| COMPONENT NAME | DESCRIPTION | LICENSE | SOURCE CODE | |
| Quality Analyzer | RAPID is the quality analysis application developed by SIG. | Apache 2.0 | GitHub |
| Quality Analyzer metadata | Component that store in FASTEN metadata database quality metrics. | Apache 2.0 | GitHub |
| Vulnerability Producer | Gathers, enriches and publishes vulnerability information to a Kafka topic. May be used as a standalone tool | Apache 2.0 | GitHub |
| Canonical Call Graph Generator | Generate canonical FASTEN call graphs from diverse input formats | Apache 2.0 | GitHub |
| Fasten Pypi Plugin | A Python plugin that can be used to analyze and report issues about a module dependencies at build time. | Apache 2.0 | GitHub |
| Maven Plugin | This plugin can be used to analyze and report issues about a module dependencies at build time. | Apache 2.0 | GitHub |
| Java Call Graph OPAL | Call graph generator for Java packages | Apache 2.0 | GitHub |
| REST API | REST API to query FASTEN knowledge base. Can trigger pipeline execution if component is unknown in knowledge base. | Apache 2.0 | GitHub |
| Debian Scrapper | Crawl information for a given Debian release looking for C packages. | Apache 2.0 | GitHub |
| Kafka CScout | Produce call graph for Debian C packages. | Apache 2.0 | GitHub |
| Metadata DB | Insert revision call graphs in FASTEN metadata database. | Apache 2.0 | GitHub |
| Callable index | Insert global identifier (GID) graphs in graph database (RocksDB). | Apache 2.0 | GitHub |
| Debian license detector | Process Debian package to find license information at file level. | Apache 2.0 | GitHub |
| Debian license feeder | Insert license information in FASTEN metadata database. | Apache 2.0 | GitHub |
| Vulnerability producer | Gathers information from different sources (NVD, GitHub advisories, etc.), enriches the data with patch details and then publishes it to a Kafka topic. | Apache 2.0 | GitHub |
| Vulnerability statement processor | Listens to messages from the vulnerability producer and updates the FASTEN metadata database. | Apache 2.0 | GitHub |
| Vulnerability packages listener | Add new package version in FASTEN metadata database. | Apache 2.0 | GitHub |
| Vulnerability cache invalidation | | Apache 2.0 | GitHub |
| Vulnerability chain finder | Find vulnerability chain in callable index. | Apache 2.0 | GitHub |
| Ingested artifact completion | Mark Maven package as fully ingested. | Apache 2.0 | GitHub |
| Maven crawler | Crawl Maven Central repository. | Apache 2.0 | GitHub |
| POM analyzer | Parse the Maven pom file and store analysis result in FASTEN metadata database. | Apache 2.0 | GitHub |
| Repo cloner | Clone a repository (Git, Subversion, Mercurial) on the file system. | Apache 2.0 | GitHub |
| Dependency graph resolver | Resolve pom dependencies. | Apache 2.0 | GitHub |
| Kafka topics synchronization | Synchronize two Kafka topics | Apache 2.0 | GitHub |
| Java license detector | Retrieve Java project license at project level (in pom.xml file or using GitHub as fallback) and at file level using ScanCode tool. | Apache 2.0 | GitHub |
| Java license feeder | Insert license information in FASTEN metadata database. | Apache 2.0 | GitHub |
| Kafka filter PyPI | Consumes PyPI packaging information in the Warehouse format from a Kafka topic and produces unique package-version tuples. | Apache 2.0 | GitHub |
| Python call graph generator | Consumes PyPI packaging information from a Kafka topic and produces call graphs into another Kafka topic. | Apache 2.0 | GitHub |
| Python license detector | Retrieve Python project license at project level (using PyPI.org APIs or using GitHub as fallback) and at file level using ScanCode tool. | Apache 2.0 | GitHub |
| Python license feeder | Insert license information in FASTEN metadata database. | Apache 2.0 | GitHub |
The information in this document is provided “as is”, and no guarantee or warranty is given that the information is fit for any particular purpose. The content of this document reflects only the author's view – the European Commission is not responsible for any use that may be made of the information it contains. The users use the information at their sole risk and liability.
