicyd.conf\n\nAnalyzing from syslog requires the following `syslog_format` entry:\n\n```\nsyslog_format = rule,dec,perm,uid,gid,pid,exe,:,path,ftype,trust\n```\n\n## Getting Help\n\n- See the [Known Issues](https://github.com/ctc-oss/fapolicy-analyzer/wiki/Known-Issues)\n- Start a [Discussion](https://github.com/ctc-oss/fapolicy-analyzer/discussions)\n- Create a new [Issue](https://github.com/ctc-oss/fapolicy-analyzer/issues)\n\n## License\n\nGPL v3\n\n[1]: https://github.com/ctc-oss/fapolicy-analyzer/wiki/User-Guide\n\n[2]: https://github.com/ctc-oss/fapolicy-analyzer/labels/fapolicyd-feature\n\n[3]: https://github.com/linux-application-whitelisting/fapolicyd/blob/main/ChangeLog\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fctc-oss%2Ffapolicy-analyzer","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fctc-oss%2Ffapolicy-analyzer","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fctc-oss%2Ffapolicy-analyzer/lists"}