{"id":43682496,"url":"https://github.com/softagram/sgraph","last_synced_at":"2026-03-18T00:19:19.814Z","repository":{"id":42453674,"uuid":"365001332","full_name":"softagram/sgraph","owner":"softagram","description":"graph library for sgraph, hierarchic graphs","archived":false,"fork":false,"pushed_at":"2026-02-05T00:41:36.000Z","size":394,"stargazers_count":0,"open_issues_count":8,"forks_count":6,"subscribers_count":2,"default_branch":"main","last_synced_at":"2026-02-05T13:11:51.070Z","etag":null,"topics":["algorithms","graph","graph-algorithms","hacktoberfest","json","reverse-engineering-source-code","xml"],"latest_commit_sha":null,"homepage":"","language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/softagram.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":null,"dco":null,"cla":null}},"created_at":"2021-05-06T18:24:01.000Z","updated_at":"2026-02-05T00:41:41.000Z","dependencies_parsed_at":"2026-03-04T18:03:50.596Z","dependency_job_id":null,"html_url":"https://github.com/softagram/sgraph","commit_stats":{"total_commits":45,"total_committers":5,"mean_commits":9.0,"dds":"0.33333333333333337","last_synced_commit":"6f417f8c89923d2f3839da2c97e32608d1007920"},"previous_names":[],"tags_count":33,"template":false,"template_full_name":null,"purl":"pkg:github/softagram/sgraph","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/softagram%2Fsgraph","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/softagram%2Fsgraph/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/softagram%2Fsgraph/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/softagram%2Fsgraph/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/softagram","download_url":"https://codeload.github.com/softagram/sgraph/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/softagram%2Fsgraph/sbom","scorecard":{"id":836003,"data":{"date":"2025-08-11","repo":{"name":"github.com/softagram/sgraph","commit":"3c7a682385d87601e8d2cbdebd6f96bcb217b0b1"},"scorecard":{"version":"v5.2.1-40-gf6ed084d","commit":"f6ed084d17c9236477efd66e5b258b9d4cc7b389"},"score":3.9,"checks":[{"name":"Code-Review","score":2,"reason":"Found 2/8 approved changesets -- score normalized to 2","details":null,"documentation":{"short":"Determines if the project requires human code review before pull requests (aka merge requests) are merged.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#code-review"}},{"name":"Maintained","score":0,"reason":"0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0","details":null,"documentation":{"short":"Determines if the project is \"actively maintained\".","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#maintained"}},{"name":"Packaging","score":-1,"reason":"packaging workflow not detected","details":["Warn: no GitHub/GitLab publishing workflow detected."],"documentation":{"short":"Determines if the project is published as a package that others can easily download, install, easily update, and uninstall.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#packaging"}},{"name":"Token-Permissions","score":0,"reason":"detected GitHub workflow tokens with excessive permissions","details":["Warn: topLevel permissions set to 'write-all': .github/workflows/ai-codereviewer.yml:8"],"documentation":{"short":"Determines if the project's workflows follow the principle of least privilege.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#token-permissions"}},{"name":"Dangerous-Workflow","score":10,"reason":"no dangerous workflow patterns detected","details":null,"documentation":{"short":"Determines if the project's GitHub Action workflows avoid dangerous patterns.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#dangerous-workflow"}},{"name":"Binary-Artifacts","score":10,"reason":"no binaries found in the repo","details":null,"documentation":{"short":"Determines if the project has generated executable (binary) artifacts in the source repository.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#binary-artifacts"}},{"name":"Pinned-Dependencies","score":0,"reason":"dependency not pinned by hash detected -- score normalized to 0","details":["Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ai-codereviewer.yml:14: update your workflow using https://app.stepsecurity.io/secureworkflow/softagram/sgraph/ai-codereviewer.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/ai-codereviewer.yml:17: update your workflow using https://app.stepsecurity.io/secureworkflow/softagram/sgraph/ai-codereviewer.yml/main?enable=pin","Info:   0 out of   1 GitHub-owned GitHubAction dependencies pinned","Info:   0 out of   1 third-party GitHubAction dependencies pinned"],"documentation":{"short":"Determines if the project has declared and pinned the dependencies of its build process.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#pinned-dependencies"}},{"name":"CII-Best-Practices","score":0,"reason":"no effort to earn an OpenSSF best practices badge detected","details":null,"documentation":{"short":"Determines if the project has an OpenSSF (formerly CII) Best Practices Badge.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#cii-best-practices"}},{"name":"Security-Policy","score":0,"reason":"security policy file not detected","details":["Warn: no security policy file detected","Warn: no security file to analyze","Warn: no security file to analyze","Warn: no security file to analyze"],"documentation":{"short":"Determines if the project has published a security policy.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#security-policy"}},{"name":"Fuzzing","score":0,"reason":"project is not fuzzed","details":["Warn: no fuzzer integrations found"],"documentation":{"short":"Determines if the project uses fuzzing.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#fuzzing"}},{"name":"License","score":10,"reason":"license file detected","details":["Info: project has a license file: LICENSE:0","Info: FSF or OSI recognized license: MIT License: LICENSE:0"],"documentation":{"short":"Determines if the project has defined a license.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#license"}},{"name":"Signed-Releases","score":-1,"reason":"no releases found","details":null,"documentation":{"short":"Determines if the project cryptographically signs release artifacts.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#signed-releases"}},{"name":"Branch-Protection","score":0,"reason":"branch protection not enabled on development/release branches","details":["Warn: branch protection not enabled for branch 'main'"],"documentation":{"short":"Determines if the default and release branches are protected with GitHub's branch protection settings.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#branch-protection"}},{"name":"Vulnerabilities","score":10,"reason":"0 existing vulnerabilities detected","details":null,"documentation":{"short":"Determines if the project has open, known unfixed vulnerabilities.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#vulnerabilities"}},{"name":"SAST","score":4,"reason":"SAST tool is not run on all commits -- score normalized to 4","details":["Warn: 14 commits out of 30 are checked with a SAST tool"],"documentation":{"short":"Determines if the project uses static code analysis.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#sast"}}]},"last_synced_at":"2025-08-23T19:04:49.438Z","repository_id":42453674,"created_at":"2025-08-23T19:04:49.438Z","updated_at":"2025-08-23T19:04:49.438Z"},"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":30360494,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-03-10T21:41:54.280Z","status":"ssl_error","status_checked_at":"2026-03-10T21:40:59.357Z","response_time":106,"last_error":"SSL_connect returned=1 errno=0 peeraddr=140.82.121.5:443 state=error: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["algorithms","graph","graph-algorithms","hacktoberfest","json","reverse-engineering-source-code","xml"],"created_at":"2026-02-05T02:05:44.030Z","updated_at":"2026-03-18T00:19:19.795Z","avatar_url":"https://github.com/softagram.png","language":"Python","readme":"# sgraph\n\nsgraph contains data format, structures and algorithms to work with hierarchic graph structures.\nTypically it is suitable for representing software architectures.\n\n**Documentation**: https://softagram.github.io/sgraph/\n\nSee also [sgraph-mcp-server](https://github.com/softagram/sgraph-mcp-server) for enabling AI agents to utilize sgraph information.\n\n## Install\n\n`pip install sgraph`\n\n## Contributions\n\nThe project is welcoming all contributions.\n\n\n## Core Ontology\n\nA model, `SGraph` consists of a root `SElement`, which may have children of the same type (as in XML). \nAttribute information can be stored via key-value pairs into them.\nThe `SElement` objects can be connected together via `SElementAssociation` objects.\n\n### Example model\n\n nginx model has an nginx root element that represents the main directory.\n Inside it, there is a src element. And inside src, there is core.\n\n https://github.com/nginx/nginx/tree/master/src\n  inside core, there are several elements, e.g. nginx.c and nginx.h\n  \n   https://github.com/nginx/nginx/blob/master/src/core/nginx.c\n  \nBecause nginx.c contains #include directive to nginx.h, in the model it is \nformulated so that there is a relationship (also called as association) from nginx.c element to nginx.h\n \nTo make model more explicit, that particular relationship should be annotated with type \"inc\" to describe\nthe dependency type. \n \nIt is also possible to have other attributes assigned to relationships other than type but typically this is rare.\n\n\n## XML format\n\nIn XML dataformat, minimalism is the goal to make it simple and clean. Integers are used as unique identifiers for the elements. \nIn the example case, the nginx.h element is assigned with ID 2 and the relationship that is inside nginx.c refers this way to nginx.h\n\nThis integer reference system has been designed to make the data format highly performing even with 10 million element models.\n\n\u003cmodel version=\"2.1\"\u003e\n  \u003celements t=\"architecture\"\u003e\n  \u003ce n=\"nginx\" \u003e\n    \u003ce n=\"src\" \u003e\n      \u003ce n=\"core\" \u003e\n        \u003ce n=\"nginx.c\" \u003e\n          \u003cr r=\"2\" t=\"inc\" /\u003e\n        \u003c/e\u003e\n        \u003ce i=\"2\" n=\"nginx.h\" \u003e\n        \u003c/e\u003e\n      \u003c/e\u003e\n    \u003c/e\u003e\n  \u003c/e\u003e\n\u003c/elements\u003e\n\u003c/model\u003e\n\n\n### Deps data format - line based simple format for easy scripting\n\nIn Deps data format (usually a .txt file), the above model can be described minimally this way:\n\n   /nginx/src/core/nginx.c:/nginx/src/core/nginx.h:inc\n \nAlthough this might seem very compelling data format to use, it is not recommended for very \nlarge models, e.g. 10 million elements.\n\n\n### Using the API\n\nCreating a simple model:\n\n```\n\u003e\u003e\u003e from sgraph import SGraph\n\u003e\u003e\u003e from sgraph import SElement\n\u003e\u003e\u003e from sgraph import SElementAssociation\n\u003e\u003e\u003e x = SGraph(SElement(None, ''))\n\u003e\u003e\u003e x\n\u003csgraph.sgraph.SGraph object at 0x7f2efae9ad30\u003e\n\n\u003e\u003e\u003e x.to_deps(fname=None)\n\n\u003e\u003e\u003e e1 = x.createOrGetElementFromPath('/path/to/file.x')\n\u003e\u003e\u003e e2 = x.createOrGetElementFromPath('/path/to/file.y')\n\u003e\u003e\u003e x.to_deps(fname=None)\n/path\n/path/to\n/path/to/file.x\n/path/to/file.y\n\n\u003e\u003e\u003e x.to_xml(fname=None)\n\u003cmodel version=\"2.1\"\u003e\n  \u003celements\u003e\n  \u003ce n=\"path\" \u003e\n    \u003ce n=\"to\" \u003e\n      \u003ce n=\"file.x\" \u003e\n      \u003c/e\u003e\n      \u003ce n=\"file.y\" \u003e\n      \u003c/e\u003e\n    \u003c/e\u003e\n  \u003c/e\u003e\n\u003c/elements\u003e\n\u003c/model\u003e\n\n\u003e\u003e\u003e ea = SElementAssociation(e1, e2, 'use')\n\u003e\u003e\u003e ea.initElems()  # ea is not connected to the model before this call.\n\u003e\u003e\u003e x.to_deps(fname=None)\n/path/to/file.x:/path/to/file.y:use\n/path\n/path/to\n\u003e\u003e\u003e\n\n\u003e\u003e\u003e x.to_xml(fname=None)\n\u003cmodel version=\"2.1\"\u003e\n  \u003celements\u003e\n  \u003ce n=\"path\" \u003e\n    \u003ce n=\"to\" \u003e\n      \u003ce n=\"file.x\" \u003e\n        \u003cr r=\"2\" t=\"use\" /\u003e\n      \u003c/e\u003e\n      \u003ce i=\"2\" n=\"file.y\" \u003e\n      \u003c/e\u003e\n    \u003c/e\u003e\n  \u003c/e\u003e\n \u003c/elements\u003e\n\u003c/model\u003e\n\n```\n\n### Querying with Cypher\n\nModels can be queried using the [openCypher](https://opencypher.org/) graph query language (requires optional dependency `spycy-aneeshdurg`):\n\n```python\nfrom sgraph import SGraph\nfrom sgraph.cypher import cypher_query\n\nmodel = SGraph.parse_xml_or_zipped_xml('model.xml')\nresults = cypher_query(model, 'MATCH (a)-[r:inc]-\u003e(b) RETURN a.name, b.name')\n```\n\nA CLI with interactive REPL is also available:\n\n```bash\npip install spycy-aneeshdurg\npython -m sgraph.cypher model.xml.zip 'MATCH (n:file) RETURN n.name'   # single query\npython -m sgraph.cypher model.xml.zip                                   # interactive REPL\npython -m sgraph.cypher model.xml.zip -f dot 'MATCH (a)-[r]-\u003e(b) RETURN a, r, b' | dot -Tpng -o graph.png\n```\n\nSee the [Cypher documentation](https://softagram.github.io/sgraph/cypher.html) for full details and query examples.\n\n## Current utilization\n[Softagram](https://github.com/softagram) uses it for building up the information model about the \nanalyzed software.\n","funding_links":[],"categories":[],"sub_categories":[],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fsoftagram%2Fsgraph","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fsoftagram%2Fsgraph","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fsoftagram%2Fsgraph/lists"}