COMPONENT NAME | DESCRIPTION | LICENSE | SOURCE CODE | |
Quality Analyzer | RAPID is the quality analysis application developed by SIG. | Apache 2.0 | GitHub |
Quality Analyzer metadata | Component that store in FASTEN metadata database quality metrics. | Apache 2.0 | GitHub |
Vulnerability Producer | Gathers, enriches and publishes vulnerability information to a Kafka topic. May be used as a standalone tool | Apache 2.0 | GitHub |
Canonical Call Graph Generator | Generate canonical FASTEN call graphs from diverse input formats | Apache 2.0 | GitHub |
Fasten Pypi Plugin | A Python plugin that can be used to analyze and report issues about a module dependencies at build time. | Apache 2.0 | GitHub |
Maven Plugin | This plugin can be used to analyze and report issues about a module dependencies at build time. | Apache 2.0 | GitHub |
Java Call Graph OPAL | Call graph generator for Java packages | Apache 2.0 | GitHub |
REST API | REST API to query FASTEN knowledge base. Can trigger pipeline execution if component is unknown in knowledge base. | Apache 2.0 | GitHub |
Debian Scrapper | Crawl information for a given Debian release looking for C packages. | Apache 2.0 | GitHub |
Kafka CScout | Produce call graph for Debian C packages. | Apache 2.0 | GitHub |
Metadata DB | Insert revision call graphs in FASTEN metadata database. | Apache 2.0 | GitHub |
Callable index | Insert global identifier (GID) graphs in graph database (RocksDB). | Apache 2.0 | GitHub |
Debian license detector | Process Debian package to find license information at file level. | Apache 2.0 | GitHub |
Debian license feeder | Insert license information in FASTEN metadata database. | Apache 2.0 | GitHub |
Vulnerability producer | Gathers information from different sources (NVD, GitHub advisories, etc.), enriches the data with patch details and then publishes it to a Kafka topic. | Apache 2.0 | GitHub |
Vulnerability statement processor | Listens to messages from the vulnerability producer and updates the FASTEN metadata database. | Apache 2.0 | GitHub |
Vulnerability packages listener | Add new package version in FASTEN metadata database. | Apache 2.0 | GitHub |
Vulnerability cache invalidation | | Apache 2.0 | GitHub |
Vulnerability chain finder | Find vulnerability chain in callable index. | Apache 2.0 | GitHub |
Ingested artifact completion | Mark Maven package as fully ingested. | Apache 2.0 | GitHub |
Maven crawler | Crawl Maven Central repository. | Apache 2.0 | GitHub |
POM analyzer | Parse the Maven pom file and store analysis result in FASTEN metadata database. | Apache 2.0 | GitHub |
Repo cloner | Clone a repository (Git, Subversion, Mercurial) on the file system. | Apache 2.0 | GitHub |
Dependency graph resolver | Resolve pom dependencies. | Apache 2.0 | GitHub |
Kafka topics synchronization | Synchronize two Kafka topics | Apache 2.0 | GitHub |
Java license detector | Retrieve Java project license at project level (in pom.xml file or using GitHub as fallback) and at file level using ScanCode tool. | Apache 2.0 | GitHub |
Java license feeder | Insert license information in FASTEN metadata database. | Apache 2.0 | GitHub |
Kafka filter PyPI | Consumes PyPI packaging information in the Warehouse format from a Kafka topic and produces unique package-version tuples. | Apache 2.0 | GitHub |
Python call graph generator | Consumes PyPI packaging information from a Kafka topic and produces call graphs into another Kafka topic. | Apache 2.0 | GitHub |
Python license detector | Retrieve Python project license at project level (using PyPI.org APIs or using GitHub as fallback) and at file level using ScanCode tool. | Apache 2.0 | GitHub |
Python license feeder | Insert license information in FASTEN metadata database. | Apache 2.0 | GitHub |