This parameter works across all languages, including C/C++ that don't have package dependency graphs (though hack-ish). Indicates repository use, usually in version rolls. Number of project mentions in the commit messages Indicates high user activity and dependence. Lower weight since it is dependent on project contributors.Īverage number of comments per issue in the last 90 days Number of issues updated in the last 90 days Lower weight since it is dependent on project contributors. Indicates high contributor involvement and focus on closing user issues. Number of issues closed in the last 90 days Lower weight since this is not always used. Also, higher susceptibility to vulnerabilities.įrequent releases indicates user dependency.
CRITICALITY INDICES AND FREE SLACK CODE
Higher code churn has slight indication of project's importance. Unmaintained projects with no recent commits have higher chance of being less relied upon.Ĭount of project contributors (with commits)ĭifferent contributors involvement indicates project's importance.Ĭount of distinct organizations that contributors belong toĪverage number of commits per week in the last year Time since the project was last updated (in months) Older project has higher chance of being widely used or being dependent upon. Time since the project was created (in months) We use the following default parameters to derive the criticality score for an Use this data to proactively improve the security posture of these critical projects.Ī project's criticality score defines the influence and importance of a project.Ġ (least-critical) and 1 (most-critical). Generate a criticality score for every open source project.Ĭreate a list of critical projects that the open source community depends on. This project is maintained by members of the Open Source Project Criticality Score (Beta)
0 kommentar(er)
