https://github.com/cristianovisk/open_source_insights_api
Library to consume project Open Source Insights Project from Google
https://github.com/cristianovisk/open_source_insights_api
deps-dev insights-open-source library vulnerability-detection
Last synced: 5 months ago
JSON representation
Library to consume project Open Source Insights Project from Google
- Host: GitHub
- URL: https://github.com/cristianovisk/open_source_insights_api
- Owner: cristianovisk
- License: mit
- Created: 2023-05-19T18:27:12.000Z (about 3 years ago)
- Default Branch: main
- Last Pushed: 2024-08-24T00:17:45.000Z (almost 2 years ago)
- Last Synced: 2025-08-26T12:15:26.205Z (10 months ago)
- Topics: deps-dev, insights-open-source, library, vulnerability-detection
- Language: Python
- Homepage: https://pypi.org/project/open-source-insights-api/
- Size: 90.8 KB
- Stars: 14
- Watchers: 1
- Forks: 2
- Open Issues: 4
-
Metadata Files:
- Readme: README.md
- License: LICENSE
- Security: SECURITY.md
Awesome Lists containing this project
README
[](https://securityscorecards.dev/viewer/?uri=github.com/cristianovisk/open_source_insights_api)
[](https://www.bestpractices.dev/projects/7882)
# Open Source Insights Consume API
This library will consume data from project Google Open Source Insights.
More information in [deps.dev](https://deps.dev "Website official Open Source Insights").
```shell
pip install open-source-insights-api
```
Example use CLI:
```shell
user@shell$ sbom_insights --help
usage: sbom_insights [-h] [-f [FILE]]
SBOM Insights
options:
-h, --help show this help message and exit
-f [FILE], --file [FILE]
Define sbom.json to consume e return insights. (Default is sbom.json)
```
```shell
user@shell$ sbom_insights --file /opt/project/sbom.json
SBOM Insights
┏━━━━━━━━━━━━━━━━┳━━━━━━━━━━━━┳━━━━━━━━━━━┳━━━━━━━━━━━━━━━━┳━━━━━━━━━━━━┳━━━━━━━━━━━━━━┓
┃ Package ┃ Repository ┃ Version ┃ Latest Version ┃ Dep Direct ┃ Dep Indirect ┃
┡━━━━━━━━━━━━━━━━╇━━━━━━━━━━━━╇━━━━━━━━━━━╇━━━━━━━━━━━━━━━━╇━━━━━━━━━━━━╇━━━━━━━━━━━━━━┩
│ anyio │ pypi │ 4.0.0 │ 4.0.0 │ 3 │ 0 │
│ certifi │ pypi │ 2023.7.22 │ 2023.7.22 │ 0 │ 0 │
│ exceptiongroup │ pypi │ 1.1.3 │ 1.1.3 │ 0 │ 0 │
│ h11 │ pypi │ 0.14.0 │ 0.14.0 │ 0 │ 0 │
│ httpcore │ pypi │ 0.18.0 │ 0.18.0 │ 4 │ 2 │
│ httpx │ pypi │ 0.25.0 │ 0.25.0 │ 4 │ 3 │
│ idna │ pypi │ 3.4 │ 3.4.0 │ 0 │ 0 │
│ markdown-it-py │ pypi │ 3.0.0 │ 3.0.0 │ 1 │ 0 │
│ mdurl │ pypi │ 0.1.2 │ 0.1.2 │ 0 │ 0 │
│ pygments │ pypi │ 2.15.1 │ 2.16.1 │ 0 │ 0 │
│ rich │ pypi │ 13.4.2 │ 13.5.3 │ 2 │ 1 │
│ sniffio │ pypi │ 1.3.0 │ 1.3.0 │ 0 │ 0 │
└────────────────┴────────────┴───────────┴────────────────┴────────────┴──────────────┘
```
Example use in code:
```python
from open_source_insights_api import os_insights
osi = os_insights.query()
#Will return all vulnerabilities in GHSA
vulns = osi.GetAdvisory('ghsa-xxxx-xxxx-xxxx') # ID vulnerability GHSA
#Will return all dependencies the package
deps = osi.GetDependencies('pypi', 'requests', '2.30.0') # Repository, Package, Version
#Will return simple info about the package
pkg = osi.GetPackage('pypi', 'requests') # Repository, Package
#Will return OpenSSF Scorecard and other info about repository in GitHub GitLab or BitBucket
project = osi.GetProject('github.com/owner/pkg')
#Will return all dependencies required to the package run
req = osi.GetRequirements('pypi', 'requests', '2.30.0')
#Will return information about especific version
version = osi.GetRequirements('pypi', 'requests', '2.30.0')
#Will search package in database of deps.dev
#Way one
result = osi.Search(system_repo="pypi", pkg_name="requests", pkg_version="2.30.0")
#Way two
result = osi.Search(hash_type="sha256", hash_value="57678e48b28e1be96ac260ad265ba84ace59cc5e098f65e28263363fa5f724c4")
```