{"id":15097729,"url":"https://github.com/sap/fosstars-rating-core","last_synced_at":"2025-04-06T14:12:35.378Z","repository":{"id":37931361,"uuid":"236462734","full_name":"SAP/fosstars-rating-core","owner":"SAP","description":"A framework for defining ratings for open source projects. In particular, the framework offers a security rating for open source projects that may be used to assess the security risk that comes with open source components.","archived":false,"fork":false,"pushed_at":"2025-03-24T14:19:42.000Z","size":31577,"stargazers_count":61,"open_issues_count":83,"forks_count":30,"subscribers_count":8,"default_branch":"master","last_synced_at":"2025-03-30T13:08:28.097Z","etag":null,"topics":["calculating-ratings","java","scores","security","security-rating","security-risks","security-tools"],"latest_commit_sha":null,"homepage":"https://sap.github.io/fosstars-rating-core/","language":"Java","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/SAP.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":"CONTRIBUTING.md","funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":"SECURITY.md","support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2020-01-27T10:08:24.000Z","updated_at":"2025-01-14T08:07:06.000Z","dependencies_parsed_at":"2023-09-29T07:25:55.909Z","dependency_job_id":"6bfba34e-de7f-4349-99a1-5a4f4758a54b","html_url":"https://github.com/SAP/fosstars-rating-core","commit_stats":{"total_commits":966,"total_committers":15,"mean_commits":64.4,"dds":0.2981366459627329,"last_synced_commit":"7b172f42f218f6cfad42f81bd9c9ef49de35b919"},"previous_names":[],"tags_count":31,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/SAP%2Ffosstars-rating-core","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/SAP%2Ffosstars-rating-core/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/SAP%2Ffosstars-rating-core/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/SAP%2Ffosstars-rating-core/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/SAP","download_url":"https://codeload.github.com/SAP/fosstars-rating-core/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":247492565,"owners_count":20947545,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["calculating-ratings","java","scores","security","security-rating","security-risks","security-tools"],"created_at":"2024-09-25T16:25:07.058Z","updated_at":"2025-04-06T14:12:35.358Z","avatar_url":"https://github.com/SAP.png","language":"Java","funding_links":[],"categories":[],"sub_categories":[],"readme":"![Java CI](https://github.com/SAP/fosstars-rating-core/workflows/Java%20CI/badge.svg)\n[![REUSE status](https://api.reuse.software/badge/github.com/SAP/fosstars-rating-core)](https://api.reuse.software/info/github.com/SAP/fosstars-rating-core)\n[![Fosstars security rating](https://raw.githubusercontent.com/SAP/fosstars-rating-core/fosstars-report/fosstars_badge.svg)](https://github.com/SAP/fosstars-rating-core/blob/fosstars-report/fosstars_report.md)\n[![Fosstars RoP status](https://raw.githubusercontent.com/SAP/fosstars-rating-core/fosstars-rop-report/fosstars_rop_rating.svg)](https://github.com/SAP/fosstars-rating-core/blob/fosstars-rop-report/README.md)\n\n# Ratings for open source projects\n\nThis is a framework for defining and calculating ratings for open source projects.\nSee [docs](https://sap.github.io/fosstars-rating-core/) for more details.\n\n## Security rating for open source projects\n\nopen source software helps a lot, but it also may bring new security issues\nand therefore increase security risks.\nIs it safe to use a particular open source component?\nSometimes answering this question is not easy.\nThe security rating for open source projects helps to answer this question.\nFirst, it gathers various data about an open source project.\nThen, it calculates a security rating for it.\nThe rating helps to assess the security risk that comes with this open source project.\n\nMore details about the security rating\ncan be found in the [docs](https://sap.github.io/fosstars-rating-core/oss_security_rating.html).\n\n## Requirements\n\n*  Java 8+\n*  Maven 3.6.0+\n*  Python 3.6.8+\n*  Jupyter Notebook 4.4.0+\n\n## Download and installation\n\nThe [jars](https://mvnrepository.com/artifact/com.sap.oss.phosphor/fosstars-rating-core) are available on the Maven Central repository:\n\n```\n\u003cdependency\u003e\n    \u003cgroupId\u003ecom.sap.oss.phosphor\u003c/groupId\u003e\n    \u003cartifactId\u003efosstars-rating-core\u003c/artifactId\u003e\n    \u003cversion\u003e1.14.0\u003c/version\u003e\n\u003c/dependency\u003e\n```\n\nOr, the project can be built and installed with the following command:\n\n```\nmvn clean install\n```\n\n## Fosstars GitHub action\n\nFor projects on GitHub, there is a [GitHub action](https://github.com/SAP/fosstars-rating-core-action)\nthat calculates a security rating and generates a badge.\n\n## CLI for calculating ratings\n\nThere is a CLI for calculating ratings\n\nThe tool can be run with commands like the following:\n\n```\ngit clone https://github.com/SAP/fosstars-rating-core.git\ncd fosstars-rating-core\nmvn package -DskipTests\nTOKEN=xyz # use your personal token, see below\njava -jar target/fosstars-github-rating-calc.jar --rating security --url https://github.com/curl/curl --verbose --token ${TOKEN}\n```\n\nThe `TOKEN` variable contains a token for accessing the GitHub API.\nYou can create a personal token in the\n[settings/tokens](https://github.com/settings/tokens) tab in your profile on GitHub.\n\nIn the verbose mode, the tool is going to print out the following:\n\n*  Data that was used for calculating a security rating\n*  Sub-scores that describes particular security aspects\n*  Overall score and label\n*  Advice on how the rating may be improved.\n\nHere is what the output looks like:\n\n![CLI demo](command_line_tool_demo.gif)\n\n[Here](EXAMPLE.md) you can find full output.\n\nIf `--interactive` option is specified, the tool becomes a bit interactive,\nand may ask the user a couple of questions.\nYou can also find more details in the [docs](https://sap.github.io/fosstars-rating-core/getting_oss_security_rating.html).\n\n## Running CLI in Docker\n\nYou can also run the CLI in a Docker container:\n\n```\ndocker build --tag fosstars --file src/main/docker/cli/Dockerfile .\ndocker run -v $(pwd):/work fosstars --rating security --token $TOKEN --url https://github.com/apache/poi\n```\n\n## Known issues\n\nPlease see [GitHub issues](https://github.com/SAP/fosstars-rating-core/issues).\n\n## How to obtain support\n\nPlease create a new [GitHub issue](https://github.com/SAP/fosstars-rating-core/issues)\nif you found a bug, or you'd like to propose an enhancement.\nIf you think you found a security issue, please follow [this guideline](SECURITY.md).\n\nIf you have a question, please [open a discussion](https://github.com/SAP/fosstars-rating-core/discussions).\n\n# Contributing\n\nWe appreciate feedback, ideas for improvements and, of course, pull requests.\n\nPlease follow [this guideline](CONTRIBUTING.md) if you'd like to contribute to the project.\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fsap%2Ffosstars-rating-core","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fsap%2Ffosstars-rating-core","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fsap%2Ffosstars-rating-core/lists"}