Skip to content

izziiyt/compaa

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

45 Commits
.github/workflows
.github/workflows
 
 
component
component
 
 
handler
handler
 
 
sdk
sdk
 
 
.gitignore
.gitignore
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
cache.go
cache.go
 
 
go.mod
go.mod
 
 
go.sum
go.sum
 
 
main.go
main.go
 
 
router.go
router.go
 
 

Repository files navigation

CI Go Report Card License: MIT

Why compaa (Component Activity Analyzer)?

compaa is simple component activity analyzer designed for secure software development. You can find maintainance activities and EOLs of dependended modules. It aims supporting your secure software component maintainance.

Install

go

go install github.com/izziiyt/compaa

mise

mise use --global go:github.com/izziiyt/compaa

Example

You can find your software depends on inactive OSS. (recommended to use your github token when running for sufficient github api rate limit.)

GITHUB_TOKEN=${YOUR_GITHUB_TOKEN} compaa ./target/path
./path/example0/Dockerfile
./path/example1/subpath/package.json
./path/example2/Dockerfile
├ WARN: docker.io/library/alpine:3.13 last update isnt recent (2022-11-10 20:55:35.397295 +0000 UTC)
./path/example2/subpath/Dockerfile
./path/example3/go.mod
├ WARN: go1.18 is EOL
├ WARN: github.com/pkg/errors is archived
├ WARN: github.com/jinzhu/gorm last push isnt recent (2023-09-11 08:16:54 +0000 UTC)

Supported File Format

compaa supports the following file formats:

  • Dockerfile (Docker)
  • Gemfile (Ruby)
  • go.mod (Go)
  • package.json (Javascript)
  • requirements.txt (Python)

License

This project is licensed under the MIT License, see the LICENSE file for details.

About

component activity analyzer

Topics

security software-composition-analysis

Resources

Readme

License

MIT license
Activity

Stars

1 star

Watchers

1 watching

Forks

0 forks
Report repository

Releases

9 tags

Packages

No packages published

Languages