{"id":18564222,"url":"https://github.com/notashelf/ssa","last_synced_at":"2025-04-10T04:31:35.498Z","repository":{"id":259318962,"uuid":"876862001","full_name":"NotAShelf/ssa","owner":"NotAShelf","description":"Simple, streamlined and ✨ pretty ✨  aggregator for systemd-analyze security","archived":false,"fork":false,"pushed_at":"2024-11-29T08:50:12.000Z","size":63,"stargazers_count":7,"open_issues_count":0,"forks_count":0,"subscribers_count":1,"default_branch":"main","last_synced_at":"2025-04-05T20:16:45.701Z","etag":null,"topics":["aggregator","security","systemd"],"latest_commit_sha":null,"homepage":"","language":"Rust","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/NotAShelf.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2024-10-22T17:13:54.000Z","updated_at":"2025-03-23T17:25:42.000Z","dependencies_parsed_at":"2024-10-24T11:10:51.052Z","dependency_job_id":"ba64f8c6-2211-49a1-8e82-9173e2c99984","html_url":"https://github.com/NotAShelf/ssa","commit_stats":null,"previous_names":["notashelf/ssa"],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/NotAShelf%2Fssa","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/NotAShelf%2Fssa/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/NotAShelf%2Fssa/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/NotAShelf%2Fssa/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/NotAShelf","download_url":"https://codeload.github.com/NotAShelf/ssa/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":248157422,"owners_count":21057009,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["aggregator","security","systemd"],"created_at":"2024-11-06T22:14:38.450Z","updated_at":"2025-04-10T04:31:35.196Z","avatar_url":"https://github.com/NotAShelf.png","language":"Rust","funding_links":[],"categories":[],"sub_categories":[],"readme":"\u003cdiv align=\"center\"\u003e\n    \u003cimg src=\"https://deps.rs/repo/github/notashelf/ssa/status.svg\" alt=\"https://deps.rs/repo/github/notashelf/ssa\"\u003e\n    \u003cimg src=\"https://img.shields.io/github/stars/notashelf/ssa?label=stars\u0026color=DEA584\"\u003e\n    \u003ch1\u003eSSA\u003c/h1\u003e\n    \u003cp align=\"left\"\u003e\n    Simple, streamlined and ✨ pretty ✨  aggregator for the security report\n    generated by \u003ccode\u003esystemd-analyze security\u003c/code\u003e. Simply collects data\n    from JSON output and pretty-prints it for your viewing pleasure.\n    Optionally, you can print the results in JSON for easier CI/CD integration.\n    \u003c/p\u003e\n\u003c/div\u003e\n\n## Features\n\n- Simple\n- Fast (One could say... blazingly fast.)\n- Pretty\n- Verbose\n\nWhat else do you need?\n\n## Usage\n\nYou can run SSA without any arguments, which will return a pretty-printed\nversion of the security analysis. Though, the main functionality - the _Crème de\nla crème_ - of SSA is its ability to filter services by predicate, and print\nthem in JSON format if need be. Lets go over possible arguments.\n\n- `-t, --top-n \u003cTOP_N\u003e` -\u003e number of top services to display\n- `-p, --predicate \u003cPREDICATE\u003e` -\u003e predicate by which to filter services\n\n- `--ok` -\u003e only return services with the **OK** predicate\n- `--medium` -\u003e only return services with the **MEDIUM** predicate\n- `--exposed` -\u003e only return services with the **EXPOSED** predicate\n- `--unsafe` -\u003e only return services with the **UNSAFE** predicate\n\n- `--debug` -\u003eenable debug mode to print the raw JSON output\n- `--json` -\u003eoutput results in JSON format\n\nIn addition, you will be shown the average exposure (out of 10, 10 being worst)\nand the average happiness (out of 5, 5 being best). In addition to displaying\nthe top N services for a given predicate, SSA will color the exposure level\noutput based on how exposed it is. Because here do things the ✨ pretty ✨ way.\n\n### Example 1:\n\nOne case is that you would combine `--top-n` and `--predicate` to print a number\nof services with the predicate you wish to filter for.\n\n```bash\nssa --top-n 10 --predicate UNSAFE\n```\n\nThis will return the **10** services marked as **UNSAFE** in the security\nreport. Possible predicates are:\n\n- `OK`\n- `MEDIUM`\n- `EXPOSED`\n- `UNSAFE`\n\n### Example 2:\n\nAnother case is that you wish to see all **UNSAFE** (scary) services on your\nsystem, for future hardening. In that case you can simply run\n\n```bash\nssa --unsafe\n```\n\nThis will return all unsafe services. Similarly, you can filter only services\nwith **OK** predicate if you wish to feel more comfortable.\n\n```bash\nssa --unsafe\n```\n\nBetter yet, lets show just the _top 3_ services with **MEDIUM** predicate...\n\n```bash\nssa --unsafe --top-n 3\n```\n\n## Why?\n\nHonestly, just see the next section. Long story short is that I wanted to\naggregate the results of `systemd-analyze security` for testing and NixOS VM\ntests in CI.\n\n## Contributing\n\n[Microfetch]: https://github.com/notashelf/microfetch\n\nFor what it's worth, SSA has been created because I wanted to write a structured\nbash script for parsing the output of `systemd-analyze security`. Rust came to\nmind, as Serde is pretty cool and I wanted to do argument parsing - which Clap\ndoes better than Python libs I am familiar with.\n\nThe software is very minimal. You run it, you get a bunch of lines. You might\nhave cooler ideas to do with aggregated data (in which case, just take a look at\nthe parser) or inspect the raw JSON data yourself with `--debug` passed to the\nprogram.\n\nIf you would like to see some other features, open either an issue or a pull\nrequest depending on your own ability to implement the changes. SSA is not\nrestricted by petty limitations such as my other toy project, [Microfetch], and\nis always open to new features.\n\n## License\n\nSSA is licensed under the [MIT License](LICENSE). See the license file for more\ndetails.\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fnotashelf%2Fssa","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fnotashelf%2Fssa","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fnotashelf%2Fssa/lists"}