{"id":18031684,"url":"https://github.com/priv-kweihmann/meta-dca","last_synced_at":"2025-08-18T16:04:36.583Z","repository":{"id":104376602,"uuid":"325636203","full_name":"priv-kweihmann/meta-dca","owner":"priv-kweihmann","description":"Layer for dynamic code analysis, profiling and security hardening","archived":false,"fork":false,"pushed_at":"2021-08-03T14:46:31.000Z","size":73,"stargazers_count":4,"open_issues_count":11,"forks_count":0,"subscribers_count":1,"default_branch":"master","last_synced_at":"2025-04-04T21:45:54.287Z","etag":null,"topics":["hardening","openembedded-layer","profiling","qemu","security-automation","yocto","yocto-layer"],"latest_commit_sha":null,"homepage":"","language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"other","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/priv-kweihmann.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":"SECURITY.md","support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2020-12-30T19:53:34.000Z","updated_at":"2023-05-03T20:27:53.000Z","dependencies_parsed_at":null,"dependency_job_id":"e046e4d8-7371-4216-874c-24c4aaa2a791","html_url":"https://github.com/priv-kweihmann/meta-dca","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"purl":"pkg:github/priv-kweihmann/meta-dca","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/priv-kweihmann%2Fmeta-dca","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/priv-kweihmann%2Fmeta-dca/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/priv-kweihmann%2Fmeta-dca/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/priv-kweihmann%2Fmeta-dca/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/priv-kweihmann","download_url":"https://codeload.github.com/priv-kweihmann/meta-dca/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/priv-kweihmann%2Fmeta-dca/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":271019342,"owners_count":24685677,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","status":"online","status_checked_at":"2025-08-18T02:00:08.743Z","response_time":89,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["hardening","openembedded-layer","profiling","qemu","security-automation","yocto","yocto-layer"],"created_at":"2024-10-30T10:10:22.207Z","updated_at":"2025-08-18T16:04:36.545Z","avatar_url":"https://github.com/priv-kweihmann.png","language":"Python","funding_links":[],"categories":[],"sub_categories":[],"readme":"# Table of content \u003c!-- omit in toc --\u003e\n\n- [meta-dca](#meta-dca)\n- [Requirements](#requirements)\n- [How to use this layer](#how-to-use-this-layer)\n  - [Additional notes](#additional-notes)\n- [Getting started](#getting-started)\n- [Available modules](#available-modules)\n- [Further documentation](#further-documentation)\n- [Get involved](#get-involved)\n- [Security Policy](#security-policy)\n\n## meta-dca\n\nThis layer is an addition to [meta-sca](https://github.com/priv-kweihmann/meta-sca). It enables **dynamic code analysis**, such as\n\n- checking capabilties\n- memleak checking\n- files/path checking\n\nThese checks are suppose to be done on the build host only (using `qemu`/`testimage` support)\n\n## Requirements\n\nYou need the following to use *meta-dca*\n\n- [clang](https://github.com/kraj/meta-clang)\n- [meta-sca](https://github.com/priv-kweihmann/meta-sca)\n- [openembedded](http://cgit.openembedded.org/meta-openembedded/)\n- [poky](https://git.yoctoproject.org/cgit/cgit.cgi/poky)\n\n- a sufficient `oeqa` based test suite\n- `systemd` set in `DISTRO_FEATURES`\n\n## How to use this layer\n\nAs the name implies, this layer uses dynamic code analysis to check certain (configurable features), so we have to execute the code that needs to be checked. Therefore we are using `testimage` provided by upstream **poky**.\nThe checks itself will **only** be done when you execute `bitbake \u003cyour-image-recipe\u003e -c testimage`.\nResults will be stored in the way [meta-sca](https://github.com/priv-kweihmann/meta-sca) was configured for the build\n\n### Additional notes\n\nIt's highly recommended to\n\n- enable **KVM** support (`QEMU_USE_KVM = \"1\"`)\n- have at least 1G of RAM for QEMU (`QB_MEM = \"-m 1024\"`)\n\n## Getting started\n\nFor a quick start how to use this layer see [getting started guide](docs/getting_started.md)\n\n## Available modules\n\n| module    | purpose                                                      | more info                           |\n| --------- | ------------------------------------------------------------ | ----------------------------------- |\n| caplint   | Identify needed capabilities of a systemd unit               | https://github.com/iovisor/bcc      |\n| filelife  | Find shortlived files written to non-volatile storage        | https://github.com/iovisor/bcc      |\n| filemiss  | Find inaccessible files                                      | https://github.com/iovisor/bpftrace |\n| opensnoop | Lint ReadOnlyPaths/ReadWritePaths settings of a systemd unit | https://github.com/iovisor/bpftrace |\n\n## Further documentation\n\n- [Global Configuration](docs/global.md)\n  - [filelife](docs/filelife.md)\n\n## Get involved\n\nTo get involved following things can be done\n\n- create an issue\n- fix an issue and create a pull request\n- see the pinned issues in the [bugtracker](https://github.com/priv-kweihmann/meta-dca/issues)\n\n## Security Policy\n\nFor the project's security policy please see [here](SECURITY.md)\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fpriv-kweihmann%2Fmeta-dca","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fpriv-kweihmann%2Fmeta-dca","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fpriv-kweihmann%2Fmeta-dca/lists"}