https://github.com/izziiyt/compaa

component activity analyzer
https://github.com/izziiyt/compaa

security software-composition-analysis

Last synced: 12 months ago
JSON representation

component activity analyzer

• Host: GitHub
• URL: https://github.com/izziiyt/compaa
• Owner: izziiyt
• License: mit
• Created: 2024-03-12T10:55:40.000Z (almost 2 years ago)
• Default Branch: main
• Last Pushed: 2024-09-02T07:51:00.000Z (over 1 year ago)
• Last Synced: 2025-01-21T22:11:38.039Z (about 1 year ago)
• Topics: security, software-composition-analysis
• Language: Go
• Homepage:
• Size: 85 KB
• Stars: 1
• Watchers: 1
• Forks: 0
• Open Issues: 0
• Metadata Files:
  • Readme: README.md
  • License: LICENSE

Awesome Lists containing this project

README

          
[![CI][ci-img]][ci]

[![Go Report Card][go-report-img]][go-report]

[![License: MIT][license-img]][license]

# Why compaa (Component Activity Analyzer)?

`compaa` is simple component activity analyzer designed for secure software development.

You can find maintainance activities and EOLs of dependended modules.

It aims supporting your secure software component maintainance.

# Install

go

```bash

go install github.com/izziiyt/compaa

```

mise

```bash

mise use --global go:github.com/izziiyt/compaa

```

# Example

You can find your software depends on inactive OSS. 

(recommended to use your github token when running for sufficient github api rate limit.)

```bash

GITHUB_TOKEN=${YOUR_GITHUB_TOKEN} compaa ./target/path

./path/example0/Dockerfile

./path/example1/subpath/package.json

./path/example2/Dockerfile

├ WARN: docker.io/library/alpine:3.13 last update isnt recent (2022-11-10 20:55:35.397295 +0000 UTC)

./path/example2/subpath/Dockerfile

./path/example3/go.mod

├ WARN: go1.18 is EOL

├ WARN: github.com/pkg/errors is archived

├ WARN: github.com/jinzhu/gorm last push isnt recent (2023-09-11 08:16:54 +0000 UTC)

```

# Supported File Format

compaa supports the following file formats:

- Dockerfile (Docker)

- Gemfile (Ruby)

- go.mod (Go)

- package.json (Javascript)

- requirements.txt (Python)

# License

This project is licensed under the MIT License, see the LICENSE file for details.

[ci]: https://github.com/izziiyt/compaa/actions/workflows/ci.yaml

[ci-img]: https://github.com/izziiyt/compaa/actions/workflows/ci.yml/badge.svg

[go-report]: https://goreportcard.com/report/github.com/izziiyt/compaa

[go-report-img]: https://goreportcard.com/badge/github.com/izziiyt/compaa

[license]: https://opensource.org/licenses/MIT

[license-img]: https://img.shields.io/badge/License-MIT-yellow.svg